1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * SCSI Block Commands (SBC) parsing and emulation.
5 * (c) Copyright 2002-2013 Datera, Inc.
7 * Nicholas A. Bellinger <nab@kernel.org>
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/ratelimit.h>
13 #include <linux/crc-t10dif.h>
14 #include <linux/t10-pi.h>
15 #include <asm/unaligned.h>
16 #include <scsi/scsi_proto.h>
17 #include <scsi/scsi_tcq.h>
19 #include <target/target_core_base.h>
20 #include <target/target_core_backend.h>
21 #include <target/target_core_fabric.h>
23 #include "target_core_internal.h"
24 #include "target_core_ua.h"
25 #include "target_core_alua.h"
28 sbc_check_prot(struct se_device *, struct se_cmd *, unsigned char, u32, bool);
29 static sense_reason_t sbc_execute_unmap(struct se_cmd *cmd);
32 sbc_emulate_readcapacity(struct se_cmd *cmd)
34 struct se_device *dev = cmd->se_dev;
35 unsigned char *cdb = cmd->t_task_cdb;
36 unsigned long long blocks_long = dev->transport->get_blocks(dev);
43 * If the PMI bit is set to zero and the LOGICAL BLOCK
44 * ADDRESS field is not set to zero, the device server shall
45 * terminate the command with CHECK CONDITION status with
46 * the sense key set to ILLEGAL REQUEST and the additional
47 * sense code set to INVALID FIELD IN CDB.
49 * In SBC-3, these fields are obsolete, but some SCSI
50 * compliance tests actually check this, so we might as well
53 if (!(cdb[8] & 1) && !!(cdb[2] | cdb[3] | cdb[4] | cdb[5]))
54 return TCM_INVALID_CDB_FIELD;
56 if (blocks_long >= 0x00000000ffffffff)
59 blocks = (u32)blocks_long;
61 put_unaligned_be32(blocks, &buf[0]);
62 put_unaligned_be32(dev->dev_attrib.block_size, &buf[4]);
64 rbuf = transport_kmap_data_sg(cmd);
66 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
67 transport_kunmap_data_sg(cmd);
70 target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, 8);
75 sbc_emulate_readcapacity_16(struct se_cmd *cmd)
77 struct se_device *dev = cmd->se_dev;
78 struct se_session *sess = cmd->se_sess;
79 int pi_prot_type = dev->dev_attrib.pi_prot_type;
82 unsigned char buf[32];
83 unsigned long long blocks = dev->transport->get_blocks(dev);
85 memset(buf, 0, sizeof(buf));
86 put_unaligned_be64(blocks, &buf[0]);
87 put_unaligned_be32(dev->dev_attrib.block_size, &buf[8]);
89 * Set P_TYPE and PROT_EN bits for DIF support
91 if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
93 * Only override a device's pi_prot_type if no T10-PI is
94 * available, and sess_prot_type has been explicitly enabled.
97 pi_prot_type = sess->sess_prot_type;
100 buf[12] = (pi_prot_type - 1) << 1 | 0x1;
103 if (dev->transport->get_lbppbe)
104 buf[13] = dev->transport->get_lbppbe(dev) & 0x0f;
106 if (dev->transport->get_alignment_offset_lbas) {
107 u16 lalba = dev->transport->get_alignment_offset_lbas(dev);
109 put_unaligned_be16(lalba, &buf[14]);
113 * Set Thin Provisioning Enable bit following sbc3r22 in section
114 * READ CAPACITY (16) byte 14 if emulate_tpu or emulate_tpws is enabled.
116 if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws) {
120 * LBPRZ signifies that zeroes will be read back from an LBA after
121 * an UNMAP or WRITE SAME w/ unmap bit (sbc3r36 5.16.2)
123 if (dev->dev_attrib.unmap_zeroes_data)
127 rbuf = transport_kmap_data_sg(cmd);
129 memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
130 transport_kunmap_data_sg(cmd);
133 target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, 32);
137 static sense_reason_t
138 sbc_emulate_startstop(struct se_cmd *cmd)
140 unsigned char *cdb = cmd->t_task_cdb;
143 * See sbc3r36 section 5.25
144 * Immediate bit should be set since there is nothing to complete
145 * POWER CONDITION MODIFIER 0h
147 if (!(cdb[1] & 1) || cdb[2] || cdb[3])
148 return TCM_INVALID_CDB_FIELD;
151 * See sbc3r36 section 5.25
152 * POWER CONDITION 0h START_VALID - process START and LOEJ
154 if (cdb[4] >> 4 & 0xf)
155 return TCM_INVALID_CDB_FIELD;
158 * See sbc3r36 section 5.25
159 * LOEJ 0h - nothing to load or unload
160 * START 1h - we are ready
162 if (!(cdb[4] & 1) || (cdb[4] & 2) || (cdb[4] & 4))
163 return TCM_INVALID_CDB_FIELD;
165 target_complete_cmd(cmd, SAM_STAT_GOOD);
169 sector_t sbc_get_write_same_sectors(struct se_cmd *cmd)
173 if (cmd->t_task_cdb[0] == WRITE_SAME)
174 num_blocks = get_unaligned_be16(&cmd->t_task_cdb[7]);
175 else if (cmd->t_task_cdb[0] == WRITE_SAME_16)
176 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[10]);
177 else /* WRITE_SAME_32 via VARIABLE_LENGTH_CMD */
178 num_blocks = get_unaligned_be32(&cmd->t_task_cdb[28]);
181 * Use the explicit range when non zero is supplied, otherwise calculate
182 * the remaining range based on ->get_blocks() - starting LBA.
187 return cmd->se_dev->transport->get_blocks(cmd->se_dev) -
190 EXPORT_SYMBOL(sbc_get_write_same_sectors);
192 static sense_reason_t
193 sbc_execute_write_same_unmap(struct se_cmd *cmd)
195 struct sbc_ops *ops = cmd->protocol_data;
196 sector_t nolb = sbc_get_write_same_sectors(cmd);
200 ret = ops->execute_unmap(cmd, cmd->t_task_lba, nolb);
205 target_complete_cmd(cmd, SAM_STAT_GOOD);
209 static sense_reason_t
210 sbc_emulate_noop(struct se_cmd *cmd)
212 target_complete_cmd(cmd, SAM_STAT_GOOD);
216 static inline u32 sbc_get_size(struct se_cmd *cmd, u32 sectors)
218 return cmd->se_dev->dev_attrib.block_size * sectors;
221 static inline u32 transport_get_sectors_6(unsigned char *cdb)
224 * Use 8-bit sector value. SBC-3 says:
226 * A TRANSFER LENGTH field set to zero specifies that 256
227 * logical blocks shall be written. Any other value
228 * specifies the number of logical blocks that shall be
231 return cdb[4] ? : 256;
234 static inline u32 transport_get_sectors_10(unsigned char *cdb)
236 return get_unaligned_be16(&cdb[7]);
239 static inline u32 transport_get_sectors_12(unsigned char *cdb)
241 return get_unaligned_be32(&cdb[6]);
244 static inline u32 transport_get_sectors_16(unsigned char *cdb)
246 return get_unaligned_be32(&cdb[10]);
250 * Used for VARIABLE_LENGTH_CDB WRITE_32 and READ_32 variants
252 static inline u32 transport_get_sectors_32(unsigned char *cdb)
254 return get_unaligned_be32(&cdb[28]);
258 static inline u32 transport_lba_21(unsigned char *cdb)
260 return get_unaligned_be24(&cdb[1]) & 0x1fffff;
263 static inline u32 transport_lba_32(unsigned char *cdb)
265 return get_unaligned_be32(&cdb[2]);
268 static inline unsigned long long transport_lba_64(unsigned char *cdb)
270 return get_unaligned_be64(&cdb[2]);
274 * For VARIABLE_LENGTH_CDB w/ 32 byte extended CDBs
276 static inline unsigned long long transport_lba_64_ext(unsigned char *cdb)
278 return get_unaligned_be64(&cdb[12]);
281 static sense_reason_t
282 sbc_setup_write_same(struct se_cmd *cmd, unsigned char flags, struct sbc_ops *ops)
284 struct se_device *dev = cmd->se_dev;
285 sector_t end_lba = dev->transport->get_blocks(dev) + 1;
286 unsigned int sectors = sbc_get_write_same_sectors(cmd);
289 if ((flags & 0x04) || (flags & 0x02)) {
290 pr_err("WRITE_SAME PBDATA and LBDATA"
291 " bits not supported for Block Discard"
293 return TCM_UNSUPPORTED_SCSI_OPCODE;
295 if (sectors > cmd->se_dev->dev_attrib.max_write_same_len) {
296 pr_warn("WRITE_SAME sectors: %u exceeds max_write_same_len: %u\n",
297 sectors, cmd->se_dev->dev_attrib.max_write_same_len);
298 return TCM_INVALID_CDB_FIELD;
301 * Sanity check for LBA wrap and request past end of device.
303 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
304 ((cmd->t_task_lba + sectors) > end_lba)) {
305 pr_err("WRITE_SAME exceeds last lba %llu (lba %llu, sectors %u)\n",
306 (unsigned long long)end_lba, cmd->t_task_lba, sectors);
307 return TCM_ADDRESS_OUT_OF_RANGE;
310 /* We always have ANC_SUP == 0 so setting ANCHOR is always an error */
312 pr_warn("WRITE SAME with ANCHOR not supported\n");
313 return TCM_INVALID_CDB_FIELD;
317 pr_warn("WRITE SAME with NDOB not supported\n");
318 return TCM_INVALID_CDB_FIELD;
322 * Special case for WRITE_SAME w/ UNMAP=1 that ends up getting
323 * translated into block discard requests within backend code.
326 if (!ops->execute_unmap)
327 return TCM_UNSUPPORTED_SCSI_OPCODE;
329 if (!dev->dev_attrib.emulate_tpws) {
330 pr_err("Got WRITE_SAME w/ UNMAP=1, but backend device"
331 " has emulate_tpws disabled\n");
332 return TCM_UNSUPPORTED_SCSI_OPCODE;
334 cmd->execute_cmd = sbc_execute_write_same_unmap;
337 if (!ops->execute_write_same)
338 return TCM_UNSUPPORTED_SCSI_OPCODE;
340 ret = sbc_check_prot(dev, cmd, flags >> 5, sectors, true);
344 cmd->execute_cmd = ops->execute_write_same;
348 static sense_reason_t xdreadwrite_callback(struct se_cmd *cmd, bool success,
351 unsigned char *buf, *addr;
352 struct scatterlist *sg;
354 sense_reason_t ret = TCM_NO_SENSE;
361 * From sbc3r22.pdf section 5.48 XDWRITEREAD (10) command
363 * 1) read the specified logical block(s);
364 * 2) transfer logical blocks from the data-out buffer;
365 * 3) XOR the logical blocks transferred from the data-out buffer with
366 * the logical blocks read, storing the resulting XOR data in a buffer;
367 * 4) if the DISABLE WRITE bit is set to zero, then write the logical
368 * blocks transferred from the data-out buffer; and
369 * 5) transfer the resulting XOR data to the data-in buffer.
371 buf = kmalloc(cmd->data_length, GFP_KERNEL);
373 pr_err("Unable to allocate xor_callback buf\n");
374 return TCM_OUT_OF_RESOURCES;
377 * Copy the scatterlist WRITE buffer located at cmd->t_data_sg
378 * into the locally allocated *buf
380 sg_copy_to_buffer(cmd->t_data_sg,
386 * Now perform the XOR against the BIDI read memory located at
387 * cmd->t_mem_bidi_list
391 for_each_sg(cmd->t_bidi_data_sg, sg, cmd->t_bidi_data_nents, count) {
392 addr = kmap_atomic(sg_page(sg));
394 ret = TCM_OUT_OF_RESOURCES;
398 for (i = 0; i < sg->length; i++)
399 *(addr + sg->offset + i) ^= *(buf + offset + i);
401 offset += sg->length;
410 static sense_reason_t
411 sbc_execute_rw(struct se_cmd *cmd)
413 struct sbc_ops *ops = cmd->protocol_data;
415 return ops->execute_rw(cmd, cmd->t_data_sg, cmd->t_data_nents,
416 cmd->data_direction);
419 static sense_reason_t compare_and_write_post(struct se_cmd *cmd, bool success,
422 struct se_device *dev = cmd->se_dev;
423 sense_reason_t ret = TCM_NO_SENSE;
425 spin_lock_irq(&cmd->t_state_lock);
429 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
430 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
432 spin_unlock_irq(&cmd->t_state_lock);
435 * Unlock ->caw_sem originally obtained during sbc_compare_and_write()
436 * before the original READ I/O submission.
444 * compare @cmp_len bytes of @read_sgl with @cmp_sgl. On miscompare, fill
445 * @miscmp_off and return TCM_MISCOMPARE_VERIFY.
447 static sense_reason_t
448 compare_and_write_do_cmp(struct scatterlist *read_sgl, unsigned int read_nents,
449 struct scatterlist *cmp_sgl, unsigned int cmp_nents,
450 unsigned int cmp_len, unsigned int *miscmp_off)
452 unsigned char *buf = NULL;
453 struct scatterlist *sg;
459 buf = kzalloc(cmp_len, GFP_KERNEL);
461 ret = TCM_OUT_OF_RESOURCES;
465 rc = sg_copy_to_buffer(cmp_sgl, cmp_nents, buf, cmp_len);
467 pr_err("sg_copy_to_buffer() failed for compare_and_write\n");
468 ret = TCM_OUT_OF_RESOURCES;
472 * Compare SCSI READ payload against verify payload
476 for_each_sg(read_sgl, sg, read_nents, sg_cnt) {
477 unsigned int len = min(sg->length, cmp_len);
478 unsigned char *addr = kmap_atomic(sg_page(sg));
480 if (memcmp(addr, buf + offset, len)) {
483 for (i = 0; i < len && addr[i] == buf[offset + i]; i++)
485 *miscmp_off = offset + i;
486 pr_warn("Detected MISCOMPARE at offset %u\n",
488 ret = TCM_MISCOMPARE_VERIFY;
491 if (ret != TCM_NO_SENSE)
499 pr_debug("COMPARE AND WRITE read data matches compare data\n");
505 static sense_reason_t compare_and_write_callback(struct se_cmd *cmd, bool success,
508 struct se_device *dev = cmd->se_dev;
509 struct sg_table write_tbl = { };
510 struct scatterlist *write_sg;
511 struct sg_mapping_iter m;
513 unsigned int block_size = dev->dev_attrib.block_size;
514 unsigned int compare_len = (cmd->t_task_nolb * block_size);
515 unsigned int miscmp_off = 0;
516 sense_reason_t ret = TCM_NO_SENSE;
520 * Handle early failure in transport_generic_request_failure(),
521 * which will not have taken ->caw_sem yet..
523 if (!success && (!cmd->t_data_sg || !cmd->t_bidi_data_sg))
526 * Handle special case for zero-length COMPARE_AND_WRITE
528 if (!cmd->data_length)
531 * Immediately exit + release dev->caw_sem if command has already
532 * been failed with a non-zero SCSI status.
534 if (cmd->scsi_status) {
535 pr_debug("compare_and_write_callback: non zero scsi_status:"
536 " 0x%02x\n", cmd->scsi_status);
538 if (cmd->scsi_status == SAM_STAT_CHECK_CONDITION)
539 ret = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
543 ret = compare_and_write_do_cmp(cmd->t_bidi_data_sg,
544 cmd->t_bidi_data_nents,
549 if (ret == TCM_MISCOMPARE_VERIFY) {
551 * SBC-4 r15: 5.3 COMPARE AND WRITE command
552 * In the sense data (see 4.18 and SPC-5) the offset from the
553 * start of the Data-Out Buffer to the first byte of data that
554 * was not equal shall be reported in the INFORMATION field.
556 cmd->sense_info = miscmp_off;
561 if (sg_alloc_table(&write_tbl, cmd->t_data_nents, GFP_KERNEL) < 0) {
562 pr_err("Unable to allocate compare_and_write sg\n");
563 ret = TCM_OUT_OF_RESOURCES;
566 write_sg = write_tbl.sgl;
570 sg_miter_start(&m, cmd->t_data_sg, cmd->t_data_nents, SG_MITER_TO_SG);
572 * Currently assumes NoLB=1 and SGLs are PAGE_SIZE..
577 if (block_size < PAGE_SIZE) {
578 sg_set_page(&write_sg[i], m.page, block_size,
579 m.piter.sg->offset + block_size);
582 sg_set_page(&write_sg[i], m.page, block_size,
590 * Save the original SGL + nents values before updating to new
591 * assignments, to be released in transport_free_pages() ->
592 * transport_reset_sgl_orig()
594 cmd->t_data_sg_orig = cmd->t_data_sg;
595 cmd->t_data_sg = write_sg;
596 cmd->t_data_nents_orig = cmd->t_data_nents;
597 cmd->t_data_nents = 1;
599 cmd->sam_task_attr = TCM_HEAD_TAG;
600 cmd->transport_complete_callback = compare_and_write_post;
602 * Now reset ->execute_cmd() to the normal sbc_execute_rw() handler
603 * for submitting the adjusted SGL to write instance user-data.
605 cmd->execute_cmd = sbc_execute_rw;
607 spin_lock_irq(&cmd->t_state_lock);
608 cmd->t_state = TRANSPORT_PROCESSING;
609 cmd->transport_state |= CMD_T_ACTIVE | CMD_T_SENT;
610 spin_unlock_irq(&cmd->t_state_lock);
612 __target_execute_cmd(cmd, false);
618 * In the MISCOMPARE or failure case, unlock ->caw_sem obtained in
619 * sbc_compare_and_write() before the original READ I/O submission.
622 sg_free_table(&write_tbl);
626 static sense_reason_t
627 sbc_compare_and_write(struct se_cmd *cmd)
629 struct sbc_ops *ops = cmd->protocol_data;
630 struct se_device *dev = cmd->se_dev;
634 * Submit the READ first for COMPARE_AND_WRITE to perform the
635 * comparision using SGLs at cmd->t_bidi_data_sg..
637 rc = down_interruptible(&dev->caw_sem);
639 cmd->transport_complete_callback = NULL;
640 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
643 * Reset cmd->data_length to individual block_size in order to not
644 * confuse backend drivers that depend on this value matching the
645 * size of the I/O being submitted.
647 cmd->data_length = cmd->t_task_nolb * dev->dev_attrib.block_size;
649 ret = ops->execute_rw(cmd, cmd->t_bidi_data_sg, cmd->t_bidi_data_nents,
652 cmd->transport_complete_callback = NULL;
657 * Unlock of dev->caw_sem to occur in compare_and_write_callback()
658 * upon MISCOMPARE, or in compare_and_write_done() upon completion
659 * of WRITE instance user-data.
665 sbc_set_prot_op_checks(u8 protect, bool fabric_prot, enum target_prot_type prot_type,
666 bool is_write, struct se_cmd *cmd)
669 cmd->prot_op = fabric_prot ? TARGET_PROT_DOUT_STRIP :
670 protect ? TARGET_PROT_DOUT_PASS :
671 TARGET_PROT_DOUT_INSERT;
675 cmd->prot_checks = 0;
679 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
680 if (prot_type == TARGET_DIF_TYPE1_PROT)
681 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
684 if (prot_type == TARGET_DIF_TYPE1_PROT)
685 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
688 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
691 pr_err("Unsupported protect field %d\n", protect);
695 cmd->prot_op = fabric_prot ? TARGET_PROT_DIN_INSERT :
696 protect ? TARGET_PROT_DIN_PASS :
697 TARGET_PROT_DIN_STRIP;
702 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
703 if (prot_type == TARGET_DIF_TYPE1_PROT)
704 cmd->prot_checks |= TARGET_DIF_CHECK_REFTAG;
707 if (prot_type == TARGET_DIF_TYPE1_PROT)
708 cmd->prot_checks = TARGET_DIF_CHECK_REFTAG;
711 cmd->prot_checks = 0;
714 cmd->prot_checks = TARGET_DIF_CHECK_GUARD;
717 pr_err("Unsupported protect field %d\n", protect);
725 static sense_reason_t
726 sbc_check_prot(struct se_device *dev, struct se_cmd *cmd, unsigned char protect,
727 u32 sectors, bool is_write)
729 int sp_ops = cmd->se_sess->sup_prot_ops;
730 int pi_prot_type = dev->dev_attrib.pi_prot_type;
731 bool fabric_prot = false;
733 if (!cmd->t_prot_sg || !cmd->t_prot_nents) {
734 if (unlikely(protect &&
735 !dev->dev_attrib.pi_prot_type && !cmd->se_sess->sess_prot_type)) {
736 pr_err("CDB contains protect bit, but device + fabric does"
737 " not advertise PROTECT=1 feature bit\n");
738 return TCM_INVALID_CDB_FIELD;
744 switch (dev->dev_attrib.pi_prot_type) {
745 case TARGET_DIF_TYPE3_PROT:
746 cmd->reftag_seed = 0xffffffff;
748 case TARGET_DIF_TYPE2_PROT:
750 return TCM_INVALID_CDB_FIELD;
752 cmd->reftag_seed = cmd->t_task_lba;
754 case TARGET_DIF_TYPE1_PROT:
755 cmd->reftag_seed = cmd->t_task_lba;
757 case TARGET_DIF_TYPE0_PROT:
759 * See if the fabric supports T10-PI, and the session has been
760 * configured to allow export PROTECT=1 feature bit with backend
761 * devices that don't support T10-PI.
763 fabric_prot = is_write ?
764 !!(sp_ops & (TARGET_PROT_DOUT_PASS | TARGET_PROT_DOUT_STRIP)) :
765 !!(sp_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DIN_INSERT));
767 if (fabric_prot && cmd->se_sess->sess_prot_type) {
768 pi_prot_type = cmd->se_sess->sess_prot_type;
775 pr_err("Unable to determine pi_prot_type for CDB: 0x%02x "
776 "PROTECT: 0x%02x\n", cmd->t_task_cdb[0], protect);
777 return TCM_INVALID_CDB_FIELD;
780 if (sbc_set_prot_op_checks(protect, fabric_prot, pi_prot_type, is_write, cmd))
781 return TCM_INVALID_CDB_FIELD;
783 cmd->prot_type = pi_prot_type;
784 cmd->prot_length = dev->prot_length * sectors;
787 * In case protection information exists over the wire
788 * we modify command data length to describe pure data.
789 * The actual transfer length is data length + protection
793 cmd->data_length = sectors * dev->dev_attrib.block_size;
795 pr_debug("%s: prot_type=%d, data_length=%d, prot_length=%d "
796 "prot_op=%d prot_checks=%d\n",
797 __func__, cmd->prot_type, cmd->data_length, cmd->prot_length,
798 cmd->prot_op, cmd->prot_checks);
804 sbc_check_dpofua(struct se_device *dev, struct se_cmd *cmd, unsigned char *cdb)
807 /* see explanation in spc_emulate_modesense */
808 if (!target_check_fua(dev)) {
809 pr_err("Got CDB: 0x%02x with DPO bit set, but device"
810 " does not advertise support for DPO\n", cdb[0]);
815 if (!target_check_fua(dev)) {
816 pr_err("Got CDB: 0x%02x with FUA bit set, but device"
817 " does not advertise support for FUA write\n",
821 cmd->se_cmd_flags |= SCF_FUA;
827 sbc_parse_cdb(struct se_cmd *cmd, struct sbc_ops *ops)
829 struct se_device *dev = cmd->se_dev;
830 unsigned char *cdb = cmd->t_task_cdb;
835 cmd->protocol_data = ops;
839 sectors = transport_get_sectors_6(cdb);
840 cmd->t_task_lba = transport_lba_21(cdb);
841 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
842 cmd->execute_cmd = sbc_execute_rw;
845 sectors = transport_get_sectors_10(cdb);
846 cmd->t_task_lba = transport_lba_32(cdb);
848 if (sbc_check_dpofua(dev, cmd, cdb))
849 return TCM_INVALID_CDB_FIELD;
851 ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, false);
855 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
856 cmd->execute_cmd = sbc_execute_rw;
859 sectors = transport_get_sectors_12(cdb);
860 cmd->t_task_lba = transport_lba_32(cdb);
862 if (sbc_check_dpofua(dev, cmd, cdb))
863 return TCM_INVALID_CDB_FIELD;
865 ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, false);
869 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
870 cmd->execute_cmd = sbc_execute_rw;
873 sectors = transport_get_sectors_16(cdb);
874 cmd->t_task_lba = transport_lba_64(cdb);
876 if (sbc_check_dpofua(dev, cmd, cdb))
877 return TCM_INVALID_CDB_FIELD;
879 ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, false);
883 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
884 cmd->execute_cmd = sbc_execute_rw;
887 sectors = transport_get_sectors_6(cdb);
888 cmd->t_task_lba = transport_lba_21(cdb);
889 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
890 cmd->execute_cmd = sbc_execute_rw;
894 sectors = transport_get_sectors_10(cdb);
895 cmd->t_task_lba = transport_lba_32(cdb);
897 if (sbc_check_dpofua(dev, cmd, cdb))
898 return TCM_INVALID_CDB_FIELD;
900 ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, true);
904 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
905 cmd->execute_cmd = sbc_execute_rw;
908 sectors = transport_get_sectors_12(cdb);
909 cmd->t_task_lba = transport_lba_32(cdb);
911 if (sbc_check_dpofua(dev, cmd, cdb))
912 return TCM_INVALID_CDB_FIELD;
914 ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, true);
918 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
919 cmd->execute_cmd = sbc_execute_rw;
922 case WRITE_VERIFY_16:
923 sectors = transport_get_sectors_16(cdb);
924 cmd->t_task_lba = transport_lba_64(cdb);
926 if (sbc_check_dpofua(dev, cmd, cdb))
927 return TCM_INVALID_CDB_FIELD;
929 ret = sbc_check_prot(dev, cmd, cdb[1] >> 5, sectors, true);
933 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
934 cmd->execute_cmd = sbc_execute_rw;
937 if (cmd->data_direction != DMA_TO_DEVICE ||
938 !(cmd->se_cmd_flags & SCF_BIDI))
939 return TCM_INVALID_CDB_FIELD;
940 sectors = transport_get_sectors_10(cdb);
942 if (sbc_check_dpofua(dev, cmd, cdb))
943 return TCM_INVALID_CDB_FIELD;
945 cmd->t_task_lba = transport_lba_32(cdb);
946 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
949 * Setup BIDI XOR callback to be run after I/O completion.
951 cmd->execute_cmd = sbc_execute_rw;
952 cmd->transport_complete_callback = &xdreadwrite_callback;
954 case VARIABLE_LENGTH_CMD:
956 u16 service_action = get_unaligned_be16(&cdb[8]);
957 switch (service_action) {
959 sectors = transport_get_sectors_32(cdb);
961 if (sbc_check_dpofua(dev, cmd, cdb))
962 return TCM_INVALID_CDB_FIELD;
964 * Use WRITE_32 and READ_32 opcodes for the emulated
965 * XDWRITE_READ_32 logic.
967 cmd->t_task_lba = transport_lba_64_ext(cdb);
968 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB;
971 * Setup BIDI XOR callback to be run during after I/O
974 cmd->execute_cmd = sbc_execute_rw;
975 cmd->transport_complete_callback = &xdreadwrite_callback;
978 sectors = transport_get_sectors_32(cdb);
980 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not"
982 return TCM_INVALID_CDB_FIELD;
985 size = sbc_get_size(cmd, 1);
986 cmd->t_task_lba = get_unaligned_be64(&cdb[12]);
988 ret = sbc_setup_write_same(cmd, cdb[10], ops);
993 pr_err("VARIABLE_LENGTH_CMD service action"
994 " 0x%04x not supported\n", service_action);
995 return TCM_UNSUPPORTED_SCSI_OPCODE;
999 case COMPARE_AND_WRITE:
1000 if (!dev->dev_attrib.emulate_caw) {
1001 pr_err_ratelimited("se_device %s/%s (vpd_unit_serial %s) reject COMPARE_AND_WRITE\n",
1002 dev->se_hba->backend->ops->name,
1003 config_item_name(&dev->dev_group.cg_item),
1004 dev->t10_wwn.unit_serial);
1005 return TCM_UNSUPPORTED_SCSI_OPCODE;
1009 * Currently enforce COMPARE_AND_WRITE for a single sector
1012 pr_err("COMPARE_AND_WRITE contains NoLB: %u greater"
1013 " than 1\n", sectors);
1014 return TCM_INVALID_CDB_FIELD;
1016 if (sbc_check_dpofua(dev, cmd, cdb))
1017 return TCM_INVALID_CDB_FIELD;
1020 * Double size because we have two buffers, note that
1021 * zero is not an error..
1023 size = 2 * sbc_get_size(cmd, sectors);
1024 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1025 cmd->t_task_nolb = sectors;
1026 cmd->se_cmd_flags |= SCF_SCSI_DATA_CDB | SCF_COMPARE_AND_WRITE;
1027 cmd->execute_cmd = sbc_compare_and_write;
1028 cmd->transport_complete_callback = compare_and_write_callback;
1031 size = READ_CAP_LEN;
1032 cmd->execute_cmd = sbc_emulate_readcapacity;
1034 case SERVICE_ACTION_IN_16:
1035 switch (cmd->t_task_cdb[1] & 0x1f) {
1036 case SAI_READ_CAPACITY_16:
1037 cmd->execute_cmd = sbc_emulate_readcapacity_16;
1039 case SAI_REPORT_REFERRALS:
1040 cmd->execute_cmd = target_emulate_report_referrals;
1043 pr_err("Unsupported SA: 0x%02x\n",
1044 cmd->t_task_cdb[1] & 0x1f);
1045 return TCM_INVALID_CDB_FIELD;
1047 size = get_unaligned_be32(&cdb[10]);
1049 case SYNCHRONIZE_CACHE:
1050 case SYNCHRONIZE_CACHE_16:
1051 if (cdb[0] == SYNCHRONIZE_CACHE) {
1052 sectors = transport_get_sectors_10(cdb);
1053 cmd->t_task_lba = transport_lba_32(cdb);
1055 sectors = transport_get_sectors_16(cdb);
1056 cmd->t_task_lba = transport_lba_64(cdb);
1058 if (ops->execute_sync_cache) {
1059 cmd->execute_cmd = ops->execute_sync_cache;
1063 cmd->execute_cmd = sbc_emulate_noop;
1066 if (!ops->execute_unmap)
1067 return TCM_UNSUPPORTED_SCSI_OPCODE;
1069 if (!dev->dev_attrib.emulate_tpu) {
1070 pr_err("Got UNMAP, but backend device has"
1071 " emulate_tpu disabled\n");
1072 return TCM_UNSUPPORTED_SCSI_OPCODE;
1074 size = get_unaligned_be16(&cdb[7]);
1075 cmd->execute_cmd = sbc_execute_unmap;
1078 sectors = transport_get_sectors_16(cdb);
1080 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1081 return TCM_INVALID_CDB_FIELD;
1084 size = sbc_get_size(cmd, 1);
1085 cmd->t_task_lba = get_unaligned_be64(&cdb[2]);
1087 ret = sbc_setup_write_same(cmd, cdb[1], ops);
1092 sectors = transport_get_sectors_10(cdb);
1094 pr_err("WSNZ=1, WRITE_SAME w/sectors=0 not supported\n");
1095 return TCM_INVALID_CDB_FIELD;
1098 size = sbc_get_size(cmd, 1);
1099 cmd->t_task_lba = get_unaligned_be32(&cdb[2]);
1102 * Follow sbcr26 with WRITE_SAME (10) and check for the existence
1103 * of byte 1 bit 3 UNMAP instead of original reserved field
1105 ret = sbc_setup_write_same(cmd, cdb[1], ops);
1112 if (cdb[0] == VERIFY) {
1113 sectors = transport_get_sectors_10(cdb);
1114 cmd->t_task_lba = transport_lba_32(cdb);
1116 sectors = transport_get_sectors_16(cdb);
1117 cmd->t_task_lba = transport_lba_64(cdb);
1119 cmd->execute_cmd = sbc_emulate_noop;
1125 * There are still clients out there which use these old SCSI-2
1126 * commands. This mainly happens when running VMs with legacy
1127 * guest systems, connected via SCSI command pass-through to
1128 * iSCSI targets. Make them happy and return status GOOD.
1131 cmd->execute_cmd = sbc_emulate_noop;
1135 cmd->execute_cmd = sbc_emulate_startstop;
1138 ret = spc_parse_cdb(cmd, &size);
1143 /* reject any command that we don't have a handler for */
1144 if (!cmd->execute_cmd)
1145 return TCM_UNSUPPORTED_SCSI_OPCODE;
1147 if (cmd->se_cmd_flags & SCF_SCSI_DATA_CDB) {
1148 unsigned long long end_lba;
1150 end_lba = dev->transport->get_blocks(dev) + 1;
1151 if (((cmd->t_task_lba + sectors) < cmd->t_task_lba) ||
1152 ((cmd->t_task_lba + sectors) > end_lba)) {
1153 pr_err("cmd exceeds last lba %llu "
1154 "(lba %llu, sectors %u)\n",
1155 end_lba, cmd->t_task_lba, sectors);
1156 return TCM_ADDRESS_OUT_OF_RANGE;
1159 if (!(cmd->se_cmd_flags & SCF_COMPARE_AND_WRITE))
1160 size = sbc_get_size(cmd, sectors);
1163 return target_cmd_size_check(cmd, size);
1165 EXPORT_SYMBOL(sbc_parse_cdb);
1167 u32 sbc_get_device_type(struct se_device *dev)
1171 EXPORT_SYMBOL(sbc_get_device_type);
1173 static sense_reason_t
1174 sbc_execute_unmap(struct se_cmd *cmd)
1176 struct sbc_ops *ops = cmd->protocol_data;
1177 struct se_device *dev = cmd->se_dev;
1178 unsigned char *buf, *ptr = NULL;
1182 sense_reason_t ret = 0;
1185 /* We never set ANC_SUP */
1186 if (cmd->t_task_cdb[1])
1187 return TCM_INVALID_CDB_FIELD;
1189 if (cmd->data_length == 0) {
1190 target_complete_cmd(cmd, SAM_STAT_GOOD);
1194 if (cmd->data_length < 8) {
1195 pr_warn("UNMAP parameter list length %u too small\n",
1197 return TCM_PARAMETER_LIST_LENGTH_ERROR;
1200 buf = transport_kmap_data_sg(cmd);
1202 return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1204 dl = get_unaligned_be16(&buf[0]);
1205 bd_dl = get_unaligned_be16(&buf[2]);
1207 size = cmd->data_length - 8;
1209 pr_warn("UNMAP parameter list length %u too small, ignoring bd_dl %u\n",
1210 cmd->data_length, bd_dl);
1214 if (size / 16 > dev->dev_attrib.max_unmap_block_desc_count) {
1215 ret = TCM_INVALID_PARAMETER_LIST;
1219 /* First UNMAP block descriptor starts at 8 byte offset */
1221 pr_debug("UNMAP: Sub: %s Using dl: %u bd_dl: %u size: %u"
1222 " ptr: %p\n", dev->transport->name, dl, bd_dl, size, ptr);
1224 while (size >= 16) {
1225 lba = get_unaligned_be64(&ptr[0]);
1226 range = get_unaligned_be32(&ptr[8]);
1227 pr_debug("UNMAP: Using lba: %llu and range: %u\n",
1228 (unsigned long long)lba, range);
1230 if (range > dev->dev_attrib.max_unmap_lba_count) {
1231 ret = TCM_INVALID_PARAMETER_LIST;
1235 if (lba + range > dev->transport->get_blocks(dev) + 1) {
1236 ret = TCM_ADDRESS_OUT_OF_RANGE;
1241 ret = ops->execute_unmap(cmd, lba, range);
1251 transport_kunmap_data_sg(cmd);
1253 target_complete_cmd(cmd, SAM_STAT_GOOD);
1258 sbc_dif_generate(struct se_cmd *cmd)
1260 struct se_device *dev = cmd->se_dev;
1261 struct t10_pi_tuple *sdt;
1262 struct scatterlist *dsg = cmd->t_data_sg, *psg;
1263 sector_t sector = cmd->t_task_lba;
1264 void *daddr, *paddr;
1265 int i, j, offset = 0;
1266 unsigned int block_size = dev->dev_attrib.block_size;
1268 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1269 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1270 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1272 for (j = 0; j < psg->length;
1273 j += sizeof(*sdt)) {
1277 if (offset >= dsg->length) {
1278 offset -= dsg->length;
1279 kunmap_atomic(daddr - dsg->offset);
1282 kunmap_atomic(paddr - psg->offset);
1285 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1289 avail = min(block_size, dsg->length - offset);
1290 crc = crc_t10dif(daddr + offset, avail);
1291 if (avail < block_size) {
1292 kunmap_atomic(daddr - dsg->offset);
1295 kunmap_atomic(paddr - psg->offset);
1298 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1299 offset = block_size - avail;
1300 crc = crc_t10dif_update(crc, daddr, offset);
1302 offset += block_size;
1305 sdt->guard_tag = cpu_to_be16(crc);
1306 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT)
1307 sdt->ref_tag = cpu_to_be32(sector & 0xffffffff);
1310 pr_debug("DIF %s INSERT sector: %llu guard_tag: 0x%04x"
1311 " app_tag: 0x%04x ref_tag: %u\n",
1312 (cmd->data_direction == DMA_TO_DEVICE) ?
1313 "WRITE" : "READ", (unsigned long long)sector,
1314 sdt->guard_tag, sdt->app_tag,
1315 be32_to_cpu(sdt->ref_tag));
1320 kunmap_atomic(daddr - dsg->offset);
1321 kunmap_atomic(paddr - psg->offset);
1325 static sense_reason_t
1326 sbc_dif_v1_verify(struct se_cmd *cmd, struct t10_pi_tuple *sdt,
1327 __u16 crc, sector_t sector, unsigned int ei_lba)
1331 if (!(cmd->prot_checks & TARGET_DIF_CHECK_GUARD))
1334 csum = cpu_to_be16(crc);
1336 if (sdt->guard_tag != csum) {
1337 pr_err("DIFv1 checksum failed on sector %llu guard tag 0x%04x"
1338 " csum 0x%04x\n", (unsigned long long)sector,
1339 be16_to_cpu(sdt->guard_tag), be16_to_cpu(csum));
1340 return TCM_LOGICAL_BLOCK_GUARD_CHECK_FAILED;
1344 if (!(cmd->prot_checks & TARGET_DIF_CHECK_REFTAG))
1347 if (cmd->prot_type == TARGET_DIF_TYPE1_PROT &&
1348 be32_to_cpu(sdt->ref_tag) != (sector & 0xffffffff)) {
1349 pr_err("DIFv1 Type 1 reference failed on sector: %llu tag: 0x%08x"
1350 " sector MSB: 0x%08x\n", (unsigned long long)sector,
1351 be32_to_cpu(sdt->ref_tag), (u32)(sector & 0xffffffff));
1352 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1355 if (cmd->prot_type == TARGET_DIF_TYPE2_PROT &&
1356 be32_to_cpu(sdt->ref_tag) != ei_lba) {
1357 pr_err("DIFv1 Type 2 reference failed on sector: %llu tag: 0x%08x"
1358 " ei_lba: 0x%08x\n", (unsigned long long)sector,
1359 be32_to_cpu(sdt->ref_tag), ei_lba);
1360 return TCM_LOGICAL_BLOCK_REF_TAG_CHECK_FAILED;
1366 void sbc_dif_copy_prot(struct se_cmd *cmd, unsigned int sectors, bool read,
1367 struct scatterlist *sg, int sg_off)
1369 struct se_device *dev = cmd->se_dev;
1370 struct scatterlist *psg;
1372 unsigned int i, len, left;
1373 unsigned int offset = sg_off;
1378 left = sectors * dev->prot_length;
1380 for_each_sg(cmd->t_prot_sg, psg, cmd->t_prot_nents, i) {
1381 unsigned int psg_len, copied = 0;
1383 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1384 psg_len = min(left, psg->length);
1386 len = min(psg_len, sg->length - offset);
1387 addr = kmap_atomic(sg_page(sg)) + sg->offset + offset;
1390 memcpy(paddr + copied, addr, len);
1392 memcpy(addr, paddr + copied, len);
1399 kunmap_atomic(addr - sg->offset - offset);
1401 if (offset >= sg->length) {
1406 kunmap_atomic(paddr - psg->offset);
1409 EXPORT_SYMBOL(sbc_dif_copy_prot);
1412 sbc_dif_verify(struct se_cmd *cmd, sector_t start, unsigned int sectors,
1413 unsigned int ei_lba, struct scatterlist *psg, int psg_off)
1415 struct se_device *dev = cmd->se_dev;
1416 struct t10_pi_tuple *sdt;
1417 struct scatterlist *dsg = cmd->t_data_sg;
1418 sector_t sector = start;
1419 void *daddr, *paddr;
1423 unsigned int block_size = dev->dev_attrib.block_size;
1425 for (; psg && sector < start + sectors; psg = sg_next(psg)) {
1426 paddr = kmap_atomic(sg_page(psg)) + psg->offset;
1427 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1429 for (i = psg_off; i < psg->length &&
1430 sector < start + sectors;
1431 i += sizeof(*sdt)) {
1435 if (dsg_off >= dsg->length) {
1436 dsg_off -= dsg->length;
1437 kunmap_atomic(daddr - dsg->offset);
1440 kunmap_atomic(paddr - psg->offset);
1443 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1448 pr_debug("DIF READ sector: %llu guard_tag: 0x%04x"
1449 " app_tag: 0x%04x ref_tag: %u\n",
1450 (unsigned long long)sector, sdt->guard_tag,
1451 sdt->app_tag, be32_to_cpu(sdt->ref_tag));
1453 if (sdt->app_tag == T10_PI_APP_ESCAPE) {
1454 dsg_off += block_size;
1458 avail = min(block_size, dsg->length - dsg_off);
1459 crc = crc_t10dif(daddr + dsg_off, avail);
1460 if (avail < block_size) {
1461 kunmap_atomic(daddr - dsg->offset);
1464 kunmap_atomic(paddr - psg->offset);
1467 daddr = kmap_atomic(sg_page(dsg)) + dsg->offset;
1468 dsg_off = block_size - avail;
1469 crc = crc_t10dif_update(crc, daddr, dsg_off);
1471 dsg_off += block_size;
1474 rc = sbc_dif_v1_verify(cmd, sdt, crc, sector, ei_lba);
1476 kunmap_atomic(daddr - dsg->offset);
1477 kunmap_atomic(paddr - psg->offset);
1478 cmd->sense_info = sector;
1487 kunmap_atomic(daddr - dsg->offset);
1488 kunmap_atomic(paddr - psg->offset);
1493 EXPORT_SYMBOL(sbc_dif_verify);