]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - drivers/target/target_core_sbc.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target: Fix VERIFY_16 handling in sbc_parse_cdb
[mirror_ubuntu-zesty-kernel.git] / drivers / target / target_core_sbc.c
CommitLineData
d6e0175c
CH		 1/*
2 * SCSI Block Commands (SBC) parsing and emulation.
3 *
4c76251e 4 * (c) Copyright 2002-2013 Datera, Inc.
d6e0175c
CH		 5 *
6 * Nicholas A. Bellinger <nab@kernel.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 */
22
23#include <linux/kernel.h>
24#include <linux/module.h>
25#include <linux/ratelimit.h>
41861fa8 26#include <linux/crc-t10dif.h>
8dcf07be 27#include <linux/t10-pi.h>
d6e0175c 28#include <asm/unaligned.h>
ba929992 29#include <scsi/scsi_proto.h>
68ff9b9b 30#include <scsi/scsi_tcq.h>
d6e0175c
CH		 31
32#include <target/target_core_base.h>
33#include <target/target_core_backend.h>
34#include <target/target_core_fabric.h>
35
36#include "target_core_internal.h"
37#include "target_core_ua.h"
c66094bf 38#include "target_core_alua.h"
d6e0175c 39
afd73f1b
NB		 40static sense_reason_t
41sbc_check_prot(struct se_device *, struct se_cmd *, unsigned char *, u32, bool);
62e46942 42static sense_reason_t sbc_execute_unmap(struct se_cmd *cmd);
afd73f1b 43
de103c93
CH		 44static sense_reason_t
45sbc_emulate_readcapacity(struct se_cmd *cmd)
1fd032ee
CH		 46{
47 struct se_device *dev = cmd->se_dev;
8dc8632a 48 unsigned char *cdb = cmd->t_task_cdb;
1fd032ee 49 unsigned long long blocks_long = dev->transport->get_blocks(dev);
a50da144
PB		 50 unsigned char *rbuf;
51 unsigned char buf[8];
1fd032ee
CH		 52 u32 blocks;
53
8dc8632a
RD		 54 /*
55 * SBC-2 says:
56 * If the PMI bit is set to zero and the LOGICAL BLOCK
57 * ADDRESS field is not set to zero, the device server shall
58 * terminate the command with CHECK CONDITION status with
59 * the sense key set to ILLEGAL REQUEST and the additional
60 * sense code set to INVALID FIELD IN CDB.
61 *
62 * In SBC-3, these fields are obsolete, but some SCSI
63 * compliance tests actually check this, so we might as well
64 * follow SBC-2.
65 */
66 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5]))
67 return TCM_INVALID_CDB_FIELD;
68
1fd032ee
CH		 69 if (blocks_long >= 0x00000000ffffffff)
70 blocks = 0xffffffff;
71 else
72 blocks = (u32)blocks_long;
73
1fd032ee
CH		 74 buf[0] = (blocks >> 24) & 0xff;
75 buf[1] = (blocks >> 16) & 0xff;
76 buf[2] = (blocks >> 8) & 0xff;
77 buf[3] = blocks & 0xff;
0fd97ccf
CH		 78 buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff;
79 buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff;
80 buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff;
81 buf[7] = dev->dev_attrib.block_size & 0xff;
1fd032ee 82
a50da144 83 rbuf = transport_kmap_data_sg(cmd);
8b4b0dcb
NB		 84 if (rbuf) {
85 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
86 transport_kunmap_data_sg(cmd);
87 }
1fd032ee 88
2426bd45 89 target_complete_cmd_with_length(cmd, GOOD, 8);
1fd032ee
CH		 90 return 0;
91}
92
de103c93
CH		 93static sense_reason_t
94sbc_emulate_readcapacity_16(struct se_cmd *cmd)
1fd032ee
CH		 95{
96 struct se_device *dev = cmd->se_dev;
2d335983 97 struct se_session *sess = cmd->se_sess;
9ef5466e
NB		 98 int pi_prot_type = dev->dev_attrib.pi_prot_type;
99
a50da144
PB		 100 unsigned char *rbuf;
101 unsigned char buf[32];
1fd032ee
CH		 102 unsigned long long blocks = dev->transport->get_blocks(dev);
103
a50da144 104 memset(buf, 0, sizeof(buf));
1fd032ee
CH		 105 buf[0] = (blocks >> 56) & 0xff;
106 buf[1] = (blocks >> 48) & 0xff;
107 buf[2] = (blocks >> 40) & 0xff;
108 buf[3] = (blocks >> 32) & 0xff;
109 buf[4] = (blocks >> 24) & 0xff;
110 buf[5] = (blocks >> 16) & 0xff;
111 buf[6] = (blocks >> 8) & 0xff;
112 buf[7] = blocks & 0xff;
0fd97ccf
CH		 113 buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff;
114 buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff;
115 buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff;
116 buf[11] = dev->dev_attrib.block_size & 0xff;
56dac14c
NB		 117 /*
118 * Set P_TYPE and PROT_EN bits for DIF support
119 */
2d335983 120 if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
9ef5466e
NB		 121 /*
122 * Only override a device's pi_prot_type if no T10-PI is
123 * available, and sess_prot_type has been explicitly enabled.
124 */
125 if (!pi_prot_type)
126 pi_prot_type = sess->sess_prot_type;
127
128 if (pi_prot_type)
129 buf[12] = (pi_prot_type - 1) << 1 | 0x1;
2d335983 130 }
7f7caf6a
AG		 131
132 if (dev->transport->get_lbppbe)
133 buf[13] = dev->transport->get_lbppbe(dev) & 0x0f;
134
135 if (dev->transport->get_alignment_offset_lbas) {
136 u16 lalba = dev->transport->get_alignment_offset_lbas(dev);
137 buf[14] = (lalba >> 8) & 0x3f;
138 buf[15] = lalba & 0xff;
139 }
140
1fd032ee
CH		 141 /*
142 * Set Thin Provisioning Enable bit following sbc3r22 in section
143 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
144 */
e6f41633 145 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) {
7f7caf6a 146 buf[14] |= 0x80;
1fd032ee 147
e6f41633
JP		 148 /*
149 * LBPRZ signifies that zeroes will be read back from an LBA after
150 * an UNMAP or WRITE SAME w/ unmap bit (sbc3r36 5.16.2)
151 */
152 if (dev->dev_attrib.unmap_zeroes_data)
153 buf[14] |= 0x40;
154 }
155
a50da144 156 rbuf = transport_kmap_data_sg(cmd);
8b4b0dcb
NB		 157 if (rbuf) {
158 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
159 transport_kunmap_data_sg(cmd);
160 }
1fd032ee 161
2426bd45 162 target_complete_cmd_with_length(cmd, GOOD, 32);
1fd032ee
CH		 163 return 0;
164}
165
45182ed5
BB		 166static sense_reason_t
167sbc_emulate_startstop(struct se_cmd *cmd)
168{
169 unsigned char *cdb = cmd->t_task_cdb;
170
171 /*
172 * See sbc3r36 section 5.25
173 * Immediate bit should be set since there is nothing to complete
174 * POWER CONDITION MODIFIER 0h
175 */
176 if (!(cdb[1] & 1) || cdb[2] || cdb[3])
177 return TCM_INVALID_CDB_FIELD;
178
179 /*
180 * See sbc3r36 section 5.25
181 * POWER CONDITION 0h START_VALID - process START and LOEJ
182 */
183 if (cdb[4] >> 4 & 0xf)
184 return TCM_INVALID_CDB_FIELD;
185
186 /*
187 * See sbc3r36 section 5.25
188 * LOEJ 0h - nothing to load or unload
189 * START 1h - we are ready
190 */
191 if (!(cdb[4] & 1) || (cdb[4] & 2) || (cdb[4] & 4))
192 return TCM_INVALID_CDB_FIELD;
193
194 target_complete_cmd(cmd, SAM_STAT_GOOD);
195 return 0;
196}
197
972b29c8 198sector_t sbc_get_write_same_sectors(struct se_cmd *cmd)
1fd032ee 199{
1fd032ee 200 u32 num_blocks;
1fd032ee
CH		 201
202 if (cmd->t_task_cdb[0] == WRITE_SAME)
203 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
204 else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
205 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
206 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
207 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
208
209 /*
210 * Use the explicit range when non zero is supplied, otherwise calculate
211 * the remaining range based on ->get_blocks() - starting LBA.
212 */
6f974e8c
CH		 213 if (num_blocks)
214 return num_blocks;
1fd032ee 215
6f974e8c
CH		 216 return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
217 cmd->t_task_lba + 1;
1fd032ee 218}
972b29c8 219EXPORT_SYMBOL(sbc_get_write_same_sectors);
1fd032ee 220
b753d643
CH		 221static sense_reason_t
222sbc_execute_write_same_unmap(struct se_cmd *cmd)
223{
224 struct sbc_ops *ops = cmd->protocol_data;
225 sector_t nolb = sbc_get_write_same_sectors(cmd);
226 sense_reason_t ret;
227
228 if (nolb) {
229 ret = ops->execute_unmap(cmd, cmd->t_task_lba, nolb);
230 if (ret)
231 return ret;
232 }
233
234 target_complete_cmd(cmd, GOOD);
235 return 0;
236}
237
de103c93 238static sense_reason_t
1920ed61 239sbc_emulate_noop(struct se_cmd *cmd)
1a1ff38c
BK		 240{
241 target_complete_cmd(cmd, GOOD);
242 return 0;
243}
244
d6e0175c
CH		 245static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
246{
0fd97ccf 247 return cmd->se_dev->dev_attrib.block_size * sectors;
d6e0175c
CH		 248}
249
d6e0175c
CH		 250static inline u32 transport_get_sectors_6(unsigned char *cdb)
251{
252 /*
253 * Use 8-bit sector value. SBC-3 says:
254 *
255 * A TRANSFER LENGTH field set to zero specifies that 256
256 * logical blocks shall be written. Any other value
257 * specifies the number of logical blocks that shall be
258 * written.
259 */
260 return cdb[4] ? : 256;
261}
262
263static inline u32 transport_get_sectors_10(unsigned char *cdb)
264{
265 return (u32)(cdb[7] << 8) + cdb[8];
266}
267
268static inline u32 transport_get_sectors_12(unsigned char *cdb)
269{
270 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9];
271}
272
273static inline u32 transport_get_sectors_16(unsigned char *cdb)
274{
275 return (u32)(cdb[10] << 24) + (cdb[11] << 16) +
276 (cdb[12] << 8) + cdb[13];
277}
278
279/*
280 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
281 */
282static inline u32 transport_get_sectors_32(unsigned char *cdb)
283{
284 return (u32)(cdb[28] << 24) + (cdb[29] << 16) +
285 (cdb[30] << 8) + cdb[31];
286
287}
288
289static inline u32 transport_lba_21(unsigned char *cdb)
290{
291 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3];
292}
293
294static inline u32 transport_lba_32(unsigned char *cdb)
295{
296 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
297}
298
299static inline unsigned long long transport_lba_64(unsigned char *cdb)
300{
301 unsigned int __v1, __v2;
302
303 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
304 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9];
305
306 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
307}
308
309/*
310 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
311 */
312static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
313{
314 unsigned int __v1, __v2;
315
316 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15];
317 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19];
318
319 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
320}
321
cd063bef
NB		 322static sense_reason_t
323sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops)
d6e0175c 324{
8e575c50
NB		 325 struct se_device *dev = cmd->se_dev;
326 sector_t end_lba = dev->transport->get_blocks(dev) + 1;
972b29c8 327 unsigned int sectors = sbc_get_write_same_sectors(cmd);
afd73f1b 328 sense_reason_t ret;
773cbaf7 329
d6e0175c
CH		 330 if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
331 pr_err("WRITE_SAME PBDATA and LBDATA"
332 " bits not supported for Block Discard"
333 " Emulation\n");
cd063bef 334 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c 335 }
773cbaf7
NB		 336 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) {
337 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n",
338 sectors, cmd->se_dev->dev_attrib.max_write_same_len);
339 return TCM_INVALID_CDB_FIELD;
340 }
8e575c50
NB		 341 /*
342 * Sanity check for LBA wrap and request past end of device.
343 */
344 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
345 ((cmd->t_task_lba + sectors) > end_lba)) {
346 pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
347 (unsigned long long)end_lba, cmd->t_task_lba, sectors);
348 return TCM_ADDRESS_OUT_OF_RANGE;
349 }
350
5cb770bf
RD		 351 /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
352 if (flags[0] & 0x10) {
353 pr_warn("WRITE SAME with ANCHOR not supported\n");
354 return TCM_INVALID_CDB_FIELD;
355 }
d6e0175c 356 /*
cd063bef
NB		 357 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
358 * translated into block discard requests within backend code.
d6e0175c 359 */
cd063bef 360 if (flags[0] & 0x08) {
b753d643 361 if (!ops->execute_unmap)
cd063bef
NB		 362 return TCM_UNSUPPORTED_SCSI_OPCODE;
363
d0a91295
NB		 364 if (!dev->dev_attrib.emulate_tpws) {
365 pr_err("Got WRITE_SAME w/ UNMAP=1, but backend device"
366 " has emulate_tpws disabled\n");
367 return TCM_UNSUPPORTED_SCSI_OPCODE;
368 }
b753d643 369 cmd->execute_cmd = sbc_execute_write_same_unmap;
cd063bef 370 return 0;
d6e0175c 371 }
cd063bef
NB		 372 if (!ops->execute_write_same)
373 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c 374
afd73f1b
NB		 375 ret = sbc_check_prot(dev, cmd, &cmd->t_task_cdb[0], sectors, true);
376 if (ret)
377 return ret;
378
cd063bef 379 cmd->execute_cmd = ops->execute_write_same;
d6e0175c
CH		 380 return 0;
381}
382
057085e5
NB		 383static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
384 int *post_ret)
d6e0175c
CH		 385{
386 unsigned char *buf, *addr;
387 struct scatterlist *sg;
388 unsigned int offset;
a6b0133c
NB		 389 sense_reason_t ret = TCM_NO_SENSE;
390 int i, count;
d6e0175c
CH		 391 /*
392 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
393 *
394 * 1) read the specified logical block(s);
395 * 2) transfer logical blocks from the data-out buffer;
396 * 3) XOR the logical blocks transferred from the data-out buffer with
397 * the logical blocks read, storing the resulting XOR data in a buffer;
398 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
399 * blocks transferred from the data-out buffer; and
400 * 5) transfer the resulting XOR data to the data-in buffer.
401 */
402 buf = kmalloc(cmd->data_length, GFP_KERNEL);
403 if (!buf) {
404 pr_err("Unable to allocate xor_callback buf\n");
a6b0133c 405 return TCM_OUT_OF_RESOURCES;
d6e0175c
CH		 406 }
407 /*
408 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
409 * into the locally allocated *buf
410 */
411 sg_copy_to_buffer(cmd->t_data_sg,
412 cmd->t_data_nents,
413 buf,
414 cmd->data_length);
415
416 /*
417 * Now perform the XOR against the BIDI read memory located at
418 * cmd->t_mem_bidi_list
419 */
420
421 offset = 0;
422 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
423 addr = kmap_atomic(sg_page(sg));
a6b0133c
NB		 424 if (!addr) {
425 ret = TCM_OUT_OF_RESOURCES;
d6e0175c 426 goto out;
a6b0133c 427 }
d6e0175c
CH		 428
429 for (i = 0; i < sg->length; i++)
430 *(addr + sg->offset + i) ^= *(buf + offset + i);
431
432 offset += sg->length;
433 kunmap_atomic(addr);
434 }
435
436out:
437 kfree(buf);
a6b0133c 438 return ret;
d6e0175c
CH		 439}
440
a82a9538
NB		 441static sense_reason_t
442sbc_execute_rw(struct se_cmd *cmd)
443{
7a971b1b
CH		 444 struct sbc_ops *ops = cmd->protocol_data;
445
446 return ops->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents,
a82a9538
NB		 447 cmd->data_direction);
448}
449
057085e5
NB		 450static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
451 int *post_ret)
68ff9b9b
NB		 452{
453 struct se_device *dev = cmd->se_dev;
9b2792c3 454 sense_reason_t ret = TCM_NO_SENSE;
68ff9b9b 455
d8855c15
NB		 456 /*
457 * Only set SCF_COMPARE_AND_WRITE_POST to force a response fall-through
458 * within target_complete_ok_work() if the command was successfully
459 * sent to the backend driver.
460 */
461 spin_lock_irq(&cmd->t_state_lock);
9b2792c3 462 if (cmd->transport_state & CMD_T_SENT) {
d8855c15 463 cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST;
057085e5 464 *post_ret = 1;
9b2792c3
NB		 465
466 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
467 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
057085e5 468 }
d8855c15
NB		 469 spin_unlock_irq(&cmd->t_state_lock);
470
68ff9b9b
NB		 471 /*
472 * Unlock ->caw_sem originally obtained during sbc_compare_and_write()
473 * before the original READ I/O submission.
474 */
475 up(&dev->caw_sem);
476
9b2792c3 477 return ret;
68ff9b9b
NB		 478}
479
057085e5
NB		 480static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
481 int *post_ret)
68ff9b9b
NB		 482{
483 struct se_device *dev = cmd->se_dev;
484 struct scatterlist *write_sg = NULL, *sg;
db60df88 485 unsigned char *buf = NULL, *addr;
68ff9b9b
NB		 486 struct sg_mapping_iter m;
487 unsigned int offset = 0, len;
488 unsigned int nlbas = cmd->t_task_nolb;
489 unsigned int block_size = dev->dev_attrib.block_size;
490 unsigned int compare_len = (nlbas * block_size);
491 sense_reason_t ret = TCM_NO_SENSE;
492 int rc, i;
493
cf6d1f09
NB		 494 /*
495 * Handle early failure in transport_generic_request_failure(),
c8e63985 496 * which will not have taken ->caw_sem yet..
cf6d1f09 497 */
c8e63985 498 if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
cf6d1f09 499 return TCM_NO_SENSE;
c8e63985
NB		 500 /*
501 * Handle special case for zero-length COMPARE_AND_WRITE
502 */
503 if (!cmd->data_length)
504 goto out;
db60df88
NB		 505 /*
506 * Immediately exit + release dev->caw_sem if command has already
507 * been failed with a non-zero SCSI status.
508 */
509 if (cmd->scsi_status) {
510 pr_err("compare_and_write_callback: non zero scsi_status:"
511 " 0x%02x\n", cmd->scsi_status);
512 goto out;
513 }
cf6d1f09 514
68ff9b9b
NB		 515 buf = kzalloc(cmd->data_length, GFP_KERNEL);
516 if (!buf) {
517 pr_err("Unable to allocate compare_and_write buf\n");
a2890087
NB		 518 ret = TCM_OUT_OF_RESOURCES;
519 goto out;
68ff9b9b
NB		 520 }
521
a1e1774c 522 write_sg = kmalloc(sizeof(struct scatterlist) * cmd->t_data_nents,
68ff9b9b
NB		 523 GFP_KERNEL);
524 if (!write_sg) {
525 pr_err("Unable to allocate compare_and_write sg\n");
526 ret = TCM_OUT_OF_RESOURCES;
527 goto out;
528 }
a1e1774c 529 sg_init_table(write_sg, cmd->t_data_nents);
68ff9b9b
NB		 530 /*
531 * Setup verify and write data payloads from total NumberLBAs.
532 */
533 rc = sg_copy_to_buffer(cmd->t_data_sg, cmd->t_data_nents, buf,
534 cmd->data_length);
535 if (!rc) {
536 pr_err("sg_copy_to_buffer() failed for compare_and_write\n");
537 ret = TCM_OUT_OF_RESOURCES;
538 goto out;
539 }
540 /*
541 * Compare against SCSI READ payload against verify payload
542 */
543 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, i) {
544 addr = (unsigned char *)kmap_atomic(sg_page(sg));
545 if (!addr) {
546 ret = TCM_OUT_OF_RESOURCES;
547 goto out;
548 }
549
550 len = min(sg->length, compare_len);
551
552 if (memcmp(addr, buf + offset, len)) {
553 pr_warn("Detected MISCOMPARE for addr: %p buf: %p\n",
554 addr, buf + offset);
555 kunmap_atomic(addr);
556 goto miscompare;
557 }
558 kunmap_atomic(addr);
559
560 offset += len;
561 compare_len -= len;
562 if (!compare_len)
563 break;
564 }
565
566 i = 0;
567 len = cmd->t_task_nolb * block_size;
568 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG);
569 /*
570 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE..
571 */
572 while (len) {
573 sg_miter_next(&m);
574
575 if (block_size < PAGE_SIZE) {
576 sg_set_page(&write_sg[i], m.page, block_size,
d94e5a61 577 m.piter.sg->offset + block_size);
68ff9b9b
NB		 578 } else {
579 sg_miter_next(&m);
580 sg_set_page(&write_sg[i], m.page, block_size,
d94e5a61 581 m.piter.sg->offset);
68ff9b9b
NB		 582 }
583 len -= block_size;
584 i++;
585 }
586 sg_miter_stop(&m);
587 /*
588 * Save the original SGL + nents values before updating to new
589 * assignments, to be released in transport_free_pages() ->
590 * transport_reset_sgl_orig()
591 */
592 cmd->t_data_sg_orig = cmd->t_data_sg;
593 cmd->t_data_sg = write_sg;
594 cmd->t_data_nents_orig = cmd->t_data_nents;
595 cmd->t_data_nents = 1;
596
68d81f40 597 cmd->sam_task_attr = TCM_HEAD_TAG;
68ff9b9b
NB		 598 cmd->transport_complete_callback = compare_and_write_post;
599 /*
600 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler
601 * for submitting the adjusted SGL to write instance user-data.
602 */
603 cmd->execute_cmd = sbc_execute_rw;
604
605 spin_lock_irq(&cmd->t_state_lock);
606 cmd->t_state = TRANSPORT_PROCESSING;
607 cmd->transport_state |= CMD_T_ACTIVE|CMD_T_BUSY|CMD_T_SENT;
608 spin_unlock_irq(&cmd->t_state_lock);
609
dff0ca9e 610 __target_execute_cmd(cmd, false);
68ff9b9b
NB		 611
612 kfree(buf);
613 return ret;
614
615miscompare:
616 pr_warn("Target/%s: Send MISCOMPARE check condition and sense\n",
617 dev->transport->name);
618 ret = TCM_MISCOMPARE_VERIFY;
619out:
620 /*
621 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in
622 * sbc_compare_and_write() before the original READ I/O submission.
623 */
624 up(&dev->caw_sem);
625 kfree(write_sg);
626 kfree(buf);
627 return ret;
628}
629
630static sense_reason_t
631sbc_compare_and_write(struct se_cmd *cmd)
632{
7a971b1b 633 struct sbc_ops *ops = cmd->protocol_data;
68ff9b9b
NB		 634 struct se_device *dev = cmd->se_dev;
635 sense_reason_t ret;
636 int rc;
637 /*
638 * Submit the READ first for COMPARE_AND_WRITE to perform the
639 * comparision using SGLs at cmd->t_bidi_data_sg..
640 */
641 rc = down_interruptible(&dev->caw_sem);
ee7619f2 642 if (rc != 0) {
68ff9b9b
NB		 643 cmd->transport_complete_callback = NULL;
644 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
645 }
b7191253
NB		 646 /*
647 * Reset cmd->data_length to individual block_size in order to not
648 * confuse backend drivers that depend on this value matching the
649 * size of the I/O being submitted.
650 */
651 cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size;
68ff9b9b 652
7a971b1b 653 ret = ops->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents,
68ff9b9b
NB		 654 DMA_FROM_DEVICE);
655 if (ret) {
656 cmd->transport_complete_callback = NULL;
657 up(&dev->caw_sem);
658 return ret;
659 }
660 /*
661 * Unlock of dev->caw_sem to occur in compare_and_write_callback()
662 * upon MISCOMPARE, or in compare_and_write_done() upon completion
663 * of WRITE instance user-data.
664 */
665 return TCM_NO_SENSE;
666}
667
19f9361a 668static int
38b57f82 669sbc_set_prot_op_checks(u8 protect, bool fabric_prot, enum target_prot_type prot_type,
19f9361a
SG		 670 bool is_write, struct se_cmd *cmd)
671{
672 if (is_write) {
38b57f82
NB		 673 cmd->prot_op = fabric_prot ? TARGET_PROT_DOUT_STRIP :
674 protect ? TARGET_PROT_DOUT_PASS :
675 TARGET_PROT_DOUT_INSERT;
19f9361a
SG		 676 switch (protect) {
677 case 0x0:
678 case 0x3:
679 cmd->prot_checks = 0;
680 break;
681 case 0x1:
682 case 0x5:
683 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
684 if (prot_type == TARGET_DIF_TYPE1_PROT)
685 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
686 break;
687 case 0x2:
688 if (prot_type == TARGET_DIF_TYPE1_PROT)
689 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
690 break;
691 case 0x4:
692 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
693 break;
694 default:
695 pr_err("Unsupported protect field %d\n", protect);
696 return -EINVAL;
697 }
698 } else {
38b57f82
NB		 699 cmd->prot_op = fabric_prot ? TARGET_PROT_DIN_INSERT :
700 protect ? TARGET_PROT_DIN_PASS :
701 TARGET_PROT_DIN_STRIP;
19f9361a
SG		 702 switch (protect) {
703 case 0x0:
704 case 0x1:
705 case 0x5:
706 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
707 if (prot_type == TARGET_DIF_TYPE1_PROT)
708 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
709 break;
710 case 0x2:
711 if (prot_type == TARGET_DIF_TYPE1_PROT)
712 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
713 break;
714 case 0x3:
715 cmd->prot_checks = 0;
716 break;
717 case 0x4:
718 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
719 break;
720 default:
721 pr_err("Unsupported protect field %d\n", protect);
722 return -EINVAL;
723 }
724 }
725
726 return 0;
727}
728
f7b7c06f 729static sense_reason_t
499bf77b 730sbc_check_prot(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb,
19f9361a 731 u32 sectors, bool is_write)
499bf77b 732{
19f9361a 733 u8 protect = cdb[1] >> 5;
38b57f82
NB		 734 int sp_ops = cmd->se_sess->sup_prot_ops;
735 int pi_prot_type = dev->dev_attrib.pi_prot_type;
736 bool fabric_prot = false;
19f9361a 737
f7b7c06f 738 if (!cmd->t_prot_sg || !cmd->t_prot_nents) {
38b57f82
NB		 739 if (unlikely(protect &&
740 !dev->dev_attrib.pi_prot_type && !cmd->se_sess->sess_prot_type)) {
741 pr_err("CDB contains protect bit, but device + fabric does"
742 " not advertise PROTECT=1 feature bit\n");
f7b7c06f
NB		 743 return TCM_INVALID_CDB_FIELD;
744 }
745 if (cmd->prot_pto)
746 return TCM_NO_SENSE;
747 }
499bf77b
NB		 748
749 switch (dev->dev_attrib.pi_prot_type) {
750 case TARGET_DIF_TYPE3_PROT:
499bf77b
NB		 751 cmd->reftag_seed = 0xffffffff;
752 break;
753 case TARGET_DIF_TYPE2_PROT:
19f9361a 754 if (protect)
f7b7c06f 755 return TCM_INVALID_CDB_FIELD;
499bf77b
NB		 756
757 cmd->reftag_seed = cmd->t_task_lba;
758 break;
759 case TARGET_DIF_TYPE1_PROT:
499bf77b
NB		 760 cmd->reftag_seed = cmd->t_task_lba;
761 break;
762 case TARGET_DIF_TYPE0_PROT:
38b57f82
NB		 763 /*
764 * See if the fabric supports T10-PI, and the session has been
765 * configured to allow export PROTECT=1 feature bit with backend
766 * devices that don't support T10-PI.
767 */
768 fabric_prot = is_write ?
769 !!(sp_ops & (TARGET_PROT_DOUT_PASS | TARGET_PROT_DOUT_STRIP)) :
770 !!(sp_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DIN_INSERT));
771
772 if (fabric_prot && cmd->se_sess->sess_prot_type) {
773 pi_prot_type = cmd->se_sess->sess_prot_type;
774 break;
775 }
cceca4a6
NB		 776 if (!protect)
777 return TCM_NO_SENSE;
38b57f82 778 /* Fallthrough */
499bf77b 779 default:
cceca4a6
NB		 780 pr_err("Unable to determine pi_prot_type for CDB: 0x%02x "
781 "PROTECT: 0x%02x\n", cdb[0], protect);
782 return TCM_INVALID_CDB_FIELD;
499bf77b
NB		 783 }
784
38b57f82 785 if (sbc_set_prot_op_checks(protect, fabric_prot, pi_prot_type, is_write, cmd))
f7b7c06f 786 return TCM_INVALID_CDB_FIELD;
19f9361a 787
38b57f82 788 cmd->prot_type = pi_prot_type;
499bf77b 789 cmd->prot_length = dev->prot_length * sectors;
e2a4f55c
SG		 790
791 /**
792 * In case protection information exists over the wire
793 * we modify command data length to describe pure data.
794 * The actual transfer length is data length + protection
795 * length
796 **/
797 if (protect)
798 cmd->data_length = sectors * dev->dev_attrib.block_size;
799
800 pr_debug("%s: prot_type=%d, data_length=%d, prot_length=%d "
801 "prot_op=%d prot_checks=%d\n",
802 __func__, cmd->prot_type, cmd->data_length, cmd->prot_length,
03abad9e 803 cmd->prot_op, cmd->prot_checks);
499bf77b 804
f7b7c06f 805 return TCM_NO_SENSE;
499bf77b
NB		 806}
807
fde9f50f
NB		 808static int
809sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
810{
811 if (cdb[1] & 0x10) {
814e5b45
CH		 812 /* see explanation in spc_emulate_modesense */
813 if (!target_check_fua(dev)) {
fde9f50f
NB		 814 pr_err("Got CDB: 0x%02x with DPO bit set, but device"
815 " does not advertise support for DPO\n", cdb[0]);
816 return -EINVAL;
817 }
818 }
819 if (cdb[1] & 0x8) {
814e5b45 820 if (!target_check_fua(dev)) {
fde9f50f
NB		 821 pr_err("Got CDB: 0x%02x with FUA bit set, but device"
822 " does not advertise support for FUA write\n",
823 cdb[0]);
824 return -EINVAL;
825 }
826 cmd->se_cmd_flags |= SCF_FUA;
827 }
828 return 0;
499bf77b
NB		 829}
830
de103c93
CH		 831sense_reason_t
832sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
d6e0175c 833{
d6e0175c
CH		 834 struct se_device *dev = cmd->se_dev;
835 unsigned char *cdb = cmd->t_task_cdb;
1fd032ee 836 unsigned int size;
d6e0175c 837 u32 sectors = 0;
de103c93 838 sense_reason_t ret;
d6e0175c 839
7a971b1b
CH		 840 cmd->protocol_data = ops;
841
d6e0175c
CH		 842 switch (cdb[0]) {
843 case READ_6:
844 sectors = transport_get_sectors_6(cdb);
845 cmd->t_task_lba = transport_lba_21(cdb);
846 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 847 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 848 break;
849 case READ_10:
850 sectors = transport_get_sectors_10(cdb);
851 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 852
fde9f50f
NB		 853 if (sbc_check_dpofua(dev, cmd, cdb))
854 return TCM_INVALID_CDB_FIELD;
855
f7b7c06f
NB		 856 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
857 if (ret)
858 return ret;
499bf77b 859
d6e0175c 860 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 861 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 862 break;
863 case READ_12:
864 sectors = transport_get_sectors_12(cdb);
865 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 866
fde9f50f
NB		 867 if (sbc_check_dpofua(dev, cmd, cdb))
868 return TCM_INVALID_CDB_FIELD;
869
f7b7c06f
NB		 870 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
871 if (ret)
872 return ret;
499bf77b 873
d6e0175c 874 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 875 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 876 break;
877 case READ_16:
878 sectors = transport_get_sectors_16(cdb);
879 cmd->t_task_lba = transport_lba_64(cdb);
499bf77b 880
fde9f50f
NB		 881 if (sbc_check_dpofua(dev, cmd, cdb))
882 return TCM_INVALID_CDB_FIELD;
883
f7b7c06f
NB		 884 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
885 if (ret)
886 return ret;
499bf77b 887
d6e0175c 888 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 889 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 890 break;
891 case WRITE_6:
892 sectors = transport_get_sectors_6(cdb);
893 cmd->t_task_lba = transport_lba_21(cdb);
894 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 895 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 896 break;
897 case WRITE_10:
898 case WRITE_VERIFY:
899 sectors = transport_get_sectors_10(cdb);
900 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 901
fde9f50f
NB		 902 if (sbc_check_dpofua(dev, cmd, cdb))
903 return TCM_INVALID_CDB_FIELD;
904
f7b7c06f
NB		 905 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
906 if (ret)
907 return ret;
499bf77b 908
d6e0175c 909 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 910 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 911 break;
912 case WRITE_12:
913 sectors = transport_get_sectors_12(cdb);
914 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 915
fde9f50f
NB		 916 if (sbc_check_dpofua(dev, cmd, cdb))
917 return TCM_INVALID_CDB_FIELD;
918
f7b7c06f
NB		 919 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
920 if (ret)
921 return ret;
499bf77b 922
d6e0175c 923 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 924 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 925 break;
926 case WRITE_16:
927 sectors = transport_get_sectors_16(cdb);
928 cmd->t_task_lba = transport_lba_64(cdb);
499bf77b 929
fde9f50f
NB		 930 if (sbc_check_dpofua(dev, cmd, cdb))
931 return TCM_INVALID_CDB_FIELD;
932
f7b7c06f
NB		 933 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
934 if (ret)
935 return ret;
499bf77b 936
d6e0175c 937 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 938 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 939 break;
940 case XDWRITEREAD_10:
de103c93 941 if (cmd->data_direction != DMA_TO_DEVICE ||
d6e0175c 942 !(cmd->se_cmd_flags & SCF_BIDI))
de103c93 943 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 944 sectors = transport_get_sectors_10(cdb);
945
fde9f50f
NB		 946 if (sbc_check_dpofua(dev, cmd, cdb))
947 return TCM_INVALID_CDB_FIELD;
948
d6e0175c
CH		 949 cmd->t_task_lba = transport_lba_32(cdb);
950 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
951
952 /*
953 * Setup BIDI XOR callback to be run after I/O completion.
954 */
a82a9538 955 cmd->execute_cmd = sbc_execute_rw;
d6e0175c 956 cmd->transport_complete_callback = &xdreadwrite_callback;
d6e0175c
CH		 957 break;
958 case VARIABLE_LENGTH_CMD:
959 {
960 u16 service_action = get_unaligned_be16(&cdb[8]);
961 switch (service_action) {
962 case XDWRITEREAD_32:
963 sectors = transport_get_sectors_32(cdb);
964
fde9f50f
NB		 965 if (sbc_check_dpofua(dev, cmd, cdb))
966 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 967 /*
968 * Use WRITE_32 and READ_32 opcodes for the emulated
969 * XDWRITE_READ_32 logic.
970 */
971 cmd->t_task_lba = transport_lba_64_ext(cdb);
972 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
973
974 /*
975 * Setup BIDI XOR callback to be run during after I/O
976 * completion.
977 */
a82a9538 978 cmd->execute_cmd = sbc_execute_rw;
d6e0175c 979 cmd->transport_complete_callback = &xdreadwrite_callback;
d6e0175c
CH		 980 break;
981 case WRITE_SAME_32:
982 sectors = transport_get_sectors_32(cdb);
983 if (!sectors) {
984 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
985 " supported\n");
de103c93 986 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 987 }
988
1fd032ee 989 size = sbc_get_size(cmd, 1);
d6e0175c
CH		 990 cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
991
cd063bef 992 ret = sbc_setup_write_same(cmd, &cdb[10], ops);
6b64e1fe 993 if (ret)
cd063bef 994 return ret;
d6e0175c
CH		 995 break;
996 default:
997 pr_err("VARIABLE_LENGTH_CMD service action"
998 " 0x%04x not supported\n", service_action);
de103c93 999 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c
CH		 1000 }
1001 break;
1002 }
68ff9b9b
NB		 1003 case COMPARE_AND_WRITE:
1004 sectors = cdb[13];
1005 /*
1006 * Currently enforce COMPARE_AND_WRITE for a single sector
1007 */
1008 if (sectors > 1) {
1009 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater"
1010 " than 1\n", sectors);
1011 return TCM_INVALID_CDB_FIELD;
1012 }
ab81a5e0
DD		 1013 if (sbc_check_dpofua(dev, cmd, cdb))
1014 return TCM_INVALID_CDB_FIELD;
1015
68ff9b9b
NB		 1016 /*
1017 * Double size because we have two buffers, note that
1018 * zero is not an error..
1019 */
1020 size = 2 * sbc_get_size(cmd, sectors);
1021 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1022 cmd->t_task_nolb = sectors;
1023 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE;
68ff9b9b
NB		 1024 cmd->execute_cmd = sbc_compare_and_write;
1025 cmd->transport_complete_callback = compare_and_write_callback;
1026 break;
d6e0175c 1027 case READ_CAPACITY:
1fd032ee
CH		 1028 size = READ_CAP_LEN;
1029 cmd->execute_cmd = sbc_emulate_readcapacity;
d6e0175c 1030 break;
eb846d9f 1031 case SERVICE_ACTION_IN_16:
d6e0175c
CH		 1032 switch (cmd->t_task_cdb[1] & 0x1f) {
1033 case SAI_READ_CAPACITY_16:
1fd032ee 1034 cmd->execute_cmd = sbc_emulate_readcapacity_16;
d6e0175c 1035 break;
c66094bf
HR		 1036 case SAI_REPORT_REFERRALS:
1037 cmd->execute_cmd = target_emulate_report_referrals;
1038 break;
d6e0175c
CH		 1039 default:
1040 pr_err("Unsupported SA: 0x%02x\n",
1041 cmd->t_task_cdb[1] & 0x1f);
de103c93 1042 return TCM_INVALID_CDB_FIELD;
d6e0175c 1043 }
1fd032ee 1044 size = (cdb[10] << 24) | (cdb[11] << 16) |
d6e0175c
CH		 1045 (cdb[12] << 8) | cdb[13];
1046 break;
1047 case SYNCHRONIZE_CACHE:
1048 case SYNCHRONIZE_CACHE_16:
d6e0175c
CH		 1049 if (cdb[0] == SYNCHRONIZE_CACHE) {
1050 sectors = transport_get_sectors_10(cdb);
1051 cmd->t_task_lba = transport_lba_32(cdb);
1052 } else {
1053 sectors = transport_get_sectors_16(cdb);
1054 cmd->t_task_lba = transport_lba_64(cdb);
1055 }
6ef31dc7
CVB		 1056 if (ops->execute_sync_cache) {
1057 cmd->execute_cmd = ops->execute_sync_cache;
1058 goto check_lba;
d6e0175c 1059 }
6ef31dc7
CVB		 1060 size = 0;
1061 cmd->execute_cmd = sbc_emulate_noop;
d6e0175c
CH		 1062 break;
1063 case UNMAP:
14150a6b 1064 if (!ops->execute_unmap)
de103c93 1065 return TCM_UNSUPPORTED_SCSI_OPCODE;
14150a6b 1066
61fdb4ac
NB		 1067 if (!dev->dev_attrib.emulate_tpu) {
1068 pr_err("Got UNMAP, but backend device has"
1069 " emulate_tpu disabled\n");
1070 return TCM_UNSUPPORTED_SCSI_OPCODE;
1071 }
1fd032ee 1072 size = get_unaligned_be16(&cdb[7]);
62e46942 1073 cmd->execute_cmd = sbc_execute_unmap;
d6e0175c
CH		 1074 break;
1075 case WRITE_SAME_16:
1076 sectors = transport_get_sectors_16(cdb);
1077 if (!sectors) {
1078 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
de103c93 1079 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 1080 }
1081
1fd032ee 1082 size = sbc_get_size(cmd, 1);
d6e0175c
CH		 1083 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1084
cd063bef 1085 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
6b64e1fe 1086 if (ret)
cd063bef 1087 return ret;
d6e0175c
CH		 1088 break;
1089 case WRITE_SAME:
1090 sectors = transport_get_sectors_10(cdb);
1091 if (!sectors) {
1092 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
de103c93 1093 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 1094 }
1095
1fd032ee 1096 size = sbc_get_size(cmd, 1);
d6e0175c
CH		 1097 cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
1098
1099 /*
1100 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
1101 * of byte 1 bit 3 UNMAP instead of original reserved field
1102 */
cd063bef 1103 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
6b64e1fe 1104 if (ret)
cd063bef 1105 return ret;
d6e0175c
CH		 1106 break;
1107 case VERIFY:
0bcf0a2d 1108 case VERIFY_16:
1fd032ee 1109 size = 0;
0bcf0a2d
ML		 1110 if (cdb[0] == VERIFY) {
1111 sectors = transport_get_sectors_10(cdb);
1112 cmd->t_task_lba = transport_lba_32(cdb);
1113 } else {
1114 sectors = transport_get_sectors_16(cdb);
1115 cmd->t_task_lba = transport_lba_64(cdb);
1116 }
1920ed61 1117 cmd->execute_cmd = sbc_emulate_noop;
c52716de 1118 goto check_lba;
1a1ff38c
BK		 1119 case REZERO_UNIT:
1120 case SEEK_6:
1121 case SEEK_10:
1122 /*
1123 * There are still clients out there which use these old SCSI-2
1124 * commands. This mainly happens when running VMs with legacy
1125 * guest systems, connected via SCSI command pass-through to
1126 * iSCSI targets. Make them happy and return status GOOD.
1127 */
1128 size = 0;
1129 cmd->execute_cmd = sbc_emulate_noop;
1130 break;
45182ed5
BB		 1131 case START_STOP:
1132 size = 0;
1133 cmd->execute_cmd = sbc_emulate_startstop;
1134 break;
d6e0175c 1135 default:
1fd032ee 1136 ret = spc_parse_cdb(cmd, &size);
d6e0175c
CH		 1137 if (ret)
1138 return ret;
1139 }
1140
1141 /* reject any command that we don't have a handler for */
20959c4b 1142 if (!cmd->execute_cmd)
de103c93 1143 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c
CH		 1144
1145 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1fd032ee 1146 unsigned long long end_lba;
6ef31dc7 1147check_lba:
1fd032ee 1148 end_lba = dev->transport->get_blocks(dev) + 1;
aa179935
NB		 1149 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
1150 ((cmd->t_task_lba + sectors) > end_lba)) {
1fd032ee
CH		 1151 pr_err("cmd exceeds last lba %llu "
1152 "(lba %llu, sectors %u)\n",
1153 end_lba, cmd->t_task_lba, sectors);
09ceadc7 1154 return TCM_ADDRESS_OUT_OF_RANGE;
1fd032ee
CH		 1155 }
1156
68ff9b9b
NB		 1157 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
1158 size = sbc_get_size(cmd, sectors);
d6e0175c
CH		 1159 }
1160
de103c93 1161 return target_cmd_size_check(cmd, size);
d6e0175c
CH		 1162}
1163EXPORT_SYMBOL(sbc_parse_cdb);
6f23ac8a 1164
6f23ac8a
CH		 1165u32 sbc_get_device_type(struct se_device *dev)
1166{
1167 return TYPE_DISK;
1168}
1169EXPORT_SYMBOL(sbc_get_device_type);
86d71829 1170
62e46942
CH		 1171static sense_reason_t
1172sbc_execute_unmap(struct se_cmd *cmd)
86d71829 1173{
62e46942 1174 struct sbc_ops *ops = cmd->protocol_data;
86d71829
AH		 1175 struct se_device *dev = cmd->se_dev;
1176 unsigned char *buf, *ptr = NULL;
1177 sector_t lba;
1178 int size;
1179 u32 range;
1180 sense_reason_t ret = 0;
1181 int dl, bd_dl;
1182
1183 /* We never set ANC_SUP */
1184 if (cmd->t_task_cdb[1])
1185 return TCM_INVALID_CDB_FIELD;
1186
1187 if (cmd->data_length == 0) {
1188 target_complete_cmd(cmd, SAM_STAT_GOOD);
1189 return 0;
1190 }
1191
1192 if (cmd->data_length < 8) {
1193 pr_warn("UNMAP parameter list length %u too small\n",
1194 cmd->data_length);
1195 return TCM_PARAMETER_LIST_LENGTH_ERROR;
1196 }
1197
1198 buf = transport_kmap_data_sg(cmd);
1199 if (!buf)
1200 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1201
1202 dl = get_unaligned_be16(&buf[0]);
1203 bd_dl = get_unaligned_be16(&buf[2]);
1204
1205 size = cmd->data_length - 8;
1206 if (bd_dl > size)
1207 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n",
1208 cmd->data_length, bd_dl);
1209 else
1210 size = bd_dl;
1211
1212 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) {
1213 ret = TCM_INVALID_PARAMETER_LIST;
1214 goto err;
1215 }
1216
1217 /* First UNMAP block descriptor starts at 8 byte offset */
1218 ptr = &buf[8];
1219 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u"
1220 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1221
1222 while (size >= 16) {
1223 lba = get_unaligned_be64(&ptr[0]);
1224 range = get_unaligned_be32(&ptr[8]);
1225 pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1226 (unsigned long long)lba, range);
1227
1228 if (range > dev->dev_attrib.max_unmap_lba_count) {
1229 ret = TCM_INVALID_PARAMETER_LIST;
1230 goto err;
1231 }
1232
1233 if (lba + range > dev->transport->get_blocks(dev) + 1) {
1234 ret = TCM_ADDRESS_OUT_OF_RANGE;
1235 goto err;
1236 }
1237
62e46942 1238 ret = ops->execute_unmap(cmd, lba, range);
86d71829
AH		 1239 if (ret)
1240 goto err;
1241
1242 ptr += 16;
1243 size -= 16;
1244 }
1245
1246err:
1247 transport_kunmap_data_sg(cmd);
1248 if (!ret)
1249 target_complete_cmd(cmd, GOOD);
1250 return ret;
1251}
41861fa8 1252
66a3d5bc
NB		 1253void
1254sbc_dif_generate(struct se_cmd *cmd)
1255{
1256 struct se_device *dev = cmd->se_dev;
fe052a18 1257 struct t10_pi_tuple *sdt;
18213afb 1258 struct scatterlist *dsg = cmd->t_data_sg, *psg;
66a3d5bc
NB		 1259 sector_t sector = cmd->t_task_lba;
1260 void *daddr, *paddr;
1261 int i, j, offset = 0;
18213afb 1262 unsigned int block_size = dev->dev_attrib.block_size;
66a3d5bc 1263
18213afb 1264 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
66a3d5bc 1265 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
18213afb 1266 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
66a3d5bc 1267
18213afb 1268 for (j = 0; j < psg->length;
fe052a18 1269 j += sizeof(*sdt)) {
18213afb
AM		 1270 __u16 crc;
1271 unsigned int avail;
66a3d5bc 1272
18213afb
AM		 1273 if (offset >= dsg->length) {
1274 offset -= dsg->length;
1275 kunmap_atomic(daddr - dsg->offset);
1276 dsg = sg_next(dsg);
1277 if (!dsg) {
1278 kunmap_atomic(paddr - psg->offset);
1279 return;
1280 }
1281 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
66a3d5bc 1282 }
66a3d5bc 1283
18213afb
AM		 1284 sdt = paddr + j;
1285 avail = min(block_size, dsg->length - offset);
1286 crc = crc_t10dif(daddr + offset, avail);
1287 if (avail < block_size) {
1288 kunmap_atomic(daddr - dsg->offset);
1289 dsg = sg_next(dsg);
1290 if (!dsg) {
1291 kunmap_atomic(paddr - psg->offset);
1292 return;
1293 }
1294 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1295 offset = block_size - avail;
1296 crc = crc_t10dif_update(crc, daddr, offset);
1297 } else {
1298 offset += block_size;
66a3d5bc
NB		 1299 }
1300
18213afb 1301 sdt->guard_tag = cpu_to_be16(crc);
823ddd87 1302 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT)
66a3d5bc
NB		 1303 sdt->ref_tag = cpu_to_be32(sector & 0xffffffff);
1304 sdt->app_tag = 0;
1305
6ae50408 1306 pr_debug("DIF %s INSERT sector: %llu guard_tag: 0x%04x"
66a3d5bc 1307 " app_tag: 0x%04x ref_tag: %u\n",
6ae50408
NB		 1308 (cmd->data_direction == DMA_TO_DEVICE) ?
1309 "WRITE" : "READ", (unsigned long long)sector,
1310 sdt->guard_tag, sdt->app_tag,
1311 be32_to_cpu(sdt->ref_tag));
66a3d5bc
NB		 1312
1313 sector++;
66a3d5bc
NB		 1314 }
1315
18213afb
AM		 1316 kunmap_atomic(daddr - dsg->offset);
1317 kunmap_atomic(paddr - psg->offset);
66a3d5bc
NB		 1318 }
1319}
1320
41861fa8 1321static sense_reason_t
fe052a18 1322sbc_dif_v1_verify(struct se_cmd *cmd, struct t10_pi_tuple *sdt,
18213afb 1323 __u16 crc, sector_t sector, unsigned int ei_lba)
41861fa8 1324{
41861fa8
NB		 1325 __be16 csum;
1326
d7a463b0
NB		 1327 if (!(cmd->prot_checks & TARGET_DIF_CHECK_GUARD))
1328 goto check_ref;
1329
18213afb 1330 csum = cpu_to_be16(crc);
41861fa8
NB		 1331
1332 if (sdt->guard_tag != csum) {
1333 pr_err("DIFv1 checksum failed on sector %llu guard tag 0x%04x"
1334 " csum 0x%04x\n", (unsigned long long)sector,
1335 be16_to_cpu(sdt->guard_tag), be16_to_cpu(csum));
1336 return TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED;
1337 }
1338
d7a463b0
NB		 1339check_ref:
1340 if (!(cmd->prot_checks & TARGET_DIF_CHECK_REFTAG))
1341 return 0;
1342
823ddd87 1343 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT &&
41861fa8
NB		 1344 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
1345 pr_err("DIFv1 Type 1 reference failed on sector: %llu tag: 0x%08x"
1346 " sector MSB: 0x%08x\n", (unsigned long long)sector,
1347 be32_to_cpu(sdt->ref_tag), (u32)(sector & 0xffffffff));
1348 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1349 }
1350
823ddd87 1351 if (cmd->prot_type == TARGET_DIF_TYPE2_PROT &&
41861fa8
NB		 1352 be32_to_cpu(sdt->ref_tag) != ei_lba) {
1353 pr_err("DIFv1 Type 2 reference failed on sector: %llu tag: 0x%08x"
1354 " ei_lba: 0x%08x\n", (unsigned long long)sector,
1355 be32_to_cpu(sdt->ref_tag), ei_lba);
1356 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1357 }
1358
1359 return 0;
1360}
1361
f75b6fae
SG		 1362void sbc_dif_copy_prot(struct se_cmd *cmd, unsigned int sectors, bool read,
1363 struct scatterlist *sg, int sg_off)
41861fa8
NB		 1364{
1365 struct se_device *dev = cmd->se_dev;
1366 struct scatterlist *psg;
1367 void *paddr, *addr;
1368 unsigned int i, len, left;
10762e80 1369 unsigned int offset = sg_off;
41861fa8 1370
38b57f82
NB		 1371 if (!sg)
1372 return;
1373
41861fa8
NB		 1374 left = sectors * dev->prot_length;
1375
1376 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
16c0ae02 1377 unsigned int psg_len, copied = 0;
d6a65fdc 1378
41861fa8 1379 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
16c0ae02
SG		 1380 psg_len = min(left, psg->length);
1381 while (psg_len) {
1382 len = min(psg_len, sg->length - offset);
1383 addr = kmap_atomic(sg_page(sg)) + sg->offset + offset;
1384
1385 if (read)
1386 memcpy(paddr + copied, addr, len);
1387 else
1388 memcpy(addr, paddr + copied, len);
1389
1390 left -= len;
1391 offset += len;
1392 copied += len;
1393 psg_len -= len;
1394
57636388
AM		 1395 kunmap_atomic(addr - sg->offset - offset);
1396
16c0ae02
SG		 1397 if (offset >= sg->length) {
1398 sg = sg_next(sg);
1399 offset = 0;
1400 }
16c0ae02 1401 }
57636388 1402 kunmap_atomic(paddr - psg->offset);
41861fa8
NB		 1403 }
1404}
f75b6fae 1405EXPORT_SYMBOL(sbc_dif_copy_prot);
41861fa8
NB		 1406
1407sense_reason_t
f75b6fae 1408sbc_dif_verify(struct se_cmd *cmd, sector_t start, unsigned int sectors,
414e4627 1409 unsigned int ei_lba, struct scatterlist *psg, int psg_off)
41861fa8
NB		 1410{
1411 struct se_device *dev = cmd->se_dev;
fe052a18 1412 struct t10_pi_tuple *sdt;
18213afb 1413 struct scatterlist *dsg = cmd->t_data_sg;
41861fa8
NB		 1414 sector_t sector = start;
1415 void *daddr, *paddr;
18213afb 1416 int i;
41861fa8 1417 sense_reason_t rc;
18213afb
AM		 1418 int dsg_off = 0;
1419 unsigned int block_size = dev->dev_attrib.block_size;
41861fa8 1420
18213afb 1421 for (; psg && sector < start + sectors; psg = sg_next(psg)) {
41861fa8 1422 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
41861fa8 1423 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
41861fa8 1424
18213afb
AM		 1425 for (i = psg_off; i < psg->length &&
1426 sector < start + sectors;
fe052a18 1427 i += sizeof(*sdt)) {
18213afb
AM		 1428 __u16 crc;
1429 unsigned int avail;
41861fa8 1430
18213afb
AM		 1431 if (dsg_off >= dsg->length) {
1432 dsg_off -= dsg->length;
1433 kunmap_atomic(daddr - dsg->offset);
1434 dsg = sg_next(dsg);
1435 if (!dsg) {
1436 kunmap_atomic(paddr - psg->offset);
1437 return 0;
1438 }
1439 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
41861fa8
NB		 1440 }
1441
18213afb 1442 sdt = paddr + i;
41861fa8
NB		 1443
1444 pr_debug("DIF READ sector: %llu guard_tag: 0x%04x"
1445 " app_tag: 0x%04x ref_tag: %u\n",
1446 (unsigned long long)sector, sdt->guard_tag,
1447 sdt->app_tag, be32_to_cpu(sdt->ref_tag));
1448
1449 if (sdt->app_tag == cpu_to_be16(0xffff)) {
18213afb
AM		 1450 dsg_off += block_size;
1451 goto next;
1452 }
1453
1454 avail = min(block_size, dsg->length - dsg_off);
1455 crc = crc_t10dif(daddr + dsg_off, avail);
1456 if (avail < block_size) {
1457 kunmap_atomic(daddr - dsg->offset);
1458 dsg = sg_next(dsg);
1459 if (!dsg) {
1460 kunmap_atomic(paddr - psg->offset);
1461 return 0;
1462 }
1463 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1464 dsg_off = block_size - avail;
1465 crc = crc_t10dif_update(crc, daddr, dsg_off);
1466 } else {
1467 dsg_off += block_size;
41861fa8
NB		 1468 }
1469
18213afb 1470 rc = sbc_dif_v1_verify(cmd, sdt, crc, sector, ei_lba);
41861fa8 1471 if (rc) {
414e4627 1472 kunmap_atomic(daddr - dsg->offset);
18213afb 1473 kunmap_atomic(paddr - psg->offset);
76736db3 1474 cmd->bad_sector = sector;
41861fa8
NB		 1475 return rc;
1476 }
18213afb 1477next:
41861fa8
NB		 1478 sector++;
1479 ei_lba++;
41861fa8
NB		 1480 }
1481
18213afb 1482 psg_off = 0;
414e4627 1483 kunmap_atomic(daddr - dsg->offset);
18213afb 1484 kunmap_atomic(paddr - psg->offset);
41861fa8 1485 }
41861fa8
NB		 1486
1487 return 0;
1488}
f75b6fae 1489EXPORT_SYMBOL(sbc_dif_verify);
ubuntu-zesty-kernel mirror