1 /*- 2 * Copyright (c) 2005-2008 Daniel Braniss <danny@cs.huji.ac.il> 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 * 26 * $FreeBSD: src/sys/dev/iscsi/initiator/iscsi_subr.c,v 1.2 2008/11/25 07:17:11 scottl Exp $ 27 */ 28 /* 29 | $Id: iscsi_subr.c,v 1.17 2006/11/26 14:50:43 danny Exp danny $ 30 */ 31 32 #include "opt_iscsi_initiator.h" 33 34 #include <sys/param.h> 35 #include <sys/kernel.h> 36 #include <sys/callout.h> 37 #include <sys/malloc.h> 38 #include <sys/mbuf.h> 39 #include <sys/kthread.h> 40 #include <sys/lock.h> 41 #include <sys/uio.h> 42 #include <sys/sysctl.h> 43 #include <sys/systm.h> 44 #include <sys/globaldata.h> 45 46 #include <bus/cam/cam.h> 47 #include <bus/cam/cam_ccb.h> 48 #include <bus/cam/cam_sim.h> 49 #include <bus/cam/cam_xpt_sim.h> 50 #include <bus/cam/cam_periph.h> 51 #include <bus/cam/scsi/scsi_message.h> 52 #include <sys/eventhandler.h> 53 54 #include <sys/mutex2.h> 55 56 #include <dev/disk/iscsi/initiator/iscsi.h> 57 #include <dev/disk/iscsi/initiator/iscsivar.h> 58 59 /* 60 | Interface to the SCSI layer 61 */ 62 void 63 iscsi_r2t(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 64 { 65 union ccb *ccb = opq->ccb; 66 struct ccb_scsiio *csio = &ccb->csio; 67 pdu_t *opp = &opq->pdu; 68 bhs_t *bhp = &opp->ipdu.bhs; 69 r2t_t *r2t = &pq->pdu.ipdu.r2t; 70 pduq_t *wpq; 71 int error; 72 73 debug_called(8); 74 sdebug(4, "itt=%x r2tSN=%d bo=%x ddtl=%x W=%d", ntohl(r2t->itt), 75 ntohl(r2t->r2tSN), ntohl(r2t->bo), ntohl(r2t->ddtl), opp->ipdu.scsi_req.W); 76 77 switch(bhp->opcode) { 78 case ISCSI_SCSI_CMD: 79 if(opp->ipdu.scsi_req.W) { 80 data_out_t *cmd; 81 u_int ddtl = ntohl(r2t->ddtl); 82 u_int edtl = ntohl(opp->ipdu.scsi_req.edtlen); 83 u_int bleft, bs, dsn, bo; 84 caddr_t bp = csio->data_ptr; 85 86 bo = ntohl(r2t->bo); 87 bleft = ddtl; 88 89 if(sp->opt.maxXmitDataSegmentLength > 0) // danny's RFC 90 bs = MIN(sp->opt.maxXmitDataSegmentLength, ddtl); 91 else 92 bs = ddtl; 93 dsn = 0; 94 sdebug(4, "edtl=%x ddtl=%x bo=%x dsn=%x bs=%x maxX=%x", 95 edtl, ddtl, bo, dsn, bs, sp->opt.maxXmitDataSegmentLength); 96 while(bleft > 0) { 97 wpq = pdu_alloc(sp->isc, M_NOWAIT); // testing ... 98 if(wpq == NULL) { 99 sdebug(3, "itt=%x r2tSN=%d bo=%x ddtl=%x W=%d", ntohl(r2t->itt), 100 ntohl(r2t->r2tSN), ntohl(r2t->bo), ntohl(r2t->ddtl), opp->ipdu.scsi_req.W); 101 sdebug(1, "npdu_max=%d npdu_alloc=%d", sp->isc->npdu_max, sp->isc->npdu_alloc); 102 103 while((wpq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) { 104 sdebug(2, "waiting..."); 105 tsleep(sp->isc, 0, "isc_r2t", 5*hz); 106 } 107 } 108 cmd = &wpq->pdu.ipdu.data_out; 109 cmd->opcode = ISCSI_WRITE_DATA; 110 cmd->lun[0] = r2t->lun[0]; 111 cmd->lun[1] = r2t->lun[1]; 112 cmd->ttt = r2t->ttt; 113 cmd->itt = r2t->itt; 114 115 cmd->dsn = htonl(dsn); 116 cmd->bo = htonl(bo); 117 118 cmd->F = (bs < bleft)? 0: 1; // is this the last one? 119 bs = MIN(bs, bleft); 120 121 wpq->pdu.ds_len = bs; 122 wpq->pdu.ds = bp; 123 124 error = isc_qout(sp, wpq); 125 sdebug(6, "bs=%x bo=%x bp=%p dsn=%x error=%d", bs, bo, bp, dsn, error); 126 if(error) 127 break; 128 bo += bs; 129 bp += bs; 130 bleft -= bs; 131 dsn++; 132 } 133 } 134 break; 135 136 default: 137 // XXX: should not happen ... 138 xdebug("huh? opcode=0x%x", bhp->opcode); 139 } 140 } 141 142 static int 143 getSenseData(u_int status, union ccb *ccb, pduq_t *pq) 144 { 145 pdu_t *pp = &pq->pdu; 146 struct ccb_scsiio *scsi = (struct ccb_scsiio *)ccb; 147 struct scsi_sense_data *sense = &scsi->sense_data; 148 struct mbuf *m = pq->mp; 149 scsi_rsp_t *cmd = &pp->ipdu.scsi_rsp; 150 caddr_t bp; 151 int sense_len, mustfree = 0; 152 153 bp = mtod(pq->mp, caddr_t); 154 if((sense_len = scsi_2btoul(bp)) == 0) 155 return 0; 156 debug(4, "sense_len=%d", sense_len); 157 /* 158 | according to the specs, the sense data cannot 159 | be larger than 252 ... 160 */ 161 if(sense_len > m->m_len) { 162 bp = kmalloc(sense_len, M_ISCSI, M_WAITOK); 163 debug(3, "calling i_mbufcopy(len=%d)", sense_len); 164 i_mbufcopy(pq->mp, bp, sense_len); 165 mustfree++; 166 } 167 scsi->scsi_status = status; 168 169 bcopy(bp+2, sense, min(sense_len, scsi->sense_len)); 170 scsi->sense_resid = 0; 171 if(cmd->flag & (BIT(1)|BIT(2))) 172 scsi->sense_resid = ntohl(pp->ipdu.scsi_rsp.rcnt); 173 debug(3, "sense_len=%d rcnt=%d sense_resid=%d dsl=%d error_code=%x flags=%x", 174 sense_len, 175 ntohl(pp->ipdu.scsi_rsp.rcnt), scsi->sense_resid, 176 pp->ds_len, sense->error_code, sense->flags); 177 178 if(mustfree) 179 kfree(bp, M_ISCSI); 180 181 return 1; 182 } 183 184 /* 185 | Some information is from SAM draft. 186 */ 187 static void 188 _scsi_done(struct isc_softc *isp, u_int response, u_int status, union ccb *ccb, pduq_t *pq) 189 { 190 struct ccb_hdr *ccb_h = &ccb->ccb_h; 191 192 debug_called(8); 193 194 if(status || response) { 195 debug(3, "response=%x status=%x ccb=%p pq=%p", response, status, ccb, pq); 196 if(pq != NULL) 197 debug(3, "mp=%p buf=%p len=%d", pq->mp, pq->buf, pq->len); 198 } 199 ccb_h->status = 0; 200 switch(response) { 201 case 0: // Command Completed at Target 202 switch(status) { 203 case 0: // Good, all is ok 204 ccb_h->status = CAM_REQ_CMP; 205 break; 206 207 case 0x02: // Check Condition 208 if((pq != NULL) && (pq->mp != NULL) && getSenseData(status, ccb, pq)) 209 ccb_h->status |= CAM_AUTOSNS_VALID; 210 211 case 0x14: // Intermediate-Condition Met 212 case 0x10: // Intermediate 213 case 0x04: // Condition Met 214 ccb_h->status |= CAM_SCSI_STATUS_ERROR; 215 break; 216 217 case 0x08: 218 ccb_h->status = CAM_BUSY; 219 break; 220 221 case 0x18: // Reservation Conflict 222 case 0x28: // Task Set Full 223 ccb_h->status = CAM_REQUEUE_REQ; 224 break; 225 default: 226 //case 0x22: // Command Terminated 227 //case 0x30: // ACA Active 228 //case 0x40: // Task Aborted 229 ccb_h->status = CAM_REQ_CMP_ERR; //CAM_REQ_ABORTED; 230 } 231 break; 232 233 default: 234 if((response >= 0x80) && (response <= 0xFF)) { 235 // Vendor specific ... 236 } 237 case 1: // target failure 238 ccb_h->status = CAM_REQ_CMP_ERR; //CAM_REQ_ABORTED; 239 break; 240 } 241 debug(5, "ccb_h->status=%x", ccb_h->status); 242 243 XPT_DONE(isp, ccb); 244 } 245 246 /* 247 | returns the lowest cmdseq that was not acked 248 */ 249 int 250 iscsi_requeue(isc_session_t *sp) 251 { 252 pduq_t *pq; 253 u_int i, n, last; 254 255 debug_called(8); 256 last = -1; 257 i = 0; 258 sp->flags |= ISC_HOLD; 259 while((pq = i_dqueue_hld(sp)) != NULL) { 260 i++; 261 _scsi_done(sp->isc, 0, 0x28, pq->ccb, NULL); 262 n = ntohl(pq->pdu.ipdu.bhs.CmdSN); 263 if(last > n) 264 last = n; 265 sdebug(2, "last=%x n=%x", last, n); 266 pdu_free(sp->isc, pq); 267 } 268 sp->flags &= ~ISC_HOLD; 269 return i? last: sp->sn.cmd; 270 } 271 272 int 273 i_pdu_flush(isc_session_t *sp) 274 { 275 int n = 0; 276 pduq_t *pq; 277 278 debug_called(8); 279 while((pq = i_dqueue_rsp(sp)) != NULL) { 280 pdu_free(sp->isc, pq); 281 n++; 282 } 283 while((pq = i_dqueue_rsv(sp)) != NULL) { 284 pdu_free(sp->isc, pq); 285 n++; 286 } 287 while((pq = i_dqueue_snd(sp, -1)) != NULL) { 288 pdu_free(sp->isc, pq); 289 n++; 290 } 291 while((pq = i_dqueue_hld(sp)) != NULL) { 292 pdu_free(sp->isc, pq); 293 n++; 294 } 295 while((pq = i_dqueue_wsnd(sp)) != NULL) { 296 pdu_free(sp->isc, pq); 297 n++; 298 } 299 if(n != 0) 300 xdebug("%d pdus recovered, should have been ZERO!", n); 301 return n; 302 } 303 /* 304 | called from ism_destroy. 305 */ 306 void 307 iscsi_cleanup(isc_session_t *sp) 308 { 309 pduq_t *pq, *pqtmp; 310 311 debug_called(8); 312 313 TAILQ_FOREACH_MUTABLE(pq, &sp->hld, pq_link, pqtmp) { 314 sdebug(3, "hld pq=%p", pq); 315 if(pq->ccb) 316 _scsi_done(sp->isc, 1, 0x40, pq->ccb, NULL); 317 TAILQ_REMOVE(&sp->hld, pq, pq_link); 318 pdu_free(sp->isc, pq); 319 } 320 while((pq = i_dqueue_snd(sp, BIT(0)|BIT(1)|BIT(2))) != NULL) { 321 sdebug(3, "pq=%p", pq); 322 if(pq->ccb) 323 _scsi_done(sp->isc, 1, 0x40, pq->ccb, NULL); 324 pdu_free(sp->isc, pq); 325 } 326 327 wakeup(&sp->rsp); 328 } 329 330 void 331 iscsi_done(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 332 { 333 pdu_t *pp = &pq->pdu; 334 scsi_rsp_t *cmd = &pp->ipdu.scsi_rsp; 335 336 debug_called(8); 337 338 _scsi_done(sp->isc, cmd->response, cmd->status, opq->ccb, pq); 339 340 pdu_free(sp->isc, opq); 341 } 342 343 // see RFC 3720, 10.9.1 page 146 344 /* 345 | NOTE: 346 | the call to isc_stop_receiver is a kludge, 347 | instead, it should be handled by the userland controller, 348 | but that means that there should be a better way, other than 349 | sending a signal. Somehow, this packet should be supplied to 350 | the userland via read. 351 */ 352 void 353 iscsi_async(isc_session_t *sp, pduq_t *pq) 354 { 355 pdu_t *pp = &pq->pdu; 356 async_t *cmd = &pp->ipdu.async; 357 358 debug_called(8); 359 360 sdebug(3, "asyncevent=0x%x asyncVCode=0x%0x", cmd->asyncEvent, cmd->asyncVCode); 361 switch(cmd->asyncEvent) { 362 case 0: // check status ... 363 break; 364 365 case 1: // target request logout 366 isc_stop_receiver(sp); // XXX: temporary solution 367 break; 368 369 case 2: // target indicates it wants to drop connection 370 isc_stop_receiver(sp); // XXX: temporary solution 371 break; 372 373 case 3: // target indicates it will drop all connections. 374 isc_stop_receiver(sp); // XXX: temporary solution 375 break; 376 377 case 4: // target request parameter negotiation 378 break; 379 380 default: 381 break; 382 } 383 } 384 385 void 386 iscsi_reject(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 387 { 388 union ccb *ccb = opq->ccb; 389 //reject_t *reject = &pq->pdu.ipdu.reject; 390 391 debug_called(8); 392 //XXX: check RFC 10.17.1 (page 176) 393 ccb->ccb_h.status = CAM_REQ_ABORTED; 394 XPT_DONE(sp->isc, ccb); 395 396 pdu_free(sp->isc, opq); 397 } 398 399 /* 400 | deal with lun 401 */ 402 static int 403 dwl(isc_session_t *sp, int lun, u_char *lp) 404 { 405 int i; 406 407 debug_called(8); 408 409 /* 410 | mapping LUN to iSCSI LUN 411 | check the SAM-2 specs 412 | hint: maxLUNS is a small number, cam's LUN is 32bits 413 | iSCSI is 64bits, scsi is ? 414 */ 415 // XXX: check if this will pass the endian test 416 if(lun < 256) { 417 lp[0] = 0; 418 lp[1] = lun; 419 } else 420 if(lun < 16384) { 421 lp[0] = (1 << 5) | ((lun >> 8) & 0x3f); 422 lp[1] = lun & 0xff; 423 } 424 else { 425 xdebug("lun %d: is unsupported!", lun); 426 return -1; 427 } 428 429 for(i = 0; i < sp->target_nluns; i++) 430 if(sp->target_lun[i] == lun) 431 return 0; 432 if(sp->target_nluns < ISCSI_MAX_LUNS) 433 sp->target_lun[sp->target_nluns++] = lun; 434 435 sdebug(3, "nluns=%d lun=%d", sp->target_nluns, lun); 436 437 return 0; 438 } 439 440 /* 441 | encapsulate the scsi command and 442 */ 443 int 444 scsi_encap(struct cam_sim *sim, union ccb *ccb) 445 { 446 struct isc_softc *isp = (struct isc_softc *)cam_sim_softc(sim); 447 isc_session_t *sp; 448 struct ccb_scsiio *csio = &ccb->csio; 449 struct ccb_hdr *ccb_h = &ccb->ccb_h; 450 pduq_t *pq; 451 scsi_req_t *cmd; 452 453 debug_called(8); 454 455 debug(4, "ccb->sp=%p", ccb_h->spriv_ptr0); 456 sp = ccb_h->spriv_ptr0; 457 458 if((pq = pdu_alloc(isp, M_NOWAIT)) == NULL) { 459 debug(2, "ccb->sp=%p", ccb_h->spriv_ptr0); 460 sdebug(1, "pdu_alloc failed sc->npdu_max=%d npdu_alloc=%d", 461 sp->isc->npdu_max, sp->isc->npdu_alloc); 462 while((pq = pdu_alloc(sp->isc, M_NOWAIT)) == NULL) { 463 sdebug(3, "waiting..."); 464 tsleep(sp->isc, 0, "isc_encap", 5*hz); 465 } 466 #if 0 467 sdebug(3, "freezing"); 468 ccb->ccb_h.status = CAM_REQUEUE_REQ; 469 ic_freeze(sp); 470 return 0; 471 #endif 472 } 473 474 #if 0 475 if((sp->flags & ISC_FFPHASE) == 0) { 476 ccb->ccb_h.status = CAM_DEV_NOT_THERE; // CAM_NO_NEXUS; 477 sdebug(3, "no active session with target %d", ccb_h->target_id); 478 goto bad; 479 } 480 #endif 481 cmd = &pq->pdu.ipdu.scsi_req; 482 cmd->opcode = ISCSI_SCSI_CMD; 483 cmd->F = 1; 484 /* 485 | map tag option, default is UNTAGGED 486 */ 487 switch(csio->tag_action) { 488 case MSG_SIMPLE_Q_TAG: cmd->attr = iSCSI_TASK_SIMPLE; break; 489 case MSG_HEAD_OF_Q_TAG: cmd->attr = iSCSI_TASK_ORDER; break; 490 case MSG_ORDERED_Q_TAG: cmd->attr = iSCSI_TASK_HOFQ; break; 491 case MSG_ACA_TASK: cmd->attr = iSCSI_TASK_ACA; break; 492 } 493 494 dwl(sp, ccb_h->target_lun, (u_char *)&cmd->lun); 495 496 if((ccb_h->flags & CAM_CDB_POINTER) != 0) { 497 if((ccb_h->flags & CAM_CDB_PHYS) == 0) { 498 if(csio->cdb_len > 16) { 499 sdebug(3, "oversize cdb %d > 16", csio->cdb_len); 500 goto invalid; 501 } 502 } 503 else { 504 sdebug(3, "not phys"); 505 goto invalid; 506 } 507 } 508 509 if(csio->cdb_len > sizeof(cmd->cdb)) 510 xdebug("guevalt! %d > %ld", csio->cdb_len, (long)sizeof(cmd->cdb)); 511 512 memcpy(cmd->cdb, 513 ccb_h->flags & CAM_CDB_POINTER? csio->cdb_io.cdb_ptr: csio->cdb_io.cdb_bytes, 514 csio->cdb_len); 515 516 cmd->W = (ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT; 517 cmd->R = (ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN; 518 cmd->edtlen = htonl(csio->dxfer_len); 519 520 pq->ccb = ccb; 521 /* 522 | place it in the out queue 523 */ 524 if(isc_qout(sp, pq) == 0) 525 return 1; 526 invalid: 527 ccb->ccb_h.status = CAM_REQ_INVALID; 528 pdu_free(isp, pq); 529 return 0; 530 } 531 532 int 533 scsi_decap(isc_session_t *sp, pduq_t *opq, pduq_t *pq) 534 { 535 union ccb *ccb = opq->ccb; 536 struct ccb_scsiio *csio = &ccb->csio; 537 pdu_t *opp = &opq->pdu; 538 bhs_t *bhp = &opp->ipdu.bhs; 539 540 debug_called(8); 541 sdebug(6, "pq=%p opq=%p bhp->opcode=0x%x len=%d", 542 pq, opq, bhp->opcode, pq->pdu.ds_len); 543 if(ccb == NULL) { 544 sdebug(1, "itt=0x%x pq=%p opq=%p bhp->opcode=0x%x len=%d", 545 ntohl(pq->pdu.ipdu.bhs.itt), 546 pq, opq, bhp->opcode, pq->pdu.ds_len); 547 xdebug("%d] ccb == NULL!", sp->sid); 548 return 0; 549 } 550 if(pq->pdu.ds_len != 0) { 551 switch(bhp->opcode) { 552 case ISCSI_SCSI_CMD: { 553 scsi_req_t *cmd = &opp->ipdu.scsi_req; 554 sdebug(5, "itt=0x%x opcode=%x R=%d", 555 ntohl(pq->pdu.ipdu.bhs.itt), 556 pq->pdu.ipdu.bhs.opcode, cmd->R); 557 558 switch(pq->pdu.ipdu.bhs.opcode) { 559 case ISCSI_READ_DATA: // SCSI Data in 560 { 561 caddr_t bp = NULL; // = mtod(pq->mp, caddr_t); 562 data_in_t *rcmd = &pq->pdu.ipdu.data_in; 563 564 if(cmd->R) { 565 sdebug(5, "copy to=%p from=%p l1=%d l2=%d mp@%p", 566 csio->data_ptr, bp? mtod(pq->mp, caddr_t): 0, 567 ntohl(cmd->edtlen), pq->pdu.ds_len, pq->mp); 568 if(ntohl(cmd->edtlen) >= pq->pdu.ds_len) { 569 int offset, len = pq->pdu.ds_len; 570 571 if(pq->mp != NULL) { 572 caddr_t dp; 573 574 offset = ntohl(rcmd->bo); 575 dp = csio->data_ptr + offset; 576 i_mbufcopy(pq->mp, dp, len); 577 } 578 } 579 else { 580 xdebug("edtlen=%d < ds_len=%d", 581 ntohl(cmd->edtlen), pq->pdu.ds_len); 582 } 583 } 584 if(rcmd->S) { 585 /* 586 | contains also the SCSI Status 587 */ 588 _scsi_done(sp->isc, 0, rcmd->status, opq->ccb, NULL); 589 return 0; 590 } else 591 return 1; 592 } 593 break; 594 } 595 } 596 default: 597 sdebug(3, "opcode=%02x", bhp->opcode); 598 break; 599 } 600 } 601 /* 602 | XXX: error ... 603 */ 604 return 1; 605 } 606