1 /*-
2 * Copyright (c) 2005-2008 Daniel Braniss <danny@cs.huji.ac.il>
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 *
26 * $FreeBSD: src/sys/dev/iscsi/initiator/iscsi_subr.c,v 1.2 2008/11/25 07:17:11 scottl Exp $
27 */
28 /*
29 | $Id: iscsi_subr.c,v 1.17 2006/11/26 14:50:43 danny Exp danny $
30 */
31
32 #include "opt_iscsi_initiator.h"
33
34 #include <sys/param.h>
35 #include <sys/kernel.h>
36 #include <sys/callout.h>
37 #include <sys/malloc.h>
38 #include <sys/mbuf.h>
39 #include <sys/kthread.h>
40 #include <sys/lock.h>
41 #include <sys/uio.h>
42 #include <sys/sysctl.h>
43 #include <sys/systm.h>
44 #include <sys/globaldata.h>
45
46 #include <bus/cam/cam.h>
47 #include <bus/cam/cam_ccb.h>
48 #include <bus/cam/cam_sim.h>
49 #include <bus/cam/cam_xpt_sim.h>
50 #include <bus/cam/cam_periph.h>
51 #include <bus/cam/scsi/scsi_message.h>
52 #include <sys/eventhandler.h>
53
54 #include <dev/disk/iscsi/initiator/iscsi.h>
55 #include <dev/disk/iscsi/initiator/iscsivar.h>
56
57 /*
58 | Interface to the SCSI layer
59 */
60 void
iscsi_r2t(isc_session_t * sp,pduq_t * opq,pduq_t * pq)61 iscsi_r2t(isc_session_t *sp, pduq_t *opq, pduq_t *pq)
62 {
63 union ccb *ccb = opq->ccb;
64 struct ccb_scsiio *csio = &ccb->csio;
65 pdu_t *opp = &opq->pdu;
66 bhs_t *bhp = &opp->ipdu.bhs;
67 r2t_t *r2t = &pq->pdu.ipdu.r2t;
68 pduq_t *wpq;
69 int error;
70
71 debug_called(8);
72 sdebug(4, "itt=%x r2tSN=%d bo=%x ddtl=%x W=%d", ntohl(r2t->itt),
73 ntohl(r2t->r2tSN), ntohl(r2t->bo), ntohl(r2t->ddtl), opp->ipdu.scsi_req.W);
74
75 switch(bhp->opcode) {
76 case ISCSI_SCSI_CMD:
77 if(opp->ipdu.scsi_req.W) {
78 data_out_t *cmd;
79 u_int ddtl = ntohl(r2t->ddtl);
80 u_int edtl = ntohl(opp->ipdu.scsi_req.edtlen);
81 u_int bleft, bs, dsn, bo;
82 caddr_t bp = csio->data_ptr;
83
84 bo = ntohl(r2t->bo);
85 bleft = ddtl;
86
87 if(sp->opt.maxXmitDataSegmentLength > 0) // danny's RFC
88 bs = MIN(sp->opt.maxXmitDataSegmentLength, ddtl);
89 else
90 bs = ddtl;
91 dsn = 0;
92 sdebug(4, "edtl=%x ddtl=%x bo=%x dsn=%x bs=%x maxX=%x",
93 edtl, ddtl, bo, dsn, bs, sp->opt.maxXmitDataSegmentLength);
94 while(bleft > 0) {
95 wpq = pdu_alloc(sp->isc, M_NOWAIT); // testing ...
96 if(wpq == NULL) {
97 sdebug(3, "itt=%x r2tSN=%d bo=%x ddtl=%x W=%d", ntohl(r2t->itt),
98 ntohl(r2t->r2tSN), ntohl(r2t->bo), ntohl(r2t->ddtl), opp->ipdu.scsi_req.W);
99 sdebug(1, "npdu_max=%d npdu_alloc=%d", sp->isc->npdu_max, sp->isc->npdu_alloc);
100
101 while((wpq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) {
102 sdebug(2, "waiting...");
103 tsleep(sp->isc, 0, "isc_r2t", 5*hz);
104 }
105 }
106 cmd = &wpq->pdu.ipdu.data_out;
107 cmd->opcode = ISCSI_WRITE_DATA;
108 cmd->lun[0] = r2t->lun[0];
109 cmd->lun[1] = r2t->lun[1];
110 cmd->ttt = r2t->ttt;
111 cmd->itt = r2t->itt;
112
113 cmd->dsn = htonl(dsn);
114 cmd->bo = htonl(bo);
115
116 cmd->F = (bs < bleft)? 0: 1; // is this the last one?
117 bs = MIN(bs, bleft);
118
119 wpq->pdu.ds_len = bs;
120 wpq->pdu.ds = bp;
121
122 error = isc_qout(sp, wpq);
123 sdebug(6, "bs=%x bo=%x bp=%p dsn=%x error=%d", bs, bo, bp, dsn, error);
124 if(error)
125 break;
126 bo += bs;
127 bp += bs;
128 bleft -= bs;
129 dsn++;
130 }
131 }
132 break;
133
134 default:
135 // XXX: should not happen ...
136 xdebug("huh? opcode=0x%x", bhp->opcode);
137 }
138 }
139
140 static int
getSenseData(u_int status,union ccb * ccb,pduq_t * pq)141 getSenseData(u_int status, union ccb *ccb, pduq_t *pq)
142 {
143 pdu_t *pp = &pq->pdu;
144 struct ccb_scsiio *scsi = (struct ccb_scsiio *)ccb;
145 struct scsi_sense_data *sense = &scsi->sense_data;
146 struct mbuf *m = pq->mp;
147 scsi_rsp_t *cmd = &pp->ipdu.scsi_rsp;
148 caddr_t bp;
149 int sense_len, mustfree = 0;
150
151 bp = mtod(pq->mp, caddr_t);
152 if((sense_len = scsi_2btoul(bp)) == 0)
153 return 0;
154 debug(4, "sense_len=%d", sense_len);
155 /*
156 | according to the specs, the sense data cannot
157 | be larger than 252 ...
158 */
159 if(sense_len > m->m_len) {
160 bp = kmalloc(sense_len, M_ISCSI, M_WAITOK);
161 debug(3, "calling i_mbufcopy(len=%d)", sense_len);
162 i_mbufcopy(pq->mp, bp, sense_len);
163 mustfree++;
164 }
165 scsi->scsi_status = status;
166
167 bcopy(bp+2, sense, min(sense_len, scsi->sense_len));
168 scsi->sense_resid = 0;
169 if(cmd->flag & (BIT(1)|BIT(2)))
170 scsi->sense_resid = ntohl(pp->ipdu.scsi_rsp.rcnt);
171 debug(3, "sense_len=%d rcnt=%d sense_resid=%d dsl=%d error_code=%x flags=%x",
172 sense_len,
173 ntohl(pp->ipdu.scsi_rsp.rcnt), scsi->sense_resid,
174 pp->ds_len, sense->error_code, sense->flags);
175
176 if(mustfree)
177 kfree(bp, M_ISCSI);
178
179 return 1;
180 }
181
182 /*
183 | Some information is from SAM draft.
184 */
185 static void
_scsi_done(struct isc_softc * isp,u_int response,u_int status,union ccb * ccb,pduq_t * pq)186 _scsi_done(struct isc_softc *isp, u_int response, u_int status, union ccb *ccb, pduq_t *pq)
187 {
188 struct ccb_hdr *ccb_h = &ccb->ccb_h;
189
190 debug_called(8);
191
192 if(status || response) {
193 debug(3, "response=%x status=%x ccb=%p pq=%p", response, status, ccb, pq);
194 if(pq != NULL)
195 debug(3, "mp=%p buf=%p len=%d", pq->mp, pq->buf, pq->len);
196 }
197 ccb_h->status = 0;
198 switch(response) {
199 case 0: // Command Completed at Target
200 switch(status) {
201 case 0: // Good, all is ok
202 ccb_h->status = CAM_REQ_CMP;
203 break;
204
205 case 0x02: // Check Condition
206 if((pq != NULL) && (pq->mp != NULL) && getSenseData(status, ccb, pq))
207 ccb_h->status |= CAM_AUTOSNS_VALID;
208
209 case 0x14: // Intermediate-Condition Met
210 case 0x10: // Intermediate
211 case 0x04: // Condition Met
212 ccb_h->status |= CAM_SCSI_STATUS_ERROR;
213 break;
214
215 case 0x08:
216 ccb_h->status = CAM_BUSY;
217 break;
218
219 case 0x18: // Reservation Conflict
220 case 0x28: // Task Set Full
221 ccb_h->status = CAM_REQUEUE_REQ;
222 break;
223 default:
224 //case 0x22: // Command Terminated
225 //case 0x30: // ACA Active
226 //case 0x40: // Task Aborted
227 ccb_h->status = CAM_REQ_CMP_ERR; //CAM_REQ_ABORTED;
228 }
229 break;
230
231 default:
232 if((response >= 0x80) && (response <= 0xFF)) {
233 // Vendor specific ...
234 }
235 case 1: // target failure
236 ccb_h->status = CAM_REQ_CMP_ERR; //CAM_REQ_ABORTED;
237 break;
238 }
239 debug(5, "ccb_h->status=%x", ccb_h->status);
240
241 XPT_DONE(isp, ccb);
242 }
243
244 /*
245 | returns the lowest cmdseq that was not acked
246 */
247 int
iscsi_requeue(isc_session_t * sp)248 iscsi_requeue(isc_session_t *sp)
249 {
250 pduq_t *pq;
251 u_int i, n, last;
252
253 debug_called(8);
254 last = -1;
255 i = 0;
256 sp->flags |= ISC_HOLD;
257 while((pq = i_dqueue_hld(sp)) != NULL) {
258 i++;
259 _scsi_done(sp->isc, 0, 0x28, pq->ccb, NULL);
260 n = ntohl(pq->pdu.ipdu.bhs.CmdSN);
261 if(last > n)
262 last = n;
263 sdebug(2, "last=%x n=%x", last, n);
264 pdu_free(sp->isc, pq);
265 }
266 sp->flags &= ~ISC_HOLD;
267 return i? last: sp->sn.cmd;
268 }
269
270 int
i_pdu_flush(isc_session_t * sp)271 i_pdu_flush(isc_session_t *sp)
272 {
273 int n = 0;
274 pduq_t *pq;
275
276 debug_called(8);
277 while((pq = i_dqueue_rsp(sp)) != NULL) {
278 pdu_free(sp->isc, pq);
279 n++;
280 }
281 while((pq = i_dqueue_rsv(sp)) != NULL) {
282 pdu_free(sp->isc, pq);
283 n++;
284 }
285 while((pq = i_dqueue_snd(sp, -1)) != NULL) {
286 pdu_free(sp->isc, pq);
287 n++;
288 }
289 while((pq = i_dqueue_hld(sp)) != NULL) {
290 pdu_free(sp->isc, pq);
291 n++;
292 }
293 while((pq = i_dqueue_wsnd(sp)) != NULL) {
294 pdu_free(sp->isc, pq);
295 n++;
296 }
297 if(n != 0)
298 xdebug("%d pdus recovered, should have been ZERO!", n);
299 return n;
300 }
301 /*
302 | called from ism_destroy.
303 */
304 void
iscsi_cleanup(isc_session_t * sp)305 iscsi_cleanup(isc_session_t *sp)
306 {
307 pduq_t *pq, *pqtmp;
308
309 debug_called(8);
310
311 TAILQ_FOREACH_MUTABLE(pq, &sp->hld, pq_link, pqtmp) {
312 sdebug(3, "hld pq=%p", pq);
313 if(pq->ccb)
314 _scsi_done(sp->isc, 1, 0x40, pq->ccb, NULL);
315 TAILQ_REMOVE(&sp->hld, pq, pq_link);
316 pdu_free(sp->isc, pq);
317 }
318 while((pq = i_dqueue_snd(sp, BIT(0)|BIT(1)|BIT(2))) != NULL) {
319 sdebug(3, "pq=%p", pq);
320 if(pq->ccb)
321 _scsi_done(sp->isc, 1, 0x40, pq->ccb, NULL);
322 pdu_free(sp->isc, pq);
323 }
324
325 wakeup(&sp->rsp);
326 }
327
328 void
iscsi_done(isc_session_t * sp,pduq_t * opq,pduq_t * pq)329 iscsi_done(isc_session_t *sp, pduq_t *opq, pduq_t *pq)
330 {
331 pdu_t *pp = &pq->pdu;
332 scsi_rsp_t *cmd = &pp->ipdu.scsi_rsp;
333
334 debug_called(8);
335
336 _scsi_done(sp->isc, cmd->response, cmd->status, opq->ccb, pq);
337
338 pdu_free(sp->isc, opq);
339 }
340
341 // see RFC 3720, 10.9.1 page 146
342 /*
343 | NOTE:
344 | the call to isc_stop_receiver is a kludge,
345 | instead, it should be handled by the userland controller,
346 | but that means that there should be a better way, other than
347 | sending a signal. Somehow, this packet should be supplied to
348 | the userland via read.
349 */
350 void
iscsi_async(isc_session_t * sp,pduq_t * pq)351 iscsi_async(isc_session_t *sp, pduq_t *pq)
352 {
353 pdu_t *pp = &pq->pdu;
354 async_t *cmd = &pp->ipdu.async;
355
356 debug_called(8);
357
358 sdebug(3, "asyncevent=0x%x asyncVCode=0x%0x", cmd->asyncEvent, cmd->asyncVCode);
359 switch(cmd->asyncEvent) {
360 case 0: // check status ...
361 break;
362
363 case 1: // target request logout
364 isc_stop_receiver(sp); // XXX: temporary solution
365 break;
366
367 case 2: // target indicates it wants to drop connection
368 isc_stop_receiver(sp); // XXX: temporary solution
369 break;
370
371 case 3: // target indicates it will drop all connections.
372 isc_stop_receiver(sp); // XXX: temporary solution
373 break;
374
375 case 4: // target request parameter negotiation
376 break;
377
378 default:
379 break;
380 }
381 }
382
383 void
iscsi_reject(isc_session_t * sp,pduq_t * opq,pduq_t * pq)384 iscsi_reject(isc_session_t *sp, pduq_t *opq, pduq_t *pq)
385 {
386 union ccb *ccb = opq->ccb;
387 //reject_t *reject = &pq->pdu.ipdu.reject;
388
389 debug_called(8);
390 //XXX: check RFC 10.17.1 (page 176)
391 ccb->ccb_h.status = CAM_REQ_ABORTED;
392 XPT_DONE(sp->isc, ccb);
393
394 pdu_free(sp->isc, opq);
395 }
396
397 /*
398 | deal with lun
399 */
400 static int
dwl(isc_session_t * sp,int lun,u_char * lp)401 dwl(isc_session_t *sp, int lun, u_char *lp)
402 {
403 int i;
404
405 debug_called(8);
406
407 /*
408 | mapping LUN to iSCSI LUN
409 | check the SAM-2 specs
410 | hint: maxLUNS is a small number, cam's LUN is 32bits
411 | iSCSI is 64bits, scsi is ?
412 */
413 // XXX: check if this will pass the endian test
414 if(lun < 256) {
415 lp[0] = 0;
416 lp[1] = lun;
417 } else
418 if(lun < 16384) {
419 lp[0] = (1 << 5) | ((lun >> 8) & 0x3f);
420 lp[1] = lun & 0xff;
421 }
422 else {
423 xdebug("lun %d: is unsupported!", lun);
424 return -1;
425 }
426
427 for(i = 0; i < sp->target_nluns; i++)
428 if(sp->target_lun[i] == lun)
429 return 0;
430 if(sp->target_nluns < ISCSI_MAX_LUNS)
431 sp->target_lun[sp->target_nluns++] = lun;
432
433 sdebug(3, "nluns=%d lun=%d", sp->target_nluns, lun);
434
435 return 0;
436 }
437
438 /*
439 | encapsulate the scsi command and
440 */
441 int
scsi_encap(struct cam_sim * sim,union ccb * ccb)442 scsi_encap(struct cam_sim *sim, union ccb *ccb)
443 {
444 struct isc_softc *isp = (struct isc_softc *)cam_sim_softc(sim);
445 isc_session_t *sp;
446 struct ccb_scsiio *csio = &ccb->csio;
447 struct ccb_hdr *ccb_h = &ccb->ccb_h;
448 pduq_t *pq;
449 scsi_req_t *cmd;
450
451 debug_called(8);
452
453 debug(4, "ccb->sp=%p", ccb_h->spriv_ptr0);
454 sp = ccb_h->spriv_ptr0;
455
456 if((pq = pdu_alloc(isp, M_NOWAIT)) == NULL) {
457 debug(2, "ccb->sp=%p", ccb_h->spriv_ptr0);
458 sdebug(1, "pdu_alloc failed sc->npdu_max=%d npdu_alloc=%d",
459 sp->isc->npdu_max, sp->isc->npdu_alloc);
460 while((pq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) {
461 sdebug(3, "waiting...");
462 tsleep(sp->isc, 0, "isc_encap", 5*hz);
463 }
464 #if 0
465 sdebug(3, "freezing");
466 ccb->ccb_h.status = CAM_REQUEUE_REQ;
467 ic_freeze(sp);
468 return 0;
469 #endif
470 }
471
472 #if 0
473 if((sp->flags & ISC_FFPHASE) == 0) {
474 ccb->ccb_h.status = CAM_DEV_NOT_THERE; // CAM_NO_NEXUS;
475 sdebug(3, "no active session with target %d", ccb_h->target_id);
476 goto bad;
477 }
478 #endif
479 cmd = &pq->pdu.ipdu.scsi_req;
480 cmd->opcode = ISCSI_SCSI_CMD;
481 cmd->F = 1;
482 /*
483 | map tag option, default is UNTAGGED
484 */
485 switch(csio->tag_action) {
486 case MSG_SIMPLE_Q_TAG: cmd->attr = iSCSI_TASK_SIMPLE; break;
487 case MSG_HEAD_OF_Q_TAG: cmd->attr = iSCSI_TASK_ORDER; break;
488 case MSG_ORDERED_Q_TAG: cmd->attr = iSCSI_TASK_HOFQ; break;
489 case MSG_ACA_TASK: cmd->attr = iSCSI_TASK_ACA; break;
490 }
491
492 dwl(sp, ccb_h->target_lun, (u_char *)&cmd->lun);
493
494 if((ccb_h->flags & CAM_CDB_POINTER) != 0) {
495 if((ccb_h->flags & CAM_CDB_PHYS) == 0) {
496 if(csio->cdb_len > 16) {
497 sdebug(3, "oversize cdb %d > 16", csio->cdb_len);
498 goto invalid;
499 }
500 }
501 else {
502 sdebug(3, "not phys");
503 goto invalid;
504 }
505 }
506
507 if(csio->cdb_len > sizeof(cmd->cdb))
508 xdebug("guevalt! %d > %ld", csio->cdb_len, (long)sizeof(cmd->cdb));
509
510 memcpy(cmd->cdb,
511 ccb_h->flags & CAM_CDB_POINTER? csio->cdb_io.cdb_ptr: csio->cdb_io.cdb_bytes,
512 csio->cdb_len);
513
514 cmd->W = (ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT;
515 cmd->R = (ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN;
516 cmd->edtlen = htonl(csio->dxfer_len);
517
518 pq->ccb = ccb;
519 /*
520 | place it in the out queue
521 */
522 if(isc_qout(sp, pq) == 0)
523 return 1;
524 invalid:
525 ccb->ccb_h.status = CAM_REQ_INVALID;
526 pdu_free(isp, pq);
527 return 0;
528 }
529
530 int
scsi_decap(isc_session_t * sp,pduq_t * opq,pduq_t * pq)531 scsi_decap(isc_session_t *sp, pduq_t *opq, pduq_t *pq)
532 {
533 union ccb *ccb = opq->ccb;
534 struct ccb_scsiio *csio = &ccb->csio;
535 pdu_t *opp = &opq->pdu;
536 bhs_t *bhp = &opp->ipdu.bhs;
537
538 debug_called(8);
539 sdebug(6, "pq=%p opq=%p bhp->opcode=0x%x len=%d",
540 pq, opq, bhp->opcode, pq->pdu.ds_len);
541 if(ccb == NULL) {
542 sdebug(1, "itt=0x%x pq=%p opq=%p bhp->opcode=0x%x len=%d",
543 ntohl(pq->pdu.ipdu.bhs.itt),
544 pq, opq, bhp->opcode, pq->pdu.ds_len);
545 xdebug("%d] ccb == NULL!", sp->sid);
546 return 0;
547 }
548 if(pq->pdu.ds_len != 0) {
549 switch(bhp->opcode) {
550 case ISCSI_SCSI_CMD: {
551 scsi_req_t *cmd = &opp->ipdu.scsi_req;
552 sdebug(5, "itt=0x%x opcode=%x R=%d",
553 ntohl(pq->pdu.ipdu.bhs.itt),
554 pq->pdu.ipdu.bhs.opcode, cmd->R);
555
556 switch(pq->pdu.ipdu.bhs.opcode) {
557 case ISCSI_READ_DATA: // SCSI Data in
558 {
559 caddr_t bp = NULL; // = mtod(pq->mp, caddr_t);
560 data_in_t *rcmd = &pq->pdu.ipdu.data_in;
561
562 if(cmd->R) {
563 sdebug(5, "copy to=%p from=%p l1=%d l2=%d mp@%p",
564 csio->data_ptr, bp? mtod(pq->mp, caddr_t): 0,
565 ntohl(cmd->edtlen), pq->pdu.ds_len, pq->mp);
566 if(ntohl(cmd->edtlen) >= pq->pdu.ds_len) {
567 int offset, len = pq->pdu.ds_len;
568
569 if(pq->mp != NULL) {
570 caddr_t dp;
571
572 offset = ntohl(rcmd->bo);
573 dp = csio->data_ptr + offset;
574 i_mbufcopy(pq->mp, dp, len);
575 }
576 }
577 else {
578 xdebug("edtlen=%d < ds_len=%d",
579 ntohl(cmd->edtlen), pq->pdu.ds_len);
580 }
581 }
582 if(rcmd->S) {
583 /*
584 | contains also the SCSI Status
585 */
586 _scsi_done(sp->isc, 0, rcmd->status, opq->ccb, NULL);
587 return 0;
588 } else
589 return 1;
590 }
591 break;
592 }
593 }
594 default:
595 sdebug(3, "opcode=%02x", bhp->opcode);
596 break;
597 }
598 }
599 /*
600 | XXX: error ...
601 */
602 return 1;
603 }
604