1/* 2 * Copyright (c) 2006 - 2009 Mellanox Technology Inc. All rights reserved. 3 * Copyright (C) 2008 - 2011 Bart Van Assche <bvanassche@acm.org>. 4 * 5 * This software is available to you under a choice of one of two 6 * licenses. You may choose to be licensed under the terms of the GNU 7 * General Public License (GPL) Version 2, available from the file 8 * COPYING in the main directory of this source tree, or the 9 * OpenIB.org BSD license below: 10 * 11 * Redistribution and use in source and binary forms, with or 12 * without modification, are permitted provided that the following 13 * conditions are met: 14 * 15 * - Redistributions of source code must retain the above 16 * copyright notice, this list of conditions and the following 17 * disclaimer. 18 * 19 * - Redistributions in binary form must reproduce the above 20 * copyright notice, this list of conditions and the following 21 * disclaimer in the documentation and/or other materials 22 * provided with the distribution. 23 * 24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 31 * SOFTWARE. 32 * 33 */ 34 35#include <linux/module.h> 36#include <linux/init.h> 37#include <linux/slab.h> 38#include <linux/err.h> 39#include <linux/ctype.h> 40#include <linux/kthread.h> 41#include <linux/string.h> 42#include <linux/delay.h> 43#include <linux/atomic.h> 44#include <linux/inet.h> 45#include <rdma/ib_cache.h> 46#include <scsi/scsi_proto.h> 47#include <scsi/scsi_tcq.h> 48#include <target/target_core_base.h> 49#include <target/target_core_fabric.h> 50#include "ib_srpt.h" 51 52/* Name of this kernel module. */ 53#define DRV_NAME "ib_srpt" 54 55#define SRPT_ID_STRING "Linux SRP target" 56 57#undef pr_fmt 58#define pr_fmt(fmt) DRV_NAME " " fmt 59 60MODULE_AUTHOR("Vu Pham and Bart Van Assche"); 61MODULE_DESCRIPTION("SCSI RDMA Protocol target driver"); 62MODULE_LICENSE("Dual BSD/GPL"); 63 64/* 65 * Global Variables 66 */ 67 68static u64 srpt_service_guid; 69static DEFINE_SPINLOCK(srpt_dev_lock); /* Protects srpt_dev_list. */ 70static LIST_HEAD(srpt_dev_list); /* List of srpt_device structures. */ 71 72static unsigned srp_max_req_size = DEFAULT_MAX_REQ_SIZE; 73module_param(srp_max_req_size, int, 0444); 74MODULE_PARM_DESC(srp_max_req_size, 75 "Maximum size of SRP request messages in bytes."); 76 77static int srpt_srq_size = DEFAULT_SRPT_SRQ_SIZE; 78module_param(srpt_srq_size, int, 0444); 79MODULE_PARM_DESC(srpt_srq_size, 80 "Shared receive queue (SRQ) size."); 81 82static int srpt_get_u64_x(char *buffer, const struct kernel_param *kp) 83{ 84 return sprintf(buffer, "0x%016llx\n", *(u64 *)kp->arg); 85} 86module_param_call(srpt_service_guid, NULL, srpt_get_u64_x, &srpt_service_guid, 87 0444); 88MODULE_PARM_DESC(srpt_service_guid, 89 "Using this value for ioc_guid, id_ext, and cm_listen_id instead of using the node_guid of the first HCA."); 90 91static struct ib_client srpt_client; 92/* Protects both rdma_cm_port and rdma_cm_id. */ 93static DEFINE_MUTEX(rdma_cm_mutex); 94/* Port number RDMA/CM will bind to. */ 95static u16 rdma_cm_port; 96static struct rdma_cm_id *rdma_cm_id; 97static void srpt_release_cmd(struct se_cmd *se_cmd); 98static void srpt_free_ch(struct kref *kref); 99static int srpt_queue_status(struct se_cmd *cmd); 100static void srpt_recv_done(struct ib_cq *cq, struct ib_wc *wc); 101static void srpt_send_done(struct ib_cq *cq, struct ib_wc *wc); 102static void srpt_process_wait_list(struct srpt_rdma_ch *ch); 103 104/* 105 * The only allowed channel state changes are those that change the channel 106 * state into a state with a higher numerical value. Hence the new > prev test. 107 */ 108static bool srpt_set_ch_state(struct srpt_rdma_ch *ch, enum rdma_ch_state new) 109{ 110 unsigned long flags; 111 enum rdma_ch_state prev; 112 bool changed = false; 113 114 spin_lock_irqsave(&ch->spinlock, flags); 115 prev = ch->state; 116 if (new > prev) { 117 ch->state = new; 118 changed = true; 119 } 120 spin_unlock_irqrestore(&ch->spinlock, flags); 121 122 return changed; 123} 124 125/** 126 * srpt_event_handler - asynchronous IB event callback function 127 * @handler: IB event handler registered by ib_register_event_handler(). 128 * @event: Description of the event that occurred. 129 * 130 * Callback function called by the InfiniBand core when an asynchronous IB 131 * event occurs. This callback may occur in interrupt context. See also 132 * section 11.5.2, Set Asynchronous Event Handler in the InfiniBand 133 * Architecture Specification. 134 */ 135static void srpt_event_handler(struct ib_event_handler *handler, 136 struct ib_event *event) 137{ 138 struct srpt_device *sdev = 139 container_of(handler, struct srpt_device, event_handler); 140 struct srpt_port *sport; 141 u8 port_num; 142 143 pr_debug("ASYNC event= %d on device= %s\n", event->event, 144 dev_name(&sdev->device->dev)); 145 146 switch (event->event) { 147 case IB_EVENT_PORT_ERR: 148 port_num = event->element.port_num - 1; 149 if (port_num < sdev->device->phys_port_cnt) { 150 sport = &sdev->port[port_num]; 151 sport->lid = 0; 152 sport->sm_lid = 0; 153 } else { 154 WARN(true, "event %d: port_num %d out of range 1..%d\n", 155 event->event, port_num + 1, 156 sdev->device->phys_port_cnt); 157 } 158 break; 159 case IB_EVENT_PORT_ACTIVE: 160 case IB_EVENT_LID_CHANGE: 161 case IB_EVENT_PKEY_CHANGE: 162 case IB_EVENT_SM_CHANGE: 163 case IB_EVENT_CLIENT_REREGISTER: 164 case IB_EVENT_GID_CHANGE: 165 /* Refresh port data asynchronously. */ 166 port_num = event->element.port_num - 1; 167 if (port_num < sdev->device->phys_port_cnt) { 168 sport = &sdev->port[port_num]; 169 if (!sport->lid && !sport->sm_lid) 170 schedule_work(&sport->work); 171 } else { 172 WARN(true, "event %d: port_num %d out of range 1..%d\n", 173 event->event, port_num + 1, 174 sdev->device->phys_port_cnt); 175 } 176 break; 177 default: 178 pr_err("received unrecognized IB event %d\n", event->event); 179 break; 180 } 181} 182 183/** 184 * srpt_srq_event - SRQ event callback function 185 * @event: Description of the event that occurred. 186 * @ctx: Context pointer specified at SRQ creation time. 187 */ 188static void srpt_srq_event(struct ib_event *event, void *ctx) 189{ 190 pr_debug("SRQ event %d\n", event->event); 191} 192 193static const char *get_ch_state_name(enum rdma_ch_state s) 194{ 195 switch (s) { 196 case CH_CONNECTING: 197 return "connecting"; 198 case CH_LIVE: 199 return "live"; 200 case CH_DISCONNECTING: 201 return "disconnecting"; 202 case CH_DRAINING: 203 return "draining"; 204 case CH_DISCONNECTED: 205 return "disconnected"; 206 } 207 return "???"; 208} 209 210/** 211 * srpt_qp_event - QP event callback function 212 * @event: Description of the event that occurred. 213 * @ch: SRPT RDMA channel. 214 */ 215static void srpt_qp_event(struct ib_event *event, struct srpt_rdma_ch *ch) 216{ 217 pr_debug("QP event %d on ch=%p sess_name=%s-%d state=%s\n", 218 event->event, ch, ch->sess_name, ch->qp->qp_num, 219 get_ch_state_name(ch->state)); 220 221 switch (event->event) { 222 case IB_EVENT_COMM_EST: 223 if (ch->using_rdma_cm) 224 rdma_notify(ch->rdma_cm.cm_id, event->event); 225 else 226 ib_cm_notify(ch->ib_cm.cm_id, event->event); 227 break; 228 case IB_EVENT_QP_LAST_WQE_REACHED: 229 pr_debug("%s-%d, state %s: received Last WQE event.\n", 230 ch->sess_name, ch->qp->qp_num, 231 get_ch_state_name(ch->state)); 232 break; 233 default: 234 pr_err("received unrecognized IB QP event %d\n", event->event); 235 break; 236 } 237} 238 239/** 240 * srpt_set_ioc - initialize a IOUnitInfo structure 241 * @c_list: controller list. 242 * @slot: one-based slot number. 243 * @value: four-bit value. 244 * 245 * Copies the lowest four bits of value in element slot of the array of four 246 * bit elements called c_list (controller list). The index slot is one-based. 247 */ 248static void srpt_set_ioc(u8 *c_list, u32 slot, u8 value) 249{ 250 u16 id; 251 u8 tmp; 252 253 id = (slot - 1) / 2; 254 if (slot & 0x1) { 255 tmp = c_list[id] & 0xf; 256 c_list[id] = (value << 4) | tmp; 257 } else { 258 tmp = c_list[id] & 0xf0; 259 c_list[id] = (value & 0xf) | tmp; 260 } 261} 262 263/** 264 * srpt_get_class_port_info - copy ClassPortInfo to a management datagram 265 * @mad: Datagram that will be sent as response to DM_ATTR_CLASS_PORT_INFO. 266 * 267 * See also section 16.3.3.1 ClassPortInfo in the InfiniBand Architecture 268 * Specification. 269 */ 270static void srpt_get_class_port_info(struct ib_dm_mad *mad) 271{ 272 struct ib_class_port_info *cif; 273 274 cif = (struct ib_class_port_info *)mad->data; 275 memset(cif, 0, sizeof(*cif)); 276 cif->base_version = 1; 277 cif->class_version = 1; 278 279 ib_set_cpi_resp_time(cif, 20); 280 mad->mad_hdr.status = 0; 281} 282 283/** 284 * srpt_get_iou - write IOUnitInfo to a management datagram 285 * @mad: Datagram that will be sent as response to DM_ATTR_IOU_INFO. 286 * 287 * See also section 16.3.3.3 IOUnitInfo in the InfiniBand Architecture 288 * Specification. See also section B.7, table B.6 in the SRP r16a document. 289 */ 290static void srpt_get_iou(struct ib_dm_mad *mad) 291{ 292 struct ib_dm_iou_info *ioui; 293 u8 slot; 294 int i; 295 296 ioui = (struct ib_dm_iou_info *)mad->data; 297 ioui->change_id = cpu_to_be16(1); 298 ioui->max_controllers = 16; 299 300 /* set present for slot 1 and empty for the rest */ 301 srpt_set_ioc(ioui->controller_list, 1, 1); 302 for (i = 1, slot = 2; i < 16; i++, slot++) 303 srpt_set_ioc(ioui->controller_list, slot, 0); 304 305 mad->mad_hdr.status = 0; 306} 307 308/** 309 * srpt_get_ioc - write IOControllerprofile to a management datagram 310 * @sport: HCA port through which the MAD has been received. 311 * @slot: Slot number specified in DM_ATTR_IOC_PROFILE query. 312 * @mad: Datagram that will be sent as response to DM_ATTR_IOC_PROFILE. 313 * 314 * See also section 16.3.3.4 IOControllerProfile in the InfiniBand 315 * Architecture Specification. See also section B.7, table B.7 in the SRP 316 * r16a document. 317 */ 318static void srpt_get_ioc(struct srpt_port *sport, u32 slot, 319 struct ib_dm_mad *mad) 320{ 321 struct srpt_device *sdev = sport->sdev; 322 struct ib_dm_ioc_profile *iocp; 323 int send_queue_depth; 324 325 iocp = (struct ib_dm_ioc_profile *)mad->data; 326 327 if (!slot || slot > 16) { 328 mad->mad_hdr.status 329 = cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD); 330 return; 331 } 332 333 if (slot > 2) { 334 mad->mad_hdr.status 335 = cpu_to_be16(DM_MAD_STATUS_NO_IOC); 336 return; 337 } 338 339 if (sdev->use_srq) 340 send_queue_depth = sdev->srq_size; 341 else 342 send_queue_depth = min(MAX_SRPT_RQ_SIZE, 343 sdev->device->attrs.max_qp_wr); 344 345 memset(iocp, 0, sizeof(*iocp)); 346 strcpy(iocp->id_string, SRPT_ID_STRING); 347 iocp->guid = cpu_to_be64(srpt_service_guid); 348 iocp->vendor_id = cpu_to_be32(sdev->device->attrs.vendor_id); 349 iocp->device_id = cpu_to_be32(sdev->device->attrs.vendor_part_id); 350 iocp->device_version = cpu_to_be16(sdev->device->attrs.hw_ver); 351 iocp->subsys_vendor_id = cpu_to_be32(sdev->device->attrs.vendor_id); 352 iocp->subsys_device_id = 0x0; 353 iocp->io_class = cpu_to_be16(SRP_REV16A_IB_IO_CLASS); 354 iocp->io_subclass = cpu_to_be16(SRP_IO_SUBCLASS); 355 iocp->protocol = cpu_to_be16(SRP_PROTOCOL); 356 iocp->protocol_version = cpu_to_be16(SRP_PROTOCOL_VERSION); 357 iocp->send_queue_depth = cpu_to_be16(send_queue_depth); 358 iocp->rdma_read_depth = 4; 359 iocp->send_size = cpu_to_be32(srp_max_req_size); 360 iocp->rdma_size = cpu_to_be32(min(sport->port_attrib.srp_max_rdma_size, 361 1U << 24)); 362 iocp->num_svc_entries = 1; 363 iocp->op_cap_mask = SRP_SEND_TO_IOC | SRP_SEND_FROM_IOC | 364 SRP_RDMA_READ_FROM_IOC | SRP_RDMA_WRITE_FROM_IOC; 365 366 mad->mad_hdr.status = 0; 367} 368 369/** 370 * srpt_get_svc_entries - write ServiceEntries to a management datagram 371 * @ioc_guid: I/O controller GUID to use in reply. 372 * @slot: I/O controller number. 373 * @hi: End of the range of service entries to be specified in the reply. 374 * @lo: Start of the range of service entries to be specified in the reply.. 375 * @mad: Datagram that will be sent as response to DM_ATTR_SVC_ENTRIES. 376 * 377 * See also section 16.3.3.5 ServiceEntries in the InfiniBand Architecture 378 * Specification. See also section B.7, table B.8 in the SRP r16a document. 379 */ 380static void srpt_get_svc_entries(u64 ioc_guid, 381 u16 slot, u8 hi, u8 lo, struct ib_dm_mad *mad) 382{ 383 struct ib_dm_svc_entries *svc_entries; 384 385 WARN_ON(!ioc_guid); 386 387 if (!slot || slot > 16) { 388 mad->mad_hdr.status 389 = cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD); 390 return; 391 } 392 393 if (slot > 2 || lo > hi || hi > 1) { 394 mad->mad_hdr.status 395 = cpu_to_be16(DM_MAD_STATUS_NO_IOC); 396 return; 397 } 398 399 svc_entries = (struct ib_dm_svc_entries *)mad->data; 400 memset(svc_entries, 0, sizeof(*svc_entries)); 401 svc_entries->service_entries[0].id = cpu_to_be64(ioc_guid); 402 snprintf(svc_entries->service_entries[0].name, 403 sizeof(svc_entries->service_entries[0].name), 404 "%s%016llx", 405 SRP_SERVICE_NAME_PREFIX, 406 ioc_guid); 407 408 mad->mad_hdr.status = 0; 409} 410 411/** 412 * srpt_mgmt_method_get - process a received management datagram 413 * @sp: HCA port through which the MAD has been received. 414 * @rq_mad: received MAD. 415 * @rsp_mad: response MAD. 416 */ 417static void srpt_mgmt_method_get(struct srpt_port *sp, struct ib_mad *rq_mad, 418 struct ib_dm_mad *rsp_mad) 419{ 420 u16 attr_id; 421 u32 slot; 422 u8 hi, lo; 423 424 attr_id = be16_to_cpu(rq_mad->mad_hdr.attr_id); 425 switch (attr_id) { 426 case DM_ATTR_CLASS_PORT_INFO: 427 srpt_get_class_port_info(rsp_mad); 428 break; 429 case DM_ATTR_IOU_INFO: 430 srpt_get_iou(rsp_mad); 431 break; 432 case DM_ATTR_IOC_PROFILE: 433 slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod); 434 srpt_get_ioc(sp, slot, rsp_mad); 435 break; 436 case DM_ATTR_SVC_ENTRIES: 437 slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod); 438 hi = (u8) ((slot >> 8) & 0xff); 439 lo = (u8) (slot & 0xff); 440 slot = (u16) ((slot >> 16) & 0xffff); 441 srpt_get_svc_entries(srpt_service_guid, 442 slot, hi, lo, rsp_mad); 443 break; 444 default: 445 rsp_mad->mad_hdr.status = 446 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR); 447 break; 448 } 449} 450 451/** 452 * srpt_mad_send_handler - MAD send completion callback 453 * @mad_agent: Return value of ib_register_mad_agent(). 454 * @mad_wc: Work completion reporting that the MAD has been sent. 455 */ 456static void srpt_mad_send_handler(struct ib_mad_agent *mad_agent, 457 struct ib_mad_send_wc *mad_wc) 458{ 459 rdma_destroy_ah(mad_wc->send_buf->ah, RDMA_DESTROY_AH_SLEEPABLE); 460 ib_free_send_mad(mad_wc->send_buf); 461} 462 463/** 464 * srpt_mad_recv_handler - MAD reception callback function 465 * @mad_agent: Return value of ib_register_mad_agent(). 466 * @send_buf: Not used. 467 * @mad_wc: Work completion reporting that a MAD has been received. 468 */ 469static void srpt_mad_recv_handler(struct ib_mad_agent *mad_agent, 470 struct ib_mad_send_buf *send_buf, 471 struct ib_mad_recv_wc *mad_wc) 472{ 473 struct srpt_port *sport = (struct srpt_port *)mad_agent->context; 474 struct ib_ah *ah; 475 struct ib_mad_send_buf *rsp; 476 struct ib_dm_mad *dm_mad; 477 478 if (!mad_wc || !mad_wc->recv_buf.mad) 479 return; 480 481 ah = ib_create_ah_from_wc(mad_agent->qp->pd, mad_wc->wc, 482 mad_wc->recv_buf.grh, mad_agent->port_num); 483 if (IS_ERR(ah)) 484 goto err; 485 486 BUILD_BUG_ON(offsetof(struct ib_dm_mad, data) != IB_MGMT_DEVICE_HDR); 487 488 rsp = ib_create_send_mad(mad_agent, mad_wc->wc->src_qp, 489 mad_wc->wc->pkey_index, 0, 490 IB_MGMT_DEVICE_HDR, IB_MGMT_DEVICE_DATA, 491 GFP_KERNEL, 492 IB_MGMT_BASE_VERSION); 493 if (IS_ERR(rsp)) 494 goto err_rsp; 495 496 rsp->ah = ah; 497 498 dm_mad = rsp->mad; 499 memcpy(dm_mad, mad_wc->recv_buf.mad, sizeof(*dm_mad)); 500 dm_mad->mad_hdr.method = IB_MGMT_METHOD_GET_RESP; 501 dm_mad->mad_hdr.status = 0; 502 503 switch (mad_wc->recv_buf.mad->mad_hdr.method) { 504 case IB_MGMT_METHOD_GET: 505 srpt_mgmt_method_get(sport, mad_wc->recv_buf.mad, dm_mad); 506 break; 507 case IB_MGMT_METHOD_SET: 508 dm_mad->mad_hdr.status = 509 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR); 510 break; 511 default: 512 dm_mad->mad_hdr.status = 513 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD); 514 break; 515 } 516 517 if (!ib_post_send_mad(rsp, NULL)) { 518 ib_free_recv_mad(mad_wc); 519 /* will destroy_ah & free_send_mad in send completion */ 520 return; 521 } 522 523 ib_free_send_mad(rsp); 524 525err_rsp: 526 rdma_destroy_ah(ah, RDMA_DESTROY_AH_SLEEPABLE); 527err: 528 ib_free_recv_mad(mad_wc); 529} 530 531static int srpt_format_guid(char *buf, unsigned int size, const __be64 *guid) 532{ 533 const __be16 *g = (const __be16 *)guid; 534 535 return snprintf(buf, size, "%04x:%04x:%04x:%04x", 536 be16_to_cpu(g[0]), be16_to_cpu(g[1]), 537 be16_to_cpu(g[2]), be16_to_cpu(g[3])); 538} 539 540/** 541 * srpt_refresh_port - configure a HCA port 542 * @sport: SRPT HCA port. 543 * 544 * Enable InfiniBand management datagram processing, update the cached sm_lid, 545 * lid and gid values, and register a callback function for processing MADs 546 * on the specified port. 547 * 548 * Note: It is safe to call this function more than once for the same port. 549 */ 550static int srpt_refresh_port(struct srpt_port *sport) 551{ 552 struct ib_mad_agent *mad_agent; 553 struct ib_mad_reg_req reg_req; 554 struct ib_port_modify port_modify; 555 struct ib_port_attr port_attr; 556 int ret; 557 558 ret = ib_query_port(sport->sdev->device, sport->port, &port_attr); 559 if (ret) 560 return ret; 561 562 sport->sm_lid = port_attr.sm_lid; 563 sport->lid = port_attr.lid; 564 565 ret = rdma_query_gid(sport->sdev->device, sport->port, 0, &sport->gid); 566 if (ret) 567 return ret; 568 569 srpt_format_guid(sport->guid_name, ARRAY_SIZE(sport->guid_name), 570 &sport->gid.global.interface_id); 571 snprintf(sport->gid_name, ARRAY_SIZE(sport->gid_name), 572 "0x%016llx%016llx", 573 be64_to_cpu(sport->gid.global.subnet_prefix), 574 be64_to_cpu(sport->gid.global.interface_id)); 575 576 if (rdma_protocol_iwarp(sport->sdev->device, sport->port)) 577 return 0; 578 579 memset(&port_modify, 0, sizeof(port_modify)); 580 port_modify.set_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP; 581 port_modify.clr_port_cap_mask = 0; 582 583 ret = ib_modify_port(sport->sdev->device, sport->port, 0, &port_modify); 584 if (ret) { 585 pr_warn("%s-%d: enabling device management failed (%d). Note: this is expected if SR-IOV is enabled.\n", 586 dev_name(&sport->sdev->device->dev), sport->port, ret); 587 return 0; 588 } 589 590 if (!sport->mad_agent) { 591 memset(®_req, 0, sizeof(reg_req)); 592 reg_req.mgmt_class = IB_MGMT_CLASS_DEVICE_MGMT; 593 reg_req.mgmt_class_version = IB_MGMT_BASE_VERSION; 594 set_bit(IB_MGMT_METHOD_GET, reg_req.method_mask); 595 set_bit(IB_MGMT_METHOD_SET, reg_req.method_mask); 596 597 mad_agent = ib_register_mad_agent(sport->sdev->device, 598 sport->port, 599 IB_QPT_GSI, 600 ®_req, 0, 601 srpt_mad_send_handler, 602 srpt_mad_recv_handler, 603 sport, 0); 604 if (IS_ERR(mad_agent)) { 605 pr_err("%s-%d: MAD agent registration failed (%ld). Note: this is expected if SR-IOV is enabled.\n", 606 dev_name(&sport->sdev->device->dev), sport->port, 607 PTR_ERR(mad_agent)); 608 sport->mad_agent = NULL; 609 memset(&port_modify, 0, sizeof(port_modify)); 610 port_modify.clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP; 611 ib_modify_port(sport->sdev->device, sport->port, 0, 612 &port_modify); 613 return 0; 614 } 615 616 sport->mad_agent = mad_agent; 617 } 618 619 return 0; 620} 621 622/** 623 * srpt_unregister_mad_agent - unregister MAD callback functions 624 * @sdev: SRPT HCA pointer. 625 * @port_cnt: number of ports with registered MAD 626 * 627 * Note: It is safe to call this function more than once for the same device. 628 */ 629static void srpt_unregister_mad_agent(struct srpt_device *sdev, int port_cnt) 630{ 631 struct ib_port_modify port_modify = { 632 .clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP, 633 }; 634 struct srpt_port *sport; 635 int i; 636 637 for (i = 1; i <= port_cnt; i++) { 638 sport = &sdev->port[i - 1]; 639 WARN_ON(sport->port != i); 640 if (sport->mad_agent) { 641 ib_modify_port(sdev->device, i, 0, &port_modify); 642 ib_unregister_mad_agent(sport->mad_agent); 643 sport->mad_agent = NULL; 644 } 645 } 646} 647 648/** 649 * srpt_alloc_ioctx - allocate a SRPT I/O context structure 650 * @sdev: SRPT HCA pointer. 651 * @ioctx_size: I/O context size. 652 * @buf_cache: I/O buffer cache. 653 * @dir: DMA data direction. 654 */ 655static struct srpt_ioctx *srpt_alloc_ioctx(struct srpt_device *sdev, 656 int ioctx_size, 657 struct kmem_cache *buf_cache, 658 enum dma_data_direction dir) 659{ 660 struct srpt_ioctx *ioctx; 661 662 ioctx = kzalloc(ioctx_size, GFP_KERNEL); 663 if (!ioctx) 664 goto err; 665 666 ioctx->buf = kmem_cache_alloc(buf_cache, GFP_KERNEL); 667 if (!ioctx->buf) 668 goto err_free_ioctx; 669 670 ioctx->dma = ib_dma_map_single(sdev->device, ioctx->buf, 671 kmem_cache_size(buf_cache), dir); 672 if (ib_dma_mapping_error(sdev->device, ioctx->dma)) 673 goto err_free_buf; 674 675 return ioctx; 676 677err_free_buf: 678 kmem_cache_free(buf_cache, ioctx->buf); 679err_free_ioctx: 680 kfree(ioctx); 681err: 682 return NULL; 683} 684 685/** 686 * srpt_free_ioctx - free a SRPT I/O context structure 687 * @sdev: SRPT HCA pointer. 688 * @ioctx: I/O context pointer. 689 * @buf_cache: I/O buffer cache. 690 * @dir: DMA data direction. 691 */ 692static void srpt_free_ioctx(struct srpt_device *sdev, struct srpt_ioctx *ioctx, 693 struct kmem_cache *buf_cache, 694 enum dma_data_direction dir) 695{ 696 if (!ioctx) 697 return; 698 699 ib_dma_unmap_single(sdev->device, ioctx->dma, 700 kmem_cache_size(buf_cache), dir); 701 kmem_cache_free(buf_cache, ioctx->buf); 702 kfree(ioctx); 703} 704 705/** 706 * srpt_alloc_ioctx_ring - allocate a ring of SRPT I/O context structures 707 * @sdev: Device to allocate the I/O context ring for. 708 * @ring_size: Number of elements in the I/O context ring. 709 * @ioctx_size: I/O context size. 710 * @buf_cache: I/O buffer cache. 711 * @alignment_offset: Offset in each ring buffer at which the SRP information 712 * unit starts. 713 * @dir: DMA data direction. 714 */ 715static struct srpt_ioctx **srpt_alloc_ioctx_ring(struct srpt_device *sdev, 716 int ring_size, int ioctx_size, 717 struct kmem_cache *buf_cache, 718 int alignment_offset, 719 enum dma_data_direction dir) 720{ 721 struct srpt_ioctx **ring; 722 int i; 723 724 WARN_ON(ioctx_size != sizeof(struct srpt_recv_ioctx) && 725 ioctx_size != sizeof(struct srpt_send_ioctx)); 726 727 ring = kvmalloc_array(ring_size, sizeof(ring[0]), GFP_KERNEL); 728 if (!ring) 729 goto out; 730 for (i = 0; i < ring_size; ++i) { 731 ring[i] = srpt_alloc_ioctx(sdev, ioctx_size, buf_cache, dir); 732 if (!ring[i]) 733 goto err; 734 ring[i]->index = i; 735 ring[i]->offset = alignment_offset; 736 } 737 goto out; 738 739err: 740 while (--i >= 0) 741 srpt_free_ioctx(sdev, ring[i], buf_cache, dir); 742 kvfree(ring); 743 ring = NULL; 744out: 745 return ring; 746} 747 748/** 749 * srpt_free_ioctx_ring - free the ring of SRPT I/O context structures 750 * @ioctx_ring: I/O context ring to be freed. 751 * @sdev: SRPT HCA pointer. 752 * @ring_size: Number of ring elements. 753 * @buf_cache: I/O buffer cache. 754 * @dir: DMA data direction. 755 */ 756static void srpt_free_ioctx_ring(struct srpt_ioctx **ioctx_ring, 757 struct srpt_device *sdev, int ring_size, 758 struct kmem_cache *buf_cache, 759 enum dma_data_direction dir) 760{ 761 int i; 762 763 if (!ioctx_ring) 764 return; 765 766 for (i = 0; i < ring_size; ++i) 767 srpt_free_ioctx(sdev, ioctx_ring[i], buf_cache, dir); 768 kvfree(ioctx_ring); 769} 770 771/** 772 * srpt_set_cmd_state - set the state of a SCSI command 773 * @ioctx: Send I/O context. 774 * @new: New I/O context state. 775 * 776 * Does not modify the state of aborted commands. Returns the previous command 777 * state. 778 */ 779static enum srpt_command_state srpt_set_cmd_state(struct srpt_send_ioctx *ioctx, 780 enum srpt_command_state new) 781{ 782 enum srpt_command_state previous; 783 784 previous = ioctx->state; 785 if (previous != SRPT_STATE_DONE) 786 ioctx->state = new; 787 788 return previous; 789} 790 791/** 792 * srpt_test_and_set_cmd_state - test and set the state of a command 793 * @ioctx: Send I/O context. 794 * @old: Current I/O context state. 795 * @new: New I/O context state. 796 * 797 * Returns true if and only if the previous command state was equal to 'old'. 798 */ 799static bool srpt_test_and_set_cmd_state(struct srpt_send_ioctx *ioctx, 800 enum srpt_command_state old, 801 enum srpt_command_state new) 802{ 803 enum srpt_command_state previous; 804 805 WARN_ON(!ioctx); 806 WARN_ON(old == SRPT_STATE_DONE); 807 WARN_ON(new == SRPT_STATE_NEW); 808 809 previous = ioctx->state; 810 if (previous == old) 811 ioctx->state = new; 812 813 return previous == old; 814} 815 816/** 817 * srpt_post_recv - post an IB receive request 818 * @sdev: SRPT HCA pointer. 819 * @ch: SRPT RDMA channel. 820 * @ioctx: Receive I/O context pointer. 821 */ 822static int srpt_post_recv(struct srpt_device *sdev, struct srpt_rdma_ch *ch, 823 struct srpt_recv_ioctx *ioctx) 824{ 825 struct ib_sge list; 826 struct ib_recv_wr wr; 827 828 BUG_ON(!sdev); 829 list.addr = ioctx->ioctx.dma + ioctx->ioctx.offset; 830 list.length = srp_max_req_size; 831 list.lkey = sdev->lkey; 832 833 ioctx->ioctx.cqe.done = srpt_recv_done; 834 wr.wr_cqe = &ioctx->ioctx.cqe; 835 wr.next = NULL; 836 wr.sg_list = &list; 837 wr.num_sge = 1; 838 839 if (sdev->use_srq) 840 return ib_post_srq_recv(sdev->srq, &wr, NULL); 841 else 842 return ib_post_recv(ch->qp, &wr, NULL); 843} 844 845/** 846 * srpt_zerolength_write - perform a zero-length RDMA write 847 * @ch: SRPT RDMA channel. 848 * 849 * A quote from the InfiniBand specification: C9-88: For an HCA responder 850 * using Reliable Connection service, for each zero-length RDMA READ or WRITE 851 * request, the R_Key shall not be validated, even if the request includes 852 * Immediate data. 853 */ 854static int srpt_zerolength_write(struct srpt_rdma_ch *ch) 855{ 856 struct ib_rdma_wr wr = { 857 .wr = { 858 .next = NULL, 859 { .wr_cqe = &ch->zw_cqe, }, 860 .opcode = IB_WR_RDMA_WRITE, 861 .send_flags = IB_SEND_SIGNALED, 862 } 863 }; 864 865 pr_debug("%s-%d: queued zerolength write\n", ch->sess_name, 866 ch->qp->qp_num); 867 868 return ib_post_send(ch->qp, &wr.wr, NULL); 869} 870 871static void srpt_zerolength_write_done(struct ib_cq *cq, struct ib_wc *wc) 872{ 873 struct srpt_rdma_ch *ch = wc->qp->qp_context; 874 875 pr_debug("%s-%d wc->status %d\n", ch->sess_name, ch->qp->qp_num, 876 wc->status); 877 878 if (wc->status == IB_WC_SUCCESS) { 879 srpt_process_wait_list(ch); 880 } else { 881 if (srpt_set_ch_state(ch, CH_DISCONNECTED)) 882 schedule_work(&ch->release_work); 883 else 884 pr_debug("%s-%d: already disconnected.\n", 885 ch->sess_name, ch->qp->qp_num); 886 } 887} 888 889static int srpt_alloc_rw_ctxs(struct srpt_send_ioctx *ioctx, 890 struct srp_direct_buf *db, int nbufs, struct scatterlist **sg, 891 unsigned *sg_cnt) 892{ 893 enum dma_data_direction dir = target_reverse_dma_direction(&ioctx->cmd); 894 struct srpt_rdma_ch *ch = ioctx->ch; 895 struct scatterlist *prev = NULL; 896 unsigned prev_nents; 897 int ret, i; 898 899 if (nbufs == 1) { 900 ioctx->rw_ctxs = &ioctx->s_rw_ctx; 901 } else { 902 ioctx->rw_ctxs = kmalloc_array(nbufs, sizeof(*ioctx->rw_ctxs), 903 GFP_KERNEL); 904 if (!ioctx->rw_ctxs) 905 return -ENOMEM; 906 } 907 908 for (i = ioctx->n_rw_ctx; i < nbufs; i++, db++) { 909 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 910 u64 remote_addr = be64_to_cpu(db->va); 911 u32 size = be32_to_cpu(db->len); 912 u32 rkey = be32_to_cpu(db->key); 913 914 ret = target_alloc_sgl(&ctx->sg, &ctx->nents, size, false, 915 i < nbufs - 1); 916 if (ret) 917 goto unwind; 918 919 ret = rdma_rw_ctx_init(&ctx->rw, ch->qp, ch->sport->port, 920 ctx->sg, ctx->nents, 0, remote_addr, rkey, dir); 921 if (ret < 0) { 922 target_free_sgl(ctx->sg, ctx->nents); 923 goto unwind; 924 } 925 926 ioctx->n_rdma += ret; 927 ioctx->n_rw_ctx++; 928 929 if (prev) { 930 sg_unmark_end(&prev[prev_nents - 1]); 931 sg_chain(prev, prev_nents + 1, ctx->sg); 932 } else { 933 *sg = ctx->sg; 934 } 935 936 prev = ctx->sg; 937 prev_nents = ctx->nents; 938 939 *sg_cnt += ctx->nents; 940 } 941 942 return 0; 943 944unwind: 945 while (--i >= 0) { 946 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 947 948 rdma_rw_ctx_destroy(&ctx->rw, ch->qp, ch->sport->port, 949 ctx->sg, ctx->nents, dir); 950 target_free_sgl(ctx->sg, ctx->nents); 951 } 952 if (ioctx->rw_ctxs != &ioctx->s_rw_ctx) 953 kfree(ioctx->rw_ctxs); 954 return ret; 955} 956 957static void srpt_free_rw_ctxs(struct srpt_rdma_ch *ch, 958 struct srpt_send_ioctx *ioctx) 959{ 960 enum dma_data_direction dir = target_reverse_dma_direction(&ioctx->cmd); 961 int i; 962 963 for (i = 0; i < ioctx->n_rw_ctx; i++) { 964 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 965 966 rdma_rw_ctx_destroy(&ctx->rw, ch->qp, ch->sport->port, 967 ctx->sg, ctx->nents, dir); 968 target_free_sgl(ctx->sg, ctx->nents); 969 } 970 971 if (ioctx->rw_ctxs != &ioctx->s_rw_ctx) 972 kfree(ioctx->rw_ctxs); 973} 974 975static inline void *srpt_get_desc_buf(struct srp_cmd *srp_cmd) 976{ 977 /* 978 * The pointer computations below will only be compiled correctly 979 * if srp_cmd::add_data is declared as s8*, u8*, s8[] or u8[], so check 980 * whether srp_cmd::add_data has been declared as a byte pointer. 981 */ 982 BUILD_BUG_ON(!__same_type(srp_cmd->add_data[0], (s8)0) && 983 !__same_type(srp_cmd->add_data[0], (u8)0)); 984 985 /* 986 * According to the SRP spec, the lower two bits of the 'ADDITIONAL 987 * CDB LENGTH' field are reserved and the size in bytes of this field 988 * is four times the value specified in bits 3..7. Hence the "& ~3". 989 */ 990 return srp_cmd->add_data + (srp_cmd->add_cdb_len & ~3); 991} 992 993/** 994 * srpt_get_desc_tbl - parse the data descriptors of a SRP_CMD request 995 * @recv_ioctx: I/O context associated with the received command @srp_cmd. 996 * @ioctx: I/O context that will be used for responding to the initiator. 997 * @srp_cmd: Pointer to the SRP_CMD request data. 998 * @dir: Pointer to the variable to which the transfer direction will be 999 * written. 1000 * @sg: [out] scatterlist for the parsed SRP_CMD. 1001 * @sg_cnt: [out] length of @sg. 1002 * @data_len: Pointer to the variable to which the total data length of all 1003 * descriptors in the SRP_CMD request will be written. 1004 * @imm_data_offset: [in] Offset in SRP_CMD requests at which immediate data 1005 * starts. 1006 * 1007 * This function initializes ioctx->nrbuf and ioctx->r_bufs. 1008 * 1009 * Returns -EINVAL when the SRP_CMD request contains inconsistent descriptors; 1010 * -ENOMEM when memory allocation fails and zero upon success. 1011 */ 1012static int srpt_get_desc_tbl(struct srpt_recv_ioctx *recv_ioctx, 1013 struct srpt_send_ioctx *ioctx, 1014 struct srp_cmd *srp_cmd, enum dma_data_direction *dir, 1015 struct scatterlist **sg, unsigned int *sg_cnt, u64 *data_len, 1016 u16 imm_data_offset) 1017{ 1018 BUG_ON(!dir); 1019 BUG_ON(!data_len); 1020 1021 /* 1022 * The lower four bits of the buffer format field contain the DATA-IN 1023 * buffer descriptor format, and the highest four bits contain the 1024 * DATA-OUT buffer descriptor format. 1025 */ 1026 if (srp_cmd->buf_fmt & 0xf) 1027 /* DATA-IN: transfer data from target to initiator (read). */ 1028 *dir = DMA_FROM_DEVICE; 1029 else if (srp_cmd->buf_fmt >> 4) 1030 /* DATA-OUT: transfer data from initiator to target (write). */ 1031 *dir = DMA_TO_DEVICE; 1032 else 1033 *dir = DMA_NONE; 1034 1035 /* initialize data_direction early as srpt_alloc_rw_ctxs needs it */ 1036 ioctx->cmd.data_direction = *dir; 1037 1038 if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_DIRECT) || 1039 ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_DIRECT)) { 1040 struct srp_direct_buf *db = srpt_get_desc_buf(srp_cmd); 1041 1042 *data_len = be32_to_cpu(db->len); 1043 return srpt_alloc_rw_ctxs(ioctx, db, 1, sg, sg_cnt); 1044 } else if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_INDIRECT) || 1045 ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_INDIRECT)) { 1046 struct srp_indirect_buf *idb = srpt_get_desc_buf(srp_cmd); 1047 int nbufs = be32_to_cpu(idb->table_desc.len) / 1048 sizeof(struct srp_direct_buf); 1049 1050 if (nbufs > 1051 (srp_cmd->data_out_desc_cnt + srp_cmd->data_in_desc_cnt)) { 1052 pr_err("received unsupported SRP_CMD request type (%u out + %u in != %u / %zu)\n", 1053 srp_cmd->data_out_desc_cnt, 1054 srp_cmd->data_in_desc_cnt, 1055 be32_to_cpu(idb->table_desc.len), 1056 sizeof(struct srp_direct_buf)); 1057 return -EINVAL; 1058 } 1059 1060 *data_len = be32_to_cpu(idb->len); 1061 return srpt_alloc_rw_ctxs(ioctx, idb->desc_list, nbufs, 1062 sg, sg_cnt); 1063 } else if ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_IMM) { 1064 struct srp_imm_buf *imm_buf = srpt_get_desc_buf(srp_cmd); 1065 void *data = (void *)srp_cmd + imm_data_offset; 1066 uint32_t len = be32_to_cpu(imm_buf->len); 1067 uint32_t req_size = imm_data_offset + len; 1068 1069 if (req_size > srp_max_req_size) { 1070 pr_err("Immediate data (length %d + %d) exceeds request size %d\n", 1071 imm_data_offset, len, srp_max_req_size); 1072 return -EINVAL; 1073 } 1074 if (recv_ioctx->byte_len < req_size) { 1075 pr_err("Received too few data - %d < %d\n", 1076 recv_ioctx->byte_len, req_size); 1077 return -EIO; 1078 } 1079 /* 1080 * The immediate data buffer descriptor must occur before the 1081 * immediate data itself. 1082 */ 1083 if ((void *)(imm_buf + 1) > (void *)data) { 1084 pr_err("Received invalid write request\n"); 1085 return -EINVAL; 1086 } 1087 *data_len = len; 1088 ioctx->recv_ioctx = recv_ioctx; 1089 if ((uintptr_t)data & 511) { 1090 pr_warn_once("Internal error - the receive buffers are not aligned properly.\n"); 1091 return -EINVAL; 1092 } 1093 sg_init_one(&ioctx->imm_sg, data, len); 1094 *sg = &ioctx->imm_sg; 1095 *sg_cnt = 1; 1096 return 0; 1097 } else { 1098 *data_len = 0; 1099 return 0; 1100 } 1101} 1102 1103/** 1104 * srpt_init_ch_qp - initialize queue pair attributes 1105 * @ch: SRPT RDMA channel. 1106 * @qp: Queue pair pointer. 1107 * 1108 * Initialized the attributes of queue pair 'qp' by allowing local write, 1109 * remote read and remote write. Also transitions 'qp' to state IB_QPS_INIT. 1110 */ 1111static int srpt_init_ch_qp(struct srpt_rdma_ch *ch, struct ib_qp *qp) 1112{ 1113 struct ib_qp_attr *attr; 1114 int ret; 1115 1116 WARN_ON_ONCE(ch->using_rdma_cm); 1117 1118 attr = kzalloc(sizeof(*attr), GFP_KERNEL); 1119 if (!attr) 1120 return -ENOMEM; 1121 1122 attr->qp_state = IB_QPS_INIT; 1123 attr->qp_access_flags = IB_ACCESS_LOCAL_WRITE; 1124 attr->port_num = ch->sport->port; 1125 1126 ret = ib_find_cached_pkey(ch->sport->sdev->device, ch->sport->port, 1127 ch->pkey, &attr->pkey_index); 1128 if (ret < 0) 1129 pr_err("Translating pkey %#x failed (%d) - using index 0\n", 1130 ch->pkey, ret); 1131 1132 ret = ib_modify_qp(qp, attr, 1133 IB_QP_STATE | IB_QP_ACCESS_FLAGS | IB_QP_PORT | 1134 IB_QP_PKEY_INDEX); 1135 1136 kfree(attr); 1137 return ret; 1138} 1139 1140/** 1141 * srpt_ch_qp_rtr - change the state of a channel to 'ready to receive' (RTR) 1142 * @ch: channel of the queue pair. 1143 * @qp: queue pair to change the state of. 1144 * 1145 * Returns zero upon success and a negative value upon failure. 1146 * 1147 * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system. 1148 * If this structure ever becomes larger, it might be necessary to allocate 1149 * it dynamically instead of on the stack. 1150 */ 1151static int srpt_ch_qp_rtr(struct srpt_rdma_ch *ch, struct ib_qp *qp) 1152{ 1153 struct ib_qp_attr qp_attr; 1154 int attr_mask; 1155 int ret; 1156 1157 WARN_ON_ONCE(ch->using_rdma_cm); 1158 1159 qp_attr.qp_state = IB_QPS_RTR; 1160 ret = ib_cm_init_qp_attr(ch->ib_cm.cm_id, &qp_attr, &attr_mask); 1161 if (ret) 1162 goto out; 1163 1164 qp_attr.max_dest_rd_atomic = 4; 1165 1166 ret = ib_modify_qp(qp, &qp_attr, attr_mask); 1167 1168out: 1169 return ret; 1170} 1171 1172/** 1173 * srpt_ch_qp_rts - change the state of a channel to 'ready to send' (RTS) 1174 * @ch: channel of the queue pair. 1175 * @qp: queue pair to change the state of. 1176 * 1177 * Returns zero upon success and a negative value upon failure. 1178 * 1179 * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system. 1180 * If this structure ever becomes larger, it might be necessary to allocate 1181 * it dynamically instead of on the stack. 1182 */ 1183static int srpt_ch_qp_rts(struct srpt_rdma_ch *ch, struct ib_qp *qp) 1184{ 1185 struct ib_qp_attr qp_attr; 1186 int attr_mask; 1187 int ret; 1188 1189 qp_attr.qp_state = IB_QPS_RTS; 1190 ret = ib_cm_init_qp_attr(ch->ib_cm.cm_id, &qp_attr, &attr_mask); 1191 if (ret) 1192 goto out; 1193 1194 qp_attr.max_rd_atomic = 4; 1195 1196 ret = ib_modify_qp(qp, &qp_attr, attr_mask); 1197 1198out: 1199 return ret; 1200} 1201 1202/** 1203 * srpt_ch_qp_err - set the channel queue pair state to 'error' 1204 * @ch: SRPT RDMA channel. 1205 */ 1206static int srpt_ch_qp_err(struct srpt_rdma_ch *ch) 1207{ 1208 struct ib_qp_attr qp_attr; 1209 1210 qp_attr.qp_state = IB_QPS_ERR; 1211 return ib_modify_qp(ch->qp, &qp_attr, IB_QP_STATE); 1212} 1213 1214/** 1215 * srpt_get_send_ioctx - obtain an I/O context for sending to the initiator 1216 * @ch: SRPT RDMA channel. 1217 */ 1218static struct srpt_send_ioctx *srpt_get_send_ioctx(struct srpt_rdma_ch *ch) 1219{ 1220 struct srpt_send_ioctx *ioctx; 1221 int tag, cpu; 1222 1223 BUG_ON(!ch); 1224 1225 tag = sbitmap_queue_get(&ch->sess->sess_tag_pool, &cpu); 1226 if (tag < 0) 1227 return NULL; 1228 1229 ioctx = ch->ioctx_ring[tag]; 1230 BUG_ON(ioctx->ch != ch); 1231 ioctx->state = SRPT_STATE_NEW; 1232 WARN_ON_ONCE(ioctx->recv_ioctx); 1233 ioctx->n_rdma = 0; 1234 ioctx->n_rw_ctx = 0; 1235 ioctx->queue_status_only = false; 1236 /* 1237 * transport_init_se_cmd() does not initialize all fields, so do it 1238 * here. 1239 */ 1240 memset(&ioctx->cmd, 0, sizeof(ioctx->cmd)); 1241 memset(&ioctx->sense_data, 0, sizeof(ioctx->sense_data)); 1242 ioctx->cmd.map_tag = tag; 1243 ioctx->cmd.map_cpu = cpu; 1244 1245 return ioctx; 1246} 1247 1248/** 1249 * srpt_abort_cmd - abort a SCSI command 1250 * @ioctx: I/O context associated with the SCSI command. 1251 */ 1252static int srpt_abort_cmd(struct srpt_send_ioctx *ioctx) 1253{ 1254 enum srpt_command_state state; 1255 1256 BUG_ON(!ioctx); 1257 1258 /* 1259 * If the command is in a state where the target core is waiting for 1260 * the ib_srpt driver, change the state to the next state. 1261 */ 1262 1263 state = ioctx->state; 1264 switch (state) { 1265 case SRPT_STATE_NEED_DATA: 1266 ioctx->state = SRPT_STATE_DATA_IN; 1267 break; 1268 case SRPT_STATE_CMD_RSP_SENT: 1269 case SRPT_STATE_MGMT_RSP_SENT: 1270 ioctx->state = SRPT_STATE_DONE; 1271 break; 1272 default: 1273 WARN_ONCE(true, "%s: unexpected I/O context state %d\n", 1274 __func__, state); 1275 break; 1276 } 1277 1278 pr_debug("Aborting cmd with state %d -> %d and tag %lld\n", state, 1279 ioctx->state, ioctx->cmd.tag); 1280 1281 switch (state) { 1282 case SRPT_STATE_NEW: 1283 case SRPT_STATE_DATA_IN: 1284 case SRPT_STATE_MGMT: 1285 case SRPT_STATE_DONE: 1286 /* 1287 * Do nothing - defer abort processing until 1288 * srpt_queue_response() is invoked. 1289 */ 1290 break; 1291 case SRPT_STATE_NEED_DATA: 1292 pr_debug("tag %#llx: RDMA read error\n", ioctx->cmd.tag); 1293 transport_generic_request_failure(&ioctx->cmd, 1294 TCM_CHECK_CONDITION_ABORT_CMD); 1295 break; 1296 case SRPT_STATE_CMD_RSP_SENT: 1297 /* 1298 * SRP_RSP sending failed or the SRP_RSP send completion has 1299 * not been received in time. 1300 */ 1301 transport_generic_free_cmd(&ioctx->cmd, 0); 1302 break; 1303 case SRPT_STATE_MGMT_RSP_SENT: 1304 transport_generic_free_cmd(&ioctx->cmd, 0); 1305 break; 1306 default: 1307 WARN(1, "Unexpected command state (%d)", state); 1308 break; 1309 } 1310 1311 return state; 1312} 1313 1314/** 1315 * srpt_rdma_read_done - RDMA read completion callback 1316 * @cq: Completion queue. 1317 * @wc: Work completion. 1318 * 1319 * XXX: what is now target_execute_cmd used to be asynchronous, and unmapping 1320 * the data that has been transferred via IB RDMA had to be postponed until the 1321 * check_stop_free() callback. None of this is necessary anymore and needs to 1322 * be cleaned up. 1323 */ 1324static void srpt_rdma_read_done(struct ib_cq *cq, struct ib_wc *wc) 1325{ 1326 struct srpt_rdma_ch *ch = wc->qp->qp_context; 1327 struct srpt_send_ioctx *ioctx = 1328 container_of(wc->wr_cqe, struct srpt_send_ioctx, rdma_cqe); 1329 1330 WARN_ON(ioctx->n_rdma <= 0); 1331 atomic_add(ioctx->n_rdma, &ch->sq_wr_avail); 1332 ioctx->n_rdma = 0; 1333 1334 if (unlikely(wc->status != IB_WC_SUCCESS)) { 1335 pr_info("RDMA_READ for ioctx 0x%p failed with status %d\n", 1336 ioctx, wc->status); 1337 srpt_abort_cmd(ioctx); 1338 return; 1339 } 1340 1341 if (srpt_test_and_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA, 1342 SRPT_STATE_DATA_IN)) 1343 target_execute_cmd(&ioctx->cmd); 1344 else 1345 pr_err("%s[%d]: wrong state = %d\n", __func__, 1346 __LINE__, ioctx->state); 1347} 1348 1349/** 1350 * srpt_build_cmd_rsp - build a SRP_RSP response 1351 * @ch: RDMA channel through which the request has been received. 1352 * @ioctx: I/O context associated with the SRP_CMD request. The response will 1353 * be built in the buffer ioctx->buf points at and hence this function will 1354 * overwrite the request data. 1355 * @tag: tag of the request for which this response is being generated. 1356 * @status: value for the STATUS field of the SRP_RSP information unit. 1357 * 1358 * Returns the size in bytes of the SRP_RSP response. 1359 * 1360 * An SRP_RSP response contains a SCSI status or service response. See also 1361 * section 6.9 in the SRP r16a document for the format of an SRP_RSP 1362 * response. See also SPC-2 for more information about sense data. 1363 */ 1364static int srpt_build_cmd_rsp(struct srpt_rdma_ch *ch, 1365 struct srpt_send_ioctx *ioctx, u64 tag, 1366 int status) 1367{ 1368 struct se_cmd *cmd = &ioctx->cmd; 1369 struct srp_rsp *srp_rsp; 1370 const u8 *sense_data; 1371 int sense_data_len, max_sense_len; 1372 u32 resid = cmd->residual_count; 1373 1374 /* 1375 * The lowest bit of all SAM-3 status codes is zero (see also 1376 * paragraph 5.3 in SAM-3). 1377 */ 1378 WARN_ON(status & 1); 1379 1380 srp_rsp = ioctx->ioctx.buf; 1381 BUG_ON(!srp_rsp); 1382 1383 sense_data = ioctx->sense_data; 1384 sense_data_len = ioctx->cmd.scsi_sense_length; 1385 WARN_ON(sense_data_len > sizeof(ioctx->sense_data)); 1386 1387 memset(srp_rsp, 0, sizeof(*srp_rsp)); 1388 srp_rsp->opcode = SRP_RSP; 1389 srp_rsp->req_lim_delta = 1390 cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0)); 1391 srp_rsp->tag = tag; 1392 srp_rsp->status = status; 1393 1394 if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) { 1395 if (cmd->data_direction == DMA_TO_DEVICE) { 1396 /* residual data from an underflow write */ 1397 srp_rsp->flags = SRP_RSP_FLAG_DOUNDER; 1398 srp_rsp->data_out_res_cnt = cpu_to_be32(resid); 1399 } else if (cmd->data_direction == DMA_FROM_DEVICE) { 1400 /* residual data from an underflow read */ 1401 srp_rsp->flags = SRP_RSP_FLAG_DIUNDER; 1402 srp_rsp->data_in_res_cnt = cpu_to_be32(resid); 1403 } 1404 } else if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) { 1405 if (cmd->data_direction == DMA_TO_DEVICE) { 1406 /* residual data from an overflow write */ 1407 srp_rsp->flags = SRP_RSP_FLAG_DOOVER; 1408 srp_rsp->data_out_res_cnt = cpu_to_be32(resid); 1409 } else if (cmd->data_direction == DMA_FROM_DEVICE) { 1410 /* residual data from an overflow read */ 1411 srp_rsp->flags = SRP_RSP_FLAG_DIOVER; 1412 srp_rsp->data_in_res_cnt = cpu_to_be32(resid); 1413 } 1414 } 1415 1416 if (sense_data_len) { 1417 BUILD_BUG_ON(MIN_MAX_RSP_SIZE <= sizeof(*srp_rsp)); 1418 max_sense_len = ch->max_ti_iu_len - sizeof(*srp_rsp); 1419 if (sense_data_len > max_sense_len) { 1420 pr_warn("truncated sense data from %d to %d bytes\n", 1421 sense_data_len, max_sense_len); 1422 sense_data_len = max_sense_len; 1423 } 1424 1425 srp_rsp->flags |= SRP_RSP_FLAG_SNSVALID; 1426 srp_rsp->sense_data_len = cpu_to_be32(sense_data_len); 1427 memcpy(srp_rsp + 1, sense_data, sense_data_len); 1428 } 1429 1430 return sizeof(*srp_rsp) + sense_data_len; 1431} 1432 1433/** 1434 * srpt_build_tskmgmt_rsp - build a task management response 1435 * @ch: RDMA channel through which the request has been received. 1436 * @ioctx: I/O context in which the SRP_RSP response will be built. 1437 * @rsp_code: RSP_CODE that will be stored in the response. 1438 * @tag: Tag of the request for which this response is being generated. 1439 * 1440 * Returns the size in bytes of the SRP_RSP response. 1441 * 1442 * An SRP_RSP response contains a SCSI status or service response. See also 1443 * section 6.9 in the SRP r16a document for the format of an SRP_RSP 1444 * response. 1445 */ 1446static int srpt_build_tskmgmt_rsp(struct srpt_rdma_ch *ch, 1447 struct srpt_send_ioctx *ioctx, 1448 u8 rsp_code, u64 tag) 1449{ 1450 struct srp_rsp *srp_rsp; 1451 int resp_data_len; 1452 int resp_len; 1453 1454 resp_data_len = 4; 1455 resp_len = sizeof(*srp_rsp) + resp_data_len; 1456 1457 srp_rsp = ioctx->ioctx.buf; 1458 BUG_ON(!srp_rsp); 1459 memset(srp_rsp, 0, sizeof(*srp_rsp)); 1460 1461 srp_rsp->opcode = SRP_RSP; 1462 srp_rsp->req_lim_delta = 1463 cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0)); 1464 srp_rsp->tag = tag; 1465 1466 srp_rsp->flags |= SRP_RSP_FLAG_RSPVALID; 1467 srp_rsp->resp_data_len = cpu_to_be32(resp_data_len); 1468 srp_rsp->data[3] = rsp_code; 1469 1470 return resp_len; 1471} 1472 1473static int srpt_check_stop_free(struct se_cmd *cmd) 1474{ 1475 struct srpt_send_ioctx *ioctx = container_of(cmd, 1476 struct srpt_send_ioctx, cmd); 1477 1478 return target_put_sess_cmd(&ioctx->cmd); 1479} 1480 1481/** 1482 * srpt_handle_cmd - process a SRP_CMD information unit 1483 * @ch: SRPT RDMA channel. 1484 * @recv_ioctx: Receive I/O context. 1485 * @send_ioctx: Send I/O context. 1486 */ 1487static void srpt_handle_cmd(struct srpt_rdma_ch *ch, 1488 struct srpt_recv_ioctx *recv_ioctx, 1489 struct srpt_send_ioctx *send_ioctx) 1490{ 1491 struct se_cmd *cmd; 1492 struct srp_cmd *srp_cmd; 1493 struct scatterlist *sg = NULL; 1494 unsigned sg_cnt = 0; 1495 u64 data_len; 1496 enum dma_data_direction dir; 1497 int rc; 1498 1499 BUG_ON(!send_ioctx); 1500 1501 srp_cmd = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset; 1502 cmd = &send_ioctx->cmd; 1503 cmd->tag = srp_cmd->tag; 1504 1505 switch (srp_cmd->task_attr) { 1506 case SRP_CMD_SIMPLE_Q: 1507 cmd->sam_task_attr = TCM_SIMPLE_TAG; 1508 break; 1509 case SRP_CMD_ORDERED_Q: 1510 default: 1511 cmd->sam_task_attr = TCM_ORDERED_TAG; 1512 break; 1513 case SRP_CMD_HEAD_OF_Q: 1514 cmd->sam_task_attr = TCM_HEAD_TAG; 1515 break; 1516 case SRP_CMD_ACA: 1517 cmd->sam_task_attr = TCM_ACA_TAG; 1518 break; 1519 } 1520 1521 rc = srpt_get_desc_tbl(recv_ioctx, send_ioctx, srp_cmd, &dir, 1522 &sg, &sg_cnt, &data_len, ch->imm_data_offset); 1523 if (rc) { 1524 if (rc != -EAGAIN) { 1525 pr_err("0x%llx: parsing SRP descriptor table failed.\n", 1526 srp_cmd->tag); 1527 } 1528 goto busy; 1529 } 1530 1531 rc = target_submit_cmd_map_sgls(cmd, ch->sess, srp_cmd->cdb, 1532 &send_ioctx->sense_data[0], 1533 scsilun_to_int(&srp_cmd->lun), data_len, 1534 TCM_SIMPLE_TAG, dir, TARGET_SCF_ACK_KREF, 1535 sg, sg_cnt, NULL, 0, NULL, 0); 1536 if (rc != 0) { 1537 pr_debug("target_submit_cmd() returned %d for tag %#llx\n", rc, 1538 srp_cmd->tag); 1539 goto busy; 1540 } 1541 return; 1542 1543busy: 1544 target_send_busy(cmd); 1545} 1546 1547static int srp_tmr_to_tcm(int fn) 1548{ 1549 switch (fn) { 1550 case SRP_TSK_ABORT_TASK: 1551 return TMR_ABORT_TASK; 1552 case SRP_TSK_ABORT_TASK_SET: 1553 return TMR_ABORT_TASK_SET; 1554 case SRP_TSK_CLEAR_TASK_SET: 1555 return TMR_CLEAR_TASK_SET; 1556 case SRP_TSK_LUN_RESET: 1557 return TMR_LUN_RESET; 1558 case SRP_TSK_CLEAR_ACA: 1559 return TMR_CLEAR_ACA; 1560 default: 1561 return -1; 1562 } 1563} 1564 1565/** 1566 * srpt_handle_tsk_mgmt - process a SRP_TSK_MGMT information unit 1567 * @ch: SRPT RDMA channel. 1568 * @recv_ioctx: Receive I/O context. 1569 * @send_ioctx: Send I/O context. 1570 * 1571 * Returns 0 if and only if the request will be processed by the target core. 1572 * 1573 * For more information about SRP_TSK_MGMT information units, see also section 1574 * 6.7 in the SRP r16a document. 1575 */ 1576static void srpt_handle_tsk_mgmt(struct srpt_rdma_ch *ch, 1577 struct srpt_recv_ioctx *recv_ioctx, 1578 struct srpt_send_ioctx *send_ioctx) 1579{ 1580 struct srp_tsk_mgmt *srp_tsk; 1581 struct se_cmd *cmd; 1582 struct se_session *sess = ch->sess; 1583 int tcm_tmr; 1584 int rc; 1585 1586 BUG_ON(!send_ioctx); 1587 1588 srp_tsk = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset; 1589 cmd = &send_ioctx->cmd; 1590 1591 pr_debug("recv tsk_mgmt fn %d for task_tag %lld and cmd tag %lld ch %p sess %p\n", 1592 srp_tsk->tsk_mgmt_func, srp_tsk->task_tag, srp_tsk->tag, ch, 1593 ch->sess); 1594 1595 srpt_set_cmd_state(send_ioctx, SRPT_STATE_MGMT); 1596 send_ioctx->cmd.tag = srp_tsk->tag; 1597 tcm_tmr = srp_tmr_to_tcm(srp_tsk->tsk_mgmt_func); 1598 rc = target_submit_tmr(&send_ioctx->cmd, sess, NULL, 1599 scsilun_to_int(&srp_tsk->lun), srp_tsk, tcm_tmr, 1600 GFP_KERNEL, srp_tsk->task_tag, 1601 TARGET_SCF_ACK_KREF); 1602 if (rc != 0) { 1603 send_ioctx->cmd.se_tmr_req->response = TMR_FUNCTION_REJECTED; 1604 cmd->se_tfo->queue_tm_rsp(cmd); 1605 } 1606 return; 1607} 1608 1609/** 1610 * srpt_handle_new_iu - process a newly received information unit 1611 * @ch: RDMA channel through which the information unit has been received. 1612 * @recv_ioctx: Receive I/O context associated with the information unit. 1613 */ 1614static bool 1615srpt_handle_new_iu(struct srpt_rdma_ch *ch, struct srpt_recv_ioctx *recv_ioctx) 1616{ 1617 struct srpt_send_ioctx *send_ioctx = NULL; 1618 struct srp_cmd *srp_cmd; 1619 bool res = false; 1620 u8 opcode; 1621 1622 BUG_ON(!ch); 1623 BUG_ON(!recv_ioctx); 1624 1625 if (unlikely(ch->state == CH_CONNECTING)) 1626 goto push; 1627 1628 ib_dma_sync_single_for_cpu(ch->sport->sdev->device, 1629 recv_ioctx->ioctx.dma, 1630 recv_ioctx->ioctx.offset + srp_max_req_size, 1631 DMA_FROM_DEVICE); 1632 1633 srp_cmd = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset; 1634 opcode = srp_cmd->opcode; 1635 if (opcode == SRP_CMD || opcode == SRP_TSK_MGMT) { 1636 send_ioctx = srpt_get_send_ioctx(ch); 1637 if (unlikely(!send_ioctx)) 1638 goto push; 1639 } 1640 1641 if (!list_empty(&recv_ioctx->wait_list)) { 1642 WARN_ON_ONCE(!ch->processing_wait_list); 1643 list_del_init(&recv_ioctx->wait_list); 1644 } 1645 1646 switch (opcode) { 1647 case SRP_CMD: 1648 srpt_handle_cmd(ch, recv_ioctx, send_ioctx); 1649 break; 1650 case SRP_TSK_MGMT: 1651 srpt_handle_tsk_mgmt(ch, recv_ioctx, send_ioctx); 1652 break; 1653 case SRP_I_LOGOUT: 1654 pr_err("Not yet implemented: SRP_I_LOGOUT\n"); 1655 break; 1656 case SRP_CRED_RSP: 1657 pr_debug("received SRP_CRED_RSP\n"); 1658 break; 1659 case SRP_AER_RSP: 1660 pr_debug("received SRP_AER_RSP\n"); 1661 break; 1662 case SRP_RSP: 1663 pr_err("Received SRP_RSP\n"); 1664 break; 1665 default: 1666 pr_err("received IU with unknown opcode 0x%x\n", opcode); 1667 break; 1668 } 1669 1670 if (!send_ioctx || !send_ioctx->recv_ioctx) 1671 srpt_post_recv(ch->sport->sdev, ch, recv_ioctx); 1672 res = true; 1673 1674out: 1675 return res; 1676 1677push: 1678 if (list_empty(&recv_ioctx->wait_list)) { 1679 WARN_ON_ONCE(ch->processing_wait_list); 1680 list_add_tail(&recv_ioctx->wait_list, &ch->cmd_wait_list); 1681 } 1682 goto out; 1683} 1684 1685static void srpt_recv_done(struct ib_cq *cq, struct ib_wc *wc) 1686{ 1687 struct srpt_rdma_ch *ch = wc->qp->qp_context; 1688 struct srpt_recv_ioctx *ioctx = 1689 container_of(wc->wr_cqe, struct srpt_recv_ioctx, ioctx.cqe); 1690 1691 if (wc->status == IB_WC_SUCCESS) { 1692 int req_lim; 1693 1694 req_lim = atomic_dec_return(&ch->req_lim); 1695 if (unlikely(req_lim < 0)) 1696 pr_err("req_lim = %d < 0\n", req_lim); 1697 ioctx->byte_len = wc->byte_len; 1698 srpt_handle_new_iu(ch, ioctx); 1699 } else { 1700 pr_info_ratelimited("receiving failed for ioctx %p with status %d\n", 1701 ioctx, wc->status); 1702 } 1703} 1704 1705/* 1706 * This function must be called from the context in which RDMA completions are 1707 * processed because it accesses the wait list without protection against 1708 * access from other threads. 1709 */ 1710static void srpt_process_wait_list(struct srpt_rdma_ch *ch) 1711{ 1712 struct srpt_recv_ioctx *recv_ioctx, *tmp; 1713 1714 WARN_ON_ONCE(ch->state == CH_CONNECTING); 1715 1716 if (list_empty(&ch->cmd_wait_list)) 1717 return; 1718 1719 WARN_ON_ONCE(ch->processing_wait_list); 1720 ch->processing_wait_list = true; 1721 list_for_each_entry_safe(recv_ioctx, tmp, &ch->cmd_wait_list, 1722 wait_list) { 1723 if (!srpt_handle_new_iu(ch, recv_ioctx)) 1724 break; 1725 } 1726 ch->processing_wait_list = false; 1727} 1728 1729/** 1730 * srpt_send_done - send completion callback 1731 * @cq: Completion queue. 1732 * @wc: Work completion. 1733 * 1734 * Note: Although this has not yet been observed during tests, at least in 1735 * theory it is possible that the srpt_get_send_ioctx() call invoked by 1736 * srpt_handle_new_iu() fails. This is possible because the req_lim_delta 1737 * value in each response is set to one, and it is possible that this response 1738 * makes the initiator send a new request before the send completion for that 1739 * response has been processed. This could e.g. happen if the call to 1740 * srpt_put_send_iotcx() is delayed because of a higher priority interrupt or 1741 * if IB retransmission causes generation of the send completion to be 1742 * delayed. Incoming information units for which srpt_get_send_ioctx() fails 1743 * are queued on cmd_wait_list. The code below processes these delayed 1744 * requests one at a time. 1745 */ 1746static void srpt_send_done(struct ib_cq *cq, struct ib_wc *wc) 1747{ 1748 struct srpt_rdma_ch *ch = wc->qp->qp_context; 1749 struct srpt_send_ioctx *ioctx = 1750 container_of(wc->wr_cqe, struct srpt_send_ioctx, ioctx.cqe); 1751 enum srpt_command_state state; 1752 1753 state = srpt_set_cmd_state(ioctx, SRPT_STATE_DONE); 1754 1755 WARN_ON(state != SRPT_STATE_CMD_RSP_SENT && 1756 state != SRPT_STATE_MGMT_RSP_SENT); 1757 1758 atomic_add(1 + ioctx->n_rdma, &ch->sq_wr_avail); 1759 1760 if (wc->status != IB_WC_SUCCESS) 1761 pr_info("sending response for ioctx 0x%p failed with status %d\n", 1762 ioctx, wc->status); 1763 1764 if (state != SRPT_STATE_DONE) { 1765 transport_generic_free_cmd(&ioctx->cmd, 0); 1766 } else { 1767 pr_err("IB completion has been received too late for wr_id = %u.\n", 1768 ioctx->ioctx.index); 1769 } 1770 1771 srpt_process_wait_list(ch); 1772} 1773 1774/** 1775 * srpt_create_ch_ib - create receive and send completion queues 1776 * @ch: SRPT RDMA channel. 1777 */ 1778static int srpt_create_ch_ib(struct srpt_rdma_ch *ch) 1779{ 1780 struct ib_qp_init_attr *qp_init; 1781 struct srpt_port *sport = ch->sport; 1782 struct srpt_device *sdev = sport->sdev; 1783 const struct ib_device_attr *attrs = &sdev->device->attrs; 1784 int sq_size = sport->port_attrib.srp_sq_size; 1785 int i, ret; 1786 1787 WARN_ON(ch->rq_size < 1); 1788 1789 ret = -ENOMEM; 1790 qp_init = kzalloc(sizeof(*qp_init), GFP_KERNEL); 1791 if (!qp_init) 1792 goto out; 1793 1794retry: 1795 ch->cq = ib_cq_pool_get(sdev->device, ch->rq_size + sq_size, -1, 1796 IB_POLL_WORKQUEUE); 1797 if (IS_ERR(ch->cq)) { 1798 ret = PTR_ERR(ch->cq); 1799 pr_err("failed to create CQ cqe= %d ret= %d\n", 1800 ch->rq_size + sq_size, ret); 1801 goto out; 1802 } 1803 ch->cq_size = ch->rq_size + sq_size; 1804 1805 qp_init->qp_context = (void *)ch; 1806 qp_init->event_handler 1807 = (void(*)(struct ib_event *, void*))srpt_qp_event; 1808 qp_init->send_cq = ch->cq; 1809 qp_init->recv_cq = ch->cq; 1810 qp_init->sq_sig_type = IB_SIGNAL_REQ_WR; 1811 qp_init->qp_type = IB_QPT_RC; 1812 /* 1813 * We divide up our send queue size into half SEND WRs to send the 1814 * completions, and half R/W contexts to actually do the RDMA 1815 * READ/WRITE transfers. Note that we need to allocate CQ slots for 1816 * both both, as RDMA contexts will also post completions for the 1817 * RDMA READ case. 1818 */ 1819 qp_init->cap.max_send_wr = min(sq_size / 2, attrs->max_qp_wr); 1820 qp_init->cap.max_rdma_ctxs = sq_size / 2; 1821 qp_init->cap.max_send_sge = attrs->max_send_sge; 1822 qp_init->cap.max_recv_sge = 1; 1823 qp_init->port_num = ch->sport->port; 1824 if (sdev->use_srq) 1825 qp_init->srq = sdev->srq; 1826 else 1827 qp_init->cap.max_recv_wr = ch->rq_size; 1828 1829 if (ch->using_rdma_cm) { 1830 ret = rdma_create_qp(ch->rdma_cm.cm_id, sdev->pd, qp_init); 1831 ch->qp = ch->rdma_cm.cm_id->qp; 1832 } else { 1833 ch->qp = ib_create_qp(sdev->pd, qp_init); 1834 if (!IS_ERR(ch->qp)) { 1835 ret = srpt_init_ch_qp(ch, ch->qp); 1836 if (ret) 1837 ib_destroy_qp(ch->qp); 1838 } else { 1839 ret = PTR_ERR(ch->qp); 1840 } 1841 } 1842 if (ret) { 1843 bool retry = sq_size > MIN_SRPT_SQ_SIZE; 1844 1845 if (retry) { 1846 pr_debug("failed to create queue pair with sq_size = %d (%d) - retrying\n", 1847 sq_size, ret); 1848 ib_cq_pool_put(ch->cq, ch->cq_size); 1849 sq_size = max(sq_size / 2, MIN_SRPT_SQ_SIZE); 1850 goto retry; 1851 } else { 1852 pr_err("failed to create queue pair with sq_size = %d (%d)\n", 1853 sq_size, ret); 1854 goto err_destroy_cq; 1855 } 1856 } 1857 1858 atomic_set(&ch->sq_wr_avail, qp_init->cap.max_send_wr); 1859 1860 pr_debug("%s: max_cqe= %d max_sge= %d sq_size = %d ch= %p\n", 1861 __func__, ch->cq->cqe, qp_init->cap.max_send_sge, 1862 qp_init->cap.max_send_wr, ch); 1863 1864 if (!sdev->use_srq) 1865 for (i = 0; i < ch->rq_size; i++) 1866 srpt_post_recv(sdev, ch, ch->ioctx_recv_ring[i]); 1867 1868out: 1869 kfree(qp_init); 1870 return ret; 1871 1872err_destroy_cq: 1873 ch->qp = NULL; 1874 ib_cq_pool_put(ch->cq, ch->cq_size); 1875 goto out; 1876} 1877 1878static void srpt_destroy_ch_ib(struct srpt_rdma_ch *ch) 1879{ 1880 ib_destroy_qp(ch->qp); 1881 ib_cq_pool_put(ch->cq, ch->cq_size); 1882} 1883 1884/** 1885 * srpt_close_ch - close a RDMA channel 1886 * @ch: SRPT RDMA channel. 1887 * 1888 * Make sure all resources associated with the channel will be deallocated at 1889 * an appropriate time. 1890 * 1891 * Returns true if and only if the channel state has been modified into 1892 * CH_DRAINING. 1893 */ 1894static bool srpt_close_ch(struct srpt_rdma_ch *ch) 1895{ 1896 int ret; 1897 1898 if (!srpt_set_ch_state(ch, CH_DRAINING)) { 1899 pr_debug("%s: already closed\n", ch->sess_name); 1900 return false; 1901 } 1902 1903 kref_get(&ch->kref); 1904 1905 ret = srpt_ch_qp_err(ch); 1906 if (ret < 0) 1907 pr_err("%s-%d: changing queue pair into error state failed: %d\n", 1908 ch->sess_name, ch->qp->qp_num, ret); 1909 1910 ret = srpt_zerolength_write(ch); 1911 if (ret < 0) { 1912 pr_err("%s-%d: queuing zero-length write failed: %d\n", 1913 ch->sess_name, ch->qp->qp_num, ret); 1914 if (srpt_set_ch_state(ch, CH_DISCONNECTED)) 1915 schedule_work(&ch->release_work); 1916 else 1917 WARN_ON_ONCE(true); 1918 } 1919 1920 kref_put(&ch->kref, srpt_free_ch); 1921 1922 return true; 1923} 1924 1925/* 1926 * Change the channel state into CH_DISCONNECTING. If a channel has not yet 1927 * reached the connected state, close it. If a channel is in the connected 1928 * state, send a DREQ. If a DREQ has been received, send a DREP. Note: it is 1929 * the responsibility of the caller to ensure that this function is not 1930 * invoked concurrently with the code that accepts a connection. This means 1931 * that this function must either be invoked from inside a CM callback 1932 * function or that it must be invoked with the srpt_port.mutex held. 1933 */ 1934static int srpt_disconnect_ch(struct srpt_rdma_ch *ch) 1935{ 1936 int ret; 1937 1938 if (!srpt_set_ch_state(ch, CH_DISCONNECTING)) 1939 return -ENOTCONN; 1940 1941 if (ch->using_rdma_cm) { 1942 ret = rdma_disconnect(ch->rdma_cm.cm_id); 1943 } else { 1944 ret = ib_send_cm_dreq(ch->ib_cm.cm_id, NULL, 0); 1945 if (ret < 0) 1946 ret = ib_send_cm_drep(ch->ib_cm.cm_id, NULL, 0); 1947 } 1948 1949 if (ret < 0 && srpt_close_ch(ch)) 1950 ret = 0; 1951 1952 return ret; 1953} 1954 1955/* Send DREQ and wait for DREP. */ 1956static void srpt_disconnect_ch_sync(struct srpt_rdma_ch *ch) 1957{ 1958 DECLARE_COMPLETION_ONSTACK(closed); 1959 struct srpt_port *sport = ch->sport; 1960 1961 pr_debug("ch %s-%d state %d\n", ch->sess_name, ch->qp->qp_num, 1962 ch->state); 1963 1964 ch->closed = &closed; 1965 1966 mutex_lock(&sport->mutex); 1967 srpt_disconnect_ch(ch); 1968 mutex_unlock(&sport->mutex); 1969 1970 while (wait_for_completion_timeout(&closed, 5 * HZ) == 0) 1971 pr_info("%s(%s-%d state %d): still waiting ...\n", __func__, 1972 ch->sess_name, ch->qp->qp_num, ch->state); 1973 1974} 1975 1976static void __srpt_close_all_ch(struct srpt_port *sport) 1977{ 1978 struct srpt_nexus *nexus; 1979 struct srpt_rdma_ch *ch; 1980 1981 lockdep_assert_held(&sport->mutex); 1982 1983 list_for_each_entry(nexus, &sport->nexus_list, entry) { 1984 list_for_each_entry(ch, &nexus->ch_list, list) { 1985 if (srpt_disconnect_ch(ch) >= 0) 1986 pr_info("Closing channel %s-%d because target %s_%d has been disabled\n", 1987 ch->sess_name, ch->qp->qp_num, 1988 dev_name(&sport->sdev->device->dev), 1989 sport->port); 1990 srpt_close_ch(ch); 1991 } 1992 } 1993} 1994 1995/* 1996 * Look up (i_port_id, t_port_id) in sport->nexus_list. Create an entry if 1997 * it does not yet exist. 1998 */ 1999static struct srpt_nexus *srpt_get_nexus(struct srpt_port *sport, 2000 const u8 i_port_id[16], 2001 const u8 t_port_id[16]) 2002{ 2003 struct srpt_nexus *nexus = NULL, *tmp_nexus = NULL, *n; 2004 2005 for (;;) { 2006 mutex_lock(&sport->mutex); 2007 list_for_each_entry(n, &sport->nexus_list, entry) { 2008 if (memcmp(n->i_port_id, i_port_id, 16) == 0 && 2009 memcmp(n->t_port_id, t_port_id, 16) == 0) { 2010 nexus = n; 2011 break; 2012 } 2013 } 2014 if (!nexus && tmp_nexus) { 2015 list_add_tail_rcu(&tmp_nexus->entry, 2016 &sport->nexus_list); 2017 swap(nexus, tmp_nexus); 2018 } 2019 mutex_unlock(&sport->mutex); 2020 2021 if (nexus) 2022 break; 2023 tmp_nexus = kzalloc(sizeof(*nexus), GFP_KERNEL); 2024 if (!tmp_nexus) { 2025 nexus = ERR_PTR(-ENOMEM); 2026 break; 2027 } 2028 INIT_LIST_HEAD(&tmp_nexus->ch_list); 2029 memcpy(tmp_nexus->i_port_id, i_port_id, 16); 2030 memcpy(tmp_nexus->t_port_id, t_port_id, 16); 2031 } 2032 2033 kfree(tmp_nexus); 2034 2035 return nexus; 2036} 2037 2038static void srpt_set_enabled(struct srpt_port *sport, bool enabled) 2039 __must_hold(&sport->mutex) 2040{ 2041 lockdep_assert_held(&sport->mutex); 2042 2043 if (sport->enabled == enabled) 2044 return; 2045 sport->enabled = enabled; 2046 if (!enabled) 2047 __srpt_close_all_ch(sport); 2048} 2049 2050static void srpt_drop_sport_ref(struct srpt_port *sport) 2051{ 2052 if (atomic_dec_return(&sport->refcount) == 0 && sport->freed_channels) 2053 complete(sport->freed_channels); 2054} 2055 2056static void srpt_free_ch(struct kref *kref) 2057{ 2058 struct srpt_rdma_ch *ch = container_of(kref, struct srpt_rdma_ch, kref); 2059 2060 srpt_drop_sport_ref(ch->sport); 2061 kfree_rcu(ch, rcu); 2062} 2063 2064/* 2065 * Shut down the SCSI target session, tell the connection manager to 2066 * disconnect the associated RDMA channel, transition the QP to the error 2067 * state and remove the channel from the channel list. This function is 2068 * typically called from inside srpt_zerolength_write_done(). Concurrent 2069 * srpt_zerolength_write() calls from inside srpt_close_ch() are possible 2070 * as long as the channel is on sport->nexus_list. 2071 */ 2072static void srpt_release_channel_work(struct work_struct *w) 2073{ 2074 struct srpt_rdma_ch *ch; 2075 struct srpt_device *sdev; 2076 struct srpt_port *sport; 2077 struct se_session *se_sess; 2078 2079 ch = container_of(w, struct srpt_rdma_ch, release_work); 2080 pr_debug("%s-%d\n", ch->sess_name, ch->qp->qp_num); 2081 2082 sdev = ch->sport->sdev; 2083 BUG_ON(!sdev); 2084 2085 se_sess = ch->sess; 2086 BUG_ON(!se_sess); 2087 2088 target_sess_cmd_list_set_waiting(se_sess); 2089 target_wait_for_sess_cmds(se_sess); 2090 2091 target_remove_session(se_sess); 2092 ch->sess = NULL; 2093 2094 if (ch->using_rdma_cm) 2095 rdma_destroy_id(ch->rdma_cm.cm_id); 2096 else 2097 ib_destroy_cm_id(ch->ib_cm.cm_id); 2098 2099 sport = ch->sport; 2100 mutex_lock(&sport->mutex); 2101 list_del_rcu(&ch->list); 2102 mutex_unlock(&sport->mutex); 2103 2104 if (ch->closed) 2105 complete(ch->closed); 2106 2107 srpt_destroy_ch_ib(ch); 2108 2109 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring, 2110 ch->sport->sdev, ch->rq_size, 2111 ch->rsp_buf_cache, DMA_TO_DEVICE); 2112 2113 kmem_cache_destroy(ch->rsp_buf_cache); 2114 2115 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_recv_ring, 2116 sdev, ch->rq_size, 2117 ch->req_buf_cache, DMA_FROM_DEVICE); 2118 2119 kmem_cache_destroy(ch->req_buf_cache); 2120 2121 kref_put(&ch->kref, srpt_free_ch); 2122} 2123 2124/** 2125 * srpt_cm_req_recv - process the event IB_CM_REQ_RECEIVED 2126 * @sdev: HCA through which the login request was received. 2127 * @ib_cm_id: IB/CM connection identifier in case of IB/CM. 2128 * @rdma_cm_id: RDMA/CM connection identifier in case of RDMA/CM. 2129 * @port_num: Port through which the REQ message was received. 2130 * @pkey: P_Key of the incoming connection. 2131 * @req: SRP login request. 2132 * @src_addr: GID (IB/CM) or IP address (RDMA/CM) of the port that submitted 2133 * the login request. 2134 * 2135 * Ownership of the cm_id is transferred to the target session if this 2136 * function returns zero. Otherwise the caller remains the owner of cm_id. 2137 */ 2138static int srpt_cm_req_recv(struct srpt_device *const sdev, 2139 struct ib_cm_id *ib_cm_id, 2140 struct rdma_cm_id *rdma_cm_id, 2141 u8 port_num, __be16 pkey, 2142 const struct srp_login_req *req, 2143 const char *src_addr) 2144{ 2145 struct srpt_port *sport = &sdev->port[port_num - 1]; 2146 struct srpt_nexus *nexus; 2147 struct srp_login_rsp *rsp = NULL; 2148 struct srp_login_rej *rej = NULL; 2149 union { 2150 struct rdma_conn_param rdma_cm; 2151 struct ib_cm_rep_param ib_cm; 2152 } *rep_param = NULL; 2153 struct srpt_rdma_ch *ch = NULL; 2154 char i_port_id[36]; 2155 u32 it_iu_len; 2156 int i, tag_num, tag_size, ret; 2157 struct srpt_tpg *stpg; 2158 2159 WARN_ON_ONCE(irqs_disabled()); 2160 2161 it_iu_len = be32_to_cpu(req->req_it_iu_len); 2162 2163 pr_info("Received SRP_LOGIN_REQ with i_port_id %pI6, t_port_id %pI6 and it_iu_len %d on port %d (guid=%pI6); pkey %#04x\n", 2164 req->initiator_port_id, req->target_port_id, it_iu_len, 2165 port_num, &sport->gid, be16_to_cpu(pkey)); 2166 2167 nexus = srpt_get_nexus(sport, req->initiator_port_id, 2168 req->target_port_id); 2169 if (IS_ERR(nexus)) { 2170 ret = PTR_ERR(nexus); 2171 goto out; 2172 } 2173 2174 ret = -ENOMEM; 2175 rsp = kzalloc(sizeof(*rsp), GFP_KERNEL); 2176 rej = kzalloc(sizeof(*rej), GFP_KERNEL); 2177 rep_param = kzalloc(sizeof(*rep_param), GFP_KERNEL); 2178 if (!rsp || !rej || !rep_param) 2179 goto out; 2180 2181 ret = -EINVAL; 2182 if (it_iu_len > srp_max_req_size || it_iu_len < 64) { 2183 rej->reason = cpu_to_be32( 2184 SRP_LOGIN_REJ_REQ_IT_IU_LENGTH_TOO_LARGE); 2185 pr_err("rejected SRP_LOGIN_REQ because its length (%d bytes) is out of range (%d .. %d)\n", 2186 it_iu_len, 64, srp_max_req_size); 2187 goto reject; 2188 } 2189 2190 if (!sport->enabled) { 2191 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2192 pr_info("rejected SRP_LOGIN_REQ because target port %s_%d has not yet been enabled\n", 2193 dev_name(&sport->sdev->device->dev), port_num); 2194 goto reject; 2195 } 2196 2197 if (*(__be64 *)req->target_port_id != cpu_to_be64(srpt_service_guid) 2198 || *(__be64 *)(req->target_port_id + 8) != 2199 cpu_to_be64(srpt_service_guid)) { 2200 rej->reason = cpu_to_be32( 2201 SRP_LOGIN_REJ_UNABLE_ASSOCIATE_CHANNEL); 2202 pr_err("rejected SRP_LOGIN_REQ because it has an invalid target port identifier.\n"); 2203 goto reject; 2204 } 2205 2206 ret = -ENOMEM; 2207 ch = kzalloc(sizeof(*ch), GFP_KERNEL); 2208 if (!ch) { 2209 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2210 pr_err("rejected SRP_LOGIN_REQ because out of memory.\n"); 2211 goto reject; 2212 } 2213 2214 kref_init(&ch->kref); 2215 ch->pkey = be16_to_cpu(pkey); 2216 ch->nexus = nexus; 2217 ch->zw_cqe.done = srpt_zerolength_write_done; 2218 INIT_WORK(&ch->release_work, srpt_release_channel_work); 2219 ch->sport = sport; 2220 if (ib_cm_id) { 2221 ch->ib_cm.cm_id = ib_cm_id; 2222 ib_cm_id->context = ch; 2223 } else { 2224 ch->using_rdma_cm = true; 2225 ch->rdma_cm.cm_id = rdma_cm_id; 2226 rdma_cm_id->context = ch; 2227 } 2228 /* 2229 * ch->rq_size should be at least as large as the initiator queue 2230 * depth to avoid that the initiator driver has to report QUEUE_FULL 2231 * to the SCSI mid-layer. 2232 */ 2233 ch->rq_size = min(MAX_SRPT_RQ_SIZE, sdev->device->attrs.max_qp_wr); 2234 spin_lock_init(&ch->spinlock); 2235 ch->state = CH_CONNECTING; 2236 INIT_LIST_HEAD(&ch->cmd_wait_list); 2237 ch->max_rsp_size = ch->sport->port_attrib.srp_max_rsp_size; 2238 2239 ch->rsp_buf_cache = kmem_cache_create("srpt-rsp-buf", ch->max_rsp_size, 2240 512, 0, NULL); 2241 if (!ch->rsp_buf_cache) 2242 goto free_ch; 2243 2244 ch->ioctx_ring = (struct srpt_send_ioctx **) 2245 srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size, 2246 sizeof(*ch->ioctx_ring[0]), 2247 ch->rsp_buf_cache, 0, DMA_TO_DEVICE); 2248 if (!ch->ioctx_ring) { 2249 pr_err("rejected SRP_LOGIN_REQ because creating a new QP SQ ring failed.\n"); 2250 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2251 goto free_rsp_cache; 2252 } 2253 2254 for (i = 0; i < ch->rq_size; i++) 2255 ch->ioctx_ring[i]->ch = ch; 2256 if (!sdev->use_srq) { 2257 u16 imm_data_offset = req->req_flags & SRP_IMMED_REQUESTED ? 2258 be16_to_cpu(req->imm_data_offset) : 0; 2259 u16 alignment_offset; 2260 u32 req_sz; 2261 2262 if (req->req_flags & SRP_IMMED_REQUESTED) 2263 pr_debug("imm_data_offset = %d\n", 2264 be16_to_cpu(req->imm_data_offset)); 2265 if (imm_data_offset >= sizeof(struct srp_cmd)) { 2266 ch->imm_data_offset = imm_data_offset; 2267 rsp->rsp_flags |= SRP_LOGIN_RSP_IMMED_SUPP; 2268 } else { 2269 ch->imm_data_offset = 0; 2270 } 2271 alignment_offset = round_up(imm_data_offset, 512) - 2272 imm_data_offset; 2273 req_sz = alignment_offset + imm_data_offset + srp_max_req_size; 2274 ch->req_buf_cache = kmem_cache_create("srpt-req-buf", req_sz, 2275 512, 0, NULL); 2276 if (!ch->req_buf_cache) 2277 goto free_rsp_ring; 2278 2279 ch->ioctx_recv_ring = (struct srpt_recv_ioctx **) 2280 srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size, 2281 sizeof(*ch->ioctx_recv_ring[0]), 2282 ch->req_buf_cache, 2283 alignment_offset, 2284 DMA_FROM_DEVICE); 2285 if (!ch->ioctx_recv_ring) { 2286 pr_err("rejected SRP_LOGIN_REQ because creating a new QP RQ ring failed.\n"); 2287 rej->reason = 2288 cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2289 goto free_recv_cache; 2290 } 2291 for (i = 0; i < ch->rq_size; i++) 2292 INIT_LIST_HEAD(&ch->ioctx_recv_ring[i]->wait_list); 2293 } 2294 2295 ret = srpt_create_ch_ib(ch); 2296 if (ret) { 2297 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2298 pr_err("rejected SRP_LOGIN_REQ because creating a new RDMA channel failed.\n"); 2299 goto free_recv_ring; 2300 } 2301 2302 strlcpy(ch->sess_name, src_addr, sizeof(ch->sess_name)); 2303 snprintf(i_port_id, sizeof(i_port_id), "0x%016llx%016llx", 2304 be64_to_cpu(*(__be64 *)nexus->i_port_id), 2305 be64_to_cpu(*(__be64 *)(nexus->i_port_id + 8))); 2306 2307 pr_debug("registering src addr %s or i_port_id %s\n", ch->sess_name, 2308 i_port_id); 2309 2310 tag_num = ch->rq_size; 2311 tag_size = 1; /* ib_srpt does not use se_sess->sess_cmd_map */ 2312 2313 if (sport->guid_id) { 2314 mutex_lock(&sport->guid_id->mutex); 2315 list_for_each_entry(stpg, &sport->guid_id->tpg_list, entry) { 2316 if (!IS_ERR_OR_NULL(ch->sess)) 2317 break; 2318 ch->sess = target_setup_session(&stpg->tpg, tag_num, 2319 tag_size, TARGET_PROT_NORMAL, 2320 ch->sess_name, ch, NULL); 2321 } 2322 mutex_unlock(&sport->guid_id->mutex); 2323 } 2324 2325 if (sport->gid_id) { 2326 mutex_lock(&sport->gid_id->mutex); 2327 list_for_each_entry(stpg, &sport->gid_id->tpg_list, entry) { 2328 if (!IS_ERR_OR_NULL(ch->sess)) 2329 break; 2330 ch->sess = target_setup_session(&stpg->tpg, tag_num, 2331 tag_size, TARGET_PROT_NORMAL, i_port_id, 2332 ch, NULL); 2333 if (!IS_ERR_OR_NULL(ch->sess)) 2334 break; 2335 /* Retry without leading "0x" */ 2336 ch->sess = target_setup_session(&stpg->tpg, tag_num, 2337 tag_size, TARGET_PROT_NORMAL, 2338 i_port_id + 2, ch, NULL); 2339 } 2340 mutex_unlock(&sport->gid_id->mutex); 2341 } 2342 2343 if (IS_ERR_OR_NULL(ch->sess)) { 2344 WARN_ON_ONCE(ch->sess == NULL); 2345 ret = PTR_ERR(ch->sess); 2346 ch->sess = NULL; 2347 pr_info("Rejected login for initiator %s: ret = %d.\n", 2348 ch->sess_name, ret); 2349 rej->reason = cpu_to_be32(ret == -ENOMEM ? 2350 SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES : 2351 SRP_LOGIN_REJ_CHANNEL_LIMIT_REACHED); 2352 goto destroy_ib; 2353 } 2354 2355 /* 2356 * Once a session has been created destruction of srpt_rdma_ch objects 2357 * will decrement sport->refcount. Hence increment sport->refcount now. 2358 */ 2359 atomic_inc(&sport->refcount); 2360 2361 mutex_lock(&sport->mutex); 2362 2363 if ((req->req_flags & SRP_MTCH_ACTION) == SRP_MULTICHAN_SINGLE) { 2364 struct srpt_rdma_ch *ch2; 2365 2366 list_for_each_entry(ch2, &nexus->ch_list, list) { 2367 if (srpt_disconnect_ch(ch2) < 0) 2368 continue; 2369 pr_info("Relogin - closed existing channel %s\n", 2370 ch2->sess_name); 2371 rsp->rsp_flags |= SRP_LOGIN_RSP_MULTICHAN_TERMINATED; 2372 } 2373 } else { 2374 rsp->rsp_flags |= SRP_LOGIN_RSP_MULTICHAN_MAINTAINED; 2375 } 2376 2377 list_add_tail_rcu(&ch->list, &nexus->ch_list); 2378 2379 if (!sport->enabled) { 2380 rej->reason = cpu_to_be32( 2381 SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2382 pr_info("rejected SRP_LOGIN_REQ because target %s_%d is not enabled\n", 2383 dev_name(&sdev->device->dev), port_num); 2384 mutex_unlock(&sport->mutex); 2385 ret = -EINVAL; 2386 goto reject; 2387 } 2388 2389 mutex_unlock(&sport->mutex); 2390 2391 ret = ch->using_rdma_cm ? 0 : srpt_ch_qp_rtr(ch, ch->qp); 2392 if (ret) { 2393 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2394 pr_err("rejected SRP_LOGIN_REQ because enabling RTR failed (error code = %d)\n", 2395 ret); 2396 goto reject; 2397 } 2398 2399 pr_debug("Establish connection sess=%p name=%s ch=%p\n", ch->sess, 2400 ch->sess_name, ch); 2401 2402 /* create srp_login_response */ 2403 rsp->opcode = SRP_LOGIN_RSP; 2404 rsp->tag = req->tag; 2405 rsp->max_it_iu_len = cpu_to_be32(srp_max_req_size); 2406 rsp->max_ti_iu_len = req->req_it_iu_len; 2407 ch->max_ti_iu_len = it_iu_len; 2408 rsp->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | 2409 SRP_BUF_FORMAT_INDIRECT); 2410 rsp->req_lim_delta = cpu_to_be32(ch->rq_size); 2411 atomic_set(&ch->req_lim, ch->rq_size); 2412 atomic_set(&ch->req_lim_delta, 0); 2413 2414 /* create cm reply */ 2415 if (ch->using_rdma_cm) { 2416 rep_param->rdma_cm.private_data = (void *)rsp; 2417 rep_param->rdma_cm.private_data_len = sizeof(*rsp); 2418 rep_param->rdma_cm.rnr_retry_count = 7; 2419 rep_param->rdma_cm.flow_control = 1; 2420 rep_param->rdma_cm.responder_resources = 4; 2421 rep_param->rdma_cm.initiator_depth = 4; 2422 } else { 2423 rep_param->ib_cm.qp_num = ch->qp->qp_num; 2424 rep_param->ib_cm.private_data = (void *)rsp; 2425 rep_param->ib_cm.private_data_len = sizeof(*rsp); 2426 rep_param->ib_cm.rnr_retry_count = 7; 2427 rep_param->ib_cm.flow_control = 1; 2428 rep_param->ib_cm.failover_accepted = 0; 2429 rep_param->ib_cm.srq = 1; 2430 rep_param->ib_cm.responder_resources = 4; 2431 rep_param->ib_cm.initiator_depth = 4; 2432 } 2433 2434 /* 2435 * Hold the sport mutex while accepting a connection to avoid that 2436 * srpt_disconnect_ch() is invoked concurrently with this code. 2437 */ 2438 mutex_lock(&sport->mutex); 2439 if (sport->enabled && ch->state == CH_CONNECTING) { 2440 if (ch->using_rdma_cm) 2441 ret = rdma_accept(rdma_cm_id, &rep_param->rdma_cm); 2442 else 2443 ret = ib_send_cm_rep(ib_cm_id, &rep_param->ib_cm); 2444 } else { 2445 ret = -EINVAL; 2446 } 2447 mutex_unlock(&sport->mutex); 2448 2449 switch (ret) { 2450 case 0: 2451 break; 2452 case -EINVAL: 2453 goto reject; 2454 default: 2455 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES); 2456 pr_err("sending SRP_LOGIN_REQ response failed (error code = %d)\n", 2457 ret); 2458 goto reject; 2459 } 2460 2461 goto out; 2462 2463destroy_ib: 2464 srpt_destroy_ch_ib(ch); 2465 2466free_recv_ring: 2467 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_recv_ring, 2468 ch->sport->sdev, ch->rq_size, 2469 ch->req_buf_cache, DMA_FROM_DEVICE); 2470 2471free_recv_cache: 2472 kmem_cache_destroy(ch->req_buf_cache); 2473 2474free_rsp_ring: 2475 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring, 2476 ch->sport->sdev, ch->rq_size, 2477 ch->rsp_buf_cache, DMA_TO_DEVICE); 2478 2479free_rsp_cache: 2480 kmem_cache_destroy(ch->rsp_buf_cache); 2481 2482free_ch: 2483 if (rdma_cm_id) 2484 rdma_cm_id->context = NULL; 2485 else 2486 ib_cm_id->context = NULL; 2487 kfree(ch); 2488 ch = NULL; 2489 2490 WARN_ON_ONCE(ret == 0); 2491 2492reject: 2493 pr_info("Rejecting login with reason %#x\n", be32_to_cpu(rej->reason)); 2494 rej->opcode = SRP_LOGIN_REJ; 2495 rej->tag = req->tag; 2496 rej->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT | 2497 SRP_BUF_FORMAT_INDIRECT); 2498 2499 if (rdma_cm_id) 2500 rdma_reject(rdma_cm_id, rej, sizeof(*rej), 2501 IB_CM_REJ_CONSUMER_DEFINED); 2502 else 2503 ib_send_cm_rej(ib_cm_id, IB_CM_REJ_CONSUMER_DEFINED, NULL, 0, 2504 rej, sizeof(*rej)); 2505 2506 if (ch && ch->sess) { 2507 srpt_close_ch(ch); 2508 /* 2509 * Tell the caller not to free cm_id since 2510 * srpt_release_channel_work() will do that. 2511 */ 2512 ret = 0; 2513 } 2514 2515out: 2516 kfree(rep_param); 2517 kfree(rsp); 2518 kfree(rej); 2519 2520 return ret; 2521} 2522 2523static int srpt_ib_cm_req_recv(struct ib_cm_id *cm_id, 2524 const struct ib_cm_req_event_param *param, 2525 void *private_data) 2526{ 2527 char sguid[40]; 2528 2529 srpt_format_guid(sguid, sizeof(sguid), 2530 ¶m->primary_path->dgid.global.interface_id); 2531 2532 return srpt_cm_req_recv(cm_id->context, cm_id, NULL, param->port, 2533 param->primary_path->pkey, 2534 private_data, sguid); 2535} 2536 2537static int srpt_rdma_cm_req_recv(struct rdma_cm_id *cm_id, 2538 struct rdma_cm_event *event) 2539{ 2540 struct srpt_device *sdev; 2541 struct srp_login_req req; 2542 const struct srp_login_req_rdma *req_rdma; 2543 struct sa_path_rec *path_rec = cm_id->route.path_rec; 2544 char src_addr[40]; 2545 2546 sdev = ib_get_client_data(cm_id->device, &srpt_client); 2547 if (!sdev) 2548 return -ECONNREFUSED; 2549 2550 if (event->param.conn.private_data_len < sizeof(*req_rdma)) 2551 return -EINVAL; 2552 2553 /* Transform srp_login_req_rdma into srp_login_req. */ 2554 req_rdma = event->param.conn.private_data; 2555 memset(&req, 0, sizeof(req)); 2556 req.opcode = req_rdma->opcode; 2557 req.tag = req_rdma->tag; 2558 req.req_it_iu_len = req_rdma->req_it_iu_len; 2559 req.req_buf_fmt = req_rdma->req_buf_fmt; 2560 req.req_flags = req_rdma->req_flags; 2561 memcpy(req.initiator_port_id, req_rdma->initiator_port_id, 16); 2562 memcpy(req.target_port_id, req_rdma->target_port_id, 16); 2563 req.imm_data_offset = req_rdma->imm_data_offset; 2564 2565 snprintf(src_addr, sizeof(src_addr), "%pIS", 2566 &cm_id->route.addr.src_addr); 2567 2568 return srpt_cm_req_recv(sdev, NULL, cm_id, cm_id->port_num, 2569 path_rec ? path_rec->pkey : 0, &req, src_addr); 2570} 2571 2572static void srpt_cm_rej_recv(struct srpt_rdma_ch *ch, 2573 enum ib_cm_rej_reason reason, 2574 const u8 *private_data, 2575 u8 private_data_len) 2576{ 2577 char *priv = NULL; 2578 int i; 2579 2580 if (private_data_len && (priv = kmalloc(private_data_len * 3 + 1, 2581 GFP_KERNEL))) { 2582 for (i = 0; i < private_data_len; i++) 2583 sprintf(priv + 3 * i, " %02x", private_data[i]); 2584 } 2585 pr_info("Received CM REJ for ch %s-%d; reason %d%s%s.\n", 2586 ch->sess_name, ch->qp->qp_num, reason, private_data_len ? 2587 "; private data" : "", priv ? priv : " (?)"); 2588 kfree(priv); 2589} 2590 2591/** 2592 * srpt_cm_rtu_recv - process an IB_CM_RTU_RECEIVED or USER_ESTABLISHED event 2593 * @ch: SRPT RDMA channel. 2594 * 2595 * An RTU (ready to use) message indicates that the connection has been 2596 * established and that the recipient may begin transmitting. 2597 */ 2598static void srpt_cm_rtu_recv(struct srpt_rdma_ch *ch) 2599{ 2600 int ret; 2601 2602 ret = ch->using_rdma_cm ? 0 : srpt_ch_qp_rts(ch, ch->qp); 2603 if (ret < 0) { 2604 pr_err("%s-%d: QP transition to RTS failed\n", ch->sess_name, 2605 ch->qp->qp_num); 2606 srpt_close_ch(ch); 2607 return; 2608 } 2609 2610 /* 2611 * Note: calling srpt_close_ch() if the transition to the LIVE state 2612 * fails is not necessary since that means that that function has 2613 * already been invoked from another thread. 2614 */ 2615 if (!srpt_set_ch_state(ch, CH_LIVE)) { 2616 pr_err("%s-%d: channel transition to LIVE state failed\n", 2617 ch->sess_name, ch->qp->qp_num); 2618 return; 2619 } 2620 2621 /* Trigger wait list processing. */ 2622 ret = srpt_zerolength_write(ch); 2623 WARN_ONCE(ret < 0, "%d\n", ret); 2624} 2625 2626/** 2627 * srpt_cm_handler - IB connection manager callback function 2628 * @cm_id: IB/CM connection identifier. 2629 * @event: IB/CM event. 2630 * 2631 * A non-zero return value will cause the caller destroy the CM ID. 2632 * 2633 * Note: srpt_cm_handler() must only return a non-zero value when transferring 2634 * ownership of the cm_id to a channel by srpt_cm_req_recv() failed. Returning 2635 * a non-zero value in any other case will trigger a race with the 2636 * ib_destroy_cm_id() call in srpt_release_channel(). 2637 */ 2638static int srpt_cm_handler(struct ib_cm_id *cm_id, 2639 const struct ib_cm_event *event) 2640{ 2641 struct srpt_rdma_ch *ch = cm_id->context; 2642 int ret; 2643 2644 ret = 0; 2645 switch (event->event) { 2646 case IB_CM_REQ_RECEIVED: 2647 ret = srpt_ib_cm_req_recv(cm_id, &event->param.req_rcvd, 2648 event->private_data); 2649 break; 2650 case IB_CM_REJ_RECEIVED: 2651 srpt_cm_rej_recv(ch, event->param.rej_rcvd.reason, 2652 event->private_data, 2653 IB_CM_REJ_PRIVATE_DATA_SIZE); 2654 break; 2655 case IB_CM_RTU_RECEIVED: 2656 case IB_CM_USER_ESTABLISHED: 2657 srpt_cm_rtu_recv(ch); 2658 break; 2659 case IB_CM_DREQ_RECEIVED: 2660 srpt_disconnect_ch(ch); 2661 break; 2662 case IB_CM_DREP_RECEIVED: 2663 pr_info("Received CM DREP message for ch %s-%d.\n", 2664 ch->sess_name, ch->qp->qp_num); 2665 srpt_close_ch(ch); 2666 break; 2667 case IB_CM_TIMEWAIT_EXIT: 2668 pr_info("Received CM TimeWait exit for ch %s-%d.\n", 2669 ch->sess_name, ch->qp->qp_num); 2670 srpt_close_ch(ch); 2671 break; 2672 case IB_CM_REP_ERROR: 2673 pr_info("Received CM REP error for ch %s-%d.\n", ch->sess_name, 2674 ch->qp->qp_num); 2675 break; 2676 case IB_CM_DREQ_ERROR: 2677 pr_info("Received CM DREQ ERROR event.\n"); 2678 break; 2679 case IB_CM_MRA_RECEIVED: 2680 pr_info("Received CM MRA event\n"); 2681 break; 2682 default: 2683 pr_err("received unrecognized CM event %d\n", event->event); 2684 break; 2685 } 2686 2687 return ret; 2688} 2689 2690static int srpt_rdma_cm_handler(struct rdma_cm_id *cm_id, 2691 struct rdma_cm_event *event) 2692{ 2693 struct srpt_rdma_ch *ch = cm_id->context; 2694 int ret = 0; 2695 2696 switch (event->event) { 2697 case RDMA_CM_EVENT_CONNECT_REQUEST: 2698 ret = srpt_rdma_cm_req_recv(cm_id, event); 2699 break; 2700 case RDMA_CM_EVENT_REJECTED: 2701 srpt_cm_rej_recv(ch, event->status, 2702 event->param.conn.private_data, 2703 event->param.conn.private_data_len); 2704 break; 2705 case RDMA_CM_EVENT_ESTABLISHED: 2706 srpt_cm_rtu_recv(ch); 2707 break; 2708 case RDMA_CM_EVENT_DISCONNECTED: 2709 if (ch->state < CH_DISCONNECTING) 2710 srpt_disconnect_ch(ch); 2711 else 2712 srpt_close_ch(ch); 2713 break; 2714 case RDMA_CM_EVENT_TIMEWAIT_EXIT: 2715 srpt_close_ch(ch); 2716 break; 2717 case RDMA_CM_EVENT_UNREACHABLE: 2718 pr_info("Received CM REP error for ch %s-%d.\n", ch->sess_name, 2719 ch->qp->qp_num); 2720 break; 2721 case RDMA_CM_EVENT_DEVICE_REMOVAL: 2722 case RDMA_CM_EVENT_ADDR_CHANGE: 2723 break; 2724 default: 2725 pr_err("received unrecognized RDMA CM event %d\n", 2726 event->event); 2727 break; 2728 } 2729 2730 return ret; 2731} 2732 2733/* 2734 * srpt_write_pending - Start data transfer from initiator to target (write). 2735 */ 2736static int srpt_write_pending(struct se_cmd *se_cmd) 2737{ 2738 struct srpt_send_ioctx *ioctx = 2739 container_of(se_cmd, struct srpt_send_ioctx, cmd); 2740 struct srpt_rdma_ch *ch = ioctx->ch; 2741 struct ib_send_wr *first_wr = NULL; 2742 struct ib_cqe *cqe = &ioctx->rdma_cqe; 2743 enum srpt_command_state new_state; 2744 int ret, i; 2745 2746 if (ioctx->recv_ioctx) { 2747 srpt_set_cmd_state(ioctx, SRPT_STATE_DATA_IN); 2748 target_execute_cmd(&ioctx->cmd); 2749 return 0; 2750 } 2751 2752 new_state = srpt_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA); 2753 WARN_ON(new_state == SRPT_STATE_DONE); 2754 2755 if (atomic_sub_return(ioctx->n_rdma, &ch->sq_wr_avail) < 0) { 2756 pr_warn("%s: IB send queue full (needed %d)\n", 2757 __func__, ioctx->n_rdma); 2758 ret = -ENOMEM; 2759 goto out_undo; 2760 } 2761 2762 cqe->done = srpt_rdma_read_done; 2763 for (i = ioctx->n_rw_ctx - 1; i >= 0; i--) { 2764 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 2765 2766 first_wr = rdma_rw_ctx_wrs(&ctx->rw, ch->qp, ch->sport->port, 2767 cqe, first_wr); 2768 cqe = NULL; 2769 } 2770 2771 ret = ib_post_send(ch->qp, first_wr, NULL); 2772 if (ret) { 2773 pr_err("%s: ib_post_send() returned %d for %d (avail: %d)\n", 2774 __func__, ret, ioctx->n_rdma, 2775 atomic_read(&ch->sq_wr_avail)); 2776 goto out_undo; 2777 } 2778 2779 return 0; 2780out_undo: 2781 atomic_add(ioctx->n_rdma, &ch->sq_wr_avail); 2782 return ret; 2783} 2784 2785static u8 tcm_to_srp_tsk_mgmt_status(const int tcm_mgmt_status) 2786{ 2787 switch (tcm_mgmt_status) { 2788 case TMR_FUNCTION_COMPLETE: 2789 return SRP_TSK_MGMT_SUCCESS; 2790 case TMR_FUNCTION_REJECTED: 2791 return SRP_TSK_MGMT_FUNC_NOT_SUPP; 2792 } 2793 return SRP_TSK_MGMT_FAILED; 2794} 2795 2796/** 2797 * srpt_queue_response - transmit the response to a SCSI command 2798 * @cmd: SCSI target command. 2799 * 2800 * Callback function called by the TCM core. Must not block since it can be 2801 * invoked on the context of the IB completion handler. 2802 */ 2803static void srpt_queue_response(struct se_cmd *cmd) 2804{ 2805 struct srpt_send_ioctx *ioctx = 2806 container_of(cmd, struct srpt_send_ioctx, cmd); 2807 struct srpt_rdma_ch *ch = ioctx->ch; 2808 struct srpt_device *sdev = ch->sport->sdev; 2809 struct ib_send_wr send_wr, *first_wr = &send_wr; 2810 struct ib_sge sge; 2811 enum srpt_command_state state; 2812 int resp_len, ret, i; 2813 u8 srp_tm_status; 2814 2815 state = ioctx->state; 2816 switch (state) { 2817 case SRPT_STATE_NEW: 2818 case SRPT_STATE_DATA_IN: 2819 ioctx->state = SRPT_STATE_CMD_RSP_SENT; 2820 break; 2821 case SRPT_STATE_MGMT: 2822 ioctx->state = SRPT_STATE_MGMT_RSP_SENT; 2823 break; 2824 default: 2825 WARN(true, "ch %p; cmd %d: unexpected command state %d\n", 2826 ch, ioctx->ioctx.index, ioctx->state); 2827 break; 2828 } 2829 2830 if (WARN_ON_ONCE(state == SRPT_STATE_CMD_RSP_SENT)) 2831 return; 2832 2833 /* For read commands, transfer the data to the initiator. */ 2834 if (ioctx->cmd.data_direction == DMA_FROM_DEVICE && 2835 ioctx->cmd.data_length && 2836 !ioctx->queue_status_only) { 2837 for (i = ioctx->n_rw_ctx - 1; i >= 0; i--) { 2838 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i]; 2839 2840 first_wr = rdma_rw_ctx_wrs(&ctx->rw, ch->qp, 2841 ch->sport->port, NULL, first_wr); 2842 } 2843 } 2844 2845 if (state != SRPT_STATE_MGMT) 2846 resp_len = srpt_build_cmd_rsp(ch, ioctx, ioctx->cmd.tag, 2847 cmd->scsi_status); 2848 else { 2849 srp_tm_status 2850 = tcm_to_srp_tsk_mgmt_status(cmd->se_tmr_req->response); 2851 resp_len = srpt_build_tskmgmt_rsp(ch, ioctx, srp_tm_status, 2852 ioctx->cmd.tag); 2853 } 2854 2855 atomic_inc(&ch->req_lim); 2856 2857 if (unlikely(atomic_sub_return(1 + ioctx->n_rdma, 2858 &ch->sq_wr_avail) < 0)) { 2859 pr_warn("%s: IB send queue full (needed %d)\n", 2860 __func__, ioctx->n_rdma); 2861 ret = -ENOMEM; 2862 goto out; 2863 } 2864 2865 ib_dma_sync_single_for_device(sdev->device, ioctx->ioctx.dma, resp_len, 2866 DMA_TO_DEVICE); 2867 2868 sge.addr = ioctx->ioctx.dma; 2869 sge.length = resp_len; 2870 sge.lkey = sdev->lkey; 2871 2872 ioctx->ioctx.cqe.done = srpt_send_done; 2873 send_wr.next = NULL; 2874 send_wr.wr_cqe = &ioctx->ioctx.cqe; 2875 send_wr.sg_list = &sge; 2876 send_wr.num_sge = 1; 2877 send_wr.opcode = IB_WR_SEND; 2878 send_wr.send_flags = IB_SEND_SIGNALED; 2879 2880 ret = ib_post_send(ch->qp, first_wr, NULL); 2881 if (ret < 0) { 2882 pr_err("%s: sending cmd response failed for tag %llu (%d)\n", 2883 __func__, ioctx->cmd.tag, ret); 2884 goto out; 2885 } 2886 2887 return; 2888 2889out: 2890 atomic_add(1 + ioctx->n_rdma, &ch->sq_wr_avail); 2891 atomic_dec(&ch->req_lim); 2892 srpt_set_cmd_state(ioctx, SRPT_STATE_DONE); 2893 target_put_sess_cmd(&ioctx->cmd); 2894} 2895 2896static int srpt_queue_data_in(struct se_cmd *cmd) 2897{ 2898 srpt_queue_response(cmd); 2899 return 0; 2900} 2901 2902static void srpt_queue_tm_rsp(struct se_cmd *cmd) 2903{ 2904 srpt_queue_response(cmd); 2905} 2906 2907/* 2908 * This function is called for aborted commands if no response is sent to the 2909 * initiator. Make sure that the credits freed by aborting a command are 2910 * returned to the initiator the next time a response is sent by incrementing 2911 * ch->req_lim_delta. 2912 */ 2913static void srpt_aborted_task(struct se_cmd *cmd) 2914{ 2915 struct srpt_send_ioctx *ioctx = container_of(cmd, 2916 struct srpt_send_ioctx, cmd); 2917 struct srpt_rdma_ch *ch = ioctx->ch; 2918 2919 atomic_inc(&ch->req_lim_delta); 2920} 2921 2922static int srpt_queue_status(struct se_cmd *cmd) 2923{ 2924 struct srpt_send_ioctx *ioctx; 2925 2926 ioctx = container_of(cmd, struct srpt_send_ioctx, cmd); 2927 BUG_ON(ioctx->sense_data != cmd->sense_buffer); 2928 if (cmd->se_cmd_flags & 2929 (SCF_TRANSPORT_TASK_SENSE | SCF_EMULATED_TASK_SENSE)) 2930 WARN_ON(cmd->scsi_status != SAM_STAT_CHECK_CONDITION); 2931 ioctx->queue_status_only = true; 2932 srpt_queue_response(cmd); 2933 return 0; 2934} 2935 2936static void srpt_refresh_port_work(struct work_struct *work) 2937{ 2938 struct srpt_port *sport = container_of(work, struct srpt_port, work); 2939 2940 srpt_refresh_port(sport); 2941} 2942 2943/** 2944 * srpt_release_sport - disable login and wait for associated channels 2945 * @sport: SRPT HCA port. 2946 */ 2947static int srpt_release_sport(struct srpt_port *sport) 2948{ 2949 DECLARE_COMPLETION_ONSTACK(c); 2950 struct srpt_nexus *nexus, *next_n; 2951 struct srpt_rdma_ch *ch; 2952 2953 WARN_ON_ONCE(irqs_disabled()); 2954 2955 sport->freed_channels = &c; 2956 2957 mutex_lock(&sport->mutex); 2958 srpt_set_enabled(sport, false); 2959 mutex_unlock(&sport->mutex); 2960 2961 while (atomic_read(&sport->refcount) > 0 && 2962 wait_for_completion_timeout(&c, 5 * HZ) <= 0) { 2963 pr_info("%s_%d: waiting for unregistration of %d sessions ...\n", 2964 dev_name(&sport->sdev->device->dev), sport->port, 2965 atomic_read(&sport->refcount)); 2966 rcu_read_lock(); 2967 list_for_each_entry(nexus, &sport->nexus_list, entry) { 2968 list_for_each_entry(ch, &nexus->ch_list, list) { 2969 pr_info("%s-%d: state %s\n", 2970 ch->sess_name, ch->qp->qp_num, 2971 get_ch_state_name(ch->state)); 2972 } 2973 } 2974 rcu_read_unlock(); 2975 } 2976 2977 mutex_lock(&sport->mutex); 2978 list_for_each_entry_safe(nexus, next_n, &sport->nexus_list, entry) { 2979 list_del(&nexus->entry); 2980 kfree_rcu(nexus, rcu); 2981 } 2982 mutex_unlock(&sport->mutex); 2983 2984 return 0; 2985} 2986 2987struct port_and_port_id { 2988 struct srpt_port *sport; 2989 struct srpt_port_id **port_id; 2990}; 2991 2992static struct port_and_port_id __srpt_lookup_port(const char *name) 2993{ 2994 struct ib_device *dev; 2995 struct srpt_device *sdev; 2996 struct srpt_port *sport; 2997 int i; 2998 2999 list_for_each_entry(sdev, &srpt_dev_list, list) { 3000 dev = sdev->device; 3001 if (!dev) 3002 continue; 3003 3004 for (i = 0; i < dev->phys_port_cnt; i++) { 3005 sport = &sdev->port[i]; 3006 3007 if (strcmp(sport->guid_name, name) == 0) { 3008 kref_get(&sdev->refcnt); 3009 return (struct port_and_port_id){ 3010 sport, &sport->guid_id}; 3011 } 3012 if (strcmp(sport->gid_name, name) == 0) { 3013 kref_get(&sdev->refcnt); 3014 return (struct port_and_port_id){ 3015 sport, &sport->gid_id}; 3016 } 3017 } 3018 } 3019 3020 return (struct port_and_port_id){}; 3021} 3022 3023/** 3024 * srpt_lookup_port() - Look up an RDMA port by name 3025 * @name: ASCII port name 3026 * 3027 * Increments the RDMA port reference count if an RDMA port pointer is returned. 3028 * The caller must drop that reference count by calling srpt_port_put_ref(). 3029 */ 3030static struct port_and_port_id srpt_lookup_port(const char *name) 3031{ 3032 struct port_and_port_id papi; 3033 3034 spin_lock(&srpt_dev_lock); 3035 papi = __srpt_lookup_port(name); 3036 spin_unlock(&srpt_dev_lock); 3037 3038 return papi; 3039} 3040 3041static void srpt_free_srq(struct srpt_device *sdev) 3042{ 3043 if (!sdev->srq) 3044 return; 3045 3046 ib_destroy_srq(sdev->srq); 3047 srpt_free_ioctx_ring((struct srpt_ioctx **)sdev->ioctx_ring, sdev, 3048 sdev->srq_size, sdev->req_buf_cache, 3049 DMA_FROM_DEVICE); 3050 kmem_cache_destroy(sdev->req_buf_cache); 3051 sdev->srq = NULL; 3052} 3053 3054static int srpt_alloc_srq(struct srpt_device *sdev) 3055{ 3056 struct ib_srq_init_attr srq_attr = { 3057 .event_handler = srpt_srq_event, 3058 .srq_context = (void *)sdev, 3059 .attr.max_wr = sdev->srq_size, 3060 .attr.max_sge = 1, 3061 .srq_type = IB_SRQT_BASIC, 3062 }; 3063 struct ib_device *device = sdev->device; 3064 struct ib_srq *srq; 3065 int i; 3066 3067 WARN_ON_ONCE(sdev->srq); 3068 srq = ib_create_srq(sdev->pd, &srq_attr); 3069 if (IS_ERR(srq)) { 3070 pr_debug("ib_create_srq() failed: %ld\n", PTR_ERR(srq)); 3071 return PTR_ERR(srq); 3072 } 3073 3074 pr_debug("create SRQ #wr= %d max_allow=%d dev= %s\n", sdev->srq_size, 3075 sdev->device->attrs.max_srq_wr, dev_name(&device->dev)); 3076 3077 sdev->req_buf_cache = kmem_cache_create("srpt-srq-req-buf", 3078 srp_max_req_size, 0, 0, NULL); 3079 if (!sdev->req_buf_cache) 3080 goto free_srq; 3081 3082 sdev->ioctx_ring = (struct srpt_recv_ioctx **) 3083 srpt_alloc_ioctx_ring(sdev, sdev->srq_size, 3084 sizeof(*sdev->ioctx_ring[0]), 3085 sdev->req_buf_cache, 0, DMA_FROM_DEVICE); 3086 if (!sdev->ioctx_ring) 3087 goto free_cache; 3088 3089 sdev->use_srq = true; 3090 sdev->srq = srq; 3091 3092 for (i = 0; i < sdev->srq_size; ++i) { 3093 INIT_LIST_HEAD(&sdev->ioctx_ring[i]->wait_list); 3094 srpt_post_recv(sdev, NULL, sdev->ioctx_ring[i]); 3095 } 3096 3097 return 0; 3098 3099free_cache: 3100 kmem_cache_destroy(sdev->req_buf_cache); 3101 3102free_srq: 3103 ib_destroy_srq(srq); 3104 return -ENOMEM; 3105} 3106 3107static int srpt_use_srq(struct srpt_device *sdev, bool use_srq) 3108{ 3109 struct ib_device *device = sdev->device; 3110 int ret = 0; 3111 3112 if (!use_srq) { 3113 srpt_free_srq(sdev); 3114 sdev->use_srq = false; 3115 } else if (use_srq && !sdev->srq) { 3116 ret = srpt_alloc_srq(sdev); 3117 } 3118 pr_debug("%s(%s): use_srq = %d; ret = %d\n", __func__, 3119 dev_name(&device->dev), sdev->use_srq, ret); 3120 return ret; 3121} 3122 3123static void srpt_free_sdev(struct kref *refcnt) 3124{ 3125 struct srpt_device *sdev = container_of(refcnt, typeof(*sdev), refcnt); 3126 3127 kfree(sdev); 3128} 3129 3130static void srpt_sdev_put(struct srpt_device *sdev) 3131{ 3132 kref_put(&sdev->refcnt, srpt_free_sdev); 3133} 3134 3135/** 3136 * srpt_add_one - InfiniBand device addition callback function 3137 * @device: Describes a HCA. 3138 */ 3139static int srpt_add_one(struct ib_device *device) 3140{ 3141 struct srpt_device *sdev; 3142 struct srpt_port *sport; 3143 int i, ret; 3144 3145 pr_debug("device = %p\n", device); 3146 3147 sdev = kzalloc(struct_size(sdev, port, device->phys_port_cnt), 3148 GFP_KERNEL); 3149 if (!sdev) 3150 return -ENOMEM; 3151 3152 kref_init(&sdev->refcnt); 3153 sdev->device = device; 3154 mutex_init(&sdev->sdev_mutex); 3155 3156 sdev->pd = ib_alloc_pd(device, 0); 3157 if (IS_ERR(sdev->pd)) { 3158 ret = PTR_ERR(sdev->pd); 3159 goto free_dev; 3160 } 3161 3162 sdev->lkey = sdev->pd->local_dma_lkey; 3163 3164 sdev->srq_size = min(srpt_srq_size, sdev->device->attrs.max_srq_wr); 3165 3166 srpt_use_srq(sdev, sdev->port[0].port_attrib.use_srq); 3167 3168 if (!srpt_service_guid) 3169 srpt_service_guid = be64_to_cpu(device->node_guid); 3170 3171 if (rdma_port_get_link_layer(device, 1) == IB_LINK_LAYER_INFINIBAND) 3172 sdev->cm_id = ib_create_cm_id(device, srpt_cm_handler, sdev); 3173 if (IS_ERR(sdev->cm_id)) { 3174 pr_info("ib_create_cm_id() failed: %ld\n", 3175 PTR_ERR(sdev->cm_id)); 3176 ret = PTR_ERR(sdev->cm_id); 3177 sdev->cm_id = NULL; 3178 if (!rdma_cm_id) 3179 goto err_ring; 3180 } 3181 3182 /* print out target login information */ 3183 pr_debug("Target login info: id_ext=%016llx,ioc_guid=%016llx,pkey=ffff,service_id=%016llx\n", 3184 srpt_service_guid, srpt_service_guid, srpt_service_guid); 3185 3186 /* 3187 * We do not have a consistent service_id (ie. also id_ext of target_id) 3188 * to identify this target. We currently use the guid of the first HCA 3189 * in the system as service_id; therefore, the target_id will change 3190 * if this HCA is gone bad and replaced by different HCA 3191 */ 3192 ret = sdev->cm_id ? 3193 ib_cm_listen(sdev->cm_id, cpu_to_be64(srpt_service_guid), 0) : 3194 0; 3195 if (ret < 0) { 3196 pr_err("ib_cm_listen() failed: %d (cm_id state = %d)\n", ret, 3197 sdev->cm_id->state); 3198 goto err_cm; 3199 } 3200 3201 INIT_IB_EVENT_HANDLER(&sdev->event_handler, sdev->device, 3202 srpt_event_handler); 3203 3204 for (i = 1; i <= sdev->device->phys_port_cnt; i++) { 3205 sport = &sdev->port[i - 1]; 3206 INIT_LIST_HEAD(&sport->nexus_list); 3207 mutex_init(&sport->mutex); 3208 sport->sdev = sdev; 3209 sport->port = i; 3210 sport->port_attrib.srp_max_rdma_size = DEFAULT_MAX_RDMA_SIZE; 3211 sport->port_attrib.srp_max_rsp_size = DEFAULT_MAX_RSP_SIZE; 3212 sport->port_attrib.srp_sq_size = DEF_SRPT_SQ_SIZE; 3213 sport->port_attrib.use_srq = false; 3214 INIT_WORK(&sport->work, srpt_refresh_port_work); 3215 3216 ret = srpt_refresh_port(sport); 3217 if (ret) { 3218 pr_err("MAD registration failed for %s-%d.\n", 3219 dev_name(&sdev->device->dev), i); 3220 i--; 3221 goto err_port; 3222 } 3223 } 3224 3225 ib_register_event_handler(&sdev->event_handler); 3226 spin_lock(&srpt_dev_lock); 3227 list_add_tail(&sdev->list, &srpt_dev_list); 3228 spin_unlock(&srpt_dev_lock); 3229 3230 ib_set_client_data(device, &srpt_client, sdev); 3231 pr_debug("added %s.\n", dev_name(&device->dev)); 3232 return 0; 3233 3234err_port: 3235 srpt_unregister_mad_agent(sdev, i); 3236err_cm: 3237 if (sdev->cm_id) 3238 ib_destroy_cm_id(sdev->cm_id); 3239err_ring: 3240 srpt_free_srq(sdev); 3241 ib_dealloc_pd(sdev->pd); 3242free_dev: 3243 srpt_sdev_put(sdev); 3244 pr_info("%s(%s) failed.\n", __func__, dev_name(&device->dev)); 3245 return ret; 3246} 3247 3248/** 3249 * srpt_remove_one - InfiniBand device removal callback function 3250 * @device: Describes a HCA. 3251 * @client_data: The value passed as the third argument to ib_set_client_data(). 3252 */ 3253static void srpt_remove_one(struct ib_device *device, void *client_data) 3254{ 3255 struct srpt_device *sdev = client_data; 3256 int i; 3257 3258 srpt_unregister_mad_agent(sdev, sdev->device->phys_port_cnt); 3259 3260 ib_unregister_event_handler(&sdev->event_handler); 3261 3262 /* Cancel any work queued by the just unregistered IB event handler. */ 3263 for (i = 0; i < sdev->device->phys_port_cnt; i++) 3264 cancel_work_sync(&sdev->port[i].work); 3265 3266 if (sdev->cm_id) 3267 ib_destroy_cm_id(sdev->cm_id); 3268 3269 ib_set_client_data(device, &srpt_client, NULL); 3270 3271 /* 3272 * Unregistering a target must happen after destroying sdev->cm_id 3273 * such that no new SRP_LOGIN_REQ information units can arrive while 3274 * destroying the target. 3275 */ 3276 spin_lock(&srpt_dev_lock); 3277 list_del(&sdev->list); 3278 spin_unlock(&srpt_dev_lock); 3279 3280 for (i = 0; i < sdev->device->phys_port_cnt; i++) 3281 srpt_release_sport(&sdev->port[i]); 3282 3283 srpt_free_srq(sdev); 3284 3285 ib_dealloc_pd(sdev->pd); 3286 3287 srpt_sdev_put(sdev); 3288} 3289 3290static struct ib_client srpt_client = { 3291 .name = DRV_NAME, 3292 .add = srpt_add_one, 3293 .remove = srpt_remove_one 3294}; 3295 3296static int srpt_check_true(struct se_portal_group *se_tpg) 3297{ 3298 return 1; 3299} 3300 3301static int srpt_check_false(struct se_portal_group *se_tpg) 3302{ 3303 return 0; 3304} 3305 3306static struct srpt_port *srpt_tpg_to_sport(struct se_portal_group *tpg) 3307{ 3308 return tpg->se_tpg_wwn->priv; 3309} 3310 3311static struct srpt_port_id *srpt_wwn_to_sport_id(struct se_wwn *wwn) 3312{ 3313 struct srpt_port *sport = wwn->priv; 3314 3315 if (sport->guid_id && &sport->guid_id->wwn == wwn) 3316 return sport->guid_id; 3317 if (sport->gid_id && &sport->gid_id->wwn == wwn) 3318 return sport->gid_id; 3319 WARN_ON_ONCE(true); 3320 return NULL; 3321} 3322 3323static char *srpt_get_fabric_wwn(struct se_portal_group *tpg) 3324{ 3325 struct srpt_tpg *stpg = container_of(tpg, typeof(*stpg), tpg); 3326 3327 return stpg->sport_id->name; 3328} 3329 3330static u16 srpt_get_tag(struct se_portal_group *tpg) 3331{ 3332 return 1; 3333} 3334 3335static u32 srpt_tpg_get_inst_index(struct se_portal_group *se_tpg) 3336{ 3337 return 1; 3338} 3339 3340static void srpt_release_cmd(struct se_cmd *se_cmd) 3341{ 3342 struct srpt_send_ioctx *ioctx = container_of(se_cmd, 3343 struct srpt_send_ioctx, cmd); 3344 struct srpt_rdma_ch *ch = ioctx->ch; 3345 struct srpt_recv_ioctx *recv_ioctx = ioctx->recv_ioctx; 3346 3347 WARN_ON_ONCE(ioctx->state != SRPT_STATE_DONE && 3348 !(ioctx->cmd.transport_state & CMD_T_ABORTED)); 3349 3350 if (recv_ioctx) { 3351 WARN_ON_ONCE(!list_empty(&recv_ioctx->wait_list)); 3352 ioctx->recv_ioctx = NULL; 3353 srpt_post_recv(ch->sport->sdev, ch, recv_ioctx); 3354 } 3355 3356 if (ioctx->n_rw_ctx) { 3357 srpt_free_rw_ctxs(ch, ioctx); 3358 ioctx->n_rw_ctx = 0; 3359 } 3360 3361 target_free_tag(se_cmd->se_sess, se_cmd); 3362} 3363 3364/** 3365 * srpt_close_session - forcibly close a session 3366 * @se_sess: SCSI target session. 3367 * 3368 * Callback function invoked by the TCM core to clean up sessions associated 3369 * with a node ACL when the user invokes 3370 * rmdir /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id 3371 */ 3372static void srpt_close_session(struct se_session *se_sess) 3373{ 3374 struct srpt_rdma_ch *ch = se_sess->fabric_sess_ptr; 3375 3376 srpt_disconnect_ch_sync(ch); 3377} 3378 3379/** 3380 * srpt_sess_get_index - return the value of scsiAttIntrPortIndex (SCSI-MIB) 3381 * @se_sess: SCSI target session. 3382 * 3383 * A quote from RFC 4455 (SCSI-MIB) about this MIB object: 3384 * This object represents an arbitrary integer used to uniquely identify a 3385 * particular attached remote initiator port to a particular SCSI target port 3386 * within a particular SCSI target device within a particular SCSI instance. 3387 */ 3388static u32 srpt_sess_get_index(struct se_session *se_sess) 3389{ 3390 return 0; 3391} 3392 3393static void srpt_set_default_node_attrs(struct se_node_acl *nacl) 3394{ 3395} 3396 3397/* Note: only used from inside debug printk's by the TCM core. */ 3398static int srpt_get_tcm_cmd_state(struct se_cmd *se_cmd) 3399{ 3400 struct srpt_send_ioctx *ioctx; 3401 3402 ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd); 3403 return ioctx->state; 3404} 3405 3406static int srpt_parse_guid(u64 *guid, const char *name) 3407{ 3408 u16 w[4]; 3409 int ret = -EINVAL; 3410 3411 if (sscanf(name, "%hx:%hx:%hx:%hx", &w[0], &w[1], &w[2], &w[3]) != 4) 3412 goto out; 3413 *guid = get_unaligned_be64(w); 3414 ret = 0; 3415out: 3416 return ret; 3417} 3418 3419/** 3420 * srpt_parse_i_port_id - parse an initiator port ID 3421 * @name: ASCII representation of a 128-bit initiator port ID. 3422 * @i_port_id: Binary 128-bit port ID. 3423 */ 3424static int srpt_parse_i_port_id(u8 i_port_id[16], const char *name) 3425{ 3426 const char *p; 3427 unsigned len, count, leading_zero_bytes; 3428 int ret; 3429 3430 p = name; 3431 if (strncasecmp(p, "0x", 2) == 0) 3432 p += 2; 3433 ret = -EINVAL; 3434 len = strlen(p); 3435 if (len % 2) 3436 goto out; 3437 count = min(len / 2, 16U); 3438 leading_zero_bytes = 16 - count; 3439 memset(i_port_id, 0, leading_zero_bytes); 3440 ret = hex2bin(i_port_id + leading_zero_bytes, p, count); 3441 3442out: 3443 return ret; 3444} 3445 3446/* 3447 * configfs callback function invoked for mkdir 3448 * /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id 3449 * 3450 * i_port_id must be an initiator port GUID, GID or IP address. See also the 3451 * target_alloc_session() calls in this driver. Examples of valid initiator 3452 * port IDs: 3453 * 0x0000000000000000505400fffe4a0b7b 3454 * 0000000000000000505400fffe4a0b7b 3455 * 5054:00ff:fe4a:0b7b 3456 * 192.168.122.76 3457 */ 3458static int srpt_init_nodeacl(struct se_node_acl *se_nacl, const char *name) 3459{ 3460 struct sockaddr_storage sa; 3461 u64 guid; 3462 u8 i_port_id[16]; 3463 int ret; 3464 3465 ret = srpt_parse_guid(&guid, name); 3466 if (ret < 0) 3467 ret = srpt_parse_i_port_id(i_port_id, name); 3468 if (ret < 0) 3469 ret = inet_pton_with_scope(&init_net, AF_UNSPEC, name, NULL, 3470 &sa); 3471 if (ret < 0) 3472 pr_err("invalid initiator port ID %s\n", name); 3473 return ret; 3474} 3475 3476static ssize_t srpt_tpg_attrib_srp_max_rdma_size_show(struct config_item *item, 3477 char *page) 3478{ 3479 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3480 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3481 3482 return sprintf(page, "%u\n", sport->port_attrib.srp_max_rdma_size); 3483} 3484 3485static ssize_t srpt_tpg_attrib_srp_max_rdma_size_store(struct config_item *item, 3486 const char *page, size_t count) 3487{ 3488 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3489 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3490 unsigned long val; 3491 int ret; 3492 3493 ret = kstrtoul(page, 0, &val); 3494 if (ret < 0) { 3495 pr_err("kstrtoul() failed with ret: %d\n", ret); 3496 return -EINVAL; 3497 } 3498 if (val > MAX_SRPT_RDMA_SIZE) { 3499 pr_err("val: %lu exceeds MAX_SRPT_RDMA_SIZE: %d\n", val, 3500 MAX_SRPT_RDMA_SIZE); 3501 return -EINVAL; 3502 } 3503 if (val < DEFAULT_MAX_RDMA_SIZE) { 3504 pr_err("val: %lu smaller than DEFAULT_MAX_RDMA_SIZE: %d\n", 3505 val, DEFAULT_MAX_RDMA_SIZE); 3506 return -EINVAL; 3507 } 3508 sport->port_attrib.srp_max_rdma_size = val; 3509 3510 return count; 3511} 3512 3513static ssize_t srpt_tpg_attrib_srp_max_rsp_size_show(struct config_item *item, 3514 char *page) 3515{ 3516 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3517 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3518 3519 return sprintf(page, "%u\n", sport->port_attrib.srp_max_rsp_size); 3520} 3521 3522static ssize_t srpt_tpg_attrib_srp_max_rsp_size_store(struct config_item *item, 3523 const char *page, size_t count) 3524{ 3525 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3526 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3527 unsigned long val; 3528 int ret; 3529 3530 ret = kstrtoul(page, 0, &val); 3531 if (ret < 0) { 3532 pr_err("kstrtoul() failed with ret: %d\n", ret); 3533 return -EINVAL; 3534 } 3535 if (val > MAX_SRPT_RSP_SIZE) { 3536 pr_err("val: %lu exceeds MAX_SRPT_RSP_SIZE: %d\n", val, 3537 MAX_SRPT_RSP_SIZE); 3538 return -EINVAL; 3539 } 3540 if (val < MIN_MAX_RSP_SIZE) { 3541 pr_err("val: %lu smaller than MIN_MAX_RSP_SIZE: %d\n", val, 3542 MIN_MAX_RSP_SIZE); 3543 return -EINVAL; 3544 } 3545 sport->port_attrib.srp_max_rsp_size = val; 3546 3547 return count; 3548} 3549 3550static ssize_t srpt_tpg_attrib_srp_sq_size_show(struct config_item *item, 3551 char *page) 3552{ 3553 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3554 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3555 3556 return sprintf(page, "%u\n", sport->port_attrib.srp_sq_size); 3557} 3558 3559static ssize_t srpt_tpg_attrib_srp_sq_size_store(struct config_item *item, 3560 const char *page, size_t count) 3561{ 3562 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3563 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3564 unsigned long val; 3565 int ret; 3566 3567 ret = kstrtoul(page, 0, &val); 3568 if (ret < 0) { 3569 pr_err("kstrtoul() failed with ret: %d\n", ret); 3570 return -EINVAL; 3571 } 3572 if (val > MAX_SRPT_SRQ_SIZE) { 3573 pr_err("val: %lu exceeds MAX_SRPT_SRQ_SIZE: %d\n", val, 3574 MAX_SRPT_SRQ_SIZE); 3575 return -EINVAL; 3576 } 3577 if (val < MIN_SRPT_SRQ_SIZE) { 3578 pr_err("val: %lu smaller than MIN_SRPT_SRQ_SIZE: %d\n", val, 3579 MIN_SRPT_SRQ_SIZE); 3580 return -EINVAL; 3581 } 3582 sport->port_attrib.srp_sq_size = val; 3583 3584 return count; 3585} 3586 3587static ssize_t srpt_tpg_attrib_use_srq_show(struct config_item *item, 3588 char *page) 3589{ 3590 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3591 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3592 3593 return sprintf(page, "%d\n", sport->port_attrib.use_srq); 3594} 3595 3596static ssize_t srpt_tpg_attrib_use_srq_store(struct config_item *item, 3597 const char *page, size_t count) 3598{ 3599 struct se_portal_group *se_tpg = attrib_to_tpg(item); 3600 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3601 struct srpt_device *sdev = sport->sdev; 3602 unsigned long val; 3603 bool enabled; 3604 int ret; 3605 3606 ret = kstrtoul(page, 0, &val); 3607 if (ret < 0) 3608 return ret; 3609 if (val != !!val) 3610 return -EINVAL; 3611 3612 ret = mutex_lock_interruptible(&sdev->sdev_mutex); 3613 if (ret < 0) 3614 return ret; 3615 ret = mutex_lock_interruptible(&sport->mutex); 3616 if (ret < 0) 3617 goto unlock_sdev; 3618 enabled = sport->enabled; 3619 /* Log out all initiator systems before changing 'use_srq'. */ 3620 srpt_set_enabled(sport, false); 3621 sport->port_attrib.use_srq = val; 3622 srpt_use_srq(sdev, sport->port_attrib.use_srq); 3623 srpt_set_enabled(sport, enabled); 3624 ret = count; 3625 mutex_unlock(&sport->mutex); 3626unlock_sdev: 3627 mutex_unlock(&sdev->sdev_mutex); 3628 3629 return ret; 3630} 3631 3632CONFIGFS_ATTR(srpt_tpg_attrib_, srp_max_rdma_size); 3633CONFIGFS_ATTR(srpt_tpg_attrib_, srp_max_rsp_size); 3634CONFIGFS_ATTR(srpt_tpg_attrib_, srp_sq_size); 3635CONFIGFS_ATTR(srpt_tpg_attrib_, use_srq); 3636 3637static struct configfs_attribute *srpt_tpg_attrib_attrs[] = { 3638 &srpt_tpg_attrib_attr_srp_max_rdma_size, 3639 &srpt_tpg_attrib_attr_srp_max_rsp_size, 3640 &srpt_tpg_attrib_attr_srp_sq_size, 3641 &srpt_tpg_attrib_attr_use_srq, 3642 NULL, 3643}; 3644 3645static struct rdma_cm_id *srpt_create_rdma_id(struct sockaddr *listen_addr) 3646{ 3647 struct rdma_cm_id *rdma_cm_id; 3648 int ret; 3649 3650 rdma_cm_id = rdma_create_id(&init_net, srpt_rdma_cm_handler, 3651 NULL, RDMA_PS_TCP, IB_QPT_RC); 3652 if (IS_ERR(rdma_cm_id)) { 3653 pr_err("RDMA/CM ID creation failed: %ld\n", 3654 PTR_ERR(rdma_cm_id)); 3655 goto out; 3656 } 3657 3658 ret = rdma_bind_addr(rdma_cm_id, listen_addr); 3659 if (ret) { 3660 char addr_str[64]; 3661 3662 snprintf(addr_str, sizeof(addr_str), "%pISp", listen_addr); 3663 pr_err("Binding RDMA/CM ID to address %s failed: %d\n", 3664 addr_str, ret); 3665 rdma_destroy_id(rdma_cm_id); 3666 rdma_cm_id = ERR_PTR(ret); 3667 goto out; 3668 } 3669 3670 ret = rdma_listen(rdma_cm_id, 128); 3671 if (ret) { 3672 pr_err("rdma_listen() failed: %d\n", ret); 3673 rdma_destroy_id(rdma_cm_id); 3674 rdma_cm_id = ERR_PTR(ret); 3675 } 3676 3677out: 3678 return rdma_cm_id; 3679} 3680 3681static ssize_t srpt_rdma_cm_port_show(struct config_item *item, char *page) 3682{ 3683 return sprintf(page, "%d\n", rdma_cm_port); 3684} 3685 3686static ssize_t srpt_rdma_cm_port_store(struct config_item *item, 3687 const char *page, size_t count) 3688{ 3689 struct sockaddr_in addr4 = { .sin_family = AF_INET }; 3690 struct sockaddr_in6 addr6 = { .sin6_family = AF_INET6 }; 3691 struct rdma_cm_id *new_id = NULL; 3692 u16 val; 3693 int ret; 3694 3695 ret = kstrtou16(page, 0, &val); 3696 if (ret < 0) 3697 return ret; 3698 ret = count; 3699 if (rdma_cm_port == val) 3700 goto out; 3701 3702 if (val) { 3703 addr6.sin6_port = cpu_to_be16(val); 3704 new_id = srpt_create_rdma_id((struct sockaddr *)&addr6); 3705 if (IS_ERR(new_id)) { 3706 addr4.sin_port = cpu_to_be16(val); 3707 new_id = srpt_create_rdma_id((struct sockaddr *)&addr4); 3708 if (IS_ERR(new_id)) { 3709 ret = PTR_ERR(new_id); 3710 goto out; 3711 } 3712 } 3713 } 3714 3715 mutex_lock(&rdma_cm_mutex); 3716 rdma_cm_port = val; 3717 swap(rdma_cm_id, new_id); 3718 mutex_unlock(&rdma_cm_mutex); 3719 3720 if (new_id) 3721 rdma_destroy_id(new_id); 3722 ret = count; 3723out: 3724 return ret; 3725} 3726 3727CONFIGFS_ATTR(srpt_, rdma_cm_port); 3728 3729static struct configfs_attribute *srpt_da_attrs[] = { 3730 &srpt_attr_rdma_cm_port, 3731 NULL, 3732}; 3733 3734static ssize_t srpt_tpg_enable_show(struct config_item *item, char *page) 3735{ 3736 struct se_portal_group *se_tpg = to_tpg(item); 3737 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3738 3739 return snprintf(page, PAGE_SIZE, "%d\n", sport->enabled); 3740} 3741 3742static ssize_t srpt_tpg_enable_store(struct config_item *item, 3743 const char *page, size_t count) 3744{ 3745 struct se_portal_group *se_tpg = to_tpg(item); 3746 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg); 3747 unsigned long tmp; 3748 int ret; 3749 3750 ret = kstrtoul(page, 0, &tmp); 3751 if (ret < 0) { 3752 pr_err("Unable to extract srpt_tpg_store_enable\n"); 3753 return -EINVAL; 3754 } 3755 3756 if ((tmp != 0) && (tmp != 1)) { 3757 pr_err("Illegal value for srpt_tpg_store_enable: %lu\n", tmp); 3758 return -EINVAL; 3759 } 3760 3761 mutex_lock(&sport->mutex); 3762 srpt_set_enabled(sport, tmp); 3763 mutex_unlock(&sport->mutex); 3764 3765 return count; 3766} 3767 3768CONFIGFS_ATTR(srpt_tpg_, enable); 3769 3770static struct configfs_attribute *srpt_tpg_attrs[] = { 3771 &srpt_tpg_attr_enable, 3772 NULL, 3773}; 3774 3775/** 3776 * srpt_make_tpg - configfs callback invoked for mkdir /sys/kernel/config/target/$driver/$port/$tpg 3777 * @wwn: Corresponds to $driver/$port. 3778 * @name: $tpg. 3779 */ 3780static struct se_portal_group *srpt_make_tpg(struct se_wwn *wwn, 3781 const char *name) 3782{ 3783 struct srpt_port_id *sport_id = srpt_wwn_to_sport_id(wwn); 3784 struct srpt_tpg *stpg; 3785 int res = -ENOMEM; 3786 3787 stpg = kzalloc(sizeof(*stpg), GFP_KERNEL); 3788 if (!stpg) 3789 return ERR_PTR(res); 3790 stpg->sport_id = sport_id; 3791 res = core_tpg_register(wwn, &stpg->tpg, SCSI_PROTOCOL_SRP); 3792 if (res) { 3793 kfree(stpg); 3794 return ERR_PTR(res); 3795 } 3796 3797 mutex_lock(&sport_id->mutex); 3798 list_add_tail(&stpg->entry, &sport_id->tpg_list); 3799 mutex_unlock(&sport_id->mutex); 3800 3801 return &stpg->tpg; 3802} 3803 3804/** 3805 * srpt_drop_tpg - configfs callback invoked for rmdir /sys/kernel/config/target/$driver/$port/$tpg 3806 * @tpg: Target portal group to deregister. 3807 */ 3808static void srpt_drop_tpg(struct se_portal_group *tpg) 3809{ 3810 struct srpt_tpg *stpg = container_of(tpg, typeof(*stpg), tpg); 3811 struct srpt_port_id *sport_id = stpg->sport_id; 3812 struct srpt_port *sport = srpt_tpg_to_sport(tpg); 3813 3814 mutex_lock(&sport_id->mutex); 3815 list_del(&stpg->entry); 3816 mutex_unlock(&sport_id->mutex); 3817 3818 sport->enabled = false; 3819 core_tpg_deregister(tpg); 3820 kfree(stpg); 3821} 3822 3823/** 3824 * srpt_make_tport - configfs callback invoked for mkdir /sys/kernel/config/target/$driver/$port 3825 * @tf: Not used. 3826 * @group: Not used. 3827 * @name: $port. 3828 */ 3829static struct se_wwn *srpt_make_tport(struct target_fabric_configfs *tf, 3830 struct config_group *group, 3831 const char *name) 3832{ 3833 struct port_and_port_id papi = srpt_lookup_port(name); 3834 struct srpt_port *sport = papi.sport; 3835 struct srpt_port_id *port_id; 3836 3837 if (!papi.port_id) 3838 return ERR_PTR(-EINVAL); 3839 if (*papi.port_id) { 3840 /* Attempt to create a directory that already exists. */ 3841 WARN_ON_ONCE(true); 3842 return &(*papi.port_id)->wwn; 3843 } 3844 port_id = kzalloc(sizeof(*port_id), GFP_KERNEL); 3845 if (!port_id) { 3846 srpt_sdev_put(sport->sdev); 3847 return ERR_PTR(-ENOMEM); 3848 } 3849 mutex_init(&port_id->mutex); 3850 INIT_LIST_HEAD(&port_id->tpg_list); 3851 port_id->wwn.priv = sport; 3852 memcpy(port_id->name, port_id == sport->guid_id ? sport->guid_name : 3853 sport->gid_name, ARRAY_SIZE(port_id->name)); 3854 3855 *papi.port_id = port_id; 3856 3857 return &port_id->wwn; 3858} 3859 3860/** 3861 * srpt_drop_tport - configfs callback invoked for rmdir /sys/kernel/config/target/$driver/$port 3862 * @wwn: $port. 3863 */ 3864static void srpt_drop_tport(struct se_wwn *wwn) 3865{ 3866 struct srpt_port_id *port_id = container_of(wwn, typeof(*port_id), wwn); 3867 struct srpt_port *sport = wwn->priv; 3868 3869 if (sport->guid_id == port_id) 3870 sport->guid_id = NULL; 3871 else if (sport->gid_id == port_id) 3872 sport->gid_id = NULL; 3873 else 3874 WARN_ON_ONCE(true); 3875 3876 srpt_sdev_put(sport->sdev); 3877 kfree(port_id); 3878} 3879 3880static ssize_t srpt_wwn_version_show(struct config_item *item, char *buf) 3881{ 3882 return scnprintf(buf, PAGE_SIZE, "\n"); 3883} 3884 3885CONFIGFS_ATTR_RO(srpt_wwn_, version); 3886 3887static struct configfs_attribute *srpt_wwn_attrs[] = { 3888 &srpt_wwn_attr_version, 3889 NULL, 3890}; 3891 3892static const struct target_core_fabric_ops srpt_template = { 3893 .module = THIS_MODULE, 3894 .fabric_name = "srpt", 3895 .tpg_get_wwn = srpt_get_fabric_wwn, 3896 .tpg_get_tag = srpt_get_tag, 3897 .tpg_check_demo_mode = srpt_check_false, 3898 .tpg_check_demo_mode_cache = srpt_check_true, 3899 .tpg_check_demo_mode_write_protect = srpt_check_true, 3900 .tpg_check_prod_mode_write_protect = srpt_check_false, 3901 .tpg_get_inst_index = srpt_tpg_get_inst_index, 3902 .release_cmd = srpt_release_cmd, 3903 .check_stop_free = srpt_check_stop_free, 3904 .close_session = srpt_close_session, 3905 .sess_get_index = srpt_sess_get_index, 3906 .sess_get_initiator_sid = NULL, 3907 .write_pending = srpt_write_pending, 3908 .set_default_node_attributes = srpt_set_default_node_attrs, 3909 .get_cmd_state = srpt_get_tcm_cmd_state, 3910 .queue_data_in = srpt_queue_data_in, 3911 .queue_status = srpt_queue_status, 3912 .queue_tm_rsp = srpt_queue_tm_rsp, 3913 .aborted_task = srpt_aborted_task, 3914 /* 3915 * Setup function pointers for generic logic in 3916 * target_core_fabric_configfs.c 3917 */ 3918 .fabric_make_wwn = srpt_make_tport, 3919 .fabric_drop_wwn = srpt_drop_tport, 3920 .fabric_make_tpg = srpt_make_tpg, 3921 .fabric_drop_tpg = srpt_drop_tpg, 3922 .fabric_init_nodeacl = srpt_init_nodeacl, 3923 3924 .tfc_discovery_attrs = srpt_da_attrs, 3925 .tfc_wwn_attrs = srpt_wwn_attrs, 3926 .tfc_tpg_base_attrs = srpt_tpg_attrs, 3927 .tfc_tpg_attrib_attrs = srpt_tpg_attrib_attrs, 3928}; 3929 3930/** 3931 * srpt_init_module - kernel module initialization 3932 * 3933 * Note: Since ib_register_client() registers callback functions, and since at 3934 * least one of these callback functions (srpt_add_one()) calls target core 3935 * functions, this driver must be registered with the target core before 3936 * ib_register_client() is called. 3937 */ 3938static int __init srpt_init_module(void) 3939{ 3940 int ret; 3941 3942 ret = -EINVAL; 3943 if (srp_max_req_size < MIN_MAX_REQ_SIZE) { 3944 pr_err("invalid value %d for kernel module parameter srp_max_req_size -- must be at least %d.\n", 3945 srp_max_req_size, MIN_MAX_REQ_SIZE); 3946 goto out; 3947 } 3948 3949 if (srpt_srq_size < MIN_SRPT_SRQ_SIZE 3950 || srpt_srq_size > MAX_SRPT_SRQ_SIZE) { 3951 pr_err("invalid value %d for kernel module parameter srpt_srq_size -- must be in the range [%d..%d].\n", 3952 srpt_srq_size, MIN_SRPT_SRQ_SIZE, MAX_SRPT_SRQ_SIZE); 3953 goto out; 3954 } 3955 3956 ret = target_register_template(&srpt_template); 3957 if (ret) 3958 goto out; 3959 3960 ret = ib_register_client(&srpt_client); 3961 if (ret) { 3962 pr_err("couldn't register IB client\n"); 3963 goto out_unregister_target; 3964 } 3965 3966 return 0; 3967 3968out_unregister_target: 3969 target_unregister_template(&srpt_template); 3970out: 3971 return ret; 3972} 3973 3974static void __exit srpt_cleanup_module(void) 3975{ 3976 if (rdma_cm_id) 3977 rdma_destroy_id(rdma_cm_id); 3978 ib_unregister_client(&srpt_client); 3979 target_unregister_template(&srpt_template); 3980} 3981 3982module_init(srpt_init_module); 3983module_exit(srpt_cleanup_module); 3984