2 * Copyright (c) 2006 - 2009 Mellanox Technology Inc. All rights reserved.
3 * Copyright (C) 2008 - 2011 Bart Van Assche <bvanassche@acm.org>.
5 * This software is available to you under a choice of one of two
6 * licenses. You may choose to be licensed under the terms of the GNU
7 * General Public License (GPL) Version 2, available from the file
8 * COPYING in the main directory of this source tree, or the
9 * OpenIB.org BSD license below:
11 * Redistribution and use in source and binary forms, with or
12 * without modification, are permitted provided that the following
15 * - Redistributions of source code must retain the above
16 * copyright notice, this list of conditions and the following
19 * - Redistributions in binary form must reproduce the above
20 * copyright notice, this list of conditions and the following
21 * disclaimer in the documentation and/or other materials
22 * provided with the distribution.
24 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
28 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
29 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
30 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
35 #include <linux/module.h>
36 #include <linux/init.h>
37 #include <linux/slab.h>
38 #include <linux/err.h>
39 #include <linux/ctype.h>
40 #include <linux/kthread.h>
41 #include <linux/string.h>
42 #include <linux/delay.h>
43 #include <linux/atomic.h>
44 #include <linux/inet.h>
45 #include <rdma/ib_cache.h>
46 #include <scsi/scsi_proto.h>
47 #include <scsi/scsi_tcq.h>
48 #include <target/target_core_base.h>
49 #include <target/target_core_fabric.h>
52 /* Name of this kernel module. */
53 #define DRV_NAME "ib_srpt"
55 #define SRPT_ID_STRING "Linux SRP target"
58 #define pr_fmt(fmt) DRV_NAME " " fmt
60 MODULE_AUTHOR("Vu Pham and Bart Van Assche");
61 MODULE_DESCRIPTION("SCSI RDMA Protocol target driver");
62 MODULE_LICENSE("Dual BSD/GPL");
68 static u64 srpt_service_guid;
69 static DEFINE_SPINLOCK(srpt_dev_lock); /* Protects srpt_dev_list. */
70 static LIST_HEAD(srpt_dev_list); /* List of srpt_device structures. */
72 static unsigned srp_max_req_size = DEFAULT_MAX_REQ_SIZE;
73 module_param(srp_max_req_size, int, 0444);
74 MODULE_PARM_DESC(srp_max_req_size,
75 "Maximum size of SRP request messages in bytes.");
77 static int srpt_srq_size = DEFAULT_SRPT_SRQ_SIZE;
78 module_param(srpt_srq_size, int, 0444);
79 MODULE_PARM_DESC(srpt_srq_size,
80 "Shared receive queue (SRQ) size.");
82 static int srpt_get_u64_x(char *buffer, const struct kernel_param *kp)
84 return sprintf(buffer, "0x%016llx\n", *(u64 *)kp->arg);
86 module_param_call(srpt_service_guid, NULL, srpt_get_u64_x, &srpt_service_guid,
88 MODULE_PARM_DESC(srpt_service_guid,
89 "Using this value for ioc_guid, id_ext, and cm_listen_id instead of using the node_guid of the first HCA.");
91 static struct ib_client srpt_client;
92 /* Protects both rdma_cm_port and rdma_cm_id. */
93 static DEFINE_MUTEX(rdma_cm_mutex);
94 /* Port number RDMA/CM will bind to. */
95 static u16 rdma_cm_port;
96 static struct rdma_cm_id *rdma_cm_id;
97 static void srpt_release_cmd(struct se_cmd *se_cmd);
98 static void srpt_free_ch(struct kref *kref);
99 static int srpt_queue_status(struct se_cmd *cmd);
100 static void srpt_recv_done(struct ib_cq *cq, struct ib_wc *wc);
101 static void srpt_send_done(struct ib_cq *cq, struct ib_wc *wc);
102 static void srpt_process_wait_list(struct srpt_rdma_ch *ch);
105 * The only allowed channel state changes are those that change the channel
106 * state into a state with a higher numerical value. Hence the new > prev test.
108 static bool srpt_set_ch_state(struct srpt_rdma_ch *ch, enum rdma_ch_state new)
111 enum rdma_ch_state prev;
112 bool changed = false;
114 spin_lock_irqsave(&ch->spinlock, flags);
120 spin_unlock_irqrestore(&ch->spinlock, flags);
126 * srpt_event_handler - asynchronous IB event callback function
127 * @handler: IB event handler registered by ib_register_event_handler().
128 * @event: Description of the event that occurred.
130 * Callback function called by the InfiniBand core when an asynchronous IB
131 * event occurs. This callback may occur in interrupt context. See also
132 * section 11.5.2, Set Asynchronous Event Handler in the InfiniBand
133 * Architecture Specification.
135 static void srpt_event_handler(struct ib_event_handler *handler,
136 struct ib_event *event)
138 struct srpt_device *sdev =
139 container_of(handler, struct srpt_device, event_handler);
140 struct srpt_port *sport;
143 pr_debug("ASYNC event= %d on device= %s\n", event->event,
144 dev_name(&sdev->device->dev));
146 switch (event->event) {
147 case IB_EVENT_PORT_ERR:
148 port_num = event->element.port_num - 1;
149 if (port_num < sdev->device->phys_port_cnt) {
150 sport = &sdev->port[port_num];
154 WARN(true, "event %d: port_num %d out of range 1..%d\n",
155 event->event, port_num + 1,
156 sdev->device->phys_port_cnt);
159 case IB_EVENT_PORT_ACTIVE:
160 case IB_EVENT_LID_CHANGE:
161 case IB_EVENT_PKEY_CHANGE:
162 case IB_EVENT_SM_CHANGE:
163 case IB_EVENT_CLIENT_REREGISTER:
164 case IB_EVENT_GID_CHANGE:
165 /* Refresh port data asynchronously. */
166 port_num = event->element.port_num - 1;
167 if (port_num < sdev->device->phys_port_cnt) {
168 sport = &sdev->port[port_num];
169 if (!sport->lid && !sport->sm_lid)
170 schedule_work(&sport->work);
172 WARN(true, "event %d: port_num %d out of range 1..%d\n",
173 event->event, port_num + 1,
174 sdev->device->phys_port_cnt);
178 pr_err("received unrecognized IB event %d\n", event->event);
184 * srpt_srq_event - SRQ event callback function
185 * @event: Description of the event that occurred.
186 * @ctx: Context pointer specified at SRQ creation time.
188 static void srpt_srq_event(struct ib_event *event, void *ctx)
190 pr_debug("SRQ event %d\n", event->event);
193 static const char *get_ch_state_name(enum rdma_ch_state s)
200 case CH_DISCONNECTING:
201 return "disconnecting";
204 case CH_DISCONNECTED:
205 return "disconnected";
211 * srpt_qp_event - QP event callback function
212 * @event: Description of the event that occurred.
213 * @ch: SRPT RDMA channel.
215 static void srpt_qp_event(struct ib_event *event, struct srpt_rdma_ch *ch)
217 pr_debug("QP event %d on ch=%p sess_name=%s-%d state=%s\n",
218 event->event, ch, ch->sess_name, ch->qp->qp_num,
219 get_ch_state_name(ch->state));
221 switch (event->event) {
222 case IB_EVENT_COMM_EST:
223 if (ch->using_rdma_cm)
224 rdma_notify(ch->rdma_cm.cm_id, event->event);
226 ib_cm_notify(ch->ib_cm.cm_id, event->event);
228 case IB_EVENT_QP_LAST_WQE_REACHED:
229 pr_debug("%s-%d, state %s: received Last WQE event.\n",
230 ch->sess_name, ch->qp->qp_num,
231 get_ch_state_name(ch->state));
234 pr_err("received unrecognized IB QP event %d\n", event->event);
240 * srpt_set_ioc - initialize a IOUnitInfo structure
241 * @c_list: controller list.
242 * @slot: one-based slot number.
243 * @value: four-bit value.
245 * Copies the lowest four bits of value in element slot of the array of four
246 * bit elements called c_list (controller list). The index slot is one-based.
248 static void srpt_set_ioc(u8 *c_list, u32 slot, u8 value)
255 tmp = c_list[id] & 0xf;
256 c_list[id] = (value << 4) | tmp;
258 tmp = c_list[id] & 0xf0;
259 c_list[id] = (value & 0xf) | tmp;
264 * srpt_get_class_port_info - copy ClassPortInfo to a management datagram
265 * @mad: Datagram that will be sent as response to DM_ATTR_CLASS_PORT_INFO.
267 * See also section 16.3.3.1 ClassPortInfo in the InfiniBand Architecture
270 static void srpt_get_class_port_info(struct ib_dm_mad *mad)
272 struct ib_class_port_info *cif;
274 cif = (struct ib_class_port_info *)mad->data;
275 memset(cif, 0, sizeof(*cif));
276 cif->base_version = 1;
277 cif->class_version = 1;
279 ib_set_cpi_resp_time(cif, 20);
280 mad->mad_hdr.status = 0;
284 * srpt_get_iou - write IOUnitInfo to a management datagram
285 * @mad: Datagram that will be sent as response to DM_ATTR_IOU_INFO.
287 * See also section 16.3.3.3 IOUnitInfo in the InfiniBand Architecture
288 * Specification. See also section B.7, table B.6 in the SRP r16a document.
290 static void srpt_get_iou(struct ib_dm_mad *mad)
292 struct ib_dm_iou_info *ioui;
296 ioui = (struct ib_dm_iou_info *)mad->data;
297 ioui->change_id = cpu_to_be16(1);
298 ioui->max_controllers = 16;
300 /* set present for slot 1 and empty for the rest */
301 srpt_set_ioc(ioui->controller_list, 1, 1);
302 for (i = 1, slot = 2; i < 16; i++, slot++)
303 srpt_set_ioc(ioui->controller_list, slot, 0);
305 mad->mad_hdr.status = 0;
309 * srpt_get_ioc - write IOControllerprofile to a management datagram
310 * @sport: HCA port through which the MAD has been received.
311 * @slot: Slot number specified in DM_ATTR_IOC_PROFILE query.
312 * @mad: Datagram that will be sent as response to DM_ATTR_IOC_PROFILE.
314 * See also section 16.3.3.4 IOControllerProfile in the InfiniBand
315 * Architecture Specification. See also section B.7, table B.7 in the SRP
318 static void srpt_get_ioc(struct srpt_port *sport, u32 slot,
319 struct ib_dm_mad *mad)
321 struct srpt_device *sdev = sport->sdev;
322 struct ib_dm_ioc_profile *iocp;
323 int send_queue_depth;
325 iocp = (struct ib_dm_ioc_profile *)mad->data;
327 if (!slot || slot > 16) {
329 = cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD);
335 = cpu_to_be16(DM_MAD_STATUS_NO_IOC);
340 send_queue_depth = sdev->srq_size;
342 send_queue_depth = min(MAX_SRPT_RQ_SIZE,
343 sdev->device->attrs.max_qp_wr);
345 memset(iocp, 0, sizeof(*iocp));
346 strcpy(iocp->id_string, SRPT_ID_STRING);
347 iocp->guid = cpu_to_be64(srpt_service_guid);
348 iocp->vendor_id = cpu_to_be32(sdev->device->attrs.vendor_id);
349 iocp->device_id = cpu_to_be32(sdev->device->attrs.vendor_part_id);
350 iocp->device_version = cpu_to_be16(sdev->device->attrs.hw_ver);
351 iocp->subsys_vendor_id = cpu_to_be32(sdev->device->attrs.vendor_id);
352 iocp->subsys_device_id = 0x0;
353 iocp->io_class = cpu_to_be16(SRP_REV16A_IB_IO_CLASS);
354 iocp->io_subclass = cpu_to_be16(SRP_IO_SUBCLASS);
355 iocp->protocol = cpu_to_be16(SRP_PROTOCOL);
356 iocp->protocol_version = cpu_to_be16(SRP_PROTOCOL_VERSION);
357 iocp->send_queue_depth = cpu_to_be16(send_queue_depth);
358 iocp->rdma_read_depth = 4;
359 iocp->send_size = cpu_to_be32(srp_max_req_size);
360 iocp->rdma_size = cpu_to_be32(min(sport->port_attrib.srp_max_rdma_size,
362 iocp->num_svc_entries = 1;
363 iocp->op_cap_mask = SRP_SEND_TO_IOC | SRP_SEND_FROM_IOC |
364 SRP_RDMA_READ_FROM_IOC | SRP_RDMA_WRITE_FROM_IOC;
366 mad->mad_hdr.status = 0;
370 * srpt_get_svc_entries - write ServiceEntries to a management datagram
371 * @ioc_guid: I/O controller GUID to use in reply.
372 * @slot: I/O controller number.
373 * @hi: End of the range of service entries to be specified in the reply.
374 * @lo: Start of the range of service entries to be specified in the reply..
375 * @mad: Datagram that will be sent as response to DM_ATTR_SVC_ENTRIES.
377 * See also section 16.3.3.5 ServiceEntries in the InfiniBand Architecture
378 * Specification. See also section B.7, table B.8 in the SRP r16a document.
380 static void srpt_get_svc_entries(u64 ioc_guid,
381 u16 slot, u8 hi, u8 lo, struct ib_dm_mad *mad)
383 struct ib_dm_svc_entries *svc_entries;
387 if (!slot || slot > 16) {
389 = cpu_to_be16(DM_MAD_STATUS_INVALID_FIELD);
393 if (slot > 2 || lo > hi || hi > 1) {
395 = cpu_to_be16(DM_MAD_STATUS_NO_IOC);
399 svc_entries = (struct ib_dm_svc_entries *)mad->data;
400 memset(svc_entries, 0, sizeof(*svc_entries));
401 svc_entries->service_entries[0].id = cpu_to_be64(ioc_guid);
402 snprintf(svc_entries->service_entries[0].name,
403 sizeof(svc_entries->service_entries[0].name),
405 SRP_SERVICE_NAME_PREFIX,
408 mad->mad_hdr.status = 0;
412 * srpt_mgmt_method_get - process a received management datagram
413 * @sp: HCA port through which the MAD has been received.
414 * @rq_mad: received MAD.
415 * @rsp_mad: response MAD.
417 static void srpt_mgmt_method_get(struct srpt_port *sp, struct ib_mad *rq_mad,
418 struct ib_dm_mad *rsp_mad)
424 attr_id = be16_to_cpu(rq_mad->mad_hdr.attr_id);
426 case DM_ATTR_CLASS_PORT_INFO:
427 srpt_get_class_port_info(rsp_mad);
429 case DM_ATTR_IOU_INFO:
430 srpt_get_iou(rsp_mad);
432 case DM_ATTR_IOC_PROFILE:
433 slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod);
434 srpt_get_ioc(sp, slot, rsp_mad);
436 case DM_ATTR_SVC_ENTRIES:
437 slot = be32_to_cpu(rq_mad->mad_hdr.attr_mod);
438 hi = (u8) ((slot >> 8) & 0xff);
439 lo = (u8) (slot & 0xff);
440 slot = (u16) ((slot >> 16) & 0xffff);
441 srpt_get_svc_entries(srpt_service_guid,
442 slot, hi, lo, rsp_mad);
445 rsp_mad->mad_hdr.status =
446 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR);
452 * srpt_mad_send_handler - MAD send completion callback
453 * @mad_agent: Return value of ib_register_mad_agent().
454 * @mad_wc: Work completion reporting that the MAD has been sent.
456 static void srpt_mad_send_handler(struct ib_mad_agent *mad_agent,
457 struct ib_mad_send_wc *mad_wc)
459 rdma_destroy_ah(mad_wc->send_buf->ah, RDMA_DESTROY_AH_SLEEPABLE);
460 ib_free_send_mad(mad_wc->send_buf);
464 * srpt_mad_recv_handler - MAD reception callback function
465 * @mad_agent: Return value of ib_register_mad_agent().
466 * @send_buf: Not used.
467 * @mad_wc: Work completion reporting that a MAD has been received.
469 static void srpt_mad_recv_handler(struct ib_mad_agent *mad_agent,
470 struct ib_mad_send_buf *send_buf,
471 struct ib_mad_recv_wc *mad_wc)
473 struct srpt_port *sport = (struct srpt_port *)mad_agent->context;
475 struct ib_mad_send_buf *rsp;
476 struct ib_dm_mad *dm_mad;
478 if (!mad_wc || !mad_wc->recv_buf.mad)
481 ah = ib_create_ah_from_wc(mad_agent->qp->pd, mad_wc->wc,
482 mad_wc->recv_buf.grh, mad_agent->port_num);
486 BUILD_BUG_ON(offsetof(struct ib_dm_mad, data) != IB_MGMT_DEVICE_HDR);
488 rsp = ib_create_send_mad(mad_agent, mad_wc->wc->src_qp,
489 mad_wc->wc->pkey_index, 0,
490 IB_MGMT_DEVICE_HDR, IB_MGMT_DEVICE_DATA,
492 IB_MGMT_BASE_VERSION);
499 memcpy(dm_mad, mad_wc->recv_buf.mad, sizeof(*dm_mad));
500 dm_mad->mad_hdr.method = IB_MGMT_METHOD_GET_RESP;
501 dm_mad->mad_hdr.status = 0;
503 switch (mad_wc->recv_buf.mad->mad_hdr.method) {
504 case IB_MGMT_METHOD_GET:
505 srpt_mgmt_method_get(sport, mad_wc->recv_buf.mad, dm_mad);
507 case IB_MGMT_METHOD_SET:
508 dm_mad->mad_hdr.status =
509 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD_ATTR);
512 dm_mad->mad_hdr.status =
513 cpu_to_be16(DM_MAD_STATUS_UNSUP_METHOD);
517 if (!ib_post_send_mad(rsp, NULL)) {
518 ib_free_recv_mad(mad_wc);
519 /* will destroy_ah & free_send_mad in send completion */
523 ib_free_send_mad(rsp);
526 rdma_destroy_ah(ah, RDMA_DESTROY_AH_SLEEPABLE);
528 ib_free_recv_mad(mad_wc);
531 static int srpt_format_guid(char *buf, unsigned int size, const __be64 *guid)
533 const __be16 *g = (const __be16 *)guid;
535 return snprintf(buf, size, "%04x:%04x:%04x:%04x",
536 be16_to_cpu(g[0]), be16_to_cpu(g[1]),
537 be16_to_cpu(g[2]), be16_to_cpu(g[3]));
541 * srpt_refresh_port - configure a HCA port
542 * @sport: SRPT HCA port.
544 * Enable InfiniBand management datagram processing, update the cached sm_lid,
545 * lid and gid values, and register a callback function for processing MADs
546 * on the specified port.
548 * Note: It is safe to call this function more than once for the same port.
550 static int srpt_refresh_port(struct srpt_port *sport)
552 struct ib_mad_reg_req reg_req;
553 struct ib_port_modify port_modify;
554 struct ib_port_attr port_attr;
557 ret = ib_query_port(sport->sdev->device, sport->port, &port_attr);
561 sport->sm_lid = port_attr.sm_lid;
562 sport->lid = port_attr.lid;
564 ret = rdma_query_gid(sport->sdev->device, sport->port, 0, &sport->gid);
568 srpt_format_guid(sport->guid_name, ARRAY_SIZE(sport->guid_name),
569 &sport->gid.global.interface_id);
570 snprintf(sport->gid_name, ARRAY_SIZE(sport->gid_name),
572 be64_to_cpu(sport->gid.global.subnet_prefix),
573 be64_to_cpu(sport->gid.global.interface_id));
575 if (rdma_protocol_iwarp(sport->sdev->device, sport->port))
578 memset(&port_modify, 0, sizeof(port_modify));
579 port_modify.set_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP;
580 port_modify.clr_port_cap_mask = 0;
582 ret = ib_modify_port(sport->sdev->device, sport->port, 0, &port_modify);
584 pr_warn("%s-%d: enabling device management failed (%d). Note: this is expected if SR-IOV is enabled.\n",
585 dev_name(&sport->sdev->device->dev), sport->port, ret);
589 if (!sport->mad_agent) {
590 memset(®_req, 0, sizeof(reg_req));
591 reg_req.mgmt_class = IB_MGMT_CLASS_DEVICE_MGMT;
592 reg_req.mgmt_class_version = IB_MGMT_BASE_VERSION;
593 set_bit(IB_MGMT_METHOD_GET, reg_req.method_mask);
594 set_bit(IB_MGMT_METHOD_SET, reg_req.method_mask);
596 sport->mad_agent = ib_register_mad_agent(sport->sdev->device,
600 srpt_mad_send_handler,
601 srpt_mad_recv_handler,
603 if (IS_ERR(sport->mad_agent)) {
604 pr_err("%s-%d: MAD agent registration failed (%ld). Note: this is expected if SR-IOV is enabled.\n",
605 dev_name(&sport->sdev->device->dev), sport->port,
606 PTR_ERR(sport->mad_agent));
607 sport->mad_agent = NULL;
608 memset(&port_modify, 0, sizeof(port_modify));
609 port_modify.clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP;
610 ib_modify_port(sport->sdev->device, sport->port, 0,
620 * srpt_unregister_mad_agent - unregister MAD callback functions
621 * @sdev: SRPT HCA pointer.
622 * @port_cnt: number of ports with registered MAD
624 * Note: It is safe to call this function more than once for the same device.
626 static void srpt_unregister_mad_agent(struct srpt_device *sdev, int port_cnt)
628 struct ib_port_modify port_modify = {
629 .clr_port_cap_mask = IB_PORT_DEVICE_MGMT_SUP,
631 struct srpt_port *sport;
634 for (i = 1; i <= port_cnt; i++) {
635 sport = &sdev->port[i - 1];
636 WARN_ON(sport->port != i);
637 if (sport->mad_agent) {
638 ib_modify_port(sdev->device, i, 0, &port_modify);
639 ib_unregister_mad_agent(sport->mad_agent);
640 sport->mad_agent = NULL;
646 * srpt_alloc_ioctx - allocate a SRPT I/O context structure
647 * @sdev: SRPT HCA pointer.
648 * @ioctx_size: I/O context size.
649 * @buf_cache: I/O buffer cache.
650 * @dir: DMA data direction.
652 static struct srpt_ioctx *srpt_alloc_ioctx(struct srpt_device *sdev,
654 struct kmem_cache *buf_cache,
655 enum dma_data_direction dir)
657 struct srpt_ioctx *ioctx;
659 ioctx = kzalloc(ioctx_size, GFP_KERNEL);
663 ioctx->buf = kmem_cache_alloc(buf_cache, GFP_KERNEL);
667 ioctx->dma = ib_dma_map_single(sdev->device, ioctx->buf,
668 kmem_cache_size(buf_cache), dir);
669 if (ib_dma_mapping_error(sdev->device, ioctx->dma))
675 kmem_cache_free(buf_cache, ioctx->buf);
683 * srpt_free_ioctx - free a SRPT I/O context structure
684 * @sdev: SRPT HCA pointer.
685 * @ioctx: I/O context pointer.
686 * @buf_cache: I/O buffer cache.
687 * @dir: DMA data direction.
689 static void srpt_free_ioctx(struct srpt_device *sdev, struct srpt_ioctx *ioctx,
690 struct kmem_cache *buf_cache,
691 enum dma_data_direction dir)
696 ib_dma_unmap_single(sdev->device, ioctx->dma,
697 kmem_cache_size(buf_cache), dir);
698 kmem_cache_free(buf_cache, ioctx->buf);
703 * srpt_alloc_ioctx_ring - allocate a ring of SRPT I/O context structures
704 * @sdev: Device to allocate the I/O context ring for.
705 * @ring_size: Number of elements in the I/O context ring.
706 * @ioctx_size: I/O context size.
707 * @buf_cache: I/O buffer cache.
708 * @alignment_offset: Offset in each ring buffer at which the SRP information
710 * @dir: DMA data direction.
712 static struct srpt_ioctx **srpt_alloc_ioctx_ring(struct srpt_device *sdev,
713 int ring_size, int ioctx_size,
714 struct kmem_cache *buf_cache,
715 int alignment_offset,
716 enum dma_data_direction dir)
718 struct srpt_ioctx **ring;
721 WARN_ON(ioctx_size != sizeof(struct srpt_recv_ioctx) &&
722 ioctx_size != sizeof(struct srpt_send_ioctx));
724 ring = kvmalloc_array(ring_size, sizeof(ring[0]), GFP_KERNEL);
727 for (i = 0; i < ring_size; ++i) {
728 ring[i] = srpt_alloc_ioctx(sdev, ioctx_size, buf_cache, dir);
732 ring[i]->offset = alignment_offset;
738 srpt_free_ioctx(sdev, ring[i], buf_cache, dir);
746 * srpt_free_ioctx_ring - free the ring of SRPT I/O context structures
747 * @ioctx_ring: I/O context ring to be freed.
748 * @sdev: SRPT HCA pointer.
749 * @ring_size: Number of ring elements.
750 * @buf_cache: I/O buffer cache.
751 * @dir: DMA data direction.
753 static void srpt_free_ioctx_ring(struct srpt_ioctx **ioctx_ring,
754 struct srpt_device *sdev, int ring_size,
755 struct kmem_cache *buf_cache,
756 enum dma_data_direction dir)
763 for (i = 0; i < ring_size; ++i)
764 srpt_free_ioctx(sdev, ioctx_ring[i], buf_cache, dir);
769 * srpt_set_cmd_state - set the state of a SCSI command
770 * @ioctx: Send I/O context.
771 * @new: New I/O context state.
773 * Does not modify the state of aborted commands. Returns the previous command
776 static enum srpt_command_state srpt_set_cmd_state(struct srpt_send_ioctx *ioctx,
777 enum srpt_command_state new)
779 enum srpt_command_state previous;
781 previous = ioctx->state;
782 if (previous != SRPT_STATE_DONE)
789 * srpt_test_and_set_cmd_state - test and set the state of a command
790 * @ioctx: Send I/O context.
791 * @old: Current I/O context state.
792 * @new: New I/O context state.
794 * Returns true if and only if the previous command state was equal to 'old'.
796 static bool srpt_test_and_set_cmd_state(struct srpt_send_ioctx *ioctx,
797 enum srpt_command_state old,
798 enum srpt_command_state new)
800 enum srpt_command_state previous;
803 WARN_ON(old == SRPT_STATE_DONE);
804 WARN_ON(new == SRPT_STATE_NEW);
806 previous = ioctx->state;
810 return previous == old;
814 * srpt_post_recv - post an IB receive request
815 * @sdev: SRPT HCA pointer.
816 * @ch: SRPT RDMA channel.
817 * @ioctx: Receive I/O context pointer.
819 static int srpt_post_recv(struct srpt_device *sdev, struct srpt_rdma_ch *ch,
820 struct srpt_recv_ioctx *ioctx)
823 struct ib_recv_wr wr;
826 list.addr = ioctx->ioctx.dma + ioctx->ioctx.offset;
827 list.length = srp_max_req_size;
828 list.lkey = sdev->lkey;
830 ioctx->ioctx.cqe.done = srpt_recv_done;
831 wr.wr_cqe = &ioctx->ioctx.cqe;
837 return ib_post_srq_recv(sdev->srq, &wr, NULL);
839 return ib_post_recv(ch->qp, &wr, NULL);
843 * srpt_zerolength_write - perform a zero-length RDMA write
844 * @ch: SRPT RDMA channel.
846 * A quote from the InfiniBand specification: C9-88: For an HCA responder
847 * using Reliable Connection service, for each zero-length RDMA READ or WRITE
848 * request, the R_Key shall not be validated, even if the request includes
851 static int srpt_zerolength_write(struct srpt_rdma_ch *ch)
853 struct ib_rdma_wr wr = {
856 { .wr_cqe = &ch->zw_cqe, },
857 .opcode = IB_WR_RDMA_WRITE,
858 .send_flags = IB_SEND_SIGNALED,
862 pr_debug("%s-%d: queued zerolength write\n", ch->sess_name,
865 return ib_post_send(ch->qp, &wr.wr, NULL);
868 static void srpt_zerolength_write_done(struct ib_cq *cq, struct ib_wc *wc)
870 struct srpt_rdma_ch *ch = wc->qp->qp_context;
872 pr_debug("%s-%d wc->status %d\n", ch->sess_name, ch->qp->qp_num,
875 if (wc->status == IB_WC_SUCCESS) {
876 srpt_process_wait_list(ch);
878 if (srpt_set_ch_state(ch, CH_DISCONNECTED))
879 schedule_work(&ch->release_work);
881 pr_debug("%s-%d: already disconnected.\n",
882 ch->sess_name, ch->qp->qp_num);
886 static int srpt_alloc_rw_ctxs(struct srpt_send_ioctx *ioctx,
887 struct srp_direct_buf *db, int nbufs, struct scatterlist **sg,
890 enum dma_data_direction dir = target_reverse_dma_direction(&ioctx->cmd);
891 struct srpt_rdma_ch *ch = ioctx->ch;
892 struct scatterlist *prev = NULL;
897 ioctx->rw_ctxs = &ioctx->s_rw_ctx;
899 ioctx->rw_ctxs = kmalloc_array(nbufs, sizeof(*ioctx->rw_ctxs),
905 for (i = ioctx->n_rw_ctx; i < nbufs; i++, db++) {
906 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i];
907 u64 remote_addr = be64_to_cpu(db->va);
908 u32 size = be32_to_cpu(db->len);
909 u32 rkey = be32_to_cpu(db->key);
911 ret = target_alloc_sgl(&ctx->sg, &ctx->nents, size, false,
916 ret = rdma_rw_ctx_init(&ctx->rw, ch->qp, ch->sport->port,
917 ctx->sg, ctx->nents, 0, remote_addr, rkey, dir);
919 target_free_sgl(ctx->sg, ctx->nents);
923 ioctx->n_rdma += ret;
927 sg_unmark_end(&prev[prev_nents - 1]);
928 sg_chain(prev, prev_nents + 1, ctx->sg);
934 prev_nents = ctx->nents;
936 *sg_cnt += ctx->nents;
943 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i];
945 rdma_rw_ctx_destroy(&ctx->rw, ch->qp, ch->sport->port,
946 ctx->sg, ctx->nents, dir);
947 target_free_sgl(ctx->sg, ctx->nents);
949 if (ioctx->rw_ctxs != &ioctx->s_rw_ctx)
950 kfree(ioctx->rw_ctxs);
954 static void srpt_free_rw_ctxs(struct srpt_rdma_ch *ch,
955 struct srpt_send_ioctx *ioctx)
957 enum dma_data_direction dir = target_reverse_dma_direction(&ioctx->cmd);
960 for (i = 0; i < ioctx->n_rw_ctx; i++) {
961 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i];
963 rdma_rw_ctx_destroy(&ctx->rw, ch->qp, ch->sport->port,
964 ctx->sg, ctx->nents, dir);
965 target_free_sgl(ctx->sg, ctx->nents);
968 if (ioctx->rw_ctxs != &ioctx->s_rw_ctx)
969 kfree(ioctx->rw_ctxs);
972 static inline void *srpt_get_desc_buf(struct srp_cmd *srp_cmd)
975 * The pointer computations below will only be compiled correctly
976 * if srp_cmd::add_data is declared as s8*, u8*, s8[] or u8[], so check
977 * whether srp_cmd::add_data has been declared as a byte pointer.
979 BUILD_BUG_ON(!__same_type(srp_cmd->add_data[0], (s8)0) &&
980 !__same_type(srp_cmd->add_data[0], (u8)0));
983 * According to the SRP spec, the lower two bits of the 'ADDITIONAL
984 * CDB LENGTH' field are reserved and the size in bytes of this field
985 * is four times the value specified in bits 3..7. Hence the "& ~3".
987 return srp_cmd->add_data + (srp_cmd->add_cdb_len & ~3);
991 * srpt_get_desc_tbl - parse the data descriptors of a SRP_CMD request
992 * @recv_ioctx: I/O context associated with the received command @srp_cmd.
993 * @ioctx: I/O context that will be used for responding to the initiator.
994 * @srp_cmd: Pointer to the SRP_CMD request data.
995 * @dir: Pointer to the variable to which the transfer direction will be
997 * @sg: [out] scatterlist for the parsed SRP_CMD.
998 * @sg_cnt: [out] length of @sg.
999 * @data_len: Pointer to the variable to which the total data length of all
1000 * descriptors in the SRP_CMD request will be written.
1001 * @imm_data_offset: [in] Offset in SRP_CMD requests at which immediate data
1004 * This function initializes ioctx->nrbuf and ioctx->r_bufs.
1006 * Returns -EINVAL when the SRP_CMD request contains inconsistent descriptors;
1007 * -ENOMEM when memory allocation fails and zero upon success.
1009 static int srpt_get_desc_tbl(struct srpt_recv_ioctx *recv_ioctx,
1010 struct srpt_send_ioctx *ioctx,
1011 struct srp_cmd *srp_cmd, enum dma_data_direction *dir,
1012 struct scatterlist **sg, unsigned int *sg_cnt, u64 *data_len,
1013 u16 imm_data_offset)
1019 * The lower four bits of the buffer format field contain the DATA-IN
1020 * buffer descriptor format, and the highest four bits contain the
1021 * DATA-OUT buffer descriptor format.
1023 if (srp_cmd->buf_fmt & 0xf)
1024 /* DATA-IN: transfer data from target to initiator (read). */
1025 *dir = DMA_FROM_DEVICE;
1026 else if (srp_cmd->buf_fmt >> 4)
1027 /* DATA-OUT: transfer data from initiator to target (write). */
1028 *dir = DMA_TO_DEVICE;
1032 /* initialize data_direction early as srpt_alloc_rw_ctxs needs it */
1033 ioctx->cmd.data_direction = *dir;
1035 if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_DIRECT) ||
1036 ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_DIRECT)) {
1037 struct srp_direct_buf *db = srpt_get_desc_buf(srp_cmd);
1039 *data_len = be32_to_cpu(db->len);
1040 return srpt_alloc_rw_ctxs(ioctx, db, 1, sg, sg_cnt);
1041 } else if (((srp_cmd->buf_fmt & 0xf) == SRP_DATA_DESC_INDIRECT) ||
1042 ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_INDIRECT)) {
1043 struct srp_indirect_buf *idb = srpt_get_desc_buf(srp_cmd);
1044 int nbufs = be32_to_cpu(idb->table_desc.len) /
1045 sizeof(struct srp_direct_buf);
1048 (srp_cmd->data_out_desc_cnt + srp_cmd->data_in_desc_cnt)) {
1049 pr_err("received unsupported SRP_CMD request type (%u out + %u in != %u / %zu)\n",
1050 srp_cmd->data_out_desc_cnt,
1051 srp_cmd->data_in_desc_cnt,
1052 be32_to_cpu(idb->table_desc.len),
1053 sizeof(struct srp_direct_buf));
1057 *data_len = be32_to_cpu(idb->len);
1058 return srpt_alloc_rw_ctxs(ioctx, idb->desc_list, nbufs,
1060 } else if ((srp_cmd->buf_fmt >> 4) == SRP_DATA_DESC_IMM) {
1061 struct srp_imm_buf *imm_buf = srpt_get_desc_buf(srp_cmd);
1062 void *data = (void *)srp_cmd + imm_data_offset;
1063 uint32_t len = be32_to_cpu(imm_buf->len);
1064 uint32_t req_size = imm_data_offset + len;
1066 if (req_size > srp_max_req_size) {
1067 pr_err("Immediate data (length %d + %d) exceeds request size %d\n",
1068 imm_data_offset, len, srp_max_req_size);
1071 if (recv_ioctx->byte_len < req_size) {
1072 pr_err("Received too few data - %d < %d\n",
1073 recv_ioctx->byte_len, req_size);
1077 * The immediate data buffer descriptor must occur before the
1078 * immediate data itself.
1080 if ((void *)(imm_buf + 1) > (void *)data) {
1081 pr_err("Received invalid write request\n");
1085 ioctx->recv_ioctx = recv_ioctx;
1086 if ((uintptr_t)data & 511) {
1087 pr_warn_once("Internal error - the receive buffers are not aligned properly.\n");
1090 sg_init_one(&ioctx->imm_sg, data, len);
1091 *sg = &ioctx->imm_sg;
1101 * srpt_init_ch_qp - initialize queue pair attributes
1102 * @ch: SRPT RDMA channel.
1103 * @qp: Queue pair pointer.
1105 * Initialized the attributes of queue pair 'qp' by allowing local write,
1106 * remote read and remote write. Also transitions 'qp' to state IB_QPS_INIT.
1108 static int srpt_init_ch_qp(struct srpt_rdma_ch *ch, struct ib_qp *qp)
1110 struct ib_qp_attr *attr;
1113 WARN_ON_ONCE(ch->using_rdma_cm);
1115 attr = kzalloc(sizeof(*attr), GFP_KERNEL);
1119 attr->qp_state = IB_QPS_INIT;
1120 attr->qp_access_flags = IB_ACCESS_LOCAL_WRITE;
1121 attr->port_num = ch->sport->port;
1123 ret = ib_find_cached_pkey(ch->sport->sdev->device, ch->sport->port,
1124 ch->pkey, &attr->pkey_index);
1126 pr_err("Translating pkey %#x failed (%d) - using index 0\n",
1129 ret = ib_modify_qp(qp, attr,
1130 IB_QP_STATE | IB_QP_ACCESS_FLAGS | IB_QP_PORT |
1138 * srpt_ch_qp_rtr - change the state of a channel to 'ready to receive' (RTR)
1139 * @ch: channel of the queue pair.
1140 * @qp: queue pair to change the state of.
1142 * Returns zero upon success and a negative value upon failure.
1144 * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system.
1145 * If this structure ever becomes larger, it might be necessary to allocate
1146 * it dynamically instead of on the stack.
1148 static int srpt_ch_qp_rtr(struct srpt_rdma_ch *ch, struct ib_qp *qp)
1150 struct ib_qp_attr qp_attr;
1154 WARN_ON_ONCE(ch->using_rdma_cm);
1156 qp_attr.qp_state = IB_QPS_RTR;
1157 ret = ib_cm_init_qp_attr(ch->ib_cm.cm_id, &qp_attr, &attr_mask);
1161 qp_attr.max_dest_rd_atomic = 4;
1163 ret = ib_modify_qp(qp, &qp_attr, attr_mask);
1170 * srpt_ch_qp_rts - change the state of a channel to 'ready to send' (RTS)
1171 * @ch: channel of the queue pair.
1172 * @qp: queue pair to change the state of.
1174 * Returns zero upon success and a negative value upon failure.
1176 * Note: currently a struct ib_qp_attr takes 136 bytes on a 64-bit system.
1177 * If this structure ever becomes larger, it might be necessary to allocate
1178 * it dynamically instead of on the stack.
1180 static int srpt_ch_qp_rts(struct srpt_rdma_ch *ch, struct ib_qp *qp)
1182 struct ib_qp_attr qp_attr;
1186 qp_attr.qp_state = IB_QPS_RTS;
1187 ret = ib_cm_init_qp_attr(ch->ib_cm.cm_id, &qp_attr, &attr_mask);
1191 qp_attr.max_rd_atomic = 4;
1193 ret = ib_modify_qp(qp, &qp_attr, attr_mask);
1200 * srpt_ch_qp_err - set the channel queue pair state to 'error'
1201 * @ch: SRPT RDMA channel.
1203 static int srpt_ch_qp_err(struct srpt_rdma_ch *ch)
1205 struct ib_qp_attr qp_attr;
1207 qp_attr.qp_state = IB_QPS_ERR;
1208 return ib_modify_qp(ch->qp, &qp_attr, IB_QP_STATE);
1212 * srpt_get_send_ioctx - obtain an I/O context for sending to the initiator
1213 * @ch: SRPT RDMA channel.
1215 static struct srpt_send_ioctx *srpt_get_send_ioctx(struct srpt_rdma_ch *ch)
1217 struct srpt_send_ioctx *ioctx;
1222 tag = sbitmap_queue_get(&ch->sess->sess_tag_pool, &cpu);
1226 ioctx = ch->ioctx_ring[tag];
1227 BUG_ON(ioctx->ch != ch);
1228 ioctx->state = SRPT_STATE_NEW;
1229 WARN_ON_ONCE(ioctx->recv_ioctx);
1231 ioctx->n_rw_ctx = 0;
1232 ioctx->queue_status_only = false;
1234 * transport_init_se_cmd() does not initialize all fields, so do it
1237 memset(&ioctx->cmd, 0, sizeof(ioctx->cmd));
1238 memset(&ioctx->sense_data, 0, sizeof(ioctx->sense_data));
1239 ioctx->cmd.map_tag = tag;
1240 ioctx->cmd.map_cpu = cpu;
1246 * srpt_abort_cmd - abort a SCSI command
1247 * @ioctx: I/O context associated with the SCSI command.
1249 static int srpt_abort_cmd(struct srpt_send_ioctx *ioctx)
1251 enum srpt_command_state state;
1256 * If the command is in a state where the target core is waiting for
1257 * the ib_srpt driver, change the state to the next state.
1260 state = ioctx->state;
1262 case SRPT_STATE_NEED_DATA:
1263 ioctx->state = SRPT_STATE_DATA_IN;
1265 case SRPT_STATE_CMD_RSP_SENT:
1266 case SRPT_STATE_MGMT_RSP_SENT:
1267 ioctx->state = SRPT_STATE_DONE;
1270 WARN_ONCE(true, "%s: unexpected I/O context state %d\n",
1275 pr_debug("Aborting cmd with state %d -> %d and tag %lld\n", state,
1276 ioctx->state, ioctx->cmd.tag);
1279 case SRPT_STATE_NEW:
1280 case SRPT_STATE_DATA_IN:
1281 case SRPT_STATE_MGMT:
1282 case SRPT_STATE_DONE:
1284 * Do nothing - defer abort processing until
1285 * srpt_queue_response() is invoked.
1288 case SRPT_STATE_NEED_DATA:
1289 pr_debug("tag %#llx: RDMA read error\n", ioctx->cmd.tag);
1290 transport_generic_request_failure(&ioctx->cmd,
1291 TCM_CHECK_CONDITION_ABORT_CMD);
1293 case SRPT_STATE_CMD_RSP_SENT:
1295 * SRP_RSP sending failed or the SRP_RSP send completion has
1296 * not been received in time.
1298 transport_generic_free_cmd(&ioctx->cmd, 0);
1300 case SRPT_STATE_MGMT_RSP_SENT:
1301 transport_generic_free_cmd(&ioctx->cmd, 0);
1304 WARN(1, "Unexpected command state (%d)", state);
1312 * srpt_rdma_read_done - RDMA read completion callback
1313 * @cq: Completion queue.
1314 * @wc: Work completion.
1316 * XXX: what is now target_execute_cmd used to be asynchronous, and unmapping
1317 * the data that has been transferred via IB RDMA had to be postponed until the
1318 * check_stop_free() callback. None of this is necessary anymore and needs to
1321 static void srpt_rdma_read_done(struct ib_cq *cq, struct ib_wc *wc)
1323 struct srpt_rdma_ch *ch = wc->qp->qp_context;
1324 struct srpt_send_ioctx *ioctx =
1325 container_of(wc->wr_cqe, struct srpt_send_ioctx, rdma_cqe);
1327 WARN_ON(ioctx->n_rdma <= 0);
1328 atomic_add(ioctx->n_rdma, &ch->sq_wr_avail);
1331 if (unlikely(wc->status != IB_WC_SUCCESS)) {
1332 pr_info("RDMA_READ for ioctx 0x%p failed with status %d\n",
1334 srpt_abort_cmd(ioctx);
1338 if (srpt_test_and_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA,
1339 SRPT_STATE_DATA_IN))
1340 target_execute_cmd(&ioctx->cmd);
1342 pr_err("%s[%d]: wrong state = %d\n", __func__,
1343 __LINE__, ioctx->state);
1347 * srpt_build_cmd_rsp - build a SRP_RSP response
1348 * @ch: RDMA channel through which the request has been received.
1349 * @ioctx: I/O context associated with the SRP_CMD request. The response will
1350 * be built in the buffer ioctx->buf points at and hence this function will
1351 * overwrite the request data.
1352 * @tag: tag of the request for which this response is being generated.
1353 * @status: value for the STATUS field of the SRP_RSP information unit.
1355 * Returns the size in bytes of the SRP_RSP response.
1357 * An SRP_RSP response contains a SCSI status or service response. See also
1358 * section 6.9 in the SRP r16a document for the format of an SRP_RSP
1359 * response. See also SPC-2 for more information about sense data.
1361 static int srpt_build_cmd_rsp(struct srpt_rdma_ch *ch,
1362 struct srpt_send_ioctx *ioctx, u64 tag,
1365 struct se_cmd *cmd = &ioctx->cmd;
1366 struct srp_rsp *srp_rsp;
1367 const u8 *sense_data;
1368 int sense_data_len, max_sense_len;
1369 u32 resid = cmd->residual_count;
1372 * The lowest bit of all SAM-3 status codes is zero (see also
1373 * paragraph 5.3 in SAM-3).
1375 WARN_ON(status & 1);
1377 srp_rsp = ioctx->ioctx.buf;
1380 sense_data = ioctx->sense_data;
1381 sense_data_len = ioctx->cmd.scsi_sense_length;
1382 WARN_ON(sense_data_len > sizeof(ioctx->sense_data));
1384 memset(srp_rsp, 0, sizeof(*srp_rsp));
1385 srp_rsp->opcode = SRP_RSP;
1386 srp_rsp->req_lim_delta =
1387 cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0));
1389 srp_rsp->status = status;
1391 if (cmd->se_cmd_flags & SCF_UNDERFLOW_BIT) {
1392 if (cmd->data_direction == DMA_TO_DEVICE) {
1393 /* residual data from an underflow write */
1394 srp_rsp->flags = SRP_RSP_FLAG_DOUNDER;
1395 srp_rsp->data_out_res_cnt = cpu_to_be32(resid);
1396 } else if (cmd->data_direction == DMA_FROM_DEVICE) {
1397 /* residual data from an underflow read */
1398 srp_rsp->flags = SRP_RSP_FLAG_DIUNDER;
1399 srp_rsp->data_in_res_cnt = cpu_to_be32(resid);
1401 } else if (cmd->se_cmd_flags & SCF_OVERFLOW_BIT) {
1402 if (cmd->data_direction == DMA_TO_DEVICE) {
1403 /* residual data from an overflow write */
1404 srp_rsp->flags = SRP_RSP_FLAG_DOOVER;
1405 srp_rsp->data_out_res_cnt = cpu_to_be32(resid);
1406 } else if (cmd->data_direction == DMA_FROM_DEVICE) {
1407 /* residual data from an overflow read */
1408 srp_rsp->flags = SRP_RSP_FLAG_DIOVER;
1409 srp_rsp->data_in_res_cnt = cpu_to_be32(resid);
1413 if (sense_data_len) {
1414 BUILD_BUG_ON(MIN_MAX_RSP_SIZE <= sizeof(*srp_rsp));
1415 max_sense_len = ch->max_ti_iu_len - sizeof(*srp_rsp);
1416 if (sense_data_len > max_sense_len) {
1417 pr_warn("truncated sense data from %d to %d bytes\n",
1418 sense_data_len, max_sense_len);
1419 sense_data_len = max_sense_len;
1422 srp_rsp->flags |= SRP_RSP_FLAG_SNSVALID;
1423 srp_rsp->sense_data_len = cpu_to_be32(sense_data_len);
1424 memcpy(srp_rsp + 1, sense_data, sense_data_len);
1427 return sizeof(*srp_rsp) + sense_data_len;
1431 * srpt_build_tskmgmt_rsp - build a task management response
1432 * @ch: RDMA channel through which the request has been received.
1433 * @ioctx: I/O context in which the SRP_RSP response will be built.
1434 * @rsp_code: RSP_CODE that will be stored in the response.
1435 * @tag: Tag of the request for which this response is being generated.
1437 * Returns the size in bytes of the SRP_RSP response.
1439 * An SRP_RSP response contains a SCSI status or service response. See also
1440 * section 6.9 in the SRP r16a document for the format of an SRP_RSP
1443 static int srpt_build_tskmgmt_rsp(struct srpt_rdma_ch *ch,
1444 struct srpt_send_ioctx *ioctx,
1445 u8 rsp_code, u64 tag)
1447 struct srp_rsp *srp_rsp;
1452 resp_len = sizeof(*srp_rsp) + resp_data_len;
1454 srp_rsp = ioctx->ioctx.buf;
1456 memset(srp_rsp, 0, sizeof(*srp_rsp));
1458 srp_rsp->opcode = SRP_RSP;
1459 srp_rsp->req_lim_delta =
1460 cpu_to_be32(1 + atomic_xchg(&ch->req_lim_delta, 0));
1463 srp_rsp->flags |= SRP_RSP_FLAG_RSPVALID;
1464 srp_rsp->resp_data_len = cpu_to_be32(resp_data_len);
1465 srp_rsp->data[3] = rsp_code;
1470 static int srpt_check_stop_free(struct se_cmd *cmd)
1472 struct srpt_send_ioctx *ioctx = container_of(cmd,
1473 struct srpt_send_ioctx, cmd);
1475 return target_put_sess_cmd(&ioctx->cmd);
1479 * srpt_handle_cmd - process a SRP_CMD information unit
1480 * @ch: SRPT RDMA channel.
1481 * @recv_ioctx: Receive I/O context.
1482 * @send_ioctx: Send I/O context.
1484 static void srpt_handle_cmd(struct srpt_rdma_ch *ch,
1485 struct srpt_recv_ioctx *recv_ioctx,
1486 struct srpt_send_ioctx *send_ioctx)
1489 struct srp_cmd *srp_cmd;
1490 struct scatterlist *sg = NULL;
1491 unsigned sg_cnt = 0;
1493 enum dma_data_direction dir;
1496 BUG_ON(!send_ioctx);
1498 srp_cmd = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset;
1499 cmd = &send_ioctx->cmd;
1500 cmd->tag = srp_cmd->tag;
1502 switch (srp_cmd->task_attr) {
1503 case SRP_CMD_SIMPLE_Q:
1504 cmd->sam_task_attr = TCM_SIMPLE_TAG;
1506 case SRP_CMD_ORDERED_Q:
1508 cmd->sam_task_attr = TCM_ORDERED_TAG;
1510 case SRP_CMD_HEAD_OF_Q:
1511 cmd->sam_task_attr = TCM_HEAD_TAG;
1514 cmd->sam_task_attr = TCM_ACA_TAG;
1518 rc = srpt_get_desc_tbl(recv_ioctx, send_ioctx, srp_cmd, &dir,
1519 &sg, &sg_cnt, &data_len, ch->imm_data_offset);
1521 if (rc != -EAGAIN) {
1522 pr_err("0x%llx: parsing SRP descriptor table failed.\n",
1528 rc = target_submit_cmd_map_sgls(cmd, ch->sess, srp_cmd->cdb,
1529 &send_ioctx->sense_data[0],
1530 scsilun_to_int(&srp_cmd->lun), data_len,
1531 TCM_SIMPLE_TAG, dir, TARGET_SCF_ACK_KREF,
1532 sg, sg_cnt, NULL, 0, NULL, 0);
1534 pr_debug("target_submit_cmd() returned %d for tag %#llx\n", rc,
1541 target_send_busy(cmd);
1544 static int srp_tmr_to_tcm(int fn)
1547 case SRP_TSK_ABORT_TASK:
1548 return TMR_ABORT_TASK;
1549 case SRP_TSK_ABORT_TASK_SET:
1550 return TMR_ABORT_TASK_SET;
1551 case SRP_TSK_CLEAR_TASK_SET:
1552 return TMR_CLEAR_TASK_SET;
1553 case SRP_TSK_LUN_RESET:
1554 return TMR_LUN_RESET;
1555 case SRP_TSK_CLEAR_ACA:
1556 return TMR_CLEAR_ACA;
1563 * srpt_handle_tsk_mgmt - process a SRP_TSK_MGMT information unit
1564 * @ch: SRPT RDMA channel.
1565 * @recv_ioctx: Receive I/O context.
1566 * @send_ioctx: Send I/O context.
1568 * Returns 0 if and only if the request will be processed by the target core.
1570 * For more information about SRP_TSK_MGMT information units, see also section
1571 * 6.7 in the SRP r16a document.
1573 static void srpt_handle_tsk_mgmt(struct srpt_rdma_ch *ch,
1574 struct srpt_recv_ioctx *recv_ioctx,
1575 struct srpt_send_ioctx *send_ioctx)
1577 struct srp_tsk_mgmt *srp_tsk;
1579 struct se_session *sess = ch->sess;
1583 BUG_ON(!send_ioctx);
1585 srp_tsk = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset;
1586 cmd = &send_ioctx->cmd;
1588 pr_debug("recv tsk_mgmt fn %d for task_tag %lld and cmd tag %lld ch %p sess %p\n",
1589 srp_tsk->tsk_mgmt_func, srp_tsk->task_tag, srp_tsk->tag, ch,
1592 srpt_set_cmd_state(send_ioctx, SRPT_STATE_MGMT);
1593 send_ioctx->cmd.tag = srp_tsk->tag;
1594 tcm_tmr = srp_tmr_to_tcm(srp_tsk->tsk_mgmt_func);
1595 rc = target_submit_tmr(&send_ioctx->cmd, sess, NULL,
1596 scsilun_to_int(&srp_tsk->lun), srp_tsk, tcm_tmr,
1597 GFP_KERNEL, srp_tsk->task_tag,
1598 TARGET_SCF_ACK_KREF);
1600 send_ioctx->cmd.se_tmr_req->response = TMR_FUNCTION_REJECTED;
1601 cmd->se_tfo->queue_tm_rsp(cmd);
1607 * srpt_handle_new_iu - process a newly received information unit
1608 * @ch: RDMA channel through which the information unit has been received.
1609 * @recv_ioctx: Receive I/O context associated with the information unit.
1612 srpt_handle_new_iu(struct srpt_rdma_ch *ch, struct srpt_recv_ioctx *recv_ioctx)
1614 struct srpt_send_ioctx *send_ioctx = NULL;
1615 struct srp_cmd *srp_cmd;
1620 BUG_ON(!recv_ioctx);
1622 if (unlikely(ch->state == CH_CONNECTING))
1625 ib_dma_sync_single_for_cpu(ch->sport->sdev->device,
1626 recv_ioctx->ioctx.dma,
1627 recv_ioctx->ioctx.offset + srp_max_req_size,
1630 srp_cmd = recv_ioctx->ioctx.buf + recv_ioctx->ioctx.offset;
1631 opcode = srp_cmd->opcode;
1632 if (opcode == SRP_CMD || opcode == SRP_TSK_MGMT) {
1633 send_ioctx = srpt_get_send_ioctx(ch);
1634 if (unlikely(!send_ioctx))
1638 if (!list_empty(&recv_ioctx->wait_list)) {
1639 WARN_ON_ONCE(!ch->processing_wait_list);
1640 list_del_init(&recv_ioctx->wait_list);
1645 srpt_handle_cmd(ch, recv_ioctx, send_ioctx);
1648 srpt_handle_tsk_mgmt(ch, recv_ioctx, send_ioctx);
1651 pr_err("Not yet implemented: SRP_I_LOGOUT\n");
1654 pr_debug("received SRP_CRED_RSP\n");
1657 pr_debug("received SRP_AER_RSP\n");
1660 pr_err("Received SRP_RSP\n");
1663 pr_err("received IU with unknown opcode 0x%x\n", opcode);
1667 if (!send_ioctx || !send_ioctx->recv_ioctx)
1668 srpt_post_recv(ch->sport->sdev, ch, recv_ioctx);
1675 if (list_empty(&recv_ioctx->wait_list)) {
1676 WARN_ON_ONCE(ch->processing_wait_list);
1677 list_add_tail(&recv_ioctx->wait_list, &ch->cmd_wait_list);
1682 static void srpt_recv_done(struct ib_cq *cq, struct ib_wc *wc)
1684 struct srpt_rdma_ch *ch = wc->qp->qp_context;
1685 struct srpt_recv_ioctx *ioctx =
1686 container_of(wc->wr_cqe, struct srpt_recv_ioctx, ioctx.cqe);
1688 if (wc->status == IB_WC_SUCCESS) {
1691 req_lim = atomic_dec_return(&ch->req_lim);
1692 if (unlikely(req_lim < 0))
1693 pr_err("req_lim = %d < 0\n", req_lim);
1694 ioctx->byte_len = wc->byte_len;
1695 srpt_handle_new_iu(ch, ioctx);
1697 pr_info_ratelimited("receiving failed for ioctx %p with status %d\n",
1703 * This function must be called from the context in which RDMA completions are
1704 * processed because it accesses the wait list without protection against
1705 * access from other threads.
1707 static void srpt_process_wait_list(struct srpt_rdma_ch *ch)
1709 struct srpt_recv_ioctx *recv_ioctx, *tmp;
1711 WARN_ON_ONCE(ch->state == CH_CONNECTING);
1713 if (list_empty(&ch->cmd_wait_list))
1716 WARN_ON_ONCE(ch->processing_wait_list);
1717 ch->processing_wait_list = true;
1718 list_for_each_entry_safe(recv_ioctx, tmp, &ch->cmd_wait_list,
1720 if (!srpt_handle_new_iu(ch, recv_ioctx))
1723 ch->processing_wait_list = false;
1727 * srpt_send_done - send completion callback
1728 * @cq: Completion queue.
1729 * @wc: Work completion.
1731 * Note: Although this has not yet been observed during tests, at least in
1732 * theory it is possible that the srpt_get_send_ioctx() call invoked by
1733 * srpt_handle_new_iu() fails. This is possible because the req_lim_delta
1734 * value in each response is set to one, and it is possible that this response
1735 * makes the initiator send a new request before the send completion for that
1736 * response has been processed. This could e.g. happen if the call to
1737 * srpt_put_send_iotcx() is delayed because of a higher priority interrupt or
1738 * if IB retransmission causes generation of the send completion to be
1739 * delayed. Incoming information units for which srpt_get_send_ioctx() fails
1740 * are queued on cmd_wait_list. The code below processes these delayed
1741 * requests one at a time.
1743 static void srpt_send_done(struct ib_cq *cq, struct ib_wc *wc)
1745 struct srpt_rdma_ch *ch = wc->qp->qp_context;
1746 struct srpt_send_ioctx *ioctx =
1747 container_of(wc->wr_cqe, struct srpt_send_ioctx, ioctx.cqe);
1748 enum srpt_command_state state;
1750 state = srpt_set_cmd_state(ioctx, SRPT_STATE_DONE);
1752 WARN_ON(state != SRPT_STATE_CMD_RSP_SENT &&
1753 state != SRPT_STATE_MGMT_RSP_SENT);
1755 atomic_add(1 + ioctx->n_rdma, &ch->sq_wr_avail);
1757 if (wc->status != IB_WC_SUCCESS)
1758 pr_info("sending response for ioctx 0x%p failed with status %d\n",
1761 if (state != SRPT_STATE_DONE) {
1762 transport_generic_free_cmd(&ioctx->cmd, 0);
1764 pr_err("IB completion has been received too late for wr_id = %u.\n",
1765 ioctx->ioctx.index);
1768 srpt_process_wait_list(ch);
1772 * srpt_create_ch_ib - create receive and send completion queues
1773 * @ch: SRPT RDMA channel.
1775 static int srpt_create_ch_ib(struct srpt_rdma_ch *ch)
1777 struct ib_qp_init_attr *qp_init;
1778 struct srpt_port *sport = ch->sport;
1779 struct srpt_device *sdev = sport->sdev;
1780 const struct ib_device_attr *attrs = &sdev->device->attrs;
1781 int sq_size = sport->port_attrib.srp_sq_size;
1784 WARN_ON(ch->rq_size < 1);
1787 qp_init = kzalloc(sizeof(*qp_init), GFP_KERNEL);
1792 ch->cq = ib_cq_pool_get(sdev->device, ch->rq_size + sq_size, -1,
1794 if (IS_ERR(ch->cq)) {
1795 ret = PTR_ERR(ch->cq);
1796 pr_err("failed to create CQ cqe= %d ret= %d\n",
1797 ch->rq_size + sq_size, ret);
1800 ch->cq_size = ch->rq_size + sq_size;
1802 qp_init->qp_context = (void *)ch;
1803 qp_init->event_handler
1804 = (void(*)(struct ib_event *, void*))srpt_qp_event;
1805 qp_init->send_cq = ch->cq;
1806 qp_init->recv_cq = ch->cq;
1807 qp_init->sq_sig_type = IB_SIGNAL_REQ_WR;
1808 qp_init->qp_type = IB_QPT_RC;
1810 * We divide up our send queue size into half SEND WRs to send the
1811 * completions, and half R/W contexts to actually do the RDMA
1812 * READ/WRITE transfers. Note that we need to allocate CQ slots for
1813 * both both, as RDMA contexts will also post completions for the
1816 qp_init->cap.max_send_wr = min(sq_size / 2, attrs->max_qp_wr);
1817 qp_init->cap.max_rdma_ctxs = sq_size / 2;
1818 qp_init->cap.max_send_sge = attrs->max_send_sge;
1819 qp_init->cap.max_recv_sge = 1;
1820 qp_init->port_num = ch->sport->port;
1822 qp_init->srq = sdev->srq;
1824 qp_init->cap.max_recv_wr = ch->rq_size;
1826 if (ch->using_rdma_cm) {
1827 ret = rdma_create_qp(ch->rdma_cm.cm_id, sdev->pd, qp_init);
1828 ch->qp = ch->rdma_cm.cm_id->qp;
1830 ch->qp = ib_create_qp(sdev->pd, qp_init);
1831 if (!IS_ERR(ch->qp)) {
1832 ret = srpt_init_ch_qp(ch, ch->qp);
1834 ib_destroy_qp(ch->qp);
1836 ret = PTR_ERR(ch->qp);
1840 bool retry = sq_size > MIN_SRPT_SQ_SIZE;
1843 pr_debug("failed to create queue pair with sq_size = %d (%d) - retrying\n",
1845 ib_cq_pool_put(ch->cq, ch->cq_size);
1846 sq_size = max(sq_size / 2, MIN_SRPT_SQ_SIZE);
1849 pr_err("failed to create queue pair with sq_size = %d (%d)\n",
1851 goto err_destroy_cq;
1855 atomic_set(&ch->sq_wr_avail, qp_init->cap.max_send_wr);
1857 pr_debug("%s: max_cqe= %d max_sge= %d sq_size = %d ch= %p\n",
1858 __func__, ch->cq->cqe, qp_init->cap.max_send_sge,
1859 qp_init->cap.max_send_wr, ch);
1862 for (i = 0; i < ch->rq_size; i++)
1863 srpt_post_recv(sdev, ch, ch->ioctx_recv_ring[i]);
1871 ib_cq_pool_put(ch->cq, ch->cq_size);
1875 static void srpt_destroy_ch_ib(struct srpt_rdma_ch *ch)
1877 ib_destroy_qp(ch->qp);
1878 ib_cq_pool_put(ch->cq, ch->cq_size);
1882 * srpt_close_ch - close a RDMA channel
1883 * @ch: SRPT RDMA channel.
1885 * Make sure all resources associated with the channel will be deallocated at
1886 * an appropriate time.
1888 * Returns true if and only if the channel state has been modified into
1891 static bool srpt_close_ch(struct srpt_rdma_ch *ch)
1895 if (!srpt_set_ch_state(ch, CH_DRAINING)) {
1896 pr_debug("%s: already closed\n", ch->sess_name);
1900 kref_get(&ch->kref);
1902 ret = srpt_ch_qp_err(ch);
1904 pr_err("%s-%d: changing queue pair into error state failed: %d\n",
1905 ch->sess_name, ch->qp->qp_num, ret);
1907 ret = srpt_zerolength_write(ch);
1909 pr_err("%s-%d: queuing zero-length write failed: %d\n",
1910 ch->sess_name, ch->qp->qp_num, ret);
1911 if (srpt_set_ch_state(ch, CH_DISCONNECTED))
1912 schedule_work(&ch->release_work);
1917 kref_put(&ch->kref, srpt_free_ch);
1923 * Change the channel state into CH_DISCONNECTING. If a channel has not yet
1924 * reached the connected state, close it. If a channel is in the connected
1925 * state, send a DREQ. If a DREQ has been received, send a DREP. Note: it is
1926 * the responsibility of the caller to ensure that this function is not
1927 * invoked concurrently with the code that accepts a connection. This means
1928 * that this function must either be invoked from inside a CM callback
1929 * function or that it must be invoked with the srpt_port.mutex held.
1931 static int srpt_disconnect_ch(struct srpt_rdma_ch *ch)
1935 if (!srpt_set_ch_state(ch, CH_DISCONNECTING))
1938 if (ch->using_rdma_cm) {
1939 ret = rdma_disconnect(ch->rdma_cm.cm_id);
1941 ret = ib_send_cm_dreq(ch->ib_cm.cm_id, NULL, 0);
1943 ret = ib_send_cm_drep(ch->ib_cm.cm_id, NULL, 0);
1946 if (ret < 0 && srpt_close_ch(ch))
1952 /* Send DREQ and wait for DREP. */
1953 static void srpt_disconnect_ch_sync(struct srpt_rdma_ch *ch)
1955 DECLARE_COMPLETION_ONSTACK(closed);
1956 struct srpt_port *sport = ch->sport;
1958 pr_debug("ch %s-%d state %d\n", ch->sess_name, ch->qp->qp_num,
1961 ch->closed = &closed;
1963 mutex_lock(&sport->mutex);
1964 srpt_disconnect_ch(ch);
1965 mutex_unlock(&sport->mutex);
1967 while (wait_for_completion_timeout(&closed, 5 * HZ) == 0)
1968 pr_info("%s(%s-%d state %d): still waiting ...\n", __func__,
1969 ch->sess_name, ch->qp->qp_num, ch->state);
1973 static void __srpt_close_all_ch(struct srpt_port *sport)
1975 struct srpt_nexus *nexus;
1976 struct srpt_rdma_ch *ch;
1978 lockdep_assert_held(&sport->mutex);
1980 list_for_each_entry(nexus, &sport->nexus_list, entry) {
1981 list_for_each_entry(ch, &nexus->ch_list, list) {
1982 if (srpt_disconnect_ch(ch) >= 0)
1983 pr_info("Closing channel %s-%d because target %s_%d has been disabled\n",
1984 ch->sess_name, ch->qp->qp_num,
1985 dev_name(&sport->sdev->device->dev),
1993 * Look up (i_port_id, t_port_id) in sport->nexus_list. Create an entry if
1994 * it does not yet exist.
1996 static struct srpt_nexus *srpt_get_nexus(struct srpt_port *sport,
1997 const u8 i_port_id[16],
1998 const u8 t_port_id[16])
2000 struct srpt_nexus *nexus = NULL, *tmp_nexus = NULL, *n;
2003 mutex_lock(&sport->mutex);
2004 list_for_each_entry(n, &sport->nexus_list, entry) {
2005 if (memcmp(n->i_port_id, i_port_id, 16) == 0 &&
2006 memcmp(n->t_port_id, t_port_id, 16) == 0) {
2011 if (!nexus && tmp_nexus) {
2012 list_add_tail_rcu(&tmp_nexus->entry,
2013 &sport->nexus_list);
2014 swap(nexus, tmp_nexus);
2016 mutex_unlock(&sport->mutex);
2020 tmp_nexus = kzalloc(sizeof(*nexus), GFP_KERNEL);
2022 nexus = ERR_PTR(-ENOMEM);
2025 INIT_LIST_HEAD(&tmp_nexus->ch_list);
2026 memcpy(tmp_nexus->i_port_id, i_port_id, 16);
2027 memcpy(tmp_nexus->t_port_id, t_port_id, 16);
2035 static void srpt_set_enabled(struct srpt_port *sport, bool enabled)
2036 __must_hold(&sport->mutex)
2038 lockdep_assert_held(&sport->mutex);
2040 if (sport->enabled == enabled)
2042 sport->enabled = enabled;
2044 __srpt_close_all_ch(sport);
2047 static void srpt_drop_sport_ref(struct srpt_port *sport)
2049 if (atomic_dec_return(&sport->refcount) == 0 && sport->freed_channels)
2050 complete(sport->freed_channels);
2053 static void srpt_free_ch(struct kref *kref)
2055 struct srpt_rdma_ch *ch = container_of(kref, struct srpt_rdma_ch, kref);
2057 srpt_drop_sport_ref(ch->sport);
2062 * Shut down the SCSI target session, tell the connection manager to
2063 * disconnect the associated RDMA channel, transition the QP to the error
2064 * state and remove the channel from the channel list. This function is
2065 * typically called from inside srpt_zerolength_write_done(). Concurrent
2066 * srpt_zerolength_write() calls from inside srpt_close_ch() are possible
2067 * as long as the channel is on sport->nexus_list.
2069 static void srpt_release_channel_work(struct work_struct *w)
2071 struct srpt_rdma_ch *ch;
2072 struct srpt_device *sdev;
2073 struct srpt_port *sport;
2074 struct se_session *se_sess;
2076 ch = container_of(w, struct srpt_rdma_ch, release_work);
2077 pr_debug("%s-%d\n", ch->sess_name, ch->qp->qp_num);
2079 sdev = ch->sport->sdev;
2085 target_sess_cmd_list_set_waiting(se_sess);
2086 target_wait_for_sess_cmds(se_sess);
2088 target_remove_session(se_sess);
2091 if (ch->using_rdma_cm)
2092 rdma_destroy_id(ch->rdma_cm.cm_id);
2094 ib_destroy_cm_id(ch->ib_cm.cm_id);
2097 mutex_lock(&sport->mutex);
2098 list_del_rcu(&ch->list);
2099 mutex_unlock(&sport->mutex);
2102 complete(ch->closed);
2104 srpt_destroy_ch_ib(ch);
2106 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring,
2107 ch->sport->sdev, ch->rq_size,
2108 ch->rsp_buf_cache, DMA_TO_DEVICE);
2110 kmem_cache_destroy(ch->rsp_buf_cache);
2112 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_recv_ring,
2114 ch->req_buf_cache, DMA_FROM_DEVICE);
2116 kmem_cache_destroy(ch->req_buf_cache);
2118 kref_put(&ch->kref, srpt_free_ch);
2122 * srpt_cm_req_recv - process the event IB_CM_REQ_RECEIVED
2123 * @sdev: HCA through which the login request was received.
2124 * @ib_cm_id: IB/CM connection identifier in case of IB/CM.
2125 * @rdma_cm_id: RDMA/CM connection identifier in case of RDMA/CM.
2126 * @port_num: Port through which the REQ message was received.
2127 * @pkey: P_Key of the incoming connection.
2128 * @req: SRP login request.
2129 * @src_addr: GID (IB/CM) or IP address (RDMA/CM) of the port that submitted
2130 * the login request.
2132 * Ownership of the cm_id is transferred to the target session if this
2133 * function returns zero. Otherwise the caller remains the owner of cm_id.
2135 static int srpt_cm_req_recv(struct srpt_device *const sdev,
2136 struct ib_cm_id *ib_cm_id,
2137 struct rdma_cm_id *rdma_cm_id,
2138 u8 port_num, __be16 pkey,
2139 const struct srp_login_req *req,
2140 const char *src_addr)
2142 struct srpt_port *sport = &sdev->port[port_num - 1];
2143 struct srpt_nexus *nexus;
2144 struct srp_login_rsp *rsp = NULL;
2145 struct srp_login_rej *rej = NULL;
2147 struct rdma_conn_param rdma_cm;
2148 struct ib_cm_rep_param ib_cm;
2149 } *rep_param = NULL;
2150 struct srpt_rdma_ch *ch = NULL;
2153 int i, tag_num, tag_size, ret;
2154 struct srpt_tpg *stpg;
2156 WARN_ON_ONCE(irqs_disabled());
2158 it_iu_len = be32_to_cpu(req->req_it_iu_len);
2160 pr_info("Received SRP_LOGIN_REQ with i_port_id %pI6, t_port_id %pI6 and it_iu_len %d on port %d (guid=%pI6); pkey %#04x\n",
2161 req->initiator_port_id, req->target_port_id, it_iu_len,
2162 port_num, &sport->gid, be16_to_cpu(pkey));
2164 nexus = srpt_get_nexus(sport, req->initiator_port_id,
2165 req->target_port_id);
2166 if (IS_ERR(nexus)) {
2167 ret = PTR_ERR(nexus);
2172 rsp = kzalloc(sizeof(*rsp), GFP_KERNEL);
2173 rej = kzalloc(sizeof(*rej), GFP_KERNEL);
2174 rep_param = kzalloc(sizeof(*rep_param), GFP_KERNEL);
2175 if (!rsp || !rej || !rep_param)
2179 if (it_iu_len > srp_max_req_size || it_iu_len < 64) {
2180 rej->reason = cpu_to_be32(
2181 SRP_LOGIN_REJ_REQ_IT_IU_LENGTH_TOO_LARGE);
2182 pr_err("rejected SRP_LOGIN_REQ because its length (%d bytes) is out of range (%d .. %d)\n",
2183 it_iu_len, 64, srp_max_req_size);
2187 if (!sport->enabled) {
2188 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2189 pr_info("rejected SRP_LOGIN_REQ because target port %s_%d has not yet been enabled\n",
2190 dev_name(&sport->sdev->device->dev), port_num);
2194 if (*(__be64 *)req->target_port_id != cpu_to_be64(srpt_service_guid)
2195 || *(__be64 *)(req->target_port_id + 8) !=
2196 cpu_to_be64(srpt_service_guid)) {
2197 rej->reason = cpu_to_be32(
2198 SRP_LOGIN_REJ_UNABLE_ASSOCIATE_CHANNEL);
2199 pr_err("rejected SRP_LOGIN_REQ because it has an invalid target port identifier.\n");
2204 ch = kzalloc(sizeof(*ch), GFP_KERNEL);
2206 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2207 pr_err("rejected SRP_LOGIN_REQ because out of memory.\n");
2211 kref_init(&ch->kref);
2212 ch->pkey = be16_to_cpu(pkey);
2214 ch->zw_cqe.done = srpt_zerolength_write_done;
2215 INIT_WORK(&ch->release_work, srpt_release_channel_work);
2218 ch->ib_cm.cm_id = ib_cm_id;
2219 ib_cm_id->context = ch;
2221 ch->using_rdma_cm = true;
2222 ch->rdma_cm.cm_id = rdma_cm_id;
2223 rdma_cm_id->context = ch;
2226 * ch->rq_size should be at least as large as the initiator queue
2227 * depth to avoid that the initiator driver has to report QUEUE_FULL
2228 * to the SCSI mid-layer.
2230 ch->rq_size = min(MAX_SRPT_RQ_SIZE, sdev->device->attrs.max_qp_wr);
2231 spin_lock_init(&ch->spinlock);
2232 ch->state = CH_CONNECTING;
2233 INIT_LIST_HEAD(&ch->cmd_wait_list);
2234 ch->max_rsp_size = ch->sport->port_attrib.srp_max_rsp_size;
2236 ch->rsp_buf_cache = kmem_cache_create("srpt-rsp-buf", ch->max_rsp_size,
2238 if (!ch->rsp_buf_cache)
2241 ch->ioctx_ring = (struct srpt_send_ioctx **)
2242 srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size,
2243 sizeof(*ch->ioctx_ring[0]),
2244 ch->rsp_buf_cache, 0, DMA_TO_DEVICE);
2245 if (!ch->ioctx_ring) {
2246 pr_err("rejected SRP_LOGIN_REQ because creating a new QP SQ ring failed.\n");
2247 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2248 goto free_rsp_cache;
2251 for (i = 0; i < ch->rq_size; i++)
2252 ch->ioctx_ring[i]->ch = ch;
2253 if (!sdev->use_srq) {
2254 u16 imm_data_offset = req->req_flags & SRP_IMMED_REQUESTED ?
2255 be16_to_cpu(req->imm_data_offset) : 0;
2256 u16 alignment_offset;
2259 if (req->req_flags & SRP_IMMED_REQUESTED)
2260 pr_debug("imm_data_offset = %d\n",
2261 be16_to_cpu(req->imm_data_offset));
2262 if (imm_data_offset >= sizeof(struct srp_cmd)) {
2263 ch->imm_data_offset = imm_data_offset;
2264 rsp->rsp_flags |= SRP_LOGIN_RSP_IMMED_SUPP;
2266 ch->imm_data_offset = 0;
2268 alignment_offset = round_up(imm_data_offset, 512) -
2270 req_sz = alignment_offset + imm_data_offset + srp_max_req_size;
2271 ch->req_buf_cache = kmem_cache_create("srpt-req-buf", req_sz,
2273 if (!ch->req_buf_cache)
2276 ch->ioctx_recv_ring = (struct srpt_recv_ioctx **)
2277 srpt_alloc_ioctx_ring(ch->sport->sdev, ch->rq_size,
2278 sizeof(*ch->ioctx_recv_ring[0]),
2282 if (!ch->ioctx_recv_ring) {
2283 pr_err("rejected SRP_LOGIN_REQ because creating a new QP RQ ring failed.\n");
2285 cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2286 goto free_recv_cache;
2288 for (i = 0; i < ch->rq_size; i++)
2289 INIT_LIST_HEAD(&ch->ioctx_recv_ring[i]->wait_list);
2292 ret = srpt_create_ch_ib(ch);
2294 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2295 pr_err("rejected SRP_LOGIN_REQ because creating a new RDMA channel failed.\n");
2296 goto free_recv_ring;
2299 strlcpy(ch->sess_name, src_addr, sizeof(ch->sess_name));
2300 snprintf(i_port_id, sizeof(i_port_id), "0x%016llx%016llx",
2301 be64_to_cpu(*(__be64 *)nexus->i_port_id),
2302 be64_to_cpu(*(__be64 *)(nexus->i_port_id + 8)));
2304 pr_debug("registering src addr %s or i_port_id %s\n", ch->sess_name,
2307 tag_num = ch->rq_size;
2308 tag_size = 1; /* ib_srpt does not use se_sess->sess_cmd_map */
2310 if (sport->guid_id) {
2311 mutex_lock(&sport->guid_id->mutex);
2312 list_for_each_entry(stpg, &sport->guid_id->tpg_list, entry) {
2313 if (!IS_ERR_OR_NULL(ch->sess))
2315 ch->sess = target_setup_session(&stpg->tpg, tag_num,
2316 tag_size, TARGET_PROT_NORMAL,
2317 ch->sess_name, ch, NULL);
2319 mutex_unlock(&sport->guid_id->mutex);
2322 if (sport->gid_id) {
2323 mutex_lock(&sport->gid_id->mutex);
2324 list_for_each_entry(stpg, &sport->gid_id->tpg_list, entry) {
2325 if (!IS_ERR_OR_NULL(ch->sess))
2327 ch->sess = target_setup_session(&stpg->tpg, tag_num,
2328 tag_size, TARGET_PROT_NORMAL, i_port_id,
2330 if (!IS_ERR_OR_NULL(ch->sess))
2332 /* Retry without leading "0x" */
2333 ch->sess = target_setup_session(&stpg->tpg, tag_num,
2334 tag_size, TARGET_PROT_NORMAL,
2335 i_port_id + 2, ch, NULL);
2337 mutex_unlock(&sport->gid_id->mutex);
2340 if (IS_ERR_OR_NULL(ch->sess)) {
2341 WARN_ON_ONCE(ch->sess == NULL);
2342 ret = PTR_ERR(ch->sess);
2344 pr_info("Rejected login for initiator %s: ret = %d.\n",
2345 ch->sess_name, ret);
2346 rej->reason = cpu_to_be32(ret == -ENOMEM ?
2347 SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES :
2348 SRP_LOGIN_REJ_CHANNEL_LIMIT_REACHED);
2353 * Once a session has been created destruction of srpt_rdma_ch objects
2354 * will decrement sport->refcount. Hence increment sport->refcount now.
2356 atomic_inc(&sport->refcount);
2358 mutex_lock(&sport->mutex);
2360 if ((req->req_flags & SRP_MTCH_ACTION) == SRP_MULTICHAN_SINGLE) {
2361 struct srpt_rdma_ch *ch2;
2363 list_for_each_entry(ch2, &nexus->ch_list, list) {
2364 if (srpt_disconnect_ch(ch2) < 0)
2366 pr_info("Relogin - closed existing channel %s\n",
2368 rsp->rsp_flags |= SRP_LOGIN_RSP_MULTICHAN_TERMINATED;
2371 rsp->rsp_flags |= SRP_LOGIN_RSP_MULTICHAN_MAINTAINED;
2374 list_add_tail_rcu(&ch->list, &nexus->ch_list);
2376 if (!sport->enabled) {
2377 rej->reason = cpu_to_be32(
2378 SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2379 pr_info("rejected SRP_LOGIN_REQ because target %s_%d is not enabled\n",
2380 dev_name(&sdev->device->dev), port_num);
2381 mutex_unlock(&sport->mutex);
2386 mutex_unlock(&sport->mutex);
2388 ret = ch->using_rdma_cm ? 0 : srpt_ch_qp_rtr(ch, ch->qp);
2390 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2391 pr_err("rejected SRP_LOGIN_REQ because enabling RTR failed (error code = %d)\n",
2396 pr_debug("Establish connection sess=%p name=%s ch=%p\n", ch->sess,
2399 /* create srp_login_response */
2400 rsp->opcode = SRP_LOGIN_RSP;
2401 rsp->tag = req->tag;
2402 rsp->max_it_iu_len = cpu_to_be32(srp_max_req_size);
2403 rsp->max_ti_iu_len = req->req_it_iu_len;
2404 ch->max_ti_iu_len = it_iu_len;
2405 rsp->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT |
2406 SRP_BUF_FORMAT_INDIRECT);
2407 rsp->req_lim_delta = cpu_to_be32(ch->rq_size);
2408 atomic_set(&ch->req_lim, ch->rq_size);
2409 atomic_set(&ch->req_lim_delta, 0);
2411 /* create cm reply */
2412 if (ch->using_rdma_cm) {
2413 rep_param->rdma_cm.private_data = (void *)rsp;
2414 rep_param->rdma_cm.private_data_len = sizeof(*rsp);
2415 rep_param->rdma_cm.rnr_retry_count = 7;
2416 rep_param->rdma_cm.flow_control = 1;
2417 rep_param->rdma_cm.responder_resources = 4;
2418 rep_param->rdma_cm.initiator_depth = 4;
2420 rep_param->ib_cm.qp_num = ch->qp->qp_num;
2421 rep_param->ib_cm.private_data = (void *)rsp;
2422 rep_param->ib_cm.private_data_len = sizeof(*rsp);
2423 rep_param->ib_cm.rnr_retry_count = 7;
2424 rep_param->ib_cm.flow_control = 1;
2425 rep_param->ib_cm.failover_accepted = 0;
2426 rep_param->ib_cm.srq = 1;
2427 rep_param->ib_cm.responder_resources = 4;
2428 rep_param->ib_cm.initiator_depth = 4;
2432 * Hold the sport mutex while accepting a connection to avoid that
2433 * srpt_disconnect_ch() is invoked concurrently with this code.
2435 mutex_lock(&sport->mutex);
2436 if (sport->enabled && ch->state == CH_CONNECTING) {
2437 if (ch->using_rdma_cm)
2438 ret = rdma_accept(rdma_cm_id, &rep_param->rdma_cm);
2440 ret = ib_send_cm_rep(ib_cm_id, &rep_param->ib_cm);
2444 mutex_unlock(&sport->mutex);
2452 rej->reason = cpu_to_be32(SRP_LOGIN_REJ_INSUFFICIENT_RESOURCES);
2453 pr_err("sending SRP_LOGIN_REQ response failed (error code = %d)\n",
2461 srpt_destroy_ch_ib(ch);
2464 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_recv_ring,
2465 ch->sport->sdev, ch->rq_size,
2466 ch->req_buf_cache, DMA_FROM_DEVICE);
2469 kmem_cache_destroy(ch->req_buf_cache);
2472 srpt_free_ioctx_ring((struct srpt_ioctx **)ch->ioctx_ring,
2473 ch->sport->sdev, ch->rq_size,
2474 ch->rsp_buf_cache, DMA_TO_DEVICE);
2477 kmem_cache_destroy(ch->rsp_buf_cache);
2481 rdma_cm_id->context = NULL;
2483 ib_cm_id->context = NULL;
2487 WARN_ON_ONCE(ret == 0);
2490 pr_info("Rejecting login with reason %#x\n", be32_to_cpu(rej->reason));
2491 rej->opcode = SRP_LOGIN_REJ;
2492 rej->tag = req->tag;
2493 rej->buf_fmt = cpu_to_be16(SRP_BUF_FORMAT_DIRECT |
2494 SRP_BUF_FORMAT_INDIRECT);
2497 rdma_reject(rdma_cm_id, rej, sizeof(*rej),
2498 IB_CM_REJ_CONSUMER_DEFINED);
2500 ib_send_cm_rej(ib_cm_id, IB_CM_REJ_CONSUMER_DEFINED, NULL, 0,
2503 if (ch && ch->sess) {
2506 * Tell the caller not to free cm_id since
2507 * srpt_release_channel_work() will do that.
2520 static int srpt_ib_cm_req_recv(struct ib_cm_id *cm_id,
2521 const struct ib_cm_req_event_param *param,
2526 srpt_format_guid(sguid, sizeof(sguid),
2527 ¶m->primary_path->dgid.global.interface_id);
2529 return srpt_cm_req_recv(cm_id->context, cm_id, NULL, param->port,
2530 param->primary_path->pkey,
2531 private_data, sguid);
2534 static int srpt_rdma_cm_req_recv(struct rdma_cm_id *cm_id,
2535 struct rdma_cm_event *event)
2537 struct srpt_device *sdev;
2538 struct srp_login_req req;
2539 const struct srp_login_req_rdma *req_rdma;
2540 struct sa_path_rec *path_rec = cm_id->route.path_rec;
2543 sdev = ib_get_client_data(cm_id->device, &srpt_client);
2545 return -ECONNREFUSED;
2547 if (event->param.conn.private_data_len < sizeof(*req_rdma))
2550 /* Transform srp_login_req_rdma into srp_login_req. */
2551 req_rdma = event->param.conn.private_data;
2552 memset(&req, 0, sizeof(req));
2553 req.opcode = req_rdma->opcode;
2554 req.tag = req_rdma->tag;
2555 req.req_it_iu_len = req_rdma->req_it_iu_len;
2556 req.req_buf_fmt = req_rdma->req_buf_fmt;
2557 req.req_flags = req_rdma->req_flags;
2558 memcpy(req.initiator_port_id, req_rdma->initiator_port_id, 16);
2559 memcpy(req.target_port_id, req_rdma->target_port_id, 16);
2560 req.imm_data_offset = req_rdma->imm_data_offset;
2562 snprintf(src_addr, sizeof(src_addr), "%pIS",
2563 &cm_id->route.addr.src_addr);
2565 return srpt_cm_req_recv(sdev, NULL, cm_id, cm_id->port_num,
2566 path_rec ? path_rec->pkey : 0, &req, src_addr);
2569 static void srpt_cm_rej_recv(struct srpt_rdma_ch *ch,
2570 enum ib_cm_rej_reason reason,
2571 const u8 *private_data,
2572 u8 private_data_len)
2577 if (private_data_len && (priv = kmalloc(private_data_len * 3 + 1,
2579 for (i = 0; i < private_data_len; i++)
2580 sprintf(priv + 3 * i, " %02x", private_data[i]);
2582 pr_info("Received CM REJ for ch %s-%d; reason %d%s%s.\n",
2583 ch->sess_name, ch->qp->qp_num, reason, private_data_len ?
2584 "; private data" : "", priv ? priv : " (?)");
2589 * srpt_cm_rtu_recv - process an IB_CM_RTU_RECEIVED or USER_ESTABLISHED event
2590 * @ch: SRPT RDMA channel.
2592 * An RTU (ready to use) message indicates that the connection has been
2593 * established and that the recipient may begin transmitting.
2595 static void srpt_cm_rtu_recv(struct srpt_rdma_ch *ch)
2599 ret = ch->using_rdma_cm ? 0 : srpt_ch_qp_rts(ch, ch->qp);
2601 pr_err("%s-%d: QP transition to RTS failed\n", ch->sess_name,
2608 * Note: calling srpt_close_ch() if the transition to the LIVE state
2609 * fails is not necessary since that means that that function has
2610 * already been invoked from another thread.
2612 if (!srpt_set_ch_state(ch, CH_LIVE)) {
2613 pr_err("%s-%d: channel transition to LIVE state failed\n",
2614 ch->sess_name, ch->qp->qp_num);
2618 /* Trigger wait list processing. */
2619 ret = srpt_zerolength_write(ch);
2620 WARN_ONCE(ret < 0, "%d\n", ret);
2624 * srpt_cm_handler - IB connection manager callback function
2625 * @cm_id: IB/CM connection identifier.
2626 * @event: IB/CM event.
2628 * A non-zero return value will cause the caller destroy the CM ID.
2630 * Note: srpt_cm_handler() must only return a non-zero value when transferring
2631 * ownership of the cm_id to a channel by srpt_cm_req_recv() failed. Returning
2632 * a non-zero value in any other case will trigger a race with the
2633 * ib_destroy_cm_id() call in srpt_release_channel().
2635 static int srpt_cm_handler(struct ib_cm_id *cm_id,
2636 const struct ib_cm_event *event)
2638 struct srpt_rdma_ch *ch = cm_id->context;
2642 switch (event->event) {
2643 case IB_CM_REQ_RECEIVED:
2644 ret = srpt_ib_cm_req_recv(cm_id, &event->param.req_rcvd,
2645 event->private_data);
2647 case IB_CM_REJ_RECEIVED:
2648 srpt_cm_rej_recv(ch, event->param.rej_rcvd.reason,
2649 event->private_data,
2650 IB_CM_REJ_PRIVATE_DATA_SIZE);
2652 case IB_CM_RTU_RECEIVED:
2653 case IB_CM_USER_ESTABLISHED:
2654 srpt_cm_rtu_recv(ch);
2656 case IB_CM_DREQ_RECEIVED:
2657 srpt_disconnect_ch(ch);
2659 case IB_CM_DREP_RECEIVED:
2660 pr_info("Received CM DREP message for ch %s-%d.\n",
2661 ch->sess_name, ch->qp->qp_num);
2664 case IB_CM_TIMEWAIT_EXIT:
2665 pr_info("Received CM TimeWait exit for ch %s-%d.\n",
2666 ch->sess_name, ch->qp->qp_num);
2669 case IB_CM_REP_ERROR:
2670 pr_info("Received CM REP error for ch %s-%d.\n", ch->sess_name,
2673 case IB_CM_DREQ_ERROR:
2674 pr_info("Received CM DREQ ERROR event.\n");
2676 case IB_CM_MRA_RECEIVED:
2677 pr_info("Received CM MRA event\n");
2680 pr_err("received unrecognized CM event %d\n", event->event);
2687 static int srpt_rdma_cm_handler(struct rdma_cm_id *cm_id,
2688 struct rdma_cm_event *event)
2690 struct srpt_rdma_ch *ch = cm_id->context;
2693 switch (event->event) {
2694 case RDMA_CM_EVENT_CONNECT_REQUEST:
2695 ret = srpt_rdma_cm_req_recv(cm_id, event);
2697 case RDMA_CM_EVENT_REJECTED:
2698 srpt_cm_rej_recv(ch, event->status,
2699 event->param.conn.private_data,
2700 event->param.conn.private_data_len);
2702 case RDMA_CM_EVENT_ESTABLISHED:
2703 srpt_cm_rtu_recv(ch);
2705 case RDMA_CM_EVENT_DISCONNECTED:
2706 if (ch->state < CH_DISCONNECTING)
2707 srpt_disconnect_ch(ch);
2711 case RDMA_CM_EVENT_TIMEWAIT_EXIT:
2714 case RDMA_CM_EVENT_UNREACHABLE:
2715 pr_info("Received CM REP error for ch %s-%d.\n", ch->sess_name,
2718 case RDMA_CM_EVENT_DEVICE_REMOVAL:
2719 case RDMA_CM_EVENT_ADDR_CHANGE:
2722 pr_err("received unrecognized RDMA CM event %d\n",
2731 * srpt_write_pending - Start data transfer from initiator to target (write).
2733 static int srpt_write_pending(struct se_cmd *se_cmd)
2735 struct srpt_send_ioctx *ioctx =
2736 container_of(se_cmd, struct srpt_send_ioctx, cmd);
2737 struct srpt_rdma_ch *ch = ioctx->ch;
2738 struct ib_send_wr *first_wr = NULL;
2739 struct ib_cqe *cqe = &ioctx->rdma_cqe;
2740 enum srpt_command_state new_state;
2743 if (ioctx->recv_ioctx) {
2744 srpt_set_cmd_state(ioctx, SRPT_STATE_DATA_IN);
2745 target_execute_cmd(&ioctx->cmd);
2749 new_state = srpt_set_cmd_state(ioctx, SRPT_STATE_NEED_DATA);
2750 WARN_ON(new_state == SRPT_STATE_DONE);
2752 if (atomic_sub_return(ioctx->n_rdma, &ch->sq_wr_avail) < 0) {
2753 pr_warn("%s: IB send queue full (needed %d)\n",
2754 __func__, ioctx->n_rdma);
2759 cqe->done = srpt_rdma_read_done;
2760 for (i = ioctx->n_rw_ctx - 1; i >= 0; i--) {
2761 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i];
2763 first_wr = rdma_rw_ctx_wrs(&ctx->rw, ch->qp, ch->sport->port,
2768 ret = ib_post_send(ch->qp, first_wr, NULL);
2770 pr_err("%s: ib_post_send() returned %d for %d (avail: %d)\n",
2771 __func__, ret, ioctx->n_rdma,
2772 atomic_read(&ch->sq_wr_avail));
2778 atomic_add(ioctx->n_rdma, &ch->sq_wr_avail);
2782 static u8 tcm_to_srp_tsk_mgmt_status(const int tcm_mgmt_status)
2784 switch (tcm_mgmt_status) {
2785 case TMR_FUNCTION_COMPLETE:
2786 return SRP_TSK_MGMT_SUCCESS;
2787 case TMR_FUNCTION_REJECTED:
2788 return SRP_TSK_MGMT_FUNC_NOT_SUPP;
2790 return SRP_TSK_MGMT_FAILED;
2794 * srpt_queue_response - transmit the response to a SCSI command
2795 * @cmd: SCSI target command.
2797 * Callback function called by the TCM core. Must not block since it can be
2798 * invoked on the context of the IB completion handler.
2800 static void srpt_queue_response(struct se_cmd *cmd)
2802 struct srpt_send_ioctx *ioctx =
2803 container_of(cmd, struct srpt_send_ioctx, cmd);
2804 struct srpt_rdma_ch *ch = ioctx->ch;
2805 struct srpt_device *sdev = ch->sport->sdev;
2806 struct ib_send_wr send_wr, *first_wr = &send_wr;
2808 enum srpt_command_state state;
2809 int resp_len, ret, i;
2812 state = ioctx->state;
2814 case SRPT_STATE_NEW:
2815 case SRPT_STATE_DATA_IN:
2816 ioctx->state = SRPT_STATE_CMD_RSP_SENT;
2818 case SRPT_STATE_MGMT:
2819 ioctx->state = SRPT_STATE_MGMT_RSP_SENT;
2822 WARN(true, "ch %p; cmd %d: unexpected command state %d\n",
2823 ch, ioctx->ioctx.index, ioctx->state);
2827 if (WARN_ON_ONCE(state == SRPT_STATE_CMD_RSP_SENT))
2830 /* For read commands, transfer the data to the initiator. */
2831 if (ioctx->cmd.data_direction == DMA_FROM_DEVICE &&
2832 ioctx->cmd.data_length &&
2833 !ioctx->queue_status_only) {
2834 for (i = ioctx->n_rw_ctx - 1; i >= 0; i--) {
2835 struct srpt_rw_ctx *ctx = &ioctx->rw_ctxs[i];
2837 first_wr = rdma_rw_ctx_wrs(&ctx->rw, ch->qp,
2838 ch->sport->port, NULL, first_wr);
2842 if (state != SRPT_STATE_MGMT)
2843 resp_len = srpt_build_cmd_rsp(ch, ioctx, ioctx->cmd.tag,
2847 = tcm_to_srp_tsk_mgmt_status(cmd->se_tmr_req->response);
2848 resp_len = srpt_build_tskmgmt_rsp(ch, ioctx, srp_tm_status,
2852 atomic_inc(&ch->req_lim);
2854 if (unlikely(atomic_sub_return(1 + ioctx->n_rdma,
2855 &ch->sq_wr_avail) < 0)) {
2856 pr_warn("%s: IB send queue full (needed %d)\n",
2857 __func__, ioctx->n_rdma);
2862 ib_dma_sync_single_for_device(sdev->device, ioctx->ioctx.dma, resp_len,
2865 sge.addr = ioctx->ioctx.dma;
2866 sge.length = resp_len;
2867 sge.lkey = sdev->lkey;
2869 ioctx->ioctx.cqe.done = srpt_send_done;
2870 send_wr.next = NULL;
2871 send_wr.wr_cqe = &ioctx->ioctx.cqe;
2872 send_wr.sg_list = &sge;
2873 send_wr.num_sge = 1;
2874 send_wr.opcode = IB_WR_SEND;
2875 send_wr.send_flags = IB_SEND_SIGNALED;
2877 ret = ib_post_send(ch->qp, first_wr, NULL);
2879 pr_err("%s: sending cmd response failed for tag %llu (%d)\n",
2880 __func__, ioctx->cmd.tag, ret);
2887 atomic_add(1 + ioctx->n_rdma, &ch->sq_wr_avail);
2888 atomic_dec(&ch->req_lim);
2889 srpt_set_cmd_state(ioctx, SRPT_STATE_DONE);
2890 target_put_sess_cmd(&ioctx->cmd);
2893 static int srpt_queue_data_in(struct se_cmd *cmd)
2895 srpt_queue_response(cmd);
2899 static void srpt_queue_tm_rsp(struct se_cmd *cmd)
2901 srpt_queue_response(cmd);
2905 * This function is called for aborted commands if no response is sent to the
2906 * initiator. Make sure that the credits freed by aborting a command are
2907 * returned to the initiator the next time a response is sent by incrementing
2908 * ch->req_lim_delta.
2910 static void srpt_aborted_task(struct se_cmd *cmd)
2912 struct srpt_send_ioctx *ioctx = container_of(cmd,
2913 struct srpt_send_ioctx, cmd);
2914 struct srpt_rdma_ch *ch = ioctx->ch;
2916 atomic_inc(&ch->req_lim_delta);
2919 static int srpt_queue_status(struct se_cmd *cmd)
2921 struct srpt_send_ioctx *ioctx;
2923 ioctx = container_of(cmd, struct srpt_send_ioctx, cmd);
2924 BUG_ON(ioctx->sense_data != cmd->sense_buffer);
2925 if (cmd->se_cmd_flags &
2926 (SCF_TRANSPORT_TASK_SENSE | SCF_EMULATED_TASK_SENSE))
2927 WARN_ON(cmd->scsi_status != SAM_STAT_CHECK_CONDITION);
2928 ioctx->queue_status_only = true;
2929 srpt_queue_response(cmd);
2933 static void srpt_refresh_port_work(struct work_struct *work)
2935 struct srpt_port *sport = container_of(work, struct srpt_port, work);
2937 srpt_refresh_port(sport);
2941 * srpt_release_sport - disable login and wait for associated channels
2942 * @sport: SRPT HCA port.
2944 static int srpt_release_sport(struct srpt_port *sport)
2946 DECLARE_COMPLETION_ONSTACK(c);
2947 struct srpt_nexus *nexus, *next_n;
2948 struct srpt_rdma_ch *ch;
2950 WARN_ON_ONCE(irqs_disabled());
2952 sport->freed_channels = &c;
2954 mutex_lock(&sport->mutex);
2955 srpt_set_enabled(sport, false);
2956 mutex_unlock(&sport->mutex);
2958 while (atomic_read(&sport->refcount) > 0 &&
2959 wait_for_completion_timeout(&c, 5 * HZ) <= 0) {
2960 pr_info("%s_%d: waiting for unregistration of %d sessions ...\n",
2961 dev_name(&sport->sdev->device->dev), sport->port,
2962 atomic_read(&sport->refcount));
2964 list_for_each_entry(nexus, &sport->nexus_list, entry) {
2965 list_for_each_entry(ch, &nexus->ch_list, list) {
2966 pr_info("%s-%d: state %s\n",
2967 ch->sess_name, ch->qp->qp_num,
2968 get_ch_state_name(ch->state));
2974 mutex_lock(&sport->mutex);
2975 list_for_each_entry_safe(nexus, next_n, &sport->nexus_list, entry) {
2976 list_del(&nexus->entry);
2977 kfree_rcu(nexus, rcu);
2979 mutex_unlock(&sport->mutex);
2984 struct port_and_port_id {
2985 struct srpt_port *sport;
2986 struct srpt_port_id **port_id;
2989 static struct port_and_port_id __srpt_lookup_port(const char *name)
2991 struct ib_device *dev;
2992 struct srpt_device *sdev;
2993 struct srpt_port *sport;
2996 list_for_each_entry(sdev, &srpt_dev_list, list) {
3001 for (i = 0; i < dev->phys_port_cnt; i++) {
3002 sport = &sdev->port[i];
3004 if (strcmp(sport->guid_name, name) == 0) {
3005 kref_get(&sdev->refcnt);
3006 return (struct port_and_port_id){
3007 sport, &sport->guid_id};
3009 if (strcmp(sport->gid_name, name) == 0) {
3010 kref_get(&sdev->refcnt);
3011 return (struct port_and_port_id){
3012 sport, &sport->gid_id};
3017 return (struct port_and_port_id){};
3021 * srpt_lookup_port() - Look up an RDMA port by name
3022 * @name: ASCII port name
3024 * Increments the RDMA port reference count if an RDMA port pointer is returned.
3025 * The caller must drop that reference count by calling srpt_port_put_ref().
3027 static struct port_and_port_id srpt_lookup_port(const char *name)
3029 struct port_and_port_id papi;
3031 spin_lock(&srpt_dev_lock);
3032 papi = __srpt_lookup_port(name);
3033 spin_unlock(&srpt_dev_lock);
3038 static void srpt_free_srq(struct srpt_device *sdev)
3043 ib_destroy_srq(sdev->srq);
3044 srpt_free_ioctx_ring((struct srpt_ioctx **)sdev->ioctx_ring, sdev,
3045 sdev->srq_size, sdev->req_buf_cache,
3047 kmem_cache_destroy(sdev->req_buf_cache);
3051 static int srpt_alloc_srq(struct srpt_device *sdev)
3053 struct ib_srq_init_attr srq_attr = {
3054 .event_handler = srpt_srq_event,
3055 .srq_context = (void *)sdev,
3056 .attr.max_wr = sdev->srq_size,
3058 .srq_type = IB_SRQT_BASIC,
3060 struct ib_device *device = sdev->device;
3064 WARN_ON_ONCE(sdev->srq);
3065 srq = ib_create_srq(sdev->pd, &srq_attr);
3067 pr_debug("ib_create_srq() failed: %ld\n", PTR_ERR(srq));
3068 return PTR_ERR(srq);
3071 pr_debug("create SRQ #wr= %d max_allow=%d dev= %s\n", sdev->srq_size,
3072 sdev->device->attrs.max_srq_wr, dev_name(&device->dev));
3074 sdev->req_buf_cache = kmem_cache_create("srpt-srq-req-buf",
3075 srp_max_req_size, 0, 0, NULL);
3076 if (!sdev->req_buf_cache)
3079 sdev->ioctx_ring = (struct srpt_recv_ioctx **)
3080 srpt_alloc_ioctx_ring(sdev, sdev->srq_size,
3081 sizeof(*sdev->ioctx_ring[0]),
3082 sdev->req_buf_cache, 0, DMA_FROM_DEVICE);
3083 if (!sdev->ioctx_ring)
3086 sdev->use_srq = true;
3089 for (i = 0; i < sdev->srq_size; ++i) {
3090 INIT_LIST_HEAD(&sdev->ioctx_ring[i]->wait_list);
3091 srpt_post_recv(sdev, NULL, sdev->ioctx_ring[i]);
3097 kmem_cache_destroy(sdev->req_buf_cache);
3100 ib_destroy_srq(srq);
3104 static int srpt_use_srq(struct srpt_device *sdev, bool use_srq)
3106 struct ib_device *device = sdev->device;
3110 srpt_free_srq(sdev);
3111 sdev->use_srq = false;
3112 } else if (use_srq && !sdev->srq) {
3113 ret = srpt_alloc_srq(sdev);
3115 pr_debug("%s(%s): use_srq = %d; ret = %d\n", __func__,
3116 dev_name(&device->dev), sdev->use_srq, ret);
3120 static void srpt_free_sdev(struct kref *refcnt)
3122 struct srpt_device *sdev = container_of(refcnt, typeof(*sdev), refcnt);
3127 static void srpt_sdev_put(struct srpt_device *sdev)
3129 kref_put(&sdev->refcnt, srpt_free_sdev);
3133 * srpt_add_one - InfiniBand device addition callback function
3134 * @device: Describes a HCA.
3136 static int srpt_add_one(struct ib_device *device)
3138 struct srpt_device *sdev;
3139 struct srpt_port *sport;
3142 pr_debug("device = %p\n", device);
3144 sdev = kzalloc(struct_size(sdev, port, device->phys_port_cnt),
3149 kref_init(&sdev->refcnt);
3150 sdev->device = device;
3151 mutex_init(&sdev->sdev_mutex);
3153 sdev->pd = ib_alloc_pd(device, 0);
3154 if (IS_ERR(sdev->pd)) {
3155 ret = PTR_ERR(sdev->pd);
3159 sdev->lkey = sdev->pd->local_dma_lkey;
3161 sdev->srq_size = min(srpt_srq_size, sdev->device->attrs.max_srq_wr);
3163 srpt_use_srq(sdev, sdev->port[0].port_attrib.use_srq);
3165 if (!srpt_service_guid)
3166 srpt_service_guid = be64_to_cpu(device->node_guid);
3168 if (rdma_port_get_link_layer(device, 1) == IB_LINK_LAYER_INFINIBAND)
3169 sdev->cm_id = ib_create_cm_id(device, srpt_cm_handler, sdev);
3170 if (IS_ERR(sdev->cm_id)) {
3171 pr_info("ib_create_cm_id() failed: %ld\n",
3172 PTR_ERR(sdev->cm_id));
3173 ret = PTR_ERR(sdev->cm_id);
3179 /* print out target login information */
3180 pr_debug("Target login info: id_ext=%016llx,ioc_guid=%016llx,pkey=ffff,service_id=%016llx\n",
3181 srpt_service_guid, srpt_service_guid, srpt_service_guid);
3184 * We do not have a consistent service_id (ie. also id_ext of target_id)
3185 * to identify this target. We currently use the guid of the first HCA
3186 * in the system as service_id; therefore, the target_id will change
3187 * if this HCA is gone bad and replaced by different HCA
3190 ib_cm_listen(sdev->cm_id, cpu_to_be64(srpt_service_guid), 0) :
3193 pr_err("ib_cm_listen() failed: %d (cm_id state = %d)\n", ret,
3194 sdev->cm_id->state);
3198 INIT_IB_EVENT_HANDLER(&sdev->event_handler, sdev->device,
3199 srpt_event_handler);
3200 ib_register_event_handler(&sdev->event_handler);
3202 for (i = 1; i <= sdev->device->phys_port_cnt; i++) {
3203 sport = &sdev->port[i - 1];
3204 INIT_LIST_HEAD(&sport->nexus_list);
3205 mutex_init(&sport->mutex);
3208 sport->port_attrib.srp_max_rdma_size = DEFAULT_MAX_RDMA_SIZE;
3209 sport->port_attrib.srp_max_rsp_size = DEFAULT_MAX_RSP_SIZE;
3210 sport->port_attrib.srp_sq_size = DEF_SRPT_SQ_SIZE;
3211 sport->port_attrib.use_srq = false;
3212 INIT_WORK(&sport->work, srpt_refresh_port_work);
3214 ret = srpt_refresh_port(sport);
3216 pr_err("MAD registration failed for %s-%d.\n",
3217 dev_name(&sdev->device->dev), i);
3223 spin_lock(&srpt_dev_lock);
3224 list_add_tail(&sdev->list, &srpt_dev_list);
3225 spin_unlock(&srpt_dev_lock);
3227 ib_set_client_data(device, &srpt_client, sdev);
3228 pr_debug("added %s.\n", dev_name(&device->dev));
3232 srpt_unregister_mad_agent(sdev, i);
3233 ib_unregister_event_handler(&sdev->event_handler);
3236 ib_destroy_cm_id(sdev->cm_id);
3238 srpt_free_srq(sdev);
3239 ib_dealloc_pd(sdev->pd);
3241 srpt_sdev_put(sdev);
3242 pr_info("%s(%s) failed.\n", __func__, dev_name(&device->dev));
3247 * srpt_remove_one - InfiniBand device removal callback function
3248 * @device: Describes a HCA.
3249 * @client_data: The value passed as the third argument to ib_set_client_data().
3251 static void srpt_remove_one(struct ib_device *device, void *client_data)
3253 struct srpt_device *sdev = client_data;
3256 srpt_unregister_mad_agent(sdev, sdev->device->phys_port_cnt);
3258 ib_unregister_event_handler(&sdev->event_handler);
3260 /* Cancel any work queued by the just unregistered IB event handler. */
3261 for (i = 0; i < sdev->device->phys_port_cnt; i++)
3262 cancel_work_sync(&sdev->port[i].work);
3265 ib_destroy_cm_id(sdev->cm_id);
3267 ib_set_client_data(device, &srpt_client, NULL);
3270 * Unregistering a target must happen after destroying sdev->cm_id
3271 * such that no new SRP_LOGIN_REQ information units can arrive while
3272 * destroying the target.
3274 spin_lock(&srpt_dev_lock);
3275 list_del(&sdev->list);
3276 spin_unlock(&srpt_dev_lock);
3278 for (i = 0; i < sdev->device->phys_port_cnt; i++)
3279 srpt_release_sport(&sdev->port[i]);
3281 srpt_free_srq(sdev);
3283 ib_dealloc_pd(sdev->pd);
3285 srpt_sdev_put(sdev);
3288 static struct ib_client srpt_client = {
3290 .add = srpt_add_one,
3291 .remove = srpt_remove_one
3294 static int srpt_check_true(struct se_portal_group *se_tpg)
3299 static int srpt_check_false(struct se_portal_group *se_tpg)
3304 static struct srpt_port *srpt_tpg_to_sport(struct se_portal_group *tpg)
3306 return tpg->se_tpg_wwn->priv;
3309 static struct srpt_port_id *srpt_wwn_to_sport_id(struct se_wwn *wwn)
3311 struct srpt_port *sport = wwn->priv;
3313 if (sport->guid_id && &sport->guid_id->wwn == wwn)
3314 return sport->guid_id;
3315 if (sport->gid_id && &sport->gid_id->wwn == wwn)
3316 return sport->gid_id;
3321 static char *srpt_get_fabric_wwn(struct se_portal_group *tpg)
3323 struct srpt_tpg *stpg = container_of(tpg, typeof(*stpg), tpg);
3325 return stpg->sport_id->name;
3328 static u16 srpt_get_tag(struct se_portal_group *tpg)
3333 static u32 srpt_tpg_get_inst_index(struct se_portal_group *se_tpg)
3338 static void srpt_release_cmd(struct se_cmd *se_cmd)
3340 struct srpt_send_ioctx *ioctx = container_of(se_cmd,
3341 struct srpt_send_ioctx, cmd);
3342 struct srpt_rdma_ch *ch = ioctx->ch;
3343 struct srpt_recv_ioctx *recv_ioctx = ioctx->recv_ioctx;
3345 WARN_ON_ONCE(ioctx->state != SRPT_STATE_DONE &&
3346 !(ioctx->cmd.transport_state & CMD_T_ABORTED));
3349 WARN_ON_ONCE(!list_empty(&recv_ioctx->wait_list));
3350 ioctx->recv_ioctx = NULL;
3351 srpt_post_recv(ch->sport->sdev, ch, recv_ioctx);
3354 if (ioctx->n_rw_ctx) {
3355 srpt_free_rw_ctxs(ch, ioctx);
3356 ioctx->n_rw_ctx = 0;
3359 target_free_tag(se_cmd->se_sess, se_cmd);
3363 * srpt_close_session - forcibly close a session
3364 * @se_sess: SCSI target session.
3366 * Callback function invoked by the TCM core to clean up sessions associated
3367 * with a node ACL when the user invokes
3368 * rmdir /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id
3370 static void srpt_close_session(struct se_session *se_sess)
3372 struct srpt_rdma_ch *ch = se_sess->fabric_sess_ptr;
3374 srpt_disconnect_ch_sync(ch);
3378 * srpt_sess_get_index - return the value of scsiAttIntrPortIndex (SCSI-MIB)
3379 * @se_sess: SCSI target session.
3381 * A quote from RFC 4455 (SCSI-MIB) about this MIB object:
3382 * This object represents an arbitrary integer used to uniquely identify a
3383 * particular attached remote initiator port to a particular SCSI target port
3384 * within a particular SCSI target device within a particular SCSI instance.
3386 static u32 srpt_sess_get_index(struct se_session *se_sess)
3391 static void srpt_set_default_node_attrs(struct se_node_acl *nacl)
3395 /* Note: only used from inside debug printk's by the TCM core. */
3396 static int srpt_get_tcm_cmd_state(struct se_cmd *se_cmd)
3398 struct srpt_send_ioctx *ioctx;
3400 ioctx = container_of(se_cmd, struct srpt_send_ioctx, cmd);
3401 return ioctx->state;
3404 static int srpt_parse_guid(u64 *guid, const char *name)
3409 if (sscanf(name, "%hx:%hx:%hx:%hx", &w[0], &w[1], &w[2], &w[3]) != 4)
3411 *guid = get_unaligned_be64(w);
3418 * srpt_parse_i_port_id - parse an initiator port ID
3419 * @name: ASCII representation of a 128-bit initiator port ID.
3420 * @i_port_id: Binary 128-bit port ID.
3422 static int srpt_parse_i_port_id(u8 i_port_id[16], const char *name)
3425 unsigned len, count, leading_zero_bytes;
3429 if (strncasecmp(p, "0x", 2) == 0)
3435 count = min(len / 2, 16U);
3436 leading_zero_bytes = 16 - count;
3437 memset(i_port_id, 0, leading_zero_bytes);
3438 ret = hex2bin(i_port_id + leading_zero_bytes, p, count);
3445 * configfs callback function invoked for mkdir
3446 * /sys/kernel/config/target/$driver/$port/$tpg/acls/$i_port_id
3448 * i_port_id must be an initiator port GUID, GID or IP address. See also the
3449 * target_alloc_session() calls in this driver. Examples of valid initiator
3451 * 0x0000000000000000505400fffe4a0b7b
3452 * 0000000000000000505400fffe4a0b7b
3453 * 5054:00ff:fe4a:0b7b
3456 static int srpt_init_nodeacl(struct se_node_acl *se_nacl, const char *name)
3458 struct sockaddr_storage sa;
3463 ret = srpt_parse_guid(&guid, name);
3465 ret = srpt_parse_i_port_id(i_port_id, name);
3467 ret = inet_pton_with_scope(&init_net, AF_UNSPEC, name, NULL,
3470 pr_err("invalid initiator port ID %s\n", name);
3474 static ssize_t srpt_tpg_attrib_srp_max_rdma_size_show(struct config_item *item,
3477 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3478 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3480 return sprintf(page, "%u\n", sport->port_attrib.srp_max_rdma_size);
3483 static ssize_t srpt_tpg_attrib_srp_max_rdma_size_store(struct config_item *item,
3484 const char *page, size_t count)
3486 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3487 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3491 ret = kstrtoul(page, 0, &val);
3493 pr_err("kstrtoul() failed with ret: %d\n", ret);
3496 if (val > MAX_SRPT_RDMA_SIZE) {
3497 pr_err("val: %lu exceeds MAX_SRPT_RDMA_SIZE: %d\n", val,
3498 MAX_SRPT_RDMA_SIZE);
3501 if (val < DEFAULT_MAX_RDMA_SIZE) {
3502 pr_err("val: %lu smaller than DEFAULT_MAX_RDMA_SIZE: %d\n",
3503 val, DEFAULT_MAX_RDMA_SIZE);
3506 sport->port_attrib.srp_max_rdma_size = val;
3511 static ssize_t srpt_tpg_attrib_srp_max_rsp_size_show(struct config_item *item,
3514 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3515 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3517 return sprintf(page, "%u\n", sport->port_attrib.srp_max_rsp_size);
3520 static ssize_t srpt_tpg_attrib_srp_max_rsp_size_store(struct config_item *item,
3521 const char *page, size_t count)
3523 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3524 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3528 ret = kstrtoul(page, 0, &val);
3530 pr_err("kstrtoul() failed with ret: %d\n", ret);
3533 if (val > MAX_SRPT_RSP_SIZE) {
3534 pr_err("val: %lu exceeds MAX_SRPT_RSP_SIZE: %d\n", val,
3538 if (val < MIN_MAX_RSP_SIZE) {
3539 pr_err("val: %lu smaller than MIN_MAX_RSP_SIZE: %d\n", val,
3543 sport->port_attrib.srp_max_rsp_size = val;
3548 static ssize_t srpt_tpg_attrib_srp_sq_size_show(struct config_item *item,
3551 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3552 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3554 return sprintf(page, "%u\n", sport->port_attrib.srp_sq_size);
3557 static ssize_t srpt_tpg_attrib_srp_sq_size_store(struct config_item *item,
3558 const char *page, size_t count)
3560 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3561 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3565 ret = kstrtoul(page, 0, &val);
3567 pr_err("kstrtoul() failed with ret: %d\n", ret);
3570 if (val > MAX_SRPT_SRQ_SIZE) {
3571 pr_err("val: %lu exceeds MAX_SRPT_SRQ_SIZE: %d\n", val,
3575 if (val < MIN_SRPT_SRQ_SIZE) {
3576 pr_err("val: %lu smaller than MIN_SRPT_SRQ_SIZE: %d\n", val,
3580 sport->port_attrib.srp_sq_size = val;
3585 static ssize_t srpt_tpg_attrib_use_srq_show(struct config_item *item,
3588 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3589 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3591 return sprintf(page, "%d\n", sport->port_attrib.use_srq);
3594 static ssize_t srpt_tpg_attrib_use_srq_store(struct config_item *item,
3595 const char *page, size_t count)
3597 struct se_portal_group *se_tpg = attrib_to_tpg(item);
3598 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3599 struct srpt_device *sdev = sport->sdev;
3604 ret = kstrtoul(page, 0, &val);
3610 ret = mutex_lock_interruptible(&sdev->sdev_mutex);
3613 ret = mutex_lock_interruptible(&sport->mutex);
3616 enabled = sport->enabled;
3617 /* Log out all initiator systems before changing 'use_srq'. */
3618 srpt_set_enabled(sport, false);
3619 sport->port_attrib.use_srq = val;
3620 srpt_use_srq(sdev, sport->port_attrib.use_srq);
3621 srpt_set_enabled(sport, enabled);
3623 mutex_unlock(&sport->mutex);
3625 mutex_unlock(&sdev->sdev_mutex);
3630 CONFIGFS_ATTR(srpt_tpg_attrib_, srp_max_rdma_size);
3631 CONFIGFS_ATTR(srpt_tpg_attrib_, srp_max_rsp_size);
3632 CONFIGFS_ATTR(srpt_tpg_attrib_, srp_sq_size);
3633 CONFIGFS_ATTR(srpt_tpg_attrib_, use_srq);
3635 static struct configfs_attribute *srpt_tpg_attrib_attrs[] = {
3636 &srpt_tpg_attrib_attr_srp_max_rdma_size,
3637 &srpt_tpg_attrib_attr_srp_max_rsp_size,
3638 &srpt_tpg_attrib_attr_srp_sq_size,
3639 &srpt_tpg_attrib_attr_use_srq,
3643 static struct rdma_cm_id *srpt_create_rdma_id(struct sockaddr *listen_addr)
3645 struct rdma_cm_id *rdma_cm_id;
3648 rdma_cm_id = rdma_create_id(&init_net, srpt_rdma_cm_handler,
3649 NULL, RDMA_PS_TCP, IB_QPT_RC);
3650 if (IS_ERR(rdma_cm_id)) {
3651 pr_err("RDMA/CM ID creation failed: %ld\n",
3652 PTR_ERR(rdma_cm_id));
3656 ret = rdma_bind_addr(rdma_cm_id, listen_addr);
3660 snprintf(addr_str, sizeof(addr_str), "%pISp", listen_addr);
3661 pr_err("Binding RDMA/CM ID to address %s failed: %d\n",
3663 rdma_destroy_id(rdma_cm_id);
3664 rdma_cm_id = ERR_PTR(ret);
3668 ret = rdma_listen(rdma_cm_id, 128);
3670 pr_err("rdma_listen() failed: %d\n", ret);
3671 rdma_destroy_id(rdma_cm_id);
3672 rdma_cm_id = ERR_PTR(ret);
3679 static ssize_t srpt_rdma_cm_port_show(struct config_item *item, char *page)
3681 return sprintf(page, "%d\n", rdma_cm_port);
3684 static ssize_t srpt_rdma_cm_port_store(struct config_item *item,
3685 const char *page, size_t count)
3687 struct sockaddr_in addr4 = { .sin_family = AF_INET };
3688 struct sockaddr_in6 addr6 = { .sin6_family = AF_INET6 };
3689 struct rdma_cm_id *new_id = NULL;
3693 ret = kstrtou16(page, 0, &val);
3697 if (rdma_cm_port == val)
3701 addr6.sin6_port = cpu_to_be16(val);
3702 new_id = srpt_create_rdma_id((struct sockaddr *)&addr6);
3703 if (IS_ERR(new_id)) {
3704 addr4.sin_port = cpu_to_be16(val);
3705 new_id = srpt_create_rdma_id((struct sockaddr *)&addr4);
3706 if (IS_ERR(new_id)) {
3707 ret = PTR_ERR(new_id);
3713 mutex_lock(&rdma_cm_mutex);
3715 swap(rdma_cm_id, new_id);
3716 mutex_unlock(&rdma_cm_mutex);
3719 rdma_destroy_id(new_id);
3725 CONFIGFS_ATTR(srpt_, rdma_cm_port);
3727 static struct configfs_attribute *srpt_da_attrs[] = {
3728 &srpt_attr_rdma_cm_port,
3732 static ssize_t srpt_tpg_enable_show(struct config_item *item, char *page)
3734 struct se_portal_group *se_tpg = to_tpg(item);
3735 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3737 return snprintf(page, PAGE_SIZE, "%d\n", sport->enabled);
3740 static ssize_t srpt_tpg_enable_store(struct config_item *item,
3741 const char *page, size_t count)
3743 struct se_portal_group *se_tpg = to_tpg(item);
3744 struct srpt_port *sport = srpt_tpg_to_sport(se_tpg);
3748 ret = kstrtoul(page, 0, &tmp);
3750 pr_err("Unable to extract srpt_tpg_store_enable\n");
3754 if ((tmp != 0) && (tmp != 1)) {
3755 pr_err("Illegal value for srpt_tpg_store_enable: %lu\n", tmp);
3759 mutex_lock(&sport->mutex);
3760 srpt_set_enabled(sport, tmp);
3761 mutex_unlock(&sport->mutex);
3766 CONFIGFS_ATTR(srpt_tpg_, enable);
3768 static struct configfs_attribute *srpt_tpg_attrs[] = {
3769 &srpt_tpg_attr_enable,
3774 * srpt_make_tpg - configfs callback invoked for mkdir /sys/kernel/config/target/$driver/$port/$tpg
3775 * @wwn: Corresponds to $driver/$port.
3778 static struct se_portal_group *srpt_make_tpg(struct se_wwn *wwn,
3781 struct srpt_port_id *sport_id = srpt_wwn_to_sport_id(wwn);
3782 struct srpt_tpg *stpg;
3785 stpg = kzalloc(sizeof(*stpg), GFP_KERNEL);
3787 return ERR_PTR(res);
3788 stpg->sport_id = sport_id;
3789 res = core_tpg_register(wwn, &stpg->tpg, SCSI_PROTOCOL_SRP);
3792 return ERR_PTR(res);
3795 mutex_lock(&sport_id->mutex);
3796 list_add_tail(&stpg->entry, &sport_id->tpg_list);
3797 mutex_unlock(&sport_id->mutex);
3803 * srpt_drop_tpg - configfs callback invoked for rmdir /sys/kernel/config/target/$driver/$port/$tpg
3804 * @tpg: Target portal group to deregister.
3806 static void srpt_drop_tpg(struct se_portal_group *tpg)
3808 struct srpt_tpg *stpg = container_of(tpg, typeof(*stpg), tpg);
3809 struct srpt_port_id *sport_id = stpg->sport_id;
3810 struct srpt_port *sport = srpt_tpg_to_sport(tpg);
3812 mutex_lock(&sport_id->mutex);
3813 list_del(&stpg->entry);
3814 mutex_unlock(&sport_id->mutex);
3816 sport->enabled = false;
3817 core_tpg_deregister(tpg);
3822 * srpt_make_tport - configfs callback invoked for mkdir /sys/kernel/config/target/$driver/$port
3827 static struct se_wwn *srpt_make_tport(struct target_fabric_configfs *tf,
3828 struct config_group *group,
3831 struct port_and_port_id papi = srpt_lookup_port(name);
3832 struct srpt_port *sport = papi.sport;
3833 struct srpt_port_id *port_id;
3836 return ERR_PTR(-EINVAL);
3837 if (*papi.port_id) {
3838 /* Attempt to create a directory that already exists. */
3840 return &(*papi.port_id)->wwn;
3842 port_id = kzalloc(sizeof(*port_id), GFP_KERNEL);
3844 srpt_sdev_put(sport->sdev);
3845 return ERR_PTR(-ENOMEM);
3847 mutex_init(&port_id->mutex);
3848 INIT_LIST_HEAD(&port_id->tpg_list);
3849 port_id->wwn.priv = sport;
3850 memcpy(port_id->name, port_id == sport->guid_id ? sport->guid_name :
3851 sport->gid_name, ARRAY_SIZE(port_id->name));
3853 *papi.port_id = port_id;
3855 return &port_id->wwn;
3859 * srpt_drop_tport - configfs callback invoked for rmdir /sys/kernel/config/target/$driver/$port
3862 static void srpt_drop_tport(struct se_wwn *wwn)
3864 struct srpt_port_id *port_id = container_of(wwn, typeof(*port_id), wwn);
3865 struct srpt_port *sport = wwn->priv;
3867 if (sport->guid_id == port_id)
3868 sport->guid_id = NULL;
3869 else if (sport->gid_id == port_id)
3870 sport->gid_id = NULL;
3874 srpt_sdev_put(sport->sdev);
3878 static ssize_t srpt_wwn_version_show(struct config_item *item, char *buf)
3880 return scnprintf(buf, PAGE_SIZE, "\n");
3883 CONFIGFS_ATTR_RO(srpt_wwn_, version);
3885 static struct configfs_attribute *srpt_wwn_attrs[] = {
3886 &srpt_wwn_attr_version,
3890 static const struct target_core_fabric_ops srpt_template = {
3891 .module = THIS_MODULE,
3892 .fabric_name = "srpt",
3893 .tpg_get_wwn = srpt_get_fabric_wwn,
3894 .tpg_get_tag = srpt_get_tag,
3895 .tpg_check_demo_mode = srpt_check_false,
3896 .tpg_check_demo_mode_cache = srpt_check_true,
3897 .tpg_check_demo_mode_write_protect = srpt_check_true,
3898 .tpg_check_prod_mode_write_protect = srpt_check_false,
3899 .tpg_get_inst_index = srpt_tpg_get_inst_index,
3900 .release_cmd = srpt_release_cmd,
3901 .check_stop_free = srpt_check_stop_free,
3902 .close_session = srpt_close_session,
3903 .sess_get_index = srpt_sess_get_index,
3904 .sess_get_initiator_sid = NULL,
3905 .write_pending = srpt_write_pending,
3906 .set_default_node_attributes = srpt_set_default_node_attrs,
3907 .get_cmd_state = srpt_get_tcm_cmd_state,
3908 .queue_data_in = srpt_queue_data_in,
3909 .queue_status = srpt_queue_status,
3910 .queue_tm_rsp = srpt_queue_tm_rsp,
3911 .aborted_task = srpt_aborted_task,
3913 * Setup function pointers for generic logic in
3914 * target_core_fabric_configfs.c
3916 .fabric_make_wwn = srpt_make_tport,
3917 .fabric_drop_wwn = srpt_drop_tport,
3918 .fabric_make_tpg = srpt_make_tpg,
3919 .fabric_drop_tpg = srpt_drop_tpg,
3920 .fabric_init_nodeacl = srpt_init_nodeacl,
3922 .tfc_discovery_attrs = srpt_da_attrs,
3923 .tfc_wwn_attrs = srpt_wwn_attrs,
3924 .tfc_tpg_base_attrs = srpt_tpg_attrs,
3925 .tfc_tpg_attrib_attrs = srpt_tpg_attrib_attrs,
3929 * srpt_init_module - kernel module initialization
3931 * Note: Since ib_register_client() registers callback functions, and since at
3932 * least one of these callback functions (srpt_add_one()) calls target core
3933 * functions, this driver must be registered with the target core before
3934 * ib_register_client() is called.
3936 static int __init srpt_init_module(void)
3941 if (srp_max_req_size < MIN_MAX_REQ_SIZE) {
3942 pr_err("invalid value %d for kernel module parameter srp_max_req_size -- must be at least %d.\n",
3943 srp_max_req_size, MIN_MAX_REQ_SIZE);
3947 if (srpt_srq_size < MIN_SRPT_SRQ_SIZE
3948 || srpt_srq_size > MAX_SRPT_SRQ_SIZE) {
3949 pr_err("invalid value %d for kernel module parameter srpt_srq_size -- must be in the range [%d..%d].\n",
3950 srpt_srq_size, MIN_SRPT_SRQ_SIZE, MAX_SRPT_SRQ_SIZE);
3954 ret = target_register_template(&srpt_template);
3958 ret = ib_register_client(&srpt_client);
3960 pr_err("couldn't register IB client\n");
3961 goto out_unregister_target;
3966 out_unregister_target:
3967 target_unregister_template(&srpt_template);
3972 static void __exit srpt_cleanup_module(void)
3975 rdma_destroy_id(rdma_cm_id);
3976 ib_unregister_client(&srpt_client);
3977 target_unregister_template(&srpt_template);
3980 module_init(srpt_init_module);
3981 module_exit(srpt_cleanup_module);