1 // SPDX-License-Identifier: GPL-2.0+ 2 /******************************************************************************* 3 * Vhost kernel TCM fabric driver for virtio SCSI initiators 4 * 5 * (C) Copyright 2010-2013 Datera, Inc. 6 * (C) Copyright 2010-2012 IBM Corp. 7 * 8 * Authors: Nicholas A. Bellinger <nab@daterainc.com> 9 * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> 10 ****************************************************************************/ 11 12 #include <linux/module.h> 13 #include <linux/moduleparam.h> 14 #include <generated/utsrelease.h> 15 #include <linux/utsname.h> 16 #include <linux/init.h> 17 #include <linux/slab.h> 18 #include <linux/kthread.h> 19 #include <linux/types.h> 20 #include <linux/string.h> 21 #include <linux/configfs.h> 22 #include <linux/ctype.h> 23 #include <linux/compat.h> 24 #include <linux/eventfd.h> 25 #include <linux/fs.h> 26 #include <linux/vmalloc.h> 27 #include <linux/miscdevice.h> 28 #include <linux/blk_types.h> 29 #include <linux/bio.h> 30 #include <linux/unaligned.h> 31 #include <scsi/scsi_common.h> 32 #include <scsi/scsi_proto.h> 33 #include <target/target_core_base.h> 34 #include <target/target_core_fabric.h> 35 #include <linux/vhost.h> 36 #include <linux/virtio_scsi.h> 37 #include <linux/llist.h> 38 #include <linux/bitmap.h> 39 40 #include "vhost.h" 41 42 #define VHOST_SCSI_VERSION "v0.1" 43 #define VHOST_SCSI_NAMELEN 256 44 #define VHOST_SCSI_MAX_CDB_SIZE 32 45 #define VHOST_SCSI_PREALLOC_SGLS 2048 46 #define VHOST_SCSI_PREALLOC_UPAGES 2048 47 #define VHOST_SCSI_PREALLOC_PROT_SGLS 2048 48 /* 49 * For the legacy descriptor case we allocate an iov per byte in the 50 * virtio_scsi_cmd_resp struct. 51 */ 52 #define VHOST_SCSI_MAX_RESP_IOVS sizeof(struct virtio_scsi_cmd_resp) 53 54 static unsigned int vhost_scsi_inline_sg_cnt = VHOST_SCSI_PREALLOC_SGLS; 55 56 #ifdef CONFIG_ARCH_NO_SG_CHAIN 57 static int vhost_scsi_set_inline_sg_cnt(const char *buf, 58 const struct kernel_param *kp) 59 { 60 pr_err("Setting inline_sg_cnt is not supported.\n"); 61 return -EOPNOTSUPP; 62 } 63 #else 64 static int vhost_scsi_set_inline_sg_cnt(const char *buf, 65 const struct kernel_param *kp) 66 { 67 unsigned int cnt; 68 int ret; 69 70 ret = kstrtouint(buf, 10, &cnt); 71 if (ret) 72 return ret; 73 74 if (ret > VHOST_SCSI_PREALLOC_SGLS) { 75 pr_err("Max inline_sg_cnt is %u\n", VHOST_SCSI_PREALLOC_SGLS); 76 return -EINVAL; 77 } 78 79 vhost_scsi_inline_sg_cnt = cnt; 80 return 0; 81 } 82 #endif 83 84 static int vhost_scsi_get_inline_sg_cnt(char *buf, 85 const struct kernel_param *kp) 86 { 87 return sprintf(buf, "%u\n", vhost_scsi_inline_sg_cnt); 88 } 89 90 static const struct kernel_param_ops vhost_scsi_inline_sg_cnt_op = { 91 .get = vhost_scsi_get_inline_sg_cnt, 92 .set = vhost_scsi_set_inline_sg_cnt, 93 }; 94 95 module_param_cb(inline_sg_cnt, &vhost_scsi_inline_sg_cnt_op, NULL, 0644); 96 MODULE_PARM_DESC(inline_sg_cnt, "Set the number of scatterlist entries to pre-allocate. The default is 2048."); 97 98 /* Max number of requests before requeueing the job. 99 * Using this limit prevents one virtqueue from starving others with 100 * request. 101 */ 102 #define VHOST_SCSI_WEIGHT 256 103 104 struct vhost_scsi_inflight { 105 /* Wait for the flush operation to finish */ 106 struct completion comp; 107 /* Refcount for the inflight reqs */ 108 struct kref kref; 109 }; 110 111 struct vhost_scsi_cmd { 112 /* Descriptor from vhost_get_vq_desc() for virt_queue segment */ 113 int tvc_vq_desc; 114 /* The number of scatterlists associated with this cmd */ 115 u32 tvc_sgl_count; 116 u32 tvc_prot_sgl_count; 117 u32 copied_iov:1; 118 const void *read_iov; 119 struct iov_iter *read_iter; 120 struct scatterlist *sgl; 121 struct sg_table table; 122 struct scatterlist *prot_sgl; 123 struct sg_table prot_table; 124 /* Fast path response header iovec used when only one vec is needed */ 125 struct iovec tvc_resp_iov; 126 /* Number of iovs for response */ 127 unsigned int tvc_resp_iovs_cnt; 128 /* Pointer to response header iovecs if more than one is needed */ 129 struct iovec *tvc_resp_iovs; 130 /* Pointer to vhost_virtqueue for the cmd */ 131 struct vhost_virtqueue *tvc_vq; 132 /* The TCM I/O descriptor that is accessed via container_of() */ 133 struct se_cmd tvc_se_cmd; 134 /* Sense buffer that will be mapped into outgoing status */ 135 unsigned char tvc_sense_buf[TRANSPORT_SENSE_BUFFER]; 136 /* Completed commands list, serviced from vhost worker thread */ 137 struct llist_node tvc_completion_list; 138 /* Used to track inflight cmd */ 139 struct vhost_scsi_inflight *inflight; 140 }; 141 142 struct vhost_scsi_nexus { 143 /* Pointer to TCM session for I_T Nexus */ 144 struct se_session *tvn_se_sess; 145 }; 146 147 struct vhost_scsi_tpg { 148 /* Vhost port target portal group tag for TCM */ 149 u16 tport_tpgt; 150 /* Used to track number of TPG Port/Lun Links wrt to explict I_T Nexus shutdown */ 151 int tv_tpg_port_count; 152 /* Used for vhost_scsi device reference to tpg_nexus, protected by tv_tpg_mutex */ 153 int tv_tpg_vhost_count; 154 /* Used for enabling T10-PI with legacy devices */ 155 int tv_fabric_prot_type; 156 /* list for vhost_scsi_list */ 157 struct list_head tv_tpg_list; 158 /* Used to protect access for tpg_nexus */ 159 struct mutex tv_tpg_mutex; 160 /* Pointer to the TCM VHost I_T Nexus for this TPG endpoint */ 161 struct vhost_scsi_nexus *tpg_nexus; 162 /* Pointer back to vhost_scsi_tport */ 163 struct vhost_scsi_tport *tport; 164 /* Returned by vhost_scsi_make_tpg() */ 165 struct se_portal_group se_tpg; 166 /* Pointer back to vhost_scsi, protected by tv_tpg_mutex */ 167 struct vhost_scsi *vhost_scsi; 168 }; 169 170 struct vhost_scsi_tport { 171 /* SCSI protocol the tport is providing */ 172 u8 tport_proto_id; 173 /* Binary World Wide unique Port Name for Vhost Target port */ 174 u64 tport_wwpn; 175 /* ASCII formatted WWPN for Vhost Target port */ 176 char tport_name[VHOST_SCSI_NAMELEN]; 177 /* Returned by vhost_scsi_make_tport() */ 178 struct se_wwn tport_wwn; 179 }; 180 181 struct vhost_scsi_evt { 182 /* event to be sent to guest */ 183 struct virtio_scsi_event event; 184 /* event list, serviced from vhost worker thread */ 185 struct llist_node list; 186 }; 187 188 enum { 189 VHOST_SCSI_VQ_CTL = 0, 190 VHOST_SCSI_VQ_EVT = 1, 191 VHOST_SCSI_VQ_IO = 2, 192 }; 193 194 /* Note: can't set VIRTIO_F_VERSION_1 yet, since that implies ANY_LAYOUT. */ 195 enum { 196 VHOST_SCSI_FEATURES = VHOST_FEATURES | (1ULL << VIRTIO_SCSI_F_HOTPLUG) | 197 (1ULL << VIRTIO_SCSI_F_T10_PI) 198 }; 199 200 #define VHOST_SCSI_MAX_TARGET 256 201 #define VHOST_SCSI_MAX_IO_VQ 1024 202 #define VHOST_SCSI_MAX_EVENT 128 203 204 static unsigned vhost_scsi_max_io_vqs = 128; 205 module_param_named(max_io_vqs, vhost_scsi_max_io_vqs, uint, 0644); 206 MODULE_PARM_DESC(max_io_vqs, "Set the max number of IO virtqueues a vhost scsi device can support. The default is 128. The max is 1024."); 207 208 struct vhost_scsi_virtqueue { 209 struct vhost_virtqueue vq; 210 struct vhost_scsi *vs; 211 /* 212 * Reference counting for inflight reqs, used for flush operation. At 213 * each time, one reference tracks new commands submitted, while we 214 * wait for another one to reach 0. 215 */ 216 struct vhost_scsi_inflight inflights[2]; 217 /* 218 * Indicate current inflight in use, protected by vq->mutex. 219 * Writers must also take dev mutex and flush under it. 220 */ 221 int inflight_idx; 222 struct vhost_scsi_cmd *scsi_cmds; 223 struct sbitmap scsi_tags; 224 int max_cmds; 225 struct page **upages; 226 227 struct vhost_work completion_work; 228 struct llist_head completion_list; 229 }; 230 231 struct vhost_scsi { 232 /* Protected by vhost_scsi->dev.mutex */ 233 struct vhost_scsi_tpg **vs_tpg; 234 char vs_vhost_wwpn[TRANSPORT_IQN_LEN]; 235 236 struct vhost_dev dev; 237 struct vhost_scsi_virtqueue *vqs; 238 struct vhost_scsi_inflight **old_inflight; 239 240 struct vhost_work vs_event_work; /* evt injection work item */ 241 struct llist_head vs_event_list; /* evt injection queue */ 242 243 bool vs_events_missed; /* any missed events, protected by vq->mutex */ 244 int vs_events_nr; /* num of pending events, protected by vq->mutex */ 245 246 unsigned int inline_sg_cnt; 247 }; 248 249 struct vhost_scsi_tmf { 250 struct vhost_work vwork; 251 struct work_struct flush_work; 252 struct vhost_scsi *vhost; 253 struct vhost_scsi_virtqueue *svq; 254 255 struct se_cmd se_cmd; 256 u8 scsi_resp; 257 struct vhost_scsi_inflight *inflight; 258 struct iovec resp_iov; 259 int in_iovs; 260 int vq_desc; 261 }; 262 263 /* 264 * Context for processing request and control queue operations. 265 */ 266 struct vhost_scsi_ctx { 267 int head; 268 unsigned int out, in; 269 size_t req_size, rsp_size; 270 size_t out_size, in_size; 271 u8 *target, *lunp; 272 void *req; 273 struct iov_iter out_iter; 274 }; 275 276 /* 277 * Global mutex to protect vhost_scsi TPG list for vhost IOCTLs and LIO 278 * configfs management operations. 279 */ 280 static DEFINE_MUTEX(vhost_scsi_mutex); 281 static LIST_HEAD(vhost_scsi_list); 282 283 static void vhost_scsi_done_inflight(struct kref *kref) 284 { 285 struct vhost_scsi_inflight *inflight; 286 287 inflight = container_of(kref, struct vhost_scsi_inflight, kref); 288 complete(&inflight->comp); 289 } 290 291 static void vhost_scsi_init_inflight(struct vhost_scsi *vs, 292 struct vhost_scsi_inflight *old_inflight[]) 293 { 294 struct vhost_scsi_inflight *new_inflight; 295 struct vhost_virtqueue *vq; 296 int idx, i; 297 298 for (i = 0; i < vs->dev.nvqs; i++) { 299 vq = &vs->vqs[i].vq; 300 301 mutex_lock(&vq->mutex); 302 303 /* store old infight */ 304 idx = vs->vqs[i].inflight_idx; 305 if (old_inflight) 306 old_inflight[i] = &vs->vqs[i].inflights[idx]; 307 308 /* setup new infight */ 309 vs->vqs[i].inflight_idx = idx ^ 1; 310 new_inflight = &vs->vqs[i].inflights[idx ^ 1]; 311 kref_init(&new_inflight->kref); 312 init_completion(&new_inflight->comp); 313 314 mutex_unlock(&vq->mutex); 315 } 316 } 317 318 static struct vhost_scsi_inflight * 319 vhost_scsi_get_inflight(struct vhost_virtqueue *vq) 320 { 321 struct vhost_scsi_inflight *inflight; 322 struct vhost_scsi_virtqueue *svq; 323 324 svq = container_of(vq, struct vhost_scsi_virtqueue, vq); 325 inflight = &svq->inflights[svq->inflight_idx]; 326 kref_get(&inflight->kref); 327 328 return inflight; 329 } 330 331 static void vhost_scsi_put_inflight(struct vhost_scsi_inflight *inflight) 332 { 333 kref_put(&inflight->kref, vhost_scsi_done_inflight); 334 } 335 336 static int vhost_scsi_check_true(struct se_portal_group *se_tpg) 337 { 338 return 1; 339 } 340 341 static char *vhost_scsi_get_fabric_wwn(struct se_portal_group *se_tpg) 342 { 343 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 344 struct vhost_scsi_tpg, se_tpg); 345 struct vhost_scsi_tport *tport = tpg->tport; 346 347 return &tport->tport_name[0]; 348 } 349 350 static u16 vhost_scsi_get_tpgt(struct se_portal_group *se_tpg) 351 { 352 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 353 struct vhost_scsi_tpg, se_tpg); 354 return tpg->tport_tpgt; 355 } 356 357 static int vhost_scsi_check_prot_fabric_only(struct se_portal_group *se_tpg) 358 { 359 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 360 struct vhost_scsi_tpg, se_tpg); 361 362 return tpg->tv_fabric_prot_type; 363 } 364 365 static void vhost_scsi_release_cmd_res(struct se_cmd *se_cmd) 366 { 367 struct vhost_scsi_cmd *tv_cmd = container_of(se_cmd, 368 struct vhost_scsi_cmd, tvc_se_cmd); 369 struct vhost_scsi_virtqueue *svq = container_of(tv_cmd->tvc_vq, 370 struct vhost_scsi_virtqueue, vq); 371 struct vhost_scsi *vs = svq->vs; 372 struct vhost_scsi_inflight *inflight = tv_cmd->inflight; 373 struct scatterlist *sg; 374 struct page *page; 375 int i; 376 377 if (tv_cmd->tvc_sgl_count) { 378 for_each_sgtable_sg(&tv_cmd->table, sg, i) { 379 page = sg_page(sg); 380 if (!page) 381 continue; 382 383 if (tv_cmd->copied_iov) 384 __free_page(page); 385 else 386 put_page(page); 387 } 388 kfree(tv_cmd->read_iter); 389 kfree(tv_cmd->read_iov); 390 sg_free_table_chained(&tv_cmd->table, vs->inline_sg_cnt); 391 } 392 if (tv_cmd->tvc_prot_sgl_count) { 393 for_each_sgtable_sg(&tv_cmd->prot_table, sg, i) { 394 page = sg_page(sg); 395 if (page) 396 put_page(page); 397 } 398 sg_free_table_chained(&tv_cmd->prot_table, vs->inline_sg_cnt); 399 } 400 401 if (tv_cmd->tvc_resp_iovs != &tv_cmd->tvc_resp_iov) 402 kfree(tv_cmd->tvc_resp_iovs); 403 sbitmap_clear_bit(&svq->scsi_tags, se_cmd->map_tag); 404 vhost_scsi_put_inflight(inflight); 405 } 406 407 static void vhost_scsi_release_tmf_res(struct vhost_scsi_tmf *tmf) 408 { 409 struct vhost_scsi_inflight *inflight = tmf->inflight; 410 411 kfree(tmf); 412 vhost_scsi_put_inflight(inflight); 413 } 414 415 static void vhost_scsi_drop_cmds(struct vhost_scsi_virtqueue *svq) 416 { 417 struct vhost_scsi_cmd *cmd, *t; 418 struct llist_node *llnode; 419 420 llnode = llist_del_all(&svq->completion_list); 421 llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list) 422 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd); 423 } 424 425 static void vhost_scsi_release_cmd(struct se_cmd *se_cmd) 426 { 427 if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB) { 428 struct vhost_scsi_tmf *tmf = container_of(se_cmd, 429 struct vhost_scsi_tmf, se_cmd); 430 431 schedule_work(&tmf->flush_work); 432 } else { 433 struct vhost_scsi_cmd *cmd = container_of(se_cmd, 434 struct vhost_scsi_cmd, tvc_se_cmd); 435 struct vhost_scsi_virtqueue *svq = container_of(cmd->tvc_vq, 436 struct vhost_scsi_virtqueue, vq); 437 438 llist_add(&cmd->tvc_completion_list, &svq->completion_list); 439 if (!vhost_vq_work_queue(&svq->vq, &svq->completion_work)) 440 vhost_scsi_drop_cmds(svq); 441 } 442 } 443 444 static int vhost_scsi_write_pending(struct se_cmd *se_cmd) 445 { 446 /* Go ahead and process the write immediately */ 447 target_execute_cmd(se_cmd); 448 return 0; 449 } 450 451 static int vhost_scsi_queue_data_in(struct se_cmd *se_cmd) 452 { 453 transport_generic_free_cmd(se_cmd, 0); 454 return 0; 455 } 456 457 static int vhost_scsi_queue_status(struct se_cmd *se_cmd) 458 { 459 transport_generic_free_cmd(se_cmd, 0); 460 return 0; 461 } 462 463 static void vhost_scsi_queue_tm_rsp(struct se_cmd *se_cmd) 464 { 465 struct vhost_scsi_tmf *tmf = container_of(se_cmd, struct vhost_scsi_tmf, 466 se_cmd); 467 468 tmf->scsi_resp = se_cmd->se_tmr_req->response; 469 transport_generic_free_cmd(&tmf->se_cmd, 0); 470 } 471 472 static void vhost_scsi_aborted_task(struct se_cmd *se_cmd) 473 { 474 return; 475 } 476 477 static void vhost_scsi_free_evt(struct vhost_scsi *vs, struct vhost_scsi_evt *evt) 478 { 479 vs->vs_events_nr--; 480 kfree(evt); 481 } 482 483 static struct vhost_scsi_evt * 484 vhost_scsi_allocate_evt(struct vhost_scsi *vs, 485 u32 event, u32 reason) 486 { 487 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq; 488 struct vhost_scsi_evt *evt; 489 490 if (vs->vs_events_nr > VHOST_SCSI_MAX_EVENT) { 491 vs->vs_events_missed = true; 492 return NULL; 493 } 494 495 evt = kzalloc(sizeof(*evt), GFP_KERNEL); 496 if (!evt) { 497 vq_err(vq, "Failed to allocate vhost_scsi_evt\n"); 498 vs->vs_events_missed = true; 499 return NULL; 500 } 501 502 evt->event.event = cpu_to_vhost32(vq, event); 503 evt->event.reason = cpu_to_vhost32(vq, reason); 504 vs->vs_events_nr++; 505 506 return evt; 507 } 508 509 static int vhost_scsi_check_stop_free(struct se_cmd *se_cmd) 510 { 511 return target_put_sess_cmd(se_cmd); 512 } 513 514 static void 515 vhost_scsi_do_evt_work(struct vhost_scsi *vs, struct vhost_scsi_evt *evt) 516 { 517 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq; 518 struct virtio_scsi_event *event = &evt->event; 519 struct virtio_scsi_event __user *eventp; 520 unsigned out, in; 521 int head, ret; 522 523 if (!vhost_vq_get_backend(vq)) { 524 vs->vs_events_missed = true; 525 return; 526 } 527 528 again: 529 vhost_disable_notify(&vs->dev, vq); 530 head = vhost_get_vq_desc(vq, vq->iov, 531 ARRAY_SIZE(vq->iov), &out, &in, 532 NULL, NULL); 533 if (head < 0) { 534 vs->vs_events_missed = true; 535 return; 536 } 537 if (head == vq->num) { 538 if (vhost_enable_notify(&vs->dev, vq)) 539 goto again; 540 vs->vs_events_missed = true; 541 return; 542 } 543 544 if ((vq->iov[out].iov_len != sizeof(struct virtio_scsi_event))) { 545 vq_err(vq, "Expecting virtio_scsi_event, got %zu bytes\n", 546 vq->iov[out].iov_len); 547 vs->vs_events_missed = true; 548 return; 549 } 550 551 if (vs->vs_events_missed) { 552 event->event |= cpu_to_vhost32(vq, VIRTIO_SCSI_T_EVENTS_MISSED); 553 vs->vs_events_missed = false; 554 } 555 556 eventp = vq->iov[out].iov_base; 557 ret = __copy_to_user(eventp, event, sizeof(*event)); 558 if (!ret) 559 vhost_add_used_and_signal(&vs->dev, vq, head, 0); 560 else 561 vq_err(vq, "Faulted on vhost_scsi_send_event\n"); 562 } 563 564 static void vhost_scsi_complete_events(struct vhost_scsi *vs, bool drop) 565 { 566 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq; 567 struct vhost_scsi_evt *evt, *t; 568 struct llist_node *llnode; 569 570 mutex_lock(&vq->mutex); 571 llnode = llist_del_all(&vs->vs_event_list); 572 llist_for_each_entry_safe(evt, t, llnode, list) { 573 if (!drop) 574 vhost_scsi_do_evt_work(vs, evt); 575 vhost_scsi_free_evt(vs, evt); 576 } 577 mutex_unlock(&vq->mutex); 578 } 579 580 static void vhost_scsi_evt_work(struct vhost_work *work) 581 { 582 struct vhost_scsi *vs = container_of(work, struct vhost_scsi, 583 vs_event_work); 584 vhost_scsi_complete_events(vs, false); 585 } 586 587 static int vhost_scsi_copy_sgl_to_iov(struct vhost_scsi_cmd *cmd) 588 { 589 struct iov_iter *iter = cmd->read_iter; 590 struct scatterlist *sg; 591 struct page *page; 592 size_t len; 593 int i; 594 595 for_each_sgtable_sg(&cmd->table, sg, i) { 596 page = sg_page(sg); 597 if (!page) 598 continue; 599 600 len = sg->length; 601 602 if (copy_page_to_iter(page, 0, len, iter) != len) { 603 pr_err("Could not copy data while handling misaligned cmd. Error %zu\n", 604 len); 605 return -1; 606 } 607 } 608 609 return 0; 610 } 611 612 /* Fill in status and signal that we are done processing this command 613 * 614 * This is scheduled in the vhost work queue so we are called with the owner 615 * process mm and can access the vring. 616 */ 617 static void vhost_scsi_complete_cmd_work(struct vhost_work *work) 618 { 619 struct vhost_scsi_virtqueue *svq = container_of(work, 620 struct vhost_scsi_virtqueue, completion_work); 621 struct virtio_scsi_cmd_resp v_rsp; 622 struct vhost_scsi_cmd *cmd, *t; 623 struct llist_node *llnode; 624 struct se_cmd *se_cmd; 625 struct iov_iter iov_iter; 626 bool signal = false; 627 int ret; 628 629 llnode = llist_del_all(&svq->completion_list); 630 llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list) { 631 se_cmd = &cmd->tvc_se_cmd; 632 633 pr_debug("%s tv_cmd %p resid %u status %#02x\n", __func__, 634 cmd, se_cmd->residual_count, se_cmd->scsi_status); 635 memset(&v_rsp, 0, sizeof(v_rsp)); 636 637 if (cmd->read_iter && vhost_scsi_copy_sgl_to_iov(cmd)) { 638 v_rsp.response = VIRTIO_SCSI_S_BAD_TARGET; 639 } else { 640 v_rsp.resid = cpu_to_vhost32(cmd->tvc_vq, 641 se_cmd->residual_count); 642 /* TODO is status_qualifier field needed? */ 643 v_rsp.status = se_cmd->scsi_status; 644 v_rsp.sense_len = cpu_to_vhost32(cmd->tvc_vq, 645 se_cmd->scsi_sense_length); 646 memcpy(v_rsp.sense, cmd->tvc_sense_buf, 647 se_cmd->scsi_sense_length); 648 } 649 650 iov_iter_init(&iov_iter, ITER_DEST, cmd->tvc_resp_iovs, 651 cmd->tvc_resp_iovs_cnt, sizeof(v_rsp)); 652 ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter); 653 if (likely(ret == sizeof(v_rsp))) { 654 signal = true; 655 656 vhost_add_used(cmd->tvc_vq, cmd->tvc_vq_desc, 0); 657 } else 658 pr_err("Faulted on virtio_scsi_cmd_resp\n"); 659 660 vhost_scsi_release_cmd_res(se_cmd); 661 } 662 663 if (signal) 664 vhost_signal(&svq->vs->dev, &svq->vq); 665 } 666 667 static struct vhost_scsi_cmd * 668 vhost_scsi_get_cmd(struct vhost_virtqueue *vq, u64 scsi_tag) 669 { 670 struct vhost_scsi_virtqueue *svq = container_of(vq, 671 struct vhost_scsi_virtqueue, vq); 672 struct vhost_scsi_cmd *cmd; 673 struct scatterlist *sgl, *prot_sgl; 674 int tag; 675 676 tag = sbitmap_get(&svq->scsi_tags); 677 if (tag < 0) { 678 pr_warn_once("Guest sent too many cmds. Returning TASK_SET_FULL.\n"); 679 return ERR_PTR(-ENOMEM); 680 } 681 682 cmd = &svq->scsi_cmds[tag]; 683 sgl = cmd->sgl; 684 prot_sgl = cmd->prot_sgl; 685 memset(cmd, 0, sizeof(*cmd)); 686 cmd->sgl = sgl; 687 cmd->prot_sgl = prot_sgl; 688 cmd->tvc_se_cmd.map_tag = tag; 689 cmd->inflight = vhost_scsi_get_inflight(vq); 690 691 return cmd; 692 } 693 694 static void vhost_scsi_revert_map_iov_to_sgl(struct iov_iter *iter, 695 struct scatterlist *curr, 696 struct scatterlist *end) 697 { 698 size_t revert_bytes = 0; 699 struct page *page; 700 701 while (curr != end) { 702 page = sg_page(curr); 703 704 if (page) { 705 put_page(page); 706 revert_bytes += curr->length; 707 } 708 /* Clear so we can re-use it for the copy path */ 709 sg_set_page(curr, NULL, 0, 0); 710 curr = sg_next(curr); 711 } 712 iov_iter_revert(iter, revert_bytes); 713 } 714 715 /* 716 * Map a user memory range into a scatterlist 717 * 718 * Returns the number of scatterlist entries used or -errno on error. 719 */ 720 static int 721 vhost_scsi_map_to_sgl(struct vhost_scsi_cmd *cmd, 722 struct iov_iter *iter, 723 struct sg_table *sg_table, 724 struct scatterlist **sgl, 725 bool is_prot) 726 { 727 struct vhost_scsi_virtqueue *svq = container_of(cmd->tvc_vq, 728 struct vhost_scsi_virtqueue, vq); 729 struct page **pages = svq->upages; 730 struct scatterlist *sg = *sgl; 731 ssize_t bytes; 732 size_t offset; 733 unsigned int n, npages = 0; 734 735 bytes = iov_iter_get_pages2(iter, pages, LONG_MAX, 736 VHOST_SCSI_PREALLOC_UPAGES, &offset); 737 /* No pages were pinned */ 738 if (bytes <= 0) 739 return bytes < 0 ? bytes : -EFAULT; 740 741 while (bytes) { 742 n = min_t(unsigned int, PAGE_SIZE - offset, bytes); 743 /* 744 * The block layer requires bios/requests to be a multiple of 745 * 512 bytes, but Windows can send us vecs that are misaligned. 746 * This can result in bios and later requests with misaligned 747 * sizes if we have to break up a cmd/scatterlist into multiple 748 * bios. 749 * 750 * We currently only break up a command into multiple bios if 751 * we hit the vec/seg limit, so check if our sgl_count is 752 * greater than the max and if a vec in the cmd has a 753 * misaligned offset/size. 754 */ 755 if (!is_prot && 756 (offset & (SECTOR_SIZE - 1) || n & (SECTOR_SIZE - 1)) && 757 cmd->tvc_sgl_count > BIO_MAX_VECS) { 758 WARN_ONCE(true, 759 "vhost-scsi detected misaligned IO. Performance may be degraded."); 760 goto revert_iter_get_pages; 761 } 762 763 sg_set_page(sg, pages[npages++], n, offset); 764 sg = sg_next(sg); 765 bytes -= n; 766 offset = 0; 767 } 768 769 *sgl = sg; 770 return npages; 771 772 revert_iter_get_pages: 773 vhost_scsi_revert_map_iov_to_sgl(iter, *sgl, sg); 774 775 iov_iter_revert(iter, bytes); 776 while (bytes) { 777 n = min_t(unsigned int, PAGE_SIZE, bytes); 778 779 put_page(pages[npages++]); 780 bytes -= n; 781 } 782 783 return -EINVAL; 784 } 785 786 static int 787 vhost_scsi_calc_sgls(struct iov_iter *iter, size_t bytes, int max_sgls) 788 { 789 int sgl_count = 0; 790 791 if (!iter || !iter_iov(iter)) { 792 pr_err("%s: iter->iov is NULL, but expected bytes: %zu" 793 " present\n", __func__, bytes); 794 return -EINVAL; 795 } 796 797 sgl_count = iov_iter_npages(iter, 0xffff); 798 if (sgl_count > max_sgls) { 799 pr_err("%s: requested sgl_count: %d exceeds pre-allocated" 800 " max_sgls: %d\n", __func__, sgl_count, max_sgls); 801 return -EINVAL; 802 } 803 return sgl_count; 804 } 805 806 static int 807 vhost_scsi_copy_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter, 808 struct sg_table *sg_table, int sg_count, 809 int data_dir) 810 { 811 size_t len = iov_iter_count(iter); 812 unsigned int nbytes = 0; 813 struct scatterlist *sg; 814 struct page *page; 815 int i, ret; 816 817 if (data_dir == DMA_FROM_DEVICE) { 818 cmd->read_iter = kzalloc(sizeof(*cmd->read_iter), GFP_KERNEL); 819 if (!cmd->read_iter) 820 return -ENOMEM; 821 822 cmd->read_iov = dup_iter(cmd->read_iter, iter, GFP_KERNEL); 823 if (!cmd->read_iov) { 824 ret = -ENOMEM; 825 goto free_iter; 826 } 827 } 828 829 for_each_sgtable_sg(sg_table, sg, i) { 830 page = alloc_page(GFP_KERNEL); 831 if (!page) { 832 ret = -ENOMEM; 833 goto err; 834 } 835 836 nbytes = min_t(unsigned int, PAGE_SIZE, len); 837 sg_set_page(sg, page, nbytes, 0); 838 839 if (data_dir == DMA_TO_DEVICE && 840 copy_page_from_iter(page, 0, nbytes, iter) != nbytes) { 841 ret = -EFAULT; 842 goto err; 843 } 844 845 len -= nbytes; 846 } 847 848 cmd->copied_iov = 1; 849 return 0; 850 851 err: 852 pr_err("Could not read %u bytes while handling misaligned cmd\n", 853 nbytes); 854 855 for_each_sgtable_sg(sg_table, sg, i) { 856 page = sg_page(sg); 857 if (page) 858 __free_page(page); 859 } 860 kfree(cmd->read_iov); 861 free_iter: 862 kfree(cmd->read_iter); 863 return ret; 864 } 865 866 static int 867 vhost_scsi_map_iov_to_sgl(struct vhost_scsi_cmd *cmd, struct iov_iter *iter, 868 struct sg_table *sg_table, int sg_count, bool is_prot) 869 { 870 struct scatterlist *sg = sg_table->sgl; 871 int ret; 872 873 while (iov_iter_count(iter)) { 874 ret = vhost_scsi_map_to_sgl(cmd, iter, sg_table, &sg, is_prot); 875 if (ret < 0) { 876 vhost_scsi_revert_map_iov_to_sgl(iter, sg_table->sgl, 877 sg); 878 return ret; 879 } 880 } 881 882 return 0; 883 } 884 885 static int 886 vhost_scsi_mapal(struct vhost_scsi *vs, struct vhost_scsi_cmd *cmd, 887 size_t prot_bytes, struct iov_iter *prot_iter, 888 size_t data_bytes, struct iov_iter *data_iter, int data_dir) 889 { 890 int sgl_count, ret; 891 892 if (prot_bytes) { 893 sgl_count = vhost_scsi_calc_sgls(prot_iter, prot_bytes, 894 VHOST_SCSI_PREALLOC_PROT_SGLS); 895 cmd->prot_table.sgl = cmd->prot_sgl; 896 ret = sg_alloc_table_chained(&cmd->prot_table, sgl_count, 897 cmd->prot_table.sgl, 898 vs->inline_sg_cnt); 899 if (ret) 900 return ret; 901 902 cmd->tvc_prot_sgl_count = sgl_count; 903 pr_debug("%s prot_sg %p prot_sgl_count %u\n", __func__, 904 cmd->prot_table.sgl, cmd->tvc_prot_sgl_count); 905 906 ret = vhost_scsi_map_iov_to_sgl(cmd, prot_iter, 907 &cmd->prot_table, 908 cmd->tvc_prot_sgl_count, true); 909 if (ret < 0) { 910 sg_free_table_chained(&cmd->prot_table, 911 vs->inline_sg_cnt); 912 cmd->tvc_prot_sgl_count = 0; 913 return ret; 914 } 915 } 916 sgl_count = vhost_scsi_calc_sgls(data_iter, data_bytes, 917 VHOST_SCSI_PREALLOC_SGLS); 918 if (sgl_count < 0) 919 return sgl_count; 920 921 cmd->table.sgl = cmd->sgl; 922 ret = sg_alloc_table_chained(&cmd->table, sgl_count, cmd->table.sgl, 923 vs->inline_sg_cnt); 924 if (ret) 925 return ret; 926 927 cmd->tvc_sgl_count = sgl_count; 928 pr_debug("%s data_sg %p data_sgl_count %u\n", __func__, 929 cmd->table.sgl, cmd->tvc_sgl_count); 930 931 ret = vhost_scsi_map_iov_to_sgl(cmd, data_iter, &cmd->table, 932 cmd->tvc_sgl_count, false); 933 if (ret == -EINVAL) 934 ret = vhost_scsi_copy_iov_to_sgl(cmd, data_iter, &cmd->table, 935 cmd->tvc_sgl_count, data_dir); 936 if (ret < 0) { 937 sg_free_table_chained(&cmd->table, vs->inline_sg_cnt); 938 cmd->tvc_sgl_count = 0; 939 return ret; 940 } 941 return 0; 942 } 943 944 static int vhost_scsi_to_tcm_attr(int attr) 945 { 946 switch (attr) { 947 case VIRTIO_SCSI_S_SIMPLE: 948 return TCM_SIMPLE_TAG; 949 case VIRTIO_SCSI_S_ORDERED: 950 return TCM_ORDERED_TAG; 951 case VIRTIO_SCSI_S_HEAD: 952 return TCM_HEAD_TAG; 953 case VIRTIO_SCSI_S_ACA: 954 return TCM_ACA_TAG; 955 default: 956 break; 957 } 958 return TCM_SIMPLE_TAG; 959 } 960 961 static void vhost_scsi_target_queue_cmd(struct vhost_scsi_nexus *nexus, 962 struct vhost_scsi_cmd *cmd, 963 unsigned char *cdb, u16 lun, 964 int task_attr, int data_dir, 965 u32 exp_data_len) 966 { 967 struct se_cmd *se_cmd = &cmd->tvc_se_cmd; 968 struct scatterlist *sg_ptr, *sg_prot_ptr = NULL; 969 970 /* FIXME: BIDI operation */ 971 if (cmd->tvc_sgl_count) { 972 sg_ptr = cmd->table.sgl; 973 974 if (cmd->tvc_prot_sgl_count) 975 sg_prot_ptr = cmd->prot_table.sgl; 976 else 977 se_cmd->prot_pto = true; 978 } else { 979 sg_ptr = NULL; 980 } 981 982 se_cmd->tag = 0; 983 target_init_cmd(se_cmd, nexus->tvn_se_sess, &cmd->tvc_sense_buf[0], 984 lun, exp_data_len, vhost_scsi_to_tcm_attr(task_attr), 985 data_dir, TARGET_SCF_ACK_KREF); 986 987 if (target_submit_prep(se_cmd, cdb, sg_ptr, 988 cmd->tvc_sgl_count, NULL, 0, sg_prot_ptr, 989 cmd->tvc_prot_sgl_count, GFP_KERNEL)) 990 return; 991 992 target_submit(se_cmd); 993 } 994 995 static void 996 vhost_scsi_send_status(struct vhost_scsi *vs, struct vhost_virtqueue *vq, 997 int head, unsigned int out, u8 status) 998 { 999 struct virtio_scsi_cmd_resp __user *resp; 1000 struct virtio_scsi_cmd_resp rsp; 1001 int ret; 1002 1003 memset(&rsp, 0, sizeof(rsp)); 1004 rsp.status = status; 1005 resp = vq->iov[out].iov_base; 1006 ret = __copy_to_user(resp, &rsp, sizeof(rsp)); 1007 if (!ret) 1008 vhost_add_used_and_signal(&vs->dev, vq, head, 0); 1009 else 1010 pr_err("Faulted on virtio_scsi_cmd_resp\n"); 1011 } 1012 1013 static void 1014 vhost_scsi_send_bad_target(struct vhost_scsi *vs, 1015 struct vhost_virtqueue *vq, 1016 int head, unsigned out) 1017 { 1018 struct virtio_scsi_cmd_resp __user *resp; 1019 struct virtio_scsi_cmd_resp rsp; 1020 int ret; 1021 1022 memset(&rsp, 0, sizeof(rsp)); 1023 rsp.response = VIRTIO_SCSI_S_BAD_TARGET; 1024 resp = vq->iov[out].iov_base; 1025 ret = __copy_to_user(resp, &rsp, sizeof(rsp)); 1026 if (!ret) 1027 vhost_add_used_and_signal(&vs->dev, vq, head, 0); 1028 else 1029 pr_err("Faulted on virtio_scsi_cmd_resp\n"); 1030 } 1031 1032 static int 1033 vhost_scsi_get_desc(struct vhost_scsi *vs, struct vhost_virtqueue *vq, 1034 struct vhost_scsi_ctx *vc) 1035 { 1036 int ret = -ENXIO; 1037 1038 vc->head = vhost_get_vq_desc(vq, vq->iov, 1039 ARRAY_SIZE(vq->iov), &vc->out, &vc->in, 1040 NULL, NULL); 1041 1042 pr_debug("vhost_get_vq_desc: head: %d, out: %u in: %u\n", 1043 vc->head, vc->out, vc->in); 1044 1045 /* On error, stop handling until the next kick. */ 1046 if (unlikely(vc->head < 0)) 1047 goto done; 1048 1049 /* Nothing new? Wait for eventfd to tell us they refilled. */ 1050 if (vc->head == vq->num) { 1051 if (unlikely(vhost_enable_notify(&vs->dev, vq))) { 1052 vhost_disable_notify(&vs->dev, vq); 1053 ret = -EAGAIN; 1054 } 1055 goto done; 1056 } 1057 1058 /* 1059 * Get the size of request and response buffers. 1060 * FIXME: Not correct for BIDI operation 1061 */ 1062 vc->out_size = iov_length(vq->iov, vc->out); 1063 vc->in_size = iov_length(&vq->iov[vc->out], vc->in); 1064 1065 /* 1066 * Copy over the virtio-scsi request header, which for a 1067 * ANY_LAYOUT enabled guest may span multiple iovecs, or a 1068 * single iovec may contain both the header + outgoing 1069 * WRITE payloads. 1070 * 1071 * copy_from_iter() will advance out_iter, so that it will 1072 * point at the start of the outgoing WRITE payload, if 1073 * DMA_TO_DEVICE is set. 1074 */ 1075 iov_iter_init(&vc->out_iter, ITER_SOURCE, vq->iov, vc->out, vc->out_size); 1076 ret = 0; 1077 1078 done: 1079 return ret; 1080 } 1081 1082 static int 1083 vhost_scsi_chk_size(struct vhost_virtqueue *vq, struct vhost_scsi_ctx *vc) 1084 { 1085 if (unlikely(vc->in_size < vc->rsp_size)) { 1086 vq_err(vq, 1087 "Response buf too small, need min %zu bytes got %zu", 1088 vc->rsp_size, vc->in_size); 1089 return -EINVAL; 1090 } else if (unlikely(vc->out_size < vc->req_size)) { 1091 vq_err(vq, 1092 "Request buf too small, need min %zu bytes got %zu", 1093 vc->req_size, vc->out_size); 1094 return -EIO; 1095 } 1096 1097 return 0; 1098 } 1099 1100 static int 1101 vhost_scsi_get_req(struct vhost_virtqueue *vq, struct vhost_scsi_ctx *vc, 1102 struct vhost_scsi_tpg **tpgp) 1103 { 1104 int ret = -EIO; 1105 1106 if (unlikely(!copy_from_iter_full(vc->req, vc->req_size, 1107 &vc->out_iter))) { 1108 vq_err(vq, "Faulted on copy_from_iter_full\n"); 1109 } else if (unlikely(*vc->lunp != 1)) { 1110 /* virtio-scsi spec requires byte 0 of the lun to be 1 */ 1111 vq_err(vq, "Illegal virtio-scsi lun: %u\n", *vc->lunp); 1112 } else { 1113 struct vhost_scsi_tpg **vs_tpg, *tpg = NULL; 1114 1115 if (vc->target) { 1116 /* validated at handler entry */ 1117 vs_tpg = vhost_vq_get_backend(vq); 1118 tpg = READ_ONCE(vs_tpg[*vc->target]); 1119 if (unlikely(!tpg)) { 1120 vq_err(vq, "Target 0x%x does not exist\n", *vc->target); 1121 goto out; 1122 } 1123 } 1124 1125 if (tpgp) 1126 *tpgp = tpg; 1127 ret = 0; 1128 } 1129 out: 1130 return ret; 1131 } 1132 1133 static int 1134 vhost_scsi_setup_resp_iovs(struct vhost_scsi_cmd *cmd, struct iovec *in_iovs, 1135 unsigned int in_iovs_cnt) 1136 { 1137 int i, cnt; 1138 1139 if (!in_iovs_cnt) 1140 return 0; 1141 /* 1142 * Initiator's normally just put the virtio_scsi_cmd_resp in the first 1143 * iov, but just in case they wedged in some data with it we check for 1144 * greater than or equal to the response struct. 1145 */ 1146 if (in_iovs[0].iov_len >= sizeof(struct virtio_scsi_cmd_resp)) { 1147 cmd->tvc_resp_iovs = &cmd->tvc_resp_iov; 1148 cmd->tvc_resp_iovs_cnt = 1; 1149 } else { 1150 /* 1151 * Legacy descriptor layouts didn't specify that we must put 1152 * the entire response in one iov. Worst case we have a 1153 * iov per byte. 1154 */ 1155 cnt = min(VHOST_SCSI_MAX_RESP_IOVS, in_iovs_cnt); 1156 cmd->tvc_resp_iovs = kcalloc(cnt, sizeof(struct iovec), 1157 GFP_KERNEL); 1158 if (!cmd->tvc_resp_iovs) 1159 return -ENOMEM; 1160 1161 cmd->tvc_resp_iovs_cnt = cnt; 1162 } 1163 1164 for (i = 0; i < cmd->tvc_resp_iovs_cnt; i++) 1165 cmd->tvc_resp_iovs[i] = in_iovs[i]; 1166 1167 return 0; 1168 } 1169 1170 static u16 vhost_buf_to_lun(u8 *lun_buf) 1171 { 1172 return ((lun_buf[2] << 8) | lun_buf[3]) & 0x3FFF; 1173 } 1174 1175 static void 1176 vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq) 1177 { 1178 struct vhost_scsi_tpg **vs_tpg, *tpg; 1179 struct virtio_scsi_cmd_req v_req; 1180 struct virtio_scsi_cmd_req_pi v_req_pi; 1181 struct vhost_scsi_nexus *nexus; 1182 struct vhost_scsi_ctx vc; 1183 struct vhost_scsi_cmd *cmd; 1184 struct iov_iter in_iter, prot_iter, data_iter; 1185 u64 tag; 1186 u32 exp_data_len, data_direction; 1187 int ret, prot_bytes, c = 0; 1188 u16 lun; 1189 u8 task_attr; 1190 bool t10_pi = vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI); 1191 u8 *cdb; 1192 1193 mutex_lock(&vq->mutex); 1194 /* 1195 * We can handle the vq only after the endpoint is setup by calling the 1196 * VHOST_SCSI_SET_ENDPOINT ioctl. 1197 */ 1198 vs_tpg = vhost_vq_get_backend(vq); 1199 if (!vs_tpg) 1200 goto out; 1201 1202 memset(&vc, 0, sizeof(vc)); 1203 vc.rsp_size = sizeof(struct virtio_scsi_cmd_resp); 1204 1205 vhost_disable_notify(&vs->dev, vq); 1206 1207 do { 1208 ret = vhost_scsi_get_desc(vs, vq, &vc); 1209 if (ret) 1210 goto err; 1211 1212 /* 1213 * Setup pointers and values based upon different virtio-scsi 1214 * request header if T10_PI is enabled in KVM guest. 1215 */ 1216 if (t10_pi) { 1217 vc.req = &v_req_pi; 1218 vc.req_size = sizeof(v_req_pi); 1219 vc.lunp = &v_req_pi.lun[0]; 1220 vc.target = &v_req_pi.lun[1]; 1221 } else { 1222 vc.req = &v_req; 1223 vc.req_size = sizeof(v_req); 1224 vc.lunp = &v_req.lun[0]; 1225 vc.target = &v_req.lun[1]; 1226 } 1227 1228 /* 1229 * Validate the size of request and response buffers. 1230 * Check for a sane response buffer so we can report 1231 * early errors back to the guest. 1232 */ 1233 ret = vhost_scsi_chk_size(vq, &vc); 1234 if (ret) 1235 goto err; 1236 1237 ret = vhost_scsi_get_req(vq, &vc, &tpg); 1238 if (ret) 1239 goto err; 1240 1241 ret = -EIO; /* bad target on any error from here on */ 1242 1243 /* 1244 * Determine data_direction by calculating the total outgoing 1245 * iovec sizes + incoming iovec sizes vs. virtio-scsi request + 1246 * response headers respectively. 1247 * 1248 * For DMA_TO_DEVICE this is out_iter, which is already pointing 1249 * to the right place. 1250 * 1251 * For DMA_FROM_DEVICE, the iovec will be just past the end 1252 * of the virtio-scsi response header in either the same 1253 * or immediately following iovec. 1254 * 1255 * Any associated T10_PI bytes for the outgoing / incoming 1256 * payloads are included in calculation of exp_data_len here. 1257 */ 1258 prot_bytes = 0; 1259 1260 if (vc.out_size > vc.req_size) { 1261 data_direction = DMA_TO_DEVICE; 1262 exp_data_len = vc.out_size - vc.req_size; 1263 data_iter = vc.out_iter; 1264 } else if (vc.in_size > vc.rsp_size) { 1265 data_direction = DMA_FROM_DEVICE; 1266 exp_data_len = vc.in_size - vc.rsp_size; 1267 1268 iov_iter_init(&in_iter, ITER_DEST, &vq->iov[vc.out], vc.in, 1269 vc.rsp_size + exp_data_len); 1270 iov_iter_advance(&in_iter, vc.rsp_size); 1271 data_iter = in_iter; 1272 } else { 1273 data_direction = DMA_NONE; 1274 exp_data_len = 0; 1275 } 1276 /* 1277 * If T10_PI header + payload is present, setup prot_iter values 1278 * and recalculate data_iter for vhost_scsi_mapal() mapping to 1279 * host scatterlists via get_user_pages_fast(). 1280 */ 1281 if (t10_pi) { 1282 if (v_req_pi.pi_bytesout) { 1283 if (data_direction != DMA_TO_DEVICE) { 1284 vq_err(vq, "Received non zero pi_bytesout," 1285 " but wrong data_direction\n"); 1286 goto err; 1287 } 1288 prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesout); 1289 } else if (v_req_pi.pi_bytesin) { 1290 if (data_direction != DMA_FROM_DEVICE) { 1291 vq_err(vq, "Received non zero pi_bytesin," 1292 " but wrong data_direction\n"); 1293 goto err; 1294 } 1295 prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesin); 1296 } 1297 /* 1298 * Set prot_iter to data_iter and truncate it to 1299 * prot_bytes, and advance data_iter past any 1300 * preceding prot_bytes that may be present. 1301 * 1302 * Also fix up the exp_data_len to reflect only the 1303 * actual data payload length. 1304 */ 1305 if (prot_bytes) { 1306 exp_data_len -= prot_bytes; 1307 prot_iter = data_iter; 1308 iov_iter_truncate(&prot_iter, prot_bytes); 1309 iov_iter_advance(&data_iter, prot_bytes); 1310 } 1311 tag = vhost64_to_cpu(vq, v_req_pi.tag); 1312 task_attr = v_req_pi.task_attr; 1313 cdb = &v_req_pi.cdb[0]; 1314 lun = vhost_buf_to_lun(v_req_pi.lun); 1315 } else { 1316 tag = vhost64_to_cpu(vq, v_req.tag); 1317 task_attr = v_req.task_attr; 1318 cdb = &v_req.cdb[0]; 1319 lun = vhost_buf_to_lun(v_req.lun); 1320 } 1321 /* 1322 * Check that the received CDB size does not exceeded our 1323 * hardcoded max for vhost-scsi, then get a pre-allocated 1324 * cmd descriptor for the new virtio-scsi tag. 1325 * 1326 * TODO what if cdb was too small for varlen cdb header? 1327 */ 1328 if (unlikely(scsi_command_size(cdb) > VHOST_SCSI_MAX_CDB_SIZE)) { 1329 vq_err(vq, "Received SCSI CDB with command_size: %d that" 1330 " exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n", 1331 scsi_command_size(cdb), VHOST_SCSI_MAX_CDB_SIZE); 1332 goto err; 1333 } 1334 1335 nexus = tpg->tpg_nexus; 1336 if (!nexus) { 1337 vq_err(vq, "Unable to locate active struct vhost_scsi_nexus\n"); 1338 ret = -EIO; 1339 goto err; 1340 } 1341 1342 cmd = vhost_scsi_get_cmd(vq, tag); 1343 if (IS_ERR(cmd)) { 1344 ret = PTR_ERR(cmd); 1345 vq_err(vq, "vhost_scsi_get_tag failed %dd\n", ret); 1346 goto err; 1347 } 1348 cmd->tvc_vq = vq; 1349 1350 ret = vhost_scsi_setup_resp_iovs(cmd, &vq->iov[vc.out], vc.in); 1351 if (ret) { 1352 vq_err(vq, "Failed to alloc recv iovs\n"); 1353 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd); 1354 goto err; 1355 } 1356 1357 pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n", 1358 cdb[0], lun); 1359 pr_debug("cmd: %p exp_data_len: %d, prot_bytes: %d data_direction:" 1360 " %d\n", cmd, exp_data_len, prot_bytes, data_direction); 1361 1362 if (data_direction != DMA_NONE) { 1363 ret = vhost_scsi_mapal(vs, cmd, prot_bytes, &prot_iter, 1364 exp_data_len, &data_iter, 1365 data_direction); 1366 if (unlikely(ret)) { 1367 vq_err(vq, "Failed to map iov to sgl\n"); 1368 vhost_scsi_release_cmd_res(&cmd->tvc_se_cmd); 1369 goto err; 1370 } 1371 } 1372 /* 1373 * Save the descriptor from vhost_get_vq_desc() to be used to 1374 * complete the virtio-scsi request in TCM callback context via 1375 * vhost_scsi_queue_data_in() and vhost_scsi_queue_status() 1376 */ 1377 cmd->tvc_vq_desc = vc.head; 1378 vhost_scsi_target_queue_cmd(nexus, cmd, cdb, lun, task_attr, 1379 data_direction, 1380 exp_data_len + prot_bytes); 1381 ret = 0; 1382 err: 1383 /* 1384 * ENXIO: No more requests, or read error, wait for next kick 1385 * EINVAL: Invalid response buffer, drop the request 1386 * EIO: Respond with bad target 1387 * EAGAIN: Pending request 1388 * ENOMEM: Could not allocate resources for request 1389 */ 1390 if (ret == -ENXIO) 1391 break; 1392 else if (ret == -EIO) 1393 vhost_scsi_send_bad_target(vs, vq, vc.head, vc.out); 1394 else if (ret == -ENOMEM) 1395 vhost_scsi_send_status(vs, vq, vc.head, vc.out, 1396 SAM_STAT_TASK_SET_FULL); 1397 } while (likely(!vhost_exceeds_weight(vq, ++c, 0))); 1398 out: 1399 mutex_unlock(&vq->mutex); 1400 } 1401 1402 static void 1403 vhost_scsi_send_tmf_resp(struct vhost_scsi *vs, struct vhost_virtqueue *vq, 1404 int in_iovs, int vq_desc, struct iovec *resp_iov, 1405 int tmf_resp_code) 1406 { 1407 struct virtio_scsi_ctrl_tmf_resp rsp; 1408 struct iov_iter iov_iter; 1409 int ret; 1410 1411 pr_debug("%s\n", __func__); 1412 memset(&rsp, 0, sizeof(rsp)); 1413 rsp.response = tmf_resp_code; 1414 1415 iov_iter_init(&iov_iter, ITER_DEST, resp_iov, in_iovs, sizeof(rsp)); 1416 1417 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter); 1418 if (likely(ret == sizeof(rsp))) 1419 vhost_add_used_and_signal(&vs->dev, vq, vq_desc, 0); 1420 else 1421 pr_err("Faulted on virtio_scsi_ctrl_tmf_resp\n"); 1422 } 1423 1424 static void vhost_scsi_tmf_resp_work(struct vhost_work *work) 1425 { 1426 struct vhost_scsi_tmf *tmf = container_of(work, struct vhost_scsi_tmf, 1427 vwork); 1428 int resp_code; 1429 1430 if (tmf->scsi_resp == TMR_FUNCTION_COMPLETE) 1431 resp_code = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; 1432 else 1433 resp_code = VIRTIO_SCSI_S_FUNCTION_REJECTED; 1434 1435 vhost_scsi_send_tmf_resp(tmf->vhost, &tmf->svq->vq, tmf->in_iovs, 1436 tmf->vq_desc, &tmf->resp_iov, resp_code); 1437 vhost_scsi_release_tmf_res(tmf); 1438 } 1439 1440 static void vhost_scsi_tmf_flush_work(struct work_struct *work) 1441 { 1442 struct vhost_scsi_tmf *tmf = container_of(work, struct vhost_scsi_tmf, 1443 flush_work); 1444 struct vhost_virtqueue *vq = &tmf->svq->vq; 1445 /* 1446 * Make sure we have sent responses for other commands before we 1447 * send our response. 1448 */ 1449 vhost_dev_flush(vq->dev); 1450 if (!vhost_vq_work_queue(vq, &tmf->vwork)) 1451 vhost_scsi_release_tmf_res(tmf); 1452 } 1453 1454 static void 1455 vhost_scsi_handle_tmf(struct vhost_scsi *vs, struct vhost_scsi_tpg *tpg, 1456 struct vhost_virtqueue *vq, 1457 struct virtio_scsi_ctrl_tmf_req *vtmf, 1458 struct vhost_scsi_ctx *vc) 1459 { 1460 struct vhost_scsi_virtqueue *svq = container_of(vq, 1461 struct vhost_scsi_virtqueue, vq); 1462 struct vhost_scsi_tmf *tmf; 1463 1464 if (vhost32_to_cpu(vq, vtmf->subtype) != 1465 VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET) 1466 goto send_reject; 1467 1468 if (!tpg->tpg_nexus || !tpg->tpg_nexus->tvn_se_sess) { 1469 pr_err("Unable to locate active struct vhost_scsi_nexus for LUN RESET.\n"); 1470 goto send_reject; 1471 } 1472 1473 tmf = kzalloc(sizeof(*tmf), GFP_KERNEL); 1474 if (!tmf) 1475 goto send_reject; 1476 1477 INIT_WORK(&tmf->flush_work, vhost_scsi_tmf_flush_work); 1478 vhost_work_init(&tmf->vwork, vhost_scsi_tmf_resp_work); 1479 tmf->vhost = vs; 1480 tmf->svq = svq; 1481 tmf->resp_iov = vq->iov[vc->out]; 1482 tmf->vq_desc = vc->head; 1483 tmf->in_iovs = vc->in; 1484 tmf->inflight = vhost_scsi_get_inflight(vq); 1485 1486 if (target_submit_tmr(&tmf->se_cmd, tpg->tpg_nexus->tvn_se_sess, NULL, 1487 vhost_buf_to_lun(vtmf->lun), NULL, 1488 TMR_LUN_RESET, GFP_KERNEL, 0, 1489 TARGET_SCF_ACK_KREF) < 0) { 1490 vhost_scsi_release_tmf_res(tmf); 1491 goto send_reject; 1492 } 1493 1494 return; 1495 1496 send_reject: 1497 vhost_scsi_send_tmf_resp(vs, vq, vc->in, vc->head, &vq->iov[vc->out], 1498 VIRTIO_SCSI_S_FUNCTION_REJECTED); 1499 } 1500 1501 static void 1502 vhost_scsi_send_an_resp(struct vhost_scsi *vs, 1503 struct vhost_virtqueue *vq, 1504 struct vhost_scsi_ctx *vc) 1505 { 1506 struct virtio_scsi_ctrl_an_resp rsp; 1507 struct iov_iter iov_iter; 1508 int ret; 1509 1510 pr_debug("%s\n", __func__); 1511 memset(&rsp, 0, sizeof(rsp)); /* event_actual = 0 */ 1512 rsp.response = VIRTIO_SCSI_S_OK; 1513 1514 iov_iter_init(&iov_iter, ITER_DEST, &vq->iov[vc->out], vc->in, sizeof(rsp)); 1515 1516 ret = copy_to_iter(&rsp, sizeof(rsp), &iov_iter); 1517 if (likely(ret == sizeof(rsp))) 1518 vhost_add_used_and_signal(&vs->dev, vq, vc->head, 0); 1519 else 1520 pr_err("Faulted on virtio_scsi_ctrl_an_resp\n"); 1521 } 1522 1523 static void 1524 vhost_scsi_ctl_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq) 1525 { 1526 struct vhost_scsi_tpg *tpg; 1527 union { 1528 __virtio32 type; 1529 struct virtio_scsi_ctrl_an_req an; 1530 struct virtio_scsi_ctrl_tmf_req tmf; 1531 } v_req; 1532 struct vhost_scsi_ctx vc; 1533 size_t typ_size; 1534 int ret, c = 0; 1535 1536 mutex_lock(&vq->mutex); 1537 /* 1538 * We can handle the vq only after the endpoint is setup by calling the 1539 * VHOST_SCSI_SET_ENDPOINT ioctl. 1540 */ 1541 if (!vhost_vq_get_backend(vq)) 1542 goto out; 1543 1544 memset(&vc, 0, sizeof(vc)); 1545 1546 vhost_disable_notify(&vs->dev, vq); 1547 1548 do { 1549 ret = vhost_scsi_get_desc(vs, vq, &vc); 1550 if (ret) 1551 goto err; 1552 1553 /* 1554 * Get the request type first in order to setup 1555 * other parameters dependent on the type. 1556 */ 1557 vc.req = &v_req.type; 1558 typ_size = sizeof(v_req.type); 1559 1560 if (unlikely(!copy_from_iter_full(vc.req, typ_size, 1561 &vc.out_iter))) { 1562 vq_err(vq, "Faulted on copy_from_iter tmf type\n"); 1563 /* 1564 * The size of the response buffer depends on the 1565 * request type and must be validated against it. 1566 * Since the request type is not known, don't send 1567 * a response. 1568 */ 1569 continue; 1570 } 1571 1572 switch (vhost32_to_cpu(vq, v_req.type)) { 1573 case VIRTIO_SCSI_T_TMF: 1574 vc.req = &v_req.tmf; 1575 vc.req_size = sizeof(struct virtio_scsi_ctrl_tmf_req); 1576 vc.rsp_size = sizeof(struct virtio_scsi_ctrl_tmf_resp); 1577 vc.lunp = &v_req.tmf.lun[0]; 1578 vc.target = &v_req.tmf.lun[1]; 1579 break; 1580 case VIRTIO_SCSI_T_AN_QUERY: 1581 case VIRTIO_SCSI_T_AN_SUBSCRIBE: 1582 vc.req = &v_req.an; 1583 vc.req_size = sizeof(struct virtio_scsi_ctrl_an_req); 1584 vc.rsp_size = sizeof(struct virtio_scsi_ctrl_an_resp); 1585 vc.lunp = &v_req.an.lun[0]; 1586 vc.target = NULL; 1587 break; 1588 default: 1589 vq_err(vq, "Unknown control request %d", v_req.type); 1590 continue; 1591 } 1592 1593 /* 1594 * Validate the size of request and response buffers. 1595 * Check for a sane response buffer so we can report 1596 * early errors back to the guest. 1597 */ 1598 ret = vhost_scsi_chk_size(vq, &vc); 1599 if (ret) 1600 goto err; 1601 1602 /* 1603 * Get the rest of the request now that its size is known. 1604 */ 1605 vc.req += typ_size; 1606 vc.req_size -= typ_size; 1607 1608 ret = vhost_scsi_get_req(vq, &vc, &tpg); 1609 if (ret) 1610 goto err; 1611 1612 if (v_req.type == VIRTIO_SCSI_T_TMF) 1613 vhost_scsi_handle_tmf(vs, tpg, vq, &v_req.tmf, &vc); 1614 else 1615 vhost_scsi_send_an_resp(vs, vq, &vc); 1616 err: 1617 /* 1618 * ENXIO: No more requests, or read error, wait for next kick 1619 * EINVAL: Invalid response buffer, drop the request 1620 * EIO: Respond with bad target 1621 * EAGAIN: Pending request 1622 */ 1623 if (ret == -ENXIO) 1624 break; 1625 else if (ret == -EIO) 1626 vhost_scsi_send_bad_target(vs, vq, vc.head, vc.out); 1627 } while (likely(!vhost_exceeds_weight(vq, ++c, 0))); 1628 out: 1629 mutex_unlock(&vq->mutex); 1630 } 1631 1632 static void vhost_scsi_ctl_handle_kick(struct vhost_work *work) 1633 { 1634 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 1635 poll.work); 1636 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev); 1637 1638 pr_debug("%s: The handling func for control queue.\n", __func__); 1639 vhost_scsi_ctl_handle_vq(vs, vq); 1640 } 1641 1642 static void 1643 vhost_scsi_send_evt(struct vhost_scsi *vs, struct vhost_virtqueue *vq, 1644 struct vhost_scsi_tpg *tpg, struct se_lun *lun, 1645 u32 event, u32 reason) 1646 { 1647 struct vhost_scsi_evt *evt; 1648 1649 evt = vhost_scsi_allocate_evt(vs, event, reason); 1650 if (!evt) 1651 return; 1652 1653 if (tpg && lun) { 1654 /* TODO: share lun setup code with virtio-scsi.ko */ 1655 /* 1656 * Note: evt->event is zeroed when we allocate it and 1657 * lun[4-7] need to be zero according to virtio-scsi spec. 1658 */ 1659 evt->event.lun[0] = 0x01; 1660 evt->event.lun[1] = tpg->tport_tpgt; 1661 if (lun->unpacked_lun >= 256) 1662 evt->event.lun[2] = lun->unpacked_lun >> 8 | 0x40 ; 1663 evt->event.lun[3] = lun->unpacked_lun & 0xFF; 1664 } 1665 1666 llist_add(&evt->list, &vs->vs_event_list); 1667 if (!vhost_vq_work_queue(vq, &vs->vs_event_work)) 1668 vhost_scsi_complete_events(vs, true); 1669 } 1670 1671 static void vhost_scsi_evt_handle_kick(struct vhost_work *work) 1672 { 1673 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 1674 poll.work); 1675 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev); 1676 1677 mutex_lock(&vq->mutex); 1678 if (!vhost_vq_get_backend(vq)) 1679 goto out; 1680 1681 if (vs->vs_events_missed) 1682 vhost_scsi_send_evt(vs, vq, NULL, NULL, VIRTIO_SCSI_T_NO_EVENT, 1683 0); 1684 out: 1685 mutex_unlock(&vq->mutex); 1686 } 1687 1688 static void vhost_scsi_handle_kick(struct vhost_work *work) 1689 { 1690 struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue, 1691 poll.work); 1692 struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev); 1693 1694 vhost_scsi_handle_vq(vs, vq); 1695 } 1696 1697 /* Callers must hold dev mutex */ 1698 static void vhost_scsi_flush(struct vhost_scsi *vs) 1699 { 1700 int i; 1701 1702 /* Init new inflight and remember the old inflight */ 1703 vhost_scsi_init_inflight(vs, vs->old_inflight); 1704 1705 /* 1706 * The inflight->kref was initialized to 1. We decrement it here to 1707 * indicate the start of the flush operation so that it will reach 0 1708 * when all the reqs are finished. 1709 */ 1710 for (i = 0; i < vs->dev.nvqs; i++) 1711 kref_put(&vs->old_inflight[i]->kref, vhost_scsi_done_inflight); 1712 1713 /* Flush both the vhost poll and vhost work */ 1714 vhost_dev_flush(&vs->dev); 1715 1716 /* Wait for all reqs issued before the flush to be finished */ 1717 for (i = 0; i < vs->dev.nvqs; i++) 1718 wait_for_completion(&vs->old_inflight[i]->comp); 1719 } 1720 1721 static void vhost_scsi_destroy_vq_cmds(struct vhost_virtqueue *vq) 1722 { 1723 struct vhost_scsi_virtqueue *svq = container_of(vq, 1724 struct vhost_scsi_virtqueue, vq); 1725 struct vhost_scsi_cmd *tv_cmd; 1726 unsigned int i; 1727 1728 if (!svq->scsi_cmds) 1729 return; 1730 1731 for (i = 0; i < svq->max_cmds; i++) { 1732 tv_cmd = &svq->scsi_cmds[i]; 1733 1734 kfree(tv_cmd->sgl); 1735 kfree(tv_cmd->prot_sgl); 1736 } 1737 1738 sbitmap_free(&svq->scsi_tags); 1739 kfree(svq->upages); 1740 kfree(svq->scsi_cmds); 1741 svq->scsi_cmds = NULL; 1742 } 1743 1744 static int vhost_scsi_setup_vq_cmds(struct vhost_virtqueue *vq, int max_cmds) 1745 { 1746 struct vhost_scsi_virtqueue *svq = container_of(vq, 1747 struct vhost_scsi_virtqueue, vq); 1748 struct vhost_scsi *vs = svq->vs; 1749 struct vhost_scsi_cmd *tv_cmd; 1750 unsigned int i; 1751 1752 if (svq->scsi_cmds) 1753 return 0; 1754 1755 if (sbitmap_init_node(&svq->scsi_tags, max_cmds, -1, GFP_KERNEL, 1756 NUMA_NO_NODE, false, true)) 1757 return -ENOMEM; 1758 svq->max_cmds = max_cmds; 1759 1760 svq->scsi_cmds = kcalloc(max_cmds, sizeof(*tv_cmd), GFP_KERNEL); 1761 if (!svq->scsi_cmds) { 1762 sbitmap_free(&svq->scsi_tags); 1763 return -ENOMEM; 1764 } 1765 1766 svq->upages = kcalloc(VHOST_SCSI_PREALLOC_UPAGES, sizeof(struct page *), 1767 GFP_KERNEL); 1768 if (!svq->upages) 1769 goto out; 1770 1771 for (i = 0; i < max_cmds; i++) { 1772 tv_cmd = &svq->scsi_cmds[i]; 1773 1774 if (vs->inline_sg_cnt) { 1775 tv_cmd->sgl = kcalloc(vs->inline_sg_cnt, 1776 sizeof(struct scatterlist), 1777 GFP_KERNEL); 1778 if (!tv_cmd->sgl) { 1779 pr_err("Unable to allocate tv_cmd->sgl\n"); 1780 goto out; 1781 } 1782 } 1783 1784 if (vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI) && 1785 vs->inline_sg_cnt) { 1786 tv_cmd->prot_sgl = kcalloc(vs->inline_sg_cnt, 1787 sizeof(struct scatterlist), 1788 GFP_KERNEL); 1789 if (!tv_cmd->prot_sgl) { 1790 pr_err("Unable to allocate tv_cmd->prot_sgl\n"); 1791 goto out; 1792 } 1793 } 1794 } 1795 return 0; 1796 out: 1797 vhost_scsi_destroy_vq_cmds(vq); 1798 return -ENOMEM; 1799 } 1800 1801 /* 1802 * Called from vhost_scsi_ioctl() context to walk the list of available 1803 * vhost_scsi_tpg with an active struct vhost_scsi_nexus 1804 * 1805 * The lock nesting rule is: 1806 * vs->dev.mutex -> vhost_scsi_mutex -> tpg->tv_tpg_mutex -> vq->mutex 1807 */ 1808 static int 1809 vhost_scsi_set_endpoint(struct vhost_scsi *vs, 1810 struct vhost_scsi_target *t) 1811 { 1812 struct se_portal_group *se_tpg; 1813 struct vhost_scsi_tport *tv_tport; 1814 struct vhost_scsi_tpg *tpg; 1815 struct vhost_scsi_tpg **vs_tpg; 1816 struct vhost_virtqueue *vq; 1817 int index, ret, i, len; 1818 bool match = false; 1819 1820 mutex_lock(&vs->dev.mutex); 1821 1822 /* Verify that ring has been setup correctly. */ 1823 for (index = 0; index < vs->dev.nvqs; ++index) { 1824 /* Verify that ring has been setup correctly. */ 1825 if (!vhost_vq_access_ok(&vs->vqs[index].vq)) { 1826 ret = -EFAULT; 1827 goto out; 1828 } 1829 } 1830 1831 if (vs->vs_tpg) { 1832 pr_err("vhost-scsi endpoint already set for %s.\n", 1833 vs->vs_vhost_wwpn); 1834 ret = -EEXIST; 1835 goto out; 1836 } 1837 1838 len = sizeof(vs_tpg[0]) * VHOST_SCSI_MAX_TARGET; 1839 vs_tpg = kzalloc(len, GFP_KERNEL); 1840 if (!vs_tpg) { 1841 ret = -ENOMEM; 1842 goto out; 1843 } 1844 1845 mutex_lock(&vhost_scsi_mutex); 1846 list_for_each_entry(tpg, &vhost_scsi_list, tv_tpg_list) { 1847 mutex_lock(&tpg->tv_tpg_mutex); 1848 if (!tpg->tpg_nexus) { 1849 mutex_unlock(&tpg->tv_tpg_mutex); 1850 continue; 1851 } 1852 if (tpg->tv_tpg_vhost_count != 0) { 1853 mutex_unlock(&tpg->tv_tpg_mutex); 1854 continue; 1855 } 1856 tv_tport = tpg->tport; 1857 1858 if (!strcmp(tv_tport->tport_name, t->vhost_wwpn)) { 1859 /* 1860 * In order to ensure individual vhost-scsi configfs 1861 * groups cannot be removed while in use by vhost ioctl, 1862 * go ahead and take an explicit se_tpg->tpg_group.cg_item 1863 * dependency now. 1864 */ 1865 se_tpg = &tpg->se_tpg; 1866 ret = target_depend_item(&se_tpg->tpg_group.cg_item); 1867 if (ret) { 1868 pr_warn("target_depend_item() failed: %d\n", ret); 1869 mutex_unlock(&tpg->tv_tpg_mutex); 1870 mutex_unlock(&vhost_scsi_mutex); 1871 goto undepend; 1872 } 1873 tpg->tv_tpg_vhost_count++; 1874 tpg->vhost_scsi = vs; 1875 vs_tpg[tpg->tport_tpgt] = tpg; 1876 match = true; 1877 } 1878 mutex_unlock(&tpg->tv_tpg_mutex); 1879 } 1880 mutex_unlock(&vhost_scsi_mutex); 1881 1882 if (match) { 1883 memcpy(vs->vs_vhost_wwpn, t->vhost_wwpn, 1884 sizeof(vs->vs_vhost_wwpn)); 1885 1886 for (i = VHOST_SCSI_VQ_IO; i < vs->dev.nvqs; i++) { 1887 vq = &vs->vqs[i].vq; 1888 if (!vhost_vq_is_setup(vq)) 1889 continue; 1890 1891 ret = vhost_scsi_setup_vq_cmds(vq, vq->num); 1892 if (ret) 1893 goto destroy_vq_cmds; 1894 } 1895 1896 for (i = 0; i < vs->dev.nvqs; i++) { 1897 vq = &vs->vqs[i].vq; 1898 mutex_lock(&vq->mutex); 1899 vhost_vq_set_backend(vq, vs_tpg); 1900 vhost_vq_init_access(vq); 1901 mutex_unlock(&vq->mutex); 1902 } 1903 ret = 0; 1904 } else { 1905 ret = -ENODEV; 1906 goto free_tpg; 1907 } 1908 1909 /* 1910 * Act as synchronize_rcu to make sure requests after this point 1911 * see a fully setup device. 1912 */ 1913 vhost_scsi_flush(vs); 1914 vs->vs_tpg = vs_tpg; 1915 goto out; 1916 1917 destroy_vq_cmds: 1918 for (i--; i >= VHOST_SCSI_VQ_IO; i--) { 1919 if (!vhost_vq_get_backend(&vs->vqs[i].vq)) 1920 vhost_scsi_destroy_vq_cmds(&vs->vqs[i].vq); 1921 } 1922 undepend: 1923 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) { 1924 tpg = vs_tpg[i]; 1925 if (tpg) { 1926 mutex_lock(&tpg->tv_tpg_mutex); 1927 tpg->vhost_scsi = NULL; 1928 tpg->tv_tpg_vhost_count--; 1929 mutex_unlock(&tpg->tv_tpg_mutex); 1930 target_undepend_item(&tpg->se_tpg.tpg_group.cg_item); 1931 } 1932 } 1933 free_tpg: 1934 kfree(vs_tpg); 1935 out: 1936 mutex_unlock(&vs->dev.mutex); 1937 return ret; 1938 } 1939 1940 static int 1941 vhost_scsi_clear_endpoint(struct vhost_scsi *vs, 1942 struct vhost_scsi_target *t) 1943 { 1944 struct se_portal_group *se_tpg; 1945 struct vhost_scsi_tport *tv_tport; 1946 struct vhost_scsi_tpg *tpg; 1947 struct vhost_virtqueue *vq; 1948 bool match = false; 1949 int index, ret, i; 1950 u8 target; 1951 1952 mutex_lock(&vs->dev.mutex); 1953 /* Verify that ring has been setup correctly. */ 1954 for (index = 0; index < vs->dev.nvqs; ++index) { 1955 if (!vhost_vq_access_ok(&vs->vqs[index].vq)) { 1956 ret = -EFAULT; 1957 goto err_dev; 1958 } 1959 } 1960 1961 if (!vs->vs_tpg) { 1962 ret = 0; 1963 goto err_dev; 1964 } 1965 1966 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) { 1967 target = i; 1968 tpg = vs->vs_tpg[target]; 1969 if (!tpg) 1970 continue; 1971 1972 tv_tport = tpg->tport; 1973 if (!tv_tport) { 1974 ret = -ENODEV; 1975 goto err_dev; 1976 } 1977 1978 if (strcmp(tv_tport->tport_name, t->vhost_wwpn)) { 1979 pr_warn("tv_tport->tport_name: %s, tpg->tport_tpgt: %hu" 1980 " does not match t->vhost_wwpn: %s, t->vhost_tpgt: %hu\n", 1981 tv_tport->tport_name, tpg->tport_tpgt, 1982 t->vhost_wwpn, t->vhost_tpgt); 1983 ret = -EINVAL; 1984 goto err_dev; 1985 } 1986 match = true; 1987 } 1988 if (!match) 1989 goto free_vs_tpg; 1990 1991 /* Prevent new cmds from starting and accessing the tpgs/sessions */ 1992 for (i = 0; i < vs->dev.nvqs; i++) { 1993 vq = &vs->vqs[i].vq; 1994 mutex_lock(&vq->mutex); 1995 vhost_vq_set_backend(vq, NULL); 1996 mutex_unlock(&vq->mutex); 1997 } 1998 /* Make sure cmds are not running before tearing them down. */ 1999 vhost_scsi_flush(vs); 2000 2001 for (i = 0; i < vs->dev.nvqs; i++) { 2002 vq = &vs->vqs[i].vq; 2003 vhost_scsi_destroy_vq_cmds(vq); 2004 } 2005 2006 /* 2007 * We can now release our hold on the tpg and sessions and userspace 2008 * can free them after this point. 2009 */ 2010 for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) { 2011 target = i; 2012 tpg = vs->vs_tpg[target]; 2013 if (!tpg) 2014 continue; 2015 2016 mutex_lock(&tpg->tv_tpg_mutex); 2017 2018 tpg->tv_tpg_vhost_count--; 2019 tpg->vhost_scsi = NULL; 2020 vs->vs_tpg[target] = NULL; 2021 2022 mutex_unlock(&tpg->tv_tpg_mutex); 2023 2024 se_tpg = &tpg->se_tpg; 2025 target_undepend_item(&se_tpg->tpg_group.cg_item); 2026 } 2027 2028 free_vs_tpg: 2029 /* 2030 * Act as synchronize_rcu to make sure access to 2031 * old vs->vs_tpg is finished. 2032 */ 2033 vhost_scsi_flush(vs); 2034 kfree(vs->vs_tpg); 2035 vs->vs_tpg = NULL; 2036 memset(vs->vs_vhost_wwpn, 0, sizeof(vs->vs_vhost_wwpn)); 2037 WARN_ON(vs->vs_events_nr); 2038 mutex_unlock(&vs->dev.mutex); 2039 return 0; 2040 2041 err_dev: 2042 mutex_unlock(&vs->dev.mutex); 2043 return ret; 2044 } 2045 2046 static int vhost_scsi_set_features(struct vhost_scsi *vs, u64 features) 2047 { 2048 struct vhost_virtqueue *vq; 2049 int i; 2050 2051 if (features & ~VHOST_SCSI_FEATURES) 2052 return -EOPNOTSUPP; 2053 2054 mutex_lock(&vs->dev.mutex); 2055 if ((features & (1 << VHOST_F_LOG_ALL)) && 2056 !vhost_log_access_ok(&vs->dev)) { 2057 mutex_unlock(&vs->dev.mutex); 2058 return -EFAULT; 2059 } 2060 2061 for (i = 0; i < vs->dev.nvqs; i++) { 2062 vq = &vs->vqs[i].vq; 2063 mutex_lock(&vq->mutex); 2064 vq->acked_features = features; 2065 mutex_unlock(&vq->mutex); 2066 } 2067 mutex_unlock(&vs->dev.mutex); 2068 return 0; 2069 } 2070 2071 static int vhost_scsi_open(struct inode *inode, struct file *f) 2072 { 2073 struct vhost_scsi_virtqueue *svq; 2074 struct vhost_scsi *vs; 2075 struct vhost_virtqueue **vqs; 2076 int r = -ENOMEM, i, nvqs = vhost_scsi_max_io_vqs; 2077 2078 vs = kvzalloc(sizeof(*vs), GFP_KERNEL); 2079 if (!vs) 2080 goto err_vs; 2081 vs->inline_sg_cnt = vhost_scsi_inline_sg_cnt; 2082 2083 if (nvqs > VHOST_SCSI_MAX_IO_VQ) { 2084 pr_err("Invalid max_io_vqs of %d. Using %d.\n", nvqs, 2085 VHOST_SCSI_MAX_IO_VQ); 2086 nvqs = VHOST_SCSI_MAX_IO_VQ; 2087 } else if (nvqs == 0) { 2088 pr_err("Invalid max_io_vqs of %d. Using 1.\n", nvqs); 2089 nvqs = 1; 2090 } 2091 nvqs += VHOST_SCSI_VQ_IO; 2092 2093 vs->old_inflight = kmalloc_array(nvqs, sizeof(*vs->old_inflight), 2094 GFP_KERNEL | __GFP_ZERO); 2095 if (!vs->old_inflight) 2096 goto err_inflight; 2097 2098 vs->vqs = kmalloc_array(nvqs, sizeof(*vs->vqs), 2099 GFP_KERNEL | __GFP_ZERO); 2100 if (!vs->vqs) 2101 goto err_vqs; 2102 2103 vqs = kmalloc_array(nvqs, sizeof(*vqs), GFP_KERNEL); 2104 if (!vqs) 2105 goto err_local_vqs; 2106 2107 vhost_work_init(&vs->vs_event_work, vhost_scsi_evt_work); 2108 2109 vs->vs_events_nr = 0; 2110 vs->vs_events_missed = false; 2111 2112 vqs[VHOST_SCSI_VQ_CTL] = &vs->vqs[VHOST_SCSI_VQ_CTL].vq; 2113 vqs[VHOST_SCSI_VQ_EVT] = &vs->vqs[VHOST_SCSI_VQ_EVT].vq; 2114 vs->vqs[VHOST_SCSI_VQ_CTL].vq.handle_kick = vhost_scsi_ctl_handle_kick; 2115 vs->vqs[VHOST_SCSI_VQ_EVT].vq.handle_kick = vhost_scsi_evt_handle_kick; 2116 for (i = VHOST_SCSI_VQ_IO; i < nvqs; i++) { 2117 svq = &vs->vqs[i]; 2118 2119 vqs[i] = &svq->vq; 2120 svq->vs = vs; 2121 init_llist_head(&svq->completion_list); 2122 vhost_work_init(&svq->completion_work, 2123 vhost_scsi_complete_cmd_work); 2124 svq->vq.handle_kick = vhost_scsi_handle_kick; 2125 } 2126 vhost_dev_init(&vs->dev, vqs, nvqs, UIO_MAXIOV, 2127 VHOST_SCSI_WEIGHT, 0, true, NULL); 2128 2129 vhost_scsi_init_inflight(vs, NULL); 2130 2131 f->private_data = vs; 2132 return 0; 2133 2134 err_local_vqs: 2135 kfree(vs->vqs); 2136 err_vqs: 2137 kfree(vs->old_inflight); 2138 err_inflight: 2139 kvfree(vs); 2140 err_vs: 2141 return r; 2142 } 2143 2144 static int vhost_scsi_release(struct inode *inode, struct file *f) 2145 { 2146 struct vhost_scsi *vs = f->private_data; 2147 struct vhost_scsi_target t; 2148 2149 mutex_lock(&vs->dev.mutex); 2150 memcpy(t.vhost_wwpn, vs->vs_vhost_wwpn, sizeof(t.vhost_wwpn)); 2151 mutex_unlock(&vs->dev.mutex); 2152 vhost_scsi_clear_endpoint(vs, &t); 2153 vhost_dev_stop(&vs->dev); 2154 vhost_dev_cleanup(&vs->dev); 2155 kfree(vs->dev.vqs); 2156 kfree(vs->vqs); 2157 kfree(vs->old_inflight); 2158 kvfree(vs); 2159 return 0; 2160 } 2161 2162 static long 2163 vhost_scsi_ioctl(struct file *f, 2164 unsigned int ioctl, 2165 unsigned long arg) 2166 { 2167 struct vhost_scsi *vs = f->private_data; 2168 struct vhost_scsi_target backend; 2169 void __user *argp = (void __user *)arg; 2170 u64 __user *featurep = argp; 2171 u32 __user *eventsp = argp; 2172 u32 events_missed; 2173 u64 features; 2174 int r, abi_version = VHOST_SCSI_ABI_VERSION; 2175 struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq; 2176 2177 switch (ioctl) { 2178 case VHOST_SCSI_SET_ENDPOINT: 2179 if (copy_from_user(&backend, argp, sizeof backend)) 2180 return -EFAULT; 2181 if (backend.reserved != 0) 2182 return -EOPNOTSUPP; 2183 2184 return vhost_scsi_set_endpoint(vs, &backend); 2185 case VHOST_SCSI_CLEAR_ENDPOINT: 2186 if (copy_from_user(&backend, argp, sizeof backend)) 2187 return -EFAULT; 2188 if (backend.reserved != 0) 2189 return -EOPNOTSUPP; 2190 2191 return vhost_scsi_clear_endpoint(vs, &backend); 2192 case VHOST_SCSI_GET_ABI_VERSION: 2193 if (copy_to_user(argp, &abi_version, sizeof abi_version)) 2194 return -EFAULT; 2195 return 0; 2196 case VHOST_SCSI_SET_EVENTS_MISSED: 2197 if (get_user(events_missed, eventsp)) 2198 return -EFAULT; 2199 mutex_lock(&vq->mutex); 2200 vs->vs_events_missed = events_missed; 2201 mutex_unlock(&vq->mutex); 2202 return 0; 2203 case VHOST_SCSI_GET_EVENTS_MISSED: 2204 mutex_lock(&vq->mutex); 2205 events_missed = vs->vs_events_missed; 2206 mutex_unlock(&vq->mutex); 2207 if (put_user(events_missed, eventsp)) 2208 return -EFAULT; 2209 return 0; 2210 case VHOST_GET_FEATURES: 2211 features = VHOST_SCSI_FEATURES; 2212 if (copy_to_user(featurep, &features, sizeof features)) 2213 return -EFAULT; 2214 return 0; 2215 case VHOST_SET_FEATURES: 2216 if (copy_from_user(&features, featurep, sizeof features)) 2217 return -EFAULT; 2218 return vhost_scsi_set_features(vs, features); 2219 case VHOST_NEW_WORKER: 2220 case VHOST_FREE_WORKER: 2221 case VHOST_ATTACH_VRING_WORKER: 2222 case VHOST_GET_VRING_WORKER: 2223 mutex_lock(&vs->dev.mutex); 2224 r = vhost_worker_ioctl(&vs->dev, ioctl, argp); 2225 mutex_unlock(&vs->dev.mutex); 2226 return r; 2227 default: 2228 mutex_lock(&vs->dev.mutex); 2229 r = vhost_dev_ioctl(&vs->dev, ioctl, argp); 2230 /* TODO: flush backend after dev ioctl. */ 2231 if (r == -ENOIOCTLCMD) 2232 r = vhost_vring_ioctl(&vs->dev, ioctl, argp); 2233 mutex_unlock(&vs->dev.mutex); 2234 return r; 2235 } 2236 } 2237 2238 static const struct file_operations vhost_scsi_fops = { 2239 .owner = THIS_MODULE, 2240 .release = vhost_scsi_release, 2241 .unlocked_ioctl = vhost_scsi_ioctl, 2242 .compat_ioctl = compat_ptr_ioctl, 2243 .open = vhost_scsi_open, 2244 .llseek = noop_llseek, 2245 }; 2246 2247 static struct miscdevice vhost_scsi_misc = { 2248 MISC_DYNAMIC_MINOR, 2249 "vhost-scsi", 2250 &vhost_scsi_fops, 2251 }; 2252 2253 static int __init vhost_scsi_register(void) 2254 { 2255 return misc_register(&vhost_scsi_misc); 2256 } 2257 2258 static void vhost_scsi_deregister(void) 2259 { 2260 misc_deregister(&vhost_scsi_misc); 2261 } 2262 2263 static char *vhost_scsi_dump_proto_id(struct vhost_scsi_tport *tport) 2264 { 2265 switch (tport->tport_proto_id) { 2266 case SCSI_PROTOCOL_SAS: 2267 return "SAS"; 2268 case SCSI_PROTOCOL_FCP: 2269 return "FCP"; 2270 case SCSI_PROTOCOL_ISCSI: 2271 return "iSCSI"; 2272 default: 2273 break; 2274 } 2275 2276 return "Unknown"; 2277 } 2278 2279 static void 2280 vhost_scsi_do_plug(struct vhost_scsi_tpg *tpg, 2281 struct se_lun *lun, bool plug) 2282 { 2283 2284 struct vhost_scsi *vs = tpg->vhost_scsi; 2285 struct vhost_virtqueue *vq; 2286 u32 reason; 2287 2288 if (!vs) 2289 return; 2290 2291 if (plug) 2292 reason = VIRTIO_SCSI_EVT_RESET_RESCAN; 2293 else 2294 reason = VIRTIO_SCSI_EVT_RESET_REMOVED; 2295 2296 vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq; 2297 mutex_lock(&vq->mutex); 2298 /* 2299 * We can't queue events if the backend has been cleared, because 2300 * we could end up queueing an event after the flush. 2301 */ 2302 if (!vhost_vq_get_backend(vq)) 2303 goto unlock; 2304 2305 if (vhost_has_feature(vq, VIRTIO_SCSI_F_HOTPLUG)) 2306 vhost_scsi_send_evt(vs, vq, tpg, lun, 2307 VIRTIO_SCSI_T_TRANSPORT_RESET, reason); 2308 unlock: 2309 mutex_unlock(&vq->mutex); 2310 } 2311 2312 static void vhost_scsi_hotplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun) 2313 { 2314 vhost_scsi_do_plug(tpg, lun, true); 2315 } 2316 2317 static void vhost_scsi_hotunplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun) 2318 { 2319 vhost_scsi_do_plug(tpg, lun, false); 2320 } 2321 2322 static int vhost_scsi_port_link(struct se_portal_group *se_tpg, 2323 struct se_lun *lun) 2324 { 2325 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2326 struct vhost_scsi_tpg, se_tpg); 2327 2328 mutex_lock(&tpg->tv_tpg_mutex); 2329 tpg->tv_tpg_port_count++; 2330 vhost_scsi_hotplug(tpg, lun); 2331 mutex_unlock(&tpg->tv_tpg_mutex); 2332 2333 return 0; 2334 } 2335 2336 static void vhost_scsi_port_unlink(struct se_portal_group *se_tpg, 2337 struct se_lun *lun) 2338 { 2339 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2340 struct vhost_scsi_tpg, se_tpg); 2341 2342 mutex_lock(&tpg->tv_tpg_mutex); 2343 tpg->tv_tpg_port_count--; 2344 vhost_scsi_hotunplug(tpg, lun); 2345 mutex_unlock(&tpg->tv_tpg_mutex); 2346 } 2347 2348 static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_store( 2349 struct config_item *item, const char *page, size_t count) 2350 { 2351 struct se_portal_group *se_tpg = attrib_to_tpg(item); 2352 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2353 struct vhost_scsi_tpg, se_tpg); 2354 unsigned long val; 2355 int ret = kstrtoul(page, 0, &val); 2356 2357 if (ret) { 2358 pr_err("kstrtoul() returned %d for fabric_prot_type\n", ret); 2359 return ret; 2360 } 2361 if (val != 0 && val != 1 && val != 3) { 2362 pr_err("Invalid vhost_scsi fabric_prot_type: %lu\n", val); 2363 return -EINVAL; 2364 } 2365 tpg->tv_fabric_prot_type = val; 2366 2367 return count; 2368 } 2369 2370 static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_show( 2371 struct config_item *item, char *page) 2372 { 2373 struct se_portal_group *se_tpg = attrib_to_tpg(item); 2374 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2375 struct vhost_scsi_tpg, se_tpg); 2376 2377 return sysfs_emit(page, "%d\n", tpg->tv_fabric_prot_type); 2378 } 2379 2380 CONFIGFS_ATTR(vhost_scsi_tpg_attrib_, fabric_prot_type); 2381 2382 static struct configfs_attribute *vhost_scsi_tpg_attrib_attrs[] = { 2383 &vhost_scsi_tpg_attrib_attr_fabric_prot_type, 2384 NULL, 2385 }; 2386 2387 static int vhost_scsi_make_nexus(struct vhost_scsi_tpg *tpg, 2388 const char *name) 2389 { 2390 struct vhost_scsi_nexus *tv_nexus; 2391 2392 mutex_lock(&tpg->tv_tpg_mutex); 2393 if (tpg->tpg_nexus) { 2394 mutex_unlock(&tpg->tv_tpg_mutex); 2395 pr_debug("tpg->tpg_nexus already exists\n"); 2396 return -EEXIST; 2397 } 2398 2399 tv_nexus = kzalloc(sizeof(*tv_nexus), GFP_KERNEL); 2400 if (!tv_nexus) { 2401 mutex_unlock(&tpg->tv_tpg_mutex); 2402 pr_err("Unable to allocate struct vhost_scsi_nexus\n"); 2403 return -ENOMEM; 2404 } 2405 /* 2406 * Since we are running in 'demo mode' this call with generate a 2407 * struct se_node_acl for the vhost_scsi struct se_portal_group with 2408 * the SCSI Initiator port name of the passed configfs group 'name'. 2409 */ 2410 tv_nexus->tvn_se_sess = target_setup_session(&tpg->se_tpg, 0, 0, 2411 TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS, 2412 (unsigned char *)name, tv_nexus, NULL); 2413 if (IS_ERR(tv_nexus->tvn_se_sess)) { 2414 mutex_unlock(&tpg->tv_tpg_mutex); 2415 kfree(tv_nexus); 2416 return -ENOMEM; 2417 } 2418 tpg->tpg_nexus = tv_nexus; 2419 2420 mutex_unlock(&tpg->tv_tpg_mutex); 2421 return 0; 2422 } 2423 2424 static int vhost_scsi_drop_nexus(struct vhost_scsi_tpg *tpg) 2425 { 2426 struct se_session *se_sess; 2427 struct vhost_scsi_nexus *tv_nexus; 2428 2429 mutex_lock(&tpg->tv_tpg_mutex); 2430 tv_nexus = tpg->tpg_nexus; 2431 if (!tv_nexus) { 2432 mutex_unlock(&tpg->tv_tpg_mutex); 2433 return -ENODEV; 2434 } 2435 2436 se_sess = tv_nexus->tvn_se_sess; 2437 if (!se_sess) { 2438 mutex_unlock(&tpg->tv_tpg_mutex); 2439 return -ENODEV; 2440 } 2441 2442 if (tpg->tv_tpg_port_count != 0) { 2443 mutex_unlock(&tpg->tv_tpg_mutex); 2444 pr_err("Unable to remove TCM_vhost I_T Nexus with" 2445 " active TPG port count: %d\n", 2446 tpg->tv_tpg_port_count); 2447 return -EBUSY; 2448 } 2449 2450 if (tpg->tv_tpg_vhost_count != 0) { 2451 mutex_unlock(&tpg->tv_tpg_mutex); 2452 pr_err("Unable to remove TCM_vhost I_T Nexus with" 2453 " active TPG vhost count: %d\n", 2454 tpg->tv_tpg_vhost_count); 2455 return -EBUSY; 2456 } 2457 2458 pr_debug("TCM_vhost_ConfigFS: Removing I_T Nexus to emulated" 2459 " %s Initiator Port: %s\n", vhost_scsi_dump_proto_id(tpg->tport), 2460 tv_nexus->tvn_se_sess->se_node_acl->initiatorname); 2461 2462 /* 2463 * Release the SCSI I_T Nexus to the emulated vhost Target Port 2464 */ 2465 target_remove_session(se_sess); 2466 tpg->tpg_nexus = NULL; 2467 mutex_unlock(&tpg->tv_tpg_mutex); 2468 2469 kfree(tv_nexus); 2470 return 0; 2471 } 2472 2473 static ssize_t vhost_scsi_tpg_nexus_show(struct config_item *item, char *page) 2474 { 2475 struct se_portal_group *se_tpg = to_tpg(item); 2476 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2477 struct vhost_scsi_tpg, se_tpg); 2478 struct vhost_scsi_nexus *tv_nexus; 2479 ssize_t ret; 2480 2481 mutex_lock(&tpg->tv_tpg_mutex); 2482 tv_nexus = tpg->tpg_nexus; 2483 if (!tv_nexus) { 2484 mutex_unlock(&tpg->tv_tpg_mutex); 2485 return -ENODEV; 2486 } 2487 ret = sysfs_emit(page, "%s\n", 2488 tv_nexus->tvn_se_sess->se_node_acl->initiatorname); 2489 mutex_unlock(&tpg->tv_tpg_mutex); 2490 2491 return ret; 2492 } 2493 2494 static ssize_t vhost_scsi_tpg_nexus_store(struct config_item *item, 2495 const char *page, size_t count) 2496 { 2497 struct se_portal_group *se_tpg = to_tpg(item); 2498 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2499 struct vhost_scsi_tpg, se_tpg); 2500 struct vhost_scsi_tport *tport_wwn = tpg->tport; 2501 unsigned char i_port[VHOST_SCSI_NAMELEN], *ptr, *port_ptr; 2502 int ret; 2503 /* 2504 * Shutdown the active I_T nexus if 'NULL' is passed.. 2505 */ 2506 if (!strncmp(page, "NULL", 4)) { 2507 ret = vhost_scsi_drop_nexus(tpg); 2508 return (!ret) ? count : ret; 2509 } 2510 /* 2511 * Otherwise make sure the passed virtual Initiator port WWN matches 2512 * the fabric protocol_id set in vhost_scsi_make_tport(), and call 2513 * vhost_scsi_make_nexus(). 2514 */ 2515 if (strlen(page) >= VHOST_SCSI_NAMELEN) { 2516 pr_err("Emulated NAA Sas Address: %s, exceeds" 2517 " max: %d\n", page, VHOST_SCSI_NAMELEN); 2518 return -EINVAL; 2519 } 2520 snprintf(&i_port[0], VHOST_SCSI_NAMELEN, "%s", page); 2521 2522 ptr = strstr(i_port, "naa."); 2523 if (ptr) { 2524 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_SAS) { 2525 pr_err("Passed SAS Initiator Port %s does not" 2526 " match target port protoid: %s\n", i_port, 2527 vhost_scsi_dump_proto_id(tport_wwn)); 2528 return -EINVAL; 2529 } 2530 port_ptr = &i_port[0]; 2531 goto check_newline; 2532 } 2533 ptr = strstr(i_port, "fc."); 2534 if (ptr) { 2535 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_FCP) { 2536 pr_err("Passed FCP Initiator Port %s does not" 2537 " match target port protoid: %s\n", i_port, 2538 vhost_scsi_dump_proto_id(tport_wwn)); 2539 return -EINVAL; 2540 } 2541 port_ptr = &i_port[3]; /* Skip over "fc." */ 2542 goto check_newline; 2543 } 2544 ptr = strstr(i_port, "iqn."); 2545 if (ptr) { 2546 if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_ISCSI) { 2547 pr_err("Passed iSCSI Initiator Port %s does not" 2548 " match target port protoid: %s\n", i_port, 2549 vhost_scsi_dump_proto_id(tport_wwn)); 2550 return -EINVAL; 2551 } 2552 port_ptr = &i_port[0]; 2553 goto check_newline; 2554 } 2555 pr_err("Unable to locate prefix for emulated Initiator Port:" 2556 " %s\n", i_port); 2557 return -EINVAL; 2558 /* 2559 * Clear any trailing newline for the NAA WWN 2560 */ 2561 check_newline: 2562 if (i_port[strlen(i_port)-1] == '\n') 2563 i_port[strlen(i_port)-1] = '\0'; 2564 2565 ret = vhost_scsi_make_nexus(tpg, port_ptr); 2566 if (ret < 0) 2567 return ret; 2568 2569 return count; 2570 } 2571 2572 CONFIGFS_ATTR(vhost_scsi_tpg_, nexus); 2573 2574 static struct configfs_attribute *vhost_scsi_tpg_attrs[] = { 2575 &vhost_scsi_tpg_attr_nexus, 2576 NULL, 2577 }; 2578 2579 static struct se_portal_group * 2580 vhost_scsi_make_tpg(struct se_wwn *wwn, const char *name) 2581 { 2582 struct vhost_scsi_tport *tport = container_of(wwn, 2583 struct vhost_scsi_tport, tport_wwn); 2584 2585 struct vhost_scsi_tpg *tpg; 2586 u16 tpgt; 2587 int ret; 2588 2589 if (strstr(name, "tpgt_") != name) 2590 return ERR_PTR(-EINVAL); 2591 if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET) 2592 return ERR_PTR(-EINVAL); 2593 2594 tpg = kzalloc(sizeof(*tpg), GFP_KERNEL); 2595 if (!tpg) { 2596 pr_err("Unable to allocate struct vhost_scsi_tpg"); 2597 return ERR_PTR(-ENOMEM); 2598 } 2599 mutex_init(&tpg->tv_tpg_mutex); 2600 INIT_LIST_HEAD(&tpg->tv_tpg_list); 2601 tpg->tport = tport; 2602 tpg->tport_tpgt = tpgt; 2603 2604 ret = core_tpg_register(wwn, &tpg->se_tpg, tport->tport_proto_id); 2605 if (ret < 0) { 2606 kfree(tpg); 2607 return NULL; 2608 } 2609 mutex_lock(&vhost_scsi_mutex); 2610 list_add_tail(&tpg->tv_tpg_list, &vhost_scsi_list); 2611 mutex_unlock(&vhost_scsi_mutex); 2612 2613 return &tpg->se_tpg; 2614 } 2615 2616 static void vhost_scsi_drop_tpg(struct se_portal_group *se_tpg) 2617 { 2618 struct vhost_scsi_tpg *tpg = container_of(se_tpg, 2619 struct vhost_scsi_tpg, se_tpg); 2620 2621 mutex_lock(&vhost_scsi_mutex); 2622 list_del(&tpg->tv_tpg_list); 2623 mutex_unlock(&vhost_scsi_mutex); 2624 /* 2625 * Release the virtual I_T Nexus for this vhost TPG 2626 */ 2627 vhost_scsi_drop_nexus(tpg); 2628 /* 2629 * Deregister the se_tpg from TCM.. 2630 */ 2631 core_tpg_deregister(se_tpg); 2632 kfree(tpg); 2633 } 2634 2635 static struct se_wwn * 2636 vhost_scsi_make_tport(struct target_fabric_configfs *tf, 2637 struct config_group *group, 2638 const char *name) 2639 { 2640 struct vhost_scsi_tport *tport; 2641 char *ptr; 2642 u64 wwpn = 0; 2643 int off = 0; 2644 2645 /* if (vhost_scsi_parse_wwn(name, &wwpn, 1) < 0) 2646 return ERR_PTR(-EINVAL); */ 2647 2648 tport = kzalloc(sizeof(*tport), GFP_KERNEL); 2649 if (!tport) { 2650 pr_err("Unable to allocate struct vhost_scsi_tport"); 2651 return ERR_PTR(-ENOMEM); 2652 } 2653 tport->tport_wwpn = wwpn; 2654 /* 2655 * Determine the emulated Protocol Identifier and Target Port Name 2656 * based on the incoming configfs directory name. 2657 */ 2658 ptr = strstr(name, "naa."); 2659 if (ptr) { 2660 tport->tport_proto_id = SCSI_PROTOCOL_SAS; 2661 goto check_len; 2662 } 2663 ptr = strstr(name, "fc."); 2664 if (ptr) { 2665 tport->tport_proto_id = SCSI_PROTOCOL_FCP; 2666 off = 3; /* Skip over "fc." */ 2667 goto check_len; 2668 } 2669 ptr = strstr(name, "iqn."); 2670 if (ptr) { 2671 tport->tport_proto_id = SCSI_PROTOCOL_ISCSI; 2672 goto check_len; 2673 } 2674 2675 pr_err("Unable to locate prefix for emulated Target Port:" 2676 " %s\n", name); 2677 kfree(tport); 2678 return ERR_PTR(-EINVAL); 2679 2680 check_len: 2681 if (strlen(name) >= VHOST_SCSI_NAMELEN) { 2682 pr_err("Emulated %s Address: %s, exceeds" 2683 " max: %d\n", name, vhost_scsi_dump_proto_id(tport), 2684 VHOST_SCSI_NAMELEN); 2685 kfree(tport); 2686 return ERR_PTR(-EINVAL); 2687 } 2688 snprintf(&tport->tport_name[0], VHOST_SCSI_NAMELEN, "%s", &name[off]); 2689 2690 pr_debug("TCM_VHost_ConfigFS: Allocated emulated Target" 2691 " %s Address: %s\n", vhost_scsi_dump_proto_id(tport), name); 2692 2693 return &tport->tport_wwn; 2694 } 2695 2696 static void vhost_scsi_drop_tport(struct se_wwn *wwn) 2697 { 2698 struct vhost_scsi_tport *tport = container_of(wwn, 2699 struct vhost_scsi_tport, tport_wwn); 2700 2701 pr_debug("TCM_VHost_ConfigFS: Deallocating emulated Target" 2702 " %s Address: %s\n", vhost_scsi_dump_proto_id(tport), 2703 tport->tport_name); 2704 2705 kfree(tport); 2706 } 2707 2708 static ssize_t 2709 vhost_scsi_wwn_version_show(struct config_item *item, char *page) 2710 { 2711 return sysfs_emit(page, "TCM_VHOST fabric module %s on %s/%s" 2712 "on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname, 2713 utsname()->machine); 2714 } 2715 2716 CONFIGFS_ATTR_RO(vhost_scsi_wwn_, version); 2717 2718 static struct configfs_attribute *vhost_scsi_wwn_attrs[] = { 2719 &vhost_scsi_wwn_attr_version, 2720 NULL, 2721 }; 2722 2723 static const struct target_core_fabric_ops vhost_scsi_ops = { 2724 .module = THIS_MODULE, 2725 .fabric_name = "vhost", 2726 .max_data_sg_nents = VHOST_SCSI_PREALLOC_SGLS, 2727 .tpg_get_wwn = vhost_scsi_get_fabric_wwn, 2728 .tpg_get_tag = vhost_scsi_get_tpgt, 2729 .tpg_check_demo_mode = vhost_scsi_check_true, 2730 .tpg_check_demo_mode_cache = vhost_scsi_check_true, 2731 .tpg_check_prot_fabric_only = vhost_scsi_check_prot_fabric_only, 2732 .release_cmd = vhost_scsi_release_cmd, 2733 .check_stop_free = vhost_scsi_check_stop_free, 2734 .sess_get_initiator_sid = NULL, 2735 .write_pending = vhost_scsi_write_pending, 2736 .queue_data_in = vhost_scsi_queue_data_in, 2737 .queue_status = vhost_scsi_queue_status, 2738 .queue_tm_rsp = vhost_scsi_queue_tm_rsp, 2739 .aborted_task = vhost_scsi_aborted_task, 2740 /* 2741 * Setup callers for generic logic in target_core_fabric_configfs.c 2742 */ 2743 .fabric_make_wwn = vhost_scsi_make_tport, 2744 .fabric_drop_wwn = vhost_scsi_drop_tport, 2745 .fabric_make_tpg = vhost_scsi_make_tpg, 2746 .fabric_drop_tpg = vhost_scsi_drop_tpg, 2747 .fabric_post_link = vhost_scsi_port_link, 2748 .fabric_pre_unlink = vhost_scsi_port_unlink, 2749 2750 .tfc_wwn_attrs = vhost_scsi_wwn_attrs, 2751 .tfc_tpg_base_attrs = vhost_scsi_tpg_attrs, 2752 .tfc_tpg_attrib_attrs = vhost_scsi_tpg_attrib_attrs, 2753 2754 .default_submit_type = TARGET_QUEUE_SUBMIT, 2755 .direct_submit_supp = 1, 2756 }; 2757 2758 static int __init vhost_scsi_init(void) 2759 { 2760 int ret = -ENOMEM; 2761 2762 pr_debug("TCM_VHOST fabric module %s on %s/%s" 2763 " on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname, 2764 utsname()->machine); 2765 2766 ret = vhost_scsi_register(); 2767 if (ret < 0) 2768 goto out; 2769 2770 ret = target_register_template(&vhost_scsi_ops); 2771 if (ret < 0) 2772 goto out_vhost_scsi_deregister; 2773 2774 return 0; 2775 2776 out_vhost_scsi_deregister: 2777 vhost_scsi_deregister(); 2778 out: 2779 return ret; 2780 }; 2781 2782 static void vhost_scsi_exit(void) 2783 { 2784 target_unregister_template(&vhost_scsi_ops); 2785 vhost_scsi_deregister(); 2786 }; 2787 2788 MODULE_DESCRIPTION("VHOST_SCSI series fabric driver"); 2789 MODULE_ALIAS("tcm_vhost"); 2790 MODULE_LICENSE("GPL"); 2791 module_init(vhost_scsi_init); 2792 module_exit(vhost_scsi_exit); 2793