OMAPDSS: VENC: fix NULL pointer dereference in DSS2 VENC sysfs debug attr on OMAP4
[zen-stable.git] / drivers / target / tcm_fc / tfc_cmd.c
blobfd10f721f2fbbc006eb26d30487ac6daf1a69006
1 /*
2 * Copyright (c) 2010 Cisco Systems, Inc.
4 * This program is free software; you can redistribute it and/or modify it
5 * under the terms and conditions of the GNU General Public License,
6 * version 2, as published by the Free Software Foundation.
8 * This program is distributed in the hope it will be useful, but WITHOUT
9 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
10 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
11 * more details.
13 * You should have received a copy of the GNU General Public License along with
14 * this program; if not, write to the Free Software Foundation, Inc.,
15 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
18 /* XXX TBD some includes may be extraneous */
20 #include <linux/module.h>
21 #include <linux/moduleparam.h>
22 #include <generated/utsrelease.h>
23 #include <linux/utsname.h>
24 #include <linux/init.h>
25 #include <linux/slab.h>
26 #include <linux/kthread.h>
27 #include <linux/types.h>
28 #include <linux/string.h>
29 #include <linux/configfs.h>
30 #include <linux/ctype.h>
31 #include <linux/hash.h>
32 #include <asm/unaligned.h>
33 #include <scsi/scsi.h>
34 #include <scsi/scsi_host.h>
35 #include <scsi/scsi_device.h>
36 #include <scsi/scsi_cmnd.h>
37 #include <scsi/scsi_tcq.h>
38 #include <scsi/libfc.h>
39 #include <scsi/fc_encode.h>
41 #include <target/target_core_base.h>
42 #include <target/target_core_fabric.h>
43 #include <target/target_core_configfs.h>
44 #include <target/configfs_macros.h>
46 #include "tcm_fc.h"
49 * Dump cmd state for debugging.
51 void ft_dump_cmd(struct ft_cmd *cmd, const char *caller)
53 struct fc_exch *ep;
54 struct fc_seq *sp;
55 struct se_cmd *se_cmd;
56 struct scatterlist *sg;
57 int count;
59 se_cmd = &cmd->se_cmd;
60 pr_debug("%s: cmd %p sess %p seq %p se_cmd %p\n",
61 caller, cmd, cmd->sess, cmd->seq, se_cmd);
62 pr_debug("%s: cmd %p cdb %p\n",
63 caller, cmd, cmd->cdb);
64 pr_debug("%s: cmd %p lun %d\n", caller, cmd, cmd->lun);
66 pr_debug("%s: cmd %p data_nents %u len %u se_cmd_flags <0x%x>\n",
67 caller, cmd, se_cmd->t_data_nents,
68 se_cmd->data_length, se_cmd->se_cmd_flags);
70 for_each_sg(se_cmd->t_data_sg, sg, se_cmd->t_data_nents, count)
71 pr_debug("%s: cmd %p sg %p page %p "
72 "len 0x%x off 0x%x\n",
73 caller, cmd, sg,
74 sg_page(sg), sg->length, sg->offset);
76 sp = cmd->seq;
77 if (sp) {
78 ep = fc_seq_exch(sp);
79 pr_debug("%s: cmd %p sid %x did %x "
80 "ox_id %x rx_id %x seq_id %x e_stat %x\n",
81 caller, cmd, ep->sid, ep->did, ep->oxid, ep->rxid,
82 sp->id, ep->esb_stat);
84 print_hex_dump(KERN_INFO, "ft_dump_cmd ", DUMP_PREFIX_NONE,
85 16, 4, cmd->cdb, MAX_COMMAND_SIZE, 0);
88 static void ft_free_cmd(struct ft_cmd *cmd)
90 struct fc_frame *fp;
91 struct fc_lport *lport;
93 if (!cmd)
94 return;
95 fp = cmd->req_frame;
96 lport = fr_dev(fp);
97 if (fr_seq(fp))
98 lport->tt.seq_release(fr_seq(fp));
99 fc_frame_free(fp);
100 ft_sess_put(cmd->sess); /* undo get from lookup at recv */
101 kfree(cmd);
104 void ft_release_cmd(struct se_cmd *se_cmd)
106 struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
108 ft_free_cmd(cmd);
111 int ft_check_stop_free(struct se_cmd *se_cmd)
113 transport_generic_free_cmd(se_cmd, 0);
114 return 1;
118 * Send response.
120 int ft_queue_status(struct se_cmd *se_cmd)
122 struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
123 struct fc_frame *fp;
124 struct fcp_resp_with_ext *fcp;
125 struct fc_lport *lport;
126 struct fc_exch *ep;
127 size_t len;
129 if (cmd->aborted)
130 return 0;
131 ft_dump_cmd(cmd, __func__);
132 ep = fc_seq_exch(cmd->seq);
133 lport = ep->lp;
134 len = sizeof(*fcp) + se_cmd->scsi_sense_length;
135 fp = fc_frame_alloc(lport, len);
136 if (!fp) {
137 /* XXX shouldn't just drop it - requeue and retry? */
138 return 0;
140 fcp = fc_frame_payload_get(fp, len);
141 memset(fcp, 0, len);
142 fcp->resp.fr_status = se_cmd->scsi_status;
144 len = se_cmd->scsi_sense_length;
145 if (len) {
146 fcp->resp.fr_flags |= FCP_SNS_LEN_VAL;
147 fcp->ext.fr_sns_len = htonl(len);
148 memcpy((fcp + 1), se_cmd->sense_buffer, len);
152 * Test underflow and overflow with one mask. Usually both are off.
153 * Bidirectional commands are not handled yet.
155 if (se_cmd->se_cmd_flags & (SCF_OVERFLOW_BIT | SCF_UNDERFLOW_BIT)) {
156 if (se_cmd->se_cmd_flags & SCF_OVERFLOW_BIT)
157 fcp->resp.fr_flags |= FCP_RESID_OVER;
158 else
159 fcp->resp.fr_flags |= FCP_RESID_UNDER;
160 fcp->ext.fr_resid = cpu_to_be32(se_cmd->residual_count);
164 * Send response.
166 cmd->seq = lport->tt.seq_start_next(cmd->seq);
167 fc_fill_fc_hdr(fp, FC_RCTL_DD_CMD_STATUS, ep->did, ep->sid, FC_TYPE_FCP,
168 FC_FC_EX_CTX | FC_FC_LAST_SEQ | FC_FC_END_SEQ, 0);
170 lport->tt.seq_send(lport, cmd->seq, fp);
171 lport->tt.exch_done(cmd->seq);
172 return 0;
175 int ft_write_pending_status(struct se_cmd *se_cmd)
177 struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
179 return cmd->write_data_len != se_cmd->data_length;
183 * Send TX_RDY (transfer ready).
185 int ft_write_pending(struct se_cmd *se_cmd)
187 struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
188 struct fc_frame *fp;
189 struct fcp_txrdy *txrdy;
190 struct fc_lport *lport;
191 struct fc_exch *ep;
192 struct fc_frame_header *fh;
193 u32 f_ctl;
195 ft_dump_cmd(cmd, __func__);
197 if (cmd->aborted)
198 return 0;
199 ep = fc_seq_exch(cmd->seq);
200 lport = ep->lp;
201 fp = fc_frame_alloc(lport, sizeof(*txrdy));
202 if (!fp)
203 return -ENOMEM; /* Signal QUEUE_FULL */
205 txrdy = fc_frame_payload_get(fp, sizeof(*txrdy));
206 memset(txrdy, 0, sizeof(*txrdy));
207 txrdy->ft_burst_len = htonl(se_cmd->data_length);
209 cmd->seq = lport->tt.seq_start_next(cmd->seq);
210 fc_fill_fc_hdr(fp, FC_RCTL_DD_DATA_DESC, ep->did, ep->sid, FC_TYPE_FCP,
211 FC_FC_EX_CTX | FC_FC_END_SEQ | FC_FC_SEQ_INIT, 0);
213 fh = fc_frame_header_get(fp);
214 f_ctl = ntoh24(fh->fh_f_ctl);
216 /* Only if it is 'Exchange Responder' */
217 if (f_ctl & FC_FC_EX_CTX) {
218 /* Target is 'exchange responder' and sending XFER_READY
219 * to 'exchange initiator (initiator)'
221 if ((ep->xid <= lport->lro_xid) &&
222 (fh->fh_r_ctl == FC_RCTL_DD_DATA_DESC)) {
223 if (se_cmd->se_cmd_flags & SCF_SCSI_DATA_SG_IO_CDB) {
225 * cmd may have been broken up into multiple
226 * tasks. Link their sgs together so we can
227 * operate on them all at once.
229 transport_do_task_sg_chain(se_cmd);
230 cmd->sg = se_cmd->t_tasks_sg_chained;
231 cmd->sg_cnt =
232 se_cmd->t_tasks_sg_chained_no;
234 if (cmd->sg && lport->tt.ddp_target(lport, ep->xid,
235 cmd->sg,
236 cmd->sg_cnt))
237 cmd->was_ddp_setup = 1;
240 lport->tt.seq_send(lport, cmd->seq, fp);
241 return 0;
244 u32 ft_get_task_tag(struct se_cmd *se_cmd)
246 struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
248 return fc_seq_exch(cmd->seq)->rxid;
251 int ft_get_cmd_state(struct se_cmd *se_cmd)
253 return 0;
256 int ft_is_state_remove(struct se_cmd *se_cmd)
258 return 0; /* XXX TBD */
262 * FC sequence response handler for follow-on sequences (data) and aborts.
264 static void ft_recv_seq(struct fc_seq *sp, struct fc_frame *fp, void *arg)
266 struct ft_cmd *cmd = arg;
267 struct fc_frame_header *fh;
269 if (unlikely(IS_ERR(fp))) {
270 /* XXX need to find cmd if queued */
271 cmd->seq = NULL;
272 cmd->aborted = true;
273 return;
276 fh = fc_frame_header_get(fp);
278 switch (fh->fh_r_ctl) {
279 case FC_RCTL_DD_SOL_DATA: /* write data */
280 ft_recv_write_data(cmd, fp);
281 break;
282 case FC_RCTL_DD_UNSOL_CTL: /* command */
283 case FC_RCTL_DD_SOL_CTL: /* transfer ready */
284 case FC_RCTL_DD_DATA_DESC: /* transfer ready */
285 default:
286 pr_debug("%s: unhandled frame r_ctl %x\n",
287 __func__, fh->fh_r_ctl);
288 ft_invl_hw_context(cmd);
289 fc_frame_free(fp);
290 transport_generic_free_cmd(&cmd->se_cmd, 0);
291 break;
296 * Send a FCP response including SCSI status and optional FCP rsp_code.
297 * status is SAM_STAT_GOOD (zero) iff code is valid.
298 * This is used in error cases, such as allocation failures.
300 static void ft_send_resp_status(struct fc_lport *lport,
301 const struct fc_frame *rx_fp,
302 u32 status, enum fcp_resp_rsp_codes code)
304 struct fc_frame *fp;
305 struct fc_seq *sp;
306 const struct fc_frame_header *fh;
307 size_t len;
308 struct fcp_resp_with_ext *fcp;
309 struct fcp_resp_rsp_info *info;
311 fh = fc_frame_header_get(rx_fp);
312 pr_debug("FCP error response: did %x oxid %x status %x code %x\n",
313 ntoh24(fh->fh_s_id), ntohs(fh->fh_ox_id), status, code);
314 len = sizeof(*fcp);
315 if (status == SAM_STAT_GOOD)
316 len += sizeof(*info);
317 fp = fc_frame_alloc(lport, len);
318 if (!fp)
319 return;
320 fcp = fc_frame_payload_get(fp, len);
321 memset(fcp, 0, len);
322 fcp->resp.fr_status = status;
323 if (status == SAM_STAT_GOOD) {
324 fcp->ext.fr_rsp_len = htonl(sizeof(*info));
325 fcp->resp.fr_flags |= FCP_RSP_LEN_VAL;
326 info = (struct fcp_resp_rsp_info *)(fcp + 1);
327 info->rsp_code = code;
330 fc_fill_reply_hdr(fp, rx_fp, FC_RCTL_DD_CMD_STATUS, 0);
331 sp = fr_seq(fp);
332 if (sp) {
333 lport->tt.seq_send(lport, sp, fp);
334 lport->tt.exch_done(sp);
335 } else {
336 lport->tt.frame_send(lport, fp);
341 * Send error or task management response.
343 static void ft_send_resp_code(struct ft_cmd *cmd,
344 enum fcp_resp_rsp_codes code)
346 ft_send_resp_status(cmd->sess->tport->lport,
347 cmd->req_frame, SAM_STAT_GOOD, code);
352 * Send error or task management response.
353 * Always frees the cmd and associated state.
355 static void ft_send_resp_code_and_free(struct ft_cmd *cmd,
356 enum fcp_resp_rsp_codes code)
358 ft_send_resp_code(cmd, code);
359 ft_free_cmd(cmd);
363 * Handle Task Management Request.
365 static void ft_send_tm(struct ft_cmd *cmd)
367 struct se_tmr_req *tmr;
368 struct fcp_cmnd *fcp;
369 struct ft_sess *sess;
370 u8 tm_func;
372 transport_init_se_cmd(&cmd->se_cmd, &ft_configfs->tf_ops,
373 cmd->sess->se_sess, 0, DMA_NONE, 0,
374 &cmd->ft_sense_buffer[0]);
375 target_get_sess_cmd(cmd->sess->se_sess, &cmd->se_cmd, false);
377 fcp = fc_frame_payload_get(cmd->req_frame, sizeof(*fcp));
379 switch (fcp->fc_tm_flags) {
380 case FCP_TMF_LUN_RESET:
381 tm_func = TMR_LUN_RESET;
382 break;
383 case FCP_TMF_TGT_RESET:
384 tm_func = TMR_TARGET_WARM_RESET;
385 break;
386 case FCP_TMF_CLR_TASK_SET:
387 tm_func = TMR_CLEAR_TASK_SET;
388 break;
389 case FCP_TMF_ABT_TASK_SET:
390 tm_func = TMR_ABORT_TASK_SET;
391 break;
392 case FCP_TMF_CLR_ACA:
393 tm_func = TMR_CLEAR_ACA;
394 break;
395 default:
397 * FCP4r01 indicates having a combination of
398 * tm_flags set is invalid.
400 pr_debug("invalid FCP tm_flags %x\n", fcp->fc_tm_flags);
401 ft_send_resp_code_and_free(cmd, FCP_CMND_FIELDS_INVALID);
402 return;
405 pr_debug("alloc tm cmd fn %d\n", tm_func);
406 tmr = core_tmr_alloc_req(&cmd->se_cmd, cmd, tm_func, GFP_KERNEL);
407 if (!tmr) {
408 pr_debug("alloc failed\n");
409 ft_send_resp_code_and_free(cmd, FCP_TMF_FAILED);
410 return;
412 cmd->se_cmd.se_tmr_req = tmr;
414 switch (fcp->fc_tm_flags) {
415 case FCP_TMF_LUN_RESET:
416 cmd->lun = scsilun_to_int((struct scsi_lun *)fcp->fc_lun);
417 if (transport_lookup_tmr_lun(&cmd->se_cmd, cmd->lun) < 0) {
419 * Make sure to clean up newly allocated TMR request
420 * since "unable to handle TMR request because failed
421 * to get to LUN"
423 pr_debug("Failed to get LUN for TMR func %d, "
424 "se_cmd %p, unpacked_lun %d\n",
425 tm_func, &cmd->se_cmd, cmd->lun);
426 ft_dump_cmd(cmd, __func__);
427 sess = cmd->sess;
428 transport_send_check_condition_and_sense(&cmd->se_cmd,
429 cmd->se_cmd.scsi_sense_reason, 0);
430 ft_sess_put(sess);
431 return;
433 break;
434 case FCP_TMF_TGT_RESET:
435 case FCP_TMF_CLR_TASK_SET:
436 case FCP_TMF_ABT_TASK_SET:
437 case FCP_TMF_CLR_ACA:
438 break;
439 default:
440 return;
442 transport_generic_handle_tmr(&cmd->se_cmd);
446 * Send status from completed task management request.
448 int ft_queue_tm_resp(struct se_cmd *se_cmd)
450 struct ft_cmd *cmd = container_of(se_cmd, struct ft_cmd, se_cmd);
451 struct se_tmr_req *tmr = se_cmd->se_tmr_req;
452 enum fcp_resp_rsp_codes code;
454 if (cmd->aborted)
455 return 0;
456 switch (tmr->response) {
457 case TMR_FUNCTION_COMPLETE:
458 code = FCP_TMF_CMPL;
459 break;
460 case TMR_LUN_DOES_NOT_EXIST:
461 code = FCP_TMF_INVALID_LUN;
462 break;
463 case TMR_FUNCTION_REJECTED:
464 code = FCP_TMF_REJECTED;
465 break;
466 case TMR_TASK_DOES_NOT_EXIST:
467 case TMR_TASK_STILL_ALLEGIANT:
468 case TMR_TASK_FAILOVER_NOT_SUPPORTED:
469 case TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED:
470 case TMR_FUNCTION_AUTHORIZATION_FAILED:
471 default:
472 code = FCP_TMF_FAILED;
473 break;
475 pr_debug("tmr fn %d resp %d fcp code %d\n",
476 tmr->function, tmr->response, code);
477 ft_send_resp_code(cmd, code);
478 return 0;
481 static void ft_send_work(struct work_struct *work);
484 * Handle incoming FCP command.
486 static void ft_recv_cmd(struct ft_sess *sess, struct fc_frame *fp)
488 struct ft_cmd *cmd;
489 struct fc_lport *lport = sess->tport->lport;
491 cmd = kzalloc(sizeof(*cmd), GFP_ATOMIC);
492 if (!cmd)
493 goto busy;
494 cmd->sess = sess;
495 cmd->seq = lport->tt.seq_assign(lport, fp);
496 if (!cmd->seq) {
497 kfree(cmd);
498 goto busy;
500 cmd->req_frame = fp; /* hold frame during cmd */
502 INIT_WORK(&cmd->work, ft_send_work);
503 queue_work(sess->tport->tpg->workqueue, &cmd->work);
504 return;
506 busy:
507 pr_debug("cmd or seq allocation failure - sending BUSY\n");
508 ft_send_resp_status(lport, fp, SAM_STAT_BUSY, 0);
509 fc_frame_free(fp);
510 ft_sess_put(sess); /* undo get from lookup */
515 * Handle incoming FCP frame.
516 * Caller has verified that the frame is type FCP.
518 void ft_recv_req(struct ft_sess *sess, struct fc_frame *fp)
520 struct fc_frame_header *fh = fc_frame_header_get(fp);
522 switch (fh->fh_r_ctl) {
523 case FC_RCTL_DD_UNSOL_CMD: /* command */
524 ft_recv_cmd(sess, fp);
525 break;
526 case FC_RCTL_DD_SOL_DATA: /* write data */
527 case FC_RCTL_DD_UNSOL_CTL:
528 case FC_RCTL_DD_SOL_CTL:
529 case FC_RCTL_DD_DATA_DESC: /* transfer ready */
530 case FC_RCTL_ELS4_REQ: /* SRR, perhaps */
531 default:
532 pr_debug("%s: unhandled frame r_ctl %x\n",
533 __func__, fh->fh_r_ctl);
534 fc_frame_free(fp);
535 ft_sess_put(sess); /* undo get from lookup */
536 break;
541 * Send new command to target.
543 static void ft_send_work(struct work_struct *work)
545 struct ft_cmd *cmd = container_of(work, struct ft_cmd, work);
546 struct fc_frame_header *fh = fc_frame_header_get(cmd->req_frame);
547 struct fcp_cmnd *fcp;
548 int data_dir = 0;
549 u32 data_len;
550 int task_attr;
552 fcp = fc_frame_payload_get(cmd->req_frame, sizeof(*fcp));
553 if (!fcp)
554 goto err;
556 if (fcp->fc_flags & FCP_CFL_LEN_MASK)
557 goto err; /* not handling longer CDBs yet */
559 if (fcp->fc_tm_flags) {
560 task_attr = FCP_PTA_SIMPLE;
561 data_dir = DMA_NONE;
562 data_len = 0;
563 } else {
564 switch (fcp->fc_flags & (FCP_CFL_RDDATA | FCP_CFL_WRDATA)) {
565 case 0:
566 data_dir = DMA_NONE;
567 break;
568 case FCP_CFL_RDDATA:
569 data_dir = DMA_FROM_DEVICE;
570 break;
571 case FCP_CFL_WRDATA:
572 data_dir = DMA_TO_DEVICE;
573 break;
574 case FCP_CFL_WRDATA | FCP_CFL_RDDATA:
575 goto err; /* TBD not supported by tcm_fc yet */
578 * Locate the SAM Task Attr from fc_pri_ta
580 switch (fcp->fc_pri_ta & FCP_PTA_MASK) {
581 case FCP_PTA_HEADQ:
582 task_attr = MSG_HEAD_TAG;
583 break;
584 case FCP_PTA_ORDERED:
585 task_attr = MSG_ORDERED_TAG;
586 break;
587 case FCP_PTA_ACA:
588 task_attr = MSG_ACA_TAG;
589 break;
590 case FCP_PTA_SIMPLE: /* Fallthrough */
591 default:
592 task_attr = MSG_SIMPLE_TAG;
596 task_attr = fcp->fc_pri_ta & FCP_PTA_MASK;
597 data_len = ntohl(fcp->fc_dl);
598 cmd->cdb = fcp->fc_cdb;
601 * Check for FCP task management flags
603 if (fcp->fc_tm_flags) {
604 ft_send_tm(cmd);
605 return;
607 fc_seq_exch(cmd->seq)->lp->tt.seq_set_resp(cmd->seq, ft_recv_seq, cmd);
608 cmd->lun = scsilun_to_int((struct scsi_lun *)fcp->fc_lun);
610 * Use a single se_cmd->cmd_kref as we expect to release se_cmd
611 * directly from ft_check_stop_free callback in response path.
613 target_submit_cmd(&cmd->se_cmd, cmd->sess->se_sess, cmd->cdb,
614 &cmd->ft_sense_buffer[0], cmd->lun, data_len,
615 task_attr, data_dir, 0);
616 pr_debug("r_ctl %x alloc target_submit_cmd\n", fh->fh_r_ctl);
617 return;
619 err:
620 ft_send_resp_code_and_free(cmd, FCP_CMND_FIELDS_INVALID);