xref: /linux/drivers/nvme/target/core.c (revision 1623bc27a85a93e82194c8d077eccc464efa67db)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Common code for the NVMe target.
4  * Copyright (c) 2015-2016 HGST, a Western Digital Company.
5  */
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7 #include <linux/module.h>
8 #include <linux/random.h>
9 #include <linux/rculist.h>
10 #include <linux/pci-p2pdma.h>
11 #include <linux/scatterlist.h>
12 
13 #include <generated/utsrelease.h>
14 
15 #define CREATE_TRACE_POINTS
16 #include "trace.h"
17 
18 #include "nvmet.h"
19 #include "debugfs.h"
20 
21 struct kmem_cache *nvmet_bvec_cache;
22 struct workqueue_struct *buffered_io_wq;
23 struct workqueue_struct *zbd_wq;
24 static const struct nvmet_fabrics_ops *nvmet_transports[NVMF_TRTYPE_MAX];
25 static DEFINE_IDA(cntlid_ida);
26 
27 struct workqueue_struct *nvmet_wq;
28 EXPORT_SYMBOL_GPL(nvmet_wq);
29 
30 /*
31  * This read/write semaphore is used to synchronize access to configuration
32  * information on a target system that will result in discovery log page
33  * information change for at least one host.
34  * The full list of resources to protected by this semaphore is:
35  *
36  *  - subsystems list
37  *  - per-subsystem allowed hosts list
38  *  - allow_any_host subsystem attribute
39  *  - nvmet_genctr
40  *  - the nvmet_transports array
41  *
42  * When updating any of those lists/structures write lock should be obtained,
43  * while when reading (popolating discovery log page or checking host-subsystem
44  * link) read lock is obtained to allow concurrent reads.
45  */
46 DECLARE_RWSEM(nvmet_config_sem);
47 
48 u32 nvmet_ana_group_enabled[NVMET_MAX_ANAGRPS + 1];
49 u64 nvmet_ana_chgcnt;
50 DECLARE_RWSEM(nvmet_ana_sem);
51 
52 inline u16 errno_to_nvme_status(struct nvmet_req *req, int errno)
53 {
54 	switch (errno) {
55 	case 0:
56 		return NVME_SC_SUCCESS;
57 	case -ENOSPC:
58 		req->error_loc = offsetof(struct nvme_rw_command, length);
59 		return NVME_SC_CAP_EXCEEDED | NVME_STATUS_DNR;
60 	case -EREMOTEIO:
61 		req->error_loc = offsetof(struct nvme_rw_command, slba);
62 		return  NVME_SC_LBA_RANGE | NVME_STATUS_DNR;
63 	case -EOPNOTSUPP:
64 		req->error_loc = offsetof(struct nvme_common_command, opcode);
65 		switch (req->cmd->common.opcode) {
66 		case nvme_cmd_dsm:
67 		case nvme_cmd_write_zeroes:
68 			return NVME_SC_ONCS_NOT_SUPPORTED | NVME_STATUS_DNR;
69 		default:
70 			return NVME_SC_INVALID_OPCODE | NVME_STATUS_DNR;
71 		}
72 		break;
73 	case -ENODATA:
74 		req->error_loc = offsetof(struct nvme_rw_command, nsid);
75 		return NVME_SC_ACCESS_DENIED;
76 	case -EIO:
77 		fallthrough;
78 	default:
79 		req->error_loc = offsetof(struct nvme_common_command, opcode);
80 		return NVME_SC_INTERNAL | NVME_STATUS_DNR;
81 	}
82 }
83 
84 u16 nvmet_report_invalid_opcode(struct nvmet_req *req)
85 {
86 	pr_debug("unhandled cmd %d on qid %d\n", req->cmd->common.opcode,
87 		 req->sq->qid);
88 
89 	req->error_loc = offsetof(struct nvme_common_command, opcode);
90 	return NVME_SC_INVALID_OPCODE | NVME_STATUS_DNR;
91 }
92 
93 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
94 		const char *subsysnqn);
95 
96 u16 nvmet_copy_to_sgl(struct nvmet_req *req, off_t off, const void *buf,
97 		size_t len)
98 {
99 	if (sg_pcopy_from_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
100 		req->error_loc = offsetof(struct nvme_common_command, dptr);
101 		return NVME_SC_SGL_INVALID_DATA | NVME_STATUS_DNR;
102 	}
103 	return 0;
104 }
105 
106 u16 nvmet_copy_from_sgl(struct nvmet_req *req, off_t off, void *buf, size_t len)
107 {
108 	if (sg_pcopy_to_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
109 		req->error_loc = offsetof(struct nvme_common_command, dptr);
110 		return NVME_SC_SGL_INVALID_DATA | NVME_STATUS_DNR;
111 	}
112 	return 0;
113 }
114 
115 u16 nvmet_zero_sgl(struct nvmet_req *req, off_t off, size_t len)
116 {
117 	if (sg_zero_buffer(req->sg, req->sg_cnt, len, off) != len) {
118 		req->error_loc = offsetof(struct nvme_common_command, dptr);
119 		return NVME_SC_SGL_INVALID_DATA | NVME_STATUS_DNR;
120 	}
121 	return 0;
122 }
123 
124 static u32 nvmet_max_nsid(struct nvmet_subsys *subsys)
125 {
126 	struct nvmet_ns *cur;
127 	unsigned long idx;
128 	u32 nsid = 0;
129 
130 	nvmet_for_each_enabled_ns(&subsys->namespaces, idx, cur)
131 		nsid = cur->nsid;
132 
133 	return nsid;
134 }
135 
136 static u32 nvmet_async_event_result(struct nvmet_async_event *aen)
137 {
138 	return aen->event_type | (aen->event_info << 8) | (aen->log_page << 16);
139 }
140 
141 static void nvmet_async_events_failall(struct nvmet_ctrl *ctrl)
142 {
143 	struct nvmet_req *req;
144 
145 	mutex_lock(&ctrl->lock);
146 	while (ctrl->nr_async_event_cmds) {
147 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
148 		mutex_unlock(&ctrl->lock);
149 		nvmet_req_complete(req, NVME_SC_INTERNAL | NVME_STATUS_DNR);
150 		mutex_lock(&ctrl->lock);
151 	}
152 	mutex_unlock(&ctrl->lock);
153 }
154 
155 static void nvmet_async_events_process(struct nvmet_ctrl *ctrl)
156 {
157 	struct nvmet_async_event *aen;
158 	struct nvmet_req *req;
159 
160 	mutex_lock(&ctrl->lock);
161 	while (ctrl->nr_async_event_cmds && !list_empty(&ctrl->async_events)) {
162 		aen = list_first_entry(&ctrl->async_events,
163 				       struct nvmet_async_event, entry);
164 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
165 		nvmet_set_result(req, nvmet_async_event_result(aen));
166 
167 		list_del(&aen->entry);
168 		kfree(aen);
169 
170 		mutex_unlock(&ctrl->lock);
171 		trace_nvmet_async_event(ctrl, req->cqe->result.u32);
172 		nvmet_req_complete(req, 0);
173 		mutex_lock(&ctrl->lock);
174 	}
175 	mutex_unlock(&ctrl->lock);
176 }
177 
178 static void nvmet_async_events_free(struct nvmet_ctrl *ctrl)
179 {
180 	struct nvmet_async_event *aen, *tmp;
181 
182 	mutex_lock(&ctrl->lock);
183 	list_for_each_entry_safe(aen, tmp, &ctrl->async_events, entry) {
184 		list_del(&aen->entry);
185 		kfree(aen);
186 	}
187 	mutex_unlock(&ctrl->lock);
188 }
189 
190 static void nvmet_async_event_work(struct work_struct *work)
191 {
192 	struct nvmet_ctrl *ctrl =
193 		container_of(work, struct nvmet_ctrl, async_event_work);
194 
195 	nvmet_async_events_process(ctrl);
196 }
197 
198 void nvmet_add_async_event(struct nvmet_ctrl *ctrl, u8 event_type,
199 		u8 event_info, u8 log_page)
200 {
201 	struct nvmet_async_event *aen;
202 
203 	aen = kmalloc(sizeof(*aen), GFP_KERNEL);
204 	if (!aen)
205 		return;
206 
207 	aen->event_type = event_type;
208 	aen->event_info = event_info;
209 	aen->log_page = log_page;
210 
211 	mutex_lock(&ctrl->lock);
212 	list_add_tail(&aen->entry, &ctrl->async_events);
213 	mutex_unlock(&ctrl->lock);
214 
215 	queue_work(nvmet_wq, &ctrl->async_event_work);
216 }
217 
218 static void nvmet_add_to_changed_ns_log(struct nvmet_ctrl *ctrl, __le32 nsid)
219 {
220 	u32 i;
221 
222 	mutex_lock(&ctrl->lock);
223 	if (ctrl->nr_changed_ns > NVME_MAX_CHANGED_NAMESPACES)
224 		goto out_unlock;
225 
226 	for (i = 0; i < ctrl->nr_changed_ns; i++) {
227 		if (ctrl->changed_ns_list[i] == nsid)
228 			goto out_unlock;
229 	}
230 
231 	if (ctrl->nr_changed_ns == NVME_MAX_CHANGED_NAMESPACES) {
232 		ctrl->changed_ns_list[0] = cpu_to_le32(0xffffffff);
233 		ctrl->nr_changed_ns = U32_MAX;
234 		goto out_unlock;
235 	}
236 
237 	ctrl->changed_ns_list[ctrl->nr_changed_ns++] = nsid;
238 out_unlock:
239 	mutex_unlock(&ctrl->lock);
240 }
241 
242 void nvmet_ns_changed(struct nvmet_subsys *subsys, u32 nsid)
243 {
244 	struct nvmet_ctrl *ctrl;
245 
246 	lockdep_assert_held(&subsys->lock);
247 
248 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
249 		nvmet_add_to_changed_ns_log(ctrl, cpu_to_le32(nsid));
250 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_NS_ATTR))
251 			continue;
252 		nvmet_add_async_event(ctrl, NVME_AER_NOTICE,
253 				NVME_AER_NOTICE_NS_CHANGED,
254 				NVME_LOG_CHANGED_NS);
255 	}
256 }
257 
258 void nvmet_send_ana_event(struct nvmet_subsys *subsys,
259 		struct nvmet_port *port)
260 {
261 	struct nvmet_ctrl *ctrl;
262 
263 	mutex_lock(&subsys->lock);
264 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
265 		if (port && ctrl->port != port)
266 			continue;
267 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_ANA_CHANGE))
268 			continue;
269 		nvmet_add_async_event(ctrl, NVME_AER_NOTICE,
270 				NVME_AER_NOTICE_ANA, NVME_LOG_ANA);
271 	}
272 	mutex_unlock(&subsys->lock);
273 }
274 
275 void nvmet_port_send_ana_event(struct nvmet_port *port)
276 {
277 	struct nvmet_subsys_link *p;
278 
279 	down_read(&nvmet_config_sem);
280 	list_for_each_entry(p, &port->subsystems, entry)
281 		nvmet_send_ana_event(p->subsys, port);
282 	up_read(&nvmet_config_sem);
283 }
284 
285 int nvmet_register_transport(const struct nvmet_fabrics_ops *ops)
286 {
287 	int ret = 0;
288 
289 	down_write(&nvmet_config_sem);
290 	if (nvmet_transports[ops->type])
291 		ret = -EINVAL;
292 	else
293 		nvmet_transports[ops->type] = ops;
294 	up_write(&nvmet_config_sem);
295 
296 	return ret;
297 }
298 EXPORT_SYMBOL_GPL(nvmet_register_transport);
299 
300 void nvmet_unregister_transport(const struct nvmet_fabrics_ops *ops)
301 {
302 	down_write(&nvmet_config_sem);
303 	nvmet_transports[ops->type] = NULL;
304 	up_write(&nvmet_config_sem);
305 }
306 EXPORT_SYMBOL_GPL(nvmet_unregister_transport);
307 
308 void nvmet_port_del_ctrls(struct nvmet_port *port, struct nvmet_subsys *subsys)
309 {
310 	struct nvmet_ctrl *ctrl;
311 
312 	mutex_lock(&subsys->lock);
313 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
314 		if (ctrl->port == port)
315 			ctrl->ops->delete_ctrl(ctrl);
316 	}
317 	mutex_unlock(&subsys->lock);
318 }
319 
320 int nvmet_enable_port(struct nvmet_port *port)
321 {
322 	const struct nvmet_fabrics_ops *ops;
323 	int ret;
324 
325 	lockdep_assert_held(&nvmet_config_sem);
326 
327 	ops = nvmet_transports[port->disc_addr.trtype];
328 	if (!ops) {
329 		up_write(&nvmet_config_sem);
330 		request_module("nvmet-transport-%d", port->disc_addr.trtype);
331 		down_write(&nvmet_config_sem);
332 		ops = nvmet_transports[port->disc_addr.trtype];
333 		if (!ops) {
334 			pr_err("transport type %d not supported\n",
335 				port->disc_addr.trtype);
336 			return -EINVAL;
337 		}
338 	}
339 
340 	if (!try_module_get(ops->owner))
341 		return -EINVAL;
342 
343 	/*
344 	 * If the user requested PI support and the transport isn't pi capable,
345 	 * don't enable the port.
346 	 */
347 	if (port->pi_enable && !(ops->flags & NVMF_METADATA_SUPPORTED)) {
348 		pr_err("T10-PI is not supported by transport type %d\n",
349 		       port->disc_addr.trtype);
350 		ret = -EINVAL;
351 		goto out_put;
352 	}
353 
354 	ret = ops->add_port(port);
355 	if (ret)
356 		goto out_put;
357 
358 	/* If the transport didn't set inline_data_size, then disable it. */
359 	if (port->inline_data_size < 0)
360 		port->inline_data_size = 0;
361 
362 	/*
363 	 * If the transport didn't set the max_queue_size properly, then clamp
364 	 * it to the target limits. Also set default values in case the
365 	 * transport didn't set it at all.
366 	 */
367 	if (port->max_queue_size < 0)
368 		port->max_queue_size = NVMET_MAX_QUEUE_SIZE;
369 	else
370 		port->max_queue_size = clamp_t(int, port->max_queue_size,
371 					       NVMET_MIN_QUEUE_SIZE,
372 					       NVMET_MAX_QUEUE_SIZE);
373 
374 	port->enabled = true;
375 	port->tr_ops = ops;
376 	return 0;
377 
378 out_put:
379 	module_put(ops->owner);
380 	return ret;
381 }
382 
383 void nvmet_disable_port(struct nvmet_port *port)
384 {
385 	const struct nvmet_fabrics_ops *ops;
386 
387 	lockdep_assert_held(&nvmet_config_sem);
388 
389 	port->enabled = false;
390 	port->tr_ops = NULL;
391 
392 	ops = nvmet_transports[port->disc_addr.trtype];
393 	ops->remove_port(port);
394 	module_put(ops->owner);
395 }
396 
397 static void nvmet_keep_alive_timer(struct work_struct *work)
398 {
399 	struct nvmet_ctrl *ctrl = container_of(to_delayed_work(work),
400 			struct nvmet_ctrl, ka_work);
401 	bool reset_tbkas = ctrl->reset_tbkas;
402 
403 	ctrl->reset_tbkas = false;
404 	if (reset_tbkas) {
405 		pr_debug("ctrl %d reschedule traffic based keep-alive timer\n",
406 			ctrl->cntlid);
407 		queue_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
408 		return;
409 	}
410 
411 	pr_err("ctrl %d keep-alive timer (%d seconds) expired!\n",
412 		ctrl->cntlid, ctrl->kato);
413 
414 	nvmet_ctrl_fatal_error(ctrl);
415 }
416 
417 void nvmet_start_keep_alive_timer(struct nvmet_ctrl *ctrl)
418 {
419 	if (unlikely(ctrl->kato == 0))
420 		return;
421 
422 	pr_debug("ctrl %d start keep-alive timer for %d secs\n",
423 		ctrl->cntlid, ctrl->kato);
424 
425 	queue_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
426 }
427 
428 void nvmet_stop_keep_alive_timer(struct nvmet_ctrl *ctrl)
429 {
430 	if (unlikely(ctrl->kato == 0))
431 		return;
432 
433 	pr_debug("ctrl %d stop keep-alive\n", ctrl->cntlid);
434 
435 	cancel_delayed_work_sync(&ctrl->ka_work);
436 }
437 
438 u16 nvmet_req_find_ns(struct nvmet_req *req)
439 {
440 	u32 nsid = le32_to_cpu(req->cmd->common.nsid);
441 	struct nvmet_subsys *subsys = nvmet_req_subsys(req);
442 
443 	req->ns = xa_load(&subsys->namespaces, nsid);
444 	if (unlikely(!req->ns || !req->ns->enabled)) {
445 		req->error_loc = offsetof(struct nvme_common_command, nsid);
446 		if (!req->ns) /* ns doesn't exist! */
447 			return NVME_SC_INVALID_NS | NVME_STATUS_DNR;
448 
449 		/* ns exists but it's disabled */
450 		req->ns = NULL;
451 		return NVME_SC_INTERNAL_PATH_ERROR;
452 	}
453 
454 	percpu_ref_get(&req->ns->ref);
455 	return NVME_SC_SUCCESS;
456 }
457 
458 static void nvmet_destroy_namespace(struct percpu_ref *ref)
459 {
460 	struct nvmet_ns *ns = container_of(ref, struct nvmet_ns, ref);
461 
462 	complete(&ns->disable_done);
463 }
464 
465 void nvmet_put_namespace(struct nvmet_ns *ns)
466 {
467 	percpu_ref_put(&ns->ref);
468 }
469 
470 static void nvmet_ns_dev_disable(struct nvmet_ns *ns)
471 {
472 	nvmet_bdev_ns_disable(ns);
473 	nvmet_file_ns_disable(ns);
474 }
475 
476 static int nvmet_p2pmem_ns_enable(struct nvmet_ns *ns)
477 {
478 	int ret;
479 	struct pci_dev *p2p_dev;
480 
481 	if (!ns->use_p2pmem)
482 		return 0;
483 
484 	if (!ns->bdev) {
485 		pr_err("peer-to-peer DMA is not supported by non-block device namespaces\n");
486 		return -EINVAL;
487 	}
488 
489 	if (!blk_queue_pci_p2pdma(ns->bdev->bd_disk->queue)) {
490 		pr_err("peer-to-peer DMA is not supported by the driver of %s\n",
491 		       ns->device_path);
492 		return -EINVAL;
493 	}
494 
495 	if (ns->p2p_dev) {
496 		ret = pci_p2pdma_distance(ns->p2p_dev, nvmet_ns_dev(ns), true);
497 		if (ret < 0)
498 			return -EINVAL;
499 	} else {
500 		/*
501 		 * Right now we just check that there is p2pmem available so
502 		 * we can report an error to the user right away if there
503 		 * is not. We'll find the actual device to use once we
504 		 * setup the controller when the port's device is available.
505 		 */
506 
507 		p2p_dev = pci_p2pmem_find(nvmet_ns_dev(ns));
508 		if (!p2p_dev) {
509 			pr_err("no peer-to-peer memory is available for %s\n",
510 			       ns->device_path);
511 			return -EINVAL;
512 		}
513 
514 		pci_dev_put(p2p_dev);
515 	}
516 
517 	return 0;
518 }
519 
520 /*
521  * Note: ctrl->subsys->lock should be held when calling this function
522  */
523 static void nvmet_p2pmem_ns_add_p2p(struct nvmet_ctrl *ctrl,
524 				    struct nvmet_ns *ns)
525 {
526 	struct device *clients[2];
527 	struct pci_dev *p2p_dev;
528 	int ret;
529 
530 	if (!ctrl->p2p_client || !ns->use_p2pmem)
531 		return;
532 
533 	if (ns->p2p_dev) {
534 		ret = pci_p2pdma_distance(ns->p2p_dev, ctrl->p2p_client, true);
535 		if (ret < 0)
536 			return;
537 
538 		p2p_dev = pci_dev_get(ns->p2p_dev);
539 	} else {
540 		clients[0] = ctrl->p2p_client;
541 		clients[1] = nvmet_ns_dev(ns);
542 
543 		p2p_dev = pci_p2pmem_find_many(clients, ARRAY_SIZE(clients));
544 		if (!p2p_dev) {
545 			pr_err("no peer-to-peer memory is available that's supported by %s and %s\n",
546 			       dev_name(ctrl->p2p_client), ns->device_path);
547 			return;
548 		}
549 	}
550 
551 	ret = radix_tree_insert(&ctrl->p2p_ns_map, ns->nsid, p2p_dev);
552 	if (ret < 0)
553 		pci_dev_put(p2p_dev);
554 
555 	pr_info("using p2pmem on %s for nsid %d\n", pci_name(p2p_dev),
556 		ns->nsid);
557 }
558 
559 bool nvmet_ns_revalidate(struct nvmet_ns *ns)
560 {
561 	loff_t oldsize = ns->size;
562 
563 	if (ns->bdev)
564 		nvmet_bdev_ns_revalidate(ns);
565 	else
566 		nvmet_file_ns_revalidate(ns);
567 
568 	return oldsize != ns->size;
569 }
570 
571 int nvmet_ns_enable(struct nvmet_ns *ns)
572 {
573 	struct nvmet_subsys *subsys = ns->subsys;
574 	struct nvmet_ctrl *ctrl;
575 	int ret;
576 
577 	mutex_lock(&subsys->lock);
578 	ret = 0;
579 
580 	if (nvmet_is_passthru_subsys(subsys)) {
581 		pr_info("cannot enable both passthru and regular namespaces for a single subsystem");
582 		goto out_unlock;
583 	}
584 
585 	if (ns->enabled)
586 		goto out_unlock;
587 
588 	ret = -EMFILE;
589 
590 	ret = nvmet_bdev_ns_enable(ns);
591 	if (ret == -ENOTBLK)
592 		ret = nvmet_file_ns_enable(ns);
593 	if (ret)
594 		goto out_unlock;
595 
596 	ret = nvmet_p2pmem_ns_enable(ns);
597 	if (ret)
598 		goto out_dev_disable;
599 
600 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
601 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
602 
603 	if (ns->pr.enable) {
604 		ret = nvmet_pr_init_ns(ns);
605 		if (ret)
606 			goto out_dev_put;
607 	}
608 
609 	nvmet_ns_changed(subsys, ns->nsid);
610 	ns->enabled = true;
611 	xa_set_mark(&subsys->namespaces, ns->nsid, NVMET_NS_ENABLED);
612 	ret = 0;
613 out_unlock:
614 	mutex_unlock(&subsys->lock);
615 	return ret;
616 out_dev_put:
617 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
618 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
619 out_dev_disable:
620 	nvmet_ns_dev_disable(ns);
621 	goto out_unlock;
622 }
623 
624 void nvmet_ns_disable(struct nvmet_ns *ns)
625 {
626 	struct nvmet_subsys *subsys = ns->subsys;
627 	struct nvmet_ctrl *ctrl;
628 
629 	mutex_lock(&subsys->lock);
630 	if (!ns->enabled)
631 		goto out_unlock;
632 
633 	ns->enabled = false;
634 	xa_clear_mark(&subsys->namespaces, ns->nsid, NVMET_NS_ENABLED);
635 
636 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
637 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
638 
639 	mutex_unlock(&subsys->lock);
640 
641 	if (ns->pr.enable)
642 		nvmet_pr_exit_ns(ns);
643 
644 	mutex_lock(&subsys->lock);
645 	nvmet_ns_changed(subsys, ns->nsid);
646 	nvmet_ns_dev_disable(ns);
647 out_unlock:
648 	mutex_unlock(&subsys->lock);
649 }
650 
651 void nvmet_ns_free(struct nvmet_ns *ns)
652 {
653 	struct nvmet_subsys *subsys = ns->subsys;
654 
655 	nvmet_ns_disable(ns);
656 
657 	mutex_lock(&subsys->lock);
658 
659 	xa_erase(&subsys->namespaces, ns->nsid);
660 	if (ns->nsid == subsys->max_nsid)
661 		subsys->max_nsid = nvmet_max_nsid(subsys);
662 
663 	mutex_unlock(&subsys->lock);
664 
665 	/*
666 	 * Now that we removed the namespaces from the lookup list, we
667 	 * can kill the per_cpu ref and wait for any remaining references
668 	 * to be dropped, as well as a RCU grace period for anyone only
669 	 * using the namepace under rcu_read_lock().  Note that we can't
670 	 * use call_rcu here as we need to ensure the namespaces have
671 	 * been fully destroyed before unloading the module.
672 	 */
673 	percpu_ref_kill(&ns->ref);
674 	synchronize_rcu();
675 	wait_for_completion(&ns->disable_done);
676 	percpu_ref_exit(&ns->ref);
677 
678 	mutex_lock(&subsys->lock);
679 	subsys->nr_namespaces--;
680 	mutex_unlock(&subsys->lock);
681 
682 	down_write(&nvmet_ana_sem);
683 	nvmet_ana_group_enabled[ns->anagrpid]--;
684 	up_write(&nvmet_ana_sem);
685 
686 	kfree(ns->device_path);
687 	kfree(ns);
688 }
689 
690 struct nvmet_ns *nvmet_ns_alloc(struct nvmet_subsys *subsys, u32 nsid)
691 {
692 	struct nvmet_ns *ns;
693 
694 	mutex_lock(&subsys->lock);
695 
696 	if (subsys->nr_namespaces == NVMET_MAX_NAMESPACES)
697 		goto out_unlock;
698 
699 	ns = kzalloc(sizeof(*ns), GFP_KERNEL);
700 	if (!ns)
701 		goto out_unlock;
702 
703 	init_completion(&ns->disable_done);
704 
705 	ns->nsid = nsid;
706 	ns->subsys = subsys;
707 
708 	if (percpu_ref_init(&ns->ref, nvmet_destroy_namespace, 0, GFP_KERNEL))
709 		goto out_free;
710 
711 	if (ns->nsid > subsys->max_nsid)
712 		subsys->max_nsid = nsid;
713 
714 	if (xa_insert(&subsys->namespaces, ns->nsid, ns, GFP_KERNEL))
715 		goto out_exit;
716 
717 	subsys->nr_namespaces++;
718 
719 	mutex_unlock(&subsys->lock);
720 
721 	down_write(&nvmet_ana_sem);
722 	ns->anagrpid = NVMET_DEFAULT_ANA_GRPID;
723 	nvmet_ana_group_enabled[ns->anagrpid]++;
724 	up_write(&nvmet_ana_sem);
725 
726 	uuid_gen(&ns->uuid);
727 	ns->buffered_io = false;
728 	ns->csi = NVME_CSI_NVM;
729 
730 	return ns;
731 out_exit:
732 	subsys->max_nsid = nvmet_max_nsid(subsys);
733 	percpu_ref_exit(&ns->ref);
734 out_free:
735 	kfree(ns);
736 out_unlock:
737 	mutex_unlock(&subsys->lock);
738 	return NULL;
739 }
740 
741 static void nvmet_update_sq_head(struct nvmet_req *req)
742 {
743 	if (req->sq->size) {
744 		u32 old_sqhd, new_sqhd;
745 
746 		old_sqhd = READ_ONCE(req->sq->sqhd);
747 		do {
748 			new_sqhd = (old_sqhd + 1) % req->sq->size;
749 		} while (!try_cmpxchg(&req->sq->sqhd, &old_sqhd, new_sqhd));
750 	}
751 	req->cqe->sq_head = cpu_to_le16(req->sq->sqhd & 0x0000FFFF);
752 }
753 
754 static void nvmet_set_error(struct nvmet_req *req, u16 status)
755 {
756 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
757 	struct nvme_error_slot *new_error_slot;
758 	unsigned long flags;
759 
760 	req->cqe->status = cpu_to_le16(status << 1);
761 
762 	if (!ctrl || req->error_loc == NVMET_NO_ERROR_LOC)
763 		return;
764 
765 	spin_lock_irqsave(&ctrl->error_lock, flags);
766 	ctrl->err_counter++;
767 	new_error_slot =
768 		&ctrl->slots[ctrl->err_counter % NVMET_ERROR_LOG_SLOTS];
769 
770 	new_error_slot->error_count = cpu_to_le64(ctrl->err_counter);
771 	new_error_slot->sqid = cpu_to_le16(req->sq->qid);
772 	new_error_slot->cmdid = cpu_to_le16(req->cmd->common.command_id);
773 	new_error_slot->status_field = cpu_to_le16(status << 1);
774 	new_error_slot->param_error_location = cpu_to_le16(req->error_loc);
775 	new_error_slot->lba = cpu_to_le64(req->error_slba);
776 	new_error_slot->nsid = req->cmd->common.nsid;
777 	spin_unlock_irqrestore(&ctrl->error_lock, flags);
778 
779 	/* set the more bit for this request */
780 	req->cqe->status |= cpu_to_le16(1 << 14);
781 }
782 
783 static void __nvmet_req_complete(struct nvmet_req *req, u16 status)
784 {
785 	struct nvmet_ns *ns = req->ns;
786 	struct nvmet_pr_per_ctrl_ref *pc_ref = req->pc_ref;
787 
788 	if (!req->sq->sqhd_disabled)
789 		nvmet_update_sq_head(req);
790 	req->cqe->sq_id = cpu_to_le16(req->sq->qid);
791 	req->cqe->command_id = req->cmd->common.command_id;
792 
793 	if (unlikely(status))
794 		nvmet_set_error(req, status);
795 
796 	trace_nvmet_req_complete(req);
797 
798 	req->ops->queue_response(req);
799 
800 	if (pc_ref)
801 		nvmet_pr_put_ns_pc_ref(pc_ref);
802 	if (ns)
803 		nvmet_put_namespace(ns);
804 }
805 
806 void nvmet_req_complete(struct nvmet_req *req, u16 status)
807 {
808 	struct nvmet_sq *sq = req->sq;
809 
810 	__nvmet_req_complete(req, status);
811 	percpu_ref_put(&sq->ref);
812 }
813 EXPORT_SYMBOL_GPL(nvmet_req_complete);
814 
815 void nvmet_cq_setup(struct nvmet_ctrl *ctrl, struct nvmet_cq *cq,
816 		u16 qid, u16 size)
817 {
818 	cq->qid = qid;
819 	cq->size = size;
820 }
821 
822 void nvmet_sq_setup(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq,
823 		u16 qid, u16 size)
824 {
825 	sq->sqhd = 0;
826 	sq->qid = qid;
827 	sq->size = size;
828 
829 	ctrl->sqs[qid] = sq;
830 }
831 
832 static void nvmet_confirm_sq(struct percpu_ref *ref)
833 {
834 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
835 
836 	complete(&sq->confirm_done);
837 }
838 
839 void nvmet_sq_destroy(struct nvmet_sq *sq)
840 {
841 	struct nvmet_ctrl *ctrl = sq->ctrl;
842 
843 	/*
844 	 * If this is the admin queue, complete all AERs so that our
845 	 * queue doesn't have outstanding requests on it.
846 	 */
847 	if (ctrl && ctrl->sqs && ctrl->sqs[0] == sq)
848 		nvmet_async_events_failall(ctrl);
849 	percpu_ref_kill_and_confirm(&sq->ref, nvmet_confirm_sq);
850 	wait_for_completion(&sq->confirm_done);
851 	wait_for_completion(&sq->free_done);
852 	percpu_ref_exit(&sq->ref);
853 	nvmet_auth_sq_free(sq);
854 
855 	/*
856 	 * we must reference the ctrl again after waiting for inflight IO
857 	 * to complete. Because admin connect may have sneaked in after we
858 	 * store sq->ctrl locally, but before we killed the percpu_ref. the
859 	 * admin connect allocates and assigns sq->ctrl, which now needs a
860 	 * final ref put, as this ctrl is going away.
861 	 */
862 	ctrl = sq->ctrl;
863 
864 	if (ctrl) {
865 		/*
866 		 * The teardown flow may take some time, and the host may not
867 		 * send us keep-alive during this period, hence reset the
868 		 * traffic based keep-alive timer so we don't trigger a
869 		 * controller teardown as a result of a keep-alive expiration.
870 		 */
871 		ctrl->reset_tbkas = true;
872 		sq->ctrl->sqs[sq->qid] = NULL;
873 		nvmet_ctrl_put(ctrl);
874 		sq->ctrl = NULL; /* allows reusing the queue later */
875 	}
876 }
877 EXPORT_SYMBOL_GPL(nvmet_sq_destroy);
878 
879 static void nvmet_sq_free(struct percpu_ref *ref)
880 {
881 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
882 
883 	complete(&sq->free_done);
884 }
885 
886 int nvmet_sq_init(struct nvmet_sq *sq)
887 {
888 	int ret;
889 
890 	ret = percpu_ref_init(&sq->ref, nvmet_sq_free, 0, GFP_KERNEL);
891 	if (ret) {
892 		pr_err("percpu_ref init failed!\n");
893 		return ret;
894 	}
895 	init_completion(&sq->free_done);
896 	init_completion(&sq->confirm_done);
897 	nvmet_auth_sq_init(sq);
898 
899 	return 0;
900 }
901 EXPORT_SYMBOL_GPL(nvmet_sq_init);
902 
903 static inline u16 nvmet_check_ana_state(struct nvmet_port *port,
904 		struct nvmet_ns *ns)
905 {
906 	enum nvme_ana_state state = port->ana_state[ns->anagrpid];
907 
908 	if (unlikely(state == NVME_ANA_INACCESSIBLE))
909 		return NVME_SC_ANA_INACCESSIBLE;
910 	if (unlikely(state == NVME_ANA_PERSISTENT_LOSS))
911 		return NVME_SC_ANA_PERSISTENT_LOSS;
912 	if (unlikely(state == NVME_ANA_CHANGE))
913 		return NVME_SC_ANA_TRANSITION;
914 	return 0;
915 }
916 
917 static inline u16 nvmet_io_cmd_check_access(struct nvmet_req *req)
918 {
919 	if (unlikely(req->ns->readonly)) {
920 		switch (req->cmd->common.opcode) {
921 		case nvme_cmd_read:
922 		case nvme_cmd_flush:
923 			break;
924 		default:
925 			return NVME_SC_NS_WRITE_PROTECTED;
926 		}
927 	}
928 
929 	return 0;
930 }
931 
932 static u16 nvmet_parse_io_cmd(struct nvmet_req *req)
933 {
934 	struct nvme_command *cmd = req->cmd;
935 	u16 ret;
936 
937 	if (nvme_is_fabrics(cmd))
938 		return nvmet_parse_fabrics_io_cmd(req);
939 
940 	if (unlikely(!nvmet_check_auth_status(req)))
941 		return NVME_SC_AUTH_REQUIRED | NVME_STATUS_DNR;
942 
943 	ret = nvmet_check_ctrl_status(req);
944 	if (unlikely(ret))
945 		return ret;
946 
947 	if (nvmet_is_passthru_req(req))
948 		return nvmet_parse_passthru_io_cmd(req);
949 
950 	ret = nvmet_req_find_ns(req);
951 	if (unlikely(ret))
952 		return ret;
953 
954 	ret = nvmet_check_ana_state(req->port, req->ns);
955 	if (unlikely(ret)) {
956 		req->error_loc = offsetof(struct nvme_common_command, nsid);
957 		return ret;
958 	}
959 	ret = nvmet_io_cmd_check_access(req);
960 	if (unlikely(ret)) {
961 		req->error_loc = offsetof(struct nvme_common_command, nsid);
962 		return ret;
963 	}
964 
965 	if (req->ns->pr.enable) {
966 		ret = nvmet_parse_pr_cmd(req);
967 		if (!ret)
968 			return ret;
969 	}
970 
971 	switch (req->ns->csi) {
972 	case NVME_CSI_NVM:
973 		if (req->ns->file)
974 			ret = nvmet_file_parse_io_cmd(req);
975 		else
976 			ret = nvmet_bdev_parse_io_cmd(req);
977 		break;
978 	case NVME_CSI_ZNS:
979 		if (IS_ENABLED(CONFIG_BLK_DEV_ZONED))
980 			ret = nvmet_bdev_zns_parse_io_cmd(req);
981 		else
982 			ret = NVME_SC_INVALID_IO_CMD_SET;
983 		break;
984 	default:
985 		ret = NVME_SC_INVALID_IO_CMD_SET;
986 	}
987 	if (ret)
988 		return ret;
989 
990 	if (req->ns->pr.enable) {
991 		ret = nvmet_pr_check_cmd_access(req);
992 		if (ret)
993 			return ret;
994 
995 		ret = nvmet_pr_get_ns_pc_ref(req);
996 	}
997 	return ret;
998 }
999 
1000 bool nvmet_req_init(struct nvmet_req *req, struct nvmet_cq *cq,
1001 		struct nvmet_sq *sq, const struct nvmet_fabrics_ops *ops)
1002 {
1003 	u8 flags = req->cmd->common.flags;
1004 	u16 status;
1005 
1006 	req->cq = cq;
1007 	req->sq = sq;
1008 	req->ops = ops;
1009 	req->sg = NULL;
1010 	req->metadata_sg = NULL;
1011 	req->sg_cnt = 0;
1012 	req->metadata_sg_cnt = 0;
1013 	req->transfer_len = 0;
1014 	req->metadata_len = 0;
1015 	req->cqe->result.u64 = 0;
1016 	req->cqe->status = 0;
1017 	req->cqe->sq_head = 0;
1018 	req->ns = NULL;
1019 	req->error_loc = NVMET_NO_ERROR_LOC;
1020 	req->error_slba = 0;
1021 	req->pc_ref = NULL;
1022 
1023 	/* no support for fused commands yet */
1024 	if (unlikely(flags & (NVME_CMD_FUSE_FIRST | NVME_CMD_FUSE_SECOND))) {
1025 		req->error_loc = offsetof(struct nvme_common_command, flags);
1026 		status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR;
1027 		goto fail;
1028 	}
1029 
1030 	/*
1031 	 * For fabrics, PSDT field shall describe metadata pointer (MPTR) that
1032 	 * contains an address of a single contiguous physical buffer that is
1033 	 * byte aligned.
1034 	 */
1035 	if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF)) {
1036 		req->error_loc = offsetof(struct nvme_common_command, flags);
1037 		status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR;
1038 		goto fail;
1039 	}
1040 
1041 	if (unlikely(!req->sq->ctrl))
1042 		/* will return an error for any non-connect command: */
1043 		status = nvmet_parse_connect_cmd(req);
1044 	else if (likely(req->sq->qid != 0))
1045 		status = nvmet_parse_io_cmd(req);
1046 	else
1047 		status = nvmet_parse_admin_cmd(req);
1048 
1049 	if (status)
1050 		goto fail;
1051 
1052 	trace_nvmet_req_init(req, req->cmd);
1053 
1054 	if (unlikely(!percpu_ref_tryget_live(&sq->ref))) {
1055 		status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR;
1056 		goto fail;
1057 	}
1058 
1059 	if (sq->ctrl)
1060 		sq->ctrl->reset_tbkas = true;
1061 
1062 	return true;
1063 
1064 fail:
1065 	__nvmet_req_complete(req, status);
1066 	return false;
1067 }
1068 EXPORT_SYMBOL_GPL(nvmet_req_init);
1069 
1070 void nvmet_req_uninit(struct nvmet_req *req)
1071 {
1072 	percpu_ref_put(&req->sq->ref);
1073 	if (req->pc_ref)
1074 		nvmet_pr_put_ns_pc_ref(req->pc_ref);
1075 	if (req->ns)
1076 		nvmet_put_namespace(req->ns);
1077 }
1078 EXPORT_SYMBOL_GPL(nvmet_req_uninit);
1079 
1080 bool nvmet_check_transfer_len(struct nvmet_req *req, size_t len)
1081 {
1082 	if (unlikely(len != req->transfer_len)) {
1083 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1084 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_STATUS_DNR);
1085 		return false;
1086 	}
1087 
1088 	return true;
1089 }
1090 EXPORT_SYMBOL_GPL(nvmet_check_transfer_len);
1091 
1092 bool nvmet_check_data_len_lte(struct nvmet_req *req, size_t data_len)
1093 {
1094 	if (unlikely(data_len > req->transfer_len)) {
1095 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1096 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_STATUS_DNR);
1097 		return false;
1098 	}
1099 
1100 	return true;
1101 }
1102 
1103 static unsigned int nvmet_data_transfer_len(struct nvmet_req *req)
1104 {
1105 	return req->transfer_len - req->metadata_len;
1106 }
1107 
1108 static int nvmet_req_alloc_p2pmem_sgls(struct pci_dev *p2p_dev,
1109 		struct nvmet_req *req)
1110 {
1111 	req->sg = pci_p2pmem_alloc_sgl(p2p_dev, &req->sg_cnt,
1112 			nvmet_data_transfer_len(req));
1113 	if (!req->sg)
1114 		goto out_err;
1115 
1116 	if (req->metadata_len) {
1117 		req->metadata_sg = pci_p2pmem_alloc_sgl(p2p_dev,
1118 				&req->metadata_sg_cnt, req->metadata_len);
1119 		if (!req->metadata_sg)
1120 			goto out_free_sg;
1121 	}
1122 
1123 	req->p2p_dev = p2p_dev;
1124 
1125 	return 0;
1126 out_free_sg:
1127 	pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1128 out_err:
1129 	return -ENOMEM;
1130 }
1131 
1132 static struct pci_dev *nvmet_req_find_p2p_dev(struct nvmet_req *req)
1133 {
1134 	if (!IS_ENABLED(CONFIG_PCI_P2PDMA) ||
1135 	    !req->sq->ctrl || !req->sq->qid || !req->ns)
1136 		return NULL;
1137 	return radix_tree_lookup(&req->sq->ctrl->p2p_ns_map, req->ns->nsid);
1138 }
1139 
1140 int nvmet_req_alloc_sgls(struct nvmet_req *req)
1141 {
1142 	struct pci_dev *p2p_dev = nvmet_req_find_p2p_dev(req);
1143 
1144 	if (p2p_dev && !nvmet_req_alloc_p2pmem_sgls(p2p_dev, req))
1145 		return 0;
1146 
1147 	req->sg = sgl_alloc(nvmet_data_transfer_len(req), GFP_KERNEL,
1148 			    &req->sg_cnt);
1149 	if (unlikely(!req->sg))
1150 		goto out;
1151 
1152 	if (req->metadata_len) {
1153 		req->metadata_sg = sgl_alloc(req->metadata_len, GFP_KERNEL,
1154 					     &req->metadata_sg_cnt);
1155 		if (unlikely(!req->metadata_sg))
1156 			goto out_free;
1157 	}
1158 
1159 	return 0;
1160 out_free:
1161 	sgl_free(req->sg);
1162 out:
1163 	return -ENOMEM;
1164 }
1165 EXPORT_SYMBOL_GPL(nvmet_req_alloc_sgls);
1166 
1167 void nvmet_req_free_sgls(struct nvmet_req *req)
1168 {
1169 	if (req->p2p_dev) {
1170 		pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1171 		if (req->metadata_sg)
1172 			pci_p2pmem_free_sgl(req->p2p_dev, req->metadata_sg);
1173 		req->p2p_dev = NULL;
1174 	} else {
1175 		sgl_free(req->sg);
1176 		if (req->metadata_sg)
1177 			sgl_free(req->metadata_sg);
1178 	}
1179 
1180 	req->sg = NULL;
1181 	req->metadata_sg = NULL;
1182 	req->sg_cnt = 0;
1183 	req->metadata_sg_cnt = 0;
1184 }
1185 EXPORT_SYMBOL_GPL(nvmet_req_free_sgls);
1186 
1187 static inline bool nvmet_cc_en(u32 cc)
1188 {
1189 	return (cc >> NVME_CC_EN_SHIFT) & 0x1;
1190 }
1191 
1192 static inline u8 nvmet_cc_css(u32 cc)
1193 {
1194 	return (cc >> NVME_CC_CSS_SHIFT) & 0x7;
1195 }
1196 
1197 static inline u8 nvmet_cc_mps(u32 cc)
1198 {
1199 	return (cc >> NVME_CC_MPS_SHIFT) & 0xf;
1200 }
1201 
1202 static inline u8 nvmet_cc_ams(u32 cc)
1203 {
1204 	return (cc >> NVME_CC_AMS_SHIFT) & 0x7;
1205 }
1206 
1207 static inline u8 nvmet_cc_shn(u32 cc)
1208 {
1209 	return (cc >> NVME_CC_SHN_SHIFT) & 0x3;
1210 }
1211 
1212 static inline u8 nvmet_cc_iosqes(u32 cc)
1213 {
1214 	return (cc >> NVME_CC_IOSQES_SHIFT) & 0xf;
1215 }
1216 
1217 static inline u8 nvmet_cc_iocqes(u32 cc)
1218 {
1219 	return (cc >> NVME_CC_IOCQES_SHIFT) & 0xf;
1220 }
1221 
1222 static inline bool nvmet_css_supported(u8 cc_css)
1223 {
1224 	switch (cc_css << NVME_CC_CSS_SHIFT) {
1225 	case NVME_CC_CSS_NVM:
1226 	case NVME_CC_CSS_CSI:
1227 		return true;
1228 	default:
1229 		return false;
1230 	}
1231 }
1232 
1233 static void nvmet_start_ctrl(struct nvmet_ctrl *ctrl)
1234 {
1235 	lockdep_assert_held(&ctrl->lock);
1236 
1237 	/*
1238 	 * Only I/O controllers should verify iosqes,iocqes.
1239 	 * Strictly speaking, the spec says a discovery controller
1240 	 * should verify iosqes,iocqes are zeroed, however that
1241 	 * would break backwards compatibility, so don't enforce it.
1242 	 */
1243 	if (!nvmet_is_disc_subsys(ctrl->subsys) &&
1244 	    (nvmet_cc_iosqes(ctrl->cc) != NVME_NVM_IOSQES ||
1245 	     nvmet_cc_iocqes(ctrl->cc) != NVME_NVM_IOCQES)) {
1246 		ctrl->csts = NVME_CSTS_CFS;
1247 		return;
1248 	}
1249 
1250 	if (nvmet_cc_mps(ctrl->cc) != 0 ||
1251 	    nvmet_cc_ams(ctrl->cc) != 0 ||
1252 	    !nvmet_css_supported(nvmet_cc_css(ctrl->cc))) {
1253 		ctrl->csts = NVME_CSTS_CFS;
1254 		return;
1255 	}
1256 
1257 	ctrl->csts = NVME_CSTS_RDY;
1258 
1259 	/*
1260 	 * Controllers that are not yet enabled should not really enforce the
1261 	 * keep alive timeout, but we still want to track a timeout and cleanup
1262 	 * in case a host died before it enabled the controller.  Hence, simply
1263 	 * reset the keep alive timer when the controller is enabled.
1264 	 */
1265 	if (ctrl->kato)
1266 		mod_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
1267 }
1268 
1269 static void nvmet_clear_ctrl(struct nvmet_ctrl *ctrl)
1270 {
1271 	lockdep_assert_held(&ctrl->lock);
1272 
1273 	/* XXX: tear down queues? */
1274 	ctrl->csts &= ~NVME_CSTS_RDY;
1275 	ctrl->cc = 0;
1276 }
1277 
1278 void nvmet_update_cc(struct nvmet_ctrl *ctrl, u32 new)
1279 {
1280 	u32 old;
1281 
1282 	mutex_lock(&ctrl->lock);
1283 	old = ctrl->cc;
1284 	ctrl->cc = new;
1285 
1286 	if (nvmet_cc_en(new) && !nvmet_cc_en(old))
1287 		nvmet_start_ctrl(ctrl);
1288 	if (!nvmet_cc_en(new) && nvmet_cc_en(old))
1289 		nvmet_clear_ctrl(ctrl);
1290 	if (nvmet_cc_shn(new) && !nvmet_cc_shn(old)) {
1291 		nvmet_clear_ctrl(ctrl);
1292 		ctrl->csts |= NVME_CSTS_SHST_CMPLT;
1293 	}
1294 	if (!nvmet_cc_shn(new) && nvmet_cc_shn(old))
1295 		ctrl->csts &= ~NVME_CSTS_SHST_CMPLT;
1296 	mutex_unlock(&ctrl->lock);
1297 }
1298 
1299 static void nvmet_init_cap(struct nvmet_ctrl *ctrl)
1300 {
1301 	/* command sets supported: NVMe command set: */
1302 	ctrl->cap = (1ULL << 37);
1303 	/* Controller supports one or more I/O Command Sets */
1304 	ctrl->cap |= (1ULL << 43);
1305 	/* CC.EN timeout in 500msec units: */
1306 	ctrl->cap |= (15ULL << 24);
1307 	/* maximum queue entries supported: */
1308 	if (ctrl->ops->get_max_queue_size)
1309 		ctrl->cap |= min_t(u16, ctrl->ops->get_max_queue_size(ctrl),
1310 				   ctrl->port->max_queue_size) - 1;
1311 	else
1312 		ctrl->cap |= ctrl->port->max_queue_size - 1;
1313 
1314 	if (nvmet_is_passthru_subsys(ctrl->subsys))
1315 		nvmet_passthrough_override_cap(ctrl);
1316 }
1317 
1318 struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn,
1319 				       const char *hostnqn, u16 cntlid,
1320 				       struct nvmet_req *req)
1321 {
1322 	struct nvmet_ctrl *ctrl = NULL;
1323 	struct nvmet_subsys *subsys;
1324 
1325 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1326 	if (!subsys) {
1327 		pr_warn("connect request for invalid subsystem %s!\n",
1328 			subsysnqn);
1329 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1330 		goto out;
1331 	}
1332 
1333 	mutex_lock(&subsys->lock);
1334 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
1335 		if (ctrl->cntlid == cntlid) {
1336 			if (strncmp(hostnqn, ctrl->hostnqn, NVMF_NQN_SIZE)) {
1337 				pr_warn("hostnqn mismatch.\n");
1338 				continue;
1339 			}
1340 			if (!kref_get_unless_zero(&ctrl->ref))
1341 				continue;
1342 
1343 			/* ctrl found */
1344 			goto found;
1345 		}
1346 	}
1347 
1348 	ctrl = NULL; /* ctrl not found */
1349 	pr_warn("could not find controller %d for subsys %s / host %s\n",
1350 		cntlid, subsysnqn, hostnqn);
1351 	req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(cntlid);
1352 
1353 found:
1354 	mutex_unlock(&subsys->lock);
1355 	nvmet_subsys_put(subsys);
1356 out:
1357 	return ctrl;
1358 }
1359 
1360 u16 nvmet_check_ctrl_status(struct nvmet_req *req)
1361 {
1362 	if (unlikely(!(req->sq->ctrl->cc & NVME_CC_ENABLE))) {
1363 		pr_err("got cmd %d while CC.EN == 0 on qid = %d\n",
1364 		       req->cmd->common.opcode, req->sq->qid);
1365 		return NVME_SC_CMD_SEQ_ERROR | NVME_STATUS_DNR;
1366 	}
1367 
1368 	if (unlikely(!(req->sq->ctrl->csts & NVME_CSTS_RDY))) {
1369 		pr_err("got cmd %d while CSTS.RDY == 0 on qid = %d\n",
1370 		       req->cmd->common.opcode, req->sq->qid);
1371 		return NVME_SC_CMD_SEQ_ERROR | NVME_STATUS_DNR;
1372 	}
1373 
1374 	if (unlikely(!nvmet_check_auth_status(req))) {
1375 		pr_warn("qid %d not authenticated\n", req->sq->qid);
1376 		return NVME_SC_AUTH_REQUIRED | NVME_STATUS_DNR;
1377 	}
1378 	return 0;
1379 }
1380 
1381 bool nvmet_host_allowed(struct nvmet_subsys *subsys, const char *hostnqn)
1382 {
1383 	struct nvmet_host_link *p;
1384 
1385 	lockdep_assert_held(&nvmet_config_sem);
1386 
1387 	if (subsys->allow_any_host)
1388 		return true;
1389 
1390 	if (nvmet_is_disc_subsys(subsys)) /* allow all access to disc subsys */
1391 		return true;
1392 
1393 	list_for_each_entry(p, &subsys->hosts, entry) {
1394 		if (!strcmp(nvmet_host_name(p->host), hostnqn))
1395 			return true;
1396 	}
1397 
1398 	return false;
1399 }
1400 
1401 /*
1402  * Note: ctrl->subsys->lock should be held when calling this function
1403  */
1404 static void nvmet_setup_p2p_ns_map(struct nvmet_ctrl *ctrl,
1405 		struct nvmet_req *req)
1406 {
1407 	struct nvmet_ns *ns;
1408 	unsigned long idx;
1409 
1410 	if (!req->p2p_client)
1411 		return;
1412 
1413 	ctrl->p2p_client = get_device(req->p2p_client);
1414 
1415 	nvmet_for_each_enabled_ns(&ctrl->subsys->namespaces, idx, ns)
1416 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
1417 }
1418 
1419 /*
1420  * Note: ctrl->subsys->lock should be held when calling this function
1421  */
1422 static void nvmet_release_p2p_ns_map(struct nvmet_ctrl *ctrl)
1423 {
1424 	struct radix_tree_iter iter;
1425 	void __rcu **slot;
1426 
1427 	radix_tree_for_each_slot(slot, &ctrl->p2p_ns_map, &iter, 0)
1428 		pci_dev_put(radix_tree_deref_slot(slot));
1429 
1430 	put_device(ctrl->p2p_client);
1431 }
1432 
1433 static void nvmet_fatal_error_handler(struct work_struct *work)
1434 {
1435 	struct nvmet_ctrl *ctrl =
1436 			container_of(work, struct nvmet_ctrl, fatal_err_work);
1437 
1438 	pr_err("ctrl %d fatal error occurred!\n", ctrl->cntlid);
1439 	ctrl->ops->delete_ctrl(ctrl);
1440 }
1441 
1442 u16 nvmet_alloc_ctrl(const char *subsysnqn, const char *hostnqn,
1443 		struct nvmet_req *req, u32 kato, struct nvmet_ctrl **ctrlp,
1444 		uuid_t *hostid)
1445 {
1446 	struct nvmet_subsys *subsys;
1447 	struct nvmet_ctrl *ctrl;
1448 	int ret;
1449 	u16 status;
1450 
1451 	status = NVME_SC_CONNECT_INVALID_PARAM | NVME_STATUS_DNR;
1452 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1453 	if (!subsys) {
1454 		pr_warn("connect request for invalid subsystem %s!\n",
1455 			subsysnqn);
1456 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1457 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1458 		goto out;
1459 	}
1460 
1461 	down_read(&nvmet_config_sem);
1462 	if (!nvmet_host_allowed(subsys, hostnqn)) {
1463 		pr_info("connect by host %s for subsystem %s not allowed\n",
1464 			hostnqn, subsysnqn);
1465 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(hostnqn);
1466 		up_read(&nvmet_config_sem);
1467 		status = NVME_SC_CONNECT_INVALID_HOST | NVME_STATUS_DNR;
1468 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1469 		goto out_put_subsystem;
1470 	}
1471 	up_read(&nvmet_config_sem);
1472 
1473 	status = NVME_SC_INTERNAL;
1474 	ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
1475 	if (!ctrl)
1476 		goto out_put_subsystem;
1477 	mutex_init(&ctrl->lock);
1478 
1479 	ctrl->port = req->port;
1480 	ctrl->ops = req->ops;
1481 
1482 #ifdef CONFIG_NVME_TARGET_PASSTHRU
1483 	/* By default, set loop targets to clear IDS by default */
1484 	if (ctrl->port->disc_addr.trtype == NVMF_TRTYPE_LOOP)
1485 		subsys->clear_ids = 1;
1486 #endif
1487 
1488 	INIT_WORK(&ctrl->async_event_work, nvmet_async_event_work);
1489 	INIT_LIST_HEAD(&ctrl->async_events);
1490 	INIT_RADIX_TREE(&ctrl->p2p_ns_map, GFP_KERNEL);
1491 	INIT_WORK(&ctrl->fatal_err_work, nvmet_fatal_error_handler);
1492 	INIT_DELAYED_WORK(&ctrl->ka_work, nvmet_keep_alive_timer);
1493 
1494 	memcpy(ctrl->subsysnqn, subsysnqn, NVMF_NQN_SIZE);
1495 	memcpy(ctrl->hostnqn, hostnqn, NVMF_NQN_SIZE);
1496 
1497 	kref_init(&ctrl->ref);
1498 	ctrl->subsys = subsys;
1499 	ctrl->pi_support = ctrl->port->pi_enable && ctrl->subsys->pi_support;
1500 	nvmet_init_cap(ctrl);
1501 	WRITE_ONCE(ctrl->aen_enabled, NVMET_AEN_CFG_OPTIONAL);
1502 
1503 	ctrl->changed_ns_list = kmalloc_array(NVME_MAX_CHANGED_NAMESPACES,
1504 			sizeof(__le32), GFP_KERNEL);
1505 	if (!ctrl->changed_ns_list)
1506 		goto out_free_ctrl;
1507 
1508 	ctrl->sqs = kcalloc(subsys->max_qid + 1,
1509 			sizeof(struct nvmet_sq *),
1510 			GFP_KERNEL);
1511 	if (!ctrl->sqs)
1512 		goto out_free_changed_ns_list;
1513 
1514 	ret = ida_alloc_range(&cntlid_ida,
1515 			     subsys->cntlid_min, subsys->cntlid_max,
1516 			     GFP_KERNEL);
1517 	if (ret < 0) {
1518 		status = NVME_SC_CONNECT_CTRL_BUSY | NVME_STATUS_DNR;
1519 		goto out_free_sqs;
1520 	}
1521 	ctrl->cntlid = ret;
1522 
1523 	uuid_copy(&ctrl->hostid, hostid);
1524 
1525 	/*
1526 	 * Discovery controllers may use some arbitrary high value
1527 	 * in order to cleanup stale discovery sessions
1528 	 */
1529 	if (nvmet_is_disc_subsys(ctrl->subsys) && !kato)
1530 		kato = NVMET_DISC_KATO_MS;
1531 
1532 	/* keep-alive timeout in seconds */
1533 	ctrl->kato = DIV_ROUND_UP(kato, 1000);
1534 
1535 	ctrl->err_counter = 0;
1536 	spin_lock_init(&ctrl->error_lock);
1537 
1538 	nvmet_start_keep_alive_timer(ctrl);
1539 
1540 	mutex_lock(&subsys->lock);
1541 	ret = nvmet_ctrl_init_pr(ctrl);
1542 	if (ret)
1543 		goto init_pr_fail;
1544 	list_add_tail(&ctrl->subsys_entry, &subsys->ctrls);
1545 	nvmet_setup_p2p_ns_map(ctrl, req);
1546 	nvmet_debugfs_ctrl_setup(ctrl);
1547 	mutex_unlock(&subsys->lock);
1548 
1549 	*ctrlp = ctrl;
1550 	return 0;
1551 
1552 init_pr_fail:
1553 	mutex_unlock(&subsys->lock);
1554 	nvmet_stop_keep_alive_timer(ctrl);
1555 	ida_free(&cntlid_ida, ctrl->cntlid);
1556 out_free_sqs:
1557 	kfree(ctrl->sqs);
1558 out_free_changed_ns_list:
1559 	kfree(ctrl->changed_ns_list);
1560 out_free_ctrl:
1561 	kfree(ctrl);
1562 out_put_subsystem:
1563 	nvmet_subsys_put(subsys);
1564 out:
1565 	return status;
1566 }
1567 
1568 static void nvmet_ctrl_free(struct kref *ref)
1569 {
1570 	struct nvmet_ctrl *ctrl = container_of(ref, struct nvmet_ctrl, ref);
1571 	struct nvmet_subsys *subsys = ctrl->subsys;
1572 
1573 	mutex_lock(&subsys->lock);
1574 	nvmet_ctrl_destroy_pr(ctrl);
1575 	nvmet_release_p2p_ns_map(ctrl);
1576 	list_del(&ctrl->subsys_entry);
1577 	mutex_unlock(&subsys->lock);
1578 
1579 	nvmet_stop_keep_alive_timer(ctrl);
1580 
1581 	flush_work(&ctrl->async_event_work);
1582 	cancel_work_sync(&ctrl->fatal_err_work);
1583 
1584 	nvmet_destroy_auth(ctrl);
1585 
1586 	nvmet_debugfs_ctrl_free(ctrl);
1587 
1588 	ida_free(&cntlid_ida, ctrl->cntlid);
1589 
1590 	nvmet_async_events_free(ctrl);
1591 	kfree(ctrl->sqs);
1592 	kfree(ctrl->changed_ns_list);
1593 	kfree(ctrl);
1594 
1595 	nvmet_subsys_put(subsys);
1596 }
1597 
1598 void nvmet_ctrl_put(struct nvmet_ctrl *ctrl)
1599 {
1600 	kref_put(&ctrl->ref, nvmet_ctrl_free);
1601 }
1602 
1603 void nvmet_ctrl_fatal_error(struct nvmet_ctrl *ctrl)
1604 {
1605 	mutex_lock(&ctrl->lock);
1606 	if (!(ctrl->csts & NVME_CSTS_CFS)) {
1607 		ctrl->csts |= NVME_CSTS_CFS;
1608 		queue_work(nvmet_wq, &ctrl->fatal_err_work);
1609 	}
1610 	mutex_unlock(&ctrl->lock);
1611 }
1612 EXPORT_SYMBOL_GPL(nvmet_ctrl_fatal_error);
1613 
1614 ssize_t nvmet_ctrl_host_traddr(struct nvmet_ctrl *ctrl,
1615 		char *traddr, size_t traddr_len)
1616 {
1617 	if (!ctrl->ops->host_traddr)
1618 		return -EOPNOTSUPP;
1619 	return ctrl->ops->host_traddr(ctrl, traddr, traddr_len);
1620 }
1621 
1622 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
1623 		const char *subsysnqn)
1624 {
1625 	struct nvmet_subsys_link *p;
1626 
1627 	if (!port)
1628 		return NULL;
1629 
1630 	if (!strcmp(NVME_DISC_SUBSYS_NAME, subsysnqn)) {
1631 		if (!kref_get_unless_zero(&nvmet_disc_subsys->ref))
1632 			return NULL;
1633 		return nvmet_disc_subsys;
1634 	}
1635 
1636 	down_read(&nvmet_config_sem);
1637 	if (!strncmp(nvmet_disc_subsys->subsysnqn, subsysnqn,
1638 				NVMF_NQN_SIZE)) {
1639 		if (kref_get_unless_zero(&nvmet_disc_subsys->ref)) {
1640 			up_read(&nvmet_config_sem);
1641 			return nvmet_disc_subsys;
1642 		}
1643 	}
1644 	list_for_each_entry(p, &port->subsystems, entry) {
1645 		if (!strncmp(p->subsys->subsysnqn, subsysnqn,
1646 				NVMF_NQN_SIZE)) {
1647 			if (!kref_get_unless_zero(&p->subsys->ref))
1648 				break;
1649 			up_read(&nvmet_config_sem);
1650 			return p->subsys;
1651 		}
1652 	}
1653 	up_read(&nvmet_config_sem);
1654 	return NULL;
1655 }
1656 
1657 struct nvmet_subsys *nvmet_subsys_alloc(const char *subsysnqn,
1658 		enum nvme_subsys_type type)
1659 {
1660 	struct nvmet_subsys *subsys;
1661 	char serial[NVMET_SN_MAX_SIZE / 2];
1662 	int ret;
1663 
1664 	subsys = kzalloc(sizeof(*subsys), GFP_KERNEL);
1665 	if (!subsys)
1666 		return ERR_PTR(-ENOMEM);
1667 
1668 	subsys->ver = NVMET_DEFAULT_VS;
1669 	/* generate a random serial number as our controllers are ephemeral: */
1670 	get_random_bytes(&serial, sizeof(serial));
1671 	bin2hex(subsys->serial, &serial, sizeof(serial));
1672 
1673 	subsys->model_number = kstrdup(NVMET_DEFAULT_CTRL_MODEL, GFP_KERNEL);
1674 	if (!subsys->model_number) {
1675 		ret = -ENOMEM;
1676 		goto free_subsys;
1677 	}
1678 
1679 	subsys->ieee_oui = 0;
1680 
1681 	subsys->firmware_rev = kstrndup(UTS_RELEASE, NVMET_FR_MAX_SIZE, GFP_KERNEL);
1682 	if (!subsys->firmware_rev) {
1683 		ret = -ENOMEM;
1684 		goto free_mn;
1685 	}
1686 
1687 	switch (type) {
1688 	case NVME_NQN_NVME:
1689 		subsys->max_qid = NVMET_NR_QUEUES;
1690 		break;
1691 	case NVME_NQN_DISC:
1692 	case NVME_NQN_CURR:
1693 		subsys->max_qid = 0;
1694 		break;
1695 	default:
1696 		pr_err("%s: Unknown Subsystem type - %d\n", __func__, type);
1697 		ret = -EINVAL;
1698 		goto free_fr;
1699 	}
1700 	subsys->type = type;
1701 	subsys->subsysnqn = kstrndup(subsysnqn, NVMF_NQN_SIZE,
1702 			GFP_KERNEL);
1703 	if (!subsys->subsysnqn) {
1704 		ret = -ENOMEM;
1705 		goto free_fr;
1706 	}
1707 	subsys->cntlid_min = NVME_CNTLID_MIN;
1708 	subsys->cntlid_max = NVME_CNTLID_MAX;
1709 	kref_init(&subsys->ref);
1710 
1711 	mutex_init(&subsys->lock);
1712 	xa_init(&subsys->namespaces);
1713 	INIT_LIST_HEAD(&subsys->ctrls);
1714 	INIT_LIST_HEAD(&subsys->hosts);
1715 
1716 	ret = nvmet_debugfs_subsys_setup(subsys);
1717 	if (ret)
1718 		goto free_subsysnqn;
1719 
1720 	return subsys;
1721 
1722 free_subsysnqn:
1723 	kfree(subsys->subsysnqn);
1724 free_fr:
1725 	kfree(subsys->firmware_rev);
1726 free_mn:
1727 	kfree(subsys->model_number);
1728 free_subsys:
1729 	kfree(subsys);
1730 	return ERR_PTR(ret);
1731 }
1732 
1733 static void nvmet_subsys_free(struct kref *ref)
1734 {
1735 	struct nvmet_subsys *subsys =
1736 		container_of(ref, struct nvmet_subsys, ref);
1737 
1738 	WARN_ON_ONCE(!xa_empty(&subsys->namespaces));
1739 
1740 	nvmet_debugfs_subsys_free(subsys);
1741 
1742 	xa_destroy(&subsys->namespaces);
1743 	nvmet_passthru_subsys_free(subsys);
1744 
1745 	kfree(subsys->subsysnqn);
1746 	kfree(subsys->model_number);
1747 	kfree(subsys->firmware_rev);
1748 	kfree(subsys);
1749 }
1750 
1751 void nvmet_subsys_del_ctrls(struct nvmet_subsys *subsys)
1752 {
1753 	struct nvmet_ctrl *ctrl;
1754 
1755 	mutex_lock(&subsys->lock);
1756 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
1757 		ctrl->ops->delete_ctrl(ctrl);
1758 	mutex_unlock(&subsys->lock);
1759 }
1760 
1761 void nvmet_subsys_put(struct nvmet_subsys *subsys)
1762 {
1763 	kref_put(&subsys->ref, nvmet_subsys_free);
1764 }
1765 
1766 static int __init nvmet_init(void)
1767 {
1768 	int error = -ENOMEM;
1769 
1770 	nvmet_ana_group_enabled[NVMET_DEFAULT_ANA_GRPID] = 1;
1771 
1772 	nvmet_bvec_cache = kmem_cache_create("nvmet-bvec",
1773 			NVMET_MAX_MPOOL_BVEC * sizeof(struct bio_vec), 0,
1774 			SLAB_HWCACHE_ALIGN, NULL);
1775 	if (!nvmet_bvec_cache)
1776 		return -ENOMEM;
1777 
1778 	zbd_wq = alloc_workqueue("nvmet-zbd-wq", WQ_MEM_RECLAIM, 0);
1779 	if (!zbd_wq)
1780 		goto out_destroy_bvec_cache;
1781 
1782 	buffered_io_wq = alloc_workqueue("nvmet-buffered-io-wq",
1783 			WQ_MEM_RECLAIM, 0);
1784 	if (!buffered_io_wq)
1785 		goto out_free_zbd_work_queue;
1786 
1787 	nvmet_wq = alloc_workqueue("nvmet-wq",
1788 			WQ_MEM_RECLAIM | WQ_UNBOUND | WQ_SYSFS, 0);
1789 	if (!nvmet_wq)
1790 		goto out_free_buffered_work_queue;
1791 
1792 	error = nvmet_init_discovery();
1793 	if (error)
1794 		goto out_free_nvmet_work_queue;
1795 
1796 	error = nvmet_init_debugfs();
1797 	if (error)
1798 		goto out_exit_discovery;
1799 
1800 	error = nvmet_init_configfs();
1801 	if (error)
1802 		goto out_exit_debugfs;
1803 
1804 	return 0;
1805 
1806 out_exit_debugfs:
1807 	nvmet_exit_debugfs();
1808 out_exit_discovery:
1809 	nvmet_exit_discovery();
1810 out_free_nvmet_work_queue:
1811 	destroy_workqueue(nvmet_wq);
1812 out_free_buffered_work_queue:
1813 	destroy_workqueue(buffered_io_wq);
1814 out_free_zbd_work_queue:
1815 	destroy_workqueue(zbd_wq);
1816 out_destroy_bvec_cache:
1817 	kmem_cache_destroy(nvmet_bvec_cache);
1818 	return error;
1819 }
1820 
1821 static void __exit nvmet_exit(void)
1822 {
1823 	nvmet_exit_configfs();
1824 	nvmet_exit_debugfs();
1825 	nvmet_exit_discovery();
1826 	ida_destroy(&cntlid_ida);
1827 	destroy_workqueue(nvmet_wq);
1828 	destroy_workqueue(buffered_io_wq);
1829 	destroy_workqueue(zbd_wq);
1830 	kmem_cache_destroy(nvmet_bvec_cache);
1831 
1832 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_entry) != 1024);
1833 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_hdr) != 1024);
1834 }
1835 
1836 module_init(nvmet_init);
1837 module_exit(nvmet_exit);
1838 
1839 MODULE_DESCRIPTION("NVMe target core framework");
1840 MODULE_LICENSE("GPL v2");
1841