scsi.c 56.3 KB
Newer Older
1 2 3
/*******************************************************************************
 * Vhost kernel TCM fabric driver for virtio SCSI initiators
 *
4
 * (C) Copyright 2010-2013 Datera, Inc.
5 6 7 8
 * (C) Copyright 2010-2012 IBM Corp.
 *
 * Licensed to the Linux Foundation under the General Public License (GPL) version 2.
 *
9
 * Authors: Nicholas A. Bellinger <nab@daterainc.com>
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37
 *          Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 ****************************************************************************/

#include <linux/module.h>
#include <linux/moduleparam.h>
#include <generated/utsrelease.h>
#include <linux/utsname.h>
#include <linux/init.h>
#include <linux/slab.h>
#include <linux/kthread.h>
#include <linux/types.h>
#include <linux/string.h>
#include <linux/configfs.h>
#include <linux/ctype.h>
#include <linux/compat.h>
#include <linux/eventfd.h>
#include <linux/fs.h>
38
#include <linux/vmalloc.h>
39 40
#include <linux/miscdevice.h>
#include <asm/unaligned.h>
41 42
#include <scsi/scsi_common.h>
#include <scsi/scsi_proto.h>
43 44 45 46
#include <target/target_core_base.h>
#include <target/target_core_fabric.h>
#include <linux/vhost.h>
#include <linux/virtio_scsi.h>
47
#include <linux/llist.h>
A
Asias He 已提交
48
#include <linux/bitmap.h>
49
#include <linux/percpu_ida.h>
50 51

#include "vhost.h"
M
Michael S. Tsirkin 已提交
52

53 54 55 56 57 58 59
#define VHOST_SCSI_VERSION  "v0.1"
#define VHOST_SCSI_NAMELEN 256
#define VHOST_SCSI_MAX_CDB_SIZE 32
#define VHOST_SCSI_DEFAULT_TAGS 256
#define VHOST_SCSI_PREALLOC_SGLS 2048
#define VHOST_SCSI_PREALLOC_UPAGES 2048
#define VHOST_SCSI_PREALLOC_PROT_SGLS 512
M
Michael S. Tsirkin 已提交
60 61 62 63 64 65 66 67

struct vhost_scsi_inflight {
	/* Wait for the flush operation to finish */
	struct completion comp;
	/* Refcount for the inflight reqs */
	struct kref kref;
};

68
struct vhost_scsi_cmd {
M
Michael S. Tsirkin 已提交
69 70 71 72
	/* Descriptor from vhost_get_vq_desc() for virt_queue segment */
	int tvc_vq_desc;
	/* virtio-scsi initiator task attribute */
	int tvc_task_attr;
73 74
	/* virtio-scsi response incoming iovecs */
	int tvc_in_iovs;
M
Michael S. Tsirkin 已提交
75 76 77 78 79 80 81 82
	/* virtio-scsi initiator data direction */
	enum dma_data_direction tvc_data_direction;
	/* Expected data transfer length from virtio-scsi header */
	u32 tvc_exp_data_len;
	/* The Tag from include/linux/virtio_scsi.h:struct virtio_scsi_cmd_req */
	u64 tvc_tag;
	/* The number of scatterlists associated with this cmd */
	u32 tvc_sgl_count;
83
	u32 tvc_prot_sgl_count;
84
	/* Saved unpacked SCSI LUN for vhost_scsi_submission_work() */
M
Michael S. Tsirkin 已提交
85 86 87
	u32 tvc_lun;
	/* Pointer to the SGL formatted memory from virtio-scsi */
	struct scatterlist *tvc_sgl;
88
	struct scatterlist *tvc_prot_sgl;
89
	struct page **tvc_upages;
90
	/* Pointer to response header iovec */
91
	struct iovec tvc_resp_iov;
M
Michael S. Tsirkin 已提交
92 93 94 95 96
	/* Pointer to vhost_scsi for our device */
	struct vhost_scsi *tvc_vhost;
	/* Pointer to vhost_virtqueue for the cmd */
	struct vhost_virtqueue *tvc_vq;
	/* Pointer to vhost nexus memory */
97
	struct vhost_scsi_nexus *tvc_nexus;
M
Michael S. Tsirkin 已提交
98 99
	/* The TCM I/O descriptor that is accessed via container_of() */
	struct se_cmd tvc_se_cmd;
100
	/* work item used for cmwq dispatch to vhost_scsi_submission_work() */
M
Michael S. Tsirkin 已提交
101 102
	struct work_struct work;
	/* Copy of the incoming SCSI command descriptor block (CDB) */
103
	unsigned char tvc_cdb[VHOST_SCSI_MAX_CDB_SIZE];
M
Michael S. Tsirkin 已提交
104 105 106 107 108 109 110 111
	/* Sense buffer that will be mapped into outgoing status */
	unsigned char tvc_sense_buf[TRANSPORT_SENSE_BUFFER];
	/* Completed commands list, serviced from vhost worker thread */
	struct llist_node tvc_completion_list;
	/* Used to track inflight cmd */
	struct vhost_scsi_inflight *inflight;
};

112
struct vhost_scsi_nexus {
M
Michael S. Tsirkin 已提交
113 114 115 116
	/* Pointer to TCM session for I_T Nexus */
	struct se_session *tvn_se_sess;
};

117
struct vhost_scsi_tpg {
M
Michael S. Tsirkin 已提交
118 119 120 121 122 123
	/* Vhost port target portal group tag for TCM */
	u16 tport_tpgt;
	/* Used to track number of TPG Port/Lun Links wrt to explict I_T Nexus shutdown */
	int tv_tpg_port_count;
	/* Used for vhost_scsi device reference to tpg_nexus, protected by tv_tpg_mutex */
	int tv_tpg_vhost_count;
124 125
	/* Used for enabling T10-PI with legacy devices */
	int tv_fabric_prot_type;
126
	/* list for vhost_scsi_list */
M
Michael S. Tsirkin 已提交
127 128 129 130
	struct list_head tv_tpg_list;
	/* Used to protect access for tpg_nexus */
	struct mutex tv_tpg_mutex;
	/* Pointer to the TCM VHost I_T Nexus for this TPG endpoint */
131 132 133 134
	struct vhost_scsi_nexus *tpg_nexus;
	/* Pointer back to vhost_scsi_tport */
	struct vhost_scsi_tport *tport;
	/* Returned by vhost_scsi_make_tpg() */
M
Michael S. Tsirkin 已提交
135 136 137 138 139
	struct se_portal_group se_tpg;
	/* Pointer back to vhost_scsi, protected by tv_tpg_mutex */
	struct vhost_scsi *vhost_scsi;
};

140
struct vhost_scsi_tport {
M
Michael S. Tsirkin 已提交
141 142 143 144 145
	/* SCSI protocol the tport is providing */
	u8 tport_proto_id;
	/* Binary World Wide unique Port Name for Vhost Target port */
	u64 tport_wwpn;
	/* ASCII formatted WWPN for Vhost Target port */
146 147
	char tport_name[VHOST_SCSI_NAMELEN];
	/* Returned by vhost_scsi_make_tport() */
M
Michael S. Tsirkin 已提交
148 149 150
	struct se_wwn tport_wwn;
};

151
struct vhost_scsi_evt {
M
Michael S. Tsirkin 已提交
152 153 154 155 156
	/* event to be sent to guest */
	struct virtio_scsi_event event;
	/* event list, serviced from vhost worker thread */
	struct llist_node list;
};
157

158 159 160 161 162 163
enum {
	VHOST_SCSI_VQ_CTL = 0,
	VHOST_SCSI_VQ_EVT = 1,
	VHOST_SCSI_VQ_IO = 2,
};

164
/* Note: can't set VIRTIO_F_VERSION_1 yet, since that implies ANY_LAYOUT. */
165
enum {
166
	VHOST_SCSI_FEATURES = VHOST_FEATURES | (1ULL << VIRTIO_SCSI_F_HOTPLUG) |
167
					       (1ULL << VIRTIO_SCSI_F_T10_PI)
168 169
};

A
Asias He 已提交
170 171
#define VHOST_SCSI_MAX_TARGET	256
#define VHOST_SCSI_MAX_VQ	128
172
#define VHOST_SCSI_MAX_EVENT	128
A
Asias He 已提交
173

174 175
struct vhost_scsi_virtqueue {
	struct vhost_virtqueue vq;
176 177 178 179 180
	/*
	 * Reference counting for inflight reqs, used for flush operation. At
	 * each time, one reference tracks new commands submitted, while we
	 * wait for another one to reach 0.
	 */
181
	struct vhost_scsi_inflight inflights[2];
182 183 184 185
	/*
	 * Indicate current inflight in use, protected by vq->mutex.
	 * Writers must also take dev mutex and flush under it.
	 */
186
	int inflight_idx;
187 188
};

189
struct vhost_scsi {
A
Asias He 已提交
190
	/* Protected by vhost_scsi->dev.mutex */
191
	struct vhost_scsi_tpg **vs_tpg;
A
Asias He 已提交
192 193
	char vs_vhost_wwpn[TRANSPORT_IQN_LEN];

194
	struct vhost_dev dev;
195
	struct vhost_scsi_virtqueue vqs[VHOST_SCSI_MAX_VQ];
196 197

	struct vhost_work vs_completion_work; /* cmd completion work item */
198
	struct llist_head vs_completion_list; /* cmd completion queue */
199 200 201 202 203 204

	struct vhost_work vs_event_work; /* evt injection work item */
	struct llist_head vs_event_list; /* evt injection queue */

	bool vs_events_missed; /* any missed events, protected by vq->mutex */
	int vs_events_nr; /* num of pending events, protected by vq->mutex */
205 206
};

207
static struct workqueue_struct *vhost_scsi_workqueue;
208

209 210 211
/* Global spinlock to protect vhost_scsi TPG list for vhost IOCTL access */
static DEFINE_MUTEX(vhost_scsi_mutex);
static LIST_HEAD(vhost_scsi_list);
212

213
static void vhost_scsi_done_inflight(struct kref *kref)
214 215 216 217 218 219 220
{
	struct vhost_scsi_inflight *inflight;

	inflight = container_of(kref, struct vhost_scsi_inflight, kref);
	complete(&inflight->comp);
}

221
static void vhost_scsi_init_inflight(struct vhost_scsi *vs,
222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248
				    struct vhost_scsi_inflight *old_inflight[])
{
	struct vhost_scsi_inflight *new_inflight;
	struct vhost_virtqueue *vq;
	int idx, i;

	for (i = 0; i < VHOST_SCSI_MAX_VQ; i++) {
		vq = &vs->vqs[i].vq;

		mutex_lock(&vq->mutex);

		/* store old infight */
		idx = vs->vqs[i].inflight_idx;
		if (old_inflight)
			old_inflight[i] = &vs->vqs[i].inflights[idx];

		/* setup new infight */
		vs->vqs[i].inflight_idx = idx ^ 1;
		new_inflight = &vs->vqs[i].inflights[idx ^ 1];
		kref_init(&new_inflight->kref);
		init_completion(&new_inflight->comp);

		mutex_unlock(&vq->mutex);
	}
}

static struct vhost_scsi_inflight *
249
vhost_scsi_get_inflight(struct vhost_virtqueue *vq)
250 251 252 253 254 255 256 257 258 259 260
{
	struct vhost_scsi_inflight *inflight;
	struct vhost_scsi_virtqueue *svq;

	svq = container_of(vq, struct vhost_scsi_virtqueue, vq);
	inflight = &svq->inflights[svq->inflight_idx];
	kref_get(&inflight->kref);

	return inflight;
}

261
static void vhost_scsi_put_inflight(struct vhost_scsi_inflight *inflight)
262
{
263
	kref_put(&inflight->kref, vhost_scsi_done_inflight);
264 265
}

266
static int vhost_scsi_check_true(struct se_portal_group *se_tpg)
267 268 269 270
{
	return 1;
}

271
static int vhost_scsi_check_false(struct se_portal_group *se_tpg)
272 273 274 275
{
	return 0;
}

276
static char *vhost_scsi_get_fabric_name(void)
277 278 279 280
{
	return "vhost";
}

281
static char *vhost_scsi_get_fabric_wwn(struct se_portal_group *se_tpg)
282
{
283 284 285
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
	struct vhost_scsi_tport *tport = tpg->tport;
286 287 288 289

	return &tport->tport_name[0];
}

290
static u16 vhost_scsi_get_tpgt(struct se_portal_group *se_tpg)
291
{
292 293
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
294 295 296
	return tpg->tport_tpgt;
}

297 298 299 300 301 302 303 304
static int vhost_scsi_check_prot_fabric_only(struct se_portal_group *se_tpg)
{
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);

	return tpg->tv_fabric_prot_type;
}

305
static u32 vhost_scsi_tpg_get_inst_index(struct se_portal_group *se_tpg)
306 307 308 309
{
	return 1;
}

310
static void vhost_scsi_release_cmd(struct se_cmd *se_cmd)
311
{
312 313
	struct vhost_scsi_cmd *tv_cmd = container_of(se_cmd,
				struct vhost_scsi_cmd, tvc_se_cmd);
314
	struct se_session *se_sess = tv_cmd->tvc_nexus->tvn_se_sess;
315
	int i;
316 317 318 319

	if (tv_cmd->tvc_sgl_count) {
		for (i = 0; i < tv_cmd->tvc_sgl_count; i++)
			put_page(sg_page(&tv_cmd->tvc_sgl[i]));
320
	}
321 322 323 324
	if (tv_cmd->tvc_prot_sgl_count) {
		for (i = 0; i < tv_cmd->tvc_prot_sgl_count; i++)
			put_page(sg_page(&tv_cmd->tvc_prot_sgl[i]));
	}
325

326
	vhost_scsi_put_inflight(tv_cmd->inflight);
327
	target_free_tag(se_sess, se_cmd);
328 329
}

330
static u32 vhost_scsi_sess_get_index(struct se_session *se_sess)
331 332 333 334
{
	return 0;
}

335
static int vhost_scsi_write_pending(struct se_cmd *se_cmd)
336 337 338 339 340 341
{
	/* Go ahead and process the write immediately */
	target_execute_cmd(se_cmd);
	return 0;
}

342
static int vhost_scsi_write_pending_status(struct se_cmd *se_cmd)
343 344 345 346
{
	return 0;
}

347
static void vhost_scsi_set_default_node_attrs(struct se_node_acl *nacl)
348 349 350 351
{
	return;
}

352
static int vhost_scsi_get_cmd_state(struct se_cmd *se_cmd)
353 354 355 356
{
	return 0;
}

357
static void vhost_scsi_complete_cmd(struct vhost_scsi_cmd *cmd)
358
{
359
	struct vhost_scsi *vs = cmd->tvc_vhost;
360

361
	llist_add(&cmd->tvc_completion_list, &vs->vs_completion_list);
362 363 364

	vhost_work_queue(&vs->dev, &vs->vs_completion_work);
}
365

366
static int vhost_scsi_queue_data_in(struct se_cmd *se_cmd)
367
{
368 369
	struct vhost_scsi_cmd *cmd = container_of(se_cmd,
				struct vhost_scsi_cmd, tvc_se_cmd);
370
	vhost_scsi_complete_cmd(cmd);
371 372 373
	return 0;
}

374
static int vhost_scsi_queue_status(struct se_cmd *se_cmd)
375
{
376 377
	struct vhost_scsi_cmd *cmd = container_of(se_cmd,
				struct vhost_scsi_cmd, tvc_se_cmd);
378
	vhost_scsi_complete_cmd(cmd);
379 380 381
	return 0;
}

382
static void vhost_scsi_queue_tm_rsp(struct se_cmd *se_cmd)
383
{
384
	return;
385 386
}

387
static void vhost_scsi_aborted_task(struct se_cmd *se_cmd)
388 389 390 391
{
	return;
}

392
static void vhost_scsi_free_evt(struct vhost_scsi *vs, struct vhost_scsi_evt *evt)
393 394 395 396 397
{
	vs->vs_events_nr--;
	kfree(evt);
}

398 399
static struct vhost_scsi_evt *
vhost_scsi_allocate_evt(struct vhost_scsi *vs,
400
		       u32 event, u32 reason)
401
{
402
	struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
403
	struct vhost_scsi_evt *evt;
404 405 406 407 408 409 410 411

	if (vs->vs_events_nr > VHOST_SCSI_MAX_EVENT) {
		vs->vs_events_missed = true;
		return NULL;
	}

	evt = kzalloc(sizeof(*evt), GFP_KERNEL);
	if (!evt) {
412
		vq_err(vq, "Failed to allocate vhost_scsi_evt\n");
413 414 415 416
		vs->vs_events_missed = true;
		return NULL;
	}

417 418
	evt->event.event = cpu_to_vhost32(vq, event);
	evt->event.reason = cpu_to_vhost32(vq, reason);
419 420 421 422 423
	vs->vs_events_nr++;

	return evt;
}

424
static void vhost_scsi_free_cmd(struct vhost_scsi_cmd *cmd)
425
{
426
	struct se_cmd *se_cmd = &cmd->tvc_se_cmd;
427 428

	/* TODO locking against target/backend threads? */
429
	transport_generic_free_cmd(se_cmd, 0);
430

431
}
432

433 434
static int vhost_scsi_check_stop_free(struct se_cmd *se_cmd)
{
435
	return target_put_sess_cmd(se_cmd);
436 437
}

438
static void
439
vhost_scsi_do_evt_work(struct vhost_scsi *vs, struct vhost_scsi_evt *evt)
440
{
441
	struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
442 443 444 445 446 447 448 449 450 451 452 453
	struct virtio_scsi_event *event = &evt->event;
	struct virtio_scsi_event __user *eventp;
	unsigned out, in;
	int head, ret;

	if (!vq->private_data) {
		vs->vs_events_missed = true;
		return;
	}

again:
	vhost_disable_notify(&vs->dev, vq);
454
	head = vhost_get_vq_desc(vq, vq->iov,
455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475
			ARRAY_SIZE(vq->iov), &out, &in,
			NULL, NULL);
	if (head < 0) {
		vs->vs_events_missed = true;
		return;
	}
	if (head == vq->num) {
		if (vhost_enable_notify(&vs->dev, vq))
			goto again;
		vs->vs_events_missed = true;
		return;
	}

	if ((vq->iov[out].iov_len != sizeof(struct virtio_scsi_event))) {
		vq_err(vq, "Expecting virtio_scsi_event, got %zu bytes\n",
				vq->iov[out].iov_len);
		vs->vs_events_missed = true;
		return;
	}

	if (vs->vs_events_missed) {
476
		event->event |= cpu_to_vhost32(vq, VIRTIO_SCSI_T_EVENTS_MISSED);
477 478 479 480 481 482 483 484
		vs->vs_events_missed = false;
	}

	eventp = vq->iov[out].iov_base;
	ret = __copy_to_user(eventp, event, sizeof(*event));
	if (!ret)
		vhost_add_used_and_signal(&vs->dev, vq, head, 0);
	else
485
		vq_err(vq, "Faulted on vhost_scsi_send_event\n");
486 487
}

488
static void vhost_scsi_evt_work(struct vhost_work *work)
489 490 491
{
	struct vhost_scsi *vs = container_of(work, struct vhost_scsi,
					vs_event_work);
492
	struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
493
	struct vhost_scsi_evt *evt, *t;
494 495 496 497
	struct llist_node *llnode;

	mutex_lock(&vq->mutex);
	llnode = llist_del_all(&vs->vs_event_list);
498
	llist_for_each_entry_safe(evt, t, llnode, list) {
499 500
		vhost_scsi_do_evt_work(vs, evt);
		vhost_scsi_free_evt(vs, evt);
501 502 503 504
	}
	mutex_unlock(&vq->mutex);
}

505 506 507 508 509 510 511 512 513
/* Fill in status and signal that we are done processing this command
 *
 * This is scheduled in the vhost work queue so we are called with the owner
 * process mm and can access the vring.
 */
static void vhost_scsi_complete_cmd_work(struct vhost_work *work)
{
	struct vhost_scsi *vs = container_of(work, struct vhost_scsi,
					vs_completion_work);
A
Asias He 已提交
514
	DECLARE_BITMAP(signal, VHOST_SCSI_MAX_VQ);
515
	struct virtio_scsi_cmd_resp v_rsp;
516
	struct vhost_scsi_cmd *cmd, *t;
517 518
	struct llist_node *llnode;
	struct se_cmd *se_cmd;
519
	struct iov_iter iov_iter;
A
Asias He 已提交
520
	int ret, vq;
521

A
Asias He 已提交
522
	bitmap_zero(signal, VHOST_SCSI_MAX_VQ);
523
	llnode = llist_del_all(&vs->vs_completion_list);
524
	llist_for_each_entry_safe(cmd, t, llnode, tvc_completion_list) {
525
		se_cmd = &cmd->tvc_se_cmd;
526 527

		pr_debug("%s tv_cmd %p resid %u status %#02x\n", __func__,
528
			cmd, se_cmd->residual_count, se_cmd->scsi_status);
529 530

		memset(&v_rsp, 0, sizeof(v_rsp));
531
		v_rsp.resid = cpu_to_vhost32(cmd->tvc_vq, se_cmd->residual_count);
532 533
		/* TODO is status_qualifier field needed? */
		v_rsp.status = se_cmd->scsi_status;
534 535
		v_rsp.sense_len = cpu_to_vhost32(cmd->tvc_vq,
						 se_cmd->scsi_sense_length);
536
		memcpy(v_rsp.sense, cmd->tvc_sense_buf,
537
		       se_cmd->scsi_sense_length);
538

539
		iov_iter_init(&iov_iter, READ, &cmd->tvc_resp_iov,
540 541 542
			      cmd->tvc_in_iovs, sizeof(v_rsp));
		ret = copy_to_iter(&v_rsp, sizeof(v_rsp), &iov_iter);
		if (likely(ret == sizeof(v_rsp))) {
543
			struct vhost_scsi_virtqueue *q;
544 545
			vhost_add_used(cmd->tvc_vq, cmd->tvc_vq_desc, 0);
			q = container_of(cmd->tvc_vq, struct vhost_scsi_virtqueue, vq);
546
			vq = q - vs->vqs;
A
Asias He 已提交
547 548
			__set_bit(vq, signal);
		} else
549 550
			pr_err("Faulted on virtio_scsi_cmd_resp\n");

551
		vhost_scsi_free_cmd(cmd);
552 553
	}

A
Asias He 已提交
554 555 556
	vq = -1;
	while ((vq = find_next_bit(signal, VHOST_SCSI_MAX_VQ, vq + 1))
		< VHOST_SCSI_MAX_VQ)
557
		vhost_signal(&vs->dev, &vs->vqs[vq].vq);
558 559
}

560 561
static struct vhost_scsi_cmd *
vhost_scsi_get_tag(struct vhost_virtqueue *vq, struct vhost_scsi_tpg *tpg,
562 563
		   unsigned char *cdb, u64 scsi_tag, u16 lun, u8 task_attr,
		   u32 exp_data_len, int data_direction)
564
{
565 566
	struct vhost_scsi_cmd *cmd;
	struct vhost_scsi_nexus *tv_nexus;
567
	struct se_session *se_sess;
568
	struct scatterlist *sg, *prot_sg;
569
	struct page **pages;
570
	int tag;
571

572
	tv_nexus = tpg->tpg_nexus;
573
	if (!tv_nexus) {
574
		pr_err("Unable to locate active struct vhost_scsi_nexus\n");
575 576
		return ERR_PTR(-EIO);
	}
577
	se_sess = tv_nexus->tvn_se_sess;
578

579
	tag = percpu_ida_alloc(&se_sess->sess_tag_pool, TASK_RUNNING);
580
	if (tag < 0) {
581
		pr_err("Unable to obtain tag for vhost_scsi_cmd\n");
582 583 584
		return ERR_PTR(-ENOMEM);
	}

585
	cmd = &((struct vhost_scsi_cmd *)se_sess->sess_cmd_map)[tag];
586
	sg = cmd->tvc_sgl;
587
	prot_sg = cmd->tvc_prot_sgl;
588
	pages = cmd->tvc_upages;
589
	memset(cmd, 0, sizeof(*cmd));
590
	cmd->tvc_sgl = sg;
591
	cmd->tvc_prot_sgl = prot_sg;
592
	cmd->tvc_upages = pages;
593
	cmd->tvc_se_cmd.map_tag = tag;
594 595 596
	cmd->tvc_tag = scsi_tag;
	cmd->tvc_lun = lun;
	cmd->tvc_task_attr = task_attr;
597 598 599
	cmd->tvc_exp_data_len = exp_data_len;
	cmd->tvc_data_direction = data_direction;
	cmd->tvc_nexus = tv_nexus;
600
	cmd->inflight = vhost_scsi_get_inflight(vq);
601

602
	memcpy(cmd->tvc_cdb, cdb, VHOST_SCSI_MAX_CDB_SIZE);
603

604
	return cmd;
605 606 607 608 609 610 611
}

/*
 * Map a user memory range into a scatterlist
 *
 * Returns the number of scatterlist entries used or -errno on error.
 */
612
static int
613
vhost_scsi_map_to_sgl(struct vhost_scsi_cmd *cmd,
614
		      struct iov_iter *iter,
615
		      struct scatterlist *sgl,
616
		      bool write)
617
{
618
	struct page **pages = cmd->tvc_upages;
619 620 621 622
	struct scatterlist *sg = sgl;
	ssize_t bytes;
	size_t offset;
	unsigned int npages = 0;
623

624 625
	bytes = iov_iter_get_pages(iter, pages, LONG_MAX,
				VHOST_SCSI_PREALLOC_UPAGES, &offset);
626
	/* No pages were pinned */
627 628
	if (bytes <= 0)
		return bytes < 0 ? bytes : -EFAULT;
629

630
	iov_iter_advance(iter, bytes);
631

632 633 634 635 636 637 638
	while (bytes) {
		unsigned n = min_t(unsigned, PAGE_SIZE - offset, bytes);
		sg_set_page(sg++, pages[npages++], n, offset);
		bytes -= n;
		offset = 0;
	}
	return npages;
639 640
}

641
static int
642
vhost_scsi_calc_sgls(struct iov_iter *iter, size_t bytes, int max_sgls)
643
{
644
	int sgl_count = 0;
645

646 647 648 649 650
	if (!iter || !iter->iov) {
		pr_err("%s: iter->iov is NULL, but expected bytes: %zu"
		       " present\n", __func__, bytes);
		return -EINVAL;
	}
651

652 653 654 655 656
	sgl_count = iov_iter_npages(iter, 0xffff);
	if (sgl_count > max_sgls) {
		pr_err("%s: requested sgl_count: %d exceeds pre-allocated"
		       " max_sgls: %d\n", __func__, sgl_count, max_sgls);
		return -EINVAL;
657
	}
658 659
	return sgl_count;
}
660

661
static int
662 663 664
vhost_scsi_iov_to_sgl(struct vhost_scsi_cmd *cmd, bool write,
		      struct iov_iter *iter,
		      struct scatterlist *sg, int sg_count)
665
{
666
	struct scatterlist *p = sg;
667
	int ret;
668

669 670
	while (iov_iter_count(iter)) {
		ret = vhost_scsi_map_to_sgl(cmd, iter, sg, write);
671
		if (ret < 0) {
672 673
			while (p < sg) {
				struct page *page = sg_page(p++);
674 675 676
				if (page)
					put_page(page);
			}
677 678 679 680 681 682 683
			return ret;
		}
		sg += ret;
	}
	return 0;
}

684
static int
685
vhost_scsi_mapal(struct vhost_scsi_cmd *cmd,
686 687 688 689 690 691 692 693
		 size_t prot_bytes, struct iov_iter *prot_iter,
		 size_t data_bytes, struct iov_iter *data_iter)
{
	int sgl_count, ret;
	bool write = (cmd->tvc_data_direction == DMA_FROM_DEVICE);

	if (prot_bytes) {
		sgl_count = vhost_scsi_calc_sgls(prot_iter, prot_bytes,
694
						 VHOST_SCSI_PREALLOC_PROT_SGLS);
695 696 697 698 699 700 701 702 703 704 705
		if (sgl_count < 0)
			return sgl_count;

		sg_init_table(cmd->tvc_prot_sgl, sgl_count);
		cmd->tvc_prot_sgl_count = sgl_count;
		pr_debug("%s prot_sg %p prot_sgl_count %u\n", __func__,
			 cmd->tvc_prot_sgl, cmd->tvc_prot_sgl_count);

		ret = vhost_scsi_iov_to_sgl(cmd, write, prot_iter,
					    cmd->tvc_prot_sgl,
					    cmd->tvc_prot_sgl_count);
706 707 708 709
		if (ret < 0) {
			cmd->tvc_prot_sgl_count = 0;
			return ret;
		}
710 711
	}
	sgl_count = vhost_scsi_calc_sgls(data_iter, data_bytes,
712
					 VHOST_SCSI_PREALLOC_SGLS);
713 714 715 716 717 718 719 720 721 722 723 724 725
	if (sgl_count < 0)
		return sgl_count;

	sg_init_table(cmd->tvc_sgl, sgl_count);
	cmd->tvc_sgl_count = sgl_count;
	pr_debug("%s data_sg %p data_sgl_count %u\n", __func__,
		  cmd->tvc_sgl, cmd->tvc_sgl_count);

	ret = vhost_scsi_iov_to_sgl(cmd, write, data_iter,
				    cmd->tvc_sgl, cmd->tvc_sgl_count);
	if (ret < 0) {
		cmd->tvc_sgl_count = 0;
		return ret;
726 727 728 729
	}
	return 0;
}

730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746
static int vhost_scsi_to_tcm_attr(int attr)
{
	switch (attr) {
	case VIRTIO_SCSI_S_SIMPLE:
		return TCM_SIMPLE_TAG;
	case VIRTIO_SCSI_S_ORDERED:
		return TCM_ORDERED_TAG;
	case VIRTIO_SCSI_S_HEAD:
		return TCM_HEAD_TAG;
	case VIRTIO_SCSI_S_ACA:
		return TCM_ACA_TAG;
	default:
		break;
	}
	return TCM_SIMPLE_TAG;
}

747
static void vhost_scsi_submission_work(struct work_struct *work)
748
{
749 750 751
	struct vhost_scsi_cmd *cmd =
		container_of(work, struct vhost_scsi_cmd, work);
	struct vhost_scsi_nexus *tv_nexus;
752
	struct se_cmd *se_cmd = &cmd->tvc_se_cmd;
753 754
	struct scatterlist *sg_ptr, *sg_prot_ptr = NULL;
	int rc;
755

756
	/* FIXME: BIDI operation */
757 758
	if (cmd->tvc_sgl_count) {
		sg_ptr = cmd->tvc_sgl;
759 760 761 762 763

		if (cmd->tvc_prot_sgl_count)
			sg_prot_ptr = cmd->tvc_prot_sgl;
		else
			se_cmd->prot_pto = true;
764 765 766
	} else {
		sg_ptr = NULL;
	}
767
	tv_nexus = cmd->tvc_nexus;
768

769
	se_cmd->tag = 0;
770
	rc = target_submit_cmd_map_sgls(se_cmd, tv_nexus->tvn_se_sess,
771 772
			cmd->tvc_cdb, &cmd->tvc_sense_buf[0],
			cmd->tvc_lun, cmd->tvc_exp_data_len,
773 774 775 776
			vhost_scsi_to_tcm_attr(cmd->tvc_task_attr),
			cmd->tvc_data_direction, TARGET_SCF_ACK_KREF,
			sg_ptr, cmd->tvc_sgl_count, NULL, 0, sg_prot_ptr,
			cmd->tvc_prot_sgl_count);
777 778
	if (rc < 0) {
		transport_send_check_condition_and_sense(se_cmd,
779
				TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE, 0);
780 781 782 783
		transport_generic_free_cmd(se_cmd, 0);
	}
}

784 785 786 787
static void
vhost_scsi_send_bad_target(struct vhost_scsi *vs,
			   struct vhost_virtqueue *vq,
			   int head, unsigned out)
788 789 790 791 792 793 794 795 796 797 798 799 800 801 802
{
	struct virtio_scsi_cmd_resp __user *resp;
	struct virtio_scsi_cmd_resp rsp;
	int ret;

	memset(&rsp, 0, sizeof(rsp));
	rsp.response = VIRTIO_SCSI_S_BAD_TARGET;
	resp = vq->iov[out].iov_base;
	ret = __copy_to_user(resp, &rsp, sizeof(rsp));
	if (!ret)
		vhost_add_used_and_signal(&vs->dev, vq, head, 0);
	else
		pr_err("Faulted on virtio_scsi_cmd_resp\n");
}

803 804
static void
vhost_scsi_handle_vq(struct vhost_scsi *vs, struct vhost_virtqueue *vq)
805
{
806
	struct vhost_scsi_tpg **vs_tpg, *tpg;
807
	struct virtio_scsi_cmd_req v_req;
808
	struct virtio_scsi_cmd_req_pi v_req_pi;
809
	struct vhost_scsi_cmd *cmd;
810
	struct iov_iter out_iter, in_iter, prot_iter, data_iter;
811
	u64 tag;
812
	u32 exp_data_len, data_direction;
813
	unsigned int out = 0, in = 0;
814 815 816
	int head, ret, prot_bytes;
	size_t req_size, rsp_size = sizeof(struct virtio_scsi_cmd_resp);
	size_t out_size, in_size;
817 818
	u16 lun;
	u8 *target, *lunp, task_attr;
819
	bool t10_pi = vhost_has_feature(vq, VIRTIO_SCSI_F_T10_PI);
820
	void *req, *cdb;
821

822
	mutex_lock(&vq->mutex);
823 824 825 826
	/*
	 * We can handle the vq only after the endpoint is setup by calling the
	 * VHOST_SCSI_SET_ENDPOINT ioctl.
	 */
827
	vs_tpg = vq->private_data;
828
	if (!vs_tpg)
829
		goto out;
830 831 832 833

	vhost_disable_notify(&vs->dev, vq);

	for (;;) {
834
		head = vhost_get_vq_desc(vq, vq->iov,
835 836
					 ARRAY_SIZE(vq->iov), &out, &in,
					 NULL, NULL);
837
		pr_debug("vhost_get_vq_desc: head: %d, out: %u in: %u\n",
838
			 head, out, in);
839 840 841 842 843 844 845 846 847 848 849 850
		/* On error, stop handling until the next kick. */
		if (unlikely(head < 0))
			break;
		/* Nothing new?  Wait for eventfd to tell us they refilled. */
		if (head == vq->num) {
			if (unlikely(vhost_enable_notify(&vs->dev, vq))) {
				vhost_disable_notify(&vs->dev, vq);
				continue;
			}
			break;
		}
		/*
851 852
		 * Check for a sane response buffer so we can report early
		 * errors back to the guest.
853
		 */
854 855 856
		if (unlikely(vq->iov[out].iov_len < rsp_size)) {
			vq_err(vq, "Expecting at least virtio_scsi_cmd_resp"
				" size, got %zu bytes\n", vq->iov[out].iov_len);
857 858
			break;
		}
859 860 861 862 863
		/*
		 * Setup pointers and values based upon different virtio-scsi
		 * request header if T10_PI is enabled in KVM guest.
		 */
		if (t10_pi) {
864
			req = &v_req_pi;
865
			req_size = sizeof(v_req_pi);
866 867 868 869
			lunp = &v_req_pi.lun[0];
			target = &v_req_pi.lun[1];
		} else {
			req = &v_req;
870
			req_size = sizeof(v_req);
871 872 873
			lunp = &v_req.lun[0];
			target = &v_req.lun[1];
		}
874 875 876 877 878
		/*
		 * FIXME: Not correct for BIDI operation
		 */
		out_size = iov_length(vq->iov, out);
		in_size = iov_length(&vq->iov[out], in);
879

880 881 882 883 884 885 886 887 888 889 890
		/*
		 * Copy over the virtio-scsi request header, which for a
		 * ANY_LAYOUT enabled guest may span multiple iovecs, or a
		 * single iovec may contain both the header + outgoing
		 * WRITE payloads.
		 *
		 * copy_from_iter() will advance out_iter, so that it will
		 * point at the start of the outgoing WRITE payload, if
		 * DMA_TO_DEVICE is set.
		 */
		iov_iter_init(&out_iter, WRITE, vq->iov, out, out_size);
891

892
		if (unlikely(!copy_from_iter_full(req, req_size, &out_iter))) {
893
			vq_err(vq, "Faulted on copy_from_iter\n");
894 895
			vhost_scsi_send_bad_target(vs, vq, head, out);
			continue;
896
		}
897
		/* virtio-scsi spec requires byte 0 of the lun to be 1 */
898
		if (unlikely(*lunp != 1)) {
899
			vq_err(vq, "Illegal virtio-scsi lun: %u\n", *lunp);
900 901 902 903
			vhost_scsi_send_bad_target(vs, vq, head, out);
			continue;
		}

904
		tpg = READ_ONCE(vs_tpg[*target]);
905
		if (unlikely(!tpg)) {
906
			/* Target does not exist, fail the request */
907
			vhost_scsi_send_bad_target(vs, vq, head, out);
A
Asias He 已提交
908 909
			continue;
		}
910
		/*
911 912 913
		 * Determine data_direction by calculating the total outgoing
		 * iovec sizes + incoming iovec sizes vs. virtio-scsi request +
		 * response headers respectively.
914
		 *
915 916 917 918 919 920
		 * For DMA_TO_DEVICE this is out_iter, which is already pointing
		 * to the right place.
		 *
		 * For DMA_FROM_DEVICE, the iovec will be just past the end
		 * of the virtio-scsi response header in either the same
		 * or immediately following iovec.
921
		 *
922 923
		 * Any associated T10_PI bytes for the outgoing / incoming
		 * payloads are included in calculation of exp_data_len here.
924
		 */
925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946
		prot_bytes = 0;

		if (out_size > req_size) {
			data_direction = DMA_TO_DEVICE;
			exp_data_len = out_size - req_size;
			data_iter = out_iter;
		} else if (in_size > rsp_size) {
			data_direction = DMA_FROM_DEVICE;
			exp_data_len = in_size - rsp_size;

			iov_iter_init(&in_iter, READ, &vq->iov[out], in,
				      rsp_size + exp_data_len);
			iov_iter_advance(&in_iter, rsp_size);
			data_iter = in_iter;
		} else {
			data_direction = DMA_NONE;
			exp_data_len = 0;
		}
		/*
		 * If T10_PI header + payload is present, setup prot_iter values
		 * and recalculate data_iter for vhost_scsi_mapal() mapping to
		 * host scatterlists via get_user_pages_fast().
947
		 */
948
		if (t10_pi) {
949 950
			if (v_req_pi.pi_bytesout) {
				if (data_direction != DMA_TO_DEVICE) {
951 952
					vq_err(vq, "Received non zero pi_bytesout,"
						" but wrong data_direction\n");
953 954
					vhost_scsi_send_bad_target(vs, vq, head, out);
					continue;
955
				}
956
				prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesout);
957 958
			} else if (v_req_pi.pi_bytesin) {
				if (data_direction != DMA_FROM_DEVICE) {
959 960
					vq_err(vq, "Received non zero pi_bytesin,"
						" but wrong data_direction\n");
961 962
					vhost_scsi_send_bad_target(vs, vq, head, out);
					continue;
963
				}
964
				prot_bytes = vhost32_to_cpu(vq, v_req_pi.pi_bytesin);
965
			}
966 967 968 969 970 971 972
			/*
			 * Set prot_iter to data_iter, and advance past any
			 * preceeding prot_bytes that may be present.
			 *
			 * Also fix up the exp_data_len to reflect only the
			 * actual data payload length.
			 */
973
			if (prot_bytes) {
974 975 976
				exp_data_len -= prot_bytes;
				prot_iter = data_iter;
				iov_iter_advance(&data_iter, prot_bytes);
977
			}
978
			tag = vhost64_to_cpu(vq, v_req_pi.tag);
979 980 981 982
			task_attr = v_req_pi.task_attr;
			cdb = &v_req_pi.cdb[0];
			lun = ((v_req_pi.lun[2] << 8) | v_req_pi.lun[3]) & 0x3FFF;
		} else {
983
			tag = vhost64_to_cpu(vq, v_req.tag);
984 985 986 987 988
			task_attr = v_req.task_attr;
			cdb = &v_req.cdb[0];
			lun = ((v_req.lun[2] << 8) | v_req.lun[3]) & 0x3FFF;
		}
		/*
989 990 991
		 * Check that the received CDB size does not exceeded our
		 * hardcoded max for vhost-scsi, then get a pre-allocated
		 * cmd descriptor for the new virtio-scsi tag.
992 993 994
		 *
		 * TODO what if cdb was too small for varlen cdb header?
		 */
995
		if (unlikely(scsi_command_size(cdb) > VHOST_SCSI_MAX_CDB_SIZE)) {
996 997
			vq_err(vq, "Received SCSI CDB with command_size: %d that"
				" exceeds SCSI_MAX_VARLEN_CDB_SIZE: %d\n",
998
				scsi_command_size(cdb), VHOST_SCSI_MAX_CDB_SIZE);
999 1000
			vhost_scsi_send_bad_target(vs, vq, head, out);
			continue;
1001 1002
		}
		cmd = vhost_scsi_get_tag(vq, tpg, cdb, tag, lun, task_attr,
1003 1004
					 exp_data_len + prot_bytes,
					 data_direction);
1005
		if (IS_ERR(cmd)) {
1006
			vq_err(vq, "vhost_scsi_get_tag failed %ld\n",
1007
			       PTR_ERR(cmd));
1008 1009
			vhost_scsi_send_bad_target(vs, vq, head, out);
			continue;
1010
		}
1011 1012
		cmd->tvc_vhost = vs;
		cmd->tvc_vq = vq;
1013
		cmd->tvc_resp_iov = vq->iov[out];
1014
		cmd->tvc_in_iovs = in;
1015 1016

		pr_debug("vhost_scsi got command opcode: %#02x, lun: %d\n",
1017 1018 1019
			 cmd->tvc_cdb[0], cmd->tvc_lun);
		pr_debug("cmd: %p exp_data_len: %d, prot_bytes: %d data_direction:"
			 " %d\n", cmd, exp_data_len, prot_bytes, data_direction);
1020 1021

		if (data_direction != DMA_NONE) {
1022 1023 1024
			ret = vhost_scsi_mapal(cmd,
					       prot_bytes, &prot_iter,
					       exp_data_len, &data_iter);
1025 1026
			if (unlikely(ret)) {
				vq_err(vq, "Failed to map iov to sgl\n");
1027
				vhost_scsi_release_cmd(&cmd->tvc_se_cmd);
1028 1029
				vhost_scsi_send_bad_target(vs, vq, head, out);
				continue;
1030 1031 1032 1033 1034
			}
		}
		/*
		 * Save the descriptor from vhost_get_vq_desc() to be used to
		 * complete the virtio-scsi request in TCM callback context via
1035
		 * vhost_scsi_queue_data_in() and vhost_scsi_queue_status()
1036
		 */
1037
		cmd->tvc_vq_desc = head;
1038
		/*
1039 1040 1041 1042
		 * Dispatch cmd descriptor for cmwq execution in process
		 * context provided by vhost_scsi_workqueue.  This also ensures
		 * cmd is executed on the same kworker CPU as this vhost
		 * thread to gain positive L2 cache locality effects.
1043
		 */
1044 1045
		INIT_WORK(&cmd->work, vhost_scsi_submission_work);
		queue_work(vhost_scsi_workqueue, &cmd->work);
1046
	}
1047
out:
1048
	mutex_unlock(&vq->mutex);
1049 1050 1051 1052
}

static void vhost_scsi_ctl_handle_kick(struct vhost_work *work)
{
1053
	pr_debug("%s: The handling func for control queue.\n", __func__);
1054 1055
}

1056
static void
1057 1058
vhost_scsi_send_evt(struct vhost_scsi *vs,
		   struct vhost_scsi_tpg *tpg,
1059 1060 1061
		   struct se_lun *lun,
		   u32 event,
		   u32 reason)
1062
{
1063
	struct vhost_scsi_evt *evt;
1064

1065
	evt = vhost_scsi_allocate_evt(vs, event, reason);
1066 1067 1068 1069 1070 1071 1072 1073 1074 1075
	if (!evt)
		return;

	if (tpg && lun) {
		/* TODO: share lun setup code with virtio-scsi.ko */
		/*
		 * Note: evt->event is zeroed when we allocate it and
		 * lun[4-7] need to be zero according to virtio-scsi spec.
		 */
		evt->event.lun[0] = 0x01;
1076
		evt->event.lun[1] = tpg->tport_tpgt;
1077 1078 1079 1080 1081 1082 1083 1084 1085
		if (lun->unpacked_lun >= 256)
			evt->event.lun[2] = lun->unpacked_lun >> 8 | 0x40 ;
		evt->event.lun[3] = lun->unpacked_lun & 0xFF;
	}

	llist_add(&evt->list, &vs->vs_event_list);
	vhost_work_queue(&vs->dev, &vs->vs_event_work);
}

1086 1087
static void vhost_scsi_evt_handle_kick(struct vhost_work *work)
{
1088 1089 1090 1091 1092 1093 1094 1095 1096
	struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
						poll.work);
	struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);

	mutex_lock(&vq->mutex);
	if (!vq->private_data)
		goto out;

	if (vs->vs_events_missed)
1097
		vhost_scsi_send_evt(vs, NULL, NULL, VIRTIO_SCSI_T_NO_EVENT, 0);
1098 1099
out:
	mutex_unlock(&vq->mutex);
1100 1101 1102 1103 1104 1105 1106 1107
}

static void vhost_scsi_handle_kick(struct vhost_work *work)
{
	struct vhost_virtqueue *vq = container_of(work, struct vhost_virtqueue,
						poll.work);
	struct vhost_scsi *vs = container_of(vq->dev, struct vhost_scsi, dev);

A
Asias He 已提交
1108
	vhost_scsi_handle_vq(vs, vq);
1109 1110
}

1111 1112
static void vhost_scsi_flush_vq(struct vhost_scsi *vs, int index)
{
1113
	vhost_poll_flush(&vs->vqs[index].vq.poll);
1114 1115
}

1116
/* Callers must hold dev mutex */
1117 1118
static void vhost_scsi_flush(struct vhost_scsi *vs)
{
1119
	struct vhost_scsi_inflight *old_inflight[VHOST_SCSI_MAX_VQ];
1120 1121
	int i;

1122
	/* Init new inflight and remember the old inflight */
1123
	vhost_scsi_init_inflight(vs, old_inflight);
1124 1125 1126 1127 1128 1129 1130

	/*
	 * The inflight->kref was initialized to 1. We decrement it here to
	 * indicate the start of the flush operation so that it will reach 0
	 * when all the reqs are finished.
	 */
	for (i = 0; i < VHOST_SCSI_MAX_VQ; i++)
1131
		kref_put(&old_inflight[i]->kref, vhost_scsi_done_inflight);
1132 1133

	/* Flush both the vhost poll and vhost work */
1134 1135 1136
	for (i = 0; i < VHOST_SCSI_MAX_VQ; i++)
		vhost_scsi_flush_vq(vs, i);
	vhost_work_flush(&vs->dev, &vs->vs_completion_work);
1137
	vhost_work_flush(&vs->dev, &vs->vs_event_work);
1138 1139 1140 1141

	/* Wait for all reqs issued before the flush to be finished */
	for (i = 0; i < VHOST_SCSI_MAX_VQ; i++)
		wait_for_completion(&old_inflight[i]->comp);
1142 1143
}

1144 1145
/*
 * Called from vhost_scsi_ioctl() context to walk the list of available
1146
 * vhost_scsi_tpg with an active struct vhost_scsi_nexus
1147 1148
 *
 *  The lock nesting rule is:
1149
 *    vhost_scsi_mutex -> vs->dev.mutex -> tpg->tv_tpg_mutex -> vq->mutex
1150
 */
1151 1152 1153
static int
vhost_scsi_set_endpoint(struct vhost_scsi *vs,
			struct vhost_scsi_target *t)
1154
{
1155
	struct se_portal_group *se_tpg;
1156 1157 1158
	struct vhost_scsi_tport *tv_tport;
	struct vhost_scsi_tpg *tpg;
	struct vhost_scsi_tpg **vs_tpg;
1159 1160
	struct vhost_virtqueue *vq;
	int index, ret, i, len;
A
Asias He 已提交
1161
	bool match = false;
1162

1163
	mutex_lock(&vhost_scsi_mutex);
1164
	mutex_lock(&vs->dev.mutex);
1165

1166 1167 1168
	/* Verify that ring has been setup correctly. */
	for (index = 0; index < vs->dev.nvqs; ++index) {
		/* Verify that ring has been setup correctly. */
1169
		if (!vhost_vq_access_ok(&vs->vqs[index].vq)) {
1170 1171
			ret = -EFAULT;
			goto out;
1172 1173 1174
		}
	}

1175 1176 1177
	len = sizeof(vs_tpg[0]) * VHOST_SCSI_MAX_TARGET;
	vs_tpg = kzalloc(len, GFP_KERNEL);
	if (!vs_tpg) {
1178 1179
		ret = -ENOMEM;
		goto out;
1180 1181 1182 1183
	}
	if (vs->vs_tpg)
		memcpy(vs_tpg, vs->vs_tpg, len);

1184
	list_for_each_entry(tpg, &vhost_scsi_list, tv_tpg_list) {
1185 1186 1187
		mutex_lock(&tpg->tv_tpg_mutex);
		if (!tpg->tpg_nexus) {
			mutex_unlock(&tpg->tv_tpg_mutex);
1188 1189
			continue;
		}
1190 1191
		if (tpg->tv_tpg_vhost_count != 0) {
			mutex_unlock(&tpg->tv_tpg_mutex);
1192 1193
			continue;
		}
1194
		tv_tport = tpg->tport;
1195

A
Asias He 已提交
1196
		if (!strcmp(tv_tport->tport_name, t->vhost_wwpn)) {
1197
			if (vs->vs_tpg && vs->vs_tpg[tpg->tport_tpgt]) {
1198
				kfree(vs_tpg);
1199
				mutex_unlock(&tpg->tv_tpg_mutex);
1200 1201
				ret = -EEXIST;
				goto out;
1202
			}
1203 1204 1205 1206 1207 1208 1209
			/*
			 * In order to ensure individual vhost-scsi configfs
			 * groups cannot be removed while in use by vhost ioctl,
			 * go ahead and take an explicit se_tpg->tpg_group.cg_item
			 * dependency now.
			 */
			se_tpg = &tpg->se_tpg;
1210
			ret = target_depend_item(&se_tpg->tpg_group.cg_item);
1211 1212 1213 1214 1215 1216
			if (ret) {
				pr_warn("configfs_depend_item() failed: %d\n", ret);
				kfree(vs_tpg);
				mutex_unlock(&tpg->tv_tpg_mutex);
				goto out;
			}
1217 1218 1219
			tpg->tv_tpg_vhost_count++;
			tpg->vhost_scsi = vs;
			vs_tpg[tpg->tport_tpgt] = tpg;
1220
			smp_mb__after_atomic();
A
Asias He 已提交
1221
			match = true;
1222
		}
1223
		mutex_unlock(&tpg->tv_tpg_mutex);
1224
	}
A
Asias He 已提交
1225 1226 1227 1228

	if (match) {
		memcpy(vs->vs_vhost_wwpn, t->vhost_wwpn,
		       sizeof(vs->vs_vhost_wwpn));
1229
		for (i = 0; i < VHOST_SCSI_MAX_VQ; i++) {
1230
			vq = &vs->vqs[i].vq;
1231
			mutex_lock(&vq->mutex);
A
Asias He 已提交
1232
			vq->private_data = vs_tpg;
G
Greg Kurz 已提交
1233
			vhost_vq_init_access(vq);
1234 1235
			mutex_unlock(&vq->mutex);
		}
A
Asias He 已提交
1236 1237 1238 1239 1240
		ret = 0;
	} else {
		ret = -EEXIST;
	}

1241 1242 1243 1244 1245 1246 1247 1248
	/*
	 * Act as synchronize_rcu to make sure access to
	 * old vs->vs_tpg is finished.
	 */
	vhost_scsi_flush(vs);
	kfree(vs->vs_tpg);
	vs->vs_tpg = vs_tpg;

1249
out:
A
Asias He 已提交
1250
	mutex_unlock(&vs->dev.mutex);
1251
	mutex_unlock(&vhost_scsi_mutex);
A
Asias He 已提交
1252
	return ret;
1253 1254
}

1255 1256 1257
static int
vhost_scsi_clear_endpoint(struct vhost_scsi *vs,
			  struct vhost_scsi_target *t)
1258
{
1259
	struct se_portal_group *se_tpg;
1260 1261
	struct vhost_scsi_tport *tv_tport;
	struct vhost_scsi_tpg *tpg;
1262 1263
	struct vhost_virtqueue *vq;
	bool match = false;
A
Asias He 已提交
1264 1265
	int index, ret, i;
	u8 target;
1266

1267
	mutex_lock(&vhost_scsi_mutex);
1268 1269 1270
	mutex_lock(&vs->dev.mutex);
	/* Verify that ring has been setup correctly. */
	for (index = 0; index < vs->dev.nvqs; ++index) {
1271
		if (!vhost_vq_access_ok(&vs->vqs[index].vq)) {
1272
			ret = -EFAULT;
1273
			goto err_dev;
1274 1275
		}
	}
1276 1277

	if (!vs->vs_tpg) {
1278 1279
		ret = 0;
		goto err_dev;
1280 1281
	}

A
Asias He 已提交
1282 1283
	for (i = 0; i < VHOST_SCSI_MAX_TARGET; i++) {
		target = i;
1284 1285
		tpg = vs->vs_tpg[target];
		if (!tpg)
A
Asias He 已提交
1286 1287
			continue;

1288 1289
		mutex_lock(&tpg->tv_tpg_mutex);
		tv_tport = tpg->tport;
A
Asias He 已提交
1290 1291
		if (!tv_tport) {
			ret = -ENODEV;
1292
			goto err_tpg;
A
Asias He 已提交
1293 1294 1295
		}

		if (strcmp(tv_tport->tport_name, t->vhost_wwpn)) {
1296
			pr_warn("tv_tport->tport_name: %s, tpg->tport_tpgt: %hu"
A
Asias He 已提交
1297
				" does not match t->vhost_wwpn: %s, t->vhost_tpgt: %hu\n",
1298
				tv_tport->tport_name, tpg->tport_tpgt,
A
Asias He 已提交
1299 1300
				t->vhost_wwpn, t->vhost_tpgt);
			ret = -EINVAL;
1301
			goto err_tpg;
A
Asias He 已提交
1302
		}
1303 1304
		tpg->tv_tpg_vhost_count--;
		tpg->vhost_scsi = NULL;
A
Asias He 已提交
1305
		vs->vs_tpg[target] = NULL;
1306
		match = true;
1307
		mutex_unlock(&tpg->tv_tpg_mutex);
1308 1309 1310 1311 1312
		/*
		 * Release se_tpg->tpg_group.cg_item configfs dependency now
		 * to allow vhost-scsi WWPN se_tpg->tpg_group shutdown to occur.
		 */
		se_tpg = &tpg->se_tpg;
1313
		target_undepend_item(&se_tpg->tpg_group.cg_item);
1314
	}
1315 1316
	if (match) {
		for (i = 0; i < VHOST_SCSI_MAX_VQ; i++) {
1317
			vq = &vs->vqs[i].vq;
1318
			mutex_lock(&vq->mutex);
A
Asias He 已提交
1319
			vq->private_data = NULL;
1320 1321 1322 1323 1324 1325 1326 1327 1328 1329
			mutex_unlock(&vq->mutex);
		}
	}
	/*
	 * Act as synchronize_rcu to make sure access to
	 * old vs->vs_tpg is finished.
	 */
	vhost_scsi_flush(vs);
	kfree(vs->vs_tpg);
	vs->vs_tpg = NULL;
1330
	WARN_ON(vs->vs_events_nr);
1331
	mutex_unlock(&vs->dev.mutex);
1332
	mutex_unlock(&vhost_scsi_mutex);
1333
	return 0;
1334

1335
err_tpg:
1336
	mutex_unlock(&tpg->tv_tpg_mutex);
1337
err_dev:
1338
	mutex_unlock(&vs->dev.mutex);
1339
	mutex_unlock(&vhost_scsi_mutex);
1340
	return ret;
1341 1342
}

1343 1344
static int vhost_scsi_set_features(struct vhost_scsi *vs, u64 features)
{
1345 1346 1347
	struct vhost_virtqueue *vq;
	int i;

1348 1349 1350 1351 1352 1353 1354 1355 1356
	if (features & ~VHOST_SCSI_FEATURES)
		return -EOPNOTSUPP;

	mutex_lock(&vs->dev.mutex);
	if ((features & (1 << VHOST_F_LOG_ALL)) &&
	    !vhost_log_access_ok(&vs->dev)) {
		mutex_unlock(&vs->dev.mutex);
		return -EFAULT;
	}
1357 1358 1359 1360 1361 1362 1363

	for (i = 0; i < VHOST_SCSI_MAX_VQ; i++) {
		vq = &vs->vqs[i].vq;
		mutex_lock(&vq->mutex);
		vq->acked_features = features;
		mutex_unlock(&vq->mutex);
	}
1364 1365 1366 1367
	mutex_unlock(&vs->dev.mutex);
	return 0;
}

1368 1369
static int vhost_scsi_open(struct inode *inode, struct file *f)
{
1370
	struct vhost_scsi *vs;
1371
	struct vhost_virtqueue **vqs;
1372
	int r = -ENOMEM, i;
1373

1374
	vs = kzalloc(sizeof(*vs), GFP_KERNEL | __GFP_NOWARN | __GFP_RETRY_MAYFAIL);
1375 1376 1377 1378 1379
	if (!vs) {
		vs = vzalloc(sizeof(*vs));
		if (!vs)
			goto err_vs;
	}
1380

1381
	vqs = kmalloc_array(VHOST_SCSI_MAX_VQ, sizeof(*vqs), GFP_KERNEL);
1382 1383
	if (!vqs)
		goto err_vqs;
1384

1385
	vhost_work_init(&vs->vs_completion_work, vhost_scsi_complete_cmd_work);
1386
	vhost_work_init(&vs->vs_event_work, vhost_scsi_evt_work);
1387

1388 1389
	vs->vs_events_nr = 0;
	vs->vs_events_missed = false;
1390

1391 1392 1393 1394
	vqs[VHOST_SCSI_VQ_CTL] = &vs->vqs[VHOST_SCSI_VQ_CTL].vq;
	vqs[VHOST_SCSI_VQ_EVT] = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
	vs->vqs[VHOST_SCSI_VQ_CTL].vq.handle_kick = vhost_scsi_ctl_handle_kick;
	vs->vqs[VHOST_SCSI_VQ_EVT].vq.handle_kick = vhost_scsi_evt_handle_kick;
1395
	for (i = VHOST_SCSI_VQ_IO; i < VHOST_SCSI_MAX_VQ; i++) {
1396 1397
		vqs[i] = &vs->vqs[i].vq;
		vs->vqs[i].vq.handle_kick = vhost_scsi_handle_kick;
1398
	}
Z
Zhi Yong Wu 已提交
1399
	vhost_dev_init(&vs->dev, vqs, VHOST_SCSI_MAX_VQ);
1400

1401
	vhost_scsi_init_inflight(vs, NULL);
1402

1403
	f->private_data = vs;
1404
	return 0;
1405 1406

err_vqs:
1407
	kvfree(vs);
1408 1409
err_vs:
	return r;
1410 1411 1412 1413
}

static int vhost_scsi_release(struct inode *inode, struct file *f)
{
1414
	struct vhost_scsi *vs = f->private_data;
A
Asias He 已提交
1415
	struct vhost_scsi_target t;
1416

1417 1418 1419 1420 1421
	mutex_lock(&vs->dev.mutex);
	memcpy(t.vhost_wwpn, vs->vs_vhost_wwpn, sizeof(t.vhost_wwpn));
	mutex_unlock(&vs->dev.mutex);
	vhost_scsi_clear_endpoint(vs, &t);
	vhost_dev_stop(&vs->dev);
1422
	vhost_dev_cleanup(&vs->dev);
1423
	/* Jobs can re-queue themselves in evt kick handler. Do extra flush. */
1424 1425
	vhost_scsi_flush(vs);
	kfree(vs->dev.vqs);
1426
	kvfree(vs);
1427 1428 1429
	return 0;
}

1430 1431 1432 1433
static long
vhost_scsi_ioctl(struct file *f,
		 unsigned int ioctl,
		 unsigned long arg)
1434 1435 1436 1437 1438
{
	struct vhost_scsi *vs = f->private_data;
	struct vhost_scsi_target backend;
	void __user *argp = (void __user *)arg;
	u64 __user *featurep = argp;
1439 1440
	u32 __user *eventsp = argp;
	u32 events_missed;
1441
	u64 features;
1442
	int r, abi_version = VHOST_SCSI_ABI_VERSION;
1443
	struct vhost_virtqueue *vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
1444 1445 1446 1447 1448

	switch (ioctl) {
	case VHOST_SCSI_SET_ENDPOINT:
		if (copy_from_user(&backend, argp, sizeof backend))
			return -EFAULT;
1449 1450
		if (backend.reserved != 0)
			return -EOPNOTSUPP;
1451 1452 1453 1454 1455

		return vhost_scsi_set_endpoint(vs, &backend);
	case VHOST_SCSI_CLEAR_ENDPOINT:
		if (copy_from_user(&backend, argp, sizeof backend))
			return -EFAULT;
1456 1457
		if (backend.reserved != 0)
			return -EOPNOTSUPP;
1458 1459 1460

		return vhost_scsi_clear_endpoint(vs, &backend);
	case VHOST_SCSI_GET_ABI_VERSION:
1461
		if (copy_to_user(argp, &abi_version, sizeof abi_version))
1462 1463
			return -EFAULT;
		return 0;
1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477
	case VHOST_SCSI_SET_EVENTS_MISSED:
		if (get_user(events_missed, eventsp))
			return -EFAULT;
		mutex_lock(&vq->mutex);
		vs->vs_events_missed = events_missed;
		mutex_unlock(&vq->mutex);
		return 0;
	case VHOST_SCSI_GET_EVENTS_MISSED:
		mutex_lock(&vq->mutex);
		events_missed = vs->vs_events_missed;
		mutex_unlock(&vq->mutex);
		if (put_user(events_missed, eventsp))
			return -EFAULT;
		return 0;
1478
	case VHOST_GET_FEATURES:
1479
		features = VHOST_SCSI_FEATURES;
1480 1481 1482 1483 1484 1485 1486 1487 1488
		if (copy_to_user(featurep, &features, sizeof features))
			return -EFAULT;
		return 0;
	case VHOST_SET_FEATURES:
		if (copy_from_user(&features, featurep, sizeof features))
			return -EFAULT;
		return vhost_scsi_set_features(vs, features);
	default:
		mutex_lock(&vs->dev.mutex);
1489 1490 1491 1492
		r = vhost_dev_ioctl(&vs->dev, ioctl, argp);
		/* TODO: flush backend after dev ioctl. */
		if (r == -ENOIOCTLCMD)
			r = vhost_vring_ioctl(&vs->dev, ioctl, argp);
1493 1494 1495 1496 1497
		mutex_unlock(&vs->dev.mutex);
		return r;
	}
}

1498 1499 1500 1501 1502 1503 1504 1505
#ifdef CONFIG_COMPAT
static long vhost_scsi_compat_ioctl(struct file *f, unsigned int ioctl,
				unsigned long arg)
{
	return vhost_scsi_ioctl(f, ioctl, (unsigned long)compat_ptr(arg));
}
#endif

1506 1507 1508 1509
static const struct file_operations vhost_scsi_fops = {
	.owner          = THIS_MODULE,
	.release        = vhost_scsi_release,
	.unlocked_ioctl = vhost_scsi_ioctl,
1510 1511 1512
#ifdef CONFIG_COMPAT
	.compat_ioctl	= vhost_scsi_compat_ioctl,
#endif
1513 1514 1515 1516 1517 1518 1519 1520 1521 1522 1523 1524 1525 1526 1527
	.open           = vhost_scsi_open,
	.llseek		= noop_llseek,
};

static struct miscdevice vhost_scsi_misc = {
	MISC_DYNAMIC_MINOR,
	"vhost-scsi",
	&vhost_scsi_fops,
};

static int __init vhost_scsi_register(void)
{
	return misc_register(&vhost_scsi_misc);
}

1528
static void vhost_scsi_deregister(void)
1529
{
1530
	misc_deregister(&vhost_scsi_misc);
1531 1532
}

1533
static char *vhost_scsi_dump_proto_id(struct vhost_scsi_tport *tport)
1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548
{
	switch (tport->tport_proto_id) {
	case SCSI_PROTOCOL_SAS:
		return "SAS";
	case SCSI_PROTOCOL_FCP:
		return "FCP";
	case SCSI_PROTOCOL_ISCSI:
		return "iSCSI";
	default:
		break;
	}

	return "Unknown";
}

1549
static void
1550
vhost_scsi_do_plug(struct vhost_scsi_tpg *tpg,
1551
		  struct se_lun *lun, bool plug)
1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564 1565 1566 1567
{

	struct vhost_scsi *vs = tpg->vhost_scsi;
	struct vhost_virtqueue *vq;
	u32 reason;

	if (!vs)
		return;

	mutex_lock(&vs->dev.mutex);

	if (plug)
		reason = VIRTIO_SCSI_EVT_RESET_RESCAN;
	else
		reason = VIRTIO_SCSI_EVT_RESET_REMOVED;

1568
	vq = &vs->vqs[VHOST_SCSI_VQ_EVT].vq;
1569
	mutex_lock(&vq->mutex);
1570
	if (vhost_has_feature(vq, VIRTIO_SCSI_F_HOTPLUG))
1571
		vhost_scsi_send_evt(vs, tpg, lun,
1572
				   VIRTIO_SCSI_T_TRANSPORT_RESET, reason);
1573 1574 1575 1576
	mutex_unlock(&vq->mutex);
	mutex_unlock(&vs->dev.mutex);
}

1577
static void vhost_scsi_hotplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun)
1578
{
1579
	vhost_scsi_do_plug(tpg, lun, true);
1580 1581
}

1582
static void vhost_scsi_hotunplug(struct vhost_scsi_tpg *tpg, struct se_lun *lun)
1583
{
1584
	vhost_scsi_do_plug(tpg, lun, false);
1585 1586
}

1587
static int vhost_scsi_port_link(struct se_portal_group *se_tpg,
1588
			       struct se_lun *lun)
1589
{
1590 1591
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
1592

1593
	mutex_lock(&vhost_scsi_mutex);
1594

1595 1596 1597
	mutex_lock(&tpg->tv_tpg_mutex);
	tpg->tv_tpg_port_count++;
	mutex_unlock(&tpg->tv_tpg_mutex);
1598

1599
	vhost_scsi_hotplug(tpg, lun);
1600

1601
	mutex_unlock(&vhost_scsi_mutex);
1602

1603 1604 1605
	return 0;
}

1606
static void vhost_scsi_port_unlink(struct se_portal_group *se_tpg,
1607
				  struct se_lun *lun)
1608
{
1609 1610
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
1611

1612
	mutex_lock(&vhost_scsi_mutex);
1613

1614 1615 1616
	mutex_lock(&tpg->tv_tpg_mutex);
	tpg->tv_tpg_port_count--;
	mutex_unlock(&tpg->tv_tpg_mutex);
1617

1618
	vhost_scsi_hotunplug(tpg, lun);
1619

1620
	mutex_unlock(&vhost_scsi_mutex);
1621 1622
}

1623
static void vhost_scsi_free_cmd_map_res(struct se_session *se_sess)
1624
{
1625
	struct vhost_scsi_cmd *tv_cmd;
1626 1627 1628 1629 1630
	unsigned int i;

	if (!se_sess->sess_cmd_map)
		return;

1631 1632
	for (i = 0; i < VHOST_SCSI_DEFAULT_TAGS; i++) {
		tv_cmd = &((struct vhost_scsi_cmd *)se_sess->sess_cmd_map)[i];
1633 1634

		kfree(tv_cmd->tvc_sgl);
1635
		kfree(tv_cmd->tvc_prot_sgl);
1636 1637 1638 1639
		kfree(tv_cmd->tvc_upages);
	}
}

1640 1641
static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_store(
		struct config_item *item, const char *page, size_t count)
1642
{
1643
	struct se_portal_group *se_tpg = attrib_to_tpg(item);
1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
	unsigned long val;
	int ret = kstrtoul(page, 0, &val);

	if (ret) {
		pr_err("kstrtoul() returned %d for fabric_prot_type\n", ret);
		return ret;
	}
	if (val != 0 && val != 1 && val != 3) {
		pr_err("Invalid vhost_scsi fabric_prot_type: %lu\n", val);
		return -EINVAL;
	}
	tpg->tv_fabric_prot_type = val;

	return count;
}

1662 1663
static ssize_t vhost_scsi_tpg_attrib_fabric_prot_type_show(
		struct config_item *item, char *page)
1664
{
1665
	struct se_portal_group *se_tpg = attrib_to_tpg(item);
1666 1667 1668 1669 1670
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);

	return sprintf(page, "%d\n", tpg->tv_fabric_prot_type);
}
1671 1672

CONFIGFS_ATTR(vhost_scsi_tpg_attrib_, fabric_prot_type);
1673 1674

static struct configfs_attribute *vhost_scsi_tpg_attrib_attrs[] = {
1675
	&vhost_scsi_tpg_attrib_attr_fabric_prot_type,
1676 1677 1678
	NULL,
};

1679 1680
static int vhost_scsi_nexus_cb(struct se_portal_group *se_tpg,
			       struct se_session *se_sess, void *p)
1681
{
1682
	struct vhost_scsi_cmd *tv_cmd;
1683
	unsigned int i;
1684

1685 1686
	for (i = 0; i < VHOST_SCSI_DEFAULT_TAGS; i++) {
		tv_cmd = &((struct vhost_scsi_cmd *)se_sess->sess_cmd_map)[i];
1687

K
Kees Cook 已提交
1688 1689 1690
		tv_cmd->tvc_sgl = kcalloc(VHOST_SCSI_PREALLOC_SGLS,
					  sizeof(struct scatterlist),
					  GFP_KERNEL);
1691 1692 1693 1694 1695
		if (!tv_cmd->tvc_sgl) {
			pr_err("Unable to allocate tv_cmd->tvc_sgl\n");
			goto out;
		}

K
Kees Cook 已提交
1696 1697 1698
		tv_cmd->tvc_upages = kcalloc(VHOST_SCSI_PREALLOC_UPAGES,
					     sizeof(struct page *),
					     GFP_KERNEL);
1699 1700 1701 1702
		if (!tv_cmd->tvc_upages) {
			pr_err("Unable to allocate tv_cmd->tvc_upages\n");
			goto out;
		}
1703

K
Kees Cook 已提交
1704 1705 1706
		tv_cmd->tvc_prot_sgl = kcalloc(VHOST_SCSI_PREALLOC_PROT_SGLS,
					       sizeof(struct scatterlist),
					       GFP_KERNEL);
1707 1708 1709 1710
		if (!tv_cmd->tvc_prot_sgl) {
			pr_err("Unable to allocate tv_cmd->tvc_prot_sgl\n");
			goto out;
		}
1711
	}
1712 1713 1714 1715 1716 1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729
	return 0;
out:
	vhost_scsi_free_cmd_map_res(se_sess);
	return -ENOMEM;
}

static int vhost_scsi_make_nexus(struct vhost_scsi_tpg *tpg,
				const char *name)
{
	struct vhost_scsi_nexus *tv_nexus;

	mutex_lock(&tpg->tv_tpg_mutex);
	if (tpg->tpg_nexus) {
		mutex_unlock(&tpg->tv_tpg_mutex);
		pr_debug("tpg->tpg_nexus already exists\n");
		return -EEXIST;
	}

1730
	tv_nexus = kzalloc(sizeof(*tv_nexus), GFP_KERNEL);
1731 1732 1733 1734 1735
	if (!tv_nexus) {
		mutex_unlock(&tpg->tv_tpg_mutex);
		pr_err("Unable to allocate struct vhost_scsi_nexus\n");
		return -ENOMEM;
	}
1736 1737
	/*
	 * Since we are running in 'demo mode' this call with generate a
1738
	 * struct se_node_acl for the vhost_scsi struct se_portal_group with
1739 1740
	 * the SCSI Initiator port name of the passed configfs group 'name'.
	 */
1741 1742 1743 1744 1745 1746 1747
	tv_nexus->tvn_se_sess = target_alloc_session(&tpg->se_tpg,
					VHOST_SCSI_DEFAULT_TAGS,
					sizeof(struct vhost_scsi_cmd),
					TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS,
					(unsigned char *)name, tv_nexus,
					vhost_scsi_nexus_cb);
	if (IS_ERR(tv_nexus->tvn_se_sess)) {
1748
		mutex_unlock(&tpg->tv_tpg_mutex);
1749 1750
		kfree(tv_nexus);
		return -ENOMEM;
1751
	}
1752
	tpg->tpg_nexus = tv_nexus;
1753

1754
	mutex_unlock(&tpg->tv_tpg_mutex);
1755 1756 1757
	return 0;
}

1758
static int vhost_scsi_drop_nexus(struct vhost_scsi_tpg *tpg)
1759 1760
{
	struct se_session *se_sess;
1761
	struct vhost_scsi_nexus *tv_nexus;
1762 1763 1764 1765 1766 1767 1768 1769 1770 1771 1772 1773 1774 1775

	mutex_lock(&tpg->tv_tpg_mutex);
	tv_nexus = tpg->tpg_nexus;
	if (!tv_nexus) {
		mutex_unlock(&tpg->tv_tpg_mutex);
		return -ENODEV;
	}

	se_sess = tv_nexus->tvn_se_sess;
	if (!se_sess) {
		mutex_unlock(&tpg->tv_tpg_mutex);
		return -ENODEV;
	}

1776
	if (tpg->tv_tpg_port_count != 0) {
1777
		mutex_unlock(&tpg->tv_tpg_mutex);
1778
		pr_err("Unable to remove TCM_vhost I_T Nexus with"
1779
			" active TPG port count: %d\n",
1780 1781
			tpg->tv_tpg_port_count);
		return -EBUSY;
1782 1783
	}

1784
	if (tpg->tv_tpg_vhost_count != 0) {
1785
		mutex_unlock(&tpg->tv_tpg_mutex);
1786
		pr_err("Unable to remove TCM_vhost I_T Nexus with"
1787
			" active TPG vhost count: %d\n",
1788 1789
			tpg->tv_tpg_vhost_count);
		return -EBUSY;
1790 1791
	}

1792
	pr_debug("TCM_vhost_ConfigFS: Removing I_T Nexus to emulated"
1793
		" %s Initiator Port: %s\n", vhost_scsi_dump_proto_id(tpg->tport),
1794
		tv_nexus->tvn_se_sess->se_node_acl->initiatorname);
1795

1796
	vhost_scsi_free_cmd_map_res(se_sess);
1797
	/*
1798
	 * Release the SCSI I_T Nexus to the emulated vhost Target Port
1799 1800 1801 1802 1803 1804 1805 1806 1807
	 */
	transport_deregister_session(tv_nexus->tvn_se_sess);
	tpg->tpg_nexus = NULL;
	mutex_unlock(&tpg->tv_tpg_mutex);

	kfree(tv_nexus);
	return 0;
}

1808
static ssize_t vhost_scsi_tpg_nexus_show(struct config_item *item, char *page)
1809
{
1810
	struct se_portal_group *se_tpg = to_tpg(item);
1811 1812 1813
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
	struct vhost_scsi_nexus *tv_nexus;
1814 1815
	ssize_t ret;

1816 1817
	mutex_lock(&tpg->tv_tpg_mutex);
	tv_nexus = tpg->tpg_nexus;
1818
	if (!tv_nexus) {
1819
		mutex_unlock(&tpg->tv_tpg_mutex);
1820 1821 1822 1823
		return -ENODEV;
	}
	ret = snprintf(page, PAGE_SIZE, "%s\n",
			tv_nexus->tvn_se_sess->se_node_acl->initiatorname);
1824
	mutex_unlock(&tpg->tv_tpg_mutex);
1825 1826 1827 1828

	return ret;
}

1829 1830
static ssize_t vhost_scsi_tpg_nexus_store(struct config_item *item,
		const char *page, size_t count)
1831
{
1832
	struct se_portal_group *se_tpg = to_tpg(item);
1833 1834 1835 1836
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
	struct vhost_scsi_tport *tport_wwn = tpg->tport;
	unsigned char i_port[VHOST_SCSI_NAMELEN], *ptr, *port_ptr;
1837 1838 1839 1840 1841
	int ret;
	/*
	 * Shutdown the active I_T nexus if 'NULL' is passed..
	 */
	if (!strncmp(page, "NULL", 4)) {
1842
		ret = vhost_scsi_drop_nexus(tpg);
1843 1844 1845 1846
		return (!ret) ? count : ret;
	}
	/*
	 * Otherwise make sure the passed virtual Initiator port WWN matches
1847 1848
	 * the fabric protocol_id set in vhost_scsi_make_tport(), and call
	 * vhost_scsi_make_nexus().
1849
	 */
1850
	if (strlen(page) >= VHOST_SCSI_NAMELEN) {
1851
		pr_err("Emulated NAA Sas Address: %s, exceeds"
1852
				" max: %d\n", page, VHOST_SCSI_NAMELEN);
1853 1854
		return -EINVAL;
	}
1855
	snprintf(&i_port[0], VHOST_SCSI_NAMELEN, "%s", page);
1856 1857 1858 1859 1860 1861

	ptr = strstr(i_port, "naa.");
	if (ptr) {
		if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_SAS) {
			pr_err("Passed SAS Initiator Port %s does not"
				" match target port protoid: %s\n", i_port,
1862
				vhost_scsi_dump_proto_id(tport_wwn));
1863 1864 1865 1866 1867 1868 1869 1870 1871 1872
			return -EINVAL;
		}
		port_ptr = &i_port[0];
		goto check_newline;
	}
	ptr = strstr(i_port, "fc.");
	if (ptr) {
		if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_FCP) {
			pr_err("Passed FCP Initiator Port %s does not"
				" match target port protoid: %s\n", i_port,
1873
				vhost_scsi_dump_proto_id(tport_wwn));
1874 1875 1876 1877 1878 1879 1880 1881 1882 1883
			return -EINVAL;
		}
		port_ptr = &i_port[3]; /* Skip over "fc." */
		goto check_newline;
	}
	ptr = strstr(i_port, "iqn.");
	if (ptr) {
		if (tport_wwn->tport_proto_id != SCSI_PROTOCOL_ISCSI) {
			pr_err("Passed iSCSI Initiator Port %s does not"
				" match target port protoid: %s\n", i_port,
1884
				vhost_scsi_dump_proto_id(tport_wwn));
1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895 1896 1897 1898 1899
			return -EINVAL;
		}
		port_ptr = &i_port[0];
		goto check_newline;
	}
	pr_err("Unable to locate prefix for emulated Initiator Port:"
			" %s\n", i_port);
	return -EINVAL;
	/*
	 * Clear any trailing newline for the NAA WWN
	 */
check_newline:
	if (i_port[strlen(i_port)-1] == '\n')
		i_port[strlen(i_port)-1] = '\0';

1900
	ret = vhost_scsi_make_nexus(tpg, port_ptr);
1901 1902 1903 1904 1905 1906
	if (ret < 0)
		return ret;

	return count;
}

1907
CONFIGFS_ATTR(vhost_scsi_tpg_, nexus);
1908

1909
static struct configfs_attribute *vhost_scsi_tpg_attrs[] = {
1910
	&vhost_scsi_tpg_attr_nexus,
1911 1912 1913
	NULL,
};

1914
static struct se_portal_group *
1915
vhost_scsi_make_tpg(struct se_wwn *wwn,
1916 1917
		   struct config_group *group,
		   const char *name)
1918
{
1919 1920
	struct vhost_scsi_tport *tport = container_of(wwn,
			struct vhost_scsi_tport, tport_wwn);
1921

1922
	struct vhost_scsi_tpg *tpg;
1923
	u16 tpgt;
1924 1925 1926 1927
	int ret;

	if (strstr(name, "tpgt_") != name)
		return ERR_PTR(-EINVAL);
1928
	if (kstrtou16(name + 5, 10, &tpgt) || tpgt >= VHOST_SCSI_MAX_TARGET)
1929 1930
		return ERR_PTR(-EINVAL);

1931
	tpg = kzalloc(sizeof(*tpg), GFP_KERNEL);
1932
	if (!tpg) {
1933
		pr_err("Unable to allocate struct vhost_scsi_tpg");
1934 1935 1936 1937 1938 1939 1940
		return ERR_PTR(-ENOMEM);
	}
	mutex_init(&tpg->tv_tpg_mutex);
	INIT_LIST_HEAD(&tpg->tv_tpg_list);
	tpg->tport = tport;
	tpg->tport_tpgt = tpgt;

1941
	ret = core_tpg_register(wwn, &tpg->se_tpg, tport->tport_proto_id);
1942 1943 1944 1945
	if (ret < 0) {
		kfree(tpg);
		return NULL;
	}
1946 1947 1948
	mutex_lock(&vhost_scsi_mutex);
	list_add_tail(&tpg->tv_tpg_list, &vhost_scsi_list);
	mutex_unlock(&vhost_scsi_mutex);
1949 1950 1951 1952

	return &tpg->se_tpg;
}

1953
static void vhost_scsi_drop_tpg(struct se_portal_group *se_tpg)
1954
{
1955 1956
	struct vhost_scsi_tpg *tpg = container_of(se_tpg,
				struct vhost_scsi_tpg, se_tpg);
1957

1958
	mutex_lock(&vhost_scsi_mutex);
1959
	list_del(&tpg->tv_tpg_list);
1960
	mutex_unlock(&vhost_scsi_mutex);
1961
	/*
1962
	 * Release the virtual I_T Nexus for this vhost TPG
1963
	 */
1964
	vhost_scsi_drop_nexus(tpg);
1965 1966 1967 1968 1969 1970 1971
	/*
	 * Deregister the se_tpg from TCM..
	 */
	core_tpg_deregister(se_tpg);
	kfree(tpg);
}

1972
static struct se_wwn *
1973
vhost_scsi_make_tport(struct target_fabric_configfs *tf,
1974 1975
		     struct config_group *group,
		     const char *name)
1976
{
1977
	struct vhost_scsi_tport *tport;
1978 1979 1980 1981
	char *ptr;
	u64 wwpn = 0;
	int off = 0;

1982
	/* if (vhost_scsi_parse_wwn(name, &wwpn, 1) < 0)
1983 1984
		return ERR_PTR(-EINVAL); */

1985
	tport = kzalloc(sizeof(*tport), GFP_KERNEL);
1986
	if (!tport) {
1987
		pr_err("Unable to allocate struct vhost_scsi_tport");
1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017
		return ERR_PTR(-ENOMEM);
	}
	tport->tport_wwpn = wwpn;
	/*
	 * Determine the emulated Protocol Identifier and Target Port Name
	 * based on the incoming configfs directory name.
	 */
	ptr = strstr(name, "naa.");
	if (ptr) {
		tport->tport_proto_id = SCSI_PROTOCOL_SAS;
		goto check_len;
	}
	ptr = strstr(name, "fc.");
	if (ptr) {
		tport->tport_proto_id = SCSI_PROTOCOL_FCP;
		off = 3; /* Skip over "fc." */
		goto check_len;
	}
	ptr = strstr(name, "iqn.");
	if (ptr) {
		tport->tport_proto_id = SCSI_PROTOCOL_ISCSI;
		goto check_len;
	}

	pr_err("Unable to locate prefix for emulated Target Port:"
			" %s\n", name);
	kfree(tport);
	return ERR_PTR(-EINVAL);

check_len:
2018
	if (strlen(name) >= VHOST_SCSI_NAMELEN) {
2019
		pr_err("Emulated %s Address: %s, exceeds"
2020 2021
			" max: %d\n", name, vhost_scsi_dump_proto_id(tport),
			VHOST_SCSI_NAMELEN);
2022 2023 2024
		kfree(tport);
		return ERR_PTR(-EINVAL);
	}
2025
	snprintf(&tport->tport_name[0], VHOST_SCSI_NAMELEN, "%s", &name[off]);
2026 2027

	pr_debug("TCM_VHost_ConfigFS: Allocated emulated Target"
2028
		" %s Address: %s\n", vhost_scsi_dump_proto_id(tport), name);
2029 2030 2031 2032

	return &tport->tport_wwn;
}

2033
static void vhost_scsi_drop_tport(struct se_wwn *wwn)
2034
{
2035 2036
	struct vhost_scsi_tport *tport = container_of(wwn,
				struct vhost_scsi_tport, tport_wwn);
2037 2038

	pr_debug("TCM_VHost_ConfigFS: Deallocating emulated Target"
2039
		" %s Address: %s\n", vhost_scsi_dump_proto_id(tport),
2040 2041 2042 2043 2044
		tport->tport_name);

	kfree(tport);
}

2045
static ssize_t
2046
vhost_scsi_wwn_version_show(struct config_item *item, char *page)
2047 2048
{
	return sprintf(page, "TCM_VHOST fabric module %s on %s/%s"
2049
		"on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname,
2050 2051 2052
		utsname()->machine);
}

2053
CONFIGFS_ATTR_RO(vhost_scsi_wwn_, version);
2054

2055
static struct configfs_attribute *vhost_scsi_wwn_attrs[] = {
2056
	&vhost_scsi_wwn_attr_version,
2057 2058 2059
	NULL,
};

2060
static const struct target_core_fabric_ops vhost_scsi_ops = {
2061 2062
	.module				= THIS_MODULE,
	.name				= "vhost",
2063 2064 2065 2066 2067 2068 2069
	.get_fabric_name		= vhost_scsi_get_fabric_name,
	.tpg_get_wwn			= vhost_scsi_get_fabric_wwn,
	.tpg_get_tag			= vhost_scsi_get_tpgt,
	.tpg_check_demo_mode		= vhost_scsi_check_true,
	.tpg_check_demo_mode_cache	= vhost_scsi_check_true,
	.tpg_check_demo_mode_write_protect = vhost_scsi_check_false,
	.tpg_check_prod_mode_write_protect = vhost_scsi_check_false,
2070
	.tpg_check_prot_fabric_only	= vhost_scsi_check_prot_fabric_only,
2071 2072
	.tpg_get_inst_index		= vhost_scsi_tpg_get_inst_index,
	.release_cmd			= vhost_scsi_release_cmd,
2073
	.check_stop_free		= vhost_scsi_check_stop_free,
2074
	.sess_get_index			= vhost_scsi_sess_get_index,
2075
	.sess_get_initiator_sid		= NULL,
2076 2077 2078 2079 2080 2081 2082 2083
	.write_pending			= vhost_scsi_write_pending,
	.write_pending_status		= vhost_scsi_write_pending_status,
	.set_default_node_attributes	= vhost_scsi_set_default_node_attrs,
	.get_cmd_state			= vhost_scsi_get_cmd_state,
	.queue_data_in			= vhost_scsi_queue_data_in,
	.queue_status			= vhost_scsi_queue_status,
	.queue_tm_rsp			= vhost_scsi_queue_tm_rsp,
	.aborted_task			= vhost_scsi_aborted_task,
2084 2085 2086
	/*
	 * Setup callers for generic logic in target_core_fabric_configfs.c
	 */
2087 2088 2089 2090 2091 2092
	.fabric_make_wwn		= vhost_scsi_make_tport,
	.fabric_drop_wwn		= vhost_scsi_drop_tport,
	.fabric_make_tpg		= vhost_scsi_make_tpg,
	.fabric_drop_tpg		= vhost_scsi_drop_tpg,
	.fabric_post_link		= vhost_scsi_port_link,
	.fabric_pre_unlink		= vhost_scsi_port_unlink,
2093 2094 2095 2096

	.tfc_wwn_attrs			= vhost_scsi_wwn_attrs,
	.tfc_tpg_base_attrs		= vhost_scsi_tpg_attrs,
	.tfc_tpg_attrib_attrs		= vhost_scsi_tpg_attrib_attrs,
2097 2098
};

2099
static int __init vhost_scsi_init(void)
2100
{
2101
	int ret = -ENOMEM;
2102

2103
	pr_debug("TCM_VHOST fabric module %s on %s/%s"
2104
		" on "UTS_RELEASE"\n", VHOST_SCSI_VERSION, utsname()->sysname,
2105 2106
		utsname()->machine);

2107 2108 2109 2110
	/*
	 * Use our own dedicated workqueue for submitting I/O into
	 * target core to avoid contention within system_wq.
	 */
2111 2112
	vhost_scsi_workqueue = alloc_workqueue("vhost_scsi", 0, 0);
	if (!vhost_scsi_workqueue)
2113 2114 2115 2116 2117 2118
		goto out;

	ret = vhost_scsi_register();
	if (ret < 0)
		goto out_destroy_workqueue;

2119
	ret = target_register_template(&vhost_scsi_ops);
2120 2121 2122 2123 2124 2125 2126 2127
	if (ret < 0)
		goto out_vhost_scsi_deregister;

	return 0;

out_vhost_scsi_deregister:
	vhost_scsi_deregister();
out_destroy_workqueue:
2128
	destroy_workqueue(vhost_scsi_workqueue);
2129 2130 2131 2132
out:
	return ret;
};

2133
static void vhost_scsi_exit(void)
2134
{
2135
	target_unregister_template(&vhost_scsi_ops);
2136
	vhost_scsi_deregister();
2137
	destroy_workqueue(vhost_scsi_workqueue);
2138 2139
};

M
Michael S. Tsirkin 已提交
2140 2141
MODULE_DESCRIPTION("VHOST_SCSI series fabric driver");
MODULE_ALIAS("tcm_vhost");
2142
MODULE_LICENSE("GPL");
2143 2144
module_init(vhost_scsi_init);
module_exit(vhost_scsi_exit);