1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * iSCSI Pseudo HBA Driver 27 */ 28 29 #include <sys/socket.h> /* networking stuff */ 30 #include <sys/t_kuser.h> /* networking stuff */ 31 #include <sys/tihdr.h> /* networking stuff */ 32 #include <sys/strsubr.h> /* networking stuff */ 33 #include <netinet/tcp.h> /* TCP_NODELAY */ 34 #include <sys/socketvar.h> /* _ALLOC_SLEEP */ 35 #include <sys/strsun.h> /* DB_TYPE() */ 36 37 #include "iscsi.h" /* iscsi driver */ 38 #include <sys/scsi/adapters/iscsi_protocol.h> /* iscsi protocol */ 39 40 /* generic io helpers */ 41 static uint32_t n2h24(uchar_t *ptr); 42 static int iscsi_sna_lt(uint32_t n1, uint32_t n2); 43 static void iscsi_update_flow_control(iscsi_sess_t *isp, 44 uint32_t max, uint32_t exp); 45 46 /* receivers */ 47 static iscsi_status_t iscsi_rx_process_hdr(iscsi_conn_t *icp, 48 iscsi_hdr_t *ihp, char *data, int data_size); 49 static iscsi_status_t iscsi_rx_process_nop(iscsi_conn_t *icp, 50 iscsi_hdr_t *ihp, char *data); 51 static iscsi_status_t iscsi_rx_process_data_rsp(iscsi_conn_t *icp, 52 iscsi_hdr_t *ihp); 53 static iscsi_status_t iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, 54 iscsi_hdr_t *ihp, char *data); 55 static iscsi_status_t iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, 56 iscsi_hdr_t *ihp, char *data); 57 static iscsi_status_t iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 58 iscsi_hdr_t *ihp, char *data); 59 static iscsi_status_t iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 60 iscsi_hdr_t *old_ihp); 61 static iscsi_status_t iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, 62 iscsi_hdr_t *ihp, iscsi_cmd_t **icmdp); 63 static iscsi_status_t iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 64 iscsi_hdr_t *ihp, void *data); 65 static iscsi_status_t iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, 66 iscsi_hdr_t *ihp, char *data); 67 static iscsi_status_t iscsi_rx_process_async_rsp(iscsi_conn_t *icp, 68 iscsi_hdr_t *ihp, char *data); 69 static iscsi_status_t iscsi_rx_process_text_rsp(iscsi_conn_t *icp, 70 iscsi_hdr_t *ihp, char *data); 71 72 73 /* senders */ 74 static iscsi_status_t iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 75 static iscsi_status_t iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 76 static iscsi_status_t iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, 77 iscsi_cmd_t *icmdp, uint32_t ttt, size_t datalen, size_t offset); 78 static iscsi_status_t iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 79 static iscsi_status_t iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 80 static iscsi_status_t iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 81 static iscsi_status_t iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 82 static iscsi_status_t iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 83 84 85 /* helpers */ 86 static void iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 87 uint32_t offset, uint32_t length, uint32_t ttt); 88 static void iscsi_handle_passthru_callback(struct scsi_pkt *pkt); 89 static void iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt); 90 91 static void iscsi_timeout_checks(iscsi_sess_t *isp); 92 static void iscsi_nop_checks(iscsi_sess_t *isp); 93 94 95 #define ISCSI_CONN_TO_NET_DIGEST(icp) \ 96 ((icp->conn_params.header_digest ? ISCSI_NET_HEADER_DIGEST : 0) | \ 97 (icp->conn_params.data_digest ? ISCSI_NET_DATA_DIGEST : 0)) 98 99 /* 100 * This file contains the main guts of the iSCSI protocol layer. 101 * It's broken into 5 sections; Basic helper functions, RX IO path, 102 * TX IO path, Completion (IC) IO path, and watchdog (WD) routines. 103 * 104 * The IO flow model is similiar to the below diagram. The 105 * iscsi session, connection and command state machines are used 106 * to drive IO through this flow diagram. Reference those files 107 * to get a detailed description of their respective state models 108 * prior to their xxx_state_machine_function(). 109 * 110 * tran_start() -> CMD_E1 TX_THREAD RX_THREAD 111 * | T T 112 * V T T 113 * PENDING_Q --CMD_E2--> ACTIVE_Q - --CMD_E3--+ 114 * T \ C T | 115 * T \M T | 116 * D T | 117 * WD_THREAD TT|TT T | 118 * /E T | 119 * / 6 T | 120 * ABORTING_Q<- --CMD_E3--+ 121 * T | 122 * T T | 123 * T | 124 * callback() <--CMD_E#-- COMPLETION_Q <------------+ 125 * T 126 * T 127 * IC_THREAD 128 * 129 * External and internal command are ran thru this same state 130 * machine. All commands enter the state machine by receiving an 131 * ISCSI_CMD_EVENT_E1. This event places the command into the 132 * PENDING_Q. Next when resources are available the TX_THREAD 133 * issues a E2 event on the command. This sends the command 134 * to the TCP stack and places the command on the ACTIVE_Q. While 135 * on the PENDIING_Q and ACTIVE_Q, the command is monitored via the 136 * WD_THREAD to ensure the pkt_time has not elapsed. If elapsed the 137 * command is issued an E6(timeout) event which moves either (if pending) 138 * completed the command or (if active) moves the command to the 139 * aborting queue and issues a SCSI TASK MANAGEMENT ABORT command 140 * to cancel the IO request. If the original command is completed 141 * or the TASK MANAGEMENT command completes the command is moved 142 * to the COMPLETION_Q via a E3 event. The IC_THREAD then processes 143 * the COMPLETION_Q and issues the scsi_pkt callback. This 144 * callback can not be processed directly from the RX_THREAD 145 * because the callback might call back into the iscsi driver 146 * causing a deadlock condition. 147 * 148 * For more details on the complete CMD state machine reference 149 * the state machine diagram in iscsi_cmd.c. The connection state 150 * machine is driven via IO events in this file. Then session 151 * events are driven by the connection events. For complete 152 * details on these state machines reference iscsi_sess.c and 153 * iscsi_conn.c 154 */ 155 156 157 /* 158 * +--------------------------------------------------------------------+ 159 * | io helper routines | 160 * +--------------------------------------------------------------------+ 161 */ 162 163 /* 164 * n2h24 - native to host 24 bit integer translation. 165 */ 166 static uint32_t 167 n2h24(uchar_t *ptr) 168 { 169 uint32_t idx; 170 bcopy(ptr, &idx, 3); 171 return (ntohl(idx) >> 8); 172 } 173 174 /* 175 * iscsi_sna_lt - Serial Number Arithmetic, 32 bits, less than, RFC1982 176 */ 177 static int 178 iscsi_sna_lt(uint32_t n1, uint32_t n2) 179 { 180 return ((n1 != n2) && 181 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 182 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 183 } 184 185 /* 186 * iscsi_sna_lte - Serial Number Arithmetic, 32 bits, less than or equal, 187 * RFC1982 188 */ 189 int 190 iscsi_sna_lte(uint32_t n1, uint32_t n2) 191 { 192 return ((n1 == n2) || 193 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 194 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 195 } 196 197 /* 198 * iscsi_update_flow_control - Update expcmdsn and maxcmdsn iSCSI 199 * flow control information for a session 200 */ 201 static void 202 iscsi_update_flow_control(iscsi_sess_t *isp, uint32_t max, uint32_t exp) 203 { 204 ASSERT(isp != NULL); 205 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 206 207 if (!iscsi_sna_lt(max, (exp - 1))) { 208 209 if (!iscsi_sna_lte(exp, isp->sess_expcmdsn)) { 210 isp->sess_expcmdsn = exp; 211 } 212 213 if (!iscsi_sna_lte(max, isp->sess_maxcmdsn)) { 214 isp->sess_maxcmdsn = max; 215 if (iscsi_sna_lte(isp->sess_cmdsn, 216 isp->sess_maxcmdsn)) { 217 /* 218 * the window is open again - schedule 219 * to send any held tasks soon 220 */ 221 iscsi_sess_redrive_io(isp); 222 } 223 } 224 } 225 } 226 227 228 /* 229 * +--------------------------------------------------------------------+ 230 * | io receive and processing routines | 231 * +--------------------------------------------------------------------+ 232 */ 233 234 /* 235 * iscsi_rx_thread - The connection creates a thread of this 236 * function during login. After which point this thread is 237 * used to receive and process all iSCSI PDUs on this connection. 238 * The PDUs received on this connection are used to drive the 239 * commands through their state machine. This thread will 240 * continue processing while the connection is on a LOGGED_IN 241 * or IN_LOGOUT state. Once the connection moves out of this 242 * state the thread will die. 243 */ 244 void 245 iscsi_rx_thread(iscsi_thread_t *thread, void *arg) 246 { 247 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 248 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 249 iscsi_sess_t *isp = NULL; 250 char *hdr = NULL; 251 int hdr_size = 0; 252 char *data = NULL; 253 int data_size = 0; 254 iscsi_hdr_t *ihp; 255 256 ASSERT(icp != NULL); 257 isp = icp->conn_sess; 258 ASSERT(isp != NULL); 259 260 /* pre-alloc recv header buffer for common actions */ 261 hdr_size = sizeof (iscsi_hdr_t) + 255; /* 255 = one byte hlength */ 262 hdr = (char *)kmem_zalloc(hdr_size, KM_SLEEP); 263 ihp = (iscsi_hdr_t *)hdr; 264 ASSERT(ihp != NULL); 265 266 /* pre-alloc max_recv_size buffer for common actions */ 267 data_size = icp->conn_params.max_recv_data_seg_len; 268 data = (char *)kmem_zalloc(data_size, KM_SLEEP); 269 ASSERT(data != NULL); 270 271 do { 272 /* Wait for the next iSCSI header */ 273 rval = iscsi_net->recvhdr(icp->conn_socket, 274 ihp, hdr_size, 0, (icp->conn_params.header_digest ? 275 ISCSI_NET_HEADER_DIGEST : 0)); 276 if (ISCSI_SUCCESS(rval)) { 277 isp->sess_rx_lbolt = 278 icp->conn_rx_lbolt = 279 ddi_get_lbolt(); 280 281 /* Perform specific hdr handling */ 282 rval = iscsi_rx_process_hdr(icp, ihp, 283 data, data_size); 284 } 285 286 /* 287 * handle failures 288 */ 289 switch (rval) { 290 case ISCSI_STATUS_SUCCESS: 291 /* 292 * If we successfully completed a receive 293 * and we are in an IN_FLUSH state then 294 * check the active queue count to see 295 * if its empty. If its empty then force 296 * a disconnect event on the connection. 297 * This will move the session from IN_FLUSH 298 * to FLUSHED and complete the login 299 * parameter update. 300 */ 301 if ((isp->sess_state == ISCSI_SESS_STATE_IN_FLUSH) && 302 (icp->conn_queue_active.count == 0)) { 303 mutex_enter(&icp->conn_state_mutex); 304 (void) iscsi_conn_state_machine(icp, 305 ISCSI_CONN_EVENT_T14); 306 mutex_exit(&icp->conn_state_mutex); 307 } 308 break; 309 case ISCSI_STATUS_TCP_RX_ERROR: 310 /* connection had an error */ 311 mutex_enter(&icp->conn_state_mutex); 312 (void) iscsi_conn_state_machine(icp, 313 ISCSI_CONN_EVENT_T15); 314 mutex_exit(&icp->conn_state_mutex); 315 break; 316 case ISCSI_STATUS_HEADER_DIGEST_ERROR: 317 /* 318 * If we encounter a digest error we have to restart 319 * all the connections on this session. per iSCSI 320 * Level 0 Recovery. 321 */ 322 KSTAT_INC_CONN_ERR_HEADER_DIGEST(icp); 323 mutex_enter(&icp->conn_state_mutex); 324 (void) iscsi_conn_state_machine(icp, 325 ISCSI_CONN_EVENT_T14); 326 mutex_exit(&icp->conn_state_mutex); 327 break; 328 case ISCSI_STATUS_DATA_DIGEST_ERROR: 329 /* 330 * We can continue with a data digest error. The 331 * icmdp was flaged as having a crc problem. It 332 * will be aborted when all data is received. This 333 * saves us from restarting the session when we 334 * might be able to keep it going. If the data 335 * digest issue was really bad we will hit a 336 * status protocol error on the next pdu, which 337 * will force a connection retstart. 338 */ 339 KSTAT_INC_CONN_ERR_DATA_DIGEST(icp); 340 break; 341 case ISCSI_STATUS_PROTOCOL_ERROR: 342 /* 343 * A protocol problem was encountered. Reset 344 * session to try and repair issue. 345 */ 346 KSTAT_INC_CONN_ERR_PROTOCOL(icp); 347 mutex_enter(&icp->conn_state_mutex); 348 (void) iscsi_conn_state_machine(icp, 349 ISCSI_CONN_EVENT_T14); 350 mutex_exit(&icp->conn_state_mutex); 351 break; 352 case ISCSI_STATUS_INTERNAL_ERROR: 353 /* 354 * These should have all been handled before now. 355 */ 356 break; 357 default: 358 cmn_err(CE_WARN, "iscsi connection(%u) encountered " 359 "unknown error(%d) on a receive", icp->conn_oid, 360 rval); 361 ASSERT(B_FALSE); 362 } 363 364 } while ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 365 (iscsi_thread_wait(thread, 0) != 0)); 366 367 kmem_free(hdr, hdr_size); 368 kmem_free(data, data_size); 369 } 370 371 372 /* 373 * iscsi_rx_process_hdr - This function collects data for all PDUs 374 * that do not have data that will be mapped to a specific scsi_pkt. 375 * Then for each hdr type fan out the processing. 376 */ 377 static iscsi_status_t 378 iscsi_rx_process_hdr(iscsi_conn_t *icp, iscsi_hdr_t *ihp, 379 char *data, int data_size) 380 { 381 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 382 iscsi_sess_t *isp = NULL; 383 384 ASSERT(icp != NULL); 385 ASSERT(ihp != NULL); 386 ASSERT(data != NULL); 387 isp = icp->conn_sess; 388 ASSERT(isp != NULL); 389 390 /* If this is not a SCSI_DATA_RSP we can go ahead and get the data */ 391 if ((ihp->opcode & ISCSI_OPCODE_MASK) != ISCSI_OP_SCSI_DATA_RSP) { 392 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 393 data, data_size, 0, (icp->conn_params.data_digest) ? 394 ISCSI_NET_DATA_DIGEST : 0); 395 if (!ISCSI_SUCCESS(rval)) { 396 return (rval); 397 } 398 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 399 } 400 401 /* fan out the hdr processing */ 402 switch (ihp->opcode & ISCSI_OPCODE_MASK) { 403 case ISCSI_OP_SCSI_DATA_RSP: 404 rval = iscsi_rx_process_data_rsp(icp, ihp); 405 break; 406 case ISCSI_OP_SCSI_RSP: 407 rval = iscsi_rx_process_cmd_rsp(icp, ihp, data); 408 break; 409 case ISCSI_OP_RTT_RSP: 410 rval = iscsi_rx_process_rtt_rsp(icp, ihp, data); 411 break; 412 case ISCSI_OP_NOOP_IN: 413 rval = iscsi_rx_process_nop(icp, ihp, data); 414 break; 415 case ISCSI_OP_REJECT_MSG: 416 rval = iscsi_rx_process_reject_rsp(icp, ihp, data); 417 break; 418 case ISCSI_OP_SCSI_TASK_MGT_RSP: 419 rval = iscsi_rx_process_task_mgt_rsp(icp, ihp, data); 420 break; 421 case ISCSI_OP_LOGOUT_RSP: 422 rval = iscsi_rx_process_logout_rsp(icp, ihp, data); 423 break; 424 case ISCSI_OP_ASYNC_EVENT: 425 rval = iscsi_rx_process_async_rsp(icp, ihp, data); 426 break; 427 case ISCSI_OP_TEXT_RSP: 428 rval = iscsi_rx_process_text_rsp(icp, ihp, data); 429 break; 430 default: 431 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 432 "received an unsupported opcode 0x%02x", 433 icp->conn_oid, ihp->opcode); 434 rval = ISCSI_STATUS_PROTOCOL_ERROR; 435 } 436 437 return (rval); 438 } 439 440 441 /* 442 * iscsi_rx_process_data_rsp - Processed received data header. Once 443 * header is processed we read data off the connection directly into 444 * the scsi_pkt to avoid duplicate bcopy of a large amount of data. 445 * If this is the final data sequence denoted by the data response 446 * PDU Status bit being set. We will not receive the SCSI response. 447 * This bit denotes that the PDU is the successful completion of the 448 * command. In this case complete the command. If This bit isn't 449 * set we wait for more data or a scsi command response. 450 */ 451 static iscsi_status_t 452 iscsi_rx_process_data_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp) 453 { 454 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 455 iscsi_sess_t *isp = NULL; 456 iscsi_data_rsp_hdr_t *idrhp = (iscsi_data_rsp_hdr_t *)ihp; 457 iscsi_cmd_t *icmdp = NULL; 458 struct scsi_pkt *pkt = NULL; 459 struct buf *bp = NULL; 460 uint32_t offset = 0; 461 uint32_t dlength = 0; 462 char *bcp = NULL; 463 464 ASSERT(icp != NULL); 465 ASSERT(ihp != NULL); 466 isp = icp->conn_sess; 467 ASSERT(isp != NULL); 468 469 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 470 /* make sure we got status in order */ 471 if (icp->conn_expstatsn == ntohl(idrhp->statsn)) { 472 icp->conn_expstatsn++; 473 } else { 474 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 475 "- received status out of order itt:0x%x " 476 "statsn:0x%x expstatsn:0x%x", icp->conn_oid, 477 idrhp->itt, ntohl(idrhp->statsn), 478 icp->conn_expstatsn); 479 return (ISCSI_STATUS_PROTOCOL_ERROR); 480 } 481 } 482 483 /* match itt in the session's command table */ 484 mutex_enter(&icp->conn_queue_active.mutex); 485 mutex_enter(&isp->sess_cmdsn_mutex); 486 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 487 mutex_exit(&isp->sess_cmdsn_mutex); 488 mutex_exit(&icp->conn_queue_active.mutex); 489 return (ISCSI_STATUS_PROTOCOL_ERROR); 490 } 491 /* 492 * Holding the pending/active queue locks across the 493 * iscsi_rx_data call later in this function may cause 494 * deadlock during fault injections. Instead remove 495 * the cmd from the active queue and release the locks. 496 * Then before returning or completing the command 497 * return the cmd to the active queue and reacquire 498 * the locks. 499 */ 500 iscsi_dequeue_active_cmd(icp, icmdp); 501 502 /* update expcmdsn and maxcmdsn */ 503 iscsi_update_flow_control(isp, ntohl(idrhp->maxcmdsn), 504 ntohl(idrhp->expcmdsn)); 505 mutex_exit(&isp->sess_cmdsn_mutex); 506 mutex_exit(&icp->conn_queue_active.mutex); 507 508 /* shorthand some values */ 509 pkt = icmdp->cmd_un.scsi.pkt; 510 bp = icmdp->cmd_un.scsi.bp; 511 offset = ntohl(idrhp->offset); 512 dlength = n2h24(idrhp->dlength); 513 514 /* 515 * some poorly behaved targets have been observed 516 * sending data-in pdu's during a write operation 517 */ 518 if (bp != NULL) { 519 if (!(bp->b_flags & B_READ)) { 520 cmn_err(CE_WARN, 521 "iscsi connection(%u) protocol error - " 522 "received data response during write operation " 523 "itt:0x%x", 524 icp->conn_oid, idrhp->itt); 525 mutex_enter(&icp->conn_queue_active.mutex); 526 iscsi_enqueue_active_cmd(icp, icmdp); 527 mutex_exit(&icp->conn_queue_active.mutex); 528 return (ISCSI_STATUS_PROTOCOL_ERROR); 529 } 530 531 /* 532 * We can't tolerate the target sending too much 533 * data for our buffer 534 */ 535 if ((dlength > 536 (bp->b_bcount - icmdp->cmd_un.scsi.data_transferred)) || 537 (dlength > (bp->b_bcount - offset))) { 538 cmn_err(CE_WARN, 539 "iscsi connection(%u) protocol error - " 540 "received too much data itt:0x%x", 541 icp->conn_oid, idrhp->itt); 542 mutex_enter(&icp->conn_queue_active.mutex); 543 iscsi_enqueue_active_cmd(icp, icmdp); 544 mutex_exit(&icp->conn_queue_active.mutex); 545 return (ISCSI_STATUS_PROTOCOL_ERROR); 546 } 547 548 bcp = ((char *)bp->b_un.b_addr) + offset; 549 550 /* 551 * Get the rest of the data and copy it directly into 552 * the scsi_pkt. 553 */ 554 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 555 bcp, dlength, 0, (icp->conn_params.data_digest ? 556 ISCSI_NET_DATA_DIGEST : 0)); 557 if (ISCSI_SUCCESS(rval)) { 558 KSTAT_ADD_CONN_RX_BYTES(icp, dlength); 559 } else { 560 /* If digest error flag icmdp with a crc error */ 561 if (rval == ISCSI_STATUS_DATA_DIGEST_ERROR) { 562 icmdp->cmd_crc_error_seen = B_TRUE; 563 } 564 mutex_enter(&icp->conn_queue_active.mutex); 565 iscsi_enqueue_active_cmd(icp, icmdp); 566 mutex_exit(&icp->conn_queue_active.mutex); 567 return (rval); 568 } 569 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 570 571 /* update icmdp statistics */ 572 icmdp->cmd_un.scsi.data_transferred += dlength; 573 } 574 575 /* 576 * We got status. This should only happen if we have 577 * received all the data with no errors. The command 578 * must be completed now, since we won't get a command 579 * response PDU. The cmd_status and residual_count are 580 * not meaningful unless status_present is set. 581 */ 582 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 583 pkt->pkt_resid = 0; 584 /* Check the residual count */ 585 if (bp && 586 (icmdp->cmd_un.scsi.data_transferred != 587 bp->b_bcount)) { 588 /* 589 * We didn't xfer the expected amount of data - 590 * the residual_count in the header is only valid 591 * if the underflow flag is set. 592 */ 593 if (idrhp->flags & ISCSI_FLAG_DATA_UNDERFLOW) { 594 pkt->pkt_resid = ntohl(idrhp->residual_count); 595 } else { 596 if (bp->b_bcount > 597 icmdp->cmd_un.scsi.data_transferred) { 598 /* Some data fell on the floor somehw */ 599 pkt->pkt_resid = 600 bp->b_bcount - 601 icmdp->cmd_un.scsi.data_transferred; 602 } 603 } 604 } 605 606 pkt->pkt_reason = CMD_CMPLT; 607 pkt->pkt_state |= (STATE_XFERRED_DATA | STATE_GOT_STATUS); 608 609 if (((idrhp->cmd_status & STATUS_MASK) != STATUS_GOOD) && 610 (icmdp->cmd_un.scsi.statuslen >= 611 sizeof (struct scsi_arq_status)) && pkt->pkt_scbp) { 612 613 /* 614 * Not supposed to get exception status here! 615 * We have no request sense data so just do the 616 * best we can 617 */ 618 struct scsi_arq_status *arqstat = 619 (struct scsi_arq_status *)pkt->pkt_scbp; 620 621 622 bzero(arqstat, sizeof (struct scsi_arq_status)); 623 624 *((uchar_t *)&arqstat->sts_status) = 625 idrhp->cmd_status; 626 627 arqstat->sts_rqpkt_resid = 628 sizeof (struct scsi_extended_sense); 629 630 } else if (pkt->pkt_scbp) { 631 /* just pass along the status we got */ 632 pkt->pkt_scbp[0] = idrhp->cmd_status; 633 } 634 635 mutex_enter(&icp->conn_queue_active.mutex); 636 iscsi_enqueue_active_cmd(icp, icmdp); 637 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 638 mutex_exit(&icp->conn_queue_active.mutex); 639 } else { 640 mutex_enter(&icp->conn_queue_active.mutex); 641 iscsi_enqueue_active_cmd(icp, icmdp); 642 mutex_exit(&icp->conn_queue_active.mutex); 643 } 644 645 return (ISCSI_STATUS_SUCCESS); 646 } 647 648 649 /* 650 * iscsi_rx_process_cmd_rsp - Process received scsi command response. This 651 * will contain sense data if the command was not successful. This data needs 652 * to be copied into the scsi_pkt. Otherwise we just complete the IO. 653 */ 654 static iscsi_status_t 655 iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 656 { 657 iscsi_sess_t *isp = icp->conn_sess; 658 iscsi_scsi_rsp_hdr_t *issrhp = (iscsi_scsi_rsp_hdr_t *)ihp; 659 iscsi_cmd_t *icmdp = NULL; 660 struct scsi_pkt *pkt = NULL; 661 uint32_t dlength = 0; 662 struct scsi_arq_status *arqstat = NULL; 663 size_t senselen = 0; 664 665 /* make sure we get status in order */ 666 if (icp->conn_expstatsn == ntohl(issrhp->statsn)) { 667 icp->conn_expstatsn++; 668 } else { 669 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 670 "received status out of order itt:0x%x statsn:0x%x " 671 "expstatsn:0x%x", icp->conn_oid, issrhp->itt, 672 ntohl(issrhp->statsn), icp->conn_expstatsn); 673 return (ISCSI_STATUS_PROTOCOL_ERROR); 674 } 675 676 mutex_enter(&icp->conn_queue_active.mutex); 677 mutex_enter(&isp->sess_cmdsn_mutex); 678 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 679 mutex_exit(&isp->sess_cmdsn_mutex); 680 mutex_exit(&icp->conn_queue_active.mutex); 681 return (ISCSI_STATUS_PROTOCOL_ERROR); 682 } 683 684 /* update expcmdsn and maxcmdsn */ 685 iscsi_update_flow_control(isp, ntohl(issrhp->maxcmdsn), 686 ntohl(issrhp->expcmdsn)); 687 mutex_exit(&isp->sess_cmdsn_mutex); 688 689 pkt = icmdp->cmd_un.scsi.pkt; 690 691 if (issrhp->response) { 692 /* The target failed the command. */ 693 pkt->pkt_reason = CMD_TRAN_ERR; 694 if (icmdp->cmd_un.scsi.bp) { 695 pkt->pkt_resid = icmdp->cmd_un.scsi.bp->b_bcount; 696 } else { 697 pkt->pkt_resid = 0; 698 } 699 } else { 700 /* success */ 701 pkt->pkt_resid = 0; 702 /* Check the residual count */ 703 if ((icmdp->cmd_un.scsi.bp) && 704 (icmdp->cmd_un.scsi.data_transferred != 705 icmdp->cmd_un.scsi.bp->b_bcount)) { 706 /* 707 * We didn't xfer the expected amount of data - 708 * the residual_count in the header is only 709 * valid if the underflow flag is set. 710 */ 711 if (issrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 712 pkt->pkt_resid = ntohl(issrhp->residual_count); 713 } else { 714 if (icmdp->cmd_un.scsi.bp->b_bcount > 715 icmdp->cmd_un.scsi.data_transferred) { 716 /* 717 * Some data fell on the floor 718 * somehow - probably a CRC error 719 */ 720 pkt->pkt_resid = 721 icmdp->cmd_un.scsi.bp->b_bcount - 722 icmdp->cmd_un.scsi.data_transferred; 723 } 724 } 725 } 726 727 /* set flags that tell SCSA that the command is complete */ 728 if (icmdp->cmd_crc_error_seen == B_FALSE) { 729 /* Set successful completion */ 730 pkt->pkt_reason = CMD_CMPLT; 731 if (icmdp->cmd_un.scsi.bp) { 732 pkt->pkt_state |= (STATE_XFERRED_DATA | 733 STATE_GOT_STATUS); 734 } else { 735 pkt->pkt_state |= STATE_GOT_STATUS; 736 } 737 } else { 738 /* 739 * Some of the data was found to have an incorrect 740 * error at the protocol error. 741 */ 742 pkt->pkt_reason = CMD_PER_FAIL; 743 pkt->pkt_statistics |= STAT_PERR; 744 if (icmdp->cmd_un.scsi.bp) { 745 pkt->pkt_resid = 746 icmdp->cmd_un.scsi.bp->b_bcount; 747 } else { 748 pkt->pkt_resid = 0; 749 } 750 } 751 752 dlength = n2h24(issrhp->dlength); 753 754 /* 755 * Process iSCSI Cmd Response Status 756 * RFC 3720 Sectionn 10.4.2. 757 */ 758 switch (issrhp->cmd_status & STATUS_MASK) { 759 case STATUS_GOOD: 760 /* pass SCSI status up stack */ 761 if (pkt->pkt_scbp) { 762 pkt->pkt_scbp[0] = issrhp->cmd_status; 763 } 764 break; 765 case STATUS_CHECK: 766 /* 767 * Verify we received a sense buffer and 768 * that there is the correct amount of 769 * request sense space to copy it to. 770 */ 771 if ((dlength > 1) && 772 (pkt->pkt_scbp != NULL) && 773 (icmdp->cmd_un.scsi.statuslen >= 774 sizeof (struct scsi_arq_status))) { 775 /* 776 * If a bad command status is received we 777 * need to reset the pkt_resid to zero. 778 * The target driver compares its value 779 * before checking other error flags. 780 * (ex. check conditions) 781 */ 782 pkt->pkt_resid = 0; 783 784 /* get sense length from first 2 bytes */ 785 senselen = ((data[0] << 8) | data[1]) & 786 (size_t)0xFFFF; 787 788 /* Sanity-check on the sense length */ 789 if ((senselen + 2) > dlength) { 790 senselen = dlength - 2; 791 } 792 793 /* 794 * If there was a Data Digest error then 795 * the sense data cannot be trusted. 796 */ 797 if (icmdp->cmd_crc_error_seen) { 798 senselen = 0; 799 } 800 801 /* automatic request sense */ 802 arqstat = 803 (struct scsi_arq_status *)pkt->pkt_scbp; 804 805 /* pass SCSI status up stack */ 806 *((uchar_t *)&arqstat->sts_status) = 807 issrhp->cmd_status; 808 809 /* 810 * Set the status for the automatic 811 * request sense command 812 */ 813 arqstat->sts_rqpkt_state = (STATE_GOT_BUS | 814 STATE_GOT_TARGET | STATE_SENT_CMD | 815 STATE_XFERRED_DATA | STATE_GOT_STATUS | 816 STATE_ARQ_DONE); 817 818 *((uchar_t *)&arqstat->sts_rqpkt_status) = 819 STATUS_GOOD; 820 821 arqstat->sts_rqpkt_reason = CMD_CMPLT; 822 823 if (senselen == 0) { 824 /* auto request sense failed */ 825 arqstat->sts_rqpkt_status.sts_chk = 1; 826 arqstat->sts_rqpkt_resid = 827 sizeof (struct scsi_extended_sense); 828 } else if (senselen < 829 sizeof (struct scsi_extended_sense)) { 830 /* auto request sense short */ 831 arqstat->sts_rqpkt_resid = 832 sizeof (struct scsi_extended_sense) 833 - senselen; 834 } else { 835 /* auto request sense complete */ 836 arqstat->sts_rqpkt_resid = 0; 837 } 838 arqstat->sts_rqpkt_statistics = 0; 839 pkt->pkt_state |= STATE_ARQ_DONE; 840 841 /* copy auto request sense */ 842 dlength = min(senselen, 843 sizeof (struct scsi_extended_sense)); 844 if (dlength) { 845 bcopy(&data[2], (uchar_t *)&arqstat-> 846 sts_sensedata, dlength); 847 } 848 break; 849 } 850 /* FALLTHRU */ 851 case STATUS_BUSY: 852 case STATUS_RESERVATION_CONFLICT: 853 case STATUS_QFULL: 854 case STATUS_ACA_ACTIVE: 855 default: 856 /* 857 * If a bad command status is received we need to 858 * reset the pkt_resid to zero. The target driver 859 * compares its value before checking other error 860 * flags. (ex. check conditions) 861 */ 862 pkt->pkt_resid = 0; 863 /* pass SCSI status up stack */ 864 if (pkt->pkt_scbp) { 865 pkt->pkt_scbp[0] = issrhp->cmd_status; 866 } 867 } 868 } 869 870 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 871 mutex_exit(&icp->conn_queue_active.mutex); 872 873 return (ISCSI_STATUS_SUCCESS); 874 } 875 876 /* 877 * iscsi_rx_process_rtt_rsp - Process received RTT. This means the target is 878 * requesting data. 879 */ 880 /* ARGSUSED */ 881 static iscsi_status_t 882 iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 883 { 884 iscsi_sess_t *isp = (iscsi_sess_t *)icp->conn_sess; 885 iscsi_rtt_hdr_t *irhp = (iscsi_rtt_hdr_t *)ihp; 886 iscsi_cmd_t *icmdp = NULL; 887 struct buf *bp = NULL; 888 uint32_t data_length; 889 iscsi_status_t status = ISCSI_STATUS_PROTOCOL_ERROR; 890 891 892 mutex_enter(&isp->sess_queue_pending.mutex); 893 mutex_enter(&icp->conn_queue_active.mutex); 894 mutex_enter(&isp->sess_cmdsn_mutex); 895 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 896 mutex_exit(&isp->sess_cmdsn_mutex); 897 mutex_exit(&icp->conn_queue_active.mutex); 898 mutex_exit(&isp->sess_queue_pending.mutex); 899 return (status); 900 } 901 902 /* update expcmdsn and maxcmdsn */ 903 iscsi_update_flow_control(isp, ntohl(irhp->maxcmdsn), 904 ntohl(irhp->expcmdsn)); 905 mutex_enter(&icmdp->cmd_mutex); 906 mutex_exit(&isp->sess_cmdsn_mutex); 907 908 bp = icmdp->cmd_un.scsi.bp; 909 data_length = ntohl(irhp->data_length); 910 911 /* 912 * Perform boundary-checks per RFC 3720 (section 10.8.4). 913 * The Desired Data Transfer Length must satisfy this relation: 914 * 915 * 0 < Desired Data Transfer Length <= MaxBurstLength 916 */ 917 if ((bp == NULL) || (data_length == 0)) { 918 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 919 "has no data itt:0x%x - protocol error", icp->conn_oid, 920 irhp->itt); 921 } else if (data_length > icp->conn_params.max_burst_length) { 922 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 923 "is larger than MaxBurstLength itt:0x%x len:0x%x - " 924 "protocol error", 925 icp->conn_oid, irhp->itt, data_length); 926 } else { 927 iscsi_handle_r2t(icp, icmdp, ntohl(irhp->data_offset), 928 data_length, irhp->ttt); 929 status = ISCSI_STATUS_SUCCESS; 930 } 931 932 mutex_exit(&icmdp->cmd_mutex); 933 mutex_exit(&icp->conn_queue_active.mutex); 934 mutex_exit(&isp->sess_queue_pending.mutex); 935 936 return (status); 937 } 938 939 940 /* 941 * iscsi_rx_process_nop - Process a received nop. If nop is in response 942 * to a ping we sent update stats. If initiated by the target we need 943 * to response back to the target with a nop. Schedule the response. 944 */ 945 /* ARGSUSED */ 946 static iscsi_status_t 947 iscsi_rx_process_nop(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 948 { 949 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 950 iscsi_sess_t *isp = NULL; 951 iscsi_nop_in_hdr_t *inihp = (iscsi_nop_in_hdr_t *)ihp; 952 iscsi_cmd_t *icmdp = NULL; 953 954 ASSERT(icp != NULL); 955 ASSERT(ihp != NULL); 956 /* ASSERT(data != NULL) data is allowed to be NULL */ 957 isp = icp->conn_sess; 958 ASSERT(isp != NULL); 959 960 if (icp->conn_expstatsn != ntohl(inihp->statsn)) { 961 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 962 "received status out of order itt:0x%x statsn:0x%x " 963 "expstatsn:0x%x", icp->conn_oid, inihp->itt, 964 ntohl(inihp->statsn), icp->conn_expstatsn); 965 return (ISCSI_STATUS_PROTOCOL_ERROR); 966 } 967 968 mutex_enter(&isp->sess_queue_pending.mutex); 969 mutex_enter(&icp->conn_queue_active.mutex); 970 mutex_enter(&isp->sess_cmdsn_mutex); 971 if (inihp->itt != ISCSI_RSVD_TASK_TAG) { 972 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 973 isp, ihp, &icmdp))) { 974 mutex_exit(&isp->sess_cmdsn_mutex); 975 mutex_exit(&icp->conn_queue_active.mutex); 976 mutex_exit(&isp->sess_queue_pending.mutex); 977 return (ISCSI_STATUS_PROTOCOL_ERROR); 978 } 979 } 980 981 /* update expcmdsn and maxcmdsn */ 982 iscsi_update_flow_control(isp, ntohl(inihp->maxcmdsn), 983 ntohl(inihp->expcmdsn)); 984 mutex_exit(&isp->sess_cmdsn_mutex); 985 986 if ((inihp->itt != ISCSI_RSVD_TASK_TAG) && 987 (inihp->ttt == ISCSI_RSVD_TASK_TAG)) { 988 /* This is the only type of nop that incs. the expstatsn */ 989 icp->conn_expstatsn++; 990 991 /* 992 * This is a targets response to our nop 993 */ 994 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 995 } else if (inihp->ttt != ISCSI_RSVD_TASK_TAG) { 996 /* 997 * Target requested a nop. Send one. 998 */ 999 iscsi_handle_nop(icp, ISCSI_RSVD_TASK_TAG, inihp->ttt); 1000 } else { 1001 /* 1002 * This is a target-initiated ping that doesn't expect 1003 * a response; nothing to do except update our flow control 1004 * (which we do in all cases above). 1005 */ 1006 /* EMPTY */ 1007 } 1008 mutex_exit(&icp->conn_queue_active.mutex); 1009 mutex_exit(&isp->sess_queue_pending.mutex); 1010 1011 return (rval); 1012 } 1013 1014 1015 /* 1016 * iscsi_rx_process_reject_rsp - The server rejected a PDU 1017 */ 1018 static iscsi_status_t 1019 iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 1020 iscsi_hdr_t *ihp, char *data) 1021 { 1022 iscsi_reject_rsp_hdr_t *irrhp = (iscsi_reject_rsp_hdr_t *)ihp; 1023 iscsi_sess_t *isp = NULL; 1024 uint32_t dlength = 0; 1025 iscsi_hdr_t *old_ihp = NULL; 1026 1027 ASSERT(icp != NULL); 1028 isp = icp->conn_sess; 1029 ASSERT(ihp != NULL); 1030 ASSERT(data != NULL); 1031 1032 /* make sure we only Ack Status numbers that we've actually received. */ 1033 if (icp->conn_expstatsn == ntohl(irrhp->statsn)) { 1034 icp->conn_expstatsn++; 1035 } else { 1036 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1037 "received status out of order itt:0x%x statsn:0x%x " 1038 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1039 ntohl(irrhp->statsn), icp->conn_expstatsn); 1040 return (ISCSI_STATUS_PROTOCOL_ERROR); 1041 } 1042 1043 /* update expcmdsn and maxcmdsn */ 1044 mutex_enter(&isp->sess_cmdsn_mutex); 1045 iscsi_update_flow_control(isp, ntohl(irrhp->maxcmdsn), 1046 ntohl(irrhp->expcmdsn)); 1047 mutex_exit(&isp->sess_cmdsn_mutex); 1048 1049 /* If we don't have the rejected header we can't do anything */ 1050 dlength = n2h24(irrhp->dlength); 1051 if (dlength < sizeof (iscsi_hdr_t)) { 1052 return (ISCSI_STATUS_PROTOCOL_ERROR); 1053 } 1054 1055 /* map old ihp */ 1056 old_ihp = (iscsi_hdr_t *)data; 1057 1058 switch (irrhp->reason) { 1059 /* 1060 * ISCSI_REJECT_IMM_CMD_REJECT - Immediate Command Reject 1061 * too many immediate commands (original cmd can be resent) 1062 */ 1063 case ISCSI_REJECT_IMM_CMD_REJECT: 1064 /* 1065 * We have exceeded the server's capacity for outstanding 1066 * immediate commands. This must be a task management 1067 * command so try to find it in the abortingqueue and 1068 * complete it. 1069 */ 1070 if (!(old_ihp->opcode & ISCSI_OP_IMMEDIATE)) { 1071 /* Rejecting IMM but old old_hdr wasn't IMM */ 1072 return (ISCSI_STATUS_PROTOCOL_ERROR); 1073 } 1074 1075 /* 1076 * We only send NOP and TASK_MGT as IMM. All other 1077 * cases should be considered as a protocol error. 1078 */ 1079 switch (old_ihp->opcode & ISCSI_OPCODE_MASK) { 1080 case ISCSI_OP_NOOP_OUT: 1081 /* 1082 * A ping was rejected - treat this like 1083 * ping response. The down side is we 1084 * didn't get an updated MaxCmdSn. 1085 */ 1086 break; 1087 case ISCSI_OP_SCSI_TASK_MGT_MSG: 1088 (void) iscsi_rx_process_rejected_tsk_mgt(icp, 1089 old_ihp); 1090 break; 1091 default: 1092 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 1093 "- received a reject for a command(0x%02x) not " 1094 "sent as an immediate", icp->conn_oid, 1095 old_ihp->opcode); 1096 return (ISCSI_STATUS_PROTOCOL_ERROR); 1097 } 1098 break; 1099 1100 /* 1101 * For the rest of the reject cases just use the general 1102 * hammer of dis/reconnecting. This will resolve all 1103 * noted issues although could be more graceful. 1104 */ 1105 case ISCSI_REJECT_DATA_DIGEST_ERROR: 1106 case ISCSI_REJECT_CMD_BEFORE_LOGIN: 1107 case ISCSI_REJECT_SNACK_REJECT: 1108 case ISCSI_REJECT_PROTOCOL_ERROR: 1109 case ISCSI_REJECT_CMD_NOT_SUPPORTED: 1110 case ISCSI_REJECT_TASK_IN_PROGRESS: 1111 case ISCSI_REJECT_INVALID_DATA_ACK: 1112 case ISCSI_REJECT_INVALID_PDU_FIELD: 1113 case ISCSI_REJECT_LONG_OPERATION_REJECT: 1114 case ISCSI_REJECT_NEGOTIATION_RESET: 1115 default: 1116 cmn_err(CE_WARN, "iscsi connection(%u) closing connection - " 1117 "target requested itt:0x%x reason:0x%x", 1118 icp->conn_oid, ihp->itt, irrhp->reason); 1119 return (ISCSI_STATUS_PROTOCOL_ERROR); 1120 } 1121 1122 return (ISCSI_STATUS_SUCCESS); 1123 } 1124 1125 1126 /* 1127 * iscsi_rx_process_rejected_tsk_mgt - 1128 */ 1129 static iscsi_status_t 1130 iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 1131 iscsi_hdr_t *old_ihp) 1132 { 1133 iscsi_sess_t *isp = NULL; 1134 iscsi_cmd_t *icmdp = NULL; 1135 1136 ASSERT(icp != NULL); 1137 isp = icp->conn_sess; 1138 ASSERT(old_ihp != NULL); 1139 ASSERT(icp->conn_sess != NULL); 1140 1141 mutex_enter(&icp->conn_queue_active.mutex); 1142 mutex_enter(&isp->sess_cmdsn_mutex); 1143 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1144 isp, old_ihp, &icmdp))) { 1145 mutex_exit(&isp->sess_cmdsn_mutex); 1146 mutex_exit(&icp->conn_queue_active.mutex); 1147 return (ISCSI_STATUS_PROTOCOL_ERROR); 1148 } 1149 mutex_exit(&isp->sess_cmdsn_mutex); 1150 1151 switch (icmdp->cmd_type) { 1152 case ISCSI_CMD_TYPE_ABORT: 1153 case ISCSI_CMD_TYPE_RESET: 1154 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E4, 1155 icp->conn_sess); 1156 break; 1157 /* We don't send any other task mgr types */ 1158 default: 1159 ASSERT(B_FALSE); 1160 break; 1161 } 1162 mutex_exit(&icp->conn_queue_active.mutex); 1163 1164 return (ISCSI_STATUS_SUCCESS); 1165 } 1166 1167 1168 /* 1169 * iscsi_rx_process_task_mgt_rsp - 1170 */ 1171 /* ARGSUSED */ 1172 static iscsi_status_t 1173 iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 1174 iscsi_hdr_t *ihp, void *data) 1175 { 1176 iscsi_sess_t *isp = NULL; 1177 iscsi_scsi_task_mgt_rsp_hdr_t *istmrhp = NULL; 1178 iscsi_cmd_t *icmdp = NULL; 1179 1180 ASSERT(ihp != NULL); 1181 ASSERT(icp != NULL); 1182 isp = icp->conn_sess; 1183 ASSERT(isp != NULL); 1184 istmrhp = (iscsi_scsi_task_mgt_rsp_hdr_t *)ihp; 1185 1186 if (icp->conn_expstatsn == ntohl(istmrhp->statsn)) { 1187 icp->conn_expstatsn++; 1188 } else { 1189 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1190 "received status out of order itt:0x%x statsn:0x%x " 1191 "expstatsn:0x%x", icp->conn_oid, istmrhp->itt, 1192 ntohl(istmrhp->statsn), icp->conn_expstatsn); 1193 return (ISCSI_STATUS_PROTOCOL_ERROR); 1194 } 1195 1196 /* make sure we only Ack Status numbers that we've actually received. */ 1197 mutex_enter(&icp->conn_queue_active.mutex); 1198 mutex_enter(&isp->sess_cmdsn_mutex); 1199 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1200 mutex_exit(&isp->sess_cmdsn_mutex); 1201 mutex_exit(&icp->conn_queue_active.mutex); 1202 return (ISCSI_STATUS_PROTOCOL_ERROR); 1203 } 1204 1205 /* update expcmdsn and maxcmdn */ 1206 iscsi_update_flow_control(isp, ntohl(istmrhp->maxcmdsn), 1207 ntohl(istmrhp->expcmdsn)); 1208 mutex_exit(&isp->sess_cmdsn_mutex); 1209 1210 switch (icmdp->cmd_type) { 1211 case ISCSI_CMD_TYPE_ABORT: 1212 case ISCSI_CMD_TYPE_RESET: 1213 switch (istmrhp->response) { 1214 case SCSI_TCP_TM_RESP_COMPLETE: 1215 /* success */ 1216 iscsi_cmd_state_machine(icmdp, 1217 ISCSI_CMD_EVENT_E3, isp); 1218 break; 1219 case SCSI_TCP_TM_RESP_NO_TASK: 1220 /* 1221 * If the array no longer knows about 1222 * an ABORT RTT and we no longer have 1223 * a parent SCSI command it was just 1224 * completed, free this ABORT resource. 1225 * Otherwise FALLTHRU this will flag a 1226 * protocol problem. 1227 */ 1228 if ((icmdp->cmd_type == ISCSI_CMD_TYPE_ABORT) && 1229 (icmdp->cmd_un.abort.icmdp == NULL)) { 1230 iscsi_cmd_state_machine(icmdp, 1231 ISCSI_CMD_EVENT_E4, isp); 1232 break; 1233 } 1234 /* FALLTHRU */ 1235 case SCSI_TCP_TM_RESP_NO_LUN: 1236 case SCSI_TCP_TM_RESP_TASK_ALLEGIANT: 1237 case SCSI_TCP_TM_RESP_NO_FAILOVER: 1238 case SCSI_TCP_TM_RESP_IN_PRGRESS: 1239 case SCSI_TCP_TM_RESP_REJECTED: 1240 default: 1241 /* 1242 * Something is out of sync. Flush 1243 * active queues and resync the 1244 * the connection to try and recover 1245 * to a known state. 1246 */ 1247 mutex_exit(&icp->conn_queue_active.mutex); 1248 return (ISCSI_STATUS_PROTOCOL_ERROR); 1249 } 1250 break; 1251 1252 default: 1253 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1254 "received a task mgt response for a non-task mgt " 1255 "cmd itt:0x%x type:%d", icp->conn_oid, istmrhp->itt, 1256 icmdp->cmd_type); 1257 mutex_exit(&icp->conn_queue_active.mutex); 1258 return (ISCSI_STATUS_PROTOCOL_ERROR); 1259 } 1260 1261 mutex_exit(&icp->conn_queue_active.mutex); 1262 return (ISCSI_STATUS_SUCCESS); 1263 } 1264 1265 1266 /* 1267 * iscsi_rx_process_logout - 1268 * 1269 */ 1270 /* ARGSUSED */ 1271 static iscsi_status_t 1272 iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1273 { 1274 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1275 iscsi_sess_t *isp = icp->conn_sess; 1276 iscsi_logout_rsp_hdr_t *ilrhp = (iscsi_logout_rsp_hdr_t *)ihp; 1277 iscsi_cmd_t *icmdp = NULL; 1278 1279 ASSERT(icp != NULL); 1280 ASSERT(ihp != NULL); 1281 isp = icp->conn_sess; 1282 ASSERT(isp != NULL); 1283 1284 if (icp->conn_expstatsn != ntohl(ilrhp->statsn)) { 1285 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1286 "received status out of order itt:0x%x statsn:0x%x " 1287 "expstatsn:0x%x", icp->conn_oid, ilrhp->itt, 1288 ntohl(ilrhp->statsn), icp->conn_expstatsn); 1289 return (ISCSI_STATUS_PROTOCOL_ERROR); 1290 } 1291 1292 mutex_enter(&icp->conn_queue_active.mutex); 1293 mutex_enter(&isp->sess_cmdsn_mutex); 1294 if (ilrhp->itt != ISCSI_RSVD_TASK_TAG) { 1295 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1296 isp, ihp, &icmdp))) { 1297 mutex_exit(&isp->sess_cmdsn_mutex); 1298 mutex_exit(&icp->conn_queue_active.mutex); 1299 return (ISCSI_STATUS_PROTOCOL_ERROR); 1300 } 1301 } 1302 1303 /* update expcmdsn and maxcmdsn */ 1304 iscsi_update_flow_control(isp, ntohl(ilrhp->maxcmdsn), 1305 ntohl(ilrhp->expcmdsn)); 1306 mutex_exit(&isp->sess_cmdsn_mutex); 1307 1308 switch (ilrhp->response) { 1309 case ISCSI_LOGOUT_CID_NOT_FOUND: 1310 /* 1311 * If the target doesn't know about our connection 1312 * then we can consider our self disconnected. 1313 */ 1314 /* FALLTHRU */ 1315 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 1316 /* 1317 * We don't support ErrorRecovery levels above 0 1318 * currently so consider this success. 1319 */ 1320 /* FALLTHRU */ 1321 case ISCSI_LOGOUT_CLEANUP_FAILED: 1322 /* 1323 * per spec. "cleanup failed for various reasons." 1324 * Although those various reasons are undefined. 1325 * Not sure what to do here. So fake success, 1326 * which will disconnect the connection. 1327 */ 1328 /* FALLTHRU */ 1329 case ISCSI_LOGOUT_SUCCESS: 1330 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1331 mutex_exit(&icp->conn_queue_active.mutex); 1332 /* logout completed successfully notify the conn */ 1333 mutex_enter(&icp->conn_state_mutex); 1334 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 1335 mutex_exit(&icp->conn_state_mutex); 1336 break; 1337 default: 1338 mutex_exit(&icp->conn_queue_active.mutex); 1339 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1340 } 1341 1342 return (rval); 1343 } 1344 1345 1346 /* 1347 * iscsi_rx_process_logout - 1348 * 1349 */ 1350 /* ARGSUSED */ 1351 static iscsi_status_t 1352 iscsi_rx_process_async_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1353 { 1354 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1355 iscsi_async_evt_hdr_t *iaehp = (iscsi_async_evt_hdr_t *)ihp; 1356 1357 ASSERT(icp != NULL); 1358 ASSERT(ihp != NULL); 1359 ASSERT(icp->conn_sess != NULL); 1360 1361 if (icp->conn_expstatsn != ntohl(iaehp->statsn)) { 1362 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1363 "received status out of order itt:0x%x statsn:0x%x " 1364 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1365 ntohl(iaehp->statsn), icp->conn_expstatsn); 1366 return (ISCSI_STATUS_PROTOCOL_ERROR); 1367 } 1368 1369 switch (iaehp->async_event) { 1370 case ISCSI_ASYNC_EVENT_SCSI_EVENT: 1371 /* 1372 * SCSI asynchronous event is reported in 1373 * the sense data. Sense data that accompanies 1374 * the report in the data segment identifies the 1375 * condition. If the target supports SCSI 1376 * asynchronous events reporting (see [SAM2]) 1377 * as indicated in the stardard INQUIRY data 1378 * (see [SPC3]), its use may be enabled by 1379 * parameters in the SCSI control mode page 1380 * (see [SPC3]). 1381 * 1382 * T-10 has removed SCSI asunchronous events 1383 * from the standard. Although we have seen 1384 * a couple targets still spending these requests. 1385 * Those targets were specifically sending them 1386 * for notification of a LUN/Volume change 1387 * (ex. LUN addition/removal). Take a general 1388 * action to these events of dis/reconnecting. 1389 * Once reconnected we perform a reenumeration. 1390 */ 1391 mutex_enter(&icp->conn_state_mutex); 1392 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1393 mutex_exit(&icp->conn_state_mutex); 1394 break; 1395 1396 case ISCSI_ASYNC_EVENT_REQUEST_LOGOUT: 1397 /* Target has requested this connection to logout. */ 1398 mutex_enter(&icp->conn_state_mutex); 1399 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1400 mutex_exit(&icp->conn_state_mutex); 1401 break; 1402 1403 case ISCSI_ASYNC_EVENT_DROPPING_CONNECTION: 1404 /* 1405 * Target is going to drop our connection. 1406 * param1 - CID which will be dropped. 1407 * param2 - Min time to reconnect. 1408 * param3 - Max time to reconnect. 1409 * 1410 * For now just let fail as another disconnect. 1411 * 1412 * MC/S Once we support > 1 connections then 1413 * we need to check the CID and drop that 1414 * specific connection. 1415 */ 1416 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1417 mutex_enter(&icp->conn_state_mutex); 1418 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1419 mutex_exit(&icp->conn_state_mutex); 1420 break; 1421 1422 case ISCSI_ASYNC_EVENT_DROPPING_ALL_CONNECTIONS: 1423 /* 1424 * Target is going to drop ALL connections. 1425 * param2 - Min time to reconnect. 1426 * param3 - Max time to reconnect. 1427 * 1428 * For now just let fail as anyother disconnect. 1429 * 1430 * MC/S Once we support more than > 1 connections 1431 * then we need to drop all connections on the 1432 * session. 1433 */ 1434 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1435 mutex_enter(&icp->conn_state_mutex); 1436 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1437 mutex_exit(&icp->conn_state_mutex); 1438 break; 1439 1440 case ISCSI_ASYNC_EVENT_PARAM_NEGOTIATION: 1441 /* 1442 * Target requests parameter negotiation 1443 * on this connection. 1444 * 1445 * The initiator must honor this request. For 1446 * now we will request a logout. We can't 1447 * just ignore this or it might force corruption? 1448 */ 1449 mutex_enter(&icp->conn_state_mutex); 1450 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1451 mutex_exit(&icp->conn_state_mutex); 1452 break; 1453 1454 case ISCSI_ASYNC_EVENT_VENDOR_SPECIFIC: 1455 /* 1456 * We currently don't handle any vendor 1457 * specific async events. So just ignore 1458 * the request. 1459 */ 1460 mutex_enter(&icp->conn_state_mutex); 1461 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1462 mutex_exit(&icp->conn_state_mutex); 1463 break; 1464 default: 1465 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1466 } 1467 1468 return (rval); 1469 } 1470 1471 /* 1472 * iscsi_rx_process_text_rsp - processes iSCSI text response. It sets 1473 * the cmd_result field of the command data structure with the actual 1474 * status value instead of returning the status value. The return value 1475 * is SUCCESS in order to let iscsi_handle_text control the operation of 1476 * a text request. 1477 * Test requests are a handled a little different than other types of 1478 * iSCSI commands because the initiator sends additional empty text requests 1479 * in order to obtain the remaining responses required to complete the 1480 * request. iscsi_handle_text controls the operation of text request, while 1481 * iscsi_rx_process_text_rsp just process the current response. 1482 */ 1483 static iscsi_status_t 1484 iscsi_rx_process_text_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1485 { 1486 iscsi_sess_t *isp = NULL; 1487 iscsi_text_rsp_hdr_t *ithp = (iscsi_text_rsp_hdr_t *)ihp; 1488 iscsi_cmd_t *icmdp = NULL; 1489 boolean_t final = B_FALSE; 1490 uint32_t data_len; 1491 1492 ASSERT(icp != NULL); 1493 ASSERT(ihp != NULL); 1494 ASSERT(data != NULL); 1495 1496 isp = icp->conn_sess; 1497 ASSERT(isp != NULL); 1498 1499 if (icp->conn_expstatsn == ntohl(ithp->statsn)) { 1500 icp->conn_expstatsn++; 1501 } else { 1502 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1503 "received status out of order itt:0x%x statsn:0x%x " 1504 "expstatsn:0x%x", icp->conn_oid, ithp->itt, 1505 ntohl(ithp->statsn), icp->conn_expstatsn); 1506 return (ISCSI_STATUS_PROTOCOL_ERROR); 1507 } 1508 1509 mutex_enter(&icp->conn_queue_active.mutex); 1510 mutex_enter(&isp->sess_cmdsn_mutex); 1511 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1512 mutex_exit(&isp->sess_cmdsn_mutex); 1513 mutex_exit(&icp->conn_queue_active.mutex); 1514 return (ISCSI_STATUS_PROTOCOL_ERROR); 1515 } 1516 1517 /* update expcmdsn and maxcmdsn */ 1518 iscsi_update_flow_control(isp, ntohl(ithp->maxcmdsn), 1519 ntohl(ithp->expcmdsn)); 1520 mutex_exit(&isp->sess_cmdsn_mutex); 1521 1522 /* update local final response flag */ 1523 if (ithp->flags & ISCSI_FLAG_FINAL) { 1524 final = B_TRUE; 1525 } 1526 1527 /* 1528 * validate received TTT value. RFC3720 specifies the following: 1529 * - F bit set to 1 MUST have a reserved TTT value 0xffffffff 1530 * - F bit set to 0 MUST have a non-reserved TTT value !0xffffffff 1531 * In addition, the received TTT value must not change between 1532 * responses of a long text response 1533 */ 1534 if (((final == B_TRUE) && (ithp->ttt != ISCSI_RSVD_TASK_TAG)) || 1535 ((final == B_FALSE) && (ithp->ttt == ISCSI_RSVD_TASK_TAG))) { 1536 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1537 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1538 mutex_exit(&icp->conn_queue_active.mutex); 1539 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1540 "received text response with invalid flags:0x%x or " 1541 "ttt:0x%x", icp->conn_oid, ithp->flags, ithp->itt); 1542 return (ISCSI_STATUS_PROTOCOL_ERROR); 1543 } 1544 1545 if ((icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) && 1546 (ithp->ttt == ISCSI_RSVD_TASK_TAG) && 1547 (final == B_FALSE)) { 1548 /* TTT should have matched reserved value */ 1549 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1550 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1551 mutex_exit(&icp->conn_queue_active.mutex); 1552 cmn_err(CE_WARN, "iscsi connection(%u) protocol " 1553 "error - received text response with invalid " 1554 "ttt:0x%x", icp->conn_oid, ithp->ttt); 1555 return (ISCSI_STATUS_PROTOCOL_ERROR); 1556 } 1557 1558 /* 1559 * If this is first response, save away TTT value for later use 1560 * in a long text request/response sequence 1561 */ 1562 if (icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) { 1563 icmdp->cmd_un.text.ttt = ithp->ttt; 1564 } 1565 1566 data_len = ntoh24(ithp->dlength); 1567 1568 /* check whether enough buffer available to copy data */ 1569 if ((icmdp->cmd_un.text.total_rx_len + data_len) > 1570 icmdp->cmd_un.text.buf_len) { 1571 icmdp->cmd_un.text.total_rx_len += data_len; 1572 icmdp->cmd_result = ISCSI_STATUS_DATA_OVERFLOW; 1573 /* 1574 * DATA_OVERFLOW will result in a SUCCESS return so that 1575 * iscsi_handle_text can continue to obtain the remaining 1576 * text response if needed. 1577 */ 1578 } else { 1579 char *buf_data = (icmdp->cmd_un.text.buf + 1580 icmdp->cmd_un.text.offset); 1581 1582 bcopy(data, buf_data, data_len); 1583 icmdp->cmd_un.text.offset += data_len; 1584 icmdp->cmd_un.text.total_rx_len += data_len; 1585 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 1586 bcopy(ithp->rsvd4, icmdp->cmd_un.text.lun, 1587 sizeof (icmdp->cmd_un.text.lun)); 1588 } 1589 1590 /* update stage */ 1591 if (final == B_TRUE) { 1592 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1593 } else { 1594 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 1595 } 1596 1597 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1598 mutex_exit(&icp->conn_queue_active.mutex); 1599 return (ISCSI_STATUS_SUCCESS); 1600 } 1601 1602 /* 1603 * iscsi_rx_process_itt_to_icmdp - Lookup itt in the session's 1604 * cmd table to find matching icmdp. Verify itt in hdr and 1605 * icmdp are the same. 1606 */ 1607 static iscsi_status_t 1608 iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, iscsi_hdr_t *ihp, 1609 iscsi_cmd_t **icmdp) 1610 { 1611 int cmd_table_idx = 0; 1612 1613 ASSERT(isp != NULL); 1614 ASSERT(ihp != NULL); 1615 ASSERT(icmdp != NULL); 1616 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 1617 1618 /* try to find an associated iscsi_pkt */ 1619 cmd_table_idx = ihp->itt % ISCSI_CMD_TABLE_SIZE; 1620 if (isp->sess_cmd_table[cmd_table_idx] == NULL) { 1621 cmn_err(CE_WARN, "iscsi session(%u) protocol error - " 1622 "received unknown itt:0x%x - protocol error", 1623 isp->sess_oid, ihp->itt); 1624 return (ISCSI_STATUS_INTERNAL_ERROR); 1625 } 1626 1627 /* verify itt */ 1628 if (isp->sess_cmd_table[cmd_table_idx]->cmd_itt != ihp->itt) { 1629 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1630 " which is out of sync with itt:0x%x", isp->sess_oid, 1631 ihp->itt, isp->sess_cmd_table[cmd_table_idx]->cmd_itt); 1632 return (ISCSI_STATUS_INTERNAL_ERROR); 1633 } 1634 1635 /* make sure this is a SCSI cmd */ 1636 *icmdp = isp->sess_cmd_table[cmd_table_idx]; 1637 1638 return (ISCSI_STATUS_SUCCESS); 1639 } 1640 1641 1642 /* 1643 * +--------------------------------------------------------------------+ 1644 * | End of protocol receive routines | 1645 * +--------------------------------------------------------------------+ 1646 */ 1647 1648 /* 1649 * +--------------------------------------------------------------------+ 1650 * | Beginning of protocol send routines | 1651 * +--------------------------------------------------------------------+ 1652 */ 1653 1654 1655 /* 1656 * iscsi_tx_thread - This thread is the driving point for all 1657 * iSCSI PDUs after login. No PDUs should call sendpdu() 1658 * directly they should be funneled through iscsi_tx_thread. 1659 */ 1660 void 1661 iscsi_tx_thread(iscsi_thread_t *thread, void *arg) 1662 { 1663 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 1664 iscsi_sess_t *isp = NULL; 1665 iscsi_cmd_t *icmdp = NULL; 1666 clock_t tout; 1667 int ret = 1; 1668 1669 ASSERT(icp != NULL); 1670 isp = icp->conn_sess; 1671 ASSERT(isp != NULL); 1672 ASSERT(thread != NULL); 1673 ASSERT(thread->signature == SIG_ISCSI_THREAD); 1674 1675 tout = SEC_TO_TICK(1); 1676 /* 1677 * Transfer icmdps until shutdown by owning session. 1678 */ 1679 while (ret != 0) { 1680 1681 isp->sess_window_open = B_TRUE; 1682 1683 /* 1684 * While the window is open, there are commands available 1685 * to send and the session state allows those commands to 1686 * be sent try to transfer them. 1687 */ 1688 mutex_enter(&isp->sess_queue_pending.mutex); 1689 while ((isp->sess_window_open == B_TRUE) && 1690 ((icmdp = isp->sess_queue_pending.head) != NULL) && 1691 (((icmdp->cmd_type != ISCSI_CMD_TYPE_SCSI) && 1692 (ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state))) || 1693 (icp->conn_state == ISCSI_CONN_STATE_LOGGED_IN))) { 1694 1695 /* update command with this connection info */ 1696 icmdp->cmd_conn = icp; 1697 /* attempt to send this command */ 1698 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E2, isp); 1699 1700 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1701 mutex_enter(&isp->sess_queue_pending.mutex); 1702 } 1703 mutex_exit(&isp->sess_queue_pending.mutex); 1704 1705 /* 1706 * Go to sleep until there is something new 1707 * to process (awoken via cv_boardcast). 1708 * Or the timer goes off. 1709 */ 1710 ret = iscsi_thread_wait(thread, tout); 1711 } 1712 1713 } 1714 1715 1716 /* 1717 * iscsi_tx_cmd - transfers icmdp across wire as iscsi pdu 1718 * 1719 * Just prior to sending the command to the networking layer the 1720 * pending queue lock will be dropped. At this point only local 1721 * resources will be used, not the icmdp. Holding the queue lock 1722 * across the networking call can lead to a hang. (This is due 1723 * to the the target driver and networking layers competing use 1724 * of the timeout() resources and the queue lock being held for 1725 * both sides.) Upon the completion of this command the lock 1726 * will have been re-acquired. 1727 */ 1728 iscsi_status_t 1729 iscsi_tx_cmd(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1730 { 1731 iscsi_status_t rval = ISCSI_STATUS_INTERNAL_ERROR; 1732 1733 ASSERT(isp != NULL); 1734 ASSERT(icmdp != NULL); 1735 1736 /* transfer specific command type */ 1737 switch (icmdp->cmd_type) { 1738 case ISCSI_CMD_TYPE_SCSI: 1739 rval = iscsi_tx_scsi(isp, icmdp); 1740 break; 1741 case ISCSI_CMD_TYPE_R2T: 1742 rval = iscsi_tx_r2t(isp, icmdp); 1743 break; 1744 case ISCSI_CMD_TYPE_NOP: 1745 rval = iscsi_tx_nop(isp, icmdp); 1746 break; 1747 case ISCSI_CMD_TYPE_ABORT: 1748 rval = iscsi_tx_abort(isp, icmdp); 1749 break; 1750 case ISCSI_CMD_TYPE_RESET: 1751 rval = iscsi_tx_reset(isp, icmdp); 1752 break; 1753 case ISCSI_CMD_TYPE_LOGOUT: 1754 rval = iscsi_tx_logout(isp, icmdp); 1755 break; 1756 case ISCSI_CMD_TYPE_TEXT: 1757 rval = iscsi_tx_text(isp, icmdp); 1758 break; 1759 default: 1760 ASSERT(FALSE); 1761 } 1762 1763 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1764 return (rval); 1765 } 1766 1767 /* 1768 * a variable length cdb can be up to 16K, but we obviously don't want 1769 * to put that on the stack; go with 200 bytes; if we get something 1770 * bigger than that we will kmem_alloc a buffer 1771 */ 1772 #define DEF_CDB_LEN 200 1773 1774 /* 1775 * given the size of the cdb, return how many bytes the header takes, 1776 * which is the sizeof addl_hdr_t + the CDB size, minus the 16 bytes 1777 * stored in the basic header, minus sizeof (ahs_extscb) 1778 */ 1779 #define ADDLHDRSZ(x) (sizeof (iscsi_addl_hdr_t) + (x) - \ 1780 16 - 4) 1781 1782 /* 1783 * iscsi_tx_scsi - 1784 * 1785 */ 1786 static iscsi_status_t 1787 iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1788 { 1789 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1790 iscsi_conn_t *icp = NULL; 1791 struct scsi_pkt *pkt = NULL; 1792 struct buf *bp = NULL; 1793 union { 1794 iscsi_scsi_cmd_hdr_t isch; 1795 iscsi_addl_hdr_t iah; 1796 uchar_t arr[ADDLHDRSZ(DEF_CDB_LEN)]; 1797 } hdr_un; 1798 iscsi_scsi_cmd_hdr_t *ihp = 1799 (iscsi_scsi_cmd_hdr_t *)&hdr_un.isch; 1800 int cdblen = 0; 1801 size_t buflen = 0; 1802 uint32_t imdata = 0; 1803 uint32_t first_burst_length = 0; 1804 1805 ASSERT(isp != NULL); 1806 ASSERT(icmdp != NULL); 1807 pkt = icmdp->cmd_un.scsi.pkt; 1808 ASSERT(pkt != NULL); 1809 bp = icmdp->cmd_un.scsi.bp; 1810 icp = icmdp->cmd_conn; 1811 ASSERT(icp != NULL); 1812 1813 /* Reset counts in case we are on a retry */ 1814 icmdp->cmd_un.scsi.data_transferred = 0; 1815 1816 if (icmdp->cmd_un.scsi.cmdlen > DEF_CDB_LEN) { 1817 cdblen = icmdp->cmd_un.scsi.cmdlen; 1818 ihp = kmem_zalloc(ADDLHDRSZ(cdblen), KM_SLEEP); 1819 } else { 1820 /* 1821 * only bzero the basic header; the additional header 1822 * will be set up correctly later, if needed 1823 */ 1824 bzero(ihp, sizeof (iscsi_scsi_cmd_hdr_t)); 1825 } 1826 ihp->opcode = ISCSI_OP_SCSI_CMD; 1827 ihp->itt = icmdp->cmd_itt; 1828 mutex_enter(&isp->sess_cmdsn_mutex); 1829 ihp->cmdsn = htonl(isp->sess_cmdsn); 1830 isp->sess_cmdsn++; 1831 mutex_exit(&isp->sess_cmdsn_mutex); 1832 ihp->expstatsn = htonl(icp->conn_expstatsn); 1833 icp->conn_laststatsn = icp->conn_expstatsn; 1834 1835 pkt->pkt_state = (STATE_GOT_BUS | STATE_GOT_TARGET); 1836 pkt->pkt_reason = CMD_INCOMPLETE; 1837 1838 /* 1839 * Sestion 12.11 of the iSCSI specification has a good table 1840 * describing when uncolicited data and/or immediate data 1841 * should be sent. 1842 */ 1843 bp = icmdp->cmd_un.scsi.bp; 1844 if ((bp != NULL) && bp->b_bcount) { 1845 buflen = bp->b_bcount; 1846 first_burst_length = icp->conn_params.first_burst_length; 1847 1848 if (bp->b_flags & B_READ) { 1849 ihp->flags = ISCSI_FLAG_FINAL; 1850 /* 1851 * fix problem where OS sends bp (B_READ & 1852 * b_bcount!=0) for a TUR or START_STOP. 1853 * (comment came from cisco code.) 1854 */ 1855 if ((pkt->pkt_cdbp[0] != SCMD_TEST_UNIT_READY) && 1856 (pkt->pkt_cdbp[0] != SCMD_START_STOP)) { 1857 ihp->flags |= ISCSI_FLAG_CMD_READ; 1858 ihp->data_length = htonl(buflen); 1859 } 1860 } else { 1861 ihp->flags = ISCSI_FLAG_CMD_WRITE; 1862 /* 1863 * FinalBit on the the iSCSI PDU denotes this 1864 * is the last PDU in the sequence. 1865 * 1866 * initial_r2t = true means R2T is required 1867 * for additional PDU, so there will be no more 1868 * unsolicited PDUs following 1869 */ 1870 if (icp->conn_params.initial_r2t) { 1871 ihp->flags |= ISCSI_FLAG_FINAL; 1872 } 1873 1874 /* Check if we should send ImmediateData */ 1875 if (icp->conn_params.immediate_data) { 1876 imdata = MIN(MIN(buflen, 1877 first_burst_length), 1878 icmdp->cmd_conn->conn_params. 1879 max_xmit_data_seg_len); 1880 1881 /* 1882 * if everything fits immediate, or 1883 * we can send all burst data immediate 1884 * (not unsol), set F 1885 */ 1886 if ((imdata == buflen) || 1887 (imdata == first_burst_length)) { 1888 ihp->flags |= ISCSI_FLAG_FINAL; 1889 } 1890 1891 hton24(ihp->dlength, imdata); 1892 } 1893 1894 /* total data transfer length */ 1895 ihp->data_length = htonl(buflen); 1896 } 1897 } else { 1898 ihp->flags = ISCSI_FLAG_FINAL; 1899 buflen = 0; 1900 } 1901 1902 /* tagged queuing */ 1903 if (pkt->pkt_flags & FLAG_HTAG) { 1904 ihp->flags |= ISCSI_ATTR_HEAD_OF_QUEUE; 1905 } else if (pkt->pkt_flags & FLAG_OTAG) { 1906 ihp->flags |= ISCSI_ATTR_ORDERED; 1907 } else if (pkt->pkt_flags & FLAG_STAG) { 1908 ihp->flags |= ISCSI_ATTR_SIMPLE; 1909 } else { 1910 /* ihp->flags |= ISCSI_ATTR_UNTAGGED; */ 1911 /* EMPTY */ 1912 } 1913 1914 /* iscsi states lun is based on spc.2 */ 1915 ISCSI_LUN_BYTE_COPY(ihp->lun, icmdp->cmd_un.scsi.lun); 1916 1917 if (icmdp->cmd_un.scsi.cmdlen <= 16) { 1918 /* copy the SCSI Command Block into the PDU */ 1919 bcopy(pkt->pkt_cdbp, ihp->scb, 1920 icmdp->cmd_un.scsi.cmdlen); 1921 } else { 1922 iscsi_addl_hdr_t *iahp; 1923 1924 iahp = (iscsi_addl_hdr_t *)ihp; 1925 1926 ihp->hlength = (ADDLHDRSZ(icmdp->cmd_un.scsi.cmdlen) - 1927 sizeof (iscsi_scsi_cmd_hdr_t) + 3) / 4; 1928 iahp->ahs_hlen_hi = 0; 1929 iahp->ahs_hlen_lo = (icmdp->cmd_un.scsi.cmdlen - 15); 1930 iahp->ahs_key = 0x01; 1931 iahp->ahs_resv = 0; 1932 bcopy(pkt->pkt_cdbp, ihp->scb, 16); 1933 bcopy(((char *)pkt->pkt_cdbp) + 16, &iahp->ahs_extscb[0], 1934 icmdp->cmd_un.scsi.cmdlen); 1935 } 1936 1937 /* 1938 * Update all values before transfering. 1939 * We should never touch the icmdp after 1940 * transfering if there is no more data 1941 * to send. The only case the sendpdu() 1942 * will fail is a on a connection disconnect 1943 * in that case the command will be flushed. 1944 */ 1945 pkt->pkt_state |= STATE_SENT_CMD; 1946 1947 icmdp->cmd_un.scsi.data_transferred += imdata; 1948 1949 /* 1950 * Check if there is additional data to transfer beyond what 1951 * will be sent as part of the initial command. If InitialR2T 1952 * is disabled then we should fake up a R2T so all the data, 1953 * up to first burst length, is sent in an unsolicited 1954 * fashion. We have already sent as much immediate data 1955 * as possible. 1956 */ 1957 if ((buflen > 0) && 1958 ((bp->b_flags & B_READ) == 0) && 1959 (icp->conn_params.initial_r2t == 0) && 1960 (MIN(first_burst_length, buflen) - imdata > 0)) { 1961 1962 uint32_t xfer_len = MIN(first_burst_length, buflen) - imdata; 1963 /* data will be chunked at tx */ 1964 iscsi_handle_r2t(icp, icmdp, imdata, 1965 xfer_len, ISCSI_RSVD_TASK_TAG); 1966 } 1967 1968 /* release pending queue mutex across the network call */ 1969 mutex_exit(&isp->sess_queue_pending.mutex); 1970 1971 /* Transfer Cmd PDU */ 1972 if (imdata) { 1973 rval = iscsi_net->sendpdu(icp->conn_socket, 1974 (iscsi_hdr_t *)ihp, icmdp->cmd_un.scsi.bp->b_un.b_addr, 1975 ISCSI_CONN_TO_NET_DIGEST(icp)); 1976 if (ISCSI_SUCCESS(rval)) { 1977 KSTAT_ADD_CONN_TX_BYTES(icp, imdata); 1978 } 1979 } else { 1980 rval = iscsi_net->sendpdu(icp->conn_socket, 1981 (iscsi_hdr_t *)ihp, NULL, 1982 ISCSI_CONN_TO_NET_DIGEST(icp)); 1983 } 1984 if (cdblen) { 1985 kmem_free(ihp, ADDLHDRSZ(cdblen)); 1986 } 1987 1988 return (rval); 1989 } 1990 1991 1992 /* 1993 * iscsi_tx_r2t - 1994 * 1995 */ 1996 static iscsi_status_t 1997 iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1998 { 1999 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2000 iscsi_conn_t *icp = NULL; 2001 iscsi_cmd_t *orig_icmdp = NULL; 2002 2003 ASSERT(isp != NULL); 2004 ASSERT(icmdp != NULL); 2005 icp = icmdp->cmd_conn; 2006 ASSERT(icp); 2007 orig_icmdp = icmdp->cmd_un.r2t.icmdp; 2008 ASSERT(orig_icmdp); 2009 2010 /* validate the offset and length against the buffer size */ 2011 if ((icmdp->cmd_un.r2t.offset + icmdp->cmd_un.r2t.length) > 2012 orig_icmdp->cmd_un.scsi.bp->b_bcount) { 2013 cmn_err(CE_WARN, "iscsi session(%u) ignoring invalid r2t " 2014 "for icmd itt:0x%x offset:0x%x length:0x%x bufsize:0x%lx", 2015 isp->sess_oid, icmdp->cmd_itt, icmdp->cmd_un.r2t.offset, 2016 icmdp->cmd_un.r2t.length, orig_icmdp->cmd_un.scsi.bp-> 2017 b_bcount); 2018 mutex_exit(&isp->sess_queue_pending.mutex); 2019 return (ISCSI_STATUS_INTERNAL_ERROR); 2020 } 2021 ASSERT(orig_icmdp->cmd_un.scsi.r2t_icmdp); 2022 2023 rval = iscsi_tx_data(isp, icp, orig_icmdp, icmdp->cmd_ttt, 2024 icmdp->cmd_un.r2t.length, icmdp->cmd_un.r2t.offset); 2025 2026 mutex_enter(&orig_icmdp->cmd_mutex); 2027 orig_icmdp->cmd_un.scsi.r2t_icmdp = NULL; 2028 icmdp->cmd_un.r2t.icmdp = NULL; 2029 /* 2030 * we're finished with this r2t; there could be another r2t 2031 * waiting on us to finish, so signal it. 2032 */ 2033 cv_broadcast(&orig_icmdp->cmd_completion); 2034 mutex_exit(&orig_icmdp->cmd_mutex); 2035 /* 2036 * the parent command may be waiting for us to finish; if so, 2037 * wake the _ic_ thread 2038 */ 2039 if ((orig_icmdp->cmd_state == ISCSI_CMD_STATE_COMPLETED) && 2040 (ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state))) 2041 iscsi_thread_send_wakeup(isp->sess_ic_thread); 2042 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 2043 return (rval); 2044 } 2045 2046 2047 /* 2048 * iscsi_tx_data - 2049 */ 2050 static iscsi_status_t 2051 iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2052 uint32_t ttt, size_t datalen, size_t offset) 2053 { 2054 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2055 struct buf *bp = NULL; 2056 size_t remainder = 0; 2057 size_t chunk = 0; 2058 char *data = NULL; 2059 uint32_t data_sn = 0; 2060 iscsi_data_hdr_t idhp; 2061 uint32_t itt; 2062 uint32_t lun; 2063 2064 ASSERT(isp != NULL); 2065 ASSERT(icp != NULL); 2066 ASSERT(icmdp != NULL); 2067 bp = icmdp->cmd_un.scsi.bp; 2068 2069 /* verify there is data to send */ 2070 if (bp == NULL) { 2071 mutex_exit(&isp->sess_queue_pending.mutex); 2072 return (ISCSI_STATUS_INTERNAL_ERROR); 2073 } 2074 2075 itt = icmdp->cmd_itt; 2076 lun = icmdp->cmd_un.scsi.lun; 2077 2078 /* 2079 * update the LUN with the amount of data we will 2080 * transfer. If there is a failure it's because of 2081 * a network fault and the command will get flushed. 2082 */ 2083 icmdp->cmd_un.scsi.data_transferred += datalen; 2084 2085 /* release pending queue mutex across the network call */ 2086 mutex_exit(&isp->sess_queue_pending.mutex); 2087 2088 remainder = datalen; 2089 while (remainder) { 2090 2091 /* Check so see if we need to chunk the data */ 2092 if ((icp->conn_params.max_xmit_data_seg_len > 0) && 2093 (remainder > icp->conn_params.max_xmit_data_seg_len)) { 2094 chunk = icp->conn_params.max_xmit_data_seg_len; 2095 } else { 2096 chunk = remainder; 2097 } 2098 2099 /* setup iscsi data hdr */ 2100 bzero(&idhp, sizeof (iscsi_data_hdr_t)); 2101 idhp.opcode = ISCSI_OP_SCSI_DATA; 2102 idhp.itt = itt; 2103 idhp.ttt = ttt; 2104 ISCSI_LUN_BYTE_COPY(idhp.lun, lun); 2105 idhp.expstatsn = htonl(icp->conn_expstatsn); 2106 icp->conn_laststatsn = icp->conn_expstatsn; 2107 idhp.datasn = htonl(data_sn); 2108 data_sn++; 2109 idhp.offset = htonl(offset); 2110 hton24(idhp.dlength, chunk); 2111 2112 if (chunk == remainder) { 2113 idhp.flags = ISCSI_FLAG_FINAL; /* final chunk */ 2114 } 2115 2116 /* setup data */ 2117 data = bp->b_un.b_addr + offset; 2118 2119 /* 2120 * Keep track of how much data we have 2121 * transfer so far and how much is remaining. 2122 */ 2123 remainder -= chunk; 2124 offset += chunk; 2125 2126 rval = iscsi_net->sendpdu(icp->conn_socket, 2127 (iscsi_hdr_t *)&idhp, data, 2128 ISCSI_CONN_TO_NET_DIGEST(icp)); 2129 2130 if (ISCSI_SUCCESS(rval)) { 2131 KSTAT_ADD_CONN_TX_BYTES(icp, chunk); 2132 } else { 2133 break; 2134 } 2135 } 2136 2137 return (rval); 2138 } 2139 2140 2141 /* 2142 * iscsi_tx_nop - 2143 * 2144 */ 2145 static iscsi_status_t 2146 iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2147 { 2148 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2149 iscsi_conn_t *icp = NULL; 2150 iscsi_nop_out_hdr_t inohp; 2151 2152 ASSERT(isp != NULL); 2153 ASSERT(icmdp != NULL); 2154 icp = icmdp->cmd_conn; 2155 ASSERT(icp != NULL); 2156 2157 bzero(&inohp, sizeof (iscsi_nop_out_hdr_t)); 2158 inohp.opcode = ISCSI_OP_NOOP_OUT | ISCSI_OP_IMMEDIATE; 2159 inohp.flags = ISCSI_FLAG_FINAL; 2160 inohp.itt = icmdp->cmd_itt; 2161 inohp.ttt = icmdp->cmd_ttt; 2162 mutex_enter(&isp->sess_cmdsn_mutex); 2163 inohp.cmdsn = htonl(isp->sess_cmdsn); 2164 mutex_exit(&isp->sess_cmdsn_mutex); 2165 inohp.expstatsn = htonl(icp->conn_expstatsn); 2166 icp->conn_laststatsn = icp->conn_expstatsn; 2167 2168 /* release pending queue mutex across the network call */ 2169 mutex_exit(&isp->sess_queue_pending.mutex); 2170 2171 rval = iscsi_net->sendpdu(icp->conn_socket, 2172 (iscsi_hdr_t *)&inohp, NULL, 2173 ISCSI_CONN_TO_NET_DIGEST(icp)); 2174 2175 return (rval); 2176 } 2177 2178 2179 /* 2180 * iscsi_tx_abort - 2181 * 2182 */ 2183 static iscsi_status_t 2184 iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2185 { 2186 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2187 iscsi_conn_t *icp = NULL; 2188 iscsi_scsi_task_mgt_hdr_t istmh; 2189 2190 ASSERT(isp != NULL); 2191 ASSERT(icmdp != NULL); 2192 icp = icmdp->cmd_conn; 2193 ASSERT(icp != NULL); 2194 2195 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2196 mutex_enter(&isp->sess_cmdsn_mutex); 2197 istmh.cmdsn = htonl(isp->sess_cmdsn); 2198 mutex_exit(&isp->sess_cmdsn_mutex); 2199 istmh.expstatsn = htonl(icp->conn_expstatsn); 2200 icp->conn_laststatsn = icp->conn_expstatsn; 2201 istmh.itt = icmdp->cmd_itt; 2202 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2203 istmh.function = ISCSI_FLAG_FINAL | ISCSI_TM_FUNC_ABORT_TASK; 2204 ISCSI_LUN_BYTE_COPY(istmh.lun, 2205 icmdp->cmd_un.abort.icmdp->cmd_un.scsi.lun); 2206 istmh.rtt = icmdp->cmd_un.abort.icmdp->cmd_itt; 2207 2208 /* release pending queue mutex across the network call */ 2209 mutex_exit(&isp->sess_queue_pending.mutex); 2210 2211 rval = iscsi_net->sendpdu(icp->conn_socket, 2212 (iscsi_hdr_t *)&istmh, NULL, 2213 ISCSI_CONN_TO_NET_DIGEST(icp)); 2214 2215 return (rval); 2216 } 2217 2218 2219 /* 2220 * iscsi_tx_reset - 2221 * 2222 */ 2223 static iscsi_status_t 2224 iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2225 { 2226 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2227 iscsi_conn_t *icp = NULL; 2228 iscsi_scsi_task_mgt_hdr_t istmh; 2229 2230 ASSERT(isp != NULL); 2231 ASSERT(icmdp != NULL); 2232 icp = icmdp->cmd_conn; 2233 ASSERT(icp != NULL); 2234 2235 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2236 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2237 mutex_enter(&isp->sess_cmdsn_mutex); 2238 istmh.cmdsn = htonl(isp->sess_cmdsn); 2239 mutex_exit(&isp->sess_cmdsn_mutex); 2240 istmh.expstatsn = htonl(icp->conn_expstatsn); 2241 istmh.itt = icmdp->cmd_itt; 2242 2243 switch (icmdp->cmd_un.reset.level) { 2244 case RESET_LUN: 2245 istmh.function = ISCSI_FLAG_FINAL | 2246 ISCSI_TM_FUNC_LOGICAL_UNIT_RESET; 2247 ISCSI_LUN_BYTE_COPY(istmh.lun, icmdp->cmd_lun->lun_num); 2248 break; 2249 case RESET_TARGET: 2250 case RESET_BUS: 2251 istmh.function = ISCSI_FLAG_FINAL | 2252 ISCSI_TM_FUNC_TARGET_WARM_RESET; 2253 break; 2254 default: 2255 /* unsupported / unknown level */ 2256 ASSERT(FALSE); 2257 break; 2258 } 2259 2260 /* release pending queue mutex across the network call */ 2261 mutex_exit(&isp->sess_queue_pending.mutex); 2262 2263 rval = iscsi_net->sendpdu(icp->conn_socket, 2264 (iscsi_hdr_t *)&istmh, NULL, 2265 ISCSI_CONN_TO_NET_DIGEST(icp)); 2266 2267 return (rval); 2268 } 2269 2270 2271 /* 2272 * iscsi_tx_logout - 2273 * 2274 */ 2275 static iscsi_status_t 2276 iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2277 { 2278 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2279 iscsi_conn_t *icp = NULL; 2280 iscsi_logout_hdr_t ilh; 2281 2282 ASSERT(isp != NULL); 2283 ASSERT(icmdp != NULL); 2284 icp = icmdp->cmd_conn; 2285 ASSERT(icp != NULL); 2286 2287 bzero(&ilh, sizeof (iscsi_logout_hdr_t)); 2288 ilh.opcode = ISCSI_OP_LOGOUT_CMD | ISCSI_OP_IMMEDIATE; 2289 ilh.flags = ISCSI_FLAG_FINAL | ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2290 ilh.itt = icmdp->cmd_itt; 2291 ilh.cid = icp->conn_cid; 2292 mutex_enter(&isp->sess_cmdsn_mutex); 2293 ilh.cmdsn = htonl(isp->sess_cmdsn); 2294 mutex_exit(&isp->sess_cmdsn_mutex); 2295 ilh.expstatsn = htonl(icp->conn_expstatsn); 2296 2297 /* release pending queue mutex across the network call */ 2298 mutex_exit(&isp->sess_queue_pending.mutex); 2299 2300 rval = iscsi_net->sendpdu(icp->conn_socket, 2301 (iscsi_hdr_t *)&ilh, NULL, 2302 ISCSI_CONN_TO_NET_DIGEST(icp)); 2303 2304 return (rval); 2305 } 2306 2307 /* 2308 * iscsi_tx_text - setup iSCSI text request header and send PDU with 2309 * data given in the buffer attached to the command. For a single 2310 * text request, the target may need to send its response in multiple 2311 * text response. In this case, empty text requests are sent after 2312 * each received response to notify the target the initiator is ready 2313 * for more response. For the initial request, the data_len field in 2314 * the text specific portion of a command is set to the amount of data 2315 * the initiator wants to send as part of the request. If additional 2316 * empty text requests are required for long responses, the data_len 2317 * field is set to 0 by the iscsi_handle_text function. 2318 */ 2319 static iscsi_status_t 2320 iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2321 { 2322 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2323 iscsi_conn_t *icp = NULL; 2324 iscsi_text_hdr_t ith; 2325 2326 ASSERT(isp != NULL); 2327 ASSERT(icmdp != NULL); 2328 icp = icmdp->cmd_conn; 2329 ASSERT(icp != NULL); 2330 2331 bzero(&ith, sizeof (iscsi_text_hdr_t)); 2332 ith.opcode = ISCSI_OP_TEXT_CMD; 2333 ith.flags = ISCSI_FLAG_FINAL; 2334 hton24(ith.dlength, icmdp->cmd_un.text.data_len); 2335 ith.itt = icmdp->cmd_itt; 2336 ith.ttt = icmdp->cmd_un.text.ttt; 2337 mutex_enter(&isp->sess_cmdsn_mutex); 2338 ith.cmdsn = htonl(isp->sess_cmdsn); 2339 isp->sess_cmdsn++; 2340 ith.expstatsn = htonl(icp->conn_expstatsn); 2341 mutex_exit(&isp->sess_cmdsn_mutex); 2342 bcopy(icmdp->cmd_un.text.lun, ith.rsvd4, sizeof (ith.rsvd4)); 2343 2344 /* release pending queue mutex across the network call */ 2345 mutex_exit(&isp->sess_queue_pending.mutex); 2346 2347 rval = iscsi_net->sendpdu(icp->conn_socket, 2348 (iscsi_hdr_t *)&ith, icmdp->cmd_un.text.buf, 2349 ISCSI_CONN_TO_NET_DIGEST(icp)); 2350 2351 return (rval); 2352 } 2353 2354 /* 2355 * +--------------------------------------------------------------------+ 2356 * | End of protocol send routines | 2357 * +--------------------------------------------------------------------+ 2358 */ 2359 2360 /* 2361 * iscsi_handle_r2t - 2362 */ 2363 static void 2364 iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2365 uint32_t offset, uint32_t length, uint32_t ttt) 2366 { 2367 iscsi_sess_t *isp = NULL; 2368 iscsi_cmd_t *new_icmdp = NULL; 2369 2370 ASSERT(icp != NULL); 2371 isp = icp->conn_sess; 2372 ASSERT(isp != NULL); 2373 2374 /* 2375 * the sosendmsg from a previous r2t can be slow to return; 2376 * the array may have sent another r2t at this point, so 2377 * wait until the first one finishes and signals us. 2378 */ 2379 while (icmdp->cmd_un.scsi.r2t_icmdp != NULL) { 2380 ASSERT(icmdp->cmd_state != ISCSI_CMD_STATE_COMPLETED); 2381 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2382 } 2383 /* 2384 * try to create an R2T task to send it later. If we can't, 2385 * we're screwed, and the command will eventually time out 2386 * and be retried by the SCSI layer. 2387 */ 2388 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2389 new_icmdp->cmd_type = ISCSI_CMD_TYPE_R2T; 2390 new_icmdp->cmd_un.r2t.icmdp = icmdp; 2391 new_icmdp->cmd_un.r2t.offset = offset; 2392 new_icmdp->cmd_un.r2t.length = length; 2393 new_icmdp->cmd_ttt = ttt; 2394 new_icmdp->cmd_itt = icmdp->cmd_itt; 2395 new_icmdp->cmd_lun = icmdp->cmd_lun; 2396 icmdp->cmd_un.scsi.r2t_icmdp = new_icmdp; 2397 2398 /* 2399 * pending queue mutex is already held by the 2400 * tx_thread or rtt_rsp function. 2401 */ 2402 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2403 } 2404 2405 2406 /* 2407 * iscsi_handle_abort - 2408 * 2409 */ 2410 void 2411 iscsi_handle_abort(void *arg) 2412 { 2413 iscsi_sess_t *isp = NULL; 2414 iscsi_cmd_t *icmdp = (iscsi_cmd_t *)arg; 2415 iscsi_cmd_t *new_icmdp; 2416 iscsi_conn_t *icp; 2417 2418 ASSERT(icmdp != NULL); 2419 icp = icmdp->cmd_conn; 2420 ASSERT(icp != NULL); 2421 isp = icp->conn_sess; 2422 ASSERT(isp != NULL); 2423 2424 /* there should only be one abort */ 2425 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2426 2427 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2428 new_icmdp->cmd_type = ISCSI_CMD_TYPE_ABORT; 2429 new_icmdp->cmd_lun = icmdp->cmd_lun; 2430 new_icmdp->cmd_un.abort.icmdp = icmdp; 2431 new_icmdp->cmd_conn = icmdp->cmd_conn; 2432 icmdp->cmd_un.scsi.abort_icmdp = new_icmdp; 2433 2434 /* pending queue mutex is already held by timeout_checks */ 2435 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2436 } 2437 2438 2439 /* 2440 * iscsi_handle_nop - 2441 * 2442 */ 2443 static void 2444 iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt) 2445 { 2446 iscsi_sess_t *isp = NULL; 2447 iscsi_cmd_t *icmdp = NULL; 2448 2449 ASSERT(icp != NULL); 2450 isp = icp->conn_sess; 2451 ASSERT(isp != NULL); 2452 2453 icmdp = iscsi_cmd_alloc(icp, KM_NOSLEEP); 2454 if (icmdp == NULL) { 2455 return; 2456 } 2457 2458 icmdp->cmd_type = ISCSI_CMD_TYPE_NOP; 2459 icmdp->cmd_itt = itt; 2460 icmdp->cmd_ttt = ttt; 2461 icmdp->cmd_lun = NULL; 2462 icp->conn_nop_lbolt = ddi_get_lbolt(); 2463 2464 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2465 } 2466 2467 /* 2468 * iscsi_handle_reset - 2469 * 2470 */ 2471 iscsi_status_t 2472 iscsi_handle_reset(iscsi_sess_t *isp, int level, iscsi_lun_t *ilp) 2473 { 2474 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2475 iscsi_conn_t *icp; 2476 iscsi_cmd_t icmd; 2477 2478 ASSERT(isp != NULL); 2479 2480 bzero(&icmd, sizeof (iscsi_cmd_t)); 2481 icmd.cmd_sig = ISCSI_SIG_CMD; 2482 icmd.cmd_state = ISCSI_CMD_STATE_FREE; 2483 icmd.cmd_type = ISCSI_CMD_TYPE_RESET; 2484 icmd.cmd_lun = ilp; 2485 icmd.cmd_un.reset.level = level; 2486 icmd.cmd_result = ISCSI_STATUS_SUCCESS; 2487 icmd.cmd_completed = B_FALSE; 2488 mutex_init(&icmd.cmd_mutex, NULL, MUTEX_DRIVER, NULL); 2489 cv_init(&icmd.cmd_completion, NULL, CV_DRIVER, NULL); 2490 /* 2491 * If we received an IO and we are not in the 2492 * LOGGED_IN state we are in the process of 2493 * failing. Just respond that we are BUSY. 2494 */ 2495 mutex_enter(&isp->sess_state_mutex); 2496 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2497 /* We aren't connected to the target fake success */ 2498 mutex_exit(&isp->sess_state_mutex); 2499 return (ISCSI_STATUS_SUCCESS); 2500 } 2501 2502 mutex_enter(&isp->sess_queue_pending.mutex); 2503 iscsi_cmd_state_machine(&icmd, ISCSI_CMD_EVENT_E1, isp); 2504 mutex_exit(&isp->sess_queue_pending.mutex); 2505 mutex_exit(&isp->sess_state_mutex); 2506 2507 /* stall until completed */ 2508 mutex_enter(&icmd.cmd_mutex); 2509 while (icmd.cmd_completed == B_FALSE) { 2510 cv_wait(&icmd.cmd_completion, &icmd.cmd_mutex); 2511 } 2512 mutex_exit(&icmd.cmd_mutex); 2513 2514 /* copy rval */ 2515 rval = icmd.cmd_result; 2516 2517 if (rval == ISCSI_STATUS_SUCCESS) { 2518 /* 2519 * Reset was successful. We need to flush 2520 * all active IOs. 2521 */ 2522 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 2523 icp = isp->sess_conn_list; 2524 while (icp != NULL) { 2525 iscsi_cmd_t *t_icmdp = NULL; 2526 2527 mutex_enter(&icp->conn_queue_active.mutex); 2528 t_icmdp = icp->conn_queue_active.head; 2529 while (t_icmdp != NULL) { 2530 iscsi_cmd_state_machine(t_icmdp, 2531 ISCSI_CMD_EVENT_E7, isp); 2532 t_icmdp = icp->conn_queue_active.head; 2533 } 2534 2535 mutex_exit(&icp->conn_queue_active.mutex); 2536 icp = icp->conn_next; 2537 } 2538 rw_exit(&isp->sess_conn_list_rwlock); 2539 } 2540 2541 /* clean up */ 2542 cv_destroy(&icmd.cmd_completion); 2543 mutex_destroy(&icmd.cmd_mutex); 2544 2545 return (rval); 2546 } 2547 2548 2549 /* 2550 * iscsi_handle_logout - This function will issue a logout for 2551 * the session from a specific connection. 2552 */ 2553 iscsi_status_t 2554 iscsi_handle_logout(iscsi_conn_t *icp) 2555 { 2556 iscsi_sess_t *isp; 2557 iscsi_cmd_t *icmdp; 2558 int rval; 2559 2560 ASSERT(icp != NULL); 2561 isp = icp->conn_sess; 2562 ASSERT(isp != NULL); 2563 ASSERT(isp->sess_hba != NULL); 2564 2565 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2566 ASSERT(icmdp != NULL); 2567 icmdp->cmd_type = ISCSI_CMD_TYPE_LOGOUT; 2568 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2569 icmdp->cmd_completed = B_FALSE; 2570 2571 mutex_enter(&isp->sess_queue_pending.mutex); 2572 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2573 mutex_exit(&isp->sess_queue_pending.mutex); 2574 2575 /* 2576 * release connection state mutex to avoid a deadlock. This 2577 * function is called from within the connection state 2578 * machine with the lock held. When the logout response is 2579 * received another call to the connection state machine 2580 * occurs which causes the deadlock 2581 */ 2582 mutex_exit(&icp->conn_state_mutex); 2583 2584 /* stall until completed */ 2585 mutex_enter(&icmdp->cmd_mutex); 2586 while (icmdp->cmd_completed == B_FALSE) { 2587 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2588 } 2589 mutex_exit(&icmdp->cmd_mutex); 2590 mutex_enter(&icp->conn_state_mutex); 2591 2592 /* copy rval */ 2593 rval = icmdp->cmd_result; 2594 2595 /* 2596 * another way to do this would be to send t17 unconditionally, 2597 * but then the _rx_ thread would get bumped out with a receive 2598 * error, and send another t17. 2599 */ 2600 if (rval != ISCSI_STATUS_SUCCESS) { 2601 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 2602 } 2603 2604 /* clean up */ 2605 iscsi_cmd_free(icmdp); 2606 2607 return (rval); 2608 } 2609 2610 /* 2611 * iscsi_handle_text - main control function for iSCSI text requests. This 2612 * function handles allocating the command, sending initial text request, and 2613 * handling long response sequence. 2614 * If a data overflow condition occurs, iscsi_handle_text continues to 2615 * receive responses until the all data has been recieved. This allows 2616 * the full data length to be returned to the caller. 2617 */ 2618 iscsi_status_t 2619 iscsi_handle_text(iscsi_conn_t *icp, char *buf, uint32_t buf_len, 2620 uint32_t data_len, uint32_t *rx_data_len) 2621 { 2622 iscsi_sess_t *isp; 2623 iscsi_cmd_t *icmdp; 2624 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2625 2626 ASSERT(icp != NULL); 2627 ASSERT(buf != NULL); 2628 ASSERT(rx_data_len != NULL); 2629 2630 isp = icp->conn_sess; 2631 ASSERT(isp != NULL); 2632 2633 /* 2634 * Ensure data for text request command is not greater 2635 * than the negotiated maximum receive data seqment length. 2636 * 2637 * Although iSCSI allows for long text requests (multiple 2638 * pdus), this function places a restriction on text 2639 * requests to ensure it is handled by a single PDU. 2640 */ 2641 if (data_len > icp->conn_params.max_xmit_data_seg_len) { 2642 return (ISCSI_STATUS_CMD_FAILED); 2643 } 2644 2645 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2646 ASSERT(icmdp != NULL); 2647 2648 icmdp->cmd_type = ISCSI_CMD_TYPE_TEXT; 2649 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2650 icmdp->cmd_free = B_FALSE; 2651 icmdp->cmd_completed = B_FALSE; 2652 2653 icmdp->cmd_un.text.buf = buf; 2654 icmdp->cmd_un.text.buf_len = buf_len; 2655 icmdp->cmd_un.text.offset = 0; 2656 icmdp->cmd_un.text.data_len = data_len; 2657 icmdp->cmd_un.text.total_rx_len = 0; 2658 icmdp->cmd_un.text.ttt = ISCSI_RSVD_TASK_TAG; 2659 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_INITIAL_REQ; 2660 2661 long_text_response: 2662 mutex_enter(&isp->sess_state_mutex); 2663 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2664 iscsi_cmd_free(icmdp); 2665 mutex_exit(&isp->sess_state_mutex); 2666 return (ISCSI_STATUS_NO_CONN_LOGGED_IN); 2667 } 2668 2669 mutex_enter(&isp->sess_queue_pending.mutex); 2670 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2671 mutex_exit(&isp->sess_queue_pending.mutex); 2672 mutex_exit(&isp->sess_state_mutex); 2673 2674 /* stall until completed */ 2675 mutex_enter(&icmdp->cmd_mutex); 2676 while (icmdp->cmd_completed == B_FALSE) { 2677 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2678 } 2679 mutex_exit(&icmdp->cmd_mutex); 2680 2681 /* 2682 * check if error occured. If data overflow occured, continue on 2683 * to ensure we get all data so that the full data length can be 2684 * returned to the user 2685 */ 2686 if ((icmdp->cmd_result != ISCSI_STATUS_SUCCESS) && 2687 (icmdp->cmd_result != ISCSI_STATUS_DATA_OVERFLOW)) { 2688 cmn_err(CE_NOTE, "iscsi: SendTarget discovery failed (%d)", 2689 icmdp->cmd_result); 2690 rval = icmdp->cmd_result; 2691 iscsi_cmd_free(icmdp); 2692 return (rval); 2693 } 2694 2695 /* check if this was a partial text PDU */ 2696 if (icmdp->cmd_un.text.stage != ISCSI_CMD_TEXT_FINAL_RSP) { 2697 /* 2698 * If a paritial text rexponse received, send an empty 2699 * text request. This follows the behaviour specified 2700 * in RFC3720 regarding long text responses. 2701 */ 2702 icmdp->cmd_free = B_FALSE; 2703 icmdp->cmd_completed = B_FALSE; 2704 icmdp->cmd_un.text.data_len = 0; 2705 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 2706 goto long_text_response; 2707 } 2708 2709 /* 2710 * set total received data length. If data overflow this would be 2711 * amount of data that would have been received if buffer large 2712 * enough. 2713 */ 2714 *rx_data_len = icmdp->cmd_un.text.total_rx_len; 2715 2716 /* copy rval */ 2717 rval = icmdp->cmd_result; 2718 2719 /* clean up */ 2720 iscsi_cmd_free(icmdp); 2721 2722 return (rval); 2723 } 2724 2725 /* 2726 * iscsi_handle_passthru - This function is used to send a uscsi_cmd 2727 * to a specific target lun. This routine is used for internal purposes 2728 * during enumeration and via the ISCSI_USCSICMD IOCTL. We restrict 2729 * the CDBs that can be issued to a target/lun to INQUIRY, REPORT_LUNS, 2730 * and READ_CAPACITY for security purposes. 2731 * 2732 * The logic here is broken into three phases. 2733 * 1) Allocate and initialize a pkt/icmdp 2734 * 2) Send the pkt/icmdp 2735 * 3) cv_wait for completion 2736 */ 2737 iscsi_status_t 2738 iscsi_handle_passthru(iscsi_sess_t *isp, uint16_t lun, struct uscsi_cmd *ucmdp) 2739 { 2740 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2741 iscsi_cmd_t *icmdp = NULL; 2742 struct scsi_pkt *pkt = NULL; 2743 struct buf *bp = NULL; 2744 struct scsi_arq_status *arqstat = NULL; 2745 int rqlen = SENSE_LENGTH; 2746 2747 ASSERT(isp != NULL); 2748 ASSERT(ucmdp != NULL); 2749 2750 /* 2751 * If the caller didn't provide a sense buffer we need 2752 * to allocation one to get the scsi status. 2753 */ 2754 if (ucmdp->uscsi_rqlen > SENSE_LENGTH) { 2755 rqlen = ucmdp->uscsi_rqlen; 2756 } 2757 2758 /* 2759 * Step 1. Setup structs - KM_SLEEP will always succeed 2760 */ 2761 bp = kmem_zalloc(sizeof (struct buf), KM_SLEEP); 2762 ASSERT(bp != NULL); 2763 pkt = kmem_zalloc(sizeof (struct scsi_pkt), KM_SLEEP); 2764 ASSERT(pkt != NULL); 2765 icmdp = iscsi_cmd_alloc(NULL, KM_SLEEP); 2766 ASSERT(icmdp != NULL); 2767 2768 /* setup bp structure */ 2769 bp->b_flags = B_READ; 2770 bp->b_bcount = ucmdp->uscsi_buflen; 2771 bp->b_un.b_addr = ucmdp->uscsi_bufaddr; 2772 2773 /* setup scsi_pkt structure */ 2774 pkt->pkt_ha_private = icmdp; 2775 pkt->pkt_scbp = kmem_zalloc(rqlen, KM_SLEEP); 2776 pkt->pkt_cdbp = kmem_zalloc(ucmdp->uscsi_cdblen, KM_SLEEP); 2777 /* callback routine for passthru, will wake cv_wait */ 2778 pkt->pkt_comp = iscsi_handle_passthru_callback; 2779 pkt->pkt_time = ucmdp->uscsi_timeout; 2780 2781 /* setup iscsi_cmd structure */ 2782 icmdp->cmd_lun = NULL; 2783 icmdp->cmd_type = ISCSI_CMD_TYPE_SCSI; 2784 icmdp->cmd_un.scsi.lun = lun; 2785 icmdp->cmd_un.scsi.pkt = pkt; 2786 icmdp->cmd_un.scsi.bp = bp; 2787 bcopy(ucmdp->uscsi_cdb, pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2788 icmdp->cmd_un.scsi.cmdlen = ucmdp->uscsi_cdblen; 2789 icmdp->cmd_un.scsi.statuslen = rqlen; 2790 icmdp->cmd_crc_error_seen = B_FALSE; 2791 icmdp->cmd_completed = B_FALSE; 2792 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2793 2794 /* 2795 * Step 2. Push IO onto pending queue. If we aren't in 2796 * FULL_FEATURE we need to fail the IO. 2797 */ 2798 mutex_enter(&isp->sess_state_mutex); 2799 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2800 mutex_exit(&isp->sess_state_mutex); 2801 2802 iscsi_cmd_free(icmdp); 2803 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2804 kmem_free(pkt->pkt_scbp, rqlen); 2805 kmem_free(pkt, sizeof (struct scsi_pkt)); 2806 kmem_free(bp, sizeof (struct buf)); 2807 2808 return (ISCSI_STATUS_CMD_FAILED); 2809 } 2810 2811 mutex_enter(&isp->sess_queue_pending.mutex); 2812 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2813 mutex_exit(&isp->sess_queue_pending.mutex); 2814 mutex_exit(&isp->sess_state_mutex); 2815 2816 /* 2817 * Step 3. Wait on cv_wait for completion routine 2818 */ 2819 mutex_enter(&icmdp->cmd_mutex); 2820 while (icmdp->cmd_completed == B_FALSE) { 2821 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2822 } 2823 mutex_exit(&icmdp->cmd_mutex); 2824 2825 /* copy rval */ 2826 rval = icmdp->cmd_result; 2827 2828 ucmdp->uscsi_resid = pkt->pkt_resid; 2829 2830 /* update scsi status */ 2831 arqstat = (struct scsi_arq_status *)pkt->pkt_scbp; 2832 ucmdp->uscsi_status = ((char *)&arqstat->sts_status)[0]; 2833 2834 /* copy request sense buffers if caller gave space */ 2835 if ((ucmdp->uscsi_rqlen > 0) && 2836 (ucmdp->uscsi_rqbuf != NULL)) { 2837 bcopy(arqstat, ucmdp->uscsi_rqbuf, 2838 MIN(sizeof (struct scsi_arq_status), rqlen)); 2839 } 2840 2841 /* clean up */ 2842 iscsi_cmd_free(icmdp); 2843 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2844 kmem_free(pkt->pkt_scbp, rqlen); 2845 kmem_free(pkt, sizeof (struct scsi_pkt)); 2846 kmem_free(bp, sizeof (struct buf)); 2847 2848 return (rval); 2849 } 2850 2851 2852 /* 2853 * iscsi_handle_passthru_callback - 2854 * 2855 */ 2856 static void 2857 iscsi_handle_passthru_callback(struct scsi_pkt *pkt) 2858 { 2859 iscsi_cmd_t *icmdp = NULL; 2860 2861 ASSERT(pkt != NULL); 2862 icmdp = (iscsi_cmd_t *)pkt->pkt_ha_private; 2863 ASSERT(icmdp != NULL); 2864 2865 mutex_enter(&icmdp->cmd_mutex); 2866 icmdp->cmd_completed = B_TRUE; 2867 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2868 cv_broadcast(&icmdp->cmd_completion); 2869 mutex_exit(&icmdp->cmd_mutex); 2870 2871 } 2872 2873 /* 2874 * +--------------------------------------------------------------------+ 2875 * | Beginning of completion routines | 2876 * +--------------------------------------------------------------------+ 2877 */ 2878 2879 /* 2880 * iscsi_ic_thread - 2881 */ 2882 void 2883 iscsi_ic_thread(iscsi_thread_t *thread, void *arg) 2884 { 2885 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 2886 int ret; 2887 iscsi_queue_t q; 2888 iscsi_cmd_t *icmdp; 2889 iscsi_cmd_t *next_icmdp; 2890 2891 ASSERT(isp != NULL); 2892 ASSERT(thread != NULL); 2893 ASSERT(thread->signature == SIG_ISCSI_THREAD); 2894 2895 for (;;) { 2896 2897 /* 2898 * We wait till iodone or somebody else wakes us up. 2899 */ 2900 ret = iscsi_thread_wait(thread, -1); 2901 2902 /* 2903 * The value should never be negative since we never timeout. 2904 */ 2905 ASSERT(ret >= 0); 2906 2907 q.count = 0; 2908 q.head = NULL; 2909 q.tail = NULL; 2910 mutex_enter(&isp->sess_queue_completion.mutex); 2911 icmdp = isp->sess_queue_completion.head; 2912 while (icmdp != NULL) { 2913 next_icmdp = icmdp->cmd_next; 2914 mutex_enter(&icmdp->cmd_mutex); 2915 /* 2916 * check if the associated r2t/abort has finished 2917 * yet. If not, don't complete the command. 2918 */ 2919 if ((icmdp->cmd_un.scsi.r2t_icmdp == NULL) && 2920 (icmdp->cmd_un.scsi.abort_icmdp == NULL)) { 2921 mutex_exit(&icmdp->cmd_mutex); 2922 (void) iscsi_dequeue_cmd(&isp-> 2923 sess_queue_completion.head, 2924 &isp->sess_queue_completion.tail, 2925 icmdp); 2926 --isp->sess_queue_completion.count; 2927 iscsi_enqueue_cmd_head(&q.head, 2928 &q.tail, icmdp); 2929 } else 2930 mutex_exit(&icmdp->cmd_mutex); 2931 icmdp = next_icmdp; 2932 } 2933 mutex_exit(&isp->sess_queue_completion.mutex); 2934 icmdp = q.head; 2935 while (icmdp != NULL) { 2936 next_icmdp = icmdp->cmd_next; 2937 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E8, isp); 2938 icmdp = next_icmdp; 2939 } 2940 2941 if (ret > 0) 2942 /* Somebody woke us up to work */ 2943 continue; 2944 else 2945 /* 2946 * Somebody woke us up to kill ourselves. We will 2947 * make sure, however that the completion queue is 2948 * empty before leaving. After we've done that it 2949 * is the originator of the signal that has to make 2950 * sure no other SCSI command is posted. 2951 */ 2952 break; 2953 } 2954 2955 } 2956 2957 /* 2958 * iscsi_iodone - 2959 * 2960 */ 2961 void 2962 iscsi_iodone(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2963 { 2964 struct scsi_pkt *pkt = NULL; 2965 struct buf *bp = icmdp->cmd_un.scsi.bp; 2966 2967 ASSERT(isp != NULL); 2968 ASSERT(icmdp != NULL); 2969 pkt = icmdp->cmd_un.scsi.pkt; 2970 ASSERT(pkt != NULL); 2971 2972 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2973 ASSERT(icmdp->cmd_un.scsi.r2t_icmdp == NULL); 2974 if (pkt->pkt_reason == CMD_CMPLT) { 2975 if (bp) { 2976 if (bp->b_flags & B_READ) { 2977 KSTAT_SESS_RX_IO_DONE(isp, bp->b_bcount); 2978 } else { 2979 KSTAT_SESS_TX_IO_DONE(isp, bp->b_bcount); 2980 } 2981 } 2982 } 2983 2984 if (pkt->pkt_flags & FLAG_NOINTR) { 2985 cv_broadcast(&icmdp->cmd_completion); 2986 mutex_exit(&icmdp->cmd_mutex); 2987 } else { 2988 /* 2989 * Release mutex. As soon as callback is 2990 * issued the caller may destroy the command. 2991 */ 2992 mutex_exit(&icmdp->cmd_mutex); 2993 /* 2994 * We can't just directly call the pk_comp routine. In 2995 * many error cases the target driver will use the calling 2996 * thread to re-drive error handling (reset, retries...) 2997 * back into the hba driver (iscsi). If the target redrives 2998 * a reset back into the iscsi driver off this thead we have 2999 * a chance of deadlocking. So instead use the io completion 3000 * thread. 3001 */ 3002 (*icmdp->cmd_un.scsi.pkt->pkt_comp)(icmdp->cmd_un.scsi.pkt); 3003 } 3004 } 3005 3006 /* 3007 * +--------------------------------------------------------------------+ 3008 * | End of completion routines | 3009 * +--------------------------------------------------------------------+ 3010 */ 3011 3012 /* 3013 * +--------------------------------------------------------------------+ 3014 * | Beginning of watchdog routines | 3015 * +--------------------------------------------------------------------+ 3016 */ 3017 3018 /* 3019 * iscsi_watchdog_thread - 3020 * 3021 */ 3022 void 3023 iscsi_wd_thread(iscsi_thread_t *thread, void *arg) 3024 { 3025 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 3026 int rc = 1; 3027 3028 ASSERT(isp != NULL); 3029 3030 while (rc != NULL) { 3031 3032 iscsi_timeout_checks(isp); 3033 iscsi_nop_checks(isp); 3034 3035 rc = iscsi_thread_wait(thread, SEC_TO_TICK(1)); 3036 } 3037 } 3038 3039 /* 3040 * iscsi_timeout_checks - 3041 * 3042 */ 3043 static void 3044 iscsi_timeout_checks(iscsi_sess_t *isp) 3045 { 3046 clock_t now = ddi_get_lbolt(); 3047 iscsi_cmd_t *icmdp, *nicmdp; 3048 iscsi_conn_t *icp; 3049 3050 ASSERT(isp != NULL); 3051 3052 /* PENDING */ 3053 mutex_enter(&isp->sess_state_mutex); 3054 mutex_enter(&isp->sess_queue_pending.mutex); 3055 for (icmdp = isp->sess_queue_pending.head; 3056 icmdp; icmdp = nicmdp) { 3057 nicmdp = icmdp->cmd_next; 3058 3059 /* Skip entries with no timeout */ 3060 if (icmdp->cmd_lbolt_timeout == 0) 3061 continue; 3062 3063 /* 3064 * Skip pending queue entries for cmd_type values that depend 3065 * on having an open cmdsn window for successfull transition 3066 * from pending to the active (i.e. ones that depend on 3067 * sess_cmdsn .vs. sess_maxcmdsn). For them, the timer starts 3068 * when they are successfully moved to the active queue by 3069 * iscsi_cmd_state_pending() code. 3070 */ 3071 if ((icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI) || 3072 (icmdp->cmd_type == ISCSI_CMD_TYPE_TEXT)) 3073 continue; 3074 3075 /* Skip if timeout still in the future */ 3076 if (now <= icmdp->cmd_lbolt_timeout) 3077 continue; 3078 3079 /* timeout */ 3080 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3081 } 3082 mutex_exit(&isp->sess_queue_pending.mutex); 3083 mutex_exit(&isp->sess_state_mutex); 3084 3085 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3086 icp = isp->sess_conn_list; 3087 while (icp != NULL) { 3088 3089 /* ACTIVE */ 3090 mutex_enter(&icp->conn_state_mutex); 3091 mutex_enter(&isp->sess_queue_pending.mutex); 3092 mutex_enter(&icp->conn_queue_active.mutex); 3093 for (icmdp = icp->conn_queue_active.head; 3094 icmdp; icmdp = nicmdp) { 3095 nicmdp = icmdp->cmd_next; 3096 3097 /* Skip entries with no timeout */ 3098 if (icmdp->cmd_lbolt_timeout == 0) 3099 continue; 3100 3101 /* Skip if command is not active */ 3102 if (icmdp->cmd_state != ISCSI_CMD_STATE_ACTIVE) 3103 continue; 3104 3105 /* Skip if timeout still in the future */ 3106 if (now <= icmdp->cmd_lbolt_timeout) 3107 continue; 3108 3109 /* timeout */ 3110 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3111 } 3112 mutex_exit(&icp->conn_queue_active.mutex); 3113 mutex_exit(&isp->sess_queue_pending.mutex); 3114 mutex_exit(&icp->conn_state_mutex); 3115 3116 icp = icp->conn_next; 3117 } 3118 rw_exit(&isp->sess_conn_list_rwlock); 3119 } 3120 3121 /* 3122 * iscsi_nop_checks - sends a NOP on idle connections 3123 * 3124 * This function walks the connections on a session and 3125 * issues NOPs on those connections that are in FULL 3126 * FEATURE mode and have not received data for the 3127 * time period specified by iscsi_nop_delay (global). 3128 */ 3129 static void 3130 iscsi_nop_checks(iscsi_sess_t *isp) 3131 { 3132 iscsi_conn_t *icp; 3133 3134 ASSERT(isp != NULL); 3135 3136 if (isp->sess_type == ISCSI_SESS_TYPE_DISCOVERY) { 3137 return; 3138 } 3139 3140 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3141 icp = isp->sess_conn_act; 3142 if (icp != NULL) { 3143 3144 mutex_enter(&icp->conn_state_mutex); 3145 if ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 3146 (ddi_get_lbolt() > isp->sess_conn_act->conn_rx_lbolt + 3147 SEC_TO_TICK(iscsi_nop_delay)) && (ddi_get_lbolt() > 3148 isp->sess_conn_act->conn_nop_lbolt + 3149 SEC_TO_TICK(iscsi_nop_delay))) { 3150 3151 /* 3152 * We haven't received anything from the 3153 * target is a defined period of time, 3154 * send NOP to see if the target is alive. 3155 */ 3156 mutex_enter(&isp->sess_queue_pending.mutex); 3157 iscsi_handle_nop(isp->sess_conn_act, 3158 0, ISCSI_RSVD_TASK_TAG); 3159 mutex_exit(&isp->sess_queue_pending.mutex); 3160 } 3161 mutex_exit(&icp->conn_state_mutex); 3162 3163 icp = icp->conn_next; 3164 } 3165 rw_exit(&isp->sess_conn_list_rwlock); 3166 } 3167 3168 /* 3169 * +--------------------------------------------------------------------+ 3170 * | End of wd routines | 3171 * +--------------------------------------------------------------------+ 3172 */ 3173