1 /* 2 * Generic SCSI Target Kernel Mode Driver 3 * 4 * Copyright (c) 2002 Nate Lawson. 5 * Copyright (c) 1998, 1999, 2001, 2002 Justin T. Gibbs. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions, and the following disclaimer, 13 * without modification, immediately at the beginning of the file. 14 * 2. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD: src/sys/cam/scsi/scsi_target.c,v 1.22.2.7 2003/02/18 22:07:10 njl Exp $ 30 */ 31 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/kernel.h> 35 #include <sys/conf.h> 36 #include <sys/device.h> 37 #include <sys/malloc.h> 38 #include <sys/vnode.h> 39 #include <sys/devicestat.h> 40 #include <sys/thread2.h> 41 #include <sys/devfs.h> 42 43 #include "../cam.h" 44 #include "../cam_ccb.h" 45 #include "../cam_periph.h" 46 #include "../cam_xpt_periph.h" 47 #include "../cam_sim.h" 48 #include "scsi_targetio.h" 49 50 /* Transaction information attached to each CCB sent by the user */ 51 struct targ_cmd_descr { 52 struct cam_periph_map_info mapinfo; 53 TAILQ_ENTRY(targ_cmd_descr) tqe; 54 union ccb *user_ccb; 55 int priority; 56 int func_code; 57 }; 58 59 /* Offset into the private CCB area for storing our descriptor */ 60 #define targ_descr periph_priv.entries[1].ptr 61 62 TAILQ_HEAD(descr_queue, targ_cmd_descr); 63 64 typedef enum { 65 TARG_STATE_RESV = 0x00, /* Invalid state */ 66 TARG_STATE_OPENED = 0x01, /* Device opened, softc initialized */ 67 TARG_STATE_LUN_ENABLED = 0x02 /* Device enabled for a path */ 68 } targ_state; 69 70 /* Per-instance device software context */ 71 struct targ_softc { 72 /* CCBs (CTIOs, ATIOs, INOTs) pending on the controller */ 73 struct ccb_queue pending_ccb_queue; 74 75 /* Command descriptors awaiting CTIO resources from the XPT */ 76 struct descr_queue work_queue; 77 78 /* Command descriptors that have been aborted back to the user. */ 79 struct descr_queue abort_queue; 80 81 /* 82 * Queue of CCBs that have been copied out to userland, but our 83 * userland daemon has not yet seen. 84 */ 85 struct ccb_queue user_ccb_queue; 86 87 struct cam_periph *periph; 88 struct cam_path *path; 89 targ_state state; 90 struct kqinfo read_kq; 91 struct devstat device_stats; 92 }; 93 94 static d_open_t targopen; 95 static d_close_t targclose; 96 static d_read_t targread; 97 static d_write_t targwrite; 98 static d_ioctl_t targioctl; 99 static d_kqfilter_t targkqfilter; 100 static d_clone_t targclone; 101 DEVFS_DEFINE_CLONE_BITMAP(targ); 102 103 static void targfiltdetach(struct knote *kn); 104 static int targreadfilt(struct knote *kn, long hint); 105 static int targwritefilt(struct knote *kn, long hint); 106 static struct filterops targread_filtops = 107 { FILTEROP_ISFD, NULL, targfiltdetach, targreadfilt }; 108 static struct filterops targwrite_filtops = 109 { FILTEROP_ISFD, NULL, targfiltdetach, targwritefilt }; 110 111 static struct dev_ops targ_ops = { 112 { "targ", 0, 0 }, 113 .d_open = targopen, 114 .d_close = targclose, 115 .d_read = targread, 116 .d_write = targwrite, 117 .d_ioctl = targioctl, 118 .d_kqfilter = targkqfilter 119 }; 120 121 static cam_status targendislun(struct cam_path *path, int enable, 122 int grp6_len, int grp7_len); 123 static cam_status targenable(struct targ_softc *softc, 124 struct cam_path *path, 125 int grp6_len, int grp7_len); 126 static cam_status targdisable(struct targ_softc *softc); 127 static periph_ctor_t targctor; 128 static periph_dtor_t targdtor; 129 static periph_start_t targstart; 130 static int targusermerge(struct targ_softc *softc, 131 struct targ_cmd_descr *descr, 132 union ccb *ccb); 133 static int targsendccb(struct targ_softc *softc, union ccb *ccb, 134 struct targ_cmd_descr *descr); 135 static void targdone(struct cam_periph *periph, 136 union ccb *done_ccb); 137 static int targreturnccb(struct targ_softc *softc, 138 union ccb *ccb); 139 static union ccb * targgetccb(struct targ_softc *softc, xpt_opcode type, 140 int priority); 141 static void targfreeccb(struct targ_softc *softc, union ccb *ccb); 142 static struct targ_cmd_descr * 143 targgetdescr(struct targ_softc *softc); 144 static periph_init_t targinit; 145 static void targasync(void *callback_arg, u_int32_t code, 146 struct cam_path *path, void *arg); 147 static void abort_all_pending(struct targ_softc *softc); 148 static void notify_user(struct targ_softc *softc); 149 static int targcamstatus(cam_status status); 150 static size_t targccblen(xpt_opcode func_code); 151 152 static struct periph_driver targdriver = 153 { 154 targinit, "targ", 155 TAILQ_HEAD_INITIALIZER(targdriver.units), /* generation */ 0 156 }; 157 PERIPHDRIVER_DECLARE(targ, targdriver); 158 159 static MALLOC_DEFINE(M_TARG, "TARG", "TARG data"); 160 161 /* 162 * Create softc and initialize it. Only one proc can open each targ device. 163 * There is no locking here because a periph doesn't get created until an 164 * ioctl is issued to do so, and that can't happen until this method returns. 165 */ 166 static int 167 targopen(struct dev_open_args *ap) 168 { 169 cdev_t dev = ap->a_head.a_dev; 170 struct targ_softc *softc; 171 172 if (dev->si_drv1 != 0) { 173 return (EBUSY); 174 } 175 176 /* Mark device busy before any potentially blocking operations */ 177 dev->si_drv1 = (void *)~0; 178 reference_dev(dev); /* save ref for later destroy_dev() */ 179 180 /* Create the targ device, allocate its softc, initialize it */ 181 #if 0 182 make_dev(&targ_ops, minor(dev), UID_ROOT, GID_WHEEL, 0600, 183 "targ%d", lminor(dev)); 184 #endif 185 softc = kmalloc(sizeof(*softc), M_TARG, M_INTWAIT | M_ZERO); 186 dev->si_drv1 = softc; 187 softc->state = TARG_STATE_OPENED; 188 softc->periph = NULL; 189 softc->path = NULL; 190 191 TAILQ_INIT(&softc->pending_ccb_queue); 192 TAILQ_INIT(&softc->work_queue); 193 TAILQ_INIT(&softc->abort_queue); 194 TAILQ_INIT(&softc->user_ccb_queue); 195 196 return (0); 197 } 198 199 /* Disable LUN if enabled and teardown softc */ 200 static int 201 targclose(struct dev_close_args *ap) 202 { 203 cdev_t dev = ap->a_head.a_dev; 204 struct targ_softc *softc; 205 struct cam_periph *periph; 206 int error; 207 208 softc = (struct targ_softc *)dev->si_drv1; 209 if ((softc->periph == NULL) || 210 (softc->state & TARG_STATE_LUN_ENABLED) == 0) { 211 devfs_clone_bitmap_put(&DEVFS_CLONE_BITMAP(targ), dev->si_uminor); 212 destroy_dev(dev); 213 kfree(softc, M_TARG); 214 return (0); 215 } 216 217 /* 218 * Acquire a hold on the periph so that it doesn't go away before 219 * we are ready at the end of the function. 220 */ 221 periph = softc->periph; 222 cam_periph_acquire(periph); 223 cam_periph_lock(periph); 224 error = targdisable(softc); 225 if (error == CAM_REQ_CMP) { 226 dev->si_drv1 = 0; 227 if (softc->periph != NULL) { 228 cam_periph_invalidate(softc->periph); 229 softc->periph = NULL; 230 } 231 destroy_dev(dev); /* eats the open ref */ 232 devfs_clone_bitmap_put(&DEVFS_CLONE_BITMAP(targ), dev->si_uminor); 233 kfree(softc, M_TARG); 234 } else { 235 release_dev(dev); 236 } 237 cam_periph_unlock(periph); 238 cam_periph_release(periph); 239 240 return (error); 241 } 242 243 /* Enable/disable LUNs, set debugging level */ 244 static int 245 targioctl(struct dev_ioctl_args *ap) 246 { 247 struct targ_softc *softc; 248 cam_status status; 249 250 softc = (struct targ_softc *)ap->a_head.a_dev->si_drv1; 251 252 switch (ap->a_cmd) { 253 case TARGIOCENABLE: 254 { 255 struct ioc_enable_lun *new_lun; 256 struct cam_path *path; 257 struct cam_sim *sim; 258 259 new_lun = (struct ioc_enable_lun *)ap->a_data; 260 status = xpt_create_path_unlocked(&path, /*periph*/NULL, 261 new_lun->path_id, 262 new_lun->target_id, 263 new_lun->lun_id); 264 if (status != CAM_REQ_CMP) { 265 kprintf("Couldn't create path, status %#x\n", status); 266 break; 267 } 268 sim = xpt_path_sim(path); 269 CAM_SIM_LOCK(sim); 270 status = targenable(softc, path, new_lun->grp6_len, 271 new_lun->grp7_len); 272 xpt_free_path(path); 273 CAM_SIM_UNLOCK(sim); 274 break; 275 } 276 case TARGIOCDISABLE: 277 if (softc->periph == NULL) { 278 status = CAM_DEV_NOT_THERE; 279 break; 280 } 281 cam_periph_lock(softc->periph); 282 status = targdisable(softc); 283 cam_periph_unlock(softc->periph); 284 break; 285 case TARGIOCDEBUG: 286 { 287 #ifdef CAMDEBUG 288 struct ccb_debug *cdbg; 289 290 /* If no periph available, disallow debugging changes */ 291 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) { 292 status = CAM_DEV_NOT_THERE; 293 break; 294 } 295 cdbg = &xpt_alloc_ccb()->cdbg; 296 if (*((int *)ap->a_data) != 0) 297 cdbg->flags = CAM_DEBUG_PERIPH; 298 else 299 cdbg->flags = CAM_DEBUG_NONE; 300 cam_periph_lock(softc->periph); 301 xpt_setup_ccb(&cdbg->ccb_h, softc->path, /*priority*/0); 302 cdbg->ccb_h.func_code = XPT_DEBUG; 303 cdbg->ccb_h.cbfcnp = targdone; 304 305 xpt_action((union ccb *)cdbg); 306 cam_periph_unlock(softc->periph); 307 status = cdbg->ccb_h.status & CAM_STATUS_MASK; 308 xpt_free_ccb(&cdbg->ccb_h); 309 #else 310 status = CAM_FUNC_NOTAVAIL; 311 #endif 312 break; 313 } 314 default: 315 status = CAM_PROVIDE_FAIL; 316 break; 317 } 318 319 return (targcamstatus(status)); 320 } 321 322 static int 323 targkqfilter(struct dev_kqfilter_args *ap) 324 { 325 struct knote *kn = ap->a_kn; 326 struct targ_softc *softc; 327 328 softc = (struct targ_softc *)ap->a_head.a_dev->si_drv1; 329 330 ap->a_result = 0; 331 332 switch (kn->kn_filter) { 333 case EVFILT_READ: 334 kn->kn_hook = (caddr_t)softc; 335 kn->kn_fop = &targread_filtops; 336 break; 337 case EVFILT_WRITE: 338 kn->kn_hook = (caddr_t)softc; 339 kn->kn_fop = &targwrite_filtops; 340 default: 341 ap->a_result = EOPNOTSUPP; 342 return (0); 343 } 344 345 knote_insert(&softc->read_kq.ki_note, kn); 346 return (0); 347 } 348 349 static void 350 targfiltdetach(struct knote *kn) 351 { 352 struct targ_softc *softc; 353 354 softc = (struct targ_softc *)kn->kn_hook; 355 knote_remove(&softc->read_kq.ki_note, kn); 356 } 357 358 /* Notify the user's kqueue when the user queue or abort queue gets a CCB */ 359 static int 360 targreadfilt(struct knote *kn, long hint) 361 { 362 struct targ_softc *softc; 363 int retval; 364 365 softc = (struct targ_softc *)kn->kn_hook; 366 cam_periph_lock(softc->periph); 367 retval = !TAILQ_EMPTY(&softc->user_ccb_queue) || 368 !TAILQ_EMPTY(&softc->abort_queue); 369 cam_periph_unlock(softc->periph); 370 return (retval); 371 } 372 373 /* write() is always ok */ 374 static int 375 targwritefilt(struct knote *kn, long hint) 376 { 377 return (1); 378 } 379 380 /* Send the HBA the enable/disable message */ 381 static cam_status 382 targendislun(struct cam_path *path, int enable, int grp6_len, int grp7_len) 383 { 384 struct ccb_en_lun *en_ccb; 385 cam_status status; 386 387 /* Tell the lun to begin answering selects */ 388 en_ccb = &xpt_alloc_ccb()->cel; 389 xpt_setup_ccb(&en_ccb->ccb_h, path, /*priority*/1); 390 en_ccb->ccb_h.func_code = XPT_EN_LUN; 391 /* Don't need support for any vendor specific commands */ 392 en_ccb->grp6_len = grp6_len; 393 en_ccb->grp7_len = grp7_len; 394 en_ccb->enable = enable ? 1 : 0; 395 xpt_action((union ccb *)en_ccb); 396 status = en_ccb->ccb_h.status & CAM_STATUS_MASK; 397 if (status != CAM_REQ_CMP) { 398 xpt_print(path, "%sable lun CCB rejected, status %#x\n", 399 enable ? "en" : "dis", status); 400 } 401 xpt_free_ccb(&en_ccb->ccb_h); 402 403 return (status); 404 } 405 406 /* Enable target mode on a LUN, given its path */ 407 static cam_status 408 targenable(struct targ_softc *softc, struct cam_path *path, int grp6_len, 409 int grp7_len) 410 { 411 struct cam_periph *periph; 412 struct ccb_pathinq *cpi; 413 cam_status status; 414 415 if ((softc->state & TARG_STATE_LUN_ENABLED) != 0) 416 return (CAM_LUN_ALRDY_ENA); 417 418 /* Make sure SIM supports target mode */ 419 cpi = &xpt_alloc_ccb()->cpi; 420 xpt_setup_ccb(&cpi->ccb_h, path, /*priority*/1); 421 cpi->ccb_h.func_code = XPT_PATH_INQ; 422 xpt_action((union ccb *)cpi); 423 status = cpi->ccb_h.status & CAM_STATUS_MASK; 424 if (status != CAM_REQ_CMP) { 425 kprintf("pathinq failed, status %#x\n", status); 426 goto enable_fail; 427 } 428 if ((cpi->target_sprt & PIT_PROCESSOR) == 0) { 429 kprintf("controller does not support target mode\n"); 430 status = CAM_FUNC_NOTAVAIL; 431 goto enable_fail; 432 } 433 434 /* Destroy any periph on our path if it is disabled */ 435 periph = cam_periph_find(path, "targ"); 436 if (periph != NULL) { 437 struct targ_softc *del_softc; 438 439 del_softc = (struct targ_softc *)periph->softc; 440 if ((del_softc->state & TARG_STATE_LUN_ENABLED) == 0) { 441 cam_periph_invalidate(del_softc->periph); 442 del_softc->periph = NULL; 443 } else { 444 kprintf("Requested path still in use by targ%d\n", 445 periph->unit_number); 446 status = CAM_LUN_ALRDY_ENA; 447 goto enable_fail; 448 } 449 } 450 451 /* Create a periph instance attached to this path */ 452 status = cam_periph_alloc(targctor, NULL, targdtor, targstart, 453 "targ", CAM_PERIPH_BIO, path, targasync, 0, softc); 454 if (status != CAM_REQ_CMP) { 455 kprintf("cam_periph_alloc failed, status %#x\n", status); 456 goto enable_fail; 457 } 458 459 /* Ensure that the periph now exists. */ 460 if (cam_periph_find(path, "targ") == NULL) { 461 panic("targenable: succeeded but no periph?"); 462 /* NOTREACHED */ 463 } 464 465 /* Send the enable lun message */ 466 status = targendislun(path, /*enable*/1, grp6_len, grp7_len); 467 if (status != CAM_REQ_CMP) { 468 kprintf("enable lun failed, status %#x\n", status); 469 goto enable_fail; 470 } 471 softc->state |= TARG_STATE_LUN_ENABLED; 472 473 enable_fail: 474 xpt_free_ccb(&cpi->ccb_h); 475 476 return (status); 477 } 478 479 /* Disable this softc's target instance if enabled */ 480 static cam_status 481 targdisable(struct targ_softc *softc) 482 { 483 cam_status status; 484 485 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) 486 return (CAM_REQ_CMP); 487 488 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targdisable\n")); 489 490 /* Abort any ccbs pending on the controller */ 491 crit_enter(); 492 abort_all_pending(softc); 493 crit_exit(); 494 495 /* Disable this lun */ 496 status = targendislun(softc->path, /*enable*/0, 497 /*grp6_len*/0, /*grp7_len*/0); 498 if (status == CAM_REQ_CMP) 499 softc->state &= ~TARG_STATE_LUN_ENABLED; 500 else 501 kprintf("Disable lun failed, status %#x\n", status); 502 503 return (status); 504 } 505 506 /* Initialize a periph (called from cam_periph_alloc) */ 507 static cam_status 508 targctor(struct cam_periph *periph, void *arg) 509 { 510 struct targ_softc *softc; 511 512 /* Store pointer to softc for periph-driven routines */ 513 softc = (struct targ_softc *)arg; 514 periph->softc = softc; 515 softc->periph = periph; 516 softc->path = periph->path; 517 return (CAM_REQ_CMP); 518 } 519 520 static void 521 targdtor(struct cam_periph *periph) 522 { 523 struct targ_softc *softc; 524 struct ccb_hdr *ccb_h; 525 struct targ_cmd_descr *descr; 526 527 softc = (struct targ_softc *)periph->softc; 528 529 /* 530 * targdisable() aborts CCBs back to the user and leaves them 531 * on user_ccb_queue and abort_queue in case the user is still 532 * interested in them. We free them now. 533 */ 534 while ((ccb_h = TAILQ_FIRST(&softc->user_ccb_queue)) != NULL) { 535 TAILQ_REMOVE(&softc->user_ccb_queue, ccb_h, periph_links.tqe); 536 targfreeccb(softc, (union ccb *)ccb_h); 537 } 538 while ((descr = TAILQ_FIRST(&softc->abort_queue)) != NULL) { 539 TAILQ_REMOVE(&softc->abort_queue, descr, tqe); 540 kfree(descr, M_TARG); 541 } 542 543 softc->periph = NULL; 544 softc->path = NULL; 545 periph->softc = NULL; 546 } 547 548 /* Receive CCBs from user mode proc and send them to the HBA */ 549 static int 550 targwrite(struct dev_write_args *ap) 551 { 552 struct uio *uio = ap->a_uio; 553 union ccb *user_ccb; 554 struct targ_softc *softc; 555 struct targ_cmd_descr *descr; 556 int write_len, error; 557 int func_code, priority; 558 559 softc = (struct targ_softc *)ap->a_head.a_dev->si_drv1; 560 write_len = error = 0; 561 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 562 ("write - uio_resid %zu\n", uio->uio_resid)); 563 while (uio->uio_resid >= sizeof(user_ccb) && error == 0) { 564 union ccb *ccb; 565 566 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 567 if (error != 0) { 568 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 569 ("write - uiomove failed (%d)\n", error)); 570 break; 571 } 572 priority = fuword32(&user_ccb->ccb_h.pinfo.priority); 573 if (priority == -1) { 574 error = EINVAL; 575 break; 576 } 577 func_code = fuword32(&user_ccb->ccb_h.func_code); 578 switch (func_code) { 579 case XPT_ACCEPT_TARGET_IO: 580 case XPT_IMMED_NOTIFY: 581 cam_periph_lock(softc->periph); 582 ccb = targgetccb(softc, func_code, priority); 583 descr = (struct targ_cmd_descr *)ccb->ccb_h.targ_descr; 584 descr->user_ccb = user_ccb; 585 descr->func_code = func_code; 586 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 587 ("Sent ATIO/INOT (%p)\n", user_ccb)); 588 xpt_action(ccb); 589 TAILQ_INSERT_TAIL(&softc->pending_ccb_queue, 590 &ccb->ccb_h, 591 periph_links.tqe); 592 cam_periph_unlock(softc->periph); 593 break; 594 default: 595 cam_periph_lock(softc->periph); 596 if ((func_code & XPT_FC_QUEUED) != 0) { 597 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 598 ("Sending queued ccb %#x (%p)\n", 599 func_code, user_ccb)); 600 descr = targgetdescr(softc); 601 descr->user_ccb = user_ccb; 602 descr->priority = priority; 603 descr->func_code = func_code; 604 crit_enter(); 605 TAILQ_INSERT_TAIL(&softc->work_queue, 606 descr, tqe); 607 crit_exit(); 608 xpt_schedule(softc->periph, priority); 609 } else { 610 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 611 ("Sending inline ccb %#x (%p)\n", 612 func_code, user_ccb)); 613 ccb = targgetccb(softc, func_code, priority); 614 descr = (struct targ_cmd_descr *) 615 ccb->ccb_h.targ_descr; 616 descr->user_ccb = user_ccb; 617 descr->priority = priority; 618 descr->func_code = func_code; 619 if (targusermerge(softc, descr, ccb) != EFAULT) 620 targsendccb(softc, ccb, descr); 621 targreturnccb(softc, ccb); 622 } 623 cam_periph_unlock(softc->periph); 624 break; 625 } 626 write_len += sizeof(user_ccb); 627 } 628 629 /* 630 * If we've successfully taken in some amount of 631 * data, return success for that data first. If 632 * an error is persistent, it will be reported 633 * on the next write. 634 */ 635 if (error != 0 && write_len == 0) 636 return (error); 637 if (write_len == 0 && uio->uio_resid != 0) 638 return (ENOSPC); 639 return (0); 640 } 641 642 /* Process requests (descrs) via the periph-supplied CCBs */ 643 static void 644 targstart(struct cam_periph *periph, union ccb *start_ccb) 645 { 646 struct targ_softc *softc; 647 struct targ_cmd_descr *descr, *next_descr; 648 int error; 649 650 softc = (struct targ_softc *)periph->softc; 651 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targstart %p\n", start_ccb)); 652 653 crit_enter(); 654 descr = TAILQ_FIRST(&softc->work_queue); 655 if (descr == NULL) { 656 crit_exit(); 657 xpt_release_ccb(start_ccb); 658 } else { 659 TAILQ_REMOVE(&softc->work_queue, descr, tqe); 660 next_descr = TAILQ_FIRST(&softc->work_queue); 661 crit_exit(); 662 663 /* Initiate a transaction using the descr and supplied CCB */ 664 error = targusermerge(softc, descr, start_ccb); 665 if (error == 0) 666 error = targsendccb(softc, start_ccb, descr); 667 if (error != 0) { 668 xpt_print(periph->path, 669 "targsendccb failed, err %d\n", error); 670 xpt_release_ccb(start_ccb); 671 suword32(&descr->user_ccb->ccb_h.status, 672 CAM_REQ_CMP_ERR); 673 crit_enter(); 674 TAILQ_INSERT_TAIL(&softc->abort_queue, descr, tqe); 675 crit_exit(); 676 notify_user(softc); 677 } 678 679 /* If we have more work to do, stay scheduled */ 680 if (next_descr != NULL) 681 xpt_schedule(periph, next_descr->priority); 682 } 683 } 684 685 static int 686 targusermerge(struct targ_softc *softc, struct targ_cmd_descr *descr, 687 union ccb *ccb) 688 { 689 struct ccb_hdr *u_ccbh, *k_ccbh; 690 size_t ccb_len; 691 int error; 692 693 u_ccbh = &descr->user_ccb->ccb_h; 694 k_ccbh = &ccb->ccb_h; 695 696 /* 697 * There are some fields in the CCB header that need to be 698 * preserved, the rest we get from the user ccb. (See xpt_merge_ccb) 699 */ 700 xpt_setup_ccb(k_ccbh, softc->path, descr->priority); 701 k_ccbh->retry_count = fuword32(&u_ccbh->retry_count); 702 k_ccbh->func_code = descr->func_code; 703 k_ccbh->flags = fuword32(&u_ccbh->flags); 704 k_ccbh->timeout = fuword32(&u_ccbh->timeout); 705 ccb_len = targccblen(k_ccbh->func_code) - sizeof(struct ccb_hdr); 706 error = copyin(u_ccbh + 1, k_ccbh + 1, ccb_len); 707 if (error != 0) { 708 k_ccbh->status = CAM_REQ_CMP_ERR; 709 return (error); 710 } 711 712 /* Translate usermode abort_ccb pointer to its kernel counterpart */ 713 if (k_ccbh->func_code == XPT_ABORT) { 714 struct ccb_abort *cab; 715 struct ccb_hdr *ccb_h; 716 717 cab = (struct ccb_abort *)ccb; 718 crit_enter(); 719 TAILQ_FOREACH(ccb_h, &softc->pending_ccb_queue, 720 periph_links.tqe) { 721 struct targ_cmd_descr *ab_descr; 722 723 ab_descr = (struct targ_cmd_descr *)ccb_h->targ_descr; 724 if (ab_descr->user_ccb == cab->abort_ccb) { 725 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 726 ("Changing abort for %p to %p\n", 727 cab->abort_ccb, ccb_h)); 728 cab->abort_ccb = (union ccb *)ccb_h; 729 break; 730 } 731 } 732 crit_exit(); 733 /* CCB not found, set appropriate status */ 734 if (ccb_h == NULL) { 735 k_ccbh->status = CAM_PATH_INVALID; 736 error = ESRCH; 737 } 738 } 739 740 return (error); 741 } 742 743 /* Build and send a kernel CCB formed from descr->user_ccb */ 744 static int 745 targsendccb(struct targ_softc *softc, union ccb *ccb, 746 struct targ_cmd_descr *descr) 747 { 748 struct cam_periph_map_info *mapinfo; 749 struct ccb_hdr *ccb_h; 750 int error; 751 752 ccb_h = &ccb->ccb_h; 753 mapinfo = &descr->mapinfo; 754 mapinfo->num_bufs_used = 0; 755 756 /* 757 * There's no way for the user to have a completion 758 * function, so we put our own completion function in here. 759 * We also stash in a reference to our descriptor so targreturnccb() 760 * can find our mapping info. 761 */ 762 ccb_h->cbfcnp = targdone; 763 ccb_h->targ_descr = descr; 764 765 /* 766 * We only attempt to map the user memory into kernel space 767 * if they haven't passed in a physical memory pointer, 768 * and if there is actually an I/O operation to perform. 769 * Right now cam_periph_mapmem() only supports SCSI and device 770 * match CCBs. For the SCSI CCBs, we only pass the CCB in if 771 * there's actually data to map. cam_periph_mapmem() will do the 772 * right thing, even if there isn't data to map, but since CCBs 773 * without data are a reasonably common occurance (e.g. test unit 774 * ready), it will save a few cycles if we check for it here. 775 */ 776 if (((ccb_h->flags & CAM_DATA_PHYS) == 0) 777 && (((ccb_h->func_code == XPT_CONT_TARGET_IO) 778 && ((ccb_h->flags & CAM_DIR_MASK) != CAM_DIR_NONE)) 779 || (ccb_h->func_code == XPT_DEV_MATCH))) { 780 781 error = cam_periph_mapmem(ccb, mapinfo); 782 783 /* 784 * cam_periph_mapmem returned an error, we can't continue. 785 * Return the error to the user. 786 */ 787 if (error) { 788 ccb_h->status = CAM_REQ_CMP_ERR; 789 mapinfo->num_bufs_used = 0; 790 return (error); 791 } 792 } 793 794 /* 795 * Once queued on the pending CCB list, this CCB will be protected 796 * by our error recovery handler. 797 */ 798 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("sendccb %p\n", ccb)); 799 if (XPT_FC_IS_QUEUED(ccb)) { 800 crit_enter(); 801 TAILQ_INSERT_TAIL(&softc->pending_ccb_queue, ccb_h, 802 periph_links.tqe); 803 crit_exit(); 804 } 805 xpt_action(ccb); 806 807 return (0); 808 } 809 810 /* Completion routine for CCBs (called in a critical section) */ 811 static void 812 targdone(struct cam_periph *periph, union ccb *done_ccb) 813 { 814 struct targ_softc *softc; 815 816 CAM_DEBUG(periph->path, CAM_DEBUG_PERIPH, ("targdone %p\n", done_ccb)); 817 softc = (struct targ_softc *)periph->softc; 818 TAILQ_REMOVE(&softc->pending_ccb_queue, &done_ccb->ccb_h, 819 periph_links.tqe); 820 821 /* If we're no longer enabled, throw away CCB */ 822 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) { 823 targfreeccb(softc, done_ccb); 824 return; 825 } 826 /* abort_all_pending() waits for pending queue to be empty */ 827 if (TAILQ_EMPTY(&softc->pending_ccb_queue)) 828 wakeup(&softc->pending_ccb_queue); 829 830 switch (done_ccb->ccb_h.func_code) { 831 /* All FC_*_QUEUED CCBs go back to userland */ 832 case XPT_IMMED_NOTIFY: 833 case XPT_ACCEPT_TARGET_IO: 834 case XPT_CONT_TARGET_IO: 835 TAILQ_INSERT_TAIL(&softc->user_ccb_queue, &done_ccb->ccb_h, 836 periph_links.tqe); 837 notify_user(softc); 838 break; 839 default: 840 panic("targdone: impossible xpt opcode %#x", 841 done_ccb->ccb_h.func_code); 842 /* NOTREACHED */ 843 } 844 } 845 846 /* Return CCBs to the user from the user queue and abort queue */ 847 static int 848 targread(struct dev_read_args *ap) 849 { 850 struct uio *uio = ap->a_uio; 851 struct descr_queue *abort_queue; 852 struct targ_cmd_descr *user_descr; 853 struct targ_softc *softc; 854 struct ccb_queue *user_queue; 855 struct ccb_hdr *ccb_h; 856 union ccb *user_ccb; 857 int read_len, error; 858 859 error = 0; 860 read_len = 0; 861 softc = (struct targ_softc *)ap->a_head.a_dev->si_drv1; 862 user_queue = &softc->user_ccb_queue; 863 abort_queue = &softc->abort_queue; 864 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targread\n")); 865 866 /* If no data is available, wait or return immediately */ 867 cam_periph_lock(softc->periph); 868 ccb_h = TAILQ_FIRST(user_queue); 869 user_descr = TAILQ_FIRST(abort_queue); 870 while (ccb_h == NULL && user_descr == NULL) { 871 if ((ap->a_ioflag & IO_NDELAY) == 0) { 872 error = sim_lock_sleep(user_queue, PCATCH, "targrd", 0, 873 softc->periph->sim->lock); 874 ccb_h = TAILQ_FIRST(user_queue); 875 user_descr = TAILQ_FIRST(abort_queue); 876 if (error != 0) { 877 if (error == ERESTART) { 878 continue; 879 } else { 880 goto read_fail; 881 } 882 } 883 } else { 884 cam_periph_unlock(softc->periph); 885 return (EAGAIN); 886 } 887 } 888 889 /* Data is available so fill the user's buffer */ 890 while (ccb_h != NULL) { 891 struct targ_cmd_descr *descr; 892 893 if (uio->uio_resid < sizeof(user_ccb)) 894 break; 895 TAILQ_REMOVE(user_queue, ccb_h, periph_links.tqe); 896 descr = (struct targ_cmd_descr *)ccb_h->targ_descr; 897 user_ccb = descr->user_ccb; 898 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 899 ("targread ccb %p (%p)\n", ccb_h, user_ccb)); 900 error = targreturnccb(softc, (union ccb *)ccb_h); 901 if (error != 0) 902 goto read_fail; 903 cam_periph_unlock(softc->periph); 904 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 905 cam_periph_lock(softc->periph); 906 if (error != 0) 907 goto read_fail; 908 read_len += sizeof(user_ccb); 909 910 ccb_h = TAILQ_FIRST(user_queue); 911 } 912 913 /* Flush out any aborted descriptors */ 914 while (user_descr != NULL) { 915 if (uio->uio_resid < sizeof(user_ccb)) 916 break; 917 TAILQ_REMOVE(abort_queue, user_descr, tqe); 918 user_ccb = user_descr->user_ccb; 919 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 920 ("targread aborted descr %p (%p)\n", 921 user_descr, user_ccb)); 922 suword32(&user_ccb->ccb_h.status, CAM_REQ_ABORTED); 923 cam_periph_unlock(softc->periph); 924 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 925 cam_periph_lock(softc->periph); 926 if (error != 0) 927 goto read_fail; 928 read_len += sizeof(user_ccb); 929 930 user_descr = TAILQ_FIRST(abort_queue); 931 } 932 933 /* 934 * If we've successfully read some amount of data, don't report an 935 * error. If the error is persistent, it will be reported on the 936 * next read(). 937 */ 938 if (read_len == 0 && uio->uio_resid != 0) 939 error = ENOSPC; 940 941 read_fail: 942 cam_periph_unlock(softc->periph); 943 return (error); 944 } 945 946 /* Copy completed ccb back to the user */ 947 static int 948 targreturnccb(struct targ_softc *softc, union ccb *ccb) 949 { 950 struct targ_cmd_descr *descr; 951 struct ccb_hdr *u_ccbh; 952 size_t ccb_len; 953 int error; 954 955 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targreturnccb %p\n", ccb)); 956 descr = (struct targ_cmd_descr *)ccb->ccb_h.targ_descr; 957 u_ccbh = &descr->user_ccb->ccb_h; 958 959 /* Copy out the central portion of the ccb_hdr */ 960 copyout(&ccb->ccb_h.retry_count, &u_ccbh->retry_count, 961 offsetof(struct ccb_hdr, periph_priv) - 962 offsetof(struct ccb_hdr, retry_count)); 963 964 /* Copy out the rest of the ccb (after the ccb_hdr) */ 965 ccb_len = targccblen(ccb->ccb_h.func_code) - sizeof(struct ccb_hdr); 966 if (descr->mapinfo.num_bufs_used != 0) 967 cam_periph_unmapmem(ccb, &descr->mapinfo); 968 error = copyout(&ccb->ccb_h + 1, u_ccbh + 1, ccb_len); 969 if (error != 0) { 970 xpt_print(softc->path, 971 "targreturnccb - CCB copyout failed (%d)\n", error); 972 } 973 /* Free CCB or send back to devq. */ 974 targfreeccb(softc, ccb); 975 976 return (error); 977 } 978 979 static union ccb * 980 targgetccb(struct targ_softc *softc, xpt_opcode type, int priority) 981 { 982 union ccb *ccb; 983 984 #if 0 985 int ccb_len; 986 ccb_len = targccblen(type); 987 ccb = kmalloc(ccb_len, M_TARG, M_INTWAIT); 988 #endif 989 ccb = xpt_alloc_ccb(); 990 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("getccb %p\n", ccb)); 991 992 xpt_setup_ccb(&ccb->ccb_h, softc->path, priority); 993 ccb->ccb_h.func_code = type; 994 ccb->ccb_h.cbfcnp = targdone; 995 ccb->ccb_h.targ_descr = targgetdescr(softc); 996 997 return (ccb); 998 } 999 1000 static void 1001 targfreeccb(struct targ_softc *softc, union ccb *ccb) 1002 { 1003 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, ("targfreeccb descr %p and\n", 1004 ccb->ccb_h.targ_descr)); 1005 kfree(ccb->ccb_h.targ_descr, M_TARG); 1006 ccb->ccb_h.targ_descr = NULL; /* safety */ 1007 1008 switch (ccb->ccb_h.func_code) { 1009 case XPT_ACCEPT_TARGET_IO: 1010 case XPT_IMMED_NOTIFY: 1011 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, ("freeing ccb %p\n", ccb)); 1012 xpt_free_ccb(&ccb->ccb_h); 1013 break; 1014 default: 1015 /* Send back CCB if we got it from the periph */ 1016 if (XPT_FC_IS_QUEUED(ccb)) { 1017 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, 1018 ("returning queued ccb %p\n", ccb)); 1019 xpt_release_ccb(ccb); 1020 } else { 1021 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, 1022 ("freeing ccb %p\n", ccb)); 1023 xpt_free_ccb(&ccb->ccb_h); 1024 } 1025 break; 1026 } 1027 } 1028 1029 static struct targ_cmd_descr * 1030 targgetdescr(struct targ_softc *softc) 1031 { 1032 struct targ_cmd_descr *descr; 1033 1034 descr = kmalloc(sizeof(*descr), M_TARG, M_INTWAIT); 1035 descr->mapinfo.num_bufs_used = 0; 1036 return (descr); 1037 } 1038 1039 static int 1040 targclone(struct dev_clone_args *ap) 1041 { 1042 int unit; 1043 1044 unit = devfs_clone_bitmap_get(&DEVFS_CLONE_BITMAP(targ), 0); 1045 ap->a_dev = make_only_dev(&targ_ops, unit, UID_ROOT, GID_WHEEL, 1046 0600, "targ%d", unit); 1047 return 0; 1048 } 1049 1050 static void 1051 targinit(void) 1052 { 1053 make_autoclone_dev(&targ_ops, &DEVFS_CLONE_BITMAP(targ), 1054 targclone, UID_ROOT, GID_WHEEL, 0600, "targ"); 1055 /* XXX: need uninit or so? */ 1056 } 1057 1058 static void 1059 targasync(void *callback_arg, u_int32_t code, struct cam_path *path, void *arg) 1060 { 1061 /* All events are handled in usermode by INOTs */ 1062 panic("targasync() called, should be an INOT instead"); 1063 } 1064 1065 /* Cancel all pending requests and CCBs awaiting work. */ 1066 static void 1067 abort_all_pending(struct targ_softc *softc) 1068 { 1069 struct targ_cmd_descr *descr; 1070 struct ccb_abort *cab; 1071 struct ccb_hdr *ccb_h; 1072 struct cam_sim *sim; 1073 1074 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("abort_all_pending\n")); 1075 1076 /* First abort the descriptors awaiting resources */ 1077 while ((descr = TAILQ_FIRST(&softc->work_queue)) != NULL) { 1078 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 1079 ("Aborting descr from workq %p\n", descr)); 1080 TAILQ_REMOVE(&softc->work_queue, descr, tqe); 1081 TAILQ_INSERT_TAIL(&softc->abort_queue, descr, tqe); 1082 } 1083 1084 /* 1085 * Then abort all pending CCBs. 1086 * targdone() will return the aborted CCB via user_ccb_queue 1087 */ 1088 cab = &xpt_alloc_ccb()->cab; 1089 xpt_setup_ccb(&cab->ccb_h, softc->path, /*priority*/0); 1090 cab->ccb_h.func_code = XPT_ABORT; 1091 cab->ccb_h.status = CAM_REQ_CMP_ERR; 1092 TAILQ_FOREACH(ccb_h, &softc->pending_ccb_queue, periph_links.tqe) { 1093 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 1094 ("Aborting pending CCB %p\n", ccb_h)); 1095 cab->abort_ccb = (union ccb *)ccb_h; 1096 xpt_action((union ccb *)cab); 1097 if (cab->ccb_h.status != CAM_REQ_CMP) { 1098 xpt_print(cab->ccb_h.path, 1099 "Unable to abort CCB, status %#x\n", 1100 cab->ccb_h.status); 1101 } 1102 } 1103 1104 /* If we aborted at least one pending CCB ok, wait for it. */ 1105 if (cab->ccb_h.status == CAM_REQ_CMP) { 1106 sim = xpt_path_sim(softc->path); 1107 sim_lock_sleep(&softc->pending_ccb_queue, PCATCH, "tgabrt", 0, 1108 sim->lock); 1109 } 1110 1111 /* If we aborted anything from the work queue, wakeup user. */ 1112 if (!TAILQ_EMPTY(&softc->user_ccb_queue) || 1113 !TAILQ_EMPTY(&softc->abort_queue)) { 1114 notify_user(softc); 1115 } 1116 1117 xpt_free_ccb(&cab->ccb_h); 1118 } 1119 1120 /* Notify the user that data is ready */ 1121 static void 1122 notify_user(struct targ_softc *softc) 1123 { 1124 /* 1125 * Notify users sleeping via poll(), kqueue(), and 1126 * blocking read(). 1127 */ 1128 KNOTE(&softc->read_kq.ki_note, 0); 1129 wakeup(&softc->user_ccb_queue); 1130 } 1131 1132 /* Convert CAM status to errno values */ 1133 static int 1134 targcamstatus(cam_status status) 1135 { 1136 switch (status & CAM_STATUS_MASK) { 1137 case CAM_REQ_CMP: /* CCB request completed without error */ 1138 return (0); 1139 case CAM_REQ_INPROG: /* CCB request is in progress */ 1140 return (EINPROGRESS); 1141 case CAM_REQ_CMP_ERR: /* CCB request completed with an error */ 1142 return (EIO); 1143 case CAM_PROVIDE_FAIL: /* Unable to provide requested capability */ 1144 return (ENOTTY); 1145 case CAM_FUNC_NOTAVAIL: /* The requested function is not available */ 1146 return (ENOTSUP); 1147 case CAM_LUN_ALRDY_ENA: /* LUN is already enabled for target mode */ 1148 return (EADDRINUSE); 1149 case CAM_PATH_INVALID: /* Supplied Path ID is invalid */ 1150 case CAM_DEV_NOT_THERE: /* SCSI Device Not Installed/there */ 1151 return (ENOENT); 1152 case CAM_REQ_ABORTED: /* CCB request aborted by the host */ 1153 return (ECANCELED); 1154 case CAM_CMD_TIMEOUT: /* Command timeout */ 1155 return (ETIMEDOUT); 1156 case CAM_REQUEUE_REQ: /* Requeue to preserve transaction ordering */ 1157 return (EAGAIN); 1158 case CAM_REQ_INVALID: /* CCB request was invalid */ 1159 return (EINVAL); 1160 case CAM_RESRC_UNAVAIL: /* Resource Unavailable */ 1161 return (ENOMEM); 1162 case CAM_BUSY: /* CAM subsytem is busy */ 1163 case CAM_UA_ABORT: /* Unable to abort CCB request */ 1164 return (EBUSY); 1165 default: 1166 return (ENXIO); 1167 } 1168 } 1169 1170 static size_t 1171 targccblen(xpt_opcode func_code) 1172 { 1173 int len; 1174 1175 /* Codes we expect to see as a target */ 1176 switch (func_code) { 1177 case XPT_CONT_TARGET_IO: 1178 case XPT_SCSI_IO: 1179 len = sizeof(struct ccb_scsiio); 1180 break; 1181 case XPT_ACCEPT_TARGET_IO: 1182 len = sizeof(struct ccb_accept_tio); 1183 break; 1184 case XPT_IMMED_NOTIFY: 1185 len = sizeof(struct ccb_immed_notify); 1186 break; 1187 case XPT_REL_SIMQ: 1188 len = sizeof(struct ccb_relsim); 1189 break; 1190 case XPT_PATH_INQ: 1191 len = sizeof(struct ccb_pathinq); 1192 break; 1193 case XPT_DEBUG: 1194 len = sizeof(struct ccb_debug); 1195 break; 1196 case XPT_ABORT: 1197 len = sizeof(struct ccb_abort); 1198 break; 1199 case XPT_EN_LUN: 1200 len = sizeof(struct ccb_en_lun); 1201 break; 1202 default: 1203 len = sizeof(union ccb); 1204 break; 1205 } 1206 1207 return (len); 1208 } 1209