projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
target: Fix multi-session dynamic se_node_acl double free OOPs
[linux-2.6-block.git] / drivers / target / target_core_sbc.c
CommitLineData
d6e0175c
CH		 1/*
2 * SCSI Block Commands (SBC) parsing and emulation.
3 *
4c76251e 4 * (c) Copyright 2002-2013 Datera, Inc.
d6e0175c
CH		 5 *
6 * Nicholas A. Bellinger <nab@kernel.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
21 */
22
23#include <linux/kernel.h>
24#include <linux/module.h>
25#include <linux/ratelimit.h>
41861fa8 26#include <linux/crc-t10dif.h>
8dcf07be 27#include <linux/t10-pi.h>
d6e0175c 28#include <asm/unaligned.h>
ba929992 29#include <scsi/scsi_proto.h>
68ff9b9b 30#include <scsi/scsi_tcq.h>
d6e0175c
CH		 31
32#include <target/target_core_base.h>
33#include <target/target_core_backend.h>
34#include <target/target_core_fabric.h>
35
36#include "target_core_internal.h"
37#include "target_core_ua.h"
c66094bf 38#include "target_core_alua.h"
d6e0175c 39
afd73f1b
NB		 40static sense_reason_t
41sbc_check_prot(struct se_device *, struct se_cmd *, unsigned char *, u32, bool);
62e46942 42static sense_reason_t sbc_execute_unmap(struct se_cmd *cmd);
afd73f1b 43
de103c93
CH		 44static sense_reason_t
45sbc_emulate_readcapacity(struct se_cmd *cmd)
1fd032ee
CH		 46{
47 struct se_device *dev = cmd->se_dev;
8dc8632a 48 unsigned char *cdb = cmd->t_task_cdb;
1fd032ee 49 unsigned long long blocks_long = dev->transport->get_blocks(dev);
a50da144
PB		 50 unsigned char *rbuf;
51 unsigned char buf[8];
1fd032ee
CH		 52 u32 blocks;
53
8dc8632a
RD		 54 /*
55 * SBC-2 says:
56 * If the PMI bit is set to zero and the LOGICAL BLOCK
57 * ADDRESS field is not set to zero, the device server shall
58 * terminate the command with CHECK CONDITION status with
59 * the sense key set to ILLEGAL REQUEST and the additional
60 * sense code set to INVALID FIELD IN CDB.
61 *
62 * In SBC-3, these fields are obsolete, but some SCSI
63 * compliance tests actually check this, so we might as well
64 * follow SBC-2.
65 */
66 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5]))
67 return TCM_INVALID_CDB_FIELD;
68
1fd032ee
CH		 69 if (blocks_long >= 0x00000000ffffffff)
70 blocks = 0xffffffff;
71 else
72 blocks = (u32)blocks_long;
73
1fd032ee
CH		 74 buf[0] = (blocks >> 24) & 0xff;
75 buf[1] = (blocks >> 16) & 0xff;
76 buf[2] = (blocks >> 8) & 0xff;
77 buf[3] = blocks & 0xff;
0fd97ccf
CH		 78 buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff;
79 buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff;
80 buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff;
81 buf[7] = dev->dev_attrib.block_size & 0xff;
1fd032ee 82
a50da144 83 rbuf = transport_kmap_data_sg(cmd);
8b4b0dcb
NB		 84 if (rbuf) {
85 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
86 transport_kunmap_data_sg(cmd);
87 }
1fd032ee 88
2426bd45 89 target_complete_cmd_with_length(cmd, GOOD, 8);
1fd032ee
CH		 90 return 0;
91}
92
de103c93
CH		 93static sense_reason_t
94sbc_emulate_readcapacity_16(struct se_cmd *cmd)
1fd032ee
CH		 95{
96 struct se_device *dev = cmd->se_dev;
2d335983 97 struct se_session *sess = cmd->se_sess;
9ef5466e
NB		 98 int pi_prot_type = dev->dev_attrib.pi_prot_type;
99
a50da144
PB		 100 unsigned char *rbuf;
101 unsigned char buf[32];
1fd032ee
CH		 102 unsigned long long blocks = dev->transport->get_blocks(dev);
103
a50da144 104 memset(buf, 0, sizeof(buf));
1fd032ee
CH		 105 buf[0] = (blocks >> 56) & 0xff;
106 buf[1] = (blocks >> 48) & 0xff;
107 buf[2] = (blocks >> 40) & 0xff;
108 buf[3] = (blocks >> 32) & 0xff;
109 buf[4] = (blocks >> 24) & 0xff;
110 buf[5] = (blocks >> 16) & 0xff;
111 buf[6] = (blocks >> 8) & 0xff;
112 buf[7] = blocks & 0xff;
0fd97ccf
CH		 113 buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff;
114 buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff;
115 buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff;
116 buf[11] = dev->dev_attrib.block_size & 0xff;
56dac14c
NB		 117 /*
118 * Set P_TYPE and PROT_EN bits for DIF support
119 */
2d335983 120 if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
9ef5466e
NB		 121 /*
122 * Only override a device's pi_prot_type if no T10-PI is
123 * available, and sess_prot_type has been explicitly enabled.
124 */
125 if (!pi_prot_type)
126 pi_prot_type = sess->sess_prot_type;
127
128 if (pi_prot_type)
129 buf[12] = (pi_prot_type - 1) << 1 | 0x1;
2d335983 130 }
7f7caf6a
AG		 131
132 if (dev->transport->get_lbppbe)
133 buf[13] = dev->transport->get_lbppbe(dev) & 0x0f;
134
135 if (dev->transport->get_alignment_offset_lbas) {
136 u16 lalba = dev->transport->get_alignment_offset_lbas(dev);
137 buf[14] = (lalba >> 8) & 0x3f;
138 buf[15] = lalba & 0xff;
139 }
140
1fd032ee
CH		 141 /*
142 * Set Thin Provisioning Enable bit following sbc3r22 in section
143 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
144 */
e6f41633 145 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) {
7f7caf6a 146 buf[14] |= 0x80;
1fd032ee 147
e6f41633
JP		 148 /*
149 * LBPRZ signifies that zeroes will be read back from an LBA after
150 * an UNMAP or WRITE SAME w/ unmap bit (sbc3r36 5.16.2)
151 */
152 if (dev->dev_attrib.unmap_zeroes_data)
153 buf[14] |= 0x40;
154 }
155
a50da144 156 rbuf = transport_kmap_data_sg(cmd);
8b4b0dcb
NB		 157 if (rbuf) {
158 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
159 transport_kunmap_data_sg(cmd);
160 }
1fd032ee 161
2426bd45 162 target_complete_cmd_with_length(cmd, GOOD, 32);
1fd032ee
CH		 163 return 0;
164}
165
45182ed5
BB		 166static sense_reason_t
167sbc_emulate_startstop(struct se_cmd *cmd)
168{
169 unsigned char *cdb = cmd->t_task_cdb;
170
171 /*
172 * See sbc3r36 section 5.25
173 * Immediate bit should be set since there is nothing to complete
174 * POWER CONDITION MODIFIER 0h
175 */
176 if (!(cdb[1] & 1) || cdb[2] || cdb[3])
177 return TCM_INVALID_CDB_FIELD;
178
179 /*
180 * See sbc3r36 section 5.25
181 * POWER CONDITION 0h START_VALID - process START and LOEJ
182 */
183 if (cdb[4] >> 4 & 0xf)
184 return TCM_INVALID_CDB_FIELD;
185
186 /*
187 * See sbc3r36 section 5.25
188 * LOEJ 0h - nothing to load or unload
189 * START 1h - we are ready
190 */
191 if (!(cdb[4] & 1) || (cdb[4] & 2) || (cdb[4] & 4))
192 return TCM_INVALID_CDB_FIELD;
193
194 target_complete_cmd(cmd, SAM_STAT_GOOD);
195 return 0;
196}
197
972b29c8 198sector_t sbc_get_write_same_sectors(struct se_cmd *cmd)
1fd032ee 199{
1fd032ee 200 u32 num_blocks;
1fd032ee
CH		 201
202 if (cmd->t_task_cdb[0] == WRITE_SAME)
203 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
204 else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
205 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
206 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
207 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
208
209 /*
210 * Use the explicit range when non zero is supplied, otherwise calculate
211 * the remaining range based on ->get_blocks() - starting LBA.
212 */
6f974e8c
CH		 213 if (num_blocks)
214 return num_blocks;
1fd032ee 215
6f974e8c
CH		 216 return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
217 cmd->t_task_lba + 1;
1fd032ee 218}
972b29c8 219EXPORT_SYMBOL(sbc_get_write_same_sectors);
1fd032ee 220
b753d643
CH		 221static sense_reason_t
222sbc_execute_write_same_unmap(struct se_cmd *cmd)
223{
224 struct sbc_ops *ops = cmd->protocol_data;
225 sector_t nolb = sbc_get_write_same_sectors(cmd);
226 sense_reason_t ret;
227
228 if (nolb) {
229 ret = ops->execute_unmap(cmd, cmd->t_task_lba, nolb);
230 if (ret)
231 return ret;
232 }
233
234 target_complete_cmd(cmd, GOOD);
235 return 0;
236}
237
de103c93 238static sense_reason_t
1920ed61 239sbc_emulate_noop(struct se_cmd *cmd)
1a1ff38c
BK		 240{
241 target_complete_cmd(cmd, GOOD);
242 return 0;
243}
244
d6e0175c
CH		 245static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
246{
0fd97ccf 247 return cmd->se_dev->dev_attrib.block_size * sectors;
d6e0175c
CH		 248}
249
d6e0175c
CH		 250static inline u32 transport_get_sectors_6(unsigned char *cdb)
251{
252 /*
253 * Use 8-bit sector value. SBC-3 says:
254 *
255 * A TRANSFER LENGTH field set to zero specifies that 256
256 * logical blocks shall be written. Any other value
257 * specifies the number of logical blocks that shall be
258 * written.
259 */
260 return cdb[4] ? : 256;
261}
262
263static inline u32 transport_get_sectors_10(unsigned char *cdb)
264{
265 return (u32)(cdb[7] << 8) + cdb[8];
266}
267
268static inline u32 transport_get_sectors_12(unsigned char *cdb)
269{
270 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9];
271}
272
273static inline u32 transport_get_sectors_16(unsigned char *cdb)
274{
275 return (u32)(cdb[10] << 24) + (cdb[11] << 16) +
276 (cdb[12] << 8) + cdb[13];
277}
278
279/*
280 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
281 */
282static inline u32 transport_get_sectors_32(unsigned char *cdb)
283{
284 return (u32)(cdb[28] << 24) + (cdb[29] << 16) +
285 (cdb[30] << 8) + cdb[31];
286
287}
288
289static inline u32 transport_lba_21(unsigned char *cdb)
290{
291 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3];
292}
293
294static inline u32 transport_lba_32(unsigned char *cdb)
295{
296 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
297}
298
299static inline unsigned long long transport_lba_64(unsigned char *cdb)
300{
301 unsigned int __v1, __v2;
302
303 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5];
304 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9];
305
306 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
307}
308
309/*
310 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
311 */
312static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
313{
314 unsigned int __v1, __v2;
315
316 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15];
317 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19];
318
319 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32;
320}
321
cd063bef
NB		 322static sense_reason_t
323sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops)
d6e0175c 324{
8e575c50
NB		 325 struct se_device *dev = cmd->se_dev;
326 sector_t end_lba = dev->transport->get_blocks(dev) + 1;
972b29c8 327 unsigned int sectors = sbc_get_write_same_sectors(cmd);
afd73f1b 328 sense_reason_t ret;
773cbaf7 329
d6e0175c
CH		 330 if ((flags[0] & 0x04) || (flags[0] & 0x02)) {
331 pr_err("WRITE_SAME PBDATA and LBDATA"
332 " bits not supported for Block Discard"
333 " Emulation\n");
cd063bef 334 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c 335 }
773cbaf7
NB		 336 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) {
337 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n",
338 sectors, cmd->se_dev->dev_attrib.max_write_same_len);
339 return TCM_INVALID_CDB_FIELD;
340 }
8e575c50
NB		 341 /*
342 * Sanity check for LBA wrap and request past end of device.
343 */
344 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
345 ((cmd->t_task_lba + sectors) > end_lba)) {
346 pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
347 (unsigned long long)end_lba, cmd->t_task_lba, sectors);
348 return TCM_ADDRESS_OUT_OF_RANGE;
349 }
350
5cb770bf
RD		 351 /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
352 if (flags[0] & 0x10) {
353 pr_warn("WRITE SAME with ANCHOR not supported\n");
354 return TCM_INVALID_CDB_FIELD;
355 }
d6e0175c 356 /*
cd063bef
NB		 357 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
358 * translated into block discard requests within backend code.
d6e0175c 359 */
cd063bef 360 if (flags[0] & 0x08) {
b753d643 361 if (!ops->execute_unmap)
cd063bef
NB		 362 return TCM_UNSUPPORTED_SCSI_OPCODE;
363
d0a91295
NB		 364 if (!dev->dev_attrib.emulate_tpws) {
365 pr_err("Got WRITE_SAME w/ UNMAP=1, but backend device"
366 " has emulate_tpws disabled\n");
367 return TCM_UNSUPPORTED_SCSI_OPCODE;
368 }
b753d643 369 cmd->execute_cmd = sbc_execute_write_same_unmap;
cd063bef 370 return 0;
d6e0175c 371 }
cd063bef
NB		 372 if (!ops->execute_write_same)
373 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c 374
afd73f1b
NB		 375 ret = sbc_check_prot(dev, cmd, &cmd->t_task_cdb[0], sectors, true);
376 if (ret)
377 return ret;
378
cd063bef 379 cmd->execute_cmd = ops->execute_write_same;
d6e0175c
CH		 380 return 0;
381}
382
057085e5
NB		 383static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
384 int *post_ret)
d6e0175c
CH		 385{
386 unsigned char *buf, *addr;
387 struct scatterlist *sg;
388 unsigned int offset;
a6b0133c
NB		 389 sense_reason_t ret = TCM_NO_SENSE;
390 int i, count;
d6e0175c
CH		 391 /*
392 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
393 *
394 * 1) read the specified logical block(s);
395 * 2) transfer logical blocks from the data-out buffer;
396 * 3) XOR the logical blocks transferred from the data-out buffer with
397 * the logical blocks read, storing the resulting XOR data in a buffer;
398 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
399 * blocks transferred from the data-out buffer; and
400 * 5) transfer the resulting XOR data to the data-in buffer.
401 */
402 buf = kmalloc(cmd->data_length, GFP_KERNEL);
403 if (!buf) {
404 pr_err("Unable to allocate xor_callback buf\n");
a6b0133c 405 return TCM_OUT_OF_RESOURCES;
d6e0175c
CH		 406 }
407 /*
408 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
409 * into the locally allocated *buf
410 */
411 sg_copy_to_buffer(cmd->t_data_sg,
412 cmd->t_data_nents,
413 buf,
414 cmd->data_length);
415
416 /*
417 * Now perform the XOR against the BIDI read memory located at
418 * cmd->t_mem_bidi_list
419 */
420
421 offset = 0;
422 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
423 addr = kmap_atomic(sg_page(sg));
a6b0133c
NB		 424 if (!addr) {
425 ret = TCM_OUT_OF_RESOURCES;
d6e0175c 426 goto out;
a6b0133c 427 }
d6e0175c
CH		 428
429 for (i = 0; i < sg->length; i++)
430 *(addr + sg->offset + i) ^= *(buf + offset + i);
431
432 offset += sg->length;
433 kunmap_atomic(addr);
434 }
435
436out:
437 kfree(buf);
a6b0133c 438 return ret;
d6e0175c
CH		 439}
440
a82a9538
NB		 441static sense_reason_t
442sbc_execute_rw(struct se_cmd *cmd)
443{
7a971b1b
CH		 444 struct sbc_ops *ops = cmd->protocol_data;
445
446 return ops->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents,
a82a9538
NB		 447 cmd->data_direction);
448}
449
057085e5
NB		 450static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
451 int *post_ret)
68ff9b9b
NB		 452{
453 struct se_device *dev = cmd->se_dev;
454
d8855c15
NB		 455 /*
456 * Only set SCF_COMPARE_AND_WRITE_POST to force a response fall-through
457 * within target_complete_ok_work() if the command was successfully
458 * sent to the backend driver.
459 */
460 spin_lock_irq(&cmd->t_state_lock);
057085e5 461 if ((cmd->transport_state & CMD_T_SENT) && !cmd->scsi_status) {
d8855c15 462 cmd->se_cmd_flags |= SCF_COMPARE_AND_WRITE_POST;
057085e5
NB		 463 *post_ret = 1;
464 }
d8855c15
NB		 465 spin_unlock_irq(&cmd->t_state_lock);
466
68ff9b9b
NB		 467 /*
468 * Unlock ->caw_sem originally obtained during sbc_compare_and_write()
469 * before the original READ I/O submission.
470 */
471 up(&dev->caw_sem);
472
473 return TCM_NO_SENSE;
474}
475
057085e5
NB		 476static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
477 int *post_ret)
68ff9b9b
NB		 478{
479 struct se_device *dev = cmd->se_dev;
480 struct scatterlist *write_sg = NULL, *sg;
db60df88 481 unsigned char *buf = NULL, *addr;
68ff9b9b
NB		 482 struct sg_mapping_iter m;
483 unsigned int offset = 0, len;
484 unsigned int nlbas = cmd->t_task_nolb;
485 unsigned int block_size = dev->dev_attrib.block_size;
486 unsigned int compare_len = (nlbas * block_size);
487 sense_reason_t ret = TCM_NO_SENSE;
488 int rc, i;
489
cf6d1f09
NB		 490 /*
491 * Handle early failure in transport_generic_request_failure(),
c8e63985 492 * which will not have taken ->caw_sem yet..
cf6d1f09 493 */
c8e63985 494 if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
cf6d1f09 495 return TCM_NO_SENSE;
c8e63985
NB		 496 /*
497 * Handle special case for zero-length COMPARE_AND_WRITE
498 */
499 if (!cmd->data_length)
500 goto out;
db60df88
NB		 501 /*
502 * Immediately exit + release dev->caw_sem if command has already
503 * been failed with a non-zero SCSI status.
504 */
505 if (cmd->scsi_status) {
506 pr_err("compare_and_write_callback: non zero scsi_status:"
507 " 0x%02x\n", cmd->scsi_status);
508 goto out;
509 }
cf6d1f09 510
68ff9b9b
NB		 511 buf = kzalloc(cmd->data_length, GFP_KERNEL);
512 if (!buf) {
513 pr_err("Unable to allocate compare_and_write buf\n");
a2890087
NB		 514 ret = TCM_OUT_OF_RESOURCES;
515 goto out;
68ff9b9b
NB		 516 }
517
a1e1774c 518 write_sg = kmalloc(sizeof(struct scatterlist) * cmd->t_data_nents,
68ff9b9b
NB		 519 GFP_KERNEL);
520 if (!write_sg) {
521 pr_err("Unable to allocate compare_and_write sg\n");
522 ret = TCM_OUT_OF_RESOURCES;
523 goto out;
524 }
a1e1774c 525 sg_init_table(write_sg, cmd->t_data_nents);
68ff9b9b
NB		 526 /*
527 * Setup verify and write data payloads from total NumberLBAs.
528 */
529 rc = sg_copy_to_buffer(cmd->t_data_sg, cmd->t_data_nents, buf,
530 cmd->data_length);
531 if (!rc) {
532 pr_err("sg_copy_to_buffer() failed for compare_and_write\n");
533 ret = TCM_OUT_OF_RESOURCES;
534 goto out;
535 }
536 /*
537 * Compare against SCSI READ payload against verify payload
538 */
539 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, i) {
540 addr = (unsigned char *)kmap_atomic(sg_page(sg));
541 if (!addr) {
542 ret = TCM_OUT_OF_RESOURCES;
543 goto out;
544 }
545
546 len = min(sg->length, compare_len);
547
548 if (memcmp(addr, buf + offset, len)) {
549 pr_warn("Detected MISCOMPARE for addr: %p buf: %p\n",
550 addr, buf + offset);
551 kunmap_atomic(addr);
552 goto miscompare;
553 }
554 kunmap_atomic(addr);
555
556 offset += len;
557 compare_len -= len;
558 if (!compare_len)
559 break;
560 }
561
562 i = 0;
563 len = cmd->t_task_nolb * block_size;
564 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG);
565 /*
566 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE..
567 */
568 while (len) {
569 sg_miter_next(&m);
570
571 if (block_size < PAGE_SIZE) {
572 sg_set_page(&write_sg[i], m.page, block_size,
d94e5a61 573 m.piter.sg->offset + block_size);
68ff9b9b
NB		 574 } else {
575 sg_miter_next(&m);
576 sg_set_page(&write_sg[i], m.page, block_size,
d94e5a61 577 m.piter.sg->offset);
68ff9b9b
NB		 578 }
579 len -= block_size;
580 i++;
581 }
582 sg_miter_stop(&m);
583 /*
584 * Save the original SGL + nents values before updating to new
585 * assignments, to be released in transport_free_pages() ->
586 * transport_reset_sgl_orig()
587 */
588 cmd->t_data_sg_orig = cmd->t_data_sg;
589 cmd->t_data_sg = write_sg;
590 cmd->t_data_nents_orig = cmd->t_data_nents;
591 cmd->t_data_nents = 1;
592
68d81f40 593 cmd->sam_task_attr = TCM_HEAD_TAG;
68ff9b9b
NB		 594 cmd->transport_complete_callback = compare_and_write_post;
595 /*
596 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler
597 * for submitting the adjusted SGL to write instance user-data.
598 */
599 cmd->execute_cmd = sbc_execute_rw;
600
601 spin_lock_irq(&cmd->t_state_lock);
602 cmd->t_state = TRANSPORT_PROCESSING;
603 cmd->transport_state |= CMD_T_ACTIVE|CMD_T_BUSY|CMD_T_SENT;
604 spin_unlock_irq(&cmd->t_state_lock);
605
dff0ca9e 606 __target_execute_cmd(cmd, false);
68ff9b9b
NB		 607
608 kfree(buf);
609 return ret;
610
611miscompare:
612 pr_warn("Target/%s: Send MISCOMPARE check condition and sense\n",
613 dev->transport->name);
614 ret = TCM_MISCOMPARE_VERIFY;
615out:
616 /*
617 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in
618 * sbc_compare_and_write() before the original READ I/O submission.
619 */
620 up(&dev->caw_sem);
621 kfree(write_sg);
622 kfree(buf);
623 return ret;
624}
625
626static sense_reason_t
627sbc_compare_and_write(struct se_cmd *cmd)
628{
7a971b1b 629 struct sbc_ops *ops = cmd->protocol_data;
68ff9b9b
NB		 630 struct se_device *dev = cmd->se_dev;
631 sense_reason_t ret;
632 int rc;
633 /*
634 * Submit the READ first for COMPARE_AND_WRITE to perform the
635 * comparision using SGLs at cmd->t_bidi_data_sg..
636 */
637 rc = down_interruptible(&dev->caw_sem);
ee7619f2 638 if (rc != 0) {
68ff9b9b
NB		 639 cmd->transport_complete_callback = NULL;
640 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
641 }
b7191253
NB		 642 /*
643 * Reset cmd->data_length to individual block_size in order to not
644 * confuse backend drivers that depend on this value matching the
645 * size of the I/O being submitted.
646 */
647 cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size;
68ff9b9b 648
7a971b1b 649 ret = ops->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents,
68ff9b9b
NB		 650 DMA_FROM_DEVICE);
651 if (ret) {
652 cmd->transport_complete_callback = NULL;
653 up(&dev->caw_sem);
654 return ret;
655 }
656 /*
657 * Unlock of dev->caw_sem to occur in compare_and_write_callback()
658 * upon MISCOMPARE, or in compare_and_write_done() upon completion
659 * of WRITE instance user-data.
660 */
661 return TCM_NO_SENSE;
662}
663
19f9361a 664static int
38b57f82 665sbc_set_prot_op_checks(u8 protect, bool fabric_prot, enum target_prot_type prot_type,
19f9361a
SG		 666 bool is_write, struct se_cmd *cmd)
667{
668 if (is_write) {
38b57f82
NB		 669 cmd->prot_op = fabric_prot ? TARGET_PROT_DOUT_STRIP :
670 protect ? TARGET_PROT_DOUT_PASS :
671 TARGET_PROT_DOUT_INSERT;
19f9361a
SG		 672 switch (protect) {
673 case 0x0:
674 case 0x3:
675 cmd->prot_checks = 0;
676 break;
677 case 0x1:
678 case 0x5:
679 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
680 if (prot_type == TARGET_DIF_TYPE1_PROT)
681 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
682 break;
683 case 0x2:
684 if (prot_type == TARGET_DIF_TYPE1_PROT)
685 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
686 break;
687 case 0x4:
688 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
689 break;
690 default:
691 pr_err("Unsupported protect field %d\n", protect);
692 return -EINVAL;
693 }
694 } else {
38b57f82
NB		 695 cmd->prot_op = fabric_prot ? TARGET_PROT_DIN_INSERT :
696 protect ? TARGET_PROT_DIN_PASS :
697 TARGET_PROT_DIN_STRIP;
19f9361a
SG		 698 switch (protect) {
699 case 0x0:
700 case 0x1:
701 case 0x5:
702 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
703 if (prot_type == TARGET_DIF_TYPE1_PROT)
704 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
705 break;
706 case 0x2:
707 if (prot_type == TARGET_DIF_TYPE1_PROT)
708 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
709 break;
710 case 0x3:
711 cmd->prot_checks = 0;
712 break;
713 case 0x4:
714 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
715 break;
716 default:
717 pr_err("Unsupported protect field %d\n", protect);
718 return -EINVAL;
719 }
720 }
721
722 return 0;
723}
724
f7b7c06f 725static sense_reason_t
499bf77b 726sbc_check_prot(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb,
19f9361a 727 u32 sectors, bool is_write)
499bf77b 728{
19f9361a 729 u8 protect = cdb[1] >> 5;
38b57f82
NB		 730 int sp_ops = cmd->se_sess->sup_prot_ops;
731 int pi_prot_type = dev->dev_attrib.pi_prot_type;
732 bool fabric_prot = false;
19f9361a 733
f7b7c06f 734 if (!cmd->t_prot_sg || !cmd->t_prot_nents) {
38b57f82
NB		 735 if (unlikely(protect &&
736 !dev->dev_attrib.pi_prot_type && !cmd->se_sess->sess_prot_type)) {
737 pr_err("CDB contains protect bit, but device + fabric does"
738 " not advertise PROTECT=1 feature bit\n");
f7b7c06f
NB		 739 return TCM_INVALID_CDB_FIELD;
740 }
741 if (cmd->prot_pto)
742 return TCM_NO_SENSE;
743 }
499bf77b
NB		 744
745 switch (dev->dev_attrib.pi_prot_type) {
746 case TARGET_DIF_TYPE3_PROT:
499bf77b
NB		 747 cmd->reftag_seed = 0xffffffff;
748 break;
749 case TARGET_DIF_TYPE2_PROT:
19f9361a 750 if (protect)
f7b7c06f 751 return TCM_INVALID_CDB_FIELD;
499bf77b
NB		 752
753 cmd->reftag_seed = cmd->t_task_lba;
754 break;
755 case TARGET_DIF_TYPE1_PROT:
499bf77b
NB		 756 cmd->reftag_seed = cmd->t_task_lba;
757 break;
758 case TARGET_DIF_TYPE0_PROT:
38b57f82
NB		 759 /*
760 * See if the fabric supports T10-PI, and the session has been
761 * configured to allow export PROTECT=1 feature bit with backend
762 * devices that don't support T10-PI.
763 */
764 fabric_prot = is_write ?
765 !!(sp_ops & (TARGET_PROT_DOUT_PASS | TARGET_PROT_DOUT_STRIP)) :
766 !!(sp_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DIN_INSERT));
767
768 if (fabric_prot && cmd->se_sess->sess_prot_type) {
769 pi_prot_type = cmd->se_sess->sess_prot_type;
770 break;
771 }
cceca4a6
NB		 772 if (!protect)
773 return TCM_NO_SENSE;
38b57f82 774 /* Fallthrough */
499bf77b 775 default:
cceca4a6
NB		 776 pr_err("Unable to determine pi_prot_type for CDB: 0x%02x "
777 "PROTECT: 0x%02x\n", cdb[0], protect);
778 return TCM_INVALID_CDB_FIELD;
499bf77b
NB		 779 }
780
38b57f82 781 if (sbc_set_prot_op_checks(protect, fabric_prot, pi_prot_type, is_write, cmd))
f7b7c06f 782 return TCM_INVALID_CDB_FIELD;
19f9361a 783
38b57f82 784 cmd->prot_type = pi_prot_type;
499bf77b 785 cmd->prot_length = dev->prot_length * sectors;
e2a4f55c
SG		 786
787 /**
788 * In case protection information exists over the wire
789 * we modify command data length to describe pure data.
790 * The actual transfer length is data length + protection
791 * length
792 **/
793 if (protect)
794 cmd->data_length = sectors * dev->dev_attrib.block_size;
795
796 pr_debug("%s: prot_type=%d, data_length=%d, prot_length=%d "
797 "prot_op=%d prot_checks=%d\n",
798 __func__, cmd->prot_type, cmd->data_length, cmd->prot_length,
03abad9e 799 cmd->prot_op, cmd->prot_checks);
499bf77b 800
f7b7c06f 801 return TCM_NO_SENSE;
499bf77b
NB		 802}
803
fde9f50f
NB		 804static int
805sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
806{
807 if (cdb[1] & 0x10) {
814e5b45
CH		 808 /* see explanation in spc_emulate_modesense */
809 if (!target_check_fua(dev)) {
fde9f50f
NB		 810 pr_err("Got CDB: 0x%02x with DPO bit set, but device"
811 " does not advertise support for DPO\n", cdb[0]);
812 return -EINVAL;
813 }
814 }
815 if (cdb[1] & 0x8) {
814e5b45 816 if (!target_check_fua(dev)) {
fde9f50f
NB		 817 pr_err("Got CDB: 0x%02x with FUA bit set, but device"
818 " does not advertise support for FUA write\n",
819 cdb[0]);
820 return -EINVAL;
821 }
822 cmd->se_cmd_flags |= SCF_FUA;
823 }
824 return 0;
499bf77b
NB		 825}
826
de103c93
CH		 827sense_reason_t
828sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
d6e0175c 829{
d6e0175c
CH		 830 struct se_device *dev = cmd->se_dev;
831 unsigned char *cdb = cmd->t_task_cdb;
1fd032ee 832 unsigned int size;
d6e0175c 833 u32 sectors = 0;
de103c93 834 sense_reason_t ret;
d6e0175c 835
7a971b1b
CH		 836 cmd->protocol_data = ops;
837
d6e0175c
CH		 838 switch (cdb[0]) {
839 case READ_6:
840 sectors = transport_get_sectors_6(cdb);
841 cmd->t_task_lba = transport_lba_21(cdb);
842 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 843 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 844 break;
845 case READ_10:
846 sectors = transport_get_sectors_10(cdb);
847 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 848
fde9f50f
NB		 849 if (sbc_check_dpofua(dev, cmd, cdb))
850 return TCM_INVALID_CDB_FIELD;
851
f7b7c06f
NB		 852 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
853 if (ret)
854 return ret;
499bf77b 855
d6e0175c 856 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 857 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 858 break;
859 case READ_12:
860 sectors = transport_get_sectors_12(cdb);
861 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 862
fde9f50f
NB		 863 if (sbc_check_dpofua(dev, cmd, cdb))
864 return TCM_INVALID_CDB_FIELD;
865
f7b7c06f
NB		 866 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
867 if (ret)
868 return ret;
499bf77b 869
d6e0175c 870 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 871 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 872 break;
873 case READ_16:
874 sectors = transport_get_sectors_16(cdb);
875 cmd->t_task_lba = transport_lba_64(cdb);
499bf77b 876
fde9f50f
NB		 877 if (sbc_check_dpofua(dev, cmd, cdb))
878 return TCM_INVALID_CDB_FIELD;
879
f7b7c06f
NB		 880 ret = sbc_check_prot(dev, cmd, cdb, sectors, false);
881 if (ret)
882 return ret;
499bf77b 883
d6e0175c 884 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 885 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 886 break;
887 case WRITE_6:
888 sectors = transport_get_sectors_6(cdb);
889 cmd->t_task_lba = transport_lba_21(cdb);
890 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 891 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 892 break;
893 case WRITE_10:
894 case WRITE_VERIFY:
895 sectors = transport_get_sectors_10(cdb);
896 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 897
fde9f50f
NB		 898 if (sbc_check_dpofua(dev, cmd, cdb))
899 return TCM_INVALID_CDB_FIELD;
900
f7b7c06f
NB		 901 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
902 if (ret)
903 return ret;
499bf77b 904
d6e0175c 905 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 906 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 907 break;
908 case WRITE_12:
909 sectors = transport_get_sectors_12(cdb);
910 cmd->t_task_lba = transport_lba_32(cdb);
499bf77b 911
fde9f50f
NB		 912 if (sbc_check_dpofua(dev, cmd, cdb))
913 return TCM_INVALID_CDB_FIELD;
914
f7b7c06f
NB		 915 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
916 if (ret)
917 return ret;
499bf77b 918
d6e0175c 919 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 920 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 921 break;
922 case WRITE_16:
923 sectors = transport_get_sectors_16(cdb);
924 cmd->t_task_lba = transport_lba_64(cdb);
499bf77b 925
fde9f50f
NB		 926 if (sbc_check_dpofua(dev, cmd, cdb))
927 return TCM_INVALID_CDB_FIELD;
928
f7b7c06f
NB		 929 ret = sbc_check_prot(dev, cmd, cdb, sectors, true);
930 if (ret)
931 return ret;
499bf77b 932
d6e0175c 933 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
a82a9538 934 cmd->execute_cmd = sbc_execute_rw;
d6e0175c
CH		 935 break;
936 case XDWRITEREAD_10:
de103c93 937 if (cmd->data_direction != DMA_TO_DEVICE ||
d6e0175c 938 !(cmd->se_cmd_flags & SCF_BIDI))
de103c93 939 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 940 sectors = transport_get_sectors_10(cdb);
941
fde9f50f
NB		 942 if (sbc_check_dpofua(dev, cmd, cdb))
943 return TCM_INVALID_CDB_FIELD;
944
d6e0175c
CH		 945 cmd->t_task_lba = transport_lba_32(cdb);
946 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
947
948 /*
949 * Setup BIDI XOR callback to be run after I/O completion.
950 */
a82a9538 951 cmd->execute_cmd = sbc_execute_rw;
d6e0175c 952 cmd->transport_complete_callback = &xdreadwrite_callback;
d6e0175c
CH		 953 break;
954 case VARIABLE_LENGTH_CMD:
955 {
956 u16 service_action = get_unaligned_be16(&cdb[8]);
957 switch (service_action) {
958 case XDWRITEREAD_32:
959 sectors = transport_get_sectors_32(cdb);
960
fde9f50f
NB		 961 if (sbc_check_dpofua(dev, cmd, cdb))
962 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 963 /*
964 * Use WRITE_32 and READ_32 opcodes for the emulated
965 * XDWRITE_READ_32 logic.
966 */
967 cmd->t_task_lba = transport_lba_64_ext(cdb);
968 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
969
970 /*
971 * Setup BIDI XOR callback to be run during after I/O
972 * completion.
973 */
a82a9538 974 cmd->execute_cmd = sbc_execute_rw;
d6e0175c 975 cmd->transport_complete_callback = &xdreadwrite_callback;
d6e0175c
CH		 976 break;
977 case WRITE_SAME_32:
978 sectors = transport_get_sectors_32(cdb);
979 if (!sectors) {
980 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
981 " supported\n");
de103c93 982 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 983 }
984
1fd032ee 985 size = sbc_get_size(cmd, 1);
d6e0175c
CH		 986 cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
987
cd063bef 988 ret = sbc_setup_write_same(cmd, &cdb[10], ops);
6b64e1fe 989 if (ret)
cd063bef 990 return ret;
d6e0175c
CH		 991 break;
992 default:
993 pr_err("VARIABLE_LENGTH_CMD service action"
994 " 0x%04x not supported\n", service_action);
de103c93 995 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c
CH		 996 }
997 break;
998 }
68ff9b9b
NB		 999 case COMPARE_AND_WRITE:
1000 sectors = cdb[13];
1001 /*
1002 * Currently enforce COMPARE_AND_WRITE for a single sector
1003 */
1004 if (sectors > 1) {
1005 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater"
1006 " than 1\n", sectors);
1007 return TCM_INVALID_CDB_FIELD;
1008 }
ab81a5e0
DD		 1009 if (sbc_check_dpofua(dev, cmd, cdb))
1010 return TCM_INVALID_CDB_FIELD;
1011
68ff9b9b
NB		 1012 /*
1013 * Double size because we have two buffers, note that
1014 * zero is not an error..
1015 */
1016 size = 2 * sbc_get_size(cmd, sectors);
1017 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1018 cmd->t_task_nolb = sectors;
1019 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE;
68ff9b9b
NB		 1020 cmd->execute_cmd = sbc_compare_and_write;
1021 cmd->transport_complete_callback = compare_and_write_callback;
1022 break;
d6e0175c 1023 case READ_CAPACITY:
1fd032ee
CH		 1024 size = READ_CAP_LEN;
1025 cmd->execute_cmd = sbc_emulate_readcapacity;
d6e0175c 1026 break;
eb846d9f 1027 case SERVICE_ACTION_IN_16:
d6e0175c
CH		 1028 switch (cmd->t_task_cdb[1] & 0x1f) {
1029 case SAI_READ_CAPACITY_16:
1fd032ee 1030 cmd->execute_cmd = sbc_emulate_readcapacity_16;
d6e0175c 1031 break;
c66094bf
HR		 1032 case SAI_REPORT_REFERRALS:
1033 cmd->execute_cmd = target_emulate_report_referrals;
1034 break;
d6e0175c
CH		 1035 default:
1036 pr_err("Unsupported SA: 0x%02x\n",
1037 cmd->t_task_cdb[1] & 0x1f);
de103c93 1038 return TCM_INVALID_CDB_FIELD;
d6e0175c 1039 }
1fd032ee 1040 size = (cdb[10] << 24) | (cdb[11] << 16) |
d6e0175c
CH		 1041 (cdb[12] << 8) | cdb[13];
1042 break;
1043 case SYNCHRONIZE_CACHE:
1044 case SYNCHRONIZE_CACHE_16:
d6e0175c
CH		 1045 if (cdb[0] == SYNCHRONIZE_CACHE) {
1046 sectors = transport_get_sectors_10(cdb);
1047 cmd->t_task_lba = transport_lba_32(cdb);
1048 } else {
1049 sectors = transport_get_sectors_16(cdb);
1050 cmd->t_task_lba = transport_lba_64(cdb);
1051 }
6ef31dc7
CVB		 1052 if (ops->execute_sync_cache) {
1053 cmd->execute_cmd = ops->execute_sync_cache;
1054 goto check_lba;
d6e0175c 1055 }
6ef31dc7
CVB		 1056 size = 0;
1057 cmd->execute_cmd = sbc_emulate_noop;
d6e0175c
CH		 1058 break;
1059 case UNMAP:
14150a6b 1060 if (!ops->execute_unmap)
de103c93 1061 return TCM_UNSUPPORTED_SCSI_OPCODE;
14150a6b 1062
61fdb4ac
NB		 1063 if (!dev->dev_attrib.emulate_tpu) {
1064 pr_err("Got UNMAP, but backend device has"
1065 " emulate_tpu disabled\n");
1066 return TCM_UNSUPPORTED_SCSI_OPCODE;
1067 }
1fd032ee 1068 size = get_unaligned_be16(&cdb[7]);
62e46942 1069 cmd->execute_cmd = sbc_execute_unmap;
d6e0175c
CH		 1070 break;
1071 case WRITE_SAME_16:
1072 sectors = transport_get_sectors_16(cdb);
1073 if (!sectors) {
1074 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
de103c93 1075 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 1076 }
1077
1fd032ee 1078 size = sbc_get_size(cmd, 1);
d6e0175c
CH		 1079 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1080
cd063bef 1081 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
6b64e1fe 1082 if (ret)
cd063bef 1083 return ret;
d6e0175c
CH		 1084 break;
1085 case WRITE_SAME:
1086 sectors = transport_get_sectors_10(cdb);
1087 if (!sectors) {
1088 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
de103c93 1089 return TCM_INVALID_CDB_FIELD;
d6e0175c
CH		 1090 }
1091
1fd032ee 1092 size = sbc_get_size(cmd, 1);
d6e0175c
CH		 1093 cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
1094
1095 /*
1096 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
1097 * of byte 1 bit 3 UNMAP instead of original reserved field
1098 */
cd063bef 1099 ret = sbc_setup_write_same(cmd, &cdb[1], ops);
6b64e1fe 1100 if (ret)
cd063bef 1101 return ret;
d6e0175c
CH		 1102 break;
1103 case VERIFY:
1fd032ee 1104 size = 0;
c52716de
CVB		 1105 sectors = transport_get_sectors_10(cdb);
1106 cmd->t_task_lba = transport_lba_32(cdb);
1920ed61 1107 cmd->execute_cmd = sbc_emulate_noop;
c52716de 1108 goto check_lba;
1a1ff38c
BK		 1109 case REZERO_UNIT:
1110 case SEEK_6:
1111 case SEEK_10:
1112 /*
1113 * There are still clients out there which use these old SCSI-2
1114 * commands. This mainly happens when running VMs with legacy
1115 * guest systems, connected via SCSI command pass-through to
1116 * iSCSI targets. Make them happy and return status GOOD.
1117 */
1118 size = 0;
1119 cmd->execute_cmd = sbc_emulate_noop;
1120 break;
45182ed5
BB		 1121 case START_STOP:
1122 size = 0;
1123 cmd->execute_cmd = sbc_emulate_startstop;
1124 break;
d6e0175c 1125 default:
1fd032ee 1126 ret = spc_parse_cdb(cmd, &size);
d6e0175c
CH		 1127 if (ret)
1128 return ret;
1129 }
1130
1131 /* reject any command that we don't have a handler for */
20959c4b 1132 if (!cmd->execute_cmd)
de103c93 1133 return TCM_UNSUPPORTED_SCSI_OPCODE;
d6e0175c
CH		 1134
1135 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1fd032ee 1136 unsigned long long end_lba;
6ef31dc7 1137check_lba:
1fd032ee 1138 end_lba = dev->transport->get_blocks(dev) + 1;
aa179935
NB		 1139 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
1140 ((cmd->t_task_lba + sectors) > end_lba)) {
1fd032ee
CH		 1141 pr_err("cmd exceeds last lba %llu "
1142 "(lba %llu, sectors %u)\n",
1143 end_lba, cmd->t_task_lba, sectors);
09ceadc7 1144 return TCM_ADDRESS_OUT_OF_RANGE;
1fd032ee
CH		 1145 }
1146
68ff9b9b
NB		 1147 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
1148 size = sbc_get_size(cmd, sectors);
d6e0175c
CH		 1149 }
1150
de103c93 1151 return target_cmd_size_check(cmd, size);
d6e0175c
CH		 1152}
1153EXPORT_SYMBOL(sbc_parse_cdb);
6f23ac8a 1154
6f23ac8a
CH		 1155u32 sbc_get_device_type(struct se_device *dev)
1156{
1157 return TYPE_DISK;
1158}
1159EXPORT_SYMBOL(sbc_get_device_type);
86d71829 1160
62e46942
CH		 1161static sense_reason_t
1162sbc_execute_unmap(struct se_cmd *cmd)
86d71829 1163{
62e46942 1164 struct sbc_ops *ops = cmd->protocol_data;
86d71829
AH		 1165 struct se_device *dev = cmd->se_dev;
1166 unsigned char *buf, *ptr = NULL;
1167 sector_t lba;
1168 int size;
1169 u32 range;
1170 sense_reason_t ret = 0;
1171 int dl, bd_dl;
1172
1173 /* We never set ANC_SUP */
1174 if (cmd->t_task_cdb[1])
1175 return TCM_INVALID_CDB_FIELD;
1176
1177 if (cmd->data_length == 0) {
1178 target_complete_cmd(cmd, SAM_STAT_GOOD);
1179 return 0;
1180 }
1181
1182 if (cmd->data_length < 8) {
1183 pr_warn("UNMAP parameter list length %u too small\n",
1184 cmd->data_length);
1185 return TCM_PARAMETER_LIST_LENGTH_ERROR;
1186 }
1187
1188 buf = transport_kmap_data_sg(cmd);
1189 if (!buf)
1190 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1191
1192 dl = get_unaligned_be16(&buf[0]);
1193 bd_dl = get_unaligned_be16(&buf[2]);
1194
1195 size = cmd->data_length - 8;
1196 if (bd_dl > size)
1197 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n",
1198 cmd->data_length, bd_dl);
1199 else
1200 size = bd_dl;
1201
1202 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) {
1203 ret = TCM_INVALID_PARAMETER_LIST;
1204 goto err;
1205 }
1206
1207 /* First UNMAP block descriptor starts at 8 byte offset */
1208 ptr = &buf[8];
1209 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u"
1210 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1211
1212 while (size >= 16) {
1213 lba = get_unaligned_be64(&ptr[0]);
1214 range = get_unaligned_be32(&ptr[8]);
1215 pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1216 (unsigned long long)lba, range);
1217
1218 if (range > dev->dev_attrib.max_unmap_lba_count) {
1219 ret = TCM_INVALID_PARAMETER_LIST;
1220 goto err;
1221 }
1222
1223 if (lba + range > dev->transport->get_blocks(dev) + 1) {
1224 ret = TCM_ADDRESS_OUT_OF_RANGE;
1225 goto err;
1226 }
1227
62e46942 1228 ret = ops->execute_unmap(cmd, lba, range);
86d71829
AH		 1229 if (ret)
1230 goto err;
1231
1232 ptr += 16;
1233 size -= 16;
1234 }
1235
1236err:
1237 transport_kunmap_data_sg(cmd);
1238 if (!ret)
1239 target_complete_cmd(cmd, GOOD);
1240 return ret;
1241}
41861fa8 1242
66a3d5bc
NB		 1243void
1244sbc_dif_generate(struct se_cmd *cmd)
1245{
1246 struct se_device *dev = cmd->se_dev;
fe052a18 1247 struct t10_pi_tuple *sdt;
18213afb 1248 struct scatterlist *dsg = cmd->t_data_sg, *psg;
66a3d5bc
NB		 1249 sector_t sector = cmd->t_task_lba;
1250 void *daddr, *paddr;
1251 int i, j, offset = 0;
18213afb 1252 unsigned int block_size = dev->dev_attrib.block_size;
66a3d5bc 1253
18213afb 1254 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
66a3d5bc 1255 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
18213afb 1256 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
66a3d5bc 1257
18213afb 1258 for (j = 0; j < psg->length;
fe052a18 1259 j += sizeof(*sdt)) {
18213afb
AM		 1260 __u16 crc;
1261 unsigned int avail;
66a3d5bc 1262
18213afb
AM		 1263 if (offset >= dsg->length) {
1264 offset -= dsg->length;
1265 kunmap_atomic(daddr - dsg->offset);
1266 dsg = sg_next(dsg);
1267 if (!dsg) {
1268 kunmap_atomic(paddr - psg->offset);
1269 return;
1270 }
1271 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
66a3d5bc 1272 }
66a3d5bc 1273
18213afb
AM		 1274 sdt = paddr + j;
1275 avail = min(block_size, dsg->length - offset);
1276 crc = crc_t10dif(daddr + offset, avail);
1277 if (avail < block_size) {
1278 kunmap_atomic(daddr - dsg->offset);
1279 dsg = sg_next(dsg);
1280 if (!dsg) {
1281 kunmap_atomic(paddr - psg->offset);
1282 return;
1283 }
1284 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1285 offset = block_size - avail;
1286 crc = crc_t10dif_update(crc, daddr, offset);
1287 } else {
1288 offset += block_size;
66a3d5bc
NB		 1289 }
1290
18213afb 1291 sdt->guard_tag = cpu_to_be16(crc);
823ddd87 1292 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT)
66a3d5bc
NB		 1293 sdt->ref_tag = cpu_to_be32(sector & 0xffffffff);
1294 sdt->app_tag = 0;
1295
6ae50408 1296 pr_debug("DIF %s INSERT sector: %llu guard_tag: 0x%04x"
66a3d5bc 1297 " app_tag: 0x%04x ref_tag: %u\n",
6ae50408
NB		 1298 (cmd->data_direction == DMA_TO_DEVICE) ?
1299 "WRITE" : "READ", (unsigned long long)sector,
1300 sdt->guard_tag, sdt->app_tag,
1301 be32_to_cpu(sdt->ref_tag));
66a3d5bc
NB		 1302
1303 sector++;
66a3d5bc
NB		 1304 }
1305
18213afb
AM		 1306 kunmap_atomic(daddr - dsg->offset);
1307 kunmap_atomic(paddr - psg->offset);
66a3d5bc
NB		 1308 }
1309}
1310
41861fa8 1311static sense_reason_t
fe052a18 1312sbc_dif_v1_verify(struct se_cmd *cmd, struct t10_pi_tuple *sdt,
18213afb 1313 __u16 crc, sector_t sector, unsigned int ei_lba)
41861fa8 1314{
41861fa8
NB		 1315 __be16 csum;
1316
d7a463b0
NB		 1317 if (!(cmd->prot_checks & TARGET_DIF_CHECK_GUARD))
1318 goto check_ref;
1319
18213afb 1320 csum = cpu_to_be16(crc);
41861fa8
NB		 1321
1322 if (sdt->guard_tag != csum) {
1323 pr_err("DIFv1 checksum failed on sector %llu guard tag 0x%04x"
1324 " csum 0x%04x\n", (unsigned long long)sector,
1325 be16_to_cpu(sdt->guard_tag), be16_to_cpu(csum));
1326 return TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED;
1327 }
1328
d7a463b0
NB		 1329check_ref:
1330 if (!(cmd->prot_checks & TARGET_DIF_CHECK_REFTAG))
1331 return 0;
1332
823ddd87 1333 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT &&
41861fa8
NB		 1334 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
1335 pr_err("DIFv1 Type 1 reference failed on sector: %llu tag: 0x%08x"
1336 " sector MSB: 0x%08x\n", (unsigned long long)sector,
1337 be32_to_cpu(sdt->ref_tag), (u32)(sector & 0xffffffff));
1338 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1339 }
1340
823ddd87 1341 if (cmd->prot_type == TARGET_DIF_TYPE2_PROT &&
41861fa8
NB		 1342 be32_to_cpu(sdt->ref_tag) != ei_lba) {
1343 pr_err("DIFv1 Type 2 reference failed on sector: %llu tag: 0x%08x"
1344 " ei_lba: 0x%08x\n", (unsigned long long)sector,
1345 be32_to_cpu(sdt->ref_tag), ei_lba);
1346 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1347 }
1348
1349 return 0;
1350}
1351
f75b6fae
SG		 1352void sbc_dif_copy_prot(struct se_cmd *cmd, unsigned int sectors, bool read,
1353 struct scatterlist *sg, int sg_off)
41861fa8
NB		 1354{
1355 struct se_device *dev = cmd->se_dev;
1356 struct scatterlist *psg;
1357 void *paddr, *addr;
1358 unsigned int i, len, left;
10762e80 1359 unsigned int offset = sg_off;
41861fa8 1360
38b57f82
NB		 1361 if (!sg)
1362 return;
1363
41861fa8
NB		 1364 left = sectors * dev->prot_length;
1365
1366 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
16c0ae02 1367 unsigned int psg_len, copied = 0;
d6a65fdc 1368
41861fa8 1369 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
16c0ae02
SG		 1370 psg_len = min(left, psg->length);
1371 while (psg_len) {
1372 len = min(psg_len, sg->length - offset);
1373 addr = kmap_atomic(sg_page(sg)) + sg->offset + offset;
1374
1375 if (read)
1376 memcpy(paddr + copied, addr, len);
1377 else
1378 memcpy(addr, paddr + copied, len);
1379
1380 left -= len;
1381 offset += len;
1382 copied += len;
1383 psg_len -= len;
1384
57636388
AM		 1385 kunmap_atomic(addr - sg->offset - offset);
1386
16c0ae02
SG		 1387 if (offset >= sg->length) {
1388 sg = sg_next(sg);
1389 offset = 0;
1390 }
16c0ae02 1391 }
57636388 1392 kunmap_atomic(paddr - psg->offset);
41861fa8
NB		 1393 }
1394}
f75b6fae 1395EXPORT_SYMBOL(sbc_dif_copy_prot);
41861fa8
NB		 1396
1397sense_reason_t
f75b6fae 1398sbc_dif_verify(struct se_cmd *cmd, sector_t start, unsigned int sectors,
414e4627 1399 unsigned int ei_lba, struct scatterlist *psg, int psg_off)
41861fa8
NB		 1400{
1401 struct se_device *dev = cmd->se_dev;
fe052a18 1402 struct t10_pi_tuple *sdt;
18213afb 1403 struct scatterlist *dsg = cmd->t_data_sg;
41861fa8
NB		 1404 sector_t sector = start;
1405 void *daddr, *paddr;
18213afb 1406 int i;
41861fa8 1407 sense_reason_t rc;
18213afb
AM		 1408 int dsg_off = 0;
1409 unsigned int block_size = dev->dev_attrib.block_size;
41861fa8 1410
18213afb 1411 for (; psg && sector < start + sectors; psg = sg_next(psg)) {
41861fa8 1412 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
41861fa8 1413 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
41861fa8 1414
18213afb
AM		 1415 for (i = psg_off; i < psg->length &&
1416 sector < start + sectors;
fe052a18 1417 i += sizeof(*sdt)) {
18213afb
AM		 1418 __u16 crc;
1419 unsigned int avail;
41861fa8 1420
18213afb
AM		 1421 if (dsg_off >= dsg->length) {
1422 dsg_off -= dsg->length;
1423 kunmap_atomic(daddr - dsg->offset);
1424 dsg = sg_next(dsg);
1425 if (!dsg) {
1426 kunmap_atomic(paddr - psg->offset);
1427 return 0;
1428 }
1429 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
41861fa8
NB		 1430 }
1431
18213afb 1432 sdt = paddr + i;
41861fa8
NB		 1433
1434 pr_debug("DIF READ sector: %llu guard_tag: 0x%04x"
1435 " app_tag: 0x%04x ref_tag: %u\n",
1436 (unsigned long long)sector, sdt->guard_tag,
1437 sdt->app_tag, be32_to_cpu(sdt->ref_tag));
1438
1439 if (sdt->app_tag == cpu_to_be16(0xffff)) {
18213afb
AM		 1440 dsg_off += block_size;
1441 goto next;
1442 }
1443
1444 avail = min(block_size, dsg->length - dsg_off);
1445 crc = crc_t10dif(daddr + dsg_off, avail);
1446 if (avail < block_size) {
1447 kunmap_atomic(daddr - dsg->offset);
1448 dsg = sg_next(dsg);
1449 if (!dsg) {
1450 kunmap_atomic(paddr - psg->offset);
1451 return 0;
1452 }
1453 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1454 dsg_off = block_size - avail;
1455 crc = crc_t10dif_update(crc, daddr, dsg_off);
1456 } else {
1457 dsg_off += block_size;
41861fa8
NB		 1458 }
1459
18213afb 1460 rc = sbc_dif_v1_verify(cmd, sdt, crc, sector, ei_lba);
41861fa8 1461 if (rc) {
414e4627 1462 kunmap_atomic(daddr - dsg->offset);
18213afb 1463 kunmap_atomic(paddr - psg->offset);
76736db3 1464 cmd->bad_sector = sector;
41861fa8
NB		 1465 return rc;
1466 }
18213afb 1467next:
41861fa8
NB		 1468 sector++;
1469 ei_lba++;
41861fa8
NB		 1470 }
1471
18213afb 1472 psg_off = 0;
414e4627 1473 kunmap_atomic(daddr - dsg->offset);
18213afb 1474 kunmap_atomic(paddr - psg->offset);
41861fa8 1475 }
41861fa8
NB		 1476
1477 return 0;
1478}
f75b6fae 1479EXPORT_SYMBOL(sbc_dif_verify);
Linux 6.x block layer and io_uring tree(s)