target_core_user.c 51.5 KB
Newer Older
1 2 3
/*
 * Copyright (C) 2013 Shaohua Li <shli@kernel.org>
 * Copyright (C) 2014 Red Hat, Inc.
4
 * Copyright (C) 2015 Arrikto, Inc.
5
 * Copyright (C) 2017 Chinamobile, Inc.
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms and conditions of the GNU General Public License,
 * version 2, as published by the Free Software Foundation.
 *
 * This program is distributed in the hope it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
 * more details.
 *
 * You should have received a copy of the GNU General Public License along with
 * this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin St - Fifth Floor, Boston, MA 02110-1301 USA.
 */

#include <linux/spinlock.h>
#include <linux/module.h>
#include <linux/idr.h>
24
#include <linux/kernel.h>
25 26
#include <linux/timer.h>
#include <linux/parser.h>
27
#include <linux/vmalloc.h>
28
#include <linux/uio_driver.h>
29
#include <linux/radix-tree.h>
30
#include <linux/stringify.h>
31
#include <linux/bitops.h>
32
#include <linux/highmem.h>
33
#include <linux/configfs.h>
34 35
#include <linux/mutex.h>
#include <linux/kthread.h>
36
#include <net/genetlink.h>
37 38
#include <scsi/scsi_common.h>
#include <scsi/scsi_proto.h>
39 40 41
#include <target/target_core_base.h>
#include <target/target_core_fabric.h>
#include <target/target_core_backend.h>
42

43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71
#include <linux/target_core_user.h>

/*
 * Define a shared-memory interface for LIO to pass SCSI commands and
 * data to userspace for processing. This is to allow backends that
 * are too complex for in-kernel support to be possible.
 *
 * It uses the UIO framework to do a lot of the device-creation and
 * introspection work for us.
 *
 * See the .h file for how the ring is laid out. Note that while the
 * command ring is defined, the particulars of the data area are
 * not. Offset values in the command entry point to other locations
 * internal to the mmap()ed area. There is separate space outside the
 * command ring for data buffers. This leaves maximum flexibility for
 * moving buffer allocations, or even page flipping or other
 * allocation techniques, without altering the command ring layout.
 *
 * SECURITY:
 * The user process must be assumed to be malicious. There's no way to
 * prevent it breaking the command ring protocol if it wants, but in
 * order to prevent other issues we must only ever read *data* from
 * the shared memory area, not offsets or sizes. This applies to
 * command ring entries as well as the mailbox. Extra code needed for
 * this may have a 'UAM' comment.
 */

#define TCMU_TIME_OUT (30 * MSEC_PER_SEC)

72 73
/* For cmd area, the size is fixed 8MB */
#define CMDR_SIZE (8 * 1024 * 1024)
74

75 76 77 78 79 80
/*
 * For data area, the block size is PAGE_SIZE and
 * the total size is 256K * PAGE_SIZE.
 */
#define DATA_BLOCK_SIZE PAGE_SIZE
#define DATA_BLOCK_BITS (256 * 1024)
81
#define DATA_SIZE (DATA_BLOCK_BITS * DATA_BLOCK_SIZE)
82
#define DATA_BLOCK_INIT_BITS 128
83

84
/* The total size of the ring is 8M + 256K * PAGE_SIZE */
85 86
#define TCMU_RING_SIZE (CMDR_SIZE + DATA_SIZE)

87 88 89
/* Default maximum of the global data blocks(512K * PAGE_SIZE) */
#define TCMU_GLOBAL_MAX_BLOCKS (512 * 1024)

90 91
static u8 tcmu_kern_cmd_reply_supported;

92 93 94 95 96 97 98 99
static struct device *tcmu_root_device;

struct tcmu_hba {
	u32 host_id;
};

#define TCMU_CONFIG_LEN 256

100 101 102 103 104 105 106
struct tcmu_nl_cmd {
	/* wake up thread waiting for reply */
	struct completion complete;
	int cmd;
	int status;
};

107
struct tcmu_dev {
108
	struct list_head node;
109
	struct kref kref;
110 111 112 113 114 115 116 117 118 119 120
	struct se_device se_dev;

	char *name;
	struct se_hba *hba;

#define TCMU_DEV_BIT_OPEN 0
#define TCMU_DEV_BIT_BROKEN 1
	unsigned long flags;

	struct uio_info uio_info;

121 122
	struct inode *inode;

123 124 125 126
	struct tcmu_mailbox *mb_addr;
	size_t dev_size;
	u32 cmdr_size;
	u32 cmdr_last_cleaned;
127
	/* Offset of data area from start of mb */
128
	/* Must add data_off and mb_addr to get the address */
129 130
	size_t data_off;
	size_t data_size;
131

132
	wait_queue_head_t wait_cmdr;
133
	struct mutex cmdr_lock;
134

135
	bool waiting_global;
136
	uint32_t dbi_max;
137
	uint32_t dbi_thresh;
138 139 140
	DECLARE_BITMAP(data_bitmap, DATA_BLOCK_BITS);
	struct radix_tree_root data_blocks;

141 142 143 144
	struct idr commands;
	spinlock_t commands_lock;

	struct timer_list timeout;
145
	unsigned int cmd_time_out;
146

147 148 149 150 151
	spinlock_t nl_cmd_lock;
	struct tcmu_nl_cmd curr_nl_cmd;
	/* wake up threads waiting on curr_nl_cmd */
	wait_queue_head_t nl_cmd_wq;

152 153 154 155 156 157 158 159 160 161 162 163 164
	char dev_config[TCMU_CONFIG_LEN];
};

#define TCMU_DEV(_se_dev) container_of(_se_dev, struct tcmu_dev, se_dev)

#define CMDR_OFF sizeof(struct tcmu_mailbox)

struct tcmu_cmd {
	struct se_cmd *se_cmd;
	struct tcmu_dev *tcmu_dev;

	uint16_t cmd_id;

165
	/* Can't use se_cmd when cleaning up expired cmds, because if
166
	   cmd has been completed then accessing se_cmd is off limits */
167 168 169
	uint32_t dbi_cnt;
	uint32_t dbi_cur;
	uint32_t *dbi;
170 171 172 173 174 175 176

	unsigned long deadline;

#define TCMU_CMD_BIT_EXPIRED 0
	unsigned long flags;
};

177 178 179 180 181 182 183
static struct task_struct *unmap_thread;
static wait_queue_head_t unmap_wait;
static DEFINE_MUTEX(root_udev_mutex);
static LIST_HEAD(root_udev);

static atomic_t global_db_count = ATOMIC_INIT(0);

184 185 186 187 188 189 190 191 192 193 194
static struct kmem_cache *tcmu_cmd_cache;

/* multicast group */
enum tcmu_multicast_groups {
	TCMU_MCGRP_CONFIG,
};

static const struct genl_multicast_group tcmu_mcgrps[] = {
	[TCMU_MCGRP_CONFIG] = { .name = "config", },
};

195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304
static struct nla_policy tcmu_attr_policy[TCMU_ATTR_MAX+1] = {
	[TCMU_ATTR_DEVICE]	= { .type = NLA_STRING },
	[TCMU_ATTR_MINOR]	= { .type = NLA_U32 },
	[TCMU_ATTR_CMD_STATUS]	= { .type = NLA_S32 },
	[TCMU_ATTR_DEVICE_ID]	= { .type = NLA_U32 },
	[TCMU_ATTR_SUPP_KERN_CMD_REPLY] = { .type = NLA_U8 },
};

static int tcmu_genl_cmd_done(struct genl_info *info, int completed_cmd)
{
	struct se_device *dev;
	struct tcmu_dev *udev;
	struct tcmu_nl_cmd *nl_cmd;
	int dev_id, rc, ret = 0;
	bool is_removed = (completed_cmd == TCMU_CMD_REMOVED_DEVICE);

	if (!info->attrs[TCMU_ATTR_CMD_STATUS] ||
	    !info->attrs[TCMU_ATTR_DEVICE_ID]) {
		printk(KERN_ERR "TCMU_ATTR_CMD_STATUS or TCMU_ATTR_DEVICE_ID not set, doing nothing\n");
                return -EINVAL;
        }

	dev_id = nla_get_u32(info->attrs[TCMU_ATTR_DEVICE_ID]);
	rc = nla_get_s32(info->attrs[TCMU_ATTR_CMD_STATUS]);

	dev = target_find_device(dev_id, !is_removed);
	if (!dev) {
		printk(KERN_ERR "tcmu nl cmd %u/%u completion could not find device with dev id %u.\n",
		       completed_cmd, rc, dev_id);
		return -ENODEV;
	}
	udev = TCMU_DEV(dev);

	spin_lock(&udev->nl_cmd_lock);
	nl_cmd = &udev->curr_nl_cmd;

	pr_debug("genl cmd done got id %d curr %d done %d rc %d\n", dev_id,
		 nl_cmd->cmd, completed_cmd, rc);

	if (nl_cmd->cmd != completed_cmd) {
		printk(KERN_ERR "Mismatched commands (Expecting reply for %d. Current %d).\n",
		       completed_cmd, nl_cmd->cmd);
		ret = -EINVAL;
	} else {
		nl_cmd->status = rc;
	}

	spin_unlock(&udev->nl_cmd_lock);
	if (!is_removed)
		 target_undepend_item(&dev->dev_group.cg_item);
	if (!ret)
		complete(&nl_cmd->complete);
	return ret;
}

static int tcmu_genl_rm_dev_done(struct sk_buff *skb, struct genl_info *info)
{
	return tcmu_genl_cmd_done(info, TCMU_CMD_REMOVED_DEVICE);
}

static int tcmu_genl_add_dev_done(struct sk_buff *skb, struct genl_info *info)
{
	return tcmu_genl_cmd_done(info, TCMU_CMD_ADDED_DEVICE);
}

static int tcmu_genl_reconfig_dev_done(struct sk_buff *skb,
				       struct genl_info *info)
{
	return tcmu_genl_cmd_done(info, TCMU_CMD_RECONFIG_DEVICE);
}

static int tcmu_genl_set_features(struct sk_buff *skb, struct genl_info *info)
{
	if (info->attrs[TCMU_ATTR_SUPP_KERN_CMD_REPLY]) {
		tcmu_kern_cmd_reply_supported  =
			nla_get_u8(info->attrs[TCMU_ATTR_SUPP_KERN_CMD_REPLY]);
		printk(KERN_INFO "tcmu daemon: command reply support %u.\n",
		       tcmu_kern_cmd_reply_supported);
	}

	return 0;
}

static const struct genl_ops tcmu_genl_ops[] = {
	{
		.cmd	= TCMU_CMD_SET_FEATURES,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_set_features,
	},
	{
		.cmd	= TCMU_CMD_ADDED_DEVICE_DONE,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_add_dev_done,
	},
	{
		.cmd	= TCMU_CMD_REMOVED_DEVICE_DONE,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_rm_dev_done,
	},
	{
		.cmd	= TCMU_CMD_RECONFIG_DEVICE_DONE,
		.flags	= GENL_ADMIN_PERM,
		.policy	= tcmu_attr_policy,
		.doit	= tcmu_genl_reconfig_dev_done,
	},
};

305
/* Our generic netlink family */
306
static struct genl_family tcmu_genl_family __ro_after_init = {
307
	.module = THIS_MODULE,
308 309
	.hdrsize = 0,
	.name = "TCM-USER",
310
	.version = 2,
311 312 313
	.maxattr = TCMU_ATTR_MAX,
	.mcgrps = tcmu_mcgrps,
	.n_mcgrps = ARRAY_SIZE(tcmu_mcgrps),
314
	.netnsok = true,
315 316
	.ops = tcmu_genl_ops,
	.n_ops = ARRAY_SIZE(tcmu_genl_ops),
317 318
};

319 320 321 322 323
#define tcmu_cmd_set_dbi_cur(cmd, index) ((cmd)->dbi_cur = (index))
#define tcmu_cmd_reset_dbi_cur(cmd) tcmu_cmd_set_dbi_cur(cmd, 0)
#define tcmu_cmd_set_dbi(cmd, index) ((cmd)->dbi[(cmd)->dbi_cur++] = (index))
#define tcmu_cmd_get_dbi(cmd) ((cmd)->dbi[(cmd)->dbi_cur++])

324
static void tcmu_cmd_free_data(struct tcmu_cmd *tcmu_cmd, uint32_t len)
325 326 327 328
{
	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;
	uint32_t i;

329
	for (i = 0; i < len; i++)
330 331 332
		clear_bit(tcmu_cmd->dbi[i], udev->data_bitmap);
}

333 334
static inline bool tcmu_get_empty_block(struct tcmu_dev *udev,
					struct tcmu_cmd *tcmu_cmd)
335
{
336 337
	struct page *page;
	int ret, dbi;
338

339 340 341
	dbi = find_first_zero_bit(udev->data_bitmap, udev->dbi_thresh);
	if (dbi == udev->dbi_thresh)
		return false;
342

343 344 345 346 347 348
	page = radix_tree_lookup(&udev->data_blocks, dbi);
	if (!page) {
		if (atomic_add_return(1, &global_db_count) >
					TCMU_GLOBAL_MAX_BLOCKS) {
			atomic_dec(&global_db_count);
			return false;
349 350
		}

351 352 353
		/* try to get new page from the mm */
		page = alloc_page(GFP_KERNEL);
		if (!page)
354
			goto err_alloc;
355 356

		ret = radix_tree_insert(&udev->data_blocks, dbi, page);
357 358
		if (ret)
			goto err_insert;
359 360
	}

361 362 363 364 365 366 367
	if (dbi > udev->dbi_max)
		udev->dbi_max = dbi;

	set_bit(dbi, udev->data_bitmap);
	tcmu_cmd_set_dbi(tcmu_cmd, dbi);

	return true;
368 369 370 371 372
err_insert:
	__free_page(page);
err_alloc:
	atomic_dec(&global_db_count);
	return false;
373 374
}

375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396
static bool tcmu_get_empty_blocks(struct tcmu_dev *udev,
				  struct tcmu_cmd *tcmu_cmd)
{
	int i;

	udev->waiting_global = false;

	for (i = tcmu_cmd->dbi_cur; i < tcmu_cmd->dbi_cnt; i++) {
		if (!tcmu_get_empty_block(udev, tcmu_cmd))
			goto err;
	}
	return true;

err:
	udev->waiting_global = true;
	/* Try to wake up the unmap thread */
	wake_up(&unmap_wait);
	return false;
}

static inline struct page *
tcmu_get_block_page(struct tcmu_dev *udev, uint32_t dbi)
397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427
{
	return radix_tree_lookup(&udev->data_blocks, dbi);
}

static inline void tcmu_free_cmd(struct tcmu_cmd *tcmu_cmd)
{
	kfree(tcmu_cmd->dbi);
	kmem_cache_free(tcmu_cmd_cache, tcmu_cmd);
}

static inline size_t tcmu_cmd_get_data_length(struct tcmu_cmd *tcmu_cmd)
{
	struct se_cmd *se_cmd = tcmu_cmd->se_cmd;
	size_t data_length = round_up(se_cmd->data_length, DATA_BLOCK_SIZE);

	if (se_cmd->se_cmd_flags & SCF_BIDI) {
		BUG_ON(!(se_cmd->t_bidi_data_sg && se_cmd->t_bidi_data_nents));
		data_length += round_up(se_cmd->t_bidi_data_sg->length,
				DATA_BLOCK_SIZE);
	}

	return data_length;
}

static inline uint32_t tcmu_cmd_get_block_cnt(struct tcmu_cmd *tcmu_cmd)
{
	size_t data_length = tcmu_cmd_get_data_length(tcmu_cmd);

	return data_length / DATA_BLOCK_SIZE;
}

428 429 430 431 432 433 434 435 436 437 438 439 440
static struct tcmu_cmd *tcmu_alloc_cmd(struct se_cmd *se_cmd)
{
	struct se_device *se_dev = se_cmd->se_dev;
	struct tcmu_dev *udev = TCMU_DEV(se_dev);
	struct tcmu_cmd *tcmu_cmd;
	int cmd_id;

	tcmu_cmd = kmem_cache_zalloc(tcmu_cmd_cache, GFP_KERNEL);
	if (!tcmu_cmd)
		return NULL;

	tcmu_cmd->se_cmd = se_cmd;
	tcmu_cmd->tcmu_dev = udev;
441 442 443
	if (udev->cmd_time_out)
		tcmu_cmd->deadline = jiffies +
					msecs_to_jiffies(udev->cmd_time_out);
444

445 446 447 448 449 450 451 452 453
	tcmu_cmd_reset_dbi_cur(tcmu_cmd);
	tcmu_cmd->dbi_cnt = tcmu_cmd_get_block_cnt(tcmu_cmd);
	tcmu_cmd->dbi = kcalloc(tcmu_cmd->dbi_cnt, sizeof(uint32_t),
				GFP_KERNEL);
	if (!tcmu_cmd->dbi) {
		kmem_cache_free(tcmu_cmd_cache, tcmu_cmd);
		return NULL;
	}

454 455 456 457 458 459 460 461
	idr_preload(GFP_KERNEL);
	spin_lock_irq(&udev->commands_lock);
	cmd_id = idr_alloc(&udev->commands, tcmu_cmd, 0,
		USHRT_MAX, GFP_NOWAIT);
	spin_unlock_irq(&udev->commands_lock);
	idr_preload_end();

	if (cmd_id < 0) {
462
		tcmu_free_cmd(tcmu_cmd);
463 464 465 466 467 468 469 470 471
		return NULL;
	}
	tcmu_cmd->cmd_id = cmd_id;

	return tcmu_cmd;
}

static inline void tcmu_flush_dcache_range(void *vaddr, size_t size)
{
G
Geliang Tang 已提交
472
	unsigned long offset = offset_in_page(vaddr);
473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507

	size = round_up(size+offset, PAGE_SIZE);
	vaddr -= offset;

	while (size) {
		flush_dcache_page(virt_to_page(vaddr));
		size -= PAGE_SIZE;
	}
}

/*
 * Some ring helper functions. We don't assume size is a power of 2 so
 * we can't use circ_buf.h.
 */
static inline size_t spc_used(size_t head, size_t tail, size_t size)
{
	int diff = head - tail;

	if (diff >= 0)
		return diff;
	else
		return size + diff;
}

static inline size_t spc_free(size_t head, size_t tail, size_t size)
{
	/* Keep 1 byte unused or we can't tell full from empty */
	return (size - spc_used(head, tail, size) - 1);
}

static inline size_t head_to_end(size_t head, size_t size)
{
	return size - head;
}

508 509 510 511 512 513 514 515 516 517 518 519 520
static inline void new_iov(struct iovec **iov, int *iov_cnt,
			   struct tcmu_dev *udev)
{
	struct iovec *iovec;

	if (*iov_cnt != 0)
		(*iov)++;
	(*iov_cnt)++;

	iovec = *iov;
	memset(iovec, 0, sizeof(struct iovec));
}

521 522
#define UPDATE_HEAD(head, used, size) smp_store_release(&head, ((head % size) + used) % size)

523
/* offset is relative to mb_addr */
524 525
static inline size_t get_block_offset_user(struct tcmu_dev *dev,
		int dbi, int remaining)
526
{
527
	return dev->data_off + dbi * DATA_BLOCK_SIZE +
528 529 530
		DATA_BLOCK_SIZE - remaining;
}

531
static inline size_t iov_tail(struct iovec *iov)
532 533 534 535
{
	return (size_t)iov->iov_base + iov->iov_len;
}

536
static int scatter_data_area(struct tcmu_dev *udev,
537 538 539
	struct tcmu_cmd *tcmu_cmd, struct scatterlist *data_sg,
	unsigned int data_nents, struct iovec **iov,
	int *iov_cnt, bool copy_data)
540
{
541
	int i, dbi;
542
	int block_remaining = 0;
543 544
	void *from, *to = NULL;
	size_t copy_bytes, to_offset, offset;
545
	struct scatterlist *sg;
546
	struct page *page;
547 548

	for_each_sg(data_sg, sg, data_nents, i) {
549
		int sg_remaining = sg->length;
550
		from = kmap_atomic(sg_page(sg)) + sg->offset;
551 552
		while (sg_remaining > 0) {
			if (block_remaining == 0) {
553 554 555
				if (to)
					kunmap_atomic(to);

556
				block_remaining = DATA_BLOCK_SIZE;
557 558 559
				dbi = tcmu_cmd_get_dbi(tcmu_cmd);
				page = tcmu_get_block_page(udev, dbi);
				to = kmap_atomic(page);
560
			}
561

562 563
			copy_bytes = min_t(size_t, sg_remaining,
					block_remaining);
564
			to_offset = get_block_offset_user(udev, dbi,
565
					block_remaining);
566

567
			if (*iov_cnt != 0 &&
568
			    to_offset == iov_tail(*iov)) {
569 570 571
				(*iov)->iov_len += copy_bytes;
			} else {
				new_iov(iov, iov_cnt, udev);
572
				(*iov)->iov_base = (void __user *)to_offset;
573 574
				(*iov)->iov_len = copy_bytes;
			}
575
			if (copy_data) {
576 577 578 579
				offset = DATA_BLOCK_SIZE - block_remaining;
				memcpy(to + offset,
				       from + sg->length - sg_remaining,
				       copy_bytes);
580 581
				tcmu_flush_dcache_range(to, copy_bytes);
			}
582 583
			sg_remaining -= copy_bytes;
			block_remaining -= copy_bytes;
584
		}
585
		kunmap_atomic(from - sg->offset);
586
	}
587 588
	if (to)
		kunmap_atomic(to);
589

590
	return 0;
591 592
}

593 594
static void gather_data_area(struct tcmu_dev *udev, struct tcmu_cmd *cmd,
			     bool bidi)
595
{
596
	struct se_cmd *se_cmd = cmd->se_cmd;
597
	int i, dbi;
598
	int block_remaining = 0;
599
	void *from = NULL, *to;
600
	size_t copy_bytes, offset;
601
	struct scatterlist *sg, *data_sg;
602
	struct page *page;
603
	unsigned int data_nents;
604
	uint32_t count = 0;
605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620

	if (!bidi) {
		data_sg = se_cmd->t_data_sg;
		data_nents = se_cmd->t_data_nents;
	} else {

		/*
		 * For bidi case, the first count blocks are for Data-Out
		 * buffer blocks, and before gathering the Data-In buffer
		 * the Data-Out buffer blocks should be discarded.
		 */
		count = DIV_ROUND_UP(se_cmd->data_length, DATA_BLOCK_SIZE);

		data_sg = se_cmd->t_bidi_data_sg;
		data_nents = se_cmd->t_bidi_data_nents;
	}
621

622 623
	tcmu_cmd_set_dbi_cur(cmd, count);

624
	for_each_sg(data_sg, sg, data_nents, i) {
625
		int sg_remaining = sg->length;
626
		to = kmap_atomic(sg_page(sg)) + sg->offset;
627 628
		while (sg_remaining > 0) {
			if (block_remaining == 0) {
629 630 631
				if (from)
					kunmap_atomic(from);

632
				block_remaining = DATA_BLOCK_SIZE;
633
				dbi = tcmu_cmd_get_dbi(cmd);
634 635
				page = tcmu_get_block_page(udev, dbi);
				from = kmap_atomic(page);
636 637 638
			}
			copy_bytes = min_t(size_t, sg_remaining,
					block_remaining);
639
			offset = DATA_BLOCK_SIZE - block_remaining;
640
			tcmu_flush_dcache_range(from, copy_bytes);
641
			memcpy(to + sg->length - sg_remaining, from + offset,
642
					copy_bytes);
643

644 645
			sg_remaining -= copy_bytes;
			block_remaining -= copy_bytes;
646
		}
647
		kunmap_atomic(to - sg->offset);
648
	}
649 650
	if (from)
		kunmap_atomic(from);
651 652
}

653
static inline size_t spc_bitmap_free(unsigned long *bitmap, uint32_t thresh)
654
{
655
	return DATA_BLOCK_SIZE * (thresh - bitmap_weight(bitmap, thresh));
656 657
}

658
/*
659
 * We can't queue a command until we have space available on the cmd ring *and*
660
 * space available on the data area.
661 662 663
 *
 * Called with ring lock held.
 */
664 665
static bool is_ring_space_avail(struct tcmu_dev *udev, struct tcmu_cmd *cmd,
		size_t cmd_size, size_t data_needed)
666 667
{
	struct tcmu_mailbox *mb = udev->mb_addr;
668 669
	uint32_t blocks_needed = (data_needed + DATA_BLOCK_SIZE - 1)
				/ DATA_BLOCK_SIZE;
670
	size_t space, cmd_needed;
671 672 673 674 675 676
	u32 cmd_head;

	tcmu_flush_dcache_range(mb, sizeof(*mb));

	cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */

677 678 679 680 681 682 683 684 685
	/*
	 * If cmd end-of-ring space is too small then we need space for a NOP plus
	 * original cmd - cmds are internally contiguous.
	 */
	if (head_to_end(cmd_head, udev->cmdr_size) >= cmd_size)
		cmd_needed = cmd_size;
	else
		cmd_needed = cmd_size + head_to_end(cmd_head, udev->cmdr_size);

686 687 688 689 690 691 692
	space = spc_free(cmd_head, udev->cmdr_last_cleaned, udev->cmdr_size);
	if (space < cmd_needed) {
		pr_debug("no cmd space: %u %u %u\n", cmd_head,
		       udev->cmdr_last_cleaned, udev->cmdr_size);
		return false;
	}

693 694
	/* try to check and get the data blocks as needed */
	space = spc_bitmap_free(udev->data_bitmap, udev->dbi_thresh);
695
	if (space < data_needed) {
696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722
		unsigned long blocks_left = DATA_BLOCK_BITS - udev->dbi_thresh;
		unsigned long grow;

		if (blocks_left < blocks_needed) {
			pr_debug("no data space: only %lu available, but ask for %zu\n",
					blocks_left * DATA_BLOCK_SIZE,
					data_needed);
			return false;
		}

		/* Try to expand the thresh */
		if (!udev->dbi_thresh) {
			/* From idle state */
			uint32_t init_thresh = DATA_BLOCK_INIT_BITS;

			udev->dbi_thresh = max(blocks_needed, init_thresh);
		} else {
			/*
			 * Grow the data area by max(blocks needed,
			 * dbi_thresh / 2), but limited to the max
			 * DATA_BLOCK_BITS size.
			 */
			grow = max(blocks_needed, udev->dbi_thresh / 2);
			udev->dbi_thresh += grow;
			if (udev->dbi_thresh > DATA_BLOCK_BITS)
				udev->dbi_thresh = DATA_BLOCK_BITS;
		}
723 724
	}

725
	return tcmu_get_empty_blocks(udev, cmd);
726 727
}

728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748
static inline size_t tcmu_cmd_get_base_cmd_size(size_t iov_cnt)
{
	return max(offsetof(struct tcmu_cmd_entry, req.iov[iov_cnt]),
			sizeof(struct tcmu_cmd_entry));
}

static inline size_t tcmu_cmd_get_cmd_size(struct tcmu_cmd *tcmu_cmd,
					   size_t base_command_size)
{
	struct se_cmd *se_cmd = tcmu_cmd->se_cmd;
	size_t command_size;

	command_size = base_command_size +
		round_up(scsi_command_size(se_cmd->t_task_cdb),
				TCMU_OP_ALIGN_SIZE);

	WARN_ON(command_size & (TCMU_OP_ALIGN_SIZE-1));

	return command_size;
}

749 750
static sense_reason_t
tcmu_queue_cmd_ring(struct tcmu_cmd *tcmu_cmd)
751 752 753 754 755 756 757
{
	struct tcmu_dev *udev = tcmu_cmd->tcmu_dev;
	struct se_cmd *se_cmd = tcmu_cmd->se_cmd;
	size_t base_command_size, command_size;
	struct tcmu_mailbox *mb;
	struct tcmu_cmd_entry *entry;
	struct iovec *iov;
758
	int iov_cnt, ret;
759 760
	uint32_t cmd_head;
	uint64_t cdb_off;
761
	bool copy_to_data_area;
762
	size_t data_length = tcmu_cmd_get_data_length(tcmu_cmd);
763 764

	if (test_bit(TCMU_DEV_BIT_BROKEN, &udev->flags))
765
		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
766 767 768 769 770

	/*
	 * Must be a certain minimum size for response sense info, but
	 * also may be larger if the iov array is large.
	 *
771 772 773 774 775 776 777 778 779 780
	 * We prepare as many iovs as possbile for potential uses here,
	 * because it's expensive to tell how many regions are freed in
	 * the bitmap & global data pool, as the size calculated here
	 * will only be used to do the checks.
	 *
	 * The size will be recalculated later as actually needed to save
	 * cmd area memories.
	 */
	base_command_size = tcmu_cmd_get_base_cmd_size(tcmu_cmd->dbi_cnt);
	command_size = tcmu_cmd_get_cmd_size(tcmu_cmd, base_command_size);
781

782
	mutex_lock(&udev->cmdr_lock);
783 784 785

	mb = udev->mb_addr;
	cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */
786 787 788
	if ((command_size > (udev->cmdr_size / 2)) ||
	    data_length > udev->data_size) {
		pr_warn("TCMU: Request of size %zu/%zu is too big for %u/%zu "
789
			"cmd ring/data area\n", command_size, data_length,
790
			udev->cmdr_size, udev->data_size);
791
		mutex_unlock(&udev->cmdr_lock);
792 793
		return TCM_INVALID_CDB_FIELD;
	}
794

795
	while (!is_ring_space_avail(udev, tcmu_cmd, command_size, data_length)) {
796 797 798 799 800 801
		int ret;
		DEFINE_WAIT(__wait);

		prepare_to_wait(&udev->wait_cmdr, &__wait, TASK_INTERRUPTIBLE);

		pr_debug("sleeping for ring space\n");
802
		mutex_unlock(&udev->cmdr_lock);
803 804 805 806 807
		if (udev->cmd_time_out)
			ret = schedule_timeout(
					msecs_to_jiffies(udev->cmd_time_out));
		else
			ret = schedule_timeout(msecs_to_jiffies(TCMU_TIME_OUT));
808 809 810
		finish_wait(&udev->wait_cmdr, &__wait);
		if (!ret) {
			pr_warn("tcmu: command timed out\n");
811
			return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
812 813
		}

814
		mutex_lock(&udev->cmdr_lock);
815 816 817 818 819

		/* We dropped cmdr_lock, cmd_head is stale */
		cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */
	}

820 821 822 823
	/* Insert a PAD if end-of-ring space is too small */
	if (head_to_end(cmd_head, udev->cmdr_size) < command_size) {
		size_t pad_size = head_to_end(cmd_head, udev->cmdr_size);

824
		entry = (void *) mb + CMDR_OFF + cmd_head;
A
Andy Grover 已提交
825 826 827 828 829
		tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_PAD);
		tcmu_hdr_set_len(&entry->hdr.len_op, pad_size);
		entry->hdr.cmd_id = 0; /* not used for PAD */
		entry->hdr.kflags = 0;
		entry->hdr.uflags = 0;
830
		tcmu_flush_dcache_range(entry, sizeof(*entry));
831 832

		UPDATE_HEAD(mb->cmd_head, pad_size, udev->cmdr_size);
833
		tcmu_flush_dcache_range(mb, sizeof(*mb));
834 835 836 837 838 839

		cmd_head = mb->cmd_head % udev->cmdr_size; /* UAM */
		WARN_ON(cmd_head != 0);
	}

	entry = (void *) mb + CMDR_OFF + cmd_head;
840
	memset(entry, 0, command_size);
A
Andy Grover 已提交
841 842
	tcmu_hdr_set_op(&entry->hdr.len_op, TCMU_OP_CMD);
	entry->hdr.cmd_id = tcmu_cmd->cmd_id;
843

844
	/* Handle allocating space from the data area */
845
	tcmu_cmd_reset_dbi_cur(tcmu_cmd);
846
	iov = &entry->req.iov[0];
847
	iov_cnt = 0;
848 849
	copy_to_data_area = (se_cmd->data_direction == DMA_TO_DEVICE
		|| se_cmd->se_cmd_flags & SCF_BIDI);
850 851 852
	ret = scatter_data_area(udev, tcmu_cmd, se_cmd->t_data_sg,
				se_cmd->t_data_nents, &iov, &iov_cnt,
				copy_to_data_area);
853
	if (ret) {
854 855 856
		tcmu_cmd_free_data(tcmu_cmd, tcmu_cmd->dbi_cnt);
		mutex_unlock(&udev->cmdr_lock);

857 858 859
		pr_err("tcmu: alloc and scatter data failed\n");
		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
	}
860 861
	entry->req.iov_cnt = iov_cnt;

862
	/* Handle BIDI commands */
863
	iov_cnt = 0;
864 865
	if (se_cmd->se_cmd_flags & SCF_BIDI) {
		iov++;
866
		ret = scatter_data_area(udev, tcmu_cmd,
867 868 869 870
					se_cmd->t_bidi_data_sg,
					se_cmd->t_bidi_data_nents,
					&iov, &iov_cnt, false);
		if (ret) {
871 872 873
			tcmu_cmd_free_data(tcmu_cmd, tcmu_cmd->dbi_cnt);
			mutex_unlock(&udev->cmdr_lock);

874 875 876
			pr_err("tcmu: alloc and scatter bidi data failed\n");
			return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
		}
877
	}
878
	entry->req.iov_bidi_cnt = iov_cnt;
879

880 881 882 883 884 885 886 887 888 889
	/*
	 * Recalaulate the command's base size and size according
	 * to the actual needs
	 */
	base_command_size = tcmu_cmd_get_base_cmd_size(entry->req.iov_cnt +
						       entry->req.iov_bidi_cnt);
	command_size = tcmu_cmd_get_cmd_size(tcmu_cmd, base_command_size);

	tcmu_hdr_set_len(&entry->hdr.len_op, command_size);

890 891 892 893 894 895 896 897
	/* All offsets relative to mb_addr, not start of entry! */
	cdb_off = CMDR_OFF + cmd_head + base_command_size;
	memcpy((void *) mb + cdb_off, se_cmd->t_task_cdb, scsi_command_size(se_cmd->t_task_cdb));
	entry->req.cdb_off = cdb_off;
	tcmu_flush_dcache_range(entry, sizeof(*entry));

	UPDATE_HEAD(mb->cmd_head, command_size, udev->cmdr_size);
	tcmu_flush_dcache_range(mb, sizeof(*mb));
898
	mutex_unlock(&udev->cmdr_lock);
899 900 901 902

	/* TODO: only if FLUSH and FUA? */
	uio_event_notify(&udev->uio_info);

903 904 905
	if (udev->cmd_time_out)
		mod_timer(&udev->timeout, round_jiffies_up(jiffies +
			  msecs_to_jiffies(udev->cmd_time_out)));
906

907
	return TCM_NO_SENSE;
908 909
}

910 911
static sense_reason_t
tcmu_queue_cmd(struct se_cmd *se_cmd)
912 913 914 915
{
	struct se_device *se_dev = se_cmd->se_dev;
	struct tcmu_dev *udev = TCMU_DEV(se_dev);
	struct tcmu_cmd *tcmu_cmd;
916
	sense_reason_t ret;
917 918 919

	tcmu_cmd = tcmu_alloc_cmd(se_cmd);
	if (!tcmu_cmd)
920
		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
921 922

	ret = tcmu_queue_cmd_ring(tcmu_cmd);
923
	if (ret != TCM_NO_SENSE) {
924 925 926 927 928
		pr_err("TCMU: Could not queue command\n");
		spin_lock_irq(&udev->commands_lock);
		idr_remove(&udev->commands, tcmu_cmd->cmd_id);
		spin_unlock_irq(&udev->commands_lock);

929
		tcmu_free_cmd(tcmu_cmd);
930 931 932 933 934 935 936 937 938 939
	}

	return ret;
}

static void tcmu_handle_completion(struct tcmu_cmd *cmd, struct tcmu_cmd_entry *entry)
{
	struct se_cmd *se_cmd = cmd->se_cmd;
	struct tcmu_dev *udev = cmd->tcmu_dev;

940 941 942 943 944 945
	/*
	 * cmd has been completed already from timeout, just reclaim
	 * data area space and free cmd
	 */
	if (test_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags))
		goto out;
946

947
	tcmu_cmd_reset_dbi_cur(cmd);
948

A
Andy Grover 已提交
949 950 951
	if (entry->hdr.uflags & TCMU_UFLAG_UNKNOWN_OP) {
		pr_warn("TCMU: Userspace set UNKNOWN_OP flag on se_cmd %p\n",
			cmd->se_cmd);
952 953
		entry->rsp.scsi_status = SAM_STAT_CHECK_CONDITION;
	} else if (entry->rsp.scsi_status == SAM_STAT_CHECK_CONDITION) {
954
		transport_copy_sense_to_cmd(se_cmd, entry->rsp.sense_buffer);
955
	} else if (se_cmd->se_cmd_flags & SCF_BIDI) {
956
		/* Get Data-In buffer before clean up */
957
		gather_data_area(udev, cmd, true);
958
	} else if (se_cmd->data_direction == DMA_FROM_DEVICE) {
959
		gather_data_area(udev, cmd, false);
960
	} else if (se_cmd->data_direction == DMA_TO_DEVICE) {
961
		/* TODO: */
962 963 964
	} else if (se_cmd->data_direction != DMA_NONE) {
		pr_warn("TCMU: data direction was %d!\n",
			se_cmd->data_direction);
965 966 967 968
	}

	target_complete_cmd(cmd->se_cmd, entry->rsp.scsi_status);

969 970
out:
	cmd->se_cmd = NULL;
971
	tcmu_cmd_free_data(cmd, cmd->dbi_cnt);
972
	tcmu_free_cmd(cmd);
973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994
}

static unsigned int tcmu_handle_completions(struct tcmu_dev *udev)
{
	struct tcmu_mailbox *mb;
	int handled = 0;

	if (test_bit(TCMU_DEV_BIT_BROKEN, &udev->flags)) {
		pr_err("ring broken, not handling completions\n");
		return 0;
	}

	mb = udev->mb_addr;
	tcmu_flush_dcache_range(mb, sizeof(*mb));

	while (udev->cmdr_last_cleaned != ACCESS_ONCE(mb->cmd_tail)) {

		struct tcmu_cmd_entry *entry = (void *) mb + CMDR_OFF + udev->cmdr_last_cleaned;
		struct tcmu_cmd *cmd;

		tcmu_flush_dcache_range(entry, sizeof(*entry));

A
Andy Grover 已提交
995 996 997 998
		if (tcmu_hdr_get_op(entry->hdr.len_op) == TCMU_OP_PAD) {
			UPDATE_HEAD(udev->cmdr_last_cleaned,
				    tcmu_hdr_get_len(entry->hdr.len_op),
				    udev->cmdr_size);
999 1000
			continue;
		}
A
Andy Grover 已提交
1001
		WARN_ON(tcmu_hdr_get_op(entry->hdr.len_op) != TCMU_OP_CMD);
1002 1003

		spin_lock(&udev->commands_lock);
1004
		cmd = idr_remove(&udev->commands, entry->hdr.cmd_id);
1005 1006 1007 1008 1009 1010 1011 1012 1013 1014
		spin_unlock(&udev->commands_lock);

		if (!cmd) {
			pr_err("cmd_id not found, ring is broken\n");
			set_bit(TCMU_DEV_BIT_BROKEN, &udev->flags);
			break;
		}

		tcmu_handle_completion(cmd, entry);

A
Andy Grover 已提交
1015 1016 1017
		UPDATE_HEAD(udev->cmdr_last_cleaned,
			    tcmu_hdr_get_len(entry->hdr.len_op),
			    udev->cmdr_size);
1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036

		handled++;
	}

	if (mb->cmd_tail == mb->cmd_head)
		del_timer(&udev->timeout); /* no more pending cmds */

	wake_up(&udev->wait_cmdr);

	return handled;
}

static int tcmu_check_expired_cmd(int id, void *p, void *data)
{
	struct tcmu_cmd *cmd = p;

	if (test_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags))
		return 0;

1037
	if (!time_after(jiffies, cmd->deadline))
1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054 1055
		return 0;

	set_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags);
	target_complete_cmd(cmd->se_cmd, SAM_STAT_CHECK_CONDITION);
	cmd->se_cmd = NULL;

	return 0;
}

static void tcmu_device_timedout(unsigned long data)
{
	struct tcmu_dev *udev = (struct tcmu_dev *)data;
	unsigned long flags;

	spin_lock_irqsave(&udev->commands_lock, flags);
	idr_for_each(&udev->commands, tcmu_check_expired_cmd, NULL);
	spin_unlock_irqrestore(&udev->commands_lock, flags);

1056 1057 1058
	/* Try to wake up the ummap thread */
	wake_up(&unmap_wait);

1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069 1070 1071 1072 1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091
	/*
	 * We don't need to wakeup threads on wait_cmdr since they have their
	 * own timeout.
	 */
}

static int tcmu_attach_hba(struct se_hba *hba, u32 host_id)
{
	struct tcmu_hba *tcmu_hba;

	tcmu_hba = kzalloc(sizeof(struct tcmu_hba), GFP_KERNEL);
	if (!tcmu_hba)
		return -ENOMEM;

	tcmu_hba->host_id = host_id;
	hba->hba_ptr = tcmu_hba;

	return 0;
}

static void tcmu_detach_hba(struct se_hba *hba)
{
	kfree(hba->hba_ptr);
	hba->hba_ptr = NULL;
}

static struct se_device *tcmu_alloc_device(struct se_hba *hba, const char *name)
{
	struct tcmu_dev *udev;

	udev = kzalloc(sizeof(struct tcmu_dev), GFP_KERNEL);
	if (!udev)
		return NULL;
1092
	kref_init(&udev->kref);
1093 1094 1095 1096 1097 1098 1099 1100

	udev->name = kstrdup(name, GFP_KERNEL);
	if (!udev->name) {
		kfree(udev);
		return NULL;
	}

	udev->hba = hba;
1101
	udev->cmd_time_out = TCMU_TIME_OUT;
1102 1103

	init_waitqueue_head(&udev->wait_cmdr);
1104
	mutex_init(&udev->cmdr_lock);
1105 1106 1107 1108 1109 1110 1111

	idr_init(&udev->commands);
	spin_lock_init(&udev->commands_lock);

	setup_timer(&udev->timeout, tcmu_device_timedout,
		(unsigned long)udev);

1112 1113 1114
	init_waitqueue_head(&udev->nl_cmd_wq);
	spin_lock_init(&udev->nl_cmd_lock);

1115 1116
	INIT_RADIX_TREE(&udev->data_blocks, GFP_KERNEL);

1117 1118 1119 1120 1121 1122 1123
	return &udev->se_dev;
}

static int tcmu_irqcontrol(struct uio_info *info, s32 irq_on)
{
	struct tcmu_dev *tcmu_dev = container_of(info, struct tcmu_dev, uio_info);

1124
	mutex_lock(&tcmu_dev->cmdr_lock);
1125
	tcmu_handle_completions(tcmu_dev);
1126
	mutex_unlock(&tcmu_dev->cmdr_lock);
1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147

	return 0;
}

/*
 * mmap code from uio.c. Copied here because we want to hook mmap()
 * and this stuff must come along.
 */
static int tcmu_find_mem_index(struct vm_area_struct *vma)
{
	struct tcmu_dev *udev = vma->vm_private_data;
	struct uio_info *info = &udev->uio_info;

	if (vma->vm_pgoff < MAX_UIO_MAPS) {
		if (info->mem[vma->vm_pgoff].size == 0)
			return -1;
		return (int)vma->vm_pgoff;
	}
	return -1;
}

1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201
static struct page *tcmu_try_get_block_page(struct tcmu_dev *udev, uint32_t dbi)
{
	struct page *page;
	int ret;

	mutex_lock(&udev->cmdr_lock);
	page = tcmu_get_block_page(udev, dbi);
	if (likely(page)) {
		mutex_unlock(&udev->cmdr_lock);
		return page;
	}

	/*
	 * Normally it shouldn't be here:
	 * Only when the userspace has touched the blocks which
	 * are out of the tcmu_cmd's data iov[], and will return
	 * one zeroed page.
	 */
	pr_warn("Block(%u) out of cmd's iov[] has been touched!\n", dbi);
	pr_warn("Mostly it will be a bug of userspace, please have a check!\n");

	if (dbi >= udev->dbi_thresh) {
		/* Extern the udev->dbi_thresh to dbi + 1 */
		udev->dbi_thresh = dbi + 1;
		udev->dbi_max = dbi;
	}

	page = radix_tree_lookup(&udev->data_blocks, dbi);
	if (!page) {
		page = alloc_page(GFP_KERNEL | __GFP_ZERO);
		if (!page) {
			mutex_unlock(&udev->cmdr_lock);
			return NULL;
		}

		ret = radix_tree_insert(&udev->data_blocks, dbi, page);
		if (ret) {
			mutex_unlock(&udev->cmdr_lock);
			__free_page(page);
			return NULL;
		}

		/*
		 * Since this case is rare in page fault routine, here we
		 * will allow the global_db_count >= TCMU_GLOBAL_MAX_BLOCKS
		 * to reduce possible page fault call trace.
		 */
		atomic_inc(&global_db_count);
	}
	mutex_unlock(&udev->cmdr_lock);

	return page;
}

1202
static int tcmu_vma_fault(struct vm_fault *vmf)
1203
{
1204
	struct tcmu_dev *udev = vmf->vma->vm_private_data;
1205 1206 1207 1208 1209
	struct uio_info *info = &udev->uio_info;
	struct page *page;
	unsigned long offset;
	void *addr;

1210
	int mi = tcmu_find_mem_index(vmf->vma);
1211 1212 1213 1214 1215 1216 1217 1218 1219
	if (mi < 0)
		return VM_FAULT_SIGBUS;

	/*
	 * We need to subtract mi because userspace uses offset = N*PAGE_SIZE
	 * to use mem[N].
	 */
	offset = (vmf->pgoff - mi) << PAGE_SHIFT;

1220 1221 1222
	if (offset < udev->data_off) {
		/* For the vmalloc()ed cmd area pages */
		addr = (void *)(unsigned long)info->mem[mi].addr + offset;
1223
		page = vmalloc_to_page(addr);
1224 1225 1226
	} else {
		uint32_t dbi;

1227
		/* For the dynamically growing data area pages */
1228
		dbi = (offset - udev->data_off) / DATA_BLOCK_SIZE;
1229 1230
		page = tcmu_try_get_block_page(udev, dbi);
		if (!page)
1231 1232 1233
			return VM_FAULT_NOPAGE;
	}

1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266
	get_page(page);
	vmf->page = page;
	return 0;
}

static const struct vm_operations_struct tcmu_vm_ops = {
	.fault = tcmu_vma_fault,
};

static int tcmu_mmap(struct uio_info *info, struct vm_area_struct *vma)
{
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);

	vma->vm_flags |= VM_DONTEXPAND | VM_DONTDUMP;
	vma->vm_ops = &tcmu_vm_ops;

	vma->vm_private_data = udev;

	/* Ensure the mmap is exactly the right size */
	if (vma_pages(vma) != (TCMU_RING_SIZE >> PAGE_SHIFT))
		return -EINVAL;

	return 0;
}

static int tcmu_open(struct uio_info *info, struct inode *inode)
{
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);

	/* O_EXCL not supported for char devs, so fake it? */
	if (test_and_set_bit(TCMU_DEV_BIT_OPEN, &udev->flags))
		return -EBUSY;

1267
	udev->inode = inode;
1268
	kref_get(&udev->kref);
1269

1270 1271 1272 1273 1274
	pr_debug("open\n");

	return 0;
}

1275 1276 1277 1278 1279 1280 1281 1282 1283 1284
static void tcmu_dev_call_rcu(struct rcu_head *p)
{
	struct se_device *dev = container_of(p, struct se_device, rcu_head);
	struct tcmu_dev *udev = TCMU_DEV(dev);

	kfree(udev->uio_info.name);
	kfree(udev->name);
	kfree(udev);
}

1285 1286 1287 1288 1289 1290 1291 1292 1293 1294 1295 1296 1297 1298 1299 1300 1301 1302 1303 1304 1305 1306 1307 1308 1309 1310
static int tcmu_check_and_free_pending_cmd(struct tcmu_cmd *cmd)
{
	if (test_bit(TCMU_CMD_BIT_EXPIRED, &cmd->flags)) {
		kmem_cache_free(tcmu_cmd_cache, cmd);
		return 0;
	}
	return -EINVAL;
}

static void tcmu_blocks_release(struct tcmu_dev *udev)
{
	int i;
	struct page *page;

	/* Try to release all block pages */
	mutex_lock(&udev->cmdr_lock);
	for (i = 0; i <= udev->dbi_max; i++) {
		page = radix_tree_delete(&udev->data_blocks, i);
		if (page) {
			__free_page(page);
			atomic_dec(&global_db_count);
		}
	}
	mutex_unlock(&udev->cmdr_lock);
}

1311 1312 1313 1314
static void tcmu_dev_kref_release(struct kref *kref)
{
	struct tcmu_dev *udev = container_of(kref, struct tcmu_dev, kref);
	struct se_device *dev = &udev->se_dev;
1315 1316 1317 1318 1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329 1330 1331 1332
	struct tcmu_cmd *cmd;
	bool all_expired = true;
	int i;

	vfree(udev->mb_addr);
	udev->mb_addr = NULL;

	/* Upper layer should drain all requests before calling this */
	spin_lock_irq(&udev->commands_lock);
	idr_for_each_entry(&udev->commands, cmd, i) {
		if (tcmu_check_and_free_pending_cmd(cmd) != 0)
			all_expired = false;
	}
	idr_destroy(&udev->commands);
	spin_unlock_irq(&udev->commands_lock);
	WARN_ON(!all_expired);

	tcmu_blocks_release(udev);
1333 1334 1335 1336

	call_rcu(&dev->rcu_head, tcmu_dev_call_rcu);
}

1337 1338 1339 1340 1341 1342 1343
static int tcmu_release(struct uio_info *info, struct inode *inode)
{
	struct tcmu_dev *udev = container_of(info, struct tcmu_dev, uio_info);

	clear_bit(TCMU_DEV_BIT_OPEN, &udev->flags);

	pr_debug("close\n");
1344
	/* release ref from open */
1345
	kref_put(&udev->kref, tcmu_dev_kref_release);
1346 1347 1348
	return 0;
}

1349 1350 1351 1352 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 1395 1396
static void tcmu_init_genl_cmd_reply(struct tcmu_dev *udev, int cmd)
{
	struct tcmu_nl_cmd *nl_cmd = &udev->curr_nl_cmd;

	if (!tcmu_kern_cmd_reply_supported)
		return;
relock:
	spin_lock(&udev->nl_cmd_lock);

	if (nl_cmd->cmd != TCMU_CMD_UNSPEC) {
		spin_unlock(&udev->nl_cmd_lock);
		pr_debug("sleeping for open nl cmd\n");
		wait_event(udev->nl_cmd_wq, (nl_cmd->cmd == TCMU_CMD_UNSPEC));
		goto relock;
	}

	memset(nl_cmd, 0, sizeof(*nl_cmd));
	nl_cmd->cmd = cmd;
	init_completion(&nl_cmd->complete);

	spin_unlock(&udev->nl_cmd_lock);
}

static int tcmu_wait_genl_cmd_reply(struct tcmu_dev *udev)
{
	struct tcmu_nl_cmd *nl_cmd = &udev->curr_nl_cmd;
	int ret;
	DEFINE_WAIT(__wait);

	if (!tcmu_kern_cmd_reply_supported)
		return 0;

	pr_debug("sleeping for nl reply\n");
	wait_for_completion(&nl_cmd->complete);

	spin_lock(&udev->nl_cmd_lock);
	nl_cmd->cmd = TCMU_CMD_UNSPEC;
	ret = nl_cmd->status;
	nl_cmd->status = 0;
	spin_unlock(&udev->nl_cmd_lock);

	wake_up_all(&udev->nl_cmd_wq);

	return ret;;
}

static int tcmu_netlink_event(struct tcmu_dev *udev, enum tcmu_genl_cmd cmd,
			      int reconfig_attr, const void *reconfig_data)
1397 1398 1399
{
	struct sk_buff *skb;
	void *msg_header;
1400
	int ret = -ENOMEM;
1401 1402 1403

	skb = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
	if (!skb)
1404
		return ret;
1405 1406

	msg_header = genlmsg_put(skb, 0, 0, &tcmu_genl_family, 0, cmd);
1407 1408
	if (!msg_header)
		goto free_skb;
1409

1410
	ret = nla_put_string(skb, TCMU_ATTR_DEVICE, udev->uio_info.name);
1411 1412
	if (ret < 0)
		goto free_skb;
1413

1414 1415 1416 1417 1418
	ret = nla_put_u32(skb, TCMU_ATTR_MINOR, udev->uio_info.uio_dev->minor);
	if (ret < 0)
		goto free_skb;

	ret = nla_put_u32(skb, TCMU_ATTR_DEVICE_ID, udev->se_dev.dev_index);
1419 1420
	if (ret < 0)
		goto free_skb;
1421

1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435 1436 1437 1438 1439 1440 1441 1442
	if (cmd == TCMU_CMD_RECONFIG_DEVICE) {
		switch (reconfig_attr) {
		case TCMU_ATTR_DEV_CFG:
			ret = nla_put_string(skb, reconfig_attr, reconfig_data);
			break;
		case TCMU_ATTR_DEV_SIZE:
			ret = nla_put_u64_64bit(skb, reconfig_attr,
						*((u64 *)reconfig_data),
						TCMU_ATTR_PAD);
			break;
		case TCMU_ATTR_WRITECACHE:
			ret = nla_put_u8(skb, reconfig_attr,
					  *((u8 *)reconfig_data));
			break;
		default:
			BUG();
		}

		if (ret < 0)
			goto free_skb;
	}
1443

1444
	genlmsg_end(skb, msg_header);
1445

1446 1447
	tcmu_init_genl_cmd_reply(udev, cmd);

1448
	ret = genlmsg_multicast_allns(&tcmu_genl_family, skb, 0,
1449 1450 1451 1452
				TCMU_MCGRP_CONFIG, GFP_KERNEL);
	/* We don't care if no one is listening */
	if (ret == -ESRCH)
		ret = 0;
1453 1454
	if (!ret)
		ret = tcmu_wait_genl_cmd_reply(udev);
1455 1456

	return ret;
1457 1458 1459
free_skb:
	nlmsg_free(skb);
	return ret;
1460 1461
}

B
Bryant G. Ly 已提交
1462
static int tcmu_update_uio_info(struct tcmu_dev *udev)
1463 1464 1465
{
	struct tcmu_hba *hba = udev->hba->hba_ptr;
	struct uio_info *info;
B
Bryant G. Ly 已提交
1466
	size_t size, used;
1467 1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480
	char *str;

	info = &udev->uio_info;
	size = snprintf(NULL, 0, "tcm-user/%u/%s/%s", hba->host_id, udev->name,
			udev->dev_config);
	size += 1; /* for \0 */
	str = kmalloc(size, GFP_KERNEL);
	if (!str)
		return -ENOMEM;

	used = snprintf(str, size, "tcm-user/%u/%s", hba->host_id, udev->name);
	if (udev->dev_config[0])
		snprintf(str + used, size - used, "/%s", udev->dev_config);

B
Bryant G. Ly 已提交
1481 1482
	/* If the old string exists, free it */
	kfree(info->name);
1483 1484
	info->name = str;

B
Bryant G. Ly 已提交
1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500
	return 0;
}

static int tcmu_configure_device(struct se_device *dev)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);
	struct uio_info *info;
	struct tcmu_mailbox *mb;
	int ret = 0;

	ret = tcmu_update_uio_info(udev);
	if (ret)
		return ret;

	info = &udev->uio_info;

1501
	udev->mb_addr = vzalloc(CMDR_SIZE);
1502 1503 1504 1505 1506 1507 1508 1509
	if (!udev->mb_addr) {
		ret = -ENOMEM;
		goto err_vzalloc;
	}

	/* mailbox fits in first part of CMDR space */
	udev->cmdr_size = CMDR_SIZE - CMDR_OFF;
	udev->data_off = CMDR_SIZE;
1510
	udev->data_size = DATA_SIZE;
1511 1512
	udev->dbi_thresh = 0; /* Default in Idle state */
	udev->waiting_global = false;
1513

1514
	/* Initialise the mailbox of the ring buffer */
1515
	mb = udev->mb_addr;
A
Andy Grover 已提交
1516
	mb->version = TCMU_MAILBOX_VERSION;
1517
	mb->flags = TCMU_MAILBOX_FLAG_CAP_OOOC;
1518 1519 1520 1521 1522
	mb->cmdr_off = CMDR_OFF;
	mb->cmdr_size = udev->cmdr_size;

	WARN_ON(!PAGE_ALIGNED(udev->data_off));
	WARN_ON(udev->data_size % PAGE_SIZE);
1523
	WARN_ON(udev->data_size % DATA_BLOCK_SIZE);
1524

1525
	info->version = __stringify(TCMU_MAILBOX_VERSION);
1526 1527

	info->mem[0].name = "tcm-user command & data buffer";
1528
	info->mem[0].addr = (phys_addr_t)(uintptr_t)udev->mb_addr;
1529
	info->mem[0].size = TCMU_RING_SIZE;
1530
	info->mem[0].memtype = UIO_MEM_NONE;
1531 1532 1533 1534 1535 1536 1537 1538 1539 1540 1541 1542

	info->irqcontrol = tcmu_irqcontrol;
	info->irq = UIO_IRQ_CUSTOM;

	info->mmap = tcmu_mmap;
	info->open = tcmu_open;
	info->release = tcmu_release;

	ret = uio_register_device(tcmu_root_device, info);
	if (ret)
		goto err_register;

1543 1544 1545
	/* User can set hw_block_size before enable the device */
	if (dev->dev_attrib.hw_block_size == 0)
		dev->dev_attrib.hw_block_size = 512;
1546
	/* Other attributes can be configured in userspace */
1547 1548
	if (!dev->dev_attrib.hw_max_sectors)
		dev->dev_attrib.hw_max_sectors = 128;
B
Bryant G. Ly 已提交
1549 1550
	if (!dev->dev_attrib.emulate_write_cache)
		dev->dev_attrib.emulate_write_cache = 0;
1551 1552
	dev->dev_attrib.hw_queue_depth = 128;

1553 1554 1555 1556 1557 1558
	/*
	 * Get a ref incase userspace does a close on the uio device before
	 * LIO has initiated tcmu_free_device.
	 */
	kref_get(&udev->kref);

1559
	ret = tcmu_netlink_event(udev, TCMU_CMD_ADDED_DEVICE, 0, NULL);
1560 1561 1562
	if (ret)
		goto err_netlink;

1563 1564 1565 1566
	mutex_lock(&root_udev_mutex);
	list_add(&udev->node, &root_udev);
	mutex_unlock(&root_udev_mutex);

1567 1568 1569
	return 0;

err_netlink:
1570
	kref_put(&udev->kref, tcmu_dev_kref_release);
1571 1572 1573
	uio_unregister_device(&udev->uio_info);
err_register:
	vfree(udev->mb_addr);
1574
	udev->mb_addr = NULL;
1575 1576
err_vzalloc:
	kfree(info->name);
1577
	info->name = NULL;
1578 1579 1580 1581

	return ret;
}

1582 1583 1584 1585 1586
static bool tcmu_dev_configured(struct tcmu_dev *udev)
{
	return udev->uio_info.uio_dev ? true : false;
}

1587
static void tcmu_free_device(struct se_device *dev)
1588 1589 1590 1591 1592 1593 1594 1595
{
	struct tcmu_dev *udev = TCMU_DEV(dev);

	/* release ref from init */
	kref_put(&udev->kref, tcmu_dev_kref_release);
}

static void tcmu_destroy_device(struct se_device *dev)
1596 1597 1598 1599 1600
{
	struct tcmu_dev *udev = TCMU_DEV(dev);

	del_timer_sync(&udev->timeout);

1601 1602 1603 1604
	mutex_lock(&root_udev_mutex);
	list_del(&udev->node);
	mutex_unlock(&root_udev_mutex);

1605
	tcmu_netlink_event(udev, TCMU_CMD_REMOVED_DEVICE, 0, NULL);
1606

1607
	uio_unregister_device(&udev->uio_info);
1608 1609 1610

	/* release ref from configure */
	kref_put(&udev->kref, tcmu_dev_kref_release);
1611 1612 1613
}

enum {
1614
	Opt_dev_config, Opt_dev_size, Opt_hw_block_size, Opt_hw_max_sectors,
1615
	Opt_err,
1616 1617 1618 1619 1620
};

static match_table_t tokens = {
	{Opt_dev_config, "dev_config=%s"},
	{Opt_dev_size, "dev_size=%u"},
1621
	{Opt_hw_block_size, "hw_block_size=%u"},
1622
	{Opt_hw_max_sectors, "hw_max_sectors=%u"},
1623 1624 1625
	{Opt_err, NULL}
};

1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649
static int tcmu_set_dev_attrib(substring_t *arg, u32 *dev_attrib)
{
	unsigned long tmp_ul;
	char *arg_p;
	int ret;

	arg_p = match_strdup(arg);
	if (!arg_p)
		return -ENOMEM;

	ret = kstrtoul(arg_p, 0, &tmp_ul);
	kfree(arg_p);
	if (ret < 0) {
		pr_err("kstrtoul() failed for dev attrib\n");
		return ret;
	}
	if (!tmp_ul) {
		pr_err("dev attrib must be nonzero\n");
		return -EINVAL;
	}
	*dev_attrib = tmp_ul;
	return 0;
}

1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688
static ssize_t tcmu_set_configfs_dev_params(struct se_device *dev,
		const char *page, ssize_t count)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);
	char *orig, *ptr, *opts, *arg_p;
	substring_t args[MAX_OPT_ARGS];
	int ret = 0, token;

	opts = kstrdup(page, GFP_KERNEL);
	if (!opts)
		return -ENOMEM;

	orig = opts;

	while ((ptr = strsep(&opts, ",\n")) != NULL) {
		if (!*ptr)
			continue;

		token = match_token(ptr, tokens, args);
		switch (token) {
		case Opt_dev_config:
			if (match_strlcpy(udev->dev_config, &args[0],
					  TCMU_CONFIG_LEN) == 0) {
				ret = -EINVAL;
				break;
			}
			pr_debug("TCMU: Referencing Path: %s\n", udev->dev_config);
			break;
		case Opt_dev_size:
			arg_p = match_strdup(&args[0]);
			if (!arg_p) {
				ret = -ENOMEM;
				break;
			}
			ret = kstrtoul(arg_p, 0, (unsigned long *) &udev->dev_size);
			kfree(arg_p);
			if (ret < 0)
				pr_err("kstrtoul() failed for dev_size=\n");
			break;
1689
		case Opt_hw_block_size:
1690 1691 1692 1693 1694 1695
			ret = tcmu_set_dev_attrib(&args[0],
					&(dev->dev_attrib.hw_block_size));
			break;
		case Opt_hw_max_sectors:
			ret = tcmu_set_dev_attrib(&args[0],
					&(dev->dev_attrib.hw_max_sectors));
1696
			break;
1697 1698 1699
		default:
			break;
		}
1700 1701 1702

		if (ret)
			break;
1703 1704 1705 1706 1707 1708 1709 1710 1711 1712 1713 1714 1715
	}

	kfree(orig);
	return (!ret) ? count : ret;
}

static ssize_t tcmu_show_configfs_dev_params(struct se_device *dev, char *b)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);
	ssize_t bl = 0;

	bl = sprintf(b + bl, "Config: %s ",
		     udev->dev_config[0] ? udev->dev_config : "NULL");
1716
	bl += sprintf(b + bl, "Size: %zu\n", udev->dev_size);
1717 1718 1719 1720 1721 1722 1723 1724 1725 1726 1727 1728 1729

	return bl;
}

static sector_t tcmu_get_blocks(struct se_device *dev)
{
	struct tcmu_dev *udev = TCMU_DEV(dev);

	return div_u64(udev->dev_size - dev->dev_attrib.block_size,
		       dev->dev_attrib.block_size);
}

static sense_reason_t
1730
tcmu_parse_cdb(struct se_cmd *cmd)
1731
{
1732
	return passthrough_parse_cdb(cmd, tcmu_queue_cmd);
1733 1734
}

1735 1736 1737 1738 1739 1740 1741 1742 1743 1744 1745 1746 1747 1748 1749 1750 1751 1752 1753 1754 1755 1756 1757 1758 1759 1760 1761 1762 1763 1764 1765 1766 1767 1768
static ssize_t tcmu_cmd_time_out_show(struct config_item *item, char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = container_of(da->da_dev,
					struct tcmu_dev, se_dev);

	return snprintf(page, PAGE_SIZE, "%lu\n", udev->cmd_time_out / MSEC_PER_SEC);
}

static ssize_t tcmu_cmd_time_out_store(struct config_item *item, const char *page,
				       size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = container_of(da->da_dev,
					struct tcmu_dev, se_dev);
	u32 val;
	int ret;

	if (da->da_dev->export_count) {
		pr_err("Unable to set tcmu cmd_time_out while exports exist\n");
		return -EINVAL;
	}

	ret = kstrtou32(page, 0, &val);
	if (ret < 0)
		return ret;

	udev->cmd_time_out = val * MSEC_PER_SEC;
	return count;
}
CONFIGFS_ATTR(tcmu_, cmd_time_out);

1769
static ssize_t tcmu_dev_config_show(struct config_item *item, char *page)
1770 1771 1772 1773 1774 1775 1776 1777
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);

	return snprintf(page, PAGE_SIZE, "%s\n", udev->dev_config);
}

1778 1779
static ssize_t tcmu_dev_config_store(struct config_item *item, const char *page,
				     size_t count)
1780 1781 1782 1783
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
1784
	int ret, len;
1785

1786 1787
	len = strlen(page);
	if (!len || len > TCMU_CONFIG_LEN - 1)
1788 1789 1790 1791
		return -EINVAL;

	/* Check if device has been configured before */
	if (tcmu_dev_configured(udev)) {
1792
		ret = tcmu_netlink_event(udev, TCMU_CMD_RECONFIG_DEVICE,
1793
					 TCMU_ATTR_DEV_CFG, page);
1794 1795 1796 1797
		if (ret) {
			pr_err("Unable to reconfigure device\n");
			return ret;
		}
B
Bryant G. Ly 已提交
1798 1799 1800 1801 1802 1803
		strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN);

		ret = tcmu_update_uio_info(udev);
		if (ret)
			return ret;
		return count;
1804
	}
1805
	strlcpy(udev->dev_config, page, TCMU_CONFIG_LEN);
1806 1807 1808

	return count;
}
1809
CONFIGFS_ATTR(tcmu_, dev_config);
1810

1811 1812 1813 1814 1815 1816 1817 1818 1819 1820 1821 1822 1823 1824 1825
static ssize_t tcmu_dev_size_show(struct config_item *item, char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);

	return snprintf(page, PAGE_SIZE, "%zu\n", udev->dev_size);
}

static ssize_t tcmu_dev_size_store(struct config_item *item, const char *page,
				   size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
						struct se_dev_attrib, da_group);
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
1826
	u64 val;
1827 1828
	int ret;

1829
	ret = kstrtou64(page, 0, &val);
1830 1831 1832 1833 1834
	if (ret < 0)
		return ret;

	/* Check if device has been configured before */
	if (tcmu_dev_configured(udev)) {
1835
		ret = tcmu_netlink_event(udev, TCMU_CMD_RECONFIG_DEVICE,
1836
					 TCMU_ATTR_DEV_SIZE, &val);
1837 1838 1839 1840 1841
		if (ret) {
			pr_err("Unable to reconfigure device\n");
			return ret;
		}
	}
1842
	udev->dev_size = val;
1843 1844 1845 1846
	return count;
}
CONFIGFS_ATTR(tcmu_, dev_size);

B
Bryant G. Ly 已提交
1847 1848 1849 1850 1851 1852 1853 1854 1855 1856 1857 1858 1859 1860
static ssize_t tcmu_emulate_write_cache_show(struct config_item *item,
					     char *page)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);

	return snprintf(page, PAGE_SIZE, "%i\n", da->emulate_write_cache);
}

static ssize_t tcmu_emulate_write_cache_store(struct config_item *item,
					      const char *page, size_t count)
{
	struct se_dev_attrib *da = container_of(to_config_group(item),
					struct se_dev_attrib, da_group);
1861
	struct tcmu_dev *udev = TCMU_DEV(da->da_dev);
1862
	u8 val;
B
Bryant G. Ly 已提交
1863 1864
	int ret;

1865
	ret = kstrtou8(page, 0, &val);
B
Bryant G. Ly 已提交
1866 1867 1868
	if (ret < 0)
		return ret;

1869 1870
	/* Check if device has been configured before */
	if (tcmu_dev_configured(udev)) {
1871
		ret = tcmu_netlink_event(udev, TCMU_CMD_RECONFIG_DEVICE,
1872
					 TCMU_ATTR_WRITECACHE, &val);
1873 1874 1875 1876 1877
		if (ret) {
			pr_err("Unable to reconfigure device\n");
			return ret;
		}
	}
1878 1879

	da->emulate_write_cache = val;
B
Bryant G. Ly 已提交
1880 1881 1882 1883
	return count;
}
CONFIGFS_ATTR(tcmu_, emulate_write_cache);

1884
static struct configfs_attribute *tcmu_attrib_attrs[] = {
1885
	&tcmu_attr_cmd_time_out,
1886
	&tcmu_attr_dev_config,
1887 1888 1889 1890 1891
	&tcmu_attr_dev_size,
	&tcmu_attr_emulate_write_cache,
	NULL,
};

1892 1893 1894
static struct configfs_attribute **tcmu_attrs;

static struct target_backend_ops tcmu_ops = {
1895 1896
	.name			= "user",
	.owner			= THIS_MODULE,
1897
	.transport_flags	= TRANSPORT_FLAG_PASSTHROUGH,
1898 1899 1900 1901
	.attach_hba		= tcmu_attach_hba,
	.detach_hba		= tcmu_detach_hba,
	.alloc_device		= tcmu_alloc_device,
	.configure_device	= tcmu_configure_device,
1902
	.destroy_device		= tcmu_destroy_device,
1903 1904 1905 1906 1907 1908
	.free_device		= tcmu_free_device,
	.parse_cdb		= tcmu_parse_cdb,
	.set_configfs_dev_params = tcmu_set_configfs_dev_params,
	.show_configfs_dev_params = tcmu_show_configfs_dev_params,
	.get_device_type	= sbc_get_device_type,
	.get_blocks		= tcmu_get_blocks,
1909
	.tb_dev_attrib_attrs	= NULL,
1910 1911
};

1912 1913 1914 1915 1916 1917 1918 1919
static int unmap_thread_fn(void *data)
{
	struct tcmu_dev *udev;
	loff_t off;
	uint32_t start, end, block;
	struct page *page;
	int i;

1920
	while (!kthread_should_stop()) {
1921 1922 1923 1924 1925 1926
		DEFINE_WAIT(__wait);

		prepare_to_wait(&unmap_wait, &__wait, TASK_INTERRUPTIBLE);
		schedule();
		finish_wait(&unmap_wait, &__wait);

1927 1928 1929
		if (kthread_should_stop())
			break;

1930 1931 1932 1933 1934 1935 1936 1937 1938 1939 1940 1941 1942 1943 1944 1945 1946 1947 1948 1949 1950 1951 1952 1953 1954 1955 1956 1957 1958 1959 1960 1961 1962 1963 1964 1965 1966 1967 1968 1969 1970 1971 1972 1973 1974 1975 1976 1977 1978 1979 1980 1981 1982 1983 1984 1985 1986 1987 1988 1989
		mutex_lock(&root_udev_mutex);
		list_for_each_entry(udev, &root_udev, node) {
			mutex_lock(&udev->cmdr_lock);

			/* Try to complete the finished commands first */
			tcmu_handle_completions(udev);

			/* Skip the udevs waiting the global pool or in idle */
			if (udev->waiting_global || !udev->dbi_thresh) {
				mutex_unlock(&udev->cmdr_lock);
				continue;
			}

			end = udev->dbi_max + 1;
			block = find_last_bit(udev->data_bitmap, end);
			if (block == udev->dbi_max) {
				/*
				 * The last bit is dbi_max, so there is
				 * no need to shrink any blocks.
				 */
				mutex_unlock(&udev->cmdr_lock);
				continue;
			} else if (block == end) {
				/* The current udev will goto idle state */
				udev->dbi_thresh = start = 0;
				udev->dbi_max = 0;
			} else {
				udev->dbi_thresh = start = block + 1;
				udev->dbi_max = block;
			}

			/* Here will truncate the data area from off */
			off = udev->data_off + start * DATA_BLOCK_SIZE;
			unmap_mapping_range(udev->inode->i_mapping, off, 0, 1);

			/* Release the block pages */
			for (i = start; i < end; i++) {
				page = radix_tree_delete(&udev->data_blocks, i);
				if (page) {
					__free_page(page);
					atomic_dec(&global_db_count);
				}
			}
			mutex_unlock(&udev->cmdr_lock);
		}

		/*
		 * Try to wake up the udevs who are waiting
		 * for the global data pool.
		 */
		list_for_each_entry(udev, &root_udev, node) {
			if (udev->waiting_global)
				wake_up(&udev->wait_cmdr);
		}
		mutex_unlock(&root_udev_mutex);
	}

	return 0;
}

1990 1991
static int __init tcmu_module_init(void)
{
1992
	int ret, i, k, len = 0;
1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013

	BUILD_BUG_ON((sizeof(struct tcmu_cmd_entry) % TCMU_OP_ALIGN_SIZE) != 0);

	tcmu_cmd_cache = kmem_cache_create("tcmu_cmd_cache",
				sizeof(struct tcmu_cmd),
				__alignof__(struct tcmu_cmd),
				0, NULL);
	if (!tcmu_cmd_cache)
		return -ENOMEM;

	tcmu_root_device = root_device_register("tcm_user");
	if (IS_ERR(tcmu_root_device)) {
		ret = PTR_ERR(tcmu_root_device);
		goto out_free_cache;
	}

	ret = genl_register_family(&tcmu_genl_family);
	if (ret < 0) {
		goto out_unreg_device;
	}

2014 2015 2016
	for (i = 0; passthrough_attrib_attrs[i] != NULL; i++) {
		len += sizeof(struct configfs_attribute *);
	}
2017 2018 2019 2020
	for (i = 0; tcmu_attrib_attrs[i] != NULL; i++) {
		len += sizeof(struct configfs_attribute *);
	}
	len += sizeof(struct configfs_attribute *);
2021 2022 2023 2024 2025 2026 2027 2028 2029 2030

	tcmu_attrs = kzalloc(len, GFP_KERNEL);
	if (!tcmu_attrs) {
		ret = -ENOMEM;
		goto out_unreg_genl;
	}

	for (i = 0; passthrough_attrib_attrs[i] != NULL; i++) {
		tcmu_attrs[i] = passthrough_attrib_attrs[i];
	}
2031 2032 2033 2034
	for (k = 0; tcmu_attrib_attrs[k] != NULL; k++) {
		tcmu_attrs[i] = tcmu_attrib_attrs[k];
		i++;
	}
2035 2036
	tcmu_ops.tb_dev_attrib_attrs = tcmu_attrs;

2037
	ret = transport_backend_register(&tcmu_ops);
2038
	if (ret)
2039
		goto out_attrs;
2040

2041 2042 2043 2044 2045 2046 2047
	init_waitqueue_head(&unmap_wait);
	unmap_thread = kthread_run(unmap_thread_fn, NULL, "tcmu_unmap");
	if (IS_ERR(unmap_thread)) {
		ret = PTR_ERR(unmap_thread);
		goto out_unreg_transport;
	}

2048 2049
	return 0;

2050 2051
out_unreg_transport:
	target_backend_unregister(&tcmu_ops);
2052 2053
out_attrs:
	kfree(tcmu_attrs);
2054 2055 2056 2057 2058 2059 2060 2061 2062 2063 2064 2065
out_unreg_genl:
	genl_unregister_family(&tcmu_genl_family);
out_unreg_device:
	root_device_unregister(tcmu_root_device);
out_free_cache:
	kmem_cache_destroy(tcmu_cmd_cache);

	return ret;
}

static void __exit tcmu_module_exit(void)
{
2066
	kthread_stop(unmap_thread);
2067
	target_backend_unregister(&tcmu_ops);
2068
	kfree(tcmu_attrs);
2069 2070 2071 2072 2073 2074 2075 2076 2077 2078 2079 2080
	genl_unregister_family(&tcmu_genl_family);
	root_device_unregister(tcmu_root_device);
	kmem_cache_destroy(tcmu_cmd_cache);
}

MODULE_DESCRIPTION("TCM USER subsystem plugin");
MODULE_AUTHOR("Shaohua Li <shli@kernel.org>");
MODULE_AUTHOR("Andy Grover <agrover@redhat.com>");
MODULE_LICENSE("GPL");

module_init(tcmu_module_init);
module_exit(tcmu_module_exit);