1 // SPDX-License-Identifier: GPL-2.0+
2 /*******************************************************************************
3 * Vhost kernel TCM fabric driver for virtio SCSI initiators
5 * (C) Copyright 2010-2013 Datera, Inc.
6 * (C) Copyright 2010-2012 IBM Corp.
8 * Authors: Nicholas A. Bellinger <nab@daterainc.com>
9 * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
10 ****************************************************************************/
12 #include <linux/module.h>
13 #include <linux/moduleparam.h>
14 #include <generated/utsrelease.h>
15 #include <linux/utsname.h>
16 #include <linux/init.h>
17 #include <linux/slab.h>
18 #include <linux/kthread.h>
19 #include <linux/types.h>
20 #include <linux/string.h>
21 #include <linux/configfs.h>
22 #include <linux/ctype.h>
23 #include <linux/compat.h>
24 #include <linux/eventfd.h>
26 #include <linux/vmalloc.h>
27 #include <linux/miscdevice.h>
28 #include <linux/blk_types.h>
29 #include <linux/bio.h>
30 #include <asm/unaligned.h>
31 #include <scsi/scsi_common.h>
32 #include <scsi/scsi_proto.h>
33 #include <target/target_core_base.h>
34 #include <target/target_core_fabric.h>
35 #include <linux/vhost.h>
36 #include <linux/virtio_scsi.h>
37 #include <linux/llist.h>
38 #include <linux/bitmap.h>
42 #define VHOST_SCSI_VERSION "v0.1"
43 #define VHOST_SCSI_NAMELEN 256
44 #define VHOST_SCSI_MAX_CDB_SIZE 32
45 #define VHOST_SCSI_PREALLOC_SGLS 2048
46 #define VHOST_SCSI_PREALLOC_UPAGES 2048
47 #define VHOST_SCSI_PREALLOC_PROT_SGLS 2048
49 /* Max number of requests before requeueing the job.
50 * Using this limit prevents one virtqueue from starving others with
53 #define VHOST_SCSI_WEIGHT 256
55 struct vhost_scsi_inflight {
56 /* Wait for the flush operation to finish */
57 struct completion comp;
58 /* Refcount for the inflight reqs */
62 struct vhost_scsi_cmd {
63 /* Descriptor from vhost_get_vq_desc() for virt_queue segment */
65 /* virtio-scsi initiator task attribute */
67 /* virtio-scsi response incoming iovecs */
69 /* virtio-scsi initiator data direction */
70 enum dma_data_direction tvc_data_direction;
71 /* Expected data transfer length from virtio-scsi header */
73 /* The Tag from include/linux/virtio_scsi.h:struct virtio_scsi_cmd_req */
75 /* The number of scatterlists associated with this cmd */
77 u32 tvc_prot_sgl_count;
78 /* Saved unpacked SCSI LUN for vhost_scsi_target_queue_cmd() */
81 const void *saved_iter_addr;
82 struct iov_iter saved_iter;
83 /* Pointer to the SGL formatted memory from virtio-scsi */
84 struct scatterlist *tvc_sgl;
85 struct scatterlist *tvc_prot_sgl;
86 struct page **tvc_upages;
87 /* Pointer to response header iovec */
88 struct iovec *tvc_resp_iov;
89 /* Pointer to vhost_scsi for our device */
90 struct vhost_scsi *tvc_vhost;
91 /* Pointer to vhost_virtqueue for the cmd */
92 struct vhost_virtqueue *tvc_vq;
93 /* Pointer to vhost nexus memory */
94 struct vhost_scsi_nexus *tvc_nexus;
95 /* The TCM I/O descriptor that is accessed via container_of() */
96 struct se_cmd tvc_se_cmd;
97 /* Copy of the incoming SCSI command descriptor block (CDB) */
98 unsigned char tvc_cdb[VHOST_SCSI_MAX_CDB_SIZE];
99 /* Sense buffer that will be mapped into outgoing status */
100 unsigned char tvc_sense_buf[TRANSPORT_SENSE_BUFFER];
101 /* Completed commands list, serviced from vhost worker thread */
102 struct llist_node tvc_completion_list;
103 /* Used to track inflight cmd */
104 struct vhost_scsi_inflight *inflight;
107 struct vhost_scsi_nexus {
108 /* Pointer to TCM session for I_T Nexus */
109 struct se_session *tvn_se_sess;
112 struct vhost_scsi_tpg {
113 /* Vhost port target portal group tag for TCM */
115 /* Used to track number of TPG Port/Lun Links wrt to explict I_T Nexus shutdown */
116 int tv_tpg_port_count;
117 /* Used for vhost_scsi device reference to tpg_nexus, protected by tv_tpg_mutex */
118 int tv_tpg_vhost_count;
119 /* Used for enabling T10-PI with legacy devices */
120 int tv_fabric_prot_type;
121 /* list for vhost_scsi_list */
122 struct list_head tv_tpg_list;
123 /* Used to protect access for tpg_nexus */
124 struct mutex tv_tpg_mutex;
125 /* Pointer to the TCM VHost I_T Nexus for this TPG endpoint */
126 struct vhost_scsi_nexus *tpg_nexus;
127 /* Pointer back to vhost_scsi_tport */
128 struct vhost_scsi_tport *tport;
129 /* Returned by vhost_scsi_make_tpg() */
130 struct se_portal_group se_tpg;
131 /* Pointer back to vhost_scsi, protected by tv_tpg_mutex */
132 struct vhost_scsi *vhost_scsi;
135 struct vhost_scsi_tport {
136 /* SCSI protocol the tport is providing */
138 /* Binary World Wide unique Port Name for Vhost Target port */
140 /* ASCII formatted WWPN for Vhost Target port */
141 char tport_name[VHOST_SCSI_NAMELEN];
142 /* Returned by vhost_scsi_make_tport() */
143 struct se_wwn tport_wwn;
146 struct vhost_scsi_evt {
147 /* event to be sent to guest */
148 struct virtio_scsi_event event;
149 /* event list, serviced from vhost worker thread */
150 struct llist_node list;
154 VHOST_SCSI_VQ_CTL = 0,
155 VHOST_SCSI_VQ_EVT = 1,
156 VHOST_SCSI_VQ_IO = 2,
159 /* Note: can't set VIRTIO_F_VERSION_1 yet, since that implies ANY_LAYOUT. */
161 VHOST_SCSI_FEATURES = VHOST_FEATURES | (1ULL << VIRTIO_SCSI_F_HOTPLUG) |
162 (1ULL << VIRTIO_SCSI_F_T10_PI)
165 #define VHOST_SCSI_MAX_TARGET 256
166 #define VHOST_SCSI_MAX_IO_VQ 1024
167 #define VHOST_SCSI_MAX_EVENT 128
169 static unsigned vhost_scsi_max_io_vqs = 128;
170 module_param_named(max_io_vqs, vhost_scsi_max_io_vqs, uint, 0644);
171 MODULE_PARM_DESC(max_io_vqs, "Set the max number of IO virtqueues a vhost scsi device can support. The default is 128. The max is 1024.");
173 struct vhost_scsi_virtqueue {
174 struct vhost_virtqueue vq;
175 struct vhost_scsi *vs;
177 * Reference counting for inflight reqs, used for flush operation. At
178 * each time, one reference tracks new commands submitted, while we
179 * wait for another one to reach 0.
181 struct vhost_scsi_inflight inflights[2];
183 * Indicate current inflight in use, protected by vq->mutex.
184 * Writers must also take dev mutex and flush under it.
187 struct vhost_scsi_cmd *scsi_cmds;
188 struct sbitmap scsi_tags;
191 struct vhost_work completion_work;
192 struct llist_head completion_list;
196 /* Protected by vhost_scsi->dev.mutex */
197 struct vhost_scsi_tpg **vs_tpg;
198 char vs_vhost_wwpn[TRANSPORT_IQN_LEN];
200 struct vhost_dev dev;
201 struct vhost_scsi_virtqueue *vqs;
202 struct vhost_scsi_inflight **old_inflight;
204 struct vhost_work vs_event_work; /* evt injection work item */
205 struct llist_head vs_event_list; /* evt injection queue */
207 bool vs_events_missed; /* any missed events, protected by vq->mutex */
208 int vs_events_nr; /* num of pending events, protected by vq->mutex */
211 struct vhost_scsi_tmf {
212 struct vhost_work vwork;
213 struct work_struct flush_work;
214 struct vhost_scsi *vhost;
215 struct vhost_scsi_virtqueue *svq;
217 struct se_cmd se_cmd;
219 struct vhost_scsi_inflight *inflight;
220 struct iovec resp_iov;
226 * Context for processing request and control queue operations.
228 struct vhost_scsi_ctx {
230 unsigned int out, in;
231 size_t req_size, rsp_size;
232 size_t out_size, in_size;
235 struct iov_iter out_iter;
239 * Global mutex to protect vhost_scsi TPG list for vhost IOCTLs and LIO
240 * configfs management operations.
242 static DEFINE_MUTEX(vhost_scsi_mutex);
243 static LIST_HEAD(vhost_scsi_list);
245 static void vhost_scsi_done_inflight(struct kref *kref)
247 struct vhost_scsi_inflight *inflight;
249 inflight = container_of(kref, struct vhost_scsi_inflight, kref);
250 complete(&inflight->comp);
253 static void vhost_scsi_init_inflight(struct vhost_scsi *vs,
254 struct vhost_scsi_inflight *old_inflight[])
256 struct vhost_scsi_inflight *new_inflight;
257 struct vhost_virtqueue *vq;
260 for (i = 0; i < vs->dev.nvqs; i++) {
263 mutex_lock(&vq->mutex);
265 /* store old infight */
266 idx = vs->vqs[i].inflight_idx;
268 old_inflight[i] = &vs->vqs[i].inflights[idx];
270 /* setup new infight */
271 vs->vqs[i].inflight_idx = idx ^ 1;
272 new_inflight = &vs->vqs[i].inflights[idx ^ 1];
273 kref_init(&new_inflight->kref);
274 init_completion(&new_inflight->comp);
276 mutex_unlock(&vq->mutex);
280 static struct vhost_scsi_inflight *
281 vhost_scsi_get_inflight(struct vhost_virtqueue *vq)
283 struct vhost_scsi_inflight *inflight;
284 struct vhost_scsi_virtqueue *svq;
286 svq = container_of(vq, struct vhost_scsi_virtqueue, vq);
287 inflight = &svq->inflights[svq->inflight_idx];
288 kref_get(&inflight->kref);
293 static void vhost_scsi_put_inflight(struct vhost_scsi_inflight *inflight)
295 kref_put(&inflight->kref, vhost_scsi_done_inflight);
298 static int vhost_scsi_check_true(struct se_portal_group *se_tpg)
303 static char *vhost_scsi_get_fabric_wwn(struct se_portal_group *se_tpg)
305 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
306 struct vhost_scsi_tpg, se_tpg);
307 struct vhost_scsi_tport *tport = tpg->tport;
309 return &tport->tport_name[0];
312 static u16 vhost_scsi_get_tpgt(struct se_portal_group *se_tpg)
314 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
315 struct vhost_scsi_tpg, se_tpg);
316 return tpg->tport_tpgt;
319 static int vhost_scsi_check_prot_fabric_only(struct se_portal_group *se_tpg)
321 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
322 struct vhost_scsi_tpg, se_tpg);
324 return tpg->tv_fabric_prot_type;
327 static void vhost_scsi_release_cmd_res(struct se_cmd *se_cmd)
329 struct vhost_scsi_cmd *tv_cmd = container_of(se_cmd,
330 struct vhost_scsi_cmd, tvc_se_cmd);
331 struct vhost_scsi_virtqueue *svq = container_of(tv_cmd->tvc_vq,
332 struct vhost_scsi_virtqueue, vq);
333 struct vhost_scsi_inflight *inflight = tv_cmd->inflight;
336 if (tv_cmd->tvc_sgl_count) {
337 for (i = 0; i < tv_cmd->tvc_sgl_count; i++) {
338 if (tv_cmd->copied_iov)
339 __free_page(sg_page(&tv_cmd->tvc_sgl[i]));
341 put_page(sg_page(&tv_cmd->tvc_sgl[i]));
343 kfree(tv_cmd->saved_iter_addr);
345 if (tv_cmd->tvc_prot_sgl_count) {
346 for (i = 0; i < tv_cmd->tvc_prot_sgl_count; i++)
347 put_page(sg_page(&tv_cmd->tvc_prot_sgl[i]));
350 sbitmap_clear_bit(&svq->scsi_tags, se_cmd->map_tag);
351 vhost_scsi_put_inflight(inflight);
354 static void vhost_scsi_release_tmf_res(struct vhost_scsi_tmf *tmf)
356 struct vhost_scsi_inflight *inflight = tmf->inflight;
359 vhost_scsi_put_inflight(inflight);
362 static void vhost_scsi_drop_cmds(struct vhost_scsi_virtqueue *svq)
364 struct vhost_scsi_cmd *cmd, *t;
365 struct llist_node *llnode;
367 llnode = llist_del_all(&svq->completion_list);
368 llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list)
369 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd);
372 static void vhost_scsi_release_cmd(struct se_cmd *se_cmd)
374 if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) {
375 struct vhost_scsi_tmf *tmf = container_of(se_cmd,
376 struct vhost_scsi_tmf, se_cmd);
378 schedule_work(&tmf->flush_work);
380 struct vhost_scsi_cmd *cmd = container_of(se_cmd,
381 struct vhost_scsi_cmd, tvc_se_cmd);
382 struct vhost_scsi_virtqueue *svq = container_of(cmd->tvc_vq,
383 struct vhost_scsi_virtqueue, vq);
385 llist_add(&cmd->tvc_completion_list, &svq->completion_list);
386 if (!vhost_vq_work_queue(&svq->vq, &svq->completion_work))
387 vhost_scsi_drop_cmds(svq);
391 static int vhost_scsi_write_pending(struct se_cmd *se_cmd)
393 /* Go ahead and process the write immediately */
394 target_execute_cmd(se_cmd);
398 static int vhost_scsi_queue_data_in(struct se_cmd *se_cmd)
400 transport_generic_free_cmd(se_cmd, 0);
404 static int vhost_scsi_queue_status(struct se_cmd *se_cmd)
406 transport_generic_free_cmd(se_cmd, 0);
410 static void vhost_scsi_queue_tm_rsp(struct se_cmd *se_cmd)
412 struct vhost_scsi_tmf *tmf = container_of(se_cmd, struct vhost_scsi_tmf,
415 tmf->scsi_resp = se_cmd->se_tmr_req->response;
416 transport_generic_free_cmd(&tmf->se_cmd, 0);
419 static void vhost_scsi_aborted_task(struct se_cmd *se_cmd)
424 static void vhost_scsi_free_evt(struct vhost_scsi *vs, struct vhost_scsi_evt *evt)
430 static struct vhost_scsi_evt *
431 vhost_scsi_allocate_evt(struct vhost_scsi *vs,
432 u32 event, u32 reason)
434 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
435 struct vhost_scsi_evt *evt;
437 if (vs->vs_events_nr > VHOST_SCSI_MAX_EVENT) {
438 vs->vs_events_missed = true;
442 evt = kzalloc(sizeof(*evt), GFP_KERNEL);
444 vq_err(vq, "Failed to allocate vhost_scsi_evt\n");
445 vs->vs_events_missed = true;
449 evt->event.event = cpu_to_vhost32(vq, event);
450 evt->event.reason = cpu_to_vhost32(vq, reason);
456 static int vhost_scsi_check_stop_free(struct se_cmd *se_cmd)
458 return target_put_sess_cmd(se_cmd);
462 vhost_scsi_do_evt_work(struct vhost_scsi *vs, struct vhost_scsi_evt *evt)
464 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
465 struct virtio_scsi_event *event = &evt->event;
466 struct virtio_scsi_event __user *eventp;
470 if (!vhost_vq_get_backend(vq)) {
471 vs->vs_events_missed = true;
476 vhost_disable_notify(&vs->dev, vq);
477 head = vhost_get_vq_desc(vq, vq->iov,
478 ARRAY_SIZE(vq->iov), &out, &in,
481 vs->vs_events_missed = true;
484 if (head == vq->num) {
485 if (vhost_enable_notify(&vs->dev, vq))
487 vs->vs_events_missed = true;
491 if ((vq->iov[out].iov_len != sizeof(struct virtio_scsi_event))) {
492 vq_err(vq, "Expecting virtio_scsi_event, got %zu bytes\n",
493 vq->iov[out].iov_len);
494 vs->vs_events_missed = true;
498 if (vs->vs_events_missed) {
499 event->event |= cpu_to_vhost32(vq, VIRTIO_SCSI_T_EVENTS_MISSED);
500 vs->vs_events_missed = false;
503 eventp = vq->iov[out].iov_base;
504 ret = __copy_to_user(eventp, event, sizeof(*event));
506 vhost_add_used_and_signal(&vs->dev, vq, head, 0);
508 vq_err(vq, "Faulted on vhost_scsi_send_event\n");
511 static void vhost_scsi_complete_events(struct vhost_scsi *vs, bool drop)
513 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
514 struct vhost_scsi_evt *evt, *t;
515 struct llist_node *llnode;
517 mutex_lock(&vq->mutex);
518 llnode = llist_del_all(&vs->vs_event_list);
519 llist_for_each_entry_safe(evt, t, llnode, list) {
521 vhost_scsi_do_evt_work(vs, evt);
522 vhost_scsi_free_evt(vs, evt);
524 mutex_unlock(&vq->mutex);
527 static void vhost_scsi_evt_work(struct vhost_work *work)
529 struct vhost_scsi *vs = container_of(work, struct vhost_scsi,
531 vhost_scsi_complete_events(vs, false);
534 static int vhost_scsi_copy_sgl_to_iov(struct vhost_scsi_cmd *cmd)
536 struct iov_iter *iter = &cmd->saved_iter;
537 struct scatterlist *sg = cmd->tvc_sgl;
542 for (i = 0; i < cmd->tvc_sgl_count; i++) {
543 page = sg_page(&sg[i]);
546 if (copy_page_to_iter(page, 0, len, iter) != len) {
547 pr_err("Could not copy data while handling misaligned cmd. Error %zu\n",
556 /* Fill in status and signal that we are done processing this command
558 * This is scheduled in the vhost work queue so we are called with the owner
559 * process mm and can access the vring.
561 static void vhost_scsi_complete_cmd_work(struct vhost_work *work)
563 struct vhost_scsi_virtqueue *svq = container_of(work,
564 struct vhost_scsi_virtqueue, completion_work);
565 struct virtio_scsi_cmd_resp v_rsp;
566 struct vhost_scsi_cmd *cmd, *t;
567 struct llist_node *llnode;
568 struct se_cmd *se_cmd;
569 struct iov_iter iov_iter;
573 llnode = llist_del_all(&svq->completion_list);
574 llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list) {
575 se_cmd = &cmd->tvc_se_cmd;
577 pr_debug("%s tv_cmd %p resid %u status %#02x\n", __func__,
578 cmd, se_cmd->residual_count, se_cmd->scsi_status);
579 memset(&v_rsp, 0, sizeof(v_rsp));
581 if (cmd->saved_iter_addr && vhost_scsi_copy_sgl_to_iov(cmd)) {
582 v_rsp.response = VIRTIO_SCSI_S_BAD_TARGET;
584 v_rsp.resid = cpu_to_vhost32(cmd->tvc_vq,
585 se_cmd->residual_count);
586 /* TODO is status_qualifier field needed? */
587 v_rsp.status = se_cmd->scsi_status;
588 v_rsp.sense_len = cpu_to_vhost32(cmd->tvc_vq,
589 se_cmd->scsi_sense_length);
590 memcpy(v_rsp.sense, cmd->tvc_sense_buf,
591 se_cmd->scsi_sense_length);
594 iov_iter_init(&iov_iter, ITER_DEST, cmd->tvc_resp_iov,
595 cmd->tvc_in_iovs, sizeof(v_rsp));
596 ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter);
597 if (likely(ret == sizeof(v_rsp))) {
600 vhost_add_used(cmd->tvc_vq, cmd->tvc_vq_desc, 0);
602 pr_err("Faulted on virtio_scsi_cmd_resp\n");
604 vhost_scsi_release_cmd_res(se_cmd);
608 vhost_signal(&svq->vs->dev, &svq->vq);
611 static struct vhost_scsi_cmd *
612 vhost_scsi_get_cmd(struct vhost_virtqueue *vq, struct vhost_scsi_tpg *tpg,
613 unsigned char *cdb, u64 scsi_tag, u16 lun, u8 task_attr,
614 u32 exp_data_len, int data_direction)
616 struct vhost_scsi_virtqueue *svq = container_of(vq,
617 struct vhost_scsi_virtqueue, vq);
618 struct vhost_scsi_cmd *cmd;
619 struct vhost_scsi_nexus *tv_nexus;
620 struct scatterlist *sg, *prot_sg;
621 struct iovec *tvc_resp_iov;
625 tv_nexus = tpg->tpg_nexus;
627 pr_err("Unable to locate active struct vhost_scsi_nexus\n");
628 return ERR_PTR(-EIO);
631 tag = sbitmap_get(&svq->scsi_tags);
633 pr_err("Unable to obtain tag for vhost_scsi_cmd\n");
634 return ERR_PTR(-ENOMEM);
637 cmd = &svq->scsi_cmds[tag];
639 prot_sg = cmd->tvc_prot_sgl;
640 pages = cmd->tvc_upages;
641 tvc_resp_iov = cmd->tvc_resp_iov;
642 memset(cmd, 0, sizeof(*cmd));
644 cmd->tvc_prot_sgl = prot_sg;
645 cmd->tvc_upages = pages;
646 cmd->tvc_se_cmd.map_tag = tag;
647 cmd->tvc_tag = scsi_tag;
649 cmd->tvc_task_attr = task_attr;
650 cmd->tvc_exp_data_len = exp_data_len;
651 cmd->tvc_data_direction = data_direction;
652 cmd->tvc_nexus = tv_nexus;
653 cmd->inflight = vhost_scsi_get_inflight(vq);
654 cmd->tvc_resp_iov = tvc_resp_iov;
656 memcpy(cmd->tvc_cdb, cdb, VHOST_SCSI_MAX_CDB_SIZE);
662 * Map a user memory range into a scatterlist
664 * Returns the number of scatterlist entries used or -errno on error.
667 vhost_scsi_map_to_sgl(struct vhost_scsi_cmd *cmd,
668 struct iov_iter *iter,
669 struct scatterlist *sgl,
672 struct page **pages = cmd->tvc_upages;
673 struct scatterlist *sg = sgl;
674 ssize_t bytes, mapped_bytes;
675 size_t offset, mapped_offset;
676 unsigned int npages = 0;
678 bytes = iov_iter_get_pages2(iter, pages, LONG_MAX,
679 VHOST_SCSI_PREALLOC_UPAGES, &offset);
680 /* No pages were pinned */
682 return bytes < 0 ? bytes : -EFAULT;
684 mapped_bytes = bytes;
685 mapped_offset = offset;
688 unsigned n = min_t(unsigned, PAGE_SIZE - offset, bytes);
690 * The block layer requires bios/requests to be a multiple of
691 * 512 bytes, but Windows can send us vecs that are misaligned.
692 * This can result in bios and later requests with misaligned
693 * sizes if we have to break up a cmd/scatterlist into multiple
696 * We currently only break up a command into multiple bios if
697 * we hit the vec/seg limit, so check if our sgl_count is
698 * greater than the max and if a vec in the cmd has a
699 * misaligned offset/size.
702 (offset & (SECTOR_SIZE - 1) || n & (SECTOR_SIZE - 1)) &&
703 cmd->tvc_sgl_count > BIO_MAX_VECS) {
705 "vhost-scsi detected misaligned IO. Performance may be degraded.");
706 goto revert_iter_get_pages;
709 sg_set_page(sg++, pages[npages++], n, offset);
716 revert_iter_get_pages:
717 iov_iter_revert(iter, mapped_bytes);
720 while (mapped_bytes) {
721 unsigned int n = min_t(unsigned int, PAGE_SIZE - mapped_offset,
724 put_page(pages[npages++]);
734 vhost_scsi_calc_sgls(struct iov_iter *iter, size_t bytes, int max_sgls)
738 if (!iter || !iter_iov(iter)) {
739 pr_err("%s: iter->iov is NULL, but expected bytes: %zu"
740 " present\n", __func__, bytes);
744 sgl_count = iov_iter_npages(iter, 0xffff);
745 if (sgl_count > max_sgls) {
746 pr_err("%s: requested sgl_count: %d exceeds pre-allocated"
747 " max_sgls: %d\n", __func__, sgl_count, max_sgls);
754 vhost_scsi_copy_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter,
755 struct scatterlist *sg, int sg_count)
757 size_t len = iov_iter_count(iter);
758 unsigned int nbytes = 0;
762 if (cmd->tvc_data_direction == DMA_FROM_DEVICE) {
763 cmd->saved_iter_addr = dup_iter(&cmd->saved_iter, iter,
765 if (!cmd->saved_iter_addr)
769 for (i = 0; i < sg_count; i++) {
770 page = alloc_page(GFP_KERNEL);
776 nbytes = min_t(unsigned int, PAGE_SIZE, len);
777 sg_set_page(&sg[i], page, nbytes, 0);
779 if (cmd->tvc_data_direction == DMA_TO_DEVICE &&
780 copy_page_from_iter(page, 0, nbytes, iter) != nbytes)
790 pr_err("Could not read %u bytes while handling misaligned cmd\n",
794 __free_page(sg_page(&sg[i]));
795 kfree(cmd->saved_iter_addr);
800 vhost_scsi_map_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter,
801 struct scatterlist *sg, int sg_count, bool is_prot)
803 struct scatterlist *p = sg;
807 while (iov_iter_count(iter)) {
808 ret = vhost_scsi_map_to_sgl(cmd, iter, sg, is_prot);
813 struct page *page = sg_page(p);
817 revert_bytes += p->length;
822 iov_iter_revert(iter, revert_bytes);
832 vhost_scsi_mapal(struct vhost_scsi_cmd *cmd,
833 size_t prot_bytes, struct iov_iter *prot_iter,
834 size_t data_bytes, struct iov_iter *data_iter)
839 sgl_count = vhost_scsi_calc_sgls(prot_iter, prot_bytes,
840 VHOST_SCSI_PREALLOC_PROT_SGLS);
844 sg_init_table(cmd->tvc_prot_sgl, sgl_count);
845 cmd->tvc_prot_sgl_count = sgl_count;
846 pr_debug("%s prot_sg %p prot_sgl_count %u\n", __func__,
847 cmd->tvc_prot_sgl, cmd->tvc_prot_sgl_count);
849 ret = vhost_scsi_map_iov_to_sgl(cmd, prot_iter,
851 cmd->tvc_prot_sgl_count, true);
853 cmd->tvc_prot_sgl_count = 0;
857 sgl_count = vhost_scsi_calc_sgls(data_iter, data_bytes,
858 VHOST_SCSI_PREALLOC_SGLS);
862 sg_init_table(cmd->tvc_sgl, sgl_count);
863 cmd->tvc_sgl_count = sgl_count;
864 pr_debug("%s data_sg %p data_sgl_count %u\n", __func__,
865 cmd->tvc_sgl, cmd->tvc_sgl_count);
867 ret = vhost_scsi_map_iov_to_sgl(cmd, data_iter, cmd->tvc_sgl,
868 cmd->tvc_sgl_count, false);
869 if (ret == -EINVAL) {
870 sg_init_table(cmd->tvc_sgl, cmd->tvc_sgl_count);
871 ret = vhost_scsi_copy_iov_to_sgl(cmd, data_iter, cmd->tvc_sgl,
876 cmd->tvc_sgl_count = 0;
882 static int vhost_scsi_to_tcm_attr(int attr)
885 case VIRTIO_SCSI_S_SIMPLE:
886 return TCM_SIMPLE_TAG;
887 case VIRTIO_SCSI_S_ORDERED:
888 return TCM_ORDERED_TAG;
889 case VIRTIO_SCSI_S_HEAD:
891 case VIRTIO_SCSI_S_ACA:
896 return TCM_SIMPLE_TAG;
899 static void vhost_scsi_target_queue_cmd(struct vhost_scsi_cmd *cmd)
901 struct se_cmd *se_cmd = &cmd->tvc_se_cmd;
902 struct vhost_scsi_nexus *tv_nexus;
903 struct scatterlist *sg_ptr, *sg_prot_ptr = NULL;
905 /* FIXME: BIDI operation */
906 if (cmd->tvc_sgl_count) {
907 sg_ptr = cmd->tvc_sgl;
909 if (cmd->tvc_prot_sgl_count)
910 sg_prot_ptr = cmd->tvc_prot_sgl;
912 se_cmd->prot_pto = true;
916 tv_nexus = cmd->tvc_nexus;
919 target_init_cmd(se_cmd, tv_nexus->tvn_se_sess, &cmd->tvc_sense_buf[0],
920 cmd->tvc_lun, cmd->tvc_exp_data_len,
921 vhost_scsi_to_tcm_attr(cmd->tvc_task_attr),
922 cmd->tvc_data_direction, TARGET_SCF_ACK_KREF);
924 if (target_submit_prep(se_cmd, cmd->tvc_cdb, sg_ptr,
925 cmd->tvc_sgl_count, NULL, 0, sg_prot_ptr,
926 cmd->tvc_prot_sgl_count, GFP_KERNEL))
929 target_submit(se_cmd);
933 vhost_scsi_send_bad_target(struct vhost_scsi *vs,
934 struct vhost_virtqueue *vq,
935 int head, unsigned out)
937 struct virtio_scsi_cmd_resp __user *resp;
938 struct virtio_scsi_cmd_resp rsp;
941 memset(&rsp, 0, sizeof(rsp));
942 rsp.response = VIRTIO_SCSI_S_BAD_TARGET;
943 resp = vq->iov[out].iov_base;
944 ret = __copy_to_user(resp, &rsp, sizeof(rsp));
946 vhost_add_used_and_signal(&vs->dev, vq, head, 0);
948 pr_err("Faulted on virtio_scsi_cmd_resp\n");
952 vhost_scsi_get_desc(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
953 struct vhost_scsi_ctx *vc)
957 vc->head = vhost_get_vq_desc(vq, vq->iov,
958 ARRAY_SIZE(vq->iov), &vc->out, &vc->in,
961 pr_debug("vhost_get_vq_desc: head: %d, out: %u in: %u\n",
962 vc->head, vc->out, vc->in);
964 /* On error, stop handling until the next kick. */
965 if (unlikely(vc->head < 0))
968 /* Nothing new? Wait for eventfd to tell us they refilled. */
969 if (vc->head == vq->num) {
970 if (unlikely(vhost_enable_notify(&vs->dev, vq))) {
971 vhost_disable_notify(&vs->dev, vq);
978 * Get the size of request and response buffers.
979 * FIXME: Not correct for BIDI operation
981 vc->out_size = iov_length(vq->iov, vc->out);
982 vc->in_size = iov_length(&vq->iov[vc->out], vc->in);
985 * Copy over the virtio-scsi request header, which for a
986 * ANY_LAYOUT enabled guest may span multiple iovecs, or a
987 * single iovec may contain both the header + outgoing
990 * copy_from_iter() will advance out_iter, so that it will
991 * point at the start of the outgoing WRITE payload, if
992 * DMA_TO_DEVICE is set.
994 iov_iter_init(&vc->out_iter, ITER_SOURCE, vq->iov, vc->out, vc->out_size);
1002 vhost_scsi_chk_size(struct vhost_virtqueue *vq, struct vhost_scsi_ctx *vc)
1004 if (unlikely(vc->in_size < vc->rsp_size)) {
1006 "Response buf too small, need min %zu bytes got %zu",
1007 vc->rsp_size, vc->in_size);
1009 } else if (unlikely(vc->out_size < vc->req_size)) {
1011 "Request buf too small, need min %zu bytes got %zu",
1012 vc->req_size, vc->out_size);
1020 vhost_scsi_get_req(struct vhost_virtqueue *vq, struct vhost_scsi_ctx *vc,
1021 struct vhost_scsi_tpg **tpgp)
1025 if (unlikely(!copy_from_iter_full(vc->req, vc->req_size,
1027 vq_err(vq, "Faulted on copy_from_iter_full\n");
1028 } else if (unlikely(*vc->lunp != 1)) {
1029 /* virtio-scsi spec requires byte 0 of the lun to be 1 */
1030 vq_err(vq, "Illegal virtio-scsi lun: %u\n", *vc->lunp);
1032 struct vhost_scsi_tpg **vs_tpg, *tpg;
1034 vs_tpg = vhost_vq_get_backend(vq); /* validated at handler entry */
1036 tpg = READ_ONCE(vs_tpg[*vc->target]);
1037 if (unlikely(!tpg)) {
1038 vq_err(vq, "Target 0x%x does not exist\n", *vc->target);
1049 static u16 vhost_buf_to_lun(u8 *lun_buf)
1051 return ((lun_buf[2] << 8) | lun_buf[3]) & 0x3FFF;
1055 vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
1057 struct vhost_scsi_tpg **vs_tpg, *tpg;
1058 struct virtio_scsi_cmd_req v_req;
1059 struct virtio_scsi_cmd_req_pi v_req_pi;
1060 struct vhost_scsi_ctx vc;
1061 struct vhost_scsi_cmd *cmd;
1062 struct iov_iter in_iter, prot_iter, data_iter;
1064 u32 exp_data_len, data_direction;
1065 int ret, prot_bytes, i, c = 0;
1068 bool t10_pi = vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI);
1071 mutex_lock(&vq->mutex);
1073 * We can handle the vq only after the endpoint is setup by calling the
1074 * VHOST_SCSI_SET_ENDPOINT ioctl.
1076 vs_tpg = vhost_vq_get_backend(vq);
1080 memset(&vc, 0, sizeof(vc));
1081 vc.rsp_size = sizeof(struct virtio_scsi_cmd_resp);
1083 vhost_disable_notify(&vs->dev, vq);
1086 ret = vhost_scsi_get_desc(vs, vq, &vc);
1091 * Setup pointers and values based upon different virtio-scsi
1092 * request header if T10_PI is enabled in KVM guest.
1096 vc.req_size = sizeof(v_req_pi);
1097 vc.lunp = &v_req_pi.lun[0];
1098 vc.target = &v_req_pi.lun[1];
1101 vc.req_size = sizeof(v_req);
1102 vc.lunp = &v_req.lun[0];
1103 vc.target = &v_req.lun[1];
1107 * Validate the size of request and response buffers.
1108 * Check for a sane response buffer so we can report
1109 * early errors back to the guest.
1111 ret = vhost_scsi_chk_size(vq, &vc);
1115 ret = vhost_scsi_get_req(vq, &vc, &tpg);
1119 ret = -EIO; /* bad target on any error from here on */
1122 * Determine data_direction by calculating the total outgoing
1123 * iovec sizes + incoming iovec sizes vs. virtio-scsi request +
1124 * response headers respectively.
1126 * For DMA_TO_DEVICE this is out_iter, which is already pointing
1127 * to the right place.
1129 * For DMA_FROM_DEVICE, the iovec will be just past the end
1130 * of the virtio-scsi response header in either the same
1131 * or immediately following iovec.
1133 * Any associated T10_PI bytes for the outgoing / incoming
1134 * payloads are included in calculation of exp_data_len here.
1138 if (vc.out_size > vc.req_size) {
1139 data_direction = DMA_TO_DEVICE;
1140 exp_data_len = vc.out_size - vc.req_size;
1141 data_iter = vc.out_iter;
1142 } else if (vc.in_size > vc.rsp_size) {
1143 data_direction = DMA_FROM_DEVICE;
1144 exp_data_len = vc.in_size - vc.rsp_size;
1146 iov_iter_init(&in_iter, ITER_DEST, &vq->iov[vc.out], vc.in,
1147 vc.rsp_size + exp_data_len);
1148 iov_iter_advance(&in_iter, vc.rsp_size);
1149 data_iter = in_iter;
1151 data_direction = DMA_NONE;
1155 * If T10_PI header + payload is present, setup prot_iter values
1156 * and recalculate data_iter for vhost_scsi_mapal() mapping to
1157 * host scatterlists via get_user_pages_fast().
1160 if (v_req_pi.pi_bytesout) {
1161 if (data_direction != DMA_TO_DEVICE) {
1162 vq_err(vq, "Received non zero pi_bytesout,"
1163 " but wrong data_direction\n");
1166 prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesout);
1167 } else if (v_req_pi.pi_bytesin) {
1168 if (data_direction != DMA_FROM_DEVICE) {
1169 vq_err(vq, "Received non zero pi_bytesin,"
1170 " but wrong data_direction\n");
1173 prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesin);
1176 * Set prot_iter to data_iter and truncate it to
1177 * prot_bytes, and advance data_iter past any
1178 * preceding prot_bytes that may be present.
1180 * Also fix up the exp_data_len to reflect only the
1181 * actual data payload length.
1184 exp_data_len -= prot_bytes;
1185 prot_iter = data_iter;
1186 iov_iter_truncate(&prot_iter, prot_bytes);
1187 iov_iter_advance(&data_iter, prot_bytes);
1189 tag = vhost64_to_cpu(vq, v_req_pi.tag);
1190 task_attr = v_req_pi.task_attr;
1191 cdb = &v_req_pi.cdb[0];
1192 lun = vhost_buf_to_lun(v_req_pi.lun);
1194 tag = vhost64_to_cpu(vq, v_req.tag);
1195 task_attr = v_req.task_attr;
1196 cdb = &v_req.cdb[0];
1197 lun = vhost_buf_to_lun(v_req.lun);
1200 * Check that the received CDB size does not exceeded our
1201 * hardcoded max for vhost-scsi, then get a pre-allocated
1202 * cmd descriptor for the new virtio-scsi tag.
1204 * TODO what if cdb was too small for varlen cdb header?
1206 if (unlikely(scsi_command_size(cdb) > VHOST_SCSI_MAX_CDB_SIZE)) {
1207 vq_err(vq, "Received SCSI CDB with command_size: %d that"
1208 " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n",
1209 scsi_command_size(cdb), VHOST_SCSI_MAX_CDB_SIZE);
1212 cmd = vhost_scsi_get_cmd(vq, tpg, cdb, tag, lun, task_attr,
1213 exp_data_len + prot_bytes,
1216 vq_err(vq, "vhost_scsi_get_cmd failed %ld\n",
1220 cmd->tvc_vhost = vs;
1222 for (i = 0; i < vc.in ; i++)
1223 cmd->tvc_resp_iov[i] = vq->iov[vc.out + i];
1224 cmd->tvc_in_iovs = vc.in;
1226 pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n",
1227 cmd->tvc_cdb[0], cmd->tvc_lun);
1228 pr_debug("cmd: %p exp_data_len: %d, prot_bytes: %d data_direction:"
1229 " %d\n", cmd, exp_data_len, prot_bytes, data_direction);
1231 if (data_direction != DMA_NONE) {
1232 if (unlikely(vhost_scsi_mapal(cmd, prot_bytes,
1233 &prot_iter, exp_data_len,
1235 vq_err(vq, "Failed to map iov to sgl\n");
1236 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd);
1241 * Save the descriptor from vhost_get_vq_desc() to be used to
1242 * complete the virtio-scsi request in TCM callback context via
1243 * vhost_scsi_queue_data_in() and vhost_scsi_queue_status()
1245 cmd->tvc_vq_desc = vc.head;
1246 vhost_scsi_target_queue_cmd(cmd);
1250 * ENXIO: No more requests, or read error, wait for next kick
1251 * EINVAL: Invalid response buffer, drop the request
1252 * EIO: Respond with bad target
1253 * EAGAIN: Pending request
1257 else if (ret == -EIO)
1258 vhost_scsi_send_bad_target(vs, vq, vc.head, vc.out);
1259 } while (likely(!vhost_exceeds_weight(vq, ++c, 0)));
1261 mutex_unlock(&vq->mutex);
1265 vhost_scsi_send_tmf_resp(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
1266 int in_iovs, int vq_desc, struct iovec *resp_iov,
1269 struct virtio_scsi_ctrl_tmf_resp rsp;
1270 struct iov_iter iov_iter;
1273 pr_debug("%s\n", __func__);
1274 memset(&rsp, 0, sizeof(rsp));
1275 rsp.response = tmf_resp_code;
1277 iov_iter_init(&iov_iter, ITER_DEST, resp_iov, in_iovs, sizeof(rsp));
1279 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter);
1280 if (likely(ret == sizeof(rsp)))
1281 vhost_add_used_and_signal(&vs->dev, vq, vq_desc, 0);
1283 pr_err("Faulted on virtio_scsi_ctrl_tmf_resp\n");
1286 static void vhost_scsi_tmf_resp_work(struct vhost_work *work)
1288 struct vhost_scsi_tmf *tmf = container_of(work, struct vhost_scsi_tmf,
1292 if (tmf->scsi_resp == TMR_FUNCTION_COMPLETE)
1293 resp_code = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
1295 resp_code = VIRTIO_SCSI_S_FUNCTION_REJECTED;
1297 vhost_scsi_send_tmf_resp(tmf->vhost, &tmf->svq->vq, tmf->in_iovs,
1298 tmf->vq_desc, &tmf->resp_iov, resp_code);
1299 vhost_scsi_release_tmf_res(tmf);
1302 static void vhost_scsi_tmf_flush_work(struct work_struct *work)
1304 struct vhost_scsi_tmf *tmf = container_of(work, struct vhost_scsi_tmf,
1306 struct vhost_virtqueue *vq = &tmf->svq->vq;
1308 * Make sure we have sent responses for other commands before we
1309 * send our response.
1311 vhost_dev_flush(vq->dev);
1312 if (!vhost_vq_work_queue(vq, &tmf->vwork))
1313 vhost_scsi_release_tmf_res(tmf);
1317 vhost_scsi_handle_tmf(struct vhost_scsi *vs, struct vhost_scsi_tpg *tpg,
1318 struct vhost_virtqueue *vq,
1319 struct virtio_scsi_ctrl_tmf_req *vtmf,
1320 struct vhost_scsi_ctx *vc)
1322 struct vhost_scsi_virtqueue *svq = container_of(vq,
1323 struct vhost_scsi_virtqueue, vq);
1324 struct vhost_scsi_tmf *tmf;
1326 if (vhost32_to_cpu(vq, vtmf->subtype) !=
1327 VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET)
1330 if (!tpg->tpg_nexus || !tpg->tpg_nexus->tvn_se_sess) {
1331 pr_err("Unable to locate active struct vhost_scsi_nexus for LUN RESET.\n");
1335 tmf = kzalloc(sizeof(*tmf), GFP_KERNEL);
1339 INIT_WORK(&tmf->flush_work, vhost_scsi_tmf_flush_work);
1340 vhost_work_init(&tmf->vwork, vhost_scsi_tmf_resp_work);
1343 tmf->resp_iov = vq->iov[vc->out];
1344 tmf->vq_desc = vc->head;
1345 tmf->in_iovs = vc->in;
1346 tmf->inflight = vhost_scsi_get_inflight(vq);
1348 if (target_submit_tmr(&tmf->se_cmd, tpg->tpg_nexus->tvn_se_sess, NULL,
1349 vhost_buf_to_lun(vtmf->lun), NULL,
1350 TMR_LUN_RESET, GFP_KERNEL, 0,
1351 TARGET_SCF_ACK_KREF) < 0) {
1352 vhost_scsi_release_tmf_res(tmf);
1359 vhost_scsi_send_tmf_resp(vs, vq, vc->in, vc->head, &vq->iov[vc->out],
1360 VIRTIO_SCSI_S_FUNCTION_REJECTED);
1364 vhost_scsi_send_an_resp(struct vhost_scsi *vs,
1365 struct vhost_virtqueue *vq,
1366 struct vhost_scsi_ctx *vc)
1368 struct virtio_scsi_ctrl_an_resp rsp;
1369 struct iov_iter iov_iter;
1372 pr_debug("%s\n", __func__);
1373 memset(&rsp, 0, sizeof(rsp)); /* event_actual = 0 */
1374 rsp.response = VIRTIO_SCSI_S_OK;
1376 iov_iter_init(&iov_iter, ITER_DEST, &vq->iov[vc->out], vc->in, sizeof(rsp));
1378 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter);
1379 if (likely(ret == sizeof(rsp)))
1380 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0);
1382 pr_err("Faulted on virtio_scsi_ctrl_an_resp\n");
1386 vhost_scsi_ctl_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
1388 struct vhost_scsi_tpg *tpg;
1391 struct virtio_scsi_ctrl_an_req an;
1392 struct virtio_scsi_ctrl_tmf_req tmf;
1394 struct vhost_scsi_ctx vc;
1398 mutex_lock(&vq->mutex);
1400 * We can handle the vq only after the endpoint is setup by calling the
1401 * VHOST_SCSI_SET_ENDPOINT ioctl.
1403 if (!vhost_vq_get_backend(vq))
1406 memset(&vc, 0, sizeof(vc));
1408 vhost_disable_notify(&vs->dev, vq);
1411 ret = vhost_scsi_get_desc(vs, vq, &vc);
1416 * Get the request type first in order to setup
1417 * other parameters dependent on the type.
1419 vc.req = &v_req.type;
1420 typ_size = sizeof(v_req.type);
1422 if (unlikely(!copy_from_iter_full(vc.req, typ_size,
1424 vq_err(vq, "Faulted on copy_from_iter tmf type\n");
1426 * The size of the response buffer depends on the
1427 * request type and must be validated against it.
1428 * Since the request type is not known, don't send
1434 switch (vhost32_to_cpu(vq, v_req.type)) {
1435 case VIRTIO_SCSI_T_TMF:
1436 vc.req = &v_req.tmf;
1437 vc.req_size = sizeof(struct virtio_scsi_ctrl_tmf_req);
1438 vc.rsp_size = sizeof(struct virtio_scsi_ctrl_tmf_resp);
1439 vc.lunp = &v_req.tmf.lun[0];
1440 vc.target = &v_req.tmf.lun[1];
1442 case VIRTIO_SCSI_T_AN_QUERY:
1443 case VIRTIO_SCSI_T_AN_SUBSCRIBE:
1445 vc.req_size = sizeof(struct virtio_scsi_ctrl_an_req);
1446 vc.rsp_size = sizeof(struct virtio_scsi_ctrl_an_resp);
1447 vc.lunp = &v_req.an.lun[0];
1451 vq_err(vq, "Unknown control request %d", v_req.type);
1456 * Validate the size of request and response buffers.
1457 * Check for a sane response buffer so we can report
1458 * early errors back to the guest.
1460 ret = vhost_scsi_chk_size(vq, &vc);
1465 * Get the rest of the request now that its size is known.
1468 vc.req_size -= typ_size;
1470 ret = vhost_scsi_get_req(vq, &vc, &tpg);
1474 if (v_req.type == VIRTIO_SCSI_T_TMF)
1475 vhost_scsi_handle_tmf(vs, tpg, vq, &v_req.tmf, &vc);
1477 vhost_scsi_send_an_resp(vs, vq, &vc);
1480 * ENXIO: No more requests, or read error, wait for next kick
1481 * EINVAL: Invalid response buffer, drop the request
1482 * EIO: Respond with bad target
1483 * EAGAIN: Pending request
1487 else if (ret == -EIO)
1488 vhost_scsi_send_bad_target(vs, vq, vc.head, vc.out);
1489 } while (likely(!vhost_exceeds_weight(vq, ++c, 0)));
1491 mutex_unlock(&vq->mutex);
1494 static void vhost_scsi_ctl_handle_kick(struct vhost_work *work)
1496 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
1498 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);
1500 pr_debug("%s: The handling func for control queue.\n", __func__);
1501 vhost_scsi_ctl_handle_vq(vs, vq);
1505 vhost_scsi_send_evt(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
1506 struct vhost_scsi_tpg *tpg, struct se_lun *lun,
1507 u32 event, u32 reason)
1509 struct vhost_scsi_evt *evt;
1511 evt = vhost_scsi_allocate_evt(vs, event, reason);
1516 /* TODO: share lun setup code with virtio-scsi.ko */
1518 * Note: evt->event is zeroed when we allocate it and
1519 * lun[4-7] need to be zero according to virtio-scsi spec.
1521 evt->event.lun[0] = 0x01;
1522 evt->event.lun[1] = tpg->tport_tpgt;
1523 if (lun->unpacked_lun >= 256)
1524 evt->event.lun[2] = lun->unpacked_lun >> 8 | 0x40 ;
1525 evt->event.lun[3] = lun->unpacked_lun & 0xFF;
1528 llist_add(&evt->list, &vs->vs_event_list);
1529 if (!vhost_vq_work_queue(vq, &vs->vs_event_work))
1530 vhost_scsi_complete_events(vs, true);
1533 static void vhost_scsi_evt_handle_kick(struct vhost_work *work)
1535 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
1537 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);
1539 mutex_lock(&vq->mutex);
1540 if (!vhost_vq_get_backend(vq))
1543 if (vs->vs_events_missed)
1544 vhost_scsi_send_evt(vs, vq, NULL, NULL, VIRTIO_SCSI_T_NO_EVENT,
1547 mutex_unlock(&vq->mutex);
1550 static void vhost_scsi_handle_kick(struct vhost_work *work)
1552 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
1554 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);
1556 vhost_scsi_handle_vq(vs, vq);
1559 /* Callers must hold dev mutex */
1560 static void vhost_scsi_flush(struct vhost_scsi *vs)
1564 /* Init new inflight and remember the old inflight */
1565 vhost_scsi_init_inflight(vs, vs->old_inflight);
1568 * The inflight->kref was initialized to 1. We decrement it here to
1569 * indicate the start of the flush operation so that it will reach 0
1570 * when all the reqs are finished.
1572 for (i = 0; i < vs->dev.nvqs; i++)
1573 kref_put(&vs->old_inflight[i]->kref, vhost_scsi_done_inflight);
1575 /* Flush both the vhost poll and vhost work */
1576 vhost_dev_flush(&vs->dev);
1578 /* Wait for all reqs issued before the flush to be finished */
1579 for (i = 0; i < vs->dev.nvqs; i++)
1580 wait_for_completion(&vs->old_inflight[i]->comp);
1583 static void vhost_scsi_destroy_vq_cmds(struct vhost_virtqueue *vq)
1585 struct vhost_scsi_virtqueue *svq = container_of(vq,
1586 struct vhost_scsi_virtqueue, vq);
1587 struct vhost_scsi_cmd *tv_cmd;
1590 if (!svq->scsi_cmds)
1593 for (i = 0; i < svq->max_cmds; i++) {
1594 tv_cmd = &svq->scsi_cmds[i];
1596 kfree(tv_cmd->tvc_sgl);
1597 kfree(tv_cmd->tvc_prot_sgl);
1598 kfree(tv_cmd->tvc_upages);
1599 kfree(tv_cmd->tvc_resp_iov);
1602 sbitmap_free(&svq->scsi_tags);
1603 kfree(svq->scsi_cmds);
1604 svq->scsi_cmds = NULL;
1607 static int vhost_scsi_setup_vq_cmds(struct vhost_virtqueue *vq, int max_cmds)
1609 struct vhost_scsi_virtqueue *svq = container_of(vq,
1610 struct vhost_scsi_virtqueue, vq);
1611 struct vhost_scsi_cmd *tv_cmd;
1617 if (sbitmap_init_node(&svq->scsi_tags, max_cmds, -1, GFP_KERNEL,
1618 NUMA_NO_NODE, false, true))
1620 svq->max_cmds = max_cmds;
1622 svq->scsi_cmds = kcalloc(max_cmds, sizeof(*tv_cmd), GFP_KERNEL);
1623 if (!svq->scsi_cmds) {
1624 sbitmap_free(&svq->scsi_tags);
1628 for (i = 0; i < max_cmds; i++) {
1629 tv_cmd = &svq->scsi_cmds[i];
1631 tv_cmd->tvc_sgl = kcalloc(VHOST_SCSI_PREALLOC_SGLS,
1632 sizeof(struct scatterlist),
1634 if (!tv_cmd->tvc_sgl) {
1635 pr_err("Unable to allocate tv_cmd->tvc_sgl\n");
1639 tv_cmd->tvc_upages = kcalloc(VHOST_SCSI_PREALLOC_UPAGES,
1640 sizeof(struct page *),
1642 if (!tv_cmd->tvc_upages) {
1643 pr_err("Unable to allocate tv_cmd->tvc_upages\n");
1647 tv_cmd->tvc_resp_iov = kcalloc(UIO_MAXIOV,
1648 sizeof(struct iovec),
1650 if (!tv_cmd->tvc_resp_iov) {
1651 pr_err("Unable to allocate tv_cmd->tvc_resp_iov\n");
1655 tv_cmd->tvc_prot_sgl = kcalloc(VHOST_SCSI_PREALLOC_PROT_SGLS,
1656 sizeof(struct scatterlist),
1658 if (!tv_cmd->tvc_prot_sgl) {
1659 pr_err("Unable to allocate tv_cmd->tvc_prot_sgl\n");
1665 vhost_scsi_destroy_vq_cmds(vq);
1670 * Called from vhost_scsi_ioctl() context to walk the list of available
1671 * vhost_scsi_tpg with an active struct vhost_scsi_nexus
1673 * The lock nesting rule is:
1674 * vs->dev.mutex -> vhost_scsi_mutex -> tpg->tv_tpg_mutex -> vq->mutex
1677 vhost_scsi_set_endpoint(struct vhost_scsi *vs,
1678 struct vhost_scsi_target *t)
1680 struct se_portal_group *se_tpg;
1681 struct vhost_scsi_tport *tv_tport;
1682 struct vhost_scsi_tpg *tpg;
1683 struct vhost_scsi_tpg **vs_tpg;
1684 struct vhost_virtqueue *vq;
1685 int index, ret, i, len;
1688 mutex_lock(&vs->dev.mutex);
1690 /* Verify that ring has been setup correctly. */
1691 for (index = 0; index < vs->dev.nvqs; ++index) {
1692 /* Verify that ring has been setup correctly. */
1693 if (!vhost_vq_access_ok(&vs->vqs[index].vq)) {
1699 len = sizeof(vs_tpg[0]) * VHOST_SCSI_MAX_TARGET;
1700 vs_tpg = kzalloc(len, GFP_KERNEL);
1706 memcpy(vs_tpg, vs->vs_tpg, len);
1708 mutex_lock(&vhost_scsi_mutex);
1709 list_for_each_entry(tpg, &vhost_scsi_list, tv_tpg_list) {
1710 mutex_lock(&tpg->tv_tpg_mutex);
1711 if (!tpg->tpg_nexus) {
1712 mutex_unlock(&tpg->tv_tpg_mutex);
1715 if (tpg->tv_tpg_vhost_count != 0) {
1716 mutex_unlock(&tpg->tv_tpg_mutex);
1719 tv_tport = tpg->tport;
1721 if (!strcmp(tv_tport->tport_name, t->vhost_wwpn)) {
1722 if (vs->vs_tpg && vs->vs_tpg[tpg->tport_tpgt]) {
1723 mutex_unlock(&tpg->tv_tpg_mutex);
1724 mutex_unlock(&vhost_scsi_mutex);
1729 * In order to ensure individual vhost-scsi configfs
1730 * groups cannot be removed while in use by vhost ioctl,
1731 * go ahead and take an explicit se_tpg->tpg_group.cg_item
1734 se_tpg = &tpg->se_tpg;
1735 ret = target_depend_item(&se_tpg->tpg_group.cg_item);
1737 pr_warn("target_depend_item() failed: %d\n", ret);
1738 mutex_unlock(&tpg->tv_tpg_mutex);
1739 mutex_unlock(&vhost_scsi_mutex);
1742 tpg->tv_tpg_vhost_count++;
1743 tpg->vhost_scsi = vs;
1744 vs_tpg[tpg->tport_tpgt] = tpg;
1747 mutex_unlock(&tpg->tv_tpg_mutex);
1749 mutex_unlock(&vhost_scsi_mutex);
1752 memcpy(vs->vs_vhost_wwpn, t->vhost_wwpn,
1753 sizeof(vs->vs_vhost_wwpn));
1755 for (i = VHOST_SCSI_VQ_IO; i < vs->dev.nvqs; i++) {
1756 vq = &vs->vqs[i].vq;
1757 if (!vhost_vq_is_setup(vq))
1760 ret = vhost_scsi_setup_vq_cmds(vq, vq->num);
1762 goto destroy_vq_cmds;
1765 for (i = 0; i < vs->dev.nvqs; i++) {
1766 vq = &vs->vqs[i].vq;
1767 mutex_lock(&vq->mutex);
1768 vhost_vq_set_backend(vq, vs_tpg);
1769 vhost_vq_init_access(vq);
1770 mutex_unlock(&vq->mutex);
1778 * Act as synchronize_rcu to make sure access to
1779 * old vs->vs_tpg is finished.
1781 vhost_scsi_flush(vs);
1783 vs->vs_tpg = vs_tpg;
1787 for (i--; i >= VHOST_SCSI_VQ_IO; i--) {
1788 if (!vhost_vq_get_backend(&vs->vqs[i].vq))
1789 vhost_scsi_destroy_vq_cmds(&vs->vqs[i].vq);
1792 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
1795 mutex_lock(&tpg->tv_tpg_mutex);
1796 tpg->vhost_scsi = NULL;
1797 tpg->tv_tpg_vhost_count--;
1798 mutex_unlock(&tpg->tv_tpg_mutex);
1799 target_undepend_item(&tpg->se_tpg.tpg_group.cg_item);
1804 mutex_unlock(&vs->dev.mutex);
1809 vhost_scsi_clear_endpoint(struct vhost_scsi *vs,
1810 struct vhost_scsi_target *t)
1812 struct se_portal_group *se_tpg;
1813 struct vhost_scsi_tport *tv_tport;
1814 struct vhost_scsi_tpg *tpg;
1815 struct vhost_virtqueue *vq;
1820 mutex_lock(&vs->dev.mutex);
1821 /* Verify that ring has been setup correctly. */
1822 for (index = 0; index < vs->dev.nvqs; ++index) {
1823 if (!vhost_vq_access_ok(&vs->vqs[index].vq)) {
1834 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
1836 tpg = vs->vs_tpg[target];
1840 tv_tport = tpg->tport;
1846 if (strcmp(tv_tport->tport_name, t->vhost_wwpn)) {
1847 pr_warn("tv_tport->tport_name: %s, tpg->tport_tpgt: %hu"
1848 " does not match t->vhost_wwpn: %s, t->vhost_tpgt: %hu\n",
1849 tv_tport->tport_name, tpg->tport_tpgt,
1850 t->vhost_wwpn, t->vhost_tpgt);
1859 /* Prevent new cmds from starting and accessing the tpgs/sessions */
1860 for (i = 0; i < vs->dev.nvqs; i++) {
1861 vq = &vs->vqs[i].vq;
1862 mutex_lock(&vq->mutex);
1863 vhost_vq_set_backend(vq, NULL);
1864 mutex_unlock(&vq->mutex);
1866 /* Make sure cmds are not running before tearing them down. */
1867 vhost_scsi_flush(vs);
1869 for (i = 0; i < vs->dev.nvqs; i++) {
1870 vq = &vs->vqs[i].vq;
1871 vhost_scsi_destroy_vq_cmds(vq);
1875 * We can now release our hold on the tpg and sessions and userspace
1876 * can free them after this point.
1878 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
1880 tpg = vs->vs_tpg[target];
1884 mutex_lock(&tpg->tv_tpg_mutex);
1886 tpg->tv_tpg_vhost_count--;
1887 tpg->vhost_scsi = NULL;
1888 vs->vs_tpg[target] = NULL;
1890 mutex_unlock(&tpg->tv_tpg_mutex);
1892 se_tpg = &tpg->se_tpg;
1893 target_undepend_item(&se_tpg->tpg_group.cg_item);
1898 * Act as synchronize_rcu to make sure access to
1899 * old vs->vs_tpg is finished.
1901 vhost_scsi_flush(vs);
1904 WARN_ON(vs->vs_events_nr);
1905 mutex_unlock(&vs->dev.mutex);
1909 mutex_unlock(&vs->dev.mutex);
1913 static int vhost_scsi_set_features(struct vhost_scsi *vs, u64 features)
1915 struct vhost_virtqueue *vq;
1918 if (features & ~VHOST_SCSI_FEATURES)
1921 mutex_lock(&vs->dev.mutex);
1922 if ((features & (1 << VHOST_F_LOG_ALL)) &&
1923 !vhost_log_access_ok(&vs->dev)) {
1924 mutex_unlock(&vs->dev.mutex);
1928 for (i = 0; i < vs->dev.nvqs; i++) {
1929 vq = &vs->vqs[i].vq;
1930 mutex_lock(&vq->mutex);
1931 vq->acked_features = features;
1932 mutex_unlock(&vq->mutex);
1934 mutex_unlock(&vs->dev.mutex);
1938 static int vhost_scsi_open(struct inode *inode, struct file *f)
1940 struct vhost_scsi_virtqueue *svq;
1941 struct vhost_scsi *vs;
1942 struct vhost_virtqueue **vqs;
1943 int r = -ENOMEM, i, nvqs = vhost_scsi_max_io_vqs;
1945 vs = kvzalloc(sizeof(*vs), GFP_KERNEL);
1949 if (nvqs > VHOST_SCSI_MAX_IO_VQ) {
1950 pr_err("Invalid max_io_vqs of %d. Using %d.\n", nvqs,
1951 VHOST_SCSI_MAX_IO_VQ);
1952 nvqs = VHOST_SCSI_MAX_IO_VQ;
1953 } else if (nvqs == 0) {
1954 pr_err("Invalid max_io_vqs of %d. Using 1.\n", nvqs);
1957 nvqs += VHOST_SCSI_VQ_IO;
1959 vs->old_inflight = kmalloc_array(nvqs, sizeof(*vs->old_inflight),
1960 GFP_KERNEL | __GFP_ZERO);
1961 if (!vs->old_inflight)
1964 vs->vqs = kmalloc_array(nvqs, sizeof(*vs->vqs),
1965 GFP_KERNEL | __GFP_ZERO);
1969 vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
1973 vhost_work_init(&vs->vs_event_work, vhost_scsi_evt_work);
1975 vs->vs_events_nr = 0;
1976 vs->vs_events_missed = false;
1978 vqs[VHOST_SCSI_VQ_CTL] = &vs->vqs[VHOST_SCSI_VQ_CTL].vq;
1979 vqs[VHOST_SCSI_VQ_EVT] = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
1980 vs->vqs[VHOST_SCSI_VQ_CTL].vq.handle_kick = vhost_scsi_ctl_handle_kick;
1981 vs->vqs[VHOST_SCSI_VQ_EVT].vq.handle_kick = vhost_scsi_evt_handle_kick;
1982 for (i = VHOST_SCSI_VQ_IO; i < nvqs; i++) {
1987 init_llist_head(&svq->completion_list);
1988 vhost_work_init(&svq->completion_work,
1989 vhost_scsi_complete_cmd_work);
1990 svq->vq.handle_kick = vhost_scsi_handle_kick;
1992 vhost_dev_init(&vs->dev, vqs, nvqs, UIO_MAXIOV,
1993 VHOST_SCSI_WEIGHT, 0, true, NULL);
1995 vhost_scsi_init_inflight(vs, NULL);
1997 f->private_data = vs;
2003 kfree(vs->old_inflight);
2010 static int vhost_scsi_release(struct inode *inode, struct file *f)
2012 struct vhost_scsi *vs = f->private_data;
2013 struct vhost_scsi_target t;
2015 mutex_lock(&vs->dev.mutex);
2016 memcpy(t.vhost_wwpn, vs->vs_vhost_wwpn, sizeof(t.vhost_wwpn));
2017 mutex_unlock(&vs->dev.mutex);
2018 vhost_scsi_clear_endpoint(vs, &t);
2019 vhost_dev_stop(&vs->dev);
2020 vhost_dev_cleanup(&vs->dev);
2023 kfree(vs->old_inflight);
2029 vhost_scsi_ioctl(struct file *f,
2033 struct vhost_scsi *vs = f->private_data;
2034 struct vhost_scsi_target backend;
2035 void __user *argp = (void __user *)arg;
2036 u64 __user *featurep = argp;
2037 u32 __user *eventsp = argp;
2040 int r, abi_version = VHOST_SCSI_ABI_VERSION;
2041 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
2044 case VHOST_SCSI_SET_ENDPOINT:
2045 if (copy_from_user(&backend, argp, sizeof backend))
2047 if (backend.reserved != 0)
2050 return vhost_scsi_set_endpoint(vs, &backend);
2051 case VHOST_SCSI_CLEAR_ENDPOINT:
2052 if (copy_from_user(&backend, argp, sizeof backend))
2054 if (backend.reserved != 0)
2057 return vhost_scsi_clear_endpoint(vs, &backend);
2058 case VHOST_SCSI_GET_ABI_VERSION:
2059 if (copy_to_user(argp, &abi_version, sizeof abi_version))
2062 case VHOST_SCSI_SET_EVENTS_MISSED:
2063 if (get_user(events_missed, eventsp))
2065 mutex_lock(&vq->mutex);
2066 vs->vs_events_missed = events_missed;
2067 mutex_unlock(&vq->mutex);
2069 case VHOST_SCSI_GET_EVENTS_MISSED:
2070 mutex_lock(&vq->mutex);
2071 events_missed = vs->vs_events_missed;
2072 mutex_unlock(&vq->mutex);
2073 if (put_user(events_missed, eventsp))
2076 case VHOST_GET_FEATURES:
2077 features = VHOST_SCSI_FEATURES;
2078 if (copy_to_user(featurep, &features, sizeof features))
2081 case VHOST_SET_FEATURES:
2082 if (copy_from_user(&features, featurep, sizeof features))
2084 return vhost_scsi_set_features(vs, features);
2085 case VHOST_NEW_WORKER:
2086 case VHOST_FREE_WORKER:
2087 case VHOST_ATTACH_VRING_WORKER:
2088 case VHOST_GET_VRING_WORKER:
2089 mutex_lock(&vs->dev.mutex);
2090 r = vhost_worker_ioctl(&vs->dev, ioctl, argp);
2091 mutex_unlock(&vs->dev.mutex);
2094 mutex_lock(&vs->dev.mutex);
2095 r = vhost_dev_ioctl(&vs->dev, ioctl, argp);
2096 /* TODO: flush backend after dev ioctl. */
2097 if (r == -ENOIOCTLCMD)
2098 r = vhost_vring_ioctl(&vs->dev, ioctl, argp);
2099 mutex_unlock(&vs->dev.mutex);
2104 static const struct file_operations vhost_scsi_fops = {
2105 .owner = THIS_MODULE,
2106 .release = vhost_scsi_release,
2107 .unlocked_ioctl = vhost_scsi_ioctl,
2108 .compat_ioctl = compat_ptr_ioctl,
2109 .open = vhost_scsi_open,
2110 .llseek = noop_llseek,
2113 static struct miscdevice vhost_scsi_misc = {
2119 static int __init vhost_scsi_register(void)
2121 return misc_register(&vhost_scsi_misc);
2124 static void vhost_scsi_deregister(void)
2126 misc_deregister(&vhost_scsi_misc);
2129 static char *vhost_scsi_dump_proto_id(struct vhost_scsi_tport *tport)
2131 switch (tport->tport_proto_id) {
2132 case SCSI_PROTOCOL_SAS:
2134 case SCSI_PROTOCOL_FCP:
2136 case SCSI_PROTOCOL_ISCSI:
2146 vhost_scsi_do_plug(struct vhost_scsi_tpg *tpg,
2147 struct se_lun *lun, bool plug)
2150 struct vhost_scsi *vs = tpg->vhost_scsi;
2151 struct vhost_virtqueue *vq;
2158 reason = VIRTIO_SCSI_EVT_RESET_RESCAN;
2160 reason = VIRTIO_SCSI_EVT_RESET_REMOVED;
2162 vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
2163 mutex_lock(&vq->mutex);
2165 * We can't queue events if the backend has been cleared, because
2166 * we could end up queueing an event after the flush.
2168 if (!vhost_vq_get_backend(vq))
2171 if (vhost_has_feature(vq, VIRTIO_SCSI_F_HOTPLUG))
2172 vhost_scsi_send_evt(vs, vq, tpg, lun,
2173 VIRTIO_SCSI_T_TRANSPORT_RESET, reason);
2175 mutex_unlock(&vq->mutex);
2178 static void vhost_scsi_hotplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun)
2180 vhost_scsi_do_plug(tpg, lun, true);
2183 static void vhost_scsi_hotunplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun)
2185 vhost_scsi_do_plug(tpg, lun, false);
2188 static int vhost_scsi_port_link(struct se_portal_group *se_tpg,
2191 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2192 struct vhost_scsi_tpg, se_tpg);
2194 mutex_lock(&tpg->tv_tpg_mutex);
2195 tpg->tv_tpg_port_count++;
2196 vhost_scsi_hotplug(tpg, lun);
2197 mutex_unlock(&tpg->tv_tpg_mutex);
2202 static void vhost_scsi_port_unlink(struct se_portal_group *se_tpg,
2205 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2206 struct vhost_scsi_tpg, se_tpg);
2208 mutex_lock(&tpg->tv_tpg_mutex);
2209 tpg->tv_tpg_port_count--;
2210 vhost_scsi_hotunplug(tpg, lun);
2211 mutex_unlock(&tpg->tv_tpg_mutex);
2214 static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_store(
2215 struct config_item *item, const char *page, size_t count)
2217 struct se_portal_group *se_tpg = attrib_to_tpg(item);
2218 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2219 struct vhost_scsi_tpg, se_tpg);
2221 int ret = kstrtoul(page, 0, &val);
2224 pr_err("kstrtoul() returned %d for fabric_prot_type\n", ret);
2227 if (val != 0 && val != 1 && val != 3) {
2228 pr_err("Invalid vhost_scsi fabric_prot_type: %lu\n", val);
2231 tpg->tv_fabric_prot_type = val;
2236 static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_show(
2237 struct config_item *item, char *page)
2239 struct se_portal_group *se_tpg = attrib_to_tpg(item);
2240 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2241 struct vhost_scsi_tpg, se_tpg);
2243 return sysfs_emit(page, "%d\n", tpg->tv_fabric_prot_type);
2246 CONFIGFS_ATTR(vhost_scsi_tpg_attrib_, fabric_prot_type);
2248 static struct configfs_attribute *vhost_scsi_tpg_attrib_attrs[] = {
2249 &vhost_scsi_tpg_attrib_attr_fabric_prot_type,
2253 static int vhost_scsi_make_nexus(struct vhost_scsi_tpg *tpg,
2256 struct vhost_scsi_nexus *tv_nexus;
2258 mutex_lock(&tpg->tv_tpg_mutex);
2259 if (tpg->tpg_nexus) {
2260 mutex_unlock(&tpg->tv_tpg_mutex);
2261 pr_debug("tpg->tpg_nexus already exists\n");
2265 tv_nexus = kzalloc(sizeof(*tv_nexus), GFP_KERNEL);
2267 mutex_unlock(&tpg->tv_tpg_mutex);
2268 pr_err("Unable to allocate struct vhost_scsi_nexus\n");
2272 * Since we are running in 'demo mode' this call with generate a
2273 * struct se_node_acl for the vhost_scsi struct se_portal_group with
2274 * the SCSI Initiator port name of the passed configfs group 'name'.
2276 tv_nexus->tvn_se_sess = target_setup_session(&tpg->se_tpg, 0, 0,
2277 TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS,
2278 (unsigned char *)name, tv_nexus, NULL);
2279 if (IS_ERR(tv_nexus->tvn_se_sess)) {
2280 mutex_unlock(&tpg->tv_tpg_mutex);
2284 tpg->tpg_nexus = tv_nexus;
2286 mutex_unlock(&tpg->tv_tpg_mutex);
2290 static int vhost_scsi_drop_nexus(struct vhost_scsi_tpg *tpg)
2292 struct se_session *se_sess;
2293 struct vhost_scsi_nexus *tv_nexus;
2295 mutex_lock(&tpg->tv_tpg_mutex);
2296 tv_nexus = tpg->tpg_nexus;
2298 mutex_unlock(&tpg->tv_tpg_mutex);
2302 se_sess = tv_nexus->tvn_se_sess;
2304 mutex_unlock(&tpg->tv_tpg_mutex);
2308 if (tpg->tv_tpg_port_count != 0) {
2309 mutex_unlock(&tpg->tv_tpg_mutex);
2310 pr_err("Unable to remove TCM_vhost I_T Nexus with"
2311 " active TPG port count: %d\n",
2312 tpg->tv_tpg_port_count);
2316 if (tpg->tv_tpg_vhost_count != 0) {
2317 mutex_unlock(&tpg->tv_tpg_mutex);
2318 pr_err("Unable to remove TCM_vhost I_T Nexus with"
2319 " active TPG vhost count: %d\n",
2320 tpg->tv_tpg_vhost_count);
2324 pr_debug("TCM_vhost_ConfigFS: Removing I_T Nexus to emulated"
2325 " %s Initiator Port: %s\n", vhost_scsi_dump_proto_id(tpg->tport),
2326 tv_nexus->tvn_se_sess->se_node_acl->initiatorname);
2329 * Release the SCSI I_T Nexus to the emulated vhost Target Port
2331 target_remove_session(se_sess);
2332 tpg->tpg_nexus = NULL;
2333 mutex_unlock(&tpg->tv_tpg_mutex);
2339 static ssize_t vhost_scsi_tpg_nexus_show(struct config_item *item, char *page)
2341 struct se_portal_group *se_tpg = to_tpg(item);
2342 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2343 struct vhost_scsi_tpg, se_tpg);
2344 struct vhost_scsi_nexus *tv_nexus;
2347 mutex_lock(&tpg->tv_tpg_mutex);
2348 tv_nexus = tpg->tpg_nexus;
2350 mutex_unlock(&tpg->tv_tpg_mutex);
2353 ret = sysfs_emit(page, "%s\n",
2354 tv_nexus->tvn_se_sess->se_node_acl->initiatorname);
2355 mutex_unlock(&tpg->tv_tpg_mutex);
2360 static ssize_t vhost_scsi_tpg_nexus_store(struct config_item *item,
2361 const char *page, size_t count)
2363 struct se_portal_group *se_tpg = to_tpg(item);
2364 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2365 struct vhost_scsi_tpg, se_tpg);
2366 struct vhost_scsi_tport *tport_wwn = tpg->tport;
2367 unsigned char i_port[VHOST_SCSI_NAMELEN], *ptr, *port_ptr;
2370 * Shutdown the active I_T nexus if 'NULL' is passed..
2372 if (!strncmp(page, "NULL", 4)) {
2373 ret = vhost_scsi_drop_nexus(tpg);
2374 return (!ret) ? count : ret;
2377 * Otherwise make sure the passed virtual Initiator port WWN matches
2378 * the fabric protocol_id set in vhost_scsi_make_tport(), and call
2379 * vhost_scsi_make_nexus().
2381 if (strlen(page) >= VHOST_SCSI_NAMELEN) {
2382 pr_err("Emulated NAA Sas Address: %s, exceeds"
2383 " max: %d\n", page, VHOST_SCSI_NAMELEN);
2386 snprintf(&i_port[0], VHOST_SCSI_NAMELEN, "%s", page);
2388 ptr = strstr(i_port, "naa.");
2390 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_SAS) {
2391 pr_err("Passed SAS Initiator Port %s does not"
2392 " match target port protoid: %s\n", i_port,
2393 vhost_scsi_dump_proto_id(tport_wwn));
2396 port_ptr = &i_port[0];
2399 ptr = strstr(i_port, "fc.");
2401 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_FCP) {
2402 pr_err("Passed FCP Initiator Port %s does not"
2403 " match target port protoid: %s\n", i_port,
2404 vhost_scsi_dump_proto_id(tport_wwn));
2407 port_ptr = &i_port[3]; /* Skip over "fc." */
2410 ptr = strstr(i_port, "iqn.");
2412 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_ISCSI) {
2413 pr_err("Passed iSCSI Initiator Port %s does not"
2414 " match target port protoid: %s\n", i_port,
2415 vhost_scsi_dump_proto_id(tport_wwn));
2418 port_ptr = &i_port[0];
2421 pr_err("Unable to locate prefix for emulated Initiator Port:"
2425 * Clear any trailing newline for the NAA WWN
2428 if (i_port[strlen(i_port)-1] == '\n')
2429 i_port[strlen(i_port)-1] = '\0';
2431 ret = vhost_scsi_make_nexus(tpg, port_ptr);
2438 CONFIGFS_ATTR(vhost_scsi_tpg_, nexus);
2440 static struct configfs_attribute *vhost_scsi_tpg_attrs[] = {
2441 &vhost_scsi_tpg_attr_nexus,
2445 static struct se_portal_group *
2446 vhost_scsi_make_tpg(struct se_wwn *wwn, const char *name)
2448 struct vhost_scsi_tport *tport = container_of(wwn,
2449 struct vhost_scsi_tport, tport_wwn);
2451 struct vhost_scsi_tpg *tpg;
2455 if (strstr(name, "tpgt_") != name)
2456 return ERR_PTR(-EINVAL);
2457 if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET)
2458 return ERR_PTR(-EINVAL);
2460 tpg = kzalloc(sizeof(*tpg), GFP_KERNEL);
2462 pr_err("Unable to allocate struct vhost_scsi_tpg");
2463 return ERR_PTR(-ENOMEM);
2465 mutex_init(&tpg->tv_tpg_mutex);
2466 INIT_LIST_HEAD(&tpg->tv_tpg_list);
2468 tpg->tport_tpgt = tpgt;
2470 ret = core_tpg_register(wwn, &tpg->se_tpg, tport->tport_proto_id);
2475 mutex_lock(&vhost_scsi_mutex);
2476 list_add_tail(&tpg->tv_tpg_list, &vhost_scsi_list);
2477 mutex_unlock(&vhost_scsi_mutex);
2479 return &tpg->se_tpg;
2482 static void vhost_scsi_drop_tpg(struct se_portal_group *se_tpg)
2484 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2485 struct vhost_scsi_tpg, se_tpg);
2487 mutex_lock(&vhost_scsi_mutex);
2488 list_del(&tpg->tv_tpg_list);
2489 mutex_unlock(&vhost_scsi_mutex);
2491 * Release the virtual I_T Nexus for this vhost TPG
2493 vhost_scsi_drop_nexus(tpg);
2495 * Deregister the se_tpg from TCM..
2497 core_tpg_deregister(se_tpg);
2501 static struct se_wwn *
2502 vhost_scsi_make_tport(struct target_fabric_configfs *tf,
2503 struct config_group *group,
2506 struct vhost_scsi_tport *tport;
2511 /* if (vhost_scsi_parse_wwn(name, &wwpn, 1) < 0)
2512 return ERR_PTR(-EINVAL); */
2514 tport = kzalloc(sizeof(*tport), GFP_KERNEL);
2516 pr_err("Unable to allocate struct vhost_scsi_tport");
2517 return ERR_PTR(-ENOMEM);
2519 tport->tport_wwpn = wwpn;
2521 * Determine the emulated Protocol Identifier and Target Port Name
2522 * based on the incoming configfs directory name.
2524 ptr = strstr(name, "naa.");
2526 tport->tport_proto_id = SCSI_PROTOCOL_SAS;
2529 ptr = strstr(name, "fc.");
2531 tport->tport_proto_id = SCSI_PROTOCOL_FCP;
2532 off = 3; /* Skip over "fc." */
2535 ptr = strstr(name, "iqn.");
2537 tport->tport_proto_id = SCSI_PROTOCOL_ISCSI;
2541 pr_err("Unable to locate prefix for emulated Target Port:"
2544 return ERR_PTR(-EINVAL);
2547 if (strlen(name) >= VHOST_SCSI_NAMELEN) {
2548 pr_err("Emulated %s Address: %s, exceeds"
2549 " max: %d\n", name, vhost_scsi_dump_proto_id(tport),
2550 VHOST_SCSI_NAMELEN);
2552 return ERR_PTR(-EINVAL);
2554 snprintf(&tport->tport_name[0], VHOST_SCSI_NAMELEN, "%s", &name[off]);
2556 pr_debug("TCM_VHost_ConfigFS: Allocated emulated Target"
2557 " %s Address: %s\n", vhost_scsi_dump_proto_id(tport), name);
2559 return &tport->tport_wwn;
2562 static void vhost_scsi_drop_tport(struct se_wwn *wwn)
2564 struct vhost_scsi_tport *tport = container_of(wwn,
2565 struct vhost_scsi_tport, tport_wwn);
2567 pr_debug("TCM_VHost_ConfigFS: Deallocating emulated Target"
2568 " %s Address: %s\n", vhost_scsi_dump_proto_id(tport),
2575 vhost_scsi_wwn_version_show(struct config_item *item, char *page)
2577 return sysfs_emit(page, "TCM_VHOST fabric module %s on %s/%s"
2578 "on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname,
2579 utsname()->machine);
2582 CONFIGFS_ATTR_RO(vhost_scsi_wwn_, version);
2584 static struct configfs_attribute *vhost_scsi_wwn_attrs[] = {
2585 &vhost_scsi_wwn_attr_version,
2589 static const struct target_core_fabric_ops vhost_scsi_ops = {
2590 .module = THIS_MODULE,
2591 .fabric_name = "vhost",
2592 .max_data_sg_nents = VHOST_SCSI_PREALLOC_SGLS,
2593 .tpg_get_wwn = vhost_scsi_get_fabric_wwn,
2594 .tpg_get_tag = vhost_scsi_get_tpgt,
2595 .tpg_check_demo_mode = vhost_scsi_check_true,
2596 .tpg_check_demo_mode_cache = vhost_scsi_check_true,
2597 .tpg_check_prot_fabric_only = vhost_scsi_check_prot_fabric_only,
2598 .release_cmd = vhost_scsi_release_cmd,
2599 .check_stop_free = vhost_scsi_check_stop_free,
2600 .sess_get_initiator_sid = NULL,
2601 .write_pending = vhost_scsi_write_pending,
2602 .queue_data_in = vhost_scsi_queue_data_in,
2603 .queue_status = vhost_scsi_queue_status,
2604 .queue_tm_rsp = vhost_scsi_queue_tm_rsp,
2605 .aborted_task = vhost_scsi_aborted_task,
2607 * Setup callers for generic logic in target_core_fabric_configfs.c
2609 .fabric_make_wwn = vhost_scsi_make_tport,
2610 .fabric_drop_wwn = vhost_scsi_drop_tport,
2611 .fabric_make_tpg = vhost_scsi_make_tpg,
2612 .fabric_drop_tpg = vhost_scsi_drop_tpg,
2613 .fabric_post_link = vhost_scsi_port_link,
2614 .fabric_pre_unlink = vhost_scsi_port_unlink,
2616 .tfc_wwn_attrs = vhost_scsi_wwn_attrs,
2617 .tfc_tpg_base_attrs = vhost_scsi_tpg_attrs,
2618 .tfc_tpg_attrib_attrs = vhost_scsi_tpg_attrib_attrs,
2620 .default_submit_type = TARGET_QUEUE_SUBMIT,
2621 .direct_submit_supp = 1,
2624 static int __init vhost_scsi_init(void)
2628 pr_debug("TCM_VHOST fabric module %s on %s/%s"
2629 " on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname,
2630 utsname()->machine);
2632 ret = vhost_scsi_register();
2636 ret = target_register_template(&vhost_scsi_ops);
2638 goto out_vhost_scsi_deregister;
2642 out_vhost_scsi_deregister:
2643 vhost_scsi_deregister();
2648 static void vhost_scsi_exit(void)
2650 target_unregister_template(&vhost_scsi_ops);
2651 vhost_scsi_deregister();
2654 MODULE_DESCRIPTION("VHOST_SCSI series fabric driver");
2655 MODULE_ALIAS("tcm_vhost");
2656 MODULE_LICENSE("GPL");
2657 module_init(vhost_scsi_init);
2658 module_exit(vhost_scsi_exit);
projects / linux-2.6-block.git / blob