1 /*- 2 * Copyright (c) 2012 The FreeBSD Foundation 3 * All rights reserved. 4 * 5 * This software was developed by Edward Tomasz Napierala under sponsorship 6 * from the FreeBSD Foundation. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 */ 30 31 #include <sys/cdefs.h> 32 __FBSDID("$FreeBSD$"); 33 34 #include <sys/param.h> 35 #include <sys/condvar.h> 36 #include <sys/conf.h> 37 #include <sys/endian.h> 38 #include <sys/eventhandler.h> 39 #include <sys/file.h> 40 #include <sys/kernel.h> 41 #include <sys/kthread.h> 42 #include <sys/lock.h> 43 #include <sys/malloc.h> 44 #include <sys/mutex.h> 45 #include <sys/module.h> 46 #include <sys/sysctl.h> 47 #include <sys/systm.h> 48 #include <sys/sx.h> 49 #include <vm/uma.h> 50 51 #include <cam/cam.h> 52 #include <cam/cam_ccb.h> 53 #include <cam/cam_xpt.h> 54 #include <cam/cam_debug.h> 55 #include <cam/cam_sim.h> 56 #include <cam/cam_xpt_sim.h> 57 #include <cam/cam_xpt_periph.h> 58 #include <cam/cam_periph.h> 59 #include <cam/scsi/scsi_all.h> 60 #include <cam/scsi/scsi_message.h> 61 62 #include <dev/iscsi/icl.h> 63 #include <dev/iscsi/iscsi_ioctl.h> 64 #include <dev/iscsi/iscsi_proto.h> 65 #include <dev/iscsi/iscsi.h> 66 67 #ifdef ICL_KERNEL_PROXY 68 #include <sys/socketvar.h> 69 #endif 70 71 #ifdef ICL_KERNEL_PROXY 72 FEATURE(iscsi_kernel_proxy, "iSCSI initiator built with ICL_KERNEL_PROXY"); 73 #endif 74 75 /* 76 * XXX: This is global so the iscsi_unload() can access it. 77 * Think about how to do this properly. 78 */ 79 static struct iscsi_softc *sc; 80 81 SYSCTL_NODE(_kern, OID_AUTO, iscsi, CTLFLAG_RD, 0, "iSCSI initiator"); 82 static int debug = 1; 83 SYSCTL_INT(_kern_iscsi, OID_AUTO, debug, CTLFLAG_RWTUN, 84 &debug, 0, "Enable debug messages"); 85 static int ping_timeout = 5; 86 SYSCTL_INT(_kern_iscsi, OID_AUTO, ping_timeout, CTLFLAG_RWTUN, &ping_timeout, 87 0, "Timeout for ping (NOP-Out) requests, in seconds"); 88 static int iscsid_timeout = 60; 89 SYSCTL_INT(_kern_iscsi, OID_AUTO, iscsid_timeout, CTLFLAG_RWTUN, &iscsid_timeout, 90 0, "Time to wait for iscsid(8) to handle reconnection, in seconds"); 91 static int login_timeout = 60; 92 SYSCTL_INT(_kern_iscsi, OID_AUTO, login_timeout, CTLFLAG_RWTUN, &login_timeout, 93 0, "Time to wait for iscsid(8) to finish Login Phase, in seconds"); 94 static int maxtags = 255; 95 SYSCTL_INT(_kern_iscsi, OID_AUTO, maxtags, CTLFLAG_RWTUN, &maxtags, 96 0, "Max number of IO requests queued"); 97 static int fail_on_disconnection = 0; 98 SYSCTL_INT(_kern_iscsi, OID_AUTO, fail_on_disconnection, CTLFLAG_RWTUN, 99 &fail_on_disconnection, 0, "Destroy CAM SIM on connection failure"); 100 101 static MALLOC_DEFINE(M_ISCSI, "iSCSI", "iSCSI initiator"); 102 static uma_zone_t iscsi_outstanding_zone; 103 104 #define CONN_SESSION(X) ((struct iscsi_session *)X->ic_prv0) 105 #define PDU_SESSION(X) (CONN_SESSION(X->ip_conn)) 106 107 #define ISCSI_DEBUG(X, ...) \ 108 do { \ 109 if (debug > 1) \ 110 printf("%s: " X "\n", __func__, ## __VA_ARGS__);\ 111 } while (0) 112 113 #define ISCSI_WARN(X, ...) \ 114 do { \ 115 if (debug > 0) { \ 116 printf("WARNING: %s: " X "\n", \ 117 __func__, ## __VA_ARGS__); \ 118 } \ 119 } while (0) 120 121 #define ISCSI_SESSION_DEBUG(S, X, ...) \ 122 do { \ 123 if (debug > 1) { \ 124 printf("%s: %s (%s): " X "\n", \ 125 __func__, S->is_conf.isc_target_addr, \ 126 S->is_conf.isc_target, ## __VA_ARGS__); \ 127 } \ 128 } while (0) 129 130 #define ISCSI_SESSION_WARN(S, X, ...) \ 131 do { \ 132 if (debug > 0) { \ 133 printf("WARNING: %s (%s): " X "\n", \ 134 S->is_conf.isc_target_addr, \ 135 S->is_conf.isc_target, ## __VA_ARGS__); \ 136 } \ 137 } while (0) 138 139 #define ISCSI_SESSION_LOCK(X) mtx_lock(&X->is_lock) 140 #define ISCSI_SESSION_UNLOCK(X) mtx_unlock(&X->is_lock) 141 #define ISCSI_SESSION_LOCK_ASSERT(X) mtx_assert(&X->is_lock, MA_OWNED) 142 143 static int iscsi_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, 144 int mode, struct thread *td); 145 146 static struct cdevsw iscsi_cdevsw = { 147 .d_version = D_VERSION, 148 .d_ioctl = iscsi_ioctl, 149 .d_name = "iscsi", 150 }; 151 152 static void iscsi_pdu_queue_locked(struct icl_pdu *request); 153 static void iscsi_pdu_queue(struct icl_pdu *request); 154 static void iscsi_pdu_update_statsn(const struct icl_pdu *response); 155 static void iscsi_pdu_handle_nop_in(struct icl_pdu *response); 156 static void iscsi_pdu_handle_scsi_response(struct icl_pdu *response); 157 static void iscsi_pdu_handle_task_response(struct icl_pdu *response); 158 static void iscsi_pdu_handle_data_in(struct icl_pdu *response); 159 static void iscsi_pdu_handle_logout_response(struct icl_pdu *response); 160 static void iscsi_pdu_handle_r2t(struct icl_pdu *response); 161 static void iscsi_pdu_handle_async_message(struct icl_pdu *response); 162 static void iscsi_pdu_handle_reject(struct icl_pdu *response); 163 static void iscsi_session_reconnect(struct iscsi_session *is); 164 static void iscsi_session_terminate(struct iscsi_session *is); 165 static void iscsi_action(struct cam_sim *sim, union ccb *ccb); 166 static void iscsi_poll(struct cam_sim *sim); 167 static struct iscsi_outstanding *iscsi_outstanding_find(struct iscsi_session *is, 168 uint32_t initiator_task_tag); 169 static struct iscsi_outstanding *iscsi_outstanding_add(struct iscsi_session *is, 170 uint32_t initiator_task_tag, union ccb *ccb); 171 static void iscsi_outstanding_remove(struct iscsi_session *is, 172 struct iscsi_outstanding *io); 173 174 static bool 175 iscsi_pdu_prepare(struct icl_pdu *request) 176 { 177 struct iscsi_session *is; 178 struct iscsi_bhs_scsi_command *bhssc; 179 180 is = PDU_SESSION(request); 181 182 ISCSI_SESSION_LOCK_ASSERT(is); 183 184 /* 185 * We're only using fields common for all the request 186 * (initiator -> target) PDUs. 187 */ 188 bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs; 189 190 /* 191 * Data-Out PDU does not contain CmdSN. 192 */ 193 if (bhssc->bhssc_opcode != ISCSI_BHS_OPCODE_SCSI_DATA_OUT) { 194 if (is->is_cmdsn > is->is_maxcmdsn && 195 (bhssc->bhssc_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) { 196 /* 197 * Current MaxCmdSN prevents us from sending any more 198 * SCSI Command PDUs to the target; postpone the PDU. 199 * It will get resent by either iscsi_pdu_queue(), 200 * or by maintenance thread. 201 */ 202 #if 0 203 ISCSI_SESSION_DEBUG(is, "postponing send, CmdSN %d, ExpCmdSN %d, MaxCmdSN %d, opcode 0x%x", 204 is->is_cmdsn, is->is_expcmdsn, is->is_maxcmdsn, bhssc->bhssc_opcode); 205 #endif 206 return (true); 207 } 208 bhssc->bhssc_cmdsn = htonl(is->is_cmdsn); 209 if ((bhssc->bhssc_opcode & ISCSI_BHS_OPCODE_IMMEDIATE) == 0) 210 is->is_cmdsn++; 211 } 212 bhssc->bhssc_expstatsn = htonl(is->is_statsn + 1); 213 214 return (false); 215 } 216 217 static void 218 iscsi_session_send_postponed(struct iscsi_session *is) 219 { 220 struct icl_pdu *request; 221 bool postpone; 222 223 ISCSI_SESSION_LOCK_ASSERT(is); 224 225 while (!STAILQ_EMPTY(&is->is_postponed)) { 226 request = STAILQ_FIRST(&is->is_postponed); 227 postpone = iscsi_pdu_prepare(request); 228 if (postpone) 229 break; 230 STAILQ_REMOVE_HEAD(&is->is_postponed, ip_next); 231 icl_pdu_queue(request); 232 } 233 } 234 235 static void 236 iscsi_pdu_queue_locked(struct icl_pdu *request) 237 { 238 struct iscsi_session *is; 239 bool postpone; 240 241 is = PDU_SESSION(request); 242 ISCSI_SESSION_LOCK_ASSERT(is); 243 iscsi_session_send_postponed(is); 244 postpone = iscsi_pdu_prepare(request); 245 if (postpone) { 246 STAILQ_INSERT_TAIL(&is->is_postponed, request, ip_next); 247 return; 248 } 249 icl_pdu_queue(request); 250 } 251 252 static void 253 iscsi_pdu_queue(struct icl_pdu *request) 254 { 255 struct iscsi_session *is; 256 257 is = PDU_SESSION(request); 258 ISCSI_SESSION_LOCK(is); 259 iscsi_pdu_queue_locked(request); 260 ISCSI_SESSION_UNLOCK(is); 261 } 262 263 static void 264 iscsi_session_logout(struct iscsi_session *is) 265 { 266 struct icl_pdu *request; 267 struct iscsi_bhs_logout_request *bhslr; 268 269 request = icl_pdu_new_bhs(is->is_conn, M_NOWAIT); 270 if (request == NULL) 271 return; 272 273 bhslr = (struct iscsi_bhs_logout_request *)request->ip_bhs; 274 bhslr->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_REQUEST; 275 bhslr->bhslr_reason = BHSLR_REASON_CLOSE_SESSION; 276 iscsi_pdu_queue_locked(request); 277 } 278 279 static void 280 iscsi_session_terminate_task(struct iscsi_session *is, 281 struct iscsi_outstanding *io, bool requeue) 282 { 283 284 if (io->io_ccb != NULL) { 285 io->io_ccb->ccb_h.status &= ~(CAM_SIM_QUEUED | CAM_STATUS_MASK); 286 if (requeue) 287 io->io_ccb->ccb_h.status |= CAM_REQUEUE_REQ; 288 else 289 io->io_ccb->ccb_h.status |= CAM_REQ_ABORTED; 290 if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 291 io->io_ccb->ccb_h.status |= CAM_DEV_QFRZN; 292 xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); 293 ISCSI_SESSION_DEBUG(is, "freezing devq"); 294 } 295 xpt_done(io->io_ccb); 296 } 297 iscsi_outstanding_remove(is, io); 298 } 299 300 static void 301 iscsi_session_terminate_tasks(struct iscsi_session *is, bool requeue) 302 { 303 struct iscsi_outstanding *io, *tmp; 304 305 ISCSI_SESSION_LOCK_ASSERT(is); 306 307 TAILQ_FOREACH_SAFE(io, &is->is_outstanding, io_next, tmp) { 308 iscsi_session_terminate_task(is, io, requeue); 309 } 310 } 311 312 static void 313 iscsi_session_cleanup(struct iscsi_session *is, bool destroy_sim) 314 { 315 struct icl_pdu *pdu; 316 317 ISCSI_SESSION_LOCK_ASSERT(is); 318 319 /* 320 * Don't queue any new PDUs. 321 */ 322 if (is->is_sim != NULL && is->is_simq_frozen == false) { 323 ISCSI_SESSION_DEBUG(is, "freezing"); 324 xpt_freeze_simq(is->is_sim, 1); 325 is->is_simq_frozen = true; 326 } 327 328 /* 329 * Remove postponed PDUs. 330 */ 331 while (!STAILQ_EMPTY(&is->is_postponed)) { 332 pdu = STAILQ_FIRST(&is->is_postponed); 333 STAILQ_REMOVE_HEAD(&is->is_postponed, ip_next); 334 icl_pdu_free(pdu); 335 } 336 337 if (destroy_sim == false) { 338 /* 339 * Terminate SCSI tasks, asking CAM to requeue them. 340 */ 341 iscsi_session_terminate_tasks(is, true); 342 return; 343 } 344 345 iscsi_session_terminate_tasks(is, false); 346 347 if (is->is_sim == NULL) 348 return; 349 350 ISCSI_SESSION_DEBUG(is, "deregistering SIM"); 351 xpt_async(AC_LOST_DEVICE, is->is_path, NULL); 352 353 if (is->is_simq_frozen) { 354 xpt_release_simq(is->is_sim, 1); 355 is->is_simq_frozen = false; 356 } 357 358 xpt_free_path(is->is_path); 359 is->is_path = NULL; 360 xpt_bus_deregister(cam_sim_path(is->is_sim)); 361 cam_sim_free(is->is_sim, TRUE /*free_devq*/); 362 is->is_sim = NULL; 363 is->is_devq = NULL; 364 } 365 366 static void 367 iscsi_maintenance_thread_reconnect(struct iscsi_session *is) 368 { 369 370 icl_conn_shutdown(is->is_conn); 371 icl_conn_close(is->is_conn); 372 373 ISCSI_SESSION_LOCK(is); 374 375 is->is_connected = false; 376 is->is_reconnecting = false; 377 is->is_login_phase = false; 378 379 #ifdef ICL_KERNEL_PROXY 380 if (is->is_login_pdu != NULL) { 381 icl_pdu_free(is->is_login_pdu); 382 is->is_login_pdu = NULL; 383 } 384 cv_signal(&is->is_login_cv); 385 #endif 386 387 if (fail_on_disconnection) { 388 ISCSI_SESSION_DEBUG(is, "connection failed, destroying devices"); 389 iscsi_session_cleanup(is, true); 390 } else { 391 iscsi_session_cleanup(is, false); 392 } 393 394 KASSERT(TAILQ_EMPTY(&is->is_outstanding), 395 ("destroying session with active tasks")); 396 KASSERT(STAILQ_EMPTY(&is->is_postponed), 397 ("destroying session with postponed PDUs")); 398 399 /* 400 * Request immediate reconnection from iscsid(8). 401 */ 402 //ISCSI_SESSION_DEBUG(is, "waking up iscsid(8)"); 403 is->is_waiting_for_iscsid = true; 404 strlcpy(is->is_reason, "Waiting for iscsid(8)", sizeof(is->is_reason)); 405 is->is_timeout = 0; 406 ISCSI_SESSION_UNLOCK(is); 407 cv_signal(&is->is_softc->sc_cv); 408 } 409 410 static void 411 iscsi_maintenance_thread_terminate(struct iscsi_session *is) 412 { 413 struct iscsi_softc *sc; 414 415 sc = is->is_softc; 416 sx_xlock(&sc->sc_lock); 417 TAILQ_REMOVE(&sc->sc_sessions, is, is_next); 418 sx_xunlock(&sc->sc_lock); 419 420 icl_conn_close(is->is_conn); 421 422 ISCSI_SESSION_LOCK(is); 423 424 KASSERT(is->is_terminating, ("is_terminating == false")); 425 426 #ifdef ICL_KERNEL_PROXY 427 if (is->is_login_pdu != NULL) { 428 icl_pdu_free(is->is_login_pdu); 429 is->is_login_pdu = NULL; 430 } 431 cv_signal(&is->is_login_cv); 432 #endif 433 434 callout_drain(&is->is_callout); 435 436 iscsi_session_cleanup(is, true); 437 438 KASSERT(TAILQ_EMPTY(&is->is_outstanding), 439 ("destroying session with active tasks")); 440 KASSERT(STAILQ_EMPTY(&is->is_postponed), 441 ("destroying session with postponed PDUs")); 442 443 ISCSI_SESSION_UNLOCK(is); 444 445 icl_conn_free(is->is_conn); 446 mtx_destroy(&is->is_lock); 447 cv_destroy(&is->is_maintenance_cv); 448 #ifdef ICL_KERNEL_PROXY 449 cv_destroy(&is->is_login_cv); 450 #endif 451 ISCSI_SESSION_DEBUG(is, "terminated"); 452 free(is, M_ISCSI); 453 454 /* 455 * The iscsi_unload() routine might be waiting. 456 */ 457 cv_signal(&sc->sc_cv); 458 } 459 460 static void 461 iscsi_maintenance_thread(void *arg) 462 { 463 struct iscsi_session *is; 464 465 is = arg; 466 467 for (;;) { 468 ISCSI_SESSION_LOCK(is); 469 if (is->is_reconnecting == false && 470 is->is_terminating == false && 471 STAILQ_EMPTY(&is->is_postponed)) 472 cv_wait(&is->is_maintenance_cv, &is->is_lock); 473 474 if (is->is_reconnecting) { 475 ISCSI_SESSION_UNLOCK(is); 476 iscsi_maintenance_thread_reconnect(is); 477 continue; 478 } 479 480 if (is->is_terminating) { 481 ISCSI_SESSION_UNLOCK(is); 482 iscsi_maintenance_thread_terminate(is); 483 kthread_exit(); 484 return; 485 } 486 487 iscsi_session_send_postponed(is); 488 ISCSI_SESSION_UNLOCK(is); 489 } 490 } 491 492 static void 493 iscsi_session_reconnect(struct iscsi_session *is) 494 { 495 496 /* 497 * XXX: We can't use locking here, because 498 * it's being called from various contexts. 499 * Hope it doesn't break anything. 500 */ 501 if (is->is_reconnecting) 502 return; 503 504 is->is_reconnecting = true; 505 cv_signal(&is->is_maintenance_cv); 506 } 507 508 static void 509 iscsi_session_terminate(struct iscsi_session *is) 510 { 511 if (is->is_terminating) 512 return; 513 514 is->is_terminating = true; 515 516 #if 0 517 iscsi_session_logout(is); 518 #endif 519 cv_signal(&is->is_maintenance_cv); 520 } 521 522 static void 523 iscsi_callout(void *context) 524 { 525 struct icl_pdu *request; 526 struct iscsi_bhs_nop_out *bhsno; 527 struct iscsi_session *is; 528 bool reconnect_needed = false; 529 530 is = context; 531 532 if (is->is_terminating) 533 return; 534 535 callout_schedule(&is->is_callout, 1 * hz); 536 537 ISCSI_SESSION_LOCK(is); 538 is->is_timeout++; 539 540 if (is->is_waiting_for_iscsid) { 541 if (iscsid_timeout > 0 && is->is_timeout > iscsid_timeout) { 542 ISCSI_SESSION_WARN(is, "timed out waiting for iscsid(8) " 543 "for %d seconds; reconnecting", 544 is->is_timeout); 545 reconnect_needed = true; 546 } 547 goto out; 548 } 549 550 if (is->is_login_phase) { 551 if (login_timeout > 0 && is->is_timeout > login_timeout) { 552 ISCSI_SESSION_WARN(is, "login timed out after %d seconds; " 553 "reconnecting", is->is_timeout); 554 reconnect_needed = true; 555 } 556 goto out; 557 } 558 559 if (ping_timeout <= 0) { 560 /* 561 * Pings are disabled. Don't send NOP-Out in this case. 562 * Reset the timeout, to avoid triggering reconnection, 563 * should the user decide to reenable them. 564 */ 565 is->is_timeout = 0; 566 goto out; 567 } 568 569 if (is->is_timeout >= ping_timeout) { 570 ISCSI_SESSION_WARN(is, "no ping reply (NOP-In) after %d seconds; " 571 "reconnecting", ping_timeout); 572 reconnect_needed = true; 573 goto out; 574 } 575 576 ISCSI_SESSION_UNLOCK(is); 577 578 /* 579 * If the ping was reset less than one second ago - which means 580 * that we've received some PDU during the last second - assume 581 * the traffic flows correctly and don't bother sending a NOP-Out. 582 * 583 * (It's 2 - one for one second, and one for incrementing is_timeout 584 * earlier in this routine.) 585 */ 586 if (is->is_timeout < 2) 587 return; 588 589 request = icl_pdu_new_bhs(is->is_conn, M_NOWAIT); 590 if (request == NULL) { 591 ISCSI_SESSION_WARN(is, "failed to allocate PDU"); 592 return; 593 } 594 bhsno = (struct iscsi_bhs_nop_out *)request->ip_bhs; 595 bhsno->bhsno_opcode = ISCSI_BHS_OPCODE_NOP_OUT | 596 ISCSI_BHS_OPCODE_IMMEDIATE; 597 bhsno->bhsno_flags = 0x80; 598 bhsno->bhsno_target_transfer_tag = 0xffffffff; 599 iscsi_pdu_queue(request); 600 return; 601 602 out: 603 ISCSI_SESSION_UNLOCK(is); 604 605 if (reconnect_needed) 606 iscsi_session_reconnect(is); 607 } 608 609 static void 610 iscsi_pdu_update_statsn(const struct icl_pdu *response) 611 { 612 const struct iscsi_bhs_data_in *bhsdi; 613 struct iscsi_session *is; 614 uint32_t expcmdsn, maxcmdsn; 615 616 is = PDU_SESSION(response); 617 618 ISCSI_SESSION_LOCK_ASSERT(is); 619 620 /* 621 * We're only using fields common for all the response 622 * (target -> initiator) PDUs. 623 */ 624 bhsdi = (const struct iscsi_bhs_data_in *)response->ip_bhs; 625 /* 626 * Ok, I lied. In case of Data-In, "The fields StatSN, Status, 627 * and Residual Count only have meaningful content if the S bit 628 * is set to 1", so we also need to check the bit specific for 629 * Data-In PDU. 630 */ 631 if (bhsdi->bhsdi_opcode != ISCSI_BHS_OPCODE_SCSI_DATA_IN || 632 (bhsdi->bhsdi_flags & BHSDI_FLAGS_S) != 0) { 633 if (ntohl(bhsdi->bhsdi_statsn) < is->is_statsn) { 634 ISCSI_SESSION_WARN(is, 635 "PDU StatSN %d >= session StatSN %d, opcode 0x%x", 636 is->is_statsn, ntohl(bhsdi->bhsdi_statsn), 637 bhsdi->bhsdi_opcode); 638 } 639 is->is_statsn = ntohl(bhsdi->bhsdi_statsn); 640 } 641 642 expcmdsn = ntohl(bhsdi->bhsdi_expcmdsn); 643 maxcmdsn = ntohl(bhsdi->bhsdi_maxcmdsn); 644 645 /* 646 * XXX: Compare using Serial Arithmetic Sense. 647 */ 648 if (maxcmdsn + 1 < expcmdsn) { 649 ISCSI_SESSION_DEBUG(is, "PDU MaxCmdSN %d + 1 < PDU ExpCmdSN %d; ignoring", 650 maxcmdsn, expcmdsn); 651 } else { 652 if (maxcmdsn > is->is_maxcmdsn) { 653 is->is_maxcmdsn = maxcmdsn; 654 655 /* 656 * Command window increased; kick the maintanance thread 657 * to send out postponed commands. 658 */ 659 if (!STAILQ_EMPTY(&is->is_postponed)) 660 cv_signal(&is->is_maintenance_cv); 661 } else if (maxcmdsn < is->is_maxcmdsn) { 662 ISCSI_SESSION_DEBUG(is, "PDU MaxCmdSN %d < session MaxCmdSN %d; ignoring", 663 maxcmdsn, is->is_maxcmdsn); 664 } 665 666 if (expcmdsn > is->is_expcmdsn) { 667 is->is_expcmdsn = expcmdsn; 668 } else if (expcmdsn < is->is_expcmdsn) { 669 ISCSI_SESSION_DEBUG(is, "PDU ExpCmdSN %d < session ExpCmdSN %d; ignoring", 670 expcmdsn, is->is_expcmdsn); 671 } 672 } 673 674 /* 675 * Every incoming PDU - not just NOP-In - resets the ping timer. 676 * The purpose of the timeout is to reset the connection when it stalls; 677 * we don't want this to happen when NOP-In or NOP-Out ends up delayed 678 * in some queue. 679 */ 680 is->is_timeout = 0; 681 } 682 683 static void 684 iscsi_receive_callback(struct icl_pdu *response) 685 { 686 struct iscsi_session *is; 687 688 is = PDU_SESSION(response); 689 690 ISCSI_SESSION_LOCK(is); 691 692 #ifdef ICL_KERNEL_PROXY 693 if (is->is_login_phase) { 694 if (is->is_login_pdu == NULL) 695 is->is_login_pdu = response; 696 else 697 icl_pdu_free(response); 698 ISCSI_SESSION_UNLOCK(is); 699 cv_signal(&is->is_login_cv); 700 return; 701 } 702 #endif 703 704 iscsi_pdu_update_statsn(response); 705 706 /* 707 * The handling routine is responsible for freeing the PDU 708 * when it's no longer needed. 709 */ 710 switch (response->ip_bhs->bhs_opcode) { 711 case ISCSI_BHS_OPCODE_NOP_IN: 712 iscsi_pdu_handle_nop_in(response); 713 break; 714 case ISCSI_BHS_OPCODE_SCSI_RESPONSE: 715 iscsi_pdu_handle_scsi_response(response); 716 break; 717 case ISCSI_BHS_OPCODE_TASK_RESPONSE: 718 iscsi_pdu_handle_task_response(response); 719 break; 720 case ISCSI_BHS_OPCODE_SCSI_DATA_IN: 721 iscsi_pdu_handle_data_in(response); 722 break; 723 case ISCSI_BHS_OPCODE_LOGOUT_RESPONSE: 724 iscsi_pdu_handle_logout_response(response); 725 break; 726 case ISCSI_BHS_OPCODE_R2T: 727 iscsi_pdu_handle_r2t(response); 728 break; 729 case ISCSI_BHS_OPCODE_ASYNC_MESSAGE: 730 iscsi_pdu_handle_async_message(response); 731 break; 732 case ISCSI_BHS_OPCODE_REJECT: 733 iscsi_pdu_handle_reject(response); 734 break; 735 default: 736 ISCSI_SESSION_WARN(is, "received PDU with unsupported " 737 "opcode 0x%x; reconnecting", 738 response->ip_bhs->bhs_opcode); 739 iscsi_session_reconnect(is); 740 icl_pdu_free(response); 741 } 742 743 ISCSI_SESSION_UNLOCK(is); 744 } 745 746 static void 747 iscsi_error_callback(struct icl_conn *ic) 748 { 749 struct iscsi_session *is; 750 751 is = CONN_SESSION(ic); 752 753 ISCSI_SESSION_WARN(is, "connection error; reconnecting"); 754 iscsi_session_reconnect(is); 755 } 756 757 static void 758 iscsi_pdu_handle_nop_in(struct icl_pdu *response) 759 { 760 struct iscsi_session *is; 761 struct iscsi_bhs_nop_out *bhsno; 762 struct iscsi_bhs_nop_in *bhsni; 763 struct icl_pdu *request; 764 void *data = NULL; 765 size_t datasize; 766 int error; 767 768 is = PDU_SESSION(response); 769 bhsni = (struct iscsi_bhs_nop_in *)response->ip_bhs; 770 771 if (bhsni->bhsni_target_transfer_tag == 0xffffffff) { 772 /* 773 * Nothing to do; iscsi_pdu_update_statsn() already 774 * zeroed the timeout. 775 */ 776 icl_pdu_free(response); 777 return; 778 } 779 780 datasize = icl_pdu_data_segment_length(response); 781 if (datasize > 0) { 782 data = malloc(datasize, M_ISCSI, M_NOWAIT | M_ZERO); 783 if (data == NULL) { 784 ISCSI_SESSION_WARN(is, "failed to allocate memory; " 785 "reconnecting"); 786 icl_pdu_free(response); 787 iscsi_session_reconnect(is); 788 return; 789 } 790 icl_pdu_get_data(response, 0, data, datasize); 791 } 792 793 request = icl_pdu_new_bhs(response->ip_conn, M_NOWAIT); 794 if (request == NULL) { 795 ISCSI_SESSION_WARN(is, "failed to allocate memory; " 796 "reconnecting"); 797 free(data, M_ISCSI); 798 icl_pdu_free(response); 799 iscsi_session_reconnect(is); 800 return; 801 } 802 bhsno = (struct iscsi_bhs_nop_out *)request->ip_bhs; 803 bhsno->bhsno_opcode = ISCSI_BHS_OPCODE_NOP_OUT | 804 ISCSI_BHS_OPCODE_IMMEDIATE; 805 bhsno->bhsno_flags = 0x80; 806 bhsno->bhsno_initiator_task_tag = 0xffffffff; 807 bhsno->bhsno_target_transfer_tag = bhsni->bhsni_target_transfer_tag; 808 if (datasize > 0) { 809 error = icl_pdu_append_data(request, data, datasize, M_NOWAIT); 810 if (error != 0) { 811 ISCSI_SESSION_WARN(is, "failed to allocate memory; " 812 "reconnecting"); 813 free(data, M_ISCSI); 814 icl_pdu_free(request); 815 icl_pdu_free(response); 816 iscsi_session_reconnect(is); 817 return; 818 } 819 free(data, M_ISCSI); 820 } 821 822 icl_pdu_free(response); 823 iscsi_pdu_queue_locked(request); 824 } 825 826 static void 827 iscsi_pdu_handle_scsi_response(struct icl_pdu *response) 828 { 829 struct iscsi_bhs_scsi_response *bhssr; 830 struct iscsi_outstanding *io; 831 struct iscsi_session *is; 832 struct ccb_scsiio *csio; 833 size_t data_segment_len; 834 uint16_t sense_len; 835 836 is = PDU_SESSION(response); 837 838 bhssr = (struct iscsi_bhs_scsi_response *)response->ip_bhs; 839 io = iscsi_outstanding_find(is, bhssr->bhssr_initiator_task_tag); 840 if (io == NULL || io->io_ccb == NULL) { 841 ISCSI_SESSION_WARN(is, "bad itt 0x%x", bhssr->bhssr_initiator_task_tag); 842 icl_pdu_free(response); 843 iscsi_session_reconnect(is); 844 return; 845 } 846 847 if (bhssr->bhssr_response != BHSSR_RESPONSE_COMMAND_COMPLETED) { 848 ISCSI_SESSION_WARN(is, "service response 0x%x", bhssr->bhssr_response); 849 if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 850 xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); 851 ISCSI_SESSION_DEBUG(is, "freezing devq"); 852 } 853 io->io_ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN; 854 } else if (bhssr->bhssr_status == 0) { 855 io->io_ccb->ccb_h.status = CAM_REQ_CMP; 856 } else { 857 if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 858 xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); 859 ISCSI_SESSION_DEBUG(is, "freezing devq"); 860 } 861 io->io_ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR | CAM_DEV_QFRZN; 862 io->io_ccb->csio.scsi_status = bhssr->bhssr_status; 863 } 864 865 if (bhssr->bhssr_flags & BHSSR_FLAGS_RESIDUAL_OVERFLOW) { 866 ISCSI_SESSION_WARN(is, "target indicated residual overflow"); 867 icl_pdu_free(response); 868 iscsi_session_reconnect(is); 869 return; 870 } 871 872 csio = &io->io_ccb->csio; 873 874 data_segment_len = icl_pdu_data_segment_length(response); 875 if (data_segment_len > 0) { 876 if (data_segment_len < sizeof(sense_len)) { 877 ISCSI_SESSION_WARN(is, "truncated data segment (%zd bytes)", 878 data_segment_len); 879 if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 880 xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); 881 ISCSI_SESSION_DEBUG(is, "freezing devq"); 882 } 883 io->io_ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN; 884 goto out; 885 } 886 icl_pdu_get_data(response, 0, &sense_len, sizeof(sense_len)); 887 sense_len = ntohs(sense_len); 888 #if 0 889 ISCSI_SESSION_DEBUG(is, "sense_len %d, data len %zd", 890 sense_len, data_segment_len); 891 #endif 892 if (sizeof(sense_len) + sense_len > data_segment_len) { 893 ISCSI_SESSION_WARN(is, "truncated data segment " 894 "(%zd bytes, should be %zd)", 895 data_segment_len, sizeof(sense_len) + sense_len); 896 if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 897 xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); 898 ISCSI_SESSION_DEBUG(is, "freezing devq"); 899 } 900 io->io_ccb->ccb_h.status = CAM_REQ_CMP_ERR | CAM_DEV_QFRZN; 901 goto out; 902 } else if (sizeof(sense_len) + sense_len < data_segment_len) 903 ISCSI_SESSION_WARN(is, "oversize data segment " 904 "(%zd bytes, should be %zd)", 905 data_segment_len, sizeof(sense_len) + sense_len); 906 if (sense_len > csio->sense_len) { 907 ISCSI_SESSION_DEBUG(is, "truncating sense from %d to %d", 908 sense_len, csio->sense_len); 909 sense_len = csio->sense_len; 910 } 911 icl_pdu_get_data(response, sizeof(sense_len), &csio->sense_data, sense_len); 912 csio->sense_resid = csio->sense_len - sense_len; 913 io->io_ccb->ccb_h.status |= CAM_AUTOSNS_VALID; 914 } 915 916 out: 917 if (bhssr->bhssr_flags & BHSSR_FLAGS_RESIDUAL_UNDERFLOW) 918 csio->resid = ntohl(bhssr->bhssr_residual_count); 919 920 if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) { 921 KASSERT(io->io_received <= csio->dxfer_len, 922 ("io->io_received > csio->dxfer_len")); 923 if (io->io_received < csio->dxfer_len) { 924 if (csio->resid != csio->dxfer_len - io->io_received) { 925 ISCSI_SESSION_WARN(is, "underflow mismatch: " 926 "target indicates %d, we calculated %zd", 927 csio->resid, 928 csio->dxfer_len - io->io_received); 929 } 930 csio->resid = csio->dxfer_len - io->io_received; 931 } 932 } 933 934 xpt_done(io->io_ccb); 935 iscsi_outstanding_remove(is, io); 936 icl_pdu_free(response); 937 } 938 939 static void 940 iscsi_pdu_handle_task_response(struct icl_pdu *response) 941 { 942 struct iscsi_bhs_task_management_response *bhstmr; 943 struct iscsi_outstanding *io, *aio; 944 struct iscsi_session *is; 945 946 is = PDU_SESSION(response); 947 948 bhstmr = (struct iscsi_bhs_task_management_response *)response->ip_bhs; 949 io = iscsi_outstanding_find(is, bhstmr->bhstmr_initiator_task_tag); 950 if (io == NULL || io->io_ccb != NULL) { 951 ISCSI_SESSION_WARN(is, "bad itt 0x%x", 952 bhstmr->bhstmr_initiator_task_tag); 953 icl_pdu_free(response); 954 iscsi_session_reconnect(is); 955 return; 956 } 957 958 if (bhstmr->bhstmr_response != BHSTMR_RESPONSE_FUNCTION_COMPLETE) { 959 ISCSI_SESSION_WARN(is, "task response 0x%x", 960 bhstmr->bhstmr_response); 961 } else { 962 aio = iscsi_outstanding_find(is, io->io_datasn); 963 if (aio != NULL && aio->io_ccb != NULL) 964 iscsi_session_terminate_task(is, aio, false); 965 } 966 967 iscsi_outstanding_remove(is, io); 968 icl_pdu_free(response); 969 } 970 971 static void 972 iscsi_pdu_handle_data_in(struct icl_pdu *response) 973 { 974 struct iscsi_bhs_data_in *bhsdi; 975 struct iscsi_outstanding *io; 976 struct iscsi_session *is; 977 struct ccb_scsiio *csio; 978 size_t data_segment_len; 979 980 is = PDU_SESSION(response); 981 bhsdi = (struct iscsi_bhs_data_in *)response->ip_bhs; 982 io = iscsi_outstanding_find(is, bhsdi->bhsdi_initiator_task_tag); 983 if (io == NULL || io->io_ccb == NULL) { 984 ISCSI_SESSION_WARN(is, "bad itt 0x%x", bhsdi->bhsdi_initiator_task_tag); 985 icl_pdu_free(response); 986 iscsi_session_reconnect(is); 987 return; 988 } 989 990 data_segment_len = icl_pdu_data_segment_length(response); 991 if (data_segment_len == 0) { 992 /* 993 * "The sending of 0 length data segments should be avoided, 994 * but initiators and targets MUST be able to properly receive 995 * 0 length data segments." 996 */ 997 icl_pdu_free(response); 998 return; 999 } 1000 1001 /* 1002 * We need to track this for security reasons - without it, malicious target 1003 * could respond to SCSI READ without sending Data-In PDUs, which would result 1004 * in read operation on the initiator side returning random kernel data. 1005 */ 1006 if (ntohl(bhsdi->bhsdi_buffer_offset) != io->io_received) { 1007 ISCSI_SESSION_WARN(is, "data out of order; expected offset %zd, got %zd", 1008 io->io_received, (size_t)ntohl(bhsdi->bhsdi_buffer_offset)); 1009 icl_pdu_free(response); 1010 iscsi_session_reconnect(is); 1011 return; 1012 } 1013 1014 csio = &io->io_ccb->csio; 1015 1016 if (io->io_received + data_segment_len > csio->dxfer_len) { 1017 ISCSI_SESSION_WARN(is, "oversize data segment (%zd bytes " 1018 "at offset %zd, buffer is %d)", 1019 data_segment_len, io->io_received, csio->dxfer_len); 1020 icl_pdu_free(response); 1021 iscsi_session_reconnect(is); 1022 return; 1023 } 1024 1025 icl_pdu_get_data(response, 0, csio->data_ptr + io->io_received, data_segment_len); 1026 io->io_received += data_segment_len; 1027 1028 /* 1029 * XXX: Check DataSN. 1030 * XXX: Check F. 1031 */ 1032 if ((bhsdi->bhsdi_flags & BHSDI_FLAGS_S) == 0) { 1033 /* 1034 * Nothing more to do. 1035 */ 1036 icl_pdu_free(response); 1037 return; 1038 } 1039 1040 //ISCSI_SESSION_DEBUG(is, "got S flag; status 0x%x", bhsdi->bhsdi_status); 1041 if (bhsdi->bhsdi_status == 0) { 1042 io->io_ccb->ccb_h.status = CAM_REQ_CMP; 1043 } else { 1044 if ((io->io_ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 1045 xpt_freeze_devq(io->io_ccb->ccb_h.path, 1); 1046 ISCSI_SESSION_DEBUG(is, "freezing devq"); 1047 } 1048 io->io_ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR | CAM_DEV_QFRZN; 1049 csio->scsi_status = bhsdi->bhsdi_status; 1050 } 1051 1052 if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) { 1053 KASSERT(io->io_received <= csio->dxfer_len, 1054 ("io->io_received > csio->dxfer_len")); 1055 if (io->io_received < csio->dxfer_len) { 1056 csio->resid = ntohl(bhsdi->bhsdi_residual_count); 1057 if (csio->resid != csio->dxfer_len - io->io_received) { 1058 ISCSI_SESSION_WARN(is, "underflow mismatch: " 1059 "target indicates %d, we calculated %zd", 1060 csio->resid, 1061 csio->dxfer_len - io->io_received); 1062 } 1063 csio->resid = csio->dxfer_len - io->io_received; 1064 } 1065 } 1066 1067 xpt_done(io->io_ccb); 1068 iscsi_outstanding_remove(is, io); 1069 icl_pdu_free(response); 1070 } 1071 1072 static void 1073 iscsi_pdu_handle_logout_response(struct icl_pdu *response) 1074 { 1075 1076 ISCSI_SESSION_DEBUG(PDU_SESSION(response), "logout response"); 1077 icl_pdu_free(response); 1078 } 1079 1080 static void 1081 iscsi_pdu_handle_r2t(struct icl_pdu *response) 1082 { 1083 struct icl_pdu *request; 1084 struct iscsi_session *is; 1085 struct iscsi_bhs_r2t *bhsr2t; 1086 struct iscsi_bhs_data_out *bhsdo; 1087 struct iscsi_outstanding *io; 1088 struct ccb_scsiio *csio; 1089 size_t off, len, total_len; 1090 int error; 1091 1092 is = PDU_SESSION(response); 1093 1094 bhsr2t = (struct iscsi_bhs_r2t *)response->ip_bhs; 1095 io = iscsi_outstanding_find(is, bhsr2t->bhsr2t_initiator_task_tag); 1096 if (io == NULL || io->io_ccb == NULL) { 1097 ISCSI_SESSION_WARN(is, "bad itt 0x%x; reconnecting", 1098 bhsr2t->bhsr2t_initiator_task_tag); 1099 icl_pdu_free(response); 1100 iscsi_session_reconnect(is); 1101 return; 1102 } 1103 1104 csio = &io->io_ccb->csio; 1105 1106 if ((csio->ccb_h.flags & CAM_DIR_MASK) != CAM_DIR_OUT) { 1107 ISCSI_SESSION_WARN(is, "received R2T for read command; reconnecting"); 1108 icl_pdu_free(response); 1109 iscsi_session_reconnect(is); 1110 return; 1111 } 1112 1113 /* 1114 * XXX: Verify R2TSN. 1115 */ 1116 1117 io->io_datasn = 0; 1118 1119 off = ntohl(bhsr2t->bhsr2t_buffer_offset); 1120 if (off > csio->dxfer_len) { 1121 ISCSI_SESSION_WARN(is, "target requested invalid offset " 1122 "%zd, buffer is is %d; reconnecting", off, csio->dxfer_len); 1123 icl_pdu_free(response); 1124 iscsi_session_reconnect(is); 1125 return; 1126 } 1127 1128 total_len = ntohl(bhsr2t->bhsr2t_desired_data_transfer_length); 1129 if (total_len == 0 || total_len > csio->dxfer_len) { 1130 ISCSI_SESSION_WARN(is, "target requested invalid length " 1131 "%zd, buffer is %d; reconnecting", total_len, csio->dxfer_len); 1132 icl_pdu_free(response); 1133 iscsi_session_reconnect(is); 1134 return; 1135 } 1136 1137 //ISCSI_SESSION_DEBUG(is, "r2t; off %zd, len %zd", off, total_len); 1138 1139 for (;;) { 1140 len = total_len; 1141 1142 if (len > is->is_max_data_segment_length) 1143 len = is->is_max_data_segment_length; 1144 1145 if (off + len > csio->dxfer_len) { 1146 ISCSI_SESSION_WARN(is, "target requested invalid " 1147 "length/offset %zd, buffer is %d; reconnecting", 1148 off + len, csio->dxfer_len); 1149 icl_pdu_free(response); 1150 iscsi_session_reconnect(is); 1151 return; 1152 } 1153 1154 request = icl_pdu_new_bhs(response->ip_conn, M_NOWAIT); 1155 if (request == NULL) { 1156 icl_pdu_free(response); 1157 iscsi_session_reconnect(is); 1158 return; 1159 } 1160 1161 bhsdo = (struct iscsi_bhs_data_out *)request->ip_bhs; 1162 bhsdo->bhsdo_opcode = ISCSI_BHS_OPCODE_SCSI_DATA_OUT; 1163 bhsdo->bhsdo_lun = bhsr2t->bhsr2t_lun; 1164 bhsdo->bhsdo_initiator_task_tag = 1165 bhsr2t->bhsr2t_initiator_task_tag; 1166 bhsdo->bhsdo_target_transfer_tag = 1167 bhsr2t->bhsr2t_target_transfer_tag; 1168 bhsdo->bhsdo_datasn = htonl(io->io_datasn++); 1169 bhsdo->bhsdo_buffer_offset = htonl(off); 1170 error = icl_pdu_append_data(request, csio->data_ptr + off, len, 1171 M_NOWAIT); 1172 if (error != 0) { 1173 ISCSI_SESSION_WARN(is, "failed to allocate memory; " 1174 "reconnecting"); 1175 icl_pdu_free(request); 1176 icl_pdu_free(response); 1177 iscsi_session_reconnect(is); 1178 return; 1179 } 1180 1181 off += len; 1182 total_len -= len; 1183 1184 if (total_len == 0) { 1185 bhsdo->bhsdo_flags |= BHSDO_FLAGS_F; 1186 //ISCSI_SESSION_DEBUG(is, "setting F, off %zd", off); 1187 } else { 1188 //ISCSI_SESSION_DEBUG(is, "not finished, off %zd", off); 1189 } 1190 1191 iscsi_pdu_queue_locked(request); 1192 1193 if (total_len == 0) 1194 break; 1195 } 1196 1197 icl_pdu_free(response); 1198 } 1199 1200 static void 1201 iscsi_pdu_handle_async_message(struct icl_pdu *response) 1202 { 1203 struct iscsi_bhs_asynchronous_message *bhsam; 1204 struct iscsi_session *is; 1205 1206 is = PDU_SESSION(response); 1207 bhsam = (struct iscsi_bhs_asynchronous_message *)response->ip_bhs; 1208 switch (bhsam->bhsam_async_event) { 1209 case BHSAM_EVENT_TARGET_REQUESTS_LOGOUT: 1210 ISCSI_SESSION_WARN(is, "target requests logout; removing session"); 1211 iscsi_session_logout(is); 1212 iscsi_session_terminate(is); 1213 break; 1214 case BHSAM_EVENT_TARGET_TERMINATES_CONNECTION: 1215 ISCSI_SESSION_WARN(is, "target indicates it will drop drop the connection"); 1216 break; 1217 case BHSAM_EVENT_TARGET_TERMINATES_SESSION: 1218 ISCSI_SESSION_WARN(is, "target indicates it will drop drop the session"); 1219 break; 1220 default: 1221 /* 1222 * XXX: Technically, we're obligated to also handle 1223 * parameter renegotiation. 1224 */ 1225 ISCSI_SESSION_WARN(is, "ignoring AsyncEvent %d", bhsam->bhsam_async_event); 1226 break; 1227 } 1228 1229 icl_pdu_free(response); 1230 } 1231 1232 static void 1233 iscsi_pdu_handle_reject(struct icl_pdu *response) 1234 { 1235 struct iscsi_bhs_reject *bhsr; 1236 struct iscsi_session *is; 1237 1238 is = PDU_SESSION(response); 1239 bhsr = (struct iscsi_bhs_reject *)response->ip_bhs; 1240 ISCSI_SESSION_WARN(is, "received Reject PDU, reason 0x%x; protocol error?", 1241 bhsr->bhsr_reason); 1242 1243 icl_pdu_free(response); 1244 } 1245 1246 static int 1247 iscsi_ioctl_daemon_wait(struct iscsi_softc *sc, 1248 struct iscsi_daemon_request *request) 1249 { 1250 struct iscsi_session *is; 1251 int error; 1252 1253 sx_slock(&sc->sc_lock); 1254 for (;;) { 1255 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1256 ISCSI_SESSION_LOCK(is); 1257 if (is->is_waiting_for_iscsid) 1258 break; 1259 ISCSI_SESSION_UNLOCK(is); 1260 } 1261 1262 if (is == NULL) { 1263 /* 1264 * No session requires attention from iscsid(8); wait. 1265 */ 1266 error = cv_wait_sig(&sc->sc_cv, &sc->sc_lock); 1267 if (error != 0) { 1268 sx_sunlock(&sc->sc_lock); 1269 return (error); 1270 } 1271 continue; 1272 } 1273 1274 is->is_waiting_for_iscsid = false; 1275 is->is_login_phase = true; 1276 is->is_reason[0] = '\0'; 1277 ISCSI_SESSION_UNLOCK(is); 1278 1279 request->idr_session_id = is->is_id; 1280 memcpy(&request->idr_isid, &is->is_isid, 1281 sizeof(request->idr_isid)); 1282 request->idr_tsih = 0; /* New or reinstated session. */ 1283 memcpy(&request->idr_conf, &is->is_conf, 1284 sizeof(request->idr_conf)); 1285 1286 sx_sunlock(&sc->sc_lock); 1287 return (0); 1288 } 1289 } 1290 1291 static int 1292 iscsi_ioctl_daemon_handoff(struct iscsi_softc *sc, 1293 struct iscsi_daemon_handoff *handoff) 1294 { 1295 struct iscsi_session *is; 1296 int error; 1297 1298 sx_slock(&sc->sc_lock); 1299 1300 /* 1301 * Find the session to hand off socket to. 1302 */ 1303 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1304 if (is->is_id == handoff->idh_session_id) 1305 break; 1306 } 1307 if (is == NULL) { 1308 sx_sunlock(&sc->sc_lock); 1309 return (ESRCH); 1310 } 1311 ISCSI_SESSION_LOCK(is); 1312 if (is->is_conf.isc_discovery || is->is_terminating) { 1313 ISCSI_SESSION_UNLOCK(is); 1314 sx_sunlock(&sc->sc_lock); 1315 return (EINVAL); 1316 } 1317 if (is->is_connected) { 1318 /* 1319 * This might have happened because another iscsid(8) 1320 * instance handed off the connection in the meantime. 1321 * Just return. 1322 */ 1323 ISCSI_SESSION_WARN(is, "handoff on already connected " 1324 "session"); 1325 ISCSI_SESSION_UNLOCK(is); 1326 sx_sunlock(&sc->sc_lock); 1327 return (EBUSY); 1328 } 1329 1330 strlcpy(is->is_target_alias, handoff->idh_target_alias, 1331 sizeof(is->is_target_alias)); 1332 is->is_tsih = handoff->idh_tsih; 1333 is->is_statsn = handoff->idh_statsn; 1334 is->is_initial_r2t = handoff->idh_initial_r2t; 1335 is->is_immediate_data = handoff->idh_immediate_data; 1336 is->is_max_data_segment_length = handoff->idh_max_data_segment_length; 1337 is->is_max_burst_length = handoff->idh_max_burst_length; 1338 is->is_first_burst_length = handoff->idh_first_burst_length; 1339 1340 if (handoff->idh_header_digest == ISCSI_DIGEST_CRC32C) 1341 is->is_conn->ic_header_crc32c = true; 1342 else 1343 is->is_conn->ic_header_crc32c = false; 1344 if (handoff->idh_data_digest == ISCSI_DIGEST_CRC32C) 1345 is->is_conn->ic_data_crc32c = true; 1346 else 1347 is->is_conn->ic_data_crc32c = false; 1348 1349 is->is_cmdsn = 0; 1350 is->is_expcmdsn = 0; 1351 is->is_maxcmdsn = 0; 1352 is->is_waiting_for_iscsid = false; 1353 is->is_login_phase = false; 1354 is->is_timeout = 0; 1355 is->is_connected = true; 1356 is->is_reason[0] = '\0'; 1357 1358 ISCSI_SESSION_UNLOCK(is); 1359 1360 #ifdef ICL_KERNEL_PROXY 1361 if (handoff->idh_socket != 0) { 1362 #endif 1363 /* 1364 * Handoff without using ICL proxy. 1365 */ 1366 error = icl_conn_handoff(is->is_conn, handoff->idh_socket); 1367 if (error != 0) { 1368 sx_sunlock(&sc->sc_lock); 1369 iscsi_session_terminate(is); 1370 return (error); 1371 } 1372 #ifdef ICL_KERNEL_PROXY 1373 } 1374 #endif 1375 1376 sx_sunlock(&sc->sc_lock); 1377 1378 if (is->is_sim != NULL) { 1379 /* 1380 * When reconnecting, there already is SIM allocated for the session. 1381 */ 1382 KASSERT(is->is_simq_frozen, ("reconnect without frozen simq")); 1383 ISCSI_SESSION_LOCK(is); 1384 ISCSI_SESSION_DEBUG(is, "releasing"); 1385 xpt_release_simq(is->is_sim, 1); 1386 is->is_simq_frozen = false; 1387 ISCSI_SESSION_UNLOCK(is); 1388 1389 } else { 1390 ISCSI_SESSION_LOCK(is); 1391 is->is_devq = cam_simq_alloc(maxtags); 1392 if (is->is_devq == NULL) { 1393 ISCSI_SESSION_WARN(is, "failed to allocate simq"); 1394 iscsi_session_terminate(is); 1395 return (ENOMEM); 1396 } 1397 1398 is->is_sim = cam_sim_alloc(iscsi_action, iscsi_poll, "iscsi", 1399 is, is->is_id /* unit */, &is->is_lock, 1400 1, maxtags, is->is_devq); 1401 if (is->is_sim == NULL) { 1402 ISCSI_SESSION_UNLOCK(is); 1403 ISCSI_SESSION_WARN(is, "failed to allocate SIM"); 1404 cam_simq_free(is->is_devq); 1405 iscsi_session_terminate(is); 1406 return (ENOMEM); 1407 } 1408 1409 error = xpt_bus_register(is->is_sim, NULL, 0); 1410 if (error != 0) { 1411 ISCSI_SESSION_UNLOCK(is); 1412 ISCSI_SESSION_WARN(is, "failed to register bus"); 1413 iscsi_session_terminate(is); 1414 return (ENOMEM); 1415 } 1416 1417 error = xpt_create_path(&is->is_path, /*periph*/NULL, 1418 cam_sim_path(is->is_sim), CAM_TARGET_WILDCARD, 1419 CAM_LUN_WILDCARD); 1420 if (error != CAM_REQ_CMP) { 1421 ISCSI_SESSION_UNLOCK(is); 1422 ISCSI_SESSION_WARN(is, "failed to create path"); 1423 iscsi_session_terminate(is); 1424 return (ENOMEM); 1425 } 1426 ISCSI_SESSION_UNLOCK(is); 1427 } 1428 1429 return (0); 1430 } 1431 1432 static int 1433 iscsi_ioctl_daemon_fail(struct iscsi_softc *sc, 1434 struct iscsi_daemon_fail *fail) 1435 { 1436 struct iscsi_session *is; 1437 1438 sx_slock(&sc->sc_lock); 1439 1440 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1441 if (is->is_id == fail->idf_session_id) 1442 break; 1443 } 1444 if (is == NULL) { 1445 sx_sunlock(&sc->sc_lock); 1446 return (ESRCH); 1447 } 1448 ISCSI_SESSION_LOCK(is); 1449 ISCSI_SESSION_DEBUG(is, "iscsid(8) failed: %s", 1450 fail->idf_reason); 1451 strlcpy(is->is_reason, fail->idf_reason, sizeof(is->is_reason)); 1452 //is->is_waiting_for_iscsid = false; 1453 //is->is_login_phase = true; 1454 //iscsi_session_reconnect(is); 1455 ISCSI_SESSION_UNLOCK(is); 1456 sx_sunlock(&sc->sc_lock); 1457 1458 return (0); 1459 } 1460 1461 #ifdef ICL_KERNEL_PROXY 1462 static int 1463 iscsi_ioctl_daemon_connect(struct iscsi_softc *sc, 1464 struct iscsi_daemon_connect *idc) 1465 { 1466 struct iscsi_session *is; 1467 struct sockaddr *from_sa, *to_sa; 1468 int error; 1469 1470 sx_slock(&sc->sc_lock); 1471 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1472 if (is->is_id == idc->idc_session_id) 1473 break; 1474 } 1475 if (is == NULL) { 1476 sx_sunlock(&sc->sc_lock); 1477 return (ESRCH); 1478 } 1479 sx_sunlock(&sc->sc_lock); 1480 1481 if (idc->idc_from_addrlen > 0) { 1482 error = getsockaddr(&from_sa, (void *)idc->idc_from_addr, idc->idc_from_addrlen); 1483 if (error != 0) { 1484 ISCSI_SESSION_WARN(is, 1485 "getsockaddr failed with error %d", error); 1486 return (error); 1487 } 1488 } else { 1489 from_sa = NULL; 1490 } 1491 error = getsockaddr(&to_sa, (void *)idc->idc_to_addr, idc->idc_to_addrlen); 1492 if (error != 0) { 1493 ISCSI_SESSION_WARN(is, "getsockaddr failed with error %d", 1494 error); 1495 free(from_sa, M_SONAME); 1496 return (error); 1497 } 1498 1499 ISCSI_SESSION_LOCK(is); 1500 is->is_waiting_for_iscsid = false; 1501 is->is_login_phase = true; 1502 is->is_timeout = 0; 1503 ISCSI_SESSION_UNLOCK(is); 1504 1505 error = icl_conn_connect(is->is_conn, idc->idc_iser, idc->idc_domain, 1506 idc->idc_socktype, idc->idc_protocol, from_sa, to_sa); 1507 free(from_sa, M_SONAME); 1508 free(to_sa, M_SONAME); 1509 1510 /* 1511 * Digests are always disabled during login phase. 1512 */ 1513 is->is_conn->ic_header_crc32c = false; 1514 is->is_conn->ic_data_crc32c = false; 1515 1516 return (error); 1517 } 1518 1519 static int 1520 iscsi_ioctl_daemon_send(struct iscsi_softc *sc, 1521 struct iscsi_daemon_send *ids) 1522 { 1523 struct iscsi_session *is; 1524 struct icl_pdu *ip; 1525 size_t datalen; 1526 void *data; 1527 int error; 1528 1529 sx_slock(&sc->sc_lock); 1530 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1531 if (is->is_id == ids->ids_session_id) 1532 break; 1533 } 1534 if (is == NULL) { 1535 sx_sunlock(&sc->sc_lock); 1536 return (ESRCH); 1537 } 1538 sx_sunlock(&sc->sc_lock); 1539 1540 if (is->is_login_phase == false) 1541 return (EBUSY); 1542 1543 if (is->is_terminating || is->is_reconnecting) 1544 return (EIO); 1545 1546 datalen = ids->ids_data_segment_len; 1547 if (datalen > ISCSI_MAX_DATA_SEGMENT_LENGTH) 1548 return (EINVAL); 1549 if (datalen > 0) { 1550 data = malloc(datalen, M_ISCSI, M_WAITOK); 1551 error = copyin(ids->ids_data_segment, data, datalen); 1552 if (error != 0) { 1553 free(data, M_ISCSI); 1554 return (error); 1555 } 1556 } 1557 1558 ip = icl_pdu_new_bhs(is->is_conn, M_WAITOK); 1559 memcpy(ip->ip_bhs, ids->ids_bhs, sizeof(*ip->ip_bhs)); 1560 if (datalen > 0) { 1561 error = icl_pdu_append_data(ip, data, datalen, M_WAITOK); 1562 KASSERT(error == 0, ("icl_pdu_append_data(..., M_WAITOK) failed")); 1563 free(data, M_ISCSI); 1564 } 1565 icl_pdu_queue(ip); 1566 1567 return (0); 1568 } 1569 1570 static int 1571 iscsi_ioctl_daemon_receive(struct iscsi_softc *sc, 1572 struct iscsi_daemon_receive *idr) 1573 { 1574 struct iscsi_session *is; 1575 struct icl_pdu *ip; 1576 void *data; 1577 1578 sx_slock(&sc->sc_lock); 1579 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1580 if (is->is_id == idr->idr_session_id) 1581 break; 1582 } 1583 if (is == NULL) { 1584 sx_sunlock(&sc->sc_lock); 1585 return (ESRCH); 1586 } 1587 sx_sunlock(&sc->sc_lock); 1588 1589 if (is->is_login_phase == false) 1590 return (EBUSY); 1591 1592 ISCSI_SESSION_LOCK(is); 1593 while (is->is_login_pdu == NULL && 1594 is->is_terminating == false && 1595 is->is_reconnecting == false) 1596 cv_wait(&is->is_login_cv, &is->is_lock); 1597 if (is->is_terminating || is->is_reconnecting) { 1598 ISCSI_SESSION_UNLOCK(is); 1599 return (EIO); 1600 } 1601 ip = is->is_login_pdu; 1602 is->is_login_pdu = NULL; 1603 ISCSI_SESSION_UNLOCK(is); 1604 1605 if (ip->ip_data_len > idr->idr_data_segment_len) { 1606 icl_pdu_free(ip); 1607 return (EMSGSIZE); 1608 } 1609 1610 copyout(ip->ip_bhs, idr->idr_bhs, sizeof(*ip->ip_bhs)); 1611 if (ip->ip_data_len > 0) { 1612 data = malloc(ip->ip_data_len, M_ISCSI, M_WAITOK); 1613 icl_pdu_get_data(ip, 0, data, ip->ip_data_len); 1614 copyout(data, idr->idr_data_segment, ip->ip_data_len); 1615 free(data, M_ISCSI); 1616 } 1617 1618 icl_pdu_free(ip); 1619 1620 return (0); 1621 } 1622 #endif /* ICL_KERNEL_PROXY */ 1623 1624 static void 1625 iscsi_sanitize_session_conf(struct iscsi_session_conf *isc) 1626 { 1627 /* 1628 * Just make sure all the fields are null-terminated. 1629 * 1630 * XXX: This is not particularly secure. We should 1631 * create our own conf and then copy in relevant 1632 * fields. 1633 */ 1634 isc->isc_initiator[ISCSI_NAME_LEN - 1] = '\0'; 1635 isc->isc_initiator_addr[ISCSI_ADDR_LEN - 1] = '\0'; 1636 isc->isc_initiator_alias[ISCSI_ALIAS_LEN - 1] = '\0'; 1637 isc->isc_target[ISCSI_NAME_LEN - 1] = '\0'; 1638 isc->isc_target_addr[ISCSI_ADDR_LEN - 1] = '\0'; 1639 isc->isc_user[ISCSI_NAME_LEN - 1] = '\0'; 1640 isc->isc_secret[ISCSI_SECRET_LEN - 1] = '\0'; 1641 isc->isc_mutual_user[ISCSI_NAME_LEN - 1] = '\0'; 1642 isc->isc_mutual_secret[ISCSI_SECRET_LEN - 1] = '\0'; 1643 } 1644 1645 static bool 1646 iscsi_valid_session_conf(const struct iscsi_session_conf *isc) 1647 { 1648 1649 if (isc->isc_initiator[0] == '\0') { 1650 ISCSI_DEBUG("empty isc_initiator"); 1651 return (false); 1652 } 1653 1654 if (isc->isc_target_addr[0] == '\0') { 1655 ISCSI_DEBUG("empty isc_target_addr"); 1656 return (false); 1657 } 1658 1659 if (isc->isc_discovery != 0 && isc->isc_target[0] != 0) { 1660 ISCSI_DEBUG("non-empty isc_target for discovery session"); 1661 return (false); 1662 } 1663 1664 if (isc->isc_discovery == 0 && isc->isc_target[0] == 0) { 1665 ISCSI_DEBUG("empty isc_target for non-discovery session"); 1666 return (false); 1667 } 1668 1669 return (true); 1670 } 1671 1672 static int 1673 iscsi_ioctl_session_add(struct iscsi_softc *sc, struct iscsi_session_add *isa) 1674 { 1675 struct iscsi_session *is; 1676 const struct iscsi_session *is2; 1677 int error; 1678 1679 iscsi_sanitize_session_conf(&isa->isa_conf); 1680 if (iscsi_valid_session_conf(&isa->isa_conf) == false) 1681 return (EINVAL); 1682 1683 is = malloc(sizeof(*is), M_ISCSI, M_ZERO | M_WAITOK); 1684 memcpy(&is->is_conf, &isa->isa_conf, sizeof(is->is_conf)); 1685 1686 sx_xlock(&sc->sc_lock); 1687 1688 /* 1689 * Prevent duplicates. 1690 */ 1691 TAILQ_FOREACH(is2, &sc->sc_sessions, is_next) { 1692 if (!!is->is_conf.isc_discovery != 1693 !!is2->is_conf.isc_discovery) 1694 continue; 1695 1696 if (strcmp(is->is_conf.isc_target_addr, 1697 is2->is_conf.isc_target_addr) != 0) 1698 continue; 1699 1700 if (is->is_conf.isc_discovery == 0 && 1701 strcmp(is->is_conf.isc_target, 1702 is2->is_conf.isc_target) != 0) 1703 continue; 1704 1705 sx_xunlock(&sc->sc_lock); 1706 free(is, M_ISCSI); 1707 return (EBUSY); 1708 } 1709 1710 is->is_conn = icl_conn_new("iscsi", &is->is_lock); 1711 is->is_conn->ic_receive = iscsi_receive_callback; 1712 is->is_conn->ic_error = iscsi_error_callback; 1713 is->is_conn->ic_prv0 = is; 1714 TAILQ_INIT(&is->is_outstanding); 1715 STAILQ_INIT(&is->is_postponed); 1716 mtx_init(&is->is_lock, "iscsi_lock", NULL, MTX_DEF); 1717 cv_init(&is->is_maintenance_cv, "iscsi_mt"); 1718 #ifdef ICL_KERNEL_PROXY 1719 cv_init(&is->is_login_cv, "iscsi_login"); 1720 #endif 1721 1722 is->is_softc = sc; 1723 sc->sc_last_session_id++; 1724 is->is_id = sc->sc_last_session_id; 1725 is->is_isid[0] = 0x80; /* RFC 3720, 10.12.5: 10b, "Random" ISID. */ 1726 arc4rand(&is->is_isid[1], 5, 0); 1727 is->is_tsih = 0; 1728 callout_init(&is->is_callout, 1); 1729 callout_reset(&is->is_callout, 1 * hz, iscsi_callout, is); 1730 TAILQ_INSERT_TAIL(&sc->sc_sessions, is, is_next); 1731 1732 error = kthread_add(iscsi_maintenance_thread, is, NULL, NULL, 0, 0, "iscsimt"); 1733 if (error != 0) { 1734 ISCSI_SESSION_WARN(is, "kthread_add(9) failed with error %d", error); 1735 return (error); 1736 } 1737 1738 /* 1739 * Trigger immediate reconnection. 1740 */ 1741 ISCSI_SESSION_LOCK(is); 1742 is->is_waiting_for_iscsid = true; 1743 strlcpy(is->is_reason, "Waiting for iscsid(8)", sizeof(is->is_reason)); 1744 ISCSI_SESSION_UNLOCK(is); 1745 cv_signal(&sc->sc_cv); 1746 1747 sx_xunlock(&sc->sc_lock); 1748 1749 return (0); 1750 } 1751 1752 static bool 1753 iscsi_session_conf_matches(unsigned int id1, const struct iscsi_session_conf *c1, 1754 unsigned int id2, const struct iscsi_session_conf *c2) 1755 { 1756 if (id2 == 0 && c2->isc_target[0] == '\0' && 1757 c2->isc_target_addr[0] == '\0') 1758 return (true); 1759 if (id2 != 0 && id2 == id1) 1760 return (true); 1761 if (c2->isc_target[0] != '\0' && 1762 strcmp(c1->isc_target, c2->isc_target) == 0) 1763 return (true); 1764 if (c2->isc_target_addr[0] != '\0' && 1765 strcmp(c1->isc_target_addr, c2->isc_target_addr) == 0) 1766 return (true); 1767 return (false); 1768 } 1769 1770 static int 1771 iscsi_ioctl_session_remove(struct iscsi_softc *sc, 1772 struct iscsi_session_remove *isr) 1773 { 1774 struct iscsi_session *is, *tmp; 1775 bool found = false; 1776 1777 iscsi_sanitize_session_conf(&isr->isr_conf); 1778 1779 sx_xlock(&sc->sc_lock); 1780 TAILQ_FOREACH_SAFE(is, &sc->sc_sessions, is_next, tmp) { 1781 ISCSI_SESSION_LOCK(is); 1782 if (iscsi_session_conf_matches(is->is_id, &is->is_conf, 1783 isr->isr_session_id, &isr->isr_conf)) { 1784 found = true; 1785 iscsi_session_logout(is); 1786 iscsi_session_terminate(is); 1787 } 1788 ISCSI_SESSION_UNLOCK(is); 1789 } 1790 sx_xunlock(&sc->sc_lock); 1791 1792 if (!found) 1793 return (ESRCH); 1794 1795 return (0); 1796 } 1797 1798 static int 1799 iscsi_ioctl_session_list(struct iscsi_softc *sc, struct iscsi_session_list *isl) 1800 { 1801 int error; 1802 unsigned int i = 0; 1803 struct iscsi_session *is; 1804 struct iscsi_session_state iss; 1805 1806 sx_slock(&sc->sc_lock); 1807 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1808 if (i >= isl->isl_nentries) { 1809 sx_sunlock(&sc->sc_lock); 1810 return (EMSGSIZE); 1811 } 1812 memset(&iss, 0, sizeof(iss)); 1813 memcpy(&iss.iss_conf, &is->is_conf, sizeof(iss.iss_conf)); 1814 iss.iss_id = is->is_id; 1815 strlcpy(iss.iss_target_alias, is->is_target_alias, sizeof(iss.iss_target_alias)); 1816 strlcpy(iss.iss_reason, is->is_reason, sizeof(iss.iss_reason)); 1817 1818 if (is->is_conn->ic_header_crc32c) 1819 iss.iss_header_digest = ISCSI_DIGEST_CRC32C; 1820 else 1821 iss.iss_header_digest = ISCSI_DIGEST_NONE; 1822 1823 if (is->is_conn->ic_data_crc32c) 1824 iss.iss_data_digest = ISCSI_DIGEST_CRC32C; 1825 else 1826 iss.iss_data_digest = ISCSI_DIGEST_NONE; 1827 1828 iss.iss_max_data_segment_length = is->is_max_data_segment_length; 1829 iss.iss_immediate_data = is->is_immediate_data; 1830 iss.iss_connected = is->is_connected; 1831 1832 error = copyout(&iss, isl->isl_pstates + i, sizeof(iss)); 1833 if (error != 0) { 1834 sx_sunlock(&sc->sc_lock); 1835 return (error); 1836 } 1837 i++; 1838 } 1839 sx_sunlock(&sc->sc_lock); 1840 1841 isl->isl_nentries = i; 1842 1843 return (0); 1844 } 1845 1846 static int 1847 iscsi_ioctl_session_modify(struct iscsi_softc *sc, 1848 struct iscsi_session_modify *ism) 1849 { 1850 struct iscsi_session *is; 1851 1852 iscsi_sanitize_session_conf(&ism->ism_conf); 1853 if (iscsi_valid_session_conf(&ism->ism_conf) == false) 1854 return (EINVAL); 1855 1856 sx_xlock(&sc->sc_lock); 1857 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) { 1858 ISCSI_SESSION_LOCK(is); 1859 if (is->is_id == ism->ism_session_id) 1860 break; 1861 ISCSI_SESSION_UNLOCK(is); 1862 } 1863 if (is == NULL) { 1864 sx_xunlock(&sc->sc_lock); 1865 return (ESRCH); 1866 } 1867 sx_xunlock(&sc->sc_lock); 1868 1869 memcpy(&is->is_conf, &ism->ism_conf, sizeof(is->is_conf)); 1870 ISCSI_SESSION_UNLOCK(is); 1871 1872 iscsi_session_reconnect(is); 1873 1874 return (0); 1875 } 1876 1877 static int 1878 iscsi_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int mode, 1879 struct thread *td) 1880 { 1881 struct iscsi_softc *sc; 1882 1883 sc = dev->si_drv1; 1884 1885 switch (cmd) { 1886 case ISCSIDWAIT: 1887 return (iscsi_ioctl_daemon_wait(sc, 1888 (struct iscsi_daemon_request *)arg)); 1889 case ISCSIDHANDOFF: 1890 return (iscsi_ioctl_daemon_handoff(sc, 1891 (struct iscsi_daemon_handoff *)arg)); 1892 case ISCSIDFAIL: 1893 return (iscsi_ioctl_daemon_fail(sc, 1894 (struct iscsi_daemon_fail *)arg)); 1895 #ifdef ICL_KERNEL_PROXY 1896 case ISCSIDCONNECT: 1897 return (iscsi_ioctl_daemon_connect(sc, 1898 (struct iscsi_daemon_connect *)arg)); 1899 case ISCSIDSEND: 1900 return (iscsi_ioctl_daemon_send(sc, 1901 (struct iscsi_daemon_send *)arg)); 1902 case ISCSIDRECEIVE: 1903 return (iscsi_ioctl_daemon_receive(sc, 1904 (struct iscsi_daemon_receive *)arg)); 1905 #endif /* ICL_KERNEL_PROXY */ 1906 case ISCSISADD: 1907 return (iscsi_ioctl_session_add(sc, 1908 (struct iscsi_session_add *)arg)); 1909 case ISCSISREMOVE: 1910 return (iscsi_ioctl_session_remove(sc, 1911 (struct iscsi_session_remove *)arg)); 1912 case ISCSISLIST: 1913 return (iscsi_ioctl_session_list(sc, 1914 (struct iscsi_session_list *)arg)); 1915 case ISCSISMODIFY: 1916 return (iscsi_ioctl_session_modify(sc, 1917 (struct iscsi_session_modify *)arg)); 1918 default: 1919 return (EINVAL); 1920 } 1921 } 1922 1923 static struct iscsi_outstanding * 1924 iscsi_outstanding_find(struct iscsi_session *is, uint32_t initiator_task_tag) 1925 { 1926 struct iscsi_outstanding *io; 1927 1928 ISCSI_SESSION_LOCK_ASSERT(is); 1929 1930 TAILQ_FOREACH(io, &is->is_outstanding, io_next) { 1931 if (io->io_initiator_task_tag == initiator_task_tag) 1932 return (io); 1933 } 1934 return (NULL); 1935 } 1936 1937 static struct iscsi_outstanding * 1938 iscsi_outstanding_find_ccb(struct iscsi_session *is, union ccb *ccb) 1939 { 1940 struct iscsi_outstanding *io; 1941 1942 ISCSI_SESSION_LOCK_ASSERT(is); 1943 1944 TAILQ_FOREACH(io, &is->is_outstanding, io_next) { 1945 if (io->io_ccb == ccb) 1946 return (io); 1947 } 1948 return (NULL); 1949 } 1950 1951 static struct iscsi_outstanding * 1952 iscsi_outstanding_add(struct iscsi_session *is, 1953 uint32_t initiator_task_tag, union ccb *ccb) 1954 { 1955 struct iscsi_outstanding *io; 1956 1957 ISCSI_SESSION_LOCK_ASSERT(is); 1958 1959 KASSERT(iscsi_outstanding_find(is, initiator_task_tag) == NULL, 1960 ("initiator_task_tag 0x%x already added", initiator_task_tag)); 1961 1962 io = uma_zalloc(iscsi_outstanding_zone, M_NOWAIT | M_ZERO); 1963 if (io == NULL) { 1964 ISCSI_SESSION_WARN(is, "failed to allocate %zd bytes", sizeof(*io)); 1965 return (NULL); 1966 } 1967 io->io_initiator_task_tag = initiator_task_tag; 1968 io->io_ccb = ccb; 1969 TAILQ_INSERT_TAIL(&is->is_outstanding, io, io_next); 1970 return (io); 1971 } 1972 1973 static void 1974 iscsi_outstanding_remove(struct iscsi_session *is, struct iscsi_outstanding *io) 1975 { 1976 1977 ISCSI_SESSION_LOCK_ASSERT(is); 1978 1979 TAILQ_REMOVE(&is->is_outstanding, io, io_next); 1980 uma_zfree(iscsi_outstanding_zone, io); 1981 } 1982 1983 static void 1984 iscsi_action_abort(struct iscsi_session *is, union ccb *ccb) 1985 { 1986 struct icl_pdu *request; 1987 struct iscsi_bhs_task_management_request *bhstmr; 1988 struct ccb_abort *cab = &ccb->cab; 1989 struct iscsi_outstanding *io, *aio; 1990 1991 ISCSI_SESSION_LOCK_ASSERT(is); 1992 1993 #if 0 1994 KASSERT(is->is_login_phase == false, ("%s called during Login Phase", __func__)); 1995 #else 1996 if (is->is_login_phase) { 1997 ccb->ccb_h.status = CAM_REQ_ABORTED; 1998 xpt_done(ccb); 1999 return; 2000 } 2001 #endif 2002 2003 aio = iscsi_outstanding_find_ccb(is, cab->abort_ccb); 2004 if (aio == NULL) { 2005 ccb->ccb_h.status = CAM_REQ_CMP; 2006 xpt_done(ccb); 2007 return; 2008 } 2009 2010 request = icl_pdu_new_bhs(is->is_conn, M_NOWAIT); 2011 if (request == NULL) { 2012 ccb->ccb_h.status = CAM_RESRC_UNAVAIL; 2013 xpt_done(ccb); 2014 return; 2015 } 2016 2017 bhstmr = (struct iscsi_bhs_task_management_request *)request->ip_bhs; 2018 bhstmr->bhstmr_opcode = ISCSI_BHS_OPCODE_TASK_REQUEST; 2019 bhstmr->bhstmr_function = 0x80 | BHSTMR_FUNCTION_ABORT_TASK; 2020 2021 bhstmr->bhstmr_lun = htobe64(CAM_EXTLUN_BYTE_SWIZZLE(ccb->ccb_h.target_lun)); 2022 bhstmr->bhstmr_initiator_task_tag = is->is_initiator_task_tag; 2023 is->is_initiator_task_tag++; 2024 bhstmr->bhstmr_referenced_task_tag = aio->io_initiator_task_tag; 2025 2026 io = iscsi_outstanding_add(is, bhstmr->bhstmr_initiator_task_tag, NULL); 2027 if (io == NULL) { 2028 icl_pdu_free(request); 2029 ccb->ccb_h.status = CAM_RESRC_UNAVAIL; 2030 xpt_done(ccb); 2031 return; 2032 } 2033 io->io_datasn = aio->io_initiator_task_tag; 2034 iscsi_pdu_queue_locked(request); 2035 } 2036 2037 static void 2038 iscsi_action_scsiio(struct iscsi_session *is, union ccb *ccb) 2039 { 2040 struct icl_pdu *request; 2041 struct iscsi_bhs_scsi_command *bhssc; 2042 struct ccb_scsiio *csio; 2043 struct iscsi_outstanding *io; 2044 size_t len; 2045 int error; 2046 2047 ISCSI_SESSION_LOCK_ASSERT(is); 2048 2049 #if 0 2050 KASSERT(is->is_login_phase == false, ("%s called during Login Phase", __func__)); 2051 #else 2052 if (is->is_login_phase) { 2053 ISCSI_SESSION_DEBUG(is, "called during login phase"); 2054 if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 2055 xpt_freeze_devq(ccb->ccb_h.path, 1); 2056 ISCSI_SESSION_DEBUG(is, "freezing devq"); 2057 } 2058 ccb->ccb_h.status = CAM_REQ_ABORTED | CAM_DEV_QFRZN; 2059 xpt_done(ccb); 2060 return; 2061 } 2062 #endif 2063 2064 request = icl_pdu_new_bhs(is->is_conn, M_NOWAIT); 2065 if (request == NULL) { 2066 if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 2067 xpt_freeze_devq(ccb->ccb_h.path, 1); 2068 ISCSI_SESSION_DEBUG(is, "freezing devq"); 2069 } 2070 ccb->ccb_h.status = CAM_RESRC_UNAVAIL | CAM_DEV_QFRZN; 2071 xpt_done(ccb); 2072 return; 2073 } 2074 2075 csio = &ccb->csio; 2076 bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs; 2077 bhssc->bhssc_opcode = ISCSI_BHS_OPCODE_SCSI_COMMAND; 2078 bhssc->bhssc_flags |= BHSSC_FLAGS_F; 2079 switch (csio->ccb_h.flags & CAM_DIR_MASK) { 2080 case CAM_DIR_IN: 2081 bhssc->bhssc_flags |= BHSSC_FLAGS_R; 2082 break; 2083 case CAM_DIR_OUT: 2084 bhssc->bhssc_flags |= BHSSC_FLAGS_W; 2085 break; 2086 } 2087 2088 if ((ccb->ccb_h.flags & CAM_TAG_ACTION_VALID) != 0) { 2089 switch (csio->tag_action) { 2090 case MSG_HEAD_OF_Q_TAG: 2091 bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_HOQ; 2092 break; 2093 case MSG_ORDERED_Q_TAG: 2094 bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_ORDERED; 2095 break; 2096 case MSG_ACA_TASK: 2097 bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_ACA; 2098 break; 2099 case MSG_SIMPLE_Q_TAG: 2100 default: 2101 bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_SIMPLE; 2102 break; 2103 } 2104 } else 2105 bhssc->bhssc_flags |= BHSSC_FLAGS_ATTR_UNTAGGED; 2106 2107 bhssc->bhssc_lun = htobe64(CAM_EXTLUN_BYTE_SWIZZLE(ccb->ccb_h.target_lun)); 2108 bhssc->bhssc_initiator_task_tag = is->is_initiator_task_tag; 2109 is->is_initiator_task_tag++; 2110 bhssc->bhssc_expected_data_transfer_length = htonl(csio->dxfer_len); 2111 KASSERT(csio->cdb_len <= sizeof(bhssc->bhssc_cdb), 2112 ("unsupported CDB size %zd", (size_t)csio->cdb_len)); 2113 2114 if (csio->ccb_h.flags & CAM_CDB_POINTER) 2115 memcpy(&bhssc->bhssc_cdb, csio->cdb_io.cdb_ptr, csio->cdb_len); 2116 else 2117 memcpy(&bhssc->bhssc_cdb, csio->cdb_io.cdb_bytes, csio->cdb_len); 2118 2119 io = iscsi_outstanding_add(is, bhssc->bhssc_initiator_task_tag, ccb); 2120 if (io == NULL) { 2121 icl_pdu_free(request); 2122 if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 2123 xpt_freeze_devq(ccb->ccb_h.path, 1); 2124 ISCSI_SESSION_DEBUG(is, "freezing devq"); 2125 } 2126 ccb->ccb_h.status = CAM_RESRC_UNAVAIL | CAM_DEV_QFRZN; 2127 xpt_done(ccb); 2128 return; 2129 } 2130 2131 if (is->is_immediate_data && 2132 (csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT) { 2133 len = csio->dxfer_len; 2134 //ISCSI_SESSION_DEBUG(is, "adding %zd of immediate data", len); 2135 if (len > is->is_first_burst_length) { 2136 ISCSI_SESSION_DEBUG(is, "len %zd -> %zd", len, is->is_first_burst_length); 2137 len = is->is_first_burst_length; 2138 } 2139 2140 error = icl_pdu_append_data(request, csio->data_ptr, len, M_NOWAIT); 2141 if (error != 0) { 2142 icl_pdu_free(request); 2143 if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) { 2144 xpt_freeze_devq(ccb->ccb_h.path, 1); 2145 ISCSI_SESSION_DEBUG(is, "freezing devq"); 2146 } 2147 ccb->ccb_h.status = CAM_RESRC_UNAVAIL | CAM_DEV_QFRZN; 2148 xpt_done(ccb); 2149 return; 2150 } 2151 } 2152 iscsi_pdu_queue_locked(request); 2153 } 2154 2155 static void 2156 iscsi_action(struct cam_sim *sim, union ccb *ccb) 2157 { 2158 struct iscsi_session *is; 2159 2160 is = cam_sim_softc(sim); 2161 2162 ISCSI_SESSION_LOCK_ASSERT(is); 2163 2164 if (is->is_terminating || 2165 (is->is_connected == false && fail_on_disconnection)) { 2166 ccb->ccb_h.status = CAM_DEV_NOT_THERE; 2167 xpt_done(ccb); 2168 return; 2169 } 2170 2171 switch (ccb->ccb_h.func_code) { 2172 case XPT_PATH_INQ: 2173 { 2174 struct ccb_pathinq *cpi = &ccb->cpi; 2175 2176 cpi->version_num = 1; 2177 cpi->hba_inquiry = PI_TAG_ABLE; 2178 cpi->target_sprt = 0; 2179 cpi->hba_misc = PIM_EXTLUNS; 2180 cpi->hba_eng_cnt = 0; 2181 cpi->max_target = 0; 2182 /* 2183 * Note that the variable below is only relevant for targets 2184 * that don't claim compliance with anything above SPC2, which 2185 * means they don't support REPORT_LUNS. 2186 */ 2187 cpi->max_lun = 255; 2188 cpi->initiator_id = ~0; 2189 strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN); 2190 strlcpy(cpi->hba_vid, "iSCSI", HBA_IDLEN); 2191 strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN); 2192 cpi->unit_number = cam_sim_unit(sim); 2193 cpi->bus_id = cam_sim_bus(sim); 2194 cpi->base_transfer_speed = 150000; /* XXX */ 2195 cpi->transport = XPORT_ISCSI; 2196 cpi->transport_version = 0; 2197 cpi->protocol = PROTO_SCSI; 2198 cpi->protocol_version = SCSI_REV_SPC3; 2199 cpi->maxio = MAXPHYS; 2200 cpi->ccb_h.status = CAM_REQ_CMP; 2201 break; 2202 } 2203 case XPT_GET_TRAN_SETTINGS: 2204 { 2205 struct ccb_trans_settings *cts; 2206 struct ccb_trans_settings_scsi *scsi; 2207 2208 cts = &ccb->cts; 2209 scsi = &cts->proto_specific.scsi; 2210 2211 cts->protocol = PROTO_SCSI; 2212 cts->protocol_version = SCSI_REV_SPC3; 2213 cts->transport = XPORT_ISCSI; 2214 cts->transport_version = 0; 2215 scsi->valid = CTS_SCSI_VALID_TQ; 2216 scsi->flags = CTS_SCSI_FLAGS_TAG_ENB; 2217 cts->ccb_h.status = CAM_REQ_CMP; 2218 break; 2219 } 2220 case XPT_CALC_GEOMETRY: 2221 cam_calc_geometry(&ccb->ccg, /*extended*/1); 2222 ccb->ccb_h.status = CAM_REQ_CMP; 2223 break; 2224 #if 0 2225 /* 2226 * XXX: What's the point? 2227 */ 2228 case XPT_RESET_BUS: 2229 case XPT_TERM_IO: 2230 ISCSI_SESSION_DEBUG(is, "faking success for reset, abort, or term_io"); 2231 ccb->ccb_h.status = CAM_REQ_CMP; 2232 break; 2233 #endif 2234 case XPT_ABORT: 2235 iscsi_action_abort(is, ccb); 2236 return; 2237 case XPT_SCSI_IO: 2238 iscsi_action_scsiio(is, ccb); 2239 return; 2240 default: 2241 #if 0 2242 ISCSI_SESSION_DEBUG(is, "got unsupported code 0x%x", ccb->ccb_h.func_code); 2243 #endif 2244 ccb->ccb_h.status = CAM_FUNC_NOTAVAIL; 2245 break; 2246 } 2247 xpt_done(ccb); 2248 } 2249 2250 static void 2251 iscsi_poll(struct cam_sim *sim) 2252 { 2253 2254 KASSERT(0, ("%s: you're not supposed to be here", __func__)); 2255 } 2256 2257 static void 2258 iscsi_shutdown(struct iscsi_softc *sc) 2259 { 2260 struct iscsi_session *is; 2261 2262 ISCSI_DEBUG("removing all sessions due to shutdown"); 2263 2264 sx_slock(&sc->sc_lock); 2265 TAILQ_FOREACH(is, &sc->sc_sessions, is_next) 2266 iscsi_session_terminate(is); 2267 sx_sunlock(&sc->sc_lock); 2268 } 2269 2270 static int 2271 iscsi_load(void) 2272 { 2273 int error; 2274 2275 sc = malloc(sizeof(*sc), M_ISCSI, M_ZERO | M_WAITOK); 2276 sx_init(&sc->sc_lock, "iscsi"); 2277 TAILQ_INIT(&sc->sc_sessions); 2278 cv_init(&sc->sc_cv, "iscsi_cv"); 2279 2280 iscsi_outstanding_zone = uma_zcreate("iscsi_outstanding", 2281 sizeof(struct iscsi_outstanding), NULL, NULL, NULL, NULL, 2282 UMA_ALIGN_PTR, 0); 2283 2284 error = make_dev_p(MAKEDEV_CHECKNAME, &sc->sc_cdev, &iscsi_cdevsw, 2285 NULL, UID_ROOT, GID_WHEEL, 0600, "iscsi"); 2286 if (error != 0) { 2287 ISCSI_WARN("failed to create device node, error %d", error); 2288 return (error); 2289 } 2290 sc->sc_cdev->si_drv1 = sc; 2291 2292 /* 2293 * Note that this needs to get run before dashutdown(). Otherwise, 2294 * when rebooting with iSCSI session with outstanding requests, 2295 * but disconnected, dashutdown() will hang on cam_periph_runccb(). 2296 */ 2297 sc->sc_shutdown_eh = EVENTHANDLER_REGISTER(shutdown_post_sync, 2298 iscsi_shutdown, sc, SHUTDOWN_PRI_FIRST); 2299 2300 return (0); 2301 } 2302 2303 static int 2304 iscsi_unload(void) 2305 { 2306 struct iscsi_session *is, *tmp; 2307 2308 if (sc->sc_cdev != NULL) { 2309 ISCSI_DEBUG("removing device node"); 2310 destroy_dev(sc->sc_cdev); 2311 ISCSI_DEBUG("device node removed"); 2312 } 2313 2314 if (sc->sc_shutdown_eh != NULL) 2315 EVENTHANDLER_DEREGISTER(shutdown_post_sync, sc->sc_shutdown_eh); 2316 2317 sx_slock(&sc->sc_lock); 2318 TAILQ_FOREACH_SAFE(is, &sc->sc_sessions, is_next, tmp) 2319 iscsi_session_terminate(is); 2320 while(!TAILQ_EMPTY(&sc->sc_sessions)) { 2321 ISCSI_DEBUG("waiting for sessions to terminate"); 2322 cv_wait(&sc->sc_cv, &sc->sc_lock); 2323 } 2324 ISCSI_DEBUG("all sessions terminated"); 2325 sx_sunlock(&sc->sc_lock); 2326 2327 uma_zdestroy(iscsi_outstanding_zone); 2328 sx_destroy(&sc->sc_lock); 2329 cv_destroy(&sc->sc_cv); 2330 free(sc, M_ISCSI); 2331 return (0); 2332 } 2333 2334 static int 2335 iscsi_quiesce(void) 2336 { 2337 sx_slock(&sc->sc_lock); 2338 if (!TAILQ_EMPTY(&sc->sc_sessions)) { 2339 sx_sunlock(&sc->sc_lock); 2340 return (EBUSY); 2341 } 2342 sx_sunlock(&sc->sc_lock); 2343 return (0); 2344 } 2345 2346 static int 2347 iscsi_modevent(module_t mod, int what, void *arg) 2348 { 2349 int error; 2350 2351 switch (what) { 2352 case MOD_LOAD: 2353 error = iscsi_load(); 2354 break; 2355 case MOD_UNLOAD: 2356 error = iscsi_unload(); 2357 break; 2358 case MOD_QUIESCE: 2359 error = iscsi_quiesce(); 2360 break; 2361 default: 2362 error = EINVAL; 2363 break; 2364 } 2365 return (error); 2366 } 2367 2368 moduledata_t iscsi_data = { 2369 "iscsi", 2370 iscsi_modevent, 2371 0 2372 }; 2373 2374 DECLARE_MODULE(iscsi, iscsi_data, SI_SUB_DRIVERS, SI_ORDER_MIDDLE); 2375 MODULE_DEPEND(iscsi, cam, 1, 1, 1); 2376 MODULE_DEPEND(iscsi, icl, 1, 1, 1); 2377