1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Discovery service for the NVMe over Fabrics target. 4 * Copyright (C) 2016 Intel Corporation. All rights reserved. 5 */ 6 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt 7 #include <linux/slab.h> 8 #include <generated/utsrelease.h> 9 #include "nvmet.h" 10 11 struct nvmet_subsys *nvmet_disc_subsys; 12 13 static u64 nvmet_genctr; 14 15 static void __nvmet_disc_changed(struct nvmet_port *port, 16 struct nvmet_ctrl *ctrl) 17 { 18 if (ctrl->port != port) 19 return; 20 21 if (nvmet_aen_bit_disabled(ctrl, NVME_AEN_BIT_DISC_CHANGE)) 22 return; 23 24 nvmet_add_async_event(ctrl, NVME_AER_NOTICE, 25 NVME_AER_NOTICE_DISC_CHANGED, NVME_LOG_DISC); 26 } 27 28 void nvmet_port_disc_changed(struct nvmet_port *port, 29 struct nvmet_subsys *subsys) 30 { 31 struct nvmet_ctrl *ctrl; 32 33 lockdep_assert_held(&nvmet_config_sem); 34 nvmet_genctr++; 35 36 mutex_lock(&nvmet_disc_subsys->lock); 37 list_for_each_entry(ctrl, &nvmet_disc_subsys->ctrls, subsys_entry) { 38 if (subsys && !nvmet_host_allowed(subsys, ctrl->hostnqn)) 39 continue; 40 41 __nvmet_disc_changed(port, ctrl); 42 } 43 mutex_unlock(&nvmet_disc_subsys->lock); 44 45 /* If transport can signal change, notify transport */ 46 if (port->tr_ops && port->tr_ops->discovery_chg) 47 port->tr_ops->discovery_chg(port); 48 } 49 50 static void __nvmet_subsys_disc_changed(struct nvmet_port *port, 51 struct nvmet_subsys *subsys, 52 struct nvmet_host *host) 53 { 54 struct nvmet_ctrl *ctrl; 55 56 mutex_lock(&nvmet_disc_subsys->lock); 57 list_for_each_entry(ctrl, &nvmet_disc_subsys->ctrls, subsys_entry) { 58 if (host && strcmp(nvmet_host_name(host), ctrl->hostnqn)) 59 continue; 60 61 __nvmet_disc_changed(port, ctrl); 62 } 63 mutex_unlock(&nvmet_disc_subsys->lock); 64 } 65 66 void nvmet_subsys_disc_changed(struct nvmet_subsys *subsys, 67 struct nvmet_host *host) 68 { 69 struct nvmet_port *port; 70 struct nvmet_subsys_link *s; 71 72 lockdep_assert_held(&nvmet_config_sem); 73 nvmet_genctr++; 74 75 list_for_each_entry(port, nvmet_ports, global_entry) 76 list_for_each_entry(s, &port->subsystems, entry) { 77 if (s->subsys != subsys) 78 continue; 79 __nvmet_subsys_disc_changed(port, subsys, host); 80 } 81 } 82 83 void nvmet_referral_enable(struct nvmet_port *parent, struct nvmet_port *port) 84 { 85 down_write(&nvmet_config_sem); 86 if (list_empty(&port->entry)) { 87 list_add_tail(&port->entry, &parent->referrals); 88 port->enabled = true; 89 nvmet_port_disc_changed(parent, NULL); 90 } 91 up_write(&nvmet_config_sem); 92 } 93 94 void nvmet_referral_disable(struct nvmet_port *parent, struct nvmet_port *port) 95 { 96 down_write(&nvmet_config_sem); 97 if (!list_empty(&port->entry)) { 98 port->enabled = false; 99 list_del_init(&port->entry); 100 nvmet_port_disc_changed(parent, NULL); 101 } 102 up_write(&nvmet_config_sem); 103 } 104 105 static void nvmet_format_discovery_entry(struct nvmf_disc_rsp_page_hdr *hdr, 106 struct nvmet_port *port, char *subsys_nqn, char *traddr, 107 u8 type, u32 numrec) 108 { 109 struct nvmf_disc_rsp_page_entry *e = &hdr->entries[numrec]; 110 111 e->trtype = port->disc_addr.trtype; 112 e->adrfam = port->disc_addr.adrfam; 113 e->treq = port->disc_addr.treq; 114 e->portid = port->disc_addr.portid; 115 /* we support only dynamic controllers */ 116 e->cntlid = cpu_to_le16(NVME_CNTLID_DYNAMIC); 117 e->asqsz = cpu_to_le16(NVME_AQ_DEPTH); 118 e->subtype = type; 119 memcpy(e->trsvcid, port->disc_addr.trsvcid, NVMF_TRSVCID_SIZE); 120 memcpy(e->traddr, traddr, NVMF_TRADDR_SIZE); 121 memcpy(e->tsas.common, port->disc_addr.tsas.common, NVMF_TSAS_SIZE); 122 strscpy(e->subnqn, subsys_nqn, NVMF_NQN_SIZE); 123 } 124 125 /* 126 * nvmet_set_disc_traddr - set a correct discovery log entry traddr 127 * 128 * IP based transports (e.g RDMA) can listen on "any" ipv4/ipv6 addresses 129 * (INADDR_ANY or IN6ADDR_ANY_INIT). The discovery log page traddr reply 130 * must not contain that "any" IP address. If the transport implements 131 * .disc_traddr, use it. this callback will set the discovery traddr 132 * from the req->port address in case the port in question listens 133 * "any" IP address. 134 */ 135 static void nvmet_set_disc_traddr(struct nvmet_req *req, struct nvmet_port *port, 136 char *traddr) 137 { 138 if (req->ops->disc_traddr) 139 req->ops->disc_traddr(req, port, traddr); 140 else 141 memcpy(traddr, port->disc_addr.traddr, NVMF_TRADDR_SIZE); 142 } 143 144 static size_t discovery_log_entries(struct nvmet_req *req) 145 { 146 struct nvmet_ctrl *ctrl = req->sq->ctrl; 147 struct nvmet_subsys_link *p; 148 struct nvmet_port *r; 149 size_t entries = 1; 150 151 list_for_each_entry(p, &req->port->subsystems, entry) { 152 if (!nvmet_host_allowed(p->subsys, ctrl->hostnqn)) 153 continue; 154 entries++; 155 } 156 list_for_each_entry(r, &req->port->referrals, entry) 157 entries++; 158 return entries; 159 } 160 161 static void nvmet_execute_disc_get_log_page(struct nvmet_req *req) 162 { 163 const int entry_size = sizeof(struct nvmf_disc_rsp_page_entry); 164 struct nvmet_ctrl *ctrl = req->sq->ctrl; 165 struct nvmf_disc_rsp_page_hdr *hdr; 166 u64 offset = nvmet_get_log_page_offset(req->cmd); 167 size_t data_len = nvmet_get_log_page_len(req->cmd); 168 size_t alloc_len; 169 size_t copy_len; 170 struct nvmet_subsys_link *p; 171 struct nvmet_port *r; 172 u32 numrec = 0; 173 u16 status = 0; 174 void *buffer; 175 char traddr[NVMF_TRADDR_SIZE]; 176 177 if (!nvmet_check_transfer_len(req, data_len)) 178 return; 179 180 if (req->cmd->get_log_page.lid != NVME_LOG_DISC) { 181 req->error_loc = 182 offsetof(struct nvme_get_log_page_command, lid); 183 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 184 goto out; 185 } 186 187 /* Spec requires dword aligned offsets */ 188 if (offset & 0x3) { 189 req->error_loc = 190 offsetof(struct nvme_get_log_page_command, lpo); 191 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 192 goto out; 193 } 194 195 /* 196 * Make sure we're passing at least a buffer of response header size. 197 * If host provided data len is less than the header size, only the 198 * number of bytes requested by host will be sent to host. 199 */ 200 down_read(&nvmet_config_sem); 201 alloc_len = sizeof(*hdr) + entry_size * discovery_log_entries(req); 202 buffer = kzalloc(alloc_len, GFP_KERNEL); 203 if (!buffer) { 204 up_read(&nvmet_config_sem); 205 status = NVME_SC_INTERNAL; 206 goto out; 207 } 208 hdr = buffer; 209 210 nvmet_set_disc_traddr(req, req->port, traddr); 211 212 nvmet_format_discovery_entry(hdr, req->port, 213 nvmet_disc_subsys->subsysnqn, 214 traddr, NVME_NQN_CURR, numrec); 215 numrec++; 216 217 list_for_each_entry(p, &req->port->subsystems, entry) { 218 if (!nvmet_host_allowed(p->subsys, ctrl->hostnqn)) 219 continue; 220 221 nvmet_format_discovery_entry(hdr, req->port, 222 p->subsys->subsysnqn, traddr, 223 NVME_NQN_NVME, numrec); 224 numrec++; 225 } 226 227 list_for_each_entry(r, &req->port->referrals, entry) { 228 if (r->disc_addr.trtype == NVMF_TRTYPE_PCI) 229 continue; 230 231 nvmet_format_discovery_entry(hdr, r, 232 NVME_DISC_SUBSYS_NAME, 233 r->disc_addr.traddr, 234 NVME_NQN_DISC, numrec); 235 numrec++; 236 } 237 238 hdr->genctr = cpu_to_le64(nvmet_genctr); 239 hdr->numrec = cpu_to_le64(numrec); 240 hdr->recfmt = cpu_to_le16(0); 241 242 nvmet_clear_aen_bit(req, NVME_AEN_BIT_DISC_CHANGE); 243 244 up_read(&nvmet_config_sem); 245 246 /* 247 * Validate the host-supplied log page offset before copying out. 248 * Without this check, the host controls a 64-bit byte offset into 249 * a small kzalloc'd buffer: a value past the log page lets the 250 * subsequent memcpy read adjacent kernel heap, and a value aimed 251 * at unmapped kernel memory faults the in-kernel copy and crashes 252 * the target host. The Discovery controller is unauthenticated, 253 * so the bug is reachable from any reachable fabric peer. 254 */ 255 if (offset > alloc_len) { 256 req->error_loc = 257 offsetof(struct nvme_get_log_page_command, lpo); 258 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 259 goto out_free_buffer; 260 } 261 262 copy_len = min_t(size_t, data_len, alloc_len - offset); 263 status = nvmet_copy_to_sgl(req, 0, buffer + offset, copy_len); 264 if (!status && copy_len < data_len) 265 status = nvmet_zero_sgl(req, copy_len, data_len - copy_len); 266 out_free_buffer: 267 kfree(buffer); 268 out: 269 nvmet_req_complete(req, status); 270 } 271 272 static void nvmet_execute_disc_identify(struct nvmet_req *req) 273 { 274 struct nvmet_ctrl *ctrl = req->sq->ctrl; 275 struct nvme_id_ctrl *id; 276 u16 status = 0; 277 278 if (!nvmet_check_transfer_len(req, NVME_IDENTIFY_DATA_SIZE)) 279 return; 280 281 if (req->cmd->identify.cns != NVME_ID_CNS_CTRL) { 282 req->error_loc = offsetof(struct nvme_identify, cns); 283 status = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 284 goto out; 285 } 286 287 id = kzalloc_obj(*id); 288 if (!id) { 289 status = NVME_SC_INTERNAL; 290 goto out; 291 } 292 293 memcpy(id->sn, ctrl->subsys->serial, NVMET_SN_MAX_SIZE); 294 memset(id->fr, ' ', sizeof(id->fr)); 295 memcpy_and_pad(id->mn, sizeof(id->mn), ctrl->subsys->model_number, 296 strlen(ctrl->subsys->model_number), ' '); 297 memcpy_and_pad(id->fr, sizeof(id->fr), 298 UTS_RELEASE, strlen(UTS_RELEASE), ' '); 299 300 id->cntrltype = NVME_CTRL_DISC; 301 302 /* no limit on data transfer sizes for now */ 303 id->mdts = 0; 304 id->cntlid = cpu_to_le16(ctrl->cntlid); 305 id->ver = cpu_to_le32(ctrl->subsys->ver); 306 id->lpa = (1 << 2); 307 308 /* no enforcement soft-limit for maxcmd - pick arbitrary high value */ 309 id->maxcmd = cpu_to_le16(NVMET_MAX_CMD(ctrl)); 310 311 id->sgls = cpu_to_le32(1 << 0); /* we always support SGLs */ 312 if (ctrl->ops->flags & NVMF_KEYED_SGLS) 313 id->sgls |= cpu_to_le32(1 << 2); 314 if (req->port->inline_data_size) 315 id->sgls |= cpu_to_le32(1 << 20); 316 317 id->oaes = cpu_to_le32(NVMET_DISC_AEN_CFG_OPTIONAL); 318 319 strscpy(id->subnqn, ctrl->subsys->subsysnqn, sizeof(id->subnqn)); 320 321 status = nvmet_copy_to_sgl(req, 0, id, sizeof(*id)); 322 323 kfree(id); 324 out: 325 nvmet_req_complete(req, status); 326 } 327 328 static void nvmet_execute_disc_set_features(struct nvmet_req *req) 329 { 330 u32 cdw10 = le32_to_cpu(req->cmd->common.cdw10); 331 u16 stat; 332 333 if (!nvmet_check_transfer_len(req, 0)) 334 return; 335 336 switch (cdw10 & 0xff) { 337 case NVME_FEAT_KATO: 338 stat = nvmet_set_feat_kato(req); 339 break; 340 case NVME_FEAT_ASYNC_EVENT: 341 stat = nvmet_set_feat_async_event(req, 342 NVMET_DISC_AEN_CFG_OPTIONAL); 343 break; 344 default: 345 req->error_loc = 346 offsetof(struct nvme_common_command, cdw10); 347 stat = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 348 break; 349 } 350 351 nvmet_req_complete(req, stat); 352 } 353 354 static void nvmet_execute_disc_get_features(struct nvmet_req *req) 355 { 356 u32 cdw10 = le32_to_cpu(req->cmd->common.cdw10); 357 u16 stat = 0; 358 359 if (!nvmet_check_transfer_len(req, 0)) 360 return; 361 362 switch (cdw10 & 0xff) { 363 case NVME_FEAT_KATO: 364 nvmet_get_feat_kato(req); 365 break; 366 case NVME_FEAT_ASYNC_EVENT: 367 nvmet_get_feat_async_event(req); 368 break; 369 default: 370 req->error_loc = 371 offsetof(struct nvme_common_command, cdw10); 372 stat = NVME_SC_INVALID_FIELD | NVME_STATUS_DNR; 373 break; 374 } 375 376 nvmet_req_complete(req, stat); 377 } 378 379 u32 nvmet_discovery_cmd_data_len(struct nvmet_req *req) 380 { 381 struct nvme_command *cmd = req->cmd; 382 383 switch (cmd->common.opcode) { 384 case nvme_admin_get_log_page: 385 return nvmet_get_log_page_len(req->cmd); 386 case nvme_admin_identify: 387 return NVME_IDENTIFY_DATA_SIZE; 388 default: 389 return 0; 390 } 391 } 392 393 u16 nvmet_parse_discovery_cmd(struct nvmet_req *req) 394 { 395 struct nvme_command *cmd = req->cmd; 396 397 if (unlikely(!(req->sq->ctrl->csts & NVME_CSTS_RDY))) { 398 pr_err("got cmd %d while not ready\n", 399 cmd->common.opcode); 400 req->error_loc = 401 offsetof(struct nvme_common_command, opcode); 402 return NVME_SC_INVALID_OPCODE | NVME_STATUS_DNR; 403 } 404 405 switch (cmd->common.opcode) { 406 case nvme_admin_set_features: 407 req->execute = nvmet_execute_disc_set_features; 408 return 0; 409 case nvme_admin_get_features: 410 req->execute = nvmet_execute_disc_get_features; 411 return 0; 412 case nvme_admin_async_event: 413 req->execute = nvmet_execute_async_event; 414 return 0; 415 case nvme_admin_keep_alive: 416 req->execute = nvmet_execute_keep_alive; 417 return 0; 418 case nvme_admin_get_log_page: 419 req->execute = nvmet_execute_disc_get_log_page; 420 return 0; 421 case nvme_admin_identify: 422 req->execute = nvmet_execute_disc_identify; 423 return 0; 424 default: 425 pr_debug("unhandled cmd %d\n", cmd->common.opcode); 426 req->error_loc = offsetof(struct nvme_common_command, opcode); 427 return NVME_SC_INVALID_OPCODE | NVME_STATUS_DNR; 428 } 429 430 } 431 432 int __init nvmet_init_discovery(void) 433 { 434 nvmet_disc_subsys = 435 nvmet_subsys_alloc(NVME_DISC_SUBSYS_NAME, NVME_NQN_CURR); 436 return PTR_ERR_OR_ZERO(nvmet_disc_subsys); 437 } 438 439 void nvmet_exit_discovery(void) 440 { 441 nvmet_subsys_put(nvmet_disc_subsys); 442 } 443