1 // SPDX-License-Identifier: GPL-2.0+
2 /*******************************************************************************
3 * Vhost kernel TCM fabric driver for virtio SCSI initiators
5 * (C) Copyright 2010-2013 Datera, Inc.
6 * (C) Copyright 2010-2012 IBM Corp.
8 * Authors: Nicholas A. Bellinger <nab@daterainc.com>
9 * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
10 ****************************************************************************/
12 #include <linux/module.h>
13 #include <linux/moduleparam.h>
14 #include <generated/utsrelease.h>
15 #include <linux/utsname.h>
16 #include <linux/init.h>
17 #include <linux/slab.h>
18 #include <linux/kthread.h>
19 #include <linux/types.h>
20 #include <linux/string.h>
21 #include <linux/configfs.h>
22 #include <linux/ctype.h>
23 #include <linux/compat.h>
24 #include <linux/eventfd.h>
26 #include <linux/vmalloc.h>
27 #include <linux/miscdevice.h>
28 #include <linux/blk_types.h>
29 #include <linux/bio.h>
30 #include <linux/unaligned.h>
31 #include <scsi/scsi_common.h>
32 #include <scsi/scsi_proto.h>
33 #include <target/target_core_base.h>
34 #include <target/target_core_fabric.h>
35 #include <linux/vhost.h>
36 #include <linux/virtio_scsi.h>
37 #include <linux/llist.h>
38 #include <linux/bitmap.h>
42 #define VHOST_SCSI_VERSION "v0.1"
43 #define VHOST_SCSI_NAMELEN 256
44 #define VHOST_SCSI_MAX_CDB_SIZE 32
45 #define VHOST_SCSI_PREALLOC_SGLS 2048
46 #define VHOST_SCSI_PREALLOC_UPAGES 2048
47 #define VHOST_SCSI_PREALLOC_PROT_SGLS 2048
49 * For the legacy descriptor case we allocate an iov per byte in the
50 * virtio_scsi_cmd_resp struct.
52 #define VHOST_SCSI_MAX_RESP_IOVS sizeof(struct virtio_scsi_cmd_resp)
54 static unsigned int vhost_scsi_inline_sg_cnt = VHOST_SCSI_PREALLOC_SGLS;
56 #ifdef CONFIG_ARCH_NO_SG_CHAIN
57 static int vhost_scsi_set_inline_sg_cnt(const char *buf,
58 const struct kernel_param *kp)
60 pr_err("Setting inline_sg_cnt is not supported.\n");
64 static int vhost_scsi_set_inline_sg_cnt(const char *buf,
65 const struct kernel_param *kp)
70 ret = kstrtouint(buf, 10, &cnt);
74 if (ret > VHOST_SCSI_PREALLOC_SGLS) {
75 pr_err("Max inline_sg_cnt is %u\n", VHOST_SCSI_PREALLOC_SGLS);
79 vhost_scsi_inline_sg_cnt = cnt;
84 static int vhost_scsi_get_inline_sg_cnt(char *buf,
85 const struct kernel_param *kp)
87 return sprintf(buf, "%u\n", vhost_scsi_inline_sg_cnt);
90 static const struct kernel_param_ops vhost_scsi_inline_sg_cnt_op = {
91 .get = vhost_scsi_get_inline_sg_cnt,
92 .set = vhost_scsi_set_inline_sg_cnt,
95 module_param_cb(inline_sg_cnt, &vhost_scsi_inline_sg_cnt_op, NULL, 0644);
96 MODULE_PARM_DESC(inline_sg_cnt, "Set the number of scatterlist entries to pre-allocate. The default is 2048.");
98 /* Max number of requests before requeueing the job.
99 * Using this limit prevents one virtqueue from starving others with
102 #define VHOST_SCSI_WEIGHT 256
104 struct vhost_scsi_inflight {
105 /* Wait for the flush operation to finish */
106 struct completion comp;
107 /* Refcount for the inflight reqs */
111 struct vhost_scsi_cmd {
112 /* Descriptor from vhost_get_vq_desc() for virt_queue segment */
114 /* The number of scatterlists associated with this cmd */
116 u32 tvc_prot_sgl_count;
118 const void *read_iov;
119 struct iov_iter *read_iter;
120 struct scatterlist *sgl;
121 struct sg_table table;
122 struct scatterlist *prot_sgl;
123 struct sg_table prot_table;
124 /* Fast path response header iovec used when only one vec is needed */
125 struct iovec tvc_resp_iov;
126 /* Number of iovs for response */
127 unsigned int tvc_resp_iovs_cnt;
128 /* Pointer to response header iovecs if more than one is needed */
129 struct iovec *tvc_resp_iovs;
130 /* Pointer to vhost_virtqueue for the cmd */
131 struct vhost_virtqueue *tvc_vq;
132 /* The TCM I/O descriptor that is accessed via container_of() */
133 struct se_cmd tvc_se_cmd;
134 /* Sense buffer that will be mapped into outgoing status */
135 unsigned char tvc_sense_buf[TRANSPORT_SENSE_BUFFER];
137 * Dirty write descriptors of this command.
139 struct vhost_log *tvc_log;
140 unsigned int tvc_log_num;
141 /* Completed commands list, serviced from vhost worker thread */
142 struct llist_node tvc_completion_list;
143 /* Used to track inflight cmd */
144 struct vhost_scsi_inflight *inflight;
147 struct vhost_scsi_nexus {
148 /* Pointer to TCM session for I_T Nexus */
149 struct se_session *tvn_se_sess;
152 struct vhost_scsi_tpg {
153 /* Vhost port target portal group tag for TCM */
155 /* Used to track number of TPG Port/Lun Links wrt to explict I_T Nexus shutdown */
156 int tv_tpg_port_count;
157 /* Used for vhost_scsi device reference to tpg_nexus, protected by tv_tpg_mutex */
158 int tv_tpg_vhost_count;
159 /* Used for enabling T10-PI with legacy devices */
160 int tv_fabric_prot_type;
161 /* list for vhost_scsi_list */
162 struct list_head tv_tpg_list;
163 /* Used to protect access for tpg_nexus */
164 struct mutex tv_tpg_mutex;
165 /* Pointer to the TCM VHost I_T Nexus for this TPG endpoint */
166 struct vhost_scsi_nexus *tpg_nexus;
167 /* Pointer back to vhost_scsi_tport */
168 struct vhost_scsi_tport *tport;
169 /* Returned by vhost_scsi_make_tpg() */
170 struct se_portal_group se_tpg;
171 /* Pointer back to vhost_scsi, protected by tv_tpg_mutex */
172 struct vhost_scsi *vhost_scsi;
175 struct vhost_scsi_tport {
176 /* SCSI protocol the tport is providing */
178 /* Binary World Wide unique Port Name for Vhost Target port */
180 /* ASCII formatted WWPN for Vhost Target port */
181 char tport_name[VHOST_SCSI_NAMELEN];
182 /* Returned by vhost_scsi_make_tport() */
183 struct se_wwn tport_wwn;
186 struct vhost_scsi_evt {
187 /* event to be sent to guest */
188 struct virtio_scsi_event event;
189 /* event list, serviced from vhost worker thread */
190 struct llist_node list;
194 VHOST_SCSI_VQ_CTL = 0,
195 VHOST_SCSI_VQ_EVT = 1,
196 VHOST_SCSI_VQ_IO = 2,
199 /* Note: can't set VIRTIO_F_VERSION_1 yet, since that implies ANY_LAYOUT. */
201 VHOST_SCSI_FEATURES = VHOST_FEATURES | (1ULL << VIRTIO_SCSI_F_HOTPLUG) |
202 (1ULL << VIRTIO_SCSI_F_T10_PI)
205 #define VHOST_SCSI_MAX_TARGET 256
206 #define VHOST_SCSI_MAX_IO_VQ 1024
207 #define VHOST_SCSI_MAX_EVENT 128
209 static unsigned vhost_scsi_max_io_vqs = 128;
210 module_param_named(max_io_vqs, vhost_scsi_max_io_vqs, uint, 0644);
211 MODULE_PARM_DESC(max_io_vqs, "Set the max number of IO virtqueues a vhost scsi device can support. The default is 128. The max is 1024.");
213 struct vhost_scsi_virtqueue {
214 struct vhost_virtqueue vq;
215 struct vhost_scsi *vs;
217 * Reference counting for inflight reqs, used for flush operation. At
218 * each time, one reference tracks new commands submitted, while we
219 * wait for another one to reach 0.
221 struct vhost_scsi_inflight inflights[2];
223 * Indicate current inflight in use, protected by vq->mutex.
224 * Writers must also take dev mutex and flush under it.
227 struct vhost_scsi_cmd *scsi_cmds;
228 struct sbitmap scsi_tags;
230 struct page **upages;
232 struct vhost_work completion_work;
233 struct llist_head completion_list;
237 /* Protected by vhost_scsi->dev.mutex */
238 struct vhost_scsi_tpg **vs_tpg;
239 char vs_vhost_wwpn[TRANSPORT_IQN_LEN];
241 struct vhost_dev dev;
242 struct vhost_scsi_virtqueue *vqs;
243 struct vhost_scsi_inflight **old_inflight;
245 struct vhost_work vs_event_work; /* evt injection work item */
246 struct llist_head vs_event_list; /* evt injection queue */
248 bool vs_events_missed; /* any missed events, protected by vq->mutex */
249 int vs_events_nr; /* num of pending events, protected by vq->mutex */
251 unsigned int inline_sg_cnt;
254 struct vhost_scsi_tmf {
255 struct vhost_work vwork;
256 struct work_struct flush_work;
257 struct vhost_scsi *vhost;
258 struct vhost_scsi_virtqueue *svq;
260 struct se_cmd se_cmd;
262 struct vhost_scsi_inflight *inflight;
263 struct iovec resp_iov;
268 * Dirty write descriptors of this command.
270 struct vhost_log *tmf_log;
271 unsigned int tmf_log_num;
275 * Context for processing request and control queue operations.
277 struct vhost_scsi_ctx {
279 unsigned int out, in;
280 size_t req_size, rsp_size;
281 size_t out_size, in_size;
284 struct iov_iter out_iter;
288 * Global mutex to protect vhost_scsi TPG list for vhost IOCTLs and LIO
289 * configfs management operations.
291 static DEFINE_MUTEX(vhost_scsi_mutex);
292 static LIST_HEAD(vhost_scsi_list);
294 static void vhost_scsi_done_inflight(struct kref *kref)
296 struct vhost_scsi_inflight *inflight;
298 inflight = container_of(kref, struct vhost_scsi_inflight, kref);
299 complete(&inflight->comp);
302 static void vhost_scsi_init_inflight(struct vhost_scsi *vs,
303 struct vhost_scsi_inflight *old_inflight[])
305 struct vhost_scsi_inflight *new_inflight;
306 struct vhost_virtqueue *vq;
309 for (i = 0; i < vs->dev.nvqs; i++) {
312 mutex_lock(&vq->mutex);
314 /* store old infight */
315 idx = vs->vqs[i].inflight_idx;
317 old_inflight[i] = &vs->vqs[i].inflights[idx];
319 /* setup new infight */
320 vs->vqs[i].inflight_idx = idx ^ 1;
321 new_inflight = &vs->vqs[i].inflights[idx ^ 1];
322 kref_init(&new_inflight->kref);
323 init_completion(&new_inflight->comp);
325 mutex_unlock(&vq->mutex);
329 static struct vhost_scsi_inflight *
330 vhost_scsi_get_inflight(struct vhost_virtqueue *vq)
332 struct vhost_scsi_inflight *inflight;
333 struct vhost_scsi_virtqueue *svq;
335 svq = container_of(vq, struct vhost_scsi_virtqueue, vq);
336 inflight = &svq->inflights[svq->inflight_idx];
337 kref_get(&inflight->kref);
342 static void vhost_scsi_put_inflight(struct vhost_scsi_inflight *inflight)
344 kref_put(&inflight->kref, vhost_scsi_done_inflight);
347 static int vhost_scsi_check_true(struct se_portal_group *se_tpg)
352 static char *vhost_scsi_get_fabric_wwn(struct se_portal_group *se_tpg)
354 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
355 struct vhost_scsi_tpg, se_tpg);
356 struct vhost_scsi_tport *tport = tpg->tport;
358 return &tport->tport_name[0];
361 static u16 vhost_scsi_get_tpgt(struct se_portal_group *se_tpg)
363 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
364 struct vhost_scsi_tpg, se_tpg);
365 return tpg->tport_tpgt;
368 static int vhost_scsi_check_prot_fabric_only(struct se_portal_group *se_tpg)
370 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
371 struct vhost_scsi_tpg, se_tpg);
373 return tpg->tv_fabric_prot_type;
376 static int vhost_scsi_copy_cmd_log(struct vhost_virtqueue *vq,
377 struct vhost_scsi_cmd *cmd,
378 struct vhost_log *log,
379 unsigned int log_num)
382 cmd->tvc_log = kmalloc_array(vq->dev->iov_limit,
383 sizeof(*cmd->tvc_log),
386 if (unlikely(!cmd->tvc_log)) {
387 vq_err(vq, "Failed to alloc tvc_log\n");
391 memcpy(cmd->tvc_log, log, sizeof(*cmd->tvc_log) * log_num);
392 cmd->tvc_log_num = log_num;
397 static void vhost_scsi_log_write(struct vhost_virtqueue *vq,
398 struct vhost_log *log,
399 unsigned int log_num)
401 if (likely(!vhost_has_feature(vq, VHOST_F_LOG_ALL)))
404 if (likely(!log_num || !log))
408 * vhost-scsi doesn't support VIRTIO_F_ACCESS_PLATFORM.
409 * No requirement for vq->iotlb case.
411 WARN_ON_ONCE(unlikely(vq->iotlb));
412 vhost_log_write(vq, log, log_num, U64_MAX, NULL, 0);
415 static void vhost_scsi_release_cmd_res(struct se_cmd *se_cmd)
417 struct vhost_scsi_cmd *tv_cmd = container_of(se_cmd,
418 struct vhost_scsi_cmd, tvc_se_cmd);
419 struct vhost_scsi_virtqueue *svq = container_of(tv_cmd->tvc_vq,
420 struct vhost_scsi_virtqueue, vq);
421 struct vhost_scsi *vs = svq->vs;
422 struct vhost_scsi_inflight *inflight = tv_cmd->inflight;
423 struct scatterlist *sg;
427 if (tv_cmd->tvc_sgl_count) {
428 for_each_sgtable_sg(&tv_cmd->table, sg, i) {
433 if (tv_cmd->copied_iov)
438 kfree(tv_cmd->read_iter);
439 kfree(tv_cmd->read_iov);
440 sg_free_table_chained(&tv_cmd->table, vs->inline_sg_cnt);
442 if (tv_cmd->tvc_prot_sgl_count) {
443 for_each_sgtable_sg(&tv_cmd->prot_table, sg, i) {
448 sg_free_table_chained(&tv_cmd->prot_table, vs->inline_sg_cnt);
451 if (tv_cmd->tvc_resp_iovs != &tv_cmd->tvc_resp_iov)
452 kfree(tv_cmd->tvc_resp_iovs);
453 sbitmap_clear_bit(&svq->scsi_tags, se_cmd->map_tag);
454 vhost_scsi_put_inflight(inflight);
457 static void vhost_scsi_release_tmf_res(struct vhost_scsi_tmf *tmf)
459 struct vhost_scsi_inflight *inflight = tmf->inflight;
462 * tmf->tmf_log is default NULL unless VHOST_F_LOG_ALL is set.
466 vhost_scsi_put_inflight(inflight);
469 static void vhost_scsi_drop_cmds(struct vhost_scsi_virtqueue *svq)
471 struct vhost_scsi_cmd *cmd, *t;
472 struct llist_node *llnode;
474 llnode = llist_del_all(&svq->completion_list);
475 llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list)
476 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd);
479 static void vhost_scsi_release_cmd(struct se_cmd *se_cmd)
481 if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) {
482 struct vhost_scsi_tmf *tmf = container_of(se_cmd,
483 struct vhost_scsi_tmf, se_cmd);
485 schedule_work(&tmf->flush_work);
487 struct vhost_scsi_cmd *cmd = container_of(se_cmd,
488 struct vhost_scsi_cmd, tvc_se_cmd);
489 struct vhost_scsi_virtqueue *svq = container_of(cmd->tvc_vq,
490 struct vhost_scsi_virtqueue, vq);
492 llist_add(&cmd->tvc_completion_list, &svq->completion_list);
493 if (!vhost_vq_work_queue(&svq->vq, &svq->completion_work))
494 vhost_scsi_drop_cmds(svq);
498 static int vhost_scsi_write_pending(struct se_cmd *se_cmd)
500 /* Go ahead and process the write immediately */
501 target_execute_cmd(se_cmd);
505 static int vhost_scsi_queue_data_in(struct se_cmd *se_cmd)
507 transport_generic_free_cmd(se_cmd, 0);
511 static int vhost_scsi_queue_status(struct se_cmd *se_cmd)
513 transport_generic_free_cmd(se_cmd, 0);
517 static void vhost_scsi_queue_tm_rsp(struct se_cmd *se_cmd)
519 struct vhost_scsi_tmf *tmf = container_of(se_cmd, struct vhost_scsi_tmf,
522 tmf->scsi_resp = se_cmd->se_tmr_req->response;
523 transport_generic_free_cmd(&tmf->se_cmd, 0);
526 static void vhost_scsi_aborted_task(struct se_cmd *se_cmd)
531 static void vhost_scsi_free_evt(struct vhost_scsi *vs, struct vhost_scsi_evt *evt)
537 static struct vhost_scsi_evt *
538 vhost_scsi_allocate_evt(struct vhost_scsi *vs,
539 u32 event, u32 reason)
541 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
542 struct vhost_scsi_evt *evt;
544 if (vs->vs_events_nr > VHOST_SCSI_MAX_EVENT) {
545 vs->vs_events_missed = true;
549 evt = kzalloc(sizeof(*evt), GFP_KERNEL);
551 vq_err(vq, "Failed to allocate vhost_scsi_evt\n");
552 vs->vs_events_missed = true;
556 evt->event.event = cpu_to_vhost32(vq, event);
557 evt->event.reason = cpu_to_vhost32(vq, reason);
563 static int vhost_scsi_check_stop_free(struct se_cmd *se_cmd)
565 return target_put_sess_cmd(se_cmd);
569 vhost_scsi_do_evt_work(struct vhost_scsi *vs, struct vhost_scsi_evt *evt)
571 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
572 struct virtio_scsi_event *event = &evt->event;
573 struct virtio_scsi_event __user *eventp;
574 struct vhost_log *vq_log;
575 unsigned int log_num;
579 if (!vhost_vq_get_backend(vq)) {
580 vs->vs_events_missed = true;
585 vhost_disable_notify(&vs->dev, vq);
587 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ?
591 * Reset 'log_num' since vhost_get_vq_desc() may reset it only
592 * after certain condition checks.
596 head = vhost_get_vq_desc(vq, vq->iov,
597 ARRAY_SIZE(vq->iov), &out, &in,
600 vs->vs_events_missed = true;
603 if (head == vq->num) {
604 if (vhost_enable_notify(&vs->dev, vq))
606 vs->vs_events_missed = true;
610 if ((vq->iov[out].iov_len != sizeof(struct virtio_scsi_event))) {
611 vq_err(vq, "Expecting virtio_scsi_event, got %zu bytes\n",
612 vq->iov[out].iov_len);
613 vs->vs_events_missed = true;
617 if (vs->vs_events_missed) {
618 event->event |= cpu_to_vhost32(vq, VIRTIO_SCSI_T_EVENTS_MISSED);
619 vs->vs_events_missed = false;
622 eventp = vq->iov[out].iov_base;
623 ret = __copy_to_user(eventp, event, sizeof(*event));
625 vhost_add_used_and_signal(&vs->dev, vq, head, 0);
627 vq_err(vq, "Faulted on vhost_scsi_send_event\n");
629 vhost_scsi_log_write(vq, vq_log, log_num);
632 static void vhost_scsi_complete_events(struct vhost_scsi *vs, bool drop)
634 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
635 struct vhost_scsi_evt *evt, *t;
636 struct llist_node *llnode;
638 mutex_lock(&vq->mutex);
639 llnode = llist_del_all(&vs->vs_event_list);
640 llist_for_each_entry_safe(evt, t, llnode, list) {
642 vhost_scsi_do_evt_work(vs, evt);
643 vhost_scsi_free_evt(vs, evt);
645 mutex_unlock(&vq->mutex);
648 static void vhost_scsi_evt_work(struct vhost_work *work)
650 struct vhost_scsi *vs = container_of(work, struct vhost_scsi,
652 vhost_scsi_complete_events(vs, false);
655 static int vhost_scsi_copy_sgl_to_iov(struct vhost_scsi_cmd *cmd)
657 struct iov_iter *iter = cmd->read_iter;
658 struct scatterlist *sg;
663 for_each_sgtable_sg(&cmd->table, sg, i) {
670 if (copy_page_to_iter(page, 0, len, iter) != len) {
671 pr_err("Could not copy data while handling misaligned cmd. Error %zu\n",
680 /* Fill in status and signal that we are done processing this command
682 * This is scheduled in the vhost work queue so we are called with the owner
683 * process mm and can access the vring.
685 static void vhost_scsi_complete_cmd_work(struct vhost_work *work)
687 struct vhost_scsi_virtqueue *svq = container_of(work,
688 struct vhost_scsi_virtqueue, completion_work);
689 struct virtio_scsi_cmd_resp v_rsp;
690 struct vhost_scsi_cmd *cmd, *t;
691 struct llist_node *llnode;
692 struct se_cmd *se_cmd;
693 struct iov_iter iov_iter;
697 llnode = llist_del_all(&svq->completion_list);
699 mutex_lock(&svq->vq.mutex);
701 llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list) {
702 se_cmd = &cmd->tvc_se_cmd;
704 pr_debug("%s tv_cmd %p resid %u status %#02x\n", __func__,
705 cmd, se_cmd->residual_count, se_cmd->scsi_status);
706 memset(&v_rsp, 0, sizeof(v_rsp));
708 if (cmd->read_iter && vhost_scsi_copy_sgl_to_iov(cmd)) {
709 v_rsp.response = VIRTIO_SCSI_S_BAD_TARGET;
711 v_rsp.resid = cpu_to_vhost32(cmd->tvc_vq,
712 se_cmd->residual_count);
713 /* TODO is status_qualifier field needed? */
714 v_rsp.status = se_cmd->scsi_status;
715 v_rsp.sense_len = cpu_to_vhost32(cmd->tvc_vq,
716 se_cmd->scsi_sense_length);
717 memcpy(v_rsp.sense, cmd->tvc_sense_buf,
718 se_cmd->scsi_sense_length);
721 iov_iter_init(&iov_iter, ITER_DEST, cmd->tvc_resp_iovs,
722 cmd->tvc_resp_iovs_cnt, sizeof(v_rsp));
723 ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter);
724 if (likely(ret == sizeof(v_rsp))) {
727 vhost_add_used(cmd->tvc_vq, cmd->tvc_vq_desc, 0);
729 pr_err("Faulted on virtio_scsi_cmd_resp\n");
731 vhost_scsi_log_write(cmd->tvc_vq, cmd->tvc_log,
734 vhost_scsi_release_cmd_res(se_cmd);
737 mutex_unlock(&svq->vq.mutex);
740 vhost_signal(&svq->vs->dev, &svq->vq);
743 static struct vhost_scsi_cmd *
744 vhost_scsi_get_cmd(struct vhost_virtqueue *vq, u64 scsi_tag)
746 struct vhost_scsi_virtqueue *svq = container_of(vq,
747 struct vhost_scsi_virtqueue, vq);
748 struct vhost_scsi_cmd *cmd;
749 struct scatterlist *sgl, *prot_sgl;
750 struct vhost_log *log;
753 tag = sbitmap_get(&svq->scsi_tags);
755 pr_warn_once("Guest sent too many cmds. Returning TASK_SET_FULL.\n");
756 return ERR_PTR(-ENOMEM);
759 cmd = &svq->scsi_cmds[tag];
761 prot_sgl = cmd->prot_sgl;
763 memset(cmd, 0, sizeof(*cmd));
765 cmd->prot_sgl = prot_sgl;
767 cmd->tvc_se_cmd.map_tag = tag;
768 cmd->inflight = vhost_scsi_get_inflight(vq);
773 static void vhost_scsi_revert_map_iov_to_sgl(struct iov_iter *iter,
774 struct scatterlist *curr,
775 struct scatterlist *end)
777 size_t revert_bytes = 0;
780 while (curr != end) {
781 page = sg_page(curr);
785 revert_bytes += curr->length;
787 /* Clear so we can re-use it for the copy path */
788 sg_set_page(curr, NULL, 0, 0);
789 curr = sg_next(curr);
791 iov_iter_revert(iter, revert_bytes);
795 * Map a user memory range into a scatterlist
797 * Returns the number of scatterlist entries used or -errno on error.
800 vhost_scsi_map_to_sgl(struct vhost_scsi_cmd *cmd,
801 struct iov_iter *iter,
802 struct sg_table *sg_table,
803 struct scatterlist **sgl,
806 struct vhost_scsi_virtqueue *svq = container_of(cmd->tvc_vq,
807 struct vhost_scsi_virtqueue, vq);
808 struct page **pages = svq->upages;
809 struct scatterlist *sg = *sgl;
812 unsigned int n, npages = 0;
814 bytes = iov_iter_get_pages2(iter, pages, LONG_MAX,
815 VHOST_SCSI_PREALLOC_UPAGES, &offset);
816 /* No pages were pinned */
818 return bytes < 0 ? bytes : -EFAULT;
821 n = min_t(unsigned int, PAGE_SIZE - offset, bytes);
823 * The block layer requires bios/requests to be a multiple of
824 * 512 bytes, but Windows can send us vecs that are misaligned.
825 * This can result in bios and later requests with misaligned
826 * sizes if we have to break up a cmd/scatterlist into multiple
829 * We currently only break up a command into multiple bios if
830 * we hit the vec/seg limit, so check if our sgl_count is
831 * greater than the max and if a vec in the cmd has a
832 * misaligned offset/size.
835 (offset & (SECTOR_SIZE - 1) || n & (SECTOR_SIZE - 1)) &&
836 cmd->tvc_sgl_count > BIO_MAX_VECS) {
838 "vhost-scsi detected misaligned IO. Performance may be degraded.");
839 goto revert_iter_get_pages;
842 sg_set_page(sg, pages[npages++], n, offset);
851 revert_iter_get_pages:
852 vhost_scsi_revert_map_iov_to_sgl(iter, *sgl, sg);
854 iov_iter_revert(iter, bytes);
856 n = min_t(unsigned int, PAGE_SIZE, bytes);
858 put_page(pages[npages++]);
866 vhost_scsi_calc_sgls(struct iov_iter *iter, size_t bytes, int max_sgls)
870 if (!iter || !iter_iov(iter)) {
871 pr_err("%s: iter->iov is NULL, but expected bytes: %zu"
872 " present\n", __func__, bytes);
876 sgl_count = iov_iter_npages(iter, 0xffff);
877 if (sgl_count > max_sgls) {
878 pr_err("%s: requested sgl_count: %d exceeds pre-allocated"
879 " max_sgls: %d\n", __func__, sgl_count, max_sgls);
886 vhost_scsi_copy_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter,
887 struct sg_table *sg_table, int sg_count,
890 size_t len = iov_iter_count(iter);
891 unsigned int nbytes = 0;
892 struct scatterlist *sg;
896 if (data_dir == DMA_FROM_DEVICE) {
897 cmd->read_iter = kzalloc(sizeof(*cmd->read_iter), GFP_KERNEL);
901 cmd->read_iov = dup_iter(cmd->read_iter, iter, GFP_KERNEL);
902 if (!cmd->read_iov) {
908 for_each_sgtable_sg(sg_table, sg, i) {
909 page = alloc_page(GFP_KERNEL);
915 nbytes = min_t(unsigned int, PAGE_SIZE, len);
916 sg_set_page(sg, page, nbytes, 0);
918 if (data_dir == DMA_TO_DEVICE &&
919 copy_page_from_iter(page, 0, nbytes, iter) != nbytes) {
931 pr_err("Could not read %u bytes while handling misaligned cmd\n",
934 for_each_sgtable_sg(sg_table, sg, i) {
939 kfree(cmd->read_iov);
941 kfree(cmd->read_iter);
946 vhost_scsi_map_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter,
947 struct sg_table *sg_table, int sg_count, bool is_prot)
949 struct scatterlist *sg = sg_table->sgl;
952 while (iov_iter_count(iter)) {
953 ret = vhost_scsi_map_to_sgl(cmd, iter, sg_table, &sg, is_prot);
955 vhost_scsi_revert_map_iov_to_sgl(iter, sg_table->sgl,
965 vhost_scsi_mapal(struct vhost_scsi *vs, struct vhost_scsi_cmd *cmd,
966 size_t prot_bytes, struct iov_iter *prot_iter,
967 size_t data_bytes, struct iov_iter *data_iter, int data_dir)
972 sgl_count = vhost_scsi_calc_sgls(prot_iter, prot_bytes,
973 VHOST_SCSI_PREALLOC_PROT_SGLS);
974 cmd->prot_table.sgl = cmd->prot_sgl;
975 ret = sg_alloc_table_chained(&cmd->prot_table, sgl_count,
981 cmd->tvc_prot_sgl_count = sgl_count;
982 pr_debug("%s prot_sg %p prot_sgl_count %u\n", __func__,
983 cmd->prot_table.sgl, cmd->tvc_prot_sgl_count);
985 ret = vhost_scsi_map_iov_to_sgl(cmd, prot_iter,
987 cmd->tvc_prot_sgl_count, true);
989 sg_free_table_chained(&cmd->prot_table,
991 cmd->tvc_prot_sgl_count = 0;
995 sgl_count = vhost_scsi_calc_sgls(data_iter, data_bytes,
996 VHOST_SCSI_PREALLOC_SGLS);
1000 cmd->table.sgl = cmd->sgl;
1001 ret = sg_alloc_table_chained(&cmd->table, sgl_count, cmd->table.sgl,
1006 cmd->tvc_sgl_count = sgl_count;
1007 pr_debug("%s data_sg %p data_sgl_count %u\n", __func__,
1008 cmd->table.sgl, cmd->tvc_sgl_count);
1010 ret = vhost_scsi_map_iov_to_sgl(cmd, data_iter, &cmd->table,
1011 cmd->tvc_sgl_count, false);
1013 ret = vhost_scsi_copy_iov_to_sgl(cmd, data_iter, &cmd->table,
1014 cmd->tvc_sgl_count, data_dir);
1016 sg_free_table_chained(&cmd->table, vs->inline_sg_cnt);
1017 cmd->tvc_sgl_count = 0;
1023 static int vhost_scsi_to_tcm_attr(int attr)
1026 case VIRTIO_SCSI_S_SIMPLE:
1027 return TCM_SIMPLE_TAG;
1028 case VIRTIO_SCSI_S_ORDERED:
1029 return TCM_ORDERED_TAG;
1030 case VIRTIO_SCSI_S_HEAD:
1031 return TCM_HEAD_TAG;
1032 case VIRTIO_SCSI_S_ACA:
1037 return TCM_SIMPLE_TAG;
1040 static void vhost_scsi_target_queue_cmd(struct vhost_scsi_nexus *nexus,
1041 struct vhost_scsi_cmd *cmd,
1042 unsigned char *cdb, u16 lun,
1043 int task_attr, int data_dir,
1046 struct se_cmd *se_cmd = &cmd->tvc_se_cmd;
1047 struct scatterlist *sg_ptr, *sg_prot_ptr = NULL;
1049 /* FIXME: BIDI operation */
1050 if (cmd->tvc_sgl_count) {
1051 sg_ptr = cmd->table.sgl;
1053 if (cmd->tvc_prot_sgl_count)
1054 sg_prot_ptr = cmd->prot_table.sgl;
1056 se_cmd->prot_pto = true;
1062 target_init_cmd(se_cmd, nexus->tvn_se_sess, &cmd->tvc_sense_buf[0],
1063 lun, exp_data_len, vhost_scsi_to_tcm_attr(task_attr),
1064 data_dir, TARGET_SCF_ACK_KREF);
1066 if (target_submit_prep(se_cmd, cdb, sg_ptr,
1067 cmd->tvc_sgl_count, NULL, 0, sg_prot_ptr,
1068 cmd->tvc_prot_sgl_count, GFP_KERNEL))
1071 target_submit(se_cmd);
1075 vhost_scsi_send_status(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
1076 struct vhost_scsi_ctx *vc, u8 status)
1078 struct virtio_scsi_cmd_resp rsp;
1079 struct iov_iter iov_iter;
1082 memset(&rsp, 0, sizeof(rsp));
1083 rsp.status = status;
1085 iov_iter_init(&iov_iter, ITER_DEST, &vq->iov[vc->out], vc->in,
1088 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter);
1090 if (likely(ret == sizeof(rsp)))
1091 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0);
1093 pr_err("Faulted on virtio_scsi_cmd_resp\n");
1096 #define TYPE_IO_CMD 0
1097 #define TYPE_CTRL_TMF 1
1098 #define TYPE_CTRL_AN 2
1101 vhost_scsi_send_bad_target(struct vhost_scsi *vs,
1102 struct vhost_virtqueue *vq,
1103 struct vhost_scsi_ctx *vc, int type)
1106 struct virtio_scsi_cmd_resp cmd;
1107 struct virtio_scsi_ctrl_tmf_resp tmf;
1108 struct virtio_scsi_ctrl_an_resp an;
1110 struct iov_iter iov_iter;
1114 memset(&rsp, 0, sizeof(rsp));
1116 if (type == TYPE_IO_CMD) {
1117 rsp_size = sizeof(struct virtio_scsi_cmd_resp);
1118 rsp.cmd.response = VIRTIO_SCSI_S_BAD_TARGET;
1119 } else if (type == TYPE_CTRL_TMF) {
1120 rsp_size = sizeof(struct virtio_scsi_ctrl_tmf_resp);
1121 rsp.tmf.response = VIRTIO_SCSI_S_BAD_TARGET;
1123 rsp_size = sizeof(struct virtio_scsi_ctrl_an_resp);
1124 rsp.an.response = VIRTIO_SCSI_S_BAD_TARGET;
1127 iov_iter_init(&iov_iter, ITER_DEST, &vq->iov[vc->out], vc->in,
1130 ret = copy_to_iter(&rsp, rsp_size, &iov_iter);
1132 if (likely(ret == rsp_size))
1133 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0);
1135 pr_err("Faulted on virtio scsi type=%d\n", type);
1139 vhost_scsi_get_desc(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
1140 struct vhost_scsi_ctx *vc,
1141 struct vhost_log *log, unsigned int *log_num)
1145 if (likely(log_num))
1148 vc->head = vhost_get_vq_desc(vq, vq->iov,
1149 ARRAY_SIZE(vq->iov), &vc->out, &vc->in,
1152 pr_debug("vhost_get_vq_desc: head: %d, out: %u in: %u\n",
1153 vc->head, vc->out, vc->in);
1155 /* On error, stop handling until the next kick. */
1156 if (unlikely(vc->head < 0))
1159 /* Nothing new? Wait for eventfd to tell us they refilled. */
1160 if (vc->head == vq->num) {
1161 if (unlikely(vhost_enable_notify(&vs->dev, vq))) {
1162 vhost_disable_notify(&vs->dev, vq);
1169 * Get the size of request and response buffers.
1170 * FIXME: Not correct for BIDI operation
1172 vc->out_size = iov_length(vq->iov, vc->out);
1173 vc->in_size = iov_length(&vq->iov[vc->out], vc->in);
1176 * Copy over the virtio-scsi request header, which for a
1177 * ANY_LAYOUT enabled guest may span multiple iovecs, or a
1178 * single iovec may contain both the header + outgoing
1181 * copy_from_iter() will advance out_iter, so that it will
1182 * point at the start of the outgoing WRITE payload, if
1183 * DMA_TO_DEVICE is set.
1185 iov_iter_init(&vc->out_iter, ITER_SOURCE, vq->iov, vc->out, vc->out_size);
1193 vhost_scsi_chk_size(struct vhost_virtqueue *vq, struct vhost_scsi_ctx *vc)
1195 if (unlikely(vc->in_size < vc->rsp_size)) {
1197 "Response buf too small, need min %zu bytes got %zu",
1198 vc->rsp_size, vc->in_size);
1200 } else if (unlikely(vc->out_size < vc->req_size)) {
1202 "Request buf too small, need min %zu bytes got %zu",
1203 vc->req_size, vc->out_size);
1211 vhost_scsi_get_req(struct vhost_virtqueue *vq, struct vhost_scsi_ctx *vc,
1212 struct vhost_scsi_tpg **tpgp)
1216 if (unlikely(!copy_from_iter_full(vc->req, vc->req_size,
1218 vq_err(vq, "Faulted on copy_from_iter_full\n");
1219 } else if (unlikely(*vc->lunp != 1)) {
1220 /* virtio-scsi spec requires byte 0 of the lun to be 1 */
1221 vq_err(vq, "Illegal virtio-scsi lun: %u\n", *vc->lunp);
1223 struct vhost_scsi_tpg **vs_tpg, *tpg = NULL;
1226 /* validated at handler entry */
1227 vs_tpg = vhost_vq_get_backend(vq);
1228 tpg = READ_ONCE(vs_tpg[*vc->target]);
1229 if (unlikely(!tpg)) {
1230 vq_err(vq, "Target 0x%x does not exist\n", *vc->target);
1244 vhost_scsi_setup_resp_iovs(struct vhost_scsi_cmd *cmd, struct iovec *in_iovs,
1245 unsigned int in_iovs_cnt)
1252 * Initiator's normally just put the virtio_scsi_cmd_resp in the first
1253 * iov, but just in case they wedged in some data with it we check for
1254 * greater than or equal to the response struct.
1256 if (in_iovs[0].iov_len >= sizeof(struct virtio_scsi_cmd_resp)) {
1257 cmd->tvc_resp_iovs = &cmd->tvc_resp_iov;
1258 cmd->tvc_resp_iovs_cnt = 1;
1261 * Legacy descriptor layouts didn't specify that we must put
1262 * the entire response in one iov. Worst case we have a
1265 cnt = min(VHOST_SCSI_MAX_RESP_IOVS, in_iovs_cnt);
1266 cmd->tvc_resp_iovs = kcalloc(cnt, sizeof(struct iovec),
1268 if (!cmd->tvc_resp_iovs)
1271 cmd->tvc_resp_iovs_cnt = cnt;
1274 for (i = 0; i < cmd->tvc_resp_iovs_cnt; i++)
1275 cmd->tvc_resp_iovs[i] = in_iovs[i];
1280 static u16 vhost_buf_to_lun(u8 *lun_buf)
1282 return ((lun_buf[2] << 8) | lun_buf[3]) & 0x3FFF;
1286 vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
1288 struct vhost_scsi_tpg **vs_tpg, *tpg;
1289 struct virtio_scsi_cmd_req v_req;
1290 struct virtio_scsi_cmd_req_pi v_req_pi;
1291 struct vhost_scsi_nexus *nexus;
1292 struct vhost_scsi_ctx vc;
1293 struct vhost_scsi_cmd *cmd;
1294 struct iov_iter in_iter, prot_iter, data_iter;
1296 u32 exp_data_len, data_direction;
1297 int ret, prot_bytes, c = 0;
1300 bool t10_pi = vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI);
1302 struct vhost_log *vq_log;
1303 unsigned int log_num;
1305 mutex_lock(&vq->mutex);
1307 * We can handle the vq only after the endpoint is setup by calling the
1308 * VHOST_SCSI_SET_ENDPOINT ioctl.
1310 vs_tpg = vhost_vq_get_backend(vq);
1314 memset(&vc, 0, sizeof(vc));
1315 vc.rsp_size = sizeof(struct virtio_scsi_cmd_resp);
1317 vhost_disable_notify(&vs->dev, vq);
1319 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ?
1323 ret = vhost_scsi_get_desc(vs, vq, &vc, vq_log, &log_num);
1328 * Setup pointers and values based upon different virtio-scsi
1329 * request header if T10_PI is enabled in KVM guest.
1333 vc.req_size = sizeof(v_req_pi);
1334 vc.lunp = &v_req_pi.lun[0];
1335 vc.target = &v_req_pi.lun[1];
1338 vc.req_size = sizeof(v_req);
1339 vc.lunp = &v_req.lun[0];
1340 vc.target = &v_req.lun[1];
1344 * Validate the size of request and response buffers.
1345 * Check for a sane response buffer so we can report
1346 * early errors back to the guest.
1348 ret = vhost_scsi_chk_size(vq, &vc);
1352 ret = vhost_scsi_get_req(vq, &vc, &tpg);
1356 ret = -EIO; /* bad target on any error from here on */
1359 * Determine data_direction by calculating the total outgoing
1360 * iovec sizes + incoming iovec sizes vs. virtio-scsi request +
1361 * response headers respectively.
1363 * For DMA_TO_DEVICE this is out_iter, which is already pointing
1364 * to the right place.
1366 * For DMA_FROM_DEVICE, the iovec will be just past the end
1367 * of the virtio-scsi response header in either the same
1368 * or immediately following iovec.
1370 * Any associated T10_PI bytes for the outgoing / incoming
1371 * payloads are included in calculation of exp_data_len here.
1375 if (vc.out_size > vc.req_size) {
1376 data_direction = DMA_TO_DEVICE;
1377 exp_data_len = vc.out_size - vc.req_size;
1378 data_iter = vc.out_iter;
1379 } else if (vc.in_size > vc.rsp_size) {
1380 data_direction = DMA_FROM_DEVICE;
1381 exp_data_len = vc.in_size - vc.rsp_size;
1383 iov_iter_init(&in_iter, ITER_DEST, &vq->iov[vc.out], vc.in,
1384 vc.rsp_size + exp_data_len);
1385 iov_iter_advance(&in_iter, vc.rsp_size);
1386 data_iter = in_iter;
1388 data_direction = DMA_NONE;
1392 * If T10_PI header + payload is present, setup prot_iter values
1393 * and recalculate data_iter for vhost_scsi_mapal() mapping to
1394 * host scatterlists via get_user_pages_fast().
1397 if (v_req_pi.pi_bytesout) {
1398 if (data_direction != DMA_TO_DEVICE) {
1399 vq_err(vq, "Received non zero pi_bytesout,"
1400 " but wrong data_direction\n");
1403 prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesout);
1404 } else if (v_req_pi.pi_bytesin) {
1405 if (data_direction != DMA_FROM_DEVICE) {
1406 vq_err(vq, "Received non zero pi_bytesin,"
1407 " but wrong data_direction\n");
1410 prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesin);
1413 * Set prot_iter to data_iter and truncate it to
1414 * prot_bytes, and advance data_iter past any
1415 * preceding prot_bytes that may be present.
1417 * Also fix up the exp_data_len to reflect only the
1418 * actual data payload length.
1421 exp_data_len -= prot_bytes;
1422 prot_iter = data_iter;
1423 iov_iter_truncate(&prot_iter, prot_bytes);
1424 iov_iter_advance(&data_iter, prot_bytes);
1426 tag = vhost64_to_cpu(vq, v_req_pi.tag);
1427 task_attr = v_req_pi.task_attr;
1428 cdb = &v_req_pi.cdb[0];
1429 lun = vhost_buf_to_lun(v_req_pi.lun);
1431 tag = vhost64_to_cpu(vq, v_req.tag);
1432 task_attr = v_req.task_attr;
1433 cdb = &v_req.cdb[0];
1434 lun = vhost_buf_to_lun(v_req.lun);
1437 * Check that the received CDB size does not exceeded our
1438 * hardcoded max for vhost-scsi, then get a pre-allocated
1439 * cmd descriptor for the new virtio-scsi tag.
1441 * TODO what if cdb was too small for varlen cdb header?
1443 if (unlikely(scsi_command_size(cdb) > VHOST_SCSI_MAX_CDB_SIZE)) {
1444 vq_err(vq, "Received SCSI CDB with command_size: %d that"
1445 " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n",
1446 scsi_command_size(cdb), VHOST_SCSI_MAX_CDB_SIZE);
1450 nexus = tpg->tpg_nexus;
1452 vq_err(vq, "Unable to locate active struct vhost_scsi_nexus\n");
1457 cmd = vhost_scsi_get_cmd(vq, tag);
1460 vq_err(vq, "vhost_scsi_get_tag failed %dd\n", ret);
1465 ret = vhost_scsi_setup_resp_iovs(cmd, &vq->iov[vc.out], vc.in);
1467 vq_err(vq, "Failed to alloc recv iovs\n");
1468 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd);
1472 if (unlikely(vq_log && log_num)) {
1473 ret = vhost_scsi_copy_cmd_log(vq, cmd, vq_log, log_num);
1474 if (unlikely(ret)) {
1475 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd);
1480 pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n",
1482 pr_debug("cmd: %p exp_data_len: %d, prot_bytes: %d data_direction:"
1483 " %d\n", cmd, exp_data_len, prot_bytes, data_direction);
1485 if (data_direction != DMA_NONE) {
1486 ret = vhost_scsi_mapal(vs, cmd, prot_bytes, &prot_iter,
1487 exp_data_len, &data_iter,
1489 if (unlikely(ret)) {
1490 vq_err(vq, "Failed to map iov to sgl\n");
1491 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd);
1496 * Save the descriptor from vhost_get_vq_desc() to be used to
1497 * complete the virtio-scsi request in TCM callback context via
1498 * vhost_scsi_queue_data_in() and vhost_scsi_queue_status()
1500 cmd->tvc_vq_desc = vc.head;
1501 vhost_scsi_target_queue_cmd(nexus, cmd, cdb, lun, task_attr,
1503 exp_data_len + prot_bytes);
1507 * ENXIO: No more requests, or read error, wait for next kick
1508 * EINVAL: Invalid response buffer, drop the request
1509 * EIO: Respond with bad target
1510 * EAGAIN: Pending request
1511 * ENOMEM: Could not allocate resources for request
1515 else if (ret == -EIO) {
1516 vhost_scsi_send_bad_target(vs, vq, &vc, TYPE_IO_CMD);
1517 vhost_scsi_log_write(vq, vq_log, log_num);
1518 } else if (ret == -ENOMEM) {
1519 vhost_scsi_send_status(vs, vq, &vc,
1520 SAM_STAT_TASK_SET_FULL);
1521 vhost_scsi_log_write(vq, vq_log, log_num);
1523 } while (likely(!vhost_exceeds_weight(vq, ++c, 0)));
1525 mutex_unlock(&vq->mutex);
1529 vhost_scsi_send_tmf_resp(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
1530 int in_iovs, int vq_desc, struct iovec *resp_iov,
1533 struct virtio_scsi_ctrl_tmf_resp rsp;
1534 struct iov_iter iov_iter;
1537 pr_debug("%s\n", __func__);
1538 memset(&rsp, 0, sizeof(rsp));
1539 rsp.response = tmf_resp_code;
1541 iov_iter_init(&iov_iter, ITER_DEST, resp_iov, in_iovs, sizeof(rsp));
1543 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter);
1544 if (likely(ret == sizeof(rsp)))
1545 vhost_add_used_and_signal(&vs->dev, vq, vq_desc, 0);
1547 pr_err("Faulted on virtio_scsi_ctrl_tmf_resp\n");
1550 static void vhost_scsi_tmf_resp_work(struct vhost_work *work)
1552 struct vhost_scsi_tmf *tmf = container_of(work, struct vhost_scsi_tmf,
1556 if (tmf->scsi_resp == TMR_FUNCTION_COMPLETE)
1557 resp_code = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED;
1559 resp_code = VIRTIO_SCSI_S_FUNCTION_REJECTED;
1561 mutex_lock(&tmf->svq->vq.mutex);
1562 vhost_scsi_send_tmf_resp(tmf->vhost, &tmf->svq->vq, tmf->in_iovs,
1563 tmf->vq_desc, &tmf->resp_iov, resp_code);
1564 vhost_scsi_log_write(&tmf->svq->vq, tmf->tmf_log,
1566 mutex_unlock(&tmf->svq->vq.mutex);
1568 vhost_scsi_release_tmf_res(tmf);
1571 static void vhost_scsi_tmf_flush_work(struct work_struct *work)
1573 struct vhost_scsi_tmf *tmf = container_of(work, struct vhost_scsi_tmf,
1575 struct vhost_virtqueue *vq = &tmf->svq->vq;
1577 * Make sure we have sent responses for other commands before we
1578 * send our response.
1580 vhost_dev_flush(vq->dev);
1581 if (!vhost_vq_work_queue(vq, &tmf->vwork))
1582 vhost_scsi_release_tmf_res(tmf);
1586 vhost_scsi_handle_tmf(struct vhost_scsi *vs, struct vhost_scsi_tpg *tpg,
1587 struct vhost_virtqueue *vq,
1588 struct virtio_scsi_ctrl_tmf_req *vtmf,
1589 struct vhost_scsi_ctx *vc,
1590 struct vhost_log *log, unsigned int log_num)
1592 struct vhost_scsi_virtqueue *svq = container_of(vq,
1593 struct vhost_scsi_virtqueue, vq);
1594 struct vhost_scsi_tmf *tmf;
1596 if (vhost32_to_cpu(vq, vtmf->subtype) !=
1597 VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET)
1600 if (!tpg->tpg_nexus || !tpg->tpg_nexus->tvn_se_sess) {
1601 pr_err("Unable to locate active struct vhost_scsi_nexus for LUN RESET.\n");
1605 tmf = kzalloc(sizeof(*tmf), GFP_KERNEL);
1609 INIT_WORK(&tmf->flush_work, vhost_scsi_tmf_flush_work);
1610 vhost_work_init(&tmf->vwork, vhost_scsi_tmf_resp_work);
1613 tmf->resp_iov = vq->iov[vc->out];
1614 tmf->vq_desc = vc->head;
1615 tmf->in_iovs = vc->in;
1616 tmf->inflight = vhost_scsi_get_inflight(vq);
1618 if (unlikely(log && log_num)) {
1619 tmf->tmf_log = kmalloc_array(log_num, sizeof(*tmf->tmf_log),
1622 memcpy(tmf->tmf_log, log, sizeof(*tmf->tmf_log) * log_num);
1623 tmf->tmf_log_num = log_num;
1625 pr_err("vhost_scsi tmf log allocation error\n");
1626 vhost_scsi_release_tmf_res(tmf);
1631 if (target_submit_tmr(&tmf->se_cmd, tpg->tpg_nexus->tvn_se_sess, NULL,
1632 vhost_buf_to_lun(vtmf->lun), NULL,
1633 TMR_LUN_RESET, GFP_KERNEL, 0,
1634 TARGET_SCF_ACK_KREF) < 0) {
1635 vhost_scsi_release_tmf_res(tmf);
1642 vhost_scsi_send_tmf_resp(vs, vq, vc->in, vc->head, &vq->iov[vc->out],
1643 VIRTIO_SCSI_S_FUNCTION_REJECTED);
1644 vhost_scsi_log_write(vq, log, log_num);
1648 vhost_scsi_send_an_resp(struct vhost_scsi *vs,
1649 struct vhost_virtqueue *vq,
1650 struct vhost_scsi_ctx *vc)
1652 struct virtio_scsi_ctrl_an_resp rsp;
1653 struct iov_iter iov_iter;
1656 pr_debug("%s\n", __func__);
1657 memset(&rsp, 0, sizeof(rsp)); /* event_actual = 0 */
1658 rsp.response = VIRTIO_SCSI_S_OK;
1660 iov_iter_init(&iov_iter, ITER_DEST, &vq->iov[vc->out], vc->in, sizeof(rsp));
1662 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter);
1663 if (likely(ret == sizeof(rsp)))
1664 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0);
1666 pr_err("Faulted on virtio_scsi_ctrl_an_resp\n");
1670 vhost_scsi_ctl_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
1672 struct vhost_scsi_tpg *tpg;
1675 struct virtio_scsi_ctrl_an_req an;
1676 struct virtio_scsi_ctrl_tmf_req tmf;
1678 struct vhost_scsi_ctx vc;
1681 struct vhost_log *vq_log;
1682 unsigned int log_num;
1684 mutex_lock(&vq->mutex);
1686 * We can handle the vq only after the endpoint is setup by calling the
1687 * VHOST_SCSI_SET_ENDPOINT ioctl.
1689 if (!vhost_vq_get_backend(vq))
1692 memset(&vc, 0, sizeof(vc));
1694 vhost_disable_notify(&vs->dev, vq);
1696 vq_log = unlikely(vhost_has_feature(vq, VHOST_F_LOG_ALL)) ?
1700 ret = vhost_scsi_get_desc(vs, vq, &vc, vq_log, &log_num);
1705 * Get the request type first in order to setup
1706 * other parameters dependent on the type.
1708 vc.req = &v_req.type;
1709 typ_size = sizeof(v_req.type);
1711 if (unlikely(!copy_from_iter_full(vc.req, typ_size,
1713 vq_err(vq, "Faulted on copy_from_iter tmf type\n");
1715 * The size of the response buffer depends on the
1716 * request type and must be validated against it.
1717 * Since the request type is not known, don't send
1723 switch (vhost32_to_cpu(vq, v_req.type)) {
1724 case VIRTIO_SCSI_T_TMF:
1725 vc.req = &v_req.tmf;
1726 vc.req_size = sizeof(struct virtio_scsi_ctrl_tmf_req);
1727 vc.rsp_size = sizeof(struct virtio_scsi_ctrl_tmf_resp);
1728 vc.lunp = &v_req.tmf.lun[0];
1729 vc.target = &v_req.tmf.lun[1];
1731 case VIRTIO_SCSI_T_AN_QUERY:
1732 case VIRTIO_SCSI_T_AN_SUBSCRIBE:
1734 vc.req_size = sizeof(struct virtio_scsi_ctrl_an_req);
1735 vc.rsp_size = sizeof(struct virtio_scsi_ctrl_an_resp);
1736 vc.lunp = &v_req.an.lun[0];
1740 vq_err(vq, "Unknown control request %d", v_req.type);
1745 * Validate the size of request and response buffers.
1746 * Check for a sane response buffer so we can report
1747 * early errors back to the guest.
1749 ret = vhost_scsi_chk_size(vq, &vc);
1754 * Get the rest of the request now that its size is known.
1757 vc.req_size -= typ_size;
1759 ret = vhost_scsi_get_req(vq, &vc, &tpg);
1763 if (v_req.type == VIRTIO_SCSI_T_TMF)
1764 vhost_scsi_handle_tmf(vs, tpg, vq, &v_req.tmf, &vc,
1767 vhost_scsi_send_an_resp(vs, vq, &vc);
1768 vhost_scsi_log_write(vq, vq_log, log_num);
1772 * ENXIO: No more requests, or read error, wait for next kick
1773 * EINVAL: Invalid response buffer, drop the request
1774 * EIO: Respond with bad target
1775 * EAGAIN: Pending request
1779 else if (ret == -EIO) {
1780 vhost_scsi_send_bad_target(vs, vq, &vc,
1781 v_req.type == VIRTIO_SCSI_T_TMF ?
1784 vhost_scsi_log_write(vq, vq_log, log_num);
1786 } while (likely(!vhost_exceeds_weight(vq, ++c, 0)));
1788 mutex_unlock(&vq->mutex);
1791 static void vhost_scsi_ctl_handle_kick(struct vhost_work *work)
1793 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
1795 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);
1797 pr_debug("%s: The handling func for control queue.\n", __func__);
1798 vhost_scsi_ctl_handle_vq(vs, vq);
1802 vhost_scsi_send_evt(struct vhost_scsi *vs, struct vhost_virtqueue *vq,
1803 struct vhost_scsi_tpg *tpg, struct se_lun *lun,
1804 u32 event, u32 reason)
1806 struct vhost_scsi_evt *evt;
1808 evt = vhost_scsi_allocate_evt(vs, event, reason);
1813 /* TODO: share lun setup code with virtio-scsi.ko */
1815 * Note: evt->event is zeroed when we allocate it and
1816 * lun[4-7] need to be zero according to virtio-scsi spec.
1818 evt->event.lun[0] = 0x01;
1819 evt->event.lun[1] = tpg->tport_tpgt;
1820 if (lun->unpacked_lun >= 256)
1821 evt->event.lun[2] = lun->unpacked_lun >> 8 | 0x40 ;
1822 evt->event.lun[3] = lun->unpacked_lun & 0xFF;
1825 llist_add(&evt->list, &vs->vs_event_list);
1826 if (!vhost_vq_work_queue(vq, &vs->vs_event_work))
1827 vhost_scsi_complete_events(vs, true);
1830 static void vhost_scsi_evt_handle_kick(struct vhost_work *work)
1832 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
1834 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);
1836 mutex_lock(&vq->mutex);
1837 if (!vhost_vq_get_backend(vq))
1840 if (vs->vs_events_missed)
1841 vhost_scsi_send_evt(vs, vq, NULL, NULL, VIRTIO_SCSI_T_NO_EVENT,
1844 mutex_unlock(&vq->mutex);
1847 static void vhost_scsi_handle_kick(struct vhost_work *work)
1849 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
1851 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);
1853 vhost_scsi_handle_vq(vs, vq);
1856 /* Callers must hold dev mutex */
1857 static void vhost_scsi_flush(struct vhost_scsi *vs)
1861 /* Init new inflight and remember the old inflight */
1862 vhost_scsi_init_inflight(vs, vs->old_inflight);
1865 * The inflight->kref was initialized to 1. We decrement it here to
1866 * indicate the start of the flush operation so that it will reach 0
1867 * when all the reqs are finished.
1869 for (i = 0; i < vs->dev.nvqs; i++)
1870 kref_put(&vs->old_inflight[i]->kref, vhost_scsi_done_inflight);
1872 /* Flush both the vhost poll and vhost work */
1873 vhost_dev_flush(&vs->dev);
1875 /* Wait for all reqs issued before the flush to be finished */
1876 for (i = 0; i < vs->dev.nvqs; i++)
1877 wait_for_completion(&vs->old_inflight[i]->comp);
1880 static void vhost_scsi_destroy_vq_log(struct vhost_virtqueue *vq)
1882 struct vhost_scsi_virtqueue *svq = container_of(vq,
1883 struct vhost_scsi_virtqueue, vq);
1884 struct vhost_scsi_cmd *tv_cmd;
1887 if (!svq->scsi_cmds)
1890 for (i = 0; i < svq->max_cmds; i++) {
1891 tv_cmd = &svq->scsi_cmds[i];
1892 kfree(tv_cmd->tvc_log);
1893 tv_cmd->tvc_log = NULL;
1894 tv_cmd->tvc_log_num = 0;
1898 static void vhost_scsi_destroy_vq_cmds(struct vhost_virtqueue *vq)
1900 struct vhost_scsi_virtqueue *svq = container_of(vq,
1901 struct vhost_scsi_virtqueue, vq);
1902 struct vhost_scsi_cmd *tv_cmd;
1905 if (!svq->scsi_cmds)
1908 for (i = 0; i < svq->max_cmds; i++) {
1909 tv_cmd = &svq->scsi_cmds[i];
1912 kfree(tv_cmd->prot_sgl);
1915 sbitmap_free(&svq->scsi_tags);
1917 vhost_scsi_destroy_vq_log(vq);
1918 kfree(svq->scsi_cmds);
1919 svq->scsi_cmds = NULL;
1922 static int vhost_scsi_setup_vq_cmds(struct vhost_virtqueue *vq, int max_cmds)
1924 struct vhost_scsi_virtqueue *svq = container_of(vq,
1925 struct vhost_scsi_virtqueue, vq);
1926 struct vhost_scsi *vs = svq->vs;
1927 struct vhost_scsi_cmd *tv_cmd;
1933 if (sbitmap_init_node(&svq->scsi_tags, max_cmds, -1, GFP_KERNEL,
1934 NUMA_NO_NODE, false, true))
1936 svq->max_cmds = max_cmds;
1938 svq->scsi_cmds = kcalloc(max_cmds, sizeof(*tv_cmd), GFP_KERNEL);
1939 if (!svq->scsi_cmds) {
1940 sbitmap_free(&svq->scsi_tags);
1944 svq->upages = kcalloc(VHOST_SCSI_PREALLOC_UPAGES, sizeof(struct page *),
1949 for (i = 0; i < max_cmds; i++) {
1950 tv_cmd = &svq->scsi_cmds[i];
1952 if (vs->inline_sg_cnt) {
1953 tv_cmd->sgl = kcalloc(vs->inline_sg_cnt,
1954 sizeof(struct scatterlist),
1957 pr_err("Unable to allocate tv_cmd->sgl\n");
1962 if (vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI) &&
1963 vs->inline_sg_cnt) {
1964 tv_cmd->prot_sgl = kcalloc(vs->inline_sg_cnt,
1965 sizeof(struct scatterlist),
1967 if (!tv_cmd->prot_sgl) {
1968 pr_err("Unable to allocate tv_cmd->prot_sgl\n");
1975 vhost_scsi_destroy_vq_cmds(vq);
1980 * Called from vhost_scsi_ioctl() context to walk the list of available
1981 * vhost_scsi_tpg with an active struct vhost_scsi_nexus
1983 * The lock nesting rule is:
1984 * vs->dev.mutex -> vhost_scsi_mutex -> tpg->tv_tpg_mutex -> vq->mutex
1987 vhost_scsi_set_endpoint(struct vhost_scsi *vs,
1988 struct vhost_scsi_target *t)
1990 struct se_portal_group *se_tpg;
1991 struct vhost_scsi_tport *tv_tport;
1992 struct vhost_scsi_tpg *tpg;
1993 struct vhost_scsi_tpg **vs_tpg;
1994 struct vhost_virtqueue *vq;
1995 int index, ret, i, len;
1998 mutex_lock(&vs->dev.mutex);
2000 /* Verify that ring has been setup correctly. */
2001 for (index = 0; index < vs->dev.nvqs; ++index) {
2002 /* Verify that ring has been setup correctly. */
2003 if (!vhost_vq_access_ok(&vs->vqs[index].vq)) {
2010 pr_err("vhost-scsi endpoint already set for %s.\n",
2016 len = sizeof(vs_tpg[0]) * VHOST_SCSI_MAX_TARGET;
2017 vs_tpg = kzalloc(len, GFP_KERNEL);
2023 mutex_lock(&vhost_scsi_mutex);
2024 list_for_each_entry(tpg, &vhost_scsi_list, tv_tpg_list) {
2025 mutex_lock(&tpg->tv_tpg_mutex);
2026 if (!tpg->tpg_nexus) {
2027 mutex_unlock(&tpg->tv_tpg_mutex);
2030 if (tpg->tv_tpg_vhost_count != 0) {
2031 mutex_unlock(&tpg->tv_tpg_mutex);
2034 tv_tport = tpg->tport;
2036 if (!strcmp(tv_tport->tport_name, t->vhost_wwpn)) {
2038 * In order to ensure individual vhost-scsi configfs
2039 * groups cannot be removed while in use by vhost ioctl,
2040 * go ahead and take an explicit se_tpg->tpg_group.cg_item
2043 se_tpg = &tpg->se_tpg;
2044 ret = target_depend_item(&se_tpg->tpg_group.cg_item);
2046 pr_warn("target_depend_item() failed: %d\n", ret);
2047 mutex_unlock(&tpg->tv_tpg_mutex);
2048 mutex_unlock(&vhost_scsi_mutex);
2051 tpg->tv_tpg_vhost_count++;
2052 tpg->vhost_scsi = vs;
2053 vs_tpg[tpg->tport_tpgt] = tpg;
2056 mutex_unlock(&tpg->tv_tpg_mutex);
2058 mutex_unlock(&vhost_scsi_mutex);
2061 memcpy(vs->vs_vhost_wwpn, t->vhost_wwpn,
2062 sizeof(vs->vs_vhost_wwpn));
2064 for (i = VHOST_SCSI_VQ_IO; i < vs->dev.nvqs; i++) {
2065 vq = &vs->vqs[i].vq;
2066 if (!vhost_vq_is_setup(vq))
2069 ret = vhost_scsi_setup_vq_cmds(vq, vq->num);
2071 goto destroy_vq_cmds;
2074 for (i = 0; i < vs->dev.nvqs; i++) {
2075 vq = &vs->vqs[i].vq;
2076 mutex_lock(&vq->mutex);
2077 vhost_vq_set_backend(vq, vs_tpg);
2078 vhost_vq_init_access(vq);
2079 mutex_unlock(&vq->mutex);
2088 * Act as synchronize_rcu to make sure requests after this point
2089 * see a fully setup device.
2091 vhost_scsi_flush(vs);
2092 vs->vs_tpg = vs_tpg;
2096 for (i--; i >= VHOST_SCSI_VQ_IO; i--) {
2097 if (!vhost_vq_get_backend(&vs->vqs[i].vq))
2098 vhost_scsi_destroy_vq_cmds(&vs->vqs[i].vq);
2101 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
2104 mutex_lock(&tpg->tv_tpg_mutex);
2105 tpg->vhost_scsi = NULL;
2106 tpg->tv_tpg_vhost_count--;
2107 mutex_unlock(&tpg->tv_tpg_mutex);
2108 target_undepend_item(&tpg->se_tpg.tpg_group.cg_item);
2114 mutex_unlock(&vs->dev.mutex);
2119 vhost_scsi_clear_endpoint(struct vhost_scsi *vs,
2120 struct vhost_scsi_target *t)
2122 struct se_portal_group *se_tpg;
2123 struct vhost_scsi_tport *tv_tport;
2124 struct vhost_scsi_tpg *tpg;
2125 struct vhost_virtqueue *vq;
2130 mutex_lock(&vs->dev.mutex);
2131 /* Verify that ring has been setup correctly. */
2132 for (index = 0; index < vs->dev.nvqs; ++index) {
2133 if (!vhost_vq_access_ok(&vs->vqs[index].vq)) {
2144 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
2146 tpg = vs->vs_tpg[target];
2150 tv_tport = tpg->tport;
2156 if (strcmp(tv_tport->tport_name, t->vhost_wwpn)) {
2157 pr_warn("tv_tport->tport_name: %s, tpg->tport_tpgt: %hu"
2158 " does not match t->vhost_wwpn: %s, t->vhost_tpgt: %hu\n",
2159 tv_tport->tport_name, tpg->tport_tpgt,
2160 t->vhost_wwpn, t->vhost_tpgt);
2169 /* Prevent new cmds from starting and accessing the tpgs/sessions */
2170 for (i = 0; i < vs->dev.nvqs; i++) {
2171 vq = &vs->vqs[i].vq;
2172 mutex_lock(&vq->mutex);
2173 vhost_vq_set_backend(vq, NULL);
2174 mutex_unlock(&vq->mutex);
2176 /* Make sure cmds are not running before tearing them down. */
2177 vhost_scsi_flush(vs);
2179 for (i = 0; i < vs->dev.nvqs; i++) {
2180 vq = &vs->vqs[i].vq;
2181 vhost_scsi_destroy_vq_cmds(vq);
2185 * We can now release our hold on the tpg and sessions and userspace
2186 * can free them after this point.
2188 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
2190 tpg = vs->vs_tpg[target];
2194 mutex_lock(&tpg->tv_tpg_mutex);
2196 tpg->tv_tpg_vhost_count--;
2197 tpg->vhost_scsi = NULL;
2198 vs->vs_tpg[target] = NULL;
2200 mutex_unlock(&tpg->tv_tpg_mutex);
2202 se_tpg = &tpg->se_tpg;
2203 target_undepend_item(&se_tpg->tpg_group.cg_item);
2208 * Act as synchronize_rcu to make sure access to
2209 * old vs->vs_tpg is finished.
2211 vhost_scsi_flush(vs);
2214 memset(vs->vs_vhost_wwpn, 0, sizeof(vs->vs_vhost_wwpn));
2215 WARN_ON(vs->vs_events_nr);
2216 mutex_unlock(&vs->dev.mutex);
2220 mutex_unlock(&vs->dev.mutex);
2224 static int vhost_scsi_set_features(struct vhost_scsi *vs, u64 features)
2226 struct vhost_virtqueue *vq;
2227 bool is_log, was_log;
2230 if (features & ~VHOST_SCSI_FEATURES)
2233 mutex_lock(&vs->dev.mutex);
2234 if ((features & (1 << VHOST_F_LOG_ALL)) &&
2235 !vhost_log_access_ok(&vs->dev)) {
2236 mutex_unlock(&vs->dev.mutex);
2243 is_log = features & (1 << VHOST_F_LOG_ALL);
2245 * All VQs should have same feature.
2247 was_log = vhost_has_feature(&vs->vqs[0].vq, VHOST_F_LOG_ALL);
2249 for (i = 0; i < vs->dev.nvqs; i++) {
2250 vq = &vs->vqs[i].vq;
2251 mutex_lock(&vq->mutex);
2252 vq->acked_features = features;
2253 mutex_unlock(&vq->mutex);
2257 * If VHOST_F_LOG_ALL is removed, free tvc_log after
2258 * vq->acked_features is committed.
2260 if (!is_log && was_log) {
2261 for (i = VHOST_SCSI_VQ_IO; i < vs->dev.nvqs; i++) {
2262 if (!vs->vqs[i].scsi_cmds)
2265 vq = &vs->vqs[i].vq;
2266 mutex_lock(&vq->mutex);
2267 vhost_scsi_destroy_vq_log(vq);
2268 mutex_unlock(&vq->mutex);
2273 mutex_unlock(&vs->dev.mutex);
2277 static int vhost_scsi_open(struct inode *inode, struct file *f)
2279 struct vhost_scsi_virtqueue *svq;
2280 struct vhost_scsi *vs;
2281 struct vhost_virtqueue **vqs;
2282 int r = -ENOMEM, i, nvqs = vhost_scsi_max_io_vqs;
2284 vs = kvzalloc(sizeof(*vs), GFP_KERNEL);
2287 vs->inline_sg_cnt = vhost_scsi_inline_sg_cnt;
2289 if (nvqs > VHOST_SCSI_MAX_IO_VQ) {
2290 pr_err("Invalid max_io_vqs of %d. Using %d.\n", nvqs,
2291 VHOST_SCSI_MAX_IO_VQ);
2292 nvqs = VHOST_SCSI_MAX_IO_VQ;
2293 } else if (nvqs == 0) {
2294 pr_err("Invalid max_io_vqs of %d. Using 1.\n", nvqs);
2297 nvqs += VHOST_SCSI_VQ_IO;
2299 vs->old_inflight = kmalloc_array(nvqs, sizeof(*vs->old_inflight),
2300 GFP_KERNEL | __GFP_ZERO);
2301 if (!vs->old_inflight)
2304 vs->vqs = kmalloc_array(nvqs, sizeof(*vs->vqs),
2305 GFP_KERNEL | __GFP_ZERO);
2309 vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL);
2313 vhost_work_init(&vs->vs_event_work, vhost_scsi_evt_work);
2315 vs->vs_events_nr = 0;
2316 vs->vs_events_missed = false;
2318 vqs[VHOST_SCSI_VQ_CTL] = &vs->vqs[VHOST_SCSI_VQ_CTL].vq;
2319 vqs[VHOST_SCSI_VQ_EVT] = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
2320 vs->vqs[VHOST_SCSI_VQ_CTL].vq.handle_kick = vhost_scsi_ctl_handle_kick;
2321 vs->vqs[VHOST_SCSI_VQ_EVT].vq.handle_kick = vhost_scsi_evt_handle_kick;
2322 for (i = VHOST_SCSI_VQ_IO; i < nvqs; i++) {
2327 init_llist_head(&svq->completion_list);
2328 vhost_work_init(&svq->completion_work,
2329 vhost_scsi_complete_cmd_work);
2330 svq->vq.handle_kick = vhost_scsi_handle_kick;
2332 vhost_dev_init(&vs->dev, vqs, nvqs, UIO_MAXIOV,
2333 VHOST_SCSI_WEIGHT, 0, true, NULL);
2335 vhost_scsi_init_inflight(vs, NULL);
2337 f->private_data = vs;
2343 kfree(vs->old_inflight);
2350 static int vhost_scsi_release(struct inode *inode, struct file *f)
2352 struct vhost_scsi *vs = f->private_data;
2353 struct vhost_scsi_target t;
2355 mutex_lock(&vs->dev.mutex);
2356 memcpy(t.vhost_wwpn, vs->vs_vhost_wwpn, sizeof(t.vhost_wwpn));
2357 mutex_unlock(&vs->dev.mutex);
2358 vhost_scsi_clear_endpoint(vs, &t);
2359 vhost_dev_stop(&vs->dev);
2360 vhost_dev_cleanup(&vs->dev);
2363 kfree(vs->old_inflight);
2369 vhost_scsi_ioctl(struct file *f,
2373 struct vhost_scsi *vs = f->private_data;
2374 struct vhost_scsi_target backend;
2375 void __user *argp = (void __user *)arg;
2376 u64 __user *featurep = argp;
2377 u32 __user *eventsp = argp;
2380 int r, abi_version = VHOST_SCSI_ABI_VERSION;
2381 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
2384 case VHOST_SCSI_SET_ENDPOINT:
2385 if (copy_from_user(&backend, argp, sizeof backend))
2387 if (backend.reserved != 0)
2390 return vhost_scsi_set_endpoint(vs, &backend);
2391 case VHOST_SCSI_CLEAR_ENDPOINT:
2392 if (copy_from_user(&backend, argp, sizeof backend))
2394 if (backend.reserved != 0)
2397 return vhost_scsi_clear_endpoint(vs, &backend);
2398 case VHOST_SCSI_GET_ABI_VERSION:
2399 if (copy_to_user(argp, &abi_version, sizeof abi_version))
2402 case VHOST_SCSI_SET_EVENTS_MISSED:
2403 if (get_user(events_missed, eventsp))
2405 mutex_lock(&vq->mutex);
2406 vs->vs_events_missed = events_missed;
2407 mutex_unlock(&vq->mutex);
2409 case VHOST_SCSI_GET_EVENTS_MISSED:
2410 mutex_lock(&vq->mutex);
2411 events_missed = vs->vs_events_missed;
2412 mutex_unlock(&vq->mutex);
2413 if (put_user(events_missed, eventsp))
2416 case VHOST_GET_FEATURES:
2417 features = VHOST_SCSI_FEATURES;
2418 if (copy_to_user(featurep, &features, sizeof features))
2421 case VHOST_SET_FEATURES:
2422 if (copy_from_user(&features, featurep, sizeof features))
2424 return vhost_scsi_set_features(vs, features);
2425 case VHOST_NEW_WORKER:
2426 case VHOST_FREE_WORKER:
2427 case VHOST_ATTACH_VRING_WORKER:
2428 case VHOST_GET_VRING_WORKER:
2429 mutex_lock(&vs->dev.mutex);
2430 r = vhost_worker_ioctl(&vs->dev, ioctl, argp);
2431 mutex_unlock(&vs->dev.mutex);
2434 mutex_lock(&vs->dev.mutex);
2435 r = vhost_dev_ioctl(&vs->dev, ioctl, argp);
2436 /* TODO: flush backend after dev ioctl. */
2437 if (r == -ENOIOCTLCMD)
2438 r = vhost_vring_ioctl(&vs->dev, ioctl, argp);
2439 mutex_unlock(&vs->dev.mutex);
2444 static const struct file_operations vhost_scsi_fops = {
2445 .owner = THIS_MODULE,
2446 .release = vhost_scsi_release,
2447 .unlocked_ioctl = vhost_scsi_ioctl,
2448 .compat_ioctl = compat_ptr_ioctl,
2449 .open = vhost_scsi_open,
2450 .llseek = noop_llseek,
2453 static struct miscdevice vhost_scsi_misc = {
2459 static int __init vhost_scsi_register(void)
2461 return misc_register(&vhost_scsi_misc);
2464 static void vhost_scsi_deregister(void)
2466 misc_deregister(&vhost_scsi_misc);
2469 static char *vhost_scsi_dump_proto_id(struct vhost_scsi_tport *tport)
2471 switch (tport->tport_proto_id) {
2472 case SCSI_PROTOCOL_SAS:
2474 case SCSI_PROTOCOL_FCP:
2476 case SCSI_PROTOCOL_ISCSI:
2486 vhost_scsi_do_plug(struct vhost_scsi_tpg *tpg,
2487 struct se_lun *lun, bool plug)
2490 struct vhost_scsi *vs = tpg->vhost_scsi;
2491 struct vhost_virtqueue *vq;
2498 reason = VIRTIO_SCSI_EVT_RESET_RESCAN;
2500 reason = VIRTIO_SCSI_EVT_RESET_REMOVED;
2502 vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
2503 mutex_lock(&vq->mutex);
2505 * We can't queue events if the backend has been cleared, because
2506 * we could end up queueing an event after the flush.
2508 if (!vhost_vq_get_backend(vq))
2511 if (vhost_has_feature(vq, VIRTIO_SCSI_F_HOTPLUG))
2512 vhost_scsi_send_evt(vs, vq, tpg, lun,
2513 VIRTIO_SCSI_T_TRANSPORT_RESET, reason);
2515 mutex_unlock(&vq->mutex);
2518 static void vhost_scsi_hotplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun)
2520 vhost_scsi_do_plug(tpg, lun, true);
2523 static void vhost_scsi_hotunplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun)
2525 vhost_scsi_do_plug(tpg, lun, false);
2528 static int vhost_scsi_port_link(struct se_portal_group *se_tpg,
2531 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2532 struct vhost_scsi_tpg, se_tpg);
2534 mutex_lock(&tpg->tv_tpg_mutex);
2535 tpg->tv_tpg_port_count++;
2536 vhost_scsi_hotplug(tpg, lun);
2537 mutex_unlock(&tpg->tv_tpg_mutex);
2542 static void vhost_scsi_port_unlink(struct se_portal_group *se_tpg,
2545 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2546 struct vhost_scsi_tpg, se_tpg);
2548 mutex_lock(&tpg->tv_tpg_mutex);
2549 tpg->tv_tpg_port_count--;
2550 vhost_scsi_hotunplug(tpg, lun);
2551 mutex_unlock(&tpg->tv_tpg_mutex);
2554 static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_store(
2555 struct config_item *item, const char *page, size_t count)
2557 struct se_portal_group *se_tpg = attrib_to_tpg(item);
2558 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2559 struct vhost_scsi_tpg, se_tpg);
2561 int ret = kstrtoul(page, 0, &val);
2564 pr_err("kstrtoul() returned %d for fabric_prot_type\n", ret);
2567 if (val != 0 && val != 1 && val != 3) {
2568 pr_err("Invalid vhost_scsi fabric_prot_type: %lu\n", val);
2571 tpg->tv_fabric_prot_type = val;
2576 static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_show(
2577 struct config_item *item, char *page)
2579 struct se_portal_group *se_tpg = attrib_to_tpg(item);
2580 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2581 struct vhost_scsi_tpg, se_tpg);
2583 return sysfs_emit(page, "%d\n", tpg->tv_fabric_prot_type);
2586 CONFIGFS_ATTR(vhost_scsi_tpg_attrib_, fabric_prot_type);
2588 static struct configfs_attribute *vhost_scsi_tpg_attrib_attrs[] = {
2589 &vhost_scsi_tpg_attrib_attr_fabric_prot_type,
2593 static int vhost_scsi_make_nexus(struct vhost_scsi_tpg *tpg,
2596 struct vhost_scsi_nexus *tv_nexus;
2598 mutex_lock(&tpg->tv_tpg_mutex);
2599 if (tpg->tpg_nexus) {
2600 mutex_unlock(&tpg->tv_tpg_mutex);
2601 pr_debug("tpg->tpg_nexus already exists\n");
2605 tv_nexus = kzalloc(sizeof(*tv_nexus), GFP_KERNEL);
2607 mutex_unlock(&tpg->tv_tpg_mutex);
2608 pr_err("Unable to allocate struct vhost_scsi_nexus\n");
2612 * Since we are running in 'demo mode' this call with generate a
2613 * struct se_node_acl for the vhost_scsi struct se_portal_group with
2614 * the SCSI Initiator port name of the passed configfs group 'name'.
2616 tv_nexus->tvn_se_sess = target_setup_session(&tpg->se_tpg, 0, 0,
2617 TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS,
2618 (unsigned char *)name, tv_nexus, NULL);
2619 if (IS_ERR(tv_nexus->tvn_se_sess)) {
2620 mutex_unlock(&tpg->tv_tpg_mutex);
2624 tpg->tpg_nexus = tv_nexus;
2626 mutex_unlock(&tpg->tv_tpg_mutex);
2630 static int vhost_scsi_drop_nexus(struct vhost_scsi_tpg *tpg)
2632 struct se_session *se_sess;
2633 struct vhost_scsi_nexus *tv_nexus;
2635 mutex_lock(&tpg->tv_tpg_mutex);
2636 tv_nexus = tpg->tpg_nexus;
2638 mutex_unlock(&tpg->tv_tpg_mutex);
2642 se_sess = tv_nexus->tvn_se_sess;
2644 mutex_unlock(&tpg->tv_tpg_mutex);
2648 if (tpg->tv_tpg_port_count != 0) {
2649 mutex_unlock(&tpg->tv_tpg_mutex);
2650 pr_err("Unable to remove TCM_vhost I_T Nexus with"
2651 " active TPG port count: %d\n",
2652 tpg->tv_tpg_port_count);
2656 if (tpg->tv_tpg_vhost_count != 0) {
2657 mutex_unlock(&tpg->tv_tpg_mutex);
2658 pr_err("Unable to remove TCM_vhost I_T Nexus with"
2659 " active TPG vhost count: %d\n",
2660 tpg->tv_tpg_vhost_count);
2664 pr_debug("TCM_vhost_ConfigFS: Removing I_T Nexus to emulated"
2665 " %s Initiator Port: %s\n", vhost_scsi_dump_proto_id(tpg->tport),
2666 tv_nexus->tvn_se_sess->se_node_acl->initiatorname);
2669 * Release the SCSI I_T Nexus to the emulated vhost Target Port
2671 target_remove_session(se_sess);
2672 tpg->tpg_nexus = NULL;
2673 mutex_unlock(&tpg->tv_tpg_mutex);
2679 static ssize_t vhost_scsi_tpg_nexus_show(struct config_item *item, char *page)
2681 struct se_portal_group *se_tpg = to_tpg(item);
2682 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2683 struct vhost_scsi_tpg, se_tpg);
2684 struct vhost_scsi_nexus *tv_nexus;
2687 mutex_lock(&tpg->tv_tpg_mutex);
2688 tv_nexus = tpg->tpg_nexus;
2690 mutex_unlock(&tpg->tv_tpg_mutex);
2693 ret = sysfs_emit(page, "%s\n",
2694 tv_nexus->tvn_se_sess->se_node_acl->initiatorname);
2695 mutex_unlock(&tpg->tv_tpg_mutex);
2700 static ssize_t vhost_scsi_tpg_nexus_store(struct config_item *item,
2701 const char *page, size_t count)
2703 struct se_portal_group *se_tpg = to_tpg(item);
2704 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2705 struct vhost_scsi_tpg, se_tpg);
2706 struct vhost_scsi_tport *tport_wwn = tpg->tport;
2707 unsigned char i_port[VHOST_SCSI_NAMELEN], *ptr, *port_ptr;
2710 * Shutdown the active I_T nexus if 'NULL' is passed..
2712 if (!strncmp(page, "NULL", 4)) {
2713 ret = vhost_scsi_drop_nexus(tpg);
2714 return (!ret) ? count : ret;
2717 * Otherwise make sure the passed virtual Initiator port WWN matches
2718 * the fabric protocol_id set in vhost_scsi_make_tport(), and call
2719 * vhost_scsi_make_nexus().
2721 if (strlen(page) >= VHOST_SCSI_NAMELEN) {
2722 pr_err("Emulated NAA Sas Address: %s, exceeds"
2723 " max: %d\n", page, VHOST_SCSI_NAMELEN);
2726 snprintf(&i_port[0], VHOST_SCSI_NAMELEN, "%s", page);
2728 ptr = strstr(i_port, "naa.");
2730 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_SAS) {
2731 pr_err("Passed SAS Initiator Port %s does not"
2732 " match target port protoid: %s\n", i_port,
2733 vhost_scsi_dump_proto_id(tport_wwn));
2736 port_ptr = &i_port[0];
2739 ptr = strstr(i_port, "fc.");
2741 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_FCP) {
2742 pr_err("Passed FCP Initiator Port %s does not"
2743 " match target port protoid: %s\n", i_port,
2744 vhost_scsi_dump_proto_id(tport_wwn));
2747 port_ptr = &i_port[3]; /* Skip over "fc." */
2750 ptr = strstr(i_port, "iqn.");
2752 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_ISCSI) {
2753 pr_err("Passed iSCSI Initiator Port %s does not"
2754 " match target port protoid: %s\n", i_port,
2755 vhost_scsi_dump_proto_id(tport_wwn));
2758 port_ptr = &i_port[0];
2761 pr_err("Unable to locate prefix for emulated Initiator Port:"
2765 * Clear any trailing newline for the NAA WWN
2768 if (i_port[strlen(i_port)-1] == '\n')
2769 i_port[strlen(i_port)-1] = '\0';
2771 ret = vhost_scsi_make_nexus(tpg, port_ptr);
2778 CONFIGFS_ATTR(vhost_scsi_tpg_, nexus);
2780 static struct configfs_attribute *vhost_scsi_tpg_attrs[] = {
2781 &vhost_scsi_tpg_attr_nexus,
2785 static struct se_portal_group *
2786 vhost_scsi_make_tpg(struct se_wwn *wwn, const char *name)
2788 struct vhost_scsi_tport *tport = container_of(wwn,
2789 struct vhost_scsi_tport, tport_wwn);
2791 struct vhost_scsi_tpg *tpg;
2795 if (strstr(name, "tpgt_") != name)
2796 return ERR_PTR(-EINVAL);
2797 if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET)
2798 return ERR_PTR(-EINVAL);
2800 tpg = kzalloc(sizeof(*tpg), GFP_KERNEL);
2802 pr_err("Unable to allocate struct vhost_scsi_tpg");
2803 return ERR_PTR(-ENOMEM);
2805 mutex_init(&tpg->tv_tpg_mutex);
2806 INIT_LIST_HEAD(&tpg->tv_tpg_list);
2808 tpg->tport_tpgt = tpgt;
2810 ret = core_tpg_register(wwn, &tpg->se_tpg, tport->tport_proto_id);
2815 mutex_lock(&vhost_scsi_mutex);
2816 list_add_tail(&tpg->tv_tpg_list, &vhost_scsi_list);
2817 mutex_unlock(&vhost_scsi_mutex);
2819 return &tpg->se_tpg;
2822 static void vhost_scsi_drop_tpg(struct se_portal_group *se_tpg)
2824 struct vhost_scsi_tpg *tpg = container_of(se_tpg,
2825 struct vhost_scsi_tpg, se_tpg);
2827 mutex_lock(&vhost_scsi_mutex);
2828 list_del(&tpg->tv_tpg_list);
2829 mutex_unlock(&vhost_scsi_mutex);
2831 * Release the virtual I_T Nexus for this vhost TPG
2833 vhost_scsi_drop_nexus(tpg);
2835 * Deregister the se_tpg from TCM..
2837 core_tpg_deregister(se_tpg);
2841 static struct se_wwn *
2842 vhost_scsi_make_tport(struct target_fabric_configfs *tf,
2843 struct config_group *group,
2846 struct vhost_scsi_tport *tport;
2851 /* if (vhost_scsi_parse_wwn(name, &wwpn, 1) < 0)
2852 return ERR_PTR(-EINVAL); */
2854 tport = kzalloc(sizeof(*tport), GFP_KERNEL);
2856 pr_err("Unable to allocate struct vhost_scsi_tport");
2857 return ERR_PTR(-ENOMEM);
2859 tport->tport_wwpn = wwpn;
2861 * Determine the emulated Protocol Identifier and Target Port Name
2862 * based on the incoming configfs directory name.
2864 ptr = strstr(name, "naa.");
2866 tport->tport_proto_id = SCSI_PROTOCOL_SAS;
2869 ptr = strstr(name, "fc.");
2871 tport->tport_proto_id = SCSI_PROTOCOL_FCP;
2872 off = 3; /* Skip over "fc." */
2875 ptr = strstr(name, "iqn.");
2877 tport->tport_proto_id = SCSI_PROTOCOL_ISCSI;
2881 pr_err("Unable to locate prefix for emulated Target Port:"
2884 return ERR_PTR(-EINVAL);
2887 if (strlen(name) >= VHOST_SCSI_NAMELEN) {
2888 pr_err("Emulated %s Address: %s, exceeds"
2889 " max: %d\n", name, vhost_scsi_dump_proto_id(tport),
2890 VHOST_SCSI_NAMELEN);
2892 return ERR_PTR(-EINVAL);
2894 snprintf(&tport->tport_name[0], VHOST_SCSI_NAMELEN, "%s", &name[off]);
2896 pr_debug("TCM_VHost_ConfigFS: Allocated emulated Target"
2897 " %s Address: %s\n", vhost_scsi_dump_proto_id(tport), name);
2899 return &tport->tport_wwn;
2902 static void vhost_scsi_drop_tport(struct se_wwn *wwn)
2904 struct vhost_scsi_tport *tport = container_of(wwn,
2905 struct vhost_scsi_tport, tport_wwn);
2907 pr_debug("TCM_VHost_ConfigFS: Deallocating emulated Target"
2908 " %s Address: %s\n", vhost_scsi_dump_proto_id(tport),
2915 vhost_scsi_wwn_version_show(struct config_item *item, char *page)
2917 return sysfs_emit(page, "TCM_VHOST fabric module %s on %s/%s"
2918 "on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname,
2919 utsname()->machine);
2922 CONFIGFS_ATTR_RO(vhost_scsi_wwn_, version);
2924 static struct configfs_attribute *vhost_scsi_wwn_attrs[] = {
2925 &vhost_scsi_wwn_attr_version,
2929 static const struct target_core_fabric_ops vhost_scsi_ops = {
2930 .module = THIS_MODULE,
2931 .fabric_name = "vhost",
2932 .max_data_sg_nents = VHOST_SCSI_PREALLOC_SGLS,
2933 .tpg_get_wwn = vhost_scsi_get_fabric_wwn,
2934 .tpg_get_tag = vhost_scsi_get_tpgt,
2935 .tpg_check_demo_mode = vhost_scsi_check_true,
2936 .tpg_check_demo_mode_cache = vhost_scsi_check_true,
2937 .tpg_check_prot_fabric_only = vhost_scsi_check_prot_fabric_only,
2938 .release_cmd = vhost_scsi_release_cmd,
2939 .check_stop_free = vhost_scsi_check_stop_free,
2940 .sess_get_initiator_sid = NULL,
2941 .write_pending = vhost_scsi_write_pending,
2942 .queue_data_in = vhost_scsi_queue_data_in,
2943 .queue_status = vhost_scsi_queue_status,
2944 .queue_tm_rsp = vhost_scsi_queue_tm_rsp,
2945 .aborted_task = vhost_scsi_aborted_task,
2947 * Setup callers for generic logic in target_core_fabric_configfs.c
2949 .fabric_make_wwn = vhost_scsi_make_tport,
2950 .fabric_drop_wwn = vhost_scsi_drop_tport,
2951 .fabric_make_tpg = vhost_scsi_make_tpg,
2952 .fabric_drop_tpg = vhost_scsi_drop_tpg,
2953 .fabric_post_link = vhost_scsi_port_link,
2954 .fabric_pre_unlink = vhost_scsi_port_unlink,
2956 .tfc_wwn_attrs = vhost_scsi_wwn_attrs,
2957 .tfc_tpg_base_attrs = vhost_scsi_tpg_attrs,
2958 .tfc_tpg_attrib_attrs = vhost_scsi_tpg_attrib_attrs,
2960 .default_submit_type = TARGET_QUEUE_SUBMIT,
2961 .direct_submit_supp = 1,
2964 static int __init vhost_scsi_init(void)
2968 pr_debug("TCM_VHOST fabric module %s on %s/%s"
2969 " on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname,
2970 utsname()->machine);
2972 ret = vhost_scsi_register();
2976 ret = target_register_template(&vhost_scsi_ops);
2978 goto out_vhost_scsi_deregister;
2982 out_vhost_scsi_deregister:
2983 vhost_scsi_deregister();
2988 static void vhost_scsi_exit(void)
2990 target_unregister_template(&vhost_scsi_ops);
2991 vhost_scsi_deregister();
2994 MODULE_DESCRIPTION("VHOST_SCSI series fabric driver");
2995 MODULE_ALIAS("tcm_vhost");
2996 MODULE_LICENSE("GPL");
2997 module_init(vhost_scsi_init);
2998 module_exit(vhost_scsi_exit);
projects / linux-block.git / blob