1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#include <linux/string.h>
22#include <linux/kthread.h>
23#include <linux/crypto.h>
24#include <linux/completion.h>
25#include <linux/module.h>
26#include <asm/unaligned.h>
27#include <scsi/scsi_device.h>
28#include <scsi/iscsi_proto.h>
29#include <target/target_core_base.h>
30#include <target/target_core_fabric.h>
31
32#include "iscsi_target_core.h"
33#include "iscsi_target_parameters.h"
34#include "iscsi_target_seq_pdu_list.h"
35#include "iscsi_target_tq.h"
36#include "iscsi_target_configfs.h"
37#include "iscsi_target_datain_values.h"
38#include "iscsi_target_erl0.h"
39#include "iscsi_target_erl1.h"
40#include "iscsi_target_erl2.h"
41#include "iscsi_target_login.h"
42#include "iscsi_target_tmr.h"
43#include "iscsi_target_tpg.h"
44#include "iscsi_target_util.h"
45#include "iscsi_target.h"
46#include "iscsi_target_device.h"
47#include "iscsi_target_stat.h"
48
49static LIST_HEAD(g_tiqn_list);
50static LIST_HEAD(g_np_list);
51static DEFINE_SPINLOCK(tiqn_lock);
52static DEFINE_SPINLOCK(np_lock);
53
54static struct idr tiqn_idr;
55struct idr sess_idr;
56struct mutex auth_id_lock;
57spinlock_t sess_idr_lock;
58
59struct iscsit_global *iscsit_global;
60
61struct kmem_cache *lio_cmd_cache;
62struct kmem_cache *lio_qr_cache;
63struct kmem_cache *lio_dr_cache;
64struct kmem_cache *lio_ooo_cache;
65struct kmem_cache *lio_r2t_cache;
66
67static int iscsit_handle_immediate_data(struct iscsi_cmd *,
68 unsigned char *buf, u32);
69static int iscsit_logout_post_handler(struct iscsi_cmd *, struct iscsi_conn *);
70
71struct iscsi_tiqn *iscsit_get_tiqn_for_login(unsigned char *buf)
72{
73 struct iscsi_tiqn *tiqn = NULL;
74
75 spin_lock(&tiqn_lock);
76 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) {
77 if (!strcmp(tiqn->tiqn, buf)) {
78
79 spin_lock(&tiqn->tiqn_state_lock);
80 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) {
81 tiqn->tiqn_access_count++;
82 spin_unlock(&tiqn->tiqn_state_lock);
83 spin_unlock(&tiqn_lock);
84 return tiqn;
85 }
86 spin_unlock(&tiqn->tiqn_state_lock);
87 }
88 }
89 spin_unlock(&tiqn_lock);
90
91 return NULL;
92}
93
94static int iscsit_set_tiqn_shutdown(struct iscsi_tiqn *tiqn)
95{
96 spin_lock(&tiqn->tiqn_state_lock);
97 if (tiqn->tiqn_state == TIQN_STATE_ACTIVE) {
98 tiqn->tiqn_state = TIQN_STATE_SHUTDOWN;
99 spin_unlock(&tiqn->tiqn_state_lock);
100 return 0;
101 }
102 spin_unlock(&tiqn->tiqn_state_lock);
103
104 return -1;
105}
106
107void iscsit_put_tiqn_for_login(struct iscsi_tiqn *tiqn)
108{
109 spin_lock(&tiqn->tiqn_state_lock);
110 tiqn->tiqn_access_count--;
111 spin_unlock(&tiqn->tiqn_state_lock);
112}
113
114
115
116
117
118struct iscsi_tiqn *iscsit_add_tiqn(unsigned char *buf)
119{
120 struct iscsi_tiqn *tiqn = NULL;
121 int ret;
122
123 if (strlen(buf) >= ISCSI_IQN_LEN) {
124 pr_err("Target IQN exceeds %d bytes\n",
125 ISCSI_IQN_LEN);
126 return ERR_PTR(-EINVAL);
127 }
128
129 tiqn = kzalloc(sizeof(struct iscsi_tiqn), GFP_KERNEL);
130 if (!tiqn) {
131 pr_err("Unable to allocate struct iscsi_tiqn\n");
132 return ERR_PTR(-ENOMEM);
133 }
134
135 sprintf(tiqn->tiqn, "%s", buf);
136 INIT_LIST_HEAD(&tiqn->tiqn_list);
137 INIT_LIST_HEAD(&tiqn->tiqn_tpg_list);
138 spin_lock_init(&tiqn->tiqn_state_lock);
139 spin_lock_init(&tiqn->tiqn_tpg_lock);
140 spin_lock_init(&tiqn->sess_err_stats.lock);
141 spin_lock_init(&tiqn->login_stats.lock);
142 spin_lock_init(&tiqn->logout_stats.lock);
143
144 if (!idr_pre_get(&tiqn_idr, GFP_KERNEL)) {
145 pr_err("idr_pre_get() for tiqn_idr failed\n");
146 kfree(tiqn);
147 return ERR_PTR(-ENOMEM);
148 }
149 tiqn->tiqn_state = TIQN_STATE_ACTIVE;
150
151 spin_lock(&tiqn_lock);
152 ret = idr_get_new(&tiqn_idr, NULL, &tiqn->tiqn_index);
153 if (ret < 0) {
154 pr_err("idr_get_new() failed for tiqn->tiqn_index\n");
155 spin_unlock(&tiqn_lock);
156 kfree(tiqn);
157 return ERR_PTR(ret);
158 }
159 list_add_tail(&tiqn->tiqn_list, &g_tiqn_list);
160 spin_unlock(&tiqn_lock);
161
162 pr_debug("CORE[0] - Added iSCSI Target IQN: %s\n", tiqn->tiqn);
163
164 return tiqn;
165
166}
167
168static void iscsit_wait_for_tiqn(struct iscsi_tiqn *tiqn)
169{
170
171
172
173 spin_lock(&tiqn->tiqn_state_lock);
174 while (tiqn->tiqn_access_count != 0) {
175 spin_unlock(&tiqn->tiqn_state_lock);
176 msleep(10);
177 spin_lock(&tiqn->tiqn_state_lock);
178 }
179 spin_unlock(&tiqn->tiqn_state_lock);
180}
181
182void iscsit_del_tiqn(struct iscsi_tiqn *tiqn)
183{
184
185
186
187
188
189
190 if (iscsit_set_tiqn_shutdown(tiqn) < 0) {
191 pr_err("iscsit_set_tiqn_shutdown() failed\n");
192 return;
193 }
194
195 iscsit_wait_for_tiqn(tiqn);
196
197 spin_lock(&tiqn_lock);
198 list_del(&tiqn->tiqn_list);
199 idr_remove(&tiqn_idr, tiqn->tiqn_index);
200 spin_unlock(&tiqn_lock);
201
202 pr_debug("CORE[0] - Deleted iSCSI Target IQN: %s\n",
203 tiqn->tiqn);
204 kfree(tiqn);
205}
206
207int iscsit_access_np(struct iscsi_np *np, struct iscsi_portal_group *tpg)
208{
209 int ret;
210
211
212
213 spin_lock_bh(&np->np_thread_lock);
214 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
215 spin_unlock_bh(&np->np_thread_lock);
216 return -1;
217 }
218 if (np->np_login_tpg) {
219 pr_err("np->np_login_tpg() is not NULL!\n");
220 spin_unlock_bh(&np->np_thread_lock);
221 return -1;
222 }
223 spin_unlock_bh(&np->np_thread_lock);
224
225
226
227 spin_lock_bh(&tpg->tpg_state_lock);
228 if (tpg->tpg_state != TPG_STATE_ACTIVE) {
229 spin_unlock_bh(&tpg->tpg_state_lock);
230 return -1;
231 }
232 spin_unlock_bh(&tpg->tpg_state_lock);
233
234
235
236
237 ret = mutex_lock_interruptible(&tpg->np_login_lock);
238 if ((ret != 0) || signal_pending(current))
239 return -1;
240
241 spin_lock_bh(&np->np_thread_lock);
242 np->np_login_tpg = tpg;
243 spin_unlock_bh(&np->np_thread_lock);
244
245 return 0;
246}
247
248int iscsit_deaccess_np(struct iscsi_np *np, struct iscsi_portal_group *tpg)
249{
250 struct iscsi_tiqn *tiqn = tpg->tpg_tiqn;
251
252 spin_lock_bh(&np->np_thread_lock);
253 np->np_login_tpg = NULL;
254 spin_unlock_bh(&np->np_thread_lock);
255
256 mutex_unlock(&tpg->np_login_lock);
257
258 if (tiqn)
259 iscsit_put_tiqn_for_login(tiqn);
260
261 return 0;
262}
263
264static struct iscsi_np *iscsit_get_np(
265 struct __kernel_sockaddr_storage *sockaddr,
266 int network_transport)
267{
268 struct sockaddr_in *sock_in, *sock_in_e;
269 struct sockaddr_in6 *sock_in6, *sock_in6_e;
270 struct iscsi_np *np;
271 int ip_match = 0;
272 u16 port;
273
274 spin_lock_bh(&np_lock);
275 list_for_each_entry(np, &g_np_list, np_list) {
276 spin_lock(&np->np_thread_lock);
277 if (np->np_thread_state != ISCSI_NP_THREAD_ACTIVE) {
278 spin_unlock(&np->np_thread_lock);
279 continue;
280 }
281
282 if (sockaddr->ss_family == AF_INET6) {
283 sock_in6 = (struct sockaddr_in6 *)sockaddr;
284 sock_in6_e = (struct sockaddr_in6 *)&np->np_sockaddr;
285
286 if (!memcmp(&sock_in6->sin6_addr.in6_u,
287 &sock_in6_e->sin6_addr.in6_u,
288 sizeof(struct in6_addr)))
289 ip_match = 1;
290
291 port = ntohs(sock_in6->sin6_port);
292 } else {
293 sock_in = (struct sockaddr_in *)sockaddr;
294 sock_in_e = (struct sockaddr_in *)&np->np_sockaddr;
295
296 if (sock_in->sin_addr.s_addr ==
297 sock_in_e->sin_addr.s_addr)
298 ip_match = 1;
299
300 port = ntohs(sock_in->sin_port);
301 }
302
303 if ((ip_match == 1) && (np->np_port == port) &&
304 (np->np_network_transport == network_transport)) {
305
306
307
308
309
310 np->np_exports++;
311 spin_unlock(&np->np_thread_lock);
312 spin_unlock_bh(&np_lock);
313 return np;
314 }
315 spin_unlock(&np->np_thread_lock);
316 }
317 spin_unlock_bh(&np_lock);
318
319 return NULL;
320}
321
322struct iscsi_np *iscsit_add_np(
323 struct __kernel_sockaddr_storage *sockaddr,
324 char *ip_str,
325 int network_transport)
326{
327 struct sockaddr_in *sock_in;
328 struct sockaddr_in6 *sock_in6;
329 struct iscsi_np *np;
330 int ret;
331
332
333
334 np = iscsit_get_np(sockaddr, network_transport);
335 if (np)
336 return np;
337
338 np = kzalloc(sizeof(struct iscsi_np), GFP_KERNEL);
339 if (!np) {
340 pr_err("Unable to allocate memory for struct iscsi_np\n");
341 return ERR_PTR(-ENOMEM);
342 }
343
344 np->np_flags |= NPF_IP_NETWORK;
345 if (sockaddr->ss_family == AF_INET6) {
346 sock_in6 = (struct sockaddr_in6 *)sockaddr;
347 snprintf(np->np_ip, IPV6_ADDRESS_SPACE, "%s", ip_str);
348 np->np_port = ntohs(sock_in6->sin6_port);
349 } else {
350 sock_in = (struct sockaddr_in *)sockaddr;
351 sprintf(np->np_ip, "%s", ip_str);
352 np->np_port = ntohs(sock_in->sin_port);
353 }
354
355 np->np_network_transport = network_transport;
356 spin_lock_init(&np->np_thread_lock);
357 init_completion(&np->np_restart_comp);
358 INIT_LIST_HEAD(&np->np_list);
359
360 ret = iscsi_target_setup_login_socket(np, sockaddr);
361 if (ret != 0) {
362 kfree(np);
363 return ERR_PTR(ret);
364 }
365
366 np->np_thread = kthread_run(iscsi_target_login_thread, np, "iscsi_np");
367 if (IS_ERR(np->np_thread)) {
368 pr_err("Unable to create kthread: iscsi_np\n");
369 ret = PTR_ERR(np->np_thread);
370 kfree(np);
371 return ERR_PTR(ret);
372 }
373
374
375
376
377
378
379
380 np->np_exports = 1;
381
382 spin_lock_bh(&np_lock);
383 list_add_tail(&np->np_list, &g_np_list);
384 spin_unlock_bh(&np_lock);
385
386 pr_debug("CORE[0] - Added Network Portal: %s:%hu on %s\n",
387 np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ?
388 "TCP" : "SCTP");
389
390 return np;
391}
392
393int iscsit_reset_np_thread(
394 struct iscsi_np *np,
395 struct iscsi_tpg_np *tpg_np,
396 struct iscsi_portal_group *tpg)
397{
398 spin_lock_bh(&np->np_thread_lock);
399 if (tpg && tpg_np) {
400
401
402
403
404
405 if (tpg_np->tpg_np->np_login_tpg != tpg) {
406 spin_unlock_bh(&np->np_thread_lock);
407 return 0;
408 }
409 }
410 if (np->np_thread_state == ISCSI_NP_THREAD_INACTIVE) {
411 spin_unlock_bh(&np->np_thread_lock);
412 return 0;
413 }
414 np->np_thread_state = ISCSI_NP_THREAD_RESET;
415
416 if (np->np_thread) {
417 spin_unlock_bh(&np->np_thread_lock);
418 send_sig(SIGINT, np->np_thread, 1);
419 wait_for_completion(&np->np_restart_comp);
420 spin_lock_bh(&np->np_thread_lock);
421 }
422 spin_unlock_bh(&np->np_thread_lock);
423
424 return 0;
425}
426
427int iscsit_del_np_comm(struct iscsi_np *np)
428{
429 if (!np->np_socket)
430 return 0;
431
432
433
434
435
436 if (np->np_flags & NPF_SCTP_STRUCT_FILE) {
437 kfree(np->np_socket->file);
438 np->np_socket->file = NULL;
439 }
440
441 sock_release(np->np_socket);
442 return 0;
443}
444
445int iscsit_del_np(struct iscsi_np *np)
446{
447 spin_lock_bh(&np->np_thread_lock);
448 np->np_exports--;
449 if (np->np_exports) {
450 spin_unlock_bh(&np->np_thread_lock);
451 return 0;
452 }
453 np->np_thread_state = ISCSI_NP_THREAD_SHUTDOWN;
454 spin_unlock_bh(&np->np_thread_lock);
455
456 if (np->np_thread) {
457
458
459
460
461 send_sig(SIGINT, np->np_thread, 1);
462 kthread_stop(np->np_thread);
463 }
464 iscsit_del_np_comm(np);
465
466 spin_lock_bh(&np_lock);
467 list_del(&np->np_list);
468 spin_unlock_bh(&np_lock);
469
470 pr_debug("CORE[0] - Removed Network Portal: %s:%hu on %s\n",
471 np->np_ip, np->np_port, (np->np_network_transport == ISCSI_TCP) ?
472 "TCP" : "SCTP");
473
474 kfree(np);
475 return 0;
476}
477
478static int __init iscsi_target_init_module(void)
479{
480 int ret = 0;
481
482 pr_debug("iSCSI-Target "ISCSIT_VERSION"\n");
483
484 iscsit_global = kzalloc(sizeof(struct iscsit_global), GFP_KERNEL);
485 if (!iscsit_global) {
486 pr_err("Unable to allocate memory for iscsit_global\n");
487 return -1;
488 }
489 mutex_init(&auth_id_lock);
490 spin_lock_init(&sess_idr_lock);
491 idr_init(&tiqn_idr);
492 idr_init(&sess_idr);
493
494 ret = iscsi_target_register_configfs();
495 if (ret < 0)
496 goto out;
497
498 ret = iscsi_thread_set_init();
499 if (ret < 0)
500 goto configfs_out;
501
502 if (iscsi_allocate_thread_sets(TARGET_THREAD_SET_COUNT) !=
503 TARGET_THREAD_SET_COUNT) {
504 pr_err("iscsi_allocate_thread_sets() returned"
505 " unexpected value!\n");
506 goto ts_out1;
507 }
508
509 lio_cmd_cache = kmem_cache_create("lio_cmd_cache",
510 sizeof(struct iscsi_cmd), __alignof__(struct iscsi_cmd),
511 0, NULL);
512 if (!lio_cmd_cache) {
513 pr_err("Unable to kmem_cache_create() for"
514 " lio_cmd_cache\n");
515 goto ts_out2;
516 }
517
518 lio_qr_cache = kmem_cache_create("lio_qr_cache",
519 sizeof(struct iscsi_queue_req),
520 __alignof__(struct iscsi_queue_req), 0, NULL);
521 if (!lio_qr_cache) {
522 pr_err("nable to kmem_cache_create() for"
523 " lio_qr_cache\n");
524 goto cmd_out;
525 }
526
527 lio_dr_cache = kmem_cache_create("lio_dr_cache",
528 sizeof(struct iscsi_datain_req),
529 __alignof__(struct iscsi_datain_req), 0, NULL);
530 if (!lio_dr_cache) {
531 pr_err("Unable to kmem_cache_create() for"
532 " lio_dr_cache\n");
533 goto qr_out;
534 }
535
536 lio_ooo_cache = kmem_cache_create("lio_ooo_cache",
537 sizeof(struct iscsi_ooo_cmdsn),
538 __alignof__(struct iscsi_ooo_cmdsn), 0, NULL);
539 if (!lio_ooo_cache) {
540 pr_err("Unable to kmem_cache_create() for"
541 " lio_ooo_cache\n");
542 goto dr_out;
543 }
544
545 lio_r2t_cache = kmem_cache_create("lio_r2t_cache",
546 sizeof(struct iscsi_r2t), __alignof__(struct iscsi_r2t),
547 0, NULL);
548 if (!lio_r2t_cache) {
549 pr_err("Unable to kmem_cache_create() for"
550 " lio_r2t_cache\n");
551 goto ooo_out;
552 }
553
554 if (iscsit_load_discovery_tpg() < 0)
555 goto r2t_out;
556
557 return ret;
558r2t_out:
559 kmem_cache_destroy(lio_r2t_cache);
560ooo_out:
561 kmem_cache_destroy(lio_ooo_cache);
562dr_out:
563 kmem_cache_destroy(lio_dr_cache);
564qr_out:
565 kmem_cache_destroy(lio_qr_cache);
566cmd_out:
567 kmem_cache_destroy(lio_cmd_cache);
568ts_out2:
569 iscsi_deallocate_thread_sets();
570ts_out1:
571 iscsi_thread_set_free();
572configfs_out:
573 iscsi_target_deregister_configfs();
574out:
575 kfree(iscsit_global);
576 return -ENOMEM;
577}
578
579static void __exit iscsi_target_cleanup_module(void)
580{
581 iscsi_deallocate_thread_sets();
582 iscsi_thread_set_free();
583 iscsit_release_discovery_tpg();
584 kmem_cache_destroy(lio_cmd_cache);
585 kmem_cache_destroy(lio_qr_cache);
586 kmem_cache_destroy(lio_dr_cache);
587 kmem_cache_destroy(lio_ooo_cache);
588 kmem_cache_destroy(lio_r2t_cache);
589
590 iscsi_target_deregister_configfs();
591
592 kfree(iscsit_global);
593}
594
595int iscsit_add_reject(
596 u8 reason,
597 int fail_conn,
598 unsigned char *buf,
599 struct iscsi_conn *conn)
600{
601 struct iscsi_cmd *cmd;
602 struct iscsi_reject *hdr;
603 int ret;
604
605 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
606 if (!cmd)
607 return -1;
608
609 cmd->iscsi_opcode = ISCSI_OP_REJECT;
610 if (fail_conn)
611 cmd->cmd_flags |= ICF_REJECT_FAIL_CONN;
612
613 hdr = (struct iscsi_reject *) cmd->pdu;
614 hdr->reason = reason;
615
616 cmd->buf_ptr = kmemdup(buf, ISCSI_HDR_LEN, GFP_KERNEL);
617 if (!cmd->buf_ptr) {
618 pr_err("Unable to allocate memory for cmd->buf_ptr\n");
619 iscsit_release_cmd(cmd);
620 return -1;
621 }
622
623 spin_lock_bh(&conn->cmd_lock);
624 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
625 spin_unlock_bh(&conn->cmd_lock);
626
627 cmd->i_state = ISTATE_SEND_REJECT;
628 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
629
630 ret = wait_for_completion_interruptible(&cmd->reject_comp);
631 if (ret != 0)
632 return -1;
633
634 return (!fail_conn) ? 0 : -1;
635}
636
637int iscsit_add_reject_from_cmd(
638 u8 reason,
639 int fail_conn,
640 int add_to_conn,
641 unsigned char *buf,
642 struct iscsi_cmd *cmd)
643{
644 struct iscsi_conn *conn;
645 struct iscsi_reject *hdr;
646 int ret;
647
648 if (!cmd->conn) {
649 pr_err("cmd->conn is NULL for ITT: 0x%08x\n",
650 cmd->init_task_tag);
651 return -1;
652 }
653 conn = cmd->conn;
654
655 cmd->iscsi_opcode = ISCSI_OP_REJECT;
656 if (fail_conn)
657 cmd->cmd_flags |= ICF_REJECT_FAIL_CONN;
658
659 hdr = (struct iscsi_reject *) cmd->pdu;
660 hdr->reason = reason;
661
662 cmd->buf_ptr = kmemdup(buf, ISCSI_HDR_LEN, GFP_KERNEL);
663 if (!cmd->buf_ptr) {
664 pr_err("Unable to allocate memory for cmd->buf_ptr\n");
665 iscsit_release_cmd(cmd);
666 return -1;
667 }
668
669 if (add_to_conn) {
670 spin_lock_bh(&conn->cmd_lock);
671 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
672 spin_unlock_bh(&conn->cmd_lock);
673 }
674
675 cmd->i_state = ISTATE_SEND_REJECT;
676 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
677
678 ret = wait_for_completion_interruptible(&cmd->reject_comp);
679 if (ret != 0)
680 return -1;
681
682 return (!fail_conn) ? 0 : -1;
683}
684
685
686
687
688
689
690
691static int iscsit_map_iovec(
692 struct iscsi_cmd *cmd,
693 struct kvec *iov,
694 u32 data_offset,
695 u32 data_length)
696{
697 u32 i = 0;
698 struct scatterlist *sg;
699 unsigned int page_off;
700
701
702
703
704
705 sg = &cmd->t_mem_sg[data_offset / PAGE_SIZE];
706 page_off = (data_offset % PAGE_SIZE);
707
708 cmd->first_data_sg = sg;
709 cmd->first_data_sg_off = page_off;
710
711 while (data_length) {
712 u32 cur_len = min_t(u32, data_length, sg->length - page_off);
713
714 iov[i].iov_base = kmap(sg_page(sg)) + sg->offset + page_off;
715 iov[i].iov_len = cur_len;
716
717 data_length -= cur_len;
718 page_off = 0;
719 sg = sg_next(sg);
720 i++;
721 }
722
723 cmd->kmapped_nents = i;
724
725 return i;
726}
727
728static void iscsit_unmap_iovec(struct iscsi_cmd *cmd)
729{
730 u32 i;
731 struct scatterlist *sg;
732
733 sg = cmd->first_data_sg;
734
735 for (i = 0; i < cmd->kmapped_nents; i++)
736 kunmap(sg_page(&sg[i]));
737}
738
739static void iscsit_ack_from_expstatsn(struct iscsi_conn *conn, u32 exp_statsn)
740{
741 struct iscsi_cmd *cmd;
742
743 conn->exp_statsn = exp_statsn;
744
745 spin_lock_bh(&conn->cmd_lock);
746 list_for_each_entry(cmd, &conn->conn_cmd_list, i_list) {
747 spin_lock(&cmd->istate_lock);
748 if ((cmd->i_state == ISTATE_SENT_STATUS) &&
749 (cmd->stat_sn < exp_statsn)) {
750 cmd->i_state = ISTATE_REMOVE;
751 spin_unlock(&cmd->istate_lock);
752 iscsit_add_cmd_to_immediate_queue(cmd, conn,
753 cmd->i_state);
754 continue;
755 }
756 spin_unlock(&cmd->istate_lock);
757 }
758 spin_unlock_bh(&conn->cmd_lock);
759}
760
761static int iscsit_allocate_iovecs(struct iscsi_cmd *cmd)
762{
763 u32 iov_count = (cmd->se_cmd.t_data_nents == 0) ? 1 :
764 cmd->se_cmd.t_data_nents;
765
766 iov_count += ISCSI_IOV_DATA_BUFFER;
767
768 cmd->iov_data = kzalloc(iov_count * sizeof(struct kvec), GFP_KERNEL);
769 if (!cmd->iov_data) {
770 pr_err("Unable to allocate cmd->iov_data\n");
771 return -ENOMEM;
772 }
773
774 cmd->orig_iov_data_count = iov_count;
775 return 0;
776}
777
778static int iscsit_alloc_buffs(struct iscsi_cmd *cmd)
779{
780 struct scatterlist *sgl;
781 u32 length = cmd->se_cmd.data_length;
782 int nents = DIV_ROUND_UP(length, PAGE_SIZE);
783 int i = 0, j = 0, ret;
784
785
786
787
788 if (!length)
789 return iscsit_allocate_iovecs(cmd);
790
791 sgl = kzalloc(sizeof(*sgl) * nents, GFP_KERNEL);
792 if (!sgl)
793 return -ENOMEM;
794
795 sg_init_table(sgl, nents);
796
797 while (length) {
798 int buf_size = min_t(int, length, PAGE_SIZE);
799 struct page *page;
800
801 page = alloc_page(GFP_KERNEL | __GFP_ZERO);
802 if (!page)
803 goto page_alloc_failed;
804
805 sg_set_page(&sgl[i], page, buf_size, 0);
806
807 length -= buf_size;
808 i++;
809 }
810
811 cmd->t_mem_sg = sgl;
812 cmd->t_mem_sg_nents = nents;
813
814
815
816
817 transport_generic_map_mem_to_cmd(&cmd->se_cmd, sgl, nents, NULL, 0);
818
819
820
821
822 ret = iscsit_allocate_iovecs(cmd);
823 if (ret < 0)
824 return -ENOMEM;
825
826 return 0;
827
828page_alloc_failed:
829 while (j < i)
830 __free_page(sg_page(&sgl[j++]));
831
832 kfree(sgl);
833 return -ENOMEM;
834}
835
836static int iscsit_handle_scsi_cmd(
837 struct iscsi_conn *conn,
838 unsigned char *buf)
839{
840 int data_direction, cmdsn_ret = 0, immed_ret, ret, transport_ret;
841 int dump_immediate_data = 0, send_check_condition = 0, payload_length;
842 struct iscsi_cmd *cmd = NULL;
843 struct iscsi_scsi_req *hdr;
844
845 spin_lock_bh(&conn->sess->session_stats_lock);
846 conn->sess->cmd_pdus++;
847 if (conn->sess->se_sess->se_node_acl) {
848 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock);
849 conn->sess->se_sess->se_node_acl->num_cmds++;
850 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock);
851 }
852 spin_unlock_bh(&conn->sess->session_stats_lock);
853
854 hdr = (struct iscsi_scsi_req *) buf;
855 payload_length = ntoh24(hdr->dlength);
856 hdr->itt = be32_to_cpu(hdr->itt);
857 hdr->data_length = be32_to_cpu(hdr->data_length);
858 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
859 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
860
861
862
863 if (!(hdr->flags & ISCSI_FLAG_CMD_WRITE) &&
864 !(hdr->flags & ISCSI_FLAG_CMD_FINAL)) {
865 pr_err("ISCSI_FLAG_CMD_WRITE & ISCSI_FLAG_CMD_FINAL"
866 " not set. Bad iSCSI Initiator.\n");
867 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
868 buf, conn);
869 }
870
871 if (((hdr->flags & ISCSI_FLAG_CMD_READ) ||
872 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) && !hdr->data_length) {
873
874
875
876
877
878
879 if ((hdr->cdb[0] == 0x16) || (hdr->cdb[0] == 0x17)) {
880 hdr->flags &= ~ISCSI_FLAG_CMD_READ;
881 hdr->flags &= ~ISCSI_FLAG_CMD_WRITE;
882 goto done;
883 }
884
885 pr_err("ISCSI_FLAG_CMD_READ or ISCSI_FLAG_CMD_WRITE"
886 " set when Expected Data Transfer Length is 0 for"
887 " CDB: 0x%02x. Bad iSCSI Initiator.\n", hdr->cdb[0]);
888 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
889 buf, conn);
890 }
891done:
892
893 if (!(hdr->flags & ISCSI_FLAG_CMD_READ) &&
894 !(hdr->flags & ISCSI_FLAG_CMD_WRITE) && (hdr->data_length != 0)) {
895 pr_err("ISCSI_FLAG_CMD_READ and/or ISCSI_FLAG_CMD_WRITE"
896 " MUST be set if Expected Data Transfer Length is not 0."
897 " Bad iSCSI Initiator\n");
898 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
899 buf, conn);
900 }
901
902 if ((hdr->flags & ISCSI_FLAG_CMD_READ) &&
903 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) {
904 pr_err("Bidirectional operations not supported!\n");
905 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
906 buf, conn);
907 }
908
909 if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
910 pr_err("Illegally set Immediate Bit in iSCSI Initiator"
911 " Scsi Command PDU.\n");
912 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
913 buf, conn);
914 }
915
916 if (payload_length && !conn->sess->sess_ops->ImmediateData) {
917 pr_err("ImmediateData=No but DataSegmentLength=%u,"
918 " protocol error.\n", payload_length);
919 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
920 buf, conn);
921 }
922
923 if ((hdr->data_length == payload_length) &&
924 (!(hdr->flags & ISCSI_FLAG_CMD_FINAL))) {
925 pr_err("Expected Data Transfer Length and Length of"
926 " Immediate Data are the same, but ISCSI_FLAG_CMD_FINAL"
927 " bit is not set protocol error\n");
928 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
929 buf, conn);
930 }
931
932 if (payload_length > hdr->data_length) {
933 pr_err("DataSegmentLength: %u is greater than"
934 " EDTL: %u, protocol error.\n", payload_length,
935 hdr->data_length);
936 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
937 buf, conn);
938 }
939
940 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
941 pr_err("DataSegmentLength: %u is greater than"
942 " MaxRecvDataSegmentLength: %u, protocol error.\n",
943 payload_length, conn->conn_ops->MaxRecvDataSegmentLength);
944 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
945 buf, conn);
946 }
947
948 if (payload_length > conn->sess->sess_ops->FirstBurstLength) {
949 pr_err("DataSegmentLength: %u is greater than"
950 " FirstBurstLength: %u, protocol error.\n",
951 payload_length, conn->sess->sess_ops->FirstBurstLength);
952 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_INVALID, 1,
953 buf, conn);
954 }
955
956 data_direction = (hdr->flags & ISCSI_FLAG_CMD_WRITE) ? DMA_TO_DEVICE :
957 (hdr->flags & ISCSI_FLAG_CMD_READ) ? DMA_FROM_DEVICE :
958 DMA_NONE;
959
960 cmd = iscsit_allocate_se_cmd(conn, hdr->data_length, data_direction,
961 (hdr->flags & ISCSI_FLAG_CMD_ATTR_MASK));
962 if (!cmd)
963 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1,
964 buf, conn);
965
966 pr_debug("Got SCSI Command, ITT: 0x%08x, CmdSN: 0x%08x,"
967 " ExpXferLen: %u, Length: %u, CID: %hu\n", hdr->itt,
968 hdr->cmdsn, hdr->data_length, payload_length, conn->cid);
969
970 cmd->iscsi_opcode = ISCSI_OP_SCSI_CMD;
971 cmd->i_state = ISTATE_NEW_CMD;
972 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
973 cmd->immediate_data = (payload_length) ? 1 : 0;
974 cmd->unsolicited_data = ((!(hdr->flags & ISCSI_FLAG_CMD_FINAL) &&
975 (hdr->flags & ISCSI_FLAG_CMD_WRITE)) ? 1 : 0);
976 if (cmd->unsolicited_data)
977 cmd->cmd_flags |= ICF_NON_IMMEDIATE_UNSOLICITED_DATA;
978
979 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
980 if (hdr->flags & ISCSI_FLAG_CMD_READ) {
981 spin_lock_bh(&conn->sess->ttt_lock);
982 cmd->targ_xfer_tag = conn->sess->targ_xfer_tag++;
983 if (cmd->targ_xfer_tag == 0xFFFFFFFF)
984 cmd->targ_xfer_tag = conn->sess->targ_xfer_tag++;
985 spin_unlock_bh(&conn->sess->ttt_lock);
986 } else if (hdr->flags & ISCSI_FLAG_CMD_WRITE)
987 cmd->targ_xfer_tag = 0xFFFFFFFF;
988 cmd->cmd_sn = hdr->cmdsn;
989 cmd->exp_stat_sn = hdr->exp_statsn;
990 cmd->first_burst_len = payload_length;
991
992 if (cmd->data_direction == DMA_FROM_DEVICE) {
993 struct iscsi_datain_req *dr;
994
995 dr = iscsit_allocate_datain_req();
996 if (!dr)
997 return iscsit_add_reject_from_cmd(
998 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
999 1, 1, buf, cmd);
1000
1001 iscsit_attach_datain_req(cmd, dr);
1002 }
1003
1004
1005
1006
1007 ret = iscsit_get_lun_for_cmd(cmd, hdr->cdb,
1008 get_unaligned_le64(&hdr->lun));
1009 if (ret < 0) {
1010 if (cmd->se_cmd.scsi_sense_reason == TCM_NON_EXISTENT_LUN) {
1011 pr_debug("Responding to non-acl'ed,"
1012 " non-existent or non-exported iSCSI LUN:"
1013 " 0x%016Lx\n", get_unaligned_le64(&hdr->lun));
1014 }
1015 send_check_condition = 1;
1016 goto attach_cmd;
1017 }
1018
1019
1020
1021
1022
1023
1024 transport_ret = transport_generic_allocate_tasks(&cmd->se_cmd, hdr->cdb);
1025 if (transport_ret == -ENOMEM) {
1026 return iscsit_add_reject_from_cmd(
1027 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1028 1, 1, buf, cmd);
1029 } else if (transport_ret < 0) {
1030
1031
1032
1033
1034
1035 send_check_condition = 1;
1036 } else {
1037 cmd->data_length = cmd->se_cmd.data_length;
1038
1039 if (iscsit_decide_list_to_build(cmd, payload_length) < 0)
1040 return iscsit_add_reject_from_cmd(
1041 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1042 1, 1, buf, cmd);
1043 }
1044
1045attach_cmd:
1046 spin_lock_bh(&conn->cmd_lock);
1047 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1048 spin_unlock_bh(&conn->cmd_lock);
1049
1050
1051
1052
1053 core_alua_check_nonop_delay(&cmd->se_cmd);
1054
1055
1056
1057
1058 ret = iscsit_alloc_buffs(cmd);
1059 if (ret < 0)
1060 return iscsit_add_reject_from_cmd(
1061 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1062 1, 0, buf, cmd);
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073 if (!cmd->immediate_data) {
1074 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1075 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP)
1076 return 0;
1077 else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1078 return iscsit_add_reject_from_cmd(
1079 ISCSI_REASON_PROTOCOL_ERROR,
1080 1, 0, buf, cmd);
1081 }
1082
1083 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1084
1085
1086
1087
1088 if (!cmd->immediate_data) {
1089 if (send_check_condition)
1090 return 0;
1091
1092 if (cmd->unsolicited_data) {
1093 iscsit_set_dataout_sequence_values(cmd);
1094
1095 spin_lock_bh(&cmd->dataout_timeout_lock);
1096 iscsit_start_dataout_timer(cmd, cmd->conn);
1097 spin_unlock_bh(&cmd->dataout_timeout_lock);
1098 }
1099
1100 return 0;
1101 }
1102
1103
1104
1105
1106
1107
1108 if (send_check_condition) {
1109 immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION;
1110 dump_immediate_data = 1;
1111 goto after_immediate_data;
1112 }
1113
1114
1115
1116
1117 ret = transport_generic_new_cmd(&cmd->se_cmd);
1118 if (ret < 0) {
1119 immed_ret = IMMEDIATE_DATA_NORMAL_OPERATION;
1120 dump_immediate_data = 1;
1121 goto after_immediate_data;
1122 }
1123
1124 immed_ret = iscsit_handle_immediate_data(cmd, buf, payload_length);
1125after_immediate_data:
1126 if (immed_ret == IMMEDIATE_DATA_NORMAL_OPERATION) {
1127
1128
1129
1130
1131
1132 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1133
1134
1135
1136
1137 if (dump_immediate_data) {
1138 if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
1139 return -1;
1140 } else if (cmd->unsolicited_data) {
1141 iscsit_set_dataout_sequence_values(cmd);
1142
1143 spin_lock_bh(&cmd->dataout_timeout_lock);
1144 iscsit_start_dataout_timer(cmd, cmd->conn);
1145 spin_unlock_bh(&cmd->dataout_timeout_lock);
1146 }
1147
1148 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1149 return iscsit_add_reject_from_cmd(
1150 ISCSI_REASON_PROTOCOL_ERROR,
1151 1, 0, buf, cmd);
1152
1153 } else if (immed_ret == IMMEDIATE_DATA_ERL1_CRC_FAILURE) {
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165 cmd->i_state = ISTATE_REMOVE;
1166 iscsit_add_cmd_to_immediate_queue(cmd, conn, cmd->i_state);
1167 } else
1168 return -1;
1169
1170 return 0;
1171}
1172
1173static u32 iscsit_do_crypto_hash_sg(
1174 struct hash_desc *hash,
1175 struct iscsi_cmd *cmd,
1176 u32 data_offset,
1177 u32 data_length,
1178 u32 padding,
1179 u8 *pad_bytes)
1180{
1181 u32 data_crc;
1182 u32 i;
1183 struct scatterlist *sg;
1184 unsigned int page_off;
1185
1186 crypto_hash_init(hash);
1187
1188 sg = cmd->first_data_sg;
1189 page_off = cmd->first_data_sg_off;
1190
1191 i = 0;
1192 while (data_length) {
1193 u32 cur_len = min_t(u32, data_length, (sg[i].length - page_off));
1194
1195 crypto_hash_update(hash, &sg[i], cur_len);
1196
1197 data_length -= cur_len;
1198 page_off = 0;
1199 i++;
1200 }
1201
1202 if (padding) {
1203 struct scatterlist pad_sg;
1204
1205 sg_init_one(&pad_sg, pad_bytes, padding);
1206 crypto_hash_update(hash, &pad_sg, padding);
1207 }
1208 crypto_hash_final(hash, (u8 *) &data_crc);
1209
1210 return data_crc;
1211}
1212
1213static void iscsit_do_crypto_hash_buf(
1214 struct hash_desc *hash,
1215 unsigned char *buf,
1216 u32 payload_length,
1217 u32 padding,
1218 u8 *pad_bytes,
1219 u8 *data_crc)
1220{
1221 struct scatterlist sg;
1222
1223 crypto_hash_init(hash);
1224
1225 sg_init_one(&sg, buf, payload_length);
1226 crypto_hash_update(hash, &sg, payload_length);
1227
1228 if (padding) {
1229 sg_init_one(&sg, pad_bytes, padding);
1230 crypto_hash_update(hash, &sg, padding);
1231 }
1232 crypto_hash_final(hash, data_crc);
1233}
1234
1235static int iscsit_handle_data_out(struct iscsi_conn *conn, unsigned char *buf)
1236{
1237 int iov_ret, ooo_cmdsn = 0, ret;
1238 u8 data_crc_failed = 0;
1239 u32 checksum, iov_count = 0, padding = 0, rx_got = 0;
1240 u32 rx_size = 0, payload_length;
1241 struct iscsi_cmd *cmd = NULL;
1242 struct se_cmd *se_cmd;
1243 struct iscsi_data *hdr;
1244 struct kvec *iov;
1245 unsigned long flags;
1246
1247 hdr = (struct iscsi_data *) buf;
1248 payload_length = ntoh24(hdr->dlength);
1249 hdr->itt = be32_to_cpu(hdr->itt);
1250 hdr->ttt = be32_to_cpu(hdr->ttt);
1251 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1252 hdr->datasn = be32_to_cpu(hdr->datasn);
1253 hdr->offset = be32_to_cpu(hdr->offset);
1254
1255 if (!payload_length) {
1256 pr_err("DataOUT payload is ZERO, protocol error.\n");
1257 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1258 buf, conn);
1259 }
1260
1261
1262 spin_lock_bh(&conn->sess->session_stats_lock);
1263 conn->sess->rx_data_octets += payload_length;
1264 if (conn->sess->se_sess->se_node_acl) {
1265 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock);
1266 conn->sess->se_sess->se_node_acl->write_bytes += payload_length;
1267 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock);
1268 }
1269 spin_unlock_bh(&conn->sess->session_stats_lock);
1270
1271 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
1272 pr_err("DataSegmentLength: %u is greater than"
1273 " MaxRecvDataSegmentLength: %u\n", payload_length,
1274 conn->conn_ops->MaxRecvDataSegmentLength);
1275 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1276 buf, conn);
1277 }
1278
1279 cmd = iscsit_find_cmd_from_itt_or_dump(conn, hdr->itt,
1280 payload_length);
1281 if (!cmd)
1282 return 0;
1283
1284 pr_debug("Got DataOut ITT: 0x%08x, TTT: 0x%08x,"
1285 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n",
1286 hdr->itt, hdr->ttt, hdr->datasn, hdr->offset,
1287 payload_length, conn->cid);
1288
1289 if (cmd->cmd_flags & ICF_GOT_LAST_DATAOUT) {
1290 pr_err("Command ITT: 0x%08x received DataOUT after"
1291 " last DataOUT received, dumping payload\n",
1292 cmd->init_task_tag);
1293 return iscsit_dump_data_payload(conn, payload_length, 1);
1294 }
1295
1296 if (cmd->data_direction != DMA_TO_DEVICE) {
1297 pr_err("Command ITT: 0x%08x received DataOUT for a"
1298 " NON-WRITE command.\n", cmd->init_task_tag);
1299 return iscsit_add_reject_from_cmd(ISCSI_REASON_PROTOCOL_ERROR,
1300 1, 0, buf, cmd);
1301 }
1302 se_cmd = &cmd->se_cmd;
1303 iscsit_mod_dataout_timer(cmd);
1304
1305 if ((hdr->offset + payload_length) > cmd->data_length) {
1306 pr_err("DataOut Offset: %u, Length %u greater than"
1307 " iSCSI Command EDTL %u, protocol error.\n",
1308 hdr->offset, payload_length, cmd->data_length);
1309 return iscsit_add_reject_from_cmd(ISCSI_REASON_BOOKMARK_INVALID,
1310 1, 0, buf, cmd);
1311 }
1312
1313 if (cmd->unsolicited_data) {
1314 int dump_unsolicited_data = 0;
1315
1316 if (conn->sess->sess_ops->InitialR2T) {
1317 pr_err("Received unexpected unsolicited data"
1318 " while InitialR2T=Yes, protocol error.\n");
1319 transport_send_check_condition_and_sense(&cmd->se_cmd,
1320 TCM_UNEXPECTED_UNSOLICITED_DATA, 0);
1321 return -1;
1322 }
1323
1324
1325
1326
1327
1328
1329
1330 spin_lock_irqsave(&se_cmd->t_state_lock, flags);
1331 WARN_ON(se_cmd->t_state != TRANSPORT_WRITE_PENDING);
1332 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags);
1333
1334 spin_lock_irqsave(&se_cmd->t_state_lock, flags);
1335 if (!(se_cmd->se_cmd_flags & SCF_SUPPORTED_SAM_OPCODE) ||
1336 (se_cmd->se_cmd_flags & SCF_SCSI_CDB_EXCEPTION))
1337 dump_unsolicited_data = 1;
1338 spin_unlock_irqrestore(&se_cmd->t_state_lock, flags);
1339
1340 if (dump_unsolicited_data) {
1341
1342
1343
1344
1345
1346 if (hdr->flags & ISCSI_FLAG_CMD_FINAL)
1347 iscsit_stop_dataout_timer(cmd);
1348
1349 transport_check_aborted_status(se_cmd,
1350 (hdr->flags & ISCSI_FLAG_CMD_FINAL));
1351 return iscsit_dump_data_payload(conn, payload_length, 1);
1352 }
1353 } else {
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364 if (atomic_read(&se_cmd->t_transport_aborted) != 0) {
1365 if (hdr->flags & ISCSI_FLAG_CMD_FINAL)
1366 if (--cmd->outstanding_r2ts < 1) {
1367 iscsit_stop_dataout_timer(cmd);
1368 transport_check_aborted_status(
1369 se_cmd, 1);
1370 }
1371
1372 return iscsit_dump_data_payload(conn, payload_length, 1);
1373 }
1374 }
1375
1376
1377
1378
1379 ret = iscsit_check_pre_dataout(cmd, buf);
1380 if (ret == DATAOUT_WITHIN_COMMAND_RECOVERY)
1381 return 0;
1382 else if (ret == DATAOUT_CANNOT_RECOVER)
1383 return -1;
1384
1385 rx_size += payload_length;
1386 iov = &cmd->iov_data[0];
1387
1388 iov_ret = iscsit_map_iovec(cmd, iov, hdr->offset, payload_length);
1389 if (iov_ret < 0)
1390 return -1;
1391
1392 iov_count += iov_ret;
1393
1394 padding = ((-payload_length) & 3);
1395 if (padding != 0) {
1396 iov[iov_count].iov_base = cmd->pad_bytes;
1397 iov[iov_count++].iov_len = padding;
1398 rx_size += padding;
1399 pr_debug("Receiving %u padding bytes.\n", padding);
1400 }
1401
1402 if (conn->conn_ops->DataDigest) {
1403 iov[iov_count].iov_base = &checksum;
1404 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
1405 rx_size += ISCSI_CRC_LEN;
1406 }
1407
1408 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size);
1409
1410 iscsit_unmap_iovec(cmd);
1411
1412 if (rx_got != rx_size)
1413 return -1;
1414
1415 if (conn->conn_ops->DataDigest) {
1416 u32 data_crc;
1417
1418 data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd,
1419 hdr->offset, payload_length, padding,
1420 cmd->pad_bytes);
1421
1422 if (checksum != data_crc) {
1423 pr_err("ITT: 0x%08x, Offset: %u, Length: %u,"
1424 " DataSN: 0x%08x, CRC32C DataDigest 0x%08x"
1425 " does not match computed 0x%08x\n",
1426 hdr->itt, hdr->offset, payload_length,
1427 hdr->datasn, checksum, data_crc);
1428 data_crc_failed = 1;
1429 } else {
1430 pr_debug("Got CRC32C DataDigest 0x%08x for"
1431 " %u bytes of Data Out\n", checksum,
1432 payload_length);
1433 }
1434 }
1435
1436
1437
1438
1439 ret = iscsit_check_post_dataout(cmd, buf, data_crc_failed);
1440 if ((ret == DATAOUT_NORMAL) || (ret == DATAOUT_WITHIN_COMMAND_RECOVERY))
1441 return 0;
1442 else if (ret == DATAOUT_SEND_R2T) {
1443 iscsit_set_dataout_sequence_values(cmd);
1444 iscsit_build_r2ts_for_cmd(cmd, conn, 0);
1445 } else if (ret == DATAOUT_SEND_TO_TRANSPORT) {
1446
1447
1448
1449
1450 spin_lock_bh(&cmd->istate_lock);
1451 ooo_cmdsn = (cmd->cmd_flags & ICF_OOO_CMDSN);
1452 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT;
1453 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT;
1454 spin_unlock_bh(&cmd->istate_lock);
1455
1456 iscsit_stop_dataout_timer(cmd);
1457 return (!ooo_cmdsn) ? transport_generic_handle_data(
1458 &cmd->se_cmd) : 0;
1459 } else
1460 return -1;
1461
1462 return 0;
1463}
1464
1465static int iscsit_handle_nop_out(
1466 struct iscsi_conn *conn,
1467 unsigned char *buf)
1468{
1469 unsigned char *ping_data = NULL;
1470 int cmdsn_ret, niov = 0, ret = 0, rx_got, rx_size;
1471 u32 checksum, data_crc, padding = 0, payload_length;
1472 u64 lun;
1473 struct iscsi_cmd *cmd = NULL;
1474 struct kvec *iov = NULL;
1475 struct iscsi_nopout *hdr;
1476
1477 hdr = (struct iscsi_nopout *) buf;
1478 payload_length = ntoh24(hdr->dlength);
1479 lun = get_unaligned_le64(&hdr->lun);
1480 hdr->itt = be32_to_cpu(hdr->itt);
1481 hdr->ttt = be32_to_cpu(hdr->ttt);
1482 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
1483 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1484
1485 if ((hdr->itt == 0xFFFFFFFF) && !(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1486 pr_err("NOPOUT ITT is reserved, but Immediate Bit is"
1487 " not set, protocol error.\n");
1488 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1489 buf, conn);
1490 }
1491
1492 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
1493 pr_err("NOPOUT Ping Data DataSegmentLength: %u is"
1494 " greater than MaxRecvDataSegmentLength: %u, protocol"
1495 " error.\n", payload_length,
1496 conn->conn_ops->MaxRecvDataSegmentLength);
1497 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1498 buf, conn);
1499 }
1500
1501 pr_debug("Got NOPOUT Ping %s ITT: 0x%08x, TTT: 0x%09x,"
1502 " CmdSN: 0x%08x, ExpStatSN: 0x%08x, Length: %u\n",
1503 (hdr->itt == 0xFFFFFFFF) ? "Response" : "Request",
1504 hdr->itt, hdr->ttt, hdr->cmdsn, hdr->exp_statsn,
1505 payload_length);
1506
1507
1508
1509
1510
1511
1512
1513 if (hdr->ttt == 0xFFFFFFFF) {
1514 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
1515 if (!cmd)
1516 return iscsit_add_reject(
1517 ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1518 1, buf, conn);
1519
1520 cmd->iscsi_opcode = ISCSI_OP_NOOP_OUT;
1521 cmd->i_state = ISTATE_SEND_NOPIN;
1522 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ?
1523 1 : 0);
1524 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
1525 cmd->targ_xfer_tag = 0xFFFFFFFF;
1526 cmd->cmd_sn = hdr->cmdsn;
1527 cmd->exp_stat_sn = hdr->exp_statsn;
1528 cmd->data_direction = DMA_NONE;
1529 }
1530
1531 if (payload_length && (hdr->ttt == 0xFFFFFFFF)) {
1532 rx_size = payload_length;
1533 ping_data = kzalloc(payload_length + 1, GFP_KERNEL);
1534 if (!ping_data) {
1535 pr_err("Unable to allocate memory for"
1536 " NOPOUT ping data.\n");
1537 ret = -1;
1538 goto out;
1539 }
1540
1541 iov = &cmd->iov_misc[0];
1542 iov[niov].iov_base = ping_data;
1543 iov[niov++].iov_len = payload_length;
1544
1545 padding = ((-payload_length) & 3);
1546 if (padding != 0) {
1547 pr_debug("Receiving %u additional bytes"
1548 " for padding.\n", padding);
1549 iov[niov].iov_base = &cmd->pad_bytes;
1550 iov[niov++].iov_len = padding;
1551 rx_size += padding;
1552 }
1553 if (conn->conn_ops->DataDigest) {
1554 iov[niov].iov_base = &checksum;
1555 iov[niov++].iov_len = ISCSI_CRC_LEN;
1556 rx_size += ISCSI_CRC_LEN;
1557 }
1558
1559 rx_got = rx_data(conn, &cmd->iov_misc[0], niov, rx_size);
1560 if (rx_got != rx_size) {
1561 ret = -1;
1562 goto out;
1563 }
1564
1565 if (conn->conn_ops->DataDigest) {
1566 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
1567 ping_data, payload_length,
1568 padding, cmd->pad_bytes,
1569 (u8 *)&data_crc);
1570
1571 if (checksum != data_crc) {
1572 pr_err("Ping data CRC32C DataDigest"
1573 " 0x%08x does not match computed 0x%08x\n",
1574 checksum, data_crc);
1575 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
1576 pr_err("Unable to recover from"
1577 " NOPOUT Ping DataCRC failure while in"
1578 " ERL=0.\n");
1579 ret = -1;
1580 goto out;
1581 } else {
1582
1583
1584
1585
1586 pr_debug("Dropping NOPOUT"
1587 " Command CmdSN: 0x%08x due to"
1588 " DataCRC error.\n", hdr->cmdsn);
1589 ret = 0;
1590 goto out;
1591 }
1592 } else {
1593 pr_debug("Got CRC32C DataDigest"
1594 " 0x%08x for %u bytes of ping data.\n",
1595 checksum, payload_length);
1596 }
1597 }
1598
1599 ping_data[payload_length] = '\0';
1600
1601
1602
1603 cmd->buf_ptr = ping_data;
1604 cmd->buf_ptr_size = payload_length;
1605
1606 pr_debug("Got %u bytes of NOPOUT ping"
1607 " data.\n", payload_length);
1608 pr_debug("Ping Data: \"%s\"\n", ping_data);
1609 }
1610
1611 if (hdr->itt != 0xFFFFFFFF) {
1612 if (!cmd) {
1613 pr_err("Checking CmdSN for NOPOUT,"
1614 " but cmd is NULL!\n");
1615 return -1;
1616 }
1617
1618
1619
1620 spin_lock_bh(&conn->cmd_lock);
1621 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1622 spin_unlock_bh(&conn->cmd_lock);
1623
1624 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1625
1626 if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
1627 iscsit_add_cmd_to_response_queue(cmd, conn,
1628 cmd->i_state);
1629 return 0;
1630 }
1631
1632 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1633 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) {
1634 ret = 0;
1635 goto ping_out;
1636 }
1637 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1638 return iscsit_add_reject_from_cmd(
1639 ISCSI_REASON_PROTOCOL_ERROR,
1640 1, 0, buf, cmd);
1641
1642 return 0;
1643 }
1644
1645 if (hdr->ttt != 0xFFFFFFFF) {
1646
1647
1648
1649 cmd = iscsit_find_cmd_from_ttt(conn, hdr->ttt);
1650 if (!cmd)
1651 return -1;
1652
1653 iscsit_stop_nopin_response_timer(conn);
1654
1655 cmd->i_state = ISTATE_REMOVE;
1656 iscsit_add_cmd_to_immediate_queue(cmd, conn, cmd->i_state);
1657 iscsit_start_nopin_timer(conn);
1658 } else {
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668 ret = 0;
1669 goto out;
1670 }
1671
1672 return 0;
1673out:
1674 if (cmd)
1675 iscsit_release_cmd(cmd);
1676ping_out:
1677 kfree(ping_data);
1678 return ret;
1679}
1680
1681static int iscsit_handle_task_mgt_cmd(
1682 struct iscsi_conn *conn,
1683 unsigned char *buf)
1684{
1685 struct iscsi_cmd *cmd;
1686 struct se_tmr_req *se_tmr;
1687 struct iscsi_tmr_req *tmr_req;
1688 struct iscsi_tm *hdr;
1689 u32 payload_length;
1690 int out_of_order_cmdsn = 0;
1691 int ret;
1692 u8 function;
1693
1694 hdr = (struct iscsi_tm *) buf;
1695 payload_length = ntoh24(hdr->dlength);
1696 hdr->itt = be32_to_cpu(hdr->itt);
1697 hdr->rtt = be32_to_cpu(hdr->rtt);
1698 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
1699 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1700 hdr->refcmdsn = be32_to_cpu(hdr->refcmdsn);
1701 hdr->exp_datasn = be32_to_cpu(hdr->exp_datasn);
1702 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL;
1703 function = hdr->flags;
1704
1705 pr_debug("Got Task Management Request ITT: 0x%08x, CmdSN:"
1706 " 0x%08x, Function: 0x%02x, RefTaskTag: 0x%08x, RefCmdSN:"
1707 " 0x%08x, CID: %hu\n", hdr->itt, hdr->cmdsn, function,
1708 hdr->rtt, hdr->refcmdsn, conn->cid);
1709
1710 if ((function != ISCSI_TM_FUNC_ABORT_TASK) &&
1711 ((function != ISCSI_TM_FUNC_TASK_REASSIGN) &&
1712 (hdr->rtt != ISCSI_RESERVED_TAG))) {
1713 pr_err("RefTaskTag should be set to 0xFFFFFFFF.\n");
1714 hdr->rtt = ISCSI_RESERVED_TAG;
1715 }
1716
1717 if ((function == ISCSI_TM_FUNC_TASK_REASSIGN) &&
1718 !(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1719 pr_err("Task Management Request TASK_REASSIGN not"
1720 " issued as immediate command, bad iSCSI Initiator"
1721 "implementation\n");
1722 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1723 buf, conn);
1724 }
1725 if ((function != ISCSI_TM_FUNC_ABORT_TASK) &&
1726 (hdr->refcmdsn != ISCSI_RESERVED_TAG))
1727 hdr->refcmdsn = ISCSI_RESERVED_TAG;
1728
1729 cmd = iscsit_allocate_se_cmd_for_tmr(conn, function);
1730 if (!cmd)
1731 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1732 1, buf, conn);
1733
1734 cmd->iscsi_opcode = ISCSI_OP_SCSI_TMFUNC;
1735 cmd->i_state = ISTATE_SEND_TASKMGTRSP;
1736 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
1737 cmd->init_task_tag = hdr->itt;
1738 cmd->targ_xfer_tag = 0xFFFFFFFF;
1739 cmd->cmd_sn = hdr->cmdsn;
1740 cmd->exp_stat_sn = hdr->exp_statsn;
1741 se_tmr = cmd->se_cmd.se_tmr_req;
1742 tmr_req = cmd->tmr_req;
1743
1744
1745
1746 if (function != ISCSI_TM_FUNC_TASK_REASSIGN) {
1747 ret = iscsit_get_lun_for_tmr(cmd,
1748 get_unaligned_le64(&hdr->lun));
1749 if (ret < 0) {
1750 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1751 se_tmr->response = ISCSI_TMF_RSP_NO_LUN;
1752 goto attach;
1753 }
1754 }
1755
1756 switch (function) {
1757 case ISCSI_TM_FUNC_ABORT_TASK:
1758 se_tmr->response = iscsit_tmr_abort_task(cmd, buf);
1759 if (se_tmr->response != ISCSI_TMF_RSP_COMPLETE) {
1760 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1761 goto attach;
1762 }
1763 break;
1764 case ISCSI_TM_FUNC_ABORT_TASK_SET:
1765 case ISCSI_TM_FUNC_CLEAR_ACA:
1766 case ISCSI_TM_FUNC_CLEAR_TASK_SET:
1767 case ISCSI_TM_FUNC_LOGICAL_UNIT_RESET:
1768 break;
1769 case ISCSI_TM_FUNC_TARGET_WARM_RESET:
1770 if (iscsit_tmr_task_warm_reset(conn, tmr_req, buf) < 0) {
1771 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1772 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED;
1773 goto attach;
1774 }
1775 break;
1776 case ISCSI_TM_FUNC_TARGET_COLD_RESET:
1777 if (iscsit_tmr_task_cold_reset(conn, tmr_req, buf) < 0) {
1778 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1779 se_tmr->response = ISCSI_TMF_RSP_AUTH_FAILED;
1780 goto attach;
1781 }
1782 break;
1783 case ISCSI_TM_FUNC_TASK_REASSIGN:
1784 se_tmr->response = iscsit_tmr_task_reassign(cmd, buf);
1785
1786
1787
1788
1789 if (se_tmr->response != ISCSI_TMF_RSP_COMPLETE)
1790 break;
1791
1792 if (iscsit_check_task_reassign_expdatasn(tmr_req, conn) < 0)
1793 return iscsit_add_reject_from_cmd(
1794 ISCSI_REASON_BOOKMARK_INVALID, 1, 1,
1795 buf, cmd);
1796 break;
1797 default:
1798 pr_err("Unknown TMR function: 0x%02x, protocol"
1799 " error.\n", function);
1800 cmd->se_cmd.se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION;
1801 se_tmr->response = ISCSI_TMF_RSP_NOT_SUPPORTED;
1802 goto attach;
1803 }
1804
1805 if ((function != ISCSI_TM_FUNC_TASK_REASSIGN) &&
1806 (se_tmr->response == ISCSI_TMF_RSP_COMPLETE))
1807 se_tmr->call_transport = 1;
1808attach:
1809 spin_lock_bh(&conn->cmd_lock);
1810 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1811 spin_unlock_bh(&conn->cmd_lock);
1812
1813 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1814 int cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1815 if (cmdsn_ret == CMDSN_HIGHER_THAN_EXP)
1816 out_of_order_cmdsn = 1;
1817 else if (cmdsn_ret == CMDSN_LOWER_THAN_EXP)
1818 return 0;
1819 else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1820 return iscsit_add_reject_from_cmd(
1821 ISCSI_REASON_PROTOCOL_ERROR,
1822 1, 0, buf, cmd);
1823 }
1824 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1825
1826 if (out_of_order_cmdsn || !(hdr->opcode & ISCSI_OP_IMMEDIATE))
1827 return 0;
1828
1829
1830
1831 if (se_tmr->call_transport)
1832 return transport_generic_handle_tmr(&cmd->se_cmd);
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
1843 return 0;
1844}
1845
1846
1847static int iscsit_handle_text_cmd(
1848 struct iscsi_conn *conn,
1849 unsigned char *buf)
1850{
1851 char *text_ptr, *text_in;
1852 int cmdsn_ret, niov = 0, rx_got, rx_size;
1853 u32 checksum = 0, data_crc = 0, payload_length;
1854 u32 padding = 0, pad_bytes = 0, text_length = 0;
1855 struct iscsi_cmd *cmd;
1856 struct kvec iov[3];
1857 struct iscsi_text *hdr;
1858
1859 hdr = (struct iscsi_text *) buf;
1860 payload_length = ntoh24(hdr->dlength);
1861 hdr->itt = be32_to_cpu(hdr->itt);
1862 hdr->ttt = be32_to_cpu(hdr->ttt);
1863 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
1864 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
1865
1866 if (payload_length > conn->conn_ops->MaxRecvDataSegmentLength) {
1867 pr_err("Unable to accept text parameter length: %u"
1868 "greater than MaxRecvDataSegmentLength %u.\n",
1869 payload_length, conn->conn_ops->MaxRecvDataSegmentLength);
1870 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
1871 buf, conn);
1872 }
1873
1874 pr_debug("Got Text Request: ITT: 0x%08x, CmdSN: 0x%08x,"
1875 " ExpStatSN: 0x%08x, Length: %u\n", hdr->itt, hdr->cmdsn,
1876 hdr->exp_statsn, payload_length);
1877
1878 rx_size = text_length = payload_length;
1879 if (text_length) {
1880 text_in = kzalloc(text_length, GFP_KERNEL);
1881 if (!text_in) {
1882 pr_err("Unable to allocate memory for"
1883 " incoming text parameters\n");
1884 return -1;
1885 }
1886
1887 memset(iov, 0, 3 * sizeof(struct kvec));
1888 iov[niov].iov_base = text_in;
1889 iov[niov++].iov_len = text_length;
1890
1891 padding = ((-payload_length) & 3);
1892 if (padding != 0) {
1893 iov[niov].iov_base = &pad_bytes;
1894 iov[niov++].iov_len = padding;
1895 rx_size += padding;
1896 pr_debug("Receiving %u additional bytes"
1897 " for padding.\n", padding);
1898 }
1899 if (conn->conn_ops->DataDigest) {
1900 iov[niov].iov_base = &checksum;
1901 iov[niov++].iov_len = ISCSI_CRC_LEN;
1902 rx_size += ISCSI_CRC_LEN;
1903 }
1904
1905 rx_got = rx_data(conn, &iov[0], niov, rx_size);
1906 if (rx_got != rx_size) {
1907 kfree(text_in);
1908 return -1;
1909 }
1910
1911 if (conn->conn_ops->DataDigest) {
1912 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
1913 text_in, text_length,
1914 padding, (u8 *)&pad_bytes,
1915 (u8 *)&data_crc);
1916
1917 if (checksum != data_crc) {
1918 pr_err("Text data CRC32C DataDigest"
1919 " 0x%08x does not match computed"
1920 " 0x%08x\n", checksum, data_crc);
1921 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
1922 pr_err("Unable to recover from"
1923 " Text Data digest failure while in"
1924 " ERL=0.\n");
1925 kfree(text_in);
1926 return -1;
1927 } else {
1928
1929
1930
1931
1932 pr_debug("Dropping Text"
1933 " Command CmdSN: 0x%08x due to"
1934 " DataCRC error.\n", hdr->cmdsn);
1935 kfree(text_in);
1936 return 0;
1937 }
1938 } else {
1939 pr_debug("Got CRC32C DataDigest"
1940 " 0x%08x for %u bytes of text data.\n",
1941 checksum, text_length);
1942 }
1943 }
1944 text_in[text_length - 1] = '\0';
1945 pr_debug("Successfully read %d bytes of text"
1946 " data.\n", text_length);
1947
1948 if (strncmp("SendTargets", text_in, 11) != 0) {
1949 pr_err("Received Text Data that is not"
1950 " SendTargets, cannot continue.\n");
1951 kfree(text_in);
1952 return -1;
1953 }
1954 text_ptr = strchr(text_in, '=');
1955 if (!text_ptr) {
1956 pr_err("No \"=\" separator found in Text Data,"
1957 " cannot continue.\n");
1958 kfree(text_in);
1959 return -1;
1960 }
1961 if (strncmp("=All", text_ptr, 4) != 0) {
1962 pr_err("Unable to locate All value for"
1963 " SendTargets key, cannot continue.\n");
1964 kfree(text_in);
1965 return -1;
1966 }
1967
1968 kfree(text_in);
1969 }
1970
1971 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
1972 if (!cmd)
1973 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES,
1974 1, buf, conn);
1975
1976 cmd->iscsi_opcode = ISCSI_OP_TEXT;
1977 cmd->i_state = ISTATE_SEND_TEXTRSP;
1978 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
1979 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
1980 cmd->targ_xfer_tag = 0xFFFFFFFF;
1981 cmd->cmd_sn = hdr->cmdsn;
1982 cmd->exp_stat_sn = hdr->exp_statsn;
1983 cmd->data_direction = DMA_NONE;
1984
1985 spin_lock_bh(&conn->cmd_lock);
1986 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
1987 spin_unlock_bh(&conn->cmd_lock);
1988
1989 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
1990
1991 if (!(hdr->opcode & ISCSI_OP_IMMEDIATE)) {
1992 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
1993 if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER)
1994 return iscsit_add_reject_from_cmd(
1995 ISCSI_REASON_PROTOCOL_ERROR,
1996 1, 0, buf, cmd);
1997
1998 return 0;
1999 }
2000
2001 return iscsit_execute_cmd(cmd, 0);
2002}
2003
2004int iscsit_logout_closesession(struct iscsi_cmd *cmd, struct iscsi_conn *conn)
2005{
2006 struct iscsi_conn *conn_p;
2007 struct iscsi_session *sess = conn->sess;
2008
2009 pr_debug("Received logout request CLOSESESSION on CID: %hu"
2010 " for SID: %u.\n", conn->cid, conn->sess->sid);
2011
2012 atomic_set(&sess->session_logout, 1);
2013 atomic_set(&conn->conn_logout_remove, 1);
2014 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_SESSION;
2015
2016 iscsit_inc_conn_usage_count(conn);
2017 iscsit_inc_session_usage_count(sess);
2018
2019 spin_lock_bh(&sess->conn_lock);
2020 list_for_each_entry(conn_p, &sess->sess_conn_list, conn_list) {
2021 if (conn_p->conn_state != TARG_CONN_STATE_LOGGED_IN)
2022 continue;
2023
2024 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n");
2025 conn_p->conn_state = TARG_CONN_STATE_IN_LOGOUT;
2026 }
2027 spin_unlock_bh(&sess->conn_lock);
2028
2029 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2030
2031 return 0;
2032}
2033
2034int iscsit_logout_closeconnection(struct iscsi_cmd *cmd, struct iscsi_conn *conn)
2035{
2036 struct iscsi_conn *l_conn;
2037 struct iscsi_session *sess = conn->sess;
2038
2039 pr_debug("Received logout request CLOSECONNECTION for CID:"
2040 " %hu on CID: %hu.\n", cmd->logout_cid, conn->cid);
2041
2042
2043
2044
2045
2046 if (conn->cid == cmd->logout_cid) {
2047 spin_lock_bh(&conn->state_lock);
2048 pr_debug("Moving to TARG_CONN_STATE_IN_LOGOUT.\n");
2049 conn->conn_state = TARG_CONN_STATE_IN_LOGOUT;
2050
2051 atomic_set(&conn->conn_logout_remove, 1);
2052 conn->conn_logout_reason = ISCSI_LOGOUT_REASON_CLOSE_CONNECTION;
2053 iscsit_inc_conn_usage_count(conn);
2054
2055 spin_unlock_bh(&conn->state_lock);
2056 } else {
2057
2058
2059
2060
2061
2062
2063
2064
2065 l_conn = iscsit_get_conn_from_cid(sess,
2066 cmd->logout_cid);
2067 if (!l_conn) {
2068 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND;
2069 iscsit_add_cmd_to_response_queue(cmd, conn,
2070 cmd->i_state);
2071 return 0;
2072 }
2073
2074 iscsit_dec_conn_usage_count(l_conn);
2075 }
2076
2077 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2078
2079 return 0;
2080}
2081
2082int iscsit_logout_removeconnforrecovery(struct iscsi_cmd *cmd, struct iscsi_conn *conn)
2083{
2084 struct iscsi_session *sess = conn->sess;
2085
2086 pr_debug("Received explicit REMOVECONNFORRECOVERY logout for"
2087 " CID: %hu on CID: %hu.\n", cmd->logout_cid, conn->cid);
2088
2089 if (sess->sess_ops->ErrorRecoveryLevel != 2) {
2090 pr_err("Received Logout Request REMOVECONNFORRECOVERY"
2091 " while ERL!=2.\n");
2092 cmd->logout_response = ISCSI_LOGOUT_RECOVERY_UNSUPPORTED;
2093 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2094 return 0;
2095 }
2096
2097 if (conn->cid == cmd->logout_cid) {
2098 pr_err("Received Logout Request REMOVECONNFORRECOVERY"
2099 " with CID: %hu on CID: %hu, implementation error.\n",
2100 cmd->logout_cid, conn->cid);
2101 cmd->logout_response = ISCSI_LOGOUT_CLEANUP_FAILED;
2102 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2103 return 0;
2104 }
2105
2106 iscsit_add_cmd_to_response_queue(cmd, conn, cmd->i_state);
2107
2108 return 0;
2109}
2110
2111static int iscsit_handle_logout_cmd(
2112 struct iscsi_conn *conn,
2113 unsigned char *buf)
2114{
2115 int cmdsn_ret, logout_remove = 0;
2116 u8 reason_code = 0;
2117 struct iscsi_cmd *cmd;
2118 struct iscsi_logout *hdr;
2119 struct iscsi_tiqn *tiqn = iscsit_snmp_get_tiqn(conn);
2120
2121 hdr = (struct iscsi_logout *) buf;
2122 reason_code = (hdr->flags & 0x7f);
2123 hdr->itt = be32_to_cpu(hdr->itt);
2124 hdr->cid = be16_to_cpu(hdr->cid);
2125 hdr->cmdsn = be32_to_cpu(hdr->cmdsn);
2126 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
2127
2128 if (tiqn) {
2129 spin_lock(&tiqn->logout_stats.lock);
2130 if (reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION)
2131 tiqn->logout_stats.normal_logouts++;
2132 else
2133 tiqn->logout_stats.abnormal_logouts++;
2134 spin_unlock(&tiqn->logout_stats.lock);
2135 }
2136
2137 pr_debug("Got Logout Request ITT: 0x%08x CmdSN: 0x%08x"
2138 " ExpStatSN: 0x%08x Reason: 0x%02x CID: %hu on CID: %hu\n",
2139 hdr->itt, hdr->cmdsn, hdr->exp_statsn, reason_code,
2140 hdr->cid, conn->cid);
2141
2142 if (conn->conn_state != TARG_CONN_STATE_LOGGED_IN) {
2143 pr_err("Received logout request on connection that"
2144 " is not in logged in state, ignoring request.\n");
2145 return 0;
2146 }
2147
2148 cmd = iscsit_allocate_cmd(conn, GFP_KERNEL);
2149 if (!cmd)
2150 return iscsit_add_reject(ISCSI_REASON_BOOKMARK_NO_RESOURCES, 1,
2151 buf, conn);
2152
2153 cmd->iscsi_opcode = ISCSI_OP_LOGOUT;
2154 cmd->i_state = ISTATE_SEND_LOGOUTRSP;
2155 cmd->immediate_cmd = ((hdr->opcode & ISCSI_OP_IMMEDIATE) ? 1 : 0);
2156 conn->sess->init_task_tag = cmd->init_task_tag = hdr->itt;
2157 cmd->targ_xfer_tag = 0xFFFFFFFF;
2158 cmd->cmd_sn = hdr->cmdsn;
2159 cmd->exp_stat_sn = hdr->exp_statsn;
2160 cmd->logout_cid = hdr->cid;
2161 cmd->logout_reason = reason_code;
2162 cmd->data_direction = DMA_NONE;
2163
2164
2165
2166
2167
2168 if ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_SESSION) ||
2169 ((reason_code == ISCSI_LOGOUT_REASON_CLOSE_CONNECTION) &&
2170 (hdr->cid == conn->cid)))
2171 logout_remove = 1;
2172
2173 spin_lock_bh(&conn->cmd_lock);
2174 list_add_tail(&cmd->i_list, &conn->conn_cmd_list);
2175 spin_unlock_bh(&conn->cmd_lock);
2176
2177 if (reason_code != ISCSI_LOGOUT_REASON_RECOVERY)
2178 iscsit_ack_from_expstatsn(conn, hdr->exp_statsn);
2179
2180
2181
2182
2183
2184 if (hdr->opcode & ISCSI_OP_IMMEDIATE) {
2185 int ret = iscsit_execute_cmd(cmd, 0);
2186
2187 if (ret < 0)
2188 return ret;
2189 } else {
2190 cmdsn_ret = iscsit_sequence_cmd(conn, cmd, hdr->cmdsn);
2191 if (cmdsn_ret == CMDSN_LOWER_THAN_EXP) {
2192 logout_remove = 0;
2193 } else if (cmdsn_ret == CMDSN_ERROR_CANNOT_RECOVER) {
2194 return iscsit_add_reject_from_cmd(
2195 ISCSI_REASON_PROTOCOL_ERROR,
2196 1, 0, buf, cmd);
2197 }
2198 }
2199
2200 return logout_remove;
2201}
2202
2203static int iscsit_handle_snack(
2204 struct iscsi_conn *conn,
2205 unsigned char *buf)
2206{
2207 u32 unpacked_lun;
2208 u64 lun;
2209 struct iscsi_snack *hdr;
2210
2211 hdr = (struct iscsi_snack *) buf;
2212 hdr->flags &= ~ISCSI_FLAG_CMD_FINAL;
2213 lun = get_unaligned_le64(&hdr->lun);
2214 unpacked_lun = scsilun_to_int((struct scsi_lun *)&lun);
2215 hdr->itt = be32_to_cpu(hdr->itt);
2216 hdr->ttt = be32_to_cpu(hdr->ttt);
2217 hdr->exp_statsn = be32_to_cpu(hdr->exp_statsn);
2218 hdr->begrun = be32_to_cpu(hdr->begrun);
2219 hdr->runlength = be32_to_cpu(hdr->runlength);
2220
2221 pr_debug("Got ISCSI_INIT_SNACK, ITT: 0x%08x, ExpStatSN:"
2222 " 0x%08x, Type: 0x%02x, BegRun: 0x%08x, RunLength: 0x%08x,"
2223 " CID: %hu\n", hdr->itt, hdr->exp_statsn, hdr->flags,
2224 hdr->begrun, hdr->runlength, conn->cid);
2225
2226 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
2227 pr_err("Initiator sent SNACK request while in"
2228 " ErrorRecoveryLevel=0.\n");
2229 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
2230 buf, conn);
2231 }
2232
2233
2234
2235
2236 switch (hdr->flags & ISCSI_FLAG_SNACK_TYPE_MASK) {
2237 case 0:
2238 return iscsit_handle_recovery_datain_or_r2t(conn, buf,
2239 hdr->itt, hdr->ttt, hdr->begrun, hdr->runlength);
2240 case ISCSI_FLAG_SNACK_TYPE_STATUS:
2241 return iscsit_handle_status_snack(conn, hdr->itt, hdr->ttt,
2242 hdr->begrun, hdr->runlength);
2243 case ISCSI_FLAG_SNACK_TYPE_DATA_ACK:
2244 return iscsit_handle_data_ack(conn, hdr->ttt, hdr->begrun,
2245 hdr->runlength);
2246 case ISCSI_FLAG_SNACK_TYPE_RDATA:
2247
2248 pr_err("R-Data SNACK Not Supported.\n");
2249 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
2250 buf, conn);
2251 default:
2252 pr_err("Unknown SNACK type 0x%02x, protocol"
2253 " error.\n", hdr->flags & 0x0f);
2254 return iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
2255 buf, conn);
2256 }
2257
2258 return 0;
2259}
2260
2261static void iscsit_rx_thread_wait_for_tcp(struct iscsi_conn *conn)
2262{
2263 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) ||
2264 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) {
2265 wait_for_completion_interruptible_timeout(
2266 &conn->rx_half_close_comp,
2267 ISCSI_RX_THREAD_TCP_TIMEOUT * HZ);
2268 }
2269}
2270
2271static int iscsit_handle_immediate_data(
2272 struct iscsi_cmd *cmd,
2273 unsigned char *buf,
2274 u32 length)
2275{
2276 int iov_ret, rx_got = 0, rx_size = 0;
2277 u32 checksum, iov_count = 0, padding = 0;
2278 struct iscsi_conn *conn = cmd->conn;
2279 struct kvec *iov;
2280
2281 iov_ret = iscsit_map_iovec(cmd, cmd->iov_data, cmd->write_data_done, length);
2282 if (iov_ret < 0)
2283 return IMMEDIATE_DATA_CANNOT_RECOVER;
2284
2285 rx_size = length;
2286 iov_count = iov_ret;
2287 iov = &cmd->iov_data[0];
2288
2289 padding = ((-length) & 3);
2290 if (padding != 0) {
2291 iov[iov_count].iov_base = cmd->pad_bytes;
2292 iov[iov_count++].iov_len = padding;
2293 rx_size += padding;
2294 }
2295
2296 if (conn->conn_ops->DataDigest) {
2297 iov[iov_count].iov_base = &checksum;
2298 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
2299 rx_size += ISCSI_CRC_LEN;
2300 }
2301
2302 rx_got = rx_data(conn, &cmd->iov_data[0], iov_count, rx_size);
2303
2304 iscsit_unmap_iovec(cmd);
2305
2306 if (rx_got != rx_size) {
2307 iscsit_rx_thread_wait_for_tcp(conn);
2308 return IMMEDIATE_DATA_CANNOT_RECOVER;
2309 }
2310
2311 if (conn->conn_ops->DataDigest) {
2312 u32 data_crc;
2313
2314 data_crc = iscsit_do_crypto_hash_sg(&conn->conn_rx_hash, cmd,
2315 cmd->write_data_done, length, padding,
2316 cmd->pad_bytes);
2317
2318 if (checksum != data_crc) {
2319 pr_err("ImmediateData CRC32C DataDigest 0x%08x"
2320 " does not match computed 0x%08x\n", checksum,
2321 data_crc);
2322
2323 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
2324 pr_err("Unable to recover from"
2325 " Immediate Data digest failure while"
2326 " in ERL=0.\n");
2327 iscsit_add_reject_from_cmd(
2328 ISCSI_REASON_DATA_DIGEST_ERROR,
2329 1, 0, buf, cmd);
2330 return IMMEDIATE_DATA_CANNOT_RECOVER;
2331 } else {
2332 iscsit_add_reject_from_cmd(
2333 ISCSI_REASON_DATA_DIGEST_ERROR,
2334 0, 0, buf, cmd);
2335 return IMMEDIATE_DATA_ERL1_CRC_FAILURE;
2336 }
2337 } else {
2338 pr_debug("Got CRC32C DataDigest 0x%08x for"
2339 " %u bytes of Immediate Data\n", checksum,
2340 length);
2341 }
2342 }
2343
2344 cmd->write_data_done += length;
2345
2346 if (cmd->write_data_done == cmd->data_length) {
2347 spin_lock_bh(&cmd->istate_lock);
2348 cmd->cmd_flags |= ICF_GOT_LAST_DATAOUT;
2349 cmd->i_state = ISTATE_RECEIVED_LAST_DATAOUT;
2350 spin_unlock_bh(&cmd->istate_lock);
2351 }
2352
2353 return IMMEDIATE_DATA_NORMAL_OPERATION;
2354}
2355
2356
2357
2358
2359
2360
2361static void iscsit_build_conn_drop_async_message(struct iscsi_conn *conn)
2362{
2363 struct iscsi_cmd *cmd;
2364 struct iscsi_conn *conn_p;
2365
2366
2367
2368
2369
2370 list_for_each_entry(conn_p, &conn->sess->sess_conn_list, conn_list) {
2371 if (conn_p->conn_state == TARG_CONN_STATE_LOGGED_IN) {
2372 iscsit_inc_conn_usage_count(conn_p);
2373 break;
2374 }
2375 }
2376
2377 if (!conn_p)
2378 return;
2379
2380 cmd = iscsit_allocate_cmd(conn_p, GFP_KERNEL);
2381 if (!cmd) {
2382 iscsit_dec_conn_usage_count(conn_p);
2383 return;
2384 }
2385
2386 cmd->logout_cid = conn->cid;
2387 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT;
2388 cmd->i_state = ISTATE_SEND_ASYNCMSG;
2389
2390 spin_lock_bh(&conn_p->cmd_lock);
2391 list_add_tail(&cmd->i_list, &conn_p->conn_cmd_list);
2392 spin_unlock_bh(&conn_p->cmd_lock);
2393
2394 iscsit_add_cmd_to_response_queue(cmd, conn_p, cmd->i_state);
2395 iscsit_dec_conn_usage_count(conn_p);
2396}
2397
2398static int iscsit_send_conn_drop_async_message(
2399 struct iscsi_cmd *cmd,
2400 struct iscsi_conn *conn)
2401{
2402 struct iscsi_async *hdr;
2403
2404 cmd->tx_size = ISCSI_HDR_LEN;
2405 cmd->iscsi_opcode = ISCSI_OP_ASYNC_EVENT;
2406
2407 hdr = (struct iscsi_async *) cmd->pdu;
2408 hdr->opcode = ISCSI_OP_ASYNC_EVENT;
2409 hdr->flags = ISCSI_FLAG_CMD_FINAL;
2410 cmd->init_task_tag = 0xFFFFFFFF;
2411 cmd->targ_xfer_tag = 0xFFFFFFFF;
2412 put_unaligned_be64(0xFFFFFFFFFFFFFFFFULL, &hdr->rsvd4[0]);
2413 cmd->stat_sn = conn->stat_sn++;
2414 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2415 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2416 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2417 hdr->async_event = ISCSI_ASYNC_MSG_DROPPING_CONNECTION;
2418 hdr->param1 = cpu_to_be16(cmd->logout_cid);
2419 hdr->param2 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Wait);
2420 hdr->param3 = cpu_to_be16(conn->sess->sess_ops->DefaultTime2Retain);
2421
2422 if (conn->conn_ops->HeaderDigest) {
2423 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2424
2425 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2426 (unsigned char *)hdr, ISCSI_HDR_LEN,
2427 0, NULL, (u8 *)header_digest);
2428
2429 cmd->tx_size += ISCSI_CRC_LEN;
2430 pr_debug("Attaching CRC32C HeaderDigest to"
2431 " Async Message 0x%08x\n", *header_digest);
2432 }
2433
2434 cmd->iov_misc[0].iov_base = cmd->pdu;
2435 cmd->iov_misc[0].iov_len = cmd->tx_size;
2436 cmd->iov_misc_count = 1;
2437
2438 pr_debug("Sending Connection Dropped Async Message StatSN:"
2439 " 0x%08x, for CID: %hu on CID: %hu\n", cmd->stat_sn,
2440 cmd->logout_cid, conn->cid);
2441 return 0;
2442}
2443
2444static int iscsit_send_data_in(
2445 struct iscsi_cmd *cmd,
2446 struct iscsi_conn *conn,
2447 int *eodr)
2448{
2449 int iov_ret = 0, set_statsn = 0;
2450 u32 iov_count = 0, tx_size = 0;
2451 struct iscsi_datain datain;
2452 struct iscsi_datain_req *dr;
2453 struct iscsi_data_rsp *hdr;
2454 struct kvec *iov;
2455
2456 memset(&datain, 0, sizeof(struct iscsi_datain));
2457 dr = iscsit_get_datain_values(cmd, &datain);
2458 if (!dr) {
2459 pr_err("iscsit_get_datain_values failed for ITT: 0x%08x\n",
2460 cmd->init_task_tag);
2461 return -1;
2462 }
2463
2464
2465
2466
2467 if ((datain.offset + datain.length) > cmd->data_length) {
2468 pr_err("Command ITT: 0x%08x, datain.offset: %u and"
2469 " datain.length: %u exceeds cmd->data_length: %u\n",
2470 cmd->init_task_tag, datain.offset, datain.length,
2471 cmd->data_length);
2472 return -1;
2473 }
2474
2475 spin_lock_bh(&conn->sess->session_stats_lock);
2476 conn->sess->tx_data_octets += datain.length;
2477 if (conn->sess->se_sess->se_node_acl) {
2478 spin_lock(&conn->sess->se_sess->se_node_acl->stats_lock);
2479 conn->sess->se_sess->se_node_acl->read_bytes += datain.length;
2480 spin_unlock(&conn->sess->se_sess->se_node_acl->stats_lock);
2481 }
2482 spin_unlock_bh(&conn->sess->session_stats_lock);
2483
2484
2485
2486
2487 if ((datain.flags & ISCSI_FLAG_DATA_STATUS) &&
2488 (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE))
2489 datain.flags &= ~ISCSI_FLAG_DATA_STATUS;
2490 else {
2491 if ((dr->dr_complete == DATAIN_COMPLETE_NORMAL) ||
2492 (dr->dr_complete == DATAIN_COMPLETE_CONNECTION_RECOVERY)) {
2493 iscsit_increment_maxcmdsn(cmd, conn->sess);
2494 cmd->stat_sn = conn->stat_sn++;
2495 set_statsn = 1;
2496 } else if (dr->dr_complete ==
2497 DATAIN_COMPLETE_WITHIN_COMMAND_RECOVERY)
2498 set_statsn = 1;
2499 }
2500
2501 hdr = (struct iscsi_data_rsp *) cmd->pdu;
2502 memset(hdr, 0, ISCSI_HDR_LEN);
2503 hdr->opcode = ISCSI_OP_SCSI_DATA_IN;
2504 hdr->flags = datain.flags;
2505 if (hdr->flags & ISCSI_FLAG_DATA_STATUS) {
2506 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) {
2507 hdr->flags |= ISCSI_FLAG_DATA_OVERFLOW;
2508 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count);
2509 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) {
2510 hdr->flags |= ISCSI_FLAG_DATA_UNDERFLOW;
2511 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count);
2512 }
2513 }
2514 hton24(hdr->dlength, datain.length);
2515 if (hdr->flags & ISCSI_FLAG_DATA_ACK)
2516 int_to_scsilun(cmd->se_cmd.orig_fe_lun,
2517 (struct scsi_lun *)&hdr->lun);
2518 else
2519 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun);
2520
2521 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2522 hdr->ttt = (hdr->flags & ISCSI_FLAG_DATA_ACK) ?
2523 cpu_to_be32(cmd->targ_xfer_tag) :
2524 0xFFFFFFFF;
2525 hdr->statsn = (set_statsn) ? cpu_to_be32(cmd->stat_sn) :
2526 0xFFFFFFFF;
2527 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2528 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2529 hdr->datasn = cpu_to_be32(datain.data_sn);
2530 hdr->offset = cpu_to_be32(datain.offset);
2531
2532 iov = &cmd->iov_data[0];
2533 iov[iov_count].iov_base = cmd->pdu;
2534 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
2535 tx_size += ISCSI_HDR_LEN;
2536
2537 if (conn->conn_ops->HeaderDigest) {
2538 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2539
2540 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2541 (unsigned char *)hdr, ISCSI_HDR_LEN,
2542 0, NULL, (u8 *)header_digest);
2543
2544 iov[0].iov_len += ISCSI_CRC_LEN;
2545 tx_size += ISCSI_CRC_LEN;
2546
2547 pr_debug("Attaching CRC32 HeaderDigest"
2548 " for DataIN PDU 0x%08x\n", *header_digest);
2549 }
2550
2551 iov_ret = iscsit_map_iovec(cmd, &cmd->iov_data[1], datain.offset, datain.length);
2552 if (iov_ret < 0)
2553 return -1;
2554
2555 iov_count += iov_ret;
2556 tx_size += datain.length;
2557
2558 cmd->padding = ((-datain.length) & 3);
2559 if (cmd->padding) {
2560 iov[iov_count].iov_base = cmd->pad_bytes;
2561 iov[iov_count++].iov_len = cmd->padding;
2562 tx_size += cmd->padding;
2563
2564 pr_debug("Attaching %u padding bytes\n",
2565 cmd->padding);
2566 }
2567 if (conn->conn_ops->DataDigest) {
2568 cmd->data_crc = iscsit_do_crypto_hash_sg(&conn->conn_tx_hash, cmd,
2569 datain.offset, datain.length, cmd->padding, cmd->pad_bytes);
2570
2571 iov[iov_count].iov_base = &cmd->data_crc;
2572 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
2573 tx_size += ISCSI_CRC_LEN;
2574
2575 pr_debug("Attached CRC32C DataDigest %d bytes, crc"
2576 " 0x%08x\n", datain.length+cmd->padding, cmd->data_crc);
2577 }
2578
2579 cmd->iov_data_count = iov_count;
2580 cmd->tx_size = tx_size;
2581
2582 pr_debug("Built DataIN ITT: 0x%08x, StatSN: 0x%08x,"
2583 " DataSN: 0x%08x, Offset: %u, Length: %u, CID: %hu\n",
2584 cmd->init_task_tag, ntohl(hdr->statsn), ntohl(hdr->datasn),
2585 ntohl(hdr->offset), datain.length, conn->cid);
2586
2587 if (dr->dr_complete) {
2588 *eodr = (cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) ?
2589 2 : 1;
2590 iscsit_free_datain_req(cmd, dr);
2591 }
2592
2593 return 0;
2594}
2595
2596static int iscsit_send_logout_response(
2597 struct iscsi_cmd *cmd,
2598 struct iscsi_conn *conn)
2599{
2600 int niov = 0, tx_size;
2601 struct iscsi_conn *logout_conn = NULL;
2602 struct iscsi_conn_recovery *cr = NULL;
2603 struct iscsi_session *sess = conn->sess;
2604 struct kvec *iov;
2605 struct iscsi_logout_rsp *hdr;
2606
2607
2608
2609
2610
2611 switch (cmd->logout_reason) {
2612 case ISCSI_LOGOUT_REASON_CLOSE_SESSION:
2613 pr_debug("iSCSI session logout successful, setting"
2614 " logout response to ISCSI_LOGOUT_SUCCESS.\n");
2615 cmd->logout_response = ISCSI_LOGOUT_SUCCESS;
2616 break;
2617 case ISCSI_LOGOUT_REASON_CLOSE_CONNECTION:
2618 if (cmd->logout_response == ISCSI_LOGOUT_CID_NOT_FOUND)
2619 break;
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632 pr_debug("iSCSI CID: %hu logout on CID: %hu"
2633 " successful.\n", cmd->logout_cid, conn->cid);
2634 cmd->logout_response = ISCSI_LOGOUT_SUCCESS;
2635 break;
2636 case ISCSI_LOGOUT_REASON_RECOVERY:
2637 if ((cmd->logout_response == ISCSI_LOGOUT_RECOVERY_UNSUPPORTED) ||
2638 (cmd->logout_response == ISCSI_LOGOUT_CLEANUP_FAILED))
2639 break;
2640
2641
2642
2643
2644 logout_conn = iscsit_get_conn_from_cid_rcfr(sess,
2645 cmd->logout_cid);
2646 if ((logout_conn)) {
2647 iscsit_connection_reinstatement_rcfr(logout_conn);
2648 iscsit_dec_conn_usage_count(logout_conn);
2649 }
2650
2651 cr = iscsit_get_inactive_connection_recovery_entry(
2652 conn->sess, cmd->logout_cid);
2653 if (!cr) {
2654 pr_err("Unable to locate CID: %hu for"
2655 " REMOVECONNFORRECOVERY Logout Request.\n",
2656 cmd->logout_cid);
2657 cmd->logout_response = ISCSI_LOGOUT_CID_NOT_FOUND;
2658 break;
2659 }
2660
2661 iscsit_discard_cr_cmds_by_expstatsn(cr, cmd->exp_stat_sn);
2662
2663 pr_debug("iSCSI REMOVECONNFORRECOVERY logout"
2664 " for recovery for CID: %hu on CID: %hu successful.\n",
2665 cmd->logout_cid, conn->cid);
2666 cmd->logout_response = ISCSI_LOGOUT_SUCCESS;
2667 break;
2668 default:
2669 pr_err("Unknown cmd->logout_reason: 0x%02x\n",
2670 cmd->logout_reason);
2671 return -1;
2672 }
2673
2674 tx_size = ISCSI_HDR_LEN;
2675 hdr = (struct iscsi_logout_rsp *)cmd->pdu;
2676 memset(hdr, 0, ISCSI_HDR_LEN);
2677 hdr->opcode = ISCSI_OP_LOGOUT_RSP;
2678 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2679 hdr->response = cmd->logout_response;
2680 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2681 cmd->stat_sn = conn->stat_sn++;
2682 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2683
2684 iscsit_increment_maxcmdsn(cmd, conn->sess);
2685 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2686 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2687
2688 iov = &cmd->iov_misc[0];
2689 iov[niov].iov_base = cmd->pdu;
2690 iov[niov++].iov_len = ISCSI_HDR_LEN;
2691
2692 if (conn->conn_ops->HeaderDigest) {
2693 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2694
2695 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2696 (unsigned char *)hdr, ISCSI_HDR_LEN,
2697 0, NULL, (u8 *)header_digest);
2698
2699 iov[0].iov_len += ISCSI_CRC_LEN;
2700 tx_size += ISCSI_CRC_LEN;
2701 pr_debug("Attaching CRC32C HeaderDigest to"
2702 " Logout Response 0x%08x\n", *header_digest);
2703 }
2704 cmd->iov_misc_count = niov;
2705 cmd->tx_size = tx_size;
2706
2707 pr_debug("Sending Logout Response ITT: 0x%08x StatSN:"
2708 " 0x%08x Response: 0x%02x CID: %hu on CID: %hu\n",
2709 cmd->init_task_tag, cmd->stat_sn, hdr->response,
2710 cmd->logout_cid, conn->cid);
2711
2712 return 0;
2713}
2714
2715
2716
2717
2718static int iscsit_send_unsolicited_nopin(
2719 struct iscsi_cmd *cmd,
2720 struct iscsi_conn *conn,
2721 int want_response)
2722{
2723 int tx_size = ISCSI_HDR_LEN;
2724 struct iscsi_nopin *hdr;
2725
2726 hdr = (struct iscsi_nopin *) cmd->pdu;
2727 memset(hdr, 0, ISCSI_HDR_LEN);
2728 hdr->opcode = ISCSI_OP_NOOP_IN;
2729 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2730 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2731 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag);
2732 cmd->stat_sn = conn->stat_sn;
2733 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2734 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2735 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2736
2737 if (conn->conn_ops->HeaderDigest) {
2738 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2739
2740 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2741 (unsigned char *)hdr, ISCSI_HDR_LEN,
2742 0, NULL, (u8 *)header_digest);
2743
2744 tx_size += ISCSI_CRC_LEN;
2745 pr_debug("Attaching CRC32C HeaderDigest to"
2746 " NopIN 0x%08x\n", *header_digest);
2747 }
2748
2749 cmd->iov_misc[0].iov_base = cmd->pdu;
2750 cmd->iov_misc[0].iov_len = tx_size;
2751 cmd->iov_misc_count = 1;
2752 cmd->tx_size = tx_size;
2753
2754 pr_debug("Sending Unsolicited NOPIN TTT: 0x%08x StatSN:"
2755 " 0x%08x CID: %hu\n", hdr->ttt, cmd->stat_sn, conn->cid);
2756
2757 return 0;
2758}
2759
2760static int iscsit_send_nopin_response(
2761 struct iscsi_cmd *cmd,
2762 struct iscsi_conn *conn)
2763{
2764 int niov = 0, tx_size;
2765 u32 padding = 0;
2766 struct kvec *iov;
2767 struct iscsi_nopin *hdr;
2768
2769 tx_size = ISCSI_HDR_LEN;
2770 hdr = (struct iscsi_nopin *) cmd->pdu;
2771 memset(hdr, 0, ISCSI_HDR_LEN);
2772 hdr->opcode = ISCSI_OP_NOOP_IN;
2773 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2774 hton24(hdr->dlength, cmd->buf_ptr_size);
2775 put_unaligned_le64(0xFFFFFFFFFFFFFFFFULL, &hdr->lun);
2776 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2777 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag);
2778 cmd->stat_sn = conn->stat_sn++;
2779 hdr->statsn = cpu_to_be32(cmd->stat_sn);
2780
2781 iscsit_increment_maxcmdsn(cmd, conn->sess);
2782 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2783 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2784
2785 iov = &cmd->iov_misc[0];
2786 iov[niov].iov_base = cmd->pdu;
2787 iov[niov++].iov_len = ISCSI_HDR_LEN;
2788
2789 if (conn->conn_ops->HeaderDigest) {
2790 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2791
2792 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2793 (unsigned char *)hdr, ISCSI_HDR_LEN,
2794 0, NULL, (u8 *)header_digest);
2795
2796 iov[0].iov_len += ISCSI_CRC_LEN;
2797 tx_size += ISCSI_CRC_LEN;
2798 pr_debug("Attaching CRC32C HeaderDigest"
2799 " to NopIn 0x%08x\n", *header_digest);
2800 }
2801
2802
2803
2804
2805
2806 if (cmd->buf_ptr_size) {
2807 iov[niov].iov_base = cmd->buf_ptr;
2808 iov[niov++].iov_len = cmd->buf_ptr_size;
2809 tx_size += cmd->buf_ptr_size;
2810
2811 pr_debug("Echoing back %u bytes of ping"
2812 " data.\n", cmd->buf_ptr_size);
2813
2814 padding = ((-cmd->buf_ptr_size) & 3);
2815 if (padding != 0) {
2816 iov[niov].iov_base = &cmd->pad_bytes;
2817 iov[niov++].iov_len = padding;
2818 tx_size += padding;
2819 pr_debug("Attaching %u additional"
2820 " padding bytes.\n", padding);
2821 }
2822 if (conn->conn_ops->DataDigest) {
2823 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2824 cmd->buf_ptr, cmd->buf_ptr_size,
2825 padding, (u8 *)&cmd->pad_bytes,
2826 (u8 *)&cmd->data_crc);
2827
2828 iov[niov].iov_base = &cmd->data_crc;
2829 iov[niov++].iov_len = ISCSI_CRC_LEN;
2830 tx_size += ISCSI_CRC_LEN;
2831 pr_debug("Attached DataDigest for %u"
2832 " bytes of ping data, CRC 0x%08x\n",
2833 cmd->buf_ptr_size, cmd->data_crc);
2834 }
2835 }
2836
2837 cmd->iov_misc_count = niov;
2838 cmd->tx_size = tx_size;
2839
2840 pr_debug("Sending NOPIN Response ITT: 0x%08x, TTT:"
2841 " 0x%08x, StatSN: 0x%08x, Length %u\n", cmd->init_task_tag,
2842 cmd->targ_xfer_tag, cmd->stat_sn, cmd->buf_ptr_size);
2843
2844 return 0;
2845}
2846
2847int iscsit_send_r2t(
2848 struct iscsi_cmd *cmd,
2849 struct iscsi_conn *conn)
2850{
2851 int tx_size = 0;
2852 struct iscsi_r2t *r2t;
2853 struct iscsi_r2t_rsp *hdr;
2854
2855 r2t = iscsit_get_r2t_from_list(cmd);
2856 if (!r2t)
2857 return -1;
2858
2859 hdr = (struct iscsi_r2t_rsp *) cmd->pdu;
2860 memset(hdr, 0, ISCSI_HDR_LEN);
2861 hdr->opcode = ISCSI_OP_R2T;
2862 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
2863 int_to_scsilun(cmd->se_cmd.orig_fe_lun,
2864 (struct scsi_lun *)&hdr->lun);
2865 hdr->itt = cpu_to_be32(cmd->init_task_tag);
2866 spin_lock_bh(&conn->sess->ttt_lock);
2867 r2t->targ_xfer_tag = conn->sess->targ_xfer_tag++;
2868 if (r2t->targ_xfer_tag == 0xFFFFFFFF)
2869 r2t->targ_xfer_tag = conn->sess->targ_xfer_tag++;
2870 spin_unlock_bh(&conn->sess->ttt_lock);
2871 hdr->ttt = cpu_to_be32(r2t->targ_xfer_tag);
2872 hdr->statsn = cpu_to_be32(conn->stat_sn);
2873 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
2874 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
2875 hdr->r2tsn = cpu_to_be32(r2t->r2t_sn);
2876 hdr->data_offset = cpu_to_be32(r2t->offset);
2877 hdr->data_length = cpu_to_be32(r2t->xfer_len);
2878
2879 cmd->iov_misc[0].iov_base = cmd->pdu;
2880 cmd->iov_misc[0].iov_len = ISCSI_HDR_LEN;
2881 tx_size += ISCSI_HDR_LEN;
2882
2883 if (conn->conn_ops->HeaderDigest) {
2884 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
2885
2886 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
2887 (unsigned char *)hdr, ISCSI_HDR_LEN,
2888 0, NULL, (u8 *)header_digest);
2889
2890 cmd->iov_misc[0].iov_len += ISCSI_CRC_LEN;
2891 tx_size += ISCSI_CRC_LEN;
2892 pr_debug("Attaching CRC32 HeaderDigest for R2T"
2893 " PDU 0x%08x\n", *header_digest);
2894 }
2895
2896 pr_debug("Built %sR2T, ITT: 0x%08x, TTT: 0x%08x, StatSN:"
2897 " 0x%08x, R2TSN: 0x%08x, Offset: %u, DDTL: %u, CID: %hu\n",
2898 (!r2t->recovery_r2t) ? "" : "Recovery ", cmd->init_task_tag,
2899 r2t->targ_xfer_tag, ntohl(hdr->statsn), r2t->r2t_sn,
2900 r2t->offset, r2t->xfer_len, conn->cid);
2901
2902 cmd->iov_misc_count = 1;
2903 cmd->tx_size = tx_size;
2904
2905 spin_lock_bh(&cmd->r2t_lock);
2906 r2t->sent_r2t = 1;
2907 spin_unlock_bh(&cmd->r2t_lock);
2908
2909 return 0;
2910}
2911
2912
2913
2914
2915
2916
2917
2918int iscsit_build_r2ts_for_cmd(
2919 struct iscsi_cmd *cmd,
2920 struct iscsi_conn *conn,
2921 int type)
2922{
2923 int first_r2t = 1;
2924 u32 offset = 0, xfer_len = 0;
2925
2926 spin_lock_bh(&cmd->r2t_lock);
2927 if (cmd->cmd_flags & ICF_SENT_LAST_R2T) {
2928 spin_unlock_bh(&cmd->r2t_lock);
2929 return 0;
2930 }
2931
2932 if (conn->sess->sess_ops->DataSequenceInOrder && (type != 2))
2933 if (cmd->r2t_offset < cmd->write_data_done)
2934 cmd->r2t_offset = cmd->write_data_done;
2935
2936 while (cmd->outstanding_r2ts < conn->sess->sess_ops->MaxOutstandingR2T) {
2937 if (conn->sess->sess_ops->DataSequenceInOrder) {
2938 offset = cmd->r2t_offset;
2939
2940 if (first_r2t && (type == 2)) {
2941 xfer_len = ((offset +
2942 (conn->sess->sess_ops->MaxBurstLength -
2943 cmd->next_burst_len) >
2944 cmd->data_length) ?
2945 (cmd->data_length - offset) :
2946 (conn->sess->sess_ops->MaxBurstLength -
2947 cmd->next_burst_len));
2948 } else {
2949 xfer_len = ((offset +
2950 conn->sess->sess_ops->MaxBurstLength) >
2951 cmd->data_length) ?
2952 (cmd->data_length - offset) :
2953 conn->sess->sess_ops->MaxBurstLength;
2954 }
2955 cmd->r2t_offset += xfer_len;
2956
2957 if (cmd->r2t_offset == cmd->data_length)
2958 cmd->cmd_flags |= ICF_SENT_LAST_R2T;
2959 } else {
2960 struct iscsi_seq *seq;
2961
2962 seq = iscsit_get_seq_holder_for_r2t(cmd);
2963 if (!seq) {
2964 spin_unlock_bh(&cmd->r2t_lock);
2965 return -1;
2966 }
2967
2968 offset = seq->offset;
2969 xfer_len = seq->xfer_len;
2970
2971 if (cmd->seq_send_order == cmd->seq_count)
2972 cmd->cmd_flags |= ICF_SENT_LAST_R2T;
2973 }
2974 cmd->outstanding_r2ts++;
2975 first_r2t = 0;
2976
2977 if (iscsit_add_r2t_to_list(cmd, offset, xfer_len, 0, 0) < 0) {
2978 spin_unlock_bh(&cmd->r2t_lock);
2979 return -1;
2980 }
2981
2982 if (cmd->cmd_flags & ICF_SENT_LAST_R2T)
2983 break;
2984 }
2985 spin_unlock_bh(&cmd->r2t_lock);
2986
2987 return 0;
2988}
2989
2990static int iscsit_send_status(
2991 struct iscsi_cmd *cmd,
2992 struct iscsi_conn *conn)
2993{
2994 u8 iov_count = 0, recovery;
2995 u32 padding = 0, tx_size = 0;
2996 struct iscsi_scsi_rsp *hdr;
2997 struct kvec *iov;
2998
2999 recovery = (cmd->i_state != ISTATE_SEND_STATUS);
3000 if (!recovery)
3001 cmd->stat_sn = conn->stat_sn++;
3002
3003 spin_lock_bh(&conn->sess->session_stats_lock);
3004 conn->sess->rsp_pdus++;
3005 spin_unlock_bh(&conn->sess->session_stats_lock);
3006
3007 hdr = (struct iscsi_scsi_rsp *) cmd->pdu;
3008 memset(hdr, 0, ISCSI_HDR_LEN);
3009 hdr->opcode = ISCSI_OP_SCSI_CMD_RSP;
3010 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
3011 if (cmd->se_cmd.se_cmd_flags & SCF_OVERFLOW_BIT) {
3012 hdr->flags |= ISCSI_FLAG_CMD_OVERFLOW;
3013 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count);
3014 } else if (cmd->se_cmd.se_cmd_flags & SCF_UNDERFLOW_BIT) {
3015 hdr->flags |= ISCSI_FLAG_CMD_UNDERFLOW;
3016 hdr->residual_count = cpu_to_be32(cmd->se_cmd.residual_count);
3017 }
3018 hdr->response = cmd->iscsi_response;
3019 hdr->cmd_status = cmd->se_cmd.scsi_status;
3020 hdr->itt = cpu_to_be32(cmd->init_task_tag);
3021 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3022
3023 iscsit_increment_maxcmdsn(cmd, conn->sess);
3024 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3025 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3026
3027 iov = &cmd->iov_misc[0];
3028 iov[iov_count].iov_base = cmd->pdu;
3029 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3030 tx_size += ISCSI_HDR_LEN;
3031
3032
3033
3034
3035 if (cmd->se_cmd.sense_buffer &&
3036 ((cmd->se_cmd.se_cmd_flags & SCF_TRANSPORT_TASK_SENSE) ||
3037 (cmd->se_cmd.se_cmd_flags & SCF_EMULATED_TASK_SENSE))) {
3038 padding = -(cmd->se_cmd.scsi_sense_length) & 3;
3039 hton24(hdr->dlength, cmd->se_cmd.scsi_sense_length);
3040 iov[iov_count].iov_base = cmd->se_cmd.sense_buffer;
3041 iov[iov_count++].iov_len =
3042 (cmd->se_cmd.scsi_sense_length + padding);
3043 tx_size += cmd->se_cmd.scsi_sense_length;
3044
3045 if (padding) {
3046 memset(cmd->se_cmd.sense_buffer +
3047 cmd->se_cmd.scsi_sense_length, 0, padding);
3048 tx_size += padding;
3049 pr_debug("Adding %u bytes of padding to"
3050 " SENSE.\n", padding);
3051 }
3052
3053 if (conn->conn_ops->DataDigest) {
3054 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3055 cmd->se_cmd.sense_buffer,
3056 (cmd->se_cmd.scsi_sense_length + padding),
3057 0, NULL, (u8 *)&cmd->data_crc);
3058
3059 iov[iov_count].iov_base = &cmd->data_crc;
3060 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
3061 tx_size += ISCSI_CRC_LEN;
3062
3063 pr_debug("Attaching CRC32 DataDigest for"
3064 " SENSE, %u bytes CRC 0x%08x\n",
3065 (cmd->se_cmd.scsi_sense_length + padding),
3066 cmd->data_crc);
3067 }
3068
3069 pr_debug("Attaching SENSE DATA: %u bytes to iSCSI"
3070 " Response PDU\n",
3071 cmd->se_cmd.scsi_sense_length);
3072 }
3073
3074 if (conn->conn_ops->HeaderDigest) {
3075 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3076
3077 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3078 (unsigned char *)hdr, ISCSI_HDR_LEN,
3079 0, NULL, (u8 *)header_digest);
3080
3081 iov[0].iov_len += ISCSI_CRC_LEN;
3082 tx_size += ISCSI_CRC_LEN;
3083 pr_debug("Attaching CRC32 HeaderDigest for Response"
3084 " PDU 0x%08x\n", *header_digest);
3085 }
3086
3087 cmd->iov_misc_count = iov_count;
3088 cmd->tx_size = tx_size;
3089
3090 pr_debug("Built %sSCSI Response, ITT: 0x%08x, StatSN: 0x%08x,"
3091 " Response: 0x%02x, SAM Status: 0x%02x, CID: %hu\n",
3092 (!recovery) ? "" : "Recovery ", cmd->init_task_tag,
3093 cmd->stat_sn, 0x00, cmd->se_cmd.scsi_status, conn->cid);
3094
3095 return 0;
3096}
3097
3098static u8 iscsit_convert_tcm_tmr_rsp(struct se_tmr_req *se_tmr)
3099{
3100 switch (se_tmr->response) {
3101 case TMR_FUNCTION_COMPLETE:
3102 return ISCSI_TMF_RSP_COMPLETE;
3103 case TMR_TASK_DOES_NOT_EXIST:
3104 return ISCSI_TMF_RSP_NO_TASK;
3105 case TMR_LUN_DOES_NOT_EXIST:
3106 return ISCSI_TMF_RSP_NO_LUN;
3107 case TMR_TASK_MGMT_FUNCTION_NOT_SUPPORTED:
3108 return ISCSI_TMF_RSP_NOT_SUPPORTED;
3109 case TMR_FUNCTION_AUTHORIZATION_FAILED:
3110 return ISCSI_TMF_RSP_AUTH_FAILED;
3111 case TMR_FUNCTION_REJECTED:
3112 default:
3113 return ISCSI_TMF_RSP_REJECTED;
3114 }
3115}
3116
3117static int iscsit_send_task_mgt_rsp(
3118 struct iscsi_cmd *cmd,
3119 struct iscsi_conn *conn)
3120{
3121 struct se_tmr_req *se_tmr = cmd->se_cmd.se_tmr_req;
3122 struct iscsi_tm_rsp *hdr;
3123 u32 tx_size = 0;
3124
3125 hdr = (struct iscsi_tm_rsp *) cmd->pdu;
3126 memset(hdr, 0, ISCSI_HDR_LEN);
3127 hdr->opcode = ISCSI_OP_SCSI_TMFUNC_RSP;
3128 hdr->flags = ISCSI_FLAG_CMD_FINAL;
3129 hdr->response = iscsit_convert_tcm_tmr_rsp(se_tmr);
3130 hdr->itt = cpu_to_be32(cmd->init_task_tag);
3131 cmd->stat_sn = conn->stat_sn++;
3132 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3133
3134 iscsit_increment_maxcmdsn(cmd, conn->sess);
3135 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3136 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3137
3138 cmd->iov_misc[0].iov_base = cmd->pdu;
3139 cmd->iov_misc[0].iov_len = ISCSI_HDR_LEN;
3140 tx_size += ISCSI_HDR_LEN;
3141
3142 if (conn->conn_ops->HeaderDigest) {
3143 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3144
3145 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3146 (unsigned char *)hdr, ISCSI_HDR_LEN,
3147 0, NULL, (u8 *)header_digest);
3148
3149 cmd->iov_misc[0].iov_len += ISCSI_CRC_LEN;
3150 tx_size += ISCSI_CRC_LEN;
3151 pr_debug("Attaching CRC32 HeaderDigest for Task"
3152 " Mgmt Response PDU 0x%08x\n", *header_digest);
3153 }
3154
3155 cmd->iov_misc_count = 1;
3156 cmd->tx_size = tx_size;
3157
3158 pr_debug("Built Task Management Response ITT: 0x%08x,"
3159 " StatSN: 0x%08x, Response: 0x%02x, CID: %hu\n",
3160 cmd->init_task_tag, cmd->stat_sn, hdr->response, conn->cid);
3161
3162 return 0;
3163}
3164
3165static bool iscsit_check_inaddr_any(struct iscsi_np *np)
3166{
3167 bool ret = false;
3168
3169 if (np->np_sockaddr.ss_family == AF_INET6) {
3170 const struct sockaddr_in6 sin6 = {
3171 .sin6_addr = IN6ADDR_ANY_INIT };
3172 struct sockaddr_in6 *sock_in6 =
3173 (struct sockaddr_in6 *)&np->np_sockaddr;
3174
3175 if (!memcmp(sock_in6->sin6_addr.s6_addr,
3176 sin6.sin6_addr.s6_addr, 16))
3177 ret = true;
3178 } else {
3179 struct sockaddr_in * sock_in =
3180 (struct sockaddr_in *)&np->np_sockaddr;
3181
3182 if (sock_in->sin_addr.s_addr == INADDR_ANY)
3183 ret = true;
3184 }
3185
3186 return ret;
3187}
3188
3189static int iscsit_build_sendtargets_response(struct iscsi_cmd *cmd)
3190{
3191 char *payload = NULL;
3192 struct iscsi_conn *conn = cmd->conn;
3193 struct iscsi_portal_group *tpg;
3194 struct iscsi_tiqn *tiqn;
3195 struct iscsi_tpg_np *tpg_np;
3196 int buffer_len, end_of_buf = 0, len = 0, payload_len = 0;
3197 unsigned char buf[256];
3198
3199 buffer_len = (conn->conn_ops->MaxRecvDataSegmentLength > 32768) ?
3200 32768 : conn->conn_ops->MaxRecvDataSegmentLength;
3201
3202 memset(buf, 0, 256);
3203
3204 payload = kzalloc(buffer_len, GFP_KERNEL);
3205 if (!payload) {
3206 pr_err("Unable to allocate memory for sendtargets"
3207 " response.\n");
3208 return -ENOMEM;
3209 }
3210
3211 spin_lock(&tiqn_lock);
3212 list_for_each_entry(tiqn, &g_tiqn_list, tiqn_list) {
3213 len = sprintf(buf, "TargetName=%s", tiqn->tiqn);
3214 len += 1;
3215
3216 if ((len + payload_len) > buffer_len) {
3217 spin_unlock(&tiqn->tiqn_tpg_lock);
3218 end_of_buf = 1;
3219 goto eob;
3220 }
3221 memcpy(payload + payload_len, buf, len);
3222 payload_len += len;
3223
3224 spin_lock(&tiqn->tiqn_tpg_lock);
3225 list_for_each_entry(tpg, &tiqn->tiqn_tpg_list, tpg_list) {
3226
3227 spin_lock(&tpg->tpg_state_lock);
3228 if ((tpg->tpg_state == TPG_STATE_FREE) ||
3229 (tpg->tpg_state == TPG_STATE_INACTIVE)) {
3230 spin_unlock(&tpg->tpg_state_lock);
3231 continue;
3232 }
3233 spin_unlock(&tpg->tpg_state_lock);
3234
3235 spin_lock(&tpg->tpg_np_lock);
3236 list_for_each_entry(tpg_np, &tpg->tpg_gnp_list,
3237 tpg_np_list) {
3238 struct iscsi_np *np = tpg_np->tpg_np;
3239 bool inaddr_any = iscsit_check_inaddr_any(np);
3240
3241 len = sprintf(buf, "TargetAddress="
3242 "%s%s%s:%hu,%hu",
3243 (np->np_sockaddr.ss_family == AF_INET6) ?
3244 "[" : "", (inaddr_any == false) ?
3245 np->np_ip : conn->local_ip,
3246 (np->np_sockaddr.ss_family == AF_INET6) ?
3247 "]" : "", (inaddr_any == false) ?
3248 np->np_port : conn->local_port,
3249 tpg->tpgt);
3250 len += 1;
3251
3252 if ((len + payload_len) > buffer_len) {
3253 spin_unlock(&tpg->tpg_np_lock);
3254 spin_unlock(&tiqn->tiqn_tpg_lock);
3255 end_of_buf = 1;
3256 goto eob;
3257 }
3258 memcpy(payload + payload_len, buf, len);
3259 payload_len += len;
3260 }
3261 spin_unlock(&tpg->tpg_np_lock);
3262 }
3263 spin_unlock(&tiqn->tiqn_tpg_lock);
3264eob:
3265 if (end_of_buf)
3266 break;
3267 }
3268 spin_unlock(&tiqn_lock);
3269
3270 cmd->buf_ptr = payload;
3271
3272 return payload_len;
3273}
3274
3275
3276
3277
3278
3279static int iscsit_send_text_rsp(
3280 struct iscsi_cmd *cmd,
3281 struct iscsi_conn *conn)
3282{
3283 struct iscsi_text_rsp *hdr;
3284 struct kvec *iov;
3285 u32 padding = 0, tx_size = 0;
3286 int text_length, iov_count = 0;
3287
3288 text_length = iscsit_build_sendtargets_response(cmd);
3289 if (text_length < 0)
3290 return text_length;
3291
3292 padding = ((-text_length) & 3);
3293 if (padding != 0) {
3294 memset(cmd->buf_ptr + text_length, 0, padding);
3295 pr_debug("Attaching %u additional bytes for"
3296 " padding.\n", padding);
3297 }
3298
3299 hdr = (struct iscsi_text_rsp *) cmd->pdu;
3300 memset(hdr, 0, ISCSI_HDR_LEN);
3301 hdr->opcode = ISCSI_OP_TEXT_RSP;
3302 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
3303 hton24(hdr->dlength, text_length);
3304 hdr->itt = cpu_to_be32(cmd->init_task_tag);
3305 hdr->ttt = cpu_to_be32(cmd->targ_xfer_tag);
3306 cmd->stat_sn = conn->stat_sn++;
3307 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3308
3309 iscsit_increment_maxcmdsn(cmd, conn->sess);
3310 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3311 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3312
3313 iov = &cmd->iov_misc[0];
3314
3315 iov[iov_count].iov_base = cmd->pdu;
3316 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3317 iov[iov_count].iov_base = cmd->buf_ptr;
3318 iov[iov_count++].iov_len = text_length + padding;
3319
3320 tx_size += (ISCSI_HDR_LEN + text_length + padding);
3321
3322 if (conn->conn_ops->HeaderDigest) {
3323 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3324
3325 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3326 (unsigned char *)hdr, ISCSI_HDR_LEN,
3327 0, NULL, (u8 *)header_digest);
3328
3329 iov[0].iov_len += ISCSI_CRC_LEN;
3330 tx_size += ISCSI_CRC_LEN;
3331 pr_debug("Attaching CRC32 HeaderDigest for"
3332 " Text Response PDU 0x%08x\n", *header_digest);
3333 }
3334
3335 if (conn->conn_ops->DataDigest) {
3336 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3337 cmd->buf_ptr, (text_length + padding),
3338 0, NULL, (u8 *)&cmd->data_crc);
3339
3340 iov[iov_count].iov_base = &cmd->data_crc;
3341 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
3342 tx_size += ISCSI_CRC_LEN;
3343
3344 pr_debug("Attaching DataDigest for %u bytes of text"
3345 " data, CRC 0x%08x\n", (text_length + padding),
3346 cmd->data_crc);
3347 }
3348
3349 cmd->iov_misc_count = iov_count;
3350 cmd->tx_size = tx_size;
3351
3352 pr_debug("Built Text Response: ITT: 0x%08x, StatSN: 0x%08x,"
3353 " Length: %u, CID: %hu\n", cmd->init_task_tag, cmd->stat_sn,
3354 text_length, conn->cid);
3355 return 0;
3356}
3357
3358static int iscsit_send_reject(
3359 struct iscsi_cmd *cmd,
3360 struct iscsi_conn *conn)
3361{
3362 u32 iov_count = 0, tx_size = 0;
3363 struct iscsi_reject *hdr;
3364 struct kvec *iov;
3365
3366 hdr = (struct iscsi_reject *) cmd->pdu;
3367 hdr->opcode = ISCSI_OP_REJECT;
3368 hdr->flags |= ISCSI_FLAG_CMD_FINAL;
3369 hton24(hdr->dlength, ISCSI_HDR_LEN);
3370 cmd->stat_sn = conn->stat_sn++;
3371 hdr->statsn = cpu_to_be32(cmd->stat_sn);
3372 hdr->exp_cmdsn = cpu_to_be32(conn->sess->exp_cmd_sn);
3373 hdr->max_cmdsn = cpu_to_be32(conn->sess->max_cmd_sn);
3374
3375 iov = &cmd->iov_misc[0];
3376
3377 iov[iov_count].iov_base = cmd->pdu;
3378 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3379 iov[iov_count].iov_base = cmd->buf_ptr;
3380 iov[iov_count++].iov_len = ISCSI_HDR_LEN;
3381
3382 tx_size = (ISCSI_HDR_LEN + ISCSI_HDR_LEN);
3383
3384 if (conn->conn_ops->HeaderDigest) {
3385 u32 *header_digest = (u32 *)&cmd->pdu[ISCSI_HDR_LEN];
3386
3387 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3388 (unsigned char *)hdr, ISCSI_HDR_LEN,
3389 0, NULL, (u8 *)header_digest);
3390
3391 iov[0].iov_len += ISCSI_CRC_LEN;
3392 tx_size += ISCSI_CRC_LEN;
3393 pr_debug("Attaching CRC32 HeaderDigest for"
3394 " REJECT PDU 0x%08x\n", *header_digest);
3395 }
3396
3397 if (conn->conn_ops->DataDigest) {
3398 iscsit_do_crypto_hash_buf(&conn->conn_tx_hash,
3399 (unsigned char *)cmd->buf_ptr, ISCSI_HDR_LEN,
3400 0, NULL, (u8 *)&cmd->data_crc);
3401
3402 iov[iov_count].iov_base = &cmd->data_crc;
3403 iov[iov_count++].iov_len = ISCSI_CRC_LEN;
3404 tx_size += ISCSI_CRC_LEN;
3405 pr_debug("Attaching CRC32 DataDigest for REJECT"
3406 " PDU 0x%08x\n", cmd->data_crc);
3407 }
3408
3409 cmd->iov_misc_count = iov_count;
3410 cmd->tx_size = tx_size;
3411
3412 pr_debug("Built Reject PDU StatSN: 0x%08x, Reason: 0x%02x,"
3413 " CID: %hu\n", ntohl(hdr->statsn), hdr->reason, conn->cid);
3414
3415 return 0;
3416}
3417
3418static void iscsit_tx_thread_wait_for_tcp(struct iscsi_conn *conn)
3419{
3420 if ((conn->sock->sk->sk_shutdown & SEND_SHUTDOWN) ||
3421 (conn->sock->sk->sk_shutdown & RCV_SHUTDOWN)) {
3422 wait_for_completion_interruptible_timeout(
3423 &conn->tx_half_close_comp,
3424 ISCSI_TX_THREAD_TCP_TIMEOUT * HZ);
3425 }
3426}
3427
3428#ifdef CONFIG_SMP
3429
3430void iscsit_thread_get_cpumask(struct iscsi_conn *conn)
3431{
3432 struct iscsi_thread_set *ts = conn->thread_set;
3433 int ord, cpu;
3434
3435
3436
3437
3438
3439
3440
3441
3442 ord = ts->thread_id % cpumask_weight(cpu_online_mask);
3443#if 0
3444 pr_debug(">>>>>>>>>>>>>>>>>>>> Generated ord: %d from"
3445 " thread_id: %d\n", ord, ts->thread_id);
3446#endif
3447 for_each_online_cpu(cpu) {
3448 if (ord-- == 0) {
3449 cpumask_set_cpu(cpu, conn->conn_cpumask);
3450 return;
3451 }
3452 }
3453
3454
3455
3456 dump_stack();
3457 cpumask_setall(conn->conn_cpumask);
3458}
3459
3460static inline void iscsit_thread_check_cpumask(
3461 struct iscsi_conn *conn,
3462 struct task_struct *p,
3463 int mode)
3464{
3465 char buf[128];
3466
3467
3468
3469
3470 if (mode == 1) {
3471 if (!conn->conn_tx_reset_cpumask)
3472 return;
3473 conn->conn_tx_reset_cpumask = 0;
3474 } else {
3475 if (!conn->conn_rx_reset_cpumask)
3476 return;
3477 conn->conn_rx_reset_cpumask = 0;
3478 }
3479
3480
3481
3482
3483
3484 memset(buf, 0, 128);
3485 cpumask_scnprintf(buf, 128, conn->conn_cpumask);
3486#if 0
3487 pr_debug(">>>>>>>>>>>>>> Calling set_cpus_allowed_ptr():"
3488 " %s for %s\n", buf, p->comm);
3489#endif
3490 set_cpus_allowed_ptr(p, conn->conn_cpumask);
3491}
3492
3493#else
3494
3495void iscsit_thread_get_cpumask(struct iscsi_conn *conn)
3496{
3497 return;
3498}
3499
3500#define iscsit_thread_check_cpumask(X, Y, Z) ({})
3501#endif
3502
3503int iscsi_target_tx_thread(void *arg)
3504{
3505 u8 state;
3506 int eodr = 0;
3507 int ret = 0;
3508 int sent_status = 0;
3509 int use_misc = 0;
3510 int map_sg = 0;
3511 struct iscsi_cmd *cmd = NULL;
3512 struct iscsi_conn *conn;
3513 struct iscsi_queue_req *qr = NULL;
3514 struct se_cmd *se_cmd;
3515 struct iscsi_thread_set *ts = arg;
3516
3517
3518
3519
3520 allow_signal(SIGINT);
3521
3522restart:
3523 conn = iscsi_tx_thread_pre_handler(ts);
3524 if (!conn)
3525 goto out;
3526
3527 eodr = map_sg = ret = sent_status = use_misc = 0;
3528
3529 while (!kthread_should_stop()) {
3530
3531
3532
3533
3534 iscsit_thread_check_cpumask(conn, current, 1);
3535
3536 schedule_timeout_interruptible(MAX_SCHEDULE_TIMEOUT);
3537
3538 if ((ts->status == ISCSI_THREAD_SET_RESET) ||
3539 signal_pending(current))
3540 goto transport_err;
3541
3542get_immediate:
3543 qr = iscsit_get_cmd_from_immediate_queue(conn);
3544 if (qr) {
3545 atomic_set(&conn->check_immediate_queue, 0);
3546 cmd = qr->cmd;
3547 state = qr->state;
3548 kmem_cache_free(lio_qr_cache, qr);
3549
3550 spin_lock_bh(&cmd->istate_lock);
3551 switch (state) {
3552 case ISTATE_SEND_R2T:
3553 spin_unlock_bh(&cmd->istate_lock);
3554 ret = iscsit_send_r2t(cmd, conn);
3555 break;
3556 case ISTATE_REMOVE:
3557 spin_unlock_bh(&cmd->istate_lock);
3558
3559 if (cmd->data_direction == DMA_TO_DEVICE)
3560 iscsit_stop_dataout_timer(cmd);
3561
3562 spin_lock_bh(&conn->cmd_lock);
3563 list_del(&cmd->i_list);
3564 spin_unlock_bh(&conn->cmd_lock);
3565
3566 iscsit_free_cmd(cmd);
3567 goto get_immediate;
3568 case ISTATE_SEND_NOPIN_WANT_RESPONSE:
3569 spin_unlock_bh(&cmd->istate_lock);
3570 iscsit_mod_nopin_response_timer(conn);
3571 ret = iscsit_send_unsolicited_nopin(cmd,
3572 conn, 1);
3573 break;
3574 case ISTATE_SEND_NOPIN_NO_RESPONSE:
3575 spin_unlock_bh(&cmd->istate_lock);
3576 ret = iscsit_send_unsolicited_nopin(cmd,
3577 conn, 0);
3578 break;
3579 default:
3580 pr_err("Unknown Opcode: 0x%02x ITT:"
3581 " 0x%08x, i_state: %d on CID: %hu\n",
3582 cmd->iscsi_opcode, cmd->init_task_tag, state,
3583 conn->cid);
3584 spin_unlock_bh(&cmd->istate_lock);
3585 goto transport_err;
3586 }
3587 if (ret < 0) {
3588 conn->tx_immediate_queue = 0;
3589 goto transport_err;
3590 }
3591
3592 if (iscsit_send_tx_data(cmd, conn, 1) < 0) {
3593 conn->tx_immediate_queue = 0;
3594 iscsit_tx_thread_wait_for_tcp(conn);
3595 goto transport_err;
3596 }
3597
3598 spin_lock_bh(&cmd->istate_lock);
3599 switch (state) {
3600 case ISTATE_SEND_R2T:
3601 spin_unlock_bh(&cmd->istate_lock);
3602 spin_lock_bh(&cmd->dataout_timeout_lock);
3603 iscsit_start_dataout_timer(cmd, conn);
3604 spin_unlock_bh(&cmd->dataout_timeout_lock);
3605 break;
3606 case ISTATE_SEND_NOPIN_WANT_RESPONSE:
3607 cmd->i_state = ISTATE_SENT_NOPIN_WANT_RESPONSE;
3608 spin_unlock_bh(&cmd->istate_lock);
3609 break;
3610 case ISTATE_SEND_NOPIN_NO_RESPONSE:
3611 cmd->i_state = ISTATE_SENT_STATUS;
3612 spin_unlock_bh(&cmd->istate_lock);
3613 break;
3614 default:
3615 pr_err("Unknown Opcode: 0x%02x ITT:"
3616 " 0x%08x, i_state: %d on CID: %hu\n",
3617 cmd->iscsi_opcode, cmd->init_task_tag,
3618 state, conn->cid);
3619 spin_unlock_bh(&cmd->istate_lock);
3620 goto transport_err;
3621 }
3622 goto get_immediate;
3623 } else
3624 conn->tx_immediate_queue = 0;
3625
3626get_response:
3627 qr = iscsit_get_cmd_from_response_queue(conn);
3628 if (qr) {
3629 cmd = qr->cmd;
3630 state = qr->state;
3631 kmem_cache_free(lio_qr_cache, qr);
3632
3633 spin_lock_bh(&cmd->istate_lock);
3634check_rsp_state:
3635 switch (state) {
3636 case ISTATE_SEND_DATAIN:
3637 spin_unlock_bh(&cmd->istate_lock);
3638 ret = iscsit_send_data_in(cmd, conn,
3639 &eodr);
3640 map_sg = 1;
3641 break;
3642 case ISTATE_SEND_STATUS:
3643 case ISTATE_SEND_STATUS_RECOVERY:
3644 spin_unlock_bh(&cmd->istate_lock);
3645 use_misc = 1;
3646 ret = iscsit_send_status(cmd, conn);
3647 break;
3648 case ISTATE_SEND_LOGOUTRSP:
3649 spin_unlock_bh(&cmd->istate_lock);
3650 use_misc = 1;
3651 ret = iscsit_send_logout_response(cmd, conn);
3652 break;
3653 case ISTATE_SEND_ASYNCMSG:
3654 spin_unlock_bh(&cmd->istate_lock);
3655 use_misc = 1;
3656 ret = iscsit_send_conn_drop_async_message(
3657 cmd, conn);
3658 break;
3659 case ISTATE_SEND_NOPIN:
3660 spin_unlock_bh(&cmd->istate_lock);
3661 use_misc = 1;
3662 ret = iscsit_send_nopin_response(cmd, conn);
3663 break;
3664 case ISTATE_SEND_REJECT:
3665 spin_unlock_bh(&cmd->istate_lock);
3666 use_misc = 1;
3667 ret = iscsit_send_reject(cmd, conn);
3668 break;
3669 case ISTATE_SEND_TASKMGTRSP:
3670 spin_unlock_bh(&cmd->istate_lock);
3671 use_misc = 1;
3672 ret = iscsit_send_task_mgt_rsp(cmd, conn);
3673 if (ret != 0)
3674 break;
3675 ret = iscsit_tmr_post_handler(cmd, conn);
3676 if (ret != 0)
3677 iscsit_fall_back_to_erl0(conn->sess);
3678 break;
3679 case ISTATE_SEND_TEXTRSP:
3680 spin_unlock_bh(&cmd->istate_lock);
3681 use_misc = 1;
3682 ret = iscsit_send_text_rsp(cmd, conn);
3683 break;
3684 default:
3685 pr_err("Unknown Opcode: 0x%02x ITT:"
3686 " 0x%08x, i_state: %d on CID: %hu\n",
3687 cmd->iscsi_opcode, cmd->init_task_tag,
3688 state, conn->cid);
3689 spin_unlock_bh(&cmd->istate_lock);
3690 goto transport_err;
3691 }
3692 if (ret < 0) {
3693 conn->tx_response_queue = 0;
3694 goto transport_err;
3695 }
3696
3697 se_cmd = &cmd->se_cmd;
3698
3699 if (map_sg && !conn->conn_ops->IFMarker) {
3700 if (iscsit_fe_sendpage_sg(cmd, conn) < 0) {
3701 conn->tx_response_queue = 0;
3702 iscsit_tx_thread_wait_for_tcp(conn);
3703 iscsit_unmap_iovec(cmd);
3704 goto transport_err;
3705 }
3706 } else {
3707 if (iscsit_send_tx_data(cmd, conn, use_misc) < 0) {
3708 conn->tx_response_queue = 0;
3709 iscsit_tx_thread_wait_for_tcp(conn);
3710 iscsit_unmap_iovec(cmd);
3711 goto transport_err;
3712 }
3713 }
3714 map_sg = 0;
3715 iscsit_unmap_iovec(cmd);
3716
3717 spin_lock_bh(&cmd->istate_lock);
3718 switch (state) {
3719 case ISTATE_SEND_DATAIN:
3720 if (!eodr)
3721 goto check_rsp_state;
3722
3723 if (eodr == 1) {
3724 cmd->i_state = ISTATE_SENT_LAST_DATAIN;
3725 sent_status = 1;
3726 eodr = use_misc = 0;
3727 } else if (eodr == 2) {
3728 cmd->i_state = state =
3729 ISTATE_SEND_STATUS;
3730 sent_status = 0;
3731 eodr = use_misc = 0;
3732 goto check_rsp_state;
3733 }
3734 break;
3735 case ISTATE_SEND_STATUS:
3736 use_misc = 0;
3737 sent_status = 1;
3738 break;
3739 case ISTATE_SEND_ASYNCMSG:
3740 case ISTATE_SEND_NOPIN:
3741 case ISTATE_SEND_STATUS_RECOVERY:
3742 case ISTATE_SEND_TEXTRSP:
3743 use_misc = 0;
3744 sent_status = 1;
3745 break;
3746 case ISTATE_SEND_REJECT:
3747 use_misc = 0;
3748 if (cmd->cmd_flags & ICF_REJECT_FAIL_CONN) {
3749 cmd->cmd_flags &= ~ICF_REJECT_FAIL_CONN;
3750 spin_unlock_bh(&cmd->istate_lock);
3751 complete(&cmd->reject_comp);
3752 goto transport_err;
3753 }
3754 complete(&cmd->reject_comp);
3755 break;
3756 case ISTATE_SEND_TASKMGTRSP:
3757 use_misc = 0;
3758 sent_status = 1;
3759 break;
3760 case ISTATE_SEND_LOGOUTRSP:
3761 spin_unlock_bh(&cmd->istate_lock);
3762 if (!iscsit_logout_post_handler(cmd, conn))
3763 goto restart;
3764 spin_lock_bh(&cmd->istate_lock);
3765 use_misc = 0;
3766 sent_status = 1;
3767 break;
3768 default:
3769 pr_err("Unknown Opcode: 0x%02x ITT:"
3770 " 0x%08x, i_state: %d on CID: %hu\n",
3771 cmd->iscsi_opcode, cmd->init_task_tag,
3772 cmd->i_state, conn->cid);
3773 spin_unlock_bh(&cmd->istate_lock);
3774 goto transport_err;
3775 }
3776
3777 if (sent_status) {
3778 cmd->i_state = ISTATE_SENT_STATUS;
3779 sent_status = 0;
3780 }
3781 spin_unlock_bh(&cmd->istate_lock);
3782
3783 if (atomic_read(&conn->check_immediate_queue))
3784 goto get_immediate;
3785
3786 goto get_response;
3787 } else
3788 conn->tx_response_queue = 0;
3789 }
3790
3791transport_err:
3792 iscsit_take_action_for_connection_exit(conn);
3793 goto restart;
3794out:
3795 return 0;
3796}
3797
3798int iscsi_target_rx_thread(void *arg)
3799{
3800 int ret;
3801 u8 buffer[ISCSI_HDR_LEN], opcode;
3802 u32 checksum = 0, digest = 0;
3803 struct iscsi_conn *conn = NULL;
3804 struct iscsi_thread_set *ts = arg;
3805 struct kvec iov;
3806
3807
3808
3809
3810 allow_signal(SIGINT);
3811
3812restart:
3813 conn = iscsi_rx_thread_pre_handler(ts);
3814 if (!conn)
3815 goto out;
3816
3817 while (!kthread_should_stop()) {
3818
3819
3820
3821
3822 iscsit_thread_check_cpumask(conn, current, 0);
3823
3824 memset(buffer, 0, ISCSI_HDR_LEN);
3825 memset(&iov, 0, sizeof(struct kvec));
3826
3827 iov.iov_base = buffer;
3828 iov.iov_len = ISCSI_HDR_LEN;
3829
3830 ret = rx_data(conn, &iov, 1, ISCSI_HDR_LEN);
3831 if (ret != ISCSI_HDR_LEN) {
3832 iscsit_rx_thread_wait_for_tcp(conn);
3833 goto transport_err;
3834 }
3835
3836
3837
3838
3839 memcpy(&conn->bad_hdr, &buffer, ISCSI_HDR_LEN);
3840
3841 if (conn->conn_ops->HeaderDigest) {
3842 iov.iov_base = &digest;
3843 iov.iov_len = ISCSI_CRC_LEN;
3844
3845 ret = rx_data(conn, &iov, 1, ISCSI_CRC_LEN);
3846 if (ret != ISCSI_CRC_LEN) {
3847 iscsit_rx_thread_wait_for_tcp(conn);
3848 goto transport_err;
3849 }
3850
3851 iscsit_do_crypto_hash_buf(&conn->conn_rx_hash,
3852 buffer, ISCSI_HDR_LEN,
3853 0, NULL, (u8 *)&checksum);
3854
3855 if (digest != checksum) {
3856 pr_err("HeaderDigest CRC32C failed,"
3857 " received 0x%08x, computed 0x%08x\n",
3858 digest, checksum);
3859
3860
3861
3862
3863 memset(buffer, 0xff, ISCSI_HDR_LEN);
3864 spin_lock_bh(&conn->sess->session_stats_lock);
3865 conn->sess->conn_digest_errors++;
3866 spin_unlock_bh(&conn->sess->session_stats_lock);
3867 } else {
3868 pr_debug("Got HeaderDigest CRC32C"
3869 " 0x%08x\n", checksum);
3870 }
3871 }
3872
3873 if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT)
3874 goto transport_err;
3875
3876 opcode = buffer[0] & ISCSI_OPCODE_MASK;
3877
3878 if (conn->sess->sess_ops->SessionType &&
3879 ((!(opcode & ISCSI_OP_TEXT)) ||
3880 (!(opcode & ISCSI_OP_LOGOUT)))) {
3881 pr_err("Received illegal iSCSI Opcode: 0x%02x"
3882 " while in Discovery Session, rejecting.\n", opcode);
3883 iscsit_add_reject(ISCSI_REASON_PROTOCOL_ERROR, 1,
3884 buffer, conn);
3885 goto transport_err;
3886 }
3887
3888 switch (opcode) {
3889 case ISCSI_OP_SCSI_CMD:
3890 if (iscsit_handle_scsi_cmd(conn, buffer) < 0)
3891 goto transport_err;
3892 break;
3893 case ISCSI_OP_SCSI_DATA_OUT:
3894 if (iscsit_handle_data_out(conn, buffer) < 0)
3895 goto transport_err;
3896 break;
3897 case ISCSI_OP_NOOP_OUT:
3898 if (iscsit_handle_nop_out(conn, buffer) < 0)
3899 goto transport_err;
3900 break;
3901 case ISCSI_OP_SCSI_TMFUNC:
3902 if (iscsit_handle_task_mgt_cmd(conn, buffer) < 0)
3903 goto transport_err;
3904 break;
3905 case ISCSI_OP_TEXT:
3906 if (iscsit_handle_text_cmd(conn, buffer) < 0)
3907 goto transport_err;
3908 break;
3909 case ISCSI_OP_LOGOUT:
3910 ret = iscsit_handle_logout_cmd(conn, buffer);
3911 if (ret > 0) {
3912 wait_for_completion_timeout(&conn->conn_logout_comp,
3913 SECONDS_FOR_LOGOUT_COMP * HZ);
