1 /* 2 * SCSI Block Commands (SBC) parsing and emulation. 3 * 4 * (c) Copyright 2002-2012 RisingTide Systems LLC. 5 * 6 * Nicholas A. Bellinger <nab@kernel.org> 7 * 8 * This program is free software; you can redistribute it and/or modify 9 * it under the terms of the GNU General Public License as published by 10 * the Free Software Foundation; either version 2 of the License, or 11 * (at your option) any later version. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 * You should have received a copy of the GNU General Public License 19 * along with this program; if not, write to the Free Software 20 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 21 */ 22 23 #include <linux/kernel.h> 24 #include <linux/module.h> 25 #include <linux/ratelimit.h> 26 #include <asm/unaligned.h> 27 #include <scsi/scsi.h> 28 29 #include <target/target_core_base.h> 30 #include <target/target_core_backend.h> 31 #include <target/target_core_fabric.h> 32 33 #include "target_core_internal.h" 34 #include "target_core_ua.h" 35 36 37 static sense_reason_t 38 sbc_emulate_readcapacity(struct se_cmd *cmd) 39 { 40 struct se_device *dev = cmd->se_dev; 41 unsigned long long blocks_long = dev->transport->get_blocks(dev); 42 unsigned char *rbuf; 43 unsigned char buf[8]; 44 u32 blocks; 45 46 if (blocks_long >= 0x00000000ffffffff) 47 blocks = 0xffffffff; 48 else 49 blocks = (u32)blocks_long; 50 51 buf[0] = (blocks >> 24) & 0xff; 52 buf[1] = (blocks >> 16) & 0xff; 53 buf[2] = (blocks >> 8) & 0xff; 54 buf[3] = blocks & 0xff; 55 buf[4] = (dev->dev_attrib.block_size >> 24) & 0xff; 56 buf[5] = (dev->dev_attrib.block_size >> 16) & 0xff; 57 buf[6] = (dev->dev_attrib.block_size >> 8) & 0xff; 58 buf[7] = dev->dev_attrib.block_size & 0xff; 59 60 rbuf = transport_kmap_data_sg(cmd); 61 if (!rbuf) 62 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 63 64 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 65 transport_kunmap_data_sg(cmd); 66 67 target_complete_cmd(cmd, GOOD); 68 return 0; 69 } 70 71 static sense_reason_t 72 sbc_emulate_readcapacity_16(struct se_cmd *cmd) 73 { 74 struct se_device *dev = cmd->se_dev; 75 unsigned char *rbuf; 76 unsigned char buf[32]; 77 unsigned long long blocks = dev->transport->get_blocks(dev); 78 79 memset(buf, 0, sizeof(buf)); 80 buf[0] = (blocks >> 56) & 0xff; 81 buf[1] = (blocks >> 48) & 0xff; 82 buf[2] = (blocks >> 40) & 0xff; 83 buf[3] = (blocks >> 32) & 0xff; 84 buf[4] = (blocks >> 24) & 0xff; 85 buf[5] = (blocks >> 16) & 0xff; 86 buf[6] = (blocks >> 8) & 0xff; 87 buf[7] = blocks & 0xff; 88 buf[8] = (dev->dev_attrib.block_size >> 24) & 0xff; 89 buf[9] = (dev->dev_attrib.block_size >> 16) & 0xff; 90 buf[10] = (dev->dev_attrib.block_size >> 8) & 0xff; 91 buf[11] = dev->dev_attrib.block_size & 0xff; 92 /* 93 * Set Thin Provisioning Enable bit following sbc3r22 in section 94 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled. 95 */ 96 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) 97 buf[14] = 0x80; 98 99 rbuf = transport_kmap_data_sg(cmd); 100 if (!rbuf) 101 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE; 102 103 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length)); 104 transport_kunmap_data_sg(cmd); 105 106 target_complete_cmd(cmd, GOOD); 107 return 0; 108 } 109 110 sector_t spc_get_write_same_sectors(struct se_cmd *cmd) 111 { 112 u32 num_blocks; 113 114 if (cmd->t_task_cdb[0] == WRITE_SAME) 115 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]); 116 else if (cmd->t_task_cdb[0] == WRITE_SAME_16) 117 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]); 118 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */ 119 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]); 120 121 /* 122 * Use the explicit range when non zero is supplied, otherwise calculate 123 * the remaining range based on ->get_blocks() - starting LBA. 124 */ 125 if (num_blocks) 126 return num_blocks; 127 128 return cmd->se_dev->transport->get_blocks(cmd->se_dev) - 129 cmd->t_task_lba + 1; 130 } 131 EXPORT_SYMBOL(spc_get_write_same_sectors); 132 133 static sense_reason_t 134 sbc_emulate_noop(struct se_cmd *cmd) 135 { 136 target_complete_cmd(cmd, GOOD); 137 return 0; 138 } 139 140 static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors) 141 { 142 return cmd->se_dev->dev_attrib.block_size * sectors; 143 } 144 145 static int sbc_check_valid_sectors(struct se_cmd *cmd) 146 { 147 struct se_device *dev = cmd->se_dev; 148 unsigned long long end_lba; 149 u32 sectors; 150 151 sectors = cmd->data_length / dev->dev_attrib.block_size; 152 end_lba = dev->transport->get_blocks(dev) + 1; 153 154 if (cmd->t_task_lba + sectors > end_lba) { 155 pr_err("target: lba %llu, sectors %u exceeds end lba %llu\n", 156 cmd->t_task_lba, sectors, end_lba); 157 return -EINVAL; 158 } 159 160 return 0; 161 } 162 163 static inline u32 transport_get_sectors_6(unsigned char *cdb) 164 { 165 /* 166 * Use 8-bit sector value. SBC-3 says: 167 * 168 * A TRANSFER LENGTH field set to zero specifies that 256 169 * logical blocks shall be written. Any other value 170 * specifies the number of logical blocks that shall be 171 * written. 172 */ 173 return cdb[4] ? : 256; 174 } 175 176 static inline u32 transport_get_sectors_10(unsigned char *cdb) 177 { 178 return (u32)(cdb[7] << 8) + cdb[8]; 179 } 180 181 static inline u32 transport_get_sectors_12(unsigned char *cdb) 182 { 183 return (u32)(cdb[6] << 24) + (cdb[7] << 16) + (cdb[8] << 8) + cdb[9]; 184 } 185 186 static inline u32 transport_get_sectors_16(unsigned char *cdb) 187 { 188 return (u32)(cdb[10] << 24) + (cdb[11] << 16) + 189 (cdb[12] << 8) + cdb[13]; 190 } 191 192 /* 193 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants 194 */ 195 static inline u32 transport_get_sectors_32(unsigned char *cdb) 196 { 197 return (u32)(cdb[28] << 24) + (cdb[29] << 16) + 198 (cdb[30] << 8) + cdb[31]; 199 200 } 201 202 static inline u32 transport_lba_21(unsigned char *cdb) 203 { 204 return ((cdb[1] & 0x1f) << 16) | (cdb[2] << 8) | cdb[3]; 205 } 206 207 static inline u32 transport_lba_32(unsigned char *cdb) 208 { 209 return (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 210 } 211 212 static inline unsigned long long transport_lba_64(unsigned char *cdb) 213 { 214 unsigned int __v1, __v2; 215 216 __v1 = (cdb[2] << 24) | (cdb[3] << 16) | (cdb[4] << 8) | cdb[5]; 217 __v2 = (cdb[6] << 24) | (cdb[7] << 16) | (cdb[8] << 8) | cdb[9]; 218 219 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 220 } 221 222 /* 223 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs 224 */ 225 static inline unsigned long long transport_lba_64_ext(unsigned char *cdb) 226 { 227 unsigned int __v1, __v2; 228 229 __v1 = (cdb[12] << 24) | (cdb[13] << 16) | (cdb[14] << 8) | cdb[15]; 230 __v2 = (cdb[16] << 24) | (cdb[17] << 16) | (cdb[18] << 8) | cdb[19]; 231 232 return ((unsigned long long)__v2) | (unsigned long long)__v1 << 32; 233 } 234 235 static sense_reason_t 236 sbc_setup_write_same(struct se_cmd *cmd, unsigned char *flags, struct sbc_ops *ops) 237 { 238 unsigned int sectors = spc_get_write_same_sectors(cmd); 239 240 if ((flags[0] & 0x04) || (flags[0] & 0x02)) { 241 pr_err("WRITE_SAME PBDATA and LBDATA" 242 " bits not supported for Block Discard" 243 " Emulation\n"); 244 return TCM_UNSUPPORTED_SCSI_OPCODE; 245 } 246 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) { 247 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n", 248 sectors, cmd->se_dev->dev_attrib.max_write_same_len); 249 return TCM_INVALID_CDB_FIELD; 250 } 251 /* 252 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting 253 * translated into block discard requests within backend code. 254 */ 255 if (flags[0] & 0x08) { 256 if (!ops->execute_write_same_unmap) 257 return TCM_UNSUPPORTED_SCSI_OPCODE; 258 259 cmd->execute_cmd = ops->execute_write_same_unmap; 260 return 0; 261 } 262 if (!ops->execute_write_same) 263 return TCM_UNSUPPORTED_SCSI_OPCODE; 264 265 cmd->execute_cmd = ops->execute_write_same; 266 return 0; 267 } 268 269 static void xdreadwrite_callback(struct se_cmd *cmd) 270 { 271 unsigned char *buf, *addr; 272 struct scatterlist *sg; 273 unsigned int offset; 274 int i; 275 int count; 276 /* 277 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command 278 * 279 * 1) read the specified logical block(s); 280 * 2) transfer logical blocks from the data-out buffer; 281 * 3) XOR the logical blocks transferred from the data-out buffer with 282 * the logical blocks read, storing the resulting XOR data in a buffer; 283 * 4) if the DISABLE WRITE bit is set to zero, then write the logical 284 * blocks transferred from the data-out buffer; and 285 * 5) transfer the resulting XOR data to the data-in buffer. 286 */ 287 buf = kmalloc(cmd->data_length, GFP_KERNEL); 288 if (!buf) { 289 pr_err("Unable to allocate xor_callback buf\n"); 290 return; 291 } 292 /* 293 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg 294 * into the locally allocated *buf 295 */ 296 sg_copy_to_buffer(cmd->t_data_sg, 297 cmd->t_data_nents, 298 buf, 299 cmd->data_length); 300 301 /* 302 * Now perform the XOR against the BIDI read memory located at 303 * cmd->t_mem_bidi_list 304 */ 305 306 offset = 0; 307 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) { 308 addr = kmap_atomic(sg_page(sg)); 309 if (!addr) 310 goto out; 311 312 for (i = 0; i < sg->length; i++) 313 *(addr + sg->offset + i) ^= *(buf + offset + i); 314 315 offset += sg->length; 316 kunmap_atomic(addr); 317 } 318 319 out: 320 kfree(buf); 321 } 322 323 sense_reason_t 324 sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops) 325 { 326 struct se_device *dev = cmd->se_dev; 327 unsigned char *cdb = cmd->t_task_cdb; 328 unsigned int size; 329 u32 sectors = 0; 330 sense_reason_t ret; 331 332 switch (cdb[0]) { 333 case READ_6: 334 sectors = transport_get_sectors_6(cdb); 335 cmd->t_task_lba = transport_lba_21(cdb); 336 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 337 cmd->execute_cmd = ops->execute_rw; 338 break; 339 case READ_10: 340 sectors = transport_get_sectors_10(cdb); 341 cmd->t_task_lba = transport_lba_32(cdb); 342 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 343 cmd->execute_cmd = ops->execute_rw; 344 break; 345 case READ_12: 346 sectors = transport_get_sectors_12(cdb); 347 cmd->t_task_lba = transport_lba_32(cdb); 348 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 349 cmd->execute_cmd = ops->execute_rw; 350 break; 351 case READ_16: 352 sectors = transport_get_sectors_16(cdb); 353 cmd->t_task_lba = transport_lba_64(cdb); 354 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 355 cmd->execute_cmd = ops->execute_rw; 356 break; 357 case WRITE_6: 358 sectors = transport_get_sectors_6(cdb); 359 cmd->t_task_lba = transport_lba_21(cdb); 360 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 361 cmd->execute_cmd = ops->execute_rw; 362 break; 363 case WRITE_10: 364 case WRITE_VERIFY: 365 sectors = transport_get_sectors_10(cdb); 366 cmd->t_task_lba = transport_lba_32(cdb); 367 if (cdb[1] & 0x8) 368 cmd->se_cmd_flags |= SCF_FUA; 369 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 370 cmd->execute_cmd = ops->execute_rw; 371 break; 372 case WRITE_12: 373 sectors = transport_get_sectors_12(cdb); 374 cmd->t_task_lba = transport_lba_32(cdb); 375 if (cdb[1] & 0x8) 376 cmd->se_cmd_flags |= SCF_FUA; 377 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 378 cmd->execute_cmd = ops->execute_rw; 379 break; 380 case WRITE_16: 381 sectors = transport_get_sectors_16(cdb); 382 cmd->t_task_lba = transport_lba_64(cdb); 383 if (cdb[1] & 0x8) 384 cmd->se_cmd_flags |= SCF_FUA; 385 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 386 cmd->execute_cmd = ops->execute_rw; 387 break; 388 case XDWRITEREAD_10: 389 if (cmd->data_direction != DMA_TO_DEVICE || 390 !(cmd->se_cmd_flags & SCF_BIDI)) 391 return TCM_INVALID_CDB_FIELD; 392 sectors = transport_get_sectors_10(cdb); 393 394 cmd->t_task_lba = transport_lba_32(cdb); 395 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 396 397 /* 398 * Setup BIDI XOR callback to be run after I/O completion. 399 */ 400 cmd->execute_cmd = ops->execute_rw; 401 cmd->transport_complete_callback = &xdreadwrite_callback; 402 if (cdb[1] & 0x8) 403 cmd->se_cmd_flags |= SCF_FUA; 404 break; 405 case VARIABLE_LENGTH_CMD: 406 { 407 u16 service_action = get_unaligned_be16(&cdb[8]); 408 switch (service_action) { 409 case XDWRITEREAD_32: 410 sectors = transport_get_sectors_32(cdb); 411 412 /* 413 * Use WRITE_32 and READ_32 opcodes for the emulated 414 * XDWRITE_READ_32 logic. 415 */ 416 cmd->t_task_lba = transport_lba_64_ext(cdb); 417 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB; 418 419 /* 420 * Setup BIDI XOR callback to be run during after I/O 421 * completion. 422 */ 423 cmd->execute_cmd = ops->execute_rw; 424 cmd->transport_complete_callback = &xdreadwrite_callback; 425 if (cdb[1] & 0x8) 426 cmd->se_cmd_flags |= SCF_FUA; 427 break; 428 case WRITE_SAME_32: 429 sectors = transport_get_sectors_32(cdb); 430 if (!sectors) { 431 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not" 432 " supported\n"); 433 return TCM_INVALID_CDB_FIELD; 434 } 435 436 size = sbc_get_size(cmd, 1); 437 cmd->t_task_lba = get_unaligned_be64(&cdb[12]); 438 439 ret = sbc_setup_write_same(cmd, &cdb[10], ops); 440 if (ret) 441 return ret; 442 break; 443 default: 444 pr_err("VARIABLE_LENGTH_CMD service action" 445 " 0x%04x not supported\n", service_action); 446 return TCM_UNSUPPORTED_SCSI_OPCODE; 447 } 448 break; 449 } 450 case READ_CAPACITY: 451 size = READ_CAP_LEN; 452 cmd->execute_cmd = sbc_emulate_readcapacity; 453 break; 454 case SERVICE_ACTION_IN: 455 switch (cmd->t_task_cdb[1] & 0x1f) { 456 case SAI_READ_CAPACITY_16: 457 cmd->execute_cmd = sbc_emulate_readcapacity_16; 458 break; 459 default: 460 pr_err("Unsupported SA: 0x%02x\n", 461 cmd->t_task_cdb[1] & 0x1f); 462 return TCM_INVALID_CDB_FIELD; 463 } 464 size = (cdb[10] << 24) | (cdb[11] << 16) | 465 (cdb[12] << 8) | cdb[13]; 466 break; 467 case SYNCHRONIZE_CACHE: 468 case SYNCHRONIZE_CACHE_16: 469 if (!ops->execute_sync_cache) 470 return TCM_UNSUPPORTED_SCSI_OPCODE; 471 472 /* 473 * Extract LBA and range to be flushed for emulated SYNCHRONIZE_CACHE 474 */ 475 if (cdb[0] == SYNCHRONIZE_CACHE) { 476 sectors = transport_get_sectors_10(cdb); 477 cmd->t_task_lba = transport_lba_32(cdb); 478 } else { 479 sectors = transport_get_sectors_16(cdb); 480 cmd->t_task_lba = transport_lba_64(cdb); 481 } 482 483 size = sbc_get_size(cmd, sectors); 484 485 /* 486 * Check to ensure that LBA + Range does not exceed past end of 487 * device for IBLOCK and FILEIO ->do_sync_cache() backend calls 488 */ 489 if (cmd->t_task_lba || sectors) { 490 if (sbc_check_valid_sectors(cmd) < 0) 491 return TCM_INVALID_CDB_FIELD; 492 } 493 cmd->execute_cmd = ops->execute_sync_cache; 494 break; 495 case UNMAP: 496 if (!ops->execute_unmap) 497 return TCM_UNSUPPORTED_SCSI_OPCODE; 498 499 size = get_unaligned_be16(&cdb[7]); 500 cmd->execute_cmd = ops->execute_unmap; 501 break; 502 case WRITE_SAME_16: 503 sectors = transport_get_sectors_16(cdb); 504 if (!sectors) { 505 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 506 return TCM_INVALID_CDB_FIELD; 507 } 508 509 size = sbc_get_size(cmd, 1); 510 cmd->t_task_lba = get_unaligned_be64(&cdb[2]); 511 512 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 513 if (ret) 514 return ret; 515 break; 516 case WRITE_SAME: 517 sectors = transport_get_sectors_10(cdb); 518 if (!sectors) { 519 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n"); 520 return TCM_INVALID_CDB_FIELD; 521 } 522 523 size = sbc_get_size(cmd, 1); 524 cmd->t_task_lba = get_unaligned_be32(&cdb[2]); 525 526 /* 527 * Follow sbcr26 with WRITE_SAME (10) and check for the existence 528 * of byte 1 bit 3 UNMAP instead of original reserved field 529 */ 530 ret = sbc_setup_write_same(cmd, &cdb[1], ops); 531 if (ret) 532 return ret; 533 break; 534 case VERIFY: 535 size = 0; 536 cmd->execute_cmd = sbc_emulate_noop; 537 break; 538 case REZERO_UNIT: 539 case SEEK_6: 540 case SEEK_10: 541 /* 542 * There are still clients out there which use these old SCSI-2 543 * commands. This mainly happens when running VMs with legacy 544 * guest systems, connected via SCSI command pass-through to 545 * iSCSI targets. Make them happy and return status GOOD. 546 */ 547 size = 0; 548 cmd->execute_cmd = sbc_emulate_noop; 549 break; 550 default: 551 ret = spc_parse_cdb(cmd, &size); 552 if (ret) 553 return ret; 554 } 555 556 /* reject any command that we don't have a handler for */ 557 if (!(cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) && !cmd->execute_cmd) 558 return TCM_UNSUPPORTED_SCSI_OPCODE; 559 560 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) { 561 unsigned long long end_lba; 562 563 if (sectors > dev->dev_attrib.fabric_max_sectors) { 564 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 565 " big sectors %u exceeds fabric_max_sectors:" 566 " %u\n", cdb[0], sectors, 567 dev->dev_attrib.fabric_max_sectors); 568 return TCM_INVALID_CDB_FIELD; 569 } 570 if (sectors > dev->dev_attrib.hw_max_sectors) { 571 printk_ratelimited(KERN_ERR "SCSI OP %02xh with too" 572 " big sectors %u exceeds backend hw_max_sectors:" 573 " %u\n", cdb[0], sectors, 574 dev->dev_attrib.hw_max_sectors); 575 return TCM_INVALID_CDB_FIELD; 576 } 577 578 end_lba = dev->transport->get_blocks(dev) + 1; 579 if (cmd->t_task_lba + sectors > end_lba) { 580 pr_err("cmd exceeds last lba %llu " 581 "(lba %llu, sectors %u)\n", 582 end_lba, cmd->t_task_lba, sectors); 583 return TCM_INVALID_CDB_FIELD; 584 } 585 586 size = sbc_get_size(cmd, sectors); 587 } 588 589 return target_cmd_size_check(cmd, size); 590 } 591 EXPORT_SYMBOL(sbc_parse_cdb); 592 593 u32 sbc_get_device_type(struct se_device *dev) 594 { 595 return TYPE_DISK; 596 } 597 EXPORT_SYMBOL(sbc_get_device_type); 598