1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23 * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 24 * Copyright 2011 Nexenta Systems, Inc. All rights reserved. 25 * 26 * iSCSI Pseudo HBA Driver 27 */ 28 29 #include <sys/socket.h> /* networking stuff */ 30 #include <sys/t_kuser.h> /* networking stuff */ 31 #include <sys/tihdr.h> /* networking stuff */ 32 #include <sys/strsubr.h> /* networking stuff */ 33 #include <netinet/tcp.h> /* TCP_NODELAY */ 34 #include <sys/socketvar.h> /* _ALLOC_SLEEP */ 35 #include <sys/strsun.h> /* DB_TYPE() */ 36 #include <sys/scsi/generic/sense.h> 37 38 #include "iscsi.h" /* iscsi driver */ 39 #include <sys/iscsi_protocol.h> /* iscsi protocol */ 40 41 #define ISCSI_INI_TASK_TTT 0xffffffff 42 #define ISCSI_CONN_TIEMOUT_DETECT 20 43 44 boolean_t iscsi_io_logging = B_FALSE; 45 46 #define ISCSI_CHECK_SCSI_READ(ICHK_CMD, ICHK_HDR, ICHK_LEN, ICHK_TYPE) \ 47 if (idm_pattern_checking) { \ 48 struct scsi_pkt *pkt = (ICHK_CMD)->cmd_un.scsi.pkt; \ 49 if (((ICHK_HDR)->response == 0) && \ 50 ((ICHK_HDR)->cmd_status == 0) && \ 51 ((pkt->pkt_cdbp[0] == SCMD_READ_G1) || \ 52 (pkt->pkt_cdbp[0] == SCMD_READ_G4) || \ 53 (pkt->pkt_cdbp[0] == SCMD_READ) || \ 54 (pkt->pkt_cdbp[0] == SCMD_READ_G5))) { \ 55 idm_buf_t *idb = (ICHK_CMD)->cmd_un.scsi.ibp_ibuf; \ 56 IDM_BUFPAT_CHECK(idb, ICHK_LEN, ICHK_TYPE); \ 57 } \ 58 } 59 60 /* Size of structure scsi_arq_status without sense data. */ 61 #define ISCSI_ARQ_STATUS_NOSENSE_LEN (sizeof (struct scsi_arq_status) - \ 62 sizeof (struct scsi_extended_sense)) 63 64 /* generic io helpers */ 65 static uint32_t n2h24(uchar_t *ptr); 66 static int iscsi_sna_lt(uint32_t n1, uint32_t n2); 67 void iscsi_update_flow_control(iscsi_sess_t *isp, 68 uint32_t max, uint32_t exp); 69 static iscsi_status_t iscsi_rx_process_scsi_itt_to_icmdp(iscsi_sess_t *isp, 70 idm_conn_t *ic, iscsi_scsi_rsp_hdr_t *ihp, iscsi_cmd_t **icmdp); 71 static iscsi_status_t iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, 72 iscsi_hdr_t *ihp, iscsi_cmd_t **icmdp); 73 static void iscsi_process_rsp_status(iscsi_sess_t *isp, iscsi_conn_t *icp, 74 idm_status_t status); 75 static void iscsi_drop_conn_cleanup(iscsi_conn_t *icp); 76 static boolean_t iscsi_nop_timeout_checks(iscsi_cmd_t *icmdp); 77 /* callbacks from idm */ 78 static idm_pdu_cb_t iscsi_tx_done; 79 80 /* receivers */ 81 static idm_status_t iscsi_rx_process_nop(idm_conn_t *ic, idm_pdu_t *pdu); 82 static idm_status_t iscsi_rx_process_data_rsp(idm_conn_t *ic, 83 idm_pdu_t *pdu); 84 static idm_status_t iscsi_rx_process_cmd_rsp(idm_conn_t *ic, idm_pdu_t *pdu); 85 static idm_status_t iscsi_rx_process_reject_rsp(idm_conn_t *ic, 86 idm_pdu_t *pdu); 87 88 static idm_status_t iscsi_rx_process_rejected_tsk_mgt(idm_conn_t *ic, 89 iscsi_hdr_t *old_ihp); 90 static idm_status_t iscsi_rx_process_task_mgt_rsp(idm_conn_t *ic, 91 idm_pdu_t *pdu); 92 static idm_status_t iscsi_rx_process_logout_rsp(idm_conn_t *ic, 93 idm_pdu_t *pdu); 94 static idm_status_t iscsi_rx_process_async_rsp(idm_conn_t *ic, 95 idm_pdu_t *pdu); 96 static idm_status_t iscsi_rx_process_text_rsp(idm_conn_t *ic, 97 idm_pdu_t *pdu); 98 99 /* senders */ 100 static iscsi_status_t iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 101 static iscsi_status_t iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 102 static iscsi_status_t iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 103 static iscsi_status_t iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 104 static iscsi_status_t iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 105 static iscsi_status_t iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 106 107 108 /* helpers */ 109 static void iscsi_logout_start(void *arg); 110 static void iscsi_handle_passthru_callback(struct scsi_pkt *pkt); 111 static void iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt); 112 113 static void iscsi_timeout_checks(iscsi_sess_t *isp); 114 static void iscsi_nop_checks(iscsi_sess_t *isp); 115 static boolean_t iscsi_decode_sense(uint8_t *sense_data, iscsi_cmd_t *icmdp); 116 static void iscsi_flush_cmd_after_reset(uint32_t cmd_sn, uint16_t lun_num, 117 iscsi_conn_t *icp); 118 119 /* 120 * This file contains the main guts of the iSCSI protocol layer. 121 * It's broken into 5 sections; Basic helper functions, RX IO path, 122 * TX IO path, Completion (IC) IO path, and watchdog (WD) routines. 123 * 124 * The IO flow model is similiar to the below diagram. The 125 * iscsi session, connection and command state machines are used 126 * to drive IO through this flow diagram. Reference those files 127 * to get a detailed description of their respective state models 128 * prior to their xxx_state_machine_function(). 129 * 130 * tran_start() -> CMD_E1 TX_THREAD RX_THREAD 131 * | T T 132 * V T T 133 * PENDING_Q --CMD_E2--> ACTIVE_Q - --CMD_E3--+ 134 * T \ C T | 135 * T \M T | 136 * D T | 137 * WD_THREAD TT|TT T | 138 * /E T | 139 * / 6 T | 140 * ABORTING_Q<- --CMD_E3--+ 141 * T | 142 * T T | 143 * T | 144 * callback() <--CMD_E#-- COMPLETION_Q <------------+ 145 * T 146 * T 147 * IC_THREAD 148 * 149 * External and internal command are ran thru this same state 150 * machine. All commands enter the state machine by receiving an 151 * ISCSI_CMD_EVENT_E1. This event places the command into the 152 * PENDING_Q. Next when resources are available the TX_THREAD 153 * issues a E2 event on the command. This sends the command 154 * to the TCP stack and places the command on the ACTIVE_Q. While 155 * on the PENDIING_Q and ACTIVE_Q, the command is monitored via the 156 * WD_THREAD to ensure the pkt_time has not elapsed. If elapsed the 157 * command is issued an E6(timeout) event which moves either (if pending) 158 * completed the command or (if active) moves the command to the 159 * aborting queue and issues a SCSI TASK MANAGEMENT ABORT command 160 * to cancel the IO request. If the original command is completed 161 * or the TASK MANAGEMENT command completes the command is moved 162 * to the COMPLETION_Q via a E3 event. The IC_THREAD then processes 163 * the COMPLETION_Q and issues the scsi_pkt callback. This 164 * callback can not be processed directly from the RX_THREAD 165 * because the callback might call back into the iscsi driver 166 * causing a deadlock condition. 167 * 168 * For more details on the complete CMD state machine reference 169 * the state machine diagram in iscsi_cmd.c. The connection state 170 * machine is driven via IO events in this file. Then session 171 * events are driven by the connection events. For complete 172 * details on these state machines reference iscsi_sess.c and 173 * iscsi_conn.c 174 */ 175 176 177 /* 178 * +--------------------------------------------------------------------+ 179 * | io helper routines | 180 * +--------------------------------------------------------------------+ 181 */ 182 183 /* 184 * n2h24 - native to host 24 bit integer translation. 185 */ 186 static uint32_t 187 n2h24(uchar_t *ptr) 188 { 189 uint32_t idx; 190 bcopy(ptr, &idx, 3); 191 return (ntohl(idx) >> 8); 192 } 193 194 /* 195 * iscsi_sna_lt - Serial Number Arithmetic, 32 bits, less than, RFC1982 196 */ 197 static int 198 iscsi_sna_lt(uint32_t n1, uint32_t n2) 199 { 200 return ((n1 != n2) && 201 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 202 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 203 } 204 205 /* 206 * iscsi_sna_lte - Serial Number Arithmetic, 32 bits, less than or equal, 207 * RFC1982 208 */ 209 int 210 iscsi_sna_lte(uint32_t n1, uint32_t n2) 211 { 212 return ((n1 == n2) || 213 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 214 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 215 } 216 217 /* 218 * iscsi_update_flow_control - Update expcmdsn and maxcmdsn iSCSI 219 * flow control information for a session 220 */ 221 void 222 iscsi_update_flow_control(iscsi_sess_t *isp, uint32_t max, uint32_t exp) 223 { 224 ASSERT(isp != NULL); 225 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 226 227 if (!iscsi_sna_lt(max, (exp - 1))) { 228 229 if (!iscsi_sna_lte(exp, isp->sess_expcmdsn)) { 230 isp->sess_expcmdsn = exp; 231 } 232 233 if (!iscsi_sna_lte(max, isp->sess_maxcmdsn)) { 234 isp->sess_maxcmdsn = max; 235 if (iscsi_sna_lte(isp->sess_cmdsn, 236 isp->sess_maxcmdsn)) { 237 /* 238 * the window is open again - schedule 239 * to send any held tasks soon 240 */ 241 iscsi_sess_redrive_io(isp); 242 } 243 } 244 } 245 } 246 247 248 /* 249 * +--------------------------------------------------------------------+ 250 * | io receive and processing routines | 251 * +--------------------------------------------------------------------+ 252 */ 253 254 /* 255 * iscsi_rx_scsi_rsp - called from idm 256 * For each opcode type fan out the processing. 257 */ 258 void 259 iscsi_rx_scsi_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 260 { 261 iscsi_conn_t *icp; 262 iscsi_sess_t *isp; 263 iscsi_hdr_t *ihp; 264 idm_status_t status; 265 266 ASSERT(ic != NULL); 267 ASSERT(pdu != NULL); 268 icp = ic->ic_handle; 269 ASSERT(icp != NULL); 270 ihp = (iscsi_hdr_t *)pdu->isp_hdr; 271 ASSERT(ihp != NULL); 272 isp = icp->conn_sess; 273 ASSERT(isp != NULL); 274 275 /* reset the session timer when we receive the response */ 276 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 277 278 /* fan out the hdr processing */ 279 switch (ihp->opcode & ISCSI_OPCODE_MASK) { 280 case ISCSI_OP_SCSI_DATA_RSP: 281 status = iscsi_rx_process_data_rsp(ic, pdu); 282 break; 283 case ISCSI_OP_SCSI_RSP: 284 status = iscsi_rx_process_cmd_rsp(ic, pdu); 285 idm_pdu_complete(pdu, status); 286 break; 287 default: 288 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 289 "received pdu with unsupported opcode 0x%02x", 290 icp->conn_oid, ihp->opcode); 291 status = IDM_STATUS_PROTOCOL_ERROR; 292 } 293 iscsi_process_rsp_status(isp, icp, status); 294 } 295 296 void 297 iscsi_task_cleanup(int opcode, iscsi_cmd_t *icmdp) 298 { 299 struct buf *bp; 300 idm_buf_t *ibp, *obp; 301 idm_task_t *itp; 302 303 itp = icmdp->cmd_itp; 304 ASSERT(itp != NULL); 305 ASSERT((opcode == ISCSI_OP_SCSI_DATA_RSP) || 306 (opcode == ISCSI_OP_SCSI_RSP)); 307 308 bp = icmdp->cmd_un.scsi.bp; 309 ibp = icmdp->cmd_un.scsi.ibp_ibuf; 310 obp = icmdp->cmd_un.scsi.ibp_obuf; 311 ISCSI_IO_LOG(CE_NOTE, "DEBUG: task_cleanup: itp: %p opcode: %d " 312 "icmdp: %p bp: %p ibp: %p", (void *)itp, opcode, 313 (void *)icmdp, (void *)bp, (void *)ibp); 314 if (bp && bp->b_bcount) { 315 if (ibp != NULL && bp->b_flags & B_READ) { 316 idm_buf_unbind_in(itp, ibp); 317 idm_buf_free(ibp); 318 icmdp->cmd_un.scsi.ibp_ibuf = NULL; 319 } else if (obp != NULL && !(bp->b_flags & B_READ)) { 320 idm_buf_unbind_out(itp, obp); 321 idm_buf_free(obp); 322 icmdp->cmd_un.scsi.ibp_obuf = NULL; 323 } 324 } 325 326 idm_task_done(itp); 327 } 328 329 idm_status_t 330 iscsi_rx_chk(iscsi_conn_t *icp, iscsi_sess_t *isp, 331 iscsi_scsi_rsp_hdr_t *irhp, iscsi_cmd_t **icmdp) 332 { 333 iscsi_status_t rval; 334 335 mutex_enter(&isp->sess_cmdsn_mutex); 336 337 if (icp->conn_expstatsn == ntohl(irhp->statsn)) { 338 icp->conn_expstatsn++; 339 } else { 340 cmn_err(CE_WARN, "iscsi connection(%u/%x) protocol error - " 341 "received status out of order itt:0x%x statsn:0x%x " 342 "expstatsn:0x%x", icp->conn_oid, irhp->opcode, 343 irhp->itt, ntohl(irhp->statsn), icp->conn_expstatsn); 344 mutex_exit(&isp->sess_cmdsn_mutex); 345 return (IDM_STATUS_PROTOCOL_ERROR); 346 } 347 348 /* get icmdp so we can cleanup on error */ 349 if ((irhp->opcode == ISCSI_OP_SCSI_DATA_RSP) || 350 (irhp->opcode == ISCSI_OP_SCSI_RSP)) { 351 rval = iscsi_rx_process_scsi_itt_to_icmdp(isp, icp->conn_ic, 352 irhp, icmdp); 353 } else { 354 rval = iscsi_rx_process_itt_to_icmdp(isp, 355 (iscsi_hdr_t *)irhp, icmdp); 356 } 357 358 if (!ISCSI_SUCCESS(rval)) { 359 mutex_exit(&isp->sess_cmdsn_mutex); 360 return (IDM_STATUS_PROTOCOL_ERROR); 361 } 362 363 /* update expcmdsn and maxcmdsn */ 364 iscsi_update_flow_control(isp, ntohl(irhp->maxcmdsn), 365 ntohl(irhp->expcmdsn)); 366 mutex_exit(&isp->sess_cmdsn_mutex); 367 return (IDM_STATUS_SUCCESS); 368 } 369 370 static void 371 iscsi_cmd_rsp_chk(iscsi_cmd_t *icmdp, iscsi_scsi_rsp_hdr_t *issrhp) 372 { 373 struct scsi_pkt *pkt; 374 size_t data_transferred; 375 376 pkt = icmdp->cmd_un.scsi.pkt; 377 pkt->pkt_resid = 0; 378 data_transferred = icmdp->cmd_un.scsi.data_transferred; 379 /* Check the residual count */ 380 if ((icmdp->cmd_un.scsi.bp) && 381 (data_transferred != icmdp->cmd_un.scsi.bp->b_bcount)) { 382 /* 383 * We didn't xfer the expected amount of data - 384 * the residual_count in the header is only 385 * valid if the underflow flag is set. 386 */ 387 if (issrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 388 pkt->pkt_resid = ntohl(issrhp->residual_count); 389 } else { 390 if (icmdp->cmd_un.scsi.bp->b_bcount > 391 data_transferred) { 392 /* 393 * Some data fell on the floor 394 * somehow - probably a CRC error 395 */ 396 pkt->pkt_resid = 397 icmdp->cmd_un.scsi.bp->b_bcount - 398 data_transferred; 399 } 400 } 401 ISCSI_IO_LOG(CE_NOTE, 402 "DEBUG: iscsi_rx_cmd_rsp_chk: itt: %u" 403 "data_trans != b_count data_transferred: %lu " 404 "b_count: %lu cmd_status: %d flags: %d resid: %lu", 405 issrhp->itt, data_transferred, 406 icmdp->cmd_un.scsi.bp->b_bcount, 407 issrhp->cmd_status & STATUS_MASK, 408 issrhp->flags, pkt->pkt_resid); 409 } 410 /* set flags that tell SCSA that the command is complete */ 411 if (icmdp->cmd_crc_error_seen == B_FALSE) { 412 /* Set successful completion */ 413 pkt->pkt_reason = CMD_CMPLT; 414 if (icmdp->cmd_un.scsi.bp) { 415 pkt->pkt_state |= (STATE_XFERRED_DATA | 416 STATE_GOT_STATUS); 417 } else { 418 pkt->pkt_state |= STATE_GOT_STATUS; 419 } 420 } else { 421 /* 422 * Some of the data was found to have an incorrect 423 * error at the protocol error. 424 */ 425 pkt->pkt_reason = CMD_PER_FAIL; 426 pkt->pkt_statistics |= STAT_PERR; 427 if (icmdp->cmd_un.scsi.bp) { 428 pkt->pkt_resid = 429 icmdp->cmd_un.scsi.bp->b_bcount; 430 } else { 431 pkt->pkt_resid = 0; 432 } 433 } 434 } 435 436 static boolean_t 437 iscsi_cmd_rsp_cmd_status(iscsi_cmd_t *icmdp, iscsi_scsi_rsp_hdr_t *issrhp, 438 uint8_t *data) 439 { 440 int32_t dlength; 441 struct scsi_arq_status *arqstat; 442 size_t senselen; 443 int32_t statuslen; 444 int32_t sensebuf_len; 445 struct scsi_pkt *pkt; 446 boolean_t affect = B_FALSE; 447 int32_t senselen_to_copy; 448 449 pkt = icmdp->cmd_un.scsi.pkt; 450 dlength = n2h24(issrhp->dlength); 451 452 /* 453 * Process iSCSI Cmd Response Status 454 * RFC 3720 Sectionn 10.4.2. 455 */ 456 switch (issrhp->cmd_status & STATUS_MASK) { 457 case STATUS_GOOD: 458 /* pass SCSI status up stack */ 459 if (pkt->pkt_scbp) { 460 pkt->pkt_scbp[0] = issrhp->cmd_status; 461 } 462 break; 463 case STATUS_CHECK: 464 /* 465 * Verify we received a sense buffer and 466 * that there is the correct amount of 467 * request sense space to copy it to. 468 */ 469 if ((dlength > 1) && 470 (pkt->pkt_scbp != NULL) && 471 (icmdp->cmd_un.scsi.statuslen >= 472 sizeof (struct scsi_arq_status))) { 473 /* 474 * If a bad command status is received we 475 * need to reset the pkt_resid to zero. 476 * The target driver compares its value 477 * before checking other error flags. 478 * (ex. check conditions) 479 */ 480 pkt->pkt_resid = 0; 481 482 /* get sense length from first 2 bytes */ 483 senselen = ((data[0] << 8) | data[1]) & 484 (size_t)0xFFFF; 485 ISCSI_IO_LOG(CE_NOTE, 486 "DEBUG: iscsi_rx_cmd_rsp_cmd_status status_check: " 487 "dlen: %d scbp: %p statuslen: %d arq: %d senselen:" 488 " %lu", dlength, (void *)pkt->pkt_scbp, 489 icmdp->cmd_un.scsi.statuslen, 490 (int)sizeof (struct scsi_arq_status), 491 senselen); 492 493 /* Sanity-check on the sense length */ 494 if ((senselen + 2) > dlength) { 495 senselen = dlength - 2; 496 } 497 498 /* 499 * If there was a Data Digest error then 500 * the sense data cannot be trusted. 501 */ 502 if (icmdp->cmd_crc_error_seen) { 503 senselen = 0; 504 } 505 506 /* automatic request sense */ 507 arqstat = 508 (struct scsi_arq_status *)pkt->pkt_scbp; 509 510 /* pass SCSI status up stack */ 511 *((uchar_t *)&arqstat->sts_status) = 512 issrhp->cmd_status; 513 514 /* 515 * Set the status for the automatic 516 * request sense command 517 */ 518 arqstat->sts_rqpkt_state = (STATE_GOT_BUS | 519 STATE_GOT_TARGET | STATE_SENT_CMD | 520 STATE_XFERRED_DATA | STATE_GOT_STATUS | 521 STATE_ARQ_DONE); 522 523 *((uchar_t *)&arqstat->sts_rqpkt_status) = 524 STATUS_GOOD; 525 526 arqstat->sts_rqpkt_reason = CMD_CMPLT; 527 statuslen = icmdp->cmd_un.scsi.statuslen; 528 529 if (senselen == 0) { 530 /* auto request sense failed */ 531 arqstat->sts_rqpkt_status.sts_chk = 1; 532 arqstat->sts_rqpkt_resid = statuslen; 533 } else if (senselen < statuslen) { 534 /* auto request sense short */ 535 arqstat->sts_rqpkt_resid = statuslen - senselen; 536 } else { 537 /* auto request sense complete */ 538 arqstat->sts_rqpkt_resid = 0; 539 } 540 arqstat->sts_rqpkt_statistics = 0; 541 pkt->pkt_state |= STATE_ARQ_DONE; 542 543 if (icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_XARQ) { 544 pkt->pkt_state |= STATE_XARQ_DONE; 545 } 546 547 /* 548 * Calculate size of space reserved for sense data in 549 * pkt->pkt_scbp. 550 */ 551 sensebuf_len = statuslen - ISCSI_ARQ_STATUS_NOSENSE_LEN; 552 553 /* copy auto request sense */ 554 senselen_to_copy = min(senselen, sensebuf_len); 555 if (senselen_to_copy > 0) { 556 bcopy(&data[2], (uchar_t *)&arqstat-> 557 sts_sensedata, senselen_to_copy); 558 559 affect = iscsi_decode_sense( 560 (uint8_t *)&arqstat->sts_sensedata, icmdp); 561 } 562 arqstat->sts_rqpkt_resid = sensebuf_len - 563 senselen_to_copy; 564 ISCSI_IO_LOG(CE_NOTE, "DEBUG: iscsi_cmd_rsp_cmd_status:" 565 " sts_rqpkt_resid: %d pkt_scblen: %d senselen: %lu" 566 " sensebuf_len: %d senselen_to_copy: %d affect: %d", 567 arqstat->sts_rqpkt_resid, pkt->pkt_scblen, senselen, 568 sensebuf_len, senselen_to_copy, affect); 569 break; 570 } 571 /* FALLTHRU */ 572 case STATUS_BUSY: 573 case STATUS_RESERVATION_CONFLICT: 574 case STATUS_QFULL: 575 case STATUS_ACA_ACTIVE: 576 default: 577 /* 578 * If a bad command status is received we need to 579 * reset the pkt_resid to zero. The target driver 580 * compares its value before checking other error 581 * flags. (ex. check conditions) 582 */ 583 ISCSI_IO_LOG(CE_NOTE, 584 "DEBUG: iscsi_rx_cmd_rsp_cmd_status: status: " 585 "%d cmd_status: %d dlen: %u scbp: %p statuslen: %d " 586 "arg_len: %d", issrhp->cmd_status & STATUS_MASK, 587 issrhp->cmd_status, dlength, (void *)pkt->pkt_scbp, 588 icmdp->cmd_un.scsi.statuslen, 589 (int)sizeof (struct scsi_arq_status)); 590 pkt->pkt_resid = 0; 591 /* pass SCSI status up stack */ 592 if (pkt->pkt_scbp) { 593 pkt->pkt_scbp[0] = issrhp->cmd_status; 594 } 595 } 596 597 return (affect); 598 } 599 600 /* 601 * iscsi_rx_process_login_pdup - Process login response PDU. This function 602 * copies the data into the connection context so that the login code can 603 * interpret it. 604 */ 605 606 idm_status_t 607 iscsi_rx_process_login_pdu(idm_conn_t *ic, idm_pdu_t *pdu) 608 { 609 iscsi_conn_t *icp; 610 611 icp = ic->ic_handle; 612 613 /* 614 * Copy header and data into connection structure so iscsi_login() 615 * can process it. 616 */ 617 mutex_enter(&icp->conn_login_mutex); 618 /* 619 * If conn_login_state != LOGIN_TX then we are not ready to handle 620 * this login response and we should just drop it. 621 */ 622 if (icp->conn_login_state == LOGIN_TX) { 623 icp->conn_login_datalen = pdu->isp_datalen; 624 bcopy(pdu->isp_hdr, &icp->conn_login_resp_hdr, 625 sizeof (iscsi_hdr_t)); 626 /* 627 * Login code is sloppy with it's NULL handling so make sure 628 * we don't leave any stale data in there. 629 */ 630 bzero(icp->conn_login_data, icp->conn_login_max_data_length); 631 bcopy(pdu->isp_data, icp->conn_login_data, 632 MIN(pdu->isp_datalen, icp->conn_login_max_data_length)); 633 iscsi_login_update_state_locked(icp, LOGIN_RX); 634 } 635 mutex_exit(&icp->conn_login_mutex); 636 637 return (IDM_STATUS_SUCCESS); 638 } 639 640 /* 641 * iscsi_rx_process_cmd_rsp - Process received scsi command response. This 642 * will contain sense data if the command was not successful. This data needs 643 * to be copied into the scsi_pkt. Otherwise we just complete the IO. 644 */ 645 static idm_status_t 646 iscsi_rx_process_cmd_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 647 { 648 iscsi_conn_t *icp = ic->ic_handle; 649 iscsi_sess_t *isp = icp->conn_sess; 650 iscsi_scsi_rsp_hdr_t *issrhp = (iscsi_scsi_rsp_hdr_t *)pdu->isp_hdr; 651 uint8_t *data = pdu->isp_data; 652 iscsi_cmd_t *icmdp = NULL; 653 struct scsi_pkt *pkt = NULL; 654 idm_status_t rval; 655 struct buf *bp; 656 boolean_t flush = B_FALSE; 657 uint32_t cmd_sn = 0; 658 uint16_t lun_num = 0; 659 660 /* make sure we get status in order */ 661 mutex_enter(&icp->conn_queue_active.mutex); 662 663 if ((rval = iscsi_rx_chk(icp, isp, issrhp, 664 &icmdp)) != IDM_STATUS_SUCCESS) { 665 if (icmdp != NULL) { 666 iscsi_task_cleanup(issrhp->opcode, icmdp); 667 } 668 mutex_exit(&icp->conn_queue_active.mutex); 669 return (rval); 670 } 671 672 /* 673 * If we are in "idm aborting" state then we shouldn't continue 674 * to process this command. By definition this command is no longer 675 * on the active queue so we shouldn't try to remove it either. 676 */ 677 mutex_enter(&icmdp->cmd_mutex); 678 if (icmdp->cmd_state == ISCSI_CMD_STATE_IDM_ABORTING) { 679 mutex_exit(&icmdp->cmd_mutex); 680 mutex_exit(&icp->conn_queue_active.mutex); 681 return (IDM_STATUS_SUCCESS); 682 } 683 mutex_exit(&icmdp->cmd_mutex); 684 685 /* Get the IDM buffer and bytes transferred */ 686 bp = icmdp->cmd_un.scsi.bp; 687 if (ic->ic_conn_flags & IDM_CONN_USE_SCOREBOARD) { 688 /* Transport tracks bytes transferred so use those counts */ 689 if (bp && (bp->b_flags & B_READ)) { 690 icmdp->cmd_un.scsi.data_transferred += 691 icmdp->cmd_itp->idt_rx_bytes; 692 } else { 693 icmdp->cmd_un.scsi.data_transferred += 694 icmdp->cmd_itp->idt_tx_bytes; 695 } 696 } else { 697 /* 698 * Some transports cannot track the bytes transferred on 699 * the initiator side (like iSER) so we have to use the 700 * status info. If the response field indicates that 701 * the command actually completed then we will assume 702 * the data_transferred value represents the entire buffer 703 * unless the resid field says otherwise. This is a bit 704 * unintuitive but it's really impossible to know what 705 * has been transferred without detailed consideration 706 * of the SCSI status and sense key and that is outside 707 * the scope of the transport. Instead the target/class driver 708 * can consider these values along with the resid and figure 709 * it out. The data_transferred concept is just belt and 710 * suspenders anyway -- RFC 3720 actually explicitly rejects 711 * scoreboarding ("Initiators SHOULD NOT keep track of the 712 * data transferred to or from the target (scoreboarding)") 713 * perhaps for this very reason. 714 */ 715 if (issrhp->response != 0) { 716 icmdp->cmd_un.scsi.data_transferred = 0; 717 } else { 718 icmdp->cmd_un.scsi.data_transferred = 719 (bp == NULL) ? 0 : bp->b_bcount; 720 if (issrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 721 icmdp->cmd_un.scsi.data_transferred -= 722 ntohl(issrhp->residual_count); 723 } 724 } 725 } 726 727 ISCSI_CHECK_SCSI_READ(icmdp, issrhp, 728 icmdp->cmd_un.scsi.data_transferred, 729 BP_CHECK_THOROUGH); 730 731 ISCSI_IO_LOG(CE_NOTE, "DEBUG: rx_process_cmd_rsp: ic: %p pdu: %p itt:" 732 " %x expcmdsn: %x sess_cmd: %x sess_expcmdsn: %x data_transfered:" 733 " %lu ibp: %p obp: %p", (void *)ic, (void *)pdu, issrhp->itt, 734 issrhp->expcmdsn, isp->sess_cmdsn, isp->sess_expcmdsn, 735 icmdp->cmd_un.scsi.data_transferred, 736 (void *)icmdp->cmd_un.scsi.ibp_ibuf, 737 (void *)icmdp->cmd_un.scsi.ibp_obuf); 738 739 iscsi_task_cleanup(issrhp->opcode, icmdp); 740 741 if (issrhp->response) { 742 /* The target failed the command. */ 743 ISCSI_IO_LOG(CE_NOTE, "DEBUG: rx_process_cmd_rsp: ic: %p pdu:" 744 " %p response: %d bcount: %lu", (void *)ic, (void *)pdu, 745 issrhp->response, icmdp->cmd_un.scsi.bp->b_bcount); 746 pkt = icmdp->cmd_un.scsi.pkt; 747 pkt->pkt_reason = CMD_TRAN_ERR; 748 if (icmdp->cmd_un.scsi.bp) { 749 pkt->pkt_resid = icmdp->cmd_un.scsi.bp->b_bcount; 750 } else { 751 pkt->pkt_resid = 0; 752 } 753 } else { 754 /* success */ 755 iscsi_cmd_rsp_chk(icmdp, issrhp); 756 flush = iscsi_cmd_rsp_cmd_status(icmdp, issrhp, data); 757 758 ASSERT(icmdp->cmd_lun == NULL || icmdp->cmd_lun->lun_num == 759 (icmdp->cmd_un.scsi.lun & ISCSI_LUN_MASK)); 760 761 if (flush == B_TRUE) { 762 cmd_sn = icmdp->cmd_sn; 763 lun_num = icmdp->cmd_un.scsi.lun & ISCSI_LUN_MASK; 764 } 765 } 766 767 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 768 if (flush == B_TRUE) { 769 iscsi_flush_cmd_after_reset(cmd_sn, lun_num, icp); 770 } 771 mutex_exit(&icp->conn_queue_active.mutex); 772 return (IDM_STATUS_SUCCESS); 773 } 774 775 static void 776 iscsi_data_rsp_pkt(iscsi_cmd_t *icmdp, iscsi_data_rsp_hdr_t *idrhp) 777 { 778 struct buf *bp = NULL; 779 size_t data_transferred; 780 struct scsi_pkt *pkt; 781 782 bp = icmdp->cmd_un.scsi.bp; 783 pkt = icmdp->cmd_un.scsi.pkt; 784 data_transferred = icmdp->cmd_un.scsi.data_transferred; 785 /* 786 * The command* must be completed now, since we won't get a command 787 * response PDU. The cmd_status and residual_count are 788 * not meaningful unless status_present is set. 789 */ 790 pkt->pkt_resid = 0; 791 /* Check the residual count */ 792 if (bp && (data_transferred != bp->b_bcount)) { 793 /* 794 * We didn't xfer the expected amount of data - 795 * the residual_count in the header is only valid 796 * if the underflow flag is set. 797 */ 798 if (idrhp->flags & ISCSI_FLAG_DATA_UNDERFLOW) { 799 pkt->pkt_resid = ntohl(idrhp->residual_count); 800 ISCSI_IO_LOG(CE_NOTE, "DEBUG: iscsi_data_rsp_pkt: " 801 "underflow: itt: %d " 802 "transferred: %lu count: %lu", idrhp->itt, 803 data_transferred, bp->b_bcount); 804 } else { 805 if (bp->b_bcount > data_transferred) { 806 /* Some data fell on the floor somehw */ 807 ISCSI_IO_LOG(CE_NOTE, "DEBUG: " 808 "iscsi_data_rsp_pkt: data fell: itt: %d " 809 "transferred: %lu count: %lu", idrhp->itt, 810 data_transferred, bp->b_bcount); 811 pkt->pkt_resid = 812 bp->b_bcount - data_transferred; 813 } 814 } 815 } 816 817 pkt->pkt_reason = CMD_CMPLT; 818 pkt->pkt_state |= (STATE_XFERRED_DATA | STATE_GOT_STATUS); 819 820 if (((idrhp->cmd_status & STATUS_MASK) != STATUS_GOOD) && 821 (icmdp->cmd_un.scsi.statuslen >= 822 sizeof (struct scsi_arq_status)) && pkt->pkt_scbp) { 823 824 /* 825 * Not supposed to get exception status here! 826 * We have no request sense data so just do the 827 * best we can 828 */ 829 struct scsi_arq_status *arqstat = 830 (struct scsi_arq_status *)pkt->pkt_scbp; 831 832 833 bzero(arqstat, sizeof (struct scsi_arq_status)); 834 835 *((uchar_t *)&arqstat->sts_status) = 836 idrhp->cmd_status; 837 838 /* sense residual is set to whole size of sense buffer */ 839 arqstat->sts_rqpkt_resid = icmdp->cmd_un.scsi.statuslen - 840 ISCSI_ARQ_STATUS_NOSENSE_LEN; 841 ISCSI_IO_LOG(CE_NOTE, "DEBUG: iscsi_data_rsp_pkt: " 842 "exception status: itt: %d resid: %d", 843 idrhp->itt, arqstat->sts_rqpkt_resid); 844 845 } else if (pkt->pkt_scbp) { 846 /* just pass along the status we got */ 847 pkt->pkt_scbp[0] = idrhp->cmd_status; 848 } 849 } 850 851 /* 852 * iscsi_rx_process_data_rsp - 853 * This currently processes the final data sequence denoted by the data response 854 * PDU Status bit being set. We will not receive the SCSI response. 855 * This bit denotes that the PDU is the successful completion of the 856 * command. 857 */ 858 static idm_status_t 859 iscsi_rx_process_data_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 860 { 861 iscsi_sess_t *isp = NULL; 862 iscsi_data_rsp_hdr_t *idrhp = (iscsi_data_rsp_hdr_t *)pdu->isp_hdr; 863 iscsi_cmd_t *icmdp = NULL; 864 struct buf *bp = NULL; 865 iscsi_conn_t *icp = ic->ic_handle; 866 idm_buf_t *ibp; 867 idm_status_t rval; 868 869 870 /* should only call this when the data rsp contains final rsp */ 871 ASSERT(idrhp->flags & ISCSI_FLAG_DATA_STATUS); 872 isp = icp->conn_sess; 873 874 mutex_enter(&icp->conn_queue_active.mutex); 875 if ((rval = iscsi_rx_chk(icp, isp, (iscsi_scsi_rsp_hdr_t *)idrhp, 876 &icmdp)) != IDM_STATUS_SUCCESS) { 877 if (icmdp != NULL) { 878 iscsi_task_cleanup(idrhp->opcode, icmdp); 879 } 880 mutex_exit(&icp->conn_queue_active.mutex); 881 return (rval); 882 } 883 884 /* 885 * If we are in "idm aborting" state then we shouldn't continue 886 * to process this command. By definition this command is no longer 887 * on the active queue so we shouldn't try to remove it either. 888 */ 889 mutex_enter(&icmdp->cmd_mutex); 890 if (icmdp->cmd_state == ISCSI_CMD_STATE_IDM_ABORTING) { 891 mutex_exit(&icmdp->cmd_mutex); 892 mutex_exit(&icp->conn_queue_active.mutex); 893 return (IDM_STATUS_SUCCESS); 894 } 895 mutex_exit(&icmdp->cmd_mutex); 896 897 /* 898 * Holding the pending/active queue locks across the 899 * iscsi_rx_data call later in this function may cause 900 * deadlock during fault injections. Instead remove 901 * the cmd from the active queue and release the locks. 902 * Then before returning or completing the command 903 * return the cmd to the active queue and reacquire 904 * the locks. 905 */ 906 iscsi_dequeue_active_cmd(icp, icmdp); 907 908 mutex_exit(&icp->conn_queue_active.mutex); 909 910 /* shorthand some values */ 911 bp = icmdp->cmd_un.scsi.bp; 912 913 /* 914 * some poorly behaved targets have been observed 915 * sending data-in pdu's during a write operation 916 */ 917 if (bp != NULL) { 918 if (!(bp->b_flags & B_READ)) { 919 cmn_err(CE_WARN, 920 "iscsi connection(%u) protocol error - " 921 "received data response during write operation " 922 "itt:0x%x", 923 icp->conn_oid, idrhp->itt); 924 mutex_enter(&icp->conn_queue_active.mutex); 925 iscsi_enqueue_active_cmd(icp, icmdp); 926 mutex_exit(&icp->conn_queue_active.mutex); 927 return (IDM_STATUS_PROTOCOL_ERROR); 928 } 929 } 930 931 ibp = icmdp->cmd_un.scsi.ibp_ibuf; 932 if (ibp == NULL) { 933 /* 934 * After the check of bp above we *should* have a corresponding 935 * idm_buf_t (ibp). It's possible that the original call 936 * to idm_buf_alloc failed due to a pending connection state 937 * transition in which case this value can be NULL. It's 938 * highly unlikely that the connection would be shutting down 939 * *and* we manage to process a data response and get to this 940 * point in the code but just in case we should check for it. 941 * This isn't really a protocol error -- we are almost certainly 942 * closing the connection anyway so just return a generic error. 943 */ 944 mutex_enter(&icp->conn_queue_active.mutex); 945 iscsi_enqueue_active_cmd(icp, icmdp); 946 mutex_exit(&icp->conn_queue_active.mutex); 947 return (IDM_STATUS_FAIL); 948 } 949 950 if (ic->ic_conn_flags & IDM_CONN_USE_SCOREBOARD) { 951 icmdp->cmd_un.scsi.data_transferred = 952 icmdp->cmd_itp->idt_rx_bytes; 953 } else { 954 icmdp->cmd_un.scsi.data_transferred = bp->b_bcount; 955 if (idrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 956 icmdp->cmd_un.scsi.data_transferred -= 957 ntohl(idrhp->residual_count); 958 } 959 } 960 961 ISCSI_IO_LOG(CE_NOTE, "DEBUG: rx_process_data_rsp: icp: %p pdu: %p " 962 "itt: %d ibp: %p icmdp: %p xfer_len: %lu transferred: %lu dlen: %u", 963 (void *)icp, (void *)pdu, idrhp->itt, (void *)bp, (void *)icmdp, 964 (ibp == NULL) ? 0 : ibp->idb_xfer_len, 965 icmdp->cmd_un.scsi.data_transferred, 966 n2h24(idrhp->dlength)); 967 968 iscsi_task_cleanup(idrhp->opcode, icmdp); 969 970 iscsi_data_rsp_pkt(icmdp, idrhp); 971 972 mutex_enter(&icp->conn_queue_active.mutex); 973 iscsi_enqueue_active_cmd(icp, icmdp); 974 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 975 mutex_exit(&icp->conn_queue_active.mutex); 976 977 return (IDM_STATUS_SUCCESS); 978 } 979 980 /* 981 * iscsi_rx_process_nop - Process a received nop. If nop is in response 982 * to a ping we sent update stats. If initiated by the target we need 983 * to response back to the target with a nop. Schedule the response. 984 */ 985 /* ARGSUSED */ 986 static idm_status_t 987 iscsi_rx_process_nop(idm_conn_t *ic, idm_pdu_t *pdu) 988 { 989 iscsi_sess_t *isp = NULL; 990 iscsi_nop_in_hdr_t *inihp = (iscsi_nop_in_hdr_t *)pdu->isp_hdr; 991 iscsi_cmd_t *icmdp = NULL; 992 iscsi_conn_t *icp = ic->ic_handle; 993 994 if (icp->conn_expstatsn != ntohl(inihp->statsn)) { 995 cmn_err(CE_WARN, "iscsi connection(%u/%x) protocol error - " 996 "received status out of order itt:0x%x statsn:0x%x " 997 "expstatsn:0x%x", icp->conn_oid, inihp->opcode, inihp->itt, 998 ntohl(inihp->statsn), icp->conn_expstatsn); 999 return (IDM_STATUS_PROTOCOL_ERROR); 1000 } 1001 isp = icp->conn_sess; 1002 ASSERT(isp != NULL); 1003 mutex_enter(&isp->sess_queue_pending.mutex); 1004 mutex_enter(&icp->conn_queue_active.mutex); 1005 mutex_enter(&isp->sess_cmdsn_mutex); 1006 if (inihp->itt != ISCSI_RSVD_TASK_TAG) { 1007 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1008 isp, (iscsi_hdr_t *)inihp, &icmdp))) { 1009 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 1010 "- can not find cmd for itt:0x%x", 1011 icp->conn_oid, inihp->itt); 1012 mutex_exit(&isp->sess_cmdsn_mutex); 1013 mutex_exit(&icp->conn_queue_active.mutex); 1014 mutex_exit(&isp->sess_queue_pending.mutex); 1015 return (IDM_STATUS_PROTOCOL_ERROR); 1016 } 1017 } 1018 1019 /* update expcmdsn and maxcmdsn */ 1020 iscsi_update_flow_control(isp, ntohl(inihp->maxcmdsn), 1021 ntohl(inihp->expcmdsn)); 1022 mutex_exit(&isp->sess_cmdsn_mutex); 1023 1024 if ((inihp->itt != ISCSI_RSVD_TASK_TAG) && 1025 (inihp->ttt == ISCSI_RSVD_TASK_TAG)) { 1026 /* This is the only type of nop that incs. the expstatsn */ 1027 icp->conn_expstatsn++; 1028 1029 /* 1030 * This is a targets response to our nop 1031 */ 1032 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1033 } else if (inihp->ttt != ISCSI_RSVD_TASK_TAG) { 1034 /* 1035 * Target requested a nop. Send one. 1036 */ 1037 iscsi_handle_nop(icp, ISCSI_RSVD_TASK_TAG, inihp->ttt); 1038 } else { 1039 /* 1040 * This is a target-initiated ping that doesn't expect 1041 * a response; nothing to do except update our flow control 1042 * (which we do in all cases above). 1043 */ 1044 /* EMPTY */ 1045 } 1046 mutex_exit(&icp->conn_queue_active.mutex); 1047 mutex_exit(&isp->sess_queue_pending.mutex); 1048 1049 return (IDM_STATUS_SUCCESS); 1050 } 1051 1052 1053 /* 1054 * iscsi_rx_process_reject_rsp - The server rejected a PDU 1055 */ 1056 static idm_status_t 1057 iscsi_rx_process_reject_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 1058 { 1059 iscsi_reject_rsp_hdr_t *irrhp = (iscsi_reject_rsp_hdr_t *)pdu->isp_hdr; 1060 iscsi_sess_t *isp = NULL; 1061 uint32_t dlength = 0; 1062 iscsi_hdr_t *old_ihp = NULL; 1063 iscsi_conn_t *icp = ic->ic_handle; 1064 uint8_t *data = pdu->isp_data; 1065 idm_status_t status = IDM_STATUS_SUCCESS; 1066 int i = 0; 1067 1068 ASSERT(data != NULL); 1069 isp = icp->conn_sess; 1070 ASSERT(isp != NULL); 1071 1072 /* 1073 * In RFC3720 section 10.17, this 4 bytes should be all 0xff. 1074 */ 1075 for (i = 0; i < 4; i++) { 1076 if (irrhp->must_be_ff[i] != 0xff) { 1077 return (IDM_STATUS_PROTOCOL_ERROR); 1078 } 1079 } 1080 mutex_enter(&isp->sess_cmdsn_mutex); 1081 1082 if (icp->conn_expstatsn == ntohl(irrhp->statsn)) { 1083 icp->conn_expstatsn++; 1084 } else { 1085 cmn_err(CE_WARN, "iscsi connection(%u/%x) protocol error - " 1086 "received status out of order statsn:0x%x " 1087 "expstatsn:0x%x", icp->conn_oid, irrhp->opcode, 1088 ntohl(irrhp->statsn), icp->conn_expstatsn); 1089 mutex_exit(&isp->sess_cmdsn_mutex); 1090 return (IDM_STATUS_PROTOCOL_ERROR); 1091 } 1092 /* update expcmdsn and maxcmdsn */ 1093 iscsi_update_flow_control(isp, ntohl(irrhp->maxcmdsn), 1094 ntohl(irrhp->expcmdsn)); 1095 1096 mutex_exit(&isp->sess_cmdsn_mutex); 1097 1098 /* If we don't have the rejected header we can't do anything */ 1099 dlength = n2h24(irrhp->dlength); 1100 if (dlength < sizeof (iscsi_hdr_t)) { 1101 return (IDM_STATUS_PROTOCOL_ERROR); 1102 } 1103 1104 /* map old ihp */ 1105 old_ihp = (iscsi_hdr_t *)data; 1106 1107 switch (irrhp->reason) { 1108 /* 1109 * ISCSI_REJECT_IMM_CMD_REJECT - Immediate Command Reject 1110 * too many immediate commands (original cmd can be resent) 1111 */ 1112 case ISCSI_REJECT_IMM_CMD_REJECT: 1113 /* 1114 * We have exceeded the server's capacity for outstanding 1115 * immediate commands. This must be a task management 1116 * command so try to find it in the abortingqueue and 1117 * complete it. 1118 */ 1119 if (!(old_ihp->opcode & ISCSI_OP_IMMEDIATE)) { 1120 /* Rejecting IMM but old old_hdr wasn't IMM */ 1121 return (IDM_STATUS_PROTOCOL_ERROR); 1122 } 1123 1124 /* 1125 * We only send NOP and TASK_MGT as IMM. All other 1126 * cases should be considered as a protocol error. 1127 */ 1128 switch (old_ihp->opcode & ISCSI_OPCODE_MASK) { 1129 case ISCSI_OP_NOOP_OUT: 1130 /* 1131 * A ping was rejected - treat this like 1132 * ping response. The down side is we 1133 * didn't get an updated MaxCmdSn. 1134 */ 1135 break; 1136 case ISCSI_OP_SCSI_TASK_MGT_MSG: 1137 status = 1138 iscsi_rx_process_rejected_tsk_mgt(ic, old_ihp); 1139 break; 1140 default: 1141 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 1142 "- received a reject for a command(0x%02x) not " 1143 "sent as an immediate", icp->conn_oid, 1144 old_ihp->opcode); 1145 status = IDM_STATUS_PROTOCOL_ERROR; 1146 break; 1147 } 1148 break; 1149 1150 /* 1151 * For the rest of the reject cases just use the general 1152 * hammer of dis/reconnecting. This will resolve all 1153 * noted issues although could be more graceful. 1154 */ 1155 case ISCSI_REJECT_DATA_DIGEST_ERROR: 1156 case ISCSI_REJECT_CMD_BEFORE_LOGIN: 1157 case ISCSI_REJECT_SNACK_REJECT: 1158 case ISCSI_REJECT_PROTOCOL_ERROR: 1159 case ISCSI_REJECT_CMD_NOT_SUPPORTED: 1160 case ISCSI_REJECT_TASK_IN_PROGRESS: 1161 case ISCSI_REJECT_INVALID_DATA_ACK: 1162 case ISCSI_REJECT_INVALID_PDU_FIELD: 1163 case ISCSI_REJECT_LONG_OPERATION_REJECT: 1164 case ISCSI_REJECT_NEGOTIATION_RESET: 1165 default: 1166 cmn_err(CE_WARN, "iscsi connection(%u/%x) closing connection - " 1167 "target requested reason:0x%x", 1168 icp->conn_oid, irrhp->opcode, irrhp->reason); 1169 status = IDM_STATUS_PROTOCOL_ERROR; 1170 break; 1171 } 1172 1173 return (status); 1174 } 1175 1176 1177 /* 1178 * iscsi_rx_process_rejected_tsk_mgt - 1179 */ 1180 /* ARGSUSED */ 1181 static idm_status_t 1182 iscsi_rx_process_rejected_tsk_mgt(idm_conn_t *ic, iscsi_hdr_t *old_ihp) 1183 { 1184 iscsi_sess_t *isp = NULL; 1185 iscsi_cmd_t *icmdp = NULL; 1186 iscsi_conn_t *icp = ic->ic_handle; 1187 1188 isp = icp->conn_sess; 1189 ASSERT(old_ihp != NULL); 1190 ASSERT(isp != NULL); 1191 1192 mutex_enter(&icp->conn_queue_active.mutex); 1193 mutex_enter(&isp->sess_cmdsn_mutex); 1194 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1195 isp, old_ihp, &icmdp))) { 1196 mutex_exit(&isp->sess_cmdsn_mutex); 1197 mutex_exit(&icp->conn_queue_active.mutex); 1198 return (IDM_STATUS_PROTOCOL_ERROR); 1199 } 1200 mutex_exit(&isp->sess_cmdsn_mutex); 1201 1202 switch (icmdp->cmd_type) { 1203 case ISCSI_CMD_TYPE_ABORT: 1204 case ISCSI_CMD_TYPE_RESET: 1205 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E4, 1206 icp->conn_sess); 1207 break; 1208 /* We don't send any other task mgr types */ 1209 default: 1210 ASSERT(B_FALSE); 1211 break; 1212 } 1213 mutex_exit(&icp->conn_queue_active.mutex); 1214 1215 return (IDM_STATUS_SUCCESS); 1216 } 1217 1218 1219 /* 1220 * iscsi_rx_process_task_mgt_rsp - 1221 */ 1222 /* ARGSUSED */ 1223 static idm_status_t 1224 iscsi_rx_process_task_mgt_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 1225 { 1226 iscsi_sess_t *isp = NULL; 1227 iscsi_scsi_task_mgt_rsp_hdr_t *istmrhp = NULL; 1228 iscsi_cmd_t *icmdp = NULL; 1229 iscsi_conn_t *icp = ic->ic_handle; 1230 idm_status_t status = IDM_STATUS_SUCCESS; 1231 1232 isp = icp->conn_sess; 1233 istmrhp = (iscsi_scsi_task_mgt_rsp_hdr_t *)pdu->isp_hdr; 1234 1235 mutex_enter(&icp->conn_queue_active.mutex); 1236 if ((status = iscsi_rx_chk(icp, isp, (iscsi_scsi_rsp_hdr_t *)istmrhp, 1237 &icmdp)) != IDM_STATUS_SUCCESS) { 1238 mutex_exit(&icp->conn_queue_active.mutex); 1239 return (status); 1240 } 1241 1242 switch (icmdp->cmd_type) { 1243 case ISCSI_CMD_TYPE_ABORT: 1244 case ISCSI_CMD_TYPE_RESET: 1245 switch (istmrhp->response) { 1246 case SCSI_TCP_TM_RESP_COMPLETE: 1247 /* success */ 1248 iscsi_cmd_state_machine(icmdp, 1249 ISCSI_CMD_EVENT_E3, isp); 1250 break; 1251 case SCSI_TCP_TM_RESP_NO_TASK: 1252 /* 1253 * If the array no longer knows about 1254 * an ABORT RTT and we no longer have 1255 * a parent SCSI command it was just 1256 * completed, free this ABORT resource. 1257 * Otherwise FALLTHRU this will flag a 1258 * protocol problem. 1259 */ 1260 if ((icmdp->cmd_type == ISCSI_CMD_TYPE_ABORT) && 1261 (icmdp->cmd_un.abort.icmdp == NULL)) { 1262 iscsi_cmd_state_machine(icmdp, 1263 ISCSI_CMD_EVENT_E4, isp); 1264 break; 1265 } 1266 /* FALLTHRU */ 1267 case SCSI_TCP_TM_RESP_REJECTED: 1268 /* 1269 * If the target rejects our reset task, 1270 * we should record the response and complete 1271 * this command with the result. 1272 */ 1273 if (icmdp->cmd_type == ISCSI_CMD_TYPE_RESET) { 1274 icmdp->cmd_un.reset.response = 1275 istmrhp->response; 1276 iscsi_cmd_state_machine(icmdp, 1277 ISCSI_CMD_EVENT_E3, isp); 1278 break; 1279 } 1280 /* FALLTHRU */ 1281 case SCSI_TCP_TM_RESP_NO_LUN: 1282 case SCSI_TCP_TM_RESP_TASK_ALLEGIANT: 1283 case SCSI_TCP_TM_RESP_NO_FAILOVER: 1284 case SCSI_TCP_TM_RESP_IN_PRGRESS: 1285 default: 1286 /* 1287 * Something is out of sync. Flush 1288 * active queues and resync the 1289 * the connection to try and recover 1290 * to a known state. 1291 */ 1292 status = IDM_STATUS_PROTOCOL_ERROR; 1293 } 1294 break; 1295 1296 default: 1297 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1298 "received a task mgt response for a non-task mgt " 1299 "cmd itt:0x%x type:%d", icp->conn_oid, istmrhp->itt, 1300 icmdp->cmd_type); 1301 status = IDM_STATUS_PROTOCOL_ERROR; 1302 break; 1303 } 1304 1305 mutex_exit(&icp->conn_queue_active.mutex); 1306 return (status); 1307 } 1308 1309 1310 /* 1311 * iscsi_rx_process_logout_rsp - 1312 * 1313 */ 1314 /* ARGSUSED */ 1315 idm_status_t 1316 iscsi_rx_process_logout_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 1317 { 1318 iscsi_conn_t *icp = ic->ic_handle; 1319 iscsi_logout_rsp_hdr_t *ilrhp = 1320 (iscsi_logout_rsp_hdr_t *)pdu->isp_hdr; 1321 iscsi_cmd_t *icmdp = NULL; 1322 iscsi_sess_t *isp; 1323 idm_status_t status = IDM_STATUS_SUCCESS; 1324 1325 isp = icp->conn_sess; 1326 1327 if (icp->conn_expstatsn != ntohl(ilrhp->statsn)) { 1328 cmn_err(CE_WARN, "iscsi connection(%u/%x) protocol error - " 1329 "received status out of order itt:0x%x statsn:0x%x " 1330 "expstatsn:0x%x", icp->conn_oid, ilrhp->opcode, ilrhp->itt, 1331 ntohl(ilrhp->statsn), icp->conn_expstatsn); 1332 return (IDM_STATUS_PROTOCOL_ERROR); 1333 } 1334 1335 mutex_enter(&icp->conn_queue_active.mutex); 1336 mutex_enter(&isp->sess_cmdsn_mutex); 1337 if (ilrhp->itt != ISCSI_RSVD_TASK_TAG) { 1338 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1339 isp, (iscsi_hdr_t *)ilrhp, &icmdp))) { 1340 mutex_exit(&isp->sess_cmdsn_mutex); 1341 mutex_exit(&icp->conn_queue_active.mutex); 1342 return (IDM_STATUS_PROTOCOL_ERROR); 1343 } 1344 } 1345 1346 /* update expcmdsn and maxcmdsn */ 1347 iscsi_update_flow_control(isp, ntohl(ilrhp->maxcmdsn), 1348 ntohl(ilrhp->expcmdsn)); 1349 mutex_exit(&isp->sess_cmdsn_mutex); 1350 1351 ISCSI_IO_LOG(CE_NOTE, 1352 "DEBUG: iscsi_rx_process_logout_rsp: response: %d", 1353 ilrhp->response); 1354 switch (ilrhp->response) { 1355 case ISCSI_LOGOUT_CID_NOT_FOUND: 1356 /* 1357 * If the target doesn't know about our connection 1358 * then we can consider our self disconnected. 1359 */ 1360 /* FALLTHRU */ 1361 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 1362 /* 1363 * We don't support ErrorRecovery levels above 0 1364 * currently so consider this success. 1365 */ 1366 /* FALLTHRU */ 1367 case ISCSI_LOGOUT_CLEANUP_FAILED: 1368 /* 1369 * per spec. "cleanup failed for various reasons." 1370 * Although those various reasons are undefined. 1371 * Not sure what to do here. So fake success, 1372 * which will disconnect the connection. 1373 */ 1374 /* FALLTHRU */ 1375 case ISCSI_LOGOUT_SUCCESS: 1376 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1377 mutex_exit(&icp->conn_queue_active.mutex); 1378 iscsi_drop_conn_cleanup(icp); 1379 break; 1380 default: 1381 mutex_exit(&icp->conn_queue_active.mutex); 1382 status = IDM_STATUS_PROTOCOL_ERROR; 1383 break; 1384 1385 } 1386 return (status); 1387 } 1388 1389 /* 1390 * iscsi_rx_process_async_rsp 1391 * 1392 */ 1393 /* ARGSUSED */ 1394 static idm_status_t 1395 iscsi_rx_process_async_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 1396 { 1397 iscsi_conn_t *icp = ic->ic_handle; 1398 iscsi_sess_t *isp = icp->conn_sess; 1399 idm_status_t rval = IDM_STATUS_SUCCESS; 1400 iscsi_task_t *itp; 1401 iscsi_async_evt_hdr_t *iaehp = 1402 (iscsi_async_evt_hdr_t *)pdu->isp_hdr; 1403 1404 ASSERT(icp != NULL); 1405 ASSERT(pdu != NULL); 1406 ASSERT(isp != NULL); 1407 1408 mutex_enter(&isp->sess_cmdsn_mutex); 1409 if (icp->conn_expstatsn == ntohl(iaehp->statsn)) { 1410 icp->conn_expstatsn++; 1411 } else { 1412 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1413 "received status out of order statsn:0x%x " 1414 "expstatsn:0x%x", icp->conn_oid, 1415 ntohl(iaehp->statsn), icp->conn_expstatsn); 1416 mutex_exit(&isp->sess_cmdsn_mutex); 1417 return (IDM_STATUS_PROTOCOL_ERROR); 1418 } 1419 mutex_exit(&isp->sess_cmdsn_mutex); 1420 1421 switch (iaehp->async_event) { 1422 case ISCSI_ASYNC_EVENT_SCSI_EVENT: 1423 /* 1424 * SCSI asynchronous event is reported in 1425 * the sense data. Sense data that accompanies 1426 * the report in the data segment identifies the 1427 * condition. If the target supports SCSI 1428 * asynchronous events reporting (see [SAM2]) 1429 * as indicated in the stardard INQUIRY data 1430 * (see [SPC3]), its use may be enabled by 1431 * parameters in the SCSI control mode page 1432 * (see [SPC3]). 1433 * 1434 * T-10 has removed SCSI asunchronous events 1435 * from the standard. Although we have seen 1436 * a couple targets still spending these requests. 1437 * Those targets were specifically sending them 1438 * for notification of a LUN/Volume change 1439 * (ex. LUN addition/removal). Fire the enumeration 1440 * to handle the change. 1441 */ 1442 if (isp->sess_type == ISCSI_SESS_TYPE_NORMAL) { 1443 rw_enter(&isp->sess_state_rwlock, RW_READER); 1444 if (isp->sess_state == ISCSI_SESS_STATE_LOGGED_IN) { 1445 (void) iscsi_sess_enum_request(isp, B_FALSE, 1446 isp->sess_state_event_count); 1447 } 1448 rw_exit(&isp->sess_state_rwlock); 1449 } 1450 break; 1451 1452 case ISCSI_ASYNC_EVENT_REQUEST_LOGOUT: 1453 /* 1454 * We've been asked to logout by the target -- 1455 * we need to treat this differently from a normal logout 1456 * due to a discovery failure. Normal logouts result in 1457 * an N3 event to the session state machine and an offline 1458 * of the lun. In this case we want to put the connection 1459 * into "failed" state and generate N5 to the session state 1460 * machine since the initiator logged out at the target's 1461 * request. To track this we set a flag indicating we 1462 * received this async logout request from the tharget 1463 */ 1464 mutex_enter(&icp->conn_state_mutex); 1465 icp->conn_async_logout = B_TRUE; 1466 mutex_exit(&icp->conn_state_mutex); 1467 1468 /* Hold is released in iscsi_handle_logout. */ 1469 idm_conn_hold(ic); 1470 1471 /* Target has requested this connection to logout. */ 1472 itp = kmem_zalloc(sizeof (iscsi_task_t), KM_SLEEP); 1473 itp->t_arg = icp; 1474 itp->t_blocking = B_FALSE; 1475 if (ddi_taskq_dispatch(isp->sess_login_taskq, 1476 (void(*)())iscsi_logout_start, itp, DDI_SLEEP) != 1477 DDI_SUCCESS) { 1478 idm_conn_rele(ic); 1479 /* Disconnect if we couldn't dispatch the task */ 1480 idm_ini_conn_disconnect(ic); 1481 } 1482 break; 1483 1484 case ISCSI_ASYNC_EVENT_DROPPING_CONNECTION: 1485 /* 1486 * Target is going to drop our connection. 1487 * param1 - CID which will be dropped. 1488 * param2 - Min time to reconnect. 1489 * param3 - Max time to reconnect. 1490 * 1491 * For now just let fail as another disconnect. 1492 * 1493 * MC/S Once we support > 1 connections then 1494 * we need to check the CID and drop that 1495 * specific connection. 1496 */ 1497 iscsi_conn_set_login_min_max(icp, iaehp->param2, 1498 iaehp->param3); 1499 idm_ini_conn_disconnect(ic); 1500 break; 1501 1502 case ISCSI_ASYNC_EVENT_DROPPING_ALL_CONNECTIONS: 1503 /* 1504 * Target is going to drop ALL connections. 1505 * param2 - Min time to reconnect. 1506 * param3 - Max time to reconnect. 1507 * 1508 * For now just let fail as anyother disconnect. 1509 * 1510 * MC/S Once we support more than > 1 connections 1511 * then we need to drop all connections on the 1512 * session. 1513 */ 1514 iscsi_conn_set_login_min_max(icp, iaehp->param2, 1515 iaehp->param3); 1516 idm_ini_conn_disconnect(ic); 1517 break; 1518 1519 case ISCSI_ASYNC_EVENT_PARAM_NEGOTIATION: 1520 /* 1521 * Target requests parameter negotiation 1522 * on this connection. 1523 * 1524 * The initiator must honor this request. For 1525 * now we will request a logout. We can't 1526 * just ignore this or it might force corruption? 1527 */ 1528 1529 /* Hold is released in iscsi_handle_logout */ 1530 idm_conn_hold(ic); 1531 itp = kmem_zalloc(sizeof (iscsi_task_t), KM_SLEEP); 1532 itp->t_arg = icp; 1533 itp->t_blocking = B_FALSE; 1534 if (ddi_taskq_dispatch(isp->sess_login_taskq, 1535 (void(*)())iscsi_logout_start, itp, DDI_SLEEP) != 1536 DDI_SUCCESS) { 1537 /* Disconnect if we couldn't dispatch the task */ 1538 idm_conn_rele(ic); 1539 idm_ini_conn_disconnect(ic); 1540 } 1541 break; 1542 1543 case ISCSI_ASYNC_EVENT_VENDOR_SPECIFIC: 1544 /* 1545 * We currently don't handle any vendor 1546 * specific async events. So just ignore 1547 * the request. 1548 */ 1549 idm_ini_conn_disconnect(ic); 1550 break; 1551 default: 1552 rval = IDM_STATUS_PROTOCOL_ERROR; 1553 } 1554 1555 return (rval); 1556 } 1557 1558 /* 1559 * iscsi_rx_process_text_rsp - processes iSCSI text response. It sets 1560 * the cmd_result field of the command data structure with the actual 1561 * status value instead of returning the status value. The return value 1562 * is SUCCESS in order to let iscsi_handle_text control the operation of 1563 * a text request. 1564 * Text requests are a handled a little different than other types of 1565 * iSCSI commands because the initiator sends additional empty text requests 1566 * in order to obtain the remaining responses required to complete the 1567 * request. iscsi_handle_text controls the operation of text request, while 1568 * iscsi_rx_process_text_rsp just process the current response. 1569 */ 1570 static idm_status_t 1571 iscsi_rx_process_text_rsp(idm_conn_t *ic, idm_pdu_t *pdu) 1572 { 1573 iscsi_sess_t *isp = NULL; 1574 iscsi_text_rsp_hdr_t *ithp = 1575 (iscsi_text_rsp_hdr_t *)pdu->isp_hdr; 1576 iscsi_conn_t *icp = ic->ic_handle; 1577 iscsi_cmd_t *icmdp = NULL; 1578 boolean_t final = B_FALSE; 1579 uint32_t data_len; 1580 uint8_t *data = pdu->isp_data; 1581 idm_status_t rval; 1582 1583 isp = icp->conn_sess; 1584 1585 mutex_enter(&icp->conn_queue_active.mutex); 1586 if ((rval = iscsi_rx_chk(icp, isp, (iscsi_scsi_rsp_hdr_t *)ithp, 1587 &icmdp)) != IDM_STATUS_SUCCESS) { 1588 mutex_exit(&icp->conn_queue_active.mutex); 1589 return (rval); 1590 } 1591 1592 /* update local final response flag */ 1593 if (ithp->flags & ISCSI_FLAG_FINAL) { 1594 final = B_TRUE; 1595 } 1596 1597 /* 1598 * validate received TTT value. RFC3720 specifies the following: 1599 * - F bit set to 1 MUST have a reserved TTT value 0xffffffff 1600 * - F bit set to 0 MUST have a non-reserved TTT value !0xffffffff 1601 * In addition, the received TTT value must not change between 1602 * responses of a long text response 1603 */ 1604 if (((final == B_TRUE) && (ithp->ttt != ISCSI_RSVD_TASK_TAG)) || 1605 ((final == B_FALSE) && (ithp->ttt == ISCSI_RSVD_TASK_TAG))) { 1606 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1607 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1608 mutex_exit(&icp->conn_queue_active.mutex); 1609 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1610 "received text response with invalid flags:0x%x or " 1611 "ttt:0x%x", icp->conn_oid, ithp->flags, ithp->itt); 1612 return (IDM_STATUS_PROTOCOL_ERROR); 1613 } 1614 1615 if ((icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) && 1616 (ithp->ttt == ISCSI_RSVD_TASK_TAG) && 1617 (final == B_FALSE)) { 1618 /* TTT should have matched reserved value */ 1619 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1620 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1621 mutex_exit(&icp->conn_queue_active.mutex); 1622 cmn_err(CE_WARN, "iscsi connection(%u) protocol " 1623 "error - received text response with invalid " 1624 "ttt:0x%x", icp->conn_oid, ithp->ttt); 1625 return (IDM_STATUS_PROTOCOL_ERROR); 1626 } 1627 1628 /* 1629 * If this is first response, save away TTT value for later use 1630 * in a long text request/response sequence 1631 */ 1632 if (icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) { 1633 icmdp->cmd_un.text.ttt = ithp->ttt; 1634 } 1635 1636 data_len = ntoh24(ithp->dlength); 1637 1638 /* check whether enough buffer available to copy data */ 1639 if ((icmdp->cmd_un.text.total_rx_len + data_len) > 1640 icmdp->cmd_un.text.buf_len) { 1641 icmdp->cmd_un.text.total_rx_len += data_len; 1642 icmdp->cmd_result = ISCSI_STATUS_DATA_OVERFLOW; 1643 /* 1644 * DATA_OVERFLOW will result in a SUCCESS return so that 1645 * iscsi_handle_text can continue to obtain the remaining 1646 * text response if needed. 1647 */ 1648 } else { 1649 char *buf_data = (icmdp->cmd_un.text.buf + 1650 icmdp->cmd_un.text.offset); 1651 1652 bcopy(data, buf_data, data_len); 1653 icmdp->cmd_un.text.offset += data_len; 1654 icmdp->cmd_un.text.total_rx_len += data_len; 1655 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 1656 bcopy(ithp->rsvd4, icmdp->cmd_un.text.lun, 1657 sizeof (icmdp->cmd_un.text.lun)); 1658 } 1659 1660 /* update stage */ 1661 if (final == B_TRUE) { 1662 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1663 } else { 1664 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 1665 } 1666 1667 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1668 mutex_exit(&icp->conn_queue_active.mutex); 1669 return (IDM_STATUS_SUCCESS); 1670 } 1671 1672 /* 1673 * iscsi_rx_process_scsi_itt_to_icmdp - Lookup itt using IDM to find matching 1674 * icmdp. Verify itt in hdr and icmdp are the same. 1675 */ 1676 static iscsi_status_t 1677 iscsi_rx_process_scsi_itt_to_icmdp(iscsi_sess_t *isp, idm_conn_t *ic, 1678 iscsi_scsi_rsp_hdr_t *ihp, iscsi_cmd_t **icmdp) 1679 { 1680 idm_task_t *itp; 1681 1682 ASSERT(isp != NULL); 1683 ASSERT(ihp != NULL); 1684 ASSERT(icmdp != NULL); 1685 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 1686 itp = idm_task_find_and_complete(ic, ihp->itt, ISCSI_INI_TASK_TTT); 1687 if (itp == NULL) { 1688 cmn_err(CE_WARN, "iscsi session(%u) protocol error - " 1689 "received unknown itt:0x%x - protocol error", 1690 isp->sess_oid, ihp->itt); 1691 return (ISCSI_STATUS_INTERNAL_ERROR); 1692 } 1693 *icmdp = itp->idt_private; 1694 1695 idm_task_rele(itp); 1696 1697 return (ISCSI_STATUS_SUCCESS); 1698 1699 } 1700 1701 /* 1702 * iscsi_rx_process_itt_to_icmdp - Lookup itt in the session's 1703 * cmd table to find matching icmdp. Verify itt in hdr and 1704 * icmdp are the same. 1705 */ 1706 static iscsi_status_t 1707 iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, iscsi_hdr_t *ihp, 1708 iscsi_cmd_t **icmdp) 1709 { 1710 int cmd_table_idx = 0; 1711 1712 ASSERT(isp != NULL); 1713 ASSERT(ihp != NULL); 1714 ASSERT(icmdp != NULL); 1715 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 1716 1717 /* try to find an associated iscsi_pkt */ 1718 cmd_table_idx = (ihp->itt - IDM_TASKIDS_MAX) % ISCSI_CMD_TABLE_SIZE; 1719 if (isp->sess_cmd_table[cmd_table_idx] == NULL) { 1720 cmn_err(CE_WARN, "iscsi session(%u) protocol error - " 1721 "received unknown itt:0x%x - protocol error", 1722 isp->sess_oid, ihp->itt); 1723 return (ISCSI_STATUS_INTERNAL_ERROR); 1724 } 1725 1726 /* verify itt */ 1727 if (isp->sess_cmd_table[cmd_table_idx]->cmd_itt != ihp->itt) { 1728 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1729 " which is out of sync with itt:0x%x", isp->sess_oid, 1730 ihp->itt, isp->sess_cmd_table[cmd_table_idx]->cmd_itt); 1731 return (ISCSI_STATUS_INTERNAL_ERROR); 1732 } 1733 1734 /* ensure that icmdp is still in Active state */ 1735 if (isp->sess_cmd_table[cmd_table_idx]->cmd_state != 1736 ISCSI_CMD_STATE_ACTIVE) { 1737 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1738 "but icmdp (%p) is not in active state", 1739 isp->sess_oid, ihp->itt, 1740 (void *)isp->sess_cmd_table[cmd_table_idx]); 1741 return (ISCSI_STATUS_INTERNAL_ERROR); 1742 } 1743 1744 /* make sure this is a SCSI cmd */ 1745 *icmdp = isp->sess_cmd_table[cmd_table_idx]; 1746 1747 return (ISCSI_STATUS_SUCCESS); 1748 } 1749 1750 /* 1751 * +--------------------------------------------------------------------+ 1752 * | End of protocol receive routines | 1753 * +--------------------------------------------------------------------+ 1754 */ 1755 1756 /* 1757 * +--------------------------------------------------------------------+ 1758 * | Beginning of protocol send routines | 1759 * +--------------------------------------------------------------------+ 1760 */ 1761 1762 1763 /* 1764 * iscsi_tx_thread - This thread is the driving point for all 1765 * iSCSI PDUs after login. No PDUs should call idm_pdu_tx() 1766 * directly they should be funneled through iscsi_tx_thread. 1767 */ 1768 void 1769 iscsi_tx_thread(iscsi_thread_t *thread, void *arg) 1770 { 1771 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 1772 iscsi_sess_t *isp = NULL; 1773 iscsi_cmd_t *icmdp = NULL; 1774 clock_t tout; 1775 int ret = 1; 1776 1777 ASSERT(icp != NULL); 1778 isp = icp->conn_sess; 1779 ASSERT(isp != NULL); 1780 ASSERT(thread != NULL); 1781 ASSERT(thread->signature == SIG_ISCSI_THREAD); 1782 1783 tout = SEC_TO_TICK(1); 1784 /* 1785 * Transfer icmdps until shutdown by owning session. 1786 */ 1787 while (ret != 0) { 1788 1789 isp->sess_window_open = B_TRUE; 1790 /* 1791 * While the window is open, there are commands available 1792 * to send and the session state allows those commands to 1793 * be sent try to transfer them. 1794 */ 1795 mutex_enter(&isp->sess_queue_pending.mutex); 1796 while ((isp->sess_window_open == B_TRUE) && 1797 ((icmdp = isp->sess_queue_pending.head) != NULL)) { 1798 if (((icmdp->cmd_type != ISCSI_CMD_TYPE_SCSI) && 1799 (ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state))) || 1800 (icp->conn_state == ISCSI_CONN_STATE_LOGGED_IN)) { 1801 1802 /* update command with this connection info */ 1803 icmdp->cmd_conn = icp; 1804 /* attempt to send this command */ 1805 iscsi_cmd_state_machine(icmdp, 1806 ISCSI_CMD_EVENT_E2, isp); 1807 1808 ASSERT(!mutex_owned( 1809 &isp->sess_queue_pending.mutex)); 1810 mutex_enter(&isp->sess_queue_pending.mutex); 1811 } else { 1812 while (icmdp != NULL) { 1813 if ((icmdp->cmd_type != 1814 ISCSI_CMD_TYPE_SCSI) && 1815 (ISCSI_CONN_STATE_FULL_FEATURE 1816 (icp->conn_state) != B_TRUE)) { 1817 icmdp->cmd_misc_flags |= 1818 ISCSI_CMD_MISCFLAG_STUCK; 1819 } else if (icp->conn_state != 1820 ISCSI_CONN_STATE_LOGGED_IN) { 1821 icmdp->cmd_misc_flags |= 1822 ISCSI_CMD_MISCFLAG_STUCK; 1823 } 1824 icmdp = icmdp->cmd_next; 1825 } 1826 break; 1827 } 1828 } 1829 mutex_exit(&isp->sess_queue_pending.mutex); 1830 1831 /* 1832 * Go to sleep until there is something new 1833 * to process (awoken via cv_boardcast). 1834 * Or the timer goes off. 1835 */ 1836 ret = iscsi_thread_wait(thread, tout); 1837 } 1838 1839 } 1840 1841 1842 /* 1843 * iscsi_tx_cmd - transfers icmdp across wire as iscsi pdu 1844 * 1845 * Just prior to sending the command to the networking layer the 1846 * pending queue lock will be dropped. At this point only local 1847 * resources will be used, not the icmdp. Holding the queue lock 1848 * across the networking call can lead to a hang. (This is due 1849 * to the the target driver and networking layers competing use 1850 * of the timeout() resources and the queue lock being held for 1851 * both sides.) Upon the completion of this command the lock 1852 * will have been re-acquired. 1853 */ 1854 iscsi_status_t 1855 iscsi_tx_cmd(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1856 { 1857 iscsi_status_t rval = ISCSI_STATUS_INTERNAL_ERROR; 1858 1859 ASSERT(isp != NULL); 1860 ASSERT(icmdp != NULL); 1861 1862 /* transfer specific command type */ 1863 switch (icmdp->cmd_type) { 1864 case ISCSI_CMD_TYPE_SCSI: 1865 rval = iscsi_tx_scsi(isp, icmdp); 1866 break; 1867 case ISCSI_CMD_TYPE_NOP: 1868 rval = iscsi_tx_nop(isp, icmdp); 1869 break; 1870 case ISCSI_CMD_TYPE_ABORT: 1871 rval = iscsi_tx_abort(isp, icmdp); 1872 break; 1873 case ISCSI_CMD_TYPE_RESET: 1874 rval = iscsi_tx_reset(isp, icmdp); 1875 break; 1876 case ISCSI_CMD_TYPE_LOGOUT: 1877 rval = iscsi_tx_logout(isp, icmdp); 1878 break; 1879 case ISCSI_CMD_TYPE_TEXT: 1880 rval = iscsi_tx_text(isp, icmdp); 1881 break; 1882 default: 1883 cmn_err(CE_WARN, "iscsi_tx_cmd: invalid cmdtype: %d", 1884 icmdp->cmd_type); 1885 ASSERT(FALSE); 1886 } 1887 1888 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1889 return (rval); 1890 } 1891 1892 /* 1893 * a variable length cdb can be up to 16K, but we obviously don't want 1894 * to put that on the stack; go with 200 bytes; if we get something 1895 * bigger than that we will kmem_alloc a buffer 1896 */ 1897 #define DEF_CDB_LEN 200 1898 1899 /* 1900 * given the size of the cdb, return how many bytes the header takes, 1901 * which is the sizeof addl_hdr_t + the CDB size, minus the 16 bytes 1902 * stored in the basic header, minus sizeof (ahs_extscb) 1903 */ 1904 #define ADDLHDRSZ(x) (sizeof (iscsi_addl_hdr_t) + (x) - \ 1905 16 - 4) 1906 1907 static void 1908 iscsi_tx_init_hdr(iscsi_sess_t *isp, iscsi_conn_t *icp, 1909 iscsi_text_hdr_t *ihp, int opcode, iscsi_cmd_t *icmdp) 1910 { 1911 ihp->opcode = opcode; 1912 ihp->itt = icmdp->cmd_itt; 1913 mutex_enter(&isp->sess_cmdsn_mutex); 1914 icmdp->cmd_sn = isp->sess_cmdsn; 1915 ihp->cmdsn = htonl(isp->sess_cmdsn); 1916 isp->sess_cmdsn++; 1917 mutex_exit(&isp->sess_cmdsn_mutex); 1918 ihp->expstatsn = htonl(icp->conn_expstatsn); 1919 icp->conn_laststatsn = icp->conn_expstatsn; 1920 } 1921 1922 1923 static void 1924 iscsi_tx_scsi_data(iscsi_cmd_t *icmdp, iscsi_scsi_cmd_hdr_t *ihp, 1925 iscsi_conn_t *icp, idm_pdu_t *pdu) 1926 { 1927 struct buf *bp = NULL; 1928 size_t buflen = 0; 1929 uint32_t first_burst_length = 0; 1930 struct scsi_pkt *pkt; 1931 1932 pkt = icmdp->cmd_un.scsi.pkt; 1933 bp = icmdp->cmd_un.scsi.bp; 1934 if ((bp != NULL) && bp->b_bcount) { 1935 buflen = bp->b_bcount; 1936 first_burst_length = 1937 icp->conn_params.first_burst_length; 1938 1939 if (bp->b_flags & B_READ) { 1940 ihp->flags = ISCSI_FLAG_FINAL; 1941 /* 1942 * fix problem where OS sends bp (B_READ & 1943 * b_bcount!=0) for a TUR or START_STOP. 1944 * (comment came from cisco code.) 1945 */ 1946 if ((pkt->pkt_cdbp[0] != SCMD_TEST_UNIT_READY) && 1947 (pkt->pkt_cdbp[0] != SCMD_START_STOP)) { 1948 ihp->flags |= ISCSI_FLAG_CMD_READ; 1949 ihp->data_length = htonl(buflen); 1950 } 1951 } else { 1952 ihp->flags = ISCSI_FLAG_CMD_WRITE; 1953 /* 1954 * FinalBit on the the iSCSI PDU denotes this 1955 * is the last PDU in the sequence. 1956 * 1957 * initial_r2t = true means R2T is required 1958 * for additional PDU, so there will be no more 1959 * unsolicited PDUs following 1960 */ 1961 if (icp->conn_params.initial_r2t) { 1962 ihp->flags |= ISCSI_FLAG_FINAL; 1963 } 1964 1965 /* Check if we should send ImmediateData */ 1966 if (icp->conn_params.immediate_data) { 1967 pdu->isp_data = 1968 (uint8_t *)icmdp-> 1969 cmd_un.scsi.bp->b_un.b_addr; 1970 1971 pdu->isp_datalen = MIN(MIN(buflen, 1972 first_burst_length), 1973 icmdp->cmd_conn->conn_params. 1974 max_xmit_data_seg_len); 1975 1976 /* 1977 * if everything fits immediate, or 1978 * we can send all burst data immediate 1979 * (not unsol), set F 1980 */ 1981 /* 1982 * XXX This doesn't look right -- it's not 1983 * clear how we can handle transmitting 1984 * any unsolicited data. It looks like 1985 * we only support immediate data. So what 1986 * happens if we don't set ISCSI_FLAG_FINAL? 1987 * 1988 * Unless there's magic code somewhere that 1989 * is sending the remaining PDU's we should 1990 * simply set ISCSI_FLAG_FINAL and forget 1991 * about sending unsolicited data. The big 1992 * win is the immediate data anyway for small 1993 * PDU's. 1994 */ 1995 if ((pdu->isp_datalen == buflen) || 1996 (pdu->isp_datalen == first_burst_length)) { 1997 ihp->flags |= ISCSI_FLAG_FINAL; 1998 } 1999 2000 hton24(ihp->dlength, pdu->isp_datalen); 2001 } 2002 /* total data transfer length */ 2003 ihp->data_length = htonl(buflen); 2004 } 2005 } else { 2006 ihp->flags = ISCSI_FLAG_FINAL; 2007 } 2008 icmdp->cmd_un.scsi.data_transferred += pdu->isp_datalen; 2009 /* XXX How is this different from the code above? */ 2010 /* will idm send the next data command up to burst length? */ 2011 /* send the burstlen if we haven't sent immediate data */ 2012 /* CRM: should idm send difference min(buflen, first_burst) and imm? */ 2013 /* (MIN(first_burst_length, buflen) - imdata > 0) */ 2014 /* CRM_LATER: change this to generate unsolicited pdu */ 2015 if ((buflen > 0) && 2016 ((bp->b_flags & B_READ) == 0) && 2017 (icp->conn_params.initial_r2t == 0) && 2018 pdu->isp_datalen == 0) { 2019 2020 pdu->isp_datalen = MIN(first_burst_length, buflen); 2021 if ((pdu->isp_datalen == buflen) || 2022 (pdu->isp_datalen == first_burst_length)) { 2023 ihp->flags |= ISCSI_FLAG_FINAL; 2024 } 2025 pdu->isp_data = (uint8_t *)icmdp->cmd_un.scsi.bp->b_un.b_addr; 2026 hton24(ihp->dlength, pdu->isp_datalen); 2027 } 2028 } 2029 2030 static void 2031 iscsi_tx_scsi_init_pkt(iscsi_cmd_t *icmdp, iscsi_scsi_cmd_hdr_t *ihp) 2032 { 2033 struct scsi_pkt *pkt; 2034 2035 pkt = icmdp->cmd_un.scsi.pkt; 2036 pkt->pkt_state = (STATE_GOT_BUS | STATE_GOT_TARGET); 2037 pkt->pkt_reason = CMD_INCOMPLETE; 2038 2039 /* tagged queuing */ 2040 if (pkt->pkt_flags & FLAG_HTAG) { 2041 ihp->flags |= ISCSI_ATTR_HEAD_OF_QUEUE; 2042 } else if (pkt->pkt_flags & FLAG_OTAG) { 2043 ihp->flags |= ISCSI_ATTR_ORDERED; 2044 } else if (pkt->pkt_flags & FLAG_STAG) { 2045 ihp->flags |= ISCSI_ATTR_SIMPLE; 2046 } else { 2047 /* ihp->flags |= ISCSI_ATTR_UNTAGGED; */ 2048 /* EMPTY */ 2049 } 2050 2051 /* iscsi states lun is based on spc.2 */ 2052 ISCSI_LUN_BYTE_COPY(ihp->lun, icmdp->cmd_un.scsi.lun); 2053 2054 if (icmdp->cmd_un.scsi.cmdlen <= 16) { 2055 /* copy the SCSI Command Block into the PDU */ 2056 bcopy(pkt->pkt_cdbp, ihp->scb, 2057 icmdp->cmd_un.scsi.cmdlen); 2058 } else { 2059 iscsi_addl_hdr_t *iahp; 2060 2061 iahp = (iscsi_addl_hdr_t *)ihp; 2062 2063 ihp->hlength = (ADDLHDRSZ(icmdp->cmd_un.scsi.cmdlen) - 2064 sizeof (iscsi_scsi_cmd_hdr_t) + 3) / 4; 2065 iahp->ahs_hlen_hi = 0; 2066 iahp->ahs_hlen_lo = (icmdp->cmd_un.scsi.cmdlen - 15); 2067 iahp->ahs_key = 0x01; 2068 iahp->ahs_resv = 0; 2069 bcopy(pkt->pkt_cdbp, ihp->scb, 16); 2070 bcopy(((char *)pkt->pkt_cdbp) + 16, &iahp->ahs_extscb[0], 2071 icmdp->cmd_un.scsi.cmdlen); 2072 } 2073 2074 /* 2075 * Update all values before transfering. 2076 * We should never touch the icmdp after 2077 * transfering if there is no more data 2078 * to send. The only case the idm_pdu_tx() 2079 * will fail is a on a connection disconnect 2080 * in that case the command will be flushed. 2081 */ 2082 pkt->pkt_state |= STATE_SENT_CMD; 2083 } 2084 2085 static void 2086 iscsi_tx_scsi_init_task(iscsi_cmd_t *icmdp, iscsi_conn_t *icp, 2087 iscsi_scsi_cmd_hdr_t *ihp) 2088 { 2089 idm_task_t *itp; 2090 struct buf *bp = NULL; 2091 uint32_t data_length; 2092 2093 bp = icmdp->cmd_un.scsi.bp; 2094 2095 itp = icmdp->cmd_itp; 2096 ASSERT(itp != NULL); 2097 data_length = ntohl(ihp->data_length); 2098 ISCSI_IO_LOG(CE_NOTE, 2099 "DEBUG: iscsi_tx_init_task: task_start: %p idt_tt: %x cmdsn: %x " 2100 "sess_cmdsn: %x cmd: %p " 2101 "cmdtype: %d datalen: %u", 2102 (void *)itp, itp->idt_tt, ihp->cmdsn, icp->conn_sess->sess_cmdsn, 2103 (void *)icmdp, icmdp->cmd_type, data_length); 2104 if (data_length > 0) { 2105 if (bp->b_flags & B_READ) { 2106 icmdp->cmd_un.scsi.ibp_ibuf = 2107 idm_buf_alloc(icp->conn_ic, 2108 bp->b_un.b_addr, bp->b_bcount); 2109 if (icmdp->cmd_un.scsi.ibp_ibuf) 2110 idm_buf_bind_in(itp, 2111 icmdp->cmd_un.scsi.ibp_ibuf); 2112 } else { 2113 icmdp->cmd_un.scsi.ibp_obuf = 2114 idm_buf_alloc(icp->conn_ic, 2115 bp->b_un.b_addr, bp->b_bcount); 2116 if (icmdp->cmd_un.scsi.ibp_obuf) 2117 idm_buf_bind_out(itp, 2118 icmdp->cmd_un.scsi.ibp_obuf); 2119 } 2120 ISCSI_IO_LOG(CE_NOTE, 2121 "DEBUG: pdu_tx: task_start(%s): %p ic: %p idt_tt: %x " 2122 "cmdsn: %x sess_cmdsn: %x sess_expcmdsn: %x obuf: %p " 2123 "cmdp: %p cmdtype: %d " 2124 "buflen: %lu " "bpaddr: %p datalen: %u ", 2125 bp->b_flags & B_READ ? "B_READ" : "B_WRITE", 2126 (void *)itp, (void *)icp->conn_ic, 2127 itp->idt_tt, ihp->cmdsn, 2128 icp->conn_sess->sess_cmdsn, 2129 icp->conn_sess->sess_expcmdsn, 2130 (void *)icmdp->cmd_un.scsi.ibp_ibuf, 2131 (void *)icmdp, icmdp->cmd_type, bp->b_bcount, 2132 (void *)bp->b_un.b_addr, 2133 data_length); 2134 } 2135 2136 /* 2137 * Task is now active 2138 */ 2139 idm_task_start(itp, ISCSI_INI_TASK_TTT); 2140 } 2141 2142 /* 2143 * iscsi_tx_scsi - 2144 * 2145 */ 2146 static iscsi_status_t 2147 iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2148 { 2149 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2150 iscsi_conn_t *icp = NULL; 2151 struct scsi_pkt *pkt = NULL; 2152 iscsi_scsi_cmd_hdr_t *ihp = NULL; 2153 int cdblen = 0; 2154 idm_pdu_t *pdu; 2155 int len; 2156 2157 ASSERT(isp != NULL); 2158 ASSERT(icmdp != NULL); 2159 2160 pdu = kmem_zalloc(sizeof (idm_pdu_t), KM_SLEEP); 2161 2162 pkt = icmdp->cmd_un.scsi.pkt; 2163 ASSERT(pkt != NULL); 2164 icp = icmdp->cmd_conn; 2165 ASSERT(icp != NULL); 2166 2167 /* Reset counts in case we are on a retry */ 2168 icmdp->cmd_un.scsi.data_transferred = 0; 2169 2170 if (icmdp->cmd_un.scsi.cmdlen > DEF_CDB_LEN) { 2171 cdblen = icmdp->cmd_un.scsi.cmdlen; 2172 ihp = kmem_zalloc(ADDLHDRSZ(cdblen), KM_SLEEP); 2173 len = ADDLHDRSZ(cdblen); 2174 } else { 2175 /* 2176 * only bzero the basic header; the additional header 2177 * will be set up correctly later, if needed 2178 */ 2179 ihp = kmem_zalloc(sizeof (iscsi_scsi_cmd_hdr_t), KM_SLEEP); 2180 len = sizeof (iscsi_scsi_cmd_hdr_t); 2181 } 2182 2183 iscsi_tx_init_hdr(isp, icp, (iscsi_text_hdr_t *)ihp, 2184 ISCSI_OP_SCSI_CMD, icmdp); 2185 2186 idm_pdu_init(pdu, icp->conn_ic, (void *)icmdp, &iscsi_tx_done); 2187 idm_pdu_init_hdr(pdu, (uint8_t *)ihp, len); 2188 pdu->isp_data = NULL; 2189 pdu->isp_datalen = 0; 2190 2191 /* 2192 * Sestion 12.11 of the iSCSI specification has a good table 2193 * describing when uncolicited data and/or immediate data 2194 * should be sent. 2195 */ 2196 2197 iscsi_tx_scsi_data(icmdp, ihp, icp, pdu); 2198 2199 iscsi_tx_scsi_init_pkt(icmdp, ihp); 2200 2201 /* Calls idm_task_start */ 2202 iscsi_tx_scsi_init_task(icmdp, icp, ihp); 2203 2204 mutex_exit(&isp->sess_queue_pending.mutex); 2205 2206 idm_pdu_tx(pdu); 2207 2208 icmdp->cmd_misc_flags |= ISCSI_CMD_MISCFLAG_SENT; 2209 2210 return (rval); 2211 } 2212 2213 2214 /* ARGSUSED */ 2215 static void 2216 iscsi_tx_done(idm_pdu_t *pdu, idm_status_t status) 2217 { 2218 kmem_free((iscsi_hdr_t *)pdu->isp_hdr, pdu->isp_hdrlen); 2219 kmem_free(pdu, sizeof (idm_pdu_t)); 2220 } 2221 2222 2223 static void 2224 iscsi_tx_pdu(iscsi_conn_t *icp, int opcode, void *hdr, int hdrlen, 2225 iscsi_cmd_t *icmdp) 2226 { 2227 idm_pdu_t *tx_pdu; 2228 iscsi_hdr_t *ihp = (iscsi_hdr_t *)hdr; 2229 2230 tx_pdu = kmem_zalloc(sizeof (idm_pdu_t), KM_SLEEP); 2231 ASSERT(tx_pdu != NULL); 2232 2233 idm_pdu_init(tx_pdu, icp->conn_ic, icmdp, &iscsi_tx_done); 2234 idm_pdu_init_hdr(tx_pdu, hdr, hdrlen); 2235 if (opcode == ISCSI_OP_TEXT_CMD) { 2236 idm_pdu_init_data(tx_pdu, 2237 (uint8_t *)icmdp->cmd_un.text.buf, 2238 ntoh24(ihp->dlength)); 2239 } 2240 2241 mutex_exit(&icp->conn_sess->sess_queue_pending.mutex); 2242 idm_pdu_tx(tx_pdu); 2243 icmdp->cmd_misc_flags |= ISCSI_CMD_MISCFLAG_SENT; 2244 } 2245 2246 2247 /* 2248 * iscsi_tx_nop - 2249 * 2250 */ 2251 static iscsi_status_t 2252 iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2253 { 2254 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2255 iscsi_conn_t *icp = NULL; 2256 iscsi_nop_out_hdr_t *inohp; 2257 2258 ASSERT(isp != NULL); 2259 ASSERT(icmdp != NULL); 2260 icp = icmdp->cmd_conn; 2261 ASSERT(icp != NULL); 2262 2263 inohp = kmem_zalloc(sizeof (iscsi_nop_out_hdr_t), KM_SLEEP); 2264 ASSERT(inohp != NULL); 2265 2266 inohp->opcode = ISCSI_OP_NOOP_OUT | ISCSI_OP_IMMEDIATE; 2267 inohp->flags = ISCSI_FLAG_FINAL; 2268 inohp->itt = icmdp->cmd_itt; 2269 inohp->ttt = icmdp->cmd_ttt; 2270 mutex_enter(&isp->sess_cmdsn_mutex); 2271 icmdp->cmd_sn = isp->sess_cmdsn; 2272 inohp->cmdsn = htonl(isp->sess_cmdsn); 2273 mutex_exit(&isp->sess_cmdsn_mutex); 2274 inohp->expstatsn = htonl(icp->conn_expstatsn); 2275 icp->conn_laststatsn = icp->conn_expstatsn; 2276 iscsi_tx_pdu(icp, ISCSI_OP_NOOP_OUT, inohp, 2277 sizeof (iscsi_nop_out_hdr_t), icmdp); 2278 return (rval); 2279 } 2280 2281 2282 /* 2283 * iscsi_tx_abort - 2284 * 2285 */ 2286 static iscsi_status_t 2287 iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2288 { 2289 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2290 iscsi_conn_t *icp = NULL; 2291 iscsi_scsi_task_mgt_hdr_t *istmh; 2292 2293 ASSERT(isp != NULL); 2294 ASSERT(icmdp != NULL); 2295 icp = icmdp->cmd_conn; 2296 ASSERT(icp != NULL); 2297 2298 istmh = kmem_zalloc(sizeof (iscsi_scsi_task_mgt_hdr_t), KM_SLEEP); 2299 ASSERT(istmh != NULL); 2300 mutex_enter(&isp->sess_cmdsn_mutex); 2301 icmdp->cmd_sn = isp->sess_cmdsn; 2302 istmh->cmdsn = htonl(isp->sess_cmdsn); 2303 mutex_exit(&isp->sess_cmdsn_mutex); 2304 istmh->expstatsn = htonl(icp->conn_expstatsn); 2305 icp->conn_laststatsn = icp->conn_expstatsn; 2306 istmh->itt = icmdp->cmd_itt; 2307 istmh->opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2308 istmh->function = ISCSI_FLAG_FINAL | ISCSI_TM_FUNC_ABORT_TASK; 2309 ISCSI_LUN_BYTE_COPY(istmh->lun, 2310 icmdp->cmd_un.abort.icmdp->cmd_un.scsi.lun); 2311 istmh->rtt = icmdp->cmd_un.abort.icmdp->cmd_itt; 2312 iscsi_tx_pdu(icp, ISCSI_OP_SCSI_TASK_MGT_MSG, istmh, 2313 sizeof (iscsi_scsi_task_mgt_hdr_t), icmdp); 2314 2315 return (rval); 2316 } 2317 2318 2319 /* 2320 * iscsi_tx_reset - 2321 * 2322 */ 2323 static iscsi_status_t 2324 iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2325 { 2326 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2327 iscsi_conn_t *icp = NULL; 2328 iscsi_scsi_task_mgt_hdr_t *istmh; 2329 2330 ASSERT(isp != NULL); 2331 ASSERT(icmdp != NULL); 2332 icp = icmdp->cmd_conn; 2333 ASSERT(icp != NULL); 2334 2335 istmh = kmem_zalloc(sizeof (iscsi_scsi_task_mgt_hdr_t), KM_SLEEP); 2336 ASSERT(istmh != NULL); 2337 istmh->opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2338 mutex_enter(&isp->sess_cmdsn_mutex); 2339 icmdp->cmd_sn = isp->sess_cmdsn; 2340 istmh->cmdsn = htonl(isp->sess_cmdsn); 2341 mutex_exit(&isp->sess_cmdsn_mutex); 2342 istmh->expstatsn = htonl(icp->conn_expstatsn); 2343 istmh->itt = icmdp->cmd_itt; 2344 2345 switch (icmdp->cmd_un.reset.level) { 2346 case RESET_LUN: 2347 istmh->function = ISCSI_FLAG_FINAL | 2348 ISCSI_TM_FUNC_LOGICAL_UNIT_RESET; 2349 ISCSI_LUN_BYTE_COPY(istmh->lun, icmdp->cmd_lun->lun_num); 2350 break; 2351 case RESET_TARGET: 2352 case RESET_BUS: 2353 istmh->function = ISCSI_FLAG_FINAL | 2354 ISCSI_TM_FUNC_TARGET_WARM_RESET; 2355 break; 2356 default: 2357 /* unsupported / unknown level */ 2358 ASSERT(FALSE); 2359 break; 2360 } 2361 2362 iscsi_tx_pdu(icp, ISCSI_OP_SCSI_TASK_MGT_MSG, istmh, 2363 sizeof (iscsi_scsi_task_mgt_hdr_t), icmdp); 2364 2365 return (rval); 2366 } 2367 2368 2369 /* 2370 * iscsi_tx_logout - 2371 * 2372 */ 2373 static iscsi_status_t 2374 iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2375 { 2376 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2377 iscsi_conn_t *icp = NULL; 2378 iscsi_logout_hdr_t *ilh; 2379 2380 ASSERT(isp != NULL); 2381 ASSERT(icmdp != NULL); 2382 icp = icmdp->cmd_conn; 2383 ASSERT(icp != NULL); 2384 2385 ilh = kmem_zalloc(sizeof (iscsi_logout_hdr_t), KM_SLEEP); 2386 ilh->opcode = ISCSI_OP_LOGOUT_CMD | ISCSI_OP_IMMEDIATE; 2387 ilh->flags = ISCSI_FLAG_FINAL | ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2388 ilh->itt = icmdp->cmd_itt; 2389 ilh->cid = icp->conn_cid; 2390 mutex_enter(&isp->sess_cmdsn_mutex); 2391 icmdp->cmd_sn = isp->sess_cmdsn; 2392 ilh->cmdsn = htonl(isp->sess_cmdsn); 2393 mutex_exit(&isp->sess_cmdsn_mutex); 2394 ilh->expstatsn = htonl(icp->conn_expstatsn); 2395 iscsi_tx_pdu(icp, ISCSI_OP_LOGOUT_CMD, ilh, 2396 sizeof (iscsi_logout_hdr_t), icmdp); 2397 2398 return (rval); 2399 } 2400 2401 /* 2402 * iscsi_tx_text - setup iSCSI text request header and send PDU with 2403 * data given in the buffer attached to the command. For a single 2404 * text request, the target may need to send its response in multiple 2405 * text response. In this case, empty text requests are sent after 2406 * each received response to notify the target the initiator is ready 2407 * for more response. For the initial request, the data_len field in 2408 * the text specific portion of a command is set to the amount of data 2409 * the initiator wants to send as part of the request. If additional 2410 * empty text requests are required for long responses, the data_len 2411 * field is set to 0 by the iscsi_handle_text function. 2412 */ 2413 static iscsi_status_t 2414 iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2415 { 2416 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2417 iscsi_conn_t *icp = NULL; 2418 iscsi_text_hdr_t *ith; 2419 2420 ASSERT(icmdp != NULL); 2421 icp = icmdp->cmd_conn; 2422 ASSERT(icp != NULL); 2423 2424 ith = kmem_zalloc(sizeof (iscsi_text_hdr_t), KM_SLEEP); 2425 ASSERT(ith != NULL); 2426 ith->flags = ISCSI_FLAG_FINAL; 2427 hton24(ith->dlength, icmdp->cmd_un.text.data_len); 2428 ith->ttt = icmdp->cmd_un.text.ttt; 2429 iscsi_tx_init_hdr(isp, icp, (iscsi_text_hdr_t *)ith, 2430 ISCSI_OP_TEXT_CMD, icmdp); 2431 bcopy(icmdp->cmd_un.text.lun, ith->rsvd4, sizeof (ith->rsvd4)); 2432 2433 iscsi_tx_pdu(icp, ISCSI_OP_TEXT_CMD, ith, sizeof (iscsi_text_hdr_t), 2434 icmdp); 2435 2436 return (rval); 2437 } 2438 2439 /* 2440 * +--------------------------------------------------------------------+ 2441 * | End of protocol send routines | 2442 * +--------------------------------------------------------------------+ 2443 */ 2444 2445 /* 2446 * iscsi_handle_abort - 2447 * 2448 */ 2449 void 2450 iscsi_handle_abort(void *arg) 2451 { 2452 iscsi_sess_t *isp = NULL; 2453 iscsi_cmd_t *icmdp = (iscsi_cmd_t *)arg; 2454 iscsi_cmd_t *new_icmdp; 2455 iscsi_conn_t *icp; 2456 2457 ASSERT(icmdp != NULL); 2458 icp = icmdp->cmd_conn; 2459 ASSERT(icp != NULL); 2460 isp = icp->conn_sess; 2461 ASSERT(isp != NULL); 2462 2463 /* there should only be one abort */ 2464 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2465 2466 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2467 new_icmdp->cmd_type = ISCSI_CMD_TYPE_ABORT; 2468 new_icmdp->cmd_lun = icmdp->cmd_lun; 2469 new_icmdp->cmd_un.abort.icmdp = icmdp; 2470 new_icmdp->cmd_conn = icmdp->cmd_conn; 2471 icmdp->cmd_un.scsi.abort_icmdp = new_icmdp; 2472 2473 /* pending queue mutex is already held by timeout_checks */ 2474 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2475 } 2476 2477 /* 2478 * Callback from IDM indicating that the task has been suspended or aborted. 2479 */ 2480 void 2481 iscsi_task_aborted(idm_task_t *idt, idm_status_t status) 2482 { 2483 iscsi_cmd_t *icmdp = idt->idt_private; 2484 iscsi_conn_t *icp = icmdp->cmd_conn; 2485 iscsi_sess_t *isp = icp->conn_sess; 2486 2487 ASSERT(icmdp->cmd_conn != NULL); 2488 2489 switch (status) { 2490 case IDM_STATUS_SUSPENDED: 2491 /* 2492 * If the task is suspended, it may be aborted later, 2493 * so we can ignore this notification. 2494 */ 2495 break; 2496 2497 case IDM_STATUS_ABORTED: 2498 mutex_enter(&icp->conn_queue_active.mutex); 2499 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E9, isp); 2500 mutex_exit(&icp->conn_queue_active.mutex); 2501 break; 2502 2503 default: 2504 /* 2505 * Unexpected status. 2506 */ 2507 ASSERT(0); 2508 } 2509 2510 } 2511 2512 /* 2513 * iscsi_handle_nop - 2514 * 2515 */ 2516 static void 2517 iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt) 2518 { 2519 iscsi_sess_t *isp = NULL; 2520 iscsi_cmd_t *icmdp = NULL; 2521 2522 ASSERT(icp != NULL); 2523 isp = icp->conn_sess; 2524 ASSERT(isp != NULL); 2525 2526 icmdp = iscsi_cmd_alloc(icp, KM_NOSLEEP); 2527 if (icmdp == NULL) { 2528 return; 2529 } 2530 2531 icmdp->cmd_type = ISCSI_CMD_TYPE_NOP; 2532 icmdp->cmd_itt = itt; 2533 icmdp->cmd_ttt = ttt; 2534 icmdp->cmd_lun = NULL; 2535 icp->conn_nop_lbolt = ddi_get_lbolt(); 2536 2537 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2538 } 2539 2540 /* 2541 * iscsi_handle_reset - send reset request to the target 2542 * 2543 */ 2544 iscsi_status_t 2545 iscsi_handle_reset(iscsi_sess_t *isp, int level, iscsi_lun_t *ilp) 2546 { 2547 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2548 iscsi_conn_t *icp; 2549 iscsi_cmd_t icmd; 2550 2551 ASSERT(isp != NULL); 2552 2553 if (level == RESET_LUN) { 2554 rw_enter(&isp->sess_lun_list_rwlock, RW_WRITER); 2555 ASSERT(ilp != NULL); 2556 if (ilp->lun_state & ISCSI_LUN_STATE_BUSY) { 2557 rw_exit(&isp->sess_lun_list_rwlock); 2558 return (ISCSI_STATUS_SUCCESS); 2559 } 2560 ilp->lun_state |= ISCSI_LUN_STATE_BUSY; 2561 rw_exit(&isp->sess_lun_list_rwlock); 2562 } else { 2563 mutex_enter(&isp->sess_reset_mutex); 2564 if (isp->sess_reset_in_progress == B_TRUE) { 2565 /* 2566 * If the reset is in progress, it is unnecessary 2567 * to send reset to the target redunantly. 2568 */ 2569 mutex_exit(&isp->sess_reset_mutex); 2570 return (ISCSI_STATUS_SUCCESS); 2571 } 2572 isp->sess_reset_in_progress = B_TRUE; 2573 mutex_exit(&isp->sess_reset_mutex); 2574 } 2575 2576 bzero(&icmd, sizeof (iscsi_cmd_t)); 2577 icmd.cmd_sig = ISCSI_SIG_CMD; 2578 icmd.cmd_state = ISCSI_CMD_STATE_FREE; 2579 icmd.cmd_type = ISCSI_CMD_TYPE_RESET; 2580 icmd.cmd_lun = ilp; 2581 icmd.cmd_un.reset.level = level; 2582 icmd.cmd_result = ISCSI_STATUS_SUCCESS; 2583 icmd.cmd_completed = B_FALSE; 2584 icmd.cmd_un.reset.response = SCSI_TCP_TM_RESP_COMPLETE; 2585 2586 mutex_init(&icmd.cmd_mutex, NULL, MUTEX_DRIVER, NULL); 2587 cv_init(&icmd.cmd_completion, NULL, CV_DRIVER, NULL); 2588 /* 2589 * If we received an IO and we are not in the 2590 * LOGGED_IN state we are in the process of 2591 * failing. Just respond that we are BUSY. 2592 */ 2593 rw_enter(&isp->sess_state_rwlock, RW_READER); 2594 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2595 /* We aren't connected to the target fake success */ 2596 rw_exit(&isp->sess_state_rwlock); 2597 2598 if (level == RESET_LUN) { 2599 rw_enter(&isp->sess_lun_list_rwlock, RW_WRITER); 2600 ilp->lun_state &= ~ISCSI_LUN_STATE_BUSY; 2601 rw_exit(&isp->sess_lun_list_rwlock); 2602 } else { 2603 mutex_enter(&isp->sess_reset_mutex); 2604 isp->sess_reset_in_progress = B_FALSE; 2605 mutex_exit(&isp->sess_reset_mutex); 2606 } 2607 2608 return (ISCSI_STATUS_SUCCESS); 2609 } 2610 2611 mutex_enter(&isp->sess_queue_pending.mutex); 2612 iscsi_cmd_state_machine(&icmd, ISCSI_CMD_EVENT_E1, isp); 2613 mutex_exit(&isp->sess_queue_pending.mutex); 2614 rw_exit(&isp->sess_state_rwlock); 2615 2616 /* stall until completed */ 2617 mutex_enter(&icmd.cmd_mutex); 2618 while (icmd.cmd_completed == B_FALSE) { 2619 cv_wait(&icmd.cmd_completion, &icmd.cmd_mutex); 2620 } 2621 mutex_exit(&icmd.cmd_mutex); 2622 2623 /* copy rval */ 2624 rval = icmd.cmd_result; 2625 2626 if (rval == ISCSI_STATUS_SUCCESS) { 2627 /* 2628 * Reset was successful. We need to flush 2629 * all active IOs. 2630 */ 2631 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 2632 icp = isp->sess_conn_list; 2633 while (icp != NULL) { 2634 iscsi_cmd_t *t_icmdp = NULL; 2635 iscsi_cmd_t *next_icmdp = NULL; 2636 2637 mutex_enter(&icp->conn_queue_active.mutex); 2638 t_icmdp = icp->conn_queue_active.head; 2639 while (t_icmdp != NULL) { 2640 next_icmdp = t_icmdp->cmd_next; 2641 mutex_enter(&t_icmdp->cmd_mutex); 2642 if (!(t_icmdp->cmd_misc_flags & 2643 ISCSI_CMD_MISCFLAG_SENT)) { 2644 /* 2645 * Although this command is in the 2646 * active queue, it has not been sent. 2647 * Skip it. 2648 */ 2649 mutex_exit(&t_icmdp->cmd_mutex); 2650 t_icmdp = next_icmdp; 2651 continue; 2652 } 2653 if (level == RESET_LUN) { 2654 if (icmd.cmd_lun == NULL || 2655 t_icmdp->cmd_lun == NULL || 2656 (icmd.cmd_lun->lun_num != 2657 t_icmdp->cmd_lun->lun_num)) { 2658 mutex_exit(&t_icmdp->cmd_mutex); 2659 t_icmdp = next_icmdp; 2660 continue; 2661 } 2662 } 2663 2664 if (icmd.cmd_sn == t_icmdp->cmd_sn) { 2665 /* 2666 * This command may be replied with 2667 * UA sense key later. So currently 2668 * it is not a suitable time to flush 2669 * it. Mark its flag with FLUSH. There 2670 * is no harm to keep it for a while. 2671 */ 2672 t_icmdp->cmd_misc_flags |= 2673 ISCSI_CMD_MISCFLAG_FLUSH; 2674 if (t_icmdp->cmd_type == 2675 ISCSI_CMD_TYPE_SCSI) { 2676 t_icmdp->cmd_un.scsi.pkt_stat |= 2677 STAT_BUS_RESET; 2678 } 2679 mutex_exit(&t_icmdp->cmd_mutex); 2680 } else if ((icmd.cmd_sn > t_icmdp->cmd_sn) || 2681 ((t_icmdp->cmd_sn - icmd.cmd_sn) > 2682 ISCSI_CMD_SN_WRAP)) { 2683 /* 2684 * This reset request must act on all 2685 * the commnds from the same session 2686 * having a CmdSN lower than the task 2687 * mangement CmdSN. So flush these 2688 * commands here. 2689 */ 2690 if (t_icmdp->cmd_type == 2691 ISCSI_CMD_TYPE_SCSI) { 2692 t_icmdp->cmd_un.scsi.pkt_stat |= 2693 STAT_BUS_RESET; 2694 } 2695 mutex_exit(&t_icmdp->cmd_mutex); 2696 iscsi_cmd_state_machine(t_icmdp, 2697 ISCSI_CMD_EVENT_E7, isp); 2698 } else { 2699 mutex_exit(&t_icmdp->cmd_mutex); 2700 } 2701 2702 t_icmdp = next_icmdp; 2703 } 2704 2705 mutex_exit(&icp->conn_queue_active.mutex); 2706 icp = icp->conn_next; 2707 } 2708 rw_exit(&isp->sess_conn_list_rwlock); 2709 } 2710 2711 /* clean up */ 2712 cv_destroy(&icmd.cmd_completion); 2713 mutex_destroy(&icmd.cmd_mutex); 2714 2715 if (level == RESET_LUN) { 2716 rw_enter(&isp->sess_lun_list_rwlock, RW_WRITER); 2717 ilp->lun_state &= ~ISCSI_LUN_STATE_BUSY; 2718 rw_exit(&isp->sess_lun_list_rwlock); 2719 } else { 2720 mutex_enter(&isp->sess_reset_mutex); 2721 isp->sess_reset_in_progress = B_FALSE; 2722 mutex_exit(&isp->sess_reset_mutex); 2723 } 2724 2725 return (rval); 2726 } 2727 2728 /* 2729 * iscsi_logout_start - task handler for deferred logout 2730 * Acquire a hold before call, released in iscsi_handle_logout 2731 */ 2732 static void 2733 iscsi_logout_start(void *arg) 2734 { 2735 iscsi_task_t *itp = (iscsi_task_t *)arg; 2736 iscsi_conn_t *icp; 2737 2738 icp = (iscsi_conn_t *)itp->t_arg; 2739 2740 mutex_enter(&icp->conn_state_mutex); 2741 (void) iscsi_handle_logout(icp); 2742 mutex_exit(&icp->conn_state_mutex); 2743 } 2744 2745 /* 2746 * iscsi_handle_logout - This function will issue a logout for 2747 * the session from a specific connection. 2748 * Acquire idm_conn_hold before call. Released internally. 2749 */ 2750 iscsi_status_t 2751 iscsi_handle_logout(iscsi_conn_t *icp) 2752 { 2753 iscsi_sess_t *isp; 2754 idm_conn_t *ic; 2755 iscsi_cmd_t *icmdp; 2756 int rval; 2757 2758 ASSERT(icp != NULL); 2759 isp = icp->conn_sess; 2760 ic = icp->conn_ic; 2761 ASSERT(isp != NULL); 2762 ASSERT(isp->sess_hba != NULL); 2763 ASSERT(mutex_owned(&icp->conn_state_mutex)); 2764 2765 /* 2766 * If the connection has already gone down (e.g. if the transport 2767 * failed between when this LOGOUT was generated and now) then we 2768 * can and must skip sending the LOGOUT. Check the same condition 2769 * we use below to determine that connection has "settled". 2770 */ 2771 if ((icp->conn_state == ISCSI_CONN_STATE_FREE) || 2772 (icp->conn_state == ISCSI_CONN_STATE_FAILED) || 2773 (icp->conn_state == ISCSI_CONN_STATE_POLLING)) { 2774 idm_conn_rele(ic); 2775 return (0); 2776 } 2777 2778 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2779 ASSERT(icmdp != NULL); 2780 icmdp->cmd_type = ISCSI_CMD_TYPE_LOGOUT; 2781 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2782 icmdp->cmd_completed = B_FALSE; 2783 2784 mutex_enter(&isp->sess_queue_pending.mutex); 2785 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2786 mutex_exit(&isp->sess_queue_pending.mutex); 2787 2788 /* 2789 * release connection state mutex to avoid a deadlock. This 2790 * function is called from within the connection state 2791 * machine with the lock held. When the logout response is 2792 * received another call to the connection state machine 2793 * occurs which causes the deadlock 2794 */ 2795 mutex_exit(&icp->conn_state_mutex); 2796 2797 /* stall until completed */ 2798 mutex_enter(&icmdp->cmd_mutex); 2799 while (icmdp->cmd_completed == B_FALSE) { 2800 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2801 } 2802 mutex_exit(&icmdp->cmd_mutex); 2803 mutex_enter(&icp->conn_state_mutex); 2804 2805 /* copy rval */ 2806 rval = icmdp->cmd_result; 2807 2808 /* clean up */ 2809 iscsi_cmd_free(icmdp); 2810 2811 if (rval != 0) { 2812 /* If the logout failed then drop the connection */ 2813 idm_ini_conn_disconnect(icp->conn_ic); 2814 } 2815 2816 /* stall until connection settles */ 2817 while ((icp->conn_state != ISCSI_CONN_STATE_FREE) && 2818 (icp->conn_state != ISCSI_CONN_STATE_FAILED) && 2819 (icp->conn_state != ISCSI_CONN_STATE_POLLING)) { 2820 /* wait for transition */ 2821 cv_wait(&icp->conn_state_change, &icp->conn_state_mutex); 2822 } 2823 2824 idm_conn_rele(ic); 2825 2826 /* 2827 * Return value reflects whether the logout command completed -- 2828 * regardless of the return value the connection is closed and 2829 * ready for reconnection. 2830 */ 2831 return (rval); 2832 } 2833 2834 2835 /* 2836 * iscsi_handle_text - main control function for iSCSI text requests. This 2837 * function handles allocating the command, sending initial text request, and 2838 * handling long response sequence. 2839 * If a data overflow condition occurs, iscsi_handle_text continues to 2840 * receive responses until the all data has been recieved. This allows 2841 * the full data length to be returned to the caller. 2842 */ 2843 iscsi_status_t 2844 iscsi_handle_text(iscsi_conn_t *icp, char *buf, uint32_t buf_len, 2845 uint32_t data_len, uint32_t *rx_data_len) 2846 { 2847 iscsi_sess_t *isp; 2848 iscsi_cmd_t *icmdp; 2849 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2850 2851 ASSERT(icp != NULL); 2852 ASSERT(buf != NULL); 2853 ASSERT(rx_data_len != NULL); 2854 2855 isp = icp->conn_sess; 2856 ASSERT(isp != NULL); 2857 2858 /* 2859 * Ensure data for text request command is not greater 2860 * than the negotiated maximum receive data seqment length. 2861 * 2862 * Although iSCSI allows for long text requests (multiple 2863 * pdus), this function places a restriction on text 2864 * requests to ensure it is handled by a single PDU. 2865 */ 2866 if (data_len > icp->conn_params.max_xmit_data_seg_len) { 2867 return (ISCSI_STATUS_CMD_FAILED); 2868 } 2869 2870 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2871 ASSERT(icmdp != NULL); 2872 2873 icmdp->cmd_type = ISCSI_CMD_TYPE_TEXT; 2874 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2875 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2876 icmdp->cmd_completed = B_FALSE; 2877 2878 icmdp->cmd_un.text.buf = buf; 2879 icmdp->cmd_un.text.buf_len = buf_len; 2880 icmdp->cmd_un.text.offset = 0; 2881 icmdp->cmd_un.text.data_len = data_len; 2882 icmdp->cmd_un.text.total_rx_len = 0; 2883 icmdp->cmd_un.text.ttt = ISCSI_RSVD_TASK_TAG; 2884 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_INITIAL_REQ; 2885 2886 long_text_response: 2887 rw_enter(&isp->sess_state_rwlock, RW_READER); 2888 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2889 iscsi_cmd_free(icmdp); 2890 rw_exit(&isp->sess_state_rwlock); 2891 return (ISCSI_STATUS_NO_CONN_LOGGED_IN); 2892 } 2893 2894 mutex_enter(&isp->sess_queue_pending.mutex); 2895 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2896 mutex_exit(&isp->sess_queue_pending.mutex); 2897 rw_exit(&isp->sess_state_rwlock); 2898 2899 /* stall until completed */ 2900 mutex_enter(&icmdp->cmd_mutex); 2901 while (icmdp->cmd_completed == B_FALSE) { 2902 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2903 } 2904 mutex_exit(&icmdp->cmd_mutex); 2905 2906 /* 2907 * check if error occured. If data overflow occured, continue on 2908 * to ensure we get all data so that the full data length can be 2909 * returned to the user 2910 */ 2911 if ((icmdp->cmd_result != ISCSI_STATUS_SUCCESS) && 2912 (icmdp->cmd_result != ISCSI_STATUS_DATA_OVERFLOW)) { 2913 cmn_err(CE_NOTE, "iscsi: SendTarget discovery failed (%d)", 2914 icmdp->cmd_result); 2915 rval = icmdp->cmd_result; 2916 iscsi_cmd_free(icmdp); 2917 return (rval); 2918 } 2919 2920 /* check if this was a partial text PDU */ 2921 if (icmdp->cmd_un.text.stage != ISCSI_CMD_TEXT_FINAL_RSP) { 2922 /* 2923 * If a paritial text rexponse received, send an empty 2924 * text request. This follows the behaviour specified 2925 * in RFC3720 regarding long text responses. 2926 */ 2927 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2928 icmdp->cmd_completed = B_FALSE; 2929 icmdp->cmd_un.text.data_len = 0; 2930 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 2931 goto long_text_response; 2932 } 2933 2934 /* 2935 * set total received data length. If data overflow this would be 2936 * amount of data that would have been received if buffer large 2937 * enough. 2938 */ 2939 *rx_data_len = icmdp->cmd_un.text.total_rx_len; 2940 2941 /* copy rval */ 2942 rval = icmdp->cmd_result; 2943 2944 /* clean up */ 2945 iscsi_cmd_free(icmdp); 2946 2947 return (rval); 2948 } 2949 2950 /* 2951 * iscsi_handle_passthru - This function is used to send a uscsi_cmd 2952 * to a specific target lun. This routine is used for internal purposes 2953 * during enumeration and via the ISCSI_USCSICMD IOCTL. We restrict 2954 * the CDBs that can be issued to a target/lun to INQUIRY, REPORT_LUNS, 2955 * and READ_CAPACITY for security purposes. 2956 * 2957 * The logic here is broken into three phases. 2958 * 1) Allocate and initialize a pkt/icmdp 2959 * 2) Send the pkt/icmdp 2960 * 3) cv_wait for completion 2961 */ 2962 iscsi_status_t 2963 iscsi_handle_passthru(iscsi_sess_t *isp, uint16_t lun, struct uscsi_cmd *ucmdp) 2964 { 2965 iscsi_status_t rval; 2966 iscsi_cmd_t *icmdp; 2967 struct scsi_pkt *pkt; 2968 struct buf *bp; 2969 struct scsi_arq_status *arqstat; 2970 int statuslen; 2971 2972 ASSERT(isp != NULL); 2973 ASSERT(ucmdp != NULL); 2974 2975 if (ucmdp->uscsi_rqlen > SENSE_LENGTH) { 2976 /* 2977 * The caller provided sense buffer large enough for additional 2978 * sense bytes. We need to allocate pkt_scbp to fit them there 2979 * too. 2980 */ 2981 statuslen = ucmdp->uscsi_rqlen + ISCSI_ARQ_STATUS_NOSENSE_LEN; 2982 } else { 2983 /* The default size of pkt_scbp */ 2984 statuslen = sizeof (struct scsi_arq_status); 2985 } 2986 2987 /* 2988 * Step 1. Setup structs - KM_SLEEP will always succeed 2989 */ 2990 bp = kmem_zalloc(sizeof (struct buf), KM_SLEEP); 2991 ASSERT(bp != NULL); 2992 pkt = kmem_zalloc(sizeof (struct scsi_pkt), KM_SLEEP); 2993 ASSERT(pkt != NULL); 2994 icmdp = iscsi_cmd_alloc(NULL, KM_SLEEP); 2995 ASSERT(icmdp != NULL); 2996 2997 /* setup bp structure */ 2998 bp->b_flags = B_READ; 2999 bp->b_bcount = ucmdp->uscsi_buflen; 3000 bp->b_un.b_addr = ucmdp->uscsi_bufaddr; 3001 3002 /* setup scsi_pkt structure */ 3003 pkt->pkt_ha_private = icmdp; 3004 pkt->pkt_scbp = kmem_zalloc(statuslen, KM_SLEEP); 3005 pkt->pkt_cdbp = kmem_zalloc(ucmdp->uscsi_cdblen, KM_SLEEP); 3006 /* callback routine for passthru, will wake cv_wait */ 3007 pkt->pkt_comp = iscsi_handle_passthru_callback; 3008 pkt->pkt_time = ucmdp->uscsi_timeout; 3009 3010 /* setup iscsi_cmd structure */ 3011 icmdp->cmd_lun = NULL; 3012 icmdp->cmd_type = ISCSI_CMD_TYPE_SCSI; 3013 icmdp->cmd_un.scsi.lun = lun; 3014 icmdp->cmd_un.scsi.pkt = pkt; 3015 icmdp->cmd_un.scsi.bp = bp; 3016 bcopy(ucmdp->uscsi_cdb, pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 3017 icmdp->cmd_un.scsi.cmdlen = ucmdp->uscsi_cdblen; 3018 icmdp->cmd_un.scsi.statuslen = statuslen; 3019 icmdp->cmd_crc_error_seen = B_FALSE; 3020 icmdp->cmd_completed = B_FALSE; 3021 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 3022 3023 /* 3024 * Step 2. Push IO onto pending queue. If we aren't in 3025 * FULL_FEATURE we need to fail the IO. 3026 */ 3027 rw_enter(&isp->sess_state_rwlock, RW_READER); 3028 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 3029 rw_exit(&isp->sess_state_rwlock); 3030 3031 iscsi_cmd_free(icmdp); 3032 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 3033 kmem_free(pkt->pkt_scbp, statuslen); 3034 kmem_free(pkt, sizeof (struct scsi_pkt)); 3035 kmem_free(bp, sizeof (struct buf)); 3036 3037 return (ISCSI_STATUS_CMD_FAILED); 3038 } 3039 3040 mutex_enter(&isp->sess_queue_pending.mutex); 3041 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 3042 mutex_exit(&isp->sess_queue_pending.mutex); 3043 rw_exit(&isp->sess_state_rwlock); 3044 3045 /* 3046 * Step 3. Wait on cv_wait for completion routine 3047 */ 3048 mutex_enter(&icmdp->cmd_mutex); 3049 while (icmdp->cmd_completed == B_FALSE) { 3050 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 3051 } 3052 mutex_exit(&icmdp->cmd_mutex); 3053 3054 /* copy rval */ 3055 rval = icmdp->cmd_result; 3056 3057 ucmdp->uscsi_resid = pkt->pkt_resid; 3058 3059 /* update scsi status */ 3060 arqstat = (struct scsi_arq_status *)pkt->pkt_scbp; 3061 ucmdp->uscsi_status = ((char *)&arqstat->sts_status)[0]; 3062 3063 /* copy request sense buffers if caller gave space */ 3064 if ((ucmdp->uscsi_rqlen > 0) && 3065 (ucmdp->uscsi_rqbuf != NULL)) { 3066 ASSERT(ucmdp->uscsi_rqlen >= arqstat->sts_rqpkt_resid); 3067 ucmdp->uscsi_rqresid = arqstat->sts_rqpkt_resid; 3068 bcopy(&arqstat->sts_sensedata, ucmdp->uscsi_rqbuf, 3069 ucmdp->uscsi_rqlen - arqstat->sts_rqpkt_resid); 3070 } 3071 3072 if ((ucmdp->uscsi_status == STATUS_CHECK) && 3073 ((icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_INTERNAL)) == B_TRUE) { 3074 /* 3075 * Internal SCSI commands received status 3076 */ 3077 (void) iscsi_decode_sense( 3078 (uint8_t *)&arqstat->sts_sensedata, icmdp); 3079 } 3080 3081 /* clean up */ 3082 iscsi_cmd_free(icmdp); 3083 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 3084 kmem_free(pkt->pkt_scbp, statuslen); 3085 kmem_free(pkt, sizeof (struct scsi_pkt)); 3086 kmem_free(bp, sizeof (struct buf)); 3087 3088 return (rval); 3089 } 3090 3091 3092 /* 3093 * iscsi_handle_passthru_callback - 3094 * 3095 */ 3096 static void 3097 iscsi_handle_passthru_callback(struct scsi_pkt *pkt) 3098 { 3099 iscsi_cmd_t *icmdp = NULL; 3100 3101 ASSERT(pkt != NULL); 3102 icmdp = (iscsi_cmd_t *)pkt->pkt_ha_private; 3103 ASSERT(icmdp != NULL); 3104 3105 mutex_enter(&icmdp->cmd_mutex); 3106 icmdp->cmd_completed = B_TRUE; 3107 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 3108 cv_broadcast(&icmdp->cmd_completion); 3109 mutex_exit(&icmdp->cmd_mutex); 3110 3111 } 3112 3113 /* 3114 * IDM callbacks 3115 */ 3116 void 3117 iscsi_build_hdr(idm_task_t *idm_task, idm_pdu_t *pdu, uint8_t opcode) 3118 { 3119 iscsi_cmd_t *icmdp = idm_task->idt_private; 3120 iscsi_conn_t *icp = icmdp->cmd_conn; 3121 iscsi_data_hdr_t *ihp = (iscsi_data_hdr_t *)pdu->isp_hdr; 3122 3123 mutex_enter(&icmdp->cmd_mutex); 3124 if (opcode == ISCSI_OP_SCSI_DATA) { 3125 uint32_t data_sn; 3126 uint32_t lun; 3127 icmdp = idm_task->idt_private; 3128 icp = icmdp->cmd_conn; 3129 ihp->opcode = opcode; 3130 ihp->itt = icmdp->cmd_itt; 3131 ihp->ttt = idm_task->idt_r2t_ttt; 3132 ihp->expstatsn = htonl(icp->conn_expstatsn); 3133 icp->conn_laststatsn = icp->conn_expstatsn; 3134 data_sn = ntohl(ihp->datasn); 3135 data_sn++; 3136 lun = icmdp->cmd_un.scsi.lun; 3137 ISCSI_LUN_BYTE_COPY(ihp->lun, lun); 3138 /* CRM: upate_flow_control */ 3139 ISCSI_IO_LOG(CE_NOTE, "DEBUG: iscsi_build_hdr" 3140 "(ISCSI_OP_SCSI_DATA): task: %p icp: %p ic: %p itt: %x " 3141 "exp: %d data_sn: %d", (void *)idm_task, (void *)icp, 3142 (void *)icp->conn_ic, ihp->itt, icp->conn_expstatsn, 3143 data_sn); 3144 } else { 3145 cmn_err(CE_WARN, "iscsi_build_hdr: unprocessed build " 3146 "header opcode: %x", opcode); 3147 } 3148 mutex_exit(&icmdp->cmd_mutex); 3149 } 3150 3151 static void 3152 iscsi_process_rsp_status(iscsi_sess_t *isp, iscsi_conn_t *icp, 3153 idm_status_t status) 3154 { 3155 switch (status) { 3156 case IDM_STATUS_SUCCESS: 3157 if ((isp->sess_state == ISCSI_SESS_STATE_IN_FLUSH) && 3158 (icp->conn_queue_active.count == 0)) { 3159 iscsi_drop_conn_cleanup(icp); 3160 } 3161 break; 3162 case IDM_STATUS_PROTOCOL_ERROR: 3163 KSTAT_INC_CONN_ERR_PROTOCOL(icp); 3164 iscsi_drop_conn_cleanup(icp); 3165 break; 3166 default: 3167 break; 3168 } 3169 } 3170 3171 static void 3172 iscsi_drop_conn_cleanup(iscsi_conn_t *icp) { 3173 mutex_enter(&icp->conn_state_mutex); 3174 idm_ini_conn_disconnect(icp->conn_ic); 3175 mutex_exit(&icp->conn_state_mutex); 3176 } 3177 3178 void 3179 iscsi_rx_error_pdu(idm_conn_t *ic, idm_pdu_t *pdu, idm_status_t status) 3180 { 3181 iscsi_conn_t *icp = (iscsi_conn_t *)ic->ic_handle; 3182 iscsi_sess_t *isp; 3183 3184 ASSERT(icp != NULL); 3185 isp = icp->conn_sess; 3186 ASSERT(isp != NULL); 3187 iscsi_process_rsp_status(isp, icp, status); 3188 idm_pdu_complete(pdu, status); 3189 } 3190 3191 void 3192 iscsi_rx_misc_pdu(idm_conn_t *ic, idm_pdu_t *pdu) 3193 { 3194 iscsi_conn_t *icp; 3195 iscsi_hdr_t *ihp = (iscsi_hdr_t *)pdu->isp_hdr; 3196 iscsi_sess_t *isp; 3197 idm_status_t status; 3198 3199 icp = ic->ic_handle; 3200 isp = icp->conn_sess; 3201 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 3202 switch (ihp->opcode & ISCSI_OPCODE_MASK) { 3203 case ISCSI_OP_LOGIN_RSP: 3204 status = iscsi_rx_process_login_pdu(ic, pdu); 3205 idm_pdu_complete(pdu, status); 3206 break; 3207 case ISCSI_OP_LOGOUT_RSP: 3208 status = iscsi_rx_process_logout_rsp(ic, pdu); 3209 idm_pdu_complete(pdu, status); 3210 break; 3211 case ISCSI_OP_REJECT_MSG: 3212 status = iscsi_rx_process_reject_rsp(ic, pdu); 3213 break; 3214 case ISCSI_OP_SCSI_TASK_MGT_RSP: 3215 status = iscsi_rx_process_task_mgt_rsp(ic, pdu); 3216 idm_pdu_complete(pdu, status); 3217 break; 3218 case ISCSI_OP_NOOP_IN: 3219 status = iscsi_rx_process_nop(ic, pdu); 3220 idm_pdu_complete(pdu, status); 3221 break; 3222 case ISCSI_OP_ASYNC_EVENT: 3223 status = iscsi_rx_process_async_rsp(ic, pdu); 3224 break; 3225 case ISCSI_OP_TEXT_RSP: 3226 status = iscsi_rx_process_text_rsp(ic, pdu); 3227 idm_pdu_complete(pdu, status); 3228 break; 3229 default: 3230 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 3231 "- received misc unsupported opcode 0x%02x", 3232 icp->conn_oid, ihp->opcode); 3233 status = IDM_STATUS_PROTOCOL_ERROR; 3234 break; 3235 } 3236 iscsi_process_rsp_status(isp, icp, status); 3237 } 3238 3239 /* 3240 * +--------------------------------------------------------------------+ 3241 * | Beginning of completion routines | 3242 * +--------------------------------------------------------------------+ 3243 */ 3244 3245 /* 3246 * iscsi_ic_thread - 3247 */ 3248 void 3249 iscsi_ic_thread(iscsi_thread_t *thread, void *arg) 3250 { 3251 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 3252 int ret; 3253 iscsi_queue_t q; 3254 iscsi_cmd_t *icmdp; 3255 iscsi_cmd_t *next_icmdp; 3256 3257 ASSERT(isp != NULL); 3258 ASSERT(thread != NULL); 3259 ASSERT(thread->signature == SIG_ISCSI_THREAD); 3260 3261 for (;;) { 3262 3263 /* 3264 * We wait till iodone or somebody else wakes us up. 3265 */ 3266 ret = iscsi_thread_wait(thread, -1); 3267 3268 /* 3269 * The value should never be negative since we never timeout. 3270 */ 3271 ASSERT(ret >= 0); 3272 3273 q.count = 0; 3274 q.head = NULL; 3275 q.tail = NULL; 3276 mutex_enter(&isp->sess_queue_completion.mutex); 3277 icmdp = isp->sess_queue_completion.head; 3278 while (icmdp != NULL) { 3279 next_icmdp = icmdp->cmd_next; 3280 mutex_enter(&icmdp->cmd_mutex); 3281 /* 3282 * check if the associated r2t/abort has finished 3283 * yet. If not, don't complete the command. 3284 */ 3285 if ((icmdp->cmd_un.scsi.r2t_icmdp == NULL) && 3286 (icmdp->cmd_un.scsi.abort_icmdp == NULL)) { 3287 mutex_exit(&icmdp->cmd_mutex); 3288 (void) iscsi_dequeue_cmd(&isp-> 3289 sess_queue_completion.head, 3290 &isp->sess_queue_completion.tail, 3291 icmdp); 3292 --isp->sess_queue_completion.count; 3293 iscsi_enqueue_cmd_head(&q.head, 3294 &q.tail, icmdp); 3295 } else { 3296 mutex_exit(&icmdp->cmd_mutex); 3297 } 3298 icmdp = next_icmdp; 3299 } 3300 mutex_exit(&isp->sess_queue_completion.mutex); 3301 icmdp = q.head; 3302 while (icmdp != NULL) { 3303 next_icmdp = icmdp->cmd_next; 3304 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E8, isp); 3305 icmdp = next_icmdp; 3306 } 3307 3308 if (ret > 0) 3309 /* Somebody woke us up to work */ 3310 continue; 3311 else 3312 /* 3313 * Somebody woke us up to kill ourselves. We will 3314 * make sure, however that the completion queue is 3315 * empty before leaving. After we've done that it 3316 * is the originator of the signal that has to make 3317 * sure no other SCSI command is posted. 3318 */ 3319 break; 3320 } 3321 3322 } 3323 3324 /* 3325 * iscsi_iodone - 3326 * 3327 */ 3328 void 3329 iscsi_iodone(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 3330 { 3331 struct scsi_pkt *pkt = NULL; 3332 struct buf *bp = icmdp->cmd_un.scsi.bp; 3333 3334 ASSERT(isp != NULL); 3335 ASSERT(icmdp != NULL); 3336 pkt = icmdp->cmd_un.scsi.pkt; 3337 ASSERT(pkt != NULL); 3338 3339 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 3340 ASSERT(icmdp->cmd_un.scsi.r2t_icmdp == NULL); 3341 if (pkt->pkt_reason == CMD_CMPLT) { 3342 if (bp) { 3343 if (bp->b_flags & B_READ) { 3344 KSTAT_SESS_RX_IO_DONE(isp, bp->b_bcount); 3345 } else { 3346 KSTAT_SESS_TX_IO_DONE(isp, bp->b_bcount); 3347 } 3348 } 3349 } 3350 3351 if (pkt->pkt_flags & FLAG_NOINTR) { 3352 cv_broadcast(&icmdp->cmd_completion); 3353 mutex_exit(&icmdp->cmd_mutex); 3354 } else { 3355 /* 3356 * Release mutex. As soon as callback is 3357 * issued the caller may destroy the command. 3358 */ 3359 mutex_exit(&icmdp->cmd_mutex); 3360 /* 3361 * We can't just directly call the pk_comp routine. In 3362 * many error cases the target driver will use the calling 3363 * thread to re-drive error handling (reset, retries...) 3364 * back into the hba driver (iscsi). If the target redrives 3365 * a reset back into the iscsi driver off this thead we have 3366 * a chance of deadlocking. So instead use the io completion 3367 * thread. 3368 */ 3369 (*icmdp->cmd_un.scsi.pkt->pkt_comp)(icmdp->cmd_un.scsi.pkt); 3370 } 3371 } 3372 3373 /* 3374 * +--------------------------------------------------------------------+ 3375 * | End of completion routines | 3376 * +--------------------------------------------------------------------+ 3377 */ 3378 3379 /* 3380 * +--------------------------------------------------------------------+ 3381 * | Beginning of watchdog routines | 3382 * +--------------------------------------------------------------------+ 3383 */ 3384 3385 /* 3386 * iscsi_watchdog_thread - 3387 * 3388 */ 3389 void 3390 iscsi_wd_thread(iscsi_thread_t *thread, void *arg) 3391 { 3392 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 3393 int rc = 1; 3394 3395 ASSERT(isp != NULL); 3396 3397 while (rc != NULL) { 3398 3399 iscsi_timeout_checks(isp); 3400 iscsi_nop_checks(isp); 3401 3402 rc = iscsi_thread_wait(thread, SEC_TO_TICK(1)); 3403 } 3404 } 3405 3406 /* 3407 * iscsi_timeout_checks - 3408 * 3409 */ 3410 static void 3411 iscsi_timeout_checks(iscsi_sess_t *isp) 3412 { 3413 clock_t now = ddi_get_lbolt(); 3414 iscsi_conn_t *icp; 3415 iscsi_cmd_t *icmdp, *nicmdp; 3416 3417 ASSERT(isp != NULL); 3418 3419 /* PENDING */ 3420 rw_enter(&isp->sess_state_rwlock, RW_READER); 3421 mutex_enter(&isp->sess_queue_pending.mutex); 3422 for (icmdp = isp->sess_queue_pending.head; 3423 icmdp; icmdp = nicmdp) { 3424 nicmdp = icmdp->cmd_next; 3425 3426 /* Skip entries with no timeout */ 3427 if (icmdp->cmd_lbolt_timeout == 0) 3428 continue; 3429 3430 /* 3431 * Skip pending queue entries for cmd_type values that depend 3432 * on having an open cmdsn window for successfull transition 3433 * from pending to the active (i.e. ones that depend on 3434 * sess_cmdsn .vs. sess_maxcmdsn). For them, the timer starts 3435 * when they are successfully moved to the active queue by 3436 * iscsi_cmd_state_pending() code. 3437 */ 3438 /* 3439 * If the cmd is stuck, at least give it a chance 3440 * to timeout 3441 */ 3442 if (((icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI) || 3443 (icmdp->cmd_type == ISCSI_CMD_TYPE_TEXT)) && 3444 !(icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_STUCK)) 3445 continue; 3446 3447 /* Skip if timeout still in the future */ 3448 if (now <= icmdp->cmd_lbolt_timeout) 3449 continue; 3450 3451 /* timeout */ 3452 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3453 } 3454 mutex_exit(&isp->sess_queue_pending.mutex); 3455 rw_exit(&isp->sess_state_rwlock); 3456 3457 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3458 icp = isp->sess_conn_list; 3459 while (icp != NULL) { 3460 3461 icp->conn_timeout = B_FALSE; 3462 /* ACTIVE */ 3463 mutex_enter(&icp->conn_state_mutex); 3464 mutex_enter(&isp->sess_queue_pending.mutex); 3465 mutex_enter(&icp->conn_queue_active.mutex); 3466 for (icmdp = icp->conn_queue_active.head; 3467 icmdp; icmdp = nicmdp) { 3468 nicmdp = icmdp->cmd_next; 3469 3470 if (iscsi_nop_timeout_checks(icmdp) == B_TRUE) { 3471 icp->conn_timeout = B_TRUE; 3472 } 3473 3474 /* Skip entries with no timeout */ 3475 if (icmdp->cmd_lbolt_timeout == 0) 3476 continue; 3477 3478 /* 3479 * Skip if command is not active or not needed 3480 * to flush. 3481 */ 3482 if (icmdp->cmd_state != ISCSI_CMD_STATE_ACTIVE && 3483 !(icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_FLUSH)) 3484 continue; 3485 3486 /* Skip if timeout still in the future */ 3487 if (now <= icmdp->cmd_lbolt_timeout) 3488 continue; 3489 3490 if (icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_FLUSH) { 3491 /* 3492 * This command is left during target reset, 3493 * we can flush it now. 3494 */ 3495 iscsi_cmd_state_machine(icmdp, 3496 ISCSI_CMD_EVENT_E7, isp); 3497 } else if (icmdp->cmd_state == ISCSI_CMD_STATE_ACTIVE) { 3498 /* timeout */ 3499 iscsi_cmd_state_machine(icmdp, 3500 ISCSI_CMD_EVENT_E6, isp); 3501 } 3502 3503 } 3504 mutex_exit(&icp->conn_queue_active.mutex); 3505 mutex_exit(&isp->sess_queue_pending.mutex); 3506 mutex_exit(&icp->conn_state_mutex); 3507 3508 icp = icp->conn_next; 3509 } 3510 3511 icp = isp->sess_conn_list; 3512 while (icp != NULL) { 3513 if (icp->conn_timeout == B_TRUE) { 3514 /* timeout on this connect detected */ 3515 idm_ini_conn_disconnect(icp->conn_ic); 3516 icp->conn_timeout = B_FALSE; 3517 } 3518 icp = icp->conn_next; 3519 } 3520 rw_exit(&isp->sess_conn_list_rwlock); 3521 } 3522 3523 /* 3524 * iscsi_nop_checks - sends a NOP on idle connections 3525 * 3526 * This function walks the connections on a session and 3527 * issues NOPs on those connections that are in FULL 3528 * FEATURE mode and have not received data for the 3529 * time period specified by iscsi_nop_delay (global). 3530 */ 3531 static void 3532 iscsi_nop_checks(iscsi_sess_t *isp) 3533 { 3534 iscsi_conn_t *icp; 3535 3536 ASSERT(isp != NULL); 3537 3538 if (isp->sess_type == ISCSI_SESS_TYPE_DISCOVERY) { 3539 return; 3540 } 3541 3542 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3543 icp = isp->sess_conn_act; 3544 if (icp != NULL) { 3545 3546 mutex_enter(&icp->conn_state_mutex); 3547 if ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 3548 (ddi_get_lbolt() > isp->sess_conn_act->conn_rx_lbolt + 3549 SEC_TO_TICK(iscsi_nop_delay)) && (ddi_get_lbolt() > 3550 isp->sess_conn_act->conn_nop_lbolt + 3551 SEC_TO_TICK(iscsi_nop_delay))) { 3552 3553 /* 3554 * We haven't received anything from the 3555 * target is a defined period of time, 3556 * send NOP to see if the target is alive. 3557 */ 3558 mutex_enter(&isp->sess_queue_pending.mutex); 3559 iscsi_handle_nop(isp->sess_conn_act, 3560 0, ISCSI_RSVD_TASK_TAG); 3561 mutex_exit(&isp->sess_queue_pending.mutex); 3562 } 3563 mutex_exit(&icp->conn_state_mutex); 3564 3565 icp = icp->conn_next; 3566 } 3567 rw_exit(&isp->sess_conn_list_rwlock); 3568 } 3569 3570 static boolean_t 3571 iscsi_nop_timeout_checks(iscsi_cmd_t *icmdp) 3572 { 3573 if (icmdp->cmd_type == ISCSI_CMD_TYPE_NOP) { 3574 if ((ddi_get_lbolt() - icmdp->cmd_lbolt_active) > 3575 SEC_TO_TICK(ISCSI_CONN_TIEMOUT_DETECT)) { 3576 return (B_TRUE); 3577 } else { 3578 return (B_FALSE); 3579 } 3580 } 3581 return (B_FALSE); 3582 } 3583 /* 3584 * +--------------------------------------------------------------------+ 3585 * | End of wd routines | 3586 * +--------------------------------------------------------------------+ 3587 */ 3588 3589 /* 3590 * iscsi_flush_cmd_after_reset - flush commands after reset 3591 * 3592 * Here we will flush all the commands for a specified LUN whose cmdsn is less 3593 * than the one received with the Unit Attention. 3594 */ 3595 static void 3596 iscsi_flush_cmd_after_reset(uint32_t cmd_sn, uint16_t lun_num, 3597 iscsi_conn_t *icp) 3598 { 3599 iscsi_cmd_t *t_icmdp = NULL; 3600 iscsi_cmd_t *next_icmdp = NULL; 3601 3602 ASSERT(icp != NULL); 3603 3604 t_icmdp = icp->conn_queue_active.head; 3605 while (t_icmdp != NULL) { 3606 next_icmdp = t_icmdp->cmd_next; 3607 mutex_enter(&t_icmdp->cmd_mutex); 3608 /* 3609 * We will flush the commands whose cmdsn is less than the one 3610 * got Unit Attention. 3611 * Here we will check for wrap by subtracting and compare to 3612 * 1/2 of a 32 bit number, if greater then we wrapped. 3613 */ 3614 if ((t_icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_SENT) && 3615 ((cmd_sn > t_icmdp->cmd_sn) || 3616 ((t_icmdp->cmd_sn - cmd_sn) > 3617 ISCSI_CMD_SN_WRAP))) { 3618 /* 3619 * Internally generated SCSI commands do not have 3620 * t_icmdp->cmd_lun set, but the LUN can be retrieved 3621 * from t_icmdp->cmd_un.scsi.lun. 3622 */ 3623 if ((t_icmdp->cmd_lun != NULL && 3624 t_icmdp->cmd_lun->lun_num == lun_num) || 3625 (t_icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI && 3626 (t_icmdp->cmd_un.scsi.lun & ISCSI_LUN_MASK) == 3627 lun_num)) { 3628 t_icmdp->cmd_misc_flags |= 3629 ISCSI_CMD_MISCFLAG_FLUSH; 3630 if (t_icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI) { 3631 t_icmdp->cmd_un.scsi.pkt_stat |= 3632 STAT_BUS_RESET; 3633 } 3634 } 3635 } 3636 mutex_exit(&t_icmdp->cmd_mutex); 3637 t_icmdp = next_icmdp; 3638 } 3639 } 3640 3641 /* 3642 * iscsi_decode_sense - decode the sense data in the cmd response 3643 * and take proper actions 3644 */ 3645 static boolean_t 3646 iscsi_decode_sense(uint8_t *sense_data, iscsi_cmd_t *icmdp) 3647 { 3648 uint8_t sense_key = 0; 3649 uint8_t asc = 0; 3650 uint8_t ascq = 0; 3651 boolean_t flush_io = B_FALSE; 3652 boolean_t reconfig_lun = B_FALSE; 3653 iscsi_sess_t *isp = NULL; 3654 3655 ASSERT(sense_data != NULL); 3656 3657 isp = icmdp->cmd_conn->conn_sess; 3658 3659 sense_key = scsi_sense_key(sense_data); 3660 switch (sense_key) { 3661 case KEY_UNIT_ATTENTION: 3662 asc = scsi_sense_asc(sense_data); 3663 switch (asc) { 3664 case ISCSI_SCSI_RESET_SENSE_CODE: 3665 /* 3666 * POWER ON, RESET, OR BUS_DEVICE RESET 3667 * OCCURRED 3668 */ 3669 flush_io = B_TRUE; 3670 break; 3671 case ISCSI_SCSI_LUNCHANGED_CODE: 3672 ascq = scsi_sense_ascq(sense_data); 3673 if (ascq == ISCSI_SCSI_LUNCHANGED_ASCQ) 3674 reconfig_lun = B_TRUE; 3675 default: 3676 break; 3677 } 3678 break; 3679 default: 3680 /* 3681 * Currently we don't care 3682 * about other sense key. 3683 */ 3684 break; 3685 } 3686 3687 if (reconfig_lun == B_TRUE) { 3688 rw_enter(&isp->sess_state_rwlock, RW_READER); 3689 if ((isp->sess_state == ISCSI_SESS_STATE_LOGGED_IN) && 3690 (iscsi_sess_enum_request(isp, B_FALSE, 3691 isp->sess_state_event_count) != 3692 ISCSI_SESS_ENUM_SUBMITTED)) { 3693 cmn_err(CE_WARN, "Unable to commit re-enumeration for" 3694 " session(%u) %s", isp->sess_oid, isp->sess_name); 3695 } 3696 rw_exit(&isp->sess_state_rwlock); 3697 } 3698 3699 return (flush_io); 3700 } 3701