target_core_user.c 55.4 KB
Newer Older
1 2 3
/*
 * Copyright (C) 2013 Shaohua Li <shli@kernel.org>
 * Copyright (C) 2014 Red Hat, Inc.
4
 * Copyright (C) 2015 Arrikto, Inc.
5
 * Copyright (C) 2017 Chinamobile, Inc.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include <linux/spinlock.h>
#include <linux/module.h>
#include <linux/idr.h>
24
#include <linux/kernel.h>
25 26
#include <linux/timer.h>
#include <linux/parser.h>
27
#include <linux/vmalloc.h>
28
#include <linux/uio_driver.h>
29
#include <linux/radix-tree.h>
30
#include <linux/stringify.h>
31
#include <linux/bitops.h>
32
#include <linux/highmem.h>
33
#include <linux/configfs.h>
34
#include <linux/mutex.h>
M
Mike Christie 已提交
35
#include <linux/workqueue.h>
36
#include <net/genetlink.h>
37 38
#include <scsi/scsi_common.h>
#include <scsi/scsi_proto.h>
39 40 41
#include <target/target_core_base.h>
#include <target/target_core_fabric.h>
#include <target/target_core_backend.h>
42

43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
#include <linux/target_core_user.h>

/*
 * Define a shared-memory interface for LIO to pass SCSI commands and
 * data to userspace for processing. This is to allow backends that
 * are too complex for in-kernel support to be possible.
 *
 * It uses the UIO framework to do a lot of the device-creation and
 * introspection work for us.
 *
 * See the .h file for how the ring is laid out. Note that while the
 * command ring is defined, the particulars of the data area are
 * not. Offset values in the command entry point to other locations
 * internal to the mmap()ed area. There is separate space outside the
 * command ring for data buffers. This leaves maximum flexibility for
 * moving buffer allocations, or even page flipping or other
 * allocation techniques, without altering the command ring layout.
 *
 * SECURITY:
 * The user process must be assumed to be malicious. There's no way to
 * prevent it breaking the command ring protocol if it wants, but in
 * order to prevent other issues we must only ever read *data* from
 * the shared memory area, not offsets or sizes. This applies to
 * command ring entries as well as the mailbox. Extra code needed for
 * this may have a 'UAM' comment.
 */

#define TCMU_TIME_OUT (30 * MSEC_PER_SEC)

72 73
/* For cmd area, the size is fixed 8MB */
#define CMDR_SIZE (8 * 1024 * 1024)
74

75 76 77 78 79 80
/*
 * For data area, the block size is PAGE_SIZE and
 * the total size is 256K * PAGE_SIZE.
 */
#define DATA_BLOCK_SIZE PAGE_SIZE
#define DATA_BLOCK_BITS (256 * 1024)
81
#define DATA_SIZE (DATA_BLOCK_BITS * DATA_BLOCK_SIZE)
82

83
/* The total size of the ring is 8M + 256K * PAGE_SIZE */
84 85
#define TCMU_RING_SIZE (CMDR_SIZE + DATA_SIZE)

86 87 88 89
/*
 * Default number of global data blocks(512K * PAGE_SIZE)
 * when the unmap thread will be started.
 */
90 91
#define TCMU_GLOBAL_MAX_BLOCKS (512 * 1024)

92 93
static u8 tcmu_kern_cmd_reply_supported;

94 95 96 97 98 99 100 101
static struct device *tcmu_root_device;

struct tcmu_hba {
	u32 host_id;
};

#define TCMU_CONFIG_LEN 256

102 103 104 105 106 107 108
struct tcmu_nl_cmd {
	/* wake up thread waiting for reply */
	struct completion complete;
	int cmd;
	int status;
};

109
struct tcmu_dev {
110
	struct list_head node;
111
	struct kref kref;
112

113 114 115 116 117 118 119 120 121 122 123
	struct se_device se_dev;

	char *name;
	struct se_hba *hba;

#define TCMU_DEV_BIT_OPEN 0
#define TCMU_DEV_BIT_BROKEN 1
	unsigned long flags;

	struct uio_info uio_info;

124 125
	struct inode *inode;

126 127 128 129
	struct tcmu_mailbox *mb_addr;
	size_t dev_size;
	u32 cmdr_size;
	u32 cmdr_last_cleaned;
130
	/* Offset of data area from start of mb */
131
	/* Must add data_off and mb_addr to get the address */
132 133
	size_t data_off;
	size_t data_size;
134

135
	struct mutex cmdr_lock;
136
	struct list_head cmdr_queue;
137

138
	uint32_t dbi_max;
139
	uint32_t dbi_thresh;
140 141 142
	DECLARE_BITMAP(data_bitmap, DATA_BLOCK_BITS);
	struct radix_tree_root data_blocks;

143 144 145
	struct idr commands;

	struct timer_list timeout;
146
	unsigned int cmd_time_out;
147
	struct list_head timedout_entry;
148

149 150 151 152 153
	spinlock_t nl_cmd_lock;
	struct tcmu_nl_cmd curr_nl_cmd;
	/* wake up threads waiting on curr_nl_cmd */
	wait_queue_head_t nl_cmd_wq;

154
	char dev_config[TCMU_CONFIG_LEN];
155 156

	int nl_reply_supported;
157 158 159 160 161 162 163 164 165
};

#define TCMU_DEV(_se_dev) container_of(_se_dev, struct tcmu_dev, se_dev)

#define CMDR_OFF sizeof(struct tcmu_mailbox)

struct tcmu_cmd {
	struct se_cmd *se_cmd;
	struct tcmu_dev *tcmu_dev;
166
	struct list_head cmdr_queue_entry;
167 168 169

	uint16_t cmd_id;

170
	/* Can't use se_cmd when cleaning up expired cmds, because if
171
	   cmd has been completed then accessing se_cmd is off limits */
172 173 174
	uint32_t dbi_cnt;
	uint32_t dbi_cur;
	uint32_t *dbi;
175 176 177 178 179 180

	unsigned long deadline;

#define TCMU_CMD_BIT_EXPIRED 0
	unsigned long flags;
};
181 182 183 184 185 186 187 188 189 190
/*
 * To avoid dead lock the mutex lock order should always be:
 *
 * mutex_lock(&root_udev_mutex);
 * ...
 * mutex_lock(&tcmu_dev->cmdr_lock);
 * mutex_unlock(&tcmu_dev->cmdr_lock);
 * ...
 * mutex_unlock(&root_udev_mutex);
 */
191 192 193
static DEFINE_MUTEX(root_udev_mutex);
static LIST_HEAD(root_udev);

194 195 196
static DEFINE_SPINLOCK(timed_out_udevs_lock);
static LIST_HEAD(timed_out_udevs);

197
static atomic_t global_db_count = ATOMIC_INIT(0);
198
static struct delayed_work tcmu_unmap_work;
199

200 201 202 203 204 205 206 207 208 209 210
static struct kmem_cache *tcmu_cmd_cache;

/* multicast group */
enum tcmu_multicast_groups {
	TCMU_MCGRP_CONFIG,
};

static const struct genl_multicast_group tcmu_mcgrps[] = {
	[TCMU_MCGRP_CONFIG] = { .name = "config", },
};

211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320
static struct nla_policy tcmu_attr_policy[TCMU_ATTR_MAX+1] = {
	[TCMU_ATTR_DEVICE]	= { .type = NLA_STRING },
	[TCMU_ATTR_MINOR]	= { .type = NLA_U32 },
	[TCMU_ATTR_CMD_STATUS]	= { .type = NLA_S32 },
	[TCMU_ATTR_DEVICE_ID]	= { .type = NLA_U32 },
	[TCMU_ATTR_SUPP_KERN_CMD_REPLY] = { .type = NLA_U8 },
};

static int tcmu_genl_cmd_done(struct genl_info *info, int completed_cmd)
{
	struct se_device *dev;
	struct tcmu_dev *udev;
	struct tcmu_nl_cmd *nl_cmd;
	int dev_id, rc, ret = 0;
	bool is_removed = (completed_cmd == TCMU_CMD_REMOVED_DEVICE);

	if (!info->attrs[TCMU_ATTR_CMD_STATUS] ||
	    !info->attrs[TCMU_ATTR_DEVICE_ID]) {
		printk(KERN_ERR "TCMU_ATTR_CMD_STATUS or TCMU_ATTR_DEVICE_ID not set, doing nothing\n");
                return -EINVAL;
        }

	dev_id = nla_get_u32(info->attrs[TCMU_ATTR_DEVICE_ID]);
	rc = nla_get_s32(info->attrs[TCMU_ATTR_CMD_STATUS]);

	dev = target_find_device(dev_id, !is_removed);
	if (!dev) {
		printk(KERN_ERR "tcmu nl cmd %u/%u completion could not find device with dev id %u.\n",
		       completed_cmd, rc, dev_id);
		return -ENODEV;
	}
	udev = TCMU_DEV(dev);

	spin_lock(&udev->nl_cmd_lock);
	nl_cmd = &udev->curr_nl_cmd;

	pr_debug("genl cmd done got id %d curr %d done %d rc %d\n", dev_id,
		 nl_cmd->cmd, completed_cmd, rc);

	if (nl_cmd->cmd != completed_cmd) {
		printk(KERN_ERR "Mismatched commands (Expecting reply for %d. Current %d).\n",
		       completed_cmd, nl_cmd->cmd);
		ret = -EINVAL;
	} else {
		nl_cmd->status = rc;
	}

	spin_unlock(&udev->nl_cmd_lock);
	if (!is_removed)
		 target_undepend_item(&dev->dev_group.cg_item);
	if (!ret)
		complete(&nl_cmd->complete);
	return ret;
}

static int tcmu_genl_rm_dev_done(struct sk_buff *skb, struct genl_info *info)
{
	return tcmu_genl_cmd_done(info, TCMU_CMD_REMOVED_DEVICE);
}

static int tcmu_genl_add_dev_done(struct sk_buff *skb, struct genl_info *info)
{
	return tcmu_genl_cmd_done(info, TCMU_CMD_ADDED_DEVICE);
}

static int tcmu_genl_reconfig_dev_done(struct sk_buff *skb,
				       struct genl_info *info)
{
	return tcmu_genl_cmd_done(info, TCMU_CMD_RECONFIG_DEVICE);
}

static int tcmu_genl_set_features(struct sk_buff *skb, struct genl_info *info)
{
	if (info->attrs[TCMU_ATTR_SUPP_KERN_CMD_REPLY]) {
		tcmu_kern_cmd_reply_supported  =
			nla_get_u8(info->attrs[TCMU_ATTR_SUPP_KERN_CMD_REPLY]);
		printk(KERN_INFO "tcmu daemon: command reply support %u.\n",
		       tcmu_kern_cmd_reply_supported);
	}

	return 0;
}

static const struct genl_ops tcmu_genl_ops[] = {
	{
		.cmd	= TCMU_CMD_SET_FEATURES,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_set_features,
	},
	{
		.cmd	= TCMU_CMD_ADDED_DEVICE_DONE,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_add_dev_done,
	},
	{
		.cmd	= TCMU_CMD_REMOVED_DEVICE_DONE,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_rm_dev_done,
	},
	{
		.cmd	= TCMU_CMD_RECONFIG_DEVICE_DONE,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_reconfig_dev_done,
	},
};

321
/* Our generic netlink family */
322
static struct genl_family tcmu_genl_family __ro_after_init = {
323
	.module = THIS_MODULE,
324 325
	.hdrsize = 0,
	.name = "TCM-USER",
326
	.version = 2,
327 328 329
	.maxattr = TCMU_ATTR_MAX,
	.mcgrps = tcmu_mcgrps,
	.n_mcgrps = ARRAY_SIZE(tcmu_mcgrps),
330
	.netnsok = true,
331 332
	.ops = tcmu_genl_ops,
	.n_ops = ARRAY_SIZE(tcmu_genl_ops),
333 334
};

335 336 337 338 339
#define tcmu_cmd_set_dbi_cur(cmd, index) ((cmd)->dbi_cur = (index))
#define tcmu_cmd_reset_dbi_cur(cmd) tcmu_cmd_set_dbi_cur(cmd, 0)
#define tcmu_cmd_set_dbi(cmd, index) ((cmd)->dbi[(cmd)->dbi_cur++] = (index))
#define tcmu_cmd_get_dbi(cmd) ((cmd)->dbi[(cmd)->dbi_cur++])

340
static void tcmu_cmd_free_data(struct tcmu_cmd *tcmu_cmd, uint32_t len)
341 342 343 344
{
	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;
	uint32_t i;

345
	for (i = 0; i < len; i++)
346 347 348
		clear_bit(tcmu_cmd->dbi[i], udev->data_bitmap);
}

349 350
static inline bool tcmu_get_empty_block(struct tcmu_dev *udev,
					struct tcmu_cmd *tcmu_cmd)
351
{
352 353
	struct page *page;
	int ret, dbi;
354

355 356 357
	dbi = find_first_zero_bit(udev->data_bitmap, udev->dbi_thresh);
	if (dbi == udev->dbi_thresh)
		return false;
358

359 360 361
	page = radix_tree_lookup(&udev->data_blocks, dbi);
	if (!page) {
		if (atomic_add_return(1, &global_db_count) >
362 363
					TCMU_GLOBAL_MAX_BLOCKS)
			schedule_delayed_work(&tcmu_unmap_work, 0);
364

365 366 367
		/* try to get new page from the mm */
		page = alloc_page(GFP_KERNEL);
		if (!page)
368
			goto err_alloc;
369 370

		ret = radix_tree_insert(&udev->data_blocks, dbi, page);
371 372
		if (ret)
			goto err_insert;
373 374
	}

375 376 377 378 379 380 381
	if (dbi > udev->dbi_max)
		udev->dbi_max = dbi;

	set_bit(dbi, udev->data_bitmap);
	tcmu_cmd_set_dbi(tcmu_cmd, dbi);

	return true;
382 383 384 385 386
err_insert:
	__free_page(page);
err_alloc:
	atomic_dec(&global_db_count);
	return false;
387 388
}

389 390 391 392 393 394 395
static bool tcmu_get_empty_blocks(struct tcmu_dev *udev,
				  struct tcmu_cmd *tcmu_cmd)
{
	int i;

	for (i = tcmu_cmd->dbi_cur; i < tcmu_cmd->dbi_cnt; i++) {
		if (!tcmu_get_empty_block(udev, tcmu_cmd))
396
			return false;
397 398 399 400 401 402
	}
	return true;
}

static inline struct page *
tcmu_get_block_page(struct tcmu_dev *udev, uint32_t dbi)
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433
{
	return radix_tree_lookup(&udev->data_blocks, dbi);
}

static inline void tcmu_free_cmd(struct tcmu_cmd *tcmu_cmd)
{
	kfree(tcmu_cmd->dbi);
	kmem_cache_free(tcmu_cmd_cache, tcmu_cmd);
}

static inline size_t tcmu_cmd_get_data_length(struct tcmu_cmd *tcmu_cmd)
{
	struct se_cmd *se_cmd = tcmu_cmd->se_cmd;
	size_t data_length = round_up(se_cmd->data_length, DATA_BLOCK_SIZE);

	if (se_cmd->se_cmd_flags & SCF_BIDI) {
		BUG_ON(!(se_cmd->t_bidi_data_sg && se_cmd->t_bidi_data_nents));
		data_length += round_up(se_cmd->t_bidi_data_sg->length,
				DATA_BLOCK_SIZE);
	}

	return data_length;
}

static inline uint32_t tcmu_cmd_get_block_cnt(struct tcmu_cmd *tcmu_cmd)
{
	size_t data_length = tcmu_cmd_get_data_length(tcmu_cmd);

	return data_length / DATA_BLOCK_SIZE;
}

434 435 436 437 438 439 440 441 442 443
static struct tcmu_cmd *tcmu_alloc_cmd(struct se_cmd *se_cmd)
{
	struct se_device *se_dev = se_cmd->se_dev;
	struct tcmu_dev *udev = TCMU_DEV(se_dev);
	struct tcmu_cmd *tcmu_cmd;

	tcmu_cmd = kmem_cache_zalloc(tcmu_cmd_cache, GFP_KERNEL);
	if (!tcmu_cmd)
		return NULL;

444
	INIT_LIST_HEAD(&tcmu_cmd->cmdr_queue_entry);
445 446 447
	tcmu_cmd->se_cmd = se_cmd;
	tcmu_cmd->tcmu_dev = udev;

448 449 450 451 452 453 454 455 456
	tcmu_cmd_reset_dbi_cur(tcmu_cmd);
	tcmu_cmd->dbi_cnt = tcmu_cmd_get_block_cnt(tcmu_cmd);
	tcmu_cmd->dbi = kcalloc(tcmu_cmd->dbi_cnt, sizeof(uint32_t),
				GFP_KERNEL);
	if (!tcmu_cmd->dbi) {
		kmem_cache_free(tcmu_cmd_cache, tcmu_cmd);
		return NULL;
	}

457 458 459 460 461
	return tcmu_cmd;
}

static inline void tcmu_flush_dcache_range(void *vaddr, size_t size)
{
G
Geliang Tang 已提交
462
	unsigned long offset = offset_in_page(vaddr);
463
	void *start = vaddr - offset;
464 465 466 467

	size = round_up(size+offset, PAGE_SIZE);

	while (size) {
468 469
		flush_dcache_page(virt_to_page(start));
		start += PAGE_SIZE;
470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498
		size -= PAGE_SIZE;
	}
}

/*
 * Some ring helper functions. We don't assume size is a power of 2 so
 * we can't use circ_buf.h.
 */
static inline size_t spc_used(size_t head, size_t tail, size_t size)
{
	int diff = head - tail;

	if (diff >= 0)
		return diff;
	else
		return size + diff;
}

static inline size_t spc_free(size_t head, size_t tail, size_t size)
{
	/* Keep 1 byte unused or we can't tell full from empty */
	return (size - spc_used(head, tail, size) - 1);
}

static inline size_t head_to_end(size_t head, size_t size)
{
	return size - head;
}

X
Xiubo Li 已提交
499
static inline void new_iov(struct iovec **iov, int *iov_cnt)
500 501 502 503 504 505 506 507 508 509 510
{
	struct iovec *iovec;

	if (*iov_cnt != 0)
		(*iov)++;
	(*iov_cnt)++;

	iovec = *iov;
	memset(iovec, 0, sizeof(struct iovec));
}

511 512
#define UPDATE_HEAD(head, used, size) smp_store_release(&head, ((head % size) + used) % size)

513
/* offset is relative to mb_addr */
514 515
static inline size_t get_block_offset_user(struct tcmu_dev *dev,
		int dbi, int remaining)
516
{
517
	return dev->data_off + dbi * DATA_BLOCK_SIZE +
518 519 520
		DATA_BLOCK_SIZE - remaining;
}

521
static inline size_t iov_tail(struct iovec *iov)
522 523 524 525
{
	return (size_t)iov->iov_base + iov->iov_len;
}

526
static void scatter_data_area(struct tcmu_dev *udev,
527 528 529
	struct tcmu_cmd *tcmu_cmd, struct scatterlist *data_sg,
	unsigned int data_nents, struct iovec **iov,
	int *iov_cnt, bool copy_data)
530
{
531
	int i, dbi;
532
	int block_remaining = 0;
533 534
	void *from, *to = NULL;
	size_t copy_bytes, to_offset, offset;
535
	struct scatterlist *sg;
536
	struct page *page;
537 538

	for_each_sg(data_sg, sg, data_nents, i) {
539
		int sg_remaining = sg->length;
540
		from = kmap_atomic(sg_page(sg)) + sg->offset;
541 542
		while (sg_remaining > 0) {
			if (block_remaining == 0) {
543 544 545
				if (to)
					kunmap_atomic(to);

546
				block_remaining = DATA_BLOCK_SIZE;
547 548 549
				dbi = tcmu_cmd_get_dbi(tcmu_cmd);
				page = tcmu_get_block_page(udev, dbi);
				to = kmap_atomic(page);
550
			}
551

X
Xiubo Li 已提交
552 553 554
			/*
			 * Covert to virtual offset of the ring data area.
			 */
555
			to_offset = get_block_offset_user(udev, dbi,
556
					block_remaining);
557

X
Xiubo Li 已提交
558 559 560 561 562 563 564
			/*
			 * The following code will gather and map the blocks
			 * to the same iovec when the blocks are all next to
			 * each other.
			 */
			copy_bytes = min_t(size_t, sg_remaining,
					block_remaining);
565
			if (*iov_cnt != 0 &&
566
			    to_offset == iov_tail(*iov)) {
X
Xiubo Li 已提交
567 568 569 570 571
				/*
				 * Will append to the current iovec, because
				 * the current block page is next to the
				 * previous one.
				 */
572 573
				(*iov)->iov_len += copy_bytes;
			} else {
X
Xiubo Li 已提交
574 575 576 577 578 579
				/*
				 * Will allocate a new iovec because we are
				 * first time here or the current block page
				 * is not next to the previous one.
				 */
				new_iov(iov, iov_cnt);
580
				(*iov)->iov_base = (void __user *)to_offset;
581 582
				(*iov)->iov_len = copy_bytes;
			}
X
Xiubo Li 已提交
583

584
			if (copy_data) {
585 586 587 588
				offset = DATA_BLOCK_SIZE - block_remaining;
				memcpy(to + offset,
				       from + sg->length - sg_remaining,
				       copy_bytes);
589 590
				tcmu_flush_dcache_range(to, copy_bytes);
			}
X
Xiubo Li 已提交
591

592 593
			sg_remaining -= copy_bytes;
			block_remaining -= copy_bytes;
594
		}
595
		kunmap_atomic(from - sg->offset);
596
	}
X
Xiubo Li 已提交
597

598 599
	if (to)
		kunmap_atomic(to);
600 601
}

602 603
static void gather_data_area(struct tcmu_dev *udev, struct tcmu_cmd *cmd,
			     bool bidi)
604
{
605
	struct se_cmd *se_cmd = cmd->se_cmd;
606
	int i, dbi;
607
	int block_remaining = 0;
608
	void *from = NULL, *to;
609
	size_t copy_bytes, offset;
610
	struct scatterlist *sg, *data_sg;
611
	struct page *page;
612
	unsigned int data_nents;
613
	uint32_t count = 0;
614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629

	if (!bidi) {
		data_sg = se_cmd->t_data_sg;
		data_nents = se_cmd->t_data_nents;
	} else {

		/*
		 * For bidi case, the first count blocks are for Data-Out
		 * buffer blocks, and before gathering the Data-In buffer
		 * the Data-Out buffer blocks should be discarded.
		 */
		count = DIV_ROUND_UP(se_cmd->data_length, DATA_BLOCK_SIZE);

		data_sg = se_cmd->t_bidi_data_sg;
		data_nents = se_cmd->t_bidi_data_nents;
	}
630

631 632
	tcmu_cmd_set_dbi_cur(cmd, count);

633
	for_each_sg(data_sg, sg, data_nents, i) {
634
		int sg_remaining = sg->length;
635
		to = kmap_atomic(sg_page(sg)) + sg->offset;
636 637
		while (sg_remaining > 0) {
			if (block_remaining == 0) {
638 639 640
				if (from)
					kunmap_atomic(from);

641
				block_remaining = DATA_BLOCK_SIZE;
642
				dbi = tcmu_cmd_get_dbi(cmd);
643 644
				page = tcmu_get_block_page(udev, dbi);
				from = kmap_atomic(page);
645 646 647
			}
			copy_bytes = min_t(size_t, sg_remaining,
					block_remaining);
648
			offset = DATA_BLOCK_SIZE - block_remaining;
649
			tcmu_flush_dcache_range(from, copy_bytes);
650
			memcpy(to + sg->length - sg_remaining, from + offset,
651
					copy_bytes);
652

653 654
			sg_remaining -= copy_bytes;
			block_remaining -= copy_bytes;
655
		}
656
		kunmap_atomic(to - sg->offset);
657
	}
658 659
	if (from)
		kunmap_atomic(from);
660 661
}

662
static inline size_t spc_bitmap_free(unsigned long *bitmap, uint32_t thresh)
663
{
M
Mike Christie 已提交
664
	return thresh - bitmap_weight(bitmap, thresh);
665 666
}

667
/*
668
 * We can't queue a command until we have space available on the cmd ring *and*
669
 * space available on the data area.
670 671 672
 *
 * Called with ring lock held.
 */
673 674
static bool is_ring_space_avail(struct tcmu_dev *udev, struct tcmu_cmd *cmd,
		size_t cmd_size, size_t data_needed)
675 676
{
	struct tcmu_mailbox *mb = udev->mb_addr;
677 678
	uint32_t blocks_needed = (data_needed + DATA_BLOCK_SIZE - 1)
				/ DATA_BLOCK_SIZE;
679
	size_t space, cmd_needed;
680 681 682 683 684 685
	u32 cmd_head;

	tcmu_flush_dcache_range(mb, sizeof(*mb));

	cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */

686 687 688 689 690 691 692 693 694
	/*
	 * If cmd end-of-ring space is too small then we need space for a NOP plus
	 * original cmd - cmds are internally contiguous.
	 */
	if (head_to_end(cmd_head, udev->cmdr_size) >= cmd_size)
		cmd_needed = cmd_size;
	else
		cmd_needed = cmd_size + head_to_end(cmd_head, udev->cmdr_size);

695 696 697 698 699 700 701
	space = spc_free(cmd_head, udev->cmdr_last_cleaned, udev->cmdr_size);
	if (space < cmd_needed) {
		pr_debug("no cmd space: %u %u %u\n", cmd_head,
		       udev->cmdr_last_cleaned, udev->cmdr_size);
		return false;
	}

702 703
	/* try to check and get the data blocks as needed */
	space = spc_bitmap_free(udev->data_bitmap, udev->dbi_thresh);
M
Mike Christie 已提交
704 705 706
	if ((space * DATA_BLOCK_SIZE) < data_needed) {
		unsigned long blocks_left = DATA_BLOCK_BITS - udev->dbi_thresh +
						space;
707 708 709 710 711 712 713 714

		if (blocks_left < blocks_needed) {
			pr_debug("no data space: only %lu available, but ask for %zu\n",
					blocks_left * DATA_BLOCK_SIZE,
					data_needed);
			return false;
		}

715 716 717
		udev->dbi_thresh += blocks_needed;
		if (udev->dbi_thresh > DATA_BLOCK_BITS)
			udev->dbi_thresh = DATA_BLOCK_BITS;
718 719
	}

720
	return tcmu_get_empty_blocks(udev, cmd);
721 722
}

723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743
static inline size_t tcmu_cmd_get_base_cmd_size(size_t iov_cnt)
{
	return max(offsetof(struct tcmu_cmd_entry, req.iov[iov_cnt]),
			sizeof(struct tcmu_cmd_entry));
}

static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd,
					   size_t base_command_size)
{
	struct se_cmd *se_cmd = tcmu_cmd->se_cmd;
	size_t command_size;

	command_size = base_command_size +
		round_up(scsi_command_size(se_cmd->t_task_cdb),
				TCMU_OP_ALIGN_SIZE);

	WARN_ON(command_size & (TCMU_OP_ALIGN_SIZE-1));

	return command_size;
}

M
Mike Christie 已提交
744 745 746 747 748 749
static int tcmu_setup_cmd_timer(struct tcmu_cmd *tcmu_cmd)
{
	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;
	unsigned long tmo = udev->cmd_time_out;
	int cmd_id;

750 751 752 753
	/*
	 * If it was on the cmdr queue waiting we do not reset the timer
	 * for requeues and when it is finally sent to userspace.
	 */
M
Mike Christie 已提交
754 755 756 757 758 759 760 761 762 763 764
	if (tcmu_cmd->cmd_id)
		return 0;

	cmd_id = idr_alloc(&udev->commands, tcmu_cmd, 1, USHRT_MAX, GFP_NOWAIT);
	if (cmd_id < 0) {
		pr_err("tcmu: Could not allocate cmd id.\n");
		return cmd_id;
	}
	tcmu_cmd->cmd_id = cmd_id;

	if (!tmo)
765 766 767 768
		tmo = TCMU_TIME_OUT;

	pr_debug("allocated cmd %u for dev %s tmo %lu\n", tcmu_cmd->cmd_id,
		 udev->name, tmo / MSEC_PER_SEC);
M
Mike Christie 已提交
769 770 771 772 773 774

	tcmu_cmd->deadline = round_jiffies_up(jiffies + msecs_to_jiffies(tmo));
	mod_timer(&udev->timeout, tcmu_cmd->deadline);
	return 0;
}

775 776 777 778 779 780 781 782 783 784 785 786 787 788 789
static int add_to_cmdr_queue(struct tcmu_cmd *tcmu_cmd)
{
	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;
	int ret;

	ret = tcmu_setup_cmd_timer(tcmu_cmd);
	if (ret)
		return ret;

	list_add_tail(&tcmu_cmd->cmdr_queue_entry, &udev->cmdr_queue);
	pr_debug("adding cmd %u on dev %s to ring space wait queue\n",
		 tcmu_cmd->cmd_id, udev->name);
	return 0;
}

790 791 792 793 794 795 796 797
/**
 * queue_cmd_ring - queue cmd to ring or internally
 * @tcmu_cmd: cmd to queue
 * @scsi_err: TCM error code if failure (-1) returned.
 *
 * Returns:
 * -1 we cannot queue internally or to the ring.
 *  0 success
798
 *  1 internally queued to wait for ring memory to free.
799 800
 */
static sense_reason_t queue_cmd_ring(struct tcmu_cmd *tcmu_cmd, int *scsi_err)
801 802 803 804 805 806 807
{
	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;
	struct se_cmd *se_cmd = tcmu_cmd->se_cmd;
	size_t base_command_size, command_size;
	struct tcmu_mailbox *mb;
	struct tcmu_cmd_entry *entry;
	struct iovec *iov;
808
	int iov_cnt, ret;
809 810
	uint32_t cmd_head;
	uint64_t cdb_off;
811
	bool copy_to_data_area;
812
	size_t data_length = tcmu_cmd_get_data_length(tcmu_cmd);
813

814 815 816 817 818 819
	*scsi_err = TCM_NO_SENSE;

	if (test_bit(TCMU_DEV_BIT_BROKEN, &udev->flags)) {
		*scsi_err = TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
		return -1;
	}
820 821 822 823 824

	/*
	 * Must be a certain minimum size for response sense info, but
	 * also may be larger if the iov array is large.
	 *
825 826 827 828 829 830 831 832 833 834
	 * We prepare as many iovs as possbile for potential uses here,
	 * because it's expensive to tell how many regions are freed in
	 * the bitmap & global data pool, as the size calculated here
	 * will only be used to do the checks.
	 *
	 * The size will be recalculated later as actually needed to save
	 * cmd area memories.
	 */
	base_command_size = tcmu_cmd_get_base_cmd_size(tcmu_cmd->dbi_cnt);
	command_size = tcmu_cmd_get_cmd_size(tcmu_cmd, base_command_size);
835

836 837
	if (!list_empty(&udev->cmdr_queue))
		goto queue;
838 839 840

	mb = udev->mb_addr;
	cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */
841 842 843
	if ((command_size > (udev->cmdr_size / 2)) ||
	    data_length > udev->data_size) {
		pr_warn("TCMU: Request of size %zu/%zu is too big for %u/%zu "
844
			"cmd ring/data area\n", command_size, data_length,
845
			udev->cmdr_size, udev->data_size);
846 847
		*scsi_err = TCM_INVALID_CDB_FIELD;
		return -1;
848
	}
849

850
	if (!is_ring_space_avail(udev, tcmu_cmd, command_size, data_length)) {
851 852 853 854 855 856
		/*
		 * Don't leave commands partially setup because the unmap
		 * thread might need the blocks to make forward progress.
		 */
		tcmu_cmd_free_data(tcmu_cmd, tcmu_cmd->dbi_cur);
		tcmu_cmd_reset_dbi_cur(tcmu_cmd);
857
		goto queue;
858 859
	}

860 861 862 863
	/* Insert a PAD if end-of-ring space is too small */
	if (head_to_end(cmd_head, udev->cmdr_size) < command_size) {
		size_t pad_size = head_to_end(cmd_head, udev->cmdr_size);

864
		entry = (void *) mb + CMDR_OFF + cmd_head;
A
Andy Grover 已提交
865 866 867 868 869
		tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_PAD);
		tcmu_hdr_set_len(&entry->hdr.len_op, pad_size);
		entry->hdr.cmd_id = 0; /* not used for PAD */
		entry->hdr.kflags = 0;
		entry->hdr.uflags = 0;
870
		tcmu_flush_dcache_range(entry, sizeof(*entry));
871 872

		UPDATE_HEAD(mb->cmd_head, pad_size, udev->cmdr_size);
873
		tcmu_flush_dcache_range(mb, sizeof(*mb));
874 875 876 877 878 879

		cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */
		WARN_ON(cmd_head != 0);
	}

	entry = (void *) mb + CMDR_OFF + cmd_head;
880
	memset(entry, 0, command_size);
A
Andy Grover 已提交
881
	tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_CMD);
882

883
	/* Handle allocating space from the data area */
884
	tcmu_cmd_reset_dbi_cur(tcmu_cmd);
885
	iov = &entry->req.iov[0];
886
	iov_cnt = 0;
887 888
	copy_to_data_area = (se_cmd->data_direction == DMA_TO_DEVICE
		|| se_cmd->se_cmd_flags & SCF_BIDI);
889 890 891
	scatter_data_area(udev, tcmu_cmd, se_cmd->t_data_sg,
			  se_cmd->t_data_nents, &iov, &iov_cnt,
			  copy_to_data_area);
892 893
	entry->req.iov_cnt = iov_cnt;

894
	/* Handle BIDI commands */
895
	iov_cnt = 0;
896 897
	if (se_cmd->se_cmd_flags & SCF_BIDI) {
		iov++;
898 899 900
		scatter_data_area(udev, tcmu_cmd, se_cmd->t_bidi_data_sg,
				  se_cmd->t_bidi_data_nents, &iov, &iov_cnt,
				  false);
901
	}
902
	entry->req.iov_bidi_cnt = iov_cnt;
903

M
Mike Christie 已提交
904 905 906
	ret = tcmu_setup_cmd_timer(tcmu_cmd);
	if (ret) {
		tcmu_cmd_free_data(tcmu_cmd, tcmu_cmd->dbi_cnt);
907
		mutex_unlock(&udev->cmdr_lock);
908 909 910

		*scsi_err = TCM_OUT_OF_RESOURCES;
		return -1;
M
Mike Christie 已提交
911 912 913
	}
	entry->hdr.cmd_id = tcmu_cmd->cmd_id;

914 915 916 917 918 919 920 921 922 923
	/*
	 * Recalaulate the command's base size and size according
	 * to the actual needs
	 */
	base_command_size = tcmu_cmd_get_base_cmd_size(entry->req.iov_cnt +
						       entry->req.iov_bidi_cnt);
	command_size = tcmu_cmd_get_cmd_size(tcmu_cmd, base_command_size);

	tcmu_hdr_set_len(&entry->hdr.len_op, command_size);

924 925 926 927 928 929 930 931 932 933 934 935
	/* All offsets relative to mb_addr, not start of entry! */
	cdb_off = CMDR_OFF + cmd_head + base_command_size;
	memcpy((void *) mb + cdb_off, se_cmd->t_task_cdb, scsi_command_size(se_cmd->t_task_cdb));
	entry->req.cdb_off = cdb_off;
	tcmu_flush_dcache_range(entry, sizeof(*entry));

	UPDATE_HEAD(mb->cmd_head, command_size, udev->cmdr_size);
	tcmu_flush_dcache_range(mb, sizeof(*mb));

	/* TODO: only if FLUSH and FUA? */
	uio_event_notify(&udev->uio_info);

936
	return 0;
937 938 939 940 941 942 943 944

queue:
	if (add_to_cmdr_queue(tcmu_cmd)) {
		*scsi_err = TCM_OUT_OF_RESOURCES;
		return -1;
	}

	return 1;
945 946
}

947 948
static sense_reason_t
tcmu_queue_cmd(struct se_cmd *se_cmd)
949
{
950 951
	struct se_device *se_dev = se_cmd->se_dev;
	struct tcmu_dev *udev = TCMU_DEV(se_dev);
952
	struct tcmu_cmd *tcmu_cmd;
953
	sense_reason_t scsi_ret;
954
	int ret;
955 956 957

	tcmu_cmd = tcmu_alloc_cmd(se_cmd);
	if (!tcmu_cmd)
958
		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
959

960 961 962 963
	mutex_lock(&udev->cmdr_lock);
	ret = queue_cmd_ring(tcmu_cmd, &scsi_ret);
	mutex_unlock(&udev->cmdr_lock);
	if (ret < 0)
964
		tcmu_free_cmd(tcmu_cmd);
965
	return scsi_ret;
966 967 968 969 970 971 972
}

static void tcmu_handle_completion(struct tcmu_cmd *cmd, struct tcmu_cmd_entry *entry)
{
	struct se_cmd *se_cmd = cmd->se_cmd;
	struct tcmu_dev *udev = cmd->tcmu_dev;

973 974 975 976 977 978
	/*
	 * cmd has been completed already from timeout, just reclaim
	 * data area space and free cmd
	 */
	if (test_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags))
		goto out;
979

980
	tcmu_cmd_reset_dbi_cur(cmd);
981

A
Andy Grover 已提交
982 983 984
	if (entry->hdr.uflags & TCMU_UFLAG_UNKNOWN_OP) {
		pr_warn("TCMU: Userspace set UNKNOWN_OP flag on se_cmd %p\n",
			cmd->se_cmd);
985 986
		entry->rsp.scsi_status = SAM_STAT_CHECK_CONDITION;
	} else if (entry->rsp.scsi_status == SAM_STAT_CHECK_CONDITION) {
987
		transport_copy_sense_to_cmd(se_cmd, entry->rsp.sense_buffer);
988
	} else if (se_cmd->se_cmd_flags & SCF_BIDI) {
989
		/* Get Data-In buffer before clean up */
990
		gather_data_area(udev, cmd, true);
991
	} else if (se_cmd->data_direction == DMA_FROM_DEVICE) {
992
		gather_data_area(udev, cmd, false);
993
	} else if (se_cmd->data_direction == DMA_TO_DEVICE) {
994
		/* TODO: */
995 996 997
	} else if (se_cmd->data_direction != DMA_NONE) {
		pr_warn("TCMU: data direction was %d!\n",
			se_cmd->data_direction);
998 999 1000 1001
	}

	target_complete_cmd(cmd->se_cmd, entry->rsp.scsi_status);

1002 1003
out:
	cmd->se_cmd = NULL;
1004
	tcmu_cmd_free_data(cmd, cmd->dbi_cnt);
1005
	tcmu_free_cmd(cmd);
1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020
}

static unsigned int tcmu_handle_completions(struct tcmu_dev *udev)
{
	struct tcmu_mailbox *mb;
	int handled = 0;

	if (test_bit(TCMU_DEV_BIT_BROKEN, &udev->flags)) {
		pr_err("ring broken, not handling completions\n");
		return 0;
	}

	mb = udev->mb_addr;
	tcmu_flush_dcache_range(mb, sizeof(*mb));

1021
	while (udev->cmdr_last_cleaned != READ_ONCE(mb->cmd_tail)) {
1022 1023 1024 1025 1026 1027

		struct tcmu_cmd_entry *entry = (void *) mb + CMDR_OFF + udev->cmdr_last_cleaned;
		struct tcmu_cmd *cmd;

		tcmu_flush_dcache_range(entry, sizeof(*entry));

A
Andy Grover 已提交
1028 1029 1030 1031
		if (tcmu_hdr_get_op(entry->hdr.len_op) == TCMU_OP_PAD) {
			UPDATE_HEAD(udev->cmdr_last_cleaned,
				    tcmu_hdr_get_len(entry->hdr.len_op),
				    udev->cmdr_size);
1032 1033
			continue;
		}
A
Andy Grover 已提交
1034
		WARN_ON(tcmu_hdr_get_op(entry->hdr.len_op) != TCMU_OP_CMD);
1035

1036
		cmd = idr_remove(&udev->commands, entry->hdr.cmd_id);
1037 1038 1039 1040 1041 1042 1043 1044
		if (!cmd) {
			pr_err("cmd_id not found, ring is broken\n");
			set_bit(TCMU_DEV_BIT_BROKEN, &udev->flags);
			break;
		}

		tcmu_handle_completion(cmd, entry);

A
Andy Grover 已提交
1045 1046 1047
		UPDATE_HEAD(udev->cmdr_last_cleaned,
			    tcmu_hdr_get_len(entry->hdr.len_op),
			    udev->cmdr_size);
1048 1049 1050 1051

		handled++;
	}

1052 1053 1054 1055 1056 1057 1058 1059 1060
	if (mb->cmd_tail == mb->cmd_head && list_empty(&udev->cmdr_queue)) {
		del_timer(&udev->timeout);
		/*
		 * not more pending or waiting commands so try to reclaim
		 * blocks if needed.
		 */
		if (atomic_read(&global_db_count) > TCMU_GLOBAL_MAX_BLOCKS)
			schedule_delayed_work(&tcmu_unmap_work, 0);
	}
1061 1062 1063 1064 1065 1066 1067

	return handled;
}

static int tcmu_check_expired_cmd(int id, void *p, void *data)
{
	struct tcmu_cmd *cmd = p;
1068 1069 1070 1071
	struct tcmu_dev *udev = cmd->tcmu_dev;
	u8 scsi_status;
	struct se_cmd *se_cmd;
	bool is_running;
1072 1073 1074 1075

	if (test_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags))
		return 0;

1076
	if (!time_after(jiffies, cmd->deadline))
1077 1078
		return 0;

1079 1080 1081 1082 1083
	is_running = list_empty(&cmd->cmdr_queue_entry);
	pr_debug("Timing out cmd %u on dev %s that is %s.\n",
		 id, udev->name, is_running ? "inflight" : "queued");

	se_cmd = cmd->se_cmd;
1084 1085
	cmd->se_cmd = NULL;

1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099
	if (is_running) {
		set_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags);
		/*
		 * target_complete_cmd will translate this to LUN COMM FAILURE
		 */
		scsi_status = SAM_STAT_CHECK_CONDITION;
	} else {
		list_del_init(&cmd->cmdr_queue_entry);

		idr_remove(&udev->commands, id);
		tcmu_free_cmd(cmd);
		scsi_status = SAM_STAT_TASK_SET_FULL;
	}
	target_complete_cmd(se_cmd, scsi_status);
1100 1101 1102
	return 0;
}

1103
static void tcmu_device_timedout(struct timer_list *t)
1104
{
1105
	struct tcmu_dev *udev = from_timer(udev, t, timeout);
1106

1107
	pr_debug("%s cmd timeout has expired\n", udev->name);
1108

1109 1110 1111 1112
	spin_lock(&timed_out_udevs_lock);
	if (list_empty(&udev->timedout_entry))
		list_add_tail(&udev->timedout_entry, &timed_out_udevs);
	spin_unlock(&timed_out_udevs_lock);
1113

1114
	schedule_delayed_work(&tcmu_unmap_work, 0);
1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143
}

static int tcmu_attach_hba(struct se_hba *hba, u32 host_id)
{
	struct tcmu_hba *tcmu_hba;

	tcmu_hba = kzalloc(sizeof(struct tcmu_hba), GFP_KERNEL);
	if (!tcmu_hba)
		return -ENOMEM;

	tcmu_hba->host_id = host_id;
	hba->hba_ptr = tcmu_hba;

	return 0;
}

static void tcmu_detach_hba(struct se_hba *hba)
{
	kfree(hba->hba_ptr);
	hba->hba_ptr = NULL;
}

static struct se_device *tcmu_alloc_device(struct se_hba *hba, const char *name)
{
	struct tcmu_dev *udev;

	udev = kzalloc(sizeof(struct tcmu_dev), GFP_KERNEL);
	if (!udev)
		return NULL;
1144
	kref_init(&udev->kref);
1145 1146 1147 1148 1149 1150 1151 1152

	udev->name = kstrdup(name, GFP_KERNEL);
	if (!udev->name) {
		kfree(udev);
		return NULL;
	}

	udev->hba = hba;
1153
	udev->cmd_time_out = TCMU_TIME_OUT;
1154

1155
	mutex_init(&udev->cmdr_lock);
1156

1157
	INIT_LIST_HEAD(&udev->timedout_entry);
1158
	INIT_LIST_HEAD(&udev->cmdr_queue);
1159 1160
	idr_init(&udev->commands);

1161
	timer_setup(&udev->timeout, tcmu_device_timedout, 0);
1162

1163 1164 1165
	init_waitqueue_head(&udev->nl_cmd_wq);
	spin_lock_init(&udev->nl_cmd_lock);

1166 1167
	INIT_RADIX_TREE(&udev->data_blocks, GFP_KERNEL);

1168 1169 1170
	return &udev->se_dev;
}

1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219
static bool run_cmdr_queue(struct tcmu_dev *udev)
{
	struct tcmu_cmd *tcmu_cmd, *tmp_cmd;
	LIST_HEAD(cmds);
	bool drained = true;
	sense_reason_t scsi_ret;
	int ret;

	if (list_empty(&udev->cmdr_queue))
		return true;

	pr_debug("running %s's cmdr queue\n", udev->name);

	list_splice_init(&udev->cmdr_queue, &cmds);

	list_for_each_entry_safe(tcmu_cmd, tmp_cmd, &cmds, cmdr_queue_entry) {
		list_del_init(&tcmu_cmd->cmdr_queue_entry);

	        pr_debug("removing cmd %u on dev %s from queue\n",
		         tcmu_cmd->cmd_id, udev->name);

		ret = queue_cmd_ring(tcmu_cmd, &scsi_ret);
		if (ret < 0) {
		        pr_debug("cmd %u on dev %s failed with %u\n",
			         tcmu_cmd->cmd_id, udev->name, scsi_ret);

			idr_remove(&udev->commands, tcmu_cmd->cmd_id);
			/*
			 * Ignore scsi_ret for now. target_complete_cmd
			 * drops it.
			 */
			target_complete_cmd(tcmu_cmd->se_cmd,
					    SAM_STAT_CHECK_CONDITION);
			tcmu_free_cmd(tcmu_cmd);
		} else if (ret > 0) {
			pr_debug("ran out of space during cmdr queue run\n");
			/*
			 * cmd was requeued, so just put all cmds back in
			 * the queue
			 */
			list_splice_tail(&cmds, &udev->cmdr_queue);
			drained = false;
			goto done;
		}
	}
done:
	return drained;
}

1220 1221
static int tcmu_irqcontrol(struct uio_info *info, s32 irq_on)
{
1222
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);
1223

1224 1225 1226 1227
	mutex_lock(&udev->cmdr_lock);
	tcmu_handle_completions(udev);
	run_cmdr_queue(udev);
	mutex_unlock(&udev->cmdr_lock);
1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248

	return 0;
}

/*
 * mmap code from uio.c. Copied here because we want to hook mmap()
 * and this stuff must come along.
 */
static int tcmu_find_mem_index(struct vm_area_struct *vma)
{
	struct tcmu_dev *udev = vma->vm_private_data;
	struct uio_info *info = &udev->uio_info;

	if (vma->vm_pgoff < MAX_UIO_MAPS) {
		if (info->mem[vma->vm_pgoff].size == 0)
			return -1;
		return (int)vma->vm_pgoff;
	}
	return -1;
}

1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275 1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302
static struct page *tcmu_try_get_block_page(struct tcmu_dev *udev, uint32_t dbi)
{
	struct page *page;
	int ret;

	mutex_lock(&udev->cmdr_lock);
	page = tcmu_get_block_page(udev, dbi);
	if (likely(page)) {
		mutex_unlock(&udev->cmdr_lock);
		return page;
	}

	/*
	 * Normally it shouldn't be here:
	 * Only when the userspace has touched the blocks which
	 * are out of the tcmu_cmd's data iov[], and will return
	 * one zeroed page.
	 */
	pr_warn("Block(%u) out of cmd's iov[] has been touched!\n", dbi);
	pr_warn("Mostly it will be a bug of userspace, please have a check!\n");

	if (dbi >= udev->dbi_thresh) {
		/* Extern the udev->dbi_thresh to dbi + 1 */
		udev->dbi_thresh = dbi + 1;
		udev->dbi_max = dbi;
	}

	page = radix_tree_lookup(&udev->data_blocks, dbi);
	if (!page) {
		page = alloc_page(GFP_KERNEL | __GFP_ZERO);
		if (!page) {
			mutex_unlock(&udev->cmdr_lock);
			return NULL;
		}

		ret = radix_tree_insert(&udev->data_blocks, dbi, page);
		if (ret) {
			mutex_unlock(&udev->cmdr_lock);
			__free_page(page);
			return NULL;
		}

		/*
		 * Since this case is rare in page fault routine, here we
		 * will allow the global_db_count >= TCMU_GLOBAL_MAX_BLOCKS
		 * to reduce possible page fault call trace.
		 */
		atomic_inc(&global_db_count);
	}
	mutex_unlock(&udev->cmdr_lock);

	return page;
}

1303
static int tcmu_vma_fault(struct vm_fault *vmf)
1304
{
1305
	struct tcmu_dev *udev = vmf->vma->vm_private_data;
1306 1307 1308 1309 1310
	struct uio_info *info = &udev->uio_info;
	struct page *page;
	unsigned long offset;
	void *addr;

1311
	int mi = tcmu_find_mem_index(vmf->vma);
1312 1313 1314 1315 1316 1317 1318 1319 1320
	if (mi < 0)
		return VM_FAULT_SIGBUS;

	/*
	 * We need to subtract mi because userspace uses offset = N*PAGE_SIZE
	 * to use mem[N].
	 */
	offset = (vmf->pgoff - mi) << PAGE_SHIFT;

1321 1322 1323
	if (offset < udev->data_off) {
		/* For the vmalloc()ed cmd area pages */
		addr = (void *)(unsigned long)info->mem[mi].addr + offset;
1324
		page = vmalloc_to_page(addr);
1325 1326 1327
	} else {
		uint32_t dbi;

1328
		/* For the dynamically growing data area pages */
1329
		dbi = (offset - udev->data_off) / DATA_BLOCK_SIZE;
1330 1331
		page = tcmu_try_get_block_page(udev, dbi);
		if (!page)
1332 1333 1334
			return VM_FAULT_NOPAGE;
	}

1335 1336 1337 1338 1339 1340 1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367
	get_page(page);
	vmf->page = page;
	return 0;
}

static const struct vm_operations_struct tcmu_vm_ops = {
	.fault = tcmu_vma_fault,
};

static int tcmu_mmap(struct uio_info *info, struct vm_area_struct *vma)
{
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);

	vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
	vma->vm_ops = &tcmu_vm_ops;

	vma->vm_private_data = udev;

	/* Ensure the mmap is exactly the right size */
	if (vma_pages(vma) != (TCMU_RING_SIZE >> PAGE_SHIFT))
		return -EINVAL;

	return 0;
}

static int tcmu_open(struct uio_info *info, struct inode *inode)
{
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);

	/* O_EXCL not supported for char devs, so fake it? */
	if (test_and_set_bit(TCMU_DEV_BIT_OPEN, &udev->flags))
		return -EBUSY;

1368
	udev->inode = inode;
1369
	kref_get(&udev->kref);
1370

1371 1372 1373 1374 1375
	pr_debug("open\n");

	return 0;
}

1376 1377 1378 1379 1380 1381 1382 1383 1384 1385
static void tcmu_dev_call_rcu(struct rcu_head *p)
{
	struct se_device *dev = container_of(p, struct se_device, rcu_head);
	struct tcmu_dev *udev = TCMU_DEV(dev);

	kfree(udev->uio_info.name);
	kfree(udev->name);
	kfree(udev);
}

1386 1387 1388 1389 1390 1391 1392 1393 1394
static int tcmu_check_and_free_pending_cmd(struct tcmu_cmd *cmd)
{
	if (test_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags)) {
		kmem_cache_free(tcmu_cmd_cache, cmd);
		return 0;
	}
	return -EINVAL;
}

1395 1396
static void tcmu_blocks_release(struct radix_tree_root *blocks,
				int start, int end)
1397 1398 1399 1400
{
	int i;
	struct page *page;

1401 1402
	for (i = start; i < end; i++) {
		page = radix_tree_delete(blocks, i);
1403 1404 1405 1406 1407 1408 1409
		if (page) {
			__free_page(page);
			atomic_dec(&global_db_count);
		}
	}
}

1410 1411 1412 1413
static void tcmu_dev_kref_release(struct kref *kref)
{
	struct tcmu_dev *udev = container_of(kref, struct tcmu_dev, kref);
	struct se_device *dev = &udev->se_dev;
1414 1415 1416 1417 1418 1419 1420
	struct tcmu_cmd *cmd;
	bool all_expired = true;
	int i;

	vfree(udev->mb_addr);
	udev->mb_addr = NULL;

1421 1422 1423 1424 1425
	spin_lock_bh(&timed_out_udevs_lock);
	if (!list_empty(&udev->timedout_entry))
		list_del(&udev->timedout_entry);
	spin_unlock_bh(&timed_out_udevs_lock);

1426
	/* Upper layer should drain all requests before calling this */
M
Mike Christie 已提交
1427
	mutex_lock(&udev->cmdr_lock);
1428 1429 1430 1431 1432 1433 1434
	idr_for_each_entry(&udev->commands, cmd, i) {
		if (tcmu_check_and_free_pending_cmd(cmd) != 0)
			all_expired = false;
	}
	idr_destroy(&udev->commands);
	WARN_ON(!all_expired);

1435 1436
	tcmu_blocks_release(&udev->data_blocks, 0, udev->dbi_max + 1);
	mutex_unlock(&udev->cmdr_lock);
1437 1438 1439 1440

	call_rcu(&dev->rcu_head, tcmu_dev_call_rcu);
}

1441 1442 1443 1444 1445 1446 1447
static int tcmu_release(struct uio_info *info, struct inode *inode)
{
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);

	clear_bit(TCMU_DEV_BIT_OPEN, &udev->flags);

	pr_debug("close\n");
1448
	/* release ref from open */
1449
	kref_put(&udev->kref, tcmu_dev_kref_release);
1450 1451 1452
	return 0;
}

1453 1454 1455 1456 1457 1458
static void tcmu_init_genl_cmd_reply(struct tcmu_dev *udev, int cmd)
{
	struct tcmu_nl_cmd *nl_cmd = &udev->curr_nl_cmd;

	if (!tcmu_kern_cmd_reply_supported)
		return;
1459 1460 1461 1462

	if (udev->nl_reply_supported <= 0)
		return;

1463 1464 1465 1466 1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488
relock:
	spin_lock(&udev->nl_cmd_lock);

	if (nl_cmd->cmd != TCMU_CMD_UNSPEC) {
		spin_unlock(&udev->nl_cmd_lock);
		pr_debug("sleeping for open nl cmd\n");
		wait_event(udev->nl_cmd_wq, (nl_cmd->cmd == TCMU_CMD_UNSPEC));
		goto relock;
	}

	memset(nl_cmd, 0, sizeof(*nl_cmd));
	nl_cmd->cmd = cmd;
	init_completion(&nl_cmd->complete);

	spin_unlock(&udev->nl_cmd_lock);
}

static int tcmu_wait_genl_cmd_reply(struct tcmu_dev *udev)
{
	struct tcmu_nl_cmd *nl_cmd = &udev->curr_nl_cmd;
	int ret;
	DEFINE_WAIT(__wait);

	if (!tcmu_kern_cmd_reply_supported)
		return 0;

1489 1490 1491
	if (udev->nl_reply_supported <= 0)
		return 0;

1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507
	pr_debug("sleeping for nl reply\n");
	wait_for_completion(&nl_cmd->complete);

	spin_lock(&udev->nl_cmd_lock);
	nl_cmd->cmd = TCMU_CMD_UNSPEC;
	ret = nl_cmd->status;
	nl_cmd->status = 0;
	spin_unlock(&udev->nl_cmd_lock);

	wake_up_all(&udev->nl_cmd_wq);

	return ret;;
}

static int tcmu_netlink_event(struct tcmu_dev *udev, enum tcmu_genl_cmd cmd,
			      int reconfig_attr, const void *reconfig_data)
1508 1509 1510
{
	struct sk_buff *skb;
	void *msg_header;
1511
	int ret = -ENOMEM;
1512 1513 1514

	skb = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
	if (!skb)
1515
		return ret;
1516 1517

	msg_header = genlmsg_put(skb, 0, 0, &tcmu_genl_family, 0, cmd);
1518 1519
	if (!msg_header)
		goto free_skb;
1520

1521
	ret = nla_put_string(skb, TCMU_ATTR_DEVICE, udev->uio_info.name);
1522 1523
	if (ret < 0)
		goto free_skb;
1524

1525 1526 1527 1528 1529
	ret = nla_put_u32(skb, TCMU_ATTR_MINOR, udev->uio_info.uio_dev->minor);
	if (ret < 0)
		goto free_skb;

	ret = nla_put_u32(skb, TCMU_ATTR_DEVICE_ID, udev->se_dev.dev_index);
1530 1531
	if (ret < 0)
		goto free_skb;
1532

1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545 1546 1547 1548 1549 1550 1551 1552 1553
	if (cmd == TCMU_CMD_RECONFIG_DEVICE) {
		switch (reconfig_attr) {
		case TCMU_ATTR_DEV_CFG:
			ret = nla_put_string(skb, reconfig_attr, reconfig_data);
			break;
		case TCMU_ATTR_DEV_SIZE:
			ret = nla_put_u64_64bit(skb, reconfig_attr,
						*((u64 *)reconfig_data),
						TCMU_ATTR_PAD);
			break;
		case TCMU_ATTR_WRITECACHE:
			ret = nla_put_u8(skb, reconfig_attr,
					  *((u8 *)reconfig_data));
			break;
		default:
			BUG();
		}

		if (ret < 0)
			goto free_skb;
	}
1554

1555
	genlmsg_end(skb, msg_header);
1556

1557 1558
	tcmu_init_genl_cmd_reply(udev, cmd);

1559
	ret = genlmsg_multicast_allns(&tcmu_genl_family, skb, 0,
1560 1561 1562 1563
				TCMU_MCGRP_CONFIG, GFP_KERNEL);
	/* We don't care if no one is listening */
	if (ret == -ESRCH)
		ret = 0;
1564 1565
	if (!ret)
		ret = tcmu_wait_genl_cmd_reply(udev);
1566 1567

	return ret;
1568 1569 1570
free_skb:
	nlmsg_free(skb);
	return ret;
1571 1572
}

B
Bryant G. Ly 已提交
1573
static int tcmu_update_uio_info(struct tcmu_dev *udev)
1574 1575 1576
{
	struct tcmu_hba *hba = udev->hba->hba_ptr;
	struct uio_info *info;
B
Bryant G. Ly 已提交
1577
	size_t size, used;
1578 1579 1580 1581 1582 1583 1584 1585 1586 1587 1588 1589 1590 1591
	char *str;

	info = &udev->uio_info;
	size = snprintf(NULL, 0, "tcm-user/%u/%s/%s", hba->host_id, udev->name,
			udev->dev_config);
	size += 1; /* for \0 */
	str = kmalloc(size, GFP_KERNEL);
	if (!str)
		return -ENOMEM;

	used = snprintf(str, size, "tcm-user/%u/%s", hba->host_id, udev->name);
	if (udev->dev_config[0])
		snprintf(str + used, size - used, "/%s", udev->dev_config);

B
Bryant G. Ly 已提交
1592 1593
	/* If the old string exists, free it */
	kfree(info->name);
1594 1595
	info->name = str;

B
Bryant G. Ly 已提交
1596 1597 1598 1599 1600 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611
	return 0;
}

static int tcmu_configure_device(struct se_device *dev)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);
	struct uio_info *info;
	struct tcmu_mailbox *mb;
	int ret = 0;

	ret = tcmu_update_uio_info(udev);
	if (ret)
		return ret;

	info = &udev->uio_info;

1612
	udev->mb_addr = vzalloc(CMDR_SIZE);
1613 1614 1615 1616 1617 1618 1619 1620
	if (!udev->mb_addr) {
		ret = -ENOMEM;
		goto err_vzalloc;
	}

	/* mailbox fits in first part of CMDR space */
	udev->cmdr_size = CMDR_SIZE - CMDR_OFF;
	udev->data_off = CMDR_SIZE;
1621
	udev->data_size = DATA_SIZE;
1622
	udev->dbi_thresh = 0; /* Default in Idle state */
1623

1624
	/* Initialise the mailbox of the ring buffer */
1625
	mb = udev->mb_addr;
A
Andy Grover 已提交
1626
	mb->version = TCMU_MAILBOX_VERSION;
1627
	mb->flags = TCMU_MAILBOX_FLAG_CAP_OOOC;
1628 1629 1630 1631 1632
	mb->cmdr_off = CMDR_OFF;
	mb->cmdr_size = udev->cmdr_size;

	WARN_ON(!PAGE_ALIGNED(udev->data_off));
	WARN_ON(udev->data_size % PAGE_SIZE);
1633
	WARN_ON(udev->data_size % DATA_BLOCK_SIZE);
1634

1635
	info->version = __stringify(TCMU_MAILBOX_VERSION);
1636 1637

	info->mem[0].name = "tcm-user command & data buffer";
1638
	info->mem[0].addr = (phys_addr_t)(uintptr_t)udev->mb_addr;
1639
	info->mem[0].size = TCMU_RING_SIZE;
1640
	info->mem[0].memtype = UIO_MEM_NONE;
1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652

	info->irqcontrol = tcmu_irqcontrol;
	info->irq = UIO_IRQ_CUSTOM;

	info->mmap = tcmu_mmap;
	info->open = tcmu_open;
	info->release = tcmu_release;

	ret = uio_register_device(tcmu_root_device, info);
	if (ret)
		goto err_register;

1653 1654 1655
	/* User can set hw_block_size before enable the device */
	if (dev->dev_attrib.hw_block_size == 0)
		dev->dev_attrib.hw_block_size = 512;
1656
	/* Other attributes can be configured in userspace */
1657 1658
	if (!dev->dev_attrib.hw_max_sectors)
		dev->dev_attrib.hw_max_sectors = 128;
B
Bryant G. Ly 已提交
1659 1660
	if (!dev->dev_attrib.emulate_write_cache)
		dev->dev_attrib.emulate_write_cache = 0;
1661 1662
	dev->dev_attrib.hw_queue_depth = 128;

1663 1664 1665 1666 1667 1668
	/* If user didn't explicitly disable netlink reply support, use
	 * module scope setting.
	 */
	if (udev->nl_reply_supported >= 0)
		udev->nl_reply_supported = tcmu_kern_cmd_reply_supported;

1669 1670 1671 1672 1673 1674
	/*
	 * Get a ref incase userspace does a close on the uio device before
	 * LIO has initiated tcmu_free_device.
	 */
	kref_get(&udev->kref);

1675
	ret = tcmu_netlink_event(udev, TCMU_CMD_ADDED_DEVICE, 0, NULL);
1676 1677 1678
	if (ret)
		goto err_netlink;

1679 1680 1681 1682
	mutex_lock(&root_udev_mutex);
	list_add(&udev->node, &root_udev);
	mutex_unlock(&root_udev_mutex);

1683 1684 1685
	return 0;

err_netlink:
1686
	kref_put(&udev->kref, tcmu_dev_kref_release);
1687 1688 1689
	uio_unregister_device(&udev->uio_info);
err_register:
	vfree(udev->mb_addr);
1690
	udev->mb_addr = NULL;
1691 1692
err_vzalloc:
	kfree(info->name);
1693
	info->name = NULL;
1694 1695 1696 1697

	return ret;
}

1698 1699 1700 1701 1702
static bool tcmu_dev_configured(struct tcmu_dev *udev)
{
	return udev->uio_info.uio_dev ? true : false;
}

1703
static void tcmu_free_device(struct se_device *dev)
1704 1705 1706 1707 1708 1709 1710 1711
{
	struct tcmu_dev *udev = TCMU_DEV(dev);

	/* release ref from init */
	kref_put(&udev->kref, tcmu_dev_kref_release);
}

static void tcmu_destroy_device(struct se_device *dev)
1712 1713 1714 1715 1716
{
	struct tcmu_dev *udev = TCMU_DEV(dev);

	del_timer_sync(&udev->timeout);

1717 1718 1719 1720
	mutex_lock(&root_udev_mutex);
	list_del(&udev->node);
	mutex_unlock(&root_udev_mutex);

1721
	tcmu_netlink_event(udev, TCMU_CMD_REMOVED_DEVICE, 0, NULL);
1722

1723
	uio_unregister_device(&udev->uio_info);
1724 1725 1726

	/* release ref from configure */
	kref_put(&udev->kref, tcmu_dev_kref_release);
1727 1728 1729
}

enum {
1730
	Opt_dev_config, Opt_dev_size, Opt_hw_block_size, Opt_hw_max_sectors,
1731
	Opt_nl_reply_supported, Opt_err,
1732 1733 1734 1735 1736
};

static match_table_t tokens = {
	{Opt_dev_config, "dev_config=%s"},
	{Opt_dev_size, "dev_size=%u"},
1737
	{Opt_hw_block_size, "hw_block_size=%u"},
1738
	{Opt_hw_max_sectors, "hw_max_sectors=%u"},
1739
	{Opt_nl_reply_supported, "nl_reply_supported=%d"},
1740 1741 1742
	{Opt_err, NULL}
};

1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766
static int tcmu_set_dev_attrib(substring_t *arg, u32 *dev_attrib)
{
	unsigned long tmp_ul;
	char *arg_p;
	int ret;

	arg_p = match_strdup(arg);
	if (!arg_p)
		return -ENOMEM;

	ret = kstrtoul(arg_p, 0, &tmp_ul);
	kfree(arg_p);
	if (ret < 0) {
		pr_err("kstrtoul() failed for dev attrib\n");
		return ret;
	}
	if (!tmp_ul) {
		pr_err("dev attrib must be nonzero\n");
		return -EINVAL;
	}
	*dev_attrib = tmp_ul;
	return 0;
}

1767 1768 1769 1770 1771 1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790 1791 1792 1793 1794 1795 1796 1797 1798 1799 1800 1801 1802 1803 1804 1805
static ssize_t tcmu_set_configfs_dev_params(struct se_device *dev,
		const char *page, ssize_t count)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);
	char *orig, *ptr, *opts, *arg_p;
	substring_t args[MAX_OPT_ARGS];
	int ret = 0, token;

	opts = kstrdup(page, GFP_KERNEL);
	if (!opts)
		return -ENOMEM;

	orig = opts;

	while ((ptr = strsep(&opts, ",\n")) != NULL) {
		if (!*ptr)
			continue;

		token = match_token(ptr, tokens, args);
		switch (token) {
		case Opt_dev_config:
			if (match_strlcpy(udev->dev_config, &args[0],
					  TCMU_CONFIG_LEN) == 0) {
				ret = -EINVAL;
				break;
			}
			pr_debug("TCMU: Referencing Path: %s\n", udev->dev_config);
			break;
		case Opt_dev_size:
			arg_p = match_strdup(&args[0]);
			if (!arg_p) {
				ret = -ENOMEM;
				break;
			}
			ret = kstrtoul(arg_p, 0, (unsigned long *) &udev->dev_size);
			kfree(arg_p);
			if (ret < 0)
				pr_err("kstrtoul() failed for dev_size=\n");
			break;
1806
		case Opt_hw_block_size:
1807 1808 1809 1810 1811 1812
			ret = tcmu_set_dev_attrib(&args[0],
					&(dev->dev_attrib.hw_block_size));
			break;
		case Opt_hw_max_sectors:
			ret = tcmu_set_dev_attrib(&args[0],
					&(dev->dev_attrib.hw_max_sectors));
1813
			break;
1814 1815 1816 1817 1818 1819
		case Opt_nl_reply_supported:
			arg_p = match_strdup(&args[0]);
			if (!arg_p) {
				ret = -ENOMEM;
				break;
			}
D
Dan Carpenter 已提交
1820
			ret = kstrtoint(arg_p, 0, &udev->nl_reply_supported);
1821 1822
			kfree(arg_p);
			if (ret < 0)
D
Dan Carpenter 已提交
1823
				pr_err("kstrtoint() failed for nl_reply_supported=\n");
1824
			break;
1825 1826 1827
		default:
			break;
		}
1828 1829 1830

		if (ret)
			break;
1831 1832 1833 1834 1835 1836 1837 1838 1839 1840 1841 1842 1843
	}

	kfree(orig);
	return (!ret) ? count : ret;
}

static ssize_t tcmu_show_configfs_dev_params(struct se_device *dev, char *b)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);
	ssize_t bl = 0;

	bl = sprintf(b + bl, "Config: %s ",
		     udev->dev_config[0] ? udev->dev_config : "NULL");
1844
	bl += sprintf(b + bl, "Size: %zu\n", udev->dev_size);
1845 1846 1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857

	return bl;
}

static sector_t tcmu_get_blocks(struct se_device *dev)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);

	return div_u64(udev->dev_size - dev->dev_attrib.block_size,
		       dev->dev_attrib.block_size);
}

static sense_reason_t
1858
tcmu_parse_cdb(struct se_cmd *cmd)
1859
{
1860
	return passthrough_parse_cdb(cmd, tcmu_queue_cmd);
1861 1862
}

1863 1864 1865 1866
static ssize_t tcmu_cmd_time_out_show(struct config_item *item, char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);
1867
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
1868 1869 1870 1871 1872 1873 1874 1875 1876 1877 1878 1879 1880 1881 1882 1883 1884 1885 1886 1887 1888 1889 1890 1891 1892 1893 1894 1895

	return snprintf(page, PAGE_SIZE, "%lu\n", udev->cmd_time_out / MSEC_PER_SEC);
}

static ssize_t tcmu_cmd_time_out_store(struct config_item *item, const char *page,
				       size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = container_of(da->da_dev,
					struct tcmu_dev, se_dev);
	u32 val;
	int ret;

	if (da->da_dev->export_count) {
		pr_err("Unable to set tcmu cmd_time_out while exports exist\n");
		return -EINVAL;
	}

	ret = kstrtou32(page, 0, &val);
	if (ret < 0)
		return ret;

	udev->cmd_time_out = val * MSEC_PER_SEC;
	return count;
}
CONFIGFS_ATTR(tcmu_, cmd_time_out);

1896
static ssize_t tcmu_dev_config_show(struct config_item *item, char *page)
1897 1898 1899 1900 1901 1902 1903 1904
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);

	return snprintf(page, PAGE_SIZE, "%s\n", udev->dev_config);
}

1905 1906
static ssize_t tcmu_dev_config_store(struct config_item *item, const char *page,
				     size_t count)
1907 1908 1909 1910
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
1911
	int ret, len;
1912

1913 1914
	len = strlen(page);
	if (!len || len > TCMU_CONFIG_LEN - 1)
1915 1916 1917 1918
		return -EINVAL;

	/* Check if device has been configured before */
	if (tcmu_dev_configured(udev)) {
1919
		ret = tcmu_netlink_event(udev, TCMU_CMD_RECONFIG_DEVICE,
1920
					 TCMU_ATTR_DEV_CFG, page);
1921 1922 1923 1924
		if (ret) {
			pr_err("Unable to reconfigure device\n");
			return ret;
		}
B
Bryant G. Ly 已提交
1925 1926 1927 1928 1929 1930
		strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN);

		ret = tcmu_update_uio_info(udev);
		if (ret)
			return ret;
		return count;
1931
	}
1932
	strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN);
1933 1934 1935

	return count;
}
1936
CONFIGFS_ATTR(tcmu_, dev_config);
1937

1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952
static ssize_t tcmu_dev_size_show(struct config_item *item, char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);

	return snprintf(page, PAGE_SIZE, "%zu\n", udev->dev_size);
}

static ssize_t tcmu_dev_size_store(struct config_item *item, const char *page,
				   size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
1953
	u64 val;
1954 1955
	int ret;

1956
	ret = kstrtou64(page, 0, &val);
1957 1958 1959 1960 1961
	if (ret < 0)
		return ret;

	/* Check if device has been configured before */
	if (tcmu_dev_configured(udev)) {
1962
		ret = tcmu_netlink_event(udev, TCMU_CMD_RECONFIG_DEVICE,
1963
					 TCMU_ATTR_DEV_SIZE, &val);
1964 1965 1966 1967 1968
		if (ret) {
			pr_err("Unable to reconfigure device\n");
			return ret;
		}
	}
1969
	udev->dev_size = val;
1970 1971 1972 1973
	return count;
}
CONFIGFS_ATTR(tcmu_, dev_size);

1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001
static ssize_t tcmu_nl_reply_supported_show(struct config_item *item,
		char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);

	return snprintf(page, PAGE_SIZE, "%d\n", udev->nl_reply_supported);
}

static ssize_t tcmu_nl_reply_supported_store(struct config_item *item,
		const char *page, size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
	s8 val;
	int ret;

	ret = kstrtos8(page, 0, &val);
	if (ret < 0)
		return ret;

	udev->nl_reply_supported = val;
	return count;
}
CONFIGFS_ATTR(tcmu_, nl_reply_supported);

B
Bryant G. Ly 已提交
2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
static ssize_t tcmu_emulate_write_cache_show(struct config_item *item,
					     char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);

	return snprintf(page, PAGE_SIZE, "%i\n", da->emulate_write_cache);
}

static ssize_t tcmu_emulate_write_cache_store(struct config_item *item,
					      const char *page, size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);
2016
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
2017
	u8 val;
B
Bryant G. Ly 已提交
2018 2019
	int ret;

2020
	ret = kstrtou8(page, 0, &val);
B
Bryant G. Ly 已提交
2021 2022 2023
	if (ret < 0)
		return ret;

2024 2025
	/* Check if device has been configured before */
	if (tcmu_dev_configured(udev)) {
2026
		ret = tcmu_netlink_event(udev, TCMU_CMD_RECONFIG_DEVICE,
2027
					 TCMU_ATTR_WRITECACHE, &val);
2028 2029 2030 2031 2032
		if (ret) {
			pr_err("Unable to reconfigure device\n");
			return ret;
		}
	}
2033 2034

	da->emulate_write_cache = val;
B
Bryant G. Ly 已提交
2035 2036 2037 2038
	return count;
}
CONFIGFS_ATTR(tcmu_, emulate_write_cache);

2039
static struct configfs_attribute *tcmu_attrib_attrs[] = {
2040
	&tcmu_attr_cmd_time_out,
2041
	&tcmu_attr_dev_config,
2042 2043
	&tcmu_attr_dev_size,
	&tcmu_attr_emulate_write_cache,
2044
	&tcmu_attr_nl_reply_supported,
2045 2046 2047
	NULL,
};

2048 2049 2050
static struct configfs_attribute **tcmu_attrs;

static struct target_backend_ops tcmu_ops = {
2051 2052
	.name			= "user",
	.owner			= THIS_MODULE,
2053
	.transport_flags	= TRANSPORT_FLAG_PASSTHROUGH,
2054 2055 2056 2057
	.attach_hba		= tcmu_attach_hba,
	.detach_hba		= tcmu_detach_hba,
	.alloc_device		= tcmu_alloc_device,
	.configure_device	= tcmu_configure_device,
2058
	.destroy_device		= tcmu_destroy_device,
2059 2060 2061 2062 2063 2064
	.free_device		= tcmu_free_device,
	.parse_cdb		= tcmu_parse_cdb,
	.set_configfs_dev_params = tcmu_set_configfs_dev_params,
	.show_configfs_dev_params = tcmu_show_configfs_dev_params,
	.get_device_type	= sbc_get_device_type,
	.get_blocks		= tcmu_get_blocks,
2065
	.tb_dev_attrib_attrs	= NULL,
2066 2067
};

M
Mike Christie 已提交
2068
static void find_free_blocks(void)
2069 2070 2071
{
	struct tcmu_dev *udev;
	loff_t off;
2072 2073 2074 2075
	u32 start, end, block, total_freed = 0;

	if (atomic_read(&global_db_count) <= TCMU_GLOBAL_MAX_BLOCKS)
		return;
2076

M
Mike Christie 已提交
2077 2078 2079
	mutex_lock(&root_udev_mutex);
	list_for_each_entry(udev, &root_udev, node) {
		mutex_lock(&udev->cmdr_lock);
2080

M
Mike Christie 已提交
2081 2082
		/* Try to complete the finished commands first */
		tcmu_handle_completions(udev);
2083

2084 2085
		/* Skip the udevs in idle */
		if (!udev->dbi_thresh) {
M
Mike Christie 已提交
2086 2087 2088
			mutex_unlock(&udev->cmdr_lock);
			continue;
		}
2089

M
Mike Christie 已提交
2090 2091 2092 2093
		end = udev->dbi_max + 1;
		block = find_last_bit(udev->data_bitmap, end);
		if (block == udev->dbi_max) {
			/*
2094 2095
			 * The last bit is dbi_max, so it is not possible
			 * reclaim any blocks.
M
Mike Christie 已提交
2096 2097 2098 2099 2100 2101 2102 2103 2104 2105 2106
			 */
			mutex_unlock(&udev->cmdr_lock);
			continue;
		} else if (block == end) {
			/* The current udev will goto idle state */
			udev->dbi_thresh = start = 0;
			udev->dbi_max = 0;
		} else {
			udev->dbi_thresh = start = block + 1;
			udev->dbi_max = block;
		}
2107

M
Mike Christie 已提交
2108 2109 2110
		/* Here will truncate the data area from off */
		off = udev->data_off + start * DATA_BLOCK_SIZE;
		unmap_mapping_range(udev->inode->i_mapping, off, 0, 1);
2111

M
Mike Christie 已提交
2112 2113 2114
		/* Release the block pages */
		tcmu_blocks_release(&udev->data_blocks, start, end);
		mutex_unlock(&udev->cmdr_lock);
2115

2116 2117 2118
		total_freed += end - start;
		pr_debug("Freed %u blocks (total %u) from %s.\n", end - start,
			 total_freed, udev->name);
M
Mike Christie 已提交
2119 2120
	}
	mutex_unlock(&root_udev_mutex);
2121 2122 2123

	if (atomic_read(&global_db_count) > TCMU_GLOBAL_MAX_BLOCKS)
		schedule_delayed_work(&tcmu_unmap_work, msecs_to_jiffies(5000));
M
Mike Christie 已提交
2124 2125
}

2126 2127 2128 2129 2130 2131 2132 2133 2134 2135 2136 2137
static void check_timedout_devices(void)
{
	struct tcmu_dev *udev, *tmp_dev;
	LIST_HEAD(devs);

	spin_lock_bh(&timed_out_udevs_lock);
	list_splice_init(&timed_out_udevs, &devs);

	list_for_each_entry_safe(udev, tmp_dev, &devs, timedout_entry) {
		list_del_init(&udev->timedout_entry);
		spin_unlock_bh(&timed_out_udevs_lock);

M
Mike Christie 已提交
2138
		mutex_lock(&udev->cmdr_lock);
2139
		idr_for_each(&udev->commands, tcmu_check_expired_cmd, NULL);
M
Mike Christie 已提交
2140
		mutex_unlock(&udev->cmdr_lock);
2141 2142 2143 2144 2145 2146 2147

		spin_lock_bh(&timed_out_udevs_lock);
	}

	spin_unlock_bh(&timed_out_udevs_lock);
}

M
Mike Christie 已提交
2148
static void tcmu_unmap_work_fn(struct work_struct *work)
M
Mike Christie 已提交
2149
{
2150
	check_timedout_devices();
M
Mike Christie 已提交
2151
	find_free_blocks();
2152 2153
}

2154 2155
static int __init tcmu_module_init(void)
{
2156
	int ret, i, k, len = 0;
2157 2158 2159

	BUILD_BUG_ON((sizeof(struct tcmu_cmd_entry) % TCMU_OP_ALIGN_SIZE) != 0);

2160
	INIT_DELAYED_WORK(&tcmu_unmap_work, tcmu_unmap_work_fn);
M
Mike Christie 已提交
2161

2162 2163 2164 2165 2166 2167 2168 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179
	tcmu_cmd_cache = kmem_cache_create("tcmu_cmd_cache",
				sizeof(struct tcmu_cmd),
				__alignof__(struct tcmu_cmd),
				0, NULL);
	if (!tcmu_cmd_cache)
		return -ENOMEM;

	tcmu_root_device = root_device_register("tcm_user");
	if (IS_ERR(tcmu_root_device)) {
		ret = PTR_ERR(tcmu_root_device);
		goto out_free_cache;
	}

	ret = genl_register_family(&tcmu_genl_family);
	if (ret < 0) {
		goto out_unreg_device;
	}

2180 2181 2182
	for (i = 0; passthrough_attrib_attrs[i] != NULL; i++) {
		len += sizeof(struct configfs_attribute *);
	}
2183 2184 2185 2186
	for (i = 0; tcmu_attrib_attrs[i] != NULL; i++) {
		len += sizeof(struct configfs_attribute *);
	}
	len += sizeof(struct configfs_attribute *);
2187 2188 2189 2190 2191 2192 2193 2194 2195 2196

	tcmu_attrs = kzalloc(len, GFP_KERNEL);
	if (!tcmu_attrs) {
		ret = -ENOMEM;
		goto out_unreg_genl;
	}

	for (i = 0; passthrough_attrib_attrs[i] != NULL; i++) {
		tcmu_attrs[i] = passthrough_attrib_attrs[i];
	}
2197 2198 2199 2200
	for (k = 0; tcmu_attrib_attrs[k] != NULL; k++) {
		tcmu_attrs[i] = tcmu_attrib_attrs[k];
		i++;
	}
2201 2202
	tcmu_ops.tb_dev_attrib_attrs = tcmu_attrs;

2203
	ret = transport_backend_register(&tcmu_ops);
2204
	if (ret)
2205
		goto out_attrs;
2206 2207 2208

	return 0;

2209 2210
out_attrs:
	kfree(tcmu_attrs);
2211 2212 2213 2214 2215 2216 2217 2218 2219 2220 2221 2222
out_unreg_genl:
	genl_unregister_family(&tcmu_genl_family);
out_unreg_device:
	root_device_unregister(tcmu_root_device);
out_free_cache:
	kmem_cache_destroy(tcmu_cmd_cache);

	return ret;
}

static void __exit tcmu_module_exit(void)
{
2223
	cancel_delayed_work_sync(&tcmu_unmap_work);
2224
	target_backend_unregister(&tcmu_ops);
2225
	kfree(tcmu_attrs);
2226 2227 2228 2229 2230 2231 2232 2233 2234 2235 2236 2237
	genl_unregister_family(&tcmu_genl_family);
	root_device_unregister(tcmu_root_device);
	kmem_cache_destroy(tcmu_cmd_cache);
}

MODULE_DESCRIPTION("TCM USER subsystem plugin");
MODULE_AUTHOR("Shaohua Li <shli@kernel.org>");
MODULE_AUTHOR("Andy Grover <agrover@redhat.com>");
MODULE_LICENSE("GPL");

module_init(tcmu_module_init);
module_exit(tcmu_module_exit);