xref: /linux/drivers/nvme/target/core.c (revision 6015fb905d89063231ed33bc15be19ef0fc339b8)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Common code for the NVMe target.
4  * Copyright (c) 2015-2016 HGST, a Western Digital Company.
5  */
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7 #include <linux/module.h>
8 #include <linux/random.h>
9 #include <linux/rculist.h>
10 #include <linux/pci-p2pdma.h>
11 #include <linux/scatterlist.h>
12 
13 #define CREATE_TRACE_POINTS
14 #include "trace.h"
15 
16 #include "nvmet.h"
17 
18 struct workqueue_struct *buffered_io_wq;
19 struct workqueue_struct *zbd_wq;
20 static const struct nvmet_fabrics_ops *nvmet_transports[NVMF_TRTYPE_MAX];
21 static DEFINE_IDA(cntlid_ida);
22 
23 /*
24  * This read/write semaphore is used to synchronize access to configuration
25  * information on a target system that will result in discovery log page
26  * information change for at least one host.
27  * The full list of resources to protected by this semaphore is:
28  *
29  *  - subsystems list
30  *  - per-subsystem allowed hosts list
31  *  - allow_any_host subsystem attribute
32  *  - nvmet_genctr
33  *  - the nvmet_transports array
34  *
35  * When updating any of those lists/structures write lock should be obtained,
36  * while when reading (popolating discovery log page or checking host-subsystem
37  * link) read lock is obtained to allow concurrent reads.
38  */
39 DECLARE_RWSEM(nvmet_config_sem);
40 
41 u32 nvmet_ana_group_enabled[NVMET_MAX_ANAGRPS + 1];
42 u64 nvmet_ana_chgcnt;
43 DECLARE_RWSEM(nvmet_ana_sem);
44 
45 inline u16 errno_to_nvme_status(struct nvmet_req *req, int errno)
46 {
47 	switch (errno) {
48 	case 0:
49 		return NVME_SC_SUCCESS;
50 	case -ENOSPC:
51 		req->error_loc = offsetof(struct nvme_rw_command, length);
52 		return NVME_SC_CAP_EXCEEDED | NVME_SC_DNR;
53 	case -EREMOTEIO:
54 		req->error_loc = offsetof(struct nvme_rw_command, slba);
55 		return  NVME_SC_LBA_RANGE | NVME_SC_DNR;
56 	case -EOPNOTSUPP:
57 		req->error_loc = offsetof(struct nvme_common_command, opcode);
58 		switch (req->cmd->common.opcode) {
59 		case nvme_cmd_dsm:
60 		case nvme_cmd_write_zeroes:
61 			return NVME_SC_ONCS_NOT_SUPPORTED | NVME_SC_DNR;
62 		default:
63 			return NVME_SC_INVALID_OPCODE | NVME_SC_DNR;
64 		}
65 		break;
66 	case -ENODATA:
67 		req->error_loc = offsetof(struct nvme_rw_command, nsid);
68 		return NVME_SC_ACCESS_DENIED;
69 	case -EIO:
70 		fallthrough;
71 	default:
72 		req->error_loc = offsetof(struct nvme_common_command, opcode);
73 		return NVME_SC_INTERNAL | NVME_SC_DNR;
74 	}
75 }
76 
77 u16 nvmet_report_invalid_opcode(struct nvmet_req *req)
78 {
79 	pr_debug("unhandled cmd %d on qid %d\n", req->cmd->common.opcode,
80 		 req->sq->qid);
81 
82 	req->error_loc = offsetof(struct nvme_common_command, opcode);
83 	return NVME_SC_INVALID_OPCODE | NVME_SC_DNR;
84 }
85 
86 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
87 		const char *subsysnqn);
88 
89 u16 nvmet_copy_to_sgl(struct nvmet_req *req, off_t off, const void *buf,
90 		size_t len)
91 {
92 	if (sg_pcopy_from_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
93 		req->error_loc = offsetof(struct nvme_common_command, dptr);
94 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
95 	}
96 	return 0;
97 }
98 
99 u16 nvmet_copy_from_sgl(struct nvmet_req *req, off_t off, void *buf, size_t len)
100 {
101 	if (sg_pcopy_to_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
102 		req->error_loc = offsetof(struct nvme_common_command, dptr);
103 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
104 	}
105 	return 0;
106 }
107 
108 u16 nvmet_zero_sgl(struct nvmet_req *req, off_t off, size_t len)
109 {
110 	if (sg_zero_buffer(req->sg, req->sg_cnt, len, off) != len) {
111 		req->error_loc = offsetof(struct nvme_common_command, dptr);
112 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
113 	}
114 	return 0;
115 }
116 
117 static u32 nvmet_max_nsid(struct nvmet_subsys *subsys)
118 {
119 	struct nvmet_ns *cur;
120 	unsigned long idx;
121 	u32 nsid = 0;
122 
123 	xa_for_each(&subsys->namespaces, idx, cur)
124 		nsid = cur->nsid;
125 
126 	return nsid;
127 }
128 
129 static u32 nvmet_async_event_result(struct nvmet_async_event *aen)
130 {
131 	return aen->event_type | (aen->event_info << 8) | (aen->log_page << 16);
132 }
133 
134 static void nvmet_async_events_failall(struct nvmet_ctrl *ctrl)
135 {
136 	struct nvmet_req *req;
137 
138 	mutex_lock(&ctrl->lock);
139 	while (ctrl->nr_async_event_cmds) {
140 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
141 		mutex_unlock(&ctrl->lock);
142 		nvmet_req_complete(req, NVME_SC_INTERNAL | NVME_SC_DNR);
143 		mutex_lock(&ctrl->lock);
144 	}
145 	mutex_unlock(&ctrl->lock);
146 }
147 
148 static void nvmet_async_events_process(struct nvmet_ctrl *ctrl)
149 {
150 	struct nvmet_async_event *aen;
151 	struct nvmet_req *req;
152 
153 	mutex_lock(&ctrl->lock);
154 	while (ctrl->nr_async_event_cmds && !list_empty(&ctrl->async_events)) {
155 		aen = list_first_entry(&ctrl->async_events,
156 				       struct nvmet_async_event, entry);
157 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
158 		nvmet_set_result(req, nvmet_async_event_result(aen));
159 
160 		list_del(&aen->entry);
161 		kfree(aen);
162 
163 		mutex_unlock(&ctrl->lock);
164 		trace_nvmet_async_event(ctrl, req->cqe->result.u32);
165 		nvmet_req_complete(req, 0);
166 		mutex_lock(&ctrl->lock);
167 	}
168 	mutex_unlock(&ctrl->lock);
169 }
170 
171 static void nvmet_async_events_free(struct nvmet_ctrl *ctrl)
172 {
173 	struct nvmet_async_event *aen, *tmp;
174 
175 	mutex_lock(&ctrl->lock);
176 	list_for_each_entry_safe(aen, tmp, &ctrl->async_events, entry) {
177 		list_del(&aen->entry);
178 		kfree(aen);
179 	}
180 	mutex_unlock(&ctrl->lock);
181 }
182 
183 static void nvmet_async_event_work(struct work_struct *work)
184 {
185 	struct nvmet_ctrl *ctrl =
186 		container_of(work, struct nvmet_ctrl, async_event_work);
187 
188 	nvmet_async_events_process(ctrl);
189 }
190 
191 void nvmet_add_async_event(struct nvmet_ctrl *ctrl, u8 event_type,
192 		u8 event_info, u8 log_page)
193 {
194 	struct nvmet_async_event *aen;
195 
196 	aen = kmalloc(sizeof(*aen), GFP_KERNEL);
197 	if (!aen)
198 		return;
199 
200 	aen->event_type = event_type;
201 	aen->event_info = event_info;
202 	aen->log_page = log_page;
203 
204 	mutex_lock(&ctrl->lock);
205 	list_add_tail(&aen->entry, &ctrl->async_events);
206 	mutex_unlock(&ctrl->lock);
207 
208 	schedule_work(&ctrl->async_event_work);
209 }
210 
211 static void nvmet_add_to_changed_ns_log(struct nvmet_ctrl *ctrl, __le32 nsid)
212 {
213 	u32 i;
214 
215 	mutex_lock(&ctrl->lock);
216 	if (ctrl->nr_changed_ns > NVME_MAX_CHANGED_NAMESPACES)
217 		goto out_unlock;
218 
219 	for (i = 0; i < ctrl->nr_changed_ns; i++) {
220 		if (ctrl->changed_ns_list[i] == nsid)
221 			goto out_unlock;
222 	}
223 
224 	if (ctrl->nr_changed_ns == NVME_MAX_CHANGED_NAMESPACES) {
225 		ctrl->changed_ns_list[0] = cpu_to_le32(0xffffffff);
226 		ctrl->nr_changed_ns = U32_MAX;
227 		goto out_unlock;
228 	}
229 
230 	ctrl->changed_ns_list[ctrl->nr_changed_ns++] = nsid;
231 out_unlock:
232 	mutex_unlock(&ctrl->lock);
233 }
234 
235 void nvmet_ns_changed(struct nvmet_subsys *subsys, u32 nsid)
236 {
237 	struct nvmet_ctrl *ctrl;
238 
239 	lockdep_assert_held(&subsys->lock);
240 
241 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
242 		nvmet_add_to_changed_ns_log(ctrl, cpu_to_le32(nsid));
243 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_NS_ATTR))
244 			continue;
245 		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE,
246 				NVME_AER_NOTICE_NS_CHANGED,
247 				NVME_LOG_CHANGED_NS);
248 	}
249 }
250 
251 void nvmet_send_ana_event(struct nvmet_subsys *subsys,
252 		struct nvmet_port *port)
253 {
254 	struct nvmet_ctrl *ctrl;
255 
256 	mutex_lock(&subsys->lock);
257 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
258 		if (port && ctrl->port != port)
259 			continue;
260 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_ANA_CHANGE))
261 			continue;
262 		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE,
263 				NVME_AER_NOTICE_ANA, NVME_LOG_ANA);
264 	}
265 	mutex_unlock(&subsys->lock);
266 }
267 
268 void nvmet_port_send_ana_event(struct nvmet_port *port)
269 {
270 	struct nvmet_subsys_link *p;
271 
272 	down_read(&nvmet_config_sem);
273 	list_for_each_entry(p, &port->subsystems, entry)
274 		nvmet_send_ana_event(p->subsys, port);
275 	up_read(&nvmet_config_sem);
276 }
277 
278 int nvmet_register_transport(const struct nvmet_fabrics_ops *ops)
279 {
280 	int ret = 0;
281 
282 	down_write(&nvmet_config_sem);
283 	if (nvmet_transports[ops->type])
284 		ret = -EINVAL;
285 	else
286 		nvmet_transports[ops->type] = ops;
287 	up_write(&nvmet_config_sem);
288 
289 	return ret;
290 }
291 EXPORT_SYMBOL_GPL(nvmet_register_transport);
292 
293 void nvmet_unregister_transport(const struct nvmet_fabrics_ops *ops)
294 {
295 	down_write(&nvmet_config_sem);
296 	nvmet_transports[ops->type] = NULL;
297 	up_write(&nvmet_config_sem);
298 }
299 EXPORT_SYMBOL_GPL(nvmet_unregister_transport);
300 
301 void nvmet_port_del_ctrls(struct nvmet_port *port, struct nvmet_subsys *subsys)
302 {
303 	struct nvmet_ctrl *ctrl;
304 
305 	mutex_lock(&subsys->lock);
306 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
307 		if (ctrl->port == port)
308 			ctrl->ops->delete_ctrl(ctrl);
309 	}
310 	mutex_unlock(&subsys->lock);
311 }
312 
313 int nvmet_enable_port(struct nvmet_port *port)
314 {
315 	const struct nvmet_fabrics_ops *ops;
316 	int ret;
317 
318 	lockdep_assert_held(&nvmet_config_sem);
319 
320 	ops = nvmet_transports[port->disc_addr.trtype];
321 	if (!ops) {
322 		up_write(&nvmet_config_sem);
323 		request_module("nvmet-transport-%d", port->disc_addr.trtype);
324 		down_write(&nvmet_config_sem);
325 		ops = nvmet_transports[port->disc_addr.trtype];
326 		if (!ops) {
327 			pr_err("transport type %d not supported\n",
328 				port->disc_addr.trtype);
329 			return -EINVAL;
330 		}
331 	}
332 
333 	if (!try_module_get(ops->owner))
334 		return -EINVAL;
335 
336 	/*
337 	 * If the user requested PI support and the transport isn't pi capable,
338 	 * don't enable the port.
339 	 */
340 	if (port->pi_enable && !(ops->flags & NVMF_METADATA_SUPPORTED)) {
341 		pr_err("T10-PI is not supported by transport type %d\n",
342 		       port->disc_addr.trtype);
343 		ret = -EINVAL;
344 		goto out_put;
345 	}
346 
347 	ret = ops->add_port(port);
348 	if (ret)
349 		goto out_put;
350 
351 	/* If the transport didn't set inline_data_size, then disable it. */
352 	if (port->inline_data_size < 0)
353 		port->inline_data_size = 0;
354 
355 	port->enabled = true;
356 	port->tr_ops = ops;
357 	return 0;
358 
359 out_put:
360 	module_put(ops->owner);
361 	return ret;
362 }
363 
364 void nvmet_disable_port(struct nvmet_port *port)
365 {
366 	const struct nvmet_fabrics_ops *ops;
367 
368 	lockdep_assert_held(&nvmet_config_sem);
369 
370 	port->enabled = false;
371 	port->tr_ops = NULL;
372 
373 	ops = nvmet_transports[port->disc_addr.trtype];
374 	ops->remove_port(port);
375 	module_put(ops->owner);
376 }
377 
378 static void nvmet_keep_alive_timer(struct work_struct *work)
379 {
380 	struct nvmet_ctrl *ctrl = container_of(to_delayed_work(work),
381 			struct nvmet_ctrl, ka_work);
382 	bool reset_tbkas = ctrl->reset_tbkas;
383 
384 	ctrl->reset_tbkas = false;
385 	if (reset_tbkas) {
386 		pr_debug("ctrl %d reschedule traffic based keep-alive timer\n",
387 			ctrl->cntlid);
388 		schedule_delayed_work(&ctrl->ka_work, ctrl->kato * HZ);
389 		return;
390 	}
391 
392 	pr_err("ctrl %d keep-alive timer (%d seconds) expired!\n",
393 		ctrl->cntlid, ctrl->kato);
394 
395 	nvmet_ctrl_fatal_error(ctrl);
396 }
397 
398 void nvmet_start_keep_alive_timer(struct nvmet_ctrl *ctrl)
399 {
400 	if (unlikely(ctrl->kato == 0))
401 		return;
402 
403 	pr_debug("ctrl %d start keep-alive timer for %d secs\n",
404 		ctrl->cntlid, ctrl->kato);
405 
406 	schedule_delayed_work(&ctrl->ka_work, ctrl->kato * HZ);
407 }
408 
409 void nvmet_stop_keep_alive_timer(struct nvmet_ctrl *ctrl)
410 {
411 	if (unlikely(ctrl->kato == 0))
412 		return;
413 
414 	pr_debug("ctrl %d stop keep-alive\n", ctrl->cntlid);
415 
416 	cancel_delayed_work_sync(&ctrl->ka_work);
417 }
418 
419 u16 nvmet_req_find_ns(struct nvmet_req *req)
420 {
421 	u32 nsid = le32_to_cpu(req->cmd->common.nsid);
422 
423 	req->ns = xa_load(&nvmet_req_subsys(req)->namespaces, nsid);
424 	if (unlikely(!req->ns)) {
425 		req->error_loc = offsetof(struct nvme_common_command, nsid);
426 		return NVME_SC_INVALID_NS | NVME_SC_DNR;
427 	}
428 
429 	percpu_ref_get(&req->ns->ref);
430 	return NVME_SC_SUCCESS;
431 }
432 
433 static void nvmet_destroy_namespace(struct percpu_ref *ref)
434 {
435 	struct nvmet_ns *ns = container_of(ref, struct nvmet_ns, ref);
436 
437 	complete(&ns->disable_done);
438 }
439 
440 void nvmet_put_namespace(struct nvmet_ns *ns)
441 {
442 	percpu_ref_put(&ns->ref);
443 }
444 
445 static void nvmet_ns_dev_disable(struct nvmet_ns *ns)
446 {
447 	nvmet_bdev_ns_disable(ns);
448 	nvmet_file_ns_disable(ns);
449 }
450 
451 static int nvmet_p2pmem_ns_enable(struct nvmet_ns *ns)
452 {
453 	int ret;
454 	struct pci_dev *p2p_dev;
455 
456 	if (!ns->use_p2pmem)
457 		return 0;
458 
459 	if (!ns->bdev) {
460 		pr_err("peer-to-peer DMA is not supported by non-block device namespaces\n");
461 		return -EINVAL;
462 	}
463 
464 	if (!blk_queue_pci_p2pdma(ns->bdev->bd_disk->queue)) {
465 		pr_err("peer-to-peer DMA is not supported by the driver of %s\n",
466 		       ns->device_path);
467 		return -EINVAL;
468 	}
469 
470 	if (ns->p2p_dev) {
471 		ret = pci_p2pdma_distance(ns->p2p_dev, nvmet_ns_dev(ns), true);
472 		if (ret < 0)
473 			return -EINVAL;
474 	} else {
475 		/*
476 		 * Right now we just check that there is p2pmem available so
477 		 * we can report an error to the user right away if there
478 		 * is not. We'll find the actual device to use once we
479 		 * setup the controller when the port's device is available.
480 		 */
481 
482 		p2p_dev = pci_p2pmem_find(nvmet_ns_dev(ns));
483 		if (!p2p_dev) {
484 			pr_err("no peer-to-peer memory is available for %s\n",
485 			       ns->device_path);
486 			return -EINVAL;
487 		}
488 
489 		pci_dev_put(p2p_dev);
490 	}
491 
492 	return 0;
493 }
494 
495 /*
496  * Note: ctrl->subsys->lock should be held when calling this function
497  */
498 static void nvmet_p2pmem_ns_add_p2p(struct nvmet_ctrl *ctrl,
499 				    struct nvmet_ns *ns)
500 {
501 	struct device *clients[2];
502 	struct pci_dev *p2p_dev;
503 	int ret;
504 
505 	if (!ctrl->p2p_client || !ns->use_p2pmem)
506 		return;
507 
508 	if (ns->p2p_dev) {
509 		ret = pci_p2pdma_distance(ns->p2p_dev, ctrl->p2p_client, true);
510 		if (ret < 0)
511 			return;
512 
513 		p2p_dev = pci_dev_get(ns->p2p_dev);
514 	} else {
515 		clients[0] = ctrl->p2p_client;
516 		clients[1] = nvmet_ns_dev(ns);
517 
518 		p2p_dev = pci_p2pmem_find_many(clients, ARRAY_SIZE(clients));
519 		if (!p2p_dev) {
520 			pr_err("no peer-to-peer memory is available that's supported by %s and %s\n",
521 			       dev_name(ctrl->p2p_client), ns->device_path);
522 			return;
523 		}
524 	}
525 
526 	ret = radix_tree_insert(&ctrl->p2p_ns_map, ns->nsid, p2p_dev);
527 	if (ret < 0)
528 		pci_dev_put(p2p_dev);
529 
530 	pr_info("using p2pmem on %s for nsid %d\n", pci_name(p2p_dev),
531 		ns->nsid);
532 }
533 
534 void nvmet_ns_revalidate(struct nvmet_ns *ns)
535 {
536 	loff_t oldsize = ns->size;
537 
538 	if (ns->bdev)
539 		nvmet_bdev_ns_revalidate(ns);
540 	else
541 		nvmet_file_ns_revalidate(ns);
542 
543 	if (oldsize != ns->size)
544 		nvmet_ns_changed(ns->subsys, ns->nsid);
545 }
546 
547 int nvmet_ns_enable(struct nvmet_ns *ns)
548 {
549 	struct nvmet_subsys *subsys = ns->subsys;
550 	struct nvmet_ctrl *ctrl;
551 	int ret;
552 
553 	mutex_lock(&subsys->lock);
554 	ret = 0;
555 
556 	if (nvmet_is_passthru_subsys(subsys)) {
557 		pr_info("cannot enable both passthru and regular namespaces for a single subsystem");
558 		goto out_unlock;
559 	}
560 
561 	if (ns->enabled)
562 		goto out_unlock;
563 
564 	ret = -EMFILE;
565 	if (subsys->nr_namespaces == NVMET_MAX_NAMESPACES)
566 		goto out_unlock;
567 
568 	ret = nvmet_bdev_ns_enable(ns);
569 	if (ret == -ENOTBLK)
570 		ret = nvmet_file_ns_enable(ns);
571 	if (ret)
572 		goto out_unlock;
573 
574 	ret = nvmet_p2pmem_ns_enable(ns);
575 	if (ret)
576 		goto out_dev_disable;
577 
578 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
579 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
580 
581 	ret = percpu_ref_init(&ns->ref, nvmet_destroy_namespace,
582 				0, GFP_KERNEL);
583 	if (ret)
584 		goto out_dev_put;
585 
586 	if (ns->nsid > subsys->max_nsid)
587 		subsys->max_nsid = ns->nsid;
588 
589 	ret = xa_insert(&subsys->namespaces, ns->nsid, ns, GFP_KERNEL);
590 	if (ret)
591 		goto out_restore_subsys_maxnsid;
592 
593 	subsys->nr_namespaces++;
594 
595 	nvmet_ns_changed(subsys, ns->nsid);
596 	ns->enabled = true;
597 	ret = 0;
598 out_unlock:
599 	mutex_unlock(&subsys->lock);
600 	return ret;
601 
602 out_restore_subsys_maxnsid:
603 	subsys->max_nsid = nvmet_max_nsid(subsys);
604 	percpu_ref_exit(&ns->ref);
605 out_dev_put:
606 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
607 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
608 out_dev_disable:
609 	nvmet_ns_dev_disable(ns);
610 	goto out_unlock;
611 }
612 
613 void nvmet_ns_disable(struct nvmet_ns *ns)
614 {
615 	struct nvmet_subsys *subsys = ns->subsys;
616 	struct nvmet_ctrl *ctrl;
617 
618 	mutex_lock(&subsys->lock);
619 	if (!ns->enabled)
620 		goto out_unlock;
621 
622 	ns->enabled = false;
623 	xa_erase(&ns->subsys->namespaces, ns->nsid);
624 	if (ns->nsid == subsys->max_nsid)
625 		subsys->max_nsid = nvmet_max_nsid(subsys);
626 
627 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
628 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
629 
630 	mutex_unlock(&subsys->lock);
631 
632 	/*
633 	 * Now that we removed the namespaces from the lookup list, we
634 	 * can kill the per_cpu ref and wait for any remaining references
635 	 * to be dropped, as well as a RCU grace period for anyone only
636 	 * using the namepace under rcu_read_lock().  Note that we can't
637 	 * use call_rcu here as we need to ensure the namespaces have
638 	 * been fully destroyed before unloading the module.
639 	 */
640 	percpu_ref_kill(&ns->ref);
641 	synchronize_rcu();
642 	wait_for_completion(&ns->disable_done);
643 	percpu_ref_exit(&ns->ref);
644 
645 	mutex_lock(&subsys->lock);
646 
647 	subsys->nr_namespaces--;
648 	nvmet_ns_changed(subsys, ns->nsid);
649 	nvmet_ns_dev_disable(ns);
650 out_unlock:
651 	mutex_unlock(&subsys->lock);
652 }
653 
654 void nvmet_ns_free(struct nvmet_ns *ns)
655 {
656 	nvmet_ns_disable(ns);
657 
658 	down_write(&nvmet_ana_sem);
659 	nvmet_ana_group_enabled[ns->anagrpid]--;
660 	up_write(&nvmet_ana_sem);
661 
662 	kfree(ns->device_path);
663 	kfree(ns);
664 }
665 
666 struct nvmet_ns *nvmet_ns_alloc(struct nvmet_subsys *subsys, u32 nsid)
667 {
668 	struct nvmet_ns *ns;
669 
670 	ns = kzalloc(sizeof(*ns), GFP_KERNEL);
671 	if (!ns)
672 		return NULL;
673 
674 	init_completion(&ns->disable_done);
675 
676 	ns->nsid = nsid;
677 	ns->subsys = subsys;
678 
679 	down_write(&nvmet_ana_sem);
680 	ns->anagrpid = NVMET_DEFAULT_ANA_GRPID;
681 	nvmet_ana_group_enabled[ns->anagrpid]++;
682 	up_write(&nvmet_ana_sem);
683 
684 	uuid_gen(&ns->uuid);
685 	ns->buffered_io = false;
686 	ns->csi = NVME_CSI_NVM;
687 
688 	return ns;
689 }
690 
691 static void nvmet_update_sq_head(struct nvmet_req *req)
692 {
693 	if (req->sq->size) {
694 		u32 old_sqhd, new_sqhd;
695 
696 		do {
697 			old_sqhd = req->sq->sqhd;
698 			new_sqhd = (old_sqhd + 1) % req->sq->size;
699 		} while (cmpxchg(&req->sq->sqhd, old_sqhd, new_sqhd) !=
700 					old_sqhd);
701 	}
702 	req->cqe->sq_head = cpu_to_le16(req->sq->sqhd & 0x0000FFFF);
703 }
704 
705 static void nvmet_set_error(struct nvmet_req *req, u16 status)
706 {
707 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
708 	struct nvme_error_slot *new_error_slot;
709 	unsigned long flags;
710 
711 	req->cqe->status = cpu_to_le16(status << 1);
712 
713 	if (!ctrl || req->error_loc == NVMET_NO_ERROR_LOC)
714 		return;
715 
716 	spin_lock_irqsave(&ctrl->error_lock, flags);
717 	ctrl->err_counter++;
718 	new_error_slot =
719 		&ctrl->slots[ctrl->err_counter % NVMET_ERROR_LOG_SLOTS];
720 
721 	new_error_slot->error_count = cpu_to_le64(ctrl->err_counter);
722 	new_error_slot->sqid = cpu_to_le16(req->sq->qid);
723 	new_error_slot->cmdid = cpu_to_le16(req->cmd->common.command_id);
724 	new_error_slot->status_field = cpu_to_le16(status << 1);
725 	new_error_slot->param_error_location = cpu_to_le16(req->error_loc);
726 	new_error_slot->lba = cpu_to_le64(req->error_slba);
727 	new_error_slot->nsid = req->cmd->common.nsid;
728 	spin_unlock_irqrestore(&ctrl->error_lock, flags);
729 
730 	/* set the more bit for this request */
731 	req->cqe->status |= cpu_to_le16(1 << 14);
732 }
733 
734 static void __nvmet_req_complete(struct nvmet_req *req, u16 status)
735 {
736 	if (!req->sq->sqhd_disabled)
737 		nvmet_update_sq_head(req);
738 	req->cqe->sq_id = cpu_to_le16(req->sq->qid);
739 	req->cqe->command_id = req->cmd->common.command_id;
740 
741 	if (unlikely(status))
742 		nvmet_set_error(req, status);
743 
744 	trace_nvmet_req_complete(req);
745 
746 	if (req->ns)
747 		nvmet_put_namespace(req->ns);
748 	req->ops->queue_response(req);
749 }
750 
751 void nvmet_req_complete(struct nvmet_req *req, u16 status)
752 {
753 	__nvmet_req_complete(req, status);
754 	percpu_ref_put(&req->sq->ref);
755 }
756 EXPORT_SYMBOL_GPL(nvmet_req_complete);
757 
758 void nvmet_cq_setup(struct nvmet_ctrl *ctrl, struct nvmet_cq *cq,
759 		u16 qid, u16 size)
760 {
761 	cq->qid = qid;
762 	cq->size = size;
763 }
764 
765 void nvmet_sq_setup(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq,
766 		u16 qid, u16 size)
767 {
768 	sq->sqhd = 0;
769 	sq->qid = qid;
770 	sq->size = size;
771 
772 	ctrl->sqs[qid] = sq;
773 }
774 
775 static void nvmet_confirm_sq(struct percpu_ref *ref)
776 {
777 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
778 
779 	complete(&sq->confirm_done);
780 }
781 
782 void nvmet_sq_destroy(struct nvmet_sq *sq)
783 {
784 	struct nvmet_ctrl *ctrl = sq->ctrl;
785 
786 	/*
787 	 * If this is the admin queue, complete all AERs so that our
788 	 * queue doesn't have outstanding requests on it.
789 	 */
790 	if (ctrl && ctrl->sqs && ctrl->sqs[0] == sq)
791 		nvmet_async_events_failall(ctrl);
792 	percpu_ref_kill_and_confirm(&sq->ref, nvmet_confirm_sq);
793 	wait_for_completion(&sq->confirm_done);
794 	wait_for_completion(&sq->free_done);
795 	percpu_ref_exit(&sq->ref);
796 
797 	if (ctrl) {
798 		/*
799 		 * The teardown flow may take some time, and the host may not
800 		 * send us keep-alive during this period, hence reset the
801 		 * traffic based keep-alive timer so we don't trigger a
802 		 * controller teardown as a result of a keep-alive expiration.
803 		 */
804 		ctrl->reset_tbkas = true;
805 		sq->ctrl->sqs[sq->qid] = NULL;
806 		nvmet_ctrl_put(ctrl);
807 		sq->ctrl = NULL; /* allows reusing the queue later */
808 	}
809 }
810 EXPORT_SYMBOL_GPL(nvmet_sq_destroy);
811 
812 static void nvmet_sq_free(struct percpu_ref *ref)
813 {
814 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
815 
816 	complete(&sq->free_done);
817 }
818 
819 int nvmet_sq_init(struct nvmet_sq *sq)
820 {
821 	int ret;
822 
823 	ret = percpu_ref_init(&sq->ref, nvmet_sq_free, 0, GFP_KERNEL);
824 	if (ret) {
825 		pr_err("percpu_ref init failed!\n");
826 		return ret;
827 	}
828 	init_completion(&sq->free_done);
829 	init_completion(&sq->confirm_done);
830 
831 	return 0;
832 }
833 EXPORT_SYMBOL_GPL(nvmet_sq_init);
834 
835 static inline u16 nvmet_check_ana_state(struct nvmet_port *port,
836 		struct nvmet_ns *ns)
837 {
838 	enum nvme_ana_state state = port->ana_state[ns->anagrpid];
839 
840 	if (unlikely(state == NVME_ANA_INACCESSIBLE))
841 		return NVME_SC_ANA_INACCESSIBLE;
842 	if (unlikely(state == NVME_ANA_PERSISTENT_LOSS))
843 		return NVME_SC_ANA_PERSISTENT_LOSS;
844 	if (unlikely(state == NVME_ANA_CHANGE))
845 		return NVME_SC_ANA_TRANSITION;
846 	return 0;
847 }
848 
849 static inline u16 nvmet_io_cmd_check_access(struct nvmet_req *req)
850 {
851 	if (unlikely(req->ns->readonly)) {
852 		switch (req->cmd->common.opcode) {
853 		case nvme_cmd_read:
854 		case nvme_cmd_flush:
855 			break;
856 		default:
857 			return NVME_SC_NS_WRITE_PROTECTED;
858 		}
859 	}
860 
861 	return 0;
862 }
863 
864 static u16 nvmet_parse_io_cmd(struct nvmet_req *req)
865 {
866 	u16 ret;
867 
868 	ret = nvmet_check_ctrl_status(req);
869 	if (unlikely(ret))
870 		return ret;
871 
872 	if (nvmet_is_passthru_req(req))
873 		return nvmet_parse_passthru_io_cmd(req);
874 
875 	ret = nvmet_req_find_ns(req);
876 	if (unlikely(ret))
877 		return ret;
878 
879 	ret = nvmet_check_ana_state(req->port, req->ns);
880 	if (unlikely(ret)) {
881 		req->error_loc = offsetof(struct nvme_common_command, nsid);
882 		return ret;
883 	}
884 	ret = nvmet_io_cmd_check_access(req);
885 	if (unlikely(ret)) {
886 		req->error_loc = offsetof(struct nvme_common_command, nsid);
887 		return ret;
888 	}
889 
890 	switch (req->ns->csi) {
891 	case NVME_CSI_NVM:
892 		if (req->ns->file)
893 			return nvmet_file_parse_io_cmd(req);
894 		return nvmet_bdev_parse_io_cmd(req);
895 	case NVME_CSI_ZNS:
896 		if (IS_ENABLED(CONFIG_BLK_DEV_ZONED))
897 			return nvmet_bdev_zns_parse_io_cmd(req);
898 		return NVME_SC_INVALID_IO_CMD_SET;
899 	default:
900 		return NVME_SC_INVALID_IO_CMD_SET;
901 	}
902 }
903 
904 bool nvmet_req_init(struct nvmet_req *req, struct nvmet_cq *cq,
905 		struct nvmet_sq *sq, const struct nvmet_fabrics_ops *ops)
906 {
907 	u8 flags = req->cmd->common.flags;
908 	u16 status;
909 
910 	req->cq = cq;
911 	req->sq = sq;
912 	req->ops = ops;
913 	req->sg = NULL;
914 	req->metadata_sg = NULL;
915 	req->sg_cnt = 0;
916 	req->metadata_sg_cnt = 0;
917 	req->transfer_len = 0;
918 	req->metadata_len = 0;
919 	req->cqe->status = 0;
920 	req->cqe->sq_head = 0;
921 	req->ns = NULL;
922 	req->error_loc = NVMET_NO_ERROR_LOC;
923 	req->error_slba = 0;
924 
925 	/* no support for fused commands yet */
926 	if (unlikely(flags & (NVME_CMD_FUSE_FIRST | NVME_CMD_FUSE_SECOND))) {
927 		req->error_loc = offsetof(struct nvme_common_command, flags);
928 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
929 		goto fail;
930 	}
931 
932 	/*
933 	 * For fabrics, PSDT field shall describe metadata pointer (MPTR) that
934 	 * contains an address of a single contiguous physical buffer that is
935 	 * byte aligned.
936 	 */
937 	if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF)) {
938 		req->error_loc = offsetof(struct nvme_common_command, flags);
939 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
940 		goto fail;
941 	}
942 
943 	if (unlikely(!req->sq->ctrl))
944 		/* will return an error for any non-connect command: */
945 		status = nvmet_parse_connect_cmd(req);
946 	else if (likely(req->sq->qid != 0))
947 		status = nvmet_parse_io_cmd(req);
948 	else
949 		status = nvmet_parse_admin_cmd(req);
950 
951 	if (status)
952 		goto fail;
953 
954 	trace_nvmet_req_init(req, req->cmd);
955 
956 	if (unlikely(!percpu_ref_tryget_live(&sq->ref))) {
957 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
958 		goto fail;
959 	}
960 
961 	if (sq->ctrl)
962 		sq->ctrl->reset_tbkas = true;
963 
964 	return true;
965 
966 fail:
967 	__nvmet_req_complete(req, status);
968 	return false;
969 }
970 EXPORT_SYMBOL_GPL(nvmet_req_init);
971 
972 void nvmet_req_uninit(struct nvmet_req *req)
973 {
974 	percpu_ref_put(&req->sq->ref);
975 	if (req->ns)
976 		nvmet_put_namespace(req->ns);
977 }
978 EXPORT_SYMBOL_GPL(nvmet_req_uninit);
979 
980 bool nvmet_check_transfer_len(struct nvmet_req *req, size_t len)
981 {
982 	if (unlikely(len != req->transfer_len)) {
983 		req->error_loc = offsetof(struct nvme_common_command, dptr);
984 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR);
985 		return false;
986 	}
987 
988 	return true;
989 }
990 EXPORT_SYMBOL_GPL(nvmet_check_transfer_len);
991 
992 bool nvmet_check_data_len_lte(struct nvmet_req *req, size_t data_len)
993 {
994 	if (unlikely(data_len > req->transfer_len)) {
995 		req->error_loc = offsetof(struct nvme_common_command, dptr);
996 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR);
997 		return false;
998 	}
999 
1000 	return true;
1001 }
1002 
1003 static unsigned int nvmet_data_transfer_len(struct nvmet_req *req)
1004 {
1005 	return req->transfer_len - req->metadata_len;
1006 }
1007 
1008 static int nvmet_req_alloc_p2pmem_sgls(struct pci_dev *p2p_dev,
1009 		struct nvmet_req *req)
1010 {
1011 	req->sg = pci_p2pmem_alloc_sgl(p2p_dev, &req->sg_cnt,
1012 			nvmet_data_transfer_len(req));
1013 	if (!req->sg)
1014 		goto out_err;
1015 
1016 	if (req->metadata_len) {
1017 		req->metadata_sg = pci_p2pmem_alloc_sgl(p2p_dev,
1018 				&req->metadata_sg_cnt, req->metadata_len);
1019 		if (!req->metadata_sg)
1020 			goto out_free_sg;
1021 	}
1022 
1023 	req->p2p_dev = p2p_dev;
1024 
1025 	return 0;
1026 out_free_sg:
1027 	pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1028 out_err:
1029 	return -ENOMEM;
1030 }
1031 
1032 static struct pci_dev *nvmet_req_find_p2p_dev(struct nvmet_req *req)
1033 {
1034 	if (!IS_ENABLED(CONFIG_PCI_P2PDMA) ||
1035 	    !req->sq->ctrl || !req->sq->qid || !req->ns)
1036 		return NULL;
1037 	return radix_tree_lookup(&req->sq->ctrl->p2p_ns_map, req->ns->nsid);
1038 }
1039 
1040 int nvmet_req_alloc_sgls(struct nvmet_req *req)
1041 {
1042 	struct pci_dev *p2p_dev = nvmet_req_find_p2p_dev(req);
1043 
1044 	if (p2p_dev && !nvmet_req_alloc_p2pmem_sgls(p2p_dev, req))
1045 		return 0;
1046 
1047 	req->sg = sgl_alloc(nvmet_data_transfer_len(req), GFP_KERNEL,
1048 			    &req->sg_cnt);
1049 	if (unlikely(!req->sg))
1050 		goto out;
1051 
1052 	if (req->metadata_len) {
1053 		req->metadata_sg = sgl_alloc(req->metadata_len, GFP_KERNEL,
1054 					     &req->metadata_sg_cnt);
1055 		if (unlikely(!req->metadata_sg))
1056 			goto out_free;
1057 	}
1058 
1059 	return 0;
1060 out_free:
1061 	sgl_free(req->sg);
1062 out:
1063 	return -ENOMEM;
1064 }
1065 EXPORT_SYMBOL_GPL(nvmet_req_alloc_sgls);
1066 
1067 void nvmet_req_free_sgls(struct nvmet_req *req)
1068 {
1069 	if (req->p2p_dev) {
1070 		pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1071 		if (req->metadata_sg)
1072 			pci_p2pmem_free_sgl(req->p2p_dev, req->metadata_sg);
1073 		req->p2p_dev = NULL;
1074 	} else {
1075 		sgl_free(req->sg);
1076 		if (req->metadata_sg)
1077 			sgl_free(req->metadata_sg);
1078 	}
1079 
1080 	req->sg = NULL;
1081 	req->metadata_sg = NULL;
1082 	req->sg_cnt = 0;
1083 	req->metadata_sg_cnt = 0;
1084 }
1085 EXPORT_SYMBOL_GPL(nvmet_req_free_sgls);
1086 
1087 static inline bool nvmet_cc_en(u32 cc)
1088 {
1089 	return (cc >> NVME_CC_EN_SHIFT) & 0x1;
1090 }
1091 
1092 static inline u8 nvmet_cc_css(u32 cc)
1093 {
1094 	return (cc >> NVME_CC_CSS_SHIFT) & 0x7;
1095 }
1096 
1097 static inline u8 nvmet_cc_mps(u32 cc)
1098 {
1099 	return (cc >> NVME_CC_MPS_SHIFT) & 0xf;
1100 }
1101 
1102 static inline u8 nvmet_cc_ams(u32 cc)
1103 {
1104 	return (cc >> NVME_CC_AMS_SHIFT) & 0x7;
1105 }
1106 
1107 static inline u8 nvmet_cc_shn(u32 cc)
1108 {
1109 	return (cc >> NVME_CC_SHN_SHIFT) & 0x3;
1110 }
1111 
1112 static inline u8 nvmet_cc_iosqes(u32 cc)
1113 {
1114 	return (cc >> NVME_CC_IOSQES_SHIFT) & 0xf;
1115 }
1116 
1117 static inline u8 nvmet_cc_iocqes(u32 cc)
1118 {
1119 	return (cc >> NVME_CC_IOCQES_SHIFT) & 0xf;
1120 }
1121 
1122 static inline bool nvmet_css_supported(u8 cc_css)
1123 {
1124 	switch (cc_css <<= NVME_CC_CSS_SHIFT) {
1125 	case NVME_CC_CSS_NVM:
1126 	case NVME_CC_CSS_CSI:
1127 		return true;
1128 	default:
1129 		return false;
1130 	}
1131 }
1132 
1133 static void nvmet_start_ctrl(struct nvmet_ctrl *ctrl)
1134 {
1135 	lockdep_assert_held(&ctrl->lock);
1136 
1137 	/*
1138 	 * Only I/O controllers should verify iosqes,iocqes.
1139 	 * Strictly speaking, the spec says a discovery controller
1140 	 * should verify iosqes,iocqes are zeroed, however that
1141 	 * would break backwards compatibility, so don't enforce it.
1142 	 */
1143 	if (!nvmet_is_disc_subsys(ctrl->subsys) &&
1144 	    (nvmet_cc_iosqes(ctrl->cc) != NVME_NVM_IOSQES ||
1145 	     nvmet_cc_iocqes(ctrl->cc) != NVME_NVM_IOCQES)) {
1146 		ctrl->csts = NVME_CSTS_CFS;
1147 		return;
1148 	}
1149 
1150 	if (nvmet_cc_mps(ctrl->cc) != 0 ||
1151 	    nvmet_cc_ams(ctrl->cc) != 0 ||
1152 	    !nvmet_css_supported(nvmet_cc_css(ctrl->cc))) {
1153 		ctrl->csts = NVME_CSTS_CFS;
1154 		return;
1155 	}
1156 
1157 	ctrl->csts = NVME_CSTS_RDY;
1158 
1159 	/*
1160 	 * Controllers that are not yet enabled should not really enforce the
1161 	 * keep alive timeout, but we still want to track a timeout and cleanup
1162 	 * in case a host died before it enabled the controller.  Hence, simply
1163 	 * reset the keep alive timer when the controller is enabled.
1164 	 */
1165 	if (ctrl->kato)
1166 		mod_delayed_work(system_wq, &ctrl->ka_work, ctrl->kato * HZ);
1167 }
1168 
1169 static void nvmet_clear_ctrl(struct nvmet_ctrl *ctrl)
1170 {
1171 	lockdep_assert_held(&ctrl->lock);
1172 
1173 	/* XXX: tear down queues? */
1174 	ctrl->csts &= ~NVME_CSTS_RDY;
1175 	ctrl->cc = 0;
1176 }
1177 
1178 void nvmet_update_cc(struct nvmet_ctrl *ctrl, u32 new)
1179 {
1180 	u32 old;
1181 
1182 	mutex_lock(&ctrl->lock);
1183 	old = ctrl->cc;
1184 	ctrl->cc = new;
1185 
1186 	if (nvmet_cc_en(new) && !nvmet_cc_en(old))
1187 		nvmet_start_ctrl(ctrl);
1188 	if (!nvmet_cc_en(new) && nvmet_cc_en(old))
1189 		nvmet_clear_ctrl(ctrl);
1190 	if (nvmet_cc_shn(new) && !nvmet_cc_shn(old)) {
1191 		nvmet_clear_ctrl(ctrl);
1192 		ctrl->csts |= NVME_CSTS_SHST_CMPLT;
1193 	}
1194 	if (!nvmet_cc_shn(new) && nvmet_cc_shn(old))
1195 		ctrl->csts &= ~NVME_CSTS_SHST_CMPLT;
1196 	mutex_unlock(&ctrl->lock);
1197 }
1198 
1199 static void nvmet_init_cap(struct nvmet_ctrl *ctrl)
1200 {
1201 	/* command sets supported: NVMe command set: */
1202 	ctrl->cap = (1ULL << 37);
1203 	/* Controller supports one or more I/O Command Sets */
1204 	ctrl->cap |= (1ULL << 43);
1205 	/* CC.EN timeout in 500msec units: */
1206 	ctrl->cap |= (15ULL << 24);
1207 	/* maximum queue entries supported: */
1208 	if (ctrl->ops->get_max_queue_size)
1209 		ctrl->cap |= ctrl->ops->get_max_queue_size(ctrl) - 1;
1210 	else
1211 		ctrl->cap |= NVMET_QUEUE_SIZE - 1;
1212 
1213 	if (nvmet_is_passthru_subsys(ctrl->subsys))
1214 		nvmet_passthrough_override_cap(ctrl);
1215 }
1216 
1217 struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn,
1218 				       const char *hostnqn, u16 cntlid,
1219 				       struct nvmet_req *req)
1220 {
1221 	struct nvmet_ctrl *ctrl = NULL;
1222 	struct nvmet_subsys *subsys;
1223 
1224 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1225 	if (!subsys) {
1226 		pr_warn("connect request for invalid subsystem %s!\n",
1227 			subsysnqn);
1228 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1229 		goto out;
1230 	}
1231 
1232 	mutex_lock(&subsys->lock);
1233 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
1234 		if (ctrl->cntlid == cntlid) {
1235 			if (strncmp(hostnqn, ctrl->hostnqn, NVMF_NQN_SIZE)) {
1236 				pr_warn("hostnqn mismatch.\n");
1237 				continue;
1238 			}
1239 			if (!kref_get_unless_zero(&ctrl->ref))
1240 				continue;
1241 
1242 			/* ctrl found */
1243 			goto found;
1244 		}
1245 	}
1246 
1247 	ctrl = NULL; /* ctrl not found */
1248 	pr_warn("could not find controller %d for subsys %s / host %s\n",
1249 		cntlid, subsysnqn, hostnqn);
1250 	req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(cntlid);
1251 
1252 found:
1253 	mutex_unlock(&subsys->lock);
1254 	nvmet_subsys_put(subsys);
1255 out:
1256 	return ctrl;
1257 }
1258 
1259 u16 nvmet_check_ctrl_status(struct nvmet_req *req)
1260 {
1261 	if (unlikely(!(req->sq->ctrl->cc & NVME_CC_ENABLE))) {
1262 		pr_err("got cmd %d while CC.EN == 0 on qid = %d\n",
1263 		       req->cmd->common.opcode, req->sq->qid);
1264 		return NVME_SC_CMD_SEQ_ERROR | NVME_SC_DNR;
1265 	}
1266 
1267 	if (unlikely(!(req->sq->ctrl->csts & NVME_CSTS_RDY))) {
1268 		pr_err("got cmd %d while CSTS.RDY == 0 on qid = %d\n",
1269 		       req->cmd->common.opcode, req->sq->qid);
1270 		return NVME_SC_CMD_SEQ_ERROR | NVME_SC_DNR;
1271 	}
1272 	return 0;
1273 }
1274 
1275 bool nvmet_host_allowed(struct nvmet_subsys *subsys, const char *hostnqn)
1276 {
1277 	struct nvmet_host_link *p;
1278 
1279 	lockdep_assert_held(&nvmet_config_sem);
1280 
1281 	if (subsys->allow_any_host)
1282 		return true;
1283 
1284 	if (nvmet_is_disc_subsys(subsys)) /* allow all access to disc subsys */
1285 		return true;
1286 
1287 	list_for_each_entry(p, &subsys->hosts, entry) {
1288 		if (!strcmp(nvmet_host_name(p->host), hostnqn))
1289 			return true;
1290 	}
1291 
1292 	return false;
1293 }
1294 
1295 /*
1296  * Note: ctrl->subsys->lock should be held when calling this function
1297  */
1298 static void nvmet_setup_p2p_ns_map(struct nvmet_ctrl *ctrl,
1299 		struct nvmet_req *req)
1300 {
1301 	struct nvmet_ns *ns;
1302 	unsigned long idx;
1303 
1304 	if (!req->p2p_client)
1305 		return;
1306 
1307 	ctrl->p2p_client = get_device(req->p2p_client);
1308 
1309 	xa_for_each(&ctrl->subsys->namespaces, idx, ns)
1310 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
1311 }
1312 
1313 /*
1314  * Note: ctrl->subsys->lock should be held when calling this function
1315  */
1316 static void nvmet_release_p2p_ns_map(struct nvmet_ctrl *ctrl)
1317 {
1318 	struct radix_tree_iter iter;
1319 	void __rcu **slot;
1320 
1321 	radix_tree_for_each_slot(slot, &ctrl->p2p_ns_map, &iter, 0)
1322 		pci_dev_put(radix_tree_deref_slot(slot));
1323 
1324 	put_device(ctrl->p2p_client);
1325 }
1326 
1327 static void nvmet_fatal_error_handler(struct work_struct *work)
1328 {
1329 	struct nvmet_ctrl *ctrl =
1330 			container_of(work, struct nvmet_ctrl, fatal_err_work);
1331 
1332 	pr_err("ctrl %d fatal error occurred!\n", ctrl->cntlid);
1333 	ctrl->ops->delete_ctrl(ctrl);
1334 }
1335 
1336 u16 nvmet_alloc_ctrl(const char *subsysnqn, const char *hostnqn,
1337 		struct nvmet_req *req, u32 kato, struct nvmet_ctrl **ctrlp)
1338 {
1339 	struct nvmet_subsys *subsys;
1340 	struct nvmet_ctrl *ctrl;
1341 	int ret;
1342 	u16 status;
1343 
1344 	status = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
1345 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1346 	if (!subsys) {
1347 		pr_warn("connect request for invalid subsystem %s!\n",
1348 			subsysnqn);
1349 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1350 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1351 		goto out;
1352 	}
1353 
1354 	down_read(&nvmet_config_sem);
1355 	if (!nvmet_host_allowed(subsys, hostnqn)) {
1356 		pr_info("connect by host %s for subsystem %s not allowed\n",
1357 			hostnqn, subsysnqn);
1358 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(hostnqn);
1359 		up_read(&nvmet_config_sem);
1360 		status = NVME_SC_CONNECT_INVALID_HOST | NVME_SC_DNR;
1361 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1362 		goto out_put_subsystem;
1363 	}
1364 	up_read(&nvmet_config_sem);
1365 
1366 	status = NVME_SC_INTERNAL;
1367 	ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
1368 	if (!ctrl)
1369 		goto out_put_subsystem;
1370 	mutex_init(&ctrl->lock);
1371 
1372 	ctrl->port = req->port;
1373 	ctrl->ops = req->ops;
1374 
1375 	INIT_WORK(&ctrl->async_event_work, nvmet_async_event_work);
1376 	INIT_LIST_HEAD(&ctrl->async_events);
1377 	INIT_RADIX_TREE(&ctrl->p2p_ns_map, GFP_KERNEL);
1378 	INIT_WORK(&ctrl->fatal_err_work, nvmet_fatal_error_handler);
1379 	INIT_DELAYED_WORK(&ctrl->ka_work, nvmet_keep_alive_timer);
1380 
1381 	memcpy(ctrl->subsysnqn, subsysnqn, NVMF_NQN_SIZE);
1382 	memcpy(ctrl->hostnqn, hostnqn, NVMF_NQN_SIZE);
1383 
1384 	kref_init(&ctrl->ref);
1385 	ctrl->subsys = subsys;
1386 	nvmet_init_cap(ctrl);
1387 	WRITE_ONCE(ctrl->aen_enabled, NVMET_AEN_CFG_OPTIONAL);
1388 
1389 	ctrl->changed_ns_list = kmalloc_array(NVME_MAX_CHANGED_NAMESPACES,
1390 			sizeof(__le32), GFP_KERNEL);
1391 	if (!ctrl->changed_ns_list)
1392 		goto out_free_ctrl;
1393 
1394 	ctrl->sqs = kcalloc(subsys->max_qid + 1,
1395 			sizeof(struct nvmet_sq *),
1396 			GFP_KERNEL);
1397 	if (!ctrl->sqs)
1398 		goto out_free_changed_ns_list;
1399 
1400 	if (subsys->cntlid_min > subsys->cntlid_max)
1401 		goto out_free_sqs;
1402 
1403 	ret = ida_simple_get(&cntlid_ida,
1404 			     subsys->cntlid_min, subsys->cntlid_max,
1405 			     GFP_KERNEL);
1406 	if (ret < 0) {
1407 		status = NVME_SC_CONNECT_CTRL_BUSY | NVME_SC_DNR;
1408 		goto out_free_sqs;
1409 	}
1410 	ctrl->cntlid = ret;
1411 
1412 	/*
1413 	 * Discovery controllers may use some arbitrary high value
1414 	 * in order to cleanup stale discovery sessions
1415 	 */
1416 	if (nvmet_is_disc_subsys(ctrl->subsys) && !kato)
1417 		kato = NVMET_DISC_KATO_MS;
1418 
1419 	/* keep-alive timeout in seconds */
1420 	ctrl->kato = DIV_ROUND_UP(kato, 1000);
1421 
1422 	ctrl->err_counter = 0;
1423 	spin_lock_init(&ctrl->error_lock);
1424 
1425 	nvmet_start_keep_alive_timer(ctrl);
1426 
1427 	mutex_lock(&subsys->lock);
1428 	list_add_tail(&ctrl->subsys_entry, &subsys->ctrls);
1429 	nvmet_setup_p2p_ns_map(ctrl, req);
1430 	mutex_unlock(&subsys->lock);
1431 
1432 	*ctrlp = ctrl;
1433 	return 0;
1434 
1435 out_free_sqs:
1436 	kfree(ctrl->sqs);
1437 out_free_changed_ns_list:
1438 	kfree(ctrl->changed_ns_list);
1439 out_free_ctrl:
1440 	kfree(ctrl);
1441 out_put_subsystem:
1442 	nvmet_subsys_put(subsys);
1443 out:
1444 	return status;
1445 }
1446 
1447 static void nvmet_ctrl_free(struct kref *ref)
1448 {
1449 	struct nvmet_ctrl *ctrl = container_of(ref, struct nvmet_ctrl, ref);
1450 	struct nvmet_subsys *subsys = ctrl->subsys;
1451 
1452 	mutex_lock(&subsys->lock);
1453 	nvmet_release_p2p_ns_map(ctrl);
1454 	list_del(&ctrl->subsys_entry);
1455 	mutex_unlock(&subsys->lock);
1456 
1457 	nvmet_stop_keep_alive_timer(ctrl);
1458 
1459 	flush_work(&ctrl->async_event_work);
1460 	cancel_work_sync(&ctrl->fatal_err_work);
1461 
1462 	ida_simple_remove(&cntlid_ida, ctrl->cntlid);
1463 
1464 	nvmet_async_events_free(ctrl);
1465 	kfree(ctrl->sqs);
1466 	kfree(ctrl->changed_ns_list);
1467 	kfree(ctrl);
1468 
1469 	nvmet_subsys_put(subsys);
1470 }
1471 
1472 void nvmet_ctrl_put(struct nvmet_ctrl *ctrl)
1473 {
1474 	kref_put(&ctrl->ref, nvmet_ctrl_free);
1475 }
1476 
1477 void nvmet_ctrl_fatal_error(struct nvmet_ctrl *ctrl)
1478 {
1479 	mutex_lock(&ctrl->lock);
1480 	if (!(ctrl->csts & NVME_CSTS_CFS)) {
1481 		ctrl->csts |= NVME_CSTS_CFS;
1482 		schedule_work(&ctrl->fatal_err_work);
1483 	}
1484 	mutex_unlock(&ctrl->lock);
1485 }
1486 EXPORT_SYMBOL_GPL(nvmet_ctrl_fatal_error);
1487 
1488 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
1489 		const char *subsysnqn)
1490 {
1491 	struct nvmet_subsys_link *p;
1492 
1493 	if (!port)
1494 		return NULL;
1495 
1496 	if (!strcmp(NVME_DISC_SUBSYS_NAME, subsysnqn) ||
1497 	    !strcmp(nvmet_disc_subsys->subsysnqn, subsysnqn)) {
1498 		if (!kref_get_unless_zero(&nvmet_disc_subsys->ref))
1499 			return NULL;
1500 		return nvmet_disc_subsys;
1501 	}
1502 
1503 	down_read(&nvmet_config_sem);
1504 	list_for_each_entry(p, &port->subsystems, entry) {
1505 		if (!strncmp(p->subsys->subsysnqn, subsysnqn,
1506 				NVMF_NQN_SIZE)) {
1507 			if (!kref_get_unless_zero(&p->subsys->ref))
1508 				break;
1509 			up_read(&nvmet_config_sem);
1510 			return p->subsys;
1511 		}
1512 	}
1513 	up_read(&nvmet_config_sem);
1514 	return NULL;
1515 }
1516 
1517 struct nvmet_subsys *nvmet_subsys_alloc(const char *subsysnqn,
1518 		enum nvme_subsys_type type)
1519 {
1520 	struct nvmet_subsys *subsys;
1521 	char serial[NVMET_SN_MAX_SIZE / 2];
1522 	int ret;
1523 
1524 	subsys = kzalloc(sizeof(*subsys), GFP_KERNEL);
1525 	if (!subsys)
1526 		return ERR_PTR(-ENOMEM);
1527 
1528 	subsys->ver = NVMET_DEFAULT_VS;
1529 	/* generate a random serial number as our controllers are ephemeral: */
1530 	get_random_bytes(&serial, sizeof(serial));
1531 	bin2hex(subsys->serial, &serial, sizeof(serial));
1532 
1533 	subsys->model_number = kstrdup(NVMET_DEFAULT_CTRL_MODEL, GFP_KERNEL);
1534 	if (!subsys->model_number) {
1535 		ret = -ENOMEM;
1536 		goto free_subsys;
1537 	}
1538 
1539 	switch (type) {
1540 	case NVME_NQN_NVME:
1541 		subsys->max_qid = NVMET_NR_QUEUES;
1542 		break;
1543 	case NVME_NQN_DISC:
1544 	case NVME_NQN_CURR:
1545 		subsys->max_qid = 0;
1546 		break;
1547 	default:
1548 		pr_err("%s: Unknown Subsystem type - %d\n", __func__, type);
1549 		ret = -EINVAL;
1550 		goto free_mn;
1551 	}
1552 	subsys->type = type;
1553 	subsys->subsysnqn = kstrndup(subsysnqn, NVMF_NQN_SIZE,
1554 			GFP_KERNEL);
1555 	if (!subsys->subsysnqn) {
1556 		ret = -ENOMEM;
1557 		goto free_mn;
1558 	}
1559 	subsys->cntlid_min = NVME_CNTLID_MIN;
1560 	subsys->cntlid_max = NVME_CNTLID_MAX;
1561 	kref_init(&subsys->ref);
1562 
1563 	mutex_init(&subsys->lock);
1564 	xa_init(&subsys->namespaces);
1565 	INIT_LIST_HEAD(&subsys->ctrls);
1566 	INIT_LIST_HEAD(&subsys->hosts);
1567 
1568 	return subsys;
1569 
1570 free_mn:
1571 	kfree(subsys->model_number);
1572 free_subsys:
1573 	kfree(subsys);
1574 	return ERR_PTR(ret);
1575 }
1576 
1577 static void nvmet_subsys_free(struct kref *ref)
1578 {
1579 	struct nvmet_subsys *subsys =
1580 		container_of(ref, struct nvmet_subsys, ref);
1581 
1582 	WARN_ON_ONCE(!xa_empty(&subsys->namespaces));
1583 
1584 	xa_destroy(&subsys->namespaces);
1585 	nvmet_passthru_subsys_free(subsys);
1586 
1587 	kfree(subsys->subsysnqn);
1588 	kfree(subsys->model_number);
1589 	kfree(subsys);
1590 }
1591 
1592 void nvmet_subsys_del_ctrls(struct nvmet_subsys *subsys)
1593 {
1594 	struct nvmet_ctrl *ctrl;
1595 
1596 	mutex_lock(&subsys->lock);
1597 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
1598 		ctrl->ops->delete_ctrl(ctrl);
1599 	mutex_unlock(&subsys->lock);
1600 }
1601 
1602 void nvmet_subsys_put(struct nvmet_subsys *subsys)
1603 {
1604 	kref_put(&subsys->ref, nvmet_subsys_free);
1605 }
1606 
1607 static int __init nvmet_init(void)
1608 {
1609 	int error;
1610 
1611 	nvmet_ana_group_enabled[NVMET_DEFAULT_ANA_GRPID] = 1;
1612 
1613 	zbd_wq = alloc_workqueue("nvmet-zbd-wq", WQ_MEM_RECLAIM, 0);
1614 	if (!zbd_wq)
1615 		return -ENOMEM;
1616 
1617 	buffered_io_wq = alloc_workqueue("nvmet-buffered-io-wq",
1618 			WQ_MEM_RECLAIM, 0);
1619 	if (!buffered_io_wq) {
1620 		error = -ENOMEM;
1621 		goto out_free_zbd_work_queue;
1622 	}
1623 
1624 	error = nvmet_init_discovery();
1625 	if (error)
1626 		goto out_free_work_queue;
1627 
1628 	error = nvmet_init_configfs();
1629 	if (error)
1630 		goto out_exit_discovery;
1631 	return 0;
1632 
1633 out_exit_discovery:
1634 	nvmet_exit_discovery();
1635 out_free_work_queue:
1636 	destroy_workqueue(buffered_io_wq);
1637 out_free_zbd_work_queue:
1638 	destroy_workqueue(zbd_wq);
1639 	return error;
1640 }
1641 
1642 static void __exit nvmet_exit(void)
1643 {
1644 	nvmet_exit_configfs();
1645 	nvmet_exit_discovery();
1646 	ida_destroy(&cntlid_ida);
1647 	destroy_workqueue(buffered_io_wq);
1648 	destroy_workqueue(zbd_wq);
1649 
1650 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_entry) != 1024);
1651 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_hdr) != 1024);
1652 }
1653 
1654 module_init(nvmet_init);
1655 module_exit(nvmet_exit);
1656 
1657 MODULE_LICENSE("GPL v2");
1658