1 /* 2 * SCSI Block Commands (SBC) parsing and emulation. 3 * 4 * Copyright (c) 2002, 2003, 2004, 2005 PyX Technologies, Inc. 5 * Copyright (c) 2005, 2006, 2007 SBE, Inc. 6 * Copyright (c) 2007-2010 Rising Tide Systems 7 * Copyright (c) 2008-2010 Linux-iSCSI.org 8 * 9 * Nicholas A. Bellinger <nab@kernel.org> 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2 of the License, or 14 * (at your option) any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; if not, write to the Free Software 23 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 24 */ 25 26 #include <linux/kernel.h> 27 #include <linux/module.h> 28 #include <linux/ratelimit.h> 29 #include <asm/unaligned.h> 30 #include <scsi/scsi.h> 31 32 #include <target/target_core_base.h> 33 #include <target/target_core_backend.h> 34 #include <target/target_core_fabric.h> 35 36 #include "target_core_internal.h" 37 #include "target_core_ua.h" 38 39 40 static int sbc_emulate_readcapacity(struct se_cmd *cmd) 41 { 42 struct se_device *dev = cmd->se_dev; 43 unsigned long long blocks_long = dev->transport->get_blocks(dev); 44 unsigned char *rbuf; 45 unsigned char buf[8]; 46 u32 blocks; 47 48 if (blocks_long >= 0x00000000ffffffff) 49 blocks = 0xffffffff; 50 else 51 blocks = (u32)blocks_long; 52 53 buf[0] = (blocks >> 24) & 0xff; 54 buf[1] = (blocks >> 16) & 0xff; 55 buf[2] = (blocks >> 8) & 0xff; 56 buf[3] = blocks & 0xff; 57 buf[4] = (dev->se_sub_dev->se_dev_attrib.block_size >> 24) & 0xff; 58 buf[5] = (dev->se_sub_dev->se_dev_attrib.block_size >> 16) & 0xff; 59 buf[6] = (dev->se_sub_dev->se_dev_attrib.block_size >> 8) & 0xff; 60 buf[7] = dev->se_sub_dev->se_dev_attrib.block_size & 0xff; 61 62 rbuf = transport_kmap_data_sg(cmd); 63 if (rbuf) { 64 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 65 transport_kunmap_data_sg(cmd); 66 } 67 68 target_complete_cmd(cmd, GOOD); 69 return 0; 70 } 71 72 static int sbc_emulate_readcapacity_16(struct se_cmd *cmd) 73 { 74 struct se_device *dev = cmd->se_dev; 75 unsigned char *rbuf; 76 unsigned char buf[32]; 77 unsigned long long blocks = dev->transport->get_blocks(dev); 78 79 memset(buf, 0, sizeof(buf)); 80 buf[0] = (blocks >> 56) & 0xff; 81 buf[1] = (blocks >> 48) & 0xff; 82 buf[2] = (blocks >> 40) & 0xff; 83 buf[3] = (blocks >> 32) & 0xff; 84 buf[4] = (blocks >> 24) & 0xff; 85 buf[5] = (blocks >> 16) & 0xff; 86 buf[6] = (blocks >> 8) & 0xff; 87 buf[7] = blocks & 0xff; 88 buf[8] = (dev->se_sub_dev->se_dev_attrib.block_size >> 24) & 0xff; 89 buf[9] = (dev->se_sub_dev->se_dev_attrib.block_size >> 16) & 0xff; 90 buf[10] = (dev->se_sub_dev->se_dev_attrib.block_size >> 8) & 0xff; 91 buf[11] = dev->se_sub_dev->se_dev_attrib.block_size & 0xff; 92 /* 93 * Set Thin Provisioning Enable bit following sbc3r22 in section 94 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled. 95 */ 96 if (dev->se_sub_dev->se_dev_attrib.emulate_tpu || dev->se_sub_dev->se_dev_attrib.emulate_tpws) 97 buf[14] = 0x80; 98 99 rbuf = transport_kmap_data_sg(cmd); 100 if (rbuf) { 101 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 102 transport_kunmap_data_sg(cmd); 103 } 104 105 target_complete_cmd(cmd, GOOD); 106 return 0; 107 } 108 109 int spc_get_write_same_sectors(struct se_cmd *cmd) 110 { 111 u32 num_blocks; 112 113 if (cmd->t_task_cdb[0] == WRITE_SAME) 114 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]); 115 else if (cmd->t_task_cdb[0] == WRITE_SAME_16) 116 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]); 117 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */ 118 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]); 119 120 /* 121 * Use the explicit range when non zero is supplied, otherwise calculate 122 * the remaining range based on ->get_blocks() - starting LBA. 123 */ 124 if (num_blocks) 125 return num_blocks; 126 127 return cmd->se_dev->transport->get_blocks(cmd->se_dev) - 128 cmd->t_task_lba + 1; 129 } 130 EXPORT_SYMBOL(spc_get_write_same_sectors); 131 132 static int sbc_emulate_verify(struct se_cmd *cmd) 133 { 134 target_complete_cmd(cmd, GOOD); 135 return 0; 136 } 137 138 static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors) 139 { 140 return cmd->se_dev->se_sub_dev->se_dev_attrib.block_size * sectors; 141 } 142 143 static int sbc_check_valid_sectors(struct se_cmd *cmd) 144 { 145 struct se_device *dev = cmd->se_dev; 146 unsigned long long end_lba; 147 u32 sectors; 148 149 sectors = cmd->data_length / dev->se_sub_dev->se_dev_attrib.block_size; 150 end_lba = dev->transport->get_blocks(dev) + 1; 151 152 if (cmd->t_task_lba + sectors > end_lba) { 153 pr_err("target: lba %llu, sectors %u exceeds end lba %llu\n", 154 cmd->t_task_lba, sectors, end_lba); 155 return -EINVAL; 156 } 157 158 return 0; 159 } 160 161 static inline u32 transport_get_sectors_6(unsigned char *cdb) 162 { 163 /* 164 * Use 8-bit sector value. SBC-3 says: 165 * 166 * A TRANSFER LENGTH field set to zero specifies that 256 167 * logical blocks shall be written. Any other value 168 * specifies the number of logical blocks that shall be 169 * written. 170 */ 171 return cdb[4] ? : 256; 172 } 173 174 static inline u32 transport_get_sectors_10(unsigned char *cdb) 175 { 176 return (u32)(cdb[7] << 8) + cdb[8]; 177 } 178 179 static inline u32 transport_get_sectors_12(unsigned char *cdb) 180 { 181 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9]; 182 } 183 184 static inline u32 transport_get_sectors_16(unsigned char *cdb) 185 { 186 return (u32)(cdb[10] << 24) + (cdb[11] << 16) + 187 (cdb[12] << 8) + cdb[13]; 188 } 189 190 /* 191 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants 192 */ 193 static inline u32 transport_get_sectors_32(unsigned char *cdb) 194 { 195 return (u32)(cdb[28] << 24) + (cdb[29] << 16) + 196 (cdb[30] << 8) + cdb[31]; 197 198 } 199 200 static inline u32 transport_lba_21(unsigned char *cdb) 201 { 202 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3]; 203 } 204 205 static inline u32 transport_lba_32(unsigned char *cdb) 206 { 207 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 208 } 209 210 static inline unsigned long long transport_lba_64(unsigned char *cdb) 211 { 212 unsigned int __v1, __v2; 213 214 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 215 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9]; 216 217 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 218 } 219 220 /* 221 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs 222 */ 223 static inline unsigned long long transport_lba_64_ext(unsigned char *cdb) 224 { 225 unsigned int __v1, __v2; 226 227 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15]; 228 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19]; 229 230 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 231 } 232 233 static int sbc_write_same_supported(struct se_device *dev, 234 unsigned char *flags) 235 { 236 if ((flags[0] & 0x04) || (flags[0] & 0x02)) { 237 pr_err("WRITE_SAME PBDATA and LBDATA" 238 " bits not supported for Block Discard" 239 " Emulation\n"); 240 return -ENOSYS; 241 } 242 243 /* 244 * Currently for the emulated case we only accept 245 * tpws with the UNMAP=1 bit set. 246 */ 247 if (!(flags[0] & 0x08)) { 248 pr_err("WRITE_SAME w/o UNMAP bit not" 249 " supported for Block Discard Emulation\n"); 250 return -ENOSYS; 251 } 252 253 return 0; 254 } 255 256 static void xdreadwrite_callback(struct se_cmd *cmd) 257 { 258 unsigned char *buf, *addr; 259 struct scatterlist *sg; 260 unsigned int offset; 261 int i; 262 int count; 263 /* 264 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command 265 * 266 * 1) read the specified logical block(s); 267 * 2) transfer logical blocks from the data-out buffer; 268 * 3) XOR the logical blocks transferred from the data-out buffer with 269 * the logical blocks read, storing the resulting XOR data in a buffer; 270 * 4) if the DISABLE WRITE bit is set to zero, then write the logical 271 * blocks transferred from the data-out buffer; and 272 * 5) transfer the resulting XOR data to the data-in buffer. 273 */ 274 buf = kmalloc(cmd->data_length, GFP_KERNEL); 275 if (!buf) { 276 pr_err("Unable to allocate xor_callback buf\n"); 277 return; 278 } 279 /* 280 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg 281 * into the locally allocated *buf 282 */ 283 sg_copy_to_buffer(cmd->t_data_sg, 284 cmd->t_data_nents, 285 buf, 286 cmd->data_length); 287 288 /* 289 * Now perform the XOR against the BIDI read memory located at 290 * cmd->t_mem_bidi_list 291 */ 292 293 offset = 0; 294 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) { 295 addr = kmap_atomic(sg_page(sg)); 296 if (!addr) 297 goto out; 298 299 for (i = 0; i < sg->length; i++) 300 *(addr + sg->offset + i) ^= *(buf + offset + i); 301 302 offset += sg->length; 303 kunmap_atomic(addr); 304 } 305 306 out: 307 kfree(buf); 308 } 309 310 int sbc_parse_cdb(struct se_cmd *cmd, struct spc_ops *ops) 311 { 312 struct se_subsystem_dev *su_dev = cmd->se_dev->se_sub_dev; 313 struct se_device *dev = cmd->se_dev; 314 unsigned char *cdb = cmd->t_task_cdb; 315 unsigned int size; 316 u32 sectors = 0; 317 int ret; 318 319 switch (cdb[0]) { 320 case READ_6: 321 sectors = transport_get_sectors_6(cdb); 322 cmd->t_task_lba = transport_lba_21(cdb); 323 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 324 cmd->execute_cmd = ops->execute_rw; 325 break; 326 case READ_10: 327 sectors = transport_get_sectors_10(cdb); 328 cmd->t_task_lba = transport_lba_32(cdb); 329 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 330 cmd->execute_cmd = ops->execute_rw; 331 break; 332 case READ_12: 333 sectors = transport_get_sectors_12(cdb); 334 cmd->t_task_lba = transport_lba_32(cdb); 335 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 336 cmd->execute_cmd = ops->execute_rw; 337 break; 338 case READ_16: 339 sectors = transport_get_sectors_16(cdb); 340 cmd->t_task_lba = transport_lba_64(cdb); 341 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 342 cmd->execute_cmd = ops->execute_rw; 343 break; 344 case WRITE_6: 345 sectors = transport_get_sectors_6(cdb); 346 cmd->t_task_lba = transport_lba_21(cdb); 347 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 348 cmd->execute_cmd = ops->execute_rw; 349 break; 350 case WRITE_10: 351 case WRITE_VERIFY: 352 sectors = transport_get_sectors_10(cdb); 353 cmd->t_task_lba = transport_lba_32(cdb); 354 if (cdb[1] & 0x8) 355 cmd->se_cmd_flags |= SCF_FUA; 356 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 357 cmd->execute_cmd = ops->execute_rw; 358 break; 359 case WRITE_12: 360 sectors = transport_get_sectors_12(cdb); 361 cmd->t_task_lba = transport_lba_32(cdb); 362 if (cdb[1] & 0x8) 363 cmd->se_cmd_flags |= SCF_FUA; 364 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 365 cmd->execute_cmd = ops->execute_rw; 366 break; 367 case WRITE_16: 368 sectors = transport_get_sectors_16(cdb); 369 cmd->t_task_lba = transport_lba_64(cdb); 370 if (cdb[1] & 0x8) 371 cmd->se_cmd_flags |= SCF_FUA; 372 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 373 cmd->execute_cmd = ops->execute_rw; 374 break; 375 case XDWRITEREAD_10: 376 if ((cmd->data_direction != DMA_TO_DEVICE) || 377 !(cmd->se_cmd_flags & SCF_BIDI)) 378 goto out_invalid_cdb_field; 379 sectors = transport_get_sectors_10(cdb); 380 381 cmd->t_task_lba = transport_lba_32(cdb); 382 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 383 384 /* 385 * Setup BIDI XOR callback to be run after I/O completion. 386 */ 387 cmd->execute_cmd = ops->execute_rw; 388 cmd->transport_complete_callback = &xdreadwrite_callback; 389 if (cdb[1] & 0x8) 390 cmd->se_cmd_flags |= SCF_FUA; 391 break; 392 case VARIABLE_LENGTH_CMD: 393 { 394 u16 service_action = get_unaligned_be16(&cdb[8]); 395 switch (service_action) { 396 case XDWRITEREAD_32: 397 sectors = transport_get_sectors_32(cdb); 398 399 /* 400 * Use WRITE_32 and READ_32 opcodes for the emulated 401 * XDWRITE_READ_32 logic. 402 */ 403 cmd->t_task_lba = transport_lba_64_ext(cdb); 404 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 405 406 /* 407 * Setup BIDI XOR callback to be run during after I/O 408 * completion. 409 */ 410 cmd->execute_cmd = ops->execute_rw; 411 cmd->transport_complete_callback = &xdreadwrite_callback; 412 if (cdb[1] & 0x8) 413 cmd->se_cmd_flags |= SCF_FUA; 414 break; 415 case WRITE_SAME_32: 416 if (!ops->execute_write_same) 417 goto out_unsupported_cdb; 418 419 sectors = transport_get_sectors_32(cdb); 420 if (!sectors) { 421 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not" 422 " supported\n"); 423 goto out_invalid_cdb_field; 424 } 425 426 size = sbc_get_size(cmd, 1); 427 cmd->t_task_lba = get_unaligned_be64(&cdb[12]); 428 429 if (sbc_write_same_supported(dev, &cdb[10]) < 0) 430 goto out_unsupported_cdb; 431 cmd->execute_cmd = ops->execute_write_same; 432 break; 433 default: 434 pr_err("VARIABLE_LENGTH_CMD service action" 435 " 0x%04x not supported\n", service_action); 436 goto out_unsupported_cdb; 437 } 438 break; 439 } 440 case READ_CAPACITY: 441 size = READ_CAP_LEN; 442 cmd->execute_cmd = sbc_emulate_readcapacity; 443 break; 444 case SERVICE_ACTION_IN: 445 switch (cmd->t_task_cdb[1] & 0x1f) { 446 case SAI_READ_CAPACITY_16: 447 cmd->execute_cmd = sbc_emulate_readcapacity_16; 448 break; 449 default: 450 pr_err("Unsupported SA: 0x%02x\n", 451 cmd->t_task_cdb[1] & 0x1f); 452 goto out_invalid_cdb_field; 453 } 454 size = (cdb[10] << 24) | (cdb[11] << 16) | 455 (cdb[12] << 8) | cdb[13]; 456 break; 457 case SYNCHRONIZE_CACHE: 458 case SYNCHRONIZE_CACHE_16: 459 if (!ops->execute_sync_cache) 460 goto out_unsupported_cdb; 461 462 /* 463 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE 464 */ 465 if (cdb[0] == SYNCHRONIZE_CACHE) { 466 sectors = transport_get_sectors_10(cdb); 467 cmd->t_task_lba = transport_lba_32(cdb); 468 } else { 469 sectors = transport_get_sectors_16(cdb); 470 cmd->t_task_lba = transport_lba_64(cdb); 471 } 472 473 size = sbc_get_size(cmd, sectors); 474 475 /* 476 * Check to ensure that LBA + Range does not exceed past end of 477 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls 478 */ 479 if (cmd->t_task_lba || sectors) { 480 if (sbc_check_valid_sectors(cmd) < 0) 481 goto out_invalid_cdb_field; 482 } 483 cmd->execute_cmd = ops->execute_sync_cache; 484 break; 485 case UNMAP: 486 if (!ops->execute_unmap) 487 goto out_unsupported_cdb; 488 489 size = get_unaligned_be16(&cdb[7]); 490 cmd->execute_cmd = ops->execute_unmap; 491 break; 492 case WRITE_SAME_16: 493 if (!ops->execute_write_same) 494 goto out_unsupported_cdb; 495 496 sectors = transport_get_sectors_16(cdb); 497 if (!sectors) { 498 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 499 goto out_invalid_cdb_field; 500 } 501 502 size = sbc_get_size(cmd, 1); 503 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 504 505 if (sbc_write_same_supported(dev, &cdb[1]) < 0) 506 goto out_unsupported_cdb; 507 cmd->execute_cmd = ops->execute_write_same; 508 break; 509 case WRITE_SAME: 510 if (!ops->execute_write_same) 511 goto out_unsupported_cdb; 512 513 sectors = transport_get_sectors_10(cdb); 514 if (!sectors) { 515 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 516 goto out_invalid_cdb_field; 517 } 518 519 size = sbc_get_size(cmd, 1); 520 cmd->t_task_lba = get_unaligned_be32(&cdb[2]); 521 522 /* 523 * Follow sbcr26 with WRITE_SAME (10) and check for the existence 524 * of byte 1 bit 3 UNMAP instead of original reserved field 525 */ 526 if (sbc_write_same_supported(dev, &cdb[1]) < 0) 527 goto out_unsupported_cdb; 528 cmd->execute_cmd = ops->execute_write_same; 529 break; 530 case VERIFY: 531 size = 0; 532 cmd->execute_cmd = sbc_emulate_verify; 533 break; 534 default: 535 ret = spc_parse_cdb(cmd, &size); 536 if (ret) 537 return ret; 538 } 539 540 /* reject any command that we don't have a handler for */ 541 if (!(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && !cmd->execute_cmd) 542 goto out_unsupported_cdb; 543 544 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { 545 unsigned long long end_lba; 546 547 if (sectors > su_dev->se_dev_attrib.fabric_max_sectors) { 548 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 549 " big sectors %u exceeds fabric_max_sectors:" 550 " %u\n", cdb[0], sectors, 551 su_dev->se_dev_attrib.fabric_max_sectors); 552 goto out_invalid_cdb_field; 553 } 554 if (sectors > su_dev->se_dev_attrib.hw_max_sectors) { 555 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 556 " big sectors %u exceeds backend hw_max_sectors:" 557 " %u\n", cdb[0], sectors, 558 su_dev->se_dev_attrib.hw_max_sectors); 559 goto out_invalid_cdb_field; 560 } 561 562 end_lba = dev->transport->get_blocks(dev) + 1; 563 if (cmd->t_task_lba + sectors > end_lba) { 564 pr_err("cmd exceeds last lba %llu " 565 "(lba %llu, sectors %u)\n", 566 end_lba, cmd->t_task_lba, sectors); 567 goto out_invalid_cdb_field; 568 } 569 570 size = sbc_get_size(cmd, sectors); 571 } 572 573 ret = target_cmd_size_check(cmd, size); 574 if (ret < 0) 575 return ret; 576 577 return 0; 578 579 out_unsupported_cdb: 580 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 581 cmd->scsi_sense_reason = TCM_UNSUPPORTED_SCSI_OPCODE; 582 return -EINVAL; 583 out_invalid_cdb_field: 584 cmd->se_cmd_flags |= SCF_SCSI_CDB_EXCEPTION; 585 cmd->scsi_sense_reason = TCM_INVALID_CDB_FIELD; 586 return -EINVAL; 587 } 588 EXPORT_SYMBOL(sbc_parse_cdb); 589