1  // SPDX-License-Identifier: GPL-2.0-or-later
2  /*******************************************************************************
3   * Filename:  target_core_tmr.c
4   *
5   * This file contains SPC-3 task management infrastructure
6   *
7   * (c) Copyright 2009-2013 Datera, Inc.
8   *
9   * Nicholas A. Bellinger <nab@kernel.org>
10   *
11   ******************************************************************************/
12  
13  #include <linux/slab.h>
14  #include <linux/spinlock.h>
15  #include <linux/list.h>
16  #include <linux/export.h>
17  
18  #include <target/target_core_base.h>
19  #include <target/target_core_backend.h>
20  #include <target/target_core_fabric.h>
21  
22  #include "target_core_internal.h"
23  #include "target_core_alua.h"
24  #include "target_core_pr.h"
25  
core_tmr_alloc_req(struct se_cmd * se_cmd,void * fabric_tmr_ptr,u8 function,gfp_t gfp_flags)26  int core_tmr_alloc_req(
27  	struct se_cmd *se_cmd,
28  	void *fabric_tmr_ptr,
29  	u8 function,
30  	gfp_t gfp_flags)
31  {
32  	struct se_tmr_req *tmr;
33  
34  	tmr = kzalloc(sizeof(struct se_tmr_req), gfp_flags);
35  	if (!tmr) {
36  		pr_err("Unable to allocate struct se_tmr_req\n");
37  		return -ENOMEM;
38  	}
39  
40  	se_cmd->se_cmd_flags |= SCF_SCSI_TMR_CDB;
41  	se_cmd->se_tmr_req = tmr;
42  	tmr->task_cmd = se_cmd;
43  	tmr->fabric_tmr_ptr = fabric_tmr_ptr;
44  	tmr->function = function;
45  	INIT_LIST_HEAD(&tmr->tmr_list);
46  
47  	return 0;
48  }
49  EXPORT_SYMBOL(core_tmr_alloc_req);
50  
core_tmr_release_req(struct se_tmr_req * tmr)51  void core_tmr_release_req(struct se_tmr_req *tmr)
52  {
53  	kfree(tmr);
54  }
55  
target_check_cdb_and_preempt(struct list_head * list,struct se_cmd * cmd)56  static int target_check_cdb_and_preempt(struct list_head *list,
57  		struct se_cmd *cmd)
58  {
59  	struct t10_pr_registration *reg;
60  
61  	if (!list)
62  		return 0;
63  	list_for_each_entry(reg, list, pr_reg_abort_list) {
64  		if (reg->pr_res_key == cmd->pr_res_key)
65  			return 0;
66  	}
67  
68  	return 1;
69  }
70  
__target_check_io_state(struct se_cmd * se_cmd,struct se_session * tmr_sess,bool tas)71  static bool __target_check_io_state(struct se_cmd *se_cmd,
72  				    struct se_session *tmr_sess, bool tas)
73  {
74  	struct se_session *sess = se_cmd->se_sess;
75  
76  	lockdep_assert_held(&sess->sess_cmd_lock);
77  
78  	/*
79  	 * If command already reached CMD_T_COMPLETE state within
80  	 * target_complete_cmd() or CMD_T_FABRIC_STOP due to shutdown,
81  	 * this se_cmd has been passed to fabric driver and will
82  	 * not be aborted.
83  	 *
84  	 * Otherwise, obtain a local se_cmd->cmd_kref now for TMR
85  	 * ABORT_TASK + LUN_RESET for CMD_T_ABORTED processing as
86  	 * long as se_cmd->cmd_kref is still active unless zero.
87  	 */
88  	spin_lock(&se_cmd->t_state_lock);
89  	if (se_cmd->transport_state & (CMD_T_COMPLETE | CMD_T_FABRIC_STOP)) {
90  		pr_debug("Attempted to abort io tag: %llu already complete or"
91  			" fabric stop, skipping\n", se_cmd->tag);
92  		spin_unlock(&se_cmd->t_state_lock);
93  		return false;
94  	}
95  	se_cmd->transport_state |= CMD_T_ABORTED;
96  
97  	if ((tmr_sess != se_cmd->se_sess) && tas)
98  		se_cmd->transport_state |= CMD_T_TAS;
99  
100  	spin_unlock(&se_cmd->t_state_lock);
101  
102  	return kref_get_unless_zero(&se_cmd->cmd_kref);
103  }
104  
core_tmr_abort_task(struct se_device * dev,struct se_tmr_req * tmr,struct se_session * se_sess)105  void core_tmr_abort_task(
106  	struct se_device *dev,
107  	struct se_tmr_req *tmr,
108  	struct se_session *se_sess)
109  {
110  	LIST_HEAD(aborted_list);
111  	struct se_cmd *se_cmd, *next;
112  	unsigned long flags;
113  	bool rc;
114  	u64 ref_tag;
115  	int i;
116  
117  	for (i = 0; i < dev->queue_cnt; i++) {
118  		flush_work(&dev->queues[i].sq.work);
119  
120  		spin_lock_irqsave(&dev->queues[i].lock, flags);
121  		list_for_each_entry_safe(se_cmd, next, &dev->queues[i].state_list,
122  					 state_list) {
123  			if (se_sess != se_cmd->se_sess)
124  				continue;
125  
126  			/*
127  			 * skip task management functions, including
128  			 * tmr->task_cmd
129  			 */
130  			if (se_cmd->se_cmd_flags & SCF_SCSI_TMR_CDB)
131  				continue;
132  
133  			ref_tag = se_cmd->tag;
134  			if (tmr->ref_task_tag != ref_tag)
135  				continue;
136  
137  			pr_err("ABORT_TASK: Found referenced %s task_tag: %llu\n",
138  			       se_cmd->se_tfo->fabric_name, ref_tag);
139  
140  			spin_lock(&se_sess->sess_cmd_lock);
141  			rc = __target_check_io_state(se_cmd, se_sess, 0);
142  			spin_unlock(&se_sess->sess_cmd_lock);
143  			if (!rc)
144  				continue;
145  
146  			list_move_tail(&se_cmd->state_list, &aborted_list);
147  			se_cmd->state_active = false;
148  			spin_unlock_irqrestore(&dev->queues[i].lock, flags);
149  
150  			if (dev->transport->tmr_notify)
151  				dev->transport->tmr_notify(dev, TMR_ABORT_TASK,
152  							   &aborted_list);
153  
154  			list_del_init(&se_cmd->state_list);
155  			target_put_cmd_and_wait(se_cmd);
156  
157  			pr_err("ABORT_TASK: Sending TMR_FUNCTION_COMPLETE for ref_tag: %llu\n",
158  			       ref_tag);
159  			tmr->response = TMR_FUNCTION_COMPLETE;
160  			atomic_long_inc(&dev->aborts_complete);
161  			return;
162  		}
163  		spin_unlock_irqrestore(&dev->queues[i].lock, flags);
164  	}
165  
166  	if (dev->transport->tmr_notify)
167  		dev->transport->tmr_notify(dev, TMR_ABORT_TASK, &aborted_list);
168  
169  	printk("ABORT_TASK: Sending TMR_TASK_DOES_NOT_EXIST for ref_tag: %lld\n",
170  			tmr->ref_task_tag);
171  	tmr->response = TMR_TASK_DOES_NOT_EXIST;
172  	atomic_long_inc(&dev->aborts_no_task);
173  }
174  
core_tmr_drain_tmr_list(struct se_device * dev,struct se_tmr_req * tmr,struct list_head * preempt_and_abort_list)175  static void core_tmr_drain_tmr_list(
176  	struct se_device *dev,
177  	struct se_tmr_req *tmr,
178  	struct list_head *preempt_and_abort_list)
179  {
180  	LIST_HEAD(drain_tmr_list);
181  	struct se_session *sess;
182  	struct se_tmr_req *tmr_p, *tmr_pp;
183  	struct se_cmd *cmd;
184  	unsigned long flags;
185  	bool rc;
186  	/*
187  	 * Release all pending and outgoing TMRs aside from the received
188  	 * LUN_RESET tmr..
189  	 */
190  	spin_lock_irqsave(&dev->se_tmr_lock, flags);
191  	list_for_each_entry_safe(tmr_p, tmr_pp, &dev->dev_tmr_list, tmr_list) {
192  		if (tmr_p == tmr)
193  			continue;
194  
195  		cmd = tmr_p->task_cmd;
196  		if (!cmd) {
197  			pr_err("Unable to locate struct se_cmd for TMR\n");
198  			continue;
199  		}
200  
201  		/*
202  		 * We only execute one LUN_RESET at a time so we can't wait
203  		 * on them below.
204  		 */
205  		if (tmr_p->function == TMR_LUN_RESET)
206  			continue;
207  
208  		/*
209  		 * If this function was called with a valid pr_res_key
210  		 * parameter (eg: for PROUT PREEMPT_AND_ABORT service action
211  		 * skip non registration key matching TMRs.
212  		 */
213  		if (target_check_cdb_and_preempt(preempt_and_abort_list, cmd))
214  			continue;
215  
216  		sess = cmd->se_sess;
217  		if (WARN_ON_ONCE(!sess))
218  			continue;
219  
220  		spin_lock(&sess->sess_cmd_lock);
221  		rc = __target_check_io_state(cmd, sess, 0);
222  		spin_unlock(&sess->sess_cmd_lock);
223  
224  		if (!rc) {
225  			printk("LUN_RESET TMR: non-zero kref_get_unless_zero\n");
226  			continue;
227  		}
228  
229  		list_move_tail(&tmr_p->tmr_list, &drain_tmr_list);
230  		tmr_p->tmr_dev = NULL;
231  	}
232  	spin_unlock_irqrestore(&dev->se_tmr_lock, flags);
233  
234  	list_for_each_entry_safe(tmr_p, tmr_pp, &drain_tmr_list, tmr_list) {
235  		list_del_init(&tmr_p->tmr_list);
236  		cmd = tmr_p->task_cmd;
237  
238  		pr_debug("LUN_RESET: %s releasing TMR %p Function: 0x%02x,"
239  			" Response: 0x%02x, t_state: %d\n",
240  			(preempt_and_abort_list) ? "Preempt" : "", tmr_p,
241  			tmr_p->function, tmr_p->response, cmd->t_state);
242  
243  		target_put_cmd_and_wait(cmd);
244  	}
245  }
246  
247  /**
248   * core_tmr_drain_state_list() - abort SCSI commands associated with a device
249   *
250   * @dev:       Device for which to abort outstanding SCSI commands.
251   * @prout_cmd: Pointer to the SCSI PREEMPT AND ABORT if this function is called
252   *             to realize the PREEMPT AND ABORT functionality.
253   * @tmr_sess:  Session through which the LUN RESET has been received.
254   * @tas:       Task Aborted Status (TAS) bit from the SCSI control mode page.
255   *             A quote from SPC-4, paragraph "7.5.10 Control mode page":
256   *             "A task aborted status (TAS) bit set to zero specifies that
257   *             aborted commands shall be terminated by the device server
258   *             without any response to the application client. A TAS bit set
259   *             to one specifies that commands aborted by the actions of an I_T
260   *             nexus other than the I_T nexus on which the command was
261   *             received shall be completed with TASK ABORTED status."
262   * @preempt_and_abort_list: For the PREEMPT AND ABORT functionality, a list
263   *             with registrations that will be preempted.
264   */
core_tmr_drain_state_list(struct se_device * dev,struct se_cmd * prout_cmd,struct se_session * tmr_sess,bool tas,struct list_head * preempt_and_abort_list)265  static void core_tmr_drain_state_list(
266  	struct se_device *dev,
267  	struct se_cmd *prout_cmd,
268  	struct se_session *tmr_sess,
269  	bool tas,
270  	struct list_head *preempt_and_abort_list)
271  {
272  	LIST_HEAD(drain_task_list);
273  	struct se_session *sess;
274  	struct se_cmd *cmd, *next;
275  	unsigned long flags;
276  	int rc, i;
277  
278  	/*
279  	 * Complete outstanding commands with TASK_ABORTED SAM status.
280  	 *
281  	 * This is following sam4r17, section 5.6 Aborting commands, Table 38
282  	 * for TMR LUN_RESET:
283  	 *
284  	 * a) "Yes" indicates that each command that is aborted on an I_T nexus
285  	 * other than the one that caused the SCSI device condition is
286  	 * completed with TASK ABORTED status, if the TAS bit is set to one in
287  	 * the Control mode page (see SPC-4). "No" indicates that no status is
288  	 * returned for aborted commands.
289  	 *
290  	 * d) If the logical unit reset is caused by a particular I_T nexus
291  	 * (e.g., by a LOGICAL UNIT RESET task management function), then "yes"
292  	 * (TASK_ABORTED status) applies.
293  	 *
294  	 * Otherwise (e.g., if triggered by a hard reset), "no"
295  	 * (no TASK_ABORTED SAM status) applies.
296  	 *
297  	 * Note that this seems to be independent of TAS (Task Aborted Status)
298  	 * in the Control Mode Page.
299  	 */
300  	for (i = 0; i < dev->queue_cnt; i++) {
301  		flush_work(&dev->queues[i].sq.work);
302  
303  		spin_lock_irqsave(&dev->queues[i].lock, flags);
304  		list_for_each_entry_safe(cmd, next, &dev->queues[i].state_list,
305  					 state_list) {
306  			/*
307  			 * For PREEMPT_AND_ABORT usage, only process commands
308  			 * with a matching reservation key.
309  			 */
310  			if (target_check_cdb_and_preempt(preempt_and_abort_list,
311  							 cmd))
312  				continue;
313  
314  			/*
315  			 * Not aborting PROUT PREEMPT_AND_ABORT CDB..
316  			 */
317  			if (prout_cmd == cmd)
318  				continue;
319  
320  			sess = cmd->se_sess;
321  			if (WARN_ON_ONCE(!sess))
322  				continue;
323  
324  			spin_lock(&sess->sess_cmd_lock);
325  			rc = __target_check_io_state(cmd, tmr_sess, tas);
326  			spin_unlock(&sess->sess_cmd_lock);
327  			if (!rc)
328  				continue;
329  
330  			list_move_tail(&cmd->state_list, &drain_task_list);
331  			cmd->state_active = false;
332  		}
333  		spin_unlock_irqrestore(&dev->queues[i].lock, flags);
334  	}
335  
336  	if (dev->transport->tmr_notify)
337  		dev->transport->tmr_notify(dev, preempt_and_abort_list ?
338  					   TMR_LUN_RESET_PRO : TMR_LUN_RESET,
339  					   &drain_task_list);
340  
341  	while (!list_empty(&drain_task_list)) {
342  		cmd = list_entry(drain_task_list.next, struct se_cmd, state_list);
343  		list_del_init(&cmd->state_list);
344  
345  		target_show_cmd("LUN_RESET: ", cmd);
346  		pr_debug("LUN_RESET: ITT[0x%08llx] - %s pr_res_key: 0x%016Lx\n",
347  			 cmd->tag, (preempt_and_abort_list) ? "preempt" : "",
348  			 cmd->pr_res_key);
349  
350  		target_put_cmd_and_wait(cmd);
351  	}
352  }
353  
core_tmr_lun_reset(struct se_device * dev,struct se_tmr_req * tmr,struct list_head * preempt_and_abort_list,struct se_cmd * prout_cmd)354  int core_tmr_lun_reset(
355          struct se_device *dev,
356          struct se_tmr_req *tmr,
357          struct list_head *preempt_and_abort_list,
358          struct se_cmd *prout_cmd)
359  {
360  	struct se_node_acl *tmr_nacl = NULL;
361  	struct se_portal_group *tmr_tpg = NULL;
362  	struct se_session *tmr_sess = NULL;
363  	bool tas;
364          /*
365  	 * TASK_ABORTED status bit, this is configurable via ConfigFS
366  	 * struct se_device attributes.  spc4r17 section 7.4.6 Control mode page
367  	 *
368  	 * A task aborted status (TAS) bit set to zero specifies that aborted
369  	 * tasks shall be terminated by the device server without any response
370  	 * to the application client. A TAS bit set to one specifies that tasks
371  	 * aborted by the actions of an I_T nexus other than the I_T nexus on
372  	 * which the command was received shall be completed with TASK ABORTED
373  	 * status (see SAM-4).
374  	 */
375  	tas = dev->dev_attrib.emulate_tas;
376  	/*
377  	 * Determine if this se_tmr is coming from a $FABRIC_MOD
378  	 * or struct se_device passthrough..
379  	 */
380  	if (tmr && tmr->task_cmd && tmr->task_cmd->se_sess) {
381  		tmr_sess = tmr->task_cmd->se_sess;
382  		tmr_nacl = tmr_sess->se_node_acl;
383  		tmr_tpg = tmr_sess->se_tpg;
384  		if (tmr_nacl && tmr_tpg) {
385  			pr_debug("LUN_RESET: TMR caller fabric: %s"
386  				" initiator port %s\n",
387  				tmr_tpg->se_tpg_tfo->fabric_name,
388  				tmr_nacl->initiatorname);
389  		}
390  	}
391  
392  
393  	/*
394  	 * We only allow one reset or preempt and abort to execute at a time
395  	 * to prevent one call from claiming all the cmds causing a second
396  	 * call from returning while cmds it should have waited on are still
397  	 * running.
398  	 */
399  	mutex_lock(&dev->lun_reset_mutex);
400  
401  	pr_debug("LUN_RESET: %s starting for [%s], tas: %d\n",
402  		(preempt_and_abort_list) ? "Preempt" : "TMR",
403  		dev->transport->name, tas);
404  	core_tmr_drain_tmr_list(dev, tmr, preempt_and_abort_list);
405  	core_tmr_drain_state_list(dev, prout_cmd, tmr_sess, tas,
406  				preempt_and_abort_list);
407  
408  	mutex_unlock(&dev->lun_reset_mutex);
409  
410  	/*
411  	 * Clear any legacy SPC-2 reservation when called during
412  	 * LOGICAL UNIT RESET
413  	 */
414  	if (!preempt_and_abort_list &&
415  	     (dev->dev_reservation_flags & DRF_SPC2_RESERVATIONS)) {
416  		spin_lock(&dev->dev_reservation_lock);
417  		dev->reservation_holder = NULL;
418  		dev->dev_reservation_flags &= ~DRF_SPC2_RESERVATIONS;
419  		spin_unlock(&dev->dev_reservation_lock);
420  		pr_debug("LUN_RESET: SCSI-2 Released reservation\n");
421  	}
422  
423  	atomic_long_inc(&dev->num_resets);
424  
425  	pr_debug("LUN_RESET: %s for [%s] Complete\n",
426  			(preempt_and_abort_list) ? "Preempt" : "TMR",
427  			dev->transport->name);
428  	return 0;
429  }
430  
431