1 /* 2 * Generic SCSI Target Kernel Mode Driver 3 * 4 * Copyright (c) 2002 Nate Lawson. 5 * Copyright (c) 1998, 1999, 2001, 2002 Justin T. Gibbs. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions, and the following disclaimer, 13 * without modification, immediately at the beginning of the file. 14 * 2. The name of the author may not be used to endorse or promote products 15 * derived from this software without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR 21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $FreeBSD: src/sys/cam/scsi/scsi_target.c,v 1.22.2.7 2003/02/18 22:07:10 njl Exp $ 30 * $DragonFly: src/sys/bus/cam/scsi/scsi_target.c,v 1.9 2004/05/19 22:52:38 dillon Exp $ 31 */ 32 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/kernel.h> 36 #include <sys/conf.h> 37 #include <sys/malloc.h> 38 #include <sys/poll.h> 39 #include <sys/vnode.h> 40 #include <sys/devicestat.h> 41 42 #include "../cam.h" 43 #include "../cam_ccb.h" 44 #include "../cam_periph.h" 45 #include "../cam_xpt_periph.h" 46 #include "scsi_targetio.h" 47 48 /* Transaction information attached to each CCB sent by the user */ 49 struct targ_cmd_descr { 50 struct cam_periph_map_info mapinfo; 51 TAILQ_ENTRY(targ_cmd_descr) tqe; 52 union ccb *user_ccb; 53 int priority; 54 int func_code; 55 }; 56 57 /* Offset into the private CCB area for storing our descriptor */ 58 #define targ_descr periph_priv.entries[1].ptr 59 60 TAILQ_HEAD(descr_queue, targ_cmd_descr); 61 62 typedef enum { 63 TARG_STATE_RESV = 0x00, /* Invalid state */ 64 TARG_STATE_OPENED = 0x01, /* Device opened, softc initialized */ 65 TARG_STATE_LUN_ENABLED = 0x02 /* Device enabled for a path */ 66 } targ_state; 67 68 /* Per-instance device software context */ 69 struct targ_softc { 70 /* CCBs (CTIOs, ATIOs, INOTs) pending on the controller */ 71 struct ccb_queue pending_ccb_queue; 72 73 /* Command descriptors awaiting CTIO resources from the XPT */ 74 struct descr_queue work_queue; 75 76 /* Command descriptors that have been aborted back to the user. */ 77 struct descr_queue abort_queue; 78 79 /* 80 * Queue of CCBs that have been copied out to userland, but our 81 * userland daemon has not yet seen. 82 */ 83 struct ccb_queue user_ccb_queue; 84 85 struct cam_periph *periph; 86 struct cam_path *path; 87 targ_state state; 88 struct selinfo read_select; 89 struct devstat device_stats; 90 }; 91 92 static d_open_t targopen; 93 static d_close_t targclose; 94 static d_read_t targread; 95 static d_write_t targwrite; 96 static d_ioctl_t targioctl; 97 static d_poll_t targpoll; 98 static d_kqfilter_t targkqfilter; 99 static void targreadfiltdetach(struct knote *kn); 100 static int targreadfilt(struct knote *kn, long hint); 101 static struct filterops targread_filtops = 102 { 1, NULL, targreadfiltdetach, targreadfilt }; 103 104 #define TARG_CDEV_MAJOR 65 105 static struct cdevsw targ_cdevsw = { 106 /* name */ "targ", 107 /* maj */ TARG_CDEV_MAJOR, 108 /* flags */ D_KQFILTER, 109 /* port */ NULL, 110 /* clone */ NULL, 111 112 /* open */ targopen, 113 /* close */ targclose, 114 /* read */ targread, 115 /* write */ targwrite, 116 /* ioctl */ targioctl, 117 /* poll */ targpoll, 118 /* mmap */ nommap, 119 /* strategy */ nostrategy, 120 /* dump */ nodump, 121 /* psize */ nopsize, 122 /* kqfilter */ targkqfilter 123 }; 124 125 static cam_status targendislun(struct cam_path *path, int enable, 126 int grp6_len, int grp7_len); 127 static cam_status targenable(struct targ_softc *softc, 128 struct cam_path *path, 129 int grp6_len, int grp7_len); 130 static cam_status targdisable(struct targ_softc *softc); 131 static periph_ctor_t targctor; 132 static periph_dtor_t targdtor; 133 static periph_start_t targstart; 134 static int targusermerge(struct targ_softc *softc, 135 struct targ_cmd_descr *descr, 136 union ccb *ccb); 137 static int targsendccb(struct targ_softc *softc, union ccb *ccb, 138 struct targ_cmd_descr *descr); 139 static void targdone(struct cam_periph *periph, 140 union ccb *done_ccb); 141 static int targreturnccb(struct targ_softc *softc, 142 union ccb *ccb); 143 static union ccb * targgetccb(struct targ_softc *softc, xpt_opcode type, 144 int priority); 145 static void targfreeccb(struct targ_softc *softc, union ccb *ccb); 146 static struct targ_cmd_descr * 147 targgetdescr(struct targ_softc *softc); 148 static periph_init_t targinit; 149 static void targasync(void *callback_arg, u_int32_t code, 150 struct cam_path *path, void *arg); 151 static void abort_all_pending(struct targ_softc *softc); 152 static void notify_user(struct targ_softc *softc); 153 static int targcamstatus(cam_status status); 154 static size_t targccblen(xpt_opcode func_code); 155 156 static struct periph_driver targdriver = 157 { 158 targinit, "targ", 159 TAILQ_HEAD_INITIALIZER(targdriver.units), /* generation */ 0 160 }; 161 DATA_SET(periphdriver_set, targdriver); 162 163 static MALLOC_DEFINE(M_TARG, "TARG", "TARG data"); 164 165 /* Create softc and initialize it. Only one proc can open each targ device. */ 166 static int 167 targopen(dev_t dev, int flags, int fmt, struct proc *p) 168 { 169 struct targ_softc *softc; 170 171 if (dev->si_drv1 != 0) { 172 return (EBUSY); 173 } 174 175 /* Mark device busy before any potentially blocking operations */ 176 dev->si_drv1 = (void *)~0; 177 reference_dev(dev); /* save ref for later destroy_dev() */ 178 179 /* Create the targ device, allocate its softc, initialize it */ 180 make_dev(&targ_cdevsw, minor(dev), UID_ROOT, GID_WHEEL, 0600, 181 "targ%d", lminor(dev)); 182 MALLOC(softc, struct targ_softc *, sizeof(*softc), M_TARG, 183 M_INTWAIT | M_ZERO); 184 dev->si_drv1 = softc; 185 softc->state = TARG_STATE_OPENED; 186 softc->periph = NULL; 187 softc->path = NULL; 188 189 TAILQ_INIT(&softc->pending_ccb_queue); 190 TAILQ_INIT(&softc->work_queue); 191 TAILQ_INIT(&softc->abort_queue); 192 TAILQ_INIT(&softc->user_ccb_queue); 193 194 return (0); 195 } 196 197 /* Disable LUN if enabled and teardown softc */ 198 static int 199 targclose(dev_t dev, int flag, int fmt, struct proc *p) 200 { 201 struct targ_softc *softc; 202 int error; 203 204 softc = (struct targ_softc *)dev->si_drv1; 205 error = targdisable(softc); 206 if (error == CAM_REQ_CMP) { 207 dev->si_drv1 = 0; 208 if (softc->periph != NULL) { 209 cam_periph_invalidate(softc->periph); 210 softc->periph = NULL; 211 } 212 destroy_dev(dev); /* eats the open ref */ 213 FREE(softc, M_TARG); 214 } else { 215 release_dev(dev); 216 } 217 return (error); 218 } 219 220 /* Enable/disable LUNs, set debugging level */ 221 static int 222 targioctl(dev_t dev, u_long cmd, caddr_t addr, int flag, struct proc *p) 223 { 224 struct targ_softc *softc; 225 cam_status status; 226 227 softc = (struct targ_softc *)dev->si_drv1; 228 229 switch (cmd) { 230 case TARGIOCENABLE: 231 { 232 struct ioc_enable_lun *new_lun; 233 struct cam_path *path; 234 235 new_lun = (struct ioc_enable_lun *)addr; 236 status = xpt_create_path(&path, /*periph*/NULL, 237 new_lun->path_id, 238 new_lun->target_id, 239 new_lun->lun_id); 240 if (status != CAM_REQ_CMP) { 241 printf("Couldn't create path, status %#x\n", status); 242 break; 243 } 244 status = targenable(softc, path, new_lun->grp6_len, 245 new_lun->grp7_len); 246 xpt_free_path(path); 247 break; 248 } 249 case TARGIOCDISABLE: 250 status = targdisable(softc); 251 break; 252 case TARGIOCDEBUG: 253 { 254 #ifdef CAMDEBUG 255 struct ccb_debug cdbg; 256 257 bzero(&cdbg, sizeof cdbg); 258 if (*((int *)addr) != 0) 259 cdbg.flags = CAM_DEBUG_PERIPH; 260 else 261 cdbg.flags = CAM_DEBUG_NONE; 262 xpt_setup_ccb(&cdbg.ccb_h, softc->path, /*priority*/0); 263 cdbg.ccb_h.func_code = XPT_DEBUG; 264 cdbg.ccb_h.cbfcnp = targdone; 265 266 /* If no periph available, disallow debugging changes */ 267 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) { 268 status = CAM_DEV_NOT_THERE; 269 break; 270 } 271 xpt_action((union ccb *)&cdbg); 272 status = cdbg.ccb_h.status & CAM_STATUS_MASK; 273 #else 274 status = CAM_FUNC_NOTAVAIL; 275 #endif 276 break; 277 } 278 default: 279 status = CAM_PROVIDE_FAIL; 280 break; 281 } 282 283 return (targcamstatus(status)); 284 } 285 286 /* Writes are always ready, reads wait for user_ccb_queue or abort_queue */ 287 static int 288 targpoll(dev_t dev, int poll_events, struct proc *p) 289 { 290 struct targ_softc *softc; 291 int revents, s; 292 293 softc = (struct targ_softc *)dev->si_drv1; 294 295 /* Poll for write() is always ok. */ 296 revents = poll_events & (POLLOUT | POLLWRNORM); 297 if ((poll_events & (POLLIN | POLLRDNORM)) != 0) { 298 s = splsoftcam(); 299 /* Poll for read() depends on user and abort queues. */ 300 if (!TAILQ_EMPTY(&softc->user_ccb_queue) || 301 !TAILQ_EMPTY(&softc->abort_queue)) { 302 revents |= poll_events & (POLLIN | POLLRDNORM); 303 } 304 /* Only sleep if the user didn't poll for write. */ 305 if (revents == 0) 306 selrecord(p, &softc->read_select); 307 splx(s); 308 } 309 310 return (revents); 311 } 312 313 static int 314 targkqfilter(dev_t dev, struct knote *kn) 315 { 316 struct targ_softc *softc; 317 int s; 318 319 softc = (struct targ_softc *)dev->si_drv1; 320 kn->kn_hook = (caddr_t)softc; 321 kn->kn_fop = &targread_filtops; 322 s = splsoftcam(); 323 SLIST_INSERT_HEAD(&softc->read_select.si_note, kn, kn_selnext); 324 splx(s); 325 return (0); 326 } 327 328 static void 329 targreadfiltdetach(struct knote *kn) 330 { 331 struct targ_softc *softc; 332 int s; 333 334 softc = (struct targ_softc *)kn->kn_hook; 335 s = splsoftcam(); 336 SLIST_REMOVE(&softc->read_select.si_note, kn, knote, kn_selnext); 337 splx(s); 338 } 339 340 /* Notify the user's kqueue when the user queue or abort queue gets a CCB */ 341 static int 342 targreadfilt(struct knote *kn, long hint) 343 { 344 struct targ_softc *softc; 345 int retval, s; 346 347 softc = (struct targ_softc *)kn->kn_hook; 348 s = splsoftcam(); 349 retval = !TAILQ_EMPTY(&softc->user_ccb_queue) || 350 !TAILQ_EMPTY(&softc->abort_queue); 351 splx(s); 352 return (retval); 353 } 354 355 /* Send the HBA the enable/disable message */ 356 static cam_status 357 targendislun(struct cam_path *path, int enable, int grp6_len, int grp7_len) 358 { 359 struct ccb_en_lun en_ccb; 360 cam_status status; 361 362 /* Tell the lun to begin answering selects */ 363 xpt_setup_ccb(&en_ccb.ccb_h, path, /*priority*/1); 364 en_ccb.ccb_h.func_code = XPT_EN_LUN; 365 /* Don't need support for any vendor specific commands */ 366 en_ccb.grp6_len = grp6_len; 367 en_ccb.grp7_len = grp7_len; 368 en_ccb.enable = enable ? 1 : 0; 369 xpt_action((union ccb *)&en_ccb); 370 status = en_ccb.ccb_h.status & CAM_STATUS_MASK; 371 if (status != CAM_REQ_CMP) { 372 xpt_print_path(path); 373 printf("%sable lun CCB rejected, status %#x\n", 374 enable ? "en" : "dis", status); 375 } 376 return (status); 377 } 378 379 /* Enable target mode on a LUN, given its path */ 380 static cam_status 381 targenable(struct targ_softc *softc, struct cam_path *path, int grp6_len, 382 int grp7_len) 383 { 384 struct cam_periph *periph; 385 struct ccb_pathinq cpi; 386 cam_status status; 387 388 if ((softc->state & TARG_STATE_LUN_ENABLED) != 0) 389 return (CAM_LUN_ALRDY_ENA); 390 391 /* Make sure SIM supports target mode */ 392 xpt_setup_ccb(&cpi.ccb_h, path, /*priority*/1); 393 cpi.ccb_h.func_code = XPT_PATH_INQ; 394 xpt_action((union ccb *)&cpi); 395 status = cpi.ccb_h.status & CAM_STATUS_MASK; 396 if (status != CAM_REQ_CMP) { 397 printf("pathinq failed, status %#x\n", status); 398 goto enable_fail; 399 } 400 if ((cpi.target_sprt & PIT_PROCESSOR) == 0) { 401 printf("controller does not support target mode\n"); 402 status = CAM_FUNC_NOTAVAIL; 403 goto enable_fail; 404 } 405 406 /* Destroy any periph on our path if it is disabled */ 407 periph = cam_periph_find(path, "targ"); 408 if (periph != NULL) { 409 struct targ_softc *del_softc; 410 411 del_softc = (struct targ_softc *)periph->softc; 412 if ((del_softc->state & TARG_STATE_LUN_ENABLED) == 0) { 413 cam_periph_invalidate(del_softc->periph); 414 del_softc->periph = NULL; 415 } else { 416 printf("Requested path still in use by targ%d\n", 417 periph->unit_number); 418 status = CAM_LUN_ALRDY_ENA; 419 goto enable_fail; 420 } 421 } 422 423 /* Create a periph instance attached to this path */ 424 status = cam_periph_alloc(targctor, NULL, targdtor, targstart, 425 "targ", CAM_PERIPH_BIO, path, targasync, 0, softc); 426 if (status != CAM_REQ_CMP) { 427 printf("cam_periph_alloc failed, status %#x\n", status); 428 goto enable_fail; 429 } 430 431 /* Ensure that the periph now exists. */ 432 if (cam_periph_find(path, "targ") == NULL) { 433 panic("targenable: succeeded but no periph?"); 434 /* NOTREACHED */ 435 } 436 437 /* Send the enable lun message */ 438 status = targendislun(path, /*enable*/1, grp6_len, grp7_len); 439 if (status != CAM_REQ_CMP) { 440 printf("enable lun failed, status %#x\n", status); 441 goto enable_fail; 442 } 443 softc->state |= TARG_STATE_LUN_ENABLED; 444 445 enable_fail: 446 return (status); 447 } 448 449 /* Disable this softc's target instance if enabled */ 450 static cam_status 451 targdisable(struct targ_softc *softc) 452 { 453 cam_status status; 454 int s; 455 456 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) 457 return (CAM_REQ_CMP); 458 459 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targdisable\n")); 460 461 /* Abort any ccbs pending on the controller */ 462 s = splcam(); 463 abort_all_pending(softc); 464 splx(s); 465 466 /* Disable this lun */ 467 status = targendislun(softc->path, /*enable*/0, 468 /*grp6_len*/0, /*grp7_len*/0); 469 if (status == CAM_REQ_CMP) 470 softc->state &= ~TARG_STATE_LUN_ENABLED; 471 else 472 printf("Disable lun failed, status %#x\n", status); 473 474 return (status); 475 } 476 477 /* Initialize a periph (called from cam_periph_alloc) */ 478 static cam_status 479 targctor(struct cam_periph *periph, void *arg) 480 { 481 struct targ_softc *softc; 482 483 /* Store pointer to softc for periph-driven routines */ 484 softc = (struct targ_softc *)arg; 485 periph->softc = softc; 486 softc->periph = periph; 487 softc->path = periph->path; 488 return (CAM_REQ_CMP); 489 } 490 491 static void 492 targdtor(struct cam_periph *periph) 493 { 494 struct targ_softc *softc; 495 struct ccb_hdr *ccb_h; 496 struct targ_cmd_descr *descr; 497 498 softc = (struct targ_softc *)periph->softc; 499 500 /* 501 * targdisable() aborts CCBs back to the user and leaves them 502 * on user_ccb_queue and abort_queue in case the user is still 503 * interested in them. We free them now. 504 */ 505 while ((ccb_h = TAILQ_FIRST(&softc->user_ccb_queue)) != NULL) { 506 TAILQ_REMOVE(&softc->user_ccb_queue, ccb_h, periph_links.tqe); 507 targfreeccb(softc, (union ccb *)ccb_h); 508 } 509 while ((descr = TAILQ_FIRST(&softc->abort_queue)) != NULL) { 510 TAILQ_REMOVE(&softc->abort_queue, descr, tqe); 511 FREE(descr, M_TARG); 512 } 513 514 softc->periph = NULL; 515 softc->path = NULL; 516 periph->softc = NULL; 517 } 518 519 /* Receive CCBs from user mode proc and send them to the HBA */ 520 static int 521 targwrite(dev_t dev, struct uio *uio, int ioflag) 522 { 523 union ccb *user_ccb; 524 struct targ_softc *softc; 525 struct targ_cmd_descr *descr; 526 int write_len, error, s; 527 int func_code, priority; 528 529 softc = (struct targ_softc *)dev->si_drv1; 530 write_len = error = 0; 531 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 532 ("write - uio_resid %d\n", uio->uio_resid)); 533 while (uio->uio_resid >= sizeof(user_ccb) && error == 0) { 534 union ccb *ccb; 535 int error; 536 537 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 538 if (error != 0) { 539 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 540 ("write - uiomove failed (%d)\n", error)); 541 break; 542 } 543 priority = fuword(&user_ccb->ccb_h.pinfo.priority); 544 if (priority == -1) { 545 error = EINVAL; 546 break; 547 } 548 func_code = fuword(&user_ccb->ccb_h.func_code); 549 switch (func_code) { 550 case XPT_ACCEPT_TARGET_IO: 551 case XPT_IMMED_NOTIFY: 552 ccb = targgetccb(softc, func_code, priority); 553 descr = (struct targ_cmd_descr *)ccb->ccb_h.targ_descr; 554 descr->user_ccb = user_ccb; 555 descr->func_code = func_code; 556 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 557 ("Sent ATIO/INOT (%p)\n", user_ccb)); 558 xpt_action(ccb); 559 s = splsoftcam(); 560 TAILQ_INSERT_TAIL(&softc->pending_ccb_queue, 561 &ccb->ccb_h, 562 periph_links.tqe); 563 splx(s); 564 break; 565 default: 566 if ((func_code & XPT_FC_QUEUED) != 0) { 567 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 568 ("Sending queued ccb %#x (%p)\n", 569 func_code, user_ccb)); 570 descr = targgetdescr(softc); 571 descr->user_ccb = user_ccb; 572 descr->priority = priority; 573 descr->func_code = func_code; 574 s = splsoftcam(); 575 TAILQ_INSERT_TAIL(&softc->work_queue, 576 descr, tqe); 577 splx(s); 578 xpt_schedule(softc->periph, priority); 579 } else { 580 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 581 ("Sending inline ccb %#x (%p)\n", 582 func_code, user_ccb)); 583 ccb = targgetccb(softc, func_code, priority); 584 descr = (struct targ_cmd_descr *) 585 ccb->ccb_h.targ_descr; 586 descr->user_ccb = user_ccb; 587 descr->priority = priority; 588 descr->func_code = func_code; 589 if (targusermerge(softc, descr, ccb) != EFAULT) 590 targsendccb(softc, ccb, descr); 591 targreturnccb(softc, ccb); 592 } 593 break; 594 } 595 write_len += sizeof(user_ccb); 596 } 597 598 /* 599 * If we've successfully taken in some amount of 600 * data, return success for that data first. If 601 * an error is persistent, it will be reported 602 * on the next write. 603 */ 604 if (error != 0 && write_len == 0) 605 return (error); 606 if (write_len == 0 && uio->uio_resid != 0) 607 return (ENOSPC); 608 return (0); 609 } 610 611 /* Process requests (descrs) via the periph-supplied CCBs */ 612 static void 613 targstart(struct cam_periph *periph, union ccb *start_ccb) 614 { 615 struct targ_softc *softc; 616 struct targ_cmd_descr *descr, *next_descr; 617 int s, error; 618 619 softc = (struct targ_softc *)periph->softc; 620 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targstart %p\n", start_ccb)); 621 622 s = splsoftcam(); 623 descr = TAILQ_FIRST(&softc->work_queue); 624 if (descr == NULL) { 625 splx(s); 626 xpt_release_ccb(start_ccb); 627 } else { 628 TAILQ_REMOVE(&softc->work_queue, descr, tqe); 629 next_descr = TAILQ_FIRST(&softc->work_queue); 630 splx(s); 631 632 /* Initiate a transaction using the descr and supplied CCB */ 633 error = targusermerge(softc, descr, start_ccb); 634 if (error == 0) 635 error = targsendccb(softc, start_ccb, descr); 636 if (error != 0) { 637 xpt_print_path(periph->path); 638 printf("targsendccb failed, err %d\n", error); 639 xpt_release_ccb(start_ccb); 640 suword(&descr->user_ccb->ccb_h.status, 641 CAM_REQ_CMP_ERR); 642 s = splsoftcam(); 643 TAILQ_INSERT_TAIL(&softc->abort_queue, descr, tqe); 644 splx(s); 645 notify_user(softc); 646 } 647 648 /* If we have more work to do, stay scheduled */ 649 if (next_descr != NULL) 650 xpt_schedule(periph, next_descr->priority); 651 } 652 } 653 654 static int 655 targusermerge(struct targ_softc *softc, struct targ_cmd_descr *descr, 656 union ccb *ccb) 657 { 658 struct ccb_hdr *u_ccbh, *k_ccbh; 659 size_t ccb_len; 660 int error; 661 662 u_ccbh = &descr->user_ccb->ccb_h; 663 k_ccbh = &ccb->ccb_h; 664 665 /* 666 * There are some fields in the CCB header that need to be 667 * preserved, the rest we get from the user ccb. (See xpt_merge_ccb) 668 */ 669 xpt_setup_ccb(k_ccbh, softc->path, descr->priority); 670 k_ccbh->retry_count = fuword(&u_ccbh->retry_count); 671 k_ccbh->func_code = descr->func_code; 672 k_ccbh->flags = fuword(&u_ccbh->flags); 673 k_ccbh->timeout = fuword(&u_ccbh->timeout); 674 ccb_len = targccblen(k_ccbh->func_code) - sizeof(struct ccb_hdr); 675 error = copyin(u_ccbh + 1, k_ccbh + 1, ccb_len); 676 if (error != 0) { 677 k_ccbh->status = CAM_REQ_CMP_ERR; 678 return (error); 679 } 680 681 /* Translate usermode abort_ccb pointer to its kernel counterpart */ 682 if (k_ccbh->func_code == XPT_ABORT) { 683 struct ccb_abort *cab; 684 struct ccb_hdr *ccb_h; 685 int s; 686 687 cab = (struct ccb_abort *)ccb; 688 s = splsoftcam(); 689 TAILQ_FOREACH(ccb_h, &softc->pending_ccb_queue, 690 periph_links.tqe) { 691 struct targ_cmd_descr *ab_descr; 692 693 ab_descr = (struct targ_cmd_descr *)ccb_h->targ_descr; 694 if (ab_descr->user_ccb == cab->abort_ccb) { 695 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 696 ("Changing abort for %p to %p\n", 697 cab->abort_ccb, ccb_h)); 698 cab->abort_ccb = (union ccb *)ccb_h; 699 break; 700 } 701 } 702 splx(s); 703 /* CCB not found, set appropriate status */ 704 if (ccb_h == NULL) { 705 k_ccbh->status = CAM_PATH_INVALID; 706 error = ESRCH; 707 } 708 } 709 710 return (error); 711 } 712 713 /* Build and send a kernel CCB formed from descr->user_ccb */ 714 static int 715 targsendccb(struct targ_softc *softc, union ccb *ccb, 716 struct targ_cmd_descr *descr) 717 { 718 struct cam_periph_map_info *mapinfo; 719 struct ccb_hdr *ccb_h; 720 int error; 721 722 ccb_h = &ccb->ccb_h; 723 mapinfo = &descr->mapinfo; 724 mapinfo->num_bufs_used = 0; 725 726 /* 727 * There's no way for the user to have a completion 728 * function, so we put our own completion function in here. 729 * We also stash in a reference to our descriptor so targreturnccb() 730 * can find our mapping info. 731 */ 732 ccb_h->cbfcnp = targdone; 733 ccb_h->targ_descr = descr; 734 735 /* 736 * We only attempt to map the user memory into kernel space 737 * if they haven't passed in a physical memory pointer, 738 * and if there is actually an I/O operation to perform. 739 * Right now cam_periph_mapmem() only supports SCSI and device 740 * match CCBs. For the SCSI CCBs, we only pass the CCB in if 741 * there's actually data to map. cam_periph_mapmem() will do the 742 * right thing, even if there isn't data to map, but since CCBs 743 * without data are a reasonably common occurance (e.g. test unit 744 * ready), it will save a few cycles if we check for it here. 745 */ 746 if (((ccb_h->flags & CAM_DATA_PHYS) == 0) 747 && (((ccb_h->func_code == XPT_CONT_TARGET_IO) 748 && ((ccb_h->flags & CAM_DIR_MASK) != CAM_DIR_NONE)) 749 || (ccb_h->func_code == XPT_DEV_MATCH))) { 750 751 error = cam_periph_mapmem(ccb, mapinfo); 752 753 /* 754 * cam_periph_mapmem returned an error, we can't continue. 755 * Return the error to the user. 756 */ 757 if (error) { 758 ccb_h->status = CAM_REQ_CMP_ERR; 759 mapinfo->num_bufs_used = 0; 760 return (error); 761 } 762 } 763 764 /* 765 * Once queued on the pending CCB list, this CCB will be protected 766 * by our error recovery handler. 767 */ 768 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("sendccb %p\n", ccb)); 769 if (XPT_FC_IS_QUEUED(ccb)) { 770 int s; 771 772 s = splsoftcam(); 773 TAILQ_INSERT_TAIL(&softc->pending_ccb_queue, ccb_h, 774 periph_links.tqe); 775 splx(s); 776 } 777 xpt_action(ccb); 778 779 return (0); 780 } 781 782 /* Completion routine for CCBs (called at splsoftcam) */ 783 static void 784 targdone(struct cam_periph *periph, union ccb *done_ccb) 785 { 786 struct targ_softc *softc; 787 cam_status status; 788 789 CAM_DEBUG(periph->path, CAM_DEBUG_PERIPH, ("targdone %p\n", done_ccb)); 790 softc = (struct targ_softc *)periph->softc; 791 TAILQ_REMOVE(&softc->pending_ccb_queue, &done_ccb->ccb_h, 792 periph_links.tqe); 793 status = done_ccb->ccb_h.status & CAM_STATUS_MASK; 794 795 /* If we're no longer enabled, throw away CCB */ 796 if ((softc->state & TARG_STATE_LUN_ENABLED) == 0) { 797 targfreeccb(softc, done_ccb); 798 return; 799 } 800 /* abort_all_pending() waits for pending queue to be empty */ 801 if (TAILQ_EMPTY(&softc->pending_ccb_queue)) 802 wakeup(&softc->pending_ccb_queue); 803 804 switch (done_ccb->ccb_h.func_code) { 805 /* All FC_*_QUEUED CCBs go back to userland */ 806 case XPT_IMMED_NOTIFY: 807 case XPT_ACCEPT_TARGET_IO: 808 case XPT_CONT_TARGET_IO: 809 TAILQ_INSERT_TAIL(&softc->user_ccb_queue, &done_ccb->ccb_h, 810 periph_links.tqe); 811 notify_user(softc); 812 break; 813 default: 814 panic("targdone: impossible xpt opcode %#x", 815 done_ccb->ccb_h.func_code); 816 /* NOTREACHED */ 817 } 818 } 819 820 /* Return CCBs to the user from the user queue and abort queue */ 821 static int 822 targread(dev_t dev, struct uio *uio, int ioflag) 823 { 824 struct descr_queue *abort_queue; 825 struct targ_cmd_descr *user_descr; 826 struct targ_softc *softc; 827 struct ccb_queue *user_queue; 828 struct ccb_hdr *ccb_h; 829 union ccb *user_ccb; 830 int read_len, error, s; 831 832 error = 0; 833 read_len = 0; 834 softc = (struct targ_softc *)dev->si_drv1; 835 user_queue = &softc->user_ccb_queue; 836 abort_queue = &softc->abort_queue; 837 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targread\n")); 838 839 /* If no data is available, wait or return immediately */ 840 s = splsoftcam(); 841 ccb_h = TAILQ_FIRST(user_queue); 842 user_descr = TAILQ_FIRST(abort_queue); 843 while (ccb_h == NULL && user_descr == NULL) { 844 if ((ioflag & IO_NDELAY) == 0) { 845 error = tsleep(user_queue, PCATCH, "targrd", 0); 846 ccb_h = TAILQ_FIRST(user_queue); 847 user_descr = TAILQ_FIRST(abort_queue); 848 if (error != 0) { 849 if (error == ERESTART) { 850 continue; 851 } else { 852 splx(s); 853 goto read_fail; 854 } 855 } 856 } else { 857 splx(s); 858 return (EAGAIN); 859 } 860 } 861 862 /* Data is available so fill the user's buffer */ 863 while (ccb_h != NULL) { 864 struct targ_cmd_descr *descr; 865 866 if (uio->uio_resid < sizeof(user_ccb)) 867 break; 868 TAILQ_REMOVE(user_queue, ccb_h, periph_links.tqe); 869 splx(s); 870 descr = (struct targ_cmd_descr *)ccb_h->targ_descr; 871 user_ccb = descr->user_ccb; 872 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 873 ("targread ccb %p (%p)\n", ccb_h, user_ccb)); 874 error = targreturnccb(softc, (union ccb *)ccb_h); 875 if (error != 0) 876 goto read_fail; 877 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 878 if (error != 0) 879 goto read_fail; 880 read_len += sizeof(user_ccb); 881 882 s = splsoftcam(); 883 ccb_h = TAILQ_FIRST(user_queue); 884 } 885 886 /* Flush out any aborted descriptors */ 887 while (user_descr != NULL) { 888 if (uio->uio_resid < sizeof(user_ccb)) 889 break; 890 TAILQ_REMOVE(abort_queue, user_descr, tqe); 891 splx(s); 892 user_ccb = user_descr->user_ccb; 893 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 894 ("targread aborted descr %p (%p)\n", 895 user_descr, user_ccb)); 896 suword(&user_ccb->ccb_h.status, CAM_REQ_ABORTED); 897 error = uiomove((caddr_t)&user_ccb, sizeof(user_ccb), uio); 898 if (error != 0) 899 goto read_fail; 900 read_len += sizeof(user_ccb); 901 902 s = splsoftcam(); 903 user_descr = TAILQ_FIRST(abort_queue); 904 } 905 splx(s); 906 907 /* 908 * If we've successfully read some amount of data, don't report an 909 * error. If the error is persistent, it will be reported on the 910 * next read(). 911 */ 912 if (read_len == 0 && uio->uio_resid != 0) 913 error = ENOSPC; 914 915 read_fail: 916 return (error); 917 } 918 919 /* Copy completed ccb back to the user */ 920 static int 921 targreturnccb(struct targ_softc *softc, union ccb *ccb) 922 { 923 struct targ_cmd_descr *descr; 924 struct ccb_hdr *u_ccbh; 925 size_t ccb_len; 926 int error; 927 928 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("targreturnccb %p\n", ccb)); 929 descr = (struct targ_cmd_descr *)ccb->ccb_h.targ_descr; 930 u_ccbh = &descr->user_ccb->ccb_h; 931 932 /* Copy out the central portion of the ccb_hdr */ 933 copyout(&ccb->ccb_h.retry_count, &u_ccbh->retry_count, 934 offsetof(struct ccb_hdr, periph_priv) - 935 offsetof(struct ccb_hdr, retry_count)); 936 937 /* Copy out the rest of the ccb (after the ccb_hdr) */ 938 ccb_len = targccblen(ccb->ccb_h.func_code) - sizeof(struct ccb_hdr); 939 if (descr->mapinfo.num_bufs_used != 0) 940 cam_periph_unmapmem(ccb, &descr->mapinfo); 941 error = copyout(&ccb->ccb_h + 1, u_ccbh + 1, ccb_len); 942 if (error != 0) { 943 xpt_print_path(softc->path); 944 printf("targreturnccb - CCB copyout failed (%d)\n", 945 error); 946 } 947 /* Free CCB or send back to devq. */ 948 targfreeccb(softc, ccb); 949 950 return (error); 951 } 952 953 static union ccb * 954 targgetccb(struct targ_softc *softc, xpt_opcode type, int priority) 955 { 956 union ccb *ccb; 957 int ccb_len; 958 959 ccb_len = targccblen(type); 960 MALLOC(ccb, union ccb *, ccb_len, M_TARG, M_INTWAIT); 961 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("getccb %p\n", ccb)); 962 963 xpt_setup_ccb(&ccb->ccb_h, softc->path, priority); 964 ccb->ccb_h.func_code = type; 965 ccb->ccb_h.cbfcnp = targdone; 966 ccb->ccb_h.targ_descr = targgetdescr(softc); 967 return (ccb); 968 } 969 970 static void 971 targfreeccb(struct targ_softc *softc, union ccb *ccb) 972 { 973 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, ("targfreeccb descr %p and\n", 974 ccb->ccb_h.targ_descr)); 975 FREE(ccb->ccb_h.targ_descr, M_TARG); 976 977 switch (ccb->ccb_h.func_code) { 978 case XPT_ACCEPT_TARGET_IO: 979 case XPT_IMMED_NOTIFY: 980 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, ("freeing ccb %p\n", ccb)); 981 FREE(ccb, M_TARG); 982 break; 983 default: 984 /* Send back CCB if we got it from the periph */ 985 if (XPT_FC_IS_QUEUED(ccb)) { 986 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, 987 ("returning queued ccb %p\n", ccb)); 988 xpt_release_ccb(ccb); 989 } else { 990 CAM_DEBUG_PRINT(CAM_DEBUG_PERIPH, 991 ("freeing ccb %p\n", ccb)); 992 FREE(ccb, M_TARG); 993 } 994 break; 995 } 996 } 997 998 static struct targ_cmd_descr * 999 targgetdescr(struct targ_softc *softc) 1000 { 1001 struct targ_cmd_descr *descr; 1002 1003 MALLOC(descr, struct targ_cmd_descr *, sizeof(*descr), 1004 M_TARG, M_INTWAIT); 1005 descr->mapinfo.num_bufs_used = 0; 1006 return (descr); 1007 } 1008 1009 static void 1010 targinit(void) 1011 { 1012 cdevsw_add(&targ_cdevsw, 0, 0); 1013 } 1014 1015 static void 1016 targasync(void *callback_arg, u_int32_t code, struct cam_path *path, void *arg) 1017 { 1018 /* All events are handled in usermode by INOTs */ 1019 panic("targasync() called, should be an INOT instead"); 1020 } 1021 1022 /* Cancel all pending requests and CCBs awaiting work. */ 1023 static void 1024 abort_all_pending(struct targ_softc *softc) 1025 { 1026 struct targ_cmd_descr *descr; 1027 struct ccb_abort cab; 1028 struct ccb_hdr *ccb_h; 1029 1030 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, ("abort_all_pending\n")); 1031 1032 /* First abort the descriptors awaiting resources */ 1033 while ((descr = TAILQ_FIRST(&softc->work_queue)) != NULL) { 1034 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 1035 ("Aborting descr from workq %p\n", descr)); 1036 TAILQ_REMOVE(&softc->work_queue, descr, tqe); 1037 TAILQ_INSERT_TAIL(&softc->abort_queue, descr, tqe); 1038 } 1039 1040 /* 1041 * Then abort all pending CCBs. 1042 * targdone() will return the aborted CCB via user_ccb_queue 1043 */ 1044 xpt_setup_ccb(&cab.ccb_h, softc->path, /*priority*/0); 1045 cab.ccb_h.func_code = XPT_ABORT; 1046 cab.ccb_h.status = CAM_REQ_CMP_ERR; 1047 TAILQ_FOREACH(ccb_h, &softc->pending_ccb_queue, periph_links.tqe) { 1048 CAM_DEBUG(softc->path, CAM_DEBUG_PERIPH, 1049 ("Aborting pending CCB %p\n", ccb_h)); 1050 cab.abort_ccb = (union ccb *)ccb_h; 1051 xpt_action((union ccb *)&cab); 1052 if (cab.ccb_h.status != CAM_REQ_CMP) { 1053 xpt_print_path(cab.ccb_h.path); 1054 printf("Unable to abort CCB, status %#x\n", 1055 cab.ccb_h.status); 1056 } 1057 } 1058 1059 /* If we aborted at least one pending CCB ok, wait for it. */ 1060 if (cab.ccb_h.status == CAM_REQ_CMP) { 1061 tsleep(&softc->pending_ccb_queue, PCATCH, "tgabrt", 0); 1062 } 1063 1064 /* If we aborted anything from the work queue, wakeup user. */ 1065 if (!TAILQ_EMPTY(&softc->user_ccb_queue) 1066 || !TAILQ_EMPTY(&softc->abort_queue)) 1067 notify_user(softc); 1068 } 1069 1070 /* Notify the user that data is ready */ 1071 static void 1072 notify_user(struct targ_softc *softc) 1073 { 1074 /* 1075 * Notify users sleeping via poll(), kqueue(), and 1076 * blocking read(). 1077 */ 1078 selwakeup(&softc->read_select); 1079 KNOTE(&softc->read_select.si_note, 0); 1080 wakeup(&softc->user_ccb_queue); 1081 } 1082 1083 /* Convert CAM status to errno values */ 1084 static int 1085 targcamstatus(cam_status status) 1086 { 1087 switch (status & CAM_STATUS_MASK) { 1088 case CAM_REQ_CMP: /* CCB request completed without error */ 1089 return (0); 1090 case CAM_REQ_INPROG: /* CCB request is in progress */ 1091 return (EINPROGRESS); 1092 case CAM_REQ_CMP_ERR: /* CCB request completed with an error */ 1093 return (EIO); 1094 case CAM_PROVIDE_FAIL: /* Unable to provide requested capability */ 1095 return (ENOTTY); 1096 case CAM_FUNC_NOTAVAIL: /* The requested function is not available */ 1097 return (ENOTSUP); 1098 case CAM_LUN_ALRDY_ENA: /* LUN is already enabled for target mode */ 1099 return (EADDRINUSE); 1100 case CAM_PATH_INVALID: /* Supplied Path ID is invalid */ 1101 case CAM_DEV_NOT_THERE: /* SCSI Device Not Installed/there */ 1102 return (ENOENT); 1103 case CAM_REQ_ABORTED: /* CCB request aborted by the host */ 1104 return (ECANCELED); 1105 case CAM_CMD_TIMEOUT: /* Command timeout */ 1106 return (ETIMEDOUT); 1107 case CAM_REQUEUE_REQ: /* Requeue to preserve transaction ordering */ 1108 return (EAGAIN); 1109 case CAM_REQ_INVALID: /* CCB request was invalid */ 1110 return (EINVAL); 1111 case CAM_RESRC_UNAVAIL: /* Resource Unavailable */ 1112 return (ENOMEM); 1113 case CAM_BUSY: /* CAM subsytem is busy */ 1114 case CAM_UA_ABORT: /* Unable to abort CCB request */ 1115 return (EBUSY); 1116 default: 1117 return (ENXIO); 1118 } 1119 } 1120 1121 static size_t 1122 targccblen(xpt_opcode func_code) 1123 { 1124 int len; 1125 1126 /* Codes we expect to see as a target */ 1127 switch (func_code) { 1128 case XPT_CONT_TARGET_IO: 1129 case XPT_SCSI_IO: 1130 len = sizeof(struct ccb_scsiio); 1131 break; 1132 case XPT_ACCEPT_TARGET_IO: 1133 len = sizeof(struct ccb_accept_tio); 1134 break; 1135 case XPT_IMMED_NOTIFY: 1136 len = sizeof(struct ccb_immed_notify); 1137 break; 1138 case XPT_REL_SIMQ: 1139 len = sizeof(struct ccb_relsim); 1140 break; 1141 case XPT_PATH_INQ: 1142 len = sizeof(struct ccb_pathinq); 1143 break; 1144 case XPT_DEBUG: 1145 len = sizeof(struct ccb_debug); 1146 break; 1147 case XPT_ABORT: 1148 len = sizeof(struct ccb_abort); 1149 break; 1150 case XPT_EN_LUN: 1151 len = sizeof(struct ccb_en_lun); 1152 break; 1153 default: 1154 len = sizeof(union ccb); 1155 break; 1156 } 1157 1158 return (len); 1159 } 1160