1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * SCSI Primary Commands (SPC) parsing and emulation.
4  *
5  * (c) Copyright 2002-2013 Datera, Inc.
6  *
7  * Nicholas A. Bellinger <nab@kernel.org>
8  */
9 
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <asm/unaligned.h>
13 
14 #include <scsi/scsi_proto.h>
15 #include <scsi/scsi_common.h>
16 #include <scsi/scsi_tcq.h>
17 
18 #include <target/target_core_base.h>
19 #include <target/target_core_backend.h>
20 #include <target/target_core_fabric.h>
21 
22 #include "target_core_internal.h"
23 #include "target_core_alua.h"
24 #include "target_core_pr.h"
25 #include "target_core_ua.h"
26 #include "target_core_xcopy.h"
27 
spc_fill_alua_data(struct se_lun * lun,unsigned char * buf)28 static void spc_fill_alua_data(struct se_lun *lun, unsigned char *buf)
29 {
30 	struct t10_alua_tg_pt_gp *tg_pt_gp;
31 
32 	/*
33 	 * Set SCCS for MAINTENANCE_IN + REPORT_TARGET_PORT_GROUPS.
34 	 */
35 	buf[5]	= 0x80;
36 
37 	/*
38 	 * Set TPGS field for explicit and/or implicit ALUA access type
39 	 * and opteration.
40 	 *
41 	 * See spc4r17 section 6.4.2 Table 135
42 	 */
43 	rcu_read_lock();
44 	tg_pt_gp = rcu_dereference(lun->lun_tg_pt_gp);
45 	if (tg_pt_gp)
46 		buf[5] |= tg_pt_gp->tg_pt_gp_alua_access_type;
47 	rcu_read_unlock();
48 }
49 
50 static u16
spc_find_scsi_transport_vd(int proto_id)51 spc_find_scsi_transport_vd(int proto_id)
52 {
53 	switch (proto_id) {
54 	case SCSI_PROTOCOL_FCP:
55 		return SCSI_VERSION_DESCRIPTOR_FCP4;
56 	case SCSI_PROTOCOL_ISCSI:
57 		return SCSI_VERSION_DESCRIPTOR_ISCSI;
58 	case SCSI_PROTOCOL_SAS:
59 		return SCSI_VERSION_DESCRIPTOR_SAS3;
60 	case SCSI_PROTOCOL_SBP:
61 		return SCSI_VERSION_DESCRIPTOR_SBP3;
62 	case SCSI_PROTOCOL_SRP:
63 		return SCSI_VERSION_DESCRIPTOR_SRP;
64 	default:
65 		pr_warn("Cannot find VERSION DESCRIPTOR value for unknown SCSI"
66 			" transport PROTOCOL IDENTIFIER %#x\n", proto_id);
67 		return 0;
68 	}
69 }
70 
71 sense_reason_t
spc_emulate_inquiry_std(struct se_cmd * cmd,unsigned char * buf)72 spc_emulate_inquiry_std(struct se_cmd *cmd, unsigned char *buf)
73 {
74 	struct se_lun *lun = cmd->se_lun;
75 	struct se_portal_group *tpg = lun->lun_tpg;
76 	struct se_device *dev = cmd->se_dev;
77 	struct se_session *sess = cmd->se_sess;
78 
79 	/* Set RMB (removable media) for tape devices */
80 	if (dev->transport->get_device_type(dev) == TYPE_TAPE)
81 		buf[1] = 0x80;
82 
83 	buf[2] = 0x06; /* SPC-4 */
84 
85 	/*
86 	 * NORMACA and HISUP = 0, RESPONSE DATA FORMAT = 2
87 	 *
88 	 * SPC4 says:
89 	 *   A RESPONSE DATA FORMAT field set to 2h indicates that the
90 	 *   standard INQUIRY data is in the format defined in this
91 	 *   standard. Response data format values less than 2h are
92 	 *   obsolete. Response data format values greater than 2h are
93 	 *   reserved.
94 	 */
95 	buf[3] = 2;
96 
97 	/*
98 	 * Enable SCCS and TPGS fields for Emulated ALUA
99 	 */
100 	spc_fill_alua_data(lun, buf);
101 
102 	/*
103 	 * Set Third-Party Copy (3PC) bit to indicate support for EXTENDED_COPY
104 	 */
105 	if (dev->dev_attrib.emulate_3pc)
106 		buf[5] |= 0x8;
107 	/*
108 	 * Set Protection (PROTECT) bit when DIF has been enabled on the
109 	 * device, and the fabric supports VERIFY + PASS.  Also report
110 	 * PROTECT=1 if sess_prot_type has been configured to allow T10-PI
111 	 * to unprotected devices.
112 	 */
113 	if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
114 		if (dev->dev_attrib.pi_prot_type || cmd->se_sess->sess_prot_type)
115 			buf[5] |= 0x1;
116 	}
117 
118 	/*
119 	 * Set MULTIP bit to indicate presence of multiple SCSI target ports
120 	 */
121 	if (dev->export_count > 1)
122 		buf[6] |= 0x10;
123 
124 	buf[7] = 0x2; /* CmdQue=1 */
125 
126 	/*
127 	 * ASCII data fields described as being left-aligned shall have any
128 	 * unused bytes at the end of the field (i.e., highest offset) and the
129 	 * unused bytes shall be filled with ASCII space characters (20h).
130 	 */
131 	memset(&buf[8], 0x20,
132 	       INQUIRY_VENDOR_LEN + INQUIRY_MODEL_LEN + INQUIRY_REVISION_LEN);
133 	memcpy(&buf[8], dev->t10_wwn.vendor,
134 	       strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
135 	memcpy(&buf[16], dev->t10_wwn.model,
136 	       strnlen(dev->t10_wwn.model, INQUIRY_MODEL_LEN));
137 	memcpy(&buf[32], dev->t10_wwn.revision,
138 	       strnlen(dev->t10_wwn.revision, INQUIRY_REVISION_LEN));
139 
140 	/*
141 	 * Set the VERSION DESCRIPTOR fields
142 	 */
143 	put_unaligned_be16(SCSI_VERSION_DESCRIPTOR_SAM5, &buf[58]);
144 	put_unaligned_be16(spc_find_scsi_transport_vd(tpg->proto_id), &buf[60]);
145 	put_unaligned_be16(SCSI_VERSION_DESCRIPTOR_SPC4, &buf[62]);
146 	if (cmd->se_dev->transport->get_device_type(dev) == TYPE_DISK)
147 		put_unaligned_be16(SCSI_VERSION_DESCRIPTOR_SBC3, &buf[64]);
148 
149 	buf[4] = 91; /* Set additional length to 91 */
150 
151 	return 0;
152 }
153 EXPORT_SYMBOL(spc_emulate_inquiry_std);
154 
155 /* unit serial number */
156 static sense_reason_t
spc_emulate_evpd_80(struct se_cmd * cmd,unsigned char * buf)157 spc_emulate_evpd_80(struct se_cmd *cmd, unsigned char *buf)
158 {
159 	struct se_device *dev = cmd->se_dev;
160 	u16 len;
161 
162 	if (dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
163 		len = sprintf(&buf[4], "%s", dev->t10_wwn.unit_serial);
164 		len++; /* Extra Byte for NULL Terminator */
165 		buf[3] = len;
166 	}
167 	return 0;
168 }
169 
170 /*
171  * Generate NAA IEEE Registered Extended designator
172  */
spc_gen_naa_6h_vendor_specific(struct se_device * dev,unsigned char * buf)173 void spc_gen_naa_6h_vendor_specific(struct se_device *dev,
174 				    unsigned char *buf)
175 {
176 	unsigned char *p = &dev->t10_wwn.unit_serial[0];
177 	u32 company_id = dev->t10_wwn.company_id;
178 	int cnt, off = 0;
179 	bool next = true;
180 
181 	/*
182 	 * Start NAA IEEE Registered Extended Identifier/Designator
183 	 */
184 	buf[off] = 0x6 << 4;
185 
186 	/* IEEE COMPANY_ID */
187 	buf[off++] |= (company_id >> 20) & 0xf;
188 	buf[off++] = (company_id >> 12) & 0xff;
189 	buf[off++] = (company_id >> 4) & 0xff;
190 	buf[off] = (company_id & 0xf) << 4;
191 
192 	/*
193 	 * Generate up to 36 bits of VENDOR SPECIFIC IDENTIFIER starting on
194 	 * byte 3 bit 3-0 for NAA IEEE Registered Extended DESIGNATOR field
195 	 * format, followed by 64 bits of VENDOR SPECIFIC IDENTIFIER EXTENSION
196 	 * to complete the payload.  These are based from VPD=0x80 PRODUCT SERIAL
197 	 * NUMBER set via vpd_unit_serial in target_core_configfs.c to ensure
198 	 * per device uniqeness.
199 	 */
200 	for (cnt = off + 13; *p && off < cnt; p++) {
201 		int val = hex_to_bin(*p);
202 
203 		if (val < 0)
204 			continue;
205 
206 		if (next) {
207 			next = false;
208 			buf[off++] |= val;
209 		} else {
210 			next = true;
211 			buf[off] = val << 4;
212 		}
213 	}
214 }
215 
216 /*
217  * Device identification VPD, for a complete list of
218  * DESIGNATOR TYPEs see spc4r17 Table 459.
219  */
220 sense_reason_t
spc_emulate_evpd_83(struct se_cmd * cmd,unsigned char * buf)221 spc_emulate_evpd_83(struct se_cmd *cmd, unsigned char *buf)
222 {
223 	struct se_device *dev = cmd->se_dev;
224 	struct se_lun *lun = cmd->se_lun;
225 	struct se_portal_group *tpg = NULL;
226 	struct t10_alua_lu_gp_member *lu_gp_mem;
227 	struct t10_alua_tg_pt_gp *tg_pt_gp;
228 	unsigned char *prod = &dev->t10_wwn.model[0];
229 	u32 prod_len;
230 	u32 unit_serial_len, off = 0;
231 	u16 len = 0, id_len;
232 
233 	off = 4;
234 
235 	/*
236 	 * NAA IEEE Registered Extended Assigned designator format, see
237 	 * spc4r17 section 7.7.3.6.5
238 	 *
239 	 * We depend upon a target_core_mod/ConfigFS provided
240 	 * /sys/kernel/config/target/core/$HBA/$DEV/wwn/vpd_unit_serial
241 	 * value in order to return the NAA id.
242 	 */
243 	if (!(dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL))
244 		goto check_t10_vend_desc;
245 
246 	/* CODE SET == Binary */
247 	buf[off++] = 0x1;
248 
249 	/* Set ASSOCIATION == addressed logical unit: 0)b */
250 	buf[off] = 0x00;
251 
252 	/* Identifier/Designator type == NAA identifier */
253 	buf[off++] |= 0x3;
254 	off++;
255 
256 	/* Identifier/Designator length */
257 	buf[off++] = 0x10;
258 
259 	/* NAA IEEE Registered Extended designator */
260 	spc_gen_naa_6h_vendor_specific(dev, &buf[off]);
261 
262 	len = 20;
263 	off = (len + 4);
264 
265 check_t10_vend_desc:
266 	/*
267 	 * T10 Vendor Identifier Page, see spc4r17 section 7.7.3.4
268 	 */
269 	id_len = 8; /* For Vendor field */
270 	prod_len = 4; /* For VPD Header */
271 	prod_len += 8; /* For Vendor field */
272 	prod_len += strlen(prod);
273 	prod_len++; /* For : */
274 
275 	if (dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
276 		unit_serial_len = strlen(&dev->t10_wwn.unit_serial[0]);
277 		unit_serial_len++; /* For NULL Terminator */
278 
279 		id_len += sprintf(&buf[off+12], "%s:%s", prod,
280 				&dev->t10_wwn.unit_serial[0]);
281 	}
282 	buf[off] = 0x2; /* ASCII */
283 	buf[off+1] = 0x1; /* T10 Vendor ID */
284 	buf[off+2] = 0x0;
285 	/* left align Vendor ID and pad with spaces */
286 	memset(&buf[off+4], 0x20, INQUIRY_VENDOR_LEN);
287 	memcpy(&buf[off+4], dev->t10_wwn.vendor,
288 	       strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
289 	/* Extra Byte for NULL Terminator */
290 	id_len++;
291 	/* Identifier Length */
292 	buf[off+3] = id_len;
293 	/* Header size for Designation descriptor */
294 	len += (id_len + 4);
295 	off += (id_len + 4);
296 
297 	if (1) {
298 		struct t10_alua_lu_gp *lu_gp;
299 		u32 padding, scsi_name_len, scsi_target_len;
300 		u16 lu_gp_id = 0;
301 		u16 tg_pt_gp_id = 0;
302 		u16 tpgt;
303 
304 		tpg = lun->lun_tpg;
305 		/*
306 		 * Relative target port identifer, see spc4r17
307 		 * section 7.7.3.7
308 		 *
309 		 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
310 		 * section 7.5.1 Table 362
311 		 */
312 		buf[off] = tpg->proto_id << 4;
313 		buf[off++] |= 0x1; /* CODE SET == Binary */
314 		buf[off] = 0x80; /* Set PIV=1 */
315 		/* Set ASSOCIATION == target port: 01b */
316 		buf[off] |= 0x10;
317 		/* DESIGNATOR TYPE == Relative target port identifer */
318 		buf[off++] |= 0x4;
319 		off++; /* Skip over Reserved */
320 		buf[off++] = 4; /* DESIGNATOR LENGTH */
321 		/* Skip over Obsolete field in RTPI payload
322 		 * in Table 472 */
323 		off += 2;
324 		put_unaligned_be16(lun->lun_rtpi, &buf[off]);
325 		off += 2;
326 		len += 8; /* Header size + Designation descriptor */
327 		/*
328 		 * Target port group identifier, see spc4r17
329 		 * section 7.7.3.8
330 		 *
331 		 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
332 		 * section 7.5.1 Table 362
333 		 */
334 		rcu_read_lock();
335 		tg_pt_gp = rcu_dereference(lun->lun_tg_pt_gp);
336 		if (!tg_pt_gp) {
337 			rcu_read_unlock();
338 			goto check_lu_gp;
339 		}
340 		tg_pt_gp_id = tg_pt_gp->tg_pt_gp_id;
341 		rcu_read_unlock();
342 
343 		buf[off] = tpg->proto_id << 4;
344 		buf[off++] |= 0x1; /* CODE SET == Binary */
345 		buf[off] = 0x80; /* Set PIV=1 */
346 		/* Set ASSOCIATION == target port: 01b */
347 		buf[off] |= 0x10;
348 		/* DESIGNATOR TYPE == Target port group identifier */
349 		buf[off++] |= 0x5;
350 		off++; /* Skip over Reserved */
351 		buf[off++] = 4; /* DESIGNATOR LENGTH */
352 		off += 2; /* Skip over Reserved Field */
353 		put_unaligned_be16(tg_pt_gp_id, &buf[off]);
354 		off += 2;
355 		len += 8; /* Header size + Designation descriptor */
356 		/*
357 		 * Logical Unit Group identifier, see spc4r17
358 		 * section 7.7.3.8
359 		 */
360 check_lu_gp:
361 		lu_gp_mem = dev->dev_alua_lu_gp_mem;
362 		if (!lu_gp_mem)
363 			goto check_scsi_name;
364 
365 		spin_lock(&lu_gp_mem->lu_gp_mem_lock);
366 		lu_gp = lu_gp_mem->lu_gp;
367 		if (!lu_gp) {
368 			spin_unlock(&lu_gp_mem->lu_gp_mem_lock);
369 			goto check_scsi_name;
370 		}
371 		lu_gp_id = lu_gp->lu_gp_id;
372 		spin_unlock(&lu_gp_mem->lu_gp_mem_lock);
373 
374 		buf[off++] |= 0x1; /* CODE SET == Binary */
375 		/* DESIGNATOR TYPE == Logical Unit Group identifier */
376 		buf[off++] |= 0x6;
377 		off++; /* Skip over Reserved */
378 		buf[off++] = 4; /* DESIGNATOR LENGTH */
379 		off += 2; /* Skip over Reserved Field */
380 		put_unaligned_be16(lu_gp_id, &buf[off]);
381 		off += 2;
382 		len += 8; /* Header size + Designation descriptor */
383 		/*
384 		 * SCSI name string designator, see spc4r17
385 		 * section 7.7.3.11
386 		 *
387 		 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
388 		 * section 7.5.1 Table 362
389 		 */
390 check_scsi_name:
391 		buf[off] = tpg->proto_id << 4;
392 		buf[off++] |= 0x3; /* CODE SET == UTF-8 */
393 		buf[off] = 0x80; /* Set PIV=1 */
394 		/* Set ASSOCIATION == target port: 01b */
395 		buf[off] |= 0x10;
396 		/* DESIGNATOR TYPE == SCSI name string */
397 		buf[off++] |= 0x8;
398 		off += 2; /* Skip over Reserved and length */
399 		/*
400 		 * SCSI name string identifer containing, $FABRIC_MOD
401 		 * dependent information.  For LIO-Target and iSCSI
402 		 * Target Port, this means "<iSCSI name>,t,0x<TPGT> in
403 		 * UTF-8 encoding.
404 		 */
405 		tpgt = tpg->se_tpg_tfo->tpg_get_tag(tpg);
406 		scsi_name_len = sprintf(&buf[off], "%s,t,0x%04x",
407 					tpg->se_tpg_tfo->tpg_get_wwn(tpg), tpgt);
408 		scsi_name_len += 1 /* Include  NULL terminator */;
409 		/*
410 		 * The null-terminated, null-padded (see 4.4.2) SCSI
411 		 * NAME STRING field contains a UTF-8 format string.
412 		 * The number of bytes in the SCSI NAME STRING field
413 		 * (i.e., the value in the DESIGNATOR LENGTH field)
414 		 * shall be no larger than 256 and shall be a multiple
415 		 * of four.
416 		 */
417 		padding = ((-scsi_name_len) & 3);
418 		if (padding)
419 			scsi_name_len += padding;
420 		if (scsi_name_len > 256)
421 			scsi_name_len = 256;
422 
423 		buf[off-1] = scsi_name_len;
424 		off += scsi_name_len;
425 		/* Header size + Designation descriptor */
426 		len += (scsi_name_len + 4);
427 
428 		/*
429 		 * Target device designator
430 		 */
431 		buf[off] = tpg->proto_id << 4;
432 		buf[off++] |= 0x3; /* CODE SET == UTF-8 */
433 		buf[off] = 0x80; /* Set PIV=1 */
434 		/* Set ASSOCIATION == target device: 10b */
435 		buf[off] |= 0x20;
436 		/* DESIGNATOR TYPE == SCSI name string */
437 		buf[off++] |= 0x8;
438 		off += 2; /* Skip over Reserved and length */
439 		/*
440 		 * SCSI name string identifer containing, $FABRIC_MOD
441 		 * dependent information.  For LIO-Target and iSCSI
442 		 * Target Port, this means "<iSCSI name>" in
443 		 * UTF-8 encoding.
444 		 */
445 		scsi_target_len = sprintf(&buf[off], "%s",
446 					  tpg->se_tpg_tfo->tpg_get_wwn(tpg));
447 		scsi_target_len += 1 /* Include  NULL terminator */;
448 		/*
449 		 * The null-terminated, null-padded (see 4.4.2) SCSI
450 		 * NAME STRING field contains a UTF-8 format string.
451 		 * The number of bytes in the SCSI NAME STRING field
452 		 * (i.e., the value in the DESIGNATOR LENGTH field)
453 		 * shall be no larger than 256 and shall be a multiple
454 		 * of four.
455 		 */
456 		padding = ((-scsi_target_len) & 3);
457 		if (padding)
458 			scsi_target_len += padding;
459 		if (scsi_target_len > 256)
460 			scsi_target_len = 256;
461 
462 		buf[off-1] = scsi_target_len;
463 		off += scsi_target_len;
464 
465 		/* Header size + Designation descriptor */
466 		len += (scsi_target_len + 4);
467 	}
468 	put_unaligned_be16(len, &buf[2]); /* Page Length for VPD 0x83 */
469 	return 0;
470 }
471 EXPORT_SYMBOL(spc_emulate_evpd_83);
472 
473 /* Extended INQUIRY Data VPD Page */
474 static sense_reason_t
spc_emulate_evpd_86(struct se_cmd * cmd,unsigned char * buf)475 spc_emulate_evpd_86(struct se_cmd *cmd, unsigned char *buf)
476 {
477 	struct se_device *dev = cmd->se_dev;
478 	struct se_session *sess = cmd->se_sess;
479 
480 	buf[3] = 0x3c;
481 	/*
482 	 * Set GRD_CHK + REF_CHK for TYPE1 protection, or GRD_CHK
483 	 * only for TYPE3 protection.
484 	 */
485 	if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
486 		if (dev->dev_attrib.pi_prot_type == TARGET_DIF_TYPE1_PROT ||
487 		    cmd->se_sess->sess_prot_type == TARGET_DIF_TYPE1_PROT)
488 			buf[4] = 0x5;
489 		else if (dev->dev_attrib.pi_prot_type == TARGET_DIF_TYPE3_PROT ||
490 			 cmd->se_sess->sess_prot_type == TARGET_DIF_TYPE3_PROT)
491 			buf[4] = 0x4;
492 	}
493 
494 	/* logical unit supports type 1 and type 3 protection */
495 	if ((dev->transport->get_device_type(dev) == TYPE_DISK) &&
496 	    (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) &&
497 	    (dev->dev_attrib.pi_prot_type || cmd->se_sess->sess_prot_type)) {
498 		buf[4] |= (0x3 << 3);
499 	}
500 
501 	/* Set HEADSUP, ORDSUP, SIMPSUP */
502 	buf[5] = 0x07;
503 
504 	/* If WriteCache emulation is enabled, set V_SUP */
505 	if (target_check_wce(dev))
506 		buf[6] = 0x01;
507 	/* If an LBA map is present set R_SUP */
508 	spin_lock(&cmd->se_dev->t10_alua.lba_map_lock);
509 	if (!list_empty(&dev->t10_alua.lba_map_list))
510 		buf[8] = 0x10;
511 	spin_unlock(&cmd->se_dev->t10_alua.lba_map_lock);
512 	return 0;
513 }
514 
515 /* Block Limits VPD page */
516 static sense_reason_t
spc_emulate_evpd_b0(struct se_cmd * cmd,unsigned char * buf)517 spc_emulate_evpd_b0(struct se_cmd *cmd, unsigned char *buf)
518 {
519 	struct se_device *dev = cmd->se_dev;
520 	u32 mtl = 0;
521 	int have_tp = 0, opt, min;
522 
523 	/*
524 	 * Following spc3r22 section 6.5.3 Block Limits VPD page, when
525 	 * emulate_tpu=1 or emulate_tpws=1 we will be expect a
526 	 * different page length for Thin Provisioning.
527 	 */
528 	if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws)
529 		have_tp = 1;
530 
531 	buf[0] = dev->transport->get_device_type(dev);
532 	buf[3] = have_tp ? 0x3c : 0x10;
533 
534 	/* Set WSNZ to 1 */
535 	buf[4] = 0x01;
536 	/*
537 	 * Set MAXIMUM COMPARE AND WRITE LENGTH
538 	 */
539 	if (dev->dev_attrib.emulate_caw)
540 		buf[5] = 0x01;
541 
542 	/*
543 	 * Set OPTIMAL TRANSFER LENGTH GRANULARITY
544 	 */
545 	if (dev->transport->get_io_min && (min = dev->transport->get_io_min(dev)))
546 		put_unaligned_be16(min / dev->dev_attrib.block_size, &buf[6]);
547 	else
548 		put_unaligned_be16(1, &buf[6]);
549 
550 	/*
551 	 * Set MAXIMUM TRANSFER LENGTH
552 	 *
553 	 * XXX: Currently assumes single PAGE_SIZE per scatterlist for fabrics
554 	 * enforcing maximum HW scatter-gather-list entry limit
555 	 */
556 	if (cmd->se_tfo->max_data_sg_nents) {
557 		mtl = (cmd->se_tfo->max_data_sg_nents * PAGE_SIZE) /
558 		       dev->dev_attrib.block_size;
559 	}
560 	put_unaligned_be32(min_not_zero(mtl, dev->dev_attrib.hw_max_sectors), &buf[8]);
561 
562 	/*
563 	 * Set OPTIMAL TRANSFER LENGTH
564 	 */
565 	if (dev->transport->get_io_opt && (opt = dev->transport->get_io_opt(dev)))
566 		put_unaligned_be32(opt / dev->dev_attrib.block_size, &buf[12]);
567 	else
568 		put_unaligned_be32(dev->dev_attrib.optimal_sectors, &buf[12]);
569 
570 	/*
571 	 * Exit now if we don't support TP.
572 	 */
573 	if (!have_tp)
574 		goto max_write_same;
575 
576 	/*
577 	 * Set MAXIMUM UNMAP LBA COUNT
578 	 */
579 	put_unaligned_be32(dev->dev_attrib.max_unmap_lba_count, &buf[20]);
580 
581 	/*
582 	 * Set MAXIMUM UNMAP BLOCK DESCRIPTOR COUNT
583 	 */
584 	put_unaligned_be32(dev->dev_attrib.max_unmap_block_desc_count,
585 			   &buf[24]);
586 
587 	/*
588 	 * Set OPTIMAL UNMAP GRANULARITY
589 	 */
590 	put_unaligned_be32(dev->dev_attrib.unmap_granularity, &buf[28]);
591 
592 	/*
593 	 * UNMAP GRANULARITY ALIGNMENT
594 	 */
595 	put_unaligned_be32(dev->dev_attrib.unmap_granularity_alignment,
596 			   &buf[32]);
597 	if (dev->dev_attrib.unmap_granularity_alignment != 0)
598 		buf[32] |= 0x80; /* Set the UGAVALID bit */
599 
600 	/*
601 	 * MAXIMUM WRITE SAME LENGTH
602 	 */
603 max_write_same:
604 	put_unaligned_be64(dev->dev_attrib.max_write_same_len, &buf[36]);
605 
606 	return 0;
607 }
608 
609 /* Block Device Characteristics VPD page */
610 static sense_reason_t
spc_emulate_evpd_b1(struct se_cmd * cmd,unsigned char * buf)611 spc_emulate_evpd_b1(struct se_cmd *cmd, unsigned char *buf)
612 {
613 	struct se_device *dev = cmd->se_dev;
614 
615 	buf[0] = dev->transport->get_device_type(dev);
616 	buf[3] = 0x3c;
617 	buf[5] = dev->dev_attrib.is_nonrot ? 1 : 0;
618 
619 	return 0;
620 }
621 
622 /* Thin Provisioning VPD */
623 static sense_reason_t
spc_emulate_evpd_b2(struct se_cmd * cmd,unsigned char * buf)624 spc_emulate_evpd_b2(struct se_cmd *cmd, unsigned char *buf)
625 {
626 	struct se_device *dev = cmd->se_dev;
627 
628 	/*
629 	 * From spc3r22 section 6.5.4 Thin Provisioning VPD page:
630 	 *
631 	 * The PAGE LENGTH field is defined in SPC-4. If the DP bit is set to
632 	 * zero, then the page length shall be set to 0004h.  If the DP bit
633 	 * is set to one, then the page length shall be set to the value
634 	 * defined in table 162.
635 	 */
636 	buf[0] = dev->transport->get_device_type(dev);
637 
638 	/*
639 	 * Set Hardcoded length mentioned above for DP=0
640 	 */
641 	put_unaligned_be16(0x0004, &buf[2]);
642 
643 	/*
644 	 * The THRESHOLD EXPONENT field indicates the threshold set size in
645 	 * LBAs as a power of 2 (i.e., the threshold set size is equal to
646 	 * 2(threshold exponent)).
647 	 *
648 	 * Note that this is currently set to 0x00 as mkp says it will be
649 	 * changing again.  We can enable this once it has settled in T10
650 	 * and is actually used by Linux/SCSI ML code.
651 	 */
652 	buf[4] = 0x00;
653 
654 	/*
655 	 * A TPU bit set to one indicates that the device server supports
656 	 * the UNMAP command (see 5.25). A TPU bit set to zero indicates
657 	 * that the device server does not support the UNMAP command.
658 	 */
659 	if (dev->dev_attrib.emulate_tpu != 0)
660 		buf[5] = 0x80;
661 
662 	/*
663 	 * A TPWS bit set to one indicates that the device server supports
664 	 * the use of the WRITE SAME (16) command (see 5.42) to unmap LBAs.
665 	 * A TPWS bit set to zero indicates that the device server does not
666 	 * support the use of the WRITE SAME (16) command to unmap LBAs.
667 	 */
668 	if (dev->dev_attrib.emulate_tpws != 0)
669 		buf[5] |= 0x40 | 0x20;
670 
671 	/*
672 	 * The unmap_zeroes_data set means that the underlying device supports
673 	 * REQ_OP_DISCARD and has the discard_zeroes_data bit set. This
674 	 * satisfies the SBC requirements for LBPRZ, meaning that a subsequent
675 	 * read will return zeroes after an UNMAP or WRITE SAME (16) to an LBA
676 	 * See sbc4r36 6.6.4.
677 	 */
678 	if (((dev->dev_attrib.emulate_tpu != 0) ||
679 	     (dev->dev_attrib.emulate_tpws != 0)) &&
680 	     (dev->dev_attrib.unmap_zeroes_data != 0))
681 		buf[5] |= 0x04;
682 
683 	return 0;
684 }
685 
686 /* Referrals VPD page */
687 static sense_reason_t
spc_emulate_evpd_b3(struct se_cmd * cmd,unsigned char * buf)688 spc_emulate_evpd_b3(struct se_cmd *cmd, unsigned char *buf)
689 {
690 	struct se_device *dev = cmd->se_dev;
691 
692 	buf[0] = dev->transport->get_device_type(dev);
693 	buf[3] = 0x0c;
694 	put_unaligned_be32(dev->t10_alua.lba_map_segment_size, &buf[8]);
695 	put_unaligned_be32(dev->t10_alua.lba_map_segment_multiplier, &buf[12]);
696 
697 	return 0;
698 }
699 
700 static sense_reason_t
701 spc_emulate_evpd_00(struct se_cmd *cmd, unsigned char *buf);
702 
703 static struct {
704 	uint8_t		page;
705 	sense_reason_t	(*emulate)(struct se_cmd *, unsigned char *);
706 } evpd_handlers[] = {
707 	{ .page = 0x00, .emulate = spc_emulate_evpd_00 },
708 	{ .page = 0x80, .emulate = spc_emulate_evpd_80 },
709 	{ .page = 0x83, .emulate = spc_emulate_evpd_83 },
710 	{ .page = 0x86, .emulate = spc_emulate_evpd_86 },
711 	{ .page = 0xb0, .emulate = spc_emulate_evpd_b0 },
712 	{ .page = 0xb1, .emulate = spc_emulate_evpd_b1 },
713 	{ .page = 0xb2, .emulate = spc_emulate_evpd_b2 },
714 	{ .page = 0xb3, .emulate = spc_emulate_evpd_b3 },
715 };
716 
717 /* supported vital product data pages */
718 static sense_reason_t
spc_emulate_evpd_00(struct se_cmd * cmd,unsigned char * buf)719 spc_emulate_evpd_00(struct se_cmd *cmd, unsigned char *buf)
720 {
721 	int p;
722 
723 	/*
724 	 * Only report the INQUIRY EVPD=1 pages after a valid NAA
725 	 * Registered Extended LUN WWN has been set via ConfigFS
726 	 * during device creation/restart.
727 	 */
728 	if (cmd->se_dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
729 		buf[3] = ARRAY_SIZE(evpd_handlers);
730 		for (p = 0; p < ARRAY_SIZE(evpd_handlers); ++p)
731 			buf[p + 4] = evpd_handlers[p].page;
732 	}
733 
734 	return 0;
735 }
736 
737 static sense_reason_t
spc_emulate_inquiry(struct se_cmd * cmd)738 spc_emulate_inquiry(struct se_cmd *cmd)
739 {
740 	struct se_device *dev = cmd->se_dev;
741 	unsigned char *rbuf;
742 	unsigned char *cdb = cmd->t_task_cdb;
743 	unsigned char *buf;
744 	sense_reason_t ret;
745 	int p;
746 	int len = 0;
747 
748 	buf = kzalloc(SE_INQUIRY_BUF, GFP_KERNEL);
749 	if (!buf) {
750 		pr_err("Unable to allocate response buffer for INQUIRY\n");
751 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
752 	}
753 
754 	buf[0] = dev->transport->get_device_type(dev);
755 
756 	if (!(cdb[1] & 0x1)) {
757 		if (cdb[2]) {
758 			pr_err("INQUIRY with EVPD==0 but PAGE CODE=%02x\n",
759 			       cdb[2]);
760 			ret = TCM_INVALID_CDB_FIELD;
761 			goto out;
762 		}
763 
764 		ret = spc_emulate_inquiry_std(cmd, buf);
765 		len = buf[4] + 5;
766 		goto out;
767 	}
768 
769 	for (p = 0; p < ARRAY_SIZE(evpd_handlers); ++p) {
770 		if (cdb[2] == evpd_handlers[p].page) {
771 			buf[1] = cdb[2];
772 			ret = evpd_handlers[p].emulate(cmd, buf);
773 			len = get_unaligned_be16(&buf[2]) + 4;
774 			goto out;
775 		}
776 	}
777 
778 	pr_debug("Unknown VPD Code: 0x%02x\n", cdb[2]);
779 	ret = TCM_INVALID_CDB_FIELD;
780 
781 out:
782 	rbuf = transport_kmap_data_sg(cmd);
783 	if (rbuf) {
784 		memcpy(rbuf, buf, min_t(u32, SE_INQUIRY_BUF, cmd->data_length));
785 		transport_kunmap_data_sg(cmd);
786 	}
787 	kfree(buf);
788 
789 	if (!ret)
790 		target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, len);
791 	return ret;
792 }
793 
spc_modesense_rwrecovery(struct se_cmd * cmd,u8 pc,u8 * p)794 static int spc_modesense_rwrecovery(struct se_cmd *cmd, u8 pc, u8 *p)
795 {
796 	p[0] = 0x01;
797 	p[1] = 0x0a;
798 
799 	/* No changeable values for now */
800 	if (pc == 1)
801 		goto out;
802 
803 out:
804 	return 12;
805 }
806 
spc_modesense_control(struct se_cmd * cmd,u8 pc,u8 * p)807 static int spc_modesense_control(struct se_cmd *cmd, u8 pc, u8 *p)
808 {
809 	struct se_device *dev = cmd->se_dev;
810 	struct se_session *sess = cmd->se_sess;
811 
812 	p[0] = 0x0a;
813 	p[1] = 0x0a;
814 
815 	/* No changeable values for now */
816 	if (pc == 1)
817 		goto out;
818 
819 	/* GLTSD: No implicit save of log parameters */
820 	p[2] = (1 << 1);
821 	if (target_sense_desc_format(dev))
822 		/* D_SENSE: Descriptor format sense data for 64bit sectors */
823 		p[2] |= (1 << 2);
824 
825 	/*
826 	 * From spc4r23, 7.4.7 Control mode page
827 	 *
828 	 * The QUEUE ALGORITHM MODIFIER field (see table 368) specifies
829 	 * restrictions on the algorithm used for reordering commands
830 	 * having the SIMPLE task attribute (see SAM-4).
831 	 *
832 	 *                    Table 368 -- QUEUE ALGORITHM MODIFIER field
833 	 *                         Code      Description
834 	 *                          0h       Restricted reordering
835 	 *                          1h       Unrestricted reordering allowed
836 	 *                          2h to 7h    Reserved
837 	 *                          8h to Fh    Vendor specific
838 	 *
839 	 * A value of zero in the QUEUE ALGORITHM MODIFIER field specifies that
840 	 * the device server shall order the processing sequence of commands
841 	 * having the SIMPLE task attribute such that data integrity is maintained
842 	 * for that I_T nexus (i.e., if the transmission of new SCSI transport protocol
843 	 * requests is halted at any time, the final value of all data observable
844 	 * on the medium shall be the same as if all the commands had been processed
845 	 * with the ORDERED task attribute).
846 	 *
847 	 * A value of one in the QUEUE ALGORITHM MODIFIER field specifies that the
848 	 * device server may reorder the processing sequence of commands having the
849 	 * SIMPLE task attribute in any manner. Any data integrity exposures related to
850 	 * command sequence order shall be explicitly handled by the application client
851 	 * through the selection of appropriate ommands and task attributes.
852 	 */
853 	p[3] = (dev->dev_attrib.emulate_rest_reord == 1) ? 0x00 : 0x10;
854 	/*
855 	 * From spc4r17, section 7.4.6 Control mode Page
856 	 *
857 	 * Unit Attention interlocks control (UN_INTLCK_CTRL) to code 00b
858 	 *
859 	 * 00b: The logical unit shall clear any unit attention condition
860 	 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
861 	 * status and shall not establish a unit attention condition when a com-
862 	 * mand is completed with BUSY, TASK SET FULL, or RESERVATION CONFLICT
863 	 * status.
864 	 *
865 	 * 10b: The logical unit shall not clear any unit attention condition
866 	 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
867 	 * status and shall not establish a unit attention condition when
868 	 * a command is completed with BUSY, TASK SET FULL, or RESERVATION
869 	 * CONFLICT status.
870 	 *
871 	 * 11b a The logical unit shall not clear any unit attention condition
872 	 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
873 	 * status and shall establish a unit attention condition for the
874 	 * initiator port associated with the I_T nexus on which the BUSY,
875 	 * TASK SET FULL, or RESERVATION CONFLICT status is being returned.
876 	 * Depending on the status, the additional sense code shall be set to
877 	 * PREVIOUS BUSY STATUS, PREVIOUS TASK SET FULL STATUS, or PREVIOUS
878 	 * RESERVATION CONFLICT STATUS. Until it is cleared by a REQUEST SENSE
879 	 * command, a unit attention condition shall be established only once
880 	 * for a BUSY, TASK SET FULL, or RESERVATION CONFLICT status regardless
881 	 * to the number of commands completed with one of those status codes.
882 	 */
883 	switch (dev->dev_attrib.emulate_ua_intlck_ctrl) {
884 	case TARGET_UA_INTLCK_CTRL_ESTABLISH_UA:
885 		p[4] = 0x30;
886 		break;
887 	case TARGET_UA_INTLCK_CTRL_NO_CLEAR:
888 		p[4] = 0x20;
889 		break;
890 	default:	/* TARGET_UA_INTLCK_CTRL_CLEAR */
891 		p[4] = 0x00;
892 		break;
893 	}
894 	/*
895 	 * From spc4r17, section 7.4.6 Control mode Page
896 	 *
897 	 * Task Aborted Status (TAS) bit set to zero.
898 	 *
899 	 * A task aborted status (TAS) bit set to zero specifies that aborted
900 	 * tasks shall be terminated by the device server without any response
901 	 * to the application client. A TAS bit set to one specifies that tasks
902 	 * aborted by the actions of an I_T nexus other than the I_T nexus on
903 	 * which the command was received shall be completed with TASK ABORTED
904 	 * status (see SAM-4).
905 	 */
906 	p[5] = (dev->dev_attrib.emulate_tas) ? 0x40 : 0x00;
907 	/*
908 	 * From spc4r30, section 7.5.7 Control mode page
909 	 *
910 	 * Application Tag Owner (ATO) bit set to one.
911 	 *
912 	 * If the ATO bit is set to one the device server shall not modify the
913 	 * LOGICAL BLOCK APPLICATION TAG field and, depending on the protection
914 	 * type, shall not modify the contents of the LOGICAL BLOCK REFERENCE
915 	 * TAG field.
916 	 */
917 	if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
918 		if (dev->dev_attrib.pi_prot_type || sess->sess_prot_type)
919 			p[5] |= 0x80;
920 	}
921 
922 	p[8] = 0xff;
923 	p[9] = 0xff;
924 	p[11] = 30;
925 
926 out:
927 	return 12;
928 }
929 
spc_modesense_caching(struct se_cmd * cmd,u8 pc,u8 * p)930 static int spc_modesense_caching(struct se_cmd *cmd, u8 pc, u8 *p)
931 {
932 	struct se_device *dev = cmd->se_dev;
933 
934 	p[0] = 0x08;
935 	p[1] = 0x12;
936 
937 	/* No changeable values for now */
938 	if (pc == 1)
939 		goto out;
940 
941 	if (target_check_wce(dev))
942 		p[2] = 0x04; /* Write Cache Enable */
943 	p[12] = 0x20; /* Disabled Read Ahead */
944 
945 out:
946 	return 20;
947 }
948 
spc_modesense_informational_exceptions(struct se_cmd * cmd,u8 pc,unsigned char * p)949 static int spc_modesense_informational_exceptions(struct se_cmd *cmd, u8 pc, unsigned char *p)
950 {
951 	p[0] = 0x1c;
952 	p[1] = 0x0a;
953 
954 	/* No changeable values for now */
955 	if (pc == 1)
956 		goto out;
957 
958 out:
959 	return 12;
960 }
961 
962 static struct {
963 	uint8_t		page;
964 	uint8_t		subpage;
965 	int		(*emulate)(struct se_cmd *, u8, unsigned char *);
966 } modesense_handlers[] = {
967 	{ .page = 0x01, .subpage = 0x00, .emulate = spc_modesense_rwrecovery },
968 	{ .page = 0x08, .subpage = 0x00, .emulate = spc_modesense_caching },
969 	{ .page = 0x0a, .subpage = 0x00, .emulate = spc_modesense_control },
970 	{ .page = 0x1c, .subpage = 0x00, .emulate = spc_modesense_informational_exceptions },
971 };
972 
spc_modesense_write_protect(unsigned char * buf,int type)973 static void spc_modesense_write_protect(unsigned char *buf, int type)
974 {
975 	/*
976 	 * I believe that the WP bit (bit 7) in the mode header is the same for
977 	 * all device types..
978 	 */
979 	switch (type) {
980 	case TYPE_DISK:
981 	case TYPE_TAPE:
982 	default:
983 		buf[0] |= 0x80; /* WP bit */
984 		break;
985 	}
986 }
987 
spc_modesense_dpofua(unsigned char * buf,int type)988 static void spc_modesense_dpofua(unsigned char *buf, int type)
989 {
990 	switch (type) {
991 	case TYPE_DISK:
992 		buf[0] |= 0x10; /* DPOFUA bit */
993 		break;
994 	default:
995 		break;
996 	}
997 }
998 
spc_modesense_blockdesc(unsigned char * buf,u64 blocks,u32 block_size)999 static int spc_modesense_blockdesc(unsigned char *buf, u64 blocks, u32 block_size)
1000 {
1001 	*buf++ = 8;
1002 	put_unaligned_be32(min(blocks, 0xffffffffull), buf);
1003 	buf += 4;
1004 	put_unaligned_be32(block_size, buf);
1005 	return 9;
1006 }
1007 
spc_modesense_long_blockdesc(unsigned char * buf,u64 blocks,u32 block_size)1008 static int spc_modesense_long_blockdesc(unsigned char *buf, u64 blocks, u32 block_size)
1009 {
1010 	if (blocks <= 0xffffffff)
1011 		return spc_modesense_blockdesc(buf + 3, blocks, block_size) + 3;
1012 
1013 	*buf++ = 1;		/* LONGLBA */
1014 	buf += 2;
1015 	*buf++ = 16;
1016 	put_unaligned_be64(blocks, buf);
1017 	buf += 12;
1018 	put_unaligned_be32(block_size, buf);
1019 
1020 	return 17;
1021 }
1022 
spc_emulate_modesense(struct se_cmd * cmd)1023 static sense_reason_t spc_emulate_modesense(struct se_cmd *cmd)
1024 {
1025 	struct se_device *dev = cmd->se_dev;
1026 	char *cdb = cmd->t_task_cdb;
1027 	unsigned char buf[SE_MODE_PAGE_BUF], *rbuf;
1028 	int type = dev->transport->get_device_type(dev);
1029 	int ten = (cmd->t_task_cdb[0] == MODE_SENSE_10);
1030 	bool dbd = !!(cdb[1] & 0x08);
1031 	bool llba = ten ? !!(cdb[1] & 0x10) : false;
1032 	u8 pc = cdb[2] >> 6;
1033 	u8 page = cdb[2] & 0x3f;
1034 	u8 subpage = cdb[3];
1035 	int length = 0;
1036 	int ret;
1037 	int i;
1038 
1039 	memset(buf, 0, SE_MODE_PAGE_BUF);
1040 
1041 	/*
1042 	 * Skip over MODE DATA LENGTH + MEDIUM TYPE fields to byte 3 for
1043 	 * MODE_SENSE_10 and byte 2 for MODE_SENSE (6).
1044 	 */
1045 	length = ten ? 3 : 2;
1046 
1047 	/* DEVICE-SPECIFIC PARAMETER */
1048 	if (cmd->se_lun->lun_access_ro || target_lun_is_rdonly(cmd))
1049 		spc_modesense_write_protect(&buf[length], type);
1050 
1051 	/*
1052 	 * SBC only allows us to enable FUA and DPO together.  Fortunately
1053 	 * DPO is explicitly specified as a hint, so a noop is a perfectly
1054 	 * valid implementation.
1055 	 */
1056 	if (target_check_fua(dev))
1057 		spc_modesense_dpofua(&buf[length], type);
1058 
1059 	++length;
1060 
1061 	/* BLOCK DESCRIPTOR */
1062 
1063 	/*
1064 	 * For now we only include a block descriptor for disk (SBC)
1065 	 * devices; other command sets use a slightly different format.
1066 	 */
1067 	if (!dbd && type == TYPE_DISK) {
1068 		u64 blocks = dev->transport->get_blocks(dev);
1069 		u32 block_size = dev->dev_attrib.block_size;
1070 
1071 		if (ten) {
1072 			if (llba) {
1073 				length += spc_modesense_long_blockdesc(&buf[length],
1074 								       blocks, block_size);
1075 			} else {
1076 				length += 3;
1077 				length += spc_modesense_blockdesc(&buf[length],
1078 								  blocks, block_size);
1079 			}
1080 		} else {
1081 			length += spc_modesense_blockdesc(&buf[length], blocks,
1082 							  block_size);
1083 		}
1084 	} else {
1085 		if (ten)
1086 			length += 4;
1087 		else
1088 			length += 1;
1089 	}
1090 
1091 	if (page == 0x3f) {
1092 		if (subpage != 0x00 && subpage != 0xff) {
1093 			pr_warn("MODE_SENSE: Invalid subpage code: 0x%02x\n", subpage);
1094 			return TCM_INVALID_CDB_FIELD;
1095 		}
1096 
1097 		for (i = 0; i < ARRAY_SIZE(modesense_handlers); ++i) {
1098 			/*
1099 			 * Tricky way to say all subpage 00h for
1100 			 * subpage==0, all subpages for subpage==0xff
1101 			 * (and we just checked above that those are
1102 			 * the only two possibilities).
1103 			 */
1104 			if ((modesense_handlers[i].subpage & ~subpage) == 0) {
1105 				ret = modesense_handlers[i].emulate(cmd, pc, &buf[length]);
1106 				if (!ten && length + ret >= 255)
1107 					break;
1108 				length += ret;
1109 			}
1110 		}
1111 
1112 		goto set_length;
1113 	}
1114 
1115 	for (i = 0; i < ARRAY_SIZE(modesense_handlers); ++i)
1116 		if (modesense_handlers[i].page == page &&
1117 		    modesense_handlers[i].subpage == subpage) {
1118 			length += modesense_handlers[i].emulate(cmd, pc, &buf[length]);
1119 			goto set_length;
1120 		}
1121 
1122 	/*
1123 	 * We don't intend to implement:
1124 	 *  - obsolete page 03h "format parameters" (checked by Solaris)
1125 	 */
1126 	if (page != 0x03)
1127 		pr_err("MODE SENSE: unimplemented page/subpage: 0x%02x/0x%02x\n",
1128 		       page, subpage);
1129 
1130 	return TCM_UNKNOWN_MODE_PAGE;
1131 
1132 set_length:
1133 	if (ten)
1134 		put_unaligned_be16(length - 2, buf);
1135 	else
1136 		buf[0] = length - 1;
1137 
1138 	rbuf = transport_kmap_data_sg(cmd);
1139 	if (rbuf) {
1140 		memcpy(rbuf, buf, min_t(u32, SE_MODE_PAGE_BUF, cmd->data_length));
1141 		transport_kunmap_data_sg(cmd);
1142 	}
1143 
1144 	target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, length);
1145 	return 0;
1146 }
1147 
spc_emulate_modeselect(struct se_cmd * cmd)1148 static sense_reason_t spc_emulate_modeselect(struct se_cmd *cmd)
1149 {
1150 	char *cdb = cmd->t_task_cdb;
1151 	bool ten = cdb[0] == MODE_SELECT_10;
1152 	int off = ten ? 8 : 4;
1153 	bool pf = !!(cdb[1] & 0x10);
1154 	u8 page, subpage;
1155 	unsigned char *buf;
1156 	unsigned char tbuf[SE_MODE_PAGE_BUF];
1157 	int length;
1158 	sense_reason_t ret = 0;
1159 	int i;
1160 
1161 	if (!cmd->data_length) {
1162 		target_complete_cmd(cmd, SAM_STAT_GOOD);
1163 		return 0;
1164 	}
1165 
1166 	if (cmd->data_length < off + 2)
1167 		return TCM_PARAMETER_LIST_LENGTH_ERROR;
1168 
1169 	buf = transport_kmap_data_sg(cmd);
1170 	if (!buf)
1171 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1172 
1173 	if (!pf) {
1174 		ret = TCM_INVALID_CDB_FIELD;
1175 		goto out;
1176 	}
1177 
1178 	page = buf[off] & 0x3f;
1179 	subpage = buf[off] & 0x40 ? buf[off + 1] : 0;
1180 
1181 	for (i = 0; i < ARRAY_SIZE(modesense_handlers); ++i)
1182 		if (modesense_handlers[i].page == page &&
1183 		    modesense_handlers[i].subpage == subpage) {
1184 			memset(tbuf, 0, SE_MODE_PAGE_BUF);
1185 			length = modesense_handlers[i].emulate(cmd, 0, tbuf);
1186 			goto check_contents;
1187 		}
1188 
1189 	ret = TCM_UNKNOWN_MODE_PAGE;
1190 	goto out;
1191 
1192 check_contents:
1193 	if (cmd->data_length < off + length) {
1194 		ret = TCM_PARAMETER_LIST_LENGTH_ERROR;
1195 		goto out;
1196 	}
1197 
1198 	if (memcmp(buf + off, tbuf, length))
1199 		ret = TCM_INVALID_PARAMETER_LIST;
1200 
1201 out:
1202 	transport_kunmap_data_sg(cmd);
1203 
1204 	if (!ret)
1205 		target_complete_cmd(cmd, SAM_STAT_GOOD);
1206 	return ret;
1207 }
1208 
spc_emulate_request_sense(struct se_cmd * cmd)1209 static sense_reason_t spc_emulate_request_sense(struct se_cmd *cmd)
1210 {
1211 	unsigned char *cdb = cmd->t_task_cdb;
1212 	unsigned char *rbuf;
1213 	u8 ua_asc = 0, ua_ascq = 0;
1214 	unsigned char buf[SE_SENSE_BUF];
1215 	bool desc_format = target_sense_desc_format(cmd->se_dev);
1216 
1217 	memset(buf, 0, SE_SENSE_BUF);
1218 
1219 	if (cdb[1] & 0x01) {
1220 		pr_err("REQUEST_SENSE description emulation not"
1221 			" supported\n");
1222 		return TCM_INVALID_CDB_FIELD;
1223 	}
1224 
1225 	rbuf = transport_kmap_data_sg(cmd);
1226 	if (!rbuf)
1227 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1228 
1229 	if (!core_scsi3_ua_clear_for_request_sense(cmd, &ua_asc, &ua_ascq))
1230 		scsi_build_sense_buffer(desc_format, buf, UNIT_ATTENTION,
1231 					ua_asc, ua_ascq);
1232 	else
1233 		scsi_build_sense_buffer(desc_format, buf, NO_SENSE, 0x0, 0x0);
1234 
1235 	memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
1236 	transport_kunmap_data_sg(cmd);
1237 
1238 	target_complete_cmd(cmd, SAM_STAT_GOOD);
1239 	return 0;
1240 }
1241 
spc_emulate_report_luns(struct se_cmd * cmd)1242 sense_reason_t spc_emulate_report_luns(struct se_cmd *cmd)
1243 {
1244 	struct se_dev_entry *deve;
1245 	struct se_session *sess = cmd->se_sess;
1246 	struct se_node_acl *nacl;
1247 	struct scsi_lun slun;
1248 	unsigned char *buf;
1249 	u32 lun_count = 0, offset = 8;
1250 	__be32 len;
1251 
1252 	buf = transport_kmap_data_sg(cmd);
1253 	if (cmd->data_length && !buf)
1254 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1255 
1256 	/*
1257 	 * If no struct se_session pointer is present, this struct se_cmd is
1258 	 * coming via a target_core_mod PASSTHROUGH op, and not through
1259 	 * a $FABRIC_MOD.  In that case, report LUN=0 only.
1260 	 */
1261 	if (!sess)
1262 		goto done;
1263 
1264 	nacl = sess->se_node_acl;
1265 
1266 	rcu_read_lock();
1267 	hlist_for_each_entry_rcu(deve, &nacl->lun_entry_hlist, link) {
1268 		/*
1269 		 * We determine the correct LUN LIST LENGTH even once we
1270 		 * have reached the initial allocation length.
1271 		 * See SPC2-R20 7.19.
1272 		 */
1273 		lun_count++;
1274 		if (offset >= cmd->data_length)
1275 			continue;
1276 
1277 		int_to_scsilun(deve->mapped_lun, &slun);
1278 		memcpy(buf + offset, &slun,
1279 		       min(8u, cmd->data_length - offset));
1280 		offset += 8;
1281 	}
1282 	rcu_read_unlock();
1283 
1284 	/*
1285 	 * See SPC3 r07, page 159.
1286 	 */
1287 done:
1288 	/*
1289 	 * If no LUNs are accessible, report virtual LUN 0.
1290 	 */
1291 	if (lun_count == 0) {
1292 		int_to_scsilun(0, &slun);
1293 		if (cmd->data_length > 8)
1294 			memcpy(buf + offset, &slun,
1295 			       min(8u, cmd->data_length - offset));
1296 		lun_count = 1;
1297 	}
1298 
1299 	if (buf) {
1300 		len = cpu_to_be32(lun_count * 8);
1301 		memcpy(buf, &len, min_t(int, sizeof len, cmd->data_length));
1302 		transport_kunmap_data_sg(cmd);
1303 	}
1304 
1305 	target_complete_cmd_with_length(cmd, SAM_STAT_GOOD, 8 + lun_count * 8);
1306 	return 0;
1307 }
1308 EXPORT_SYMBOL(spc_emulate_report_luns);
1309 
1310 static sense_reason_t
spc_emulate_testunitready(struct se_cmd * cmd)1311 spc_emulate_testunitready(struct se_cmd *cmd)
1312 {
1313 	target_complete_cmd(cmd, SAM_STAT_GOOD);
1314 	return 0;
1315 }
1316 
1317 sense_reason_t
spc_parse_cdb(struct se_cmd * cmd,unsigned int * size)1318 spc_parse_cdb(struct se_cmd *cmd, unsigned int *size)
1319 {
1320 	struct se_device *dev = cmd->se_dev;
1321 	unsigned char *cdb = cmd->t_task_cdb;
1322 
1323 	if (!dev->dev_attrib.emulate_pr &&
1324 	    ((cdb[0] == PERSISTENT_RESERVE_IN) ||
1325 	     (cdb[0] == PERSISTENT_RESERVE_OUT) ||
1326 	     (cdb[0] == RELEASE || cdb[0] == RELEASE_10) ||
1327 	     (cdb[0] == RESERVE || cdb[0] == RESERVE_10))) {
1328 		return TCM_UNSUPPORTED_SCSI_OPCODE;
1329 	}
1330 
1331 	switch (cdb[0]) {
1332 	case MODE_SELECT:
1333 		*size = cdb[4];
1334 		cmd->execute_cmd = spc_emulate_modeselect;
1335 		break;
1336 	case MODE_SELECT_10:
1337 		*size = get_unaligned_be16(&cdb[7]);
1338 		cmd->execute_cmd = spc_emulate_modeselect;
1339 		break;
1340 	case MODE_SENSE:
1341 		*size = cdb[4];
1342 		cmd->execute_cmd = spc_emulate_modesense;
1343 		break;
1344 	case MODE_SENSE_10:
1345 		*size = get_unaligned_be16(&cdb[7]);
1346 		cmd->execute_cmd = spc_emulate_modesense;
1347 		break;
1348 	case LOG_SELECT:
1349 	case LOG_SENSE:
1350 		*size = get_unaligned_be16(&cdb[7]);
1351 		break;
1352 	case PERSISTENT_RESERVE_IN:
1353 		*size = get_unaligned_be16(&cdb[7]);
1354 		cmd->execute_cmd = target_scsi3_emulate_pr_in;
1355 		break;
1356 	case PERSISTENT_RESERVE_OUT:
1357 		*size = get_unaligned_be32(&cdb[5]);
1358 		cmd->execute_cmd = target_scsi3_emulate_pr_out;
1359 		break;
1360 	case RELEASE:
1361 	case RELEASE_10:
1362 		if (cdb[0] == RELEASE_10)
1363 			*size = get_unaligned_be16(&cdb[7]);
1364 		else
1365 			*size = cmd->data_length;
1366 
1367 		cmd->execute_cmd = target_scsi2_reservation_release;
1368 		break;
1369 	case RESERVE:
1370 	case RESERVE_10:
1371 		/*
1372 		 * The SPC-2 RESERVE does not contain a size in the SCSI CDB.
1373 		 * Assume the passthrough or $FABRIC_MOD will tell us about it.
1374 		 */
1375 		if (cdb[0] == RESERVE_10)
1376 			*size = get_unaligned_be16(&cdb[7]);
1377 		else
1378 			*size = cmd->data_length;
1379 
1380 		cmd->execute_cmd = target_scsi2_reservation_reserve;
1381 		break;
1382 	case REQUEST_SENSE:
1383 		*size = cdb[4];
1384 		cmd->execute_cmd = spc_emulate_request_sense;
1385 		break;
1386 	case INQUIRY:
1387 		*size = get_unaligned_be16(&cdb[3]);
1388 
1389 		/*
1390 		 * Do implicit HEAD_OF_QUEUE processing for INQUIRY.
1391 		 * See spc4r17 section 5.3
1392 		 */
1393 		cmd->sam_task_attr = TCM_HEAD_TAG;
1394 		cmd->execute_cmd = spc_emulate_inquiry;
1395 		break;
1396 	case SECURITY_PROTOCOL_IN:
1397 	case SECURITY_PROTOCOL_OUT:
1398 		*size = get_unaligned_be32(&cdb[6]);
1399 		break;
1400 	case EXTENDED_COPY:
1401 		*size = get_unaligned_be32(&cdb[10]);
1402 		cmd->execute_cmd = target_do_xcopy;
1403 		break;
1404 	case RECEIVE_COPY_RESULTS:
1405 		*size = get_unaligned_be32(&cdb[10]);
1406 		cmd->execute_cmd = target_do_receive_copy_results;
1407 		break;
1408 	case READ_ATTRIBUTE:
1409 	case WRITE_ATTRIBUTE:
1410 		*size = get_unaligned_be32(&cdb[10]);
1411 		break;
1412 	case RECEIVE_DIAGNOSTIC:
1413 	case SEND_DIAGNOSTIC:
1414 		*size = get_unaligned_be16(&cdb[3]);
1415 		break;
1416 	case WRITE_BUFFER:
1417 		*size = get_unaligned_be24(&cdb[6]);
1418 		break;
1419 	case REPORT_LUNS:
1420 		cmd->execute_cmd = spc_emulate_report_luns;
1421 		*size = get_unaligned_be32(&cdb[6]);
1422 		/*
1423 		 * Do implicit HEAD_OF_QUEUE processing for REPORT_LUNS
1424 		 * See spc4r17 section 5.3
1425 		 */
1426 		cmd->sam_task_attr = TCM_HEAD_TAG;
1427 		break;
1428 	case TEST_UNIT_READY:
1429 		cmd->execute_cmd = spc_emulate_testunitready;
1430 		*size = 0;
1431 		break;
1432 	case MAINTENANCE_IN:
1433 		if (dev->transport->get_device_type(dev) != TYPE_ROM) {
1434 			/*
1435 			 * MAINTENANCE_IN from SCC-2
1436 			 * Check for emulated MI_REPORT_TARGET_PGS
1437 			 */
1438 			if ((cdb[1] & 0x1f) == MI_REPORT_TARGET_PGS) {
1439 				cmd->execute_cmd =
1440 					target_emulate_report_target_port_groups;
1441 			}
1442 			*size = get_unaligned_be32(&cdb[6]);
1443 		} else {
1444 			/*
1445 			 * GPCMD_SEND_KEY from multi media commands
1446 			 */
1447 			*size = get_unaligned_be16(&cdb[8]);
1448 		}
1449 		break;
1450 	case MAINTENANCE_OUT:
1451 		if (dev->transport->get_device_type(dev) != TYPE_ROM) {
1452 			/*
1453 			 * MAINTENANCE_OUT from SCC-2
1454 			 * Check for emulated MO_SET_TARGET_PGS.
1455 			 */
1456 			if (cdb[1] == MO_SET_TARGET_PGS) {
1457 				cmd->execute_cmd =
1458 					target_emulate_set_target_port_groups;
1459 			}
1460 			*size = get_unaligned_be32(&cdb[6]);
1461 		} else {
1462 			/*
1463 			 * GPCMD_SEND_KEY from multi media commands
1464 			 */
1465 			*size = get_unaligned_be16(&cdb[8]);
1466 		}
1467 		break;
1468 	default:
1469 		return TCM_UNSUPPORTED_SCSI_OPCODE;
1470 	}
1471 
1472 	return 0;
1473 }
1474 EXPORT_SYMBOL(spc_parse_cdb);
1475