1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * iSCSI Pseudo HBA Driver 27 */ 28 29 #include <sys/socket.h> /* networking stuff */ 30 #include <sys/t_kuser.h> /* networking stuff */ 31 #include <sys/tihdr.h> /* networking stuff */ 32 #include <sys/strsubr.h> /* networking stuff */ 33 #include <netinet/tcp.h> /* TCP_NODELAY */ 34 #include <sys/socketvar.h> /* _ALLOC_SLEEP */ 35 #include <sys/strsun.h> /* DB_TYPE() */ 36 37 #include "iscsi.h" /* iscsi driver */ 38 #include <sys/scsi/adapters/iscsi_protocol.h> /* iscsi protocol */ 39 40 /* generic io helpers */ 41 static uint32_t n2h24(uchar_t *ptr); 42 static int iscsi_sna_lt(uint32_t n1, uint32_t n2); 43 static void iscsi_update_flow_control(iscsi_sess_t *isp, 44 uint32_t max, uint32_t exp); 45 46 /* receivers */ 47 static iscsi_status_t iscsi_rx_process_hdr(iscsi_conn_t *icp, 48 iscsi_hdr_t *ihp, char *data, int data_size); 49 static iscsi_status_t iscsi_rx_process_nop(iscsi_conn_t *icp, 50 iscsi_hdr_t *ihp, char *data); 51 static iscsi_status_t iscsi_rx_process_data_rsp(iscsi_conn_t *icp, 52 iscsi_hdr_t *ihp); 53 static iscsi_status_t iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, 54 iscsi_hdr_t *ihp, char *data); 55 static iscsi_status_t iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, 56 iscsi_hdr_t *ihp, char *data); 57 static iscsi_status_t iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 58 iscsi_hdr_t *ihp, char *data); 59 static iscsi_status_t iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 60 iscsi_hdr_t *old_ihp); 61 static iscsi_status_t iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, 62 iscsi_hdr_t *ihp, iscsi_cmd_t **icmdp); 63 static iscsi_status_t iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 64 iscsi_hdr_t *ihp, void *data); 65 static iscsi_status_t iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, 66 iscsi_hdr_t *ihp, char *data); 67 static iscsi_status_t iscsi_rx_process_async_rsp(iscsi_conn_t *icp, 68 iscsi_hdr_t *ihp, char *data); 69 static iscsi_status_t iscsi_rx_process_text_rsp(iscsi_conn_t *icp, 70 iscsi_hdr_t *ihp, char *data); 71 72 73 /* senders */ 74 static iscsi_status_t iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 75 static iscsi_status_t iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 76 static iscsi_status_t iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, 77 iscsi_cmd_t *icmdp, uint32_t ttt, size_t datalen, size_t offset); 78 static iscsi_status_t iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 79 static iscsi_status_t iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 80 static iscsi_status_t iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 81 static iscsi_status_t iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 82 static iscsi_status_t iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 83 84 85 /* helpers */ 86 static void iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 87 uint32_t offset, uint32_t length, uint32_t ttt); 88 static void iscsi_handle_passthru_callback(struct scsi_pkt *pkt); 89 static void iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt); 90 91 static void iscsi_timeout_checks(iscsi_sess_t *isp); 92 static void iscsi_nop_checks(iscsi_sess_t *isp); 93 94 95 #define ISCSI_CONN_TO_NET_DIGEST(icp) \ 96 ((icp->conn_params.header_digest ? ISCSI_NET_HEADER_DIGEST : 0) | \ 97 (icp->conn_params.data_digest ? ISCSI_NET_DATA_DIGEST : 0)) 98 99 /* 100 * This file contains the main guts of the iSCSI protocol layer. 101 * It's broken into 5 sections; Basic helper functions, RX IO path, 102 * TX IO path, Completion (IC) IO path, and watchdog (WD) routines. 103 * 104 * The IO flow model is similiar to the below diagram. The 105 * iscsi session, connection and command state machines are used 106 * to drive IO through this flow diagram. Reference those files 107 * to get a detailed description of their respective state models 108 * prior to their xxx_state_machine_function(). 109 * 110 * tran_start() -> CMD_E1 TX_THREAD RX_THREAD 111 * | T T 112 * V T T 113 * PENDING_Q --CMD_E2--> ACTIVE_Q - --CMD_E3--+ 114 * T \ C T | 115 * T \M T | 116 * D T | 117 * WD_THREAD TT|TT T | 118 * /E T | 119 * / 6 T | 120 * ABORTING_Q<- --CMD_E3--+ 121 * T | 122 * T T | 123 * T | 124 * callback() <--CMD_E#-- COMPLETION_Q <------------+ 125 * T 126 * T 127 * IC_THREAD 128 * 129 * External and internal command are ran thru this same state 130 * machine. All commands enter the state machine by receiving an 131 * ISCSI_CMD_EVENT_E1. This event places the command into the 132 * PENDING_Q. Next when resources are available the TX_THREAD 133 * issues a E2 event on the command. This sends the command 134 * to the TCP stack and places the command on the ACTIVE_Q. While 135 * on the PENDIING_Q and ACTIVE_Q, the command is monitored via the 136 * WD_THREAD to ensure the pkt_time has not elapsed. If elapsed the 137 * command is issued an E6(timeout) event which moves either (if pending) 138 * completed the command or (if active) moves the command to the 139 * aborting queue and issues a SCSI TASK MANAGEMENT ABORT command 140 * to cancel the IO request. If the original command is completed 141 * or the TASK MANAGEMENT command completes the command is moved 142 * to the COMPLETION_Q via a E3 event. The IC_THREAD then processes 143 * the COMPLETION_Q and issues the scsi_pkt callback. This 144 * callback can not be processed directly from the RX_THREAD 145 * because the callback might call back into the iscsi driver 146 * causing a deadlock condition. 147 * 148 * For more details on the complete CMD state machine reference 149 * the state machine diagram in iscsi_cmd.c. The connection state 150 * machine is driven via IO events in this file. Then session 151 * events are driven by the connection events. For complete 152 * details on these state machines reference iscsi_sess.c and 153 * iscsi_conn.c 154 */ 155 156 157 /* 158 * +--------------------------------------------------------------------+ 159 * | io helper routines | 160 * +--------------------------------------------------------------------+ 161 */ 162 163 /* 164 * n2h24 - native to host 24 bit integer translation. 165 */ 166 static uint32_t 167 n2h24(uchar_t *ptr) 168 { 169 uint32_t idx; 170 bcopy(ptr, &idx, 3); 171 return (ntohl(idx) >> 8); 172 } 173 174 /* 175 * iscsi_sna_lt - Serial Number Arithmetic, 32 bits, less than, RFC1982 176 */ 177 static int 178 iscsi_sna_lt(uint32_t n1, uint32_t n2) 179 { 180 return ((n1 != n2) && 181 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 182 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 183 } 184 185 /* 186 * iscsi_sna_lte - Serial Number Arithmetic, 32 bits, less than or equal, 187 * RFC1982 188 */ 189 int 190 iscsi_sna_lte(uint32_t n1, uint32_t n2) 191 { 192 return ((n1 == n2) || 193 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 194 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 195 } 196 197 /* 198 * iscsi_update_flow_control - Update expcmdsn and maxcmdsn iSCSI 199 * flow control information for a session 200 */ 201 static void 202 iscsi_update_flow_control(iscsi_sess_t *isp, uint32_t max, uint32_t exp) 203 { 204 ASSERT(isp != NULL); 205 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 206 207 if (!iscsi_sna_lt(max, (exp - 1))) { 208 209 if (!iscsi_sna_lte(exp, isp->sess_expcmdsn)) { 210 isp->sess_expcmdsn = exp; 211 } 212 213 if (!iscsi_sna_lte(max, isp->sess_maxcmdsn)) { 214 isp->sess_maxcmdsn = max; 215 if (iscsi_sna_lte(isp->sess_cmdsn, 216 isp->sess_maxcmdsn)) { 217 /* 218 * the window is open again - schedule 219 * to send any held tasks soon 220 */ 221 iscsi_sess_redrive_io(isp); 222 } 223 } 224 } 225 } 226 227 228 /* 229 * +--------------------------------------------------------------------+ 230 * | io receive and processing routines | 231 * +--------------------------------------------------------------------+ 232 */ 233 234 /* 235 * iscsi_rx_thread - The connection creates a thread of this 236 * function during login. After which point this thread is 237 * used to receive and process all iSCSI PDUs on this connection. 238 * The PDUs received on this connection are used to drive the 239 * commands through their state machine. This thread will 240 * continue processing while the connection is on a LOGGED_IN 241 * or IN_LOGOUT state. Once the connection moves out of this 242 * state the thread will die. 243 */ 244 void 245 iscsi_rx_thread(iscsi_thread_t *thread, void *arg) 246 { 247 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 248 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 249 iscsi_sess_t *isp = NULL; 250 char *hdr = NULL; 251 int hdr_size = 0; 252 char *data = NULL; 253 int data_size = 0; 254 iscsi_hdr_t *ihp; 255 256 ASSERT(icp != NULL); 257 isp = icp->conn_sess; 258 ASSERT(isp != NULL); 259 260 /* pre-alloc recv header buffer for common actions */ 261 hdr_size = sizeof (iscsi_hdr_t) + 255; /* 255 = one byte hlength */ 262 hdr = (char *)kmem_zalloc(hdr_size, KM_SLEEP); 263 ihp = (iscsi_hdr_t *)hdr; 264 ASSERT(ihp != NULL); 265 266 /* pre-alloc max_recv_size buffer for common actions */ 267 data_size = icp->conn_params.max_recv_data_seg_len; 268 data = (char *)kmem_zalloc(data_size, KM_SLEEP); 269 ASSERT(data != NULL); 270 271 do { 272 /* Wait for the next iSCSI header */ 273 rval = iscsi_net->recvhdr(icp->conn_socket, 274 ihp, hdr_size, 0, (icp->conn_params.header_digest ? 275 ISCSI_NET_HEADER_DIGEST : 0)); 276 if (ISCSI_SUCCESS(rval)) { 277 isp->sess_rx_lbolt = 278 icp->conn_rx_lbolt = 279 ddi_get_lbolt(); 280 281 /* Perform specific hdr handling */ 282 rval = iscsi_rx_process_hdr(icp, ihp, 283 data, data_size); 284 } 285 286 /* 287 * handle failures 288 */ 289 switch (rval) { 290 case ISCSI_STATUS_SUCCESS: 291 /* 292 * If we successfully completed a receive 293 * and we are in an IN_FLUSH state then 294 * check the active queue count to see 295 * if its empty. If its empty then force 296 * a disconnect event on the connection. 297 * This will move the session from IN_FLUSH 298 * to FLUSHED and complete the login 299 * parameter update. 300 */ 301 if ((isp->sess_state == ISCSI_SESS_STATE_IN_FLUSH) && 302 (icp->conn_queue_active.count == 0)) { 303 mutex_enter(&icp->conn_state_mutex); 304 (void) iscsi_conn_state_machine(icp, 305 ISCSI_CONN_EVENT_T14); 306 mutex_exit(&icp->conn_state_mutex); 307 } 308 break; 309 case ISCSI_STATUS_TCP_RX_ERROR: 310 /* connection had an error */ 311 mutex_enter(&icp->conn_state_mutex); 312 (void) iscsi_conn_state_machine(icp, 313 ISCSI_CONN_EVENT_T15); 314 mutex_exit(&icp->conn_state_mutex); 315 break; 316 case ISCSI_STATUS_HEADER_DIGEST_ERROR: 317 /* 318 * If we encounter a digest error we have to restart 319 * all the connections on this session. per iSCSI 320 * Level 0 Recovery. 321 */ 322 KSTAT_INC_CONN_ERR_HEADER_DIGEST(icp); 323 mutex_enter(&icp->conn_state_mutex); 324 (void) iscsi_conn_state_machine(icp, 325 ISCSI_CONN_EVENT_T14); 326 mutex_exit(&icp->conn_state_mutex); 327 break; 328 case ISCSI_STATUS_DATA_DIGEST_ERROR: 329 /* 330 * We can continue with a data digest error. The 331 * icmdp was flaged as having a crc problem. It 332 * will be aborted when all data is received. This 333 * saves us from restarting the session when we 334 * might be able to keep it going. If the data 335 * digest issue was really bad we will hit a 336 * status protocol error on the next pdu, which 337 * will force a connection retstart. 338 */ 339 KSTAT_INC_CONN_ERR_DATA_DIGEST(icp); 340 break; 341 case ISCSI_STATUS_PROTOCOL_ERROR: 342 /* 343 * A protocol problem was encountered. Reset 344 * session to try and repair issue. 345 */ 346 KSTAT_INC_CONN_ERR_PROTOCOL(icp); 347 mutex_enter(&icp->conn_state_mutex); 348 (void) iscsi_conn_state_machine(icp, 349 ISCSI_CONN_EVENT_T14); 350 mutex_exit(&icp->conn_state_mutex); 351 break; 352 case ISCSI_STATUS_INTERNAL_ERROR: 353 /* 354 * These should have all been handled before now. 355 */ 356 break; 357 default: 358 cmn_err(CE_WARN, "iscsi connection(%u) encountered " 359 "unknown error(%d) on a receive", icp->conn_oid, 360 rval); 361 ASSERT(B_FALSE); 362 } 363 364 } while ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 365 (iscsi_thread_wait(thread, 0) != 0)); 366 367 kmem_free(hdr, hdr_size); 368 kmem_free(data, data_size); 369 } 370 371 372 /* 373 * iscsi_rx_process_hdr - This function collects data for all PDUs 374 * that do not have data that will be mapped to a specific scsi_pkt. 375 * Then for each hdr type fan out the processing. 376 */ 377 static iscsi_status_t 378 iscsi_rx_process_hdr(iscsi_conn_t *icp, iscsi_hdr_t *ihp, 379 char *data, int data_size) 380 { 381 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 382 iscsi_sess_t *isp = NULL; 383 384 ASSERT(icp != NULL); 385 ASSERT(ihp != NULL); 386 ASSERT(data != NULL); 387 isp = icp->conn_sess; 388 ASSERT(isp != NULL); 389 390 /* If this is not a SCSI_DATA_RSP we can go ahead and get the data */ 391 if ((ihp->opcode & ISCSI_OPCODE_MASK) != ISCSI_OP_SCSI_DATA_RSP) { 392 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 393 data, data_size, 0, (icp->conn_params.data_digest) ? 394 ISCSI_NET_DATA_DIGEST : 0); 395 if (!ISCSI_SUCCESS(rval)) { 396 return (rval); 397 } 398 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 399 } 400 401 /* fan out the hdr processing */ 402 switch (ihp->opcode & ISCSI_OPCODE_MASK) { 403 case ISCSI_OP_SCSI_DATA_RSP: 404 rval = iscsi_rx_process_data_rsp(icp, ihp); 405 break; 406 case ISCSI_OP_SCSI_RSP: 407 rval = iscsi_rx_process_cmd_rsp(icp, ihp, data); 408 break; 409 case ISCSI_OP_RTT_RSP: 410 rval = iscsi_rx_process_rtt_rsp(icp, ihp, data); 411 break; 412 case ISCSI_OP_NOOP_IN: 413 rval = iscsi_rx_process_nop(icp, ihp, data); 414 break; 415 case ISCSI_OP_REJECT_MSG: 416 rval = iscsi_rx_process_reject_rsp(icp, ihp, data); 417 break; 418 case ISCSI_OP_SCSI_TASK_MGT_RSP: 419 rval = iscsi_rx_process_task_mgt_rsp(icp, ihp, data); 420 break; 421 case ISCSI_OP_LOGOUT_RSP: 422 rval = iscsi_rx_process_logout_rsp(icp, ihp, data); 423 break; 424 case ISCSI_OP_ASYNC_EVENT: 425 rval = iscsi_rx_process_async_rsp(icp, ihp, data); 426 break; 427 case ISCSI_OP_TEXT_RSP: 428 rval = iscsi_rx_process_text_rsp(icp, ihp, data); 429 break; 430 default: 431 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 432 "received an unsupported opcode 0x%02x", 433 icp->conn_oid, ihp->opcode); 434 rval = ISCSI_STATUS_PROTOCOL_ERROR; 435 } 436 437 return (rval); 438 } 439 440 441 /* 442 * iscsi_rx_process_data_rsp - Processed received data header. Once 443 * header is processed we read data off the connection directly into 444 * the scsi_pkt to avoid duplicate bcopy of a large amount of data. 445 * If this is the final data sequence denoted by the data response 446 * PDU Status bit being set. We will not receive the SCSI response. 447 * This bit denotes that the PDU is the successful completion of the 448 * command. In this case complete the command. If This bit isn't 449 * set we wait for more data or a scsi command response. 450 */ 451 static iscsi_status_t 452 iscsi_rx_process_data_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp) 453 { 454 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 455 iscsi_sess_t *isp = NULL; 456 iscsi_data_rsp_hdr_t *idrhp = (iscsi_data_rsp_hdr_t *)ihp; 457 iscsi_cmd_t *icmdp = NULL; 458 struct scsi_pkt *pkt = NULL; 459 struct buf *bp = NULL; 460 uint32_t offset = 0; 461 uint32_t dlength = 0; 462 char *bcp = NULL; 463 464 ASSERT(icp != NULL); 465 ASSERT(ihp != NULL); 466 isp = icp->conn_sess; 467 ASSERT(isp != NULL); 468 469 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 470 /* make sure we got status in order */ 471 if (icp->conn_expstatsn == ntohl(idrhp->statsn)) { 472 icp->conn_expstatsn++; 473 } else { 474 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 475 "- received status out of order itt:0x%x " 476 "statsn:0x%x expstatsn:0x%x", icp->conn_oid, 477 idrhp->itt, ntohl(idrhp->statsn), 478 icp->conn_expstatsn); 479 return (ISCSI_STATUS_PROTOCOL_ERROR); 480 } 481 } 482 483 /* match itt in the session's command table */ 484 mutex_enter(&icp->conn_queue_active.mutex); 485 mutex_enter(&isp->sess_cmdsn_mutex); 486 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 487 mutex_exit(&isp->sess_cmdsn_mutex); 488 mutex_exit(&icp->conn_queue_active.mutex); 489 return (ISCSI_STATUS_PROTOCOL_ERROR); 490 } 491 /* 492 * Holding the pending/active queue locks across the 493 * iscsi_rx_data call later in this function may cause 494 * deadlock during fault injections. Instead remove 495 * the cmd from the active queue and release the locks. 496 * Then before returning or completing the command 497 * return the cmd to the active queue and reacquire 498 * the locks. 499 */ 500 iscsi_dequeue_active_cmd(icp, icmdp); 501 502 /* update expcmdsn and maxcmdsn */ 503 iscsi_update_flow_control(isp, ntohl(idrhp->maxcmdsn), 504 ntohl(idrhp->expcmdsn)); 505 mutex_exit(&isp->sess_cmdsn_mutex); 506 mutex_exit(&icp->conn_queue_active.mutex); 507 508 /* shorthand some values */ 509 pkt = icmdp->cmd_un.scsi.pkt; 510 bp = icmdp->cmd_un.scsi.bp; 511 offset = ntohl(idrhp->offset); 512 dlength = n2h24(idrhp->dlength); 513 514 /* 515 * some poorly behaved targets have been observed 516 * sending data-in pdu's during a write operation 517 */ 518 if (bp != NULL) { 519 if (!(bp->b_flags & B_READ)) { 520 cmn_err(CE_WARN, 521 "iscsi connection(%u) protocol error - " 522 "received data response during write operation " 523 "itt:0x%x", 524 icp->conn_oid, idrhp->itt); 525 mutex_enter(&icp->conn_queue_active.mutex); 526 iscsi_enqueue_active_cmd(icp, icmdp); 527 mutex_exit(&icp->conn_queue_active.mutex); 528 return (ISCSI_STATUS_PROTOCOL_ERROR); 529 } 530 531 /* 532 * We can't tolerate the target sending too much 533 * data for our buffer 534 */ 535 if ((dlength > 536 (bp->b_bcount - icmdp->cmd_un.scsi.data_transferred)) || 537 (dlength > (bp->b_bcount - offset))) { 538 cmn_err(CE_WARN, 539 "iscsi connection(%u) protocol error - " 540 "received too much data itt:0x%x", 541 icp->conn_oid, idrhp->itt); 542 mutex_enter(&icp->conn_queue_active.mutex); 543 iscsi_enqueue_active_cmd(icp, icmdp); 544 mutex_exit(&icp->conn_queue_active.mutex); 545 return (ISCSI_STATUS_PROTOCOL_ERROR); 546 } 547 548 bcp = ((char *)bp->b_un.b_addr) + offset; 549 550 /* 551 * Get the rest of the data and copy it directly into 552 * the scsi_pkt. 553 */ 554 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 555 bcp, dlength, 0, (icp->conn_params.data_digest ? 556 ISCSI_NET_DATA_DIGEST : 0)); 557 if (ISCSI_SUCCESS(rval)) { 558 KSTAT_ADD_CONN_RX_BYTES(icp, dlength); 559 } else { 560 /* If digest error flag icmdp with a crc error */ 561 if (rval == ISCSI_STATUS_DATA_DIGEST_ERROR) { 562 icmdp->cmd_crc_error_seen = B_TRUE; 563 } 564 mutex_enter(&icp->conn_queue_active.mutex); 565 iscsi_enqueue_active_cmd(icp, icmdp); 566 mutex_exit(&icp->conn_queue_active.mutex); 567 return (rval); 568 } 569 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 570 571 /* update icmdp statistics */ 572 icmdp->cmd_un.scsi.data_transferred += dlength; 573 } 574 575 /* 576 * We got status. This should only happen if we have 577 * received all the data with no errors. The command 578 * must be completed now, since we won't get a command 579 * response PDU. The cmd_status and residual_count are 580 * not meaningful unless status_present is set. 581 */ 582 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 583 pkt->pkt_resid = 0; 584 /* Check the residual count */ 585 if (bp && 586 (icmdp->cmd_un.scsi.data_transferred != 587 bp->b_bcount)) { 588 /* 589 * We didn't xfer the expected amount of data - 590 * the residual_count in the header is only valid 591 * if the underflow flag is set. 592 */ 593 if (idrhp->flags & ISCSI_FLAG_DATA_UNDERFLOW) { 594 pkt->pkt_resid = ntohl(idrhp->residual_count); 595 } else { 596 if (bp->b_bcount > 597 icmdp->cmd_un.scsi.data_transferred) { 598 /* Some data fell on the floor somehw */ 599 pkt->pkt_resid = 600 bp->b_bcount - 601 icmdp->cmd_un.scsi.data_transferred; 602 } 603 } 604 } 605 606 pkt->pkt_reason = CMD_CMPLT; 607 pkt->pkt_state |= (STATE_XFERRED_DATA | STATE_GOT_STATUS); 608 609 if (((idrhp->cmd_status & STATUS_MASK) != STATUS_GOOD) && 610 (icmdp->cmd_un.scsi.statuslen >= 611 sizeof (struct scsi_arq_status)) && pkt->pkt_scbp) { 612 613 /* 614 * Not supposed to get exception status here! 615 * We have no request sense data so just do the 616 * best we can 617 */ 618 struct scsi_arq_status *arqstat = 619 (struct scsi_arq_status *)pkt->pkt_scbp; 620 621 622 bzero(arqstat, sizeof (struct scsi_arq_status)); 623 624 *((uchar_t *)&arqstat->sts_status) = 625 idrhp->cmd_status; 626 627 arqstat->sts_rqpkt_resid = 628 sizeof (struct scsi_extended_sense); 629 630 } else if (pkt->pkt_scbp) { 631 /* just pass along the status we got */ 632 pkt->pkt_scbp[0] = idrhp->cmd_status; 633 } 634 635 mutex_enter(&icp->conn_queue_active.mutex); 636 iscsi_enqueue_active_cmd(icp, icmdp); 637 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 638 mutex_exit(&icp->conn_queue_active.mutex); 639 } else { 640 mutex_enter(&icp->conn_queue_active.mutex); 641 iscsi_enqueue_active_cmd(icp, icmdp); 642 mutex_exit(&icp->conn_queue_active.mutex); 643 } 644 645 return (ISCSI_STATUS_SUCCESS); 646 } 647 648 649 /* 650 * iscsi_rx_process_cmd_rsp - Process received scsi command response. This 651 * will contain sense data if the command was not successful. This data needs 652 * to be copied into the scsi_pkt. Otherwise we just complete the IO. 653 */ 654 static iscsi_status_t 655 iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 656 { 657 iscsi_sess_t *isp = icp->conn_sess; 658 iscsi_scsi_rsp_hdr_t *issrhp = (iscsi_scsi_rsp_hdr_t *)ihp; 659 iscsi_cmd_t *icmdp = NULL; 660 struct scsi_pkt *pkt = NULL; 661 uint32_t dlength = 0; 662 struct scsi_arq_status *arqstat = NULL; 663 size_t senselen = 0; 664 int statuslen = 0; 665 666 /* make sure we get status in order */ 667 if (icp->conn_expstatsn == ntohl(issrhp->statsn)) { 668 icp->conn_expstatsn++; 669 } else { 670 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 671 "received status out of order itt:0x%x statsn:0x%x " 672 "expstatsn:0x%x", icp->conn_oid, issrhp->itt, 673 ntohl(issrhp->statsn), icp->conn_expstatsn); 674 return (ISCSI_STATUS_PROTOCOL_ERROR); 675 } 676 677 mutex_enter(&icp->conn_queue_active.mutex); 678 mutex_enter(&isp->sess_cmdsn_mutex); 679 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 680 mutex_exit(&isp->sess_cmdsn_mutex); 681 mutex_exit(&icp->conn_queue_active.mutex); 682 return (ISCSI_STATUS_PROTOCOL_ERROR); 683 } 684 685 /* update expcmdsn and maxcmdsn */ 686 iscsi_update_flow_control(isp, ntohl(issrhp->maxcmdsn), 687 ntohl(issrhp->expcmdsn)); 688 mutex_exit(&isp->sess_cmdsn_mutex); 689 690 pkt = icmdp->cmd_un.scsi.pkt; 691 692 if (issrhp->response) { 693 /* The target failed the command. */ 694 pkt->pkt_reason = CMD_TRAN_ERR; 695 if (icmdp->cmd_un.scsi.bp) { 696 pkt->pkt_resid = icmdp->cmd_un.scsi.bp->b_bcount; 697 } else { 698 pkt->pkt_resid = 0; 699 } 700 } else { 701 /* success */ 702 pkt->pkt_resid = 0; 703 /* Check the residual count */ 704 if ((icmdp->cmd_un.scsi.bp) && 705 (icmdp->cmd_un.scsi.data_transferred != 706 icmdp->cmd_un.scsi.bp->b_bcount)) { 707 /* 708 * We didn't xfer the expected amount of data - 709 * the residual_count in the header is only 710 * valid if the underflow flag is set. 711 */ 712 if (issrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 713 pkt->pkt_resid = ntohl(issrhp->residual_count); 714 } else { 715 if (icmdp->cmd_un.scsi.bp->b_bcount > 716 icmdp->cmd_un.scsi.data_transferred) { 717 /* 718 * Some data fell on the floor 719 * somehow - probably a CRC error 720 */ 721 pkt->pkt_resid = 722 icmdp->cmd_un.scsi.bp->b_bcount - 723 icmdp->cmd_un.scsi.data_transferred; 724 } 725 } 726 } 727 728 /* set flags that tell SCSA that the command is complete */ 729 if (icmdp->cmd_crc_error_seen == B_FALSE) { 730 /* Set successful completion */ 731 pkt->pkt_reason = CMD_CMPLT; 732 if (icmdp->cmd_un.scsi.bp) { 733 pkt->pkt_state |= (STATE_XFERRED_DATA | 734 STATE_GOT_STATUS); 735 } else { 736 pkt->pkt_state |= STATE_GOT_STATUS; 737 } 738 } else { 739 /* 740 * Some of the data was found to have an incorrect 741 * error at the protocol error. 742 */ 743 pkt->pkt_reason = CMD_PER_FAIL; 744 pkt->pkt_statistics |= STAT_PERR; 745 if (icmdp->cmd_un.scsi.bp) { 746 pkt->pkt_resid = 747 icmdp->cmd_un.scsi.bp->b_bcount; 748 } else { 749 pkt->pkt_resid = 0; 750 } 751 } 752 753 dlength = n2h24(issrhp->dlength); 754 755 /* 756 * Process iSCSI Cmd Response Status 757 * RFC 3720 Sectionn 10.4.2. 758 */ 759 switch (issrhp->cmd_status & STATUS_MASK) { 760 case STATUS_GOOD: 761 /* pass SCSI status up stack */ 762 if (pkt->pkt_scbp) { 763 pkt->pkt_scbp[0] = issrhp->cmd_status; 764 } 765 break; 766 case STATUS_CHECK: 767 /* 768 * Verify we received a sense buffer and 769 * that there is the correct amount of 770 * request sense space to copy it to. 771 */ 772 if ((dlength > 1) && 773 (pkt->pkt_scbp != NULL) && 774 (icmdp->cmd_un.scsi.statuslen >= 775 sizeof (struct scsi_arq_status))) { 776 /* 777 * If a bad command status is received we 778 * need to reset the pkt_resid to zero. 779 * The target driver compares its value 780 * before checking other error flags. 781 * (ex. check conditions) 782 */ 783 pkt->pkt_resid = 0; 784 785 /* get sense length from first 2 bytes */ 786 senselen = ((data[0] << 8) | data[1]) & 787 (size_t)0xFFFF; 788 789 /* Sanity-check on the sense length */ 790 if ((senselen + 2) > dlength) { 791 senselen = dlength - 2; 792 } 793 794 /* 795 * If there was a Data Digest error then 796 * the sense data cannot be trusted. 797 */ 798 if (icmdp->cmd_crc_error_seen) { 799 senselen = 0; 800 } 801 802 /* automatic request sense */ 803 arqstat = 804 (struct scsi_arq_status *)pkt->pkt_scbp; 805 806 /* pass SCSI status up stack */ 807 *((uchar_t *)&arqstat->sts_status) = 808 issrhp->cmd_status; 809 810 /* 811 * Set the status for the automatic 812 * request sense command 813 */ 814 arqstat->sts_rqpkt_state = (STATE_GOT_BUS | 815 STATE_GOT_TARGET | STATE_SENT_CMD | 816 STATE_XFERRED_DATA | STATE_GOT_STATUS | 817 STATE_ARQ_DONE); 818 819 *((uchar_t *)&arqstat->sts_rqpkt_status) = 820 STATUS_GOOD; 821 822 arqstat->sts_rqpkt_reason = CMD_CMPLT; 823 824 statuslen = icmdp->cmd_un.scsi.statuslen; 825 826 if (senselen == 0) { 827 /* auto request sense failed */ 828 arqstat->sts_rqpkt_status.sts_chk = 1; 829 arqstat->sts_rqpkt_resid = 830 statuslen; 831 } else if (senselen < 832 statuslen) { 833 /* auto request sense short */ 834 arqstat->sts_rqpkt_resid = 835 statuslen 836 - senselen; 837 } else { 838 /* auto request sense complete */ 839 arqstat->sts_rqpkt_resid = 0; 840 } 841 arqstat->sts_rqpkt_statistics = 0; 842 pkt->pkt_state |= STATE_ARQ_DONE; 843 844 if (icmdp->cmd_misc_flags & 845 ISCSI_CMD_MISCFLAG_XARQ) { 846 pkt->pkt_state |= STATE_XARQ_DONE; 847 } 848 849 /* copy auto request sense */ 850 dlength = min(senselen, 851 statuslen); 852 if (dlength) { 853 bcopy(&data[2], (uchar_t *)&arqstat-> 854 sts_sensedata, dlength); 855 } 856 break; 857 } 858 /* FALLTHRU */ 859 case STATUS_BUSY: 860 case STATUS_RESERVATION_CONFLICT: 861 case STATUS_QFULL: 862 case STATUS_ACA_ACTIVE: 863 default: 864 /* 865 * If a bad command status is received we need to 866 * reset the pkt_resid to zero. The target driver 867 * compares its value before checking other error 868 * flags. (ex. check conditions) 869 */ 870 pkt->pkt_resid = 0; 871 /* pass SCSI status up stack */ 872 if (pkt->pkt_scbp) { 873 pkt->pkt_scbp[0] = issrhp->cmd_status; 874 } 875 } 876 } 877 878 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 879 mutex_exit(&icp->conn_queue_active.mutex); 880 881 return (ISCSI_STATUS_SUCCESS); 882 } 883 884 /* 885 * iscsi_rx_process_rtt_rsp - Process received RTT. This means the target is 886 * requesting data. 887 */ 888 /* ARGSUSED */ 889 static iscsi_status_t 890 iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 891 { 892 iscsi_sess_t *isp = (iscsi_sess_t *)icp->conn_sess; 893 iscsi_rtt_hdr_t *irhp = (iscsi_rtt_hdr_t *)ihp; 894 iscsi_cmd_t *icmdp = NULL; 895 struct buf *bp = NULL; 896 uint32_t data_length; 897 iscsi_status_t status = ISCSI_STATUS_PROTOCOL_ERROR; 898 899 900 mutex_enter(&isp->sess_queue_pending.mutex); 901 mutex_enter(&icp->conn_queue_active.mutex); 902 mutex_enter(&isp->sess_cmdsn_mutex); 903 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 904 mutex_exit(&isp->sess_cmdsn_mutex); 905 mutex_exit(&icp->conn_queue_active.mutex); 906 mutex_exit(&isp->sess_queue_pending.mutex); 907 return (status); 908 } 909 910 /* update expcmdsn and maxcmdsn */ 911 iscsi_update_flow_control(isp, ntohl(irhp->maxcmdsn), 912 ntohl(irhp->expcmdsn)); 913 mutex_enter(&icmdp->cmd_mutex); 914 mutex_exit(&isp->sess_cmdsn_mutex); 915 916 bp = icmdp->cmd_un.scsi.bp; 917 data_length = ntohl(irhp->data_length); 918 919 /* 920 * Perform boundary-checks per RFC 3720 (section 10.8.4). 921 * The Desired Data Transfer Length must satisfy this relation: 922 * 923 * 0 < Desired Data Transfer Length <= MaxBurstLength 924 */ 925 if ((bp == NULL) || (data_length == 0)) { 926 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 927 "has no data itt:0x%x - protocol error", icp->conn_oid, 928 irhp->itt); 929 } else if (data_length > icp->conn_params.max_burst_length) { 930 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 931 "is larger than MaxBurstLength itt:0x%x len:0x%x - " 932 "protocol error", 933 icp->conn_oid, irhp->itt, data_length); 934 } else { 935 iscsi_handle_r2t(icp, icmdp, ntohl(irhp->data_offset), 936 data_length, irhp->ttt); 937 status = ISCSI_STATUS_SUCCESS; 938 } 939 940 mutex_exit(&icmdp->cmd_mutex); 941 mutex_exit(&icp->conn_queue_active.mutex); 942 mutex_exit(&isp->sess_queue_pending.mutex); 943 944 return (status); 945 } 946 947 948 /* 949 * iscsi_rx_process_nop - Process a received nop. If nop is in response 950 * to a ping we sent update stats. If initiated by the target we need 951 * to response back to the target with a nop. Schedule the response. 952 */ 953 /* ARGSUSED */ 954 static iscsi_status_t 955 iscsi_rx_process_nop(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 956 { 957 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 958 iscsi_sess_t *isp = NULL; 959 iscsi_nop_in_hdr_t *inihp = (iscsi_nop_in_hdr_t *)ihp; 960 iscsi_cmd_t *icmdp = NULL; 961 962 ASSERT(icp != NULL); 963 ASSERT(ihp != NULL); 964 /* ASSERT(data != NULL) data is allowed to be NULL */ 965 isp = icp->conn_sess; 966 ASSERT(isp != NULL); 967 968 if (icp->conn_expstatsn != ntohl(inihp->statsn)) { 969 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 970 "received status out of order itt:0x%x statsn:0x%x " 971 "expstatsn:0x%x", icp->conn_oid, inihp->itt, 972 ntohl(inihp->statsn), icp->conn_expstatsn); 973 return (ISCSI_STATUS_PROTOCOL_ERROR); 974 } 975 976 mutex_enter(&isp->sess_queue_pending.mutex); 977 mutex_enter(&icp->conn_queue_active.mutex); 978 mutex_enter(&isp->sess_cmdsn_mutex); 979 if (inihp->itt != ISCSI_RSVD_TASK_TAG) { 980 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 981 isp, ihp, &icmdp))) { 982 mutex_exit(&isp->sess_cmdsn_mutex); 983 mutex_exit(&icp->conn_queue_active.mutex); 984 mutex_exit(&isp->sess_queue_pending.mutex); 985 return (ISCSI_STATUS_PROTOCOL_ERROR); 986 } 987 } 988 989 /* update expcmdsn and maxcmdsn */ 990 iscsi_update_flow_control(isp, ntohl(inihp->maxcmdsn), 991 ntohl(inihp->expcmdsn)); 992 mutex_exit(&isp->sess_cmdsn_mutex); 993 994 if ((inihp->itt != ISCSI_RSVD_TASK_TAG) && 995 (inihp->ttt == ISCSI_RSVD_TASK_TAG)) { 996 /* This is the only type of nop that incs. the expstatsn */ 997 icp->conn_expstatsn++; 998 999 /* 1000 * This is a targets response to our nop 1001 */ 1002 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1003 } else if (inihp->ttt != ISCSI_RSVD_TASK_TAG) { 1004 /* 1005 * Target requested a nop. Send one. 1006 */ 1007 iscsi_handle_nop(icp, ISCSI_RSVD_TASK_TAG, inihp->ttt); 1008 } else { 1009 /* 1010 * This is a target-initiated ping that doesn't expect 1011 * a response; nothing to do except update our flow control 1012 * (which we do in all cases above). 1013 */ 1014 /* EMPTY */ 1015 } 1016 mutex_exit(&icp->conn_queue_active.mutex); 1017 mutex_exit(&isp->sess_queue_pending.mutex); 1018 1019 return (rval); 1020 } 1021 1022 1023 /* 1024 * iscsi_rx_process_reject_rsp - The server rejected a PDU 1025 */ 1026 static iscsi_status_t 1027 iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 1028 iscsi_hdr_t *ihp, char *data) 1029 { 1030 iscsi_reject_rsp_hdr_t *irrhp = (iscsi_reject_rsp_hdr_t *)ihp; 1031 iscsi_sess_t *isp = NULL; 1032 uint32_t dlength = 0; 1033 iscsi_hdr_t *old_ihp = NULL; 1034 1035 ASSERT(icp != NULL); 1036 isp = icp->conn_sess; 1037 ASSERT(ihp != NULL); 1038 ASSERT(data != NULL); 1039 1040 /* make sure we only Ack Status numbers that we've actually received. */ 1041 if (icp->conn_expstatsn == ntohl(irrhp->statsn)) { 1042 icp->conn_expstatsn++; 1043 } else { 1044 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1045 "received status out of order itt:0x%x statsn:0x%x " 1046 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1047 ntohl(irrhp->statsn), icp->conn_expstatsn); 1048 return (ISCSI_STATUS_PROTOCOL_ERROR); 1049 } 1050 1051 /* update expcmdsn and maxcmdsn */ 1052 mutex_enter(&isp->sess_cmdsn_mutex); 1053 iscsi_update_flow_control(isp, ntohl(irrhp->maxcmdsn), 1054 ntohl(irrhp->expcmdsn)); 1055 mutex_exit(&isp->sess_cmdsn_mutex); 1056 1057 /* If we don't have the rejected header we can't do anything */ 1058 dlength = n2h24(irrhp->dlength); 1059 if (dlength < sizeof (iscsi_hdr_t)) { 1060 return (ISCSI_STATUS_PROTOCOL_ERROR); 1061 } 1062 1063 /* map old ihp */ 1064 old_ihp = (iscsi_hdr_t *)data; 1065 1066 switch (irrhp->reason) { 1067 /* 1068 * ISCSI_REJECT_IMM_CMD_REJECT - Immediate Command Reject 1069 * too many immediate commands (original cmd can be resent) 1070 */ 1071 case ISCSI_REJECT_IMM_CMD_REJECT: 1072 /* 1073 * We have exceeded the server's capacity for outstanding 1074 * immediate commands. This must be a task management 1075 * command so try to find it in the abortingqueue and 1076 * complete it. 1077 */ 1078 if (!(old_ihp->opcode & ISCSI_OP_IMMEDIATE)) { 1079 /* Rejecting IMM but old old_hdr wasn't IMM */ 1080 return (ISCSI_STATUS_PROTOCOL_ERROR); 1081 } 1082 1083 /* 1084 * We only send NOP and TASK_MGT as IMM. All other 1085 * cases should be considered as a protocol error. 1086 */ 1087 switch (old_ihp->opcode & ISCSI_OPCODE_MASK) { 1088 case ISCSI_OP_NOOP_OUT: 1089 /* 1090 * A ping was rejected - treat this like 1091 * ping response. The down side is we 1092 * didn't get an updated MaxCmdSn. 1093 */ 1094 break; 1095 case ISCSI_OP_SCSI_TASK_MGT_MSG: 1096 (void) iscsi_rx_process_rejected_tsk_mgt(icp, 1097 old_ihp); 1098 break; 1099 default: 1100 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 1101 "- received a reject for a command(0x%02x) not " 1102 "sent as an immediate", icp->conn_oid, 1103 old_ihp->opcode); 1104 return (ISCSI_STATUS_PROTOCOL_ERROR); 1105 } 1106 break; 1107 1108 /* 1109 * For the rest of the reject cases just use the general 1110 * hammer of dis/reconnecting. This will resolve all 1111 * noted issues although could be more graceful. 1112 */ 1113 case ISCSI_REJECT_DATA_DIGEST_ERROR: 1114 case ISCSI_REJECT_CMD_BEFORE_LOGIN: 1115 case ISCSI_REJECT_SNACK_REJECT: 1116 case ISCSI_REJECT_PROTOCOL_ERROR: 1117 case ISCSI_REJECT_CMD_NOT_SUPPORTED: 1118 case ISCSI_REJECT_TASK_IN_PROGRESS: 1119 case ISCSI_REJECT_INVALID_DATA_ACK: 1120 case ISCSI_REJECT_INVALID_PDU_FIELD: 1121 case ISCSI_REJECT_LONG_OPERATION_REJECT: 1122 case ISCSI_REJECT_NEGOTIATION_RESET: 1123 default: 1124 cmn_err(CE_WARN, "iscsi connection(%u) closing connection - " 1125 "target requested itt:0x%x reason:0x%x", 1126 icp->conn_oid, ihp->itt, irrhp->reason); 1127 return (ISCSI_STATUS_PROTOCOL_ERROR); 1128 } 1129 1130 return (ISCSI_STATUS_SUCCESS); 1131 } 1132 1133 1134 /* 1135 * iscsi_rx_process_rejected_tsk_mgt - 1136 */ 1137 static iscsi_status_t 1138 iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 1139 iscsi_hdr_t *old_ihp) 1140 { 1141 iscsi_sess_t *isp = NULL; 1142 iscsi_cmd_t *icmdp = NULL; 1143 1144 ASSERT(icp != NULL); 1145 isp = icp->conn_sess; 1146 ASSERT(old_ihp != NULL); 1147 ASSERT(icp->conn_sess != NULL); 1148 1149 mutex_enter(&icp->conn_queue_active.mutex); 1150 mutex_enter(&isp->sess_cmdsn_mutex); 1151 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1152 isp, old_ihp, &icmdp))) { 1153 mutex_exit(&isp->sess_cmdsn_mutex); 1154 mutex_exit(&icp->conn_queue_active.mutex); 1155 return (ISCSI_STATUS_PROTOCOL_ERROR); 1156 } 1157 mutex_exit(&isp->sess_cmdsn_mutex); 1158 1159 switch (icmdp->cmd_type) { 1160 case ISCSI_CMD_TYPE_ABORT: 1161 case ISCSI_CMD_TYPE_RESET: 1162 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E4, 1163 icp->conn_sess); 1164 break; 1165 /* We don't send any other task mgr types */ 1166 default: 1167 ASSERT(B_FALSE); 1168 break; 1169 } 1170 mutex_exit(&icp->conn_queue_active.mutex); 1171 1172 return (ISCSI_STATUS_SUCCESS); 1173 } 1174 1175 1176 /* 1177 * iscsi_rx_process_task_mgt_rsp - 1178 */ 1179 /* ARGSUSED */ 1180 static iscsi_status_t 1181 iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 1182 iscsi_hdr_t *ihp, void *data) 1183 { 1184 iscsi_sess_t *isp = NULL; 1185 iscsi_scsi_task_mgt_rsp_hdr_t *istmrhp = NULL; 1186 iscsi_cmd_t *icmdp = NULL; 1187 1188 ASSERT(ihp != NULL); 1189 ASSERT(icp != NULL); 1190 isp = icp->conn_sess; 1191 ASSERT(isp != NULL); 1192 istmrhp = (iscsi_scsi_task_mgt_rsp_hdr_t *)ihp; 1193 1194 if (icp->conn_expstatsn == ntohl(istmrhp->statsn)) { 1195 icp->conn_expstatsn++; 1196 } else { 1197 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1198 "received status out of order itt:0x%x statsn:0x%x " 1199 "expstatsn:0x%x", icp->conn_oid, istmrhp->itt, 1200 ntohl(istmrhp->statsn), icp->conn_expstatsn); 1201 return (ISCSI_STATUS_PROTOCOL_ERROR); 1202 } 1203 1204 /* make sure we only Ack Status numbers that we've actually received. */ 1205 mutex_enter(&icp->conn_queue_active.mutex); 1206 mutex_enter(&isp->sess_cmdsn_mutex); 1207 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1208 mutex_exit(&isp->sess_cmdsn_mutex); 1209 mutex_exit(&icp->conn_queue_active.mutex); 1210 return (ISCSI_STATUS_PROTOCOL_ERROR); 1211 } 1212 1213 /* update expcmdsn and maxcmdn */ 1214 iscsi_update_flow_control(isp, ntohl(istmrhp->maxcmdsn), 1215 ntohl(istmrhp->expcmdsn)); 1216 mutex_exit(&isp->sess_cmdsn_mutex); 1217 1218 switch (icmdp->cmd_type) { 1219 case ISCSI_CMD_TYPE_ABORT: 1220 case ISCSI_CMD_TYPE_RESET: 1221 switch (istmrhp->response) { 1222 case SCSI_TCP_TM_RESP_COMPLETE: 1223 /* success */ 1224 iscsi_cmd_state_machine(icmdp, 1225 ISCSI_CMD_EVENT_E3, isp); 1226 break; 1227 case SCSI_TCP_TM_RESP_NO_TASK: 1228 /* 1229 * If the array no longer knows about 1230 * an ABORT RTT and we no longer have 1231 * a parent SCSI command it was just 1232 * completed, free this ABORT resource. 1233 * Otherwise FALLTHRU this will flag a 1234 * protocol problem. 1235 */ 1236 if ((icmdp->cmd_type == ISCSI_CMD_TYPE_ABORT) && 1237 (icmdp->cmd_un.abort.icmdp == NULL)) { 1238 iscsi_cmd_state_machine(icmdp, 1239 ISCSI_CMD_EVENT_E4, isp); 1240 break; 1241 } 1242 /* FALLTHRU */ 1243 case SCSI_TCP_TM_RESP_NO_LUN: 1244 case SCSI_TCP_TM_RESP_TASK_ALLEGIANT: 1245 case SCSI_TCP_TM_RESP_NO_FAILOVER: 1246 case SCSI_TCP_TM_RESP_IN_PRGRESS: 1247 case SCSI_TCP_TM_RESP_REJECTED: 1248 default: 1249 /* 1250 * Something is out of sync. Flush 1251 * active queues and resync the 1252 * the connection to try and recover 1253 * to a known state. 1254 */ 1255 mutex_exit(&icp->conn_queue_active.mutex); 1256 return (ISCSI_STATUS_PROTOCOL_ERROR); 1257 } 1258 break; 1259 1260 default: 1261 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1262 "received a task mgt response for a non-task mgt " 1263 "cmd itt:0x%x type:%d", icp->conn_oid, istmrhp->itt, 1264 icmdp->cmd_type); 1265 mutex_exit(&icp->conn_queue_active.mutex); 1266 return (ISCSI_STATUS_PROTOCOL_ERROR); 1267 } 1268 1269 mutex_exit(&icp->conn_queue_active.mutex); 1270 return (ISCSI_STATUS_SUCCESS); 1271 } 1272 1273 1274 /* 1275 * iscsi_rx_process_logout - 1276 * 1277 */ 1278 /* ARGSUSED */ 1279 static iscsi_status_t 1280 iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1281 { 1282 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1283 iscsi_sess_t *isp = icp->conn_sess; 1284 iscsi_logout_rsp_hdr_t *ilrhp = (iscsi_logout_rsp_hdr_t *)ihp; 1285 iscsi_cmd_t *icmdp = NULL; 1286 1287 ASSERT(icp != NULL); 1288 ASSERT(ihp != NULL); 1289 isp = icp->conn_sess; 1290 ASSERT(isp != NULL); 1291 1292 if (icp->conn_expstatsn != ntohl(ilrhp->statsn)) { 1293 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1294 "received status out of order itt:0x%x statsn:0x%x " 1295 "expstatsn:0x%x", icp->conn_oid, ilrhp->itt, 1296 ntohl(ilrhp->statsn), icp->conn_expstatsn); 1297 return (ISCSI_STATUS_PROTOCOL_ERROR); 1298 } 1299 1300 mutex_enter(&icp->conn_queue_active.mutex); 1301 mutex_enter(&isp->sess_cmdsn_mutex); 1302 if (ilrhp->itt != ISCSI_RSVD_TASK_TAG) { 1303 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1304 isp, ihp, &icmdp))) { 1305 mutex_exit(&isp->sess_cmdsn_mutex); 1306 mutex_exit(&icp->conn_queue_active.mutex); 1307 return (ISCSI_STATUS_PROTOCOL_ERROR); 1308 } 1309 } 1310 1311 /* update expcmdsn and maxcmdsn */ 1312 iscsi_update_flow_control(isp, ntohl(ilrhp->maxcmdsn), 1313 ntohl(ilrhp->expcmdsn)); 1314 mutex_exit(&isp->sess_cmdsn_mutex); 1315 1316 switch (ilrhp->response) { 1317 case ISCSI_LOGOUT_CID_NOT_FOUND: 1318 /* 1319 * If the target doesn't know about our connection 1320 * then we can consider our self disconnected. 1321 */ 1322 /* FALLTHRU */ 1323 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 1324 /* 1325 * We don't support ErrorRecovery levels above 0 1326 * currently so consider this success. 1327 */ 1328 /* FALLTHRU */ 1329 case ISCSI_LOGOUT_CLEANUP_FAILED: 1330 /* 1331 * per spec. "cleanup failed for various reasons." 1332 * Although those various reasons are undefined. 1333 * Not sure what to do here. So fake success, 1334 * which will disconnect the connection. 1335 */ 1336 /* FALLTHRU */ 1337 case ISCSI_LOGOUT_SUCCESS: 1338 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1339 mutex_exit(&icp->conn_queue_active.mutex); 1340 /* logout completed successfully notify the conn */ 1341 mutex_enter(&icp->conn_state_mutex); 1342 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 1343 mutex_exit(&icp->conn_state_mutex); 1344 break; 1345 default: 1346 mutex_exit(&icp->conn_queue_active.mutex); 1347 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1348 } 1349 1350 return (rval); 1351 } 1352 1353 1354 /* 1355 * iscsi_rx_process_logout - 1356 * 1357 */ 1358 /* ARGSUSED */ 1359 static iscsi_status_t 1360 iscsi_rx_process_async_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1361 { 1362 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1363 iscsi_async_evt_hdr_t *iaehp = (iscsi_async_evt_hdr_t *)ihp; 1364 1365 ASSERT(icp != NULL); 1366 ASSERT(ihp != NULL); 1367 ASSERT(icp->conn_sess != NULL); 1368 1369 if (icp->conn_expstatsn != ntohl(iaehp->statsn)) { 1370 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1371 "received status out of order itt:0x%x statsn:0x%x " 1372 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1373 ntohl(iaehp->statsn), icp->conn_expstatsn); 1374 return (ISCSI_STATUS_PROTOCOL_ERROR); 1375 } 1376 1377 switch (iaehp->async_event) { 1378 case ISCSI_ASYNC_EVENT_SCSI_EVENT: 1379 /* 1380 * SCSI asynchronous event is reported in 1381 * the sense data. Sense data that accompanies 1382 * the report in the data segment identifies the 1383 * condition. If the target supports SCSI 1384 * asynchronous events reporting (see [SAM2]) 1385 * as indicated in the stardard INQUIRY data 1386 * (see [SPC3]), its use may be enabled by 1387 * parameters in the SCSI control mode page 1388 * (see [SPC3]). 1389 * 1390 * T-10 has removed SCSI asunchronous events 1391 * from the standard. Although we have seen 1392 * a couple targets still spending these requests. 1393 * Those targets were specifically sending them 1394 * for notification of a LUN/Volume change 1395 * (ex. LUN addition/removal). Take a general 1396 * action to these events of dis/reconnecting. 1397 * Once reconnected we perform a reenumeration. 1398 */ 1399 mutex_enter(&icp->conn_state_mutex); 1400 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1401 mutex_exit(&icp->conn_state_mutex); 1402 break; 1403 1404 case ISCSI_ASYNC_EVENT_REQUEST_LOGOUT: 1405 /* Target has requested this connection to logout. */ 1406 mutex_enter(&icp->conn_state_mutex); 1407 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1408 mutex_exit(&icp->conn_state_mutex); 1409 break; 1410 1411 case ISCSI_ASYNC_EVENT_DROPPING_CONNECTION: 1412 /* 1413 * Target is going to drop our connection. 1414 * param1 - CID which will be dropped. 1415 * param2 - Min time to reconnect. 1416 * param3 - Max time to reconnect. 1417 * 1418 * For now just let fail as another disconnect. 1419 * 1420 * MC/S Once we support > 1 connections then 1421 * we need to check the CID and drop that 1422 * specific connection. 1423 */ 1424 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1425 mutex_enter(&icp->conn_state_mutex); 1426 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1427 mutex_exit(&icp->conn_state_mutex); 1428 break; 1429 1430 case ISCSI_ASYNC_EVENT_DROPPING_ALL_CONNECTIONS: 1431 /* 1432 * Target is going to drop ALL connections. 1433 * param2 - Min time to reconnect. 1434 * param3 - Max time to reconnect. 1435 * 1436 * For now just let fail as anyother disconnect. 1437 * 1438 * MC/S Once we support more than > 1 connections 1439 * then we need to drop all connections on the 1440 * session. 1441 */ 1442 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1443 mutex_enter(&icp->conn_state_mutex); 1444 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1445 mutex_exit(&icp->conn_state_mutex); 1446 break; 1447 1448 case ISCSI_ASYNC_EVENT_PARAM_NEGOTIATION: 1449 /* 1450 * Target requests parameter negotiation 1451 * on this connection. 1452 * 1453 * The initiator must honor this request. For 1454 * now we will request a logout. We can't 1455 * just ignore this or it might force corruption? 1456 */ 1457 mutex_enter(&icp->conn_state_mutex); 1458 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1459 mutex_exit(&icp->conn_state_mutex); 1460 break; 1461 1462 case ISCSI_ASYNC_EVENT_VENDOR_SPECIFIC: 1463 /* 1464 * We currently don't handle any vendor 1465 * specific async events. So just ignore 1466 * the request. 1467 */ 1468 mutex_enter(&icp->conn_state_mutex); 1469 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1470 mutex_exit(&icp->conn_state_mutex); 1471 break; 1472 default: 1473 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1474 } 1475 1476 return (rval); 1477 } 1478 1479 /* 1480 * iscsi_rx_process_text_rsp - processes iSCSI text response. It sets 1481 * the cmd_result field of the command data structure with the actual 1482 * status value instead of returning the status value. The return value 1483 * is SUCCESS in order to let iscsi_handle_text control the operation of 1484 * a text request. 1485 * Test requests are a handled a little different than other types of 1486 * iSCSI commands because the initiator sends additional empty text requests 1487 * in order to obtain the remaining responses required to complete the 1488 * request. iscsi_handle_text controls the operation of text request, while 1489 * iscsi_rx_process_text_rsp just process the current response. 1490 */ 1491 static iscsi_status_t 1492 iscsi_rx_process_text_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1493 { 1494 iscsi_sess_t *isp = NULL; 1495 iscsi_text_rsp_hdr_t *ithp = (iscsi_text_rsp_hdr_t *)ihp; 1496 iscsi_cmd_t *icmdp = NULL; 1497 boolean_t final = B_FALSE; 1498 uint32_t data_len; 1499 1500 ASSERT(icp != NULL); 1501 ASSERT(ihp != NULL); 1502 ASSERT(data != NULL); 1503 1504 isp = icp->conn_sess; 1505 ASSERT(isp != NULL); 1506 1507 if (icp->conn_expstatsn == ntohl(ithp->statsn)) { 1508 icp->conn_expstatsn++; 1509 } else { 1510 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1511 "received status out of order itt:0x%x statsn:0x%x " 1512 "expstatsn:0x%x", icp->conn_oid, ithp->itt, 1513 ntohl(ithp->statsn), icp->conn_expstatsn); 1514 return (ISCSI_STATUS_PROTOCOL_ERROR); 1515 } 1516 1517 mutex_enter(&icp->conn_queue_active.mutex); 1518 mutex_enter(&isp->sess_cmdsn_mutex); 1519 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1520 mutex_exit(&isp->sess_cmdsn_mutex); 1521 mutex_exit(&icp->conn_queue_active.mutex); 1522 return (ISCSI_STATUS_PROTOCOL_ERROR); 1523 } 1524 1525 /* update expcmdsn and maxcmdsn */ 1526 iscsi_update_flow_control(isp, ntohl(ithp->maxcmdsn), 1527 ntohl(ithp->expcmdsn)); 1528 mutex_exit(&isp->sess_cmdsn_mutex); 1529 1530 /* update local final response flag */ 1531 if (ithp->flags & ISCSI_FLAG_FINAL) { 1532 final = B_TRUE; 1533 } 1534 1535 /* 1536 * validate received TTT value. RFC3720 specifies the following: 1537 * - F bit set to 1 MUST have a reserved TTT value 0xffffffff 1538 * - F bit set to 0 MUST have a non-reserved TTT value !0xffffffff 1539 * In addition, the received TTT value must not change between 1540 * responses of a long text response 1541 */ 1542 if (((final == B_TRUE) && (ithp->ttt != ISCSI_RSVD_TASK_TAG)) || 1543 ((final == B_FALSE) && (ithp->ttt == ISCSI_RSVD_TASK_TAG))) { 1544 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1545 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1546 mutex_exit(&icp->conn_queue_active.mutex); 1547 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1548 "received text response with invalid flags:0x%x or " 1549 "ttt:0x%x", icp->conn_oid, ithp->flags, ithp->itt); 1550 return (ISCSI_STATUS_PROTOCOL_ERROR); 1551 } 1552 1553 if ((icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) && 1554 (ithp->ttt == ISCSI_RSVD_TASK_TAG) && 1555 (final == B_FALSE)) { 1556 /* TTT should have matched reserved value */ 1557 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1558 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1559 mutex_exit(&icp->conn_queue_active.mutex); 1560 cmn_err(CE_WARN, "iscsi connection(%u) protocol " 1561 "error - received text response with invalid " 1562 "ttt:0x%x", icp->conn_oid, ithp->ttt); 1563 return (ISCSI_STATUS_PROTOCOL_ERROR); 1564 } 1565 1566 /* 1567 * If this is first response, save away TTT value for later use 1568 * in a long text request/response sequence 1569 */ 1570 if (icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) { 1571 icmdp->cmd_un.text.ttt = ithp->ttt; 1572 } 1573 1574 data_len = ntoh24(ithp->dlength); 1575 1576 /* check whether enough buffer available to copy data */ 1577 if ((icmdp->cmd_un.text.total_rx_len + data_len) > 1578 icmdp->cmd_un.text.buf_len) { 1579 icmdp->cmd_un.text.total_rx_len += data_len; 1580 icmdp->cmd_result = ISCSI_STATUS_DATA_OVERFLOW; 1581 /* 1582 * DATA_OVERFLOW will result in a SUCCESS return so that 1583 * iscsi_handle_text can continue to obtain the remaining 1584 * text response if needed. 1585 */ 1586 } else { 1587 char *buf_data = (icmdp->cmd_un.text.buf + 1588 icmdp->cmd_un.text.offset); 1589 1590 bcopy(data, buf_data, data_len); 1591 icmdp->cmd_un.text.offset += data_len; 1592 icmdp->cmd_un.text.total_rx_len += data_len; 1593 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 1594 bcopy(ithp->rsvd4, icmdp->cmd_un.text.lun, 1595 sizeof (icmdp->cmd_un.text.lun)); 1596 } 1597 1598 /* update stage */ 1599 if (final == B_TRUE) { 1600 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1601 } else { 1602 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 1603 } 1604 1605 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1606 mutex_exit(&icp->conn_queue_active.mutex); 1607 return (ISCSI_STATUS_SUCCESS); 1608 } 1609 1610 /* 1611 * iscsi_rx_process_itt_to_icmdp - Lookup itt in the session's 1612 * cmd table to find matching icmdp. Verify itt in hdr and 1613 * icmdp are the same. 1614 */ 1615 static iscsi_status_t 1616 iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, iscsi_hdr_t *ihp, 1617 iscsi_cmd_t **icmdp) 1618 { 1619 int cmd_table_idx = 0; 1620 1621 ASSERT(isp != NULL); 1622 ASSERT(ihp != NULL); 1623 ASSERT(icmdp != NULL); 1624 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 1625 1626 /* try to find an associated iscsi_pkt */ 1627 cmd_table_idx = ihp->itt % ISCSI_CMD_TABLE_SIZE; 1628 if (isp->sess_cmd_table[cmd_table_idx] == NULL) { 1629 cmn_err(CE_WARN, "iscsi session(%u) protocol error - " 1630 "received unknown itt:0x%x - protocol error", 1631 isp->sess_oid, ihp->itt); 1632 return (ISCSI_STATUS_INTERNAL_ERROR); 1633 } 1634 1635 /* verify itt */ 1636 if (isp->sess_cmd_table[cmd_table_idx]->cmd_itt != ihp->itt) { 1637 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1638 " which is out of sync with itt:0x%x", isp->sess_oid, 1639 ihp->itt, isp->sess_cmd_table[cmd_table_idx]->cmd_itt); 1640 return (ISCSI_STATUS_INTERNAL_ERROR); 1641 } 1642 1643 /* ensure that icmdp is still in Active state */ 1644 if (isp->sess_cmd_table[cmd_table_idx]->cmd_state != 1645 ISCSI_CMD_STATE_ACTIVE) { 1646 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1647 "but icmdp (%p) is not in active state", 1648 isp->sess_oid, ihp->itt, 1649 (void *)isp->sess_cmd_table[cmd_table_idx]); 1650 return (ISCSI_STATUS_INTERNAL_ERROR); 1651 } 1652 1653 /* make sure this is a SCSI cmd */ 1654 *icmdp = isp->sess_cmd_table[cmd_table_idx]; 1655 1656 return (ISCSI_STATUS_SUCCESS); 1657 } 1658 1659 1660 /* 1661 * +--------------------------------------------------------------------+ 1662 * | End of protocol receive routines | 1663 * +--------------------------------------------------------------------+ 1664 */ 1665 1666 /* 1667 * +--------------------------------------------------------------------+ 1668 * | Beginning of protocol send routines | 1669 * +--------------------------------------------------------------------+ 1670 */ 1671 1672 1673 /* 1674 * iscsi_tx_thread - This thread is the driving point for all 1675 * iSCSI PDUs after login. No PDUs should call sendpdu() 1676 * directly they should be funneled through iscsi_tx_thread. 1677 */ 1678 void 1679 iscsi_tx_thread(iscsi_thread_t *thread, void *arg) 1680 { 1681 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 1682 iscsi_sess_t *isp = NULL; 1683 iscsi_cmd_t *icmdp = NULL; 1684 clock_t tout; 1685 int ret = 1; 1686 1687 ASSERT(icp != NULL); 1688 isp = icp->conn_sess; 1689 ASSERT(isp != NULL); 1690 ASSERT(thread != NULL); 1691 ASSERT(thread->signature == SIG_ISCSI_THREAD); 1692 1693 tout = SEC_TO_TICK(1); 1694 /* 1695 * Transfer icmdps until shutdown by owning session. 1696 */ 1697 while (ret != 0) { 1698 1699 isp->sess_window_open = B_TRUE; 1700 1701 /* 1702 * While the window is open, there are commands available 1703 * to send and the session state allows those commands to 1704 * be sent try to transfer them. 1705 */ 1706 mutex_enter(&isp->sess_queue_pending.mutex); 1707 while ((isp->sess_window_open == B_TRUE) && 1708 ((icmdp = isp->sess_queue_pending.head) != NULL) && 1709 (((icmdp->cmd_type != ISCSI_CMD_TYPE_SCSI) && 1710 (ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state))) || 1711 (icp->conn_state == ISCSI_CONN_STATE_LOGGED_IN))) { 1712 1713 /* update command with this connection info */ 1714 icmdp->cmd_conn = icp; 1715 /* attempt to send this command */ 1716 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E2, isp); 1717 1718 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1719 mutex_enter(&isp->sess_queue_pending.mutex); 1720 } 1721 mutex_exit(&isp->sess_queue_pending.mutex); 1722 1723 /* 1724 * Go to sleep until there is something new 1725 * to process (awoken via cv_boardcast). 1726 * Or the timer goes off. 1727 */ 1728 ret = iscsi_thread_wait(thread, tout); 1729 } 1730 1731 } 1732 1733 1734 /* 1735 * iscsi_tx_cmd - transfers icmdp across wire as iscsi pdu 1736 * 1737 * Just prior to sending the command to the networking layer the 1738 * pending queue lock will be dropped. At this point only local 1739 * resources will be used, not the icmdp. Holding the queue lock 1740 * across the networking call can lead to a hang. (This is due 1741 * to the the target driver and networking layers competing use 1742 * of the timeout() resources and the queue lock being held for 1743 * both sides.) Upon the completion of this command the lock 1744 * will have been re-acquired. 1745 */ 1746 iscsi_status_t 1747 iscsi_tx_cmd(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1748 { 1749 iscsi_status_t rval = ISCSI_STATUS_INTERNAL_ERROR; 1750 1751 ASSERT(isp != NULL); 1752 ASSERT(icmdp != NULL); 1753 1754 /* transfer specific command type */ 1755 switch (icmdp->cmd_type) { 1756 case ISCSI_CMD_TYPE_SCSI: 1757 rval = iscsi_tx_scsi(isp, icmdp); 1758 break; 1759 case ISCSI_CMD_TYPE_R2T: 1760 rval = iscsi_tx_r2t(isp, icmdp); 1761 break; 1762 case ISCSI_CMD_TYPE_NOP: 1763 rval = iscsi_tx_nop(isp, icmdp); 1764 break; 1765 case ISCSI_CMD_TYPE_ABORT: 1766 rval = iscsi_tx_abort(isp, icmdp); 1767 break; 1768 case ISCSI_CMD_TYPE_RESET: 1769 rval = iscsi_tx_reset(isp, icmdp); 1770 break; 1771 case ISCSI_CMD_TYPE_LOGOUT: 1772 rval = iscsi_tx_logout(isp, icmdp); 1773 break; 1774 case ISCSI_CMD_TYPE_TEXT: 1775 rval = iscsi_tx_text(isp, icmdp); 1776 break; 1777 default: 1778 ASSERT(FALSE); 1779 } 1780 1781 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1782 return (rval); 1783 } 1784 1785 /* 1786 * a variable length cdb can be up to 16K, but we obviously don't want 1787 * to put that on the stack; go with 200 bytes; if we get something 1788 * bigger than that we will kmem_alloc a buffer 1789 */ 1790 #define DEF_CDB_LEN 200 1791 1792 /* 1793 * given the size of the cdb, return how many bytes the header takes, 1794 * which is the sizeof addl_hdr_t + the CDB size, minus the 16 bytes 1795 * stored in the basic header, minus sizeof (ahs_extscb) 1796 */ 1797 #define ADDLHDRSZ(x) (sizeof (iscsi_addl_hdr_t) + (x) - \ 1798 16 - 4) 1799 1800 /* 1801 * iscsi_tx_scsi - 1802 * 1803 */ 1804 static iscsi_status_t 1805 iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1806 { 1807 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1808 iscsi_conn_t *icp = NULL; 1809 struct scsi_pkt *pkt = NULL; 1810 struct buf *bp = NULL; 1811 union { 1812 iscsi_scsi_cmd_hdr_t isch; 1813 iscsi_addl_hdr_t iah; 1814 uchar_t arr[ADDLHDRSZ(DEF_CDB_LEN)]; 1815 } hdr_un; 1816 iscsi_scsi_cmd_hdr_t *ihp = 1817 (iscsi_scsi_cmd_hdr_t *)&hdr_un.isch; 1818 int cdblen = 0; 1819 size_t buflen = 0; 1820 uint32_t imdata = 0; 1821 uint32_t first_burst_length = 0; 1822 1823 ASSERT(isp != NULL); 1824 ASSERT(icmdp != NULL); 1825 pkt = icmdp->cmd_un.scsi.pkt; 1826 ASSERT(pkt != NULL); 1827 bp = icmdp->cmd_un.scsi.bp; 1828 icp = icmdp->cmd_conn; 1829 ASSERT(icp != NULL); 1830 1831 /* Reset counts in case we are on a retry */ 1832 icmdp->cmd_un.scsi.data_transferred = 0; 1833 1834 if (icmdp->cmd_un.scsi.cmdlen > DEF_CDB_LEN) { 1835 cdblen = icmdp->cmd_un.scsi.cmdlen; 1836 ihp = kmem_zalloc(ADDLHDRSZ(cdblen), KM_SLEEP); 1837 } else { 1838 /* 1839 * only bzero the basic header; the additional header 1840 * will be set up correctly later, if needed 1841 */ 1842 bzero(ihp, sizeof (iscsi_scsi_cmd_hdr_t)); 1843 } 1844 ihp->opcode = ISCSI_OP_SCSI_CMD; 1845 ihp->itt = icmdp->cmd_itt; 1846 mutex_enter(&isp->sess_cmdsn_mutex); 1847 ihp->cmdsn = htonl(isp->sess_cmdsn); 1848 isp->sess_cmdsn++; 1849 mutex_exit(&isp->sess_cmdsn_mutex); 1850 ihp->expstatsn = htonl(icp->conn_expstatsn); 1851 icp->conn_laststatsn = icp->conn_expstatsn; 1852 1853 pkt->pkt_state = (STATE_GOT_BUS | STATE_GOT_TARGET); 1854 pkt->pkt_reason = CMD_INCOMPLETE; 1855 1856 /* 1857 * Sestion 12.11 of the iSCSI specification has a good table 1858 * describing when uncolicited data and/or immediate data 1859 * should be sent. 1860 */ 1861 bp = icmdp->cmd_un.scsi.bp; 1862 if ((bp != NULL) && bp->b_bcount) { 1863 buflen = bp->b_bcount; 1864 first_burst_length = icp->conn_params.first_burst_length; 1865 1866 if (bp->b_flags & B_READ) { 1867 ihp->flags = ISCSI_FLAG_FINAL; 1868 /* 1869 * fix problem where OS sends bp (B_READ & 1870 * b_bcount!=0) for a TUR or START_STOP. 1871 * (comment came from cisco code.) 1872 */ 1873 if ((pkt->pkt_cdbp[0] != SCMD_TEST_UNIT_READY) && 1874 (pkt->pkt_cdbp[0] != SCMD_START_STOP)) { 1875 ihp->flags |= ISCSI_FLAG_CMD_READ; 1876 ihp->data_length = htonl(buflen); 1877 } 1878 } else { 1879 ihp->flags = ISCSI_FLAG_CMD_WRITE; 1880 /* 1881 * FinalBit on the the iSCSI PDU denotes this 1882 * is the last PDU in the sequence. 1883 * 1884 * initial_r2t = true means R2T is required 1885 * for additional PDU, so there will be no more 1886 * unsolicited PDUs following 1887 */ 1888 if (icp->conn_params.initial_r2t) { 1889 ihp->flags |= ISCSI_FLAG_FINAL; 1890 } 1891 1892 /* Check if we should send ImmediateData */ 1893 if (icp->conn_params.immediate_data) { 1894 imdata = MIN(MIN(buflen, 1895 first_burst_length), 1896 icmdp->cmd_conn->conn_params. 1897 max_xmit_data_seg_len); 1898 1899 /* 1900 * if everything fits immediate, or 1901 * we can send all burst data immediate 1902 * (not unsol), set F 1903 */ 1904 if ((imdata == buflen) || 1905 (imdata == first_burst_length)) { 1906 ihp->flags |= ISCSI_FLAG_FINAL; 1907 } 1908 1909 hton24(ihp->dlength, imdata); 1910 } 1911 1912 /* total data transfer length */ 1913 ihp->data_length = htonl(buflen); 1914 } 1915 } else { 1916 ihp->flags = ISCSI_FLAG_FINAL; 1917 buflen = 0; 1918 } 1919 1920 /* tagged queuing */ 1921 if (pkt->pkt_flags & FLAG_HTAG) { 1922 ihp->flags |= ISCSI_ATTR_HEAD_OF_QUEUE; 1923 } else if (pkt->pkt_flags & FLAG_OTAG) { 1924 ihp->flags |= ISCSI_ATTR_ORDERED; 1925 } else if (pkt->pkt_flags & FLAG_STAG) { 1926 ihp->flags |= ISCSI_ATTR_SIMPLE; 1927 } else { 1928 /* ihp->flags |= ISCSI_ATTR_UNTAGGED; */ 1929 /* EMPTY */ 1930 } 1931 1932 /* iscsi states lun is based on spc.2 */ 1933 ISCSI_LUN_BYTE_COPY(ihp->lun, icmdp->cmd_un.scsi.lun); 1934 1935 if (icmdp->cmd_un.scsi.cmdlen <= 16) { 1936 /* copy the SCSI Command Block into the PDU */ 1937 bcopy(pkt->pkt_cdbp, ihp->scb, 1938 icmdp->cmd_un.scsi.cmdlen); 1939 } else { 1940 iscsi_addl_hdr_t *iahp; 1941 1942 iahp = (iscsi_addl_hdr_t *)ihp; 1943 1944 ihp->hlength = (ADDLHDRSZ(icmdp->cmd_un.scsi.cmdlen) - 1945 sizeof (iscsi_scsi_cmd_hdr_t) + 3) / 4; 1946 iahp->ahs_hlen_hi = 0; 1947 iahp->ahs_hlen_lo = (icmdp->cmd_un.scsi.cmdlen - 15); 1948 iahp->ahs_key = 0x01; 1949 iahp->ahs_resv = 0; 1950 bcopy(pkt->pkt_cdbp, ihp->scb, 16); 1951 bcopy(((char *)pkt->pkt_cdbp) + 16, &iahp->ahs_extscb[0], 1952 icmdp->cmd_un.scsi.cmdlen); 1953 } 1954 1955 /* 1956 * Update all values before transfering. 1957 * We should never touch the icmdp after 1958 * transfering if there is no more data 1959 * to send. The only case the sendpdu() 1960 * will fail is a on a connection disconnect 1961 * in that case the command will be flushed. 1962 */ 1963 pkt->pkt_state |= STATE_SENT_CMD; 1964 1965 icmdp->cmd_un.scsi.data_transferred += imdata; 1966 1967 /* 1968 * Check if there is additional data to transfer beyond what 1969 * will be sent as part of the initial command. If InitialR2T 1970 * is disabled then we should fake up a R2T so all the data, 1971 * up to first burst length, is sent in an unsolicited 1972 * fashion. We have already sent as much immediate data 1973 * as possible. 1974 */ 1975 if ((buflen > 0) && 1976 ((bp->b_flags & B_READ) == 0) && 1977 (icp->conn_params.initial_r2t == 0) && 1978 (MIN(first_burst_length, buflen) - imdata > 0)) { 1979 1980 uint32_t xfer_len = MIN(first_burst_length, buflen) - imdata; 1981 /* data will be chunked at tx */ 1982 iscsi_handle_r2t(icp, icmdp, imdata, 1983 xfer_len, ISCSI_RSVD_TASK_TAG); 1984 } 1985 1986 /* release pending queue mutex across the network call */ 1987 mutex_exit(&isp->sess_queue_pending.mutex); 1988 1989 /* Transfer Cmd PDU */ 1990 if (imdata) { 1991 rval = iscsi_net->sendpdu(icp->conn_socket, 1992 (iscsi_hdr_t *)ihp, icmdp->cmd_un.scsi.bp->b_un.b_addr, 1993 ISCSI_CONN_TO_NET_DIGEST(icp)); 1994 if (ISCSI_SUCCESS(rval)) { 1995 KSTAT_ADD_CONN_TX_BYTES(icp, imdata); 1996 } 1997 } else { 1998 rval = iscsi_net->sendpdu(icp->conn_socket, 1999 (iscsi_hdr_t *)ihp, NULL, 2000 ISCSI_CONN_TO_NET_DIGEST(icp)); 2001 } 2002 if (cdblen) { 2003 kmem_free(ihp, ADDLHDRSZ(cdblen)); 2004 } 2005 2006 return (rval); 2007 } 2008 2009 2010 /* 2011 * iscsi_tx_r2t - 2012 * 2013 */ 2014 static iscsi_status_t 2015 iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2016 { 2017 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2018 iscsi_conn_t *icp = NULL; 2019 iscsi_cmd_t *orig_icmdp = NULL; 2020 2021 ASSERT(isp != NULL); 2022 ASSERT(icmdp != NULL); 2023 icp = icmdp->cmd_conn; 2024 ASSERT(icp); 2025 orig_icmdp = icmdp->cmd_un.r2t.icmdp; 2026 ASSERT(orig_icmdp); 2027 2028 /* validate the offset and length against the buffer size */ 2029 if ((icmdp->cmd_un.r2t.offset + icmdp->cmd_un.r2t.length) > 2030 orig_icmdp->cmd_un.scsi.bp->b_bcount) { 2031 cmn_err(CE_WARN, "iscsi session(%u) ignoring invalid r2t " 2032 "for icmd itt:0x%x offset:0x%x length:0x%x bufsize:0x%lx", 2033 isp->sess_oid, icmdp->cmd_itt, icmdp->cmd_un.r2t.offset, 2034 icmdp->cmd_un.r2t.length, orig_icmdp->cmd_un.scsi.bp-> 2035 b_bcount); 2036 mutex_exit(&isp->sess_queue_pending.mutex); 2037 return (ISCSI_STATUS_INTERNAL_ERROR); 2038 } 2039 ASSERT(orig_icmdp->cmd_un.scsi.r2t_icmdp); 2040 2041 rval = iscsi_tx_data(isp, icp, orig_icmdp, icmdp->cmd_ttt, 2042 icmdp->cmd_un.r2t.length, icmdp->cmd_un.r2t.offset); 2043 2044 mutex_enter(&orig_icmdp->cmd_mutex); 2045 orig_icmdp->cmd_un.scsi.r2t_icmdp = NULL; 2046 icmdp->cmd_un.r2t.icmdp = NULL; 2047 /* 2048 * we're finished with this r2t; there could be another r2t 2049 * waiting on us to finish, so signal it. 2050 */ 2051 cv_broadcast(&orig_icmdp->cmd_completion); 2052 mutex_exit(&orig_icmdp->cmd_mutex); 2053 /* 2054 * the parent command may be waiting for us to finish; if so, 2055 * wake the _ic_ thread 2056 */ 2057 if ((orig_icmdp->cmd_state == ISCSI_CMD_STATE_COMPLETED) && 2058 (ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state))) 2059 iscsi_thread_send_wakeup(isp->sess_ic_thread); 2060 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 2061 return (rval); 2062 } 2063 2064 2065 /* 2066 * iscsi_tx_data - 2067 */ 2068 static iscsi_status_t 2069 iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2070 uint32_t ttt, size_t datalen, size_t offset) 2071 { 2072 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2073 struct buf *bp = NULL; 2074 size_t remainder = 0; 2075 size_t chunk = 0; 2076 char *data = NULL; 2077 uint32_t data_sn = 0; 2078 iscsi_data_hdr_t idhp; 2079 uint32_t itt; 2080 uint32_t lun; 2081 2082 ASSERT(isp != NULL); 2083 ASSERT(icp != NULL); 2084 ASSERT(icmdp != NULL); 2085 bp = icmdp->cmd_un.scsi.bp; 2086 2087 /* verify there is data to send */ 2088 if (bp == NULL) { 2089 mutex_exit(&isp->sess_queue_pending.mutex); 2090 return (ISCSI_STATUS_INTERNAL_ERROR); 2091 } 2092 2093 itt = icmdp->cmd_itt; 2094 lun = icmdp->cmd_un.scsi.lun; 2095 2096 /* 2097 * update the LUN with the amount of data we will 2098 * transfer. If there is a failure it's because of 2099 * a network fault and the command will get flushed. 2100 */ 2101 icmdp->cmd_un.scsi.data_transferred += datalen; 2102 2103 /* release pending queue mutex across the network call */ 2104 mutex_exit(&isp->sess_queue_pending.mutex); 2105 2106 remainder = datalen; 2107 while (remainder) { 2108 2109 /* Check so see if we need to chunk the data */ 2110 if ((icp->conn_params.max_xmit_data_seg_len > 0) && 2111 (remainder > icp->conn_params.max_xmit_data_seg_len)) { 2112 chunk = icp->conn_params.max_xmit_data_seg_len; 2113 } else { 2114 chunk = remainder; 2115 } 2116 2117 /* setup iscsi data hdr */ 2118 bzero(&idhp, sizeof (iscsi_data_hdr_t)); 2119 idhp.opcode = ISCSI_OP_SCSI_DATA; 2120 idhp.itt = itt; 2121 idhp.ttt = ttt; 2122 ISCSI_LUN_BYTE_COPY(idhp.lun, lun); 2123 idhp.expstatsn = htonl(icp->conn_expstatsn); 2124 icp->conn_laststatsn = icp->conn_expstatsn; 2125 idhp.datasn = htonl(data_sn); 2126 data_sn++; 2127 idhp.offset = htonl(offset); 2128 hton24(idhp.dlength, chunk); 2129 2130 if (chunk == remainder) { 2131 idhp.flags = ISCSI_FLAG_FINAL; /* final chunk */ 2132 } 2133 2134 /* setup data */ 2135 data = bp->b_un.b_addr + offset; 2136 2137 /* 2138 * Keep track of how much data we have 2139 * transfer so far and how much is remaining. 2140 */ 2141 remainder -= chunk; 2142 offset += chunk; 2143 2144 rval = iscsi_net->sendpdu(icp->conn_socket, 2145 (iscsi_hdr_t *)&idhp, data, 2146 ISCSI_CONN_TO_NET_DIGEST(icp)); 2147 2148 if (ISCSI_SUCCESS(rval)) { 2149 KSTAT_ADD_CONN_TX_BYTES(icp, chunk); 2150 } else { 2151 break; 2152 } 2153 } 2154 2155 return (rval); 2156 } 2157 2158 2159 /* 2160 * iscsi_tx_nop - 2161 * 2162 */ 2163 static iscsi_status_t 2164 iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2165 { 2166 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2167 iscsi_conn_t *icp = NULL; 2168 iscsi_nop_out_hdr_t inohp; 2169 2170 ASSERT(isp != NULL); 2171 ASSERT(icmdp != NULL); 2172 icp = icmdp->cmd_conn; 2173 ASSERT(icp != NULL); 2174 2175 bzero(&inohp, sizeof (iscsi_nop_out_hdr_t)); 2176 inohp.opcode = ISCSI_OP_NOOP_OUT | ISCSI_OP_IMMEDIATE; 2177 inohp.flags = ISCSI_FLAG_FINAL; 2178 inohp.itt = icmdp->cmd_itt; 2179 inohp.ttt = icmdp->cmd_ttt; 2180 mutex_enter(&isp->sess_cmdsn_mutex); 2181 inohp.cmdsn = htonl(isp->sess_cmdsn); 2182 mutex_exit(&isp->sess_cmdsn_mutex); 2183 inohp.expstatsn = htonl(icp->conn_expstatsn); 2184 icp->conn_laststatsn = icp->conn_expstatsn; 2185 2186 /* release pending queue mutex across the network call */ 2187 mutex_exit(&isp->sess_queue_pending.mutex); 2188 2189 rval = iscsi_net->sendpdu(icp->conn_socket, 2190 (iscsi_hdr_t *)&inohp, NULL, 2191 ISCSI_CONN_TO_NET_DIGEST(icp)); 2192 2193 return (rval); 2194 } 2195 2196 2197 /* 2198 * iscsi_tx_abort - 2199 * 2200 */ 2201 static iscsi_status_t 2202 iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2203 { 2204 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2205 iscsi_conn_t *icp = NULL; 2206 iscsi_scsi_task_mgt_hdr_t istmh; 2207 2208 ASSERT(isp != NULL); 2209 ASSERT(icmdp != NULL); 2210 icp = icmdp->cmd_conn; 2211 ASSERT(icp != NULL); 2212 2213 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2214 mutex_enter(&isp->sess_cmdsn_mutex); 2215 istmh.cmdsn = htonl(isp->sess_cmdsn); 2216 mutex_exit(&isp->sess_cmdsn_mutex); 2217 istmh.expstatsn = htonl(icp->conn_expstatsn); 2218 icp->conn_laststatsn = icp->conn_expstatsn; 2219 istmh.itt = icmdp->cmd_itt; 2220 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2221 istmh.function = ISCSI_FLAG_FINAL | ISCSI_TM_FUNC_ABORT_TASK; 2222 ISCSI_LUN_BYTE_COPY(istmh.lun, 2223 icmdp->cmd_un.abort.icmdp->cmd_un.scsi.lun); 2224 istmh.rtt = icmdp->cmd_un.abort.icmdp->cmd_itt; 2225 2226 /* release pending queue mutex across the network call */ 2227 mutex_exit(&isp->sess_queue_pending.mutex); 2228 2229 rval = iscsi_net->sendpdu(icp->conn_socket, 2230 (iscsi_hdr_t *)&istmh, NULL, 2231 ISCSI_CONN_TO_NET_DIGEST(icp)); 2232 2233 return (rval); 2234 } 2235 2236 2237 /* 2238 * iscsi_tx_reset - 2239 * 2240 */ 2241 static iscsi_status_t 2242 iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2243 { 2244 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2245 iscsi_conn_t *icp = NULL; 2246 iscsi_scsi_task_mgt_hdr_t istmh; 2247 2248 ASSERT(isp != NULL); 2249 ASSERT(icmdp != NULL); 2250 icp = icmdp->cmd_conn; 2251 ASSERT(icp != NULL); 2252 2253 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2254 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2255 mutex_enter(&isp->sess_cmdsn_mutex); 2256 istmh.cmdsn = htonl(isp->sess_cmdsn); 2257 mutex_exit(&isp->sess_cmdsn_mutex); 2258 istmh.expstatsn = htonl(icp->conn_expstatsn); 2259 istmh.itt = icmdp->cmd_itt; 2260 2261 switch (icmdp->cmd_un.reset.level) { 2262 case RESET_LUN: 2263 istmh.function = ISCSI_FLAG_FINAL | 2264 ISCSI_TM_FUNC_LOGICAL_UNIT_RESET; 2265 ISCSI_LUN_BYTE_COPY(istmh.lun, icmdp->cmd_lun->lun_num); 2266 break; 2267 case RESET_TARGET: 2268 case RESET_BUS: 2269 istmh.function = ISCSI_FLAG_FINAL | 2270 ISCSI_TM_FUNC_TARGET_WARM_RESET; 2271 break; 2272 default: 2273 /* unsupported / unknown level */ 2274 ASSERT(FALSE); 2275 break; 2276 } 2277 2278 /* release pending queue mutex across the network call */ 2279 mutex_exit(&isp->sess_queue_pending.mutex); 2280 2281 rval = iscsi_net->sendpdu(icp->conn_socket, 2282 (iscsi_hdr_t *)&istmh, NULL, 2283 ISCSI_CONN_TO_NET_DIGEST(icp)); 2284 2285 return (rval); 2286 } 2287 2288 2289 /* 2290 * iscsi_tx_logout - 2291 * 2292 */ 2293 static iscsi_status_t 2294 iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2295 { 2296 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2297 iscsi_conn_t *icp = NULL; 2298 iscsi_logout_hdr_t ilh; 2299 2300 ASSERT(isp != NULL); 2301 ASSERT(icmdp != NULL); 2302 icp = icmdp->cmd_conn; 2303 ASSERT(icp != NULL); 2304 2305 bzero(&ilh, sizeof (iscsi_logout_hdr_t)); 2306 ilh.opcode = ISCSI_OP_LOGOUT_CMD | ISCSI_OP_IMMEDIATE; 2307 ilh.flags = ISCSI_FLAG_FINAL | ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2308 ilh.itt = icmdp->cmd_itt; 2309 ilh.cid = icp->conn_cid; 2310 mutex_enter(&isp->sess_cmdsn_mutex); 2311 ilh.cmdsn = htonl(isp->sess_cmdsn); 2312 mutex_exit(&isp->sess_cmdsn_mutex); 2313 ilh.expstatsn = htonl(icp->conn_expstatsn); 2314 2315 /* release pending queue mutex across the network call */ 2316 mutex_exit(&isp->sess_queue_pending.mutex); 2317 2318 rval = iscsi_net->sendpdu(icp->conn_socket, 2319 (iscsi_hdr_t *)&ilh, NULL, 2320 ISCSI_CONN_TO_NET_DIGEST(icp)); 2321 2322 return (rval); 2323 } 2324 2325 /* 2326 * iscsi_tx_text - setup iSCSI text request header and send PDU with 2327 * data given in the buffer attached to the command. For a single 2328 * text request, the target may need to send its response in multiple 2329 * text response. In this case, empty text requests are sent after 2330 * each received response to notify the target the initiator is ready 2331 * for more response. For the initial request, the data_len field in 2332 * the text specific portion of a command is set to the amount of data 2333 * the initiator wants to send as part of the request. If additional 2334 * empty text requests are required for long responses, the data_len 2335 * field is set to 0 by the iscsi_handle_text function. 2336 */ 2337 static iscsi_status_t 2338 iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2339 { 2340 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2341 iscsi_conn_t *icp = NULL; 2342 iscsi_text_hdr_t ith; 2343 2344 ASSERT(isp != NULL); 2345 ASSERT(icmdp != NULL); 2346 icp = icmdp->cmd_conn; 2347 ASSERT(icp != NULL); 2348 2349 bzero(&ith, sizeof (iscsi_text_hdr_t)); 2350 ith.opcode = ISCSI_OP_TEXT_CMD; 2351 ith.flags = ISCSI_FLAG_FINAL; 2352 hton24(ith.dlength, icmdp->cmd_un.text.data_len); 2353 ith.itt = icmdp->cmd_itt; 2354 ith.ttt = icmdp->cmd_un.text.ttt; 2355 mutex_enter(&isp->sess_cmdsn_mutex); 2356 ith.cmdsn = htonl(isp->sess_cmdsn); 2357 isp->sess_cmdsn++; 2358 ith.expstatsn = htonl(icp->conn_expstatsn); 2359 mutex_exit(&isp->sess_cmdsn_mutex); 2360 bcopy(icmdp->cmd_un.text.lun, ith.rsvd4, sizeof (ith.rsvd4)); 2361 2362 /* release pending queue mutex across the network call */ 2363 mutex_exit(&isp->sess_queue_pending.mutex); 2364 2365 rval = iscsi_net->sendpdu(icp->conn_socket, 2366 (iscsi_hdr_t *)&ith, icmdp->cmd_un.text.buf, 2367 ISCSI_CONN_TO_NET_DIGEST(icp)); 2368 2369 return (rval); 2370 } 2371 2372 /* 2373 * +--------------------------------------------------------------------+ 2374 * | End of protocol send routines | 2375 * +--------------------------------------------------------------------+ 2376 */ 2377 2378 /* 2379 * iscsi_handle_r2t - 2380 */ 2381 static void 2382 iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2383 uint32_t offset, uint32_t length, uint32_t ttt) 2384 { 2385 iscsi_sess_t *isp = NULL; 2386 iscsi_cmd_t *new_icmdp = NULL; 2387 2388 ASSERT(icp != NULL); 2389 isp = icp->conn_sess; 2390 ASSERT(isp != NULL); 2391 2392 /* 2393 * the sosendmsg from a previous r2t can be slow to return; 2394 * the array may have sent another r2t at this point, so 2395 * wait until the first one finishes and signals us. 2396 */ 2397 while (icmdp->cmd_un.scsi.r2t_icmdp != NULL) { 2398 ASSERT(icmdp->cmd_state != ISCSI_CMD_STATE_COMPLETED); 2399 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2400 } 2401 /* 2402 * try to create an R2T task to send it later. If we can't, 2403 * we're screwed, and the command will eventually time out 2404 * and be retried by the SCSI layer. 2405 */ 2406 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2407 new_icmdp->cmd_type = ISCSI_CMD_TYPE_R2T; 2408 new_icmdp->cmd_un.r2t.icmdp = icmdp; 2409 new_icmdp->cmd_un.r2t.offset = offset; 2410 new_icmdp->cmd_un.r2t.length = length; 2411 new_icmdp->cmd_ttt = ttt; 2412 new_icmdp->cmd_itt = icmdp->cmd_itt; 2413 new_icmdp->cmd_lun = icmdp->cmd_lun; 2414 icmdp->cmd_un.scsi.r2t_icmdp = new_icmdp; 2415 2416 /* 2417 * pending queue mutex is already held by the 2418 * tx_thread or rtt_rsp function. 2419 */ 2420 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2421 } 2422 2423 2424 /* 2425 * iscsi_handle_abort - 2426 * 2427 */ 2428 void 2429 iscsi_handle_abort(void *arg) 2430 { 2431 iscsi_sess_t *isp = NULL; 2432 iscsi_cmd_t *icmdp = (iscsi_cmd_t *)arg; 2433 iscsi_cmd_t *new_icmdp; 2434 iscsi_conn_t *icp; 2435 2436 ASSERT(icmdp != NULL); 2437 icp = icmdp->cmd_conn; 2438 ASSERT(icp != NULL); 2439 isp = icp->conn_sess; 2440 ASSERT(isp != NULL); 2441 2442 /* there should only be one abort */ 2443 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2444 2445 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2446 new_icmdp->cmd_type = ISCSI_CMD_TYPE_ABORT; 2447 new_icmdp->cmd_lun = icmdp->cmd_lun; 2448 new_icmdp->cmd_un.abort.icmdp = icmdp; 2449 new_icmdp->cmd_conn = icmdp->cmd_conn; 2450 icmdp->cmd_un.scsi.abort_icmdp = new_icmdp; 2451 2452 /* pending queue mutex is already held by timeout_checks */ 2453 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2454 } 2455 2456 2457 /* 2458 * iscsi_handle_nop - 2459 * 2460 */ 2461 static void 2462 iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt) 2463 { 2464 iscsi_sess_t *isp = NULL; 2465 iscsi_cmd_t *icmdp = NULL; 2466 2467 ASSERT(icp != NULL); 2468 isp = icp->conn_sess; 2469 ASSERT(isp != NULL); 2470 2471 icmdp = iscsi_cmd_alloc(icp, KM_NOSLEEP); 2472 if (icmdp == NULL) { 2473 return; 2474 } 2475 2476 icmdp->cmd_type = ISCSI_CMD_TYPE_NOP; 2477 icmdp->cmd_itt = itt; 2478 icmdp->cmd_ttt = ttt; 2479 icmdp->cmd_lun = NULL; 2480 icp->conn_nop_lbolt = ddi_get_lbolt(); 2481 2482 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2483 } 2484 2485 /* 2486 * iscsi_handle_reset - 2487 * 2488 */ 2489 iscsi_status_t 2490 iscsi_handle_reset(iscsi_sess_t *isp, int level, iscsi_lun_t *ilp) 2491 { 2492 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2493 iscsi_conn_t *icp; 2494 iscsi_cmd_t icmd; 2495 2496 ASSERT(isp != NULL); 2497 2498 bzero(&icmd, sizeof (iscsi_cmd_t)); 2499 icmd.cmd_sig = ISCSI_SIG_CMD; 2500 icmd.cmd_state = ISCSI_CMD_STATE_FREE; 2501 icmd.cmd_type = ISCSI_CMD_TYPE_RESET; 2502 icmd.cmd_lun = ilp; 2503 icmd.cmd_un.reset.level = level; 2504 icmd.cmd_result = ISCSI_STATUS_SUCCESS; 2505 icmd.cmd_completed = B_FALSE; 2506 mutex_init(&icmd.cmd_mutex, NULL, MUTEX_DRIVER, NULL); 2507 cv_init(&icmd.cmd_completion, NULL, CV_DRIVER, NULL); 2508 /* 2509 * If we received an IO and we are not in the 2510 * LOGGED_IN state we are in the process of 2511 * failing. Just respond that we are BUSY. 2512 */ 2513 mutex_enter(&isp->sess_state_mutex); 2514 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2515 /* We aren't connected to the target fake success */ 2516 mutex_exit(&isp->sess_state_mutex); 2517 return (ISCSI_STATUS_SUCCESS); 2518 } 2519 2520 mutex_enter(&isp->sess_queue_pending.mutex); 2521 iscsi_cmd_state_machine(&icmd, ISCSI_CMD_EVENT_E1, isp); 2522 mutex_exit(&isp->sess_queue_pending.mutex); 2523 mutex_exit(&isp->sess_state_mutex); 2524 2525 /* stall until completed */ 2526 mutex_enter(&icmd.cmd_mutex); 2527 while (icmd.cmd_completed == B_FALSE) { 2528 cv_wait(&icmd.cmd_completion, &icmd.cmd_mutex); 2529 } 2530 mutex_exit(&icmd.cmd_mutex); 2531 2532 /* copy rval */ 2533 rval = icmd.cmd_result; 2534 2535 if (rval == ISCSI_STATUS_SUCCESS) { 2536 /* 2537 * Reset was successful. We need to flush 2538 * all active IOs. 2539 */ 2540 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 2541 icp = isp->sess_conn_list; 2542 while (icp != NULL) { 2543 iscsi_cmd_t *t_icmdp = NULL; 2544 2545 mutex_enter(&icp->conn_queue_active.mutex); 2546 t_icmdp = icp->conn_queue_active.head; 2547 while (t_icmdp != NULL) { 2548 iscsi_cmd_state_machine(t_icmdp, 2549 ISCSI_CMD_EVENT_E7, isp); 2550 t_icmdp = icp->conn_queue_active.head; 2551 } 2552 2553 mutex_exit(&icp->conn_queue_active.mutex); 2554 icp = icp->conn_next; 2555 } 2556 rw_exit(&isp->sess_conn_list_rwlock); 2557 } 2558 2559 /* clean up */ 2560 cv_destroy(&icmd.cmd_completion); 2561 mutex_destroy(&icmd.cmd_mutex); 2562 2563 return (rval); 2564 } 2565 2566 2567 /* 2568 * iscsi_handle_logout - This function will issue a logout for 2569 * the session from a specific connection. 2570 */ 2571 iscsi_status_t 2572 iscsi_handle_logout(iscsi_conn_t *icp) 2573 { 2574 iscsi_sess_t *isp; 2575 iscsi_cmd_t *icmdp; 2576 int rval; 2577 2578 ASSERT(icp != NULL); 2579 isp = icp->conn_sess; 2580 ASSERT(isp != NULL); 2581 ASSERT(isp->sess_hba != NULL); 2582 2583 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2584 ASSERT(icmdp != NULL); 2585 icmdp->cmd_type = ISCSI_CMD_TYPE_LOGOUT; 2586 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2587 icmdp->cmd_completed = B_FALSE; 2588 2589 mutex_enter(&isp->sess_queue_pending.mutex); 2590 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2591 mutex_exit(&isp->sess_queue_pending.mutex); 2592 2593 /* 2594 * release connection state mutex to avoid a deadlock. This 2595 * function is called from within the connection state 2596 * machine with the lock held. When the logout response is 2597 * received another call to the connection state machine 2598 * occurs which causes the deadlock 2599 */ 2600 mutex_exit(&icp->conn_state_mutex); 2601 2602 /* stall until completed */ 2603 mutex_enter(&icmdp->cmd_mutex); 2604 while (icmdp->cmd_completed == B_FALSE) { 2605 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2606 } 2607 mutex_exit(&icmdp->cmd_mutex); 2608 mutex_enter(&icp->conn_state_mutex); 2609 2610 /* copy rval */ 2611 rval = icmdp->cmd_result; 2612 2613 /* 2614 * another way to do this would be to send t17 unconditionally, 2615 * but then the _rx_ thread would get bumped out with a receive 2616 * error, and send another t17. 2617 */ 2618 if (rval != ISCSI_STATUS_SUCCESS) { 2619 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 2620 } 2621 2622 /* clean up */ 2623 iscsi_cmd_free(icmdp); 2624 2625 return (rval); 2626 } 2627 2628 /* 2629 * iscsi_handle_text - main control function for iSCSI text requests. This 2630 * function handles allocating the command, sending initial text request, and 2631 * handling long response sequence. 2632 * If a data overflow condition occurs, iscsi_handle_text continues to 2633 * receive responses until the all data has been recieved. This allows 2634 * the full data length to be returned to the caller. 2635 */ 2636 iscsi_status_t 2637 iscsi_handle_text(iscsi_conn_t *icp, char *buf, uint32_t buf_len, 2638 uint32_t data_len, uint32_t *rx_data_len) 2639 { 2640 iscsi_sess_t *isp; 2641 iscsi_cmd_t *icmdp; 2642 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2643 2644 ASSERT(icp != NULL); 2645 ASSERT(buf != NULL); 2646 ASSERT(rx_data_len != NULL); 2647 2648 isp = icp->conn_sess; 2649 ASSERT(isp != NULL); 2650 2651 /* 2652 * Ensure data for text request command is not greater 2653 * than the negotiated maximum receive data seqment length. 2654 * 2655 * Although iSCSI allows for long text requests (multiple 2656 * pdus), this function places a restriction on text 2657 * requests to ensure it is handled by a single PDU. 2658 */ 2659 if (data_len > icp->conn_params.max_xmit_data_seg_len) { 2660 return (ISCSI_STATUS_CMD_FAILED); 2661 } 2662 2663 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2664 ASSERT(icmdp != NULL); 2665 2666 icmdp->cmd_type = ISCSI_CMD_TYPE_TEXT; 2667 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2668 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2669 icmdp->cmd_completed = B_FALSE; 2670 2671 icmdp->cmd_un.text.buf = buf; 2672 icmdp->cmd_un.text.buf_len = buf_len; 2673 icmdp->cmd_un.text.offset = 0; 2674 icmdp->cmd_un.text.data_len = data_len; 2675 icmdp->cmd_un.text.total_rx_len = 0; 2676 icmdp->cmd_un.text.ttt = ISCSI_RSVD_TASK_TAG; 2677 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_INITIAL_REQ; 2678 2679 long_text_response: 2680 mutex_enter(&isp->sess_state_mutex); 2681 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2682 iscsi_cmd_free(icmdp); 2683 mutex_exit(&isp->sess_state_mutex); 2684 return (ISCSI_STATUS_NO_CONN_LOGGED_IN); 2685 } 2686 2687 mutex_enter(&isp->sess_queue_pending.mutex); 2688 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2689 mutex_exit(&isp->sess_queue_pending.mutex); 2690 mutex_exit(&isp->sess_state_mutex); 2691 2692 /* stall until completed */ 2693 mutex_enter(&icmdp->cmd_mutex); 2694 while (icmdp->cmd_completed == B_FALSE) { 2695 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2696 } 2697 mutex_exit(&icmdp->cmd_mutex); 2698 2699 /* 2700 * check if error occured. If data overflow occured, continue on 2701 * to ensure we get all data so that the full data length can be 2702 * returned to the user 2703 */ 2704 if ((icmdp->cmd_result != ISCSI_STATUS_SUCCESS) && 2705 (icmdp->cmd_result != ISCSI_STATUS_DATA_OVERFLOW)) { 2706 cmn_err(CE_NOTE, "iscsi: SendTarget discovery failed (%d)", 2707 icmdp->cmd_result); 2708 rval = icmdp->cmd_result; 2709 iscsi_cmd_free(icmdp); 2710 return (rval); 2711 } 2712 2713 /* check if this was a partial text PDU */ 2714 if (icmdp->cmd_un.text.stage != ISCSI_CMD_TEXT_FINAL_RSP) { 2715 /* 2716 * If a paritial text rexponse received, send an empty 2717 * text request. This follows the behaviour specified 2718 * in RFC3720 regarding long text responses. 2719 */ 2720 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2721 icmdp->cmd_completed = B_FALSE; 2722 icmdp->cmd_un.text.data_len = 0; 2723 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 2724 goto long_text_response; 2725 } 2726 2727 /* 2728 * set total received data length. If data overflow this would be 2729 * amount of data that would have been received if buffer large 2730 * enough. 2731 */ 2732 *rx_data_len = icmdp->cmd_un.text.total_rx_len; 2733 2734 /* copy rval */ 2735 rval = icmdp->cmd_result; 2736 2737 /* clean up */ 2738 iscsi_cmd_free(icmdp); 2739 2740 return (rval); 2741 } 2742 2743 /* 2744 * iscsi_handle_passthru - This function is used to send a uscsi_cmd 2745 * to a specific target lun. This routine is used for internal purposes 2746 * during enumeration and via the ISCSI_USCSICMD IOCTL. We restrict 2747 * the CDBs that can be issued to a target/lun to INQUIRY, REPORT_LUNS, 2748 * and READ_CAPACITY for security purposes. 2749 * 2750 * The logic here is broken into three phases. 2751 * 1) Allocate and initialize a pkt/icmdp 2752 * 2) Send the pkt/icmdp 2753 * 3) cv_wait for completion 2754 */ 2755 iscsi_status_t 2756 iscsi_handle_passthru(iscsi_sess_t *isp, uint16_t lun, struct uscsi_cmd *ucmdp) 2757 { 2758 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2759 iscsi_cmd_t *icmdp = NULL; 2760 struct scsi_pkt *pkt = NULL; 2761 struct buf *bp = NULL; 2762 struct scsi_arq_status *arqstat = NULL; 2763 int rqlen = SENSE_LENGTH; 2764 2765 ASSERT(isp != NULL); 2766 ASSERT(ucmdp != NULL); 2767 2768 /* 2769 * If the caller didn't provide a sense buffer we need 2770 * to allocation one to get the scsi status. 2771 */ 2772 if (ucmdp->uscsi_rqlen > SENSE_LENGTH) { 2773 rqlen = ucmdp->uscsi_rqlen; 2774 } 2775 2776 /* 2777 * Step 1. Setup structs - KM_SLEEP will always succeed 2778 */ 2779 bp = kmem_zalloc(sizeof (struct buf), KM_SLEEP); 2780 ASSERT(bp != NULL); 2781 pkt = kmem_zalloc(sizeof (struct scsi_pkt), KM_SLEEP); 2782 ASSERT(pkt != NULL); 2783 icmdp = iscsi_cmd_alloc(NULL, KM_SLEEP); 2784 ASSERT(icmdp != NULL); 2785 2786 /* setup bp structure */ 2787 bp->b_flags = B_READ; 2788 bp->b_bcount = ucmdp->uscsi_buflen; 2789 bp->b_un.b_addr = ucmdp->uscsi_bufaddr; 2790 2791 /* setup scsi_pkt structure */ 2792 pkt->pkt_ha_private = icmdp; 2793 pkt->pkt_scbp = kmem_zalloc(rqlen, KM_SLEEP); 2794 pkt->pkt_cdbp = kmem_zalloc(ucmdp->uscsi_cdblen, KM_SLEEP); 2795 /* callback routine for passthru, will wake cv_wait */ 2796 pkt->pkt_comp = iscsi_handle_passthru_callback; 2797 pkt->pkt_time = ucmdp->uscsi_timeout; 2798 2799 /* setup iscsi_cmd structure */ 2800 icmdp->cmd_lun = NULL; 2801 icmdp->cmd_type = ISCSI_CMD_TYPE_SCSI; 2802 icmdp->cmd_un.scsi.lun = lun; 2803 icmdp->cmd_un.scsi.pkt = pkt; 2804 icmdp->cmd_un.scsi.bp = bp; 2805 bcopy(ucmdp->uscsi_cdb, pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2806 icmdp->cmd_un.scsi.cmdlen = ucmdp->uscsi_cdblen; 2807 icmdp->cmd_un.scsi.statuslen = rqlen; 2808 icmdp->cmd_crc_error_seen = B_FALSE; 2809 icmdp->cmd_completed = B_FALSE; 2810 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2811 2812 /* 2813 * Step 2. Push IO onto pending queue. If we aren't in 2814 * FULL_FEATURE we need to fail the IO. 2815 */ 2816 mutex_enter(&isp->sess_state_mutex); 2817 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2818 mutex_exit(&isp->sess_state_mutex); 2819 2820 iscsi_cmd_free(icmdp); 2821 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2822 kmem_free(pkt->pkt_scbp, rqlen); 2823 kmem_free(pkt, sizeof (struct scsi_pkt)); 2824 kmem_free(bp, sizeof (struct buf)); 2825 2826 return (ISCSI_STATUS_CMD_FAILED); 2827 } 2828 2829 mutex_enter(&isp->sess_queue_pending.mutex); 2830 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2831 mutex_exit(&isp->sess_queue_pending.mutex); 2832 mutex_exit(&isp->sess_state_mutex); 2833 2834 /* 2835 * Step 3. Wait on cv_wait for completion routine 2836 */ 2837 mutex_enter(&icmdp->cmd_mutex); 2838 while (icmdp->cmd_completed == B_FALSE) { 2839 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2840 } 2841 mutex_exit(&icmdp->cmd_mutex); 2842 2843 /* copy rval */ 2844 rval = icmdp->cmd_result; 2845 2846 ucmdp->uscsi_resid = pkt->pkt_resid; 2847 2848 /* update scsi status */ 2849 arqstat = (struct scsi_arq_status *)pkt->pkt_scbp; 2850 ucmdp->uscsi_status = ((char *)&arqstat->sts_status)[0]; 2851 2852 /* copy request sense buffers if caller gave space */ 2853 if ((ucmdp->uscsi_rqlen > 0) && 2854 (ucmdp->uscsi_rqbuf != NULL)) { 2855 bcopy(arqstat, ucmdp->uscsi_rqbuf, 2856 MIN(sizeof (struct scsi_arq_status), rqlen)); 2857 } 2858 2859 /* clean up */ 2860 iscsi_cmd_free(icmdp); 2861 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2862 kmem_free(pkt->pkt_scbp, rqlen); 2863 kmem_free(pkt, sizeof (struct scsi_pkt)); 2864 kmem_free(bp, sizeof (struct buf)); 2865 2866 return (rval); 2867 } 2868 2869 2870 /* 2871 * iscsi_handle_passthru_callback - 2872 * 2873 */ 2874 static void 2875 iscsi_handle_passthru_callback(struct scsi_pkt *pkt) 2876 { 2877 iscsi_cmd_t *icmdp = NULL; 2878 2879 ASSERT(pkt != NULL); 2880 icmdp = (iscsi_cmd_t *)pkt->pkt_ha_private; 2881 ASSERT(icmdp != NULL); 2882 2883 mutex_enter(&icmdp->cmd_mutex); 2884 icmdp->cmd_completed = B_TRUE; 2885 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2886 cv_broadcast(&icmdp->cmd_completion); 2887 mutex_exit(&icmdp->cmd_mutex); 2888 2889 } 2890 2891 /* 2892 * +--------------------------------------------------------------------+ 2893 * | Beginning of completion routines | 2894 * +--------------------------------------------------------------------+ 2895 */ 2896 2897 /* 2898 * iscsi_ic_thread - 2899 */ 2900 void 2901 iscsi_ic_thread(iscsi_thread_t *thread, void *arg) 2902 { 2903 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 2904 int ret; 2905 iscsi_queue_t q; 2906 iscsi_cmd_t *icmdp; 2907 iscsi_cmd_t *next_icmdp; 2908 2909 ASSERT(isp != NULL); 2910 ASSERT(thread != NULL); 2911 ASSERT(thread->signature == SIG_ISCSI_THREAD); 2912 2913 for (;;) { 2914 2915 /* 2916 * We wait till iodone or somebody else wakes us up. 2917 */ 2918 ret = iscsi_thread_wait(thread, -1); 2919 2920 /* 2921 * The value should never be negative since we never timeout. 2922 */ 2923 ASSERT(ret >= 0); 2924 2925 q.count = 0; 2926 q.head = NULL; 2927 q.tail = NULL; 2928 mutex_enter(&isp->sess_queue_completion.mutex); 2929 icmdp = isp->sess_queue_completion.head; 2930 while (icmdp != NULL) { 2931 next_icmdp = icmdp->cmd_next; 2932 mutex_enter(&icmdp->cmd_mutex); 2933 /* 2934 * check if the associated r2t/abort has finished 2935 * yet. If not, don't complete the command. 2936 */ 2937 if ((icmdp->cmd_un.scsi.r2t_icmdp == NULL) && 2938 (icmdp->cmd_un.scsi.abort_icmdp == NULL)) { 2939 mutex_exit(&icmdp->cmd_mutex); 2940 (void) iscsi_dequeue_cmd(&isp-> 2941 sess_queue_completion.head, 2942 &isp->sess_queue_completion.tail, 2943 icmdp); 2944 --isp->sess_queue_completion.count; 2945 iscsi_enqueue_cmd_head(&q.head, 2946 &q.tail, icmdp); 2947 } else 2948 mutex_exit(&icmdp->cmd_mutex); 2949 icmdp = next_icmdp; 2950 } 2951 mutex_exit(&isp->sess_queue_completion.mutex); 2952 icmdp = q.head; 2953 while (icmdp != NULL) { 2954 next_icmdp = icmdp->cmd_next; 2955 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E8, isp); 2956 icmdp = next_icmdp; 2957 } 2958 2959 if (ret > 0) 2960 /* Somebody woke us up to work */ 2961 continue; 2962 else 2963 /* 2964 * Somebody woke us up to kill ourselves. We will 2965 * make sure, however that the completion queue is 2966 * empty before leaving. After we've done that it 2967 * is the originator of the signal that has to make 2968 * sure no other SCSI command is posted. 2969 */ 2970 break; 2971 } 2972 2973 } 2974 2975 /* 2976 * iscsi_iodone - 2977 * 2978 */ 2979 void 2980 iscsi_iodone(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2981 { 2982 struct scsi_pkt *pkt = NULL; 2983 struct buf *bp = icmdp->cmd_un.scsi.bp; 2984 2985 ASSERT(isp != NULL); 2986 ASSERT(icmdp != NULL); 2987 pkt = icmdp->cmd_un.scsi.pkt; 2988 ASSERT(pkt != NULL); 2989 2990 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2991 ASSERT(icmdp->cmd_un.scsi.r2t_icmdp == NULL); 2992 if (pkt->pkt_reason == CMD_CMPLT) { 2993 if (bp) { 2994 if (bp->b_flags & B_READ) { 2995 KSTAT_SESS_RX_IO_DONE(isp, bp->b_bcount); 2996 } else { 2997 KSTAT_SESS_TX_IO_DONE(isp, bp->b_bcount); 2998 } 2999 } 3000 } 3001 3002 if (pkt->pkt_flags & FLAG_NOINTR) { 3003 cv_broadcast(&icmdp->cmd_completion); 3004 mutex_exit(&icmdp->cmd_mutex); 3005 } else { 3006 /* 3007 * Release mutex. As soon as callback is 3008 * issued the caller may destroy the command. 3009 */ 3010 mutex_exit(&icmdp->cmd_mutex); 3011 /* 3012 * We can't just directly call the pk_comp routine. In 3013 * many error cases the target driver will use the calling 3014 * thread to re-drive error handling (reset, retries...) 3015 * back into the hba driver (iscsi). If the target redrives 3016 * a reset back into the iscsi driver off this thead we have 3017 * a chance of deadlocking. So instead use the io completion 3018 * thread. 3019 */ 3020 (*icmdp->cmd_un.scsi.pkt->pkt_comp)(icmdp->cmd_un.scsi.pkt); 3021 } 3022 } 3023 3024 /* 3025 * +--------------------------------------------------------------------+ 3026 * | End of completion routines | 3027 * +--------------------------------------------------------------------+ 3028 */ 3029 3030 /* 3031 * +--------------------------------------------------------------------+ 3032 * | Beginning of watchdog routines | 3033 * +--------------------------------------------------------------------+ 3034 */ 3035 3036 /* 3037 * iscsi_watchdog_thread - 3038 * 3039 */ 3040 void 3041 iscsi_wd_thread(iscsi_thread_t *thread, void *arg) 3042 { 3043 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 3044 int rc = 1; 3045 3046 ASSERT(isp != NULL); 3047 3048 while (rc != NULL) { 3049 3050 iscsi_timeout_checks(isp); 3051 iscsi_nop_checks(isp); 3052 3053 rc = iscsi_thread_wait(thread, SEC_TO_TICK(1)); 3054 } 3055 } 3056 3057 /* 3058 * iscsi_timeout_checks - 3059 * 3060 */ 3061 static void 3062 iscsi_timeout_checks(iscsi_sess_t *isp) 3063 { 3064 clock_t now = ddi_get_lbolt(); 3065 iscsi_cmd_t *icmdp, *nicmdp; 3066 iscsi_conn_t *icp; 3067 3068 ASSERT(isp != NULL); 3069 3070 /* PENDING */ 3071 mutex_enter(&isp->sess_state_mutex); 3072 mutex_enter(&isp->sess_queue_pending.mutex); 3073 for (icmdp = isp->sess_queue_pending.head; 3074 icmdp; icmdp = nicmdp) { 3075 nicmdp = icmdp->cmd_next; 3076 3077 /* Skip entries with no timeout */ 3078 if (icmdp->cmd_lbolt_timeout == 0) 3079 continue; 3080 3081 /* 3082 * Skip pending queue entries for cmd_type values that depend 3083 * on having an open cmdsn window for successfull transition 3084 * from pending to the active (i.e. ones that depend on 3085 * sess_cmdsn .vs. sess_maxcmdsn). For them, the timer starts 3086 * when they are successfully moved to the active queue by 3087 * iscsi_cmd_state_pending() code. 3088 */ 3089 /* 3090 * If the cmd is stuck, at least give it a chance 3091 * to timeout 3092 */ 3093 if (((icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI) || 3094 (icmdp->cmd_type == ISCSI_CMD_TYPE_TEXT)) && 3095 !(icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_STUCK)) 3096 continue; 3097 3098 /* Skip if timeout still in the future */ 3099 if (now <= icmdp->cmd_lbolt_timeout) 3100 continue; 3101 3102 /* timeout */ 3103 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3104 } 3105 mutex_exit(&isp->sess_queue_pending.mutex); 3106 mutex_exit(&isp->sess_state_mutex); 3107 3108 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3109 icp = isp->sess_conn_list; 3110 while (icp != NULL) { 3111 3112 /* ACTIVE */ 3113 mutex_enter(&icp->conn_state_mutex); 3114 mutex_enter(&isp->sess_queue_pending.mutex); 3115 mutex_enter(&icp->conn_queue_active.mutex); 3116 for (icmdp = icp->conn_queue_active.head; 3117 icmdp; icmdp = nicmdp) { 3118 nicmdp = icmdp->cmd_next; 3119 3120 /* Skip entries with no timeout */ 3121 if (icmdp->cmd_lbolt_timeout == 0) 3122 continue; 3123 3124 /* Skip if command is not active */ 3125 if (icmdp->cmd_state != ISCSI_CMD_STATE_ACTIVE) 3126 continue; 3127 3128 /* Skip if timeout still in the future */ 3129 if (now <= icmdp->cmd_lbolt_timeout) 3130 continue; 3131 3132 /* timeout */ 3133 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3134 } 3135 mutex_exit(&icp->conn_queue_active.mutex); 3136 mutex_exit(&isp->sess_queue_pending.mutex); 3137 mutex_exit(&icp->conn_state_mutex); 3138 3139 icp = icp->conn_next; 3140 } 3141 rw_exit(&isp->sess_conn_list_rwlock); 3142 } 3143 3144 /* 3145 * iscsi_nop_checks - sends a NOP on idle connections 3146 * 3147 * This function walks the connections on a session and 3148 * issues NOPs on those connections that are in FULL 3149 * FEATURE mode and have not received data for the 3150 * time period specified by iscsi_nop_delay (global). 3151 */ 3152 static void 3153 iscsi_nop_checks(iscsi_sess_t *isp) 3154 { 3155 iscsi_conn_t *icp; 3156 3157 ASSERT(isp != NULL); 3158 3159 if (isp->sess_type == ISCSI_SESS_TYPE_DISCOVERY) { 3160 return; 3161 } 3162 3163 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3164 icp = isp->sess_conn_act; 3165 if (icp != NULL) { 3166 3167 mutex_enter(&icp->conn_state_mutex); 3168 if ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 3169 (ddi_get_lbolt() > isp->sess_conn_act->conn_rx_lbolt + 3170 SEC_TO_TICK(iscsi_nop_delay)) && (ddi_get_lbolt() > 3171 isp->sess_conn_act->conn_nop_lbolt + 3172 SEC_TO_TICK(iscsi_nop_delay))) { 3173 3174 /* 3175 * We haven't received anything from the 3176 * target is a defined period of time, 3177 * send NOP to see if the target is alive. 3178 */ 3179 mutex_enter(&isp->sess_queue_pending.mutex); 3180 iscsi_handle_nop(isp->sess_conn_act, 3181 0, ISCSI_RSVD_TASK_TAG); 3182 mutex_exit(&isp->sess_queue_pending.mutex); 3183 } 3184 mutex_exit(&icp->conn_state_mutex); 3185 3186 icp = icp->conn_next; 3187 } 3188 rw_exit(&isp->sess_conn_list_rwlock); 3189 } 3190 3191 /* 3192 * +--------------------------------------------------------------------+ 3193 * | End of wd routines | 3194 * +--------------------------------------------------------------------+ 3195 */ 3196