xref: /linux/drivers/nvme/target/core.c (revision fc6dfd5547794b0bf10790576a9d97443d975439)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Common code for the NVMe target.
4  * Copyright (c) 2015-2016 HGST, a Western Digital Company.
5  */
6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
7 #include <linux/module.h>
8 #include <linux/random.h>
9 #include <linux/rculist.h>
10 #include <linux/pci-p2pdma.h>
11 #include <linux/scatterlist.h>
12 
13 #define CREATE_TRACE_POINTS
14 #include "trace.h"
15 
16 #include "nvmet.h"
17 
18 struct workqueue_struct *buffered_io_wq;
19 struct workqueue_struct *zbd_wq;
20 static const struct nvmet_fabrics_ops *nvmet_transports[NVMF_TRTYPE_MAX];
21 static DEFINE_IDA(cntlid_ida);
22 
23 struct workqueue_struct *nvmet_wq;
24 EXPORT_SYMBOL_GPL(nvmet_wq);
25 
26 /*
27  * This read/write semaphore is used to synchronize access to configuration
28  * information on a target system that will result in discovery log page
29  * information change for at least one host.
30  * The full list of resources to protected by this semaphore is:
31  *
32  *  - subsystems list
33  *  - per-subsystem allowed hosts list
34  *  - allow_any_host subsystem attribute
35  *  - nvmet_genctr
36  *  - the nvmet_transports array
37  *
38  * When updating any of those lists/structures write lock should be obtained,
39  * while when reading (popolating discovery log page or checking host-subsystem
40  * link) read lock is obtained to allow concurrent reads.
41  */
42 DECLARE_RWSEM(nvmet_config_sem);
43 
44 u32 nvmet_ana_group_enabled[NVMET_MAX_ANAGRPS + 1];
45 u64 nvmet_ana_chgcnt;
46 DECLARE_RWSEM(nvmet_ana_sem);
47 
48 inline u16 errno_to_nvme_status(struct nvmet_req *req, int errno)
49 {
50 	switch (errno) {
51 	case 0:
52 		return NVME_SC_SUCCESS;
53 	case -ENOSPC:
54 		req->error_loc = offsetof(struct nvme_rw_command, length);
55 		return NVME_SC_CAP_EXCEEDED | NVME_SC_DNR;
56 	case -EREMOTEIO:
57 		req->error_loc = offsetof(struct nvme_rw_command, slba);
58 		return  NVME_SC_LBA_RANGE | NVME_SC_DNR;
59 	case -EOPNOTSUPP:
60 		req->error_loc = offsetof(struct nvme_common_command, opcode);
61 		switch (req->cmd->common.opcode) {
62 		case nvme_cmd_dsm:
63 		case nvme_cmd_write_zeroes:
64 			return NVME_SC_ONCS_NOT_SUPPORTED | NVME_SC_DNR;
65 		default:
66 			return NVME_SC_INVALID_OPCODE | NVME_SC_DNR;
67 		}
68 		break;
69 	case -ENODATA:
70 		req->error_loc = offsetof(struct nvme_rw_command, nsid);
71 		return NVME_SC_ACCESS_DENIED;
72 	case -EIO:
73 		fallthrough;
74 	default:
75 		req->error_loc = offsetof(struct nvme_common_command, opcode);
76 		return NVME_SC_INTERNAL | NVME_SC_DNR;
77 	}
78 }
79 
80 u16 nvmet_report_invalid_opcode(struct nvmet_req *req)
81 {
82 	pr_debug("unhandled cmd %d on qid %d\n", req->cmd->common.opcode,
83 		 req->sq->qid);
84 
85 	req->error_loc = offsetof(struct nvme_common_command, opcode);
86 	return NVME_SC_INVALID_OPCODE | NVME_SC_DNR;
87 }
88 
89 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
90 		const char *subsysnqn);
91 
92 u16 nvmet_copy_to_sgl(struct nvmet_req *req, off_t off, const void *buf,
93 		size_t len)
94 {
95 	if (sg_pcopy_from_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
96 		req->error_loc = offsetof(struct nvme_common_command, dptr);
97 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
98 	}
99 	return 0;
100 }
101 
102 u16 nvmet_copy_from_sgl(struct nvmet_req *req, off_t off, void *buf, size_t len)
103 {
104 	if (sg_pcopy_to_buffer(req->sg, req->sg_cnt, buf, len, off) != len) {
105 		req->error_loc = offsetof(struct nvme_common_command, dptr);
106 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
107 	}
108 	return 0;
109 }
110 
111 u16 nvmet_zero_sgl(struct nvmet_req *req, off_t off, size_t len)
112 {
113 	if (sg_zero_buffer(req->sg, req->sg_cnt, len, off) != len) {
114 		req->error_loc = offsetof(struct nvme_common_command, dptr);
115 		return NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR;
116 	}
117 	return 0;
118 }
119 
120 static u32 nvmet_max_nsid(struct nvmet_subsys *subsys)
121 {
122 	struct nvmet_ns *cur;
123 	unsigned long idx;
124 	u32 nsid = 0;
125 
126 	xa_for_each(&subsys->namespaces, idx, cur)
127 		nsid = cur->nsid;
128 
129 	return nsid;
130 }
131 
132 static u32 nvmet_async_event_result(struct nvmet_async_event *aen)
133 {
134 	return aen->event_type | (aen->event_info << 8) | (aen->log_page << 16);
135 }
136 
137 static void nvmet_async_events_failall(struct nvmet_ctrl *ctrl)
138 {
139 	struct nvmet_req *req;
140 
141 	mutex_lock(&ctrl->lock);
142 	while (ctrl->nr_async_event_cmds) {
143 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
144 		mutex_unlock(&ctrl->lock);
145 		nvmet_req_complete(req, NVME_SC_INTERNAL | NVME_SC_DNR);
146 		mutex_lock(&ctrl->lock);
147 	}
148 	mutex_unlock(&ctrl->lock);
149 }
150 
151 static void nvmet_async_events_process(struct nvmet_ctrl *ctrl)
152 {
153 	struct nvmet_async_event *aen;
154 	struct nvmet_req *req;
155 
156 	mutex_lock(&ctrl->lock);
157 	while (ctrl->nr_async_event_cmds && !list_empty(&ctrl->async_events)) {
158 		aen = list_first_entry(&ctrl->async_events,
159 				       struct nvmet_async_event, entry);
160 		req = ctrl->async_event_cmds[--ctrl->nr_async_event_cmds];
161 		nvmet_set_result(req, nvmet_async_event_result(aen));
162 
163 		list_del(&aen->entry);
164 		kfree(aen);
165 
166 		mutex_unlock(&ctrl->lock);
167 		trace_nvmet_async_event(ctrl, req->cqe->result.u32);
168 		nvmet_req_complete(req, 0);
169 		mutex_lock(&ctrl->lock);
170 	}
171 	mutex_unlock(&ctrl->lock);
172 }
173 
174 static void nvmet_async_events_free(struct nvmet_ctrl *ctrl)
175 {
176 	struct nvmet_async_event *aen, *tmp;
177 
178 	mutex_lock(&ctrl->lock);
179 	list_for_each_entry_safe(aen, tmp, &ctrl->async_events, entry) {
180 		list_del(&aen->entry);
181 		kfree(aen);
182 	}
183 	mutex_unlock(&ctrl->lock);
184 }
185 
186 static void nvmet_async_event_work(struct work_struct *work)
187 {
188 	struct nvmet_ctrl *ctrl =
189 		container_of(work, struct nvmet_ctrl, async_event_work);
190 
191 	nvmet_async_events_process(ctrl);
192 }
193 
194 void nvmet_add_async_event(struct nvmet_ctrl *ctrl, u8 event_type,
195 		u8 event_info, u8 log_page)
196 {
197 	struct nvmet_async_event *aen;
198 
199 	aen = kmalloc(sizeof(*aen), GFP_KERNEL);
200 	if (!aen)
201 		return;
202 
203 	aen->event_type = event_type;
204 	aen->event_info = event_info;
205 	aen->log_page = log_page;
206 
207 	mutex_lock(&ctrl->lock);
208 	list_add_tail(&aen->entry, &ctrl->async_events);
209 	mutex_unlock(&ctrl->lock);
210 
211 	queue_work(nvmet_wq, &ctrl->async_event_work);
212 }
213 
214 static void nvmet_add_to_changed_ns_log(struct nvmet_ctrl *ctrl, __le32 nsid)
215 {
216 	u32 i;
217 
218 	mutex_lock(&ctrl->lock);
219 	if (ctrl->nr_changed_ns > NVME_MAX_CHANGED_NAMESPACES)
220 		goto out_unlock;
221 
222 	for (i = 0; i < ctrl->nr_changed_ns; i++) {
223 		if (ctrl->changed_ns_list[i] == nsid)
224 			goto out_unlock;
225 	}
226 
227 	if (ctrl->nr_changed_ns == NVME_MAX_CHANGED_NAMESPACES) {
228 		ctrl->changed_ns_list[0] = cpu_to_le32(0xffffffff);
229 		ctrl->nr_changed_ns = U32_MAX;
230 		goto out_unlock;
231 	}
232 
233 	ctrl->changed_ns_list[ctrl->nr_changed_ns++] = nsid;
234 out_unlock:
235 	mutex_unlock(&ctrl->lock);
236 }
237 
238 void nvmet_ns_changed(struct nvmet_subsys *subsys, u32 nsid)
239 {
240 	struct nvmet_ctrl *ctrl;
241 
242 	lockdep_assert_held(&subsys->lock);
243 
244 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
245 		nvmet_add_to_changed_ns_log(ctrl, cpu_to_le32(nsid));
246 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_NS_ATTR))
247 			continue;
248 		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE,
249 				NVME_AER_NOTICE_NS_CHANGED,
250 				NVME_LOG_CHANGED_NS);
251 	}
252 }
253 
254 void nvmet_send_ana_event(struct nvmet_subsys *subsys,
255 		struct nvmet_port *port)
256 {
257 	struct nvmet_ctrl *ctrl;
258 
259 	mutex_lock(&subsys->lock);
260 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
261 		if (port && ctrl->port != port)
262 			continue;
263 		if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_ANA_CHANGE))
264 			continue;
265 		nvmet_add_async_event(ctrl, NVME_AER_TYPE_NOTICE,
266 				NVME_AER_NOTICE_ANA, NVME_LOG_ANA);
267 	}
268 	mutex_unlock(&subsys->lock);
269 }
270 
271 void nvmet_port_send_ana_event(struct nvmet_port *port)
272 {
273 	struct nvmet_subsys_link *p;
274 
275 	down_read(&nvmet_config_sem);
276 	list_for_each_entry(p, &port->subsystems, entry)
277 		nvmet_send_ana_event(p->subsys, port);
278 	up_read(&nvmet_config_sem);
279 }
280 
281 int nvmet_register_transport(const struct nvmet_fabrics_ops *ops)
282 {
283 	int ret = 0;
284 
285 	down_write(&nvmet_config_sem);
286 	if (nvmet_transports[ops->type])
287 		ret = -EINVAL;
288 	else
289 		nvmet_transports[ops->type] = ops;
290 	up_write(&nvmet_config_sem);
291 
292 	return ret;
293 }
294 EXPORT_SYMBOL_GPL(nvmet_register_transport);
295 
296 void nvmet_unregister_transport(const struct nvmet_fabrics_ops *ops)
297 {
298 	down_write(&nvmet_config_sem);
299 	nvmet_transports[ops->type] = NULL;
300 	up_write(&nvmet_config_sem);
301 }
302 EXPORT_SYMBOL_GPL(nvmet_unregister_transport);
303 
304 void nvmet_port_del_ctrls(struct nvmet_port *port, struct nvmet_subsys *subsys)
305 {
306 	struct nvmet_ctrl *ctrl;
307 
308 	mutex_lock(&subsys->lock);
309 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
310 		if (ctrl->port == port)
311 			ctrl->ops->delete_ctrl(ctrl);
312 	}
313 	mutex_unlock(&subsys->lock);
314 }
315 
316 int nvmet_enable_port(struct nvmet_port *port)
317 {
318 	const struct nvmet_fabrics_ops *ops;
319 	int ret;
320 
321 	lockdep_assert_held(&nvmet_config_sem);
322 
323 	ops = nvmet_transports[port->disc_addr.trtype];
324 	if (!ops) {
325 		up_write(&nvmet_config_sem);
326 		request_module("nvmet-transport-%d", port->disc_addr.trtype);
327 		down_write(&nvmet_config_sem);
328 		ops = nvmet_transports[port->disc_addr.trtype];
329 		if (!ops) {
330 			pr_err("transport type %d not supported\n",
331 				port->disc_addr.trtype);
332 			return -EINVAL;
333 		}
334 	}
335 
336 	if (!try_module_get(ops->owner))
337 		return -EINVAL;
338 
339 	/*
340 	 * If the user requested PI support and the transport isn't pi capable,
341 	 * don't enable the port.
342 	 */
343 	if (port->pi_enable && !(ops->flags & NVMF_METADATA_SUPPORTED)) {
344 		pr_err("T10-PI is not supported by transport type %d\n",
345 		       port->disc_addr.trtype);
346 		ret = -EINVAL;
347 		goto out_put;
348 	}
349 
350 	ret = ops->add_port(port);
351 	if (ret)
352 		goto out_put;
353 
354 	/* If the transport didn't set inline_data_size, then disable it. */
355 	if (port->inline_data_size < 0)
356 		port->inline_data_size = 0;
357 
358 	port->enabled = true;
359 	port->tr_ops = ops;
360 	return 0;
361 
362 out_put:
363 	module_put(ops->owner);
364 	return ret;
365 }
366 
367 void nvmet_disable_port(struct nvmet_port *port)
368 {
369 	const struct nvmet_fabrics_ops *ops;
370 
371 	lockdep_assert_held(&nvmet_config_sem);
372 
373 	port->enabled = false;
374 	port->tr_ops = NULL;
375 
376 	ops = nvmet_transports[port->disc_addr.trtype];
377 	ops->remove_port(port);
378 	module_put(ops->owner);
379 }
380 
381 static void nvmet_keep_alive_timer(struct work_struct *work)
382 {
383 	struct nvmet_ctrl *ctrl = container_of(to_delayed_work(work),
384 			struct nvmet_ctrl, ka_work);
385 	bool reset_tbkas = ctrl->reset_tbkas;
386 
387 	ctrl->reset_tbkas = false;
388 	if (reset_tbkas) {
389 		pr_debug("ctrl %d reschedule traffic based keep-alive timer\n",
390 			ctrl->cntlid);
391 		queue_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
392 		return;
393 	}
394 
395 	pr_err("ctrl %d keep-alive timer (%d seconds) expired!\n",
396 		ctrl->cntlid, ctrl->kato);
397 
398 	nvmet_ctrl_fatal_error(ctrl);
399 }
400 
401 void nvmet_start_keep_alive_timer(struct nvmet_ctrl *ctrl)
402 {
403 	if (unlikely(ctrl->kato == 0))
404 		return;
405 
406 	pr_debug("ctrl %d start keep-alive timer for %d secs\n",
407 		ctrl->cntlid, ctrl->kato);
408 
409 	queue_delayed_work(nvmet_wq, &ctrl->ka_work, ctrl->kato * HZ);
410 }
411 
412 void nvmet_stop_keep_alive_timer(struct nvmet_ctrl *ctrl)
413 {
414 	if (unlikely(ctrl->kato == 0))
415 		return;
416 
417 	pr_debug("ctrl %d stop keep-alive\n", ctrl->cntlid);
418 
419 	cancel_delayed_work_sync(&ctrl->ka_work);
420 }
421 
422 u16 nvmet_req_find_ns(struct nvmet_req *req)
423 {
424 	u32 nsid = le32_to_cpu(req->cmd->common.nsid);
425 
426 	req->ns = xa_load(&nvmet_req_subsys(req)->namespaces, nsid);
427 	if (unlikely(!req->ns)) {
428 		req->error_loc = offsetof(struct nvme_common_command, nsid);
429 		return NVME_SC_INVALID_NS | NVME_SC_DNR;
430 	}
431 
432 	percpu_ref_get(&req->ns->ref);
433 	return NVME_SC_SUCCESS;
434 }
435 
436 static void nvmet_destroy_namespace(struct percpu_ref *ref)
437 {
438 	struct nvmet_ns *ns = container_of(ref, struct nvmet_ns, ref);
439 
440 	complete(&ns->disable_done);
441 }
442 
443 void nvmet_put_namespace(struct nvmet_ns *ns)
444 {
445 	percpu_ref_put(&ns->ref);
446 }
447 
448 static void nvmet_ns_dev_disable(struct nvmet_ns *ns)
449 {
450 	nvmet_bdev_ns_disable(ns);
451 	nvmet_file_ns_disable(ns);
452 }
453 
454 static int nvmet_p2pmem_ns_enable(struct nvmet_ns *ns)
455 {
456 	int ret;
457 	struct pci_dev *p2p_dev;
458 
459 	if (!ns->use_p2pmem)
460 		return 0;
461 
462 	if (!ns->bdev) {
463 		pr_err("peer-to-peer DMA is not supported by non-block device namespaces\n");
464 		return -EINVAL;
465 	}
466 
467 	if (!blk_queue_pci_p2pdma(ns->bdev->bd_disk->queue)) {
468 		pr_err("peer-to-peer DMA is not supported by the driver of %s\n",
469 		       ns->device_path);
470 		return -EINVAL;
471 	}
472 
473 	if (ns->p2p_dev) {
474 		ret = pci_p2pdma_distance(ns->p2p_dev, nvmet_ns_dev(ns), true);
475 		if (ret < 0)
476 			return -EINVAL;
477 	} else {
478 		/*
479 		 * Right now we just check that there is p2pmem available so
480 		 * we can report an error to the user right away if there
481 		 * is not. We'll find the actual device to use once we
482 		 * setup the controller when the port's device is available.
483 		 */
484 
485 		p2p_dev = pci_p2pmem_find(nvmet_ns_dev(ns));
486 		if (!p2p_dev) {
487 			pr_err("no peer-to-peer memory is available for %s\n",
488 			       ns->device_path);
489 			return -EINVAL;
490 		}
491 
492 		pci_dev_put(p2p_dev);
493 	}
494 
495 	return 0;
496 }
497 
498 /*
499  * Note: ctrl->subsys->lock should be held when calling this function
500  */
501 static void nvmet_p2pmem_ns_add_p2p(struct nvmet_ctrl *ctrl,
502 				    struct nvmet_ns *ns)
503 {
504 	struct device *clients[2];
505 	struct pci_dev *p2p_dev;
506 	int ret;
507 
508 	if (!ctrl->p2p_client || !ns->use_p2pmem)
509 		return;
510 
511 	if (ns->p2p_dev) {
512 		ret = pci_p2pdma_distance(ns->p2p_dev, ctrl->p2p_client, true);
513 		if (ret < 0)
514 			return;
515 
516 		p2p_dev = pci_dev_get(ns->p2p_dev);
517 	} else {
518 		clients[0] = ctrl->p2p_client;
519 		clients[1] = nvmet_ns_dev(ns);
520 
521 		p2p_dev = pci_p2pmem_find_many(clients, ARRAY_SIZE(clients));
522 		if (!p2p_dev) {
523 			pr_err("no peer-to-peer memory is available that's supported by %s and %s\n",
524 			       dev_name(ctrl->p2p_client), ns->device_path);
525 			return;
526 		}
527 	}
528 
529 	ret = radix_tree_insert(&ctrl->p2p_ns_map, ns->nsid, p2p_dev);
530 	if (ret < 0)
531 		pci_dev_put(p2p_dev);
532 
533 	pr_info("using p2pmem on %s for nsid %d\n", pci_name(p2p_dev),
534 		ns->nsid);
535 }
536 
537 bool nvmet_ns_revalidate(struct nvmet_ns *ns)
538 {
539 	loff_t oldsize = ns->size;
540 
541 	if (ns->bdev)
542 		nvmet_bdev_ns_revalidate(ns);
543 	else
544 		nvmet_file_ns_revalidate(ns);
545 
546 	return oldsize != ns->size;
547 }
548 
549 int nvmet_ns_enable(struct nvmet_ns *ns)
550 {
551 	struct nvmet_subsys *subsys = ns->subsys;
552 	struct nvmet_ctrl *ctrl;
553 	int ret;
554 
555 	mutex_lock(&subsys->lock);
556 	ret = 0;
557 
558 	if (nvmet_is_passthru_subsys(subsys)) {
559 		pr_info("cannot enable both passthru and regular namespaces for a single subsystem");
560 		goto out_unlock;
561 	}
562 
563 	if (ns->enabled)
564 		goto out_unlock;
565 
566 	ret = -EMFILE;
567 	if (subsys->nr_namespaces == NVMET_MAX_NAMESPACES)
568 		goto out_unlock;
569 
570 	ret = nvmet_bdev_ns_enable(ns);
571 	if (ret == -ENOTBLK)
572 		ret = nvmet_file_ns_enable(ns);
573 	if (ret)
574 		goto out_unlock;
575 
576 	ret = nvmet_p2pmem_ns_enable(ns);
577 	if (ret)
578 		goto out_dev_disable;
579 
580 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
581 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
582 
583 	ret = percpu_ref_init(&ns->ref, nvmet_destroy_namespace,
584 				0, GFP_KERNEL);
585 	if (ret)
586 		goto out_dev_put;
587 
588 	if (ns->nsid > subsys->max_nsid)
589 		subsys->max_nsid = ns->nsid;
590 
591 	ret = xa_insert(&subsys->namespaces, ns->nsid, ns, GFP_KERNEL);
592 	if (ret)
593 		goto out_restore_subsys_maxnsid;
594 
595 	subsys->nr_namespaces++;
596 
597 	nvmet_ns_changed(subsys, ns->nsid);
598 	ns->enabled = true;
599 	ret = 0;
600 out_unlock:
601 	mutex_unlock(&subsys->lock);
602 	return ret;
603 
604 out_restore_subsys_maxnsid:
605 	subsys->max_nsid = nvmet_max_nsid(subsys);
606 	percpu_ref_exit(&ns->ref);
607 out_dev_put:
608 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
609 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
610 out_dev_disable:
611 	nvmet_ns_dev_disable(ns);
612 	goto out_unlock;
613 }
614 
615 void nvmet_ns_disable(struct nvmet_ns *ns)
616 {
617 	struct nvmet_subsys *subsys = ns->subsys;
618 	struct nvmet_ctrl *ctrl;
619 
620 	mutex_lock(&subsys->lock);
621 	if (!ns->enabled)
622 		goto out_unlock;
623 
624 	ns->enabled = false;
625 	xa_erase(&ns->subsys->namespaces, ns->nsid);
626 	if (ns->nsid == subsys->max_nsid)
627 		subsys->max_nsid = nvmet_max_nsid(subsys);
628 
629 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
630 		pci_dev_put(radix_tree_delete(&ctrl->p2p_ns_map, ns->nsid));
631 
632 	mutex_unlock(&subsys->lock);
633 
634 	/*
635 	 * Now that we removed the namespaces from the lookup list, we
636 	 * can kill the per_cpu ref and wait for any remaining references
637 	 * to be dropped, as well as a RCU grace period for anyone only
638 	 * using the namepace under rcu_read_lock().  Note that we can't
639 	 * use call_rcu here as we need to ensure the namespaces have
640 	 * been fully destroyed before unloading the module.
641 	 */
642 	percpu_ref_kill(&ns->ref);
643 	synchronize_rcu();
644 	wait_for_completion(&ns->disable_done);
645 	percpu_ref_exit(&ns->ref);
646 
647 	mutex_lock(&subsys->lock);
648 
649 	subsys->nr_namespaces--;
650 	nvmet_ns_changed(subsys, ns->nsid);
651 	nvmet_ns_dev_disable(ns);
652 out_unlock:
653 	mutex_unlock(&subsys->lock);
654 }
655 
656 void nvmet_ns_free(struct nvmet_ns *ns)
657 {
658 	nvmet_ns_disable(ns);
659 
660 	down_write(&nvmet_ana_sem);
661 	nvmet_ana_group_enabled[ns->anagrpid]--;
662 	up_write(&nvmet_ana_sem);
663 
664 	kfree(ns->device_path);
665 	kfree(ns);
666 }
667 
668 struct nvmet_ns *nvmet_ns_alloc(struct nvmet_subsys *subsys, u32 nsid)
669 {
670 	struct nvmet_ns *ns;
671 
672 	ns = kzalloc(sizeof(*ns), GFP_KERNEL);
673 	if (!ns)
674 		return NULL;
675 
676 	init_completion(&ns->disable_done);
677 
678 	ns->nsid = nsid;
679 	ns->subsys = subsys;
680 
681 	down_write(&nvmet_ana_sem);
682 	ns->anagrpid = NVMET_DEFAULT_ANA_GRPID;
683 	nvmet_ana_group_enabled[ns->anagrpid]++;
684 	up_write(&nvmet_ana_sem);
685 
686 	uuid_gen(&ns->uuid);
687 	ns->buffered_io = false;
688 	ns->csi = NVME_CSI_NVM;
689 
690 	return ns;
691 }
692 
693 static void nvmet_update_sq_head(struct nvmet_req *req)
694 {
695 	if (req->sq->size) {
696 		u32 old_sqhd, new_sqhd;
697 
698 		do {
699 			old_sqhd = req->sq->sqhd;
700 			new_sqhd = (old_sqhd + 1) % req->sq->size;
701 		} while (cmpxchg(&req->sq->sqhd, old_sqhd, new_sqhd) !=
702 					old_sqhd);
703 	}
704 	req->cqe->sq_head = cpu_to_le16(req->sq->sqhd & 0x0000FFFF);
705 }
706 
707 static void nvmet_set_error(struct nvmet_req *req, u16 status)
708 {
709 	struct nvmet_ctrl *ctrl = req->sq->ctrl;
710 	struct nvme_error_slot *new_error_slot;
711 	unsigned long flags;
712 
713 	req->cqe->status = cpu_to_le16(status << 1);
714 
715 	if (!ctrl || req->error_loc == NVMET_NO_ERROR_LOC)
716 		return;
717 
718 	spin_lock_irqsave(&ctrl->error_lock, flags);
719 	ctrl->err_counter++;
720 	new_error_slot =
721 		&ctrl->slots[ctrl->err_counter % NVMET_ERROR_LOG_SLOTS];
722 
723 	new_error_slot->error_count = cpu_to_le64(ctrl->err_counter);
724 	new_error_slot->sqid = cpu_to_le16(req->sq->qid);
725 	new_error_slot->cmdid = cpu_to_le16(req->cmd->common.command_id);
726 	new_error_slot->status_field = cpu_to_le16(status << 1);
727 	new_error_slot->param_error_location = cpu_to_le16(req->error_loc);
728 	new_error_slot->lba = cpu_to_le64(req->error_slba);
729 	new_error_slot->nsid = req->cmd->common.nsid;
730 	spin_unlock_irqrestore(&ctrl->error_lock, flags);
731 
732 	/* set the more bit for this request */
733 	req->cqe->status |= cpu_to_le16(1 << 14);
734 }
735 
736 static void __nvmet_req_complete(struct nvmet_req *req, u16 status)
737 {
738 	struct nvmet_ns *ns = req->ns;
739 
740 	if (!req->sq->sqhd_disabled)
741 		nvmet_update_sq_head(req);
742 	req->cqe->sq_id = cpu_to_le16(req->sq->qid);
743 	req->cqe->command_id = req->cmd->common.command_id;
744 
745 	if (unlikely(status))
746 		nvmet_set_error(req, status);
747 
748 	trace_nvmet_req_complete(req);
749 
750 	req->ops->queue_response(req);
751 	if (ns)
752 		nvmet_put_namespace(ns);
753 }
754 
755 void nvmet_req_complete(struct nvmet_req *req, u16 status)
756 {
757 	__nvmet_req_complete(req, status);
758 	percpu_ref_put(&req->sq->ref);
759 }
760 EXPORT_SYMBOL_GPL(nvmet_req_complete);
761 
762 void nvmet_cq_setup(struct nvmet_ctrl *ctrl, struct nvmet_cq *cq,
763 		u16 qid, u16 size)
764 {
765 	cq->qid = qid;
766 	cq->size = size;
767 }
768 
769 void nvmet_sq_setup(struct nvmet_ctrl *ctrl, struct nvmet_sq *sq,
770 		u16 qid, u16 size)
771 {
772 	sq->sqhd = 0;
773 	sq->qid = qid;
774 	sq->size = size;
775 
776 	ctrl->sqs[qid] = sq;
777 }
778 
779 static void nvmet_confirm_sq(struct percpu_ref *ref)
780 {
781 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
782 
783 	complete(&sq->confirm_done);
784 }
785 
786 void nvmet_sq_destroy(struct nvmet_sq *sq)
787 {
788 	struct nvmet_ctrl *ctrl = sq->ctrl;
789 
790 	/*
791 	 * If this is the admin queue, complete all AERs so that our
792 	 * queue doesn't have outstanding requests on it.
793 	 */
794 	if (ctrl && ctrl->sqs && ctrl->sqs[0] == sq)
795 		nvmet_async_events_failall(ctrl);
796 	percpu_ref_kill_and_confirm(&sq->ref, nvmet_confirm_sq);
797 	wait_for_completion(&sq->confirm_done);
798 	wait_for_completion(&sq->free_done);
799 	percpu_ref_exit(&sq->ref);
800 	nvmet_auth_sq_free(sq);
801 
802 	if (ctrl) {
803 		/*
804 		 * The teardown flow may take some time, and the host may not
805 		 * send us keep-alive during this period, hence reset the
806 		 * traffic based keep-alive timer so we don't trigger a
807 		 * controller teardown as a result of a keep-alive expiration.
808 		 */
809 		ctrl->reset_tbkas = true;
810 		sq->ctrl->sqs[sq->qid] = NULL;
811 		nvmet_ctrl_put(ctrl);
812 		sq->ctrl = NULL; /* allows reusing the queue later */
813 	}
814 }
815 EXPORT_SYMBOL_GPL(nvmet_sq_destroy);
816 
817 static void nvmet_sq_free(struct percpu_ref *ref)
818 {
819 	struct nvmet_sq *sq = container_of(ref, struct nvmet_sq, ref);
820 
821 	complete(&sq->free_done);
822 }
823 
824 int nvmet_sq_init(struct nvmet_sq *sq)
825 {
826 	int ret;
827 
828 	ret = percpu_ref_init(&sq->ref, nvmet_sq_free, 0, GFP_KERNEL);
829 	if (ret) {
830 		pr_err("percpu_ref init failed!\n");
831 		return ret;
832 	}
833 	init_completion(&sq->free_done);
834 	init_completion(&sq->confirm_done);
835 	nvmet_auth_sq_init(sq);
836 
837 	return 0;
838 }
839 EXPORT_SYMBOL_GPL(nvmet_sq_init);
840 
841 static inline u16 nvmet_check_ana_state(struct nvmet_port *port,
842 		struct nvmet_ns *ns)
843 {
844 	enum nvme_ana_state state = port->ana_state[ns->anagrpid];
845 
846 	if (unlikely(state == NVME_ANA_INACCESSIBLE))
847 		return NVME_SC_ANA_INACCESSIBLE;
848 	if (unlikely(state == NVME_ANA_PERSISTENT_LOSS))
849 		return NVME_SC_ANA_PERSISTENT_LOSS;
850 	if (unlikely(state == NVME_ANA_CHANGE))
851 		return NVME_SC_ANA_TRANSITION;
852 	return 0;
853 }
854 
855 static inline u16 nvmet_io_cmd_check_access(struct nvmet_req *req)
856 {
857 	if (unlikely(req->ns->readonly)) {
858 		switch (req->cmd->common.opcode) {
859 		case nvme_cmd_read:
860 		case nvme_cmd_flush:
861 			break;
862 		default:
863 			return NVME_SC_NS_WRITE_PROTECTED;
864 		}
865 	}
866 
867 	return 0;
868 }
869 
870 static u16 nvmet_parse_io_cmd(struct nvmet_req *req)
871 {
872 	struct nvme_command *cmd = req->cmd;
873 	u16 ret;
874 
875 	if (nvme_is_fabrics(cmd))
876 		return nvmet_parse_fabrics_io_cmd(req);
877 
878 	if (unlikely(!nvmet_check_auth_status(req)))
879 		return NVME_SC_AUTH_REQUIRED | NVME_SC_DNR;
880 
881 	ret = nvmet_check_ctrl_status(req);
882 	if (unlikely(ret))
883 		return ret;
884 
885 	if (nvmet_is_passthru_req(req))
886 		return nvmet_parse_passthru_io_cmd(req);
887 
888 	ret = nvmet_req_find_ns(req);
889 	if (unlikely(ret))
890 		return ret;
891 
892 	ret = nvmet_check_ana_state(req->port, req->ns);
893 	if (unlikely(ret)) {
894 		req->error_loc = offsetof(struct nvme_common_command, nsid);
895 		return ret;
896 	}
897 	ret = nvmet_io_cmd_check_access(req);
898 	if (unlikely(ret)) {
899 		req->error_loc = offsetof(struct nvme_common_command, nsid);
900 		return ret;
901 	}
902 
903 	switch (req->ns->csi) {
904 	case NVME_CSI_NVM:
905 		if (req->ns->file)
906 			return nvmet_file_parse_io_cmd(req);
907 		return nvmet_bdev_parse_io_cmd(req);
908 	case NVME_CSI_ZNS:
909 		if (IS_ENABLED(CONFIG_BLK_DEV_ZONED))
910 			return nvmet_bdev_zns_parse_io_cmd(req);
911 		return NVME_SC_INVALID_IO_CMD_SET;
912 	default:
913 		return NVME_SC_INVALID_IO_CMD_SET;
914 	}
915 }
916 
917 bool nvmet_req_init(struct nvmet_req *req, struct nvmet_cq *cq,
918 		struct nvmet_sq *sq, const struct nvmet_fabrics_ops *ops)
919 {
920 	u8 flags = req->cmd->common.flags;
921 	u16 status;
922 
923 	req->cq = cq;
924 	req->sq = sq;
925 	req->ops = ops;
926 	req->sg = NULL;
927 	req->metadata_sg = NULL;
928 	req->sg_cnt = 0;
929 	req->metadata_sg_cnt = 0;
930 	req->transfer_len = 0;
931 	req->metadata_len = 0;
932 	req->cqe->status = 0;
933 	req->cqe->sq_head = 0;
934 	req->ns = NULL;
935 	req->error_loc = NVMET_NO_ERROR_LOC;
936 	req->error_slba = 0;
937 
938 	/* no support for fused commands yet */
939 	if (unlikely(flags & (NVME_CMD_FUSE_FIRST | NVME_CMD_FUSE_SECOND))) {
940 		req->error_loc = offsetof(struct nvme_common_command, flags);
941 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
942 		goto fail;
943 	}
944 
945 	/*
946 	 * For fabrics, PSDT field shall describe metadata pointer (MPTR) that
947 	 * contains an address of a single contiguous physical buffer that is
948 	 * byte aligned.
949 	 */
950 	if (unlikely((flags & NVME_CMD_SGL_ALL) != NVME_CMD_SGL_METABUF)) {
951 		req->error_loc = offsetof(struct nvme_common_command, flags);
952 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
953 		goto fail;
954 	}
955 
956 	if (unlikely(!req->sq->ctrl))
957 		/* will return an error for any non-connect command: */
958 		status = nvmet_parse_connect_cmd(req);
959 	else if (likely(req->sq->qid != 0))
960 		status = nvmet_parse_io_cmd(req);
961 	else
962 		status = nvmet_parse_admin_cmd(req);
963 
964 	if (status)
965 		goto fail;
966 
967 	trace_nvmet_req_init(req, req->cmd);
968 
969 	if (unlikely(!percpu_ref_tryget_live(&sq->ref))) {
970 		status = NVME_SC_INVALID_FIELD | NVME_SC_DNR;
971 		goto fail;
972 	}
973 
974 	if (sq->ctrl)
975 		sq->ctrl->reset_tbkas = true;
976 
977 	return true;
978 
979 fail:
980 	__nvmet_req_complete(req, status);
981 	return false;
982 }
983 EXPORT_SYMBOL_GPL(nvmet_req_init);
984 
985 void nvmet_req_uninit(struct nvmet_req *req)
986 {
987 	percpu_ref_put(&req->sq->ref);
988 	if (req->ns)
989 		nvmet_put_namespace(req->ns);
990 }
991 EXPORT_SYMBOL_GPL(nvmet_req_uninit);
992 
993 bool nvmet_check_transfer_len(struct nvmet_req *req, size_t len)
994 {
995 	if (unlikely(len != req->transfer_len)) {
996 		req->error_loc = offsetof(struct nvme_common_command, dptr);
997 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR);
998 		return false;
999 	}
1000 
1001 	return true;
1002 }
1003 EXPORT_SYMBOL_GPL(nvmet_check_transfer_len);
1004 
1005 bool nvmet_check_data_len_lte(struct nvmet_req *req, size_t data_len)
1006 {
1007 	if (unlikely(data_len > req->transfer_len)) {
1008 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1009 		nvmet_req_complete(req, NVME_SC_SGL_INVALID_DATA | NVME_SC_DNR);
1010 		return false;
1011 	}
1012 
1013 	return true;
1014 }
1015 
1016 static unsigned int nvmet_data_transfer_len(struct nvmet_req *req)
1017 {
1018 	return req->transfer_len - req->metadata_len;
1019 }
1020 
1021 static int nvmet_req_alloc_p2pmem_sgls(struct pci_dev *p2p_dev,
1022 		struct nvmet_req *req)
1023 {
1024 	req->sg = pci_p2pmem_alloc_sgl(p2p_dev, &req->sg_cnt,
1025 			nvmet_data_transfer_len(req));
1026 	if (!req->sg)
1027 		goto out_err;
1028 
1029 	if (req->metadata_len) {
1030 		req->metadata_sg = pci_p2pmem_alloc_sgl(p2p_dev,
1031 				&req->metadata_sg_cnt, req->metadata_len);
1032 		if (!req->metadata_sg)
1033 			goto out_free_sg;
1034 	}
1035 
1036 	req->p2p_dev = p2p_dev;
1037 
1038 	return 0;
1039 out_free_sg:
1040 	pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1041 out_err:
1042 	return -ENOMEM;
1043 }
1044 
1045 static struct pci_dev *nvmet_req_find_p2p_dev(struct nvmet_req *req)
1046 {
1047 	if (!IS_ENABLED(CONFIG_PCI_P2PDMA) ||
1048 	    !req->sq->ctrl || !req->sq->qid || !req->ns)
1049 		return NULL;
1050 	return radix_tree_lookup(&req->sq->ctrl->p2p_ns_map, req->ns->nsid);
1051 }
1052 
1053 int nvmet_req_alloc_sgls(struct nvmet_req *req)
1054 {
1055 	struct pci_dev *p2p_dev = nvmet_req_find_p2p_dev(req);
1056 
1057 	if (p2p_dev && !nvmet_req_alloc_p2pmem_sgls(p2p_dev, req))
1058 		return 0;
1059 
1060 	req->sg = sgl_alloc(nvmet_data_transfer_len(req), GFP_KERNEL,
1061 			    &req->sg_cnt);
1062 	if (unlikely(!req->sg))
1063 		goto out;
1064 
1065 	if (req->metadata_len) {
1066 		req->metadata_sg = sgl_alloc(req->metadata_len, GFP_KERNEL,
1067 					     &req->metadata_sg_cnt);
1068 		if (unlikely(!req->metadata_sg))
1069 			goto out_free;
1070 	}
1071 
1072 	return 0;
1073 out_free:
1074 	sgl_free(req->sg);
1075 out:
1076 	return -ENOMEM;
1077 }
1078 EXPORT_SYMBOL_GPL(nvmet_req_alloc_sgls);
1079 
1080 void nvmet_req_free_sgls(struct nvmet_req *req)
1081 {
1082 	if (req->p2p_dev) {
1083 		pci_p2pmem_free_sgl(req->p2p_dev, req->sg);
1084 		if (req->metadata_sg)
1085 			pci_p2pmem_free_sgl(req->p2p_dev, req->metadata_sg);
1086 		req->p2p_dev = NULL;
1087 	} else {
1088 		sgl_free(req->sg);
1089 		if (req->metadata_sg)
1090 			sgl_free(req->metadata_sg);
1091 	}
1092 
1093 	req->sg = NULL;
1094 	req->metadata_sg = NULL;
1095 	req->sg_cnt = 0;
1096 	req->metadata_sg_cnt = 0;
1097 }
1098 EXPORT_SYMBOL_GPL(nvmet_req_free_sgls);
1099 
1100 static inline bool nvmet_cc_en(u32 cc)
1101 {
1102 	return (cc >> NVME_CC_EN_SHIFT) & 0x1;
1103 }
1104 
1105 static inline u8 nvmet_cc_css(u32 cc)
1106 {
1107 	return (cc >> NVME_CC_CSS_SHIFT) & 0x7;
1108 }
1109 
1110 static inline u8 nvmet_cc_mps(u32 cc)
1111 {
1112 	return (cc >> NVME_CC_MPS_SHIFT) & 0xf;
1113 }
1114 
1115 static inline u8 nvmet_cc_ams(u32 cc)
1116 {
1117 	return (cc >> NVME_CC_AMS_SHIFT) & 0x7;
1118 }
1119 
1120 static inline u8 nvmet_cc_shn(u32 cc)
1121 {
1122 	return (cc >> NVME_CC_SHN_SHIFT) & 0x3;
1123 }
1124 
1125 static inline u8 nvmet_cc_iosqes(u32 cc)
1126 {
1127 	return (cc >> NVME_CC_IOSQES_SHIFT) & 0xf;
1128 }
1129 
1130 static inline u8 nvmet_cc_iocqes(u32 cc)
1131 {
1132 	return (cc >> NVME_CC_IOCQES_SHIFT) & 0xf;
1133 }
1134 
1135 static inline bool nvmet_css_supported(u8 cc_css)
1136 {
1137 	switch (cc_css << NVME_CC_CSS_SHIFT) {
1138 	case NVME_CC_CSS_NVM:
1139 	case NVME_CC_CSS_CSI:
1140 		return true;
1141 	default:
1142 		return false;
1143 	}
1144 }
1145 
1146 static void nvmet_start_ctrl(struct nvmet_ctrl *ctrl)
1147 {
1148 	lockdep_assert_held(&ctrl->lock);
1149 
1150 	/*
1151 	 * Only I/O controllers should verify iosqes,iocqes.
1152 	 * Strictly speaking, the spec says a discovery controller
1153 	 * should verify iosqes,iocqes are zeroed, however that
1154 	 * would break backwards compatibility, so don't enforce it.
1155 	 */
1156 	if (!nvmet_is_disc_subsys(ctrl->subsys) &&
1157 	    (nvmet_cc_iosqes(ctrl->cc) != NVME_NVM_IOSQES ||
1158 	     nvmet_cc_iocqes(ctrl->cc) != NVME_NVM_IOCQES)) {
1159 		ctrl->csts = NVME_CSTS_CFS;
1160 		return;
1161 	}
1162 
1163 	if (nvmet_cc_mps(ctrl->cc) != 0 ||
1164 	    nvmet_cc_ams(ctrl->cc) != 0 ||
1165 	    !nvmet_css_supported(nvmet_cc_css(ctrl->cc))) {
1166 		ctrl->csts = NVME_CSTS_CFS;
1167 		return;
1168 	}
1169 
1170 	ctrl->csts = NVME_CSTS_RDY;
1171 
1172 	/*
1173 	 * Controllers that are not yet enabled should not really enforce the
1174 	 * keep alive timeout, but we still want to track a timeout and cleanup
1175 	 * in case a host died before it enabled the controller.  Hence, simply
1176 	 * reset the keep alive timer when the controller is enabled.
1177 	 */
1178 	if (ctrl->kato)
1179 		mod_delayed_work(system_wq, &ctrl->ka_work, ctrl->kato * HZ);
1180 }
1181 
1182 static void nvmet_clear_ctrl(struct nvmet_ctrl *ctrl)
1183 {
1184 	lockdep_assert_held(&ctrl->lock);
1185 
1186 	/* XXX: tear down queues? */
1187 	ctrl->csts &= ~NVME_CSTS_RDY;
1188 	ctrl->cc = 0;
1189 }
1190 
1191 void nvmet_update_cc(struct nvmet_ctrl *ctrl, u32 new)
1192 {
1193 	u32 old;
1194 
1195 	mutex_lock(&ctrl->lock);
1196 	old = ctrl->cc;
1197 	ctrl->cc = new;
1198 
1199 	if (nvmet_cc_en(new) && !nvmet_cc_en(old))
1200 		nvmet_start_ctrl(ctrl);
1201 	if (!nvmet_cc_en(new) && nvmet_cc_en(old))
1202 		nvmet_clear_ctrl(ctrl);
1203 	if (nvmet_cc_shn(new) && !nvmet_cc_shn(old)) {
1204 		nvmet_clear_ctrl(ctrl);
1205 		ctrl->csts |= NVME_CSTS_SHST_CMPLT;
1206 	}
1207 	if (!nvmet_cc_shn(new) && nvmet_cc_shn(old))
1208 		ctrl->csts &= ~NVME_CSTS_SHST_CMPLT;
1209 	mutex_unlock(&ctrl->lock);
1210 }
1211 
1212 static void nvmet_init_cap(struct nvmet_ctrl *ctrl)
1213 {
1214 	/* command sets supported: NVMe command set: */
1215 	ctrl->cap = (1ULL << 37);
1216 	/* Controller supports one or more I/O Command Sets */
1217 	ctrl->cap |= (1ULL << 43);
1218 	/* CC.EN timeout in 500msec units: */
1219 	ctrl->cap |= (15ULL << 24);
1220 	/* maximum queue entries supported: */
1221 	if (ctrl->ops->get_max_queue_size)
1222 		ctrl->cap |= ctrl->ops->get_max_queue_size(ctrl) - 1;
1223 	else
1224 		ctrl->cap |= NVMET_QUEUE_SIZE - 1;
1225 
1226 	if (nvmet_is_passthru_subsys(ctrl->subsys))
1227 		nvmet_passthrough_override_cap(ctrl);
1228 }
1229 
1230 struct nvmet_ctrl *nvmet_ctrl_find_get(const char *subsysnqn,
1231 				       const char *hostnqn, u16 cntlid,
1232 				       struct nvmet_req *req)
1233 {
1234 	struct nvmet_ctrl *ctrl = NULL;
1235 	struct nvmet_subsys *subsys;
1236 
1237 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1238 	if (!subsys) {
1239 		pr_warn("connect request for invalid subsystem %s!\n",
1240 			subsysnqn);
1241 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1242 		goto out;
1243 	}
1244 
1245 	mutex_lock(&subsys->lock);
1246 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry) {
1247 		if (ctrl->cntlid == cntlid) {
1248 			if (strncmp(hostnqn, ctrl->hostnqn, NVMF_NQN_SIZE)) {
1249 				pr_warn("hostnqn mismatch.\n");
1250 				continue;
1251 			}
1252 			if (!kref_get_unless_zero(&ctrl->ref))
1253 				continue;
1254 
1255 			/* ctrl found */
1256 			goto found;
1257 		}
1258 	}
1259 
1260 	ctrl = NULL; /* ctrl not found */
1261 	pr_warn("could not find controller %d for subsys %s / host %s\n",
1262 		cntlid, subsysnqn, hostnqn);
1263 	req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(cntlid);
1264 
1265 found:
1266 	mutex_unlock(&subsys->lock);
1267 	nvmet_subsys_put(subsys);
1268 out:
1269 	return ctrl;
1270 }
1271 
1272 u16 nvmet_check_ctrl_status(struct nvmet_req *req)
1273 {
1274 	if (unlikely(!(req->sq->ctrl->cc & NVME_CC_ENABLE))) {
1275 		pr_err("got cmd %d while CC.EN == 0 on qid = %d\n",
1276 		       req->cmd->common.opcode, req->sq->qid);
1277 		return NVME_SC_CMD_SEQ_ERROR | NVME_SC_DNR;
1278 	}
1279 
1280 	if (unlikely(!(req->sq->ctrl->csts & NVME_CSTS_RDY))) {
1281 		pr_err("got cmd %d while CSTS.RDY == 0 on qid = %d\n",
1282 		       req->cmd->common.opcode, req->sq->qid);
1283 		return NVME_SC_CMD_SEQ_ERROR | NVME_SC_DNR;
1284 	}
1285 
1286 	if (unlikely(!nvmet_check_auth_status(req))) {
1287 		pr_warn("qid %d not authenticated\n", req->sq->qid);
1288 		return NVME_SC_AUTH_REQUIRED | NVME_SC_DNR;
1289 	}
1290 	return 0;
1291 }
1292 
1293 bool nvmet_host_allowed(struct nvmet_subsys *subsys, const char *hostnqn)
1294 {
1295 	struct nvmet_host_link *p;
1296 
1297 	lockdep_assert_held(&nvmet_config_sem);
1298 
1299 	if (subsys->allow_any_host)
1300 		return true;
1301 
1302 	if (nvmet_is_disc_subsys(subsys)) /* allow all access to disc subsys */
1303 		return true;
1304 
1305 	list_for_each_entry(p, &subsys->hosts, entry) {
1306 		if (!strcmp(nvmet_host_name(p->host), hostnqn))
1307 			return true;
1308 	}
1309 
1310 	return false;
1311 }
1312 
1313 /*
1314  * Note: ctrl->subsys->lock should be held when calling this function
1315  */
1316 static void nvmet_setup_p2p_ns_map(struct nvmet_ctrl *ctrl,
1317 		struct nvmet_req *req)
1318 {
1319 	struct nvmet_ns *ns;
1320 	unsigned long idx;
1321 
1322 	if (!req->p2p_client)
1323 		return;
1324 
1325 	ctrl->p2p_client = get_device(req->p2p_client);
1326 
1327 	xa_for_each(&ctrl->subsys->namespaces, idx, ns)
1328 		nvmet_p2pmem_ns_add_p2p(ctrl, ns);
1329 }
1330 
1331 /*
1332  * Note: ctrl->subsys->lock should be held when calling this function
1333  */
1334 static void nvmet_release_p2p_ns_map(struct nvmet_ctrl *ctrl)
1335 {
1336 	struct radix_tree_iter iter;
1337 	void __rcu **slot;
1338 
1339 	radix_tree_for_each_slot(slot, &ctrl->p2p_ns_map, &iter, 0)
1340 		pci_dev_put(radix_tree_deref_slot(slot));
1341 
1342 	put_device(ctrl->p2p_client);
1343 }
1344 
1345 static void nvmet_fatal_error_handler(struct work_struct *work)
1346 {
1347 	struct nvmet_ctrl *ctrl =
1348 			container_of(work, struct nvmet_ctrl, fatal_err_work);
1349 
1350 	pr_err("ctrl %d fatal error occurred!\n", ctrl->cntlid);
1351 	ctrl->ops->delete_ctrl(ctrl);
1352 }
1353 
1354 u16 nvmet_alloc_ctrl(const char *subsysnqn, const char *hostnqn,
1355 		struct nvmet_req *req, u32 kato, struct nvmet_ctrl **ctrlp)
1356 {
1357 	struct nvmet_subsys *subsys;
1358 	struct nvmet_ctrl *ctrl;
1359 	int ret;
1360 	u16 status;
1361 
1362 	status = NVME_SC_CONNECT_INVALID_PARAM | NVME_SC_DNR;
1363 	subsys = nvmet_find_get_subsys(req->port, subsysnqn);
1364 	if (!subsys) {
1365 		pr_warn("connect request for invalid subsystem %s!\n",
1366 			subsysnqn);
1367 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(subsysnqn);
1368 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1369 		goto out;
1370 	}
1371 
1372 	down_read(&nvmet_config_sem);
1373 	if (!nvmet_host_allowed(subsys, hostnqn)) {
1374 		pr_info("connect by host %s for subsystem %s not allowed\n",
1375 			hostnqn, subsysnqn);
1376 		req->cqe->result.u32 = IPO_IATTR_CONNECT_DATA(hostnqn);
1377 		up_read(&nvmet_config_sem);
1378 		status = NVME_SC_CONNECT_INVALID_HOST | NVME_SC_DNR;
1379 		req->error_loc = offsetof(struct nvme_common_command, dptr);
1380 		goto out_put_subsystem;
1381 	}
1382 	up_read(&nvmet_config_sem);
1383 
1384 	status = NVME_SC_INTERNAL;
1385 	ctrl = kzalloc(sizeof(*ctrl), GFP_KERNEL);
1386 	if (!ctrl)
1387 		goto out_put_subsystem;
1388 	mutex_init(&ctrl->lock);
1389 
1390 	ctrl->port = req->port;
1391 	ctrl->ops = req->ops;
1392 
1393 #ifdef CONFIG_NVME_TARGET_PASSTHRU
1394 	/* By default, set loop targets to clear IDS by default */
1395 	if (ctrl->port->disc_addr.trtype == NVMF_TRTYPE_LOOP)
1396 		subsys->clear_ids = 1;
1397 #endif
1398 
1399 	INIT_WORK(&ctrl->async_event_work, nvmet_async_event_work);
1400 	INIT_LIST_HEAD(&ctrl->async_events);
1401 	INIT_RADIX_TREE(&ctrl->p2p_ns_map, GFP_KERNEL);
1402 	INIT_WORK(&ctrl->fatal_err_work, nvmet_fatal_error_handler);
1403 	INIT_DELAYED_WORK(&ctrl->ka_work, nvmet_keep_alive_timer);
1404 
1405 	memcpy(ctrl->subsysnqn, subsysnqn, NVMF_NQN_SIZE);
1406 	memcpy(ctrl->hostnqn, hostnqn, NVMF_NQN_SIZE);
1407 
1408 	kref_init(&ctrl->ref);
1409 	ctrl->subsys = subsys;
1410 	nvmet_init_cap(ctrl);
1411 	WRITE_ONCE(ctrl->aen_enabled, NVMET_AEN_CFG_OPTIONAL);
1412 
1413 	ctrl->changed_ns_list = kmalloc_array(NVME_MAX_CHANGED_NAMESPACES,
1414 			sizeof(__le32), GFP_KERNEL);
1415 	if (!ctrl->changed_ns_list)
1416 		goto out_free_ctrl;
1417 
1418 	ctrl->sqs = kcalloc(subsys->max_qid + 1,
1419 			sizeof(struct nvmet_sq *),
1420 			GFP_KERNEL);
1421 	if (!ctrl->sqs)
1422 		goto out_free_changed_ns_list;
1423 
1424 	if (subsys->cntlid_min > subsys->cntlid_max)
1425 		goto out_free_sqs;
1426 
1427 	ret = ida_alloc_range(&cntlid_ida,
1428 			     subsys->cntlid_min, subsys->cntlid_max,
1429 			     GFP_KERNEL);
1430 	if (ret < 0) {
1431 		status = NVME_SC_CONNECT_CTRL_BUSY | NVME_SC_DNR;
1432 		goto out_free_sqs;
1433 	}
1434 	ctrl->cntlid = ret;
1435 
1436 	/*
1437 	 * Discovery controllers may use some arbitrary high value
1438 	 * in order to cleanup stale discovery sessions
1439 	 */
1440 	if (nvmet_is_disc_subsys(ctrl->subsys) && !kato)
1441 		kato = NVMET_DISC_KATO_MS;
1442 
1443 	/* keep-alive timeout in seconds */
1444 	ctrl->kato = DIV_ROUND_UP(kato, 1000);
1445 
1446 	ctrl->err_counter = 0;
1447 	spin_lock_init(&ctrl->error_lock);
1448 
1449 	nvmet_start_keep_alive_timer(ctrl);
1450 
1451 	mutex_lock(&subsys->lock);
1452 	list_add_tail(&ctrl->subsys_entry, &subsys->ctrls);
1453 	nvmet_setup_p2p_ns_map(ctrl, req);
1454 	mutex_unlock(&subsys->lock);
1455 
1456 	*ctrlp = ctrl;
1457 	return 0;
1458 
1459 out_free_sqs:
1460 	kfree(ctrl->sqs);
1461 out_free_changed_ns_list:
1462 	kfree(ctrl->changed_ns_list);
1463 out_free_ctrl:
1464 	kfree(ctrl);
1465 out_put_subsystem:
1466 	nvmet_subsys_put(subsys);
1467 out:
1468 	return status;
1469 }
1470 
1471 static void nvmet_ctrl_free(struct kref *ref)
1472 {
1473 	struct nvmet_ctrl *ctrl = container_of(ref, struct nvmet_ctrl, ref);
1474 	struct nvmet_subsys *subsys = ctrl->subsys;
1475 
1476 	mutex_lock(&subsys->lock);
1477 	nvmet_release_p2p_ns_map(ctrl);
1478 	list_del(&ctrl->subsys_entry);
1479 	mutex_unlock(&subsys->lock);
1480 
1481 	nvmet_stop_keep_alive_timer(ctrl);
1482 
1483 	flush_work(&ctrl->async_event_work);
1484 	cancel_work_sync(&ctrl->fatal_err_work);
1485 
1486 	nvmet_destroy_auth(ctrl);
1487 
1488 	ida_free(&cntlid_ida, ctrl->cntlid);
1489 
1490 	nvmet_async_events_free(ctrl);
1491 	kfree(ctrl->sqs);
1492 	kfree(ctrl->changed_ns_list);
1493 	kfree(ctrl);
1494 
1495 	nvmet_subsys_put(subsys);
1496 }
1497 
1498 void nvmet_ctrl_put(struct nvmet_ctrl *ctrl)
1499 {
1500 	kref_put(&ctrl->ref, nvmet_ctrl_free);
1501 }
1502 
1503 void nvmet_ctrl_fatal_error(struct nvmet_ctrl *ctrl)
1504 {
1505 	mutex_lock(&ctrl->lock);
1506 	if (!(ctrl->csts & NVME_CSTS_CFS)) {
1507 		ctrl->csts |= NVME_CSTS_CFS;
1508 		queue_work(nvmet_wq, &ctrl->fatal_err_work);
1509 	}
1510 	mutex_unlock(&ctrl->lock);
1511 }
1512 EXPORT_SYMBOL_GPL(nvmet_ctrl_fatal_error);
1513 
1514 static struct nvmet_subsys *nvmet_find_get_subsys(struct nvmet_port *port,
1515 		const char *subsysnqn)
1516 {
1517 	struct nvmet_subsys_link *p;
1518 
1519 	if (!port)
1520 		return NULL;
1521 
1522 	if (!strcmp(NVME_DISC_SUBSYS_NAME, subsysnqn)) {
1523 		if (!kref_get_unless_zero(&nvmet_disc_subsys->ref))
1524 			return NULL;
1525 		return nvmet_disc_subsys;
1526 	}
1527 
1528 	down_read(&nvmet_config_sem);
1529 	list_for_each_entry(p, &port->subsystems, entry) {
1530 		if (!strncmp(p->subsys->subsysnqn, subsysnqn,
1531 				NVMF_NQN_SIZE)) {
1532 			if (!kref_get_unless_zero(&p->subsys->ref))
1533 				break;
1534 			up_read(&nvmet_config_sem);
1535 			return p->subsys;
1536 		}
1537 	}
1538 	up_read(&nvmet_config_sem);
1539 	return NULL;
1540 }
1541 
1542 struct nvmet_subsys *nvmet_subsys_alloc(const char *subsysnqn,
1543 		enum nvme_subsys_type type)
1544 {
1545 	struct nvmet_subsys *subsys;
1546 	char serial[NVMET_SN_MAX_SIZE / 2];
1547 	int ret;
1548 
1549 	subsys = kzalloc(sizeof(*subsys), GFP_KERNEL);
1550 	if (!subsys)
1551 		return ERR_PTR(-ENOMEM);
1552 
1553 	subsys->ver = NVMET_DEFAULT_VS;
1554 	/* generate a random serial number as our controllers are ephemeral: */
1555 	get_random_bytes(&serial, sizeof(serial));
1556 	bin2hex(subsys->serial, &serial, sizeof(serial));
1557 
1558 	subsys->model_number = kstrdup(NVMET_DEFAULT_CTRL_MODEL, GFP_KERNEL);
1559 	if (!subsys->model_number) {
1560 		ret = -ENOMEM;
1561 		goto free_subsys;
1562 	}
1563 
1564 	switch (type) {
1565 	case NVME_NQN_NVME:
1566 		subsys->max_qid = NVMET_NR_QUEUES;
1567 		break;
1568 	case NVME_NQN_DISC:
1569 	case NVME_NQN_CURR:
1570 		subsys->max_qid = 0;
1571 		break;
1572 	default:
1573 		pr_err("%s: Unknown Subsystem type - %d\n", __func__, type);
1574 		ret = -EINVAL;
1575 		goto free_mn;
1576 	}
1577 	subsys->type = type;
1578 	subsys->subsysnqn = kstrndup(subsysnqn, NVMF_NQN_SIZE,
1579 			GFP_KERNEL);
1580 	if (!subsys->subsysnqn) {
1581 		ret = -ENOMEM;
1582 		goto free_mn;
1583 	}
1584 	subsys->cntlid_min = NVME_CNTLID_MIN;
1585 	subsys->cntlid_max = NVME_CNTLID_MAX;
1586 	kref_init(&subsys->ref);
1587 
1588 	mutex_init(&subsys->lock);
1589 	xa_init(&subsys->namespaces);
1590 	INIT_LIST_HEAD(&subsys->ctrls);
1591 	INIT_LIST_HEAD(&subsys->hosts);
1592 
1593 	return subsys;
1594 
1595 free_mn:
1596 	kfree(subsys->model_number);
1597 free_subsys:
1598 	kfree(subsys);
1599 	return ERR_PTR(ret);
1600 }
1601 
1602 static void nvmet_subsys_free(struct kref *ref)
1603 {
1604 	struct nvmet_subsys *subsys =
1605 		container_of(ref, struct nvmet_subsys, ref);
1606 
1607 	WARN_ON_ONCE(!xa_empty(&subsys->namespaces));
1608 
1609 	xa_destroy(&subsys->namespaces);
1610 	nvmet_passthru_subsys_free(subsys);
1611 
1612 	kfree(subsys->subsysnqn);
1613 	kfree(subsys->model_number);
1614 	kfree(subsys);
1615 }
1616 
1617 void nvmet_subsys_del_ctrls(struct nvmet_subsys *subsys)
1618 {
1619 	struct nvmet_ctrl *ctrl;
1620 
1621 	mutex_lock(&subsys->lock);
1622 	list_for_each_entry(ctrl, &subsys->ctrls, subsys_entry)
1623 		ctrl->ops->delete_ctrl(ctrl);
1624 	mutex_unlock(&subsys->lock);
1625 }
1626 
1627 void nvmet_subsys_put(struct nvmet_subsys *subsys)
1628 {
1629 	kref_put(&subsys->ref, nvmet_subsys_free);
1630 }
1631 
1632 static int __init nvmet_init(void)
1633 {
1634 	int error;
1635 
1636 	nvmet_ana_group_enabled[NVMET_DEFAULT_ANA_GRPID] = 1;
1637 
1638 	zbd_wq = alloc_workqueue("nvmet-zbd-wq", WQ_MEM_RECLAIM, 0);
1639 	if (!zbd_wq)
1640 		return -ENOMEM;
1641 
1642 	buffered_io_wq = alloc_workqueue("nvmet-buffered-io-wq",
1643 			WQ_MEM_RECLAIM, 0);
1644 	if (!buffered_io_wq) {
1645 		error = -ENOMEM;
1646 		goto out_free_zbd_work_queue;
1647 	}
1648 
1649 	nvmet_wq = alloc_workqueue("nvmet-wq", WQ_MEM_RECLAIM, 0);
1650 	if (!nvmet_wq) {
1651 		error = -ENOMEM;
1652 		goto out_free_buffered_work_queue;
1653 	}
1654 
1655 	error = nvmet_init_discovery();
1656 	if (error)
1657 		goto out_free_nvmet_work_queue;
1658 
1659 	error = nvmet_init_configfs();
1660 	if (error)
1661 		goto out_exit_discovery;
1662 	return 0;
1663 
1664 out_exit_discovery:
1665 	nvmet_exit_discovery();
1666 out_free_nvmet_work_queue:
1667 	destroy_workqueue(nvmet_wq);
1668 out_free_buffered_work_queue:
1669 	destroy_workqueue(buffered_io_wq);
1670 out_free_zbd_work_queue:
1671 	destroy_workqueue(zbd_wq);
1672 	return error;
1673 }
1674 
1675 static void __exit nvmet_exit(void)
1676 {
1677 	nvmet_exit_configfs();
1678 	nvmet_exit_discovery();
1679 	ida_destroy(&cntlid_ida);
1680 	destroy_workqueue(nvmet_wq);
1681 	destroy_workqueue(buffered_io_wq);
1682 	destroy_workqueue(zbd_wq);
1683 
1684 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_entry) != 1024);
1685 	BUILD_BUG_ON(sizeof(struct nvmf_disc_rsp_page_hdr) != 1024);
1686 }
1687 
1688 module_init(nvmet_init);
1689 module_exit(nvmet_exit);
1690 
1691 MODULE_LICENSE("GPL v2");
1692