search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mwave: fix info leak in mwave_ioctl()
[linux-2.6.git] / drivers / target / target_core_tmr.c
blobd0b4dd95b91e96628999a362b409543caee5578f
1 /*******************************************************************************
2 * Filename: target_core_tmr.c
3 *
4 * This file contains SPC-3 task management infrastructure
5 *
6 * (c) Copyright 2009-2012 RisingTide Systems LLC.
7 *
8 * Nicholas A. Bellinger <nab@kernel.org>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
23 *
24 ******************************************************************************/
25
26 #include <linux/slab.h>
27 #include <linux/spinlock.h>
28 #include <linux/list.h>
29 #include <linux/export.h>
30 #include <scsi/scsi.h>
31 #include <scsi/scsi_cmnd.h>
32
33 #include <target/target_core_base.h>
34 #include <target/target_core_backend.h>
35 #include <target/target_core_fabric.h>
36 #include <target/target_core_configfs.h>
37
38 #include "target_core_internal.h"
39 #include "target_core_alua.h"
40 #include "target_core_pr.h"
41
42 int core_tmr_alloc_req(
43 struct se_cmd *se_cmd,
44 void *fabric_tmr_ptr,
45 u8 function,
46 gfp_t gfp_flags)
47 {
48 struct se_tmr_req *tmr;
49
50 tmr = kzalloc(sizeof(struct se_tmr_req), gfp_flags);
51 if (!tmr) {
52 pr_err("Unable to allocate struct se_tmr_req\n");
53 return -ENOMEM;
54 }
55
56 se_cmd->se_cmd_flags |= SCF_SCSI_TMR_CDB;
57 se_cmd->se_tmr_req = tmr;
58 tmr->task_cmd = se_cmd;
59 tmr->fabric_tmr_ptr = fabric_tmr_ptr;
60 tmr->function = function;
61 INIT_LIST_HEAD(&tmr->tmr_list);
62
63 return 0;
64 }
65 EXPORT_SYMBOL(core_tmr_alloc_req);
66
67 void core_tmr_release_req(
68 struct se_tmr_req *tmr)
69 {
70 struct se_device *dev = tmr->tmr_dev;
71 unsigned long flags;
72
73 if (!dev) {
74 kfree(tmr);
75 return;
76 }
77
78 spin_lock_irqsave(&dev->se_tmr_lock, flags);
79 list_del(&tmr->tmr_list);
80 spin_unlock_irqrestore(&dev->se_tmr_lock, flags);
81
82 kfree(tmr);
83 }
84
85 static void core_tmr_handle_tas_abort(
86 struct se_node_acl *tmr_nacl,
87 struct se_cmd *cmd,
88 int tas,
89 int fe_count)
90 {
91 if (!fe_count) {
92 transport_cmd_finish_abort(cmd, 1);
93 return;
94 }
95 /*
96 * TASK ABORTED status (TAS) bit support
97 */
98 if ((tmr_nacl &&
99 (tmr_nacl == cmd->se_sess->se_node_acl)) || tas)
100 transport_send_task_abort(cmd);
101
102 transport_cmd_finish_abort(cmd, 0);
103 }
104
105 static int target_check_cdb_and_preempt(struct list_head *list,
106 struct se_cmd *cmd)
107 {
108 struct t10_pr_registration *reg;
109
110 if (!list)
111 return 0;
112 list_for_each_entry(reg, list, pr_reg_abort_list) {
113 if (reg->pr_res_key == cmd->pr_res_key)
114 return 0;
115 }
116
117 return 1;
118 }
119
120 void core_tmr_abort_task(
121 struct se_device *dev,
122 struct se_tmr_req *tmr,
123 struct se_session *se_sess)
124 {
125 struct se_cmd *se_cmd, *tmp_cmd;
126 unsigned long flags;
127 int ref_tag;
128
129 spin_lock_irqsave(&se_sess->sess_cmd_lock, flags);
130 list_for_each_entry_safe(se_cmd, tmp_cmd,
131 &se_sess->sess_cmd_list, se_cmd_list) {
132
133 if (dev != se_cmd->se_dev)
134 continue;
135 ref_tag = se_cmd->se_tfo->get_task_tag(se_cmd);
136 if (tmr->ref_task_tag != ref_tag)
137 continue;
138
139 printk("ABORT_TASK: Found referenced %s task_tag: %u\n",
140 se_cmd->se_tfo->get_fabric_name(), ref_tag);
141
142 spin_lock(&se_cmd->t_state_lock);
143 if (se_cmd->transport_state & CMD_T_COMPLETE) {
144 printk("ABORT_TASK: ref_tag: %u already complete, skipping\n", ref_tag);
145 spin_unlock(&se_cmd->t_state_lock);
146 spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
147 goto out;
148 }
149 se_cmd->transport_state |= CMD_T_ABORTED;
150 spin_unlock(&se_cmd->t_state_lock);
151
152 list_del_init(&se_cmd->se_cmd_list);
153 kref_get(&se_cmd->cmd_kref);
154 spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
155
156 cancel_work_sync(&se_cmd->work);
157 transport_wait_for_tasks(se_cmd);
158 /*
159 * Now send SAM_STAT_TASK_ABORTED status for the referenced
160 * se_cmd descriptor..
161 */
162 transport_send_task_abort(se_cmd);
163 /*
164 * Also deal with possible extra acknowledge reference..
165 */
166 if (se_cmd->se_cmd_flags & SCF_ACK_KREF)
167 target_put_sess_cmd(se_sess, se_cmd);
168
169 target_put_sess_cmd(se_sess, se_cmd);
170
171 printk("ABORT_TASK: Sending TMR_FUNCTION_COMPLETE for"
172 " ref_tag: %d\n", ref_tag);
173 tmr->response = TMR_FUNCTION_COMPLETE;
174 return;
175 }
176 spin_unlock_irqrestore(&se_sess->sess_cmd_lock, flags);
177
178 out:
179 printk("ABORT_TASK: Sending TMR_TASK_DOES_NOT_EXIST for ref_tag: %d\n",
180 tmr->ref_task_tag);
181 tmr->response = TMR_TASK_DOES_NOT_EXIST;
182 }
183
184 static void core_tmr_drain_tmr_list(
185 struct se_device *dev,
186 struct se_tmr_req *tmr,
187 struct list_head *preempt_and_abort_list)
188 {
189 LIST_HEAD(drain_tmr_list);
190 struct se_tmr_req *tmr_p, *tmr_pp;
191 struct se_cmd *cmd;
192 unsigned long flags;
193 /*
194 * Release all pending and outgoing TMRs aside from the received
195 * LUN_RESET tmr..
196 */
197 spin_lock_irqsave(&dev->se_tmr_lock, flags);
198 list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) {
199 /*
200 * Allow the received TMR to return with FUNCTION_COMPLETE.
201 */
202 if (tmr_p == tmr)
203 continue;
204
205 cmd = tmr_p->task_cmd;
206 if (!cmd) {
207 pr_err("Unable to locate struct se_cmd for TMR\n");
208 continue;
209 }
210 /*
211 * If this function was called with a valid pr_res_key
212 * parameter (eg: for PROUT PREEMPT_AND_ABORT service action
213 * skip non regisration key matching TMRs.
214 */
215 if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd))
216 continue;
217
218 spin_lock(&cmd->t_state_lock);
219 if (!(cmd->transport_state & CMD_T_ACTIVE)) {
220 spin_unlock(&cmd->t_state_lock);
221 continue;
222 }
223 if (cmd->t_state == TRANSPORT_ISTATE_PROCESSING) {
224 spin_unlock(&cmd->t_state_lock);
225 continue;
226 }
227 spin_unlock(&cmd->t_state_lock);
228
229 list_move_tail(&tmr_p->tmr_list, &drain_tmr_list);
230 }
231 spin_unlock_irqrestore(&dev->se_tmr_lock, flags);
232
233 list_for_each_entry_safe(tmr_p, tmr_pp, &drain_tmr_list, tmr_list) {
234 list_del_init(&tmr_p->tmr_list);
235 cmd = tmr_p->task_cmd;
236
237 pr_debug("LUN_RESET: %s releasing TMR %p Function: 0x%02x,"
238 " Response: 0x%02x, t_state: %d\n",
239 (preempt_and_abort_list) ? "Preempt" : "", tmr_p,
240 tmr_p->function, tmr_p->response, cmd->t_state);
241
242 transport_cmd_finish_abort(cmd, 1);
243 }
244 }
245
246 static void core_tmr_drain_state_list(
247 struct se_device *dev,
248 struct se_cmd *prout_cmd,
249 struct se_node_acl *tmr_nacl,
250 int tas,
251 struct list_head *preempt_and_abort_list)
252 {
253 LIST_HEAD(drain_task_list);
254 struct se_cmd *cmd, *next;
255 unsigned long flags;
256 int fe_count;
257
258 /*
259 * Complete outstanding commands with TASK_ABORTED SAM status.
260 *
261 * This is following sam4r17, section 5.6 Aborting commands, Table 38
262 * for TMR LUN_RESET:
263 *
264 * a) "Yes" indicates that each command that is aborted on an I_T nexus
265 * other than the one that caused the SCSI device condition is
266 * completed with TASK ABORTED status, if the TAS bit is set to one in
267 * the Control mode page (see SPC-4). "No" indicates that no status is
268 * returned for aborted commands.
269 *
270 * d) If the logical unit reset is caused by a particular I_T nexus
271 * (e.g., by a LOGICAL UNIT RESET task management function), then "yes"
272 * (TASK_ABORTED status) applies.
273 *
274 * Otherwise (e.g., if triggered by a hard reset), "no"
275 * (no TASK_ABORTED SAM status) applies.
276 *
277 * Note that this seems to be independent of TAS (Task Aborted Status)
278 * in the Control Mode Page.
279 */
280 spin_lock_irqsave(&dev->execute_task_lock, flags);
281 list_for_each_entry_safe(cmd, next, &dev->state_list, state_list) {
282 /*
283 * For PREEMPT_AND_ABORT usage, only process commands
284 * with a matching reservation key.
285 */
286 if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd))
287 continue;
288
289 /*
290 * Not aborting PROUT PREEMPT_AND_ABORT CDB..
291 */
292 if (prout_cmd == cmd)
293 continue;
294
295 list_move_tail(&cmd->state_list, &drain_task_list);
296 cmd->state_active = false;
297 }
298 spin_unlock_irqrestore(&dev->execute_task_lock, flags);
299
300 while (!list_empty(&drain_task_list)) {
301 cmd = list_entry(drain_task_list.next, struct se_cmd, state_list);
302 list_del(&cmd->state_list);
303
304 pr_debug("LUN_RESET: %s cmd: %p"
305 " ITT/CmdSN: 0x%08x/0x%08x, i_state: %d, t_state: %d"
306 "cdb: 0x%02x\n",
307 (preempt_and_abort_list) ? "Preempt" : "", cmd,
308 cmd->se_tfo->get_task_tag(cmd), 0,
309 cmd->se_tfo->get_cmd_state(cmd), cmd->t_state,
310 cmd->t_task_cdb[0]);
311 pr_debug("LUN_RESET: ITT[0x%08x] - pr_res_key: 0x%016Lx"
312 " -- CMD_T_ACTIVE: %d"
313 " CMD_T_STOP: %d CMD_T_SENT: %d\n",
314 cmd->se_tfo->get_task_tag(cmd), cmd->pr_res_key,
315 (cmd->transport_state & CMD_T_ACTIVE) != 0,
316 (cmd->transport_state & CMD_T_STOP) != 0,
317 (cmd->transport_state & CMD_T_SENT) != 0);
318
319 /*
320 * If the command may be queued onto a workqueue cancel it now.
321 *
322 * This is equivalent to removal from the execute queue in the
323 * loop above, but we do it down here given that
324 * cancel_work_sync may block.
325 */
326 if (cmd->t_state == TRANSPORT_COMPLETE)
327 cancel_work_sync(&cmd->work);
328
329 spin_lock_irqsave(&cmd->t_state_lock, flags);
330 target_stop_cmd(cmd, &flags);
331
332 fe_count = atomic_read(&cmd->t_fe_count);
333
334 cmd->transport_state |= CMD_T_ABORTED;
335 spin_unlock_irqrestore(&cmd->t_state_lock, flags);
336
337 core_tmr_handle_tas_abort(tmr_nacl, cmd, tas, fe_count);
338 }
339 }
340
341 int core_tmr_lun_reset(
342 struct se_device *dev,
343 struct se_tmr_req *tmr,
344 struct list_head *preempt_and_abort_list,
345 struct se_cmd *prout_cmd)
346 {
347 struct se_node_acl *tmr_nacl = NULL;
348 struct se_portal_group *tmr_tpg = NULL;
349 int tas;
350 /*
351 * TASK_ABORTED status bit, this is configurable via ConfigFS
352 * struct se_device attributes. spc4r17 section 7.4.6 Control mode page
353 *
354 * A task aborted status (TAS) bit set to zero specifies that aborted
355 * tasks shall be terminated by the device server without any response
356 * to the application client. A TAS bit set to one specifies that tasks
357 * aborted by the actions of an I_T nexus other than the I_T nexus on
358 * which the command was received shall be completed with TASK ABORTED
359 * status (see SAM-4).
360 */
361 tas = dev->dev_attrib.emulate_tas;
362 /*
363 * Determine if this se_tmr is coming from a $FABRIC_MOD
364 * or struct se_device passthrough..
365 */
366 if (tmr && tmr->task_cmd && tmr->task_cmd->se_sess) {
367 tmr_nacl = tmr->task_cmd->se_sess->se_node_acl;
368 tmr_tpg = tmr->task_cmd->se_sess->se_tpg;
369 if (tmr_nacl && tmr_tpg) {
370 pr_debug("LUN_RESET: TMR caller fabric: %s"
371 " initiator port %s\n",
372 tmr_tpg->se_tpg_tfo->get_fabric_name(),
373 tmr_nacl->initiatorname);
374 }
375 }
376 pr_debug("LUN_RESET: %s starting for [%s], tas: %d\n",
377 (preempt_and_abort_list) ? "Preempt" : "TMR",
378 dev->transport->name, tas);
379
380 core_tmr_drain_tmr_list(dev, tmr, preempt_and_abort_list);
381 core_tmr_drain_state_list(dev, prout_cmd, tmr_nacl, tas,
382 preempt_and_abort_list);
383
384 /*
385 * Clear any legacy SPC-2 reservation when called during
386 * LOGICAL UNIT RESET
387 */
388 if (!preempt_and_abort_list &&
389 (dev->dev_reservation_flags & DRF_SPC2_RESERVATIONS)) {
390 spin_lock(&dev->dev_reservation_lock);
391 dev->dev_reserved_node_acl = NULL;
392 dev->dev_reservation_flags &= ~DRF_SPC2_RESERVATIONS;
393 spin_unlock(&dev->dev_reservation_lock);
394 pr_debug("LUN_RESET: SCSI-2 Released reservation\n");
395 }
396
397 spin_lock_irq(&dev->stats_lock);
398 dev->num_resets++;
399 spin_unlock_irq(&dev->stats_lock);
400
401 pr_debug("LUN_RESET: %s for [%s] Complete\n",
402 (preempt_and_abort_list) ? "Preempt" : "TMR",
403 dev->transport->name);
404 return 0;
405 }
406
Linus' kernel tree