1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * iSCSI Pseudo HBA Driver 27 */ 28 29 #include <sys/socket.h> /* networking stuff */ 30 #include <sys/t_kuser.h> /* networking stuff */ 31 #include <sys/tihdr.h> /* networking stuff */ 32 #include <sys/strsubr.h> /* networking stuff */ 33 #include <netinet/tcp.h> /* TCP_NODELAY */ 34 #include <sys/socketvar.h> /* _ALLOC_SLEEP */ 35 #include <sys/strsun.h> /* DB_TYPE() */ 36 37 #include "iscsi.h" /* iscsi driver */ 38 #include <sys/scsi/adapters/iscsi_protocol.h> /* iscsi protocol */ 39 40 /* generic io helpers */ 41 static uint32_t n2h24(uchar_t *ptr); 42 static int iscsi_sna_lt(uint32_t n1, uint32_t n2); 43 static void iscsi_update_flow_control(iscsi_sess_t *isp, 44 uint32_t max, uint32_t exp); 45 46 /* receivers */ 47 static iscsi_status_t iscsi_rx_process_hdr(iscsi_conn_t *icp, 48 iscsi_hdr_t *ihp, char *data, int data_size); 49 static iscsi_status_t iscsi_rx_process_nop(iscsi_conn_t *icp, 50 iscsi_hdr_t *ihp, char *data); 51 static iscsi_status_t iscsi_rx_process_data_rsp(iscsi_conn_t *icp, 52 iscsi_hdr_t *ihp); 53 static iscsi_status_t iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, 54 iscsi_hdr_t *ihp, char *data); 55 static iscsi_status_t iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, 56 iscsi_hdr_t *ihp, char *data); 57 static iscsi_status_t iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 58 iscsi_hdr_t *ihp, char *data); 59 static iscsi_status_t iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 60 iscsi_hdr_t *old_ihp); 61 static iscsi_status_t iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, 62 iscsi_hdr_t *ihp, iscsi_cmd_t **icmdp); 63 static iscsi_status_t iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 64 iscsi_hdr_t *ihp, void *data); 65 static iscsi_status_t iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, 66 iscsi_hdr_t *ihp, char *data); 67 static iscsi_status_t iscsi_rx_process_async_rsp(iscsi_conn_t *icp, 68 iscsi_hdr_t *ihp, char *data); 69 static iscsi_status_t iscsi_rx_process_text_rsp(iscsi_conn_t *icp, 70 iscsi_hdr_t *ihp, char *data); 71 72 73 /* senders */ 74 static iscsi_status_t iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 75 static iscsi_status_t iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 76 static iscsi_status_t iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, 77 iscsi_cmd_t *icmdp, uint32_t ttt, size_t datalen, size_t offset); 78 static iscsi_status_t iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 79 static iscsi_status_t iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 80 static iscsi_status_t iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 81 static iscsi_status_t iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 82 static iscsi_status_t iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 83 84 85 /* helpers */ 86 static void iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 87 uint32_t offset, uint32_t length, uint32_t ttt); 88 static void iscsi_handle_passthru_callback(struct scsi_pkt *pkt); 89 static void iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt); 90 91 static void iscsi_timeout_checks(iscsi_sess_t *isp); 92 static void iscsi_nop_checks(iscsi_sess_t *isp); 93 94 95 #define ISCSI_CONN_TO_NET_DIGEST(icp) \ 96 ((icp->conn_params.header_digest ? ISCSI_NET_HEADER_DIGEST : 0) | \ 97 (icp->conn_params.data_digest ? ISCSI_NET_DATA_DIGEST : 0)) 98 99 /* 100 * This file contains the main guts of the iSCSI protocol layer. 101 * It's broken into 5 sections; Basic helper functions, RX IO path, 102 * TX IO path, Completion (IC) IO path, and watchdog (WD) routines. 103 * 104 * The IO flow model is similiar to the below diagram. The 105 * iscsi session, connection and command state machines are used 106 * to drive IO through this flow diagram. Reference those files 107 * to get a detailed description of their respective state models 108 * prior to their xxx_state_machine_function(). 109 * 110 * tran_start() -> CMD_E1 TX_THREAD RX_THREAD 111 * | T T 112 * V T T 113 * PENDING_Q --CMD_E2--> ACTIVE_Q - --CMD_E3--+ 114 * T \ C T | 115 * T \M T | 116 * D T | 117 * WD_THREAD TT|TT T | 118 * /E T | 119 * / 6 T | 120 * ABORTING_Q<- --CMD_E3--+ 121 * T | 122 * T T | 123 * T | 124 * callback() <--CMD_E#-- COMPLETION_Q <------------+ 125 * T 126 * T 127 * IC_THREAD 128 * 129 * External and internal command are ran thru this same state 130 * machine. All commands enter the state machine by receiving an 131 * ISCSI_CMD_EVENT_E1. This event places the command into the 132 * PENDING_Q. Next when resources are available the TX_THREAD 133 * issues a E2 event on the command. This sends the command 134 * to the TCP stack and places the command on the ACTIVE_Q. While 135 * on the PENDIING_Q and ACTIVE_Q, the command is monitored via the 136 * WD_THREAD to ensure the pkt_time has not elapsed. If elapsed the 137 * command is issued an E6(timeout) event which moves either (if pending) 138 * completed the command or (if active) moves the command to the 139 * aborting queue and issues a SCSI TASK MANAGEMENT ABORT command 140 * to cancel the IO request. If the original command is completed 141 * or the TASK MANAGEMENT command completes the command is moved 142 * to the COMPLETION_Q via a E3 event. The IC_THREAD then processes 143 * the COMPLETION_Q and issues the scsi_pkt callback. This 144 * callback can not be processed directly from the RX_THREAD 145 * because the callback might call back into the iscsi driver 146 * causing a deadlock condition. 147 * 148 * For more details on the complete CMD state machine reference 149 * the state machine diagram in iscsi_cmd.c. The connection state 150 * machine is driven via IO events in this file. Then session 151 * events are driven by the connection events. For complete 152 * details on these state machines reference iscsi_sess.c and 153 * iscsi_conn.c 154 */ 155 156 157 /* 158 * +--------------------------------------------------------------------+ 159 * | io helper routines | 160 * +--------------------------------------------------------------------+ 161 */ 162 163 /* 164 * n2h24 - native to host 24 bit integer translation. 165 */ 166 static uint32_t 167 n2h24(uchar_t *ptr) 168 { 169 uint32_t idx; 170 bcopy(ptr, &idx, 3); 171 return (ntohl(idx) >> 8); 172 } 173 174 /* 175 * iscsi_sna_lt - Serial Number Arithmetic, 32 bits, less than, RFC1982 176 */ 177 static int 178 iscsi_sna_lt(uint32_t n1, uint32_t n2) 179 { 180 return ((n1 != n2) && 181 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 182 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 183 } 184 185 /* 186 * iscsi_sna_lte - Serial Number Arithmetic, 32 bits, less than or equal, 187 * RFC1982 188 */ 189 int 190 iscsi_sna_lte(uint32_t n1, uint32_t n2) 191 { 192 return ((n1 == n2) || 193 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 194 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 195 } 196 197 /* 198 * iscsi_update_flow_control - Update expcmdsn and maxcmdsn iSCSI 199 * flow control information for a session 200 */ 201 static void 202 iscsi_update_flow_control(iscsi_sess_t *isp, uint32_t max, uint32_t exp) 203 { 204 ASSERT(isp != NULL); 205 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 206 207 if (!iscsi_sna_lt(max, (exp - 1))) { 208 209 if (!iscsi_sna_lte(exp, isp->sess_expcmdsn)) { 210 isp->sess_expcmdsn = exp; 211 } 212 213 if (!iscsi_sna_lte(max, isp->sess_maxcmdsn)) { 214 isp->sess_maxcmdsn = max; 215 if (iscsi_sna_lte(isp->sess_cmdsn, 216 isp->sess_maxcmdsn)) { 217 /* 218 * the window is open again - schedule 219 * to send any held tasks soon 220 */ 221 iscsi_sess_redrive_io(isp); 222 } 223 } 224 } 225 } 226 227 228 /* 229 * +--------------------------------------------------------------------+ 230 * | io receive and processing routines | 231 * +--------------------------------------------------------------------+ 232 */ 233 234 /* 235 * iscsi_rx_thread - The connection creates a thread of this 236 * function during login. After which point this thread is 237 * used to receive and process all iSCSI PDUs on this connection. 238 * The PDUs received on this connection are used to drive the 239 * commands through their state machine. This thread will 240 * continue processing while the connection is on a LOGGED_IN 241 * or IN_LOGOUT state. Once the connection moves out of this 242 * state the thread will die. 243 */ 244 void 245 iscsi_rx_thread(iscsi_thread_t *thread, void *arg) 246 { 247 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 248 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 249 iscsi_sess_t *isp = NULL; 250 char *hdr = NULL; 251 int hdr_size = 0; 252 char *data = NULL; 253 int data_size = 0; 254 iscsi_hdr_t *ihp; 255 256 ASSERT(icp != NULL); 257 isp = icp->conn_sess; 258 ASSERT(isp != NULL); 259 260 /* pre-alloc recv header buffer for common actions */ 261 hdr_size = sizeof (iscsi_hdr_t) + 255; /* 255 = one byte hlength */ 262 hdr = (char *)kmem_zalloc(hdr_size, KM_SLEEP); 263 ihp = (iscsi_hdr_t *)hdr; 264 ASSERT(ihp != NULL); 265 266 /* pre-alloc max_recv_size buffer for common actions */ 267 data_size = icp->conn_params.max_recv_data_seg_len; 268 data = (char *)kmem_zalloc(data_size, KM_SLEEP); 269 ASSERT(data != NULL); 270 271 do { 272 /* Wait for the next iSCSI header */ 273 rval = iscsi_net->recvhdr(icp->conn_socket, 274 ihp, hdr_size, 0, (icp->conn_params.header_digest ? 275 ISCSI_NET_HEADER_DIGEST : 0)); 276 if (ISCSI_SUCCESS(rval)) { 277 isp->sess_rx_lbolt = 278 icp->conn_rx_lbolt = 279 ddi_get_lbolt(); 280 281 /* Perform specific hdr handling */ 282 rval = iscsi_rx_process_hdr(icp, ihp, 283 data, data_size); 284 } 285 286 /* 287 * handle failures 288 */ 289 switch (rval) { 290 case ISCSI_STATUS_SUCCESS: 291 /* 292 * If we successfully completed a receive 293 * and we are in an IN_FLUSH state then 294 * check the active queue count to see 295 * if its empty. If its empty then force 296 * a disconnect event on the connection. 297 * This will move the session from IN_FLUSH 298 * to FLUSHED and complete the login 299 * parameter update. 300 */ 301 if ((isp->sess_state == ISCSI_SESS_STATE_IN_FLUSH) && 302 (icp->conn_queue_active.count == 0)) { 303 mutex_enter(&icp->conn_state_mutex); 304 (void) iscsi_conn_state_machine(icp, 305 ISCSI_CONN_EVENT_T14); 306 mutex_exit(&icp->conn_state_mutex); 307 } 308 break; 309 case ISCSI_STATUS_TCP_RX_ERROR: 310 /* connection had an error */ 311 mutex_enter(&icp->conn_state_mutex); 312 (void) iscsi_conn_state_machine(icp, 313 ISCSI_CONN_EVENT_T15); 314 mutex_exit(&icp->conn_state_mutex); 315 break; 316 case ISCSI_STATUS_HEADER_DIGEST_ERROR: 317 /* 318 * If we encounter a digest error we have to restart 319 * all the connections on this session. per iSCSI 320 * Level 0 Recovery. 321 */ 322 KSTAT_INC_CONN_ERR_HEADER_DIGEST(icp); 323 mutex_enter(&icp->conn_state_mutex); 324 (void) iscsi_conn_state_machine(icp, 325 ISCSI_CONN_EVENT_T14); 326 mutex_exit(&icp->conn_state_mutex); 327 break; 328 case ISCSI_STATUS_DATA_DIGEST_ERROR: 329 /* 330 * We can continue with a data digest error. The 331 * icmdp was flaged as having a crc problem. It 332 * will be aborted when all data is received. This 333 * saves us from restarting the session when we 334 * might be able to keep it going. If the data 335 * digest issue was really bad we will hit a 336 * status protocol error on the next pdu, which 337 * will force a connection retstart. 338 */ 339 KSTAT_INC_CONN_ERR_DATA_DIGEST(icp); 340 break; 341 case ISCSI_STATUS_PROTOCOL_ERROR: 342 /* 343 * A protocol problem was encountered. Reset 344 * session to try and repair issue. 345 */ 346 KSTAT_INC_CONN_ERR_PROTOCOL(icp); 347 mutex_enter(&icp->conn_state_mutex); 348 (void) iscsi_conn_state_machine(icp, 349 ISCSI_CONN_EVENT_T14); 350 mutex_exit(&icp->conn_state_mutex); 351 break; 352 case ISCSI_STATUS_INTERNAL_ERROR: 353 /* 354 * These should have all been handled before now. 355 */ 356 break; 357 default: 358 cmn_err(CE_WARN, "iscsi connection(%u) encountered " 359 "unknown error(%d) on a receive", icp->conn_oid, 360 rval); 361 ASSERT(B_FALSE); 362 } 363 364 } while ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 365 (iscsi_thread_wait(thread, 0) != 0)); 366 367 kmem_free(hdr, hdr_size); 368 kmem_free(data, data_size); 369 } 370 371 372 /* 373 * iscsi_rx_process_hdr - This function collects data for all PDUs 374 * that do not have data that will be mapped to a specific scsi_pkt. 375 * Then for each hdr type fan out the processing. 376 */ 377 static iscsi_status_t 378 iscsi_rx_process_hdr(iscsi_conn_t *icp, iscsi_hdr_t *ihp, 379 char *data, int data_size) 380 { 381 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 382 iscsi_sess_t *isp = NULL; 383 384 ASSERT(icp != NULL); 385 ASSERT(ihp != NULL); 386 ASSERT(data != NULL); 387 isp = icp->conn_sess; 388 ASSERT(isp != NULL); 389 390 /* If this is not a SCSI_DATA_RSP we can go ahead and get the data */ 391 if ((ihp->opcode & ISCSI_OPCODE_MASK) != ISCSI_OP_SCSI_DATA_RSP) { 392 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 393 data, data_size, 0, (icp->conn_params.data_digest) ? 394 ISCSI_NET_DATA_DIGEST : 0); 395 if (!ISCSI_SUCCESS(rval)) { 396 return (rval); 397 } 398 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 399 } 400 401 /* fan out the hdr processing */ 402 switch (ihp->opcode & ISCSI_OPCODE_MASK) { 403 case ISCSI_OP_SCSI_DATA_RSP: 404 rval = iscsi_rx_process_data_rsp(icp, ihp); 405 break; 406 case ISCSI_OP_SCSI_RSP: 407 rval = iscsi_rx_process_cmd_rsp(icp, ihp, data); 408 break; 409 case ISCSI_OP_RTT_RSP: 410 rval = iscsi_rx_process_rtt_rsp(icp, ihp, data); 411 break; 412 case ISCSI_OP_NOOP_IN: 413 rval = iscsi_rx_process_nop(icp, ihp, data); 414 break; 415 case ISCSI_OP_REJECT_MSG: 416 rval = iscsi_rx_process_reject_rsp(icp, ihp, data); 417 break; 418 case ISCSI_OP_SCSI_TASK_MGT_RSP: 419 rval = iscsi_rx_process_task_mgt_rsp(icp, ihp, data); 420 break; 421 case ISCSI_OP_LOGOUT_RSP: 422 rval = iscsi_rx_process_logout_rsp(icp, ihp, data); 423 break; 424 case ISCSI_OP_ASYNC_EVENT: 425 rval = iscsi_rx_process_async_rsp(icp, ihp, data); 426 break; 427 case ISCSI_OP_TEXT_RSP: 428 rval = iscsi_rx_process_text_rsp(icp, ihp, data); 429 break; 430 default: 431 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 432 "received an unsupported opcode 0x%02x", 433 icp->conn_oid, ihp->opcode); 434 rval = ISCSI_STATUS_PROTOCOL_ERROR; 435 } 436 437 return (rval); 438 } 439 440 441 /* 442 * iscsi_rx_process_data_rsp - Processed received data header. Once 443 * header is processed we read data off the connection directly into 444 * the scsi_pkt to avoid duplicate bcopy of a large amount of data. 445 * If this is the final data sequence denoted by the data response 446 * PDU Status bit being set. We will not receive the SCSI response. 447 * This bit denotes that the PDU is the successful completion of the 448 * command. In this case complete the command. If This bit isn't 449 * set we wait for more data or a scsi command response. 450 */ 451 static iscsi_status_t 452 iscsi_rx_process_data_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp) 453 { 454 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 455 iscsi_sess_t *isp = NULL; 456 iscsi_data_rsp_hdr_t *idrhp = (iscsi_data_rsp_hdr_t *)ihp; 457 iscsi_cmd_t *icmdp = NULL; 458 struct scsi_pkt *pkt = NULL; 459 struct buf *bp = NULL; 460 uint32_t offset = 0; 461 uint32_t dlength = 0; 462 char *bcp = NULL; 463 464 ASSERT(icp != NULL); 465 ASSERT(ihp != NULL); 466 isp = icp->conn_sess; 467 ASSERT(isp != NULL); 468 469 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 470 /* make sure we got status in order */ 471 if (icp->conn_expstatsn == ntohl(idrhp->statsn)) { 472 icp->conn_expstatsn++; 473 } else { 474 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 475 "- received status out of order itt:0x%x " 476 "statsn:0x%x expstatsn:0x%x", icp->conn_oid, 477 idrhp->itt, ntohl(idrhp->statsn), 478 icp->conn_expstatsn); 479 return (ISCSI_STATUS_PROTOCOL_ERROR); 480 } 481 } 482 483 /* match itt in the session's command table */ 484 mutex_enter(&icp->conn_queue_active.mutex); 485 mutex_enter(&isp->sess_cmdsn_mutex); 486 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 487 mutex_exit(&isp->sess_cmdsn_mutex); 488 mutex_exit(&icp->conn_queue_active.mutex); 489 return (ISCSI_STATUS_PROTOCOL_ERROR); 490 } 491 /* 492 * Holding the pending/active queue locks across the 493 * iscsi_rx_data call later in this function may cause 494 * deadlock during fault injections. Instead remove 495 * the cmd from the active queue and release the locks. 496 * Then before returning or completing the command 497 * return the cmd to the active queue and reacquire 498 * the locks. 499 */ 500 iscsi_dequeue_active_cmd(icp, icmdp); 501 502 /* update expcmdsn and maxcmdsn */ 503 iscsi_update_flow_control(isp, ntohl(idrhp->maxcmdsn), 504 ntohl(idrhp->expcmdsn)); 505 mutex_exit(&isp->sess_cmdsn_mutex); 506 mutex_exit(&icp->conn_queue_active.mutex); 507 508 /* shorthand some values */ 509 pkt = icmdp->cmd_un.scsi.pkt; 510 bp = icmdp->cmd_un.scsi.bp; 511 offset = ntohl(idrhp->offset); 512 dlength = n2h24(idrhp->dlength); 513 514 /* 515 * some poorly behaved targets have been observed 516 * sending data-in pdu's during a write operation 517 */ 518 if (bp != NULL) { 519 if (!(bp->b_flags & B_READ)) { 520 cmn_err(CE_WARN, 521 "iscsi connection(%u) protocol error - " 522 "received data response during write operation " 523 "itt:0x%x", 524 icp->conn_oid, idrhp->itt); 525 mutex_enter(&icp->conn_queue_active.mutex); 526 iscsi_enqueue_active_cmd(icp, icmdp); 527 mutex_exit(&icp->conn_queue_active.mutex); 528 return (ISCSI_STATUS_PROTOCOL_ERROR); 529 } 530 531 /* 532 * We can't tolerate the target sending too much 533 * data for our buffer 534 */ 535 if ((dlength > 536 (bp->b_bcount - icmdp->cmd_un.scsi.data_transferred)) || 537 (dlength > (bp->b_bcount - offset))) { 538 cmn_err(CE_WARN, 539 "iscsi connection(%u) protocol error - " 540 "received too much data itt:0x%x", 541 icp->conn_oid, idrhp->itt); 542 mutex_enter(&icp->conn_queue_active.mutex); 543 iscsi_enqueue_active_cmd(icp, icmdp); 544 mutex_exit(&icp->conn_queue_active.mutex); 545 return (ISCSI_STATUS_PROTOCOL_ERROR); 546 } 547 548 bcp = ((char *)bp->b_un.b_addr) + offset; 549 550 /* 551 * Get the rest of the data and copy it directly into 552 * the scsi_pkt. 553 */ 554 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 555 bcp, dlength, 0, (icp->conn_params.data_digest ? 556 ISCSI_NET_DATA_DIGEST : 0)); 557 if (ISCSI_SUCCESS(rval)) { 558 KSTAT_ADD_CONN_RX_BYTES(icp, dlength); 559 } else { 560 /* If digest error flag icmdp with a crc error */ 561 if (rval == ISCSI_STATUS_DATA_DIGEST_ERROR) { 562 icmdp->cmd_crc_error_seen = B_TRUE; 563 } 564 mutex_enter(&icp->conn_queue_active.mutex); 565 iscsi_enqueue_active_cmd(icp, icmdp); 566 mutex_exit(&icp->conn_queue_active.mutex); 567 return (rval); 568 } 569 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 570 571 /* update icmdp statistics */ 572 icmdp->cmd_un.scsi.data_transferred += dlength; 573 } 574 575 /* 576 * We got status. This should only happen if we have 577 * received all the data with no errors. The command 578 * must be completed now, since we won't get a command 579 * response PDU. The cmd_status and residual_count are 580 * not meaningful unless status_present is set. 581 */ 582 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 583 pkt->pkt_resid = 0; 584 /* Check the residual count */ 585 if (bp && 586 (icmdp->cmd_un.scsi.data_transferred != 587 bp->b_bcount)) { 588 /* 589 * We didn't xfer the expected amount of data - 590 * the residual_count in the header is only valid 591 * if the underflow flag is set. 592 */ 593 if (idrhp->flags & ISCSI_FLAG_DATA_UNDERFLOW) { 594 pkt->pkt_resid = ntohl(idrhp->residual_count); 595 } else { 596 if (bp->b_bcount > 597 icmdp->cmd_un.scsi.data_transferred) { 598 /* Some data fell on the floor somehw */ 599 pkt->pkt_resid = 600 bp->b_bcount - 601 icmdp->cmd_un.scsi.data_transferred; 602 } 603 } 604 } 605 606 pkt->pkt_reason = CMD_CMPLT; 607 pkt->pkt_state |= (STATE_XFERRED_DATA | STATE_GOT_STATUS); 608 609 if (((idrhp->cmd_status & STATUS_MASK) != STATUS_GOOD) && 610 (icmdp->cmd_un.scsi.statuslen >= 611 sizeof (struct scsi_arq_status)) && pkt->pkt_scbp) { 612 613 /* 614 * Not supposed to get exception status here! 615 * We have no request sense data so just do the 616 * best we can 617 */ 618 struct scsi_arq_status *arqstat = 619 (struct scsi_arq_status *)pkt->pkt_scbp; 620 621 622 bzero(arqstat, sizeof (struct scsi_arq_status)); 623 624 *((uchar_t *)&arqstat->sts_status) = 625 idrhp->cmd_status; 626 627 arqstat->sts_rqpkt_resid = 628 sizeof (struct scsi_extended_sense); 629 630 } else if (pkt->pkt_scbp) { 631 /* just pass along the status we got */ 632 pkt->pkt_scbp[0] = idrhp->cmd_status; 633 } 634 635 mutex_enter(&icp->conn_queue_active.mutex); 636 iscsi_enqueue_active_cmd(icp, icmdp); 637 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 638 mutex_exit(&icp->conn_queue_active.mutex); 639 } else { 640 mutex_enter(&icp->conn_queue_active.mutex); 641 iscsi_enqueue_active_cmd(icp, icmdp); 642 mutex_exit(&icp->conn_queue_active.mutex); 643 } 644 645 return (ISCSI_STATUS_SUCCESS); 646 } 647 648 649 /* 650 * iscsi_rx_process_cmd_rsp - Process received scsi command response. This 651 * will contain sense data if the command was not successful. This data needs 652 * to be copied into the scsi_pkt. Otherwise we just complete the IO. 653 */ 654 static iscsi_status_t 655 iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 656 { 657 iscsi_sess_t *isp = icp->conn_sess; 658 iscsi_scsi_rsp_hdr_t *issrhp = (iscsi_scsi_rsp_hdr_t *)ihp; 659 iscsi_cmd_t *icmdp = NULL; 660 struct scsi_pkt *pkt = NULL; 661 uint32_t dlength = 0; 662 struct scsi_arq_status *arqstat = NULL; 663 size_t senselen = 0; 664 665 /* make sure we get status in order */ 666 if (icp->conn_expstatsn == ntohl(issrhp->statsn)) { 667 icp->conn_expstatsn++; 668 } else { 669 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 670 "received status out of order itt:0x%x statsn:0x%x " 671 "expstatsn:0x%x", icp->conn_oid, issrhp->itt, 672 ntohl(issrhp->statsn), icp->conn_expstatsn); 673 return (ISCSI_STATUS_PROTOCOL_ERROR); 674 } 675 676 mutex_enter(&icp->conn_queue_active.mutex); 677 mutex_enter(&isp->sess_cmdsn_mutex); 678 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 679 mutex_exit(&isp->sess_cmdsn_mutex); 680 mutex_exit(&icp->conn_queue_active.mutex); 681 return (ISCSI_STATUS_PROTOCOL_ERROR); 682 } 683 684 /* update expcmdsn and maxcmdsn */ 685 iscsi_update_flow_control(isp, ntohl(issrhp->maxcmdsn), 686 ntohl(issrhp->expcmdsn)); 687 mutex_exit(&isp->sess_cmdsn_mutex); 688 689 pkt = icmdp->cmd_un.scsi.pkt; 690 691 if (issrhp->response) { 692 /* The target failed the command. */ 693 pkt->pkt_reason = CMD_TRAN_ERR; 694 if (icmdp->cmd_un.scsi.bp) { 695 pkt->pkt_resid = icmdp->cmd_un.scsi.bp->b_bcount; 696 } else { 697 pkt->pkt_resid = 0; 698 } 699 } else { 700 /* success */ 701 pkt->pkt_resid = 0; 702 /* Check the residual count */ 703 if ((icmdp->cmd_un.scsi.bp) && 704 (icmdp->cmd_un.scsi.data_transferred != 705 icmdp->cmd_un.scsi.bp->b_bcount)) { 706 /* 707 * We didn't xfer the expected amount of data - 708 * the residual_count in the header is only 709 * valid if the underflow flag is set. 710 */ 711 if (issrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 712 pkt->pkt_resid = ntohl(issrhp->residual_count); 713 } else { 714 if (icmdp->cmd_un.scsi.bp->b_bcount > 715 icmdp->cmd_un.scsi.data_transferred) { 716 /* 717 * Some data fell on the floor 718 * somehow - probably a CRC error 719 */ 720 pkt->pkt_resid = 721 icmdp->cmd_un.scsi.bp->b_bcount - 722 icmdp->cmd_un.scsi.data_transferred; 723 } 724 } 725 } 726 727 /* set flags that tell SCSA that the command is complete */ 728 if (icmdp->cmd_crc_error_seen == B_FALSE) { 729 /* Set successful completion */ 730 pkt->pkt_reason = CMD_CMPLT; 731 if (icmdp->cmd_un.scsi.bp) { 732 pkt->pkt_state |= (STATE_XFERRED_DATA | 733 STATE_GOT_STATUS); 734 } else { 735 pkt->pkt_state |= STATE_GOT_STATUS; 736 } 737 } else { 738 /* 739 * Some of the data was found to have an incorrect 740 * error at the protocol error. 741 */ 742 pkt->pkt_reason = CMD_PER_FAIL; 743 pkt->pkt_statistics |= STAT_PERR; 744 if (icmdp->cmd_un.scsi.bp) { 745 pkt->pkt_resid = 746 icmdp->cmd_un.scsi.bp->b_bcount; 747 } else { 748 pkt->pkt_resid = 0; 749 } 750 } 751 752 dlength = n2h24(issrhp->dlength); 753 754 /* 755 * Process iSCSI Cmd Response Status 756 * RFC 3720 Sectionn 10.4.2. 757 */ 758 switch (issrhp->cmd_status & STATUS_MASK) { 759 case STATUS_GOOD: 760 /* pass SCSI status up stack */ 761 if (pkt->pkt_scbp) { 762 pkt->pkt_scbp[0] = issrhp->cmd_status; 763 } 764 break; 765 case STATUS_CHECK: 766 /* 767 * Verify we received a sense buffer and 768 * that there is the correct amount of 769 * request sense space to copy it to. 770 */ 771 if ((dlength > 1) && 772 (pkt->pkt_scbp != NULL) && 773 (icmdp->cmd_un.scsi.statuslen >= 774 sizeof (struct scsi_arq_status))) { 775 /* 776 * If a bad command status is received we 777 * need to reset the pkt_resid to zero. 778 * The target driver compares its value 779 * before checking other error flags. 780 * (ex. check conditions) 781 */ 782 pkt->pkt_resid = 0; 783 784 /* get sense length from first 2 bytes */ 785 senselen = ((data[0] << 8) | data[1]) & 786 (size_t)0xFFFF; 787 788 /* Sanity-check on the sense length */ 789 if ((senselen + 2) > dlength) { 790 senselen = dlength - 2; 791 } 792 793 /* 794 * If there was a Data Digest error then 795 * the sense data cannot be trusted. 796 */ 797 if (icmdp->cmd_crc_error_seen) { 798 senselen = 0; 799 } 800 801 /* automatic request sense */ 802 arqstat = 803 (struct scsi_arq_status *)pkt->pkt_scbp; 804 805 /* pass SCSI status up stack */ 806 *((uchar_t *)&arqstat->sts_status) = 807 issrhp->cmd_status; 808 809 /* 810 * Set the status for the automatic 811 * request sense command 812 */ 813 arqstat->sts_rqpkt_state = (STATE_GOT_BUS | 814 STATE_GOT_TARGET | STATE_SENT_CMD | 815 STATE_XFERRED_DATA | STATE_GOT_STATUS | 816 STATE_ARQ_DONE); 817 818 *((uchar_t *)&arqstat->sts_rqpkt_status) = 819 STATUS_GOOD; 820 821 arqstat->sts_rqpkt_reason = CMD_CMPLT; 822 823 if (senselen == 0) { 824 /* auto request sense failed */ 825 arqstat->sts_rqpkt_status.sts_chk = 1; 826 arqstat->sts_rqpkt_resid = 827 sizeof (struct scsi_extended_sense); 828 } else if (senselen < 829 sizeof (struct scsi_extended_sense)) { 830 /* auto request sense short */ 831 arqstat->sts_rqpkt_resid = 832 sizeof (struct scsi_extended_sense) 833 - senselen; 834 } else { 835 /* auto request sense complete */ 836 arqstat->sts_rqpkt_resid = 0; 837 } 838 arqstat->sts_rqpkt_statistics = 0; 839 pkt->pkt_state |= STATE_ARQ_DONE; 840 841 /* copy auto request sense */ 842 dlength = min(senselen, 843 sizeof (struct scsi_extended_sense)); 844 if (dlength) { 845 bcopy(&data[2], (uchar_t *)&arqstat-> 846 sts_sensedata, dlength); 847 } 848 break; 849 } 850 /* FALLTHRU */ 851 case STATUS_BUSY: 852 case STATUS_RESERVATION_CONFLICT: 853 case STATUS_QFULL: 854 case STATUS_ACA_ACTIVE: 855 default: 856 /* 857 * If a bad command status is received we need to 858 * reset the pkt_resid to zero. The target driver 859 * compares its value before checking other error 860 * flags. (ex. check conditions) 861 */ 862 pkt->pkt_resid = 0; 863 /* pass SCSI status up stack */ 864 if (pkt->pkt_scbp) { 865 pkt->pkt_scbp[0] = issrhp->cmd_status; 866 } 867 } 868 } 869 870 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 871 mutex_exit(&icp->conn_queue_active.mutex); 872 873 return (ISCSI_STATUS_SUCCESS); 874 } 875 876 /* 877 * iscsi_rx_process_rtt_rsp - Process received RTT. This means the target is 878 * requesting data. 879 */ 880 /* ARGSUSED */ 881 static iscsi_status_t 882 iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 883 { 884 iscsi_sess_t *isp = (iscsi_sess_t *)icp->conn_sess; 885 iscsi_rtt_hdr_t *irhp = (iscsi_rtt_hdr_t *)ihp; 886 iscsi_cmd_t *icmdp = NULL; 887 struct buf *bp = NULL; 888 uint32_t data_length; 889 iscsi_status_t status = ISCSI_STATUS_PROTOCOL_ERROR; 890 891 892 mutex_enter(&isp->sess_queue_pending.mutex); 893 mutex_enter(&icp->conn_queue_active.mutex); 894 mutex_enter(&isp->sess_cmdsn_mutex); 895 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 896 mutex_exit(&isp->sess_cmdsn_mutex); 897 mutex_exit(&icp->conn_queue_active.mutex); 898 mutex_exit(&isp->sess_queue_pending.mutex); 899 return (status); 900 } 901 902 /* update expcmdsn and maxcmdsn */ 903 iscsi_update_flow_control(isp, ntohl(irhp->maxcmdsn), 904 ntohl(irhp->expcmdsn)); 905 mutex_enter(&icmdp->cmd_mutex); 906 mutex_exit(&isp->sess_cmdsn_mutex); 907 908 bp = icmdp->cmd_un.scsi.bp; 909 data_length = ntohl(irhp->data_length); 910 911 /* 912 * Perform boundary-checks per RFC 3720 (section 10.8.4). 913 * The Desired Data Transfer Length must satisfy this relation: 914 * 915 * 0 < Desired Data Transfer Length <= MaxBurstLength 916 */ 917 if ((bp == NULL) || (data_length == 0)) { 918 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 919 "has no data itt:0x%x - protocol error", icp->conn_oid, 920 irhp->itt); 921 } else if (data_length > icp->conn_params.max_burst_length) { 922 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 923 "is larger than MaxBurstLength itt:0x%x len:0x%x - " 924 "protocol error", 925 icp->conn_oid, irhp->itt, data_length); 926 } else { 927 iscsi_handle_r2t(icp, icmdp, ntohl(irhp->data_offset), 928 data_length, irhp->ttt); 929 status = ISCSI_STATUS_SUCCESS; 930 } 931 932 mutex_exit(&icmdp->cmd_mutex); 933 mutex_exit(&icp->conn_queue_active.mutex); 934 mutex_exit(&isp->sess_queue_pending.mutex); 935 936 return (status); 937 } 938 939 940 /* 941 * iscsi_rx_process_nop - Process a received nop. If nop is in response 942 * to a ping we sent update stats. If initiated by the target we need 943 * to response back to the target with a nop. Schedule the response. 944 */ 945 /* ARGSUSED */ 946 static iscsi_status_t 947 iscsi_rx_process_nop(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 948 { 949 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 950 iscsi_sess_t *isp = NULL; 951 iscsi_nop_in_hdr_t *inihp = (iscsi_nop_in_hdr_t *)ihp; 952 iscsi_cmd_t *icmdp = NULL; 953 954 ASSERT(icp != NULL); 955 ASSERT(ihp != NULL); 956 /* ASSERT(data != NULL) data is allowed to be NULL */ 957 isp = icp->conn_sess; 958 ASSERT(isp != NULL); 959 960 if (icp->conn_expstatsn != ntohl(inihp->statsn)) { 961 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 962 "received status out of order itt:0x%x statsn:0x%x " 963 "expstatsn:0x%x", icp->conn_oid, inihp->itt, 964 ntohl(inihp->statsn), icp->conn_expstatsn); 965 return (ISCSI_STATUS_PROTOCOL_ERROR); 966 } 967 968 mutex_enter(&isp->sess_queue_pending.mutex); 969 mutex_enter(&icp->conn_queue_active.mutex); 970 mutex_enter(&isp->sess_cmdsn_mutex); 971 if (inihp->itt != ISCSI_RSVD_TASK_TAG) { 972 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 973 isp, ihp, &icmdp))) { 974 mutex_exit(&isp->sess_cmdsn_mutex); 975 mutex_exit(&icp->conn_queue_active.mutex); 976 mutex_exit(&isp->sess_queue_pending.mutex); 977 return (ISCSI_STATUS_PROTOCOL_ERROR); 978 } 979 } 980 981 /* update expcmdsn and maxcmdsn */ 982 iscsi_update_flow_control(isp, ntohl(inihp->maxcmdsn), 983 ntohl(inihp->expcmdsn)); 984 mutex_exit(&isp->sess_cmdsn_mutex); 985 986 if ((inihp->itt != ISCSI_RSVD_TASK_TAG) && 987 (inihp->ttt == ISCSI_RSVD_TASK_TAG)) { 988 /* This is the only type of nop that incs. the expstatsn */ 989 icp->conn_expstatsn++; 990 991 /* 992 * This is a targets response to our nop 993 */ 994 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 995 } else if (inihp->ttt != ISCSI_RSVD_TASK_TAG) { 996 /* 997 * Target requested a nop. Send one. 998 */ 999 iscsi_handle_nop(icp, ISCSI_RSVD_TASK_TAG, inihp->ttt); 1000 } else { 1001 /* 1002 * This is a target-initiated ping that doesn't expect 1003 * a response; nothing to do except update our flow control 1004 * (which we do in all cases above). 1005 */ 1006 /* EMPTY */ 1007 } 1008 mutex_exit(&icp->conn_queue_active.mutex); 1009 mutex_exit(&isp->sess_queue_pending.mutex); 1010 1011 return (rval); 1012 } 1013 1014 1015 /* 1016 * iscsi_rx_process_reject_rsp - The server rejected a PDU 1017 */ 1018 static iscsi_status_t 1019 iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 1020 iscsi_hdr_t *ihp, char *data) 1021 { 1022 iscsi_reject_rsp_hdr_t *irrhp = (iscsi_reject_rsp_hdr_t *)ihp; 1023 iscsi_sess_t *isp = NULL; 1024 uint32_t dlength = 0; 1025 iscsi_hdr_t *old_ihp = NULL; 1026 1027 ASSERT(icp != NULL); 1028 isp = icp->conn_sess; 1029 ASSERT(ihp != NULL); 1030 ASSERT(data != NULL); 1031 1032 /* make sure we only Ack Status numbers that we've actually received. */ 1033 if (icp->conn_expstatsn == ntohl(irrhp->statsn)) { 1034 icp->conn_expstatsn++; 1035 } else { 1036 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1037 "received status out of order itt:0x%x statsn:0x%x " 1038 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1039 ntohl(irrhp->statsn), icp->conn_expstatsn); 1040 return (ISCSI_STATUS_PROTOCOL_ERROR); 1041 } 1042 1043 /* update expcmdsn and maxcmdsn */ 1044 mutex_enter(&isp->sess_cmdsn_mutex); 1045 iscsi_update_flow_control(isp, ntohl(irrhp->maxcmdsn), 1046 ntohl(irrhp->expcmdsn)); 1047 mutex_exit(&isp->sess_cmdsn_mutex); 1048 1049 /* If we don't have the rejected header we can't do anything */ 1050 dlength = n2h24(irrhp->dlength); 1051 if (dlength < sizeof (iscsi_hdr_t)) { 1052 return (ISCSI_STATUS_PROTOCOL_ERROR); 1053 } 1054 1055 /* map old ihp */ 1056 old_ihp = (iscsi_hdr_t *)data; 1057 1058 switch (irrhp->reason) { 1059 /* 1060 * ISCSI_REJECT_IMM_CMD_REJECT - Immediate Command Reject 1061 * too many immediate commands (original cmd can be resent) 1062 */ 1063 case ISCSI_REJECT_IMM_CMD_REJECT: 1064 /* 1065 * We have exceeded the server's capacity for outstanding 1066 * immediate commands. This must be a task management 1067 * command so try to find it in the abortingqueue and 1068 * complete it. 1069 */ 1070 if (!(old_ihp->opcode & ISCSI_OP_IMMEDIATE)) { 1071 /* Rejecting IMM but old old_hdr wasn't IMM */ 1072 return (ISCSI_STATUS_PROTOCOL_ERROR); 1073 } 1074 1075 /* 1076 * We only send NOP and TASK_MGT as IMM. All other 1077 * cases should be considered as a protocol error. 1078 */ 1079 switch (old_ihp->opcode & ISCSI_OPCODE_MASK) { 1080 case ISCSI_OP_NOOP_OUT: 1081 /* 1082 * A ping was rejected - treat this like 1083 * ping response. The down side is we 1084 * didn't get an updated MaxCmdSn. 1085 */ 1086 break; 1087 case ISCSI_OP_SCSI_TASK_MGT_MSG: 1088 (void) iscsi_rx_process_rejected_tsk_mgt(icp, 1089 old_ihp); 1090 break; 1091 default: 1092 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 1093 "- received a reject for a command(0x%02x) not " 1094 "sent as an immediate", icp->conn_oid, 1095 old_ihp->opcode); 1096 return (ISCSI_STATUS_PROTOCOL_ERROR); 1097 } 1098 break; 1099 1100 /* 1101 * For the rest of the reject cases just use the general 1102 * hammer of dis/reconnecting. This will resolve all 1103 * noted issues although could be more graceful. 1104 */ 1105 case ISCSI_REJECT_DATA_DIGEST_ERROR: 1106 case ISCSI_REJECT_CMD_BEFORE_LOGIN: 1107 case ISCSI_REJECT_SNACK_REJECT: 1108 case ISCSI_REJECT_PROTOCOL_ERROR: 1109 case ISCSI_REJECT_CMD_NOT_SUPPORTED: 1110 case ISCSI_REJECT_TASK_IN_PROGRESS: 1111 case ISCSI_REJECT_INVALID_DATA_ACK: 1112 case ISCSI_REJECT_INVALID_PDU_FIELD: 1113 case ISCSI_REJECT_LONG_OPERATION_REJECT: 1114 case ISCSI_REJECT_NEGOTIATION_RESET: 1115 default: 1116 cmn_err(CE_WARN, "iscsi connection(%u) closing connection - " 1117 "target requested itt:0x%x reason:0x%x", 1118 icp->conn_oid, ihp->itt, irrhp->reason); 1119 return (ISCSI_STATUS_PROTOCOL_ERROR); 1120 } 1121 1122 return (ISCSI_STATUS_SUCCESS); 1123 } 1124 1125 1126 /* 1127 * iscsi_rx_process_rejected_tsk_mgt - 1128 */ 1129 static iscsi_status_t 1130 iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 1131 iscsi_hdr_t *old_ihp) 1132 { 1133 iscsi_sess_t *isp = NULL; 1134 iscsi_cmd_t *icmdp = NULL; 1135 1136 ASSERT(icp != NULL); 1137 isp = icp->conn_sess; 1138 ASSERT(old_ihp != NULL); 1139 ASSERT(icp->conn_sess != NULL); 1140 1141 mutex_enter(&icp->conn_queue_active.mutex); 1142 mutex_enter(&isp->sess_cmdsn_mutex); 1143 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1144 isp, old_ihp, &icmdp))) { 1145 mutex_exit(&isp->sess_cmdsn_mutex); 1146 mutex_exit(&icp->conn_queue_active.mutex); 1147 return (ISCSI_STATUS_PROTOCOL_ERROR); 1148 } 1149 mutex_exit(&isp->sess_cmdsn_mutex); 1150 1151 switch (icmdp->cmd_type) { 1152 case ISCSI_CMD_TYPE_ABORT: 1153 case ISCSI_CMD_TYPE_RESET: 1154 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E4, 1155 icp->conn_sess); 1156 break; 1157 /* We don't send any other task mgr types */ 1158 default: 1159 ASSERT(B_FALSE); 1160 break; 1161 } 1162 mutex_exit(&icp->conn_queue_active.mutex); 1163 1164 return (ISCSI_STATUS_SUCCESS); 1165 } 1166 1167 1168 /* 1169 * iscsi_rx_process_task_mgt_rsp - 1170 */ 1171 /* ARGSUSED */ 1172 static iscsi_status_t 1173 iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 1174 iscsi_hdr_t *ihp, void *data) 1175 { 1176 iscsi_sess_t *isp = NULL; 1177 iscsi_scsi_task_mgt_rsp_hdr_t *istmrhp = NULL; 1178 iscsi_cmd_t *icmdp = NULL; 1179 1180 ASSERT(ihp != NULL); 1181 ASSERT(icp != NULL); 1182 isp = icp->conn_sess; 1183 ASSERT(isp != NULL); 1184 istmrhp = (iscsi_scsi_task_mgt_rsp_hdr_t *)ihp; 1185 1186 if (icp->conn_expstatsn == ntohl(istmrhp->statsn)) { 1187 icp->conn_expstatsn++; 1188 } else { 1189 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1190 "received status out of order itt:0x%x statsn:0x%x " 1191 "expstatsn:0x%x", icp->conn_oid, istmrhp->itt, 1192 ntohl(istmrhp->statsn), icp->conn_expstatsn); 1193 return (ISCSI_STATUS_PROTOCOL_ERROR); 1194 } 1195 1196 /* make sure we only Ack Status numbers that we've actually received. */ 1197 mutex_enter(&icp->conn_queue_active.mutex); 1198 mutex_enter(&isp->sess_cmdsn_mutex); 1199 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1200 mutex_exit(&isp->sess_cmdsn_mutex); 1201 mutex_exit(&icp->conn_queue_active.mutex); 1202 return (ISCSI_STATUS_PROTOCOL_ERROR); 1203 } 1204 1205 /* update expcmdsn and maxcmdn */ 1206 iscsi_update_flow_control(isp, ntohl(istmrhp->maxcmdsn), 1207 ntohl(istmrhp->expcmdsn)); 1208 mutex_exit(&isp->sess_cmdsn_mutex); 1209 1210 switch (icmdp->cmd_type) { 1211 case ISCSI_CMD_TYPE_ABORT: 1212 case ISCSI_CMD_TYPE_RESET: 1213 switch (istmrhp->response) { 1214 case SCSI_TCP_TM_RESP_COMPLETE: 1215 /* success */ 1216 iscsi_cmd_state_machine(icmdp, 1217 ISCSI_CMD_EVENT_E3, isp); 1218 break; 1219 case SCSI_TCP_TM_RESP_NO_TASK: 1220 /* 1221 * If the array no longer knows about 1222 * an ABORT RTT and we no longer have 1223 * a parent SCSI command it was just 1224 * completed, free this ABORT resource. 1225 * Otherwise FALLTHRU this will flag a 1226 * protocol problem. 1227 */ 1228 if ((icmdp->cmd_type == ISCSI_CMD_TYPE_ABORT) && 1229 (icmdp->cmd_un.abort.icmdp == NULL)) { 1230 iscsi_cmd_state_machine(icmdp, 1231 ISCSI_CMD_EVENT_E4, isp); 1232 break; 1233 } 1234 /* FALLTHRU */ 1235 case SCSI_TCP_TM_RESP_NO_LUN: 1236 case SCSI_TCP_TM_RESP_TASK_ALLEGIANT: 1237 case SCSI_TCP_TM_RESP_NO_FAILOVER: 1238 case SCSI_TCP_TM_RESP_IN_PRGRESS: 1239 case SCSI_TCP_TM_RESP_REJECTED: 1240 default: 1241 /* 1242 * Something is out of sync. Flush 1243 * active queues and resync the 1244 * the connection to try and recover 1245 * to a known state. 1246 */ 1247 mutex_exit(&icp->conn_queue_active.mutex); 1248 return (ISCSI_STATUS_PROTOCOL_ERROR); 1249 } 1250 break; 1251 1252 default: 1253 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1254 "received a task mgt response for a non-task mgt " 1255 "cmd itt:0x%x type:%d", icp->conn_oid, istmrhp->itt, 1256 icmdp->cmd_type); 1257 mutex_exit(&icp->conn_queue_active.mutex); 1258 return (ISCSI_STATUS_PROTOCOL_ERROR); 1259 } 1260 1261 mutex_exit(&icp->conn_queue_active.mutex); 1262 return (ISCSI_STATUS_SUCCESS); 1263 } 1264 1265 1266 /* 1267 * iscsi_rx_process_logout - 1268 * 1269 */ 1270 /* ARGSUSED */ 1271 static iscsi_status_t 1272 iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1273 { 1274 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1275 iscsi_sess_t *isp = icp->conn_sess; 1276 iscsi_logout_rsp_hdr_t *ilrhp = (iscsi_logout_rsp_hdr_t *)ihp; 1277 iscsi_cmd_t *icmdp = NULL; 1278 1279 ASSERT(icp != NULL); 1280 ASSERT(ihp != NULL); 1281 isp = icp->conn_sess; 1282 ASSERT(isp != NULL); 1283 1284 if (icp->conn_expstatsn != ntohl(ilrhp->statsn)) { 1285 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1286 "received status out of order itt:0x%x statsn:0x%x " 1287 "expstatsn:0x%x", icp->conn_oid, ilrhp->itt, 1288 ntohl(ilrhp->statsn), icp->conn_expstatsn); 1289 return (ISCSI_STATUS_PROTOCOL_ERROR); 1290 } 1291 1292 mutex_enter(&icp->conn_queue_active.mutex); 1293 mutex_enter(&isp->sess_cmdsn_mutex); 1294 if (ilrhp->itt != ISCSI_RSVD_TASK_TAG) { 1295 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1296 isp, ihp, &icmdp))) { 1297 mutex_exit(&isp->sess_cmdsn_mutex); 1298 mutex_exit(&icp->conn_queue_active.mutex); 1299 return (ISCSI_STATUS_PROTOCOL_ERROR); 1300 } 1301 } 1302 1303 /* update expcmdsn and maxcmdsn */ 1304 iscsi_update_flow_control(isp, ntohl(ilrhp->maxcmdsn), 1305 ntohl(ilrhp->expcmdsn)); 1306 mutex_exit(&isp->sess_cmdsn_mutex); 1307 1308 switch (ilrhp->response) { 1309 case ISCSI_LOGOUT_CID_NOT_FOUND: 1310 /* 1311 * If the target doesn't know about our connection 1312 * then we can consider our self disconnected. 1313 */ 1314 /* FALLTHRU */ 1315 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 1316 /* 1317 * We don't support ErrorRecovery levels above 0 1318 * currently so consider this success. 1319 */ 1320 /* FALLTHRU */ 1321 case ISCSI_LOGOUT_CLEANUP_FAILED: 1322 /* 1323 * per spec. "cleanup failed for various reasons." 1324 * Although those various reasons are undefined. 1325 * Not sure what to do here. So fake success, 1326 * which will disconnect the connection. 1327 */ 1328 /* FALLTHRU */ 1329 case ISCSI_LOGOUT_SUCCESS: 1330 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1331 mutex_exit(&icp->conn_queue_active.mutex); 1332 /* logout completed successfully notify the conn */ 1333 mutex_enter(&icp->conn_state_mutex); 1334 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 1335 mutex_exit(&icp->conn_state_mutex); 1336 break; 1337 default: 1338 mutex_exit(&icp->conn_queue_active.mutex); 1339 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1340 } 1341 1342 return (rval); 1343 } 1344 1345 1346 /* 1347 * iscsi_rx_process_logout - 1348 * 1349 */ 1350 /* ARGSUSED */ 1351 static iscsi_status_t 1352 iscsi_rx_process_async_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1353 { 1354 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1355 iscsi_async_evt_hdr_t *iaehp = (iscsi_async_evt_hdr_t *)ihp; 1356 1357 ASSERT(icp != NULL); 1358 ASSERT(ihp != NULL); 1359 ASSERT(icp->conn_sess != NULL); 1360 1361 if (icp->conn_expstatsn != ntohl(iaehp->statsn)) { 1362 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1363 "received status out of order itt:0x%x statsn:0x%x " 1364 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1365 ntohl(iaehp->statsn), icp->conn_expstatsn); 1366 return (ISCSI_STATUS_PROTOCOL_ERROR); 1367 } 1368 1369 switch (iaehp->async_event) { 1370 case ISCSI_ASYNC_EVENT_SCSI_EVENT: 1371 /* 1372 * SCSI asynchronous event is reported in 1373 * the sense data. Sense data that accompanies 1374 * the report in the data segment identifies the 1375 * condition. If the target supports SCSI 1376 * asynchronous events reporting (see [SAM2]) 1377 * as indicated in the stardard INQUIRY data 1378 * (see [SPC3]), its use may be enabled by 1379 * parameters in the SCSI control mode page 1380 * (see [SPC3]). 1381 * 1382 * T-10 has removed SCSI asunchronous events 1383 * from the standard. Although we have seen 1384 * a couple targets still spending these requests. 1385 * Those targets were specifically sending them 1386 * for notification of a LUN/Volume change 1387 * (ex. LUN addition/removal). Take a general 1388 * action to these events of dis/reconnecting. 1389 * Once reconnected we perform a reenumeration. 1390 */ 1391 mutex_enter(&icp->conn_state_mutex); 1392 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1393 mutex_exit(&icp->conn_state_mutex); 1394 break; 1395 1396 case ISCSI_ASYNC_EVENT_REQUEST_LOGOUT: 1397 /* Target has requested this connection to logout. */ 1398 mutex_enter(&icp->conn_state_mutex); 1399 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1400 mutex_exit(&icp->conn_state_mutex); 1401 break; 1402 1403 case ISCSI_ASYNC_EVENT_DROPPING_CONNECTION: 1404 /* 1405 * Target is going to drop our connection. 1406 * param1 - CID which will be dropped. 1407 * param2 - Min time to reconnect. 1408 * param3 - Max time to reconnect. 1409 * 1410 * For now just let fail as another disconnect. 1411 * 1412 * MC/S Once we support > 1 connections then 1413 * we need to check the CID and drop that 1414 * specific connection. 1415 */ 1416 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1417 mutex_enter(&icp->conn_state_mutex); 1418 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1419 mutex_exit(&icp->conn_state_mutex); 1420 break; 1421 1422 case ISCSI_ASYNC_EVENT_DROPPING_ALL_CONNECTIONS: 1423 /* 1424 * Target is going to drop ALL connections. 1425 * param2 - Min time to reconnect. 1426 * param3 - Max time to reconnect. 1427 * 1428 * For now just let fail as anyother disconnect. 1429 * 1430 * MC/S Once we support more than > 1 connections 1431 * then we need to drop all connections on the 1432 * session. 1433 */ 1434 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1435 mutex_enter(&icp->conn_state_mutex); 1436 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1437 mutex_exit(&icp->conn_state_mutex); 1438 break; 1439 1440 case ISCSI_ASYNC_EVENT_PARAM_NEGOTIATION: 1441 /* 1442 * Target requests parameter negotiation 1443 * on this connection. 1444 * 1445 * The initiator must honor this request. For 1446 * now we will request a logout. We can't 1447 * just ignore this or it might force corruption? 1448 */ 1449 mutex_enter(&icp->conn_state_mutex); 1450 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1451 mutex_exit(&icp->conn_state_mutex); 1452 break; 1453 1454 case ISCSI_ASYNC_EVENT_VENDOR_SPECIFIC: 1455 /* 1456 * We currently don't handle any vendor 1457 * specific async events. So just ignore 1458 * the request. 1459 */ 1460 mutex_enter(&icp->conn_state_mutex); 1461 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1462 mutex_exit(&icp->conn_state_mutex); 1463 break; 1464 default: 1465 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1466 } 1467 1468 return (rval); 1469 } 1470 1471 /* 1472 * iscsi_rx_process_text_rsp - processes iSCSI text response. It sets 1473 * the cmd_result field of the command data structure with the actual 1474 * status value instead of returning the status value. The return value 1475 * is SUCCESS in order to let iscsi_handle_text control the operation of 1476 * a text request. 1477 * Test requests are a handled a little different than other types of 1478 * iSCSI commands because the initiator sends additional empty text requests 1479 * in order to obtain the remaining responses required to complete the 1480 * request. iscsi_handle_text controls the operation of text request, while 1481 * iscsi_rx_process_text_rsp just process the current response. 1482 */ 1483 static iscsi_status_t 1484 iscsi_rx_process_text_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1485 { 1486 iscsi_sess_t *isp = NULL; 1487 iscsi_text_rsp_hdr_t *ithp = (iscsi_text_rsp_hdr_t *)ihp; 1488 iscsi_cmd_t *icmdp = NULL; 1489 boolean_t final = B_FALSE; 1490 uint32_t data_len; 1491 1492 ASSERT(icp != NULL); 1493 ASSERT(ihp != NULL); 1494 ASSERT(data != NULL); 1495 1496 isp = icp->conn_sess; 1497 ASSERT(isp != NULL); 1498 1499 if (icp->conn_expstatsn == ntohl(ithp->statsn)) { 1500 icp->conn_expstatsn++; 1501 } else { 1502 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1503 "received status out of order itt:0x%x statsn:0x%x " 1504 "expstatsn:0x%x", icp->conn_oid, ithp->itt, 1505 ntohl(ithp->statsn), icp->conn_expstatsn); 1506 return (ISCSI_STATUS_PROTOCOL_ERROR); 1507 } 1508 1509 mutex_enter(&icp->conn_queue_active.mutex); 1510 mutex_enter(&isp->sess_cmdsn_mutex); 1511 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1512 mutex_exit(&isp->sess_cmdsn_mutex); 1513 mutex_exit(&icp->conn_queue_active.mutex); 1514 return (ISCSI_STATUS_PROTOCOL_ERROR); 1515 } 1516 1517 /* update expcmdsn and maxcmdsn */ 1518 iscsi_update_flow_control(isp, ntohl(ithp->maxcmdsn), 1519 ntohl(ithp->expcmdsn)); 1520 mutex_exit(&isp->sess_cmdsn_mutex); 1521 1522 /* update local final response flag */ 1523 if (ithp->flags & ISCSI_FLAG_FINAL) { 1524 final = B_TRUE; 1525 } 1526 1527 /* 1528 * validate received TTT value. RFC3720 specifies the following: 1529 * - F bit set to 1 MUST have a reserved TTT value 0xffffffff 1530 * - F bit set to 0 MUST have a non-reserved TTT value !0xffffffff 1531 * In addition, the received TTT value must not change between 1532 * responses of a long text response 1533 */ 1534 if (((final == B_TRUE) && (ithp->ttt != ISCSI_RSVD_TASK_TAG)) || 1535 ((final == B_FALSE) && (ithp->ttt == ISCSI_RSVD_TASK_TAG))) { 1536 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1537 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1538 mutex_exit(&icp->conn_queue_active.mutex); 1539 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1540 "received text response with invalid flags:0x%x or " 1541 "ttt:0x%x", icp->conn_oid, ithp->flags, ithp->itt); 1542 return (ISCSI_STATUS_PROTOCOL_ERROR); 1543 } 1544 1545 if ((icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) && 1546 (ithp->ttt == ISCSI_RSVD_TASK_TAG) && 1547 (final == B_FALSE)) { 1548 /* TTT should have matched reserved value */ 1549 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1550 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1551 mutex_exit(&icp->conn_queue_active.mutex); 1552 cmn_err(CE_WARN, "iscsi connection(%u) protocol " 1553 "error - received text response with invalid " 1554 "ttt:0x%x", icp->conn_oid, ithp->ttt); 1555 return (ISCSI_STATUS_PROTOCOL_ERROR); 1556 } 1557 1558 /* 1559 * If this is first response, save away TTT value for later use 1560 * in a long text request/response sequence 1561 */ 1562 if (icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) { 1563 icmdp->cmd_un.text.ttt = ithp->ttt; 1564 } 1565 1566 data_len = ntoh24(ithp->dlength); 1567 1568 /* check whether enough buffer available to copy data */ 1569 if ((icmdp->cmd_un.text.total_rx_len + data_len) > 1570 icmdp->cmd_un.text.buf_len) { 1571 icmdp->cmd_un.text.total_rx_len += data_len; 1572 icmdp->cmd_result = ISCSI_STATUS_DATA_OVERFLOW; 1573 /* 1574 * DATA_OVERFLOW will result in a SUCCESS return so that 1575 * iscsi_handle_text can continue to obtain the remaining 1576 * text response if needed. 1577 */ 1578 } else { 1579 char *buf_data = (icmdp->cmd_un.text.buf + 1580 icmdp->cmd_un.text.offset); 1581 1582 bcopy(data, buf_data, data_len); 1583 icmdp->cmd_un.text.offset += data_len; 1584 icmdp->cmd_un.text.total_rx_len += data_len; 1585 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 1586 bcopy(ithp->rsvd4, icmdp->cmd_un.text.lun, 1587 sizeof (icmdp->cmd_un.text.lun)); 1588 } 1589 1590 /* update stage */ 1591 if (final == B_TRUE) { 1592 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1593 } else { 1594 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 1595 } 1596 1597 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1598 mutex_exit(&icp->conn_queue_active.mutex); 1599 return (ISCSI_STATUS_SUCCESS); 1600 } 1601 1602 /* 1603 * iscsi_rx_process_itt_to_icmdp - Lookup itt in the session's 1604 * cmd table to find matching icmdp. Verify itt in hdr and 1605 * icmdp are the same. 1606 */ 1607 static iscsi_status_t 1608 iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, iscsi_hdr_t *ihp, 1609 iscsi_cmd_t **icmdp) 1610 { 1611 int cmd_table_idx = 0; 1612 1613 ASSERT(isp != NULL); 1614 ASSERT(ihp != NULL); 1615 ASSERT(icmdp != NULL); 1616 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 1617 1618 /* try to find an associated iscsi_pkt */ 1619 cmd_table_idx = ihp->itt % ISCSI_CMD_TABLE_SIZE; 1620 if (isp->sess_cmd_table[cmd_table_idx] == NULL) { 1621 cmn_err(CE_WARN, "iscsi session(%u) protocol error - " 1622 "received unknown itt:0x%x - protocol error", 1623 isp->sess_oid, ihp->itt); 1624 return (ISCSI_STATUS_INTERNAL_ERROR); 1625 } 1626 1627 /* verify itt */ 1628 if (isp->sess_cmd_table[cmd_table_idx]->cmd_itt != ihp->itt) { 1629 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1630 " which is out of sync with itt:0x%x", isp->sess_oid, 1631 ihp->itt, isp->sess_cmd_table[cmd_table_idx]->cmd_itt); 1632 return (ISCSI_STATUS_INTERNAL_ERROR); 1633 } 1634 1635 /* ensure that icmdp is still in Active state */ 1636 if (isp->sess_cmd_table[cmd_table_idx]->cmd_state != 1637 ISCSI_CMD_STATE_ACTIVE) { 1638 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1639 "but icmdp (%p) is not in active state", 1640 isp->sess_oid, ihp->itt, 1641 (void *)isp->sess_cmd_table[cmd_table_idx]); 1642 return (ISCSI_STATUS_INTERNAL_ERROR); 1643 } 1644 1645 /* make sure this is a SCSI cmd */ 1646 *icmdp = isp->sess_cmd_table[cmd_table_idx]; 1647 1648 return (ISCSI_STATUS_SUCCESS); 1649 } 1650 1651 1652 /* 1653 * +--------------------------------------------------------------------+ 1654 * | End of protocol receive routines | 1655 * +--------------------------------------------------------------------+ 1656 */ 1657 1658 /* 1659 * +--------------------------------------------------------------------+ 1660 * | Beginning of protocol send routines | 1661 * +--------------------------------------------------------------------+ 1662 */ 1663 1664 1665 /* 1666 * iscsi_tx_thread - This thread is the driving point for all 1667 * iSCSI PDUs after login. No PDUs should call sendpdu() 1668 * directly they should be funneled through iscsi_tx_thread. 1669 */ 1670 void 1671 iscsi_tx_thread(iscsi_thread_t *thread, void *arg) 1672 { 1673 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 1674 iscsi_sess_t *isp = NULL; 1675 iscsi_cmd_t *icmdp = NULL; 1676 clock_t tout; 1677 int ret = 1; 1678 1679 ASSERT(icp != NULL); 1680 isp = icp->conn_sess; 1681 ASSERT(isp != NULL); 1682 ASSERT(thread != NULL); 1683 ASSERT(thread->signature == SIG_ISCSI_THREAD); 1684 1685 tout = SEC_TO_TICK(1); 1686 /* 1687 * Transfer icmdps until shutdown by owning session. 1688 */ 1689 while (ret != 0) { 1690 1691 isp->sess_window_open = B_TRUE; 1692 1693 /* 1694 * While the window is open, there are commands available 1695 * to send and the session state allows those commands to 1696 * be sent try to transfer them. 1697 */ 1698 mutex_enter(&isp->sess_queue_pending.mutex); 1699 while ((isp->sess_window_open == B_TRUE) && 1700 ((icmdp = isp->sess_queue_pending.head) != NULL) && 1701 (((icmdp->cmd_type != ISCSI_CMD_TYPE_SCSI) && 1702 (ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state))) || 1703 (icp->conn_state == ISCSI_CONN_STATE_LOGGED_IN))) { 1704 1705 /* update command with this connection info */ 1706 icmdp->cmd_conn = icp; 1707 /* attempt to send this command */ 1708 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E2, isp); 1709 1710 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1711 mutex_enter(&isp->sess_queue_pending.mutex); 1712 } 1713 mutex_exit(&isp->sess_queue_pending.mutex); 1714 1715 /* 1716 * Go to sleep until there is something new 1717 * to process (awoken via cv_boardcast). 1718 * Or the timer goes off. 1719 */ 1720 ret = iscsi_thread_wait(thread, tout); 1721 } 1722 1723 } 1724 1725 1726 /* 1727 * iscsi_tx_cmd - transfers icmdp across wire as iscsi pdu 1728 * 1729 * Just prior to sending the command to the networking layer the 1730 * pending queue lock will be dropped. At this point only local 1731 * resources will be used, not the icmdp. Holding the queue lock 1732 * across the networking call can lead to a hang. (This is due 1733 * to the the target driver and networking layers competing use 1734 * of the timeout() resources and the queue lock being held for 1735 * both sides.) Upon the completion of this command the lock 1736 * will have been re-acquired. 1737 */ 1738 iscsi_status_t 1739 iscsi_tx_cmd(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1740 { 1741 iscsi_status_t rval = ISCSI_STATUS_INTERNAL_ERROR; 1742 1743 ASSERT(isp != NULL); 1744 ASSERT(icmdp != NULL); 1745 1746 /* transfer specific command type */ 1747 switch (icmdp->cmd_type) { 1748 case ISCSI_CMD_TYPE_SCSI: 1749 rval = iscsi_tx_scsi(isp, icmdp); 1750 break; 1751 case ISCSI_CMD_TYPE_R2T: 1752 rval = iscsi_tx_r2t(isp, icmdp); 1753 break; 1754 case ISCSI_CMD_TYPE_NOP: 1755 rval = iscsi_tx_nop(isp, icmdp); 1756 break; 1757 case ISCSI_CMD_TYPE_ABORT: 1758 rval = iscsi_tx_abort(isp, icmdp); 1759 break; 1760 case ISCSI_CMD_TYPE_RESET: 1761 rval = iscsi_tx_reset(isp, icmdp); 1762 break; 1763 case ISCSI_CMD_TYPE_LOGOUT: 1764 rval = iscsi_tx_logout(isp, icmdp); 1765 break; 1766 case ISCSI_CMD_TYPE_TEXT: 1767 rval = iscsi_tx_text(isp, icmdp); 1768 break; 1769 default: 1770 ASSERT(FALSE); 1771 } 1772 1773 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1774 return (rval); 1775 } 1776 1777 /* 1778 * a variable length cdb can be up to 16K, but we obviously don't want 1779 * to put that on the stack; go with 200 bytes; if we get something 1780 * bigger than that we will kmem_alloc a buffer 1781 */ 1782 #define DEF_CDB_LEN 200 1783 1784 /* 1785 * given the size of the cdb, return how many bytes the header takes, 1786 * which is the sizeof addl_hdr_t + the CDB size, minus the 16 bytes 1787 * stored in the basic header, minus sizeof (ahs_extscb) 1788 */ 1789 #define ADDLHDRSZ(x) (sizeof (iscsi_addl_hdr_t) + (x) - \ 1790 16 - 4) 1791 1792 /* 1793 * iscsi_tx_scsi - 1794 * 1795 */ 1796 static iscsi_status_t 1797 iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1798 { 1799 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1800 iscsi_conn_t *icp = NULL; 1801 struct scsi_pkt *pkt = NULL; 1802 struct buf *bp = NULL; 1803 union { 1804 iscsi_scsi_cmd_hdr_t isch; 1805 iscsi_addl_hdr_t iah; 1806 uchar_t arr[ADDLHDRSZ(DEF_CDB_LEN)]; 1807 } hdr_un; 1808 iscsi_scsi_cmd_hdr_t *ihp = 1809 (iscsi_scsi_cmd_hdr_t *)&hdr_un.isch; 1810 int cdblen = 0; 1811 size_t buflen = 0; 1812 uint32_t imdata = 0; 1813 uint32_t first_burst_length = 0; 1814 1815 ASSERT(isp != NULL); 1816 ASSERT(icmdp != NULL); 1817 pkt = icmdp->cmd_un.scsi.pkt; 1818 ASSERT(pkt != NULL); 1819 bp = icmdp->cmd_un.scsi.bp; 1820 icp = icmdp->cmd_conn; 1821 ASSERT(icp != NULL); 1822 1823 /* Reset counts in case we are on a retry */ 1824 icmdp->cmd_un.scsi.data_transferred = 0; 1825 1826 if (icmdp->cmd_un.scsi.cmdlen > DEF_CDB_LEN) { 1827 cdblen = icmdp->cmd_un.scsi.cmdlen; 1828 ihp = kmem_zalloc(ADDLHDRSZ(cdblen), KM_SLEEP); 1829 } else { 1830 /* 1831 * only bzero the basic header; the additional header 1832 * will be set up correctly later, if needed 1833 */ 1834 bzero(ihp, sizeof (iscsi_scsi_cmd_hdr_t)); 1835 } 1836 ihp->opcode = ISCSI_OP_SCSI_CMD; 1837 ihp->itt = icmdp->cmd_itt; 1838 mutex_enter(&isp->sess_cmdsn_mutex); 1839 ihp->cmdsn = htonl(isp->sess_cmdsn); 1840 isp->sess_cmdsn++; 1841 mutex_exit(&isp->sess_cmdsn_mutex); 1842 ihp->expstatsn = htonl(icp->conn_expstatsn); 1843 icp->conn_laststatsn = icp->conn_expstatsn; 1844 1845 pkt->pkt_state = (STATE_GOT_BUS | STATE_GOT_TARGET); 1846 pkt->pkt_reason = CMD_INCOMPLETE; 1847 1848 /* 1849 * Sestion 12.11 of the iSCSI specification has a good table 1850 * describing when uncolicited data and/or immediate data 1851 * should be sent. 1852 */ 1853 bp = icmdp->cmd_un.scsi.bp; 1854 if ((bp != NULL) && bp->b_bcount) { 1855 buflen = bp->b_bcount; 1856 first_burst_length = icp->conn_params.first_burst_length; 1857 1858 if (bp->b_flags & B_READ) { 1859 ihp->flags = ISCSI_FLAG_FINAL; 1860 /* 1861 * fix problem where OS sends bp (B_READ & 1862 * b_bcount!=0) for a TUR or START_STOP. 1863 * (comment came from cisco code.) 1864 */ 1865 if ((pkt->pkt_cdbp[0] != SCMD_TEST_UNIT_READY) && 1866 (pkt->pkt_cdbp[0] != SCMD_START_STOP)) { 1867 ihp->flags |= ISCSI_FLAG_CMD_READ; 1868 ihp->data_length = htonl(buflen); 1869 } 1870 } else { 1871 ihp->flags = ISCSI_FLAG_CMD_WRITE; 1872 /* 1873 * FinalBit on the the iSCSI PDU denotes this 1874 * is the last PDU in the sequence. 1875 * 1876 * initial_r2t = true means R2T is required 1877 * for additional PDU, so there will be no more 1878 * unsolicited PDUs following 1879 */ 1880 if (icp->conn_params.initial_r2t) { 1881 ihp->flags |= ISCSI_FLAG_FINAL; 1882 } 1883 1884 /* Check if we should send ImmediateData */ 1885 if (icp->conn_params.immediate_data) { 1886 imdata = MIN(MIN(buflen, 1887 first_burst_length), 1888 icmdp->cmd_conn->conn_params. 1889 max_xmit_data_seg_len); 1890 1891 /* 1892 * if everything fits immediate, or 1893 * we can send all burst data immediate 1894 * (not unsol), set F 1895 */ 1896 if ((imdata == buflen) || 1897 (imdata == first_burst_length)) { 1898 ihp->flags |= ISCSI_FLAG_FINAL; 1899 } 1900 1901 hton24(ihp->dlength, imdata); 1902 } 1903 1904 /* total data transfer length */ 1905 ihp->data_length = htonl(buflen); 1906 } 1907 } else { 1908 ihp->flags = ISCSI_FLAG_FINAL; 1909 buflen = 0; 1910 } 1911 1912 /* tagged queuing */ 1913 if (pkt->pkt_flags & FLAG_HTAG) { 1914 ihp->flags |= ISCSI_ATTR_HEAD_OF_QUEUE; 1915 } else if (pkt->pkt_flags & FLAG_OTAG) { 1916 ihp->flags |= ISCSI_ATTR_ORDERED; 1917 } else if (pkt->pkt_flags & FLAG_STAG) { 1918 ihp->flags |= ISCSI_ATTR_SIMPLE; 1919 } else { 1920 /* ihp->flags |= ISCSI_ATTR_UNTAGGED; */ 1921 /* EMPTY */ 1922 } 1923 1924 /* iscsi states lun is based on spc.2 */ 1925 ISCSI_LUN_BYTE_COPY(ihp->lun, icmdp->cmd_un.scsi.lun); 1926 1927 if (icmdp->cmd_un.scsi.cmdlen <= 16) { 1928 /* copy the SCSI Command Block into the PDU */ 1929 bcopy(pkt->pkt_cdbp, ihp->scb, 1930 icmdp->cmd_un.scsi.cmdlen); 1931 } else { 1932 iscsi_addl_hdr_t *iahp; 1933 1934 iahp = (iscsi_addl_hdr_t *)ihp; 1935 1936 ihp->hlength = (ADDLHDRSZ(icmdp->cmd_un.scsi.cmdlen) - 1937 sizeof (iscsi_scsi_cmd_hdr_t) + 3) / 4; 1938 iahp->ahs_hlen_hi = 0; 1939 iahp->ahs_hlen_lo = (icmdp->cmd_un.scsi.cmdlen - 15); 1940 iahp->ahs_key = 0x01; 1941 iahp->ahs_resv = 0; 1942 bcopy(pkt->pkt_cdbp, ihp->scb, 16); 1943 bcopy(((char *)pkt->pkt_cdbp) + 16, &iahp->ahs_extscb[0], 1944 icmdp->cmd_un.scsi.cmdlen); 1945 } 1946 1947 /* 1948 * Update all values before transfering. 1949 * We should never touch the icmdp after 1950 * transfering if there is no more data 1951 * to send. The only case the sendpdu() 1952 * will fail is a on a connection disconnect 1953 * in that case the command will be flushed. 1954 */ 1955 pkt->pkt_state |= STATE_SENT_CMD; 1956 1957 icmdp->cmd_un.scsi.data_transferred += imdata; 1958 1959 /* 1960 * Check if there is additional data to transfer beyond what 1961 * will be sent as part of the initial command. If InitialR2T 1962 * is disabled then we should fake up a R2T so all the data, 1963 * up to first burst length, is sent in an unsolicited 1964 * fashion. We have already sent as much immediate data 1965 * as possible. 1966 */ 1967 if ((buflen > 0) && 1968 ((bp->b_flags & B_READ) == 0) && 1969 (icp->conn_params.initial_r2t == 0) && 1970 (MIN(first_burst_length, buflen) - imdata > 0)) { 1971 1972 uint32_t xfer_len = MIN(first_burst_length, buflen) - imdata; 1973 /* data will be chunked at tx */ 1974 iscsi_handle_r2t(icp, icmdp, imdata, 1975 xfer_len, ISCSI_RSVD_TASK_TAG); 1976 } 1977 1978 /* release pending queue mutex across the network call */ 1979 mutex_exit(&isp->sess_queue_pending.mutex); 1980 1981 /* Transfer Cmd PDU */ 1982 if (imdata) { 1983 rval = iscsi_net->sendpdu(icp->conn_socket, 1984 (iscsi_hdr_t *)ihp, icmdp->cmd_un.scsi.bp->b_un.b_addr, 1985 ISCSI_CONN_TO_NET_DIGEST(icp)); 1986 if (ISCSI_SUCCESS(rval)) { 1987 KSTAT_ADD_CONN_TX_BYTES(icp, imdata); 1988 } 1989 } else { 1990 rval = iscsi_net->sendpdu(icp->conn_socket, 1991 (iscsi_hdr_t *)ihp, NULL, 1992 ISCSI_CONN_TO_NET_DIGEST(icp)); 1993 } 1994 if (cdblen) { 1995 kmem_free(ihp, ADDLHDRSZ(cdblen)); 1996 } 1997 1998 return (rval); 1999 } 2000 2001 2002 /* 2003 * iscsi_tx_r2t - 2004 * 2005 */ 2006 static iscsi_status_t 2007 iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2008 { 2009 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2010 iscsi_conn_t *icp = NULL; 2011 iscsi_cmd_t *orig_icmdp = NULL; 2012 2013 ASSERT(isp != NULL); 2014 ASSERT(icmdp != NULL); 2015 icp = icmdp->cmd_conn; 2016 ASSERT(icp); 2017 orig_icmdp = icmdp->cmd_un.r2t.icmdp; 2018 ASSERT(orig_icmdp); 2019 2020 /* validate the offset and length against the buffer size */ 2021 if ((icmdp->cmd_un.r2t.offset + icmdp->cmd_un.r2t.length) > 2022 orig_icmdp->cmd_un.scsi.bp->b_bcount) { 2023 cmn_err(CE_WARN, "iscsi session(%u) ignoring invalid r2t " 2024 "for icmd itt:0x%x offset:0x%x length:0x%x bufsize:0x%lx", 2025 isp->sess_oid, icmdp->cmd_itt, icmdp->cmd_un.r2t.offset, 2026 icmdp->cmd_un.r2t.length, orig_icmdp->cmd_un.scsi.bp-> 2027 b_bcount); 2028 mutex_exit(&isp->sess_queue_pending.mutex); 2029 return (ISCSI_STATUS_INTERNAL_ERROR); 2030 } 2031 ASSERT(orig_icmdp->cmd_un.scsi.r2t_icmdp); 2032 2033 rval = iscsi_tx_data(isp, icp, orig_icmdp, icmdp->cmd_ttt, 2034 icmdp->cmd_un.r2t.length, icmdp->cmd_un.r2t.offset); 2035 2036 mutex_enter(&orig_icmdp->cmd_mutex); 2037 orig_icmdp->cmd_un.scsi.r2t_icmdp = NULL; 2038 icmdp->cmd_un.r2t.icmdp = NULL; 2039 /* 2040 * we're finished with this r2t; there could be another r2t 2041 * waiting on us to finish, so signal it. 2042 */ 2043 cv_broadcast(&orig_icmdp->cmd_completion); 2044 mutex_exit(&orig_icmdp->cmd_mutex); 2045 /* 2046 * the parent command may be waiting for us to finish; if so, 2047 * wake the _ic_ thread 2048 */ 2049 if ((orig_icmdp->cmd_state == ISCSI_CMD_STATE_COMPLETED) && 2050 (ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state))) 2051 iscsi_thread_send_wakeup(isp->sess_ic_thread); 2052 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 2053 return (rval); 2054 } 2055 2056 2057 /* 2058 * iscsi_tx_data - 2059 */ 2060 static iscsi_status_t 2061 iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2062 uint32_t ttt, size_t datalen, size_t offset) 2063 { 2064 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2065 struct buf *bp = NULL; 2066 size_t remainder = 0; 2067 size_t chunk = 0; 2068 char *data = NULL; 2069 uint32_t data_sn = 0; 2070 iscsi_data_hdr_t idhp; 2071 uint32_t itt; 2072 uint32_t lun; 2073 2074 ASSERT(isp != NULL); 2075 ASSERT(icp != NULL); 2076 ASSERT(icmdp != NULL); 2077 bp = icmdp->cmd_un.scsi.bp; 2078 2079 /* verify there is data to send */ 2080 if (bp == NULL) { 2081 mutex_exit(&isp->sess_queue_pending.mutex); 2082 return (ISCSI_STATUS_INTERNAL_ERROR); 2083 } 2084 2085 itt = icmdp->cmd_itt; 2086 lun = icmdp->cmd_un.scsi.lun; 2087 2088 /* 2089 * update the LUN with the amount of data we will 2090 * transfer. If there is a failure it's because of 2091 * a network fault and the command will get flushed. 2092 */ 2093 icmdp->cmd_un.scsi.data_transferred += datalen; 2094 2095 /* release pending queue mutex across the network call */ 2096 mutex_exit(&isp->sess_queue_pending.mutex); 2097 2098 remainder = datalen; 2099 while (remainder) { 2100 2101 /* Check so see if we need to chunk the data */ 2102 if ((icp->conn_params.max_xmit_data_seg_len > 0) && 2103 (remainder > icp->conn_params.max_xmit_data_seg_len)) { 2104 chunk = icp->conn_params.max_xmit_data_seg_len; 2105 } else { 2106 chunk = remainder; 2107 } 2108 2109 /* setup iscsi data hdr */ 2110 bzero(&idhp, sizeof (iscsi_data_hdr_t)); 2111 idhp.opcode = ISCSI_OP_SCSI_DATA; 2112 idhp.itt = itt; 2113 idhp.ttt = ttt; 2114 ISCSI_LUN_BYTE_COPY(idhp.lun, lun); 2115 idhp.expstatsn = htonl(icp->conn_expstatsn); 2116 icp->conn_laststatsn = icp->conn_expstatsn; 2117 idhp.datasn = htonl(data_sn); 2118 data_sn++; 2119 idhp.offset = htonl(offset); 2120 hton24(idhp.dlength, chunk); 2121 2122 if (chunk == remainder) { 2123 idhp.flags = ISCSI_FLAG_FINAL; /* final chunk */ 2124 } 2125 2126 /* setup data */ 2127 data = bp->b_un.b_addr + offset; 2128 2129 /* 2130 * Keep track of how much data we have 2131 * transfer so far and how much is remaining. 2132 */ 2133 remainder -= chunk; 2134 offset += chunk; 2135 2136 rval = iscsi_net->sendpdu(icp->conn_socket, 2137 (iscsi_hdr_t *)&idhp, data, 2138 ISCSI_CONN_TO_NET_DIGEST(icp)); 2139 2140 if (ISCSI_SUCCESS(rval)) { 2141 KSTAT_ADD_CONN_TX_BYTES(icp, chunk); 2142 } else { 2143 break; 2144 } 2145 } 2146 2147 return (rval); 2148 } 2149 2150 2151 /* 2152 * iscsi_tx_nop - 2153 * 2154 */ 2155 static iscsi_status_t 2156 iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2157 { 2158 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2159 iscsi_conn_t *icp = NULL; 2160 iscsi_nop_out_hdr_t inohp; 2161 2162 ASSERT(isp != NULL); 2163 ASSERT(icmdp != NULL); 2164 icp = icmdp->cmd_conn; 2165 ASSERT(icp != NULL); 2166 2167 bzero(&inohp, sizeof (iscsi_nop_out_hdr_t)); 2168 inohp.opcode = ISCSI_OP_NOOP_OUT | ISCSI_OP_IMMEDIATE; 2169 inohp.flags = ISCSI_FLAG_FINAL; 2170 inohp.itt = icmdp->cmd_itt; 2171 inohp.ttt = icmdp->cmd_ttt; 2172 mutex_enter(&isp->sess_cmdsn_mutex); 2173 inohp.cmdsn = htonl(isp->sess_cmdsn); 2174 mutex_exit(&isp->sess_cmdsn_mutex); 2175 inohp.expstatsn = htonl(icp->conn_expstatsn); 2176 icp->conn_laststatsn = icp->conn_expstatsn; 2177 2178 /* release pending queue mutex across the network call */ 2179 mutex_exit(&isp->sess_queue_pending.mutex); 2180 2181 rval = iscsi_net->sendpdu(icp->conn_socket, 2182 (iscsi_hdr_t *)&inohp, NULL, 2183 ISCSI_CONN_TO_NET_DIGEST(icp)); 2184 2185 return (rval); 2186 } 2187 2188 2189 /* 2190 * iscsi_tx_abort - 2191 * 2192 */ 2193 static iscsi_status_t 2194 iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2195 { 2196 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2197 iscsi_conn_t *icp = NULL; 2198 iscsi_scsi_task_mgt_hdr_t istmh; 2199 2200 ASSERT(isp != NULL); 2201 ASSERT(icmdp != NULL); 2202 icp = icmdp->cmd_conn; 2203 ASSERT(icp != NULL); 2204 2205 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2206 mutex_enter(&isp->sess_cmdsn_mutex); 2207 istmh.cmdsn = htonl(isp->sess_cmdsn); 2208 mutex_exit(&isp->sess_cmdsn_mutex); 2209 istmh.expstatsn = htonl(icp->conn_expstatsn); 2210 icp->conn_laststatsn = icp->conn_expstatsn; 2211 istmh.itt = icmdp->cmd_itt; 2212 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2213 istmh.function = ISCSI_FLAG_FINAL | ISCSI_TM_FUNC_ABORT_TASK; 2214 ISCSI_LUN_BYTE_COPY(istmh.lun, 2215 icmdp->cmd_un.abort.icmdp->cmd_un.scsi.lun); 2216 istmh.rtt = icmdp->cmd_un.abort.icmdp->cmd_itt; 2217 2218 /* release pending queue mutex across the network call */ 2219 mutex_exit(&isp->sess_queue_pending.mutex); 2220 2221 rval = iscsi_net->sendpdu(icp->conn_socket, 2222 (iscsi_hdr_t *)&istmh, NULL, 2223 ISCSI_CONN_TO_NET_DIGEST(icp)); 2224 2225 return (rval); 2226 } 2227 2228 2229 /* 2230 * iscsi_tx_reset - 2231 * 2232 */ 2233 static iscsi_status_t 2234 iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2235 { 2236 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2237 iscsi_conn_t *icp = NULL; 2238 iscsi_scsi_task_mgt_hdr_t istmh; 2239 2240 ASSERT(isp != NULL); 2241 ASSERT(icmdp != NULL); 2242 icp = icmdp->cmd_conn; 2243 ASSERT(icp != NULL); 2244 2245 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2246 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2247 mutex_enter(&isp->sess_cmdsn_mutex); 2248 istmh.cmdsn = htonl(isp->sess_cmdsn); 2249 mutex_exit(&isp->sess_cmdsn_mutex); 2250 istmh.expstatsn = htonl(icp->conn_expstatsn); 2251 istmh.itt = icmdp->cmd_itt; 2252 2253 switch (icmdp->cmd_un.reset.level) { 2254 case RESET_LUN: 2255 istmh.function = ISCSI_FLAG_FINAL | 2256 ISCSI_TM_FUNC_LOGICAL_UNIT_RESET; 2257 ISCSI_LUN_BYTE_COPY(istmh.lun, icmdp->cmd_lun->lun_num); 2258 break; 2259 case RESET_TARGET: 2260 case RESET_BUS: 2261 istmh.function = ISCSI_FLAG_FINAL | 2262 ISCSI_TM_FUNC_TARGET_WARM_RESET; 2263 break; 2264 default: 2265 /* unsupported / unknown level */ 2266 ASSERT(FALSE); 2267 break; 2268 } 2269 2270 /* release pending queue mutex across the network call */ 2271 mutex_exit(&isp->sess_queue_pending.mutex); 2272 2273 rval = iscsi_net->sendpdu(icp->conn_socket, 2274 (iscsi_hdr_t *)&istmh, NULL, 2275 ISCSI_CONN_TO_NET_DIGEST(icp)); 2276 2277 return (rval); 2278 } 2279 2280 2281 /* 2282 * iscsi_tx_logout - 2283 * 2284 */ 2285 static iscsi_status_t 2286 iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2287 { 2288 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2289 iscsi_conn_t *icp = NULL; 2290 iscsi_logout_hdr_t ilh; 2291 2292 ASSERT(isp != NULL); 2293 ASSERT(icmdp != NULL); 2294 icp = icmdp->cmd_conn; 2295 ASSERT(icp != NULL); 2296 2297 bzero(&ilh, sizeof (iscsi_logout_hdr_t)); 2298 ilh.opcode = ISCSI_OP_LOGOUT_CMD | ISCSI_OP_IMMEDIATE; 2299 ilh.flags = ISCSI_FLAG_FINAL | ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2300 ilh.itt = icmdp->cmd_itt; 2301 ilh.cid = icp->conn_cid; 2302 mutex_enter(&isp->sess_cmdsn_mutex); 2303 ilh.cmdsn = htonl(isp->sess_cmdsn); 2304 mutex_exit(&isp->sess_cmdsn_mutex); 2305 ilh.expstatsn = htonl(icp->conn_expstatsn); 2306 2307 /* release pending queue mutex across the network call */ 2308 mutex_exit(&isp->sess_queue_pending.mutex); 2309 2310 rval = iscsi_net->sendpdu(icp->conn_socket, 2311 (iscsi_hdr_t *)&ilh, NULL, 2312 ISCSI_CONN_TO_NET_DIGEST(icp)); 2313 2314 return (rval); 2315 } 2316 2317 /* 2318 * iscsi_tx_text - setup iSCSI text request header and send PDU with 2319 * data given in the buffer attached to the command. For a single 2320 * text request, the target may need to send its response in multiple 2321 * text response. In this case, empty text requests are sent after 2322 * each received response to notify the target the initiator is ready 2323 * for more response. For the initial request, the data_len field in 2324 * the text specific portion of a command is set to the amount of data 2325 * the initiator wants to send as part of the request. If additional 2326 * empty text requests are required for long responses, the data_len 2327 * field is set to 0 by the iscsi_handle_text function. 2328 */ 2329 static iscsi_status_t 2330 iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2331 { 2332 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2333 iscsi_conn_t *icp = NULL; 2334 iscsi_text_hdr_t ith; 2335 2336 ASSERT(isp != NULL); 2337 ASSERT(icmdp != NULL); 2338 icp = icmdp->cmd_conn; 2339 ASSERT(icp != NULL); 2340 2341 bzero(&ith, sizeof (iscsi_text_hdr_t)); 2342 ith.opcode = ISCSI_OP_TEXT_CMD; 2343 ith.flags = ISCSI_FLAG_FINAL; 2344 hton24(ith.dlength, icmdp->cmd_un.text.data_len); 2345 ith.itt = icmdp->cmd_itt; 2346 ith.ttt = icmdp->cmd_un.text.ttt; 2347 mutex_enter(&isp->sess_cmdsn_mutex); 2348 ith.cmdsn = htonl(isp->sess_cmdsn); 2349 isp->sess_cmdsn++; 2350 ith.expstatsn = htonl(icp->conn_expstatsn); 2351 mutex_exit(&isp->sess_cmdsn_mutex); 2352 bcopy(icmdp->cmd_un.text.lun, ith.rsvd4, sizeof (ith.rsvd4)); 2353 2354 /* release pending queue mutex across the network call */ 2355 mutex_exit(&isp->sess_queue_pending.mutex); 2356 2357 rval = iscsi_net->sendpdu(icp->conn_socket, 2358 (iscsi_hdr_t *)&ith, icmdp->cmd_un.text.buf, 2359 ISCSI_CONN_TO_NET_DIGEST(icp)); 2360 2361 return (rval); 2362 } 2363 2364 /* 2365 * +--------------------------------------------------------------------+ 2366 * | End of protocol send routines | 2367 * +--------------------------------------------------------------------+ 2368 */ 2369 2370 /* 2371 * iscsi_handle_r2t - 2372 */ 2373 static void 2374 iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2375 uint32_t offset, uint32_t length, uint32_t ttt) 2376 { 2377 iscsi_sess_t *isp = NULL; 2378 iscsi_cmd_t *new_icmdp = NULL; 2379 2380 ASSERT(icp != NULL); 2381 isp = icp->conn_sess; 2382 ASSERT(isp != NULL); 2383 2384 /* 2385 * the sosendmsg from a previous r2t can be slow to return; 2386 * the array may have sent another r2t at this point, so 2387 * wait until the first one finishes and signals us. 2388 */ 2389 while (icmdp->cmd_un.scsi.r2t_icmdp != NULL) { 2390 ASSERT(icmdp->cmd_state != ISCSI_CMD_STATE_COMPLETED); 2391 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2392 } 2393 /* 2394 * try to create an R2T task to send it later. If we can't, 2395 * we're screwed, and the command will eventually time out 2396 * and be retried by the SCSI layer. 2397 */ 2398 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2399 new_icmdp->cmd_type = ISCSI_CMD_TYPE_R2T; 2400 new_icmdp->cmd_un.r2t.icmdp = icmdp; 2401 new_icmdp->cmd_un.r2t.offset = offset; 2402 new_icmdp->cmd_un.r2t.length = length; 2403 new_icmdp->cmd_ttt = ttt; 2404 new_icmdp->cmd_itt = icmdp->cmd_itt; 2405 new_icmdp->cmd_lun = icmdp->cmd_lun; 2406 icmdp->cmd_un.scsi.r2t_icmdp = new_icmdp; 2407 2408 /* 2409 * pending queue mutex is already held by the 2410 * tx_thread or rtt_rsp function. 2411 */ 2412 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2413 } 2414 2415 2416 /* 2417 * iscsi_handle_abort - 2418 * 2419 */ 2420 void 2421 iscsi_handle_abort(void *arg) 2422 { 2423 iscsi_sess_t *isp = NULL; 2424 iscsi_cmd_t *icmdp = (iscsi_cmd_t *)arg; 2425 iscsi_cmd_t *new_icmdp; 2426 iscsi_conn_t *icp; 2427 2428 ASSERT(icmdp != NULL); 2429 icp = icmdp->cmd_conn; 2430 ASSERT(icp != NULL); 2431 isp = icp->conn_sess; 2432 ASSERT(isp != NULL); 2433 2434 /* there should only be one abort */ 2435 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2436 2437 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2438 new_icmdp->cmd_type = ISCSI_CMD_TYPE_ABORT; 2439 new_icmdp->cmd_lun = icmdp->cmd_lun; 2440 new_icmdp->cmd_un.abort.icmdp = icmdp; 2441 new_icmdp->cmd_conn = icmdp->cmd_conn; 2442 icmdp->cmd_un.scsi.abort_icmdp = new_icmdp; 2443 2444 /* pending queue mutex is already held by timeout_checks */ 2445 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2446 } 2447 2448 2449 /* 2450 * iscsi_handle_nop - 2451 * 2452 */ 2453 static void 2454 iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt) 2455 { 2456 iscsi_sess_t *isp = NULL; 2457 iscsi_cmd_t *icmdp = NULL; 2458 2459 ASSERT(icp != NULL); 2460 isp = icp->conn_sess; 2461 ASSERT(isp != NULL); 2462 2463 icmdp = iscsi_cmd_alloc(icp, KM_NOSLEEP); 2464 if (icmdp == NULL) { 2465 return; 2466 } 2467 2468 icmdp->cmd_type = ISCSI_CMD_TYPE_NOP; 2469 icmdp->cmd_itt = itt; 2470 icmdp->cmd_ttt = ttt; 2471 icmdp->cmd_lun = NULL; 2472 icp->conn_nop_lbolt = ddi_get_lbolt(); 2473 2474 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2475 } 2476 2477 /* 2478 * iscsi_handle_reset - 2479 * 2480 */ 2481 iscsi_status_t 2482 iscsi_handle_reset(iscsi_sess_t *isp, int level, iscsi_lun_t *ilp) 2483 { 2484 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2485 iscsi_conn_t *icp; 2486 iscsi_cmd_t icmd; 2487 2488 ASSERT(isp != NULL); 2489 2490 bzero(&icmd, sizeof (iscsi_cmd_t)); 2491 icmd.cmd_sig = ISCSI_SIG_CMD; 2492 icmd.cmd_state = ISCSI_CMD_STATE_FREE; 2493 icmd.cmd_type = ISCSI_CMD_TYPE_RESET; 2494 icmd.cmd_lun = ilp; 2495 icmd.cmd_un.reset.level = level; 2496 icmd.cmd_result = ISCSI_STATUS_SUCCESS; 2497 icmd.cmd_completed = B_FALSE; 2498 mutex_init(&icmd.cmd_mutex, NULL, MUTEX_DRIVER, NULL); 2499 cv_init(&icmd.cmd_completion, NULL, CV_DRIVER, NULL); 2500 /* 2501 * If we received an IO and we are not in the 2502 * LOGGED_IN state we are in the process of 2503 * failing. Just respond that we are BUSY. 2504 */ 2505 mutex_enter(&isp->sess_state_mutex); 2506 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2507 /* We aren't connected to the target fake success */ 2508 mutex_exit(&isp->sess_state_mutex); 2509 return (ISCSI_STATUS_SUCCESS); 2510 } 2511 2512 mutex_enter(&isp->sess_queue_pending.mutex); 2513 iscsi_cmd_state_machine(&icmd, ISCSI_CMD_EVENT_E1, isp); 2514 mutex_exit(&isp->sess_queue_pending.mutex); 2515 mutex_exit(&isp->sess_state_mutex); 2516 2517 /* stall until completed */ 2518 mutex_enter(&icmd.cmd_mutex); 2519 while (icmd.cmd_completed == B_FALSE) { 2520 cv_wait(&icmd.cmd_completion, &icmd.cmd_mutex); 2521 } 2522 mutex_exit(&icmd.cmd_mutex); 2523 2524 /* copy rval */ 2525 rval = icmd.cmd_result; 2526 2527 if (rval == ISCSI_STATUS_SUCCESS) { 2528 /* 2529 * Reset was successful. We need to flush 2530 * all active IOs. 2531 */ 2532 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 2533 icp = isp->sess_conn_list; 2534 while (icp != NULL) { 2535 iscsi_cmd_t *t_icmdp = NULL; 2536 2537 mutex_enter(&icp->conn_queue_active.mutex); 2538 t_icmdp = icp->conn_queue_active.head; 2539 while (t_icmdp != NULL) { 2540 iscsi_cmd_state_machine(t_icmdp, 2541 ISCSI_CMD_EVENT_E7, isp); 2542 t_icmdp = icp->conn_queue_active.head; 2543 } 2544 2545 mutex_exit(&icp->conn_queue_active.mutex); 2546 icp = icp->conn_next; 2547 } 2548 rw_exit(&isp->sess_conn_list_rwlock); 2549 } 2550 2551 /* clean up */ 2552 cv_destroy(&icmd.cmd_completion); 2553 mutex_destroy(&icmd.cmd_mutex); 2554 2555 return (rval); 2556 } 2557 2558 2559 /* 2560 * iscsi_handle_logout - This function will issue a logout for 2561 * the session from a specific connection. 2562 */ 2563 iscsi_status_t 2564 iscsi_handle_logout(iscsi_conn_t *icp) 2565 { 2566 iscsi_sess_t *isp; 2567 iscsi_cmd_t *icmdp; 2568 int rval; 2569 2570 ASSERT(icp != NULL); 2571 isp = icp->conn_sess; 2572 ASSERT(isp != NULL); 2573 ASSERT(isp->sess_hba != NULL); 2574 2575 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2576 ASSERT(icmdp != NULL); 2577 icmdp->cmd_type = ISCSI_CMD_TYPE_LOGOUT; 2578 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2579 icmdp->cmd_completed = B_FALSE; 2580 2581 mutex_enter(&isp->sess_queue_pending.mutex); 2582 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2583 mutex_exit(&isp->sess_queue_pending.mutex); 2584 2585 /* 2586 * release connection state mutex to avoid a deadlock. This 2587 * function is called from within the connection state 2588 * machine with the lock held. When the logout response is 2589 * received another call to the connection state machine 2590 * occurs which causes the deadlock 2591 */ 2592 mutex_exit(&icp->conn_state_mutex); 2593 2594 /* stall until completed */ 2595 mutex_enter(&icmdp->cmd_mutex); 2596 while (icmdp->cmd_completed == B_FALSE) { 2597 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2598 } 2599 mutex_exit(&icmdp->cmd_mutex); 2600 mutex_enter(&icp->conn_state_mutex); 2601 2602 /* copy rval */ 2603 rval = icmdp->cmd_result; 2604 2605 /* 2606 * another way to do this would be to send t17 unconditionally, 2607 * but then the _rx_ thread would get bumped out with a receive 2608 * error, and send another t17. 2609 */ 2610 if (rval != ISCSI_STATUS_SUCCESS) { 2611 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 2612 } 2613 2614 /* clean up */ 2615 iscsi_cmd_free(icmdp); 2616 2617 return (rval); 2618 } 2619 2620 /* 2621 * iscsi_handle_text - main control function for iSCSI text requests. This 2622 * function handles allocating the command, sending initial text request, and 2623 * handling long response sequence. 2624 * If a data overflow condition occurs, iscsi_handle_text continues to 2625 * receive responses until the all data has been recieved. This allows 2626 * the full data length to be returned to the caller. 2627 */ 2628 iscsi_status_t 2629 iscsi_handle_text(iscsi_conn_t *icp, char *buf, uint32_t buf_len, 2630 uint32_t data_len, uint32_t *rx_data_len) 2631 { 2632 iscsi_sess_t *isp; 2633 iscsi_cmd_t *icmdp; 2634 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2635 2636 ASSERT(icp != NULL); 2637 ASSERT(buf != NULL); 2638 ASSERT(rx_data_len != NULL); 2639 2640 isp = icp->conn_sess; 2641 ASSERT(isp != NULL); 2642 2643 /* 2644 * Ensure data for text request command is not greater 2645 * than the negotiated maximum receive data seqment length. 2646 * 2647 * Although iSCSI allows for long text requests (multiple 2648 * pdus), this function places a restriction on text 2649 * requests to ensure it is handled by a single PDU. 2650 */ 2651 if (data_len > icp->conn_params.max_xmit_data_seg_len) { 2652 return (ISCSI_STATUS_CMD_FAILED); 2653 } 2654 2655 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2656 ASSERT(icmdp != NULL); 2657 2658 icmdp->cmd_type = ISCSI_CMD_TYPE_TEXT; 2659 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2660 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2661 icmdp->cmd_completed = B_FALSE; 2662 2663 icmdp->cmd_un.text.buf = buf; 2664 icmdp->cmd_un.text.buf_len = buf_len; 2665 icmdp->cmd_un.text.offset = 0; 2666 icmdp->cmd_un.text.data_len = data_len; 2667 icmdp->cmd_un.text.total_rx_len = 0; 2668 icmdp->cmd_un.text.ttt = ISCSI_RSVD_TASK_TAG; 2669 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_INITIAL_REQ; 2670 2671 long_text_response: 2672 mutex_enter(&isp->sess_state_mutex); 2673 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2674 iscsi_cmd_free(icmdp); 2675 mutex_exit(&isp->sess_state_mutex); 2676 return (ISCSI_STATUS_NO_CONN_LOGGED_IN); 2677 } 2678 2679 mutex_enter(&isp->sess_queue_pending.mutex); 2680 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2681 mutex_exit(&isp->sess_queue_pending.mutex); 2682 mutex_exit(&isp->sess_state_mutex); 2683 2684 /* stall until completed */ 2685 mutex_enter(&icmdp->cmd_mutex); 2686 while (icmdp->cmd_completed == B_FALSE) { 2687 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2688 } 2689 mutex_exit(&icmdp->cmd_mutex); 2690 2691 /* 2692 * check if error occured. If data overflow occured, continue on 2693 * to ensure we get all data so that the full data length can be 2694 * returned to the user 2695 */ 2696 if ((icmdp->cmd_result != ISCSI_STATUS_SUCCESS) && 2697 (icmdp->cmd_result != ISCSI_STATUS_DATA_OVERFLOW)) { 2698 cmn_err(CE_NOTE, "iscsi: SendTarget discovery failed (%d)", 2699 icmdp->cmd_result); 2700 rval = icmdp->cmd_result; 2701 iscsi_cmd_free(icmdp); 2702 return (rval); 2703 } 2704 2705 /* check if this was a partial text PDU */ 2706 if (icmdp->cmd_un.text.stage != ISCSI_CMD_TEXT_FINAL_RSP) { 2707 /* 2708 * If a paritial text rexponse received, send an empty 2709 * text request. This follows the behaviour specified 2710 * in RFC3720 regarding long text responses. 2711 */ 2712 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2713 icmdp->cmd_completed = B_FALSE; 2714 icmdp->cmd_un.text.data_len = 0; 2715 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 2716 goto long_text_response; 2717 } 2718 2719 /* 2720 * set total received data length. If data overflow this would be 2721 * amount of data that would have been received if buffer large 2722 * enough. 2723 */ 2724 *rx_data_len = icmdp->cmd_un.text.total_rx_len; 2725 2726 /* copy rval */ 2727 rval = icmdp->cmd_result; 2728 2729 /* clean up */ 2730 iscsi_cmd_free(icmdp); 2731 2732 return (rval); 2733 } 2734 2735 /* 2736 * iscsi_handle_passthru - This function is used to send a uscsi_cmd 2737 * to a specific target lun. This routine is used for internal purposes 2738 * during enumeration and via the ISCSI_USCSICMD IOCTL. We restrict 2739 * the CDBs that can be issued to a target/lun to INQUIRY, REPORT_LUNS, 2740 * and READ_CAPACITY for security purposes. 2741 * 2742 * The logic here is broken into three phases. 2743 * 1) Allocate and initialize a pkt/icmdp 2744 * 2) Send the pkt/icmdp 2745 * 3) cv_wait for completion 2746 */ 2747 iscsi_status_t 2748 iscsi_handle_passthru(iscsi_sess_t *isp, uint16_t lun, struct uscsi_cmd *ucmdp) 2749 { 2750 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2751 iscsi_cmd_t *icmdp = NULL; 2752 struct scsi_pkt *pkt = NULL; 2753 struct buf *bp = NULL; 2754 struct scsi_arq_status *arqstat = NULL; 2755 int rqlen = SENSE_LENGTH; 2756 2757 ASSERT(isp != NULL); 2758 ASSERT(ucmdp != NULL); 2759 2760 /* 2761 * If the caller didn't provide a sense buffer we need 2762 * to allocation one to get the scsi status. 2763 */ 2764 if (ucmdp->uscsi_rqlen > SENSE_LENGTH) { 2765 rqlen = ucmdp->uscsi_rqlen; 2766 } 2767 2768 /* 2769 * Step 1. Setup structs - KM_SLEEP will always succeed 2770 */ 2771 bp = kmem_zalloc(sizeof (struct buf), KM_SLEEP); 2772 ASSERT(bp != NULL); 2773 pkt = kmem_zalloc(sizeof (struct scsi_pkt), KM_SLEEP); 2774 ASSERT(pkt != NULL); 2775 icmdp = iscsi_cmd_alloc(NULL, KM_SLEEP); 2776 ASSERT(icmdp != NULL); 2777 2778 /* setup bp structure */ 2779 bp->b_flags = B_READ; 2780 bp->b_bcount = ucmdp->uscsi_buflen; 2781 bp->b_un.b_addr = ucmdp->uscsi_bufaddr; 2782 2783 /* setup scsi_pkt structure */ 2784 pkt->pkt_ha_private = icmdp; 2785 pkt->pkt_scbp = kmem_zalloc(rqlen, KM_SLEEP); 2786 pkt->pkt_cdbp = kmem_zalloc(ucmdp->uscsi_cdblen, KM_SLEEP); 2787 /* callback routine for passthru, will wake cv_wait */ 2788 pkt->pkt_comp = iscsi_handle_passthru_callback; 2789 pkt->pkt_time = ucmdp->uscsi_timeout; 2790 2791 /* setup iscsi_cmd structure */ 2792 icmdp->cmd_lun = NULL; 2793 icmdp->cmd_type = ISCSI_CMD_TYPE_SCSI; 2794 icmdp->cmd_un.scsi.lun = lun; 2795 icmdp->cmd_un.scsi.pkt = pkt; 2796 icmdp->cmd_un.scsi.bp = bp; 2797 bcopy(ucmdp->uscsi_cdb, pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2798 icmdp->cmd_un.scsi.cmdlen = ucmdp->uscsi_cdblen; 2799 icmdp->cmd_un.scsi.statuslen = rqlen; 2800 icmdp->cmd_crc_error_seen = B_FALSE; 2801 icmdp->cmd_completed = B_FALSE; 2802 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2803 2804 /* 2805 * Step 2. Push IO onto pending queue. If we aren't in 2806 * FULL_FEATURE we need to fail the IO. 2807 */ 2808 mutex_enter(&isp->sess_state_mutex); 2809 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2810 mutex_exit(&isp->sess_state_mutex); 2811 2812 iscsi_cmd_free(icmdp); 2813 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2814 kmem_free(pkt->pkt_scbp, rqlen); 2815 kmem_free(pkt, sizeof (struct scsi_pkt)); 2816 kmem_free(bp, sizeof (struct buf)); 2817 2818 return (ISCSI_STATUS_CMD_FAILED); 2819 } 2820 2821 mutex_enter(&isp->sess_queue_pending.mutex); 2822 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2823 mutex_exit(&isp->sess_queue_pending.mutex); 2824 mutex_exit(&isp->sess_state_mutex); 2825 2826 /* 2827 * Step 3. Wait on cv_wait for completion routine 2828 */ 2829 mutex_enter(&icmdp->cmd_mutex); 2830 while (icmdp->cmd_completed == B_FALSE) { 2831 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2832 } 2833 mutex_exit(&icmdp->cmd_mutex); 2834 2835 /* copy rval */ 2836 rval = icmdp->cmd_result; 2837 2838 ucmdp->uscsi_resid = pkt->pkt_resid; 2839 2840 /* update scsi status */ 2841 arqstat = (struct scsi_arq_status *)pkt->pkt_scbp; 2842 ucmdp->uscsi_status = ((char *)&arqstat->sts_status)[0]; 2843 2844 /* copy request sense buffers if caller gave space */ 2845 if ((ucmdp->uscsi_rqlen > 0) && 2846 (ucmdp->uscsi_rqbuf != NULL)) { 2847 bcopy(arqstat, ucmdp->uscsi_rqbuf, 2848 MIN(sizeof (struct scsi_arq_status), rqlen)); 2849 } 2850 2851 /* clean up */ 2852 iscsi_cmd_free(icmdp); 2853 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2854 kmem_free(pkt->pkt_scbp, rqlen); 2855 kmem_free(pkt, sizeof (struct scsi_pkt)); 2856 kmem_free(bp, sizeof (struct buf)); 2857 2858 return (rval); 2859 } 2860 2861 2862 /* 2863 * iscsi_handle_passthru_callback - 2864 * 2865 */ 2866 static void 2867 iscsi_handle_passthru_callback(struct scsi_pkt *pkt) 2868 { 2869 iscsi_cmd_t *icmdp = NULL; 2870 2871 ASSERT(pkt != NULL); 2872 icmdp = (iscsi_cmd_t *)pkt->pkt_ha_private; 2873 ASSERT(icmdp != NULL); 2874 2875 mutex_enter(&icmdp->cmd_mutex); 2876 icmdp->cmd_completed = B_TRUE; 2877 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2878 cv_broadcast(&icmdp->cmd_completion); 2879 mutex_exit(&icmdp->cmd_mutex); 2880 2881 } 2882 2883 /* 2884 * +--------------------------------------------------------------------+ 2885 * | Beginning of completion routines | 2886 * +--------------------------------------------------------------------+ 2887 */ 2888 2889 /* 2890 * iscsi_ic_thread - 2891 */ 2892 void 2893 iscsi_ic_thread(iscsi_thread_t *thread, void *arg) 2894 { 2895 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 2896 int ret; 2897 iscsi_queue_t q; 2898 iscsi_cmd_t *icmdp; 2899 iscsi_cmd_t *next_icmdp; 2900 2901 ASSERT(isp != NULL); 2902 ASSERT(thread != NULL); 2903 ASSERT(thread->signature == SIG_ISCSI_THREAD); 2904 2905 for (;;) { 2906 2907 /* 2908 * We wait till iodone or somebody else wakes us up. 2909 */ 2910 ret = iscsi_thread_wait(thread, -1); 2911 2912 /* 2913 * The value should never be negative since we never timeout. 2914 */ 2915 ASSERT(ret >= 0); 2916 2917 q.count = 0; 2918 q.head = NULL; 2919 q.tail = NULL; 2920 mutex_enter(&isp->sess_queue_completion.mutex); 2921 icmdp = isp->sess_queue_completion.head; 2922 while (icmdp != NULL) { 2923 next_icmdp = icmdp->cmd_next; 2924 mutex_enter(&icmdp->cmd_mutex); 2925 /* 2926 * check if the associated r2t/abort has finished 2927 * yet. If not, don't complete the command. 2928 */ 2929 if ((icmdp->cmd_un.scsi.r2t_icmdp == NULL) && 2930 (icmdp->cmd_un.scsi.abort_icmdp == NULL)) { 2931 mutex_exit(&icmdp->cmd_mutex); 2932 (void) iscsi_dequeue_cmd(&isp-> 2933 sess_queue_completion.head, 2934 &isp->sess_queue_completion.tail, 2935 icmdp); 2936 --isp->sess_queue_completion.count; 2937 iscsi_enqueue_cmd_head(&q.head, 2938 &q.tail, icmdp); 2939 } else 2940 mutex_exit(&icmdp->cmd_mutex); 2941 icmdp = next_icmdp; 2942 } 2943 mutex_exit(&isp->sess_queue_completion.mutex); 2944 icmdp = q.head; 2945 while (icmdp != NULL) { 2946 next_icmdp = icmdp->cmd_next; 2947 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E8, isp); 2948 icmdp = next_icmdp; 2949 } 2950 2951 if (ret > 0) 2952 /* Somebody woke us up to work */ 2953 continue; 2954 else 2955 /* 2956 * Somebody woke us up to kill ourselves. We will 2957 * make sure, however that the completion queue is 2958 * empty before leaving. After we've done that it 2959 * is the originator of the signal that has to make 2960 * sure no other SCSI command is posted. 2961 */ 2962 break; 2963 } 2964 2965 } 2966 2967 /* 2968 * iscsi_iodone - 2969 * 2970 */ 2971 void 2972 iscsi_iodone(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2973 { 2974 struct scsi_pkt *pkt = NULL; 2975 struct buf *bp = icmdp->cmd_un.scsi.bp; 2976 2977 ASSERT(isp != NULL); 2978 ASSERT(icmdp != NULL); 2979 pkt = icmdp->cmd_un.scsi.pkt; 2980 ASSERT(pkt != NULL); 2981 2982 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2983 ASSERT(icmdp->cmd_un.scsi.r2t_icmdp == NULL); 2984 if (pkt->pkt_reason == CMD_CMPLT) { 2985 if (bp) { 2986 if (bp->b_flags & B_READ) { 2987 KSTAT_SESS_RX_IO_DONE(isp, bp->b_bcount); 2988 } else { 2989 KSTAT_SESS_TX_IO_DONE(isp, bp->b_bcount); 2990 } 2991 } 2992 } 2993 2994 if (pkt->pkt_flags & FLAG_NOINTR) { 2995 cv_broadcast(&icmdp->cmd_completion); 2996 mutex_exit(&icmdp->cmd_mutex); 2997 } else { 2998 /* 2999 * Release mutex. As soon as callback is 3000 * issued the caller may destroy the command. 3001 */ 3002 mutex_exit(&icmdp->cmd_mutex); 3003 /* 3004 * We can't just directly call the pk_comp routine. In 3005 * many error cases the target driver will use the calling 3006 * thread to re-drive error handling (reset, retries...) 3007 * back into the hba driver (iscsi). If the target redrives 3008 * a reset back into the iscsi driver off this thead we have 3009 * a chance of deadlocking. So instead use the io completion 3010 * thread. 3011 */ 3012 (*icmdp->cmd_un.scsi.pkt->pkt_comp)(icmdp->cmd_un.scsi.pkt); 3013 } 3014 } 3015 3016 /* 3017 * +--------------------------------------------------------------------+ 3018 * | End of completion routines | 3019 * +--------------------------------------------------------------------+ 3020 */ 3021 3022 /* 3023 * +--------------------------------------------------------------------+ 3024 * | Beginning of watchdog routines | 3025 * +--------------------------------------------------------------------+ 3026 */ 3027 3028 /* 3029 * iscsi_watchdog_thread - 3030 * 3031 */ 3032 void 3033 iscsi_wd_thread(iscsi_thread_t *thread, void *arg) 3034 { 3035 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 3036 int rc = 1; 3037 3038 ASSERT(isp != NULL); 3039 3040 while (rc != NULL) { 3041 3042 iscsi_timeout_checks(isp); 3043 iscsi_nop_checks(isp); 3044 3045 rc = iscsi_thread_wait(thread, SEC_TO_TICK(1)); 3046 } 3047 } 3048 3049 /* 3050 * iscsi_timeout_checks - 3051 * 3052 */ 3053 static void 3054 iscsi_timeout_checks(iscsi_sess_t *isp) 3055 { 3056 clock_t now = ddi_get_lbolt(); 3057 iscsi_cmd_t *icmdp, *nicmdp; 3058 iscsi_conn_t *icp; 3059 3060 ASSERT(isp != NULL); 3061 3062 /* PENDING */ 3063 mutex_enter(&isp->sess_state_mutex); 3064 mutex_enter(&isp->sess_queue_pending.mutex); 3065 for (icmdp = isp->sess_queue_pending.head; 3066 icmdp; icmdp = nicmdp) { 3067 nicmdp = icmdp->cmd_next; 3068 3069 /* Skip entries with no timeout */ 3070 if (icmdp->cmd_lbolt_timeout == 0) 3071 continue; 3072 3073 /* 3074 * Skip pending queue entries for cmd_type values that depend 3075 * on having an open cmdsn window for successfull transition 3076 * from pending to the active (i.e. ones that depend on 3077 * sess_cmdsn .vs. sess_maxcmdsn). For them, the timer starts 3078 * when they are successfully moved to the active queue by 3079 * iscsi_cmd_state_pending() code. 3080 */ 3081 /* 3082 * If the cmd is stuck, at least give it a chance 3083 * to timeout 3084 */ 3085 if (((icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI) || 3086 (icmdp->cmd_type == ISCSI_CMD_TYPE_TEXT)) && 3087 !(icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_STUCK)) 3088 continue; 3089 3090 /* Skip if timeout still in the future */ 3091 if (now <= icmdp->cmd_lbolt_timeout) 3092 continue; 3093 3094 /* timeout */ 3095 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3096 } 3097 mutex_exit(&isp->sess_queue_pending.mutex); 3098 mutex_exit(&isp->sess_state_mutex); 3099 3100 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3101 icp = isp->sess_conn_list; 3102 while (icp != NULL) { 3103 3104 /* ACTIVE */ 3105 mutex_enter(&icp->conn_state_mutex); 3106 mutex_enter(&isp->sess_queue_pending.mutex); 3107 mutex_enter(&icp->conn_queue_active.mutex); 3108 for (icmdp = icp->conn_queue_active.head; 3109 icmdp; icmdp = nicmdp) { 3110 nicmdp = icmdp->cmd_next; 3111 3112 /* Skip entries with no timeout */ 3113 if (icmdp->cmd_lbolt_timeout == 0) 3114 continue; 3115 3116 /* Skip if command is not active */ 3117 if (icmdp->cmd_state != ISCSI_CMD_STATE_ACTIVE) 3118 continue; 3119 3120 /* Skip if timeout still in the future */ 3121 if (now <= icmdp->cmd_lbolt_timeout) 3122 continue; 3123 3124 /* timeout */ 3125 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3126 } 3127 mutex_exit(&icp->conn_queue_active.mutex); 3128 mutex_exit(&isp->sess_queue_pending.mutex); 3129 mutex_exit(&icp->conn_state_mutex); 3130 3131 icp = icp->conn_next; 3132 } 3133 rw_exit(&isp->sess_conn_list_rwlock); 3134 } 3135 3136 /* 3137 * iscsi_nop_checks - sends a NOP on idle connections 3138 * 3139 * This function walks the connections on a session and 3140 * issues NOPs on those connections that are in FULL 3141 * FEATURE mode and have not received data for the 3142 * time period specified by iscsi_nop_delay (global). 3143 */ 3144 static void 3145 iscsi_nop_checks(iscsi_sess_t *isp) 3146 { 3147 iscsi_conn_t *icp; 3148 3149 ASSERT(isp != NULL); 3150 3151 if (isp->sess_type == ISCSI_SESS_TYPE_DISCOVERY) { 3152 return; 3153 } 3154 3155 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3156 icp = isp->sess_conn_act; 3157 if (icp != NULL) { 3158 3159 mutex_enter(&icp->conn_state_mutex); 3160 if ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 3161 (ddi_get_lbolt() > isp->sess_conn_act->conn_rx_lbolt + 3162 SEC_TO_TICK(iscsi_nop_delay)) && (ddi_get_lbolt() > 3163 isp->sess_conn_act->conn_nop_lbolt + 3164 SEC_TO_TICK(iscsi_nop_delay))) { 3165 3166 /* 3167 * We haven't received anything from the 3168 * target is a defined period of time, 3169 * send NOP to see if the target is alive. 3170 */ 3171 mutex_enter(&isp->sess_queue_pending.mutex); 3172 iscsi_handle_nop(isp->sess_conn_act, 3173 0, ISCSI_RSVD_TASK_TAG); 3174 mutex_exit(&isp->sess_queue_pending.mutex); 3175 } 3176 mutex_exit(&icp->conn_state_mutex); 3177 3178 icp = icp->conn_next; 3179 } 3180 rw_exit(&isp->sess_conn_list_rwlock); 3181 } 3182 3183 /* 3184 * +--------------------------------------------------------------------+ 3185 * | End of wd routines | 3186 * +--------------------------------------------------------------------+ 3187 */ 3188