linux-hardened/drivers/scsi/scsi_tgt_lib.c
FUJITA Tomonori a52decafbe [SCSI] tgt: remove the code to build sense
tgt notifies a LLD of the failure with sense when it hits the
user-space daemon bugs. However, tgt doesn't know anything about SCSI
devices that initiators talks to. So it's impossible to send proper
sense buffer (format and contents).

This patch changes tgt not to notify a LLD of the failure with bogus
sense. Instead, tgt just re-queues the failure command to the internal
list so that it will be freed cleanly later on when the scsi_host is
removed.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Mike Christie <michaelc@cs.wisc.edu>
Signed-off-by: James Bottomley <James.Bottomley@SteelEye.com>
2007-03-20 10:52:59 -05:00

622 lines
15 KiB
C

/*
* SCSI target lib functions
*
* Copyright (C) 2005 Mike Christie <michaelc@cs.wisc.edu>
* Copyright (C) 2005 FUJITA Tomonori <tomof@acm.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA
*/
#include <linux/blkdev.h>
#include <linux/hash.h>
#include <linux/module.h>
#include <linux/pagemap.h>
#include <scsi/scsi.h>
#include <scsi/scsi_cmnd.h>
#include <scsi/scsi_device.h>
#include <scsi/scsi_host.h>
#include <scsi/scsi_tgt.h>
#include "scsi_tgt_priv.h"
static struct workqueue_struct *scsi_tgtd;
static struct kmem_cache *scsi_tgt_cmd_cache;
/*
* TODO: this struct will be killed when the block layer supports large bios
* and James's work struct code is in
*/
struct scsi_tgt_cmd {
/* TODO replace work with James b's code */
struct work_struct work;
/* TODO fix limits of some drivers */
struct bio *bio;
struct list_head hash_list;
struct request *rq;
u64 tag;
};
#define TGT_HASH_ORDER 4
#define cmd_hashfn(tag) hash_long((unsigned long) (tag), TGT_HASH_ORDER)
struct scsi_tgt_queuedata {
struct Scsi_Host *shost;
struct list_head cmd_hash[1 << TGT_HASH_ORDER];
spinlock_t cmd_hash_lock;
};
/*
* Function: scsi_host_get_command()
*
* Purpose: Allocate and setup a scsi command block and blk request
*
* Arguments: shost - scsi host
* data_dir - dma data dir
* gfp_mask- allocator flags
*
* Returns: The allocated scsi command structure.
*
* This should be called by target LLDs to get a command.
*/
struct scsi_cmnd *scsi_host_get_command(struct Scsi_Host *shost,
enum dma_data_direction data_dir,
gfp_t gfp_mask)
{
int write = (data_dir == DMA_TO_DEVICE);
struct request *rq;
struct scsi_cmnd *cmd;
struct scsi_tgt_cmd *tcmd;
/* Bail if we can't get a reference to the device */
if (!get_device(&shost->shost_gendev))
return NULL;
tcmd = kmem_cache_alloc(scsi_tgt_cmd_cache, GFP_ATOMIC);
if (!tcmd)
goto put_dev;
/*
* The blk helpers are used to the READ/WRITE requests
* transfering data from a initiator point of view. Since
* we are in target mode we want the opposite.
*/
rq = blk_get_request(shost->uspace_req_q, !write, gfp_mask);
if (!rq)
goto free_tcmd;
cmd = __scsi_get_command(shost, gfp_mask);
if (!cmd)
goto release_rq;
memset(cmd, 0, sizeof(*cmd));
cmd->sc_data_direction = data_dir;
cmd->jiffies_at_alloc = jiffies;
cmd->request = rq;
rq->special = cmd;
rq->cmd_type = REQ_TYPE_SPECIAL;
rq->cmd_flags |= REQ_TYPE_BLOCK_PC;
rq->end_io_data = tcmd;
tcmd->rq = rq;
return cmd;
release_rq:
blk_put_request(rq);
free_tcmd:
kmem_cache_free(scsi_tgt_cmd_cache, tcmd);
put_dev:
put_device(&shost->shost_gendev);
return NULL;
}
EXPORT_SYMBOL_GPL(scsi_host_get_command);
/*
* Function: scsi_host_put_command()
*
* Purpose: Free a scsi command block
*
* Arguments: shost - scsi host
* cmd - command block to free
*
* Returns: Nothing.
*
* Notes: The command must not belong to any lists.
*/
void scsi_host_put_command(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
{
struct request_queue *q = shost->uspace_req_q;
struct request *rq = cmd->request;
struct scsi_tgt_cmd *tcmd = rq->end_io_data;
unsigned long flags;
kmem_cache_free(scsi_tgt_cmd_cache, tcmd);
spin_lock_irqsave(q->queue_lock, flags);
__blk_put_request(q, rq);
spin_unlock_irqrestore(q->queue_lock, flags);
__scsi_put_command(shost, cmd, &shost->shost_gendev);
}
EXPORT_SYMBOL_GPL(scsi_host_put_command);
static void cmd_hashlist_del(struct scsi_cmnd *cmd)
{
struct request_queue *q = cmd->request->q;
struct scsi_tgt_queuedata *qdata = q->queuedata;
unsigned long flags;
struct scsi_tgt_cmd *tcmd = cmd->request->end_io_data;
spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
list_del(&tcmd->hash_list);
spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
}
static void scsi_unmap_user_pages(struct scsi_tgt_cmd *tcmd)
{
blk_rq_unmap_user(tcmd->bio);
}
static void scsi_tgt_cmd_destroy(struct work_struct *work)
{
struct scsi_tgt_cmd *tcmd =
container_of(work, struct scsi_tgt_cmd, work);
struct scsi_cmnd *cmd = tcmd->rq->special;
dprintk("cmd %p %d %lu\n", cmd, cmd->sc_data_direction,
rq_data_dir(cmd->request));
scsi_unmap_user_pages(tcmd);
scsi_host_put_command(scsi_tgt_cmd_to_host(cmd), cmd);
}
static void init_scsi_tgt_cmd(struct request *rq, struct scsi_tgt_cmd *tcmd,
u64 tag)
{
struct scsi_tgt_queuedata *qdata = rq->q->queuedata;
unsigned long flags;
struct list_head *head;
tcmd->tag = tag;
tcmd->bio = NULL;
INIT_WORK(&tcmd->work, scsi_tgt_cmd_destroy);
spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
head = &qdata->cmd_hash[cmd_hashfn(tag)];
list_add(&tcmd->hash_list, head);
spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
}
/*
* scsi_tgt_alloc_queue - setup queue used for message passing
* shost: scsi host
*
* This should be called by the LLD after host allocation.
* And will be released when the host is released.
*/
int scsi_tgt_alloc_queue(struct Scsi_Host *shost)
{
struct scsi_tgt_queuedata *queuedata;
struct request_queue *q;
int err, i;
/*
* Do we need to send a netlink event or should uspace
* just respond to the hotplug event?
*/
q = __scsi_alloc_queue(shost, NULL);
if (!q)
return -ENOMEM;
queuedata = kzalloc(sizeof(*queuedata), GFP_KERNEL);
if (!queuedata) {
err = -ENOMEM;
goto cleanup_queue;
}
queuedata->shost = shost;
q->queuedata = queuedata;
/*
* this is a silly hack. We should probably just queue as many
* command as is recvd to userspace. uspace can then make
* sure we do not overload the HBA
*/
q->nr_requests = shost->hostt->can_queue;
/*
* We currently only support software LLDs so this does
* not matter for now. Do we need this for the cards we support?
* If so we should make it a host template value.
*/
blk_queue_dma_alignment(q, 0);
shost->uspace_req_q = q;
for (i = 0; i < ARRAY_SIZE(queuedata->cmd_hash); i++)
INIT_LIST_HEAD(&queuedata->cmd_hash[i]);
spin_lock_init(&queuedata->cmd_hash_lock);
return 0;
cleanup_queue:
blk_cleanup_queue(q);
return err;
}
EXPORT_SYMBOL_GPL(scsi_tgt_alloc_queue);
void scsi_tgt_free_queue(struct Scsi_Host *shost)
{
int i;
unsigned long flags;
struct request_queue *q = shost->uspace_req_q;
struct scsi_cmnd *cmd;
struct scsi_tgt_queuedata *qdata = q->queuedata;
struct scsi_tgt_cmd *tcmd, *n;
LIST_HEAD(cmds);
spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
for (i = 0; i < ARRAY_SIZE(qdata->cmd_hash); i++) {
list_for_each_entry_safe(tcmd, n, &qdata->cmd_hash[i],
hash_list) {
list_del(&tcmd->hash_list);
list_add(&tcmd->hash_list, &cmds);
}
}
spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
while (!list_empty(&cmds)) {
tcmd = list_entry(cmds.next, struct scsi_tgt_cmd, hash_list);
list_del(&tcmd->hash_list);
cmd = tcmd->rq->special;
shost->hostt->eh_abort_handler(cmd);
scsi_tgt_cmd_destroy(&tcmd->work);
}
}
EXPORT_SYMBOL_GPL(scsi_tgt_free_queue);
struct Scsi_Host *scsi_tgt_cmd_to_host(struct scsi_cmnd *cmd)
{
struct scsi_tgt_queuedata *queue = cmd->request->q->queuedata;
return queue->shost;
}
EXPORT_SYMBOL_GPL(scsi_tgt_cmd_to_host);
/*
* scsi_tgt_queue_command - queue command for userspace processing
* @cmd: scsi command
* @scsilun: scsi lun
* @tag: unique value to identify this command for tmf
*/
int scsi_tgt_queue_command(struct scsi_cmnd *cmd, struct scsi_lun *scsilun,
u64 tag)
{
struct scsi_tgt_cmd *tcmd = cmd->request->end_io_data;
int err;
init_scsi_tgt_cmd(cmd->request, tcmd, tag);
err = scsi_tgt_uspace_send_cmd(cmd, scsilun, tag);
if (err)
cmd_hashlist_del(cmd);
return err;
}
EXPORT_SYMBOL_GPL(scsi_tgt_queue_command);
/*
* This is run from a interrpt handler normally and the unmap
* needs process context so we must queue
*/
static void scsi_tgt_cmd_done(struct scsi_cmnd *cmd)
{
struct scsi_tgt_cmd *tcmd = cmd->request->end_io_data;
dprintk("cmd %p %lu\n", cmd, rq_data_dir(cmd->request));
scsi_tgt_uspace_send_status(cmd, tcmd->tag);
if (cmd->request_buffer)
scsi_free_sgtable(cmd->request_buffer, cmd->sglist_len);
queue_work(scsi_tgtd, &tcmd->work);
}
static int scsi_tgt_transfer_response(struct scsi_cmnd *cmd)
{
struct Scsi_Host *shost = scsi_tgt_cmd_to_host(cmd);
int err;
dprintk("cmd %p %lu\n", cmd, rq_data_dir(cmd->request));
err = shost->hostt->transfer_response(cmd, scsi_tgt_cmd_done);
switch (err) {
case SCSI_MLQUEUE_HOST_BUSY:
case SCSI_MLQUEUE_DEVICE_BUSY:
return -EAGAIN;
}
return 0;
}
static int scsi_tgt_init_cmd(struct scsi_cmnd *cmd, gfp_t gfp_mask)
{
struct request *rq = cmd->request;
int count;
cmd->use_sg = rq->nr_phys_segments;
cmd->request_buffer = scsi_alloc_sgtable(cmd, gfp_mask);
if (!cmd->request_buffer)
return -ENOMEM;
cmd->request_bufflen = rq->data_len;
dprintk("cmd %p cnt %d %lu\n", cmd, cmd->use_sg, rq_data_dir(rq));
count = blk_rq_map_sg(rq->q, rq, cmd->request_buffer);
if (likely(count <= cmd->use_sg)) {
cmd->use_sg = count;
return 0;
}
eprintk("cmd %p cnt %d\n", cmd, cmd->use_sg);
scsi_free_sgtable(cmd->request_buffer, cmd->sglist_len);
return -EINVAL;
}
/* TODO: test this crap and replace bio_map_user with new interface maybe */
static int scsi_map_user_pages(struct scsi_tgt_cmd *tcmd, struct scsi_cmnd *cmd,
unsigned long uaddr, unsigned int len, int rw)
{
struct request_queue *q = cmd->request->q;
struct request *rq = cmd->request;
int err;
dprintk("%lx %u\n", uaddr, len);
err = blk_rq_map_user(q, rq, (void *)uaddr, len);
if (err) {
/*
* TODO: need to fixup sg_tablesize, max_segment_size,
* max_sectors, etc for modern HW and software drivers
* where this value is bogus.
*
* TODO2: we can alloc a reserve buffer of max size
* we can handle and do the slow copy path for really large
* IO.
*/
eprintk("Could not handle request of size %u.\n", len);
return err;
}
tcmd->bio = rq->bio;
err = scsi_tgt_init_cmd(cmd, GFP_KERNEL);
if (err)
goto unmap_rq;
return 0;
unmap_rq:
scsi_unmap_user_pages(tcmd);
return err;
}
static int scsi_tgt_copy_sense(struct scsi_cmnd *cmd, unsigned long uaddr,
unsigned len)
{
char __user *p = (char __user *) uaddr;
if (copy_from_user(cmd->sense_buffer, p,
min_t(unsigned, SCSI_SENSE_BUFFERSIZE, len))) {
printk(KERN_ERR "Could not copy the sense buffer\n");
return -EIO;
}
return 0;
}
static int scsi_tgt_abort_cmd(struct Scsi_Host *shost, struct scsi_cmnd *cmd)
{
struct scsi_tgt_cmd *tcmd;
int err;
err = shost->hostt->eh_abort_handler(cmd);
if (err)
eprintk("fail to abort %p\n", cmd);
tcmd = cmd->request->end_io_data;
scsi_tgt_cmd_destroy(&tcmd->work);
return err;
}
static struct request *tgt_cmd_hash_lookup(struct request_queue *q, u64 tag)
{
struct scsi_tgt_queuedata *qdata = q->queuedata;
struct request *rq = NULL;
struct list_head *head;
struct scsi_tgt_cmd *tcmd;
unsigned long flags;
head = &qdata->cmd_hash[cmd_hashfn(tag)];
spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
list_for_each_entry(tcmd, head, hash_list) {
if (tcmd->tag == tag) {
rq = tcmd->rq;
list_del(&tcmd->hash_list);
break;
}
}
spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
return rq;
}
int scsi_tgt_kspace_exec(int host_no, int result, u64 tag,
unsigned long uaddr, u32 len, unsigned long sense_uaddr,
u32 sense_len, u8 rw)
{
struct Scsi_Host *shost;
struct scsi_cmnd *cmd;
struct request *rq;
struct scsi_tgt_cmd *tcmd;
int err = 0;
dprintk("%d %llu %d %u %lx %u\n", host_no, (unsigned long long) tag,
result, len, uaddr, rw);
/* TODO: replace with a O(1) alg */
shost = scsi_host_lookup(host_no);
if (IS_ERR(shost)) {
printk(KERN_ERR "Could not find host no %d\n", host_no);
return -EINVAL;
}
if (!shost->uspace_req_q) {
printk(KERN_ERR "Not target scsi host %d\n", host_no);
goto done;
}
rq = tgt_cmd_hash_lookup(shost->uspace_req_q, tag);
if (!rq) {
printk(KERN_ERR "Could not find tag %llu\n",
(unsigned long long) tag);
err = -EINVAL;
goto done;
}
cmd = rq->special;
dprintk("cmd %p scb %x result %d len %d bufflen %u %lu %x\n",
cmd, cmd->cmnd[0], result, len, cmd->request_bufflen,
rq_data_dir(rq), cmd->cmnd[0]);
if (result == TASK_ABORTED) {
scsi_tgt_abort_cmd(shost, cmd);
goto done;
}
/*
* store the userspace values here, the working values are
* in the request_* values
*/
tcmd = cmd->request->end_io_data;
cmd->result = result;
if (cmd->result == SAM_STAT_CHECK_CONDITION)
scsi_tgt_copy_sense(cmd, sense_uaddr, sense_len);
if (len) {
err = scsi_map_user_pages(rq->end_io_data, cmd, uaddr, len, rw);
if (err) {
/*
* user-space daemon bugs or OOM
* TODO: we can do better for OOM.
*/
struct scsi_tgt_queuedata *qdata;
struct list_head *head;
unsigned long flags;
eprintk("cmd %p ret %d uaddr %lx len %d rw %d\n",
cmd, err, uaddr, len, rw);
qdata = shost->uspace_req_q->queuedata;
head = &qdata->cmd_hash[cmd_hashfn(tcmd->tag)];
spin_lock_irqsave(&qdata->cmd_hash_lock, flags);
list_add(&tcmd->hash_list, head);
spin_unlock_irqrestore(&qdata->cmd_hash_lock, flags);
goto done;
}
}
err = scsi_tgt_transfer_response(cmd);
done:
scsi_host_put(shost);
return err;
}
int scsi_tgt_tsk_mgmt_request(struct Scsi_Host *shost, int function, u64 tag,
struct scsi_lun *scsilun, void *data)
{
int err;
/* TODO: need to retry if this fails. */
err = scsi_tgt_uspace_send_tsk_mgmt(shost->host_no, function,
tag, scsilun, data);
if (err < 0)
eprintk("The task management request lost!\n");
return err;
}
EXPORT_SYMBOL_GPL(scsi_tgt_tsk_mgmt_request);
int scsi_tgt_kspace_tsk_mgmt(int host_no, u64 mid, int result)
{
struct Scsi_Host *shost;
int err = -EINVAL;
dprintk("%d %d %llx\n", host_no, result, (unsigned long long) mid);
shost = scsi_host_lookup(host_no);
if (IS_ERR(shost)) {
printk(KERN_ERR "Could not find host no %d\n", host_no);
return err;
}
if (!shost->uspace_req_q) {
printk(KERN_ERR "Not target scsi host %d\n", host_no);
goto done;
}
err = shost->hostt->tsk_mgmt_response(mid, result);
done:
scsi_host_put(shost);
return err;
}
static int __init scsi_tgt_init(void)
{
int err;
scsi_tgt_cmd_cache = kmem_cache_create("scsi_tgt_cmd",
sizeof(struct scsi_tgt_cmd),
0, 0, NULL, NULL);
if (!scsi_tgt_cmd_cache)
return -ENOMEM;
scsi_tgtd = create_workqueue("scsi_tgtd");
if (!scsi_tgtd) {
err = -ENOMEM;
goto free_kmemcache;
}
err = scsi_tgt_if_init();
if (err)
goto destroy_wq;
return 0;
destroy_wq:
destroy_workqueue(scsi_tgtd);
free_kmemcache:
kmem_cache_destroy(scsi_tgt_cmd_cache);
return err;
}
static void __exit scsi_tgt_exit(void)
{
destroy_workqueue(scsi_tgtd);
scsi_tgt_if_exit();
kmem_cache_destroy(scsi_tgt_cmd_cache);
}
module_init(scsi_tgt_init);
module_exit(scsi_tgt_exit);
MODULE_DESCRIPTION("SCSI target core");
MODULE_LICENSE("GPL");