1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2000 by Cisco Systems, Inc. All rights reserved. 23 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 24 * Use is subject to license terms. 25 * 26 * iSCSI Pseudo HBA Driver 27 */ 28 29 #include <sys/socket.h> /* networking stuff */ 30 #include <sys/t_kuser.h> /* networking stuff */ 31 #include <sys/tihdr.h> /* networking stuff */ 32 #include <sys/strsubr.h> /* networking stuff */ 33 #include <netinet/tcp.h> /* TCP_NODELAY */ 34 #include <sys/socketvar.h> /* _ALLOC_SLEEP */ 35 #include <sys/strsun.h> /* DB_TYPE() */ 36 37 #include "iscsi.h" /* iscsi driver */ 38 #include <sys/scsi/adapters/iscsi_protocol.h> /* iscsi protocol */ 39 40 /* generic io helpers */ 41 static uint32_t n2h24(uchar_t *ptr); 42 static int iscsi_sna_lt(uint32_t n1, uint32_t n2); 43 static void iscsi_update_flow_control(iscsi_sess_t *isp, 44 uint32_t max, uint32_t exp); 45 46 /* receivers */ 47 static iscsi_status_t iscsi_rx_process_hdr(iscsi_conn_t *icp, 48 iscsi_hdr_t *ihp, char *data, int data_size); 49 static iscsi_status_t iscsi_rx_process_nop(iscsi_conn_t *icp, 50 iscsi_hdr_t *ihp, char *data); 51 static iscsi_status_t iscsi_rx_process_data_rsp(iscsi_conn_t *icp, 52 iscsi_hdr_t *ihp); 53 static iscsi_status_t iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, 54 iscsi_hdr_t *ihp, char *data); 55 static iscsi_status_t iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, 56 iscsi_hdr_t *ihp, char *data); 57 static iscsi_status_t iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 58 iscsi_hdr_t *ihp, char *data); 59 static iscsi_status_t iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 60 iscsi_hdr_t *old_ihp); 61 static iscsi_status_t iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, 62 iscsi_hdr_t *ihp, iscsi_cmd_t **icmdp); 63 static iscsi_status_t iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 64 iscsi_hdr_t *ihp, void *data); 65 static iscsi_status_t iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, 66 iscsi_hdr_t *ihp, char *data); 67 static iscsi_status_t iscsi_rx_process_async_rsp(iscsi_conn_t *icp, 68 iscsi_hdr_t *ihp, char *data); 69 static iscsi_status_t iscsi_rx_process_text_rsp(iscsi_conn_t *icp, 70 iscsi_hdr_t *ihp, char *data); 71 72 73 /* senders */ 74 static iscsi_status_t iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 75 static iscsi_status_t iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 76 static iscsi_status_t iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, 77 iscsi_cmd_t *icmdp, uint32_t ttt, size_t datalen, size_t offset); 78 static iscsi_status_t iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 79 static iscsi_status_t iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 80 static iscsi_status_t iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 81 static iscsi_status_t iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 82 static iscsi_status_t iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp); 83 84 85 /* helpers */ 86 static void iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 87 uint32_t offset, uint32_t length, uint32_t ttt); 88 static void iscsi_handle_passthru_callback(struct scsi_pkt *pkt); 89 static void iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt); 90 91 static void iscsi_timeout_checks(iscsi_sess_t *isp); 92 static void iscsi_nop_checks(iscsi_sess_t *isp); 93 94 95 #define ISCSI_CONN_TO_NET_DIGEST(icp) \ 96 ((icp->conn_params.header_digest ? ISCSI_NET_HEADER_DIGEST : 0) | \ 97 (icp->conn_params.data_digest ? ISCSI_NET_DATA_DIGEST : 0)) 98 99 /* 100 * This file contains the main guts of the iSCSI protocol layer. 101 * It's broken into 5 sections; Basic helper functions, RX IO path, 102 * TX IO path, Completion (IC) IO path, and watchdog (WD) routines. 103 * 104 * The IO flow model is similiar to the below diagram. The 105 * iscsi session, connection and command state machines are used 106 * to drive IO through this flow diagram. Reference those files 107 * to get a detailed description of their respective state models 108 * prior to their xxx_state_machine_function(). 109 * 110 * tran_start() -> CMD_E1 TX_THREAD RX_THREAD 111 * | T T 112 * V T T 113 * PENDING_Q --CMD_E2--> ACTIVE_Q - --CMD_E3--+ 114 * T \ C T | 115 * T \M T | 116 * D T | 117 * WD_THREAD TT|TT T | 118 * /E T | 119 * / 6 T | 120 * ABORTING_Q<- --CMD_E3--+ 121 * T | 122 * T T | 123 * T | 124 * callback() <--CMD_E#-- COMPLETION_Q <------------+ 125 * T 126 * T 127 * IC_THREAD 128 * 129 * External and internal command are ran thru this same state 130 * machine. All commands enter the state machine by receiving an 131 * ISCSI_CMD_EVENT_E1. This event places the command into the 132 * PENDING_Q. Next when resources are available the TX_THREAD 133 * issues a E2 event on the command. This sends the command 134 * to the TCP stack and places the command on the ACTIVE_Q. While 135 * on the PENDIING_Q and ACTIVE_Q, the command is monitored via the 136 * WD_THREAD to ensure the pkt_time has not elapsed. If elapsed the 137 * command is issued an E6(timeout) event which moves either (if pending) 138 * completed the command or (if active) moves the command to the 139 * aborting queue and issues a SCSI TASK MANAGEMENT ABORT command 140 * to cancel the IO request. If the original command is completed 141 * or the TASK MANAGEMENT command completes the command is moved 142 * to the COMPLETION_Q via a E3 event. The IC_THREAD then processes 143 * the COMPLETION_Q and issues the scsi_pkt callback. This 144 * callback can not be processed directly from the RX_THREAD 145 * because the callback might call back into the iscsi driver 146 * causing a deadlock condition. 147 * 148 * For more details on the complete CMD state machine reference 149 * the state machine diagram in iscsi_cmd.c. The connection state 150 * machine is driven via IO events in this file. Then session 151 * events are driven by the connection events. For complete 152 * details on these state machines reference iscsi_sess.c and 153 * iscsi_conn.c 154 */ 155 156 157 /* 158 * +--------------------------------------------------------------------+ 159 * | io helper routines | 160 * +--------------------------------------------------------------------+ 161 */ 162 163 /* 164 * n2h24 - native to host 24 bit integer translation. 165 */ 166 static uint32_t 167 n2h24(uchar_t *ptr) 168 { 169 uint32_t idx; 170 bcopy(ptr, &idx, 3); 171 return (ntohl(idx) >> 8); 172 } 173 174 /* 175 * iscsi_sna_lt - Serial Number Arithmetic, 32 bits, less than, RFC1982 176 */ 177 static int 178 iscsi_sna_lt(uint32_t n1, uint32_t n2) 179 { 180 return ((n1 != n2) && 181 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 182 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 183 } 184 185 /* 186 * iscsi_sna_lte - Serial Number Arithmetic, 32 bits, less than or equal, 187 * RFC1982 188 */ 189 int 190 iscsi_sna_lte(uint32_t n1, uint32_t n2) 191 { 192 return ((n1 == n2) || 193 (((n1 < n2) && ((n2 - n1) < ISCSI_SNA32_CHECK)) || 194 ((n1 > n2) && ((n1 - n2) > ISCSI_SNA32_CHECK)))); 195 } 196 197 /* 198 * iscsi_update_flow_control - Update expcmdsn and maxcmdsn iSCSI 199 * flow control information for a session 200 */ 201 static void 202 iscsi_update_flow_control(iscsi_sess_t *isp, uint32_t max, uint32_t exp) 203 { 204 ASSERT(isp != NULL); 205 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 206 207 if (!iscsi_sna_lt(max, (exp - 1))) { 208 209 if (!iscsi_sna_lte(exp, isp->sess_expcmdsn)) { 210 isp->sess_expcmdsn = exp; 211 } 212 213 if (!iscsi_sna_lte(max, isp->sess_maxcmdsn)) { 214 isp->sess_maxcmdsn = max; 215 if (iscsi_sna_lte(isp->sess_cmdsn, 216 isp->sess_maxcmdsn)) { 217 /* 218 * the window is open again - schedule 219 * to send any held tasks soon 220 */ 221 iscsi_sess_redrive_io(isp); 222 } 223 } 224 } 225 } 226 227 228 /* 229 * +--------------------------------------------------------------------+ 230 * | io receive and processing routines | 231 * +--------------------------------------------------------------------+ 232 */ 233 234 /* 235 * iscsi_rx_thread - The connection creates a thread of this 236 * function during login. After which point this thread is 237 * used to receive and process all iSCSI PDUs on this connection. 238 * The PDUs received on this connection are used to drive the 239 * commands through their state machine. This thread will 240 * continue processing while the connection is on a LOGGED_IN 241 * or IN_LOGOUT state. Once the connection moves out of this 242 * state the thread will die. 243 */ 244 void 245 iscsi_rx_thread(iscsi_thread_t *thread, void *arg) 246 { 247 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 248 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 249 iscsi_sess_t *isp = NULL; 250 char *hdr = NULL; 251 int hdr_size = 0; 252 char *data = NULL; 253 int data_size = 0; 254 iscsi_hdr_t *ihp; 255 256 ASSERT(icp != NULL); 257 isp = icp->conn_sess; 258 ASSERT(isp != NULL); 259 260 /* pre-alloc recv header buffer for common actions */ 261 hdr_size = sizeof (iscsi_hdr_t) + 255; /* 255 = one byte hlength */ 262 hdr = (char *)kmem_zalloc(hdr_size, KM_SLEEP); 263 ihp = (iscsi_hdr_t *)hdr; 264 ASSERT(ihp != NULL); 265 266 /* pre-alloc max_recv_size buffer for common actions */ 267 data_size = icp->conn_params.max_recv_data_seg_len; 268 data = (char *)kmem_zalloc(data_size, KM_SLEEP); 269 ASSERT(data != NULL); 270 271 do { 272 /* Wait for the next iSCSI header */ 273 rval = iscsi_net->recvhdr(icp->conn_socket, 274 ihp, hdr_size, 0, (icp->conn_params.header_digest ? 275 ISCSI_NET_HEADER_DIGEST : 0)); 276 if (ISCSI_SUCCESS(rval)) { 277 isp->sess_rx_lbolt = 278 icp->conn_rx_lbolt = 279 ddi_get_lbolt(); 280 281 /* Perform specific hdr handling */ 282 rval = iscsi_rx_process_hdr(icp, ihp, 283 data, data_size); 284 } 285 286 /* 287 * handle failures 288 */ 289 switch (rval) { 290 case ISCSI_STATUS_SUCCESS: 291 /* 292 * If we successfully completed a receive 293 * and we are in an IN_FLUSH state then 294 * check the active queue count to see 295 * if its empty. If its empty then force 296 * a disconnect event on the connection. 297 * This will move the session from IN_FLUSH 298 * to FLUSHED and complete the login 299 * parameter update. 300 */ 301 if ((isp->sess_state == ISCSI_SESS_STATE_IN_FLUSH) && 302 (icp->conn_queue_active.count == 0)) { 303 mutex_enter(&icp->conn_state_mutex); 304 (void) iscsi_conn_state_machine(icp, 305 ISCSI_CONN_EVENT_T14); 306 mutex_exit(&icp->conn_state_mutex); 307 } 308 break; 309 case ISCSI_STATUS_TCP_RX_ERROR: 310 /* connection had an error */ 311 mutex_enter(&icp->conn_state_mutex); 312 (void) iscsi_conn_state_machine(icp, 313 ISCSI_CONN_EVENT_T15); 314 mutex_exit(&icp->conn_state_mutex); 315 break; 316 case ISCSI_STATUS_HEADER_DIGEST_ERROR: 317 /* 318 * If we encounter a digest error we have to restart 319 * all the connections on this session. per iSCSI 320 * Level 0 Recovery. 321 */ 322 KSTAT_INC_CONN_ERR_HEADER_DIGEST(icp); 323 mutex_enter(&icp->conn_state_mutex); 324 (void) iscsi_conn_state_machine(icp, 325 ISCSI_CONN_EVENT_T14); 326 mutex_exit(&icp->conn_state_mutex); 327 break; 328 case ISCSI_STATUS_DATA_DIGEST_ERROR: 329 /* 330 * We can continue with a data digest error. The 331 * icmdp was flaged as having a crc problem. It 332 * will be aborted when all data is received. This 333 * saves us from restarting the session when we 334 * might be able to keep it going. If the data 335 * digest issue was really bad we will hit a 336 * status protocol error on the next pdu, which 337 * will force a connection retstart. 338 */ 339 KSTAT_INC_CONN_ERR_DATA_DIGEST(icp); 340 break; 341 case ISCSI_STATUS_PROTOCOL_ERROR: 342 /* 343 * A protocol problem was encountered. Reset 344 * session to try and repair issue. 345 */ 346 KSTAT_INC_CONN_ERR_PROTOCOL(icp); 347 mutex_enter(&icp->conn_state_mutex); 348 (void) iscsi_conn_state_machine(icp, 349 ISCSI_CONN_EVENT_T14); 350 mutex_exit(&icp->conn_state_mutex); 351 break; 352 case ISCSI_STATUS_INTERNAL_ERROR: 353 /* 354 * These should have all been handled before now. 355 */ 356 break; 357 default: 358 cmn_err(CE_WARN, "iscsi connection(%u) encountered " 359 "unknown error(%d) on a receive", icp->conn_oid, 360 rval); 361 ASSERT(B_FALSE); 362 } 363 364 } while ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 365 (iscsi_thread_wait(thread, 0) != 0)); 366 367 kmem_free(hdr, hdr_size); 368 kmem_free(data, data_size); 369 } 370 371 372 /* 373 * iscsi_rx_process_hdr - This function collects data for all PDUs 374 * that do not have data that will be mapped to a specific scsi_pkt. 375 * Then for each hdr type fan out the processing. 376 */ 377 static iscsi_status_t 378 iscsi_rx_process_hdr(iscsi_conn_t *icp, iscsi_hdr_t *ihp, 379 char *data, int data_size) 380 { 381 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 382 iscsi_sess_t *isp = NULL; 383 384 ASSERT(icp != NULL); 385 ASSERT(ihp != NULL); 386 ASSERT(data != NULL); 387 isp = icp->conn_sess; 388 ASSERT(isp != NULL); 389 390 /* If this is not a SCSI_DATA_RSP we can go ahead and get the data */ 391 if ((ihp->opcode & ISCSI_OPCODE_MASK) != ISCSI_OP_SCSI_DATA_RSP) { 392 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 393 data, data_size, 0, (icp->conn_params.data_digest) ? 394 ISCSI_NET_DATA_DIGEST : 0); 395 if (!ISCSI_SUCCESS(rval)) { 396 return (rval); 397 } 398 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 399 } 400 401 /* fan out the hdr processing */ 402 switch (ihp->opcode & ISCSI_OPCODE_MASK) { 403 case ISCSI_OP_SCSI_DATA_RSP: 404 rval = iscsi_rx_process_data_rsp(icp, ihp); 405 break; 406 case ISCSI_OP_SCSI_RSP: 407 rval = iscsi_rx_process_cmd_rsp(icp, ihp, data); 408 break; 409 case ISCSI_OP_RTT_RSP: 410 rval = iscsi_rx_process_rtt_rsp(icp, ihp, data); 411 break; 412 case ISCSI_OP_NOOP_IN: 413 rval = iscsi_rx_process_nop(icp, ihp, data); 414 break; 415 case ISCSI_OP_REJECT_MSG: 416 rval = iscsi_rx_process_reject_rsp(icp, ihp, data); 417 break; 418 case ISCSI_OP_SCSI_TASK_MGT_RSP: 419 rval = iscsi_rx_process_task_mgt_rsp(icp, ihp, data); 420 break; 421 case ISCSI_OP_LOGOUT_RSP: 422 rval = iscsi_rx_process_logout_rsp(icp, ihp, data); 423 break; 424 case ISCSI_OP_ASYNC_EVENT: 425 rval = iscsi_rx_process_async_rsp(icp, ihp, data); 426 break; 427 case ISCSI_OP_TEXT_RSP: 428 rval = iscsi_rx_process_text_rsp(icp, ihp, data); 429 break; 430 default: 431 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 432 "received an unsupported opcode 0x%02x", 433 icp->conn_oid, ihp->opcode); 434 rval = ISCSI_STATUS_PROTOCOL_ERROR; 435 } 436 437 return (rval); 438 } 439 440 441 /* 442 * iscsi_rx_process_data_rsp - Processed received data header. Once 443 * header is processed we read data off the connection directly into 444 * the scsi_pkt to avoid duplicate bcopy of a large amount of data. 445 * If this is the final data sequence denoted by the data response 446 * PDU Status bit being set. We will not receive the SCSI response. 447 * This bit denotes that the PDU is the successful completion of the 448 * command. In this case complete the command. If This bit isn't 449 * set we wait for more data or a scsi command response. 450 */ 451 static iscsi_status_t 452 iscsi_rx_process_data_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp) 453 { 454 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 455 iscsi_sess_t *isp = NULL; 456 iscsi_data_rsp_hdr_t *idrhp = (iscsi_data_rsp_hdr_t *)ihp; 457 iscsi_cmd_t *icmdp = NULL; 458 struct scsi_pkt *pkt = NULL; 459 struct buf *bp = NULL; 460 uint32_t offset = 0; 461 uint32_t dlength = 0; 462 char *bcp = NULL; 463 464 ASSERT(icp != NULL); 465 ASSERT(ihp != NULL); 466 isp = icp->conn_sess; 467 ASSERT(isp != NULL); 468 469 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 470 /* make sure we got status in order */ 471 if (icp->conn_expstatsn == ntohl(idrhp->statsn)) { 472 icp->conn_expstatsn++; 473 } else { 474 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 475 "- received status out of order itt:0x%x " 476 "statsn:0x%x expstatsn:0x%x", icp->conn_oid, 477 idrhp->itt, ntohl(idrhp->statsn), 478 icp->conn_expstatsn); 479 return (ISCSI_STATUS_PROTOCOL_ERROR); 480 } 481 } 482 483 /* match itt in the session's command table */ 484 mutex_enter(&icp->conn_queue_active.mutex); 485 mutex_enter(&isp->sess_cmdsn_mutex); 486 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 487 mutex_exit(&isp->sess_cmdsn_mutex); 488 mutex_exit(&icp->conn_queue_active.mutex); 489 return (ISCSI_STATUS_PROTOCOL_ERROR); 490 } 491 /* 492 * Holding the pending/active queue locks across the 493 * iscsi_rx_data call later in this function may cause 494 * deadlock during fault injections. Instead remove 495 * the cmd from the active queue and release the locks. 496 * Then before returning or completing the command 497 * return the cmd to the active queue and reacquire 498 * the locks. 499 */ 500 iscsi_dequeue_active_cmd(icp, icmdp); 501 502 /* update expcmdsn and maxcmdsn */ 503 iscsi_update_flow_control(isp, ntohl(idrhp->maxcmdsn), 504 ntohl(idrhp->expcmdsn)); 505 mutex_exit(&isp->sess_cmdsn_mutex); 506 mutex_exit(&icp->conn_queue_active.mutex); 507 508 /* shorthand some values */ 509 pkt = icmdp->cmd_un.scsi.pkt; 510 bp = icmdp->cmd_un.scsi.bp; 511 offset = ntohl(idrhp->offset); 512 dlength = n2h24(idrhp->dlength); 513 514 /* 515 * some poorly behaved targets have been observed 516 * sending data-in pdu's during a write operation 517 */ 518 if (bp != NULL) { 519 if (!(bp->b_flags & B_READ)) { 520 cmn_err(CE_WARN, 521 "iscsi connection(%u) protocol error - " 522 "received data response during write operation " 523 "itt:0x%x", 524 icp->conn_oid, idrhp->itt); 525 mutex_enter(&icp->conn_queue_active.mutex); 526 iscsi_enqueue_active_cmd(icp, icmdp); 527 mutex_exit(&icp->conn_queue_active.mutex); 528 return (ISCSI_STATUS_PROTOCOL_ERROR); 529 } 530 531 /* 532 * We can't tolerate the target sending too much 533 * data for our buffer 534 */ 535 if ((dlength > 536 (bp->b_bcount - icmdp->cmd_un.scsi.data_transferred)) || 537 (dlength > (bp->b_bcount - offset))) { 538 cmn_err(CE_WARN, 539 "iscsi connection(%u) protocol error - " 540 "received too much data itt:0x%x", 541 icp->conn_oid, idrhp->itt); 542 mutex_enter(&icp->conn_queue_active.mutex); 543 iscsi_enqueue_active_cmd(icp, icmdp); 544 mutex_exit(&icp->conn_queue_active.mutex); 545 return (ISCSI_STATUS_PROTOCOL_ERROR); 546 } 547 548 bcp = ((char *)bp->b_un.b_addr) + offset; 549 550 /* 551 * Get the rest of the data and copy it directly into 552 * the scsi_pkt. 553 */ 554 rval = iscsi_net->recvdata(icp->conn_socket, ihp, 555 bcp, dlength, 0, (icp->conn_params.data_digest ? 556 ISCSI_NET_DATA_DIGEST : 0)); 557 if (ISCSI_SUCCESS(rval)) { 558 KSTAT_ADD_CONN_RX_BYTES(icp, dlength); 559 } else { 560 /* If digest error flag icmdp with a crc error */ 561 if (rval == ISCSI_STATUS_DATA_DIGEST_ERROR) { 562 icmdp->cmd_crc_error_seen = B_TRUE; 563 } 564 mutex_enter(&icp->conn_queue_active.mutex); 565 iscsi_enqueue_active_cmd(icp, icmdp); 566 mutex_exit(&icp->conn_queue_active.mutex); 567 return (rval); 568 } 569 isp->sess_rx_lbolt = icp->conn_rx_lbolt = ddi_get_lbolt(); 570 571 /* update icmdp statistics */ 572 icmdp->cmd_un.scsi.data_transferred += dlength; 573 } 574 575 /* 576 * We got status. This should only happen if we have 577 * received all the data with no errors. The command 578 * must be completed now, since we won't get a command 579 * response PDU. The cmd_status and residual_count are 580 * not meaningful unless status_present is set. 581 */ 582 if (idrhp->flags & ISCSI_FLAG_DATA_STATUS) { 583 pkt->pkt_resid = 0; 584 /* Check the residual count */ 585 if (bp && 586 (icmdp->cmd_un.scsi.data_transferred != 587 bp->b_bcount)) { 588 /* 589 * We didn't xfer the expected amount of data - 590 * the residual_count in the header is only valid 591 * if the underflow flag is set. 592 */ 593 if (idrhp->flags & ISCSI_FLAG_DATA_UNDERFLOW) { 594 pkt->pkt_resid = ntohl(idrhp->residual_count); 595 } else { 596 if (bp->b_bcount > 597 icmdp->cmd_un.scsi.data_transferred) { 598 /* Some data fell on the floor somehw */ 599 pkt->pkt_resid = 600 bp->b_bcount - 601 icmdp->cmd_un.scsi.data_transferred; 602 } 603 } 604 } 605 606 pkt->pkt_reason = CMD_CMPLT; 607 pkt->pkt_state |= (STATE_XFERRED_DATA | STATE_GOT_STATUS); 608 609 if (((idrhp->cmd_status & STATUS_MASK) != STATUS_GOOD) && 610 (icmdp->cmd_un.scsi.statuslen >= 611 sizeof (struct scsi_arq_status)) && pkt->pkt_scbp) { 612 613 /* 614 * Not supposed to get exception status here! 615 * We have no request sense data so just do the 616 * best we can 617 */ 618 struct scsi_arq_status *arqstat = 619 (struct scsi_arq_status *)pkt->pkt_scbp; 620 621 622 bzero(arqstat, sizeof (struct scsi_arq_status)); 623 624 *((uchar_t *)&arqstat->sts_status) = 625 idrhp->cmd_status; 626 627 arqstat->sts_rqpkt_resid = 628 sizeof (struct scsi_extended_sense); 629 630 } else if (pkt->pkt_scbp) { 631 /* just pass along the status we got */ 632 pkt->pkt_scbp[0] = idrhp->cmd_status; 633 } 634 635 mutex_enter(&icp->conn_queue_active.mutex); 636 iscsi_enqueue_active_cmd(icp, icmdp); 637 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 638 mutex_exit(&icp->conn_queue_active.mutex); 639 } else { 640 mutex_enter(&icp->conn_queue_active.mutex); 641 iscsi_enqueue_active_cmd(icp, icmdp); 642 mutex_exit(&icp->conn_queue_active.mutex); 643 } 644 645 return (ISCSI_STATUS_SUCCESS); 646 } 647 648 649 /* 650 * iscsi_rx_process_cmd_rsp - Process received scsi command response. This 651 * will contain sense data if the command was not successful. This data needs 652 * to be copied into the scsi_pkt. Otherwise we just complete the IO. 653 */ 654 static iscsi_status_t 655 iscsi_rx_process_cmd_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 656 { 657 iscsi_sess_t *isp = icp->conn_sess; 658 iscsi_scsi_rsp_hdr_t *issrhp = (iscsi_scsi_rsp_hdr_t *)ihp; 659 iscsi_cmd_t *icmdp = NULL; 660 struct scsi_pkt *pkt = NULL; 661 uint32_t dlength = 0; 662 struct scsi_arq_status *arqstat = NULL; 663 size_t senselen = 0; 664 int statuslen = 0; 665 666 /* make sure we get status in order */ 667 if (icp->conn_expstatsn == ntohl(issrhp->statsn)) { 668 icp->conn_expstatsn++; 669 } else { 670 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 671 "received status out of order itt:0x%x statsn:0x%x " 672 "expstatsn:0x%x", icp->conn_oid, issrhp->itt, 673 ntohl(issrhp->statsn), icp->conn_expstatsn); 674 return (ISCSI_STATUS_PROTOCOL_ERROR); 675 } 676 677 mutex_enter(&icp->conn_queue_active.mutex); 678 mutex_enter(&isp->sess_cmdsn_mutex); 679 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 680 mutex_exit(&isp->sess_cmdsn_mutex); 681 mutex_exit(&icp->conn_queue_active.mutex); 682 return (ISCSI_STATUS_PROTOCOL_ERROR); 683 } 684 685 /* update expcmdsn and maxcmdsn */ 686 iscsi_update_flow_control(isp, ntohl(issrhp->maxcmdsn), 687 ntohl(issrhp->expcmdsn)); 688 mutex_exit(&isp->sess_cmdsn_mutex); 689 690 pkt = icmdp->cmd_un.scsi.pkt; 691 692 if (issrhp->response) { 693 /* The target failed the command. */ 694 pkt->pkt_reason = CMD_TRAN_ERR; 695 if (icmdp->cmd_un.scsi.bp) { 696 pkt->pkt_resid = icmdp->cmd_un.scsi.bp->b_bcount; 697 } else { 698 pkt->pkt_resid = 0; 699 } 700 } else { 701 /* success */ 702 pkt->pkt_resid = 0; 703 /* Check the residual count */ 704 if ((icmdp->cmd_un.scsi.bp) && 705 (icmdp->cmd_un.scsi.data_transferred != 706 icmdp->cmd_un.scsi.bp->b_bcount)) { 707 /* 708 * We didn't xfer the expected amount of data - 709 * the residual_count in the header is only 710 * valid if the underflow flag is set. 711 */ 712 if (issrhp->flags & ISCSI_FLAG_CMD_UNDERFLOW) { 713 pkt->pkt_resid = ntohl(issrhp->residual_count); 714 } else { 715 if (icmdp->cmd_un.scsi.bp->b_bcount > 716 icmdp->cmd_un.scsi.data_transferred) { 717 /* 718 * Some data fell on the floor 719 * somehow - probably a CRC error 720 */ 721 pkt->pkt_resid = 722 icmdp->cmd_un.scsi.bp->b_bcount - 723 icmdp->cmd_un.scsi.data_transferred; 724 } 725 } 726 } 727 728 /* set flags that tell SCSA that the command is complete */ 729 if (icmdp->cmd_crc_error_seen == B_FALSE) { 730 /* Set successful completion */ 731 pkt->pkt_reason = CMD_CMPLT; 732 if (icmdp->cmd_un.scsi.bp) { 733 pkt->pkt_state |= (STATE_XFERRED_DATA | 734 STATE_GOT_STATUS); 735 } else { 736 pkt->pkt_state |= STATE_GOT_STATUS; 737 } 738 } else { 739 /* 740 * Some of the data was found to have an incorrect 741 * error at the protocol error. 742 */ 743 pkt->pkt_reason = CMD_PER_FAIL; 744 pkt->pkt_statistics |= STAT_PERR; 745 if (icmdp->cmd_un.scsi.bp) { 746 pkt->pkt_resid = 747 icmdp->cmd_un.scsi.bp->b_bcount; 748 } else { 749 pkt->pkt_resid = 0; 750 } 751 } 752 753 dlength = n2h24(issrhp->dlength); 754 755 /* 756 * Process iSCSI Cmd Response Status 757 * RFC 3720 Sectionn 10.4.2. 758 */ 759 switch (issrhp->cmd_status & STATUS_MASK) { 760 case STATUS_GOOD: 761 /* pass SCSI status up stack */ 762 if (pkt->pkt_scbp) { 763 pkt->pkt_scbp[0] = issrhp->cmd_status; 764 } 765 break; 766 case STATUS_CHECK: 767 /* 768 * Verify we received a sense buffer and 769 * that there is the correct amount of 770 * request sense space to copy it to. 771 */ 772 if ((dlength > 1) && 773 (pkt->pkt_scbp != NULL) && 774 (icmdp->cmd_un.scsi.statuslen >= 775 sizeof (struct scsi_arq_status))) { 776 /* 777 * If a bad command status is received we 778 * need to reset the pkt_resid to zero. 779 * The target driver compares its value 780 * before checking other error flags. 781 * (ex. check conditions) 782 */ 783 pkt->pkt_resid = 0; 784 785 /* get sense length from first 2 bytes */ 786 senselen = ((data[0] << 8) | data[1]) & 787 (size_t)0xFFFF; 788 789 /* Sanity-check on the sense length */ 790 if ((senselen + 2) > dlength) { 791 senselen = dlength - 2; 792 } 793 794 /* 795 * If there was a Data Digest error then 796 * the sense data cannot be trusted. 797 */ 798 if (icmdp->cmd_crc_error_seen) { 799 senselen = 0; 800 } 801 802 /* automatic request sense */ 803 arqstat = 804 (struct scsi_arq_status *)pkt->pkt_scbp; 805 806 /* pass SCSI status up stack */ 807 *((uchar_t *)&arqstat->sts_status) = 808 issrhp->cmd_status; 809 810 /* 811 * Set the status for the automatic 812 * request sense command 813 */ 814 arqstat->sts_rqpkt_state = (STATE_GOT_BUS | 815 STATE_GOT_TARGET | STATE_SENT_CMD | 816 STATE_XFERRED_DATA | STATE_GOT_STATUS | 817 STATE_ARQ_DONE); 818 819 *((uchar_t *)&arqstat->sts_rqpkt_status) = 820 STATUS_GOOD; 821 822 arqstat->sts_rqpkt_reason = CMD_CMPLT; 823 824 statuslen = icmdp->cmd_un.scsi.statuslen; 825 826 if (senselen == 0) { 827 /* auto request sense failed */ 828 arqstat->sts_rqpkt_status.sts_chk = 1; 829 arqstat->sts_rqpkt_resid = 830 statuslen; 831 } else if (senselen < 832 statuslen) { 833 /* auto request sense short */ 834 arqstat->sts_rqpkt_resid = 835 statuslen 836 - senselen; 837 } else { 838 /* auto request sense complete */ 839 arqstat->sts_rqpkt_resid = 0; 840 } 841 arqstat->sts_rqpkt_statistics = 0; 842 pkt->pkt_state |= STATE_ARQ_DONE; 843 844 if (icmdp->cmd_misc_flags & 845 ISCSI_CMD_MISCFLAG_XARQ) { 846 pkt->pkt_state |= STATE_XARQ_DONE; 847 } 848 849 /* copy auto request sense */ 850 dlength = min(senselen, 851 statuslen); 852 if (dlength) { 853 bcopy(&data[2], (uchar_t *)&arqstat-> 854 sts_sensedata, dlength); 855 } 856 break; 857 } 858 /* FALLTHRU */ 859 case STATUS_BUSY: 860 case STATUS_RESERVATION_CONFLICT: 861 case STATUS_QFULL: 862 case STATUS_ACA_ACTIVE: 863 default: 864 /* 865 * If a bad command status is received we need to 866 * reset the pkt_resid to zero. The target driver 867 * compares its value before checking other error 868 * flags. (ex. check conditions) 869 */ 870 pkt->pkt_resid = 0; 871 /* pass SCSI status up stack */ 872 if (pkt->pkt_scbp) { 873 pkt->pkt_scbp[0] = issrhp->cmd_status; 874 } 875 } 876 } 877 878 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 879 mutex_exit(&icp->conn_queue_active.mutex); 880 881 return (ISCSI_STATUS_SUCCESS); 882 } 883 884 /* 885 * iscsi_rx_process_rtt_rsp - Process received RTT. This means the target is 886 * requesting data. 887 */ 888 /* ARGSUSED */ 889 static iscsi_status_t 890 iscsi_rx_process_rtt_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 891 { 892 iscsi_sess_t *isp = (iscsi_sess_t *)icp->conn_sess; 893 iscsi_rtt_hdr_t *irhp = (iscsi_rtt_hdr_t *)ihp; 894 iscsi_cmd_t *icmdp = NULL; 895 struct buf *bp = NULL; 896 uint32_t data_length; 897 iscsi_status_t status = ISCSI_STATUS_PROTOCOL_ERROR; 898 899 900 mutex_enter(&isp->sess_queue_pending.mutex); 901 mutex_enter(&icp->conn_queue_active.mutex); 902 mutex_enter(&isp->sess_cmdsn_mutex); 903 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 904 mutex_exit(&isp->sess_cmdsn_mutex); 905 mutex_exit(&icp->conn_queue_active.mutex); 906 mutex_exit(&isp->sess_queue_pending.mutex); 907 return (status); 908 } 909 910 /* update expcmdsn and maxcmdsn */ 911 iscsi_update_flow_control(isp, ntohl(irhp->maxcmdsn), 912 ntohl(irhp->expcmdsn)); 913 mutex_enter(&icmdp->cmd_mutex); 914 mutex_exit(&isp->sess_cmdsn_mutex); 915 916 bp = icmdp->cmd_un.scsi.bp; 917 data_length = ntohl(irhp->data_length); 918 919 /* 920 * Perform boundary-checks per RFC 3720 (section 10.8.4). 921 * The Desired Data Transfer Length must satisfy this relation: 922 * 923 * 0 < Desired Data Transfer Length <= MaxBurstLength 924 */ 925 if ((bp == NULL) || (data_length == 0)) { 926 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 927 "has no data itt:0x%x - protocol error", icp->conn_oid, 928 irhp->itt); 929 } else if (data_length > icp->conn_params.max_burst_length) { 930 cmn_err(CE_WARN, "iscsi connection(%u) received r2t but pkt " 931 "is larger than MaxBurstLength itt:0x%x len:0x%x - " 932 "protocol error", 933 icp->conn_oid, irhp->itt, data_length); 934 } else { 935 iscsi_handle_r2t(icp, icmdp, ntohl(irhp->data_offset), 936 data_length, irhp->ttt); 937 status = ISCSI_STATUS_SUCCESS; 938 } 939 940 mutex_exit(&icmdp->cmd_mutex); 941 mutex_exit(&icp->conn_queue_active.mutex); 942 mutex_exit(&isp->sess_queue_pending.mutex); 943 944 return (status); 945 } 946 947 948 /* 949 * iscsi_rx_process_nop - Process a received nop. If nop is in response 950 * to a ping we sent update stats. If initiated by the target we need 951 * to response back to the target with a nop. Schedule the response. 952 */ 953 /* ARGSUSED */ 954 static iscsi_status_t 955 iscsi_rx_process_nop(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 956 { 957 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 958 iscsi_sess_t *isp = NULL; 959 iscsi_nop_in_hdr_t *inihp = (iscsi_nop_in_hdr_t *)ihp; 960 iscsi_cmd_t *icmdp = NULL; 961 962 ASSERT(icp != NULL); 963 ASSERT(ihp != NULL); 964 /* ASSERT(data != NULL) data is allowed to be NULL */ 965 isp = icp->conn_sess; 966 ASSERT(isp != NULL); 967 968 if (icp->conn_expstatsn != ntohl(inihp->statsn)) { 969 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 970 "received status out of order itt:0x%x statsn:0x%x " 971 "expstatsn:0x%x", icp->conn_oid, inihp->itt, 972 ntohl(inihp->statsn), icp->conn_expstatsn); 973 return (ISCSI_STATUS_PROTOCOL_ERROR); 974 } 975 976 mutex_enter(&isp->sess_queue_pending.mutex); 977 mutex_enter(&icp->conn_queue_active.mutex); 978 mutex_enter(&isp->sess_cmdsn_mutex); 979 if (inihp->itt != ISCSI_RSVD_TASK_TAG) { 980 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 981 isp, ihp, &icmdp))) { 982 mutex_exit(&isp->sess_cmdsn_mutex); 983 mutex_exit(&icp->conn_queue_active.mutex); 984 mutex_exit(&isp->sess_queue_pending.mutex); 985 return (ISCSI_STATUS_PROTOCOL_ERROR); 986 } 987 } 988 989 /* update expcmdsn and maxcmdsn */ 990 iscsi_update_flow_control(isp, ntohl(inihp->maxcmdsn), 991 ntohl(inihp->expcmdsn)); 992 mutex_exit(&isp->sess_cmdsn_mutex); 993 994 if ((inihp->itt != ISCSI_RSVD_TASK_TAG) && 995 (inihp->ttt == ISCSI_RSVD_TASK_TAG)) { 996 /* This is the only type of nop that incs. the expstatsn */ 997 icp->conn_expstatsn++; 998 999 /* 1000 * This is a targets response to our nop 1001 */ 1002 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1003 } else if (inihp->ttt != ISCSI_RSVD_TASK_TAG) { 1004 /* 1005 * Target requested a nop. Send one. 1006 */ 1007 iscsi_handle_nop(icp, ISCSI_RSVD_TASK_TAG, inihp->ttt); 1008 } else { 1009 /* 1010 * This is a target-initiated ping that doesn't expect 1011 * a response; nothing to do except update our flow control 1012 * (which we do in all cases above). 1013 */ 1014 /* EMPTY */ 1015 } 1016 mutex_exit(&icp->conn_queue_active.mutex); 1017 mutex_exit(&isp->sess_queue_pending.mutex); 1018 1019 return (rval); 1020 } 1021 1022 1023 /* 1024 * iscsi_rx_process_reject_rsp - The server rejected a PDU 1025 */ 1026 static iscsi_status_t 1027 iscsi_rx_process_reject_rsp(iscsi_conn_t *icp, 1028 iscsi_hdr_t *ihp, char *data) 1029 { 1030 iscsi_reject_rsp_hdr_t *irrhp = (iscsi_reject_rsp_hdr_t *)ihp; 1031 iscsi_sess_t *isp = NULL; 1032 uint32_t dlength = 0; 1033 iscsi_hdr_t *old_ihp = NULL; 1034 1035 ASSERT(icp != NULL); 1036 isp = icp->conn_sess; 1037 ASSERT(ihp != NULL); 1038 ASSERT(data != NULL); 1039 1040 /* make sure we only Ack Status numbers that we've actually received. */ 1041 if (icp->conn_expstatsn == ntohl(irrhp->statsn)) { 1042 icp->conn_expstatsn++; 1043 } else { 1044 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1045 "received status out of order itt:0x%x statsn:0x%x " 1046 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1047 ntohl(irrhp->statsn), icp->conn_expstatsn); 1048 return (ISCSI_STATUS_PROTOCOL_ERROR); 1049 } 1050 1051 /* update expcmdsn and maxcmdsn */ 1052 mutex_enter(&isp->sess_cmdsn_mutex); 1053 iscsi_update_flow_control(isp, ntohl(irrhp->maxcmdsn), 1054 ntohl(irrhp->expcmdsn)); 1055 mutex_exit(&isp->sess_cmdsn_mutex); 1056 1057 /* If we don't have the rejected header we can't do anything */ 1058 dlength = n2h24(irrhp->dlength); 1059 if (dlength < sizeof (iscsi_hdr_t)) { 1060 return (ISCSI_STATUS_PROTOCOL_ERROR); 1061 } 1062 1063 /* map old ihp */ 1064 old_ihp = (iscsi_hdr_t *)data; 1065 1066 switch (irrhp->reason) { 1067 /* 1068 * ISCSI_REJECT_IMM_CMD_REJECT - Immediate Command Reject 1069 * too many immediate commands (original cmd can be resent) 1070 */ 1071 case ISCSI_REJECT_IMM_CMD_REJECT: 1072 /* 1073 * We have exceeded the server's capacity for outstanding 1074 * immediate commands. This must be a task management 1075 * command so try to find it in the abortingqueue and 1076 * complete it. 1077 */ 1078 if (!(old_ihp->opcode & ISCSI_OP_IMMEDIATE)) { 1079 /* Rejecting IMM but old old_hdr wasn't IMM */ 1080 return (ISCSI_STATUS_PROTOCOL_ERROR); 1081 } 1082 1083 /* 1084 * We only send NOP and TASK_MGT as IMM. All other 1085 * cases should be considered as a protocol error. 1086 */ 1087 switch (old_ihp->opcode & ISCSI_OPCODE_MASK) { 1088 case ISCSI_OP_NOOP_OUT: 1089 /* 1090 * A ping was rejected - treat this like 1091 * ping response. The down side is we 1092 * didn't get an updated MaxCmdSn. 1093 */ 1094 break; 1095 case ISCSI_OP_SCSI_TASK_MGT_MSG: 1096 (void) iscsi_rx_process_rejected_tsk_mgt(icp, 1097 old_ihp); 1098 break; 1099 default: 1100 cmn_err(CE_WARN, "iscsi connection(%u) protocol error " 1101 "- received a reject for a command(0x%02x) not " 1102 "sent as an immediate", icp->conn_oid, 1103 old_ihp->opcode); 1104 return (ISCSI_STATUS_PROTOCOL_ERROR); 1105 } 1106 break; 1107 1108 /* 1109 * For the rest of the reject cases just use the general 1110 * hammer of dis/reconnecting. This will resolve all 1111 * noted issues although could be more graceful. 1112 */ 1113 case ISCSI_REJECT_DATA_DIGEST_ERROR: 1114 case ISCSI_REJECT_CMD_BEFORE_LOGIN: 1115 case ISCSI_REJECT_SNACK_REJECT: 1116 case ISCSI_REJECT_PROTOCOL_ERROR: 1117 case ISCSI_REJECT_CMD_NOT_SUPPORTED: 1118 case ISCSI_REJECT_TASK_IN_PROGRESS: 1119 case ISCSI_REJECT_INVALID_DATA_ACK: 1120 case ISCSI_REJECT_INVALID_PDU_FIELD: 1121 case ISCSI_REJECT_LONG_OPERATION_REJECT: 1122 case ISCSI_REJECT_NEGOTIATION_RESET: 1123 default: 1124 cmn_err(CE_WARN, "iscsi connection(%u) closing connection - " 1125 "target requested itt:0x%x reason:0x%x", 1126 icp->conn_oid, ihp->itt, irrhp->reason); 1127 return (ISCSI_STATUS_PROTOCOL_ERROR); 1128 } 1129 1130 return (ISCSI_STATUS_SUCCESS); 1131 } 1132 1133 1134 /* 1135 * iscsi_rx_process_rejected_tsk_mgt - 1136 */ 1137 static iscsi_status_t 1138 iscsi_rx_process_rejected_tsk_mgt(iscsi_conn_t *icp, 1139 iscsi_hdr_t *old_ihp) 1140 { 1141 iscsi_sess_t *isp = NULL; 1142 iscsi_cmd_t *icmdp = NULL; 1143 1144 ASSERT(icp != NULL); 1145 isp = icp->conn_sess; 1146 ASSERT(old_ihp != NULL); 1147 ASSERT(icp->conn_sess != NULL); 1148 1149 mutex_enter(&icp->conn_queue_active.mutex); 1150 mutex_enter(&isp->sess_cmdsn_mutex); 1151 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1152 isp, old_ihp, &icmdp))) { 1153 mutex_exit(&isp->sess_cmdsn_mutex); 1154 mutex_exit(&icp->conn_queue_active.mutex); 1155 return (ISCSI_STATUS_PROTOCOL_ERROR); 1156 } 1157 mutex_exit(&isp->sess_cmdsn_mutex); 1158 1159 switch (icmdp->cmd_type) { 1160 case ISCSI_CMD_TYPE_ABORT: 1161 case ISCSI_CMD_TYPE_RESET: 1162 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E4, 1163 icp->conn_sess); 1164 break; 1165 /* We don't send any other task mgr types */ 1166 default: 1167 ASSERT(B_FALSE); 1168 break; 1169 } 1170 mutex_exit(&icp->conn_queue_active.mutex); 1171 1172 return (ISCSI_STATUS_SUCCESS); 1173 } 1174 1175 1176 /* 1177 * iscsi_rx_process_task_mgt_rsp - 1178 */ 1179 /* ARGSUSED */ 1180 static iscsi_status_t 1181 iscsi_rx_process_task_mgt_rsp(iscsi_conn_t *icp, 1182 iscsi_hdr_t *ihp, void *data) 1183 { 1184 iscsi_sess_t *isp = NULL; 1185 iscsi_scsi_task_mgt_rsp_hdr_t *istmrhp = NULL; 1186 iscsi_cmd_t *icmdp = NULL; 1187 1188 ASSERT(ihp != NULL); 1189 ASSERT(icp != NULL); 1190 isp = icp->conn_sess; 1191 ASSERT(isp != NULL); 1192 istmrhp = (iscsi_scsi_task_mgt_rsp_hdr_t *)ihp; 1193 1194 if (icp->conn_expstatsn == ntohl(istmrhp->statsn)) { 1195 icp->conn_expstatsn++; 1196 } else { 1197 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1198 "received status out of order itt:0x%x statsn:0x%x " 1199 "expstatsn:0x%x", icp->conn_oid, istmrhp->itt, 1200 ntohl(istmrhp->statsn), icp->conn_expstatsn); 1201 return (ISCSI_STATUS_PROTOCOL_ERROR); 1202 } 1203 1204 /* make sure we only Ack Status numbers that we've actually received. */ 1205 mutex_enter(&icp->conn_queue_active.mutex); 1206 mutex_enter(&isp->sess_cmdsn_mutex); 1207 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1208 mutex_exit(&isp->sess_cmdsn_mutex); 1209 mutex_exit(&icp->conn_queue_active.mutex); 1210 return (ISCSI_STATUS_PROTOCOL_ERROR); 1211 } 1212 1213 /* update expcmdsn and maxcmdn */ 1214 iscsi_update_flow_control(isp, ntohl(istmrhp->maxcmdsn), 1215 ntohl(istmrhp->expcmdsn)); 1216 mutex_exit(&isp->sess_cmdsn_mutex); 1217 1218 switch (icmdp->cmd_type) { 1219 case ISCSI_CMD_TYPE_ABORT: 1220 case ISCSI_CMD_TYPE_RESET: 1221 switch (istmrhp->response) { 1222 case SCSI_TCP_TM_RESP_COMPLETE: 1223 /* success */ 1224 iscsi_cmd_state_machine(icmdp, 1225 ISCSI_CMD_EVENT_E3, isp); 1226 break; 1227 case SCSI_TCP_TM_RESP_NO_TASK: 1228 /* 1229 * If the array no longer knows about 1230 * an ABORT RTT and we no longer have 1231 * a parent SCSI command it was just 1232 * completed, free this ABORT resource. 1233 * Otherwise FALLTHRU this will flag a 1234 * protocol problem. 1235 */ 1236 if ((icmdp->cmd_type == ISCSI_CMD_TYPE_ABORT) && 1237 (icmdp->cmd_un.abort.icmdp == NULL)) { 1238 iscsi_cmd_state_machine(icmdp, 1239 ISCSI_CMD_EVENT_E4, isp); 1240 break; 1241 } 1242 /* FALLTHRU */ 1243 case SCSI_TCP_TM_RESP_NO_LUN: 1244 case SCSI_TCP_TM_RESP_TASK_ALLEGIANT: 1245 case SCSI_TCP_TM_RESP_NO_FAILOVER: 1246 case SCSI_TCP_TM_RESP_IN_PRGRESS: 1247 case SCSI_TCP_TM_RESP_REJECTED: 1248 default: 1249 /* 1250 * Something is out of sync. Flush 1251 * active queues and resync the 1252 * the connection to try and recover 1253 * to a known state. 1254 */ 1255 mutex_exit(&icp->conn_queue_active.mutex); 1256 return (ISCSI_STATUS_PROTOCOL_ERROR); 1257 } 1258 break; 1259 1260 default: 1261 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1262 "received a task mgt response for a non-task mgt " 1263 "cmd itt:0x%x type:%d", icp->conn_oid, istmrhp->itt, 1264 icmdp->cmd_type); 1265 mutex_exit(&icp->conn_queue_active.mutex); 1266 return (ISCSI_STATUS_PROTOCOL_ERROR); 1267 } 1268 1269 mutex_exit(&icp->conn_queue_active.mutex); 1270 return (ISCSI_STATUS_SUCCESS); 1271 } 1272 1273 1274 /* 1275 * iscsi_rx_process_logout - 1276 * 1277 */ 1278 /* ARGSUSED */ 1279 static iscsi_status_t 1280 iscsi_rx_process_logout_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1281 { 1282 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1283 iscsi_sess_t *isp = icp->conn_sess; 1284 iscsi_logout_rsp_hdr_t *ilrhp = (iscsi_logout_rsp_hdr_t *)ihp; 1285 iscsi_cmd_t *icmdp = NULL; 1286 1287 ASSERT(icp != NULL); 1288 ASSERT(ihp != NULL); 1289 isp = icp->conn_sess; 1290 ASSERT(isp != NULL); 1291 1292 if (icp->conn_expstatsn != ntohl(ilrhp->statsn)) { 1293 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1294 "received status out of order itt:0x%x statsn:0x%x " 1295 "expstatsn:0x%x", icp->conn_oid, ilrhp->itt, 1296 ntohl(ilrhp->statsn), icp->conn_expstatsn); 1297 return (ISCSI_STATUS_PROTOCOL_ERROR); 1298 } 1299 1300 mutex_enter(&icp->conn_queue_active.mutex); 1301 mutex_enter(&isp->sess_cmdsn_mutex); 1302 if (ilrhp->itt != ISCSI_RSVD_TASK_TAG) { 1303 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp( 1304 isp, ihp, &icmdp))) { 1305 mutex_exit(&isp->sess_cmdsn_mutex); 1306 mutex_exit(&icp->conn_queue_active.mutex); 1307 return (ISCSI_STATUS_PROTOCOL_ERROR); 1308 } 1309 } 1310 1311 /* update expcmdsn and maxcmdsn */ 1312 iscsi_update_flow_control(isp, ntohl(ilrhp->maxcmdsn), 1313 ntohl(ilrhp->expcmdsn)); 1314 mutex_exit(&isp->sess_cmdsn_mutex); 1315 1316 switch (ilrhp->response) { 1317 case ISCSI_LOGOUT_CID_NOT_FOUND: 1318 /* 1319 * If the target doesn't know about our connection 1320 * then we can consider our self disconnected. 1321 */ 1322 /* FALLTHRU */ 1323 case ISCSI_LOGOUT_RECOVERY_UNSUPPORTED: 1324 /* 1325 * We don't support ErrorRecovery levels above 0 1326 * currently so consider this success. 1327 */ 1328 /* FALLTHRU */ 1329 case ISCSI_LOGOUT_CLEANUP_FAILED: 1330 /* 1331 * per spec. "cleanup failed for various reasons." 1332 * Although those various reasons are undefined. 1333 * Not sure what to do here. So fake success, 1334 * which will disconnect the connection. 1335 */ 1336 /* FALLTHRU */ 1337 case ISCSI_LOGOUT_SUCCESS: 1338 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1339 mutex_exit(&icp->conn_queue_active.mutex); 1340 /* logout completed successfully notify the conn */ 1341 mutex_enter(&icp->conn_state_mutex); 1342 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 1343 mutex_exit(&icp->conn_state_mutex); 1344 break; 1345 default: 1346 mutex_exit(&icp->conn_queue_active.mutex); 1347 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1348 } 1349 1350 return (rval); 1351 } 1352 1353 1354 /* 1355 * iscsi_rx_process_logout - 1356 * 1357 */ 1358 /* ARGSUSED */ 1359 static iscsi_status_t 1360 iscsi_rx_process_async_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1361 { 1362 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1363 iscsi_async_evt_hdr_t *iaehp = (iscsi_async_evt_hdr_t *)ihp; 1364 1365 ASSERT(icp != NULL); 1366 ASSERT(ihp != NULL); 1367 ASSERT(icp->conn_sess != NULL); 1368 1369 if (icp->conn_expstatsn != ntohl(iaehp->statsn)) { 1370 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1371 "received status out of order itt:0x%x statsn:0x%x " 1372 "expstatsn:0x%x", icp->conn_oid, ihp->itt, 1373 ntohl(iaehp->statsn), icp->conn_expstatsn); 1374 return (ISCSI_STATUS_PROTOCOL_ERROR); 1375 } 1376 1377 switch (iaehp->async_event) { 1378 case ISCSI_ASYNC_EVENT_SCSI_EVENT: 1379 /* 1380 * SCSI asynchronous event is reported in 1381 * the sense data. Sense data that accompanies 1382 * the report in the data segment identifies the 1383 * condition. If the target supports SCSI 1384 * asynchronous events reporting (see [SAM2]) 1385 * as indicated in the stardard INQUIRY data 1386 * (see [SPC3]), its use may be enabled by 1387 * parameters in the SCSI control mode page 1388 * (see [SPC3]). 1389 * 1390 * T-10 has removed SCSI asunchronous events 1391 * from the standard. Although we have seen 1392 * a couple targets still spending these requests. 1393 * Those targets were specifically sending them 1394 * for notification of a LUN/Volume change 1395 * (ex. LUN addition/removal). Take a general 1396 * action to these events of dis/reconnecting. 1397 * Once reconnected we perform a reenumeration. 1398 */ 1399 mutex_enter(&icp->conn_state_mutex); 1400 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1401 mutex_exit(&icp->conn_state_mutex); 1402 break; 1403 1404 case ISCSI_ASYNC_EVENT_REQUEST_LOGOUT: 1405 /* Target has requested this connection to logout. */ 1406 mutex_enter(&icp->conn_state_mutex); 1407 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1408 mutex_exit(&icp->conn_state_mutex); 1409 break; 1410 1411 case ISCSI_ASYNC_EVENT_DROPPING_CONNECTION: 1412 /* 1413 * Target is going to drop our connection. 1414 * param1 - CID which will be dropped. 1415 * param2 - Min time to reconnect. 1416 * param3 - Max time to reconnect. 1417 * 1418 * For now just let fail as another disconnect. 1419 * 1420 * MC/S Once we support > 1 connections then 1421 * we need to check the CID and drop that 1422 * specific connection. 1423 */ 1424 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1425 mutex_enter(&icp->conn_state_mutex); 1426 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1427 mutex_exit(&icp->conn_state_mutex); 1428 break; 1429 1430 case ISCSI_ASYNC_EVENT_DROPPING_ALL_CONNECTIONS: 1431 /* 1432 * Target is going to drop ALL connections. 1433 * param2 - Min time to reconnect. 1434 * param3 - Max time to reconnect. 1435 * 1436 * For now just let fail as anyother disconnect. 1437 * 1438 * MC/S Once we support more than > 1 connections 1439 * then we need to drop all connections on the 1440 * session. 1441 */ 1442 iscsi_conn_set_login_min_max(icp, iaehp->param2, iaehp->param3); 1443 mutex_enter(&icp->conn_state_mutex); 1444 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1445 mutex_exit(&icp->conn_state_mutex); 1446 break; 1447 1448 case ISCSI_ASYNC_EVENT_PARAM_NEGOTIATION: 1449 /* 1450 * Target requests parameter negotiation 1451 * on this connection. 1452 * 1453 * The initiator must honor this request. For 1454 * now we will request a logout. We can't 1455 * just ignore this or it might force corruption? 1456 */ 1457 mutex_enter(&icp->conn_state_mutex); 1458 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1459 mutex_exit(&icp->conn_state_mutex); 1460 break; 1461 1462 case ISCSI_ASYNC_EVENT_VENDOR_SPECIFIC: 1463 /* 1464 * We currently don't handle any vendor 1465 * specific async events. So just ignore 1466 * the request. 1467 */ 1468 mutex_enter(&icp->conn_state_mutex); 1469 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T14); 1470 mutex_exit(&icp->conn_state_mutex); 1471 break; 1472 default: 1473 rval = ISCSI_STATUS_PROTOCOL_ERROR; 1474 } 1475 1476 return (rval); 1477 } 1478 1479 /* 1480 * iscsi_rx_process_text_rsp - processes iSCSI text response. It sets 1481 * the cmd_result field of the command data structure with the actual 1482 * status value instead of returning the status value. The return value 1483 * is SUCCESS in order to let iscsi_handle_text control the operation of 1484 * a text request. 1485 * Test requests are a handled a little different than other types of 1486 * iSCSI commands because the initiator sends additional empty text requests 1487 * in order to obtain the remaining responses required to complete the 1488 * request. iscsi_handle_text controls the operation of text request, while 1489 * iscsi_rx_process_text_rsp just process the current response. 1490 */ 1491 static iscsi_status_t 1492 iscsi_rx_process_text_rsp(iscsi_conn_t *icp, iscsi_hdr_t *ihp, char *data) 1493 { 1494 iscsi_sess_t *isp = NULL; 1495 iscsi_text_rsp_hdr_t *ithp = (iscsi_text_rsp_hdr_t *)ihp; 1496 iscsi_cmd_t *icmdp = NULL; 1497 boolean_t final = B_FALSE; 1498 uint32_t data_len; 1499 1500 ASSERT(icp != NULL); 1501 ASSERT(ihp != NULL); 1502 ASSERT(data != NULL); 1503 1504 isp = icp->conn_sess; 1505 ASSERT(isp != NULL); 1506 1507 if (icp->conn_expstatsn == ntohl(ithp->statsn)) { 1508 icp->conn_expstatsn++; 1509 } else { 1510 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1511 "received status out of order itt:0x%x statsn:0x%x " 1512 "expstatsn:0x%x", icp->conn_oid, ithp->itt, 1513 ntohl(ithp->statsn), icp->conn_expstatsn); 1514 return (ISCSI_STATUS_PROTOCOL_ERROR); 1515 } 1516 1517 mutex_enter(&icp->conn_queue_active.mutex); 1518 mutex_enter(&isp->sess_cmdsn_mutex); 1519 if (!ISCSI_SUCCESS(iscsi_rx_process_itt_to_icmdp(isp, ihp, &icmdp))) { 1520 mutex_exit(&isp->sess_cmdsn_mutex); 1521 mutex_exit(&icp->conn_queue_active.mutex); 1522 return (ISCSI_STATUS_PROTOCOL_ERROR); 1523 } 1524 1525 /* update expcmdsn and maxcmdsn */ 1526 iscsi_update_flow_control(isp, ntohl(ithp->maxcmdsn), 1527 ntohl(ithp->expcmdsn)); 1528 mutex_exit(&isp->sess_cmdsn_mutex); 1529 1530 /* update local final response flag */ 1531 if (ithp->flags & ISCSI_FLAG_FINAL) { 1532 final = B_TRUE; 1533 } 1534 1535 /* 1536 * validate received TTT value. RFC3720 specifies the following: 1537 * - F bit set to 1 MUST have a reserved TTT value 0xffffffff 1538 * - F bit set to 0 MUST have a non-reserved TTT value !0xffffffff 1539 * In addition, the received TTT value must not change between 1540 * responses of a long text response 1541 */ 1542 if (((final == B_TRUE) && (ithp->ttt != ISCSI_RSVD_TASK_TAG)) || 1543 ((final == B_FALSE) && (ithp->ttt == ISCSI_RSVD_TASK_TAG))) { 1544 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1545 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1546 mutex_exit(&icp->conn_queue_active.mutex); 1547 cmn_err(CE_WARN, "iscsi connection(%u) protocol error - " 1548 "received text response with invalid flags:0x%x or " 1549 "ttt:0x%x", icp->conn_oid, ithp->flags, ithp->itt); 1550 return (ISCSI_STATUS_PROTOCOL_ERROR); 1551 } 1552 1553 if ((icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) && 1554 (ithp->ttt == ISCSI_RSVD_TASK_TAG) && 1555 (final == B_FALSE)) { 1556 /* TTT should have matched reserved value */ 1557 icmdp->cmd_result = ISCSI_STATUS_PROTOCOL_ERROR; 1558 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1559 mutex_exit(&icp->conn_queue_active.mutex); 1560 cmn_err(CE_WARN, "iscsi connection(%u) protocol " 1561 "error - received text response with invalid " 1562 "ttt:0x%x", icp->conn_oid, ithp->ttt); 1563 return (ISCSI_STATUS_PROTOCOL_ERROR); 1564 } 1565 1566 /* 1567 * If this is first response, save away TTT value for later use 1568 * in a long text request/response sequence 1569 */ 1570 if (icmdp->cmd_un.text.stage == ISCSI_CMD_TEXT_INITIAL_REQ) { 1571 icmdp->cmd_un.text.ttt = ithp->ttt; 1572 } 1573 1574 data_len = ntoh24(ithp->dlength); 1575 1576 /* check whether enough buffer available to copy data */ 1577 if ((icmdp->cmd_un.text.total_rx_len + data_len) > 1578 icmdp->cmd_un.text.buf_len) { 1579 icmdp->cmd_un.text.total_rx_len += data_len; 1580 icmdp->cmd_result = ISCSI_STATUS_DATA_OVERFLOW; 1581 /* 1582 * DATA_OVERFLOW will result in a SUCCESS return so that 1583 * iscsi_handle_text can continue to obtain the remaining 1584 * text response if needed. 1585 */ 1586 } else { 1587 char *buf_data = (icmdp->cmd_un.text.buf + 1588 icmdp->cmd_un.text.offset); 1589 1590 bcopy(data, buf_data, data_len); 1591 icmdp->cmd_un.text.offset += data_len; 1592 icmdp->cmd_un.text.total_rx_len += data_len; 1593 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 1594 bcopy(ithp->rsvd4, icmdp->cmd_un.text.lun, 1595 sizeof (icmdp->cmd_un.text.lun)); 1596 } 1597 1598 /* update stage */ 1599 if (final == B_TRUE) { 1600 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_FINAL_RSP; 1601 } else { 1602 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 1603 } 1604 1605 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E3, isp); 1606 mutex_exit(&icp->conn_queue_active.mutex); 1607 return (ISCSI_STATUS_SUCCESS); 1608 } 1609 1610 /* 1611 * iscsi_rx_process_itt_to_icmdp - Lookup itt in the session's 1612 * cmd table to find matching icmdp. Verify itt in hdr and 1613 * icmdp are the same. 1614 */ 1615 static iscsi_status_t 1616 iscsi_rx_process_itt_to_icmdp(iscsi_sess_t *isp, iscsi_hdr_t *ihp, 1617 iscsi_cmd_t **icmdp) 1618 { 1619 int cmd_table_idx = 0; 1620 1621 ASSERT(isp != NULL); 1622 ASSERT(ihp != NULL); 1623 ASSERT(icmdp != NULL); 1624 ASSERT(mutex_owned(&isp->sess_cmdsn_mutex)); 1625 1626 /* try to find an associated iscsi_pkt */ 1627 cmd_table_idx = ihp->itt % ISCSI_CMD_TABLE_SIZE; 1628 if (isp->sess_cmd_table[cmd_table_idx] == NULL) { 1629 cmn_err(CE_WARN, "iscsi session(%u) protocol error - " 1630 "received unknown itt:0x%x - protocol error", 1631 isp->sess_oid, ihp->itt); 1632 return (ISCSI_STATUS_INTERNAL_ERROR); 1633 } 1634 1635 /* verify itt */ 1636 if (isp->sess_cmd_table[cmd_table_idx]->cmd_itt != ihp->itt) { 1637 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1638 " which is out of sync with itt:0x%x", isp->sess_oid, 1639 ihp->itt, isp->sess_cmd_table[cmd_table_idx]->cmd_itt); 1640 return (ISCSI_STATUS_INTERNAL_ERROR); 1641 } 1642 1643 /* ensure that icmdp is still in Active state */ 1644 if (isp->sess_cmd_table[cmd_table_idx]->cmd_state != 1645 ISCSI_CMD_STATE_ACTIVE) { 1646 cmn_err(CE_WARN, "iscsi session(%u) received itt:0x%x " 1647 "but icmdp (%p) is not in active state", 1648 isp->sess_oid, ihp->itt, 1649 (void *)isp->sess_cmd_table[cmd_table_idx]); 1650 return (ISCSI_STATUS_INTERNAL_ERROR); 1651 } 1652 1653 /* make sure this is a SCSI cmd */ 1654 *icmdp = isp->sess_cmd_table[cmd_table_idx]; 1655 1656 return (ISCSI_STATUS_SUCCESS); 1657 } 1658 1659 1660 /* 1661 * +--------------------------------------------------------------------+ 1662 * | End of protocol receive routines | 1663 * +--------------------------------------------------------------------+ 1664 */ 1665 1666 /* 1667 * +--------------------------------------------------------------------+ 1668 * | Beginning of protocol send routines | 1669 * +--------------------------------------------------------------------+ 1670 */ 1671 1672 1673 /* 1674 * iscsi_tx_thread - This thread is the driving point for all 1675 * iSCSI PDUs after login. No PDUs should call sendpdu() 1676 * directly they should be funneled through iscsi_tx_thread. 1677 */ 1678 void 1679 iscsi_tx_thread(iscsi_thread_t *thread, void *arg) 1680 { 1681 iscsi_conn_t *icp = (iscsi_conn_t *)arg; 1682 iscsi_sess_t *isp = NULL; 1683 iscsi_cmd_t *icmdp = NULL; 1684 clock_t tout; 1685 int ret = 1; 1686 1687 ASSERT(icp != NULL); 1688 isp = icp->conn_sess; 1689 ASSERT(isp != NULL); 1690 ASSERT(thread != NULL); 1691 ASSERT(thread->signature == SIG_ISCSI_THREAD); 1692 1693 tout = SEC_TO_TICK(1); 1694 /* 1695 * Transfer icmdps until shutdown by owning session. 1696 */ 1697 while (ret != 0) { 1698 1699 isp->sess_window_open = B_TRUE; 1700 1701 /* 1702 * While the window is open, there are commands available 1703 * to send and the session state allows those commands to 1704 * be sent try to transfer them. 1705 */ 1706 mutex_enter(&isp->sess_queue_pending.mutex); 1707 while ((isp->sess_window_open == B_TRUE) && 1708 ((icmdp = isp->sess_queue_pending.head) != NULL) && 1709 (((icmdp->cmd_type != ISCSI_CMD_TYPE_SCSI) && 1710 (ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state))) || 1711 (icp->conn_state == ISCSI_CONN_STATE_LOGGED_IN))) { 1712 1713 /* update command with this connection info */ 1714 icmdp->cmd_conn = icp; 1715 /* attempt to send this command */ 1716 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E2, isp); 1717 1718 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1719 mutex_enter(&isp->sess_queue_pending.mutex); 1720 } 1721 mutex_exit(&isp->sess_queue_pending.mutex); 1722 1723 /* 1724 * Go to sleep until there is something new 1725 * to process (awoken via cv_boardcast). 1726 * Or the timer goes off. 1727 */ 1728 ret = iscsi_thread_wait(thread, tout); 1729 } 1730 1731 } 1732 1733 1734 /* 1735 * iscsi_tx_cmd - transfers icmdp across wire as iscsi pdu 1736 * 1737 * Just prior to sending the command to the networking layer the 1738 * pending queue lock will be dropped. At this point only local 1739 * resources will be used, not the icmdp. Holding the queue lock 1740 * across the networking call can lead to a hang. (This is due 1741 * to the the target driver and networking layers competing use 1742 * of the timeout() resources and the queue lock being held for 1743 * both sides.) Upon the completion of this command the lock 1744 * will have been re-acquired. 1745 */ 1746 iscsi_status_t 1747 iscsi_tx_cmd(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1748 { 1749 iscsi_status_t rval = ISCSI_STATUS_INTERNAL_ERROR; 1750 1751 ASSERT(isp != NULL); 1752 ASSERT(icmdp != NULL); 1753 1754 /* transfer specific command type */ 1755 switch (icmdp->cmd_type) { 1756 case ISCSI_CMD_TYPE_SCSI: 1757 rval = iscsi_tx_scsi(isp, icmdp); 1758 break; 1759 case ISCSI_CMD_TYPE_R2T: 1760 rval = iscsi_tx_r2t(isp, icmdp); 1761 break; 1762 case ISCSI_CMD_TYPE_NOP: 1763 rval = iscsi_tx_nop(isp, icmdp); 1764 break; 1765 case ISCSI_CMD_TYPE_ABORT: 1766 rval = iscsi_tx_abort(isp, icmdp); 1767 break; 1768 case ISCSI_CMD_TYPE_RESET: 1769 rval = iscsi_tx_reset(isp, icmdp); 1770 break; 1771 case ISCSI_CMD_TYPE_LOGOUT: 1772 rval = iscsi_tx_logout(isp, icmdp); 1773 break; 1774 case ISCSI_CMD_TYPE_TEXT: 1775 rval = iscsi_tx_text(isp, icmdp); 1776 break; 1777 default: 1778 ASSERT(FALSE); 1779 } 1780 1781 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 1782 return (rval); 1783 } 1784 1785 /* 1786 * a variable length cdb can be up to 16K, but we obviously don't want 1787 * to put that on the stack; go with 200 bytes; if we get something 1788 * bigger than that we will kmem_alloc a buffer 1789 */ 1790 #define DEF_CDB_LEN 200 1791 1792 /* 1793 * given the size of the cdb, return how many bytes the header takes, 1794 * which is the sizeof addl_hdr_t + the CDB size, minus the 16 bytes 1795 * stored in the basic header, minus sizeof (ahs_extscb) 1796 */ 1797 #define ADDLHDRSZ(x) (sizeof (iscsi_addl_hdr_t) + (x) - \ 1798 16 - 4) 1799 1800 /* 1801 * iscsi_tx_scsi - 1802 * 1803 */ 1804 static iscsi_status_t 1805 iscsi_tx_scsi(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 1806 { 1807 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 1808 iscsi_conn_t *icp = NULL; 1809 struct scsi_pkt *pkt = NULL; 1810 struct buf *bp = NULL; 1811 union { 1812 iscsi_scsi_cmd_hdr_t isch; 1813 iscsi_addl_hdr_t iah; 1814 uchar_t arr[ADDLHDRSZ(DEF_CDB_LEN)]; 1815 } hdr_un; 1816 iscsi_scsi_cmd_hdr_t *ihp = 1817 (iscsi_scsi_cmd_hdr_t *)&hdr_un.isch; 1818 int cdblen = 0; 1819 size_t buflen = 0; 1820 uint32_t imdata = 0; 1821 uint32_t first_burst_length = 0; 1822 1823 ASSERT(isp != NULL); 1824 ASSERT(icmdp != NULL); 1825 pkt = icmdp->cmd_un.scsi.pkt; 1826 ASSERT(pkt != NULL); 1827 bp = icmdp->cmd_un.scsi.bp; 1828 icp = icmdp->cmd_conn; 1829 ASSERT(icp != NULL); 1830 1831 /* Reset counts in case we are on a retry */ 1832 icmdp->cmd_un.scsi.data_transferred = 0; 1833 1834 if (icmdp->cmd_un.scsi.cmdlen > DEF_CDB_LEN) { 1835 cdblen = icmdp->cmd_un.scsi.cmdlen; 1836 ihp = kmem_zalloc(ADDLHDRSZ(cdblen), KM_SLEEP); 1837 } else { 1838 /* 1839 * only bzero the basic header; the additional header 1840 * will be set up correctly later, if needed 1841 */ 1842 bzero(ihp, sizeof (iscsi_scsi_cmd_hdr_t)); 1843 } 1844 ihp->opcode = ISCSI_OP_SCSI_CMD; 1845 ihp->itt = icmdp->cmd_itt; 1846 mutex_enter(&isp->sess_cmdsn_mutex); 1847 ihp->cmdsn = htonl(isp->sess_cmdsn); 1848 isp->sess_cmdsn++; 1849 mutex_exit(&isp->sess_cmdsn_mutex); 1850 ihp->expstatsn = htonl(icp->conn_expstatsn); 1851 icp->conn_laststatsn = icp->conn_expstatsn; 1852 1853 pkt->pkt_state = (STATE_GOT_BUS | STATE_GOT_TARGET); 1854 pkt->pkt_reason = CMD_INCOMPLETE; 1855 1856 /* 1857 * Sestion 12.11 of the iSCSI specification has a good table 1858 * describing when uncolicited data and/or immediate data 1859 * should be sent. 1860 */ 1861 bp = icmdp->cmd_un.scsi.bp; 1862 if ((bp != NULL) && bp->b_bcount) { 1863 buflen = bp->b_bcount; 1864 first_burst_length = icp->conn_params.first_burst_length; 1865 1866 if (bp->b_flags & B_READ) { 1867 ihp->flags = ISCSI_FLAG_FINAL; 1868 /* 1869 * fix problem where OS sends bp (B_READ & 1870 * b_bcount!=0) for a TUR or START_STOP. 1871 * (comment came from cisco code.) 1872 */ 1873 if ((pkt->pkt_cdbp[0] != SCMD_TEST_UNIT_READY) && 1874 (pkt->pkt_cdbp[0] != SCMD_START_STOP)) { 1875 ihp->flags |= ISCSI_FLAG_CMD_READ; 1876 ihp->data_length = htonl(buflen); 1877 } 1878 } else { 1879 ihp->flags = ISCSI_FLAG_CMD_WRITE; 1880 /* 1881 * FinalBit on the the iSCSI PDU denotes this 1882 * is the last PDU in the sequence. 1883 * 1884 * initial_r2t = true means R2T is required 1885 * for additional PDU, so there will be no more 1886 * unsolicited PDUs following 1887 */ 1888 if (icp->conn_params.initial_r2t) { 1889 ihp->flags |= ISCSI_FLAG_FINAL; 1890 } 1891 1892 /* Check if we should send ImmediateData */ 1893 if (icp->conn_params.immediate_data) { 1894 imdata = MIN(MIN(buflen, 1895 first_burst_length), 1896 icmdp->cmd_conn->conn_params. 1897 max_xmit_data_seg_len); 1898 1899 /* 1900 * if everything fits immediate, or 1901 * we can send all burst data immediate 1902 * (not unsol), set F 1903 */ 1904 if ((imdata == buflen) || 1905 (imdata == first_burst_length)) { 1906 ihp->flags |= ISCSI_FLAG_FINAL; 1907 } 1908 1909 hton24(ihp->dlength, imdata); 1910 } 1911 1912 /* total data transfer length */ 1913 ihp->data_length = htonl(buflen); 1914 } 1915 } else { 1916 ihp->flags = ISCSI_FLAG_FINAL; 1917 buflen = 0; 1918 } 1919 1920 /* tagged queuing */ 1921 if (pkt->pkt_flags & FLAG_HTAG) { 1922 ihp->flags |= ISCSI_ATTR_HEAD_OF_QUEUE; 1923 } else if (pkt->pkt_flags & FLAG_OTAG) { 1924 ihp->flags |= ISCSI_ATTR_ORDERED; 1925 } else if (pkt->pkt_flags & FLAG_STAG) { 1926 ihp->flags |= ISCSI_ATTR_SIMPLE; 1927 } else { 1928 /* ihp->flags |= ISCSI_ATTR_UNTAGGED; */ 1929 /* EMPTY */ 1930 } 1931 1932 /* iscsi states lun is based on spc.2 */ 1933 ISCSI_LUN_BYTE_COPY(ihp->lun, icmdp->cmd_un.scsi.lun); 1934 1935 if (icmdp->cmd_un.scsi.cmdlen <= 16) { 1936 /* copy the SCSI Command Block into the PDU */ 1937 bcopy(pkt->pkt_cdbp, ihp->scb, 1938 icmdp->cmd_un.scsi.cmdlen); 1939 } else { 1940 iscsi_addl_hdr_t *iahp; 1941 1942 iahp = (iscsi_addl_hdr_t *)ihp; 1943 1944 ihp->hlength = (ADDLHDRSZ(icmdp->cmd_un.scsi.cmdlen) - 1945 sizeof (iscsi_scsi_cmd_hdr_t) + 3) / 4; 1946 iahp->ahs_hlen_hi = 0; 1947 iahp->ahs_hlen_lo = (icmdp->cmd_un.scsi.cmdlen - 15); 1948 iahp->ahs_key = 0x01; 1949 iahp->ahs_resv = 0; 1950 bcopy(pkt->pkt_cdbp, ihp->scb, 16); 1951 bcopy(((char *)pkt->pkt_cdbp) + 16, &iahp->ahs_extscb[0], 1952 icmdp->cmd_un.scsi.cmdlen); 1953 } 1954 1955 /* 1956 * Update all values before transfering. 1957 * We should never touch the icmdp after 1958 * transfering if there is no more data 1959 * to send. The only case the sendpdu() 1960 * will fail is a on a connection disconnect 1961 * in that case the command will be flushed. 1962 */ 1963 pkt->pkt_state |= STATE_SENT_CMD; 1964 1965 icmdp->cmd_un.scsi.data_transferred += imdata; 1966 1967 /* 1968 * Check if there is additional data to transfer beyond what 1969 * will be sent as part of the initial command. If InitialR2T 1970 * is disabled then we should fake up a R2T so all the data, 1971 * up to first burst length, is sent in an unsolicited 1972 * fashion. We have already sent as much immediate data 1973 * as possible. 1974 */ 1975 if ((buflen > 0) && 1976 ((bp->b_flags & B_READ) == 0) && 1977 (icp->conn_params.initial_r2t == 0) && 1978 (MIN(first_burst_length, buflen) - imdata > 0)) { 1979 1980 uint32_t xfer_len = MIN(first_burst_length, buflen) - imdata; 1981 /* data will be chunked at tx */ 1982 iscsi_handle_r2t(icp, icmdp, imdata, 1983 xfer_len, ISCSI_RSVD_TASK_TAG); 1984 } 1985 1986 /* release pending queue mutex across the network call */ 1987 mutex_exit(&isp->sess_queue_pending.mutex); 1988 1989 /* Transfer Cmd PDU */ 1990 if (imdata) { 1991 rval = iscsi_net->sendpdu(icp->conn_socket, 1992 (iscsi_hdr_t *)ihp, icmdp->cmd_un.scsi.bp->b_un.b_addr, 1993 ISCSI_CONN_TO_NET_DIGEST(icp)); 1994 if (ISCSI_SUCCESS(rval)) { 1995 KSTAT_ADD_CONN_TX_BYTES(icp, imdata); 1996 } 1997 } else { 1998 rval = iscsi_net->sendpdu(icp->conn_socket, 1999 (iscsi_hdr_t *)ihp, NULL, 2000 ISCSI_CONN_TO_NET_DIGEST(icp)); 2001 } 2002 if (cdblen) { 2003 kmem_free(ihp, ADDLHDRSZ(cdblen)); 2004 } 2005 2006 return (rval); 2007 } 2008 2009 2010 /* 2011 * iscsi_tx_r2t - 2012 * 2013 */ 2014 static iscsi_status_t 2015 iscsi_tx_r2t(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2016 { 2017 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2018 iscsi_conn_t *icp = NULL; 2019 iscsi_cmd_t *orig_icmdp = NULL; 2020 2021 ASSERT(isp != NULL); 2022 ASSERT(icmdp != NULL); 2023 icp = icmdp->cmd_conn; 2024 ASSERT(icp); 2025 orig_icmdp = icmdp->cmd_un.r2t.icmdp; 2026 ASSERT(orig_icmdp); 2027 2028 /* validate the offset and length against the buffer size */ 2029 if ((icmdp->cmd_un.r2t.offset + icmdp->cmd_un.r2t.length) > 2030 orig_icmdp->cmd_un.scsi.bp->b_bcount) { 2031 cmn_err(CE_WARN, "iscsi session(%u) ignoring invalid r2t " 2032 "for icmd itt:0x%x offset:0x%x length:0x%x bufsize:0x%lx", 2033 isp->sess_oid, icmdp->cmd_itt, icmdp->cmd_un.r2t.offset, 2034 icmdp->cmd_un.r2t.length, orig_icmdp->cmd_un.scsi.bp-> 2035 b_bcount); 2036 mutex_exit(&isp->sess_queue_pending.mutex); 2037 return (ISCSI_STATUS_INTERNAL_ERROR); 2038 } 2039 ASSERT(orig_icmdp->cmd_un.scsi.r2t_icmdp); 2040 2041 rval = iscsi_tx_data(isp, icp, orig_icmdp, icmdp->cmd_ttt, 2042 icmdp->cmd_un.r2t.length, icmdp->cmd_un.r2t.offset); 2043 2044 mutex_enter(&orig_icmdp->cmd_mutex); 2045 orig_icmdp->cmd_un.scsi.r2t_icmdp = NULL; 2046 icmdp->cmd_un.r2t.icmdp = NULL; 2047 /* 2048 * we're finished with this r2t; there could be another r2t 2049 * waiting on us to finish, so signal it. 2050 */ 2051 cv_broadcast(&orig_icmdp->cmd_completion); 2052 mutex_exit(&orig_icmdp->cmd_mutex); 2053 /* 2054 * the parent command may be waiting for us to finish; if so, 2055 * wake the _ic_ thread 2056 */ 2057 if ((orig_icmdp->cmd_state == ISCSI_CMD_STATE_COMPLETED) && 2058 (ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) && 2059 (orig_icmdp->cmd_un.scsi.r2t_more == B_FALSE)) 2060 iscsi_thread_send_wakeup(isp->sess_ic_thread); 2061 ASSERT(!mutex_owned(&isp->sess_queue_pending.mutex)); 2062 return (rval); 2063 } 2064 2065 2066 /* 2067 * iscsi_tx_data - 2068 */ 2069 static iscsi_status_t 2070 iscsi_tx_data(iscsi_sess_t *isp, iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2071 uint32_t ttt, size_t datalen, size_t offset) 2072 { 2073 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2074 struct buf *bp = NULL; 2075 size_t remainder = 0; 2076 size_t chunk = 0; 2077 char *data = NULL; 2078 uint32_t data_sn = 0; 2079 iscsi_data_hdr_t idhp; 2080 uint32_t itt; 2081 uint32_t lun; 2082 2083 ASSERT(isp != NULL); 2084 ASSERT(icp != NULL); 2085 ASSERT(icmdp != NULL); 2086 bp = icmdp->cmd_un.scsi.bp; 2087 2088 /* verify there is data to send */ 2089 if (bp == NULL) { 2090 mutex_exit(&isp->sess_queue_pending.mutex); 2091 return (ISCSI_STATUS_INTERNAL_ERROR); 2092 } 2093 2094 itt = icmdp->cmd_itt; 2095 lun = icmdp->cmd_un.scsi.lun; 2096 2097 /* 2098 * update the LUN with the amount of data we will 2099 * transfer. If there is a failure it's because of 2100 * a network fault and the command will get flushed. 2101 */ 2102 icmdp->cmd_un.scsi.data_transferred += datalen; 2103 2104 /* release pending queue mutex across the network call */ 2105 mutex_exit(&isp->sess_queue_pending.mutex); 2106 2107 remainder = datalen; 2108 while (remainder) { 2109 2110 /* Check so see if we need to chunk the data */ 2111 if ((icp->conn_params.max_xmit_data_seg_len > 0) && 2112 (remainder > icp->conn_params.max_xmit_data_seg_len)) { 2113 chunk = icp->conn_params.max_xmit_data_seg_len; 2114 } else { 2115 chunk = remainder; 2116 } 2117 2118 /* setup iscsi data hdr */ 2119 bzero(&idhp, sizeof (iscsi_data_hdr_t)); 2120 idhp.opcode = ISCSI_OP_SCSI_DATA; 2121 idhp.itt = itt; 2122 idhp.ttt = ttt; 2123 ISCSI_LUN_BYTE_COPY(idhp.lun, lun); 2124 idhp.expstatsn = htonl(icp->conn_expstatsn); 2125 icp->conn_laststatsn = icp->conn_expstatsn; 2126 idhp.datasn = htonl(data_sn); 2127 data_sn++; 2128 idhp.offset = htonl(offset); 2129 hton24(idhp.dlength, chunk); 2130 2131 if (chunk == remainder) { 2132 idhp.flags = ISCSI_FLAG_FINAL; /* final chunk */ 2133 } 2134 2135 /* setup data */ 2136 data = bp->b_un.b_addr + offset; 2137 2138 /* 2139 * Keep track of how much data we have 2140 * transfer so far and how much is remaining. 2141 */ 2142 remainder -= chunk; 2143 offset += chunk; 2144 2145 rval = iscsi_net->sendpdu(icp->conn_socket, 2146 (iscsi_hdr_t *)&idhp, data, 2147 ISCSI_CONN_TO_NET_DIGEST(icp)); 2148 2149 if (ISCSI_SUCCESS(rval)) { 2150 KSTAT_ADD_CONN_TX_BYTES(icp, chunk); 2151 } else { 2152 break; 2153 } 2154 } 2155 2156 return (rval); 2157 } 2158 2159 2160 /* 2161 * iscsi_tx_nop - 2162 * 2163 */ 2164 static iscsi_status_t 2165 iscsi_tx_nop(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2166 { 2167 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2168 iscsi_conn_t *icp = NULL; 2169 iscsi_nop_out_hdr_t inohp; 2170 2171 ASSERT(isp != NULL); 2172 ASSERT(icmdp != NULL); 2173 icp = icmdp->cmd_conn; 2174 ASSERT(icp != NULL); 2175 2176 bzero(&inohp, sizeof (iscsi_nop_out_hdr_t)); 2177 inohp.opcode = ISCSI_OP_NOOP_OUT | ISCSI_OP_IMMEDIATE; 2178 inohp.flags = ISCSI_FLAG_FINAL; 2179 inohp.itt = icmdp->cmd_itt; 2180 inohp.ttt = icmdp->cmd_ttt; 2181 mutex_enter(&isp->sess_cmdsn_mutex); 2182 inohp.cmdsn = htonl(isp->sess_cmdsn); 2183 mutex_exit(&isp->sess_cmdsn_mutex); 2184 inohp.expstatsn = htonl(icp->conn_expstatsn); 2185 icp->conn_laststatsn = icp->conn_expstatsn; 2186 2187 /* release pending queue mutex across the network call */ 2188 mutex_exit(&isp->sess_queue_pending.mutex); 2189 2190 rval = iscsi_net->sendpdu(icp->conn_socket, 2191 (iscsi_hdr_t *)&inohp, NULL, 2192 ISCSI_CONN_TO_NET_DIGEST(icp)); 2193 2194 return (rval); 2195 } 2196 2197 2198 /* 2199 * iscsi_tx_abort - 2200 * 2201 */ 2202 static iscsi_status_t 2203 iscsi_tx_abort(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2204 { 2205 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2206 iscsi_conn_t *icp = NULL; 2207 iscsi_scsi_task_mgt_hdr_t istmh; 2208 2209 ASSERT(isp != NULL); 2210 ASSERT(icmdp != NULL); 2211 icp = icmdp->cmd_conn; 2212 ASSERT(icp != NULL); 2213 2214 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2215 mutex_enter(&isp->sess_cmdsn_mutex); 2216 istmh.cmdsn = htonl(isp->sess_cmdsn); 2217 mutex_exit(&isp->sess_cmdsn_mutex); 2218 istmh.expstatsn = htonl(icp->conn_expstatsn); 2219 icp->conn_laststatsn = icp->conn_expstatsn; 2220 istmh.itt = icmdp->cmd_itt; 2221 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2222 istmh.function = ISCSI_FLAG_FINAL | ISCSI_TM_FUNC_ABORT_TASK; 2223 ISCSI_LUN_BYTE_COPY(istmh.lun, 2224 icmdp->cmd_un.abort.icmdp->cmd_un.scsi.lun); 2225 istmh.rtt = icmdp->cmd_un.abort.icmdp->cmd_itt; 2226 2227 /* release pending queue mutex across the network call */ 2228 mutex_exit(&isp->sess_queue_pending.mutex); 2229 2230 rval = iscsi_net->sendpdu(icp->conn_socket, 2231 (iscsi_hdr_t *)&istmh, NULL, 2232 ISCSI_CONN_TO_NET_DIGEST(icp)); 2233 2234 return (rval); 2235 } 2236 2237 2238 /* 2239 * iscsi_tx_reset - 2240 * 2241 */ 2242 static iscsi_status_t 2243 iscsi_tx_reset(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2244 { 2245 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2246 iscsi_conn_t *icp = NULL; 2247 iscsi_scsi_task_mgt_hdr_t istmh; 2248 2249 ASSERT(isp != NULL); 2250 ASSERT(icmdp != NULL); 2251 icp = icmdp->cmd_conn; 2252 ASSERT(icp != NULL); 2253 2254 bzero(&istmh, sizeof (iscsi_scsi_task_mgt_hdr_t)); 2255 istmh.opcode = ISCSI_OP_SCSI_TASK_MGT_MSG | ISCSI_OP_IMMEDIATE; 2256 mutex_enter(&isp->sess_cmdsn_mutex); 2257 istmh.cmdsn = htonl(isp->sess_cmdsn); 2258 mutex_exit(&isp->sess_cmdsn_mutex); 2259 istmh.expstatsn = htonl(icp->conn_expstatsn); 2260 istmh.itt = icmdp->cmd_itt; 2261 2262 switch (icmdp->cmd_un.reset.level) { 2263 case RESET_LUN: 2264 istmh.function = ISCSI_FLAG_FINAL | 2265 ISCSI_TM_FUNC_LOGICAL_UNIT_RESET; 2266 ISCSI_LUN_BYTE_COPY(istmh.lun, icmdp->cmd_lun->lun_num); 2267 break; 2268 case RESET_TARGET: 2269 case RESET_BUS: 2270 istmh.function = ISCSI_FLAG_FINAL | 2271 ISCSI_TM_FUNC_TARGET_WARM_RESET; 2272 break; 2273 default: 2274 /* unsupported / unknown level */ 2275 ASSERT(FALSE); 2276 break; 2277 } 2278 2279 /* release pending queue mutex across the network call */ 2280 mutex_exit(&isp->sess_queue_pending.mutex); 2281 2282 rval = iscsi_net->sendpdu(icp->conn_socket, 2283 (iscsi_hdr_t *)&istmh, NULL, 2284 ISCSI_CONN_TO_NET_DIGEST(icp)); 2285 2286 return (rval); 2287 } 2288 2289 2290 /* 2291 * iscsi_tx_logout - 2292 * 2293 */ 2294 static iscsi_status_t 2295 iscsi_tx_logout(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2296 { 2297 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2298 iscsi_conn_t *icp = NULL; 2299 iscsi_logout_hdr_t ilh; 2300 2301 ASSERT(isp != NULL); 2302 ASSERT(icmdp != NULL); 2303 icp = icmdp->cmd_conn; 2304 ASSERT(icp != NULL); 2305 2306 bzero(&ilh, sizeof (iscsi_logout_hdr_t)); 2307 ilh.opcode = ISCSI_OP_LOGOUT_CMD | ISCSI_OP_IMMEDIATE; 2308 ilh.flags = ISCSI_FLAG_FINAL | ISCSI_LOGOUT_REASON_CLOSE_SESSION; 2309 ilh.itt = icmdp->cmd_itt; 2310 ilh.cid = icp->conn_cid; 2311 mutex_enter(&isp->sess_cmdsn_mutex); 2312 ilh.cmdsn = htonl(isp->sess_cmdsn); 2313 mutex_exit(&isp->sess_cmdsn_mutex); 2314 ilh.expstatsn = htonl(icp->conn_expstatsn); 2315 2316 /* release pending queue mutex across the network call */ 2317 mutex_exit(&isp->sess_queue_pending.mutex); 2318 2319 rval = iscsi_net->sendpdu(icp->conn_socket, 2320 (iscsi_hdr_t *)&ilh, NULL, 2321 ISCSI_CONN_TO_NET_DIGEST(icp)); 2322 2323 return (rval); 2324 } 2325 2326 /* 2327 * iscsi_tx_text - setup iSCSI text request header and send PDU with 2328 * data given in the buffer attached to the command. For a single 2329 * text request, the target may need to send its response in multiple 2330 * text response. In this case, empty text requests are sent after 2331 * each received response to notify the target the initiator is ready 2332 * for more response. For the initial request, the data_len field in 2333 * the text specific portion of a command is set to the amount of data 2334 * the initiator wants to send as part of the request. If additional 2335 * empty text requests are required for long responses, the data_len 2336 * field is set to 0 by the iscsi_handle_text function. 2337 */ 2338 static iscsi_status_t 2339 iscsi_tx_text(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 2340 { 2341 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2342 iscsi_conn_t *icp = NULL; 2343 iscsi_text_hdr_t ith; 2344 2345 ASSERT(isp != NULL); 2346 ASSERT(icmdp != NULL); 2347 icp = icmdp->cmd_conn; 2348 ASSERT(icp != NULL); 2349 2350 bzero(&ith, sizeof (iscsi_text_hdr_t)); 2351 ith.opcode = ISCSI_OP_TEXT_CMD; 2352 ith.flags = ISCSI_FLAG_FINAL; 2353 hton24(ith.dlength, icmdp->cmd_un.text.data_len); 2354 ith.itt = icmdp->cmd_itt; 2355 ith.ttt = icmdp->cmd_un.text.ttt; 2356 mutex_enter(&isp->sess_cmdsn_mutex); 2357 ith.cmdsn = htonl(isp->sess_cmdsn); 2358 isp->sess_cmdsn++; 2359 ith.expstatsn = htonl(icp->conn_expstatsn); 2360 mutex_exit(&isp->sess_cmdsn_mutex); 2361 bcopy(icmdp->cmd_un.text.lun, ith.rsvd4, sizeof (ith.rsvd4)); 2362 2363 /* release pending queue mutex across the network call */ 2364 mutex_exit(&isp->sess_queue_pending.mutex); 2365 2366 rval = iscsi_net->sendpdu(icp->conn_socket, 2367 (iscsi_hdr_t *)&ith, icmdp->cmd_un.text.buf, 2368 ISCSI_CONN_TO_NET_DIGEST(icp)); 2369 2370 return (rval); 2371 } 2372 2373 /* 2374 * +--------------------------------------------------------------------+ 2375 * | End of protocol send routines | 2376 * +--------------------------------------------------------------------+ 2377 */ 2378 2379 /* 2380 * iscsi_handle_r2t - Create a R2T and put it into the pending queue. 2381 * 2382 * Since the rx thread can hold the pending mutex, the tx thread or wd 2383 * thread may not have chance to check the commands in the pending queue. 2384 * So if the previous R2T is still there, we will release the related 2385 * mutex and wait for its completion in case of deadlock. 2386 */ 2387 static void 2388 iscsi_handle_r2t(iscsi_conn_t *icp, iscsi_cmd_t *icmdp, 2389 uint32_t offset, uint32_t length, uint32_t ttt) 2390 { 2391 iscsi_sess_t *isp = NULL; 2392 iscsi_cmd_t *new_icmdp = NULL; 2393 int owned = 0; 2394 2395 ASSERT(icp != NULL); 2396 isp = icp->conn_sess; 2397 ASSERT(isp != NULL); 2398 2399 if (icmdp->cmd_un.scsi.r2t_icmdp != NULL) { 2400 /* 2401 * Occasionally the tx thread doesn't have a chance to 2402 * send commands when we hold the pending mutex. 2403 * So we should mark this scsi command with more R2T 2404 * and release the mutex. Then wait for completion. 2405 */ 2406 icmdp->cmd_un.scsi.r2t_more = B_TRUE; 2407 2408 mutex_exit(&icmdp->cmd_mutex); 2409 owned = mutex_owned(&icp->conn_queue_active.mutex); 2410 if (owned != 0) { 2411 mutex_exit(&icp->conn_queue_active.mutex); 2412 } 2413 mutex_exit(&isp->sess_queue_pending.mutex); 2414 2415 /* 2416 * the transmission from a previous r2t can be 2417 * slow to return; the array may have sent 2418 * another r2t at this point, so wait until 2419 * the first one finishes and signals us. 2420 */ 2421 mutex_enter(&icmdp->cmd_mutex); 2422 while (icmdp->cmd_un.scsi.r2t_icmdp != NULL) { 2423 ASSERT(icmdp->cmd_state != ISCSI_CMD_STATE_COMPLETED); 2424 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2425 } 2426 mutex_exit(&icmdp->cmd_mutex); 2427 2428 mutex_enter(&isp->sess_queue_pending.mutex); 2429 if (owned != 0) { 2430 mutex_enter(&icp->conn_queue_active.mutex); 2431 } 2432 mutex_enter(&icmdp->cmd_mutex); 2433 } 2434 2435 /* 2436 * try to create an R2T task to send it later. If we can't, 2437 * we're screwed, and the command will eventually time out 2438 * and be retried by the SCSI layer. 2439 */ 2440 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2441 new_icmdp->cmd_type = ISCSI_CMD_TYPE_R2T; 2442 new_icmdp->cmd_un.r2t.icmdp = icmdp; 2443 new_icmdp->cmd_un.r2t.offset = offset; 2444 new_icmdp->cmd_un.r2t.length = length; 2445 new_icmdp->cmd_ttt = ttt; 2446 new_icmdp->cmd_itt = icmdp->cmd_itt; 2447 new_icmdp->cmd_lun = icmdp->cmd_lun; 2448 icmdp->cmd_un.scsi.r2t_icmdp = new_icmdp; 2449 icmdp->cmd_un.scsi.r2t_more = B_FALSE; 2450 2451 /* 2452 * pending queue mutex is already held by the 2453 * tx_thread or rtt_rsp function. 2454 */ 2455 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2456 } 2457 2458 2459 /* 2460 * iscsi_handle_abort - 2461 * 2462 */ 2463 void 2464 iscsi_handle_abort(void *arg) 2465 { 2466 iscsi_sess_t *isp = NULL; 2467 iscsi_cmd_t *icmdp = (iscsi_cmd_t *)arg; 2468 iscsi_cmd_t *new_icmdp; 2469 iscsi_conn_t *icp; 2470 2471 ASSERT(icmdp != NULL); 2472 icp = icmdp->cmd_conn; 2473 ASSERT(icp != NULL); 2474 isp = icp->conn_sess; 2475 ASSERT(isp != NULL); 2476 2477 /* there should only be one abort */ 2478 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 2479 2480 new_icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2481 new_icmdp->cmd_type = ISCSI_CMD_TYPE_ABORT; 2482 new_icmdp->cmd_lun = icmdp->cmd_lun; 2483 new_icmdp->cmd_un.abort.icmdp = icmdp; 2484 new_icmdp->cmd_conn = icmdp->cmd_conn; 2485 icmdp->cmd_un.scsi.abort_icmdp = new_icmdp; 2486 2487 /* pending queue mutex is already held by timeout_checks */ 2488 iscsi_cmd_state_machine(new_icmdp, ISCSI_CMD_EVENT_E1, isp); 2489 } 2490 2491 2492 /* 2493 * iscsi_handle_nop - 2494 * 2495 */ 2496 static void 2497 iscsi_handle_nop(iscsi_conn_t *icp, uint32_t itt, uint32_t ttt) 2498 { 2499 iscsi_sess_t *isp = NULL; 2500 iscsi_cmd_t *icmdp = NULL; 2501 2502 ASSERT(icp != NULL); 2503 isp = icp->conn_sess; 2504 ASSERT(isp != NULL); 2505 2506 icmdp = iscsi_cmd_alloc(icp, KM_NOSLEEP); 2507 if (icmdp == NULL) { 2508 return; 2509 } 2510 2511 icmdp->cmd_type = ISCSI_CMD_TYPE_NOP; 2512 icmdp->cmd_itt = itt; 2513 icmdp->cmd_ttt = ttt; 2514 icmdp->cmd_lun = NULL; 2515 icp->conn_nop_lbolt = ddi_get_lbolt(); 2516 2517 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2518 } 2519 2520 /* 2521 * iscsi_handle_reset - 2522 * 2523 */ 2524 iscsi_status_t 2525 iscsi_handle_reset(iscsi_sess_t *isp, int level, iscsi_lun_t *ilp) 2526 { 2527 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2528 iscsi_conn_t *icp; 2529 iscsi_cmd_t icmd; 2530 2531 ASSERT(isp != NULL); 2532 2533 bzero(&icmd, sizeof (iscsi_cmd_t)); 2534 icmd.cmd_sig = ISCSI_SIG_CMD; 2535 icmd.cmd_state = ISCSI_CMD_STATE_FREE; 2536 icmd.cmd_type = ISCSI_CMD_TYPE_RESET; 2537 icmd.cmd_lun = ilp; 2538 icmd.cmd_un.reset.level = level; 2539 icmd.cmd_result = ISCSI_STATUS_SUCCESS; 2540 icmd.cmd_completed = B_FALSE; 2541 mutex_init(&icmd.cmd_mutex, NULL, MUTEX_DRIVER, NULL); 2542 cv_init(&icmd.cmd_completion, NULL, CV_DRIVER, NULL); 2543 /* 2544 * If we received an IO and we are not in the 2545 * LOGGED_IN state we are in the process of 2546 * failing. Just respond that we are BUSY. 2547 */ 2548 mutex_enter(&isp->sess_state_mutex); 2549 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2550 /* We aren't connected to the target fake success */ 2551 mutex_exit(&isp->sess_state_mutex); 2552 return (ISCSI_STATUS_SUCCESS); 2553 } 2554 2555 mutex_enter(&isp->sess_queue_pending.mutex); 2556 iscsi_cmd_state_machine(&icmd, ISCSI_CMD_EVENT_E1, isp); 2557 mutex_exit(&isp->sess_queue_pending.mutex); 2558 mutex_exit(&isp->sess_state_mutex); 2559 2560 /* stall until completed */ 2561 mutex_enter(&icmd.cmd_mutex); 2562 while (icmd.cmd_completed == B_FALSE) { 2563 cv_wait(&icmd.cmd_completion, &icmd.cmd_mutex); 2564 } 2565 mutex_exit(&icmd.cmd_mutex); 2566 2567 /* copy rval */ 2568 rval = icmd.cmd_result; 2569 2570 if (rval == ISCSI_STATUS_SUCCESS) { 2571 /* 2572 * Reset was successful. We need to flush 2573 * all active IOs. 2574 */ 2575 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 2576 icp = isp->sess_conn_list; 2577 while (icp != NULL) { 2578 iscsi_cmd_t *t_icmdp = NULL; 2579 2580 mutex_enter(&icp->conn_queue_active.mutex); 2581 t_icmdp = icp->conn_queue_active.head; 2582 while (t_icmdp != NULL) { 2583 iscsi_cmd_state_machine(t_icmdp, 2584 ISCSI_CMD_EVENT_E7, isp); 2585 t_icmdp = icp->conn_queue_active.head; 2586 } 2587 2588 mutex_exit(&icp->conn_queue_active.mutex); 2589 icp = icp->conn_next; 2590 } 2591 rw_exit(&isp->sess_conn_list_rwlock); 2592 } 2593 2594 /* clean up */ 2595 cv_destroy(&icmd.cmd_completion); 2596 mutex_destroy(&icmd.cmd_mutex); 2597 2598 return (rval); 2599 } 2600 2601 2602 /* 2603 * iscsi_handle_logout - This function will issue a logout for 2604 * the session from a specific connection. 2605 */ 2606 iscsi_status_t 2607 iscsi_handle_logout(iscsi_conn_t *icp) 2608 { 2609 iscsi_sess_t *isp; 2610 iscsi_cmd_t *icmdp; 2611 int rval; 2612 2613 ASSERT(icp != NULL); 2614 isp = icp->conn_sess; 2615 ASSERT(isp != NULL); 2616 ASSERT(isp->sess_hba != NULL); 2617 2618 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2619 ASSERT(icmdp != NULL); 2620 icmdp->cmd_type = ISCSI_CMD_TYPE_LOGOUT; 2621 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2622 icmdp->cmd_completed = B_FALSE; 2623 2624 mutex_enter(&isp->sess_queue_pending.mutex); 2625 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2626 mutex_exit(&isp->sess_queue_pending.mutex); 2627 2628 /* 2629 * release connection state mutex to avoid a deadlock. This 2630 * function is called from within the connection state 2631 * machine with the lock held. When the logout response is 2632 * received another call to the connection state machine 2633 * occurs which causes the deadlock 2634 */ 2635 mutex_exit(&icp->conn_state_mutex); 2636 2637 /* stall until completed */ 2638 mutex_enter(&icmdp->cmd_mutex); 2639 while (icmdp->cmd_completed == B_FALSE) { 2640 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2641 } 2642 mutex_exit(&icmdp->cmd_mutex); 2643 mutex_enter(&icp->conn_state_mutex); 2644 2645 /* copy rval */ 2646 rval = icmdp->cmd_result; 2647 2648 /* 2649 * another way to do this would be to send t17 unconditionally, 2650 * but then the _rx_ thread would get bumped out with a receive 2651 * error, and send another t17. 2652 */ 2653 if (rval != ISCSI_STATUS_SUCCESS) { 2654 (void) iscsi_conn_state_machine(icp, ISCSI_CONN_EVENT_T17); 2655 } 2656 2657 /* clean up */ 2658 iscsi_cmd_free(icmdp); 2659 2660 return (rval); 2661 } 2662 2663 /* 2664 * iscsi_handle_text - main control function for iSCSI text requests. This 2665 * function handles allocating the command, sending initial text request, and 2666 * handling long response sequence. 2667 * If a data overflow condition occurs, iscsi_handle_text continues to 2668 * receive responses until the all data has been recieved. This allows 2669 * the full data length to be returned to the caller. 2670 */ 2671 iscsi_status_t 2672 iscsi_handle_text(iscsi_conn_t *icp, char *buf, uint32_t buf_len, 2673 uint32_t data_len, uint32_t *rx_data_len) 2674 { 2675 iscsi_sess_t *isp; 2676 iscsi_cmd_t *icmdp; 2677 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2678 2679 ASSERT(icp != NULL); 2680 ASSERT(buf != NULL); 2681 ASSERT(rx_data_len != NULL); 2682 2683 isp = icp->conn_sess; 2684 ASSERT(isp != NULL); 2685 2686 /* 2687 * Ensure data for text request command is not greater 2688 * than the negotiated maximum receive data seqment length. 2689 * 2690 * Although iSCSI allows for long text requests (multiple 2691 * pdus), this function places a restriction on text 2692 * requests to ensure it is handled by a single PDU. 2693 */ 2694 if (data_len > icp->conn_params.max_xmit_data_seg_len) { 2695 return (ISCSI_STATUS_CMD_FAILED); 2696 } 2697 2698 icmdp = iscsi_cmd_alloc(icp, KM_SLEEP); 2699 ASSERT(icmdp != NULL); 2700 2701 icmdp->cmd_type = ISCSI_CMD_TYPE_TEXT; 2702 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2703 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2704 icmdp->cmd_completed = B_FALSE; 2705 2706 icmdp->cmd_un.text.buf = buf; 2707 icmdp->cmd_un.text.buf_len = buf_len; 2708 icmdp->cmd_un.text.offset = 0; 2709 icmdp->cmd_un.text.data_len = data_len; 2710 icmdp->cmd_un.text.total_rx_len = 0; 2711 icmdp->cmd_un.text.ttt = ISCSI_RSVD_TASK_TAG; 2712 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_INITIAL_REQ; 2713 2714 long_text_response: 2715 mutex_enter(&isp->sess_state_mutex); 2716 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2717 iscsi_cmd_free(icmdp); 2718 mutex_exit(&isp->sess_state_mutex); 2719 return (ISCSI_STATUS_NO_CONN_LOGGED_IN); 2720 } 2721 2722 mutex_enter(&isp->sess_queue_pending.mutex); 2723 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2724 mutex_exit(&isp->sess_queue_pending.mutex); 2725 mutex_exit(&isp->sess_state_mutex); 2726 2727 /* stall until completed */ 2728 mutex_enter(&icmdp->cmd_mutex); 2729 while (icmdp->cmd_completed == B_FALSE) { 2730 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2731 } 2732 mutex_exit(&icmdp->cmd_mutex); 2733 2734 /* 2735 * check if error occured. If data overflow occured, continue on 2736 * to ensure we get all data so that the full data length can be 2737 * returned to the user 2738 */ 2739 if ((icmdp->cmd_result != ISCSI_STATUS_SUCCESS) && 2740 (icmdp->cmd_result != ISCSI_STATUS_DATA_OVERFLOW)) { 2741 cmn_err(CE_NOTE, "iscsi: SendTarget discovery failed (%d)", 2742 icmdp->cmd_result); 2743 rval = icmdp->cmd_result; 2744 iscsi_cmd_free(icmdp); 2745 return (rval); 2746 } 2747 2748 /* check if this was a partial text PDU */ 2749 if (icmdp->cmd_un.text.stage != ISCSI_CMD_TEXT_FINAL_RSP) { 2750 /* 2751 * If a paritial text rexponse received, send an empty 2752 * text request. This follows the behaviour specified 2753 * in RFC3720 regarding long text responses. 2754 */ 2755 icmdp->cmd_misc_flags &= ~ISCSI_CMD_MISCFLAG_FREE; 2756 icmdp->cmd_completed = B_FALSE; 2757 icmdp->cmd_un.text.data_len = 0; 2758 icmdp->cmd_un.text.stage = ISCSI_CMD_TEXT_CONTINUATION; 2759 goto long_text_response; 2760 } 2761 2762 /* 2763 * set total received data length. If data overflow this would be 2764 * amount of data that would have been received if buffer large 2765 * enough. 2766 */ 2767 *rx_data_len = icmdp->cmd_un.text.total_rx_len; 2768 2769 /* copy rval */ 2770 rval = icmdp->cmd_result; 2771 2772 /* clean up */ 2773 iscsi_cmd_free(icmdp); 2774 2775 return (rval); 2776 } 2777 2778 /* 2779 * iscsi_handle_passthru - This function is used to send a uscsi_cmd 2780 * to a specific target lun. This routine is used for internal purposes 2781 * during enumeration and via the ISCSI_USCSICMD IOCTL. We restrict 2782 * the CDBs that can be issued to a target/lun to INQUIRY, REPORT_LUNS, 2783 * and READ_CAPACITY for security purposes. 2784 * 2785 * The logic here is broken into three phases. 2786 * 1) Allocate and initialize a pkt/icmdp 2787 * 2) Send the pkt/icmdp 2788 * 3) cv_wait for completion 2789 */ 2790 iscsi_status_t 2791 iscsi_handle_passthru(iscsi_sess_t *isp, uint16_t lun, struct uscsi_cmd *ucmdp) 2792 { 2793 iscsi_status_t rval = ISCSI_STATUS_SUCCESS; 2794 iscsi_cmd_t *icmdp = NULL; 2795 struct scsi_pkt *pkt = NULL; 2796 struct buf *bp = NULL; 2797 struct scsi_arq_status *arqstat = NULL; 2798 int rqlen = SENSE_LENGTH; 2799 2800 ASSERT(isp != NULL); 2801 ASSERT(ucmdp != NULL); 2802 2803 /* 2804 * If the caller didn't provide a sense buffer we need 2805 * to allocation one to get the scsi status. 2806 */ 2807 if (ucmdp->uscsi_rqlen > SENSE_LENGTH) { 2808 rqlen = ucmdp->uscsi_rqlen; 2809 } 2810 2811 /* 2812 * Step 1. Setup structs - KM_SLEEP will always succeed 2813 */ 2814 bp = kmem_zalloc(sizeof (struct buf), KM_SLEEP); 2815 ASSERT(bp != NULL); 2816 pkt = kmem_zalloc(sizeof (struct scsi_pkt), KM_SLEEP); 2817 ASSERT(pkt != NULL); 2818 icmdp = iscsi_cmd_alloc(NULL, KM_SLEEP); 2819 ASSERT(icmdp != NULL); 2820 2821 /* setup bp structure */ 2822 bp->b_flags = B_READ; 2823 bp->b_bcount = ucmdp->uscsi_buflen; 2824 bp->b_un.b_addr = ucmdp->uscsi_bufaddr; 2825 2826 /* setup scsi_pkt structure */ 2827 pkt->pkt_ha_private = icmdp; 2828 pkt->pkt_scbp = kmem_zalloc(rqlen, KM_SLEEP); 2829 pkt->pkt_cdbp = kmem_zalloc(ucmdp->uscsi_cdblen, KM_SLEEP); 2830 /* callback routine for passthru, will wake cv_wait */ 2831 pkt->pkt_comp = iscsi_handle_passthru_callback; 2832 pkt->pkt_time = ucmdp->uscsi_timeout; 2833 2834 /* setup iscsi_cmd structure */ 2835 icmdp->cmd_lun = NULL; 2836 icmdp->cmd_type = ISCSI_CMD_TYPE_SCSI; 2837 icmdp->cmd_un.scsi.lun = lun; 2838 icmdp->cmd_un.scsi.pkt = pkt; 2839 icmdp->cmd_un.scsi.bp = bp; 2840 bcopy(ucmdp->uscsi_cdb, pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2841 icmdp->cmd_un.scsi.cmdlen = ucmdp->uscsi_cdblen; 2842 icmdp->cmd_un.scsi.statuslen = rqlen; 2843 icmdp->cmd_crc_error_seen = B_FALSE; 2844 icmdp->cmd_completed = B_FALSE; 2845 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2846 2847 /* 2848 * Step 2. Push IO onto pending queue. If we aren't in 2849 * FULL_FEATURE we need to fail the IO. 2850 */ 2851 mutex_enter(&isp->sess_state_mutex); 2852 if (!ISCSI_SESS_STATE_FULL_FEATURE(isp->sess_state)) { 2853 mutex_exit(&isp->sess_state_mutex); 2854 2855 iscsi_cmd_free(icmdp); 2856 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2857 kmem_free(pkt->pkt_scbp, rqlen); 2858 kmem_free(pkt, sizeof (struct scsi_pkt)); 2859 kmem_free(bp, sizeof (struct buf)); 2860 2861 return (ISCSI_STATUS_CMD_FAILED); 2862 } 2863 2864 mutex_enter(&isp->sess_queue_pending.mutex); 2865 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E1, isp); 2866 mutex_exit(&isp->sess_queue_pending.mutex); 2867 mutex_exit(&isp->sess_state_mutex); 2868 2869 /* 2870 * Step 3. Wait on cv_wait for completion routine 2871 */ 2872 mutex_enter(&icmdp->cmd_mutex); 2873 while (icmdp->cmd_completed == B_FALSE) { 2874 cv_wait(&icmdp->cmd_completion, &icmdp->cmd_mutex); 2875 } 2876 mutex_exit(&icmdp->cmd_mutex); 2877 2878 /* copy rval */ 2879 rval = icmdp->cmd_result; 2880 2881 ucmdp->uscsi_resid = pkt->pkt_resid; 2882 2883 /* update scsi status */ 2884 arqstat = (struct scsi_arq_status *)pkt->pkt_scbp; 2885 ucmdp->uscsi_status = ((char *)&arqstat->sts_status)[0]; 2886 2887 /* copy request sense buffers if caller gave space */ 2888 if ((ucmdp->uscsi_rqlen > 0) && 2889 (ucmdp->uscsi_rqbuf != NULL)) { 2890 bcopy(arqstat, ucmdp->uscsi_rqbuf, 2891 MIN(sizeof (struct scsi_arq_status), rqlen)); 2892 } 2893 2894 /* clean up */ 2895 iscsi_cmd_free(icmdp); 2896 kmem_free(pkt->pkt_cdbp, ucmdp->uscsi_cdblen); 2897 kmem_free(pkt->pkt_scbp, rqlen); 2898 kmem_free(pkt, sizeof (struct scsi_pkt)); 2899 kmem_free(bp, sizeof (struct buf)); 2900 2901 return (rval); 2902 } 2903 2904 2905 /* 2906 * iscsi_handle_passthru_callback - 2907 * 2908 */ 2909 static void 2910 iscsi_handle_passthru_callback(struct scsi_pkt *pkt) 2911 { 2912 iscsi_cmd_t *icmdp = NULL; 2913 2914 ASSERT(pkt != NULL); 2915 icmdp = (iscsi_cmd_t *)pkt->pkt_ha_private; 2916 ASSERT(icmdp != NULL); 2917 2918 mutex_enter(&icmdp->cmd_mutex); 2919 icmdp->cmd_completed = B_TRUE; 2920 icmdp->cmd_result = ISCSI_STATUS_SUCCESS; 2921 cv_broadcast(&icmdp->cmd_completion); 2922 mutex_exit(&icmdp->cmd_mutex); 2923 2924 } 2925 2926 /* 2927 * +--------------------------------------------------------------------+ 2928 * | Beginning of completion routines | 2929 * +--------------------------------------------------------------------+ 2930 */ 2931 2932 /* 2933 * iscsi_ic_thread - 2934 */ 2935 void 2936 iscsi_ic_thread(iscsi_thread_t *thread, void *arg) 2937 { 2938 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 2939 int ret; 2940 iscsi_queue_t q; 2941 iscsi_cmd_t *icmdp; 2942 iscsi_cmd_t *next_icmdp; 2943 2944 ASSERT(isp != NULL); 2945 ASSERT(thread != NULL); 2946 ASSERT(thread->signature == SIG_ISCSI_THREAD); 2947 2948 for (;;) { 2949 2950 /* 2951 * We wait till iodone or somebody else wakes us up. 2952 */ 2953 ret = iscsi_thread_wait(thread, -1); 2954 2955 /* 2956 * The value should never be negative since we never timeout. 2957 */ 2958 ASSERT(ret >= 0); 2959 2960 q.count = 0; 2961 q.head = NULL; 2962 q.tail = NULL; 2963 mutex_enter(&isp->sess_queue_completion.mutex); 2964 icmdp = isp->sess_queue_completion.head; 2965 while (icmdp != NULL) { 2966 next_icmdp = icmdp->cmd_next; 2967 mutex_enter(&icmdp->cmd_mutex); 2968 /* 2969 * check if the associated r2t/abort has finished 2970 * yet, and make sure this command has no R2T 2971 * to handle. If not, don't complete this command. 2972 */ 2973 if ((icmdp->cmd_un.scsi.r2t_icmdp == NULL) && 2974 (icmdp->cmd_un.scsi.abort_icmdp == NULL) && 2975 (icmdp->cmd_un.scsi.r2t_more == B_FALSE)) { 2976 mutex_exit(&icmdp->cmd_mutex); 2977 (void) iscsi_dequeue_cmd(&isp-> 2978 sess_queue_completion.head, 2979 &isp->sess_queue_completion.tail, 2980 icmdp); 2981 --isp->sess_queue_completion.count; 2982 iscsi_enqueue_cmd_head(&q.head, 2983 &q.tail, icmdp); 2984 } else 2985 mutex_exit(&icmdp->cmd_mutex); 2986 icmdp = next_icmdp; 2987 } 2988 mutex_exit(&isp->sess_queue_completion.mutex); 2989 icmdp = q.head; 2990 while (icmdp != NULL) { 2991 next_icmdp = icmdp->cmd_next; 2992 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E8, isp); 2993 icmdp = next_icmdp; 2994 } 2995 2996 if (ret > 0) 2997 /* Somebody woke us up to work */ 2998 continue; 2999 else 3000 /* 3001 * Somebody woke us up to kill ourselves. We will 3002 * make sure, however that the completion queue is 3003 * empty before leaving. After we've done that it 3004 * is the originator of the signal that has to make 3005 * sure no other SCSI command is posted. 3006 */ 3007 break; 3008 } 3009 3010 } 3011 3012 /* 3013 * iscsi_iodone - 3014 * 3015 */ 3016 void 3017 iscsi_iodone(iscsi_sess_t *isp, iscsi_cmd_t *icmdp) 3018 { 3019 struct scsi_pkt *pkt = NULL; 3020 struct buf *bp = icmdp->cmd_un.scsi.bp; 3021 3022 ASSERT(isp != NULL); 3023 ASSERT(icmdp != NULL); 3024 pkt = icmdp->cmd_un.scsi.pkt; 3025 ASSERT(pkt != NULL); 3026 3027 ASSERT(icmdp->cmd_un.scsi.abort_icmdp == NULL); 3028 ASSERT(icmdp->cmd_un.scsi.r2t_icmdp == NULL); 3029 if (pkt->pkt_reason == CMD_CMPLT) { 3030 if (bp) { 3031 if (bp->b_flags & B_READ) { 3032 KSTAT_SESS_RX_IO_DONE(isp, bp->b_bcount); 3033 } else { 3034 KSTAT_SESS_TX_IO_DONE(isp, bp->b_bcount); 3035 } 3036 } 3037 } 3038 3039 if (pkt->pkt_flags & FLAG_NOINTR) { 3040 cv_broadcast(&icmdp->cmd_completion); 3041 mutex_exit(&icmdp->cmd_mutex); 3042 } else { 3043 /* 3044 * Release mutex. As soon as callback is 3045 * issued the caller may destroy the command. 3046 */ 3047 mutex_exit(&icmdp->cmd_mutex); 3048 /* 3049 * We can't just directly call the pk_comp routine. In 3050 * many error cases the target driver will use the calling 3051 * thread to re-drive error handling (reset, retries...) 3052 * back into the hba driver (iscsi). If the target redrives 3053 * a reset back into the iscsi driver off this thead we have 3054 * a chance of deadlocking. So instead use the io completion 3055 * thread. 3056 */ 3057 (*icmdp->cmd_un.scsi.pkt->pkt_comp)(icmdp->cmd_un.scsi.pkt); 3058 } 3059 } 3060 3061 /* 3062 * +--------------------------------------------------------------------+ 3063 * | End of completion routines | 3064 * +--------------------------------------------------------------------+ 3065 */ 3066 3067 /* 3068 * +--------------------------------------------------------------------+ 3069 * | Beginning of watchdog routines | 3070 * +--------------------------------------------------------------------+ 3071 */ 3072 3073 /* 3074 * iscsi_watchdog_thread - 3075 * 3076 */ 3077 void 3078 iscsi_wd_thread(iscsi_thread_t *thread, void *arg) 3079 { 3080 iscsi_sess_t *isp = (iscsi_sess_t *)arg; 3081 int rc = 1; 3082 3083 ASSERT(isp != NULL); 3084 3085 while (rc != NULL) { 3086 3087 iscsi_timeout_checks(isp); 3088 iscsi_nop_checks(isp); 3089 3090 rc = iscsi_thread_wait(thread, SEC_TO_TICK(1)); 3091 } 3092 } 3093 3094 /* 3095 * iscsi_timeout_checks - 3096 * 3097 */ 3098 static void 3099 iscsi_timeout_checks(iscsi_sess_t *isp) 3100 { 3101 clock_t now = ddi_get_lbolt(); 3102 iscsi_cmd_t *icmdp, *nicmdp; 3103 iscsi_conn_t *icp; 3104 3105 ASSERT(isp != NULL); 3106 3107 /* PENDING */ 3108 mutex_enter(&isp->sess_state_mutex); 3109 mutex_enter(&isp->sess_queue_pending.mutex); 3110 for (icmdp = isp->sess_queue_pending.head; 3111 icmdp; icmdp = nicmdp) { 3112 nicmdp = icmdp->cmd_next; 3113 3114 /* Skip entries with no timeout */ 3115 if (icmdp->cmd_lbolt_timeout == 0) 3116 continue; 3117 3118 /* 3119 * Skip pending queue entries for cmd_type values that depend 3120 * on having an open cmdsn window for successfull transition 3121 * from pending to the active (i.e. ones that depend on 3122 * sess_cmdsn .vs. sess_maxcmdsn). For them, the timer starts 3123 * when they are successfully moved to the active queue by 3124 * iscsi_cmd_state_pending() code. 3125 */ 3126 /* 3127 * If the cmd is stuck, at least give it a chance 3128 * to timeout 3129 */ 3130 if (((icmdp->cmd_type == ISCSI_CMD_TYPE_SCSI) || 3131 (icmdp->cmd_type == ISCSI_CMD_TYPE_TEXT)) && 3132 !(icmdp->cmd_misc_flags & ISCSI_CMD_MISCFLAG_STUCK)) 3133 continue; 3134 3135 /* Skip if timeout still in the future */ 3136 if (now <= icmdp->cmd_lbolt_timeout) 3137 continue; 3138 3139 /* timeout */ 3140 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3141 } 3142 mutex_exit(&isp->sess_queue_pending.mutex); 3143 mutex_exit(&isp->sess_state_mutex); 3144 3145 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3146 icp = isp->sess_conn_list; 3147 while (icp != NULL) { 3148 3149 /* ACTIVE */ 3150 mutex_enter(&icp->conn_state_mutex); 3151 mutex_enter(&isp->sess_queue_pending.mutex); 3152 mutex_enter(&icp->conn_queue_active.mutex); 3153 for (icmdp = icp->conn_queue_active.head; 3154 icmdp; icmdp = nicmdp) { 3155 nicmdp = icmdp->cmd_next; 3156 3157 /* Skip entries with no timeout */ 3158 if (icmdp->cmd_lbolt_timeout == 0) 3159 continue; 3160 3161 /* Skip if command is not active */ 3162 if (icmdp->cmd_state != ISCSI_CMD_STATE_ACTIVE) 3163 continue; 3164 3165 /* Skip if timeout still in the future */ 3166 if (now <= icmdp->cmd_lbolt_timeout) 3167 continue; 3168 3169 /* timeout */ 3170 iscsi_cmd_state_machine(icmdp, ISCSI_CMD_EVENT_E6, isp); 3171 } 3172 mutex_exit(&icp->conn_queue_active.mutex); 3173 mutex_exit(&isp->sess_queue_pending.mutex); 3174 mutex_exit(&icp->conn_state_mutex); 3175 3176 icp = icp->conn_next; 3177 } 3178 rw_exit(&isp->sess_conn_list_rwlock); 3179 } 3180 3181 /* 3182 * iscsi_nop_checks - sends a NOP on idle connections 3183 * 3184 * This function walks the connections on a session and 3185 * issues NOPs on those connections that are in FULL 3186 * FEATURE mode and have not received data for the 3187 * time period specified by iscsi_nop_delay (global). 3188 */ 3189 static void 3190 iscsi_nop_checks(iscsi_sess_t *isp) 3191 { 3192 iscsi_conn_t *icp; 3193 3194 ASSERT(isp != NULL); 3195 3196 if (isp->sess_type == ISCSI_SESS_TYPE_DISCOVERY) { 3197 return; 3198 } 3199 3200 rw_enter(&isp->sess_conn_list_rwlock, RW_READER); 3201 icp = isp->sess_conn_act; 3202 if (icp != NULL) { 3203 3204 mutex_enter(&icp->conn_state_mutex); 3205 if ((ISCSI_CONN_STATE_FULL_FEATURE(icp->conn_state)) && 3206 (ddi_get_lbolt() > isp->sess_conn_act->conn_rx_lbolt + 3207 SEC_TO_TICK(iscsi_nop_delay)) && (ddi_get_lbolt() > 3208 isp->sess_conn_act->conn_nop_lbolt + 3209 SEC_TO_TICK(iscsi_nop_delay))) { 3210 3211 /* 3212 * We haven't received anything from the 3213 * target is a defined period of time, 3214 * send NOP to see if the target is alive. 3215 */ 3216 mutex_enter(&isp->sess_queue_pending.mutex); 3217 iscsi_handle_nop(isp->sess_conn_act, 3218 0, ISCSI_RSVD_TASK_TAG); 3219 mutex_exit(&isp->sess_queue_pending.mutex); 3220 } 3221 mutex_exit(&icp->conn_state_mutex); 3222 3223 icp = icp->conn_next; 3224 } 3225 rw_exit(&isp->sess_conn_list_rwlock); 3226 } 3227 3228 /* 3229 * +--------------------------------------------------------------------+ 3230 * | End of wd routines | 3231 * +--------------------------------------------------------------------+ 3232 */ 3233