linux/drivers/target/target_core_sbc.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * SCSI Block Commands (SBC) parsing and emulation.
   4 *
   5 * (c) Copyright 2002-2013 Datera, Inc.
   6 *
   7 * Nicholas A. Bellinger <nab@kernel.org>
   8 */
   9
  10#include <linux/kernel.h>
  11#include <linux/module.h>
  12#include <linux/ratelimit.h>
  13#include <linux/crc-t10dif.h>
  14#include <linux/t10-pi.h>
  15#include <asm/unaligned.h>
  16#include <scsi/scsi_proto.h>
  17#include <scsi/scsi_tcq.h>
  18
  19#include <target/target_core_base.h>
  20#include <target/target_core_backend.h>
  21#include <target/target_core_fabric.h>
  22
  23#include "target_core_internal.h"
  24#include "target_core_ua.h"
  25#include "target_core_alua.h"
  26
  27static sense_reason_t
  28sbc_check_prot(struct se_device *, struct se_cmd *, unsigned char, u32, bool);
  29static sense_reason_t sbc_execute_unmap(struct se_cmd *cmd);
  30
  31static sense_reason_t
  32sbc_emulate_readcapacity(struct se_cmd *cmd)
  33{
  34        struct se_device *dev = cmd->se_dev;
  35        unsigned char *cdb = cmd->t_task_cdb;
  36        unsigned long long blocks_long = dev->transport->get_blocks(dev);
  37        unsigned char *rbuf;
  38        unsigned char buf[8];
  39        u32 blocks;
  40
  41        /*
  42         * SBC-2 says:
  43         *   If the PMI bit is set to zero and the LOGICAL BLOCK
  44         *   ADDRESS field is not set to zero, the device server shall
  45         *   terminate the command with CHECK CONDITION status with
  46         *   the sense key set to ILLEGAL REQUEST and the additional
  47         *   sense code set to INVALID FIELD IN CDB.
  48         *
  49         * In SBC-3, these fields are obsolete, but some SCSI
  50         * compliance tests actually check this, so we might as well
  51         * follow SBC-2.
  52         */
  53        if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5]))
  54                return TCM_INVALID_CDB_FIELD;
  55
  56        if (blocks_long >= 0x00000000ffffffff)
  57                blocks = 0xffffffff;
  58        else
  59                blocks = (u32)blocks_long;
  60
  61        put_unaligned_be32(blocks, &buf[0]);
  62        put_unaligned_be32(dev->dev_attrib.block_size, &buf[4]);
  63
  64        rbuf = transport_kmap_data_sg(cmd);
  65        if (rbuf) {
  66                memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
  67                transport_kunmap_data_sg(cmd);
  68        }
  69
  70        target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, 8);
  71        return 0;
  72}
  73
  74static sense_reason_t
  75sbc_emulate_readcapacity_16(struct se_cmd *cmd)
  76{
  77        struct se_device *dev = cmd->se_dev;
  78        struct se_session *sess = cmd->se_sess;
  79        int pi_prot_type = dev->dev_attrib.pi_prot_type;
  80
  81        unsigned char *rbuf;
  82        unsigned char buf[32];
  83        unsigned long long blocks = dev->transport->get_blocks(dev);
  84
  85        memset(buf, 0, sizeof(buf));
  86        put_unaligned_be64(blocks, &buf[0]);
  87        put_unaligned_be32(dev->dev_attrib.block_size, &buf[8]);
  88        /*
  89         * Set P_TYPE and PROT_EN bits for DIF support
  90         */
  91        if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
  92                /*
  93                 * Only override a device's pi_prot_type if no T10-PI is
  94                 * available, and sess_prot_type has been explicitly enabled.
  95                 */
  96                if (!pi_prot_type)
  97                        pi_prot_type = sess->sess_prot_type;
  98
  99                if (pi_prot_type)
 100                        buf[12] = (pi_prot_type - 1) << 1 | 0x1;
 101        }
 102
 103        if (dev->transport->get_lbppbe)
 104                buf[13] = dev->transport->get_lbppbe(dev) & 0x0f;
 105
 106        if (dev->transport->get_alignment_offset_lbas) {
 107                u16 lalba = dev->transport->get_alignment_offset_lbas(dev);
 108
 109                put_unaligned_be16(lalba, &buf[14]);
 110        }
 111
 112        /*
 113         * Set Thin Provisioning Enable bit following sbc3r22 in section
 114         * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
 115         */
 116        if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) {
 117                buf[14] |= 0x80;
 118
 119                /*
 120                 * LBPRZ signifies that zeroes will be read back from an LBA after
 121                 * an UNMAP or WRITE SAME w/ unmap bit (sbc3r36 5.16.2)
 122                 */
 123                if (dev->dev_attrib.unmap_zeroes_data)
 124                        buf[14] |= 0x40;
 125        }
 126
 127        rbuf = transport_kmap_data_sg(cmd);
 128        if (rbuf) {
 129                memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
 130                transport_kunmap_data_sg(cmd);
 131        }
 132
 133        target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, 32);
 134        return 0;
 135}
 136
 137static sense_reason_t
 138sbc_emulate_startstop(struct se_cmd *cmd)
 139{
 140        unsigned char *cdb = cmd->t_task_cdb;
 141
 142        /*
 143         * See sbc3r36 section 5.25
 144         * Immediate bit should be set since there is nothing to complete
 145         * POWER CONDITION MODIFIER 0h
 146         */
 147        if (!(cdb[1] & 1) || cdb[2] || cdb[3])
 148                return TCM_INVALID_CDB_FIELD;
 149
 150        /*
 151         * See sbc3r36 section 5.25
 152         * POWER CONDITION 0h START_VALID - process START and LOEJ
 153         */
 154        if (cdb[4] >> 4 & 0xf)
 155                return TCM_INVALID_CDB_FIELD;
 156
 157        /*
 158         * See sbc3r36 section 5.25
 159         * LOEJ 0h - nothing to load or unload
 160         * START 1h - we are ready
 161         */
 162        if (!(cdb[4] & 1) || (cdb[4] & 2) || (cdb[4] & 4))
 163                return TCM_INVALID_CDB_FIELD;
 164
 165        target_complete_cmd(cmd, SAM_STAT_GOOD);
 166        return 0;
 167}
 168
 169sector_t sbc_get_write_same_sectors(struct se_cmd *cmd)
 170{
 171        u32 num_blocks;
 172
 173        if (cmd->t_task_cdb[0] == WRITE_SAME)
 174                num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
 175        else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
 176                num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
 177        else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
 178                num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
 179
 180        /*
 181         * Use the explicit range when non zero is supplied, otherwise calculate
 182         * the remaining range based on ->get_blocks() - starting LBA.
 183         */
 184        if (num_blocks)
 185                return num_blocks;
 186
 187        return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
 188                cmd->t_task_lba + 1;
 189}
 190EXPORT_SYMBOL(sbc_get_write_same_sectors);
 191
 192static sense_reason_t
 193sbc_execute_write_same_unmap(struct se_cmd *cmd)
 194{
 195        struct sbc_ops *ops = cmd->protocol_data;
 196        sector_t nolb = sbc_get_write_same_sectors(cmd);
 197        sense_reason_t ret;
 198
 199        if (nolb) {
 200                ret = ops->execute_unmap(cmd, cmd->t_task_lba, nolb);
 201                if (ret)
 202                        return ret;
 203        }
 204
 205        target_complete_cmd(cmd, SAM_STAT_GOOD);
 206        return 0;
 207}
 208
 209static sense_reason_t
 210sbc_emulate_noop(struct se_cmd *cmd)
 211{
 212        target_complete_cmd(cmd, SAM_STAT_GOOD);
 213        return 0;
 214}
 215
 216static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
 217{
 218        return cmd->se_dev->dev_attrib.block_size * sectors;
 219}
 220
 221static inline u32 transport_get_sectors_6(unsigned char *cdb)
 222{
 223        /*
 224         * Use 8-bit sector value.  SBC-3 says:
 225         *
 226         *   A TRANSFER LENGTH field set to zero specifies that 256
 227         *   logical blocks shall be written.  Any other value
 228         *   specifies the number of logical blocks that shall be
 229         *   written.
 230         */
 231        return cdb[4] ? : 256;
 232}
 233
 234static inline u32 transport_get_sectors_10(unsigned char *cdb)
 235{
 236        return get_unaligned_be16(&cdb[7]);
 237}
 238
 239static inline u32 transport_get_sectors_12(unsigned char *cdb)
 240{
 241        return get_unaligned_be32(&cdb[6]);
 242}
 243
 244static inline u32 transport_get_sectors_16(unsigned char *cdb)
 245{
 246        return get_unaligned_be32(&cdb[10]);
 247}
 248
 249/*
 250 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
 251 */
 252static inline u32 transport_get_sectors_32(unsigned char *cdb)
 253{
 254        return get_unaligned_be32(&cdb[28]);
 255
 256}
 257
 258static inline u32 transport_lba_21(unsigned char *cdb)
 259{
 260        return get_unaligned_be24(&cdb[1]) & 0x1fffff;
 261}
 262
 263static inline u32 transport_lba_32(unsigned char *cdb)
 264{
 265        return get_unaligned_be32(&cdb[2]);
 266}
 267
 268static inline unsigned long long transport_lba_64(unsigned char *cdb)
 269{
 270        return get_unaligned_be64(&cdb[2]);
 271}
 272
 273/*
 274 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
 275 */
 276static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
 277{
 278        return get_unaligned_be64(&cdb[12]);
 279}
 280
 281static sense_reason_t
 282sbc_setup_write_same(struct se_cmd *cmd, unsigned char flags, struct sbc_ops *ops)
 283{
 284        struct se_device *dev = cmd->se_dev;
 285        sector_t end_lba = dev->transport->get_blocks(dev) + 1;
 286        unsigned int sectors = sbc_get_write_same_sectors(cmd);
 287        sense_reason_t ret;
 288
 289        if ((flags & 0x04) || (flags & 0x02)) {
 290                pr_err("WRITE_SAME PBDATA and LBDATA"
 291                        " bits not supported for Block Discard"
 292                        " Emulation\n");
 293                return TCM_UNSUPPORTED_SCSI_OPCODE;
 294        }
 295        if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) {
 296                pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n",
 297                        sectors, cmd->se_dev->dev_attrib.max_write_same_len);
 298                return TCM_INVALID_CDB_FIELD;
 299        }
 300        /*
 301         * Sanity check for LBA wrap and request past end of device.
 302         */
 303        if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
 304            ((cmd->t_task_lba + sectors) > end_lba)) {
 305                pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
 306                       (unsigned long long)end_lba, cmd->t_task_lba, sectors);
 307                return TCM_ADDRESS_OUT_OF_RANGE;
 308        }
 309
 310        /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
 311        if (flags & 0x10) {
 312                pr_warn("WRITE SAME with ANCHOR not supported\n");
 313                return TCM_INVALID_CDB_FIELD;
 314        }
 315        /*
 316         * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
 317         * translated into block discard requests within backend code.
 318         */
 319        if (flags & 0x08) {
 320                if (!ops->execute_unmap)
 321                        return TCM_UNSUPPORTED_SCSI_OPCODE;
 322
 323                if (!dev->dev_attrib.emulate_tpws) {
 324                        pr_err("Got WRITE_SAME w/ UNMAP=1, but backend device"
 325                               " has emulate_tpws disabled\n");
 326                        return TCM_UNSUPPORTED_SCSI_OPCODE;
 327                }
 328                cmd->execute_cmd = sbc_execute_write_same_unmap;
 329                return 0;
 330        }
 331        if (!ops->execute_write_same)
 332                return TCM_UNSUPPORTED_SCSI_OPCODE;
 333
 334        ret = sbc_check_prot(dev, cmd, flags >> 5, sectors, true);
 335        if (ret)
 336                return ret;
 337
 338        cmd->execute_cmd = ops->execute_write_same;
 339        return 0;
 340}
 341
 342static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
 343                                           int *post_ret)
 344{
 345        unsigned char *buf, *addr;
 346        struct scatterlist *sg;
 347        unsigned int offset;
 348        sense_reason_t ret = TCM_NO_SENSE;
 349        int i, count;
 350
 351        if (!success)
 352                return 0;
 353
 354        /*
 355         * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
 356         *
 357         * 1) read the specified logical block(s);
 358         * 2) transfer logical blocks from the data-out buffer;
 359         * 3) XOR the logical blocks transferred from the data-out buffer with
 360         *    the logical blocks read, storing the resulting XOR data in a buffer;
 361         * 4) if the DISABLE WRITE bit is set to zero, then write the logical
 362         *    blocks transferred from the data-out buffer; and
 363         * 5) transfer the resulting XOR data to the data-in buffer.
 364         */
 365        buf = kmalloc(cmd->data_length, GFP_KERNEL);
 366        if (!buf) {
 367                pr_err("Unable to allocate xor_callback buf\n");
 368                return TCM_OUT_OF_RESOURCES;
 369        }
 370        /*
 371         * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
 372         * into the locally allocated *buf
 373         */
 374        sg_copy_to_buffer(cmd->t_data_sg,
 375                          cmd->t_data_nents,
 376                          buf,
 377                          cmd->data_length);
 378
 379        /*
 380         * Now perform the XOR against the BIDI read memory located at
 381         * cmd->t_mem_bidi_list
 382         */
 383
 384        offset = 0;
 385        for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
 386                addr = kmap_atomic(sg_page(sg));
 387                if (!addr) {
 388                        ret = TCM_OUT_OF_RESOURCES;
 389                        goto out;
 390                }
 391
 392                for (i = 0; i < sg->length; i++)
 393                        *(addr + sg->offset + i) ^= *(buf + offset + i);
 394
 395                offset += sg->length;
 396                kunmap_atomic(addr);
 397        }
 398
 399out:
 400        kfree(buf);
 401        return ret;
 402}
 403
 404static sense_reason_t
 405sbc_execute_rw(struct se_cmd *cmd)
 406{
 407        struct sbc_ops *ops = cmd->protocol_data;
 408
 409        return ops->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents,
 410                               cmd->data_direction);
 411}
 412
 413static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
 414                                             int *post_ret)
 415{
 416        struct se_device *dev = cmd->se_dev;
 417        sense_reason_t ret = TCM_NO_SENSE;
 418
 419        spin_lock_irq(&cmd->t_state_lock);
 420        if (success) {
 421                *post_ret = 1;
 422
 423                if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
 424                        ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
 425        }
 426        spin_unlock_irq(&cmd->t_state_lock);
 427
 428        /*
 429         * Unlock ->caw_sem originally obtained during sbc_compare_and_write()
 430         * before the original READ I/O submission.
 431         */
 432        up(&dev->caw_sem);
 433
 434        return ret;
 435}
 436
 437/*
 438 * compare @cmp_len bytes of @read_sgl with @cmp_sgl. On miscompare, fill
 439 * @miscmp_off and return TCM_MISCOMPARE_VERIFY.
 440 */
 441static sense_reason_t
 442compare_and_write_do_cmp(struct scatterlist *read_sgl, unsigned int read_nents,
 443                         struct scatterlist *cmp_sgl, unsigned int cmp_nents,
 444                         unsigned int cmp_len, unsigned int *miscmp_off)
 445{
 446        unsigned char *buf = NULL;
 447        struct scatterlist *sg;
 448        sense_reason_t ret;
 449        unsigned int offset;
 450        size_t rc;
 451        int sg_cnt;
 452
 453        buf = kzalloc(cmp_len, GFP_KERNEL);
 454        if (!buf) {
 455                ret = TCM_OUT_OF_RESOURCES;
 456                goto out;
 457        }
 458
 459        rc = sg_copy_to_buffer(cmp_sgl, cmp_nents, buf, cmp_len);
 460        if (!rc) {
 461                pr_err("sg_copy_to_buffer() failed for compare_and_write\n");
 462                ret = TCM_OUT_OF_RESOURCES;
 463                goto out;
 464        }
 465        /*
 466         * Compare SCSI READ payload against verify payload
 467         */
 468        offset = 0;
 469        ret = TCM_NO_SENSE;
 470        for_each_sg(read_sgl, sg, read_nents, sg_cnt) {
 471                unsigned int len = min(sg->length, cmp_len);
 472                unsigned char *addr = kmap_atomic(sg_page(sg));
 473
 474                if (memcmp(addr, buf + offset, len)) {
 475                        unsigned int i;
 476
 477                        for (i = 0; i < len && addr[i] == buf[offset + i]; i++)
 478                                ;
 479                        *miscmp_off = offset + i;
 480                        pr_warn("Detected MISCOMPARE at offset %u\n",
 481                                *miscmp_off);
 482                        ret = TCM_MISCOMPARE_VERIFY;
 483                }
 484                kunmap_atomic(addr);
 485                if (ret != TCM_NO_SENSE)
 486                        goto out;
 487
 488                offset += len;
 489                cmp_len -= len;
 490                if (!cmp_len)
 491                        break;
 492        }
 493        pr_debug("COMPARE AND WRITE read data matches compare data\n");
 494out:
 495        kfree(buf);
 496        return ret;
 497}
 498
 499static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
 500                                                 int *post_ret)
 501{
 502        struct se_device *dev = cmd->se_dev;
 503        struct sg_table write_tbl = { };
 504        struct scatterlist *write_sg;
 505        struct sg_mapping_iter m;
 506        unsigned int len;
 507        unsigned int block_size = dev->dev_attrib.block_size;
 508        unsigned int compare_len = (cmd->t_task_nolb * block_size);
 509        unsigned int miscmp_off = 0;
 510        sense_reason_t ret = TCM_NO_SENSE;
 511        int i;
 512
 513        /*
 514         * Handle early failure in transport_generic_request_failure(),
 515         * which will not have taken ->caw_sem yet..
 516         */
 517        if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
 518                return TCM_NO_SENSE;
 519        /*
 520         * Handle special case for zero-length COMPARE_AND_WRITE
 521         */
 522        if (!cmd->data_length)
 523                goto out;
 524        /*
 525         * Immediately exit + release dev->caw_sem if command has already
 526         * been failed with a non-zero SCSI status.
 527         */
 528        if (cmd->scsi_status) {
 529                pr_debug("compare_and_write_callback: non zero scsi_status:"
 530                        " 0x%02x\n", cmd->scsi_status);
 531                *post_ret = 1;
 532                if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
 533                        ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
 534                goto out;
 535        }
 536
 537        ret = compare_and_write_do_cmp(cmd->t_bidi_data_sg,
 538                                       cmd->t_bidi_data_nents,
 539                                       cmd->t_data_sg,
 540                                       cmd->t_data_nents,
 541                                       compare_len,
 542                                       &miscmp_off);
 543        if (ret == TCM_MISCOMPARE_VERIFY) {
 544                /*
 545                 * SBC-4 r15: 5.3 COMPARE AND WRITE command
 546                 * In the sense data (see 4.18 and SPC-5) the offset from the
 547                 * start of the Data-Out Buffer to the first byte of data that
 548                 * was not equal shall be reported in the INFORMATION field.
 549                 */
 550                cmd->sense_info = miscmp_off;
 551                goto out;
 552        } else if (ret)
 553                goto out;
 554
 555        if (sg_alloc_table(&write_tbl, cmd->t_data_nents, GFP_KERNEL) < 0) {
 556                pr_err("Unable to allocate compare_and_write sg\n");
 557                ret = TCM_OUT_OF_RESOURCES;
 558                goto out;
 559        }
 560        write_sg = write_tbl.sgl;
 561
 562        i = 0;
 563        len = compare_len;
 564        sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG);
 565        /*
 566         * Currently assumes NoLB=1 and SGLs are PAGE_SIZE..
 567         */
 568        while (len) {
 569                sg_miter_next(&m);
 570
 571                if (block_size < PAGE_SIZE) {
 572                        sg_set_page(&write_sg[i], m.page, block_size,
 573                                    m.piter.sg->offset + block_size);
 574                } else {
 575                        sg_miter_next(&m);
 576                        sg_set_page(&write_sg[i], m.page, block_size,
 577                                    m.piter.sg->offset);
 578                }
 579                len -= block_size;
 580                i++;
 581        }
 582        sg_miter_stop(&m);
 583        /*
 584         * Save the original SGL + nents values before updating to new
 585         * assignments, to be released in transport_free_pages() ->
 586         * transport_reset_sgl_orig()
 587         */
 588        cmd->t_data_sg_orig = cmd->t_data_sg;
 589        cmd->t_data_sg = write_sg;
 590        cmd->t_data_nents_orig = cmd->t_data_nents;
 591        cmd->t_data_nents = 1;
 592
 593        cmd->sam_task_attr = TCM_HEAD_TAG;
 594        cmd->transport_complete_callback = compare_and_write_post;
 595        /*
 596         * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler
 597         * for submitting the adjusted SGL to write instance user-data.
 598         */
 599        cmd->execute_cmd = sbc_execute_rw;
 600
 601        spin_lock_irq(&cmd->t_state_lock);
 602        cmd->t_state = TRANSPORT_PROCESSING;
 603        cmd->transport_state |= CMD_T_ACTIVE | CMD_T_SENT;
 604        spin_unlock_irq(&cmd->t_state_lock);
 605
 606        __target_execute_cmd(cmd, false);
 607
 608        return ret;
 609
 610out:
 611        /*
 612         * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in
 613         * sbc_compare_and_write() before the original READ I/O submission.
 614         */
 615        up(&dev->caw_sem);
 616        sg_free_table(&write_tbl);
 617        return ret;
 618}
 619
 620static sense_reason_t
 621sbc_compare_and_write(struct se_cmd *cmd)
 622{
 623        struct sbc_ops *ops = cmd->protocol_data;
 624        struct se_device *dev = cmd->se_dev;
 625        sense_reason_t ret;
 626        int rc;
 627        /*
 628         * Submit the READ first for COMPARE_AND_WRITE to perform the
 629         * comparision using SGLs at cmd->t_bidi_data_sg..
 630         */
 631        rc = down_interruptible(&dev->caw_sem);
 632        if (rc != 0) {
 633                cmd->transport_complete_callback = NULL;
 634                return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
 635        }
 636        /*
 637         * Reset cmd->data_length to individual block_size in order to not
 638         * confuse backend drivers that depend on this value matching the
 639         * size of the I/O being submitted.
 640         */
 641        cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size;
 642
 643        ret = ops->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents,
 644                              DMA_FROM_DEVICE);
 645        if (ret) {
 646                cmd->transport_complete_callback = NULL;
 647                up(&dev->caw_sem);
 648                return ret;
 649        }
 650        /*
 651         * Unlock of dev->caw_sem to occur in compare_and_write_callback()
 652         * upon MISCOMPARE, or in compare_and_write_done() upon completion
 653         * of WRITE instance user-data.
 654         */
 655        return TCM_NO_SENSE;
 656}
 657
 658static int
 659sbc_set_prot_op_checks(u8 protect, bool fabric_prot, enum target_prot_type prot_type,
 660                       bool is_write, struct se_cmd *cmd)
 661{
 662        if (is_write) {
 663                cmd->prot_op = fabric_prot ? TARGET_PROT_DOUT_STRIP :
 664                               protect ? TARGET_PROT_DOUT_PASS :
 665                               TARGET_PROT_DOUT_INSERT;
 666                switch (protect) {
 667                case 0x0:
 668                case 0x3:
 669                        cmd->prot_checks = 0;
 670                        break;
 671                case 0x1:
 672                case 0x5:
 673                        cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
 674                        if (prot_type == TARGET_DIF_TYPE1_PROT)
 675                                cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
 676                        break;
 677                case 0x2:
 678                        if (prot_type == TARGET_DIF_TYPE1_PROT)
 679                                cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
 680                        break;
 681                case 0x4:
 682                        cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
 683                        break;
 684                default:
 685                        pr_err("Unsupported protect field %d\n", protect);
 686                        return -EINVAL;
 687                }
 688        } else {
 689                cmd->prot_op = fabric_prot ? TARGET_PROT_DIN_INSERT :
 690                               protect ? TARGET_PROT_DIN_PASS :
 691                               TARGET_PROT_DIN_STRIP;
 692                switch (protect) {
 693                case 0x0:
 694                case 0x1:
 695                case 0x5:
 696                        cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
 697                        if (prot_type == TARGET_DIF_TYPE1_PROT)
 698                                cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
 699                        break;
 700                case 0x2:
 701                        if (prot_type == TARGET_DIF_TYPE1_PROT)
 702                                cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
 703                        break;
 704                case 0x3:
 705                        cmd->prot_checks = 0;
 706                        break;
 707                case 0x4:
 708                        cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
 709                        break;
 710                default:
 711                        pr_err("Unsupported protect field %d\n", protect);
 712                        return -EINVAL;
 713                }
 714        }
 715
 716        return 0;
 717}
 718
 719static sense_reason_t
 720sbc_check_prot(struct se_device *dev, struct se_cmd *cmd, unsigned char protect,
 721               u32 sectors, bool is_write)
 722{
 723        int sp_ops = cmd->se_sess->sup_prot_ops;
 724        int pi_prot_type = dev->dev_attrib.pi_prot_type;
 725        bool fabric_prot = false;
 726
 727        if (!cmd->t_prot_sg || !cmd->t_prot_nents) {
 728                if (unlikely(protect &&
 729                    !dev->dev_attrib.pi_prot_type && !cmd->se_sess->sess_prot_type)) {
 730                        pr_err("CDB contains protect bit, but device + fabric does"
 731                               " not advertise PROTECT=1 feature bit\n");
 732                        return TCM_INVALID_CDB_FIELD;
 733                }
 734                if (cmd->prot_pto)
 735                        return TCM_NO_SENSE;
 736        }
 737
 738        switch (dev->dev_attrib.pi_prot_type) {
 739        case TARGET_DIF_TYPE3_PROT:
 740                cmd->reftag_seed = 0xffffffff;
 741                break;
 742        case TARGET_DIF_TYPE2_PROT:
 743                if (protect)
 744                        return TCM_INVALID_CDB_FIELD;
 745
 746                cmd->reftag_seed = cmd->t_task_lba;
 747                break;
 748        case TARGET_DIF_TYPE1_PROT:
 749                cmd->reftag_seed = cmd->t_task_lba;
 750                break;
 751        case TARGET_DIF_TYPE0_PROT:
 752                /*
 753                 * See if the fabric supports T10-PI, and the session has been
 754                 * configured to allow export PROTECT=1 feature bit with backend
 755                 * devices that don't support T10-PI.
 756                 */
 757                fabric_prot = is_write ?
 758                              !!(sp_ops & (TARGET_PROT_DOUT_PASS | TARGET_PROT_DOUT_STRIP)) :
 759                              !!(sp_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DIN_INSERT));
 760
 761                if (fabric_prot && cmd->se_sess->sess_prot_type) {
 762                        pi_prot_type = cmd->se_sess->sess_prot_type;
 763                        break;
 764                }
 765                if (!protect)
 766                        return TCM_NO_SENSE;
 767                fallthrough;
 768        default:
 769                pr_err("Unable to determine pi_prot_type for CDB: 0x%02x "
 770                       "PROTECT: 0x%02x\n", cmd->t_task_cdb[0], protect);
 771                return TCM_INVALID_CDB_FIELD;
 772        }
 773
 774        if (sbc_set_prot_op_checks(protect, fabric_prot, pi_prot_type, is_write, cmd))
 775                return TCM_INVALID_CDB_FIELD;
 776
 777        cmd->prot_type = pi_prot_type;
 778        cmd->prot_length = dev->prot_length * sectors;
 779
 780        /**
 781         * In case protection information exists over the wire
 782         * we modify command data length to describe pure data.
 783         * The actual transfer length is data length + protection
 784         * length
 785         **/
 786        if (protect)
 787                cmd->data_length = sectors * dev->dev_attrib.block_size;
 788
 789        pr_debug("%s: prot_type=%d, data_length=%d, prot_length=%d "
 790                 "prot_op=%d prot_checks=%d\n",
 791                 __func__, cmd->prot_type, cmd->data_length, cmd->prot_length,
 792                 cmd->prot_op, cmd->prot_checks);
 793
 794        return TCM_NO_SENSE;
 795}
 796
 797static int
 798sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
 799{
 800        if (cdb[1] & 0x10) {
 801                /* see explanation in spc_emulate_modesense */
 802                if (!target_check_fua(dev)) {
 803                        pr_err("Got CDB: 0x%02x with DPO bit set, but device"
 804                               " does not advertise support for DPO\n", cdb[0]);
 805                        return -EINVAL;
 806                }
 807        }
 808        if (cdb[1] & 0x8) {
 809                if (!target_check_fua(dev)) {
 810                        pr_err("Got CDB: 0x%02x with FUA bit set, but device"
 811                               " does not advertise support for FUA write\n",
 812                               cdb[0]);
 813                        return -EINVAL;
 814                }
 815                cmd->se_cmd_flags |= SCF_FUA;
 816        }
 817        return 0;
 818}
 819
 820sense_reason_t
 821sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
 822{
 823        struct se_device *dev = cmd->se_dev;
 824        unsigned char *cdb = cmd->t_task_cdb;
 825        unsigned int size;
 826        u32 sectors = 0;
 827        sense_reason_t ret;
 828
 829        cmd->protocol_data = ops;
 830
 831        switch (cdb[0]) {
 832        case READ_6:
 833                sectors = transport_get_sectors_6(cdb);
 834                cmd->t_task_lba = transport_lba_21(cdb);
 835                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 836                cmd->execute_cmd = sbc_execute_rw;
 837                break;
 838        case READ_10:
 839                sectors = transport_get_sectors_10(cdb);
 840                cmd->t_task_lba = transport_lba_32(cdb);
 841
 842                if (sbc_check_dpofua(dev, cmd, cdb))
 843                        return TCM_INVALID_CDB_FIELD;
 844
 845                ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, false);
 846                if (ret)
 847                        return ret;
 848
 849                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 850                cmd->execute_cmd = sbc_execute_rw;
 851                break;
 852        case READ_12:
 853                sectors = transport_get_sectors_12(cdb);
 854                cmd->t_task_lba = transport_lba_32(cdb);
 855
 856                if (sbc_check_dpofua(dev, cmd, cdb))
 857                        return TCM_INVALID_CDB_FIELD;
 858
 859                ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, false);
 860                if (ret)
 861                        return ret;
 862
 863                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 864                cmd->execute_cmd = sbc_execute_rw;
 865                break;
 866        case READ_16:
 867                sectors = transport_get_sectors_16(cdb);
 868                cmd->t_task_lba = transport_lba_64(cdb);
 869
 870                if (sbc_check_dpofua(dev, cmd, cdb))
 871                        return TCM_INVALID_CDB_FIELD;
 872
 873                ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, false);
 874                if (ret)
 875                        return ret;
 876
 877                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 878                cmd->execute_cmd = sbc_execute_rw;
 879                break;
 880        case WRITE_6:
 881                sectors = transport_get_sectors_6(cdb);
 882                cmd->t_task_lba = transport_lba_21(cdb);
 883                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 884                cmd->execute_cmd = sbc_execute_rw;
 885                break;
 886        case WRITE_10:
 887        case WRITE_VERIFY:
 888                sectors = transport_get_sectors_10(cdb);
 889                cmd->t_task_lba = transport_lba_32(cdb);
 890
 891                if (sbc_check_dpofua(dev, cmd, cdb))
 892                        return TCM_INVALID_CDB_FIELD;
 893
 894                ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, true);
 895                if (ret)
 896                        return ret;
 897
 898                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 899                cmd->execute_cmd = sbc_execute_rw;
 900                break;
 901        case WRITE_12:
 902                sectors = transport_get_sectors_12(cdb);
 903                cmd->t_task_lba = transport_lba_32(cdb);
 904
 905                if (sbc_check_dpofua(dev, cmd, cdb))
 906                        return TCM_INVALID_CDB_FIELD;
 907
 908                ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, true);
 909                if (ret)
 910                        return ret;
 911
 912                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 913                cmd->execute_cmd = sbc_execute_rw;
 914                break;
 915        case WRITE_16:
 916        case WRITE_VERIFY_16:
 917                sectors = transport_get_sectors_16(cdb);
 918                cmd->t_task_lba = transport_lba_64(cdb);
 919
 920                if (sbc_check_dpofua(dev, cmd, cdb))
 921                        return TCM_INVALID_CDB_FIELD;
 922
 923                ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, true);
 924                if (ret)
 925                        return ret;
 926
 927                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 928                cmd->execute_cmd = sbc_execute_rw;
 929                break;
 930        case XDWRITEREAD_10:
 931                if (cmd->data_direction != DMA_TO_DEVICE ||
 932                    !(cmd->se_cmd_flags & SCF_BIDI))
 933                        return TCM_INVALID_CDB_FIELD;
 934                sectors = transport_get_sectors_10(cdb);
 935
 936                if (sbc_check_dpofua(dev, cmd, cdb))
 937                        return TCM_INVALID_CDB_FIELD;
 938
 939                cmd->t_task_lba = transport_lba_32(cdb);
 940                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 941
 942                /*
 943                 * Setup BIDI XOR callback to be run after I/O completion.
 944                 */
 945                cmd->execute_cmd = sbc_execute_rw;
 946                cmd->transport_complete_callback = &xdreadwrite_callback;
 947                break;
 948        case VARIABLE_LENGTH_CMD:
 949        {
 950                u16 service_action = get_unaligned_be16(&cdb[8]);
 951                switch (service_action) {
 952                case XDWRITEREAD_32:
 953                        sectors = transport_get_sectors_32(cdb);
 954
 955                        if (sbc_check_dpofua(dev, cmd, cdb))
 956                                return TCM_INVALID_CDB_FIELD;
 957                        /*
 958                         * Use WRITE_32 and READ_32 opcodes for the emulated
 959                         * XDWRITE_READ_32 logic.
 960                         */
 961                        cmd->t_task_lba = transport_lba_64_ext(cdb);
 962                        cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
 963
 964                        /*
 965                         * Setup BIDI XOR callback to be run during after I/O
 966                         * completion.
 967                         */
 968                        cmd->execute_cmd = sbc_execute_rw;
 969                        cmd->transport_complete_callback = &xdreadwrite_callback;
 970                        break;
 971                case WRITE_SAME_32:
 972                        sectors = transport_get_sectors_32(cdb);
 973                        if (!sectors) {
 974                                pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
 975                                       " supported\n");
 976                                return TCM_INVALID_CDB_FIELD;
 977                        }
 978
 979                        size = sbc_get_size(cmd, 1);
 980                        cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
 981
 982                        ret = sbc_setup_write_same(cmd, cdb[10], ops);
 983                        if (ret)
 984                                return ret;
 985                        break;
 986                default:
 987                        pr_err("VARIABLE_LENGTH_CMD service action"
 988                                " 0x%04x not supported\n", service_action);
 989                        return TCM_UNSUPPORTED_SCSI_OPCODE;
 990                }
 991                break;
 992        }
 993        case COMPARE_AND_WRITE:
 994                if (!dev->dev_attrib.emulate_caw) {
 995                        pr_err_ratelimited("se_device %s/%s (vpd_unit_serial %s) reject COMPARE_AND_WRITE\n",
 996                                           dev->se_hba->backend->ops->name,
 997                                           config_item_name(&dev->dev_group.cg_item),
 998                                           dev->t10_wwn.unit_serial);
 999                        return TCM_UNSUPPORTED_SCSI_OPCODE;
1000                }
1001                sectors = cdb[13];
1002                /*
1003                 * Currently enforce COMPARE_AND_WRITE for a single sector
1004                 */
1005                if (sectors > 1) {
1006                        pr_err("COMPARE_AND_WRITE contains NoLB: %u greater"
1007                               " than 1\n", sectors);
1008                        return TCM_INVALID_CDB_FIELD;
1009                }
1010                if (sbc_check_dpofua(dev, cmd, cdb))
1011                        return TCM_INVALID_CDB_FIELD;
1012
1013                /*
1014                 * Double size because we have two buffers, note that
1015                 * zero is not an error..
1016                 */
1017                size = 2 * sbc_get_size(cmd, sectors);
1018                cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1019                cmd->t_task_nolb = sectors;
1020                cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE;
1021                cmd->execute_cmd = sbc_compare_and_write;
1022                cmd->transport_complete_callback = compare_and_write_callback;
1023                break;
1024        case READ_CAPACITY:
1025                size = READ_CAP_LEN;
1026                cmd->execute_cmd = sbc_emulate_readcapacity;
1027                break;
1028        case SERVICE_ACTION_IN_16:
1029                switch (cmd->t_task_cdb[1] & 0x1f) {
1030                case SAI_READ_CAPACITY_16:
1031                        cmd->execute_cmd = sbc_emulate_readcapacity_16;
1032                        break;
1033                case SAI_REPORT_REFERRALS:
1034                        cmd->execute_cmd = target_emulate_report_referrals;
1035                        break;
1036                default:
1037                        pr_err("Unsupported SA: 0x%02x\n",
1038                                cmd->t_task_cdb[1] & 0x1f);
1039                        return TCM_INVALID_CDB_FIELD;
1040                }
1041                size = get_unaligned_be32(&cdb[10]);
1042                break;
1043        case SYNCHRONIZE_CACHE:
1044        case SYNCHRONIZE_CACHE_16:
1045                if (cdb[0] == SYNCHRONIZE_CACHE) {
1046                        sectors = transport_get_sectors_10(cdb);
1047                        cmd->t_task_lba = transport_lba_32(cdb);
1048                } else {
1049                        sectors = transport_get_sectors_16(cdb);
1050                        cmd->t_task_lba = transport_lba_64(cdb);
1051                }
1052                if (ops->execute_sync_cache) {
1053                        cmd->execute_cmd = ops->execute_sync_cache;
1054                        goto check_lba;
1055                }
1056                size = 0;
1057                cmd->execute_cmd = sbc_emulate_noop;
1058                break;
1059        case UNMAP:
1060                if (!ops->execute_unmap)
1061                        return TCM_UNSUPPORTED_SCSI_OPCODE;
1062
1063                if (!dev->dev_attrib.emulate_tpu) {
1064                        pr_err("Got UNMAP, but backend device has"
1065                               " emulate_tpu disabled\n");
1066                        return TCM_UNSUPPORTED_SCSI_OPCODE;
1067                }
1068                size = get_unaligned_be16(&cdb[7]);
1069                cmd->execute_cmd = sbc_execute_unmap;
1070                break;
1071        case WRITE_SAME_16:
1072                sectors = transport_get_sectors_16(cdb);
1073                if (!sectors) {
1074                        pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1075                        return TCM_INVALID_CDB_FIELD;
1076                }
1077
1078                size = sbc_get_size(cmd, 1);
1079                cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1080
1081                ret = sbc_setup_write_same(cmd, cdb[1], ops);
1082                if (ret)
1083                        return ret;
1084                break;
1085        case WRITE_SAME:
1086                sectors = transport_get_sectors_10(cdb);
1087                if (!sectors) {
1088                        pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1089                        return TCM_INVALID_CDB_FIELD;
1090                }
1091
1092                size = sbc_get_size(cmd, 1);
1093                cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
1094
1095                /*
1096                 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
1097                 * of byte 1 bit 3 UNMAP instead of original reserved field
1098                 */
1099                ret = sbc_setup_write_same(cmd, cdb[1], ops);
1100                if (ret)
1101                        return ret;
1102                break;
1103        case VERIFY:
1104        case VERIFY_16:
1105                size = 0;
1106                if (cdb[0] == VERIFY) {
1107                        sectors = transport_get_sectors_10(cdb);
1108                        cmd->t_task_lba = transport_lba_32(cdb);
1109                } else {
1110                        sectors = transport_get_sectors_16(cdb);
1111                        cmd->t_task_lba = transport_lba_64(cdb);
1112                }
1113                cmd->execute_cmd = sbc_emulate_noop;
1114                goto check_lba;
1115        case REZERO_UNIT:
1116        case SEEK_6:
1117        case SEEK_10:
1118                /*
1119                 * There are still clients out there which use these old SCSI-2
1120                 * commands. This mainly happens when running VMs with legacy
1121                 * guest systems, connected via SCSI command pass-through to
1122                 * iSCSI targets. Make them happy and return status GOOD.
1123                 */
1124                size = 0;
1125                cmd->execute_cmd = sbc_emulate_noop;
1126                break;
1127        case START_STOP:
1128                size = 0;
1129                cmd->execute_cmd = sbc_emulate_startstop;
1130                break;
1131        default:
1132                ret = spc_parse_cdb(cmd, &size);
1133                if (ret)
1134                        return ret;
1135        }
1136
1137        /* reject any command that we don't have a handler for */
1138        if (!cmd->execute_cmd)
1139                return TCM_UNSUPPORTED_SCSI_OPCODE;
1140
1141        if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1142                unsigned long long end_lba;
1143check_lba:
1144                end_lba = dev->transport->get_blocks(dev) + 1;
1145                if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
1146                    ((cmd->t_task_lba + sectors) > end_lba)) {
1147                        pr_err("cmd exceeds last lba %llu "
1148                                "(lba %llu, sectors %u)\n",
1149                                end_lba, cmd->t_task_lba, sectors);
1150                        return TCM_ADDRESS_OUT_OF_RANGE;
1151                }
1152
1153                if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
1154                        size = sbc_get_size(cmd, sectors);
1155        }
1156
1157        return target_cmd_size_check(cmd, size);
1158}
1159EXPORT_SYMBOL(sbc_parse_cdb);
1160
1161u32 sbc_get_device_type(struct se_device *dev)
1162{
1163        return TYPE_DISK;
1164}
1165EXPORT_SYMBOL(sbc_get_device_type);
1166
1167static sense_reason_t
1168sbc_execute_unmap(struct se_cmd *cmd)
1169{
1170        struct sbc_ops *ops = cmd->protocol_data;
1171        struct se_device *dev = cmd->se_dev;
1172        unsigned char *buf, *ptr = NULL;
1173        sector_t lba;
1174        int size;
1175        u32 range;
1176        sense_reason_t ret = 0;
1177        int dl, bd_dl;
1178
1179        /* We never set ANC_SUP */
1180        if (cmd->t_task_cdb[1])
1181                return TCM_INVALID_CDB_FIELD;
1182
1183        if (cmd->data_length == 0) {
1184                target_complete_cmd(cmd, SAM_STAT_GOOD);
1185                return 0;
1186        }
1187
1188        if (cmd->data_length < 8) {
1189                pr_warn("UNMAP parameter list length %u too small\n",
1190                        cmd->data_length);
1191                return TCM_PARAMETER_LIST_LENGTH_ERROR;
1192        }
1193
1194        buf = transport_kmap_data_sg(cmd);
1195        if (!buf)
1196                return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1197
1198        dl = get_unaligned_be16(&buf[0]);
1199        bd_dl = get_unaligned_be16(&buf[2]);
1200
1201        size = cmd->data_length - 8;
1202        if (bd_dl > size)
1203                pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n",
1204                        cmd->data_length, bd_dl);
1205        else
1206                size = bd_dl;
1207
1208        if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) {
1209                ret = TCM_INVALID_PARAMETER_LIST;
1210                goto err;
1211        }
1212
1213        /* First UNMAP block descriptor starts at 8 byte offset */
1214        ptr = &buf[8];
1215        pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u"
1216                " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1217
1218        while (size >= 16) {
1219                lba = get_unaligned_be64(&ptr[0]);
1220                range = get_unaligned_be32(&ptr[8]);
1221                pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1222                                 (unsigned long long)lba, range);
1223
1224                if (range > dev->dev_attrib.max_unmap_lba_count) {
1225                        ret = TCM_INVALID_PARAMETER_LIST;
1226                        goto err;
1227                }
1228
1229                if (lba + range > dev->transport->get_blocks(dev) + 1) {
1230                        ret = TCM_ADDRESS_OUT_OF_RANGE;
1231                        goto err;
1232                }
1233
1234                if (range) {
1235                        ret = ops->execute_unmap(cmd, lba, range);
1236                        if (ret)
1237                                goto err;
1238                }
1239
1240                ptr += 16;
1241                size -= 16;
1242        }
1243
1244err:
1245        transport_kunmap_data_sg(cmd);
1246        if (!ret)
1247                target_complete_cmd(cmd, SAM_STAT_GOOD);
1248        return ret;
1249}
1250
1251void
1252sbc_dif_generate(struct se_cmd *cmd)
1253{
1254        struct se_device *dev = cmd->se_dev;
1255        struct t10_pi_tuple *sdt;
1256        struct scatterlist *dsg = cmd->t_data_sg, *psg;
1257        sector_t sector = cmd->t_task_lba;
1258        void *daddr, *paddr;
1259        int i, j, offset = 0;
1260        unsigned int block_size = dev->dev_attrib.block_size;
1261
1262        for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1263                paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1264                daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1265
1266                for (j = 0; j < psg->length;
1267                                j += sizeof(*sdt)) {
1268                        __u16 crc;
1269                        unsigned int avail;
1270
1271                        if (offset >= dsg->length) {
1272                                offset -= dsg->length;
1273                                kunmap_atomic(daddr - dsg->offset);
1274                                dsg = sg_next(dsg);
1275                                if (!dsg) {
1276                                        kunmap_atomic(paddr - psg->offset);
1277                                        return;
1278                                }
1279                                daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1280                        }
1281
1282                        sdt = paddr + j;
1283                        avail = min(block_size, dsg->length - offset);
1284                        crc = crc_t10dif(daddr + offset, avail);
1285                        if (avail < block_size) {
1286                                kunmap_atomic(daddr - dsg->offset);
1287                                dsg = sg_next(dsg);
1288                                if (!dsg) {
1289                                        kunmap_atomic(paddr - psg->offset);
1290                                        return;
1291                                }
1292                                daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1293                                offset = block_size - avail;
1294                                crc = crc_t10dif_update(crc, daddr, offset);
1295                        } else {
1296                                offset += block_size;
1297                        }
1298
1299                        sdt->guard_tag = cpu_to_be16(crc);
1300                        if (cmd->prot_type == TARGET_DIF_TYPE1_PROT)
1301                                sdt->ref_tag = cpu_to_be32(sector & 0xffffffff);
1302                        sdt->app_tag = 0;
1303
1304                        pr_debug("DIF %s INSERT sector: %llu guard_tag: 0x%04x"
1305                                 " app_tag: 0x%04x ref_tag: %u\n",
1306                                 (cmd->data_direction == DMA_TO_DEVICE) ?
1307                                 "WRITE" : "READ", (unsigned long long)sector,
1308                                 sdt->guard_tag, sdt->app_tag,
1309                                 be32_to_cpu(sdt->ref_tag));
1310
1311                        sector++;
1312                }
1313
1314                kunmap_atomic(daddr - dsg->offset);
1315                kunmap_atomic(paddr - psg->offset);
1316        }
1317}
1318
1319static sense_reason_t
1320sbc_dif_v1_verify(struct se_cmd *cmd, struct t10_pi_tuple *sdt,
1321                  __u16 crc, sector_t sector, unsigned int ei_lba)
1322{
1323        __be16 csum;
1324
1325        if (!(cmd->prot_checks & TARGET_DIF_CHECK_GUARD))
1326                goto check_ref;
1327
1328        csum = cpu_to_be16(crc);
1329
1330        if (sdt->guard_tag != csum) {
1331                pr_err("DIFv1 checksum failed on sector %llu guard tag 0x%04x"
1332                        " csum 0x%04x\n", (unsigned long long)sector,
1333                        be16_to_cpu(sdt->guard_tag), be16_to_cpu(csum));
1334                return TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED;
1335        }
1336
1337check_ref:
1338        if (!(cmd->prot_checks & TARGET_DIF_CHECK_REFTAG))
1339                return 0;
1340
1341        if (cmd->prot_type == TARGET_DIF_TYPE1_PROT &&
1342            be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
1343                pr_err("DIFv1 Type 1 reference failed on sector: %llu tag: 0x%08x"
1344                       " sector MSB: 0x%08x\n", (unsigned long long)sector,
1345                       be32_to_cpu(sdt->ref_tag), (u32)(sector & 0xffffffff));
1346                return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1347        }
1348
1349        if (cmd->prot_type == TARGET_DIF_TYPE2_PROT &&
1350            be32_to_cpu(sdt->ref_tag) != ei_lba) {
1351                pr_err("DIFv1 Type 2 reference failed on sector: %llu tag: 0x%08x"
1352                       " ei_lba: 0x%08x\n", (unsigned long long)sector,
1353                        be32_to_cpu(sdt->ref_tag), ei_lba);
1354                return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1355        }
1356
1357        return 0;
1358}
1359
1360void sbc_dif_copy_prot(struct se_cmd *cmd, unsigned int sectors, bool read,
1361                       struct scatterlist *sg, int sg_off)
1362{
1363        struct se_device *dev = cmd->se_dev;
1364        struct scatterlist *psg;
1365        void *paddr, *addr;
1366        unsigned int i, len, left;
1367        unsigned int offset = sg_off;
1368
1369        if (!sg)
1370                return;
1371
1372        left = sectors * dev->prot_length;
1373
1374        for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1375                unsigned int psg_len, copied = 0;
1376
1377                paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1378                psg_len = min(left, psg->length);
1379                while (psg_len) {
1380                        len = min(psg_len, sg->length - offset);
1381                        addr = kmap_atomic(sg_page(sg)) + sg->offset + offset;
1382
1383                        if (read)
1384                                memcpy(paddr + copied, addr, len);
1385                        else
1386                                memcpy(addr, paddr + copied, len);
1387
1388                        left -= len;
1389                        offset += len;
1390                        copied += len;
1391                        psg_len -= len;
1392
1393                        kunmap_atomic(addr - sg->offset - offset);
1394
1395                        if (offset >= sg->length) {
1396                                sg = sg_next(sg);
1397                                offset = 0;
1398                        }
1399                }
1400                kunmap_atomic(paddr - psg->offset);
1401        }
1402}
1403EXPORT_SYMBOL(sbc_dif_copy_prot);
1404
1405sense_reason_t
1406sbc_dif_verify(struct se_cmd *cmd, sector_t start, unsigned int sectors,
1407               unsigned int ei_lba, struct scatterlist *psg, int psg_off)
1408{
1409        struct se_device *dev = cmd->se_dev;
1410        struct t10_pi_tuple *sdt;
1411        struct scatterlist *dsg = cmd->t_data_sg;
1412        sector_t sector = start;
1413        void *daddr, *paddr;
1414        int i;
1415        sense_reason_t rc;
1416        int dsg_off = 0;
1417        unsigned int block_size = dev->dev_attrib.block_size;
1418
1419        for (; psg && sector < start + sectors; psg = sg_next(psg)) {
1420                paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1421                daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1422
1423                for (i = psg_off; i < psg->length &&
1424                                sector < start + sectors;
1425                                i += sizeof(*sdt)) {
1426                        __u16 crc;
1427                        unsigned int avail;
1428
1429                        if (dsg_off >= dsg->length) {
1430                                dsg_off -= dsg->length;
1431                                kunmap_atomic(daddr - dsg->offset);
1432                                dsg = sg_next(dsg);
1433                                if (!dsg) {
1434                                        kunmap_atomic(paddr - psg->offset);
1435                                        return 0;
1436                                }
1437                                daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1438                        }
1439
1440                        sdt = paddr + i;
1441
1442                        pr_debug("DIF READ sector: %llu guard_tag: 0x%04x"
1443                                 " app_tag: 0x%04x ref_tag: %u\n",
1444                                 (unsigned long long)sector, sdt->guard_tag,
1445                                 sdt->app_tag, be32_to_cpu(sdt->ref_tag));
1446
1447                        if (sdt->app_tag == T10_PI_APP_ESCAPE) {
1448                                dsg_off += block_size;
1449                                goto next;
1450                        }
1451
1452                        avail = min(block_size, dsg->length - dsg_off);
1453                        crc = crc_t10dif(daddr + dsg_off, avail);
1454                        if (avail < block_size) {
1455                                kunmap_atomic(daddr - dsg->offset);
1456                                dsg = sg_next(dsg);
1457                                if (!dsg) {
1458                                        kunmap_atomic(paddr - psg->offset);
1459                                        return 0;
1460                                }
1461                                daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1462                                dsg_off = block_size - avail;
1463                                crc = crc_t10dif_update(crc, daddr, dsg_off);
1464                        } else {
1465                                dsg_off += block_size;
1466                        }
1467
1468                        rc = sbc_dif_v1_verify(cmd, sdt, crc, sector, ei_lba);
1469                        if (rc) {
1470                                kunmap_atomic(daddr - dsg->offset);
1471                                kunmap_atomic(paddr - psg->offset);
1472                                cmd->sense_info = sector;
1473                                return rc;
1474                        }
1475next:
1476                        sector++;
1477                        ei_lba++;
1478                }
1479
1480                psg_off = 0;
1481                kunmap_atomic(daddr - dsg->offset);
1482                kunmap_atomic(paddr - psg->offset);
1483        }
1484
1485        return 0;
1486}
1487EXPORT_SYMBOL(sbc_dif_verify);
1488