1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * SCSI Primary Commands (SPC) parsing and emulation.
4  *
5  * (c) Copyright 2002-2013 Datera, Inc.
6  *
7  * Nicholas A. Bellinger <nab@kernel.org>
8  */
9 
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <asm/unaligned.h>
13 
14 #include <scsi/scsi_proto.h>
15 #include <scsi/scsi_common.h>
16 #include <scsi/scsi_tcq.h>
17 
18 #include <target/target_core_base.h>
19 #include <target/target_core_backend.h>
20 #include <target/target_core_fabric.h>
21 
22 #include "target_core_internal.h"
23 #include "target_core_alua.h"
24 #include "target_core_pr.h"
25 #include "target_core_ua.h"
26 #include "target_core_xcopy.h"
27 
spc_fill_alua_data(struct se_lun * lun,unsigned char * buf)28 static void spc_fill_alua_data(struct se_lun *lun, unsigned char *buf)
29 {
30 	struct t10_alua_tg_pt_gp *tg_pt_gp;
31 
32 	/*
33 	 * Set SCCS for MAINTENANCE_IN + REPORT_TARGET_PORT_GROUPS.
34 	 */
35 	buf[5]	= 0x80;
36 
37 	/*
38 	 * Set TPGS field for explicit and/or implicit ALUA access type
39 	 * and opteration.
40 	 *
41 	 * See spc4r17 section 6.4.2 Table 135
42 	 */
43 	spin_lock(&lun->lun_tg_pt_gp_lock);
44 	tg_pt_gp = lun->lun_tg_pt_gp;
45 	if (tg_pt_gp)
46 		buf[5] |= tg_pt_gp->tg_pt_gp_alua_access_type;
47 	spin_unlock(&lun->lun_tg_pt_gp_lock);
48 }
49 
50 sense_reason_t
spc_emulate_inquiry_std(struct se_cmd * cmd,unsigned char * buf)51 spc_emulate_inquiry_std(struct se_cmd *cmd, unsigned char *buf)
52 {
53 	struct se_lun *lun = cmd->se_lun;
54 	struct se_device *dev = cmd->se_dev;
55 	struct se_session *sess = cmd->se_sess;
56 
57 	/* Set RMB (removable media) for tape devices */
58 	if (dev->transport->get_device_type(dev) == TYPE_TAPE)
59 		buf[1] = 0x80;
60 
61 	buf[2] = 0x05; /* SPC-3 */
62 
63 	/*
64 	 * NORMACA and HISUP = 0, RESPONSE DATA FORMAT = 2
65 	 *
66 	 * SPC4 says:
67 	 *   A RESPONSE DATA FORMAT field set to 2h indicates that the
68 	 *   standard INQUIRY data is in the format defined in this
69 	 *   standard. Response data format values less than 2h are
70 	 *   obsolete. Response data format values greater than 2h are
71 	 *   reserved.
72 	 */
73 	buf[3] = 2;
74 
75 	/*
76 	 * Enable SCCS and TPGS fields for Emulated ALUA
77 	 */
78 	spc_fill_alua_data(lun, buf);
79 
80 	/*
81 	 * Set Third-Party Copy (3PC) bit to indicate support for EXTENDED_COPY
82 	 */
83 	if (dev->dev_attrib.emulate_3pc)
84 		buf[5] |= 0x8;
85 	/*
86 	 * Set Protection (PROTECT) bit when DIF has been enabled on the
87 	 * device, and the fabric supports VERIFY + PASS.  Also report
88 	 * PROTECT=1 if sess_prot_type has been configured to allow T10-PI
89 	 * to unprotected devices.
90 	 */
91 	if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
92 		if (dev->dev_attrib.pi_prot_type || cmd->se_sess->sess_prot_type)
93 			buf[5] |= 0x1;
94 	}
95 
96 	buf[7] = 0x2; /* CmdQue=1 */
97 
98 	/*
99 	 * ASCII data fields described as being left-aligned shall have any
100 	 * unused bytes at the end of the field (i.e., highest offset) and the
101 	 * unused bytes shall be filled with ASCII space characters (20h).
102 	 */
103 	memset(&buf[8], 0x20,
104 	       INQUIRY_VENDOR_LEN + INQUIRY_MODEL_LEN + INQUIRY_REVISION_LEN);
105 	memcpy(&buf[8], dev->t10_wwn.vendor,
106 	       strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
107 	memcpy(&buf[16], dev->t10_wwn.model,
108 	       strnlen(dev->t10_wwn.model, INQUIRY_MODEL_LEN));
109 	memcpy(&buf[32], dev->t10_wwn.revision,
110 	       strnlen(dev->t10_wwn.revision, INQUIRY_REVISION_LEN));
111 	buf[4] = 31; /* Set additional length to 31 */
112 
113 	return 0;
114 }
115 EXPORT_SYMBOL(spc_emulate_inquiry_std);
116 
117 /* unit serial number */
118 static sense_reason_t
spc_emulate_evpd_80(struct se_cmd * cmd,unsigned char * buf)119 spc_emulate_evpd_80(struct se_cmd *cmd, unsigned char *buf)
120 {
121 	struct se_device *dev = cmd->se_dev;
122 	u16 len;
123 
124 	if (dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
125 		len = sprintf(&buf[4], "%s", dev->t10_wwn.unit_serial);
126 		len++; /* Extra Byte for NULL Terminator */
127 		buf[3] = len;
128 	}
129 	return 0;
130 }
131 
spc_parse_naa_6h_vendor_specific(struct se_device * dev,unsigned char * buf)132 void spc_parse_naa_6h_vendor_specific(struct se_device *dev,
133 				      unsigned char *buf)
134 {
135 	unsigned char *p = &dev->t10_wwn.unit_serial[0];
136 	int cnt;
137 	bool next = true;
138 
139 	/*
140 	 * Generate up to 36 bits of VENDOR SPECIFIC IDENTIFIER starting on
141 	 * byte 3 bit 3-0 for NAA IEEE Registered Extended DESIGNATOR field
142 	 * format, followed by 64 bits of VENDOR SPECIFIC IDENTIFIER EXTENSION
143 	 * to complete the payload.  These are based from VPD=0x80 PRODUCT SERIAL
144 	 * NUMBER set via vpd_unit_serial in target_core_configfs.c to ensure
145 	 * per device uniqeness.
146 	 */
147 	for (cnt = 0; *p && cnt < 13; p++) {
148 		int val = hex_to_bin(*p);
149 
150 		if (val < 0)
151 			continue;
152 
153 		if (next) {
154 			next = false;
155 			buf[cnt++] |= val;
156 		} else {
157 			next = true;
158 			buf[cnt] = val << 4;
159 		}
160 	}
161 }
162 
163 /*
164  * Device identification VPD, for a complete list of
165  * DESIGNATOR TYPEs see spc4r17 Table 459.
166  */
167 sense_reason_t
spc_emulate_evpd_83(struct se_cmd * cmd,unsigned char * buf)168 spc_emulate_evpd_83(struct se_cmd *cmd, unsigned char *buf)
169 {
170 	struct se_device *dev = cmd->se_dev;
171 	struct se_lun *lun = cmd->se_lun;
172 	struct se_portal_group *tpg = NULL;
173 	struct t10_alua_lu_gp_member *lu_gp_mem;
174 	struct t10_alua_tg_pt_gp *tg_pt_gp;
175 	unsigned char *prod = &dev->t10_wwn.model[0];
176 	u32 prod_len;
177 	u32 unit_serial_len, off = 0;
178 	u16 len = 0, id_len;
179 
180 	off = 4;
181 
182 	/*
183 	 * NAA IEEE Registered Extended Assigned designator format, see
184 	 * spc4r17 section 7.7.3.6.5
185 	 *
186 	 * We depend upon a target_core_mod/ConfigFS provided
187 	 * /sys/kernel/config/target/core/$HBA/$DEV/wwn/vpd_unit_serial
188 	 * value in order to return the NAA id.
189 	 */
190 	if (!(dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL))
191 		goto check_t10_vend_desc;
192 
193 	/* CODE SET == Binary */
194 	buf[off++] = 0x1;
195 
196 	/* Set ASSOCIATION == addressed logical unit: 0)b */
197 	buf[off] = 0x00;
198 
199 	/* Identifier/Designator type == NAA identifier */
200 	buf[off++] |= 0x3;
201 	off++;
202 
203 	/* Identifier/Designator length */
204 	buf[off++] = 0x10;
205 
206 	/*
207 	 * Start NAA IEEE Registered Extended Identifier/Designator
208 	 */
209 	buf[off++] = (0x6 << 4);
210 
211 	/*
212 	 * Use OpenFabrics IEEE Company ID: 00 14 05
213 	 */
214 	buf[off++] = 0x01;
215 	buf[off++] = 0x40;
216 	buf[off] = (0x5 << 4);
217 
218 	/*
219 	 * Return ConfigFS Unit Serial Number information for
220 	 * VENDOR_SPECIFIC_IDENTIFIER and
221 	 * VENDOR_SPECIFIC_IDENTIFIER_EXTENTION
222 	 */
223 	spc_parse_naa_6h_vendor_specific(dev, &buf[off]);
224 
225 	len = 20;
226 	off = (len + 4);
227 
228 check_t10_vend_desc:
229 	/*
230 	 * T10 Vendor Identifier Page, see spc4r17 section 7.7.3.4
231 	 */
232 	id_len = 8; /* For Vendor field */
233 	prod_len = 4; /* For VPD Header */
234 	prod_len += 8; /* For Vendor field */
235 	prod_len += strlen(prod);
236 	prod_len++; /* For : */
237 
238 	if (dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
239 		unit_serial_len = strlen(&dev->t10_wwn.unit_serial[0]);
240 		unit_serial_len++; /* For NULL Terminator */
241 
242 		id_len += sprintf(&buf[off+12], "%s:%s", prod,
243 				&dev->t10_wwn.unit_serial[0]);
244 	}
245 	buf[off] = 0x2; /* ASCII */
246 	buf[off+1] = 0x1; /* T10 Vendor ID */
247 	buf[off+2] = 0x0;
248 	/* left align Vendor ID and pad with spaces */
249 	memset(&buf[off+4], 0x20, INQUIRY_VENDOR_LEN);
250 	memcpy(&buf[off+4], dev->t10_wwn.vendor,
251 	       strnlen(dev->t10_wwn.vendor, INQUIRY_VENDOR_LEN));
252 	/* Extra Byte for NULL Terminator */
253 	id_len++;
254 	/* Identifier Length */
255 	buf[off+3] = id_len;
256 	/* Header size for Designation descriptor */
257 	len += (id_len + 4);
258 	off += (id_len + 4);
259 
260 	if (1) {
261 		struct t10_alua_lu_gp *lu_gp;
262 		u32 padding, scsi_name_len, scsi_target_len;
263 		u16 lu_gp_id = 0;
264 		u16 tg_pt_gp_id = 0;
265 		u16 tpgt;
266 
267 		tpg = lun->lun_tpg;
268 		/*
269 		 * Relative target port identifer, see spc4r17
270 		 * section 7.7.3.7
271 		 *
272 		 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
273 		 * section 7.5.1 Table 362
274 		 */
275 		buf[off] = tpg->proto_id << 4;
276 		buf[off++] |= 0x1; /* CODE SET == Binary */
277 		buf[off] = 0x80; /* Set PIV=1 */
278 		/* Set ASSOCIATION == target port: 01b */
279 		buf[off] |= 0x10;
280 		/* DESIGNATOR TYPE == Relative target port identifer */
281 		buf[off++] |= 0x4;
282 		off++; /* Skip over Reserved */
283 		buf[off++] = 4; /* DESIGNATOR LENGTH */
284 		/* Skip over Obsolete field in RTPI payload
285 		 * in Table 472 */
286 		off += 2;
287 		put_unaligned_be16(lun->lun_rtpi, &buf[off]);
288 		off += 2;
289 		len += 8; /* Header size + Designation descriptor */
290 		/*
291 		 * Target port group identifier, see spc4r17
292 		 * section 7.7.3.8
293 		 *
294 		 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
295 		 * section 7.5.1 Table 362
296 		 */
297 		spin_lock(&lun->lun_tg_pt_gp_lock);
298 		tg_pt_gp = lun->lun_tg_pt_gp;
299 		if (!tg_pt_gp) {
300 			spin_unlock(&lun->lun_tg_pt_gp_lock);
301 			goto check_lu_gp;
302 		}
303 		tg_pt_gp_id = tg_pt_gp->tg_pt_gp_id;
304 		spin_unlock(&lun->lun_tg_pt_gp_lock);
305 
306 		buf[off] = tpg->proto_id << 4;
307 		buf[off++] |= 0x1; /* CODE SET == Binary */
308 		buf[off] = 0x80; /* Set PIV=1 */
309 		/* Set ASSOCIATION == target port: 01b */
310 		buf[off] |= 0x10;
311 		/* DESIGNATOR TYPE == Target port group identifier */
312 		buf[off++] |= 0x5;
313 		off++; /* Skip over Reserved */
314 		buf[off++] = 4; /* DESIGNATOR LENGTH */
315 		off += 2; /* Skip over Reserved Field */
316 		put_unaligned_be16(tg_pt_gp_id, &buf[off]);
317 		off += 2;
318 		len += 8; /* Header size + Designation descriptor */
319 		/*
320 		 * Logical Unit Group identifier, see spc4r17
321 		 * section 7.7.3.8
322 		 */
323 check_lu_gp:
324 		lu_gp_mem = dev->dev_alua_lu_gp_mem;
325 		if (!lu_gp_mem)
326 			goto check_scsi_name;
327 
328 		spin_lock(&lu_gp_mem->lu_gp_mem_lock);
329 		lu_gp = lu_gp_mem->lu_gp;
330 		if (!lu_gp) {
331 			spin_unlock(&lu_gp_mem->lu_gp_mem_lock);
332 			goto check_scsi_name;
333 		}
334 		lu_gp_id = lu_gp->lu_gp_id;
335 		spin_unlock(&lu_gp_mem->lu_gp_mem_lock);
336 
337 		buf[off++] |= 0x1; /* CODE SET == Binary */
338 		/* DESIGNATOR TYPE == Logical Unit Group identifier */
339 		buf[off++] |= 0x6;
340 		off++; /* Skip over Reserved */
341 		buf[off++] = 4; /* DESIGNATOR LENGTH */
342 		off += 2; /* Skip over Reserved Field */
343 		put_unaligned_be16(lu_gp_id, &buf[off]);
344 		off += 2;
345 		len += 8; /* Header size + Designation descriptor */
346 		/*
347 		 * SCSI name string designator, see spc4r17
348 		 * section 7.7.3.11
349 		 *
350 		 * Get the PROTOCOL IDENTIFIER as defined by spc4r17
351 		 * section 7.5.1 Table 362
352 		 */
353 check_scsi_name:
354 		buf[off] = tpg->proto_id << 4;
355 		buf[off++] |= 0x3; /* CODE SET == UTF-8 */
356 		buf[off] = 0x80; /* Set PIV=1 */
357 		/* Set ASSOCIATION == target port: 01b */
358 		buf[off] |= 0x10;
359 		/* DESIGNATOR TYPE == SCSI name string */
360 		buf[off++] |= 0x8;
361 		off += 2; /* Skip over Reserved and length */
362 		/*
363 		 * SCSI name string identifer containing, $FABRIC_MOD
364 		 * dependent information.  For LIO-Target and iSCSI
365 		 * Target Port, this means "<iSCSI name>,t,0x<TPGT> in
366 		 * UTF-8 encoding.
367 		 */
368 		tpgt = tpg->se_tpg_tfo->tpg_get_tag(tpg);
369 		scsi_name_len = sprintf(&buf[off], "%s,t,0x%04x",
370 					tpg->se_tpg_tfo->tpg_get_wwn(tpg), tpgt);
371 		scsi_name_len += 1 /* Include  NULL terminator */;
372 		/*
373 		 * The null-terminated, null-padded (see 4.4.2) SCSI
374 		 * NAME STRING field contains a UTF-8 format string.
375 		 * The number of bytes in the SCSI NAME STRING field
376 		 * (i.e., the value in the DESIGNATOR LENGTH field)
377 		 * shall be no larger than 256 and shall be a multiple
378 		 * of four.
379 		 */
380 		padding = ((-scsi_name_len) & 3);
381 		if (padding)
382 			scsi_name_len += padding;
383 		if (scsi_name_len > 256)
384 			scsi_name_len = 256;
385 
386 		buf[off-1] = scsi_name_len;
387 		off += scsi_name_len;
388 		/* Header size + Designation descriptor */
389 		len += (scsi_name_len + 4);
390 
391 		/*
392 		 * Target device designator
393 		 */
394 		buf[off] = tpg->proto_id << 4;
395 		buf[off++] |= 0x3; /* CODE SET == UTF-8 */
396 		buf[off] = 0x80; /* Set PIV=1 */
397 		/* Set ASSOCIATION == target device: 10b */
398 		buf[off] |= 0x20;
399 		/* DESIGNATOR TYPE == SCSI name string */
400 		buf[off++] |= 0x8;
401 		off += 2; /* Skip over Reserved and length */
402 		/*
403 		 * SCSI name string identifer containing, $FABRIC_MOD
404 		 * dependent information.  For LIO-Target and iSCSI
405 		 * Target Port, this means "<iSCSI name>" in
406 		 * UTF-8 encoding.
407 		 */
408 		scsi_target_len = sprintf(&buf[off], "%s",
409 					  tpg->se_tpg_tfo->tpg_get_wwn(tpg));
410 		scsi_target_len += 1 /* Include  NULL terminator */;
411 		/*
412 		 * The null-terminated, null-padded (see 4.4.2) SCSI
413 		 * NAME STRING field contains a UTF-8 format string.
414 		 * The number of bytes in the SCSI NAME STRING field
415 		 * (i.e., the value in the DESIGNATOR LENGTH field)
416 		 * shall be no larger than 256 and shall be a multiple
417 		 * of four.
418 		 */
419 		padding = ((-scsi_target_len) & 3);
420 		if (padding)
421 			scsi_target_len += padding;
422 		if (scsi_target_len > 256)
423 			scsi_target_len = 256;
424 
425 		buf[off-1] = scsi_target_len;
426 		off += scsi_target_len;
427 
428 		/* Header size + Designation descriptor */
429 		len += (scsi_target_len + 4);
430 	}
431 	put_unaligned_be16(len, &buf[2]); /* Page Length for VPD 0x83 */
432 	return 0;
433 }
434 EXPORT_SYMBOL(spc_emulate_evpd_83);
435 
436 /* Extended INQUIRY Data VPD Page */
437 static sense_reason_t
spc_emulate_evpd_86(struct se_cmd * cmd,unsigned char * buf)438 spc_emulate_evpd_86(struct se_cmd *cmd, unsigned char *buf)
439 {
440 	struct se_device *dev = cmd->se_dev;
441 	struct se_session *sess = cmd->se_sess;
442 
443 	buf[3] = 0x3c;
444 	/*
445 	 * Set GRD_CHK + REF_CHK for TYPE1 protection, or GRD_CHK
446 	 * only for TYPE3 protection.
447 	 */
448 	if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
449 		if (dev->dev_attrib.pi_prot_type == TARGET_DIF_TYPE1_PROT ||
450 		    cmd->se_sess->sess_prot_type == TARGET_DIF_TYPE1_PROT)
451 			buf[4] = 0x5;
452 		else if (dev->dev_attrib.pi_prot_type == TARGET_DIF_TYPE3_PROT ||
453 			 cmd->se_sess->sess_prot_type == TARGET_DIF_TYPE3_PROT)
454 			buf[4] = 0x4;
455 	}
456 
457 	/* logical unit supports type 1 and type 3 protection */
458 	if ((dev->transport->get_device_type(dev) == TYPE_DISK) &&
459 	    (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) &&
460 	    (dev->dev_attrib.pi_prot_type || cmd->se_sess->sess_prot_type)) {
461 		buf[4] |= (0x3 << 3);
462 	}
463 
464 	/* Set HEADSUP, ORDSUP, SIMPSUP */
465 	buf[5] = 0x07;
466 
467 	/* If WriteCache emulation is enabled, set V_SUP */
468 	if (target_check_wce(dev))
469 		buf[6] = 0x01;
470 	/* If an LBA map is present set R_SUP */
471 	spin_lock(&cmd->se_dev->t10_alua.lba_map_lock);
472 	if (!list_empty(&dev->t10_alua.lba_map_list))
473 		buf[8] = 0x10;
474 	spin_unlock(&cmd->se_dev->t10_alua.lba_map_lock);
475 	return 0;
476 }
477 
478 /* Block Limits VPD page */
479 static sense_reason_t
spc_emulate_evpd_b0(struct se_cmd * cmd,unsigned char * buf)480 spc_emulate_evpd_b0(struct se_cmd *cmd, unsigned char *buf)
481 {
482 	struct se_device *dev = cmd->se_dev;
483 	u32 mtl = 0;
484 	int have_tp = 0, opt, min;
485 
486 	/*
487 	 * Following spc3r22 section 6.5.3 Block Limits VPD page, when
488 	 * emulate_tpu=1 or emulate_tpws=1 we will be expect a
489 	 * different page length for Thin Provisioning.
490 	 */
491 	if (dev->dev_attrib.emulate_tpu || dev->dev_attrib.emulate_tpws)
492 		have_tp = 1;
493 
494 	buf[0] = dev->transport->get_device_type(dev);
495 	buf[3] = have_tp ? 0x3c : 0x10;
496 
497 	/* Set WSNZ to 1 */
498 	buf[4] = 0x01;
499 	/*
500 	 * Set MAXIMUM COMPARE AND WRITE LENGTH
501 	 */
502 	if (dev->dev_attrib.emulate_caw)
503 		buf[5] = 0x01;
504 
505 	/*
506 	 * Set OPTIMAL TRANSFER LENGTH GRANULARITY
507 	 */
508 	if (dev->transport->get_io_min && (min = dev->transport->get_io_min(dev)))
509 		put_unaligned_be16(min / dev->dev_attrib.block_size, &buf[6]);
510 	else
511 		put_unaligned_be16(1, &buf[6]);
512 
513 	/*
514 	 * Set MAXIMUM TRANSFER LENGTH
515 	 *
516 	 * XXX: Currently assumes single PAGE_SIZE per scatterlist for fabrics
517 	 * enforcing maximum HW scatter-gather-list entry limit
518 	 */
519 	if (cmd->se_tfo->max_data_sg_nents) {
520 		mtl = (cmd->se_tfo->max_data_sg_nents * PAGE_SIZE) /
521 		       dev->dev_attrib.block_size;
522 	}
523 	put_unaligned_be32(min_not_zero(mtl, dev->dev_attrib.hw_max_sectors), &buf[8]);
524 
525 	/*
526 	 * Set OPTIMAL TRANSFER LENGTH
527 	 */
528 	if (dev->transport->get_io_opt && (opt = dev->transport->get_io_opt(dev)))
529 		put_unaligned_be32(opt / dev->dev_attrib.block_size, &buf[12]);
530 	else
531 		put_unaligned_be32(dev->dev_attrib.optimal_sectors, &buf[12]);
532 
533 	/*
534 	 * Exit now if we don't support TP.
535 	 */
536 	if (!have_tp)
537 		goto max_write_same;
538 
539 	/*
540 	 * Set MAXIMUM UNMAP LBA COUNT
541 	 */
542 	put_unaligned_be32(dev->dev_attrib.max_unmap_lba_count, &buf[20]);
543 
544 	/*
545 	 * Set MAXIMUM UNMAP BLOCK DESCRIPTOR COUNT
546 	 */
547 	put_unaligned_be32(dev->dev_attrib.max_unmap_block_desc_count,
548 			   &buf[24]);
549 
550 	/*
551 	 * Set OPTIMAL UNMAP GRANULARITY
552 	 */
553 	put_unaligned_be32(dev->dev_attrib.unmap_granularity, &buf[28]);
554 
555 	/*
556 	 * UNMAP GRANULARITY ALIGNMENT
557 	 */
558 	put_unaligned_be32(dev->dev_attrib.unmap_granularity_alignment,
559 			   &buf[32]);
560 	if (dev->dev_attrib.unmap_granularity_alignment != 0)
561 		buf[32] |= 0x80; /* Set the UGAVALID bit */
562 
563 	/*
564 	 * MAXIMUM WRITE SAME LENGTH
565 	 */
566 max_write_same:
567 	put_unaligned_be64(dev->dev_attrib.max_write_same_len, &buf[36]);
568 
569 	return 0;
570 }
571 
572 /* Block Device Characteristics VPD page */
573 static sense_reason_t
spc_emulate_evpd_b1(struct se_cmd * cmd,unsigned char * buf)574 spc_emulate_evpd_b1(struct se_cmd *cmd, unsigned char *buf)
575 {
576 	struct se_device *dev = cmd->se_dev;
577 
578 	buf[0] = dev->transport->get_device_type(dev);
579 	buf[3] = 0x3c;
580 	buf[5] = dev->dev_attrib.is_nonrot ? 1 : 0;
581 
582 	return 0;
583 }
584 
585 /* Thin Provisioning VPD */
586 static sense_reason_t
spc_emulate_evpd_b2(struct se_cmd * cmd,unsigned char * buf)587 spc_emulate_evpd_b2(struct se_cmd *cmd, unsigned char *buf)
588 {
589 	struct se_device *dev = cmd->se_dev;
590 
591 	/*
592 	 * From spc3r22 section 6.5.4 Thin Provisioning VPD page:
593 	 *
594 	 * The PAGE LENGTH field is defined in SPC-4. If the DP bit is set to
595 	 * zero, then the page length shall be set to 0004h.  If the DP bit
596 	 * is set to one, then the page length shall be set to the value
597 	 * defined in table 162.
598 	 */
599 	buf[0] = dev->transport->get_device_type(dev);
600 
601 	/*
602 	 * Set Hardcoded length mentioned above for DP=0
603 	 */
604 	put_unaligned_be16(0x0004, &buf[2]);
605 
606 	/*
607 	 * The THRESHOLD EXPONENT field indicates the threshold set size in
608 	 * LBAs as a power of 2 (i.e., the threshold set size is equal to
609 	 * 2(threshold exponent)).
610 	 *
611 	 * Note that this is currently set to 0x00 as mkp says it will be
612 	 * changing again.  We can enable this once it has settled in T10
613 	 * and is actually used by Linux/SCSI ML code.
614 	 */
615 	buf[4] = 0x00;
616 
617 	/*
618 	 * A TPU bit set to one indicates that the device server supports
619 	 * the UNMAP command (see 5.25). A TPU bit set to zero indicates
620 	 * that the device server does not support the UNMAP command.
621 	 */
622 	if (dev->dev_attrib.emulate_tpu != 0)
623 		buf[5] = 0x80;
624 
625 	/*
626 	 * A TPWS bit set to one indicates that the device server supports
627 	 * the use of the WRITE SAME (16) command (see 5.42) to unmap LBAs.
628 	 * A TPWS bit set to zero indicates that the device server does not
629 	 * support the use of the WRITE SAME (16) command to unmap LBAs.
630 	 */
631 	if (dev->dev_attrib.emulate_tpws != 0)
632 		buf[5] |= 0x40 | 0x20;
633 
634 	/*
635 	 * The unmap_zeroes_data set means that the underlying device supports
636 	 * REQ_OP_DISCARD and has the discard_zeroes_data bit set. This
637 	 * satisfies the SBC requirements for LBPRZ, meaning that a subsequent
638 	 * read will return zeroes after an UNMAP or WRITE SAME (16) to an LBA
639 	 * See sbc4r36 6.6.4.
640 	 */
641 	if (((dev->dev_attrib.emulate_tpu != 0) ||
642 	     (dev->dev_attrib.emulate_tpws != 0)) &&
643 	     (dev->dev_attrib.unmap_zeroes_data != 0))
644 		buf[5] |= 0x04;
645 
646 	return 0;
647 }
648 
649 /* Referrals VPD page */
650 static sense_reason_t
spc_emulate_evpd_b3(struct se_cmd * cmd,unsigned char * buf)651 spc_emulate_evpd_b3(struct se_cmd *cmd, unsigned char *buf)
652 {
653 	struct se_device *dev = cmd->se_dev;
654 
655 	buf[0] = dev->transport->get_device_type(dev);
656 	buf[3] = 0x0c;
657 	put_unaligned_be32(dev->t10_alua.lba_map_segment_size, &buf[8]);
658 	put_unaligned_be32(dev->t10_alua.lba_map_segment_multiplier, &buf[12]);
659 
660 	return 0;
661 }
662 
663 static sense_reason_t
664 spc_emulate_evpd_00(struct se_cmd *cmd, unsigned char *buf);
665 
666 static struct {
667 	uint8_t		page;
668 	sense_reason_t	(*emulate)(struct se_cmd *, unsigned char *);
669 } evpd_handlers[] = {
670 	{ .page = 0x00, .emulate = spc_emulate_evpd_00 },
671 	{ .page = 0x80, .emulate = spc_emulate_evpd_80 },
672 	{ .page = 0x83, .emulate = spc_emulate_evpd_83 },
673 	{ .page = 0x86, .emulate = spc_emulate_evpd_86 },
674 	{ .page = 0xb0, .emulate = spc_emulate_evpd_b0 },
675 	{ .page = 0xb1, .emulate = spc_emulate_evpd_b1 },
676 	{ .page = 0xb2, .emulate = spc_emulate_evpd_b2 },
677 	{ .page = 0xb3, .emulate = spc_emulate_evpd_b3 },
678 };
679 
680 /* supported vital product data pages */
681 static sense_reason_t
spc_emulate_evpd_00(struct se_cmd * cmd,unsigned char * buf)682 spc_emulate_evpd_00(struct se_cmd *cmd, unsigned char *buf)
683 {
684 	int p;
685 
686 	/*
687 	 * Only report the INQUIRY EVPD=1 pages after a valid NAA
688 	 * Registered Extended LUN WWN has been set via ConfigFS
689 	 * during device creation/restart.
690 	 */
691 	if (cmd->se_dev->dev_flags & DF_EMULATED_VPD_UNIT_SERIAL) {
692 		buf[3] = ARRAY_SIZE(evpd_handlers);
693 		for (p = 0; p < ARRAY_SIZE(evpd_handlers); ++p)
694 			buf[p + 4] = evpd_handlers[p].page;
695 	}
696 
697 	return 0;
698 }
699 
700 static sense_reason_t
spc_emulate_inquiry(struct se_cmd * cmd)701 spc_emulate_inquiry(struct se_cmd *cmd)
702 {
703 	struct se_device *dev = cmd->se_dev;
704 	struct se_portal_group *tpg = cmd->se_lun->lun_tpg;
705 	unsigned char *rbuf;
706 	unsigned char *cdb = cmd->t_task_cdb;
707 	unsigned char *buf;
708 	sense_reason_t ret;
709 	int p;
710 	int len = 0;
711 
712 	buf = kzalloc(SE_INQUIRY_BUF, GFP_KERNEL);
713 	if (!buf) {
714 		pr_err("Unable to allocate response buffer for INQUIRY\n");
715 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
716 	}
717 
718 	if (dev == rcu_access_pointer(tpg->tpg_virt_lun0->lun_se_dev))
719 		buf[0] = 0x3f; /* Not connected */
720 	else
721 		buf[0] = dev->transport->get_device_type(dev);
722 
723 	if (!(cdb[1] & 0x1)) {
724 		if (cdb[2]) {
725 			pr_err("INQUIRY with EVPD==0 but PAGE CODE=%02x\n",
726 			       cdb[2]);
727 			ret = TCM_INVALID_CDB_FIELD;
728 			goto out;
729 		}
730 
731 		ret = spc_emulate_inquiry_std(cmd, buf);
732 		len = buf[4] + 5;
733 		goto out;
734 	}
735 
736 	for (p = 0; p < ARRAY_SIZE(evpd_handlers); ++p) {
737 		if (cdb[2] == evpd_handlers[p].page) {
738 			buf[1] = cdb[2];
739 			ret = evpd_handlers[p].emulate(cmd, buf);
740 			len = get_unaligned_be16(&buf[2]) + 4;
741 			goto out;
742 		}
743 	}
744 
745 	pr_err("Unknown VPD Code: 0x%02x\n", cdb[2]);
746 	ret = TCM_INVALID_CDB_FIELD;
747 
748 out:
749 	rbuf = transport_kmap_data_sg(cmd);
750 	if (rbuf) {
751 		memcpy(rbuf, buf, min_t(u32, SE_INQUIRY_BUF, cmd->data_length));
752 		transport_kunmap_data_sg(cmd);
753 	}
754 	kfree(buf);
755 
756 	if (!ret)
757 		target_complete_cmd_with_length(cmd, GOOD, len);
758 	return ret;
759 }
760 
spc_modesense_rwrecovery(struct se_cmd * cmd,u8 pc,u8 * p)761 static int spc_modesense_rwrecovery(struct se_cmd *cmd, u8 pc, u8 *p)
762 {
763 	p[0] = 0x01;
764 	p[1] = 0x0a;
765 
766 	/* No changeable values for now */
767 	if (pc == 1)
768 		goto out;
769 
770 out:
771 	return 12;
772 }
773 
spc_modesense_control(struct se_cmd * cmd,u8 pc,u8 * p)774 static int spc_modesense_control(struct se_cmd *cmd, u8 pc, u8 *p)
775 {
776 	struct se_device *dev = cmd->se_dev;
777 	struct se_session *sess = cmd->se_sess;
778 
779 	p[0] = 0x0a;
780 	p[1] = 0x0a;
781 
782 	/* No changeable values for now */
783 	if (pc == 1)
784 		goto out;
785 
786 	/* GLTSD: No implicit save of log parameters */
787 	p[2] = (1 << 1);
788 	if (target_sense_desc_format(dev))
789 		/* D_SENSE: Descriptor format sense data for 64bit sectors */
790 		p[2] |= (1 << 2);
791 
792 	/*
793 	 * From spc4r23, 7.4.7 Control mode page
794 	 *
795 	 * The QUEUE ALGORITHM MODIFIER field (see table 368) specifies
796 	 * restrictions on the algorithm used for reordering commands
797 	 * having the SIMPLE task attribute (see SAM-4).
798 	 *
799 	 *                    Table 368 -- QUEUE ALGORITHM MODIFIER field
800 	 *                         Code      Description
801 	 *                          0h       Restricted reordering
802 	 *                          1h       Unrestricted reordering allowed
803 	 *                          2h to 7h    Reserved
804 	 *                          8h to Fh    Vendor specific
805 	 *
806 	 * A value of zero in the QUEUE ALGORITHM MODIFIER field specifies that
807 	 * the device server shall order the processing sequence of commands
808 	 * having the SIMPLE task attribute such that data integrity is maintained
809 	 * for that I_T nexus (i.e., if the transmission of new SCSI transport protocol
810 	 * requests is halted at any time, the final value of all data observable
811 	 * on the medium shall be the same as if all the commands had been processed
812 	 * with the ORDERED task attribute).
813 	 *
814 	 * A value of one in the QUEUE ALGORITHM MODIFIER field specifies that the
815 	 * device server may reorder the processing sequence of commands having the
816 	 * SIMPLE task attribute in any manner. Any data integrity exposures related to
817 	 * command sequence order shall be explicitly handled by the application client
818 	 * through the selection of appropriate ommands and task attributes.
819 	 */
820 	p[3] = (dev->dev_attrib.emulate_rest_reord == 1) ? 0x00 : 0x10;
821 	/*
822 	 * From spc4r17, section 7.4.6 Control mode Page
823 	 *
824 	 * Unit Attention interlocks control (UN_INTLCK_CTRL) to code 00b
825 	 *
826 	 * 00b: The logical unit shall clear any unit attention condition
827 	 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
828 	 * status and shall not establish a unit attention condition when a com-
829 	 * mand is completed with BUSY, TASK SET FULL, or RESERVATION CONFLICT
830 	 * status.
831 	 *
832 	 * 10b: The logical unit shall not clear any unit attention condition
833 	 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
834 	 * status and shall not establish a unit attention condition when
835 	 * a command is completed with BUSY, TASK SET FULL, or RESERVATION
836 	 * CONFLICT status.
837 	 *
838 	 * 11b a The logical unit shall not clear any unit attention condition
839 	 * reported in the same I_T_L_Q nexus transaction as a CHECK CONDITION
840 	 * status and shall establish a unit attention condition for the
841 	 * initiator port associated with the I_T nexus on which the BUSY,
842 	 * TASK SET FULL, or RESERVATION CONFLICT status is being returned.
843 	 * Depending on the status, the additional sense code shall be set to
844 	 * PREVIOUS BUSY STATUS, PREVIOUS TASK SET FULL STATUS, or PREVIOUS
845 	 * RESERVATION CONFLICT STATUS. Until it is cleared by a REQUEST SENSE
846 	 * command, a unit attention condition shall be established only once
847 	 * for a BUSY, TASK SET FULL, or RESERVATION CONFLICT status regardless
848 	 * to the number of commands completed with one of those status codes.
849 	 */
850 	switch (dev->dev_attrib.emulate_ua_intlck_ctrl) {
851 	case TARGET_UA_INTLCK_CTRL_ESTABLISH_UA:
852 		p[4] = 0x30;
853 		break;
854 	case TARGET_UA_INTLCK_CTRL_NO_CLEAR:
855 		p[4] = 0x20;
856 		break;
857 	default:	/* TARGET_UA_INTLCK_CTRL_CLEAR */
858 		p[4] = 0x00;
859 		break;
860 	}
861 	/*
862 	 * From spc4r17, section 7.4.6 Control mode Page
863 	 *
864 	 * Task Aborted Status (TAS) bit set to zero.
865 	 *
866 	 * A task aborted status (TAS) bit set to zero specifies that aborted
867 	 * tasks shall be terminated by the device server without any response
868 	 * to the application client. A TAS bit set to one specifies that tasks
869 	 * aborted by the actions of an I_T nexus other than the I_T nexus on
870 	 * which the command was received shall be completed with TASK ABORTED
871 	 * status (see SAM-4).
872 	 */
873 	p[5] = (dev->dev_attrib.emulate_tas) ? 0x40 : 0x00;
874 	/*
875 	 * From spc4r30, section 7.5.7 Control mode page
876 	 *
877 	 * Application Tag Owner (ATO) bit set to one.
878 	 *
879 	 * If the ATO bit is set to one the device server shall not modify the
880 	 * LOGICAL BLOCK APPLICATION TAG field and, depending on the protection
881 	 * type, shall not modify the contents of the LOGICAL BLOCK REFERENCE
882 	 * TAG field.
883 	 */
884 	if (sess->sup_prot_ops & (TARGET_PROT_DIN_PASS | TARGET_PROT_DOUT_PASS)) {
885 		if (dev->dev_attrib.pi_prot_type || sess->sess_prot_type)
886 			p[5] |= 0x80;
887 	}
888 
889 	p[8] = 0xff;
890 	p[9] = 0xff;
891 	p[11] = 30;
892 
893 out:
894 	return 12;
895 }
896 
spc_modesense_caching(struct se_cmd * cmd,u8 pc,u8 * p)897 static int spc_modesense_caching(struct se_cmd *cmd, u8 pc, u8 *p)
898 {
899 	struct se_device *dev = cmd->se_dev;
900 
901 	p[0] = 0x08;
902 	p[1] = 0x12;
903 
904 	/* No changeable values for now */
905 	if (pc == 1)
906 		goto out;
907 
908 	if (target_check_wce(dev))
909 		p[2] = 0x04; /* Write Cache Enable */
910 	p[12] = 0x20; /* Disabled Read Ahead */
911 
912 out:
913 	return 20;
914 }
915 
spc_modesense_informational_exceptions(struct se_cmd * cmd,u8 pc,unsigned char * p)916 static int spc_modesense_informational_exceptions(struct se_cmd *cmd, u8 pc, unsigned char *p)
917 {
918 	p[0] = 0x1c;
919 	p[1] = 0x0a;
920 
921 	/* No changeable values for now */
922 	if (pc == 1)
923 		goto out;
924 
925 out:
926 	return 12;
927 }
928 
929 static struct {
930 	uint8_t		page;
931 	uint8_t		subpage;
932 	int		(*emulate)(struct se_cmd *, u8, unsigned char *);
933 } modesense_handlers[] = {
934 	{ .page = 0x01, .subpage = 0x00, .emulate = spc_modesense_rwrecovery },
935 	{ .page = 0x08, .subpage = 0x00, .emulate = spc_modesense_caching },
936 	{ .page = 0x0a, .subpage = 0x00, .emulate = spc_modesense_control },
937 	{ .page = 0x1c, .subpage = 0x00, .emulate = spc_modesense_informational_exceptions },
938 };
939 
spc_modesense_write_protect(unsigned char * buf,int type)940 static void spc_modesense_write_protect(unsigned char *buf, int type)
941 {
942 	/*
943 	 * I believe that the WP bit (bit 7) in the mode header is the same for
944 	 * all device types..
945 	 */
946 	switch (type) {
947 	case TYPE_DISK:
948 	case TYPE_TAPE:
949 	default:
950 		buf[0] |= 0x80; /* WP bit */
951 		break;
952 	}
953 }
954 
spc_modesense_dpofua(unsigned char * buf,int type)955 static void spc_modesense_dpofua(unsigned char *buf, int type)
956 {
957 	switch (type) {
958 	case TYPE_DISK:
959 		buf[0] |= 0x10; /* DPOFUA bit */
960 		break;
961 	default:
962 		break;
963 	}
964 }
965 
spc_modesense_blockdesc(unsigned char * buf,u64 blocks,u32 block_size)966 static int spc_modesense_blockdesc(unsigned char *buf, u64 blocks, u32 block_size)
967 {
968 	*buf++ = 8;
969 	put_unaligned_be32(min(blocks, 0xffffffffull), buf);
970 	buf += 4;
971 	put_unaligned_be32(block_size, buf);
972 	return 9;
973 }
974 
spc_modesense_long_blockdesc(unsigned char * buf,u64 blocks,u32 block_size)975 static int spc_modesense_long_blockdesc(unsigned char *buf, u64 blocks, u32 block_size)
976 {
977 	if (blocks <= 0xffffffff)
978 		return spc_modesense_blockdesc(buf + 3, blocks, block_size) + 3;
979 
980 	*buf++ = 1;		/* LONGLBA */
981 	buf += 2;
982 	*buf++ = 16;
983 	put_unaligned_be64(blocks, buf);
984 	buf += 12;
985 	put_unaligned_be32(block_size, buf);
986 
987 	return 17;
988 }
989 
spc_emulate_modesense(struct se_cmd * cmd)990 static sense_reason_t spc_emulate_modesense(struct se_cmd *cmd)
991 {
992 	struct se_device *dev = cmd->se_dev;
993 	char *cdb = cmd->t_task_cdb;
994 	unsigned char buf[SE_MODE_PAGE_BUF], *rbuf;
995 	int type = dev->transport->get_device_type(dev);
996 	int ten = (cmd->t_task_cdb[0] == MODE_SENSE_10);
997 	bool dbd = !!(cdb[1] & 0x08);
998 	bool llba = ten ? !!(cdb[1] & 0x10) : false;
999 	u8 pc = cdb[2] >> 6;
1000 	u8 page = cdb[2] & 0x3f;
1001 	u8 subpage = cdb[3];
1002 	int length = 0;
1003 	int ret;
1004 	int i;
1005 
1006 	memset(buf, 0, SE_MODE_PAGE_BUF);
1007 
1008 	/*
1009 	 * Skip over MODE DATA LENGTH + MEDIUM TYPE fields to byte 3 for
1010 	 * MODE_SENSE_10 and byte 2 for MODE_SENSE (6).
1011 	 */
1012 	length = ten ? 3 : 2;
1013 
1014 	/* DEVICE-SPECIFIC PARAMETER */
1015 	if (cmd->se_lun->lun_access_ro || target_lun_is_rdonly(cmd))
1016 		spc_modesense_write_protect(&buf[length], type);
1017 
1018 	/*
1019 	 * SBC only allows us to enable FUA and DPO together.  Fortunately
1020 	 * DPO is explicitly specified as a hint, so a noop is a perfectly
1021 	 * valid implementation.
1022 	 */
1023 	if (target_check_fua(dev))
1024 		spc_modesense_dpofua(&buf[length], type);
1025 
1026 	++length;
1027 
1028 	/* BLOCK DESCRIPTOR */
1029 
1030 	/*
1031 	 * For now we only include a block descriptor for disk (SBC)
1032 	 * devices; other command sets use a slightly different format.
1033 	 */
1034 	if (!dbd && type == TYPE_DISK) {
1035 		u64 blocks = dev->transport->get_blocks(dev);
1036 		u32 block_size = dev->dev_attrib.block_size;
1037 
1038 		if (ten) {
1039 			if (llba) {
1040 				length += spc_modesense_long_blockdesc(&buf[length],
1041 								       blocks, block_size);
1042 			} else {
1043 				length += 3;
1044 				length += spc_modesense_blockdesc(&buf[length],
1045 								  blocks, block_size);
1046 			}
1047 		} else {
1048 			length += spc_modesense_blockdesc(&buf[length], blocks,
1049 							  block_size);
1050 		}
1051 	} else {
1052 		if (ten)
1053 			length += 4;
1054 		else
1055 			length += 1;
1056 	}
1057 
1058 	if (page == 0x3f) {
1059 		if (subpage != 0x00 && subpage != 0xff) {
1060 			pr_warn("MODE_SENSE: Invalid subpage code: 0x%02x\n", subpage);
1061 			return TCM_INVALID_CDB_FIELD;
1062 		}
1063 
1064 		for (i = 0; i < ARRAY_SIZE(modesense_handlers); ++i) {
1065 			/*
1066 			 * Tricky way to say all subpage 00h for
1067 			 * subpage==0, all subpages for subpage==0xff
1068 			 * (and we just checked above that those are
1069 			 * the only two possibilities).
1070 			 */
1071 			if ((modesense_handlers[i].subpage & ~subpage) == 0) {
1072 				ret = modesense_handlers[i].emulate(cmd, pc, &buf[length]);
1073 				if (!ten && length + ret >= 255)
1074 					break;
1075 				length += ret;
1076 			}
1077 		}
1078 
1079 		goto set_length;
1080 	}
1081 
1082 	for (i = 0; i < ARRAY_SIZE(modesense_handlers); ++i)
1083 		if (modesense_handlers[i].page == page &&
1084 		    modesense_handlers[i].subpage == subpage) {
1085 			length += modesense_handlers[i].emulate(cmd, pc, &buf[length]);
1086 			goto set_length;
1087 		}
1088 
1089 	/*
1090 	 * We don't intend to implement:
1091 	 *  - obsolete page 03h "format parameters" (checked by Solaris)
1092 	 */
1093 	if (page != 0x03)
1094 		pr_err("MODE SENSE: unimplemented page/subpage: 0x%02x/0x%02x\n",
1095 		       page, subpage);
1096 
1097 	return TCM_UNKNOWN_MODE_PAGE;
1098 
1099 set_length:
1100 	if (ten)
1101 		put_unaligned_be16(length - 2, buf);
1102 	else
1103 		buf[0] = length - 1;
1104 
1105 	rbuf = transport_kmap_data_sg(cmd);
1106 	if (rbuf) {
1107 		memcpy(rbuf, buf, min_t(u32, SE_MODE_PAGE_BUF, cmd->data_length));
1108 		transport_kunmap_data_sg(cmd);
1109 	}
1110 
1111 	target_complete_cmd_with_length(cmd, GOOD, length);
1112 	return 0;
1113 }
1114 
spc_emulate_modeselect(struct se_cmd * cmd)1115 static sense_reason_t spc_emulate_modeselect(struct se_cmd *cmd)
1116 {
1117 	char *cdb = cmd->t_task_cdb;
1118 	bool ten = cdb[0] == MODE_SELECT_10;
1119 	int off = ten ? 8 : 4;
1120 	bool pf = !!(cdb[1] & 0x10);
1121 	u8 page, subpage;
1122 	unsigned char *buf;
1123 	unsigned char tbuf[SE_MODE_PAGE_BUF];
1124 	int length;
1125 	sense_reason_t ret = 0;
1126 	int i;
1127 
1128 	if (!cmd->data_length) {
1129 		target_complete_cmd(cmd, GOOD);
1130 		return 0;
1131 	}
1132 
1133 	if (cmd->data_length < off + 2)
1134 		return TCM_PARAMETER_LIST_LENGTH_ERROR;
1135 
1136 	buf = transport_kmap_data_sg(cmd);
1137 	if (!buf)
1138 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1139 
1140 	if (!pf) {
1141 		ret = TCM_INVALID_CDB_FIELD;
1142 		goto out;
1143 	}
1144 
1145 	page = buf[off] & 0x3f;
1146 	subpage = buf[off] & 0x40 ? buf[off + 1] : 0;
1147 
1148 	for (i = 0; i < ARRAY_SIZE(modesense_handlers); ++i)
1149 		if (modesense_handlers[i].page == page &&
1150 		    modesense_handlers[i].subpage == subpage) {
1151 			memset(tbuf, 0, SE_MODE_PAGE_BUF);
1152 			length = modesense_handlers[i].emulate(cmd, 0, tbuf);
1153 			goto check_contents;
1154 		}
1155 
1156 	ret = TCM_UNKNOWN_MODE_PAGE;
1157 	goto out;
1158 
1159 check_contents:
1160 	if (cmd->data_length < off + length) {
1161 		ret = TCM_PARAMETER_LIST_LENGTH_ERROR;
1162 		goto out;
1163 	}
1164 
1165 	if (memcmp(buf + off, tbuf, length))
1166 		ret = TCM_INVALID_PARAMETER_LIST;
1167 
1168 out:
1169 	transport_kunmap_data_sg(cmd);
1170 
1171 	if (!ret)
1172 		target_complete_cmd(cmd, GOOD);
1173 	return ret;
1174 }
1175 
spc_emulate_request_sense(struct se_cmd * cmd)1176 static sense_reason_t spc_emulate_request_sense(struct se_cmd *cmd)
1177 {
1178 	unsigned char *cdb = cmd->t_task_cdb;
1179 	unsigned char *rbuf;
1180 	u8 ua_asc = 0, ua_ascq = 0;
1181 	unsigned char buf[SE_SENSE_BUF];
1182 	bool desc_format = target_sense_desc_format(cmd->se_dev);
1183 
1184 	memset(buf, 0, SE_SENSE_BUF);
1185 
1186 	if (cdb[1] & 0x01) {
1187 		pr_err("REQUEST_SENSE description emulation not"
1188 			" supported\n");
1189 		return TCM_INVALID_CDB_FIELD;
1190 	}
1191 
1192 	rbuf = transport_kmap_data_sg(cmd);
1193 	if (!rbuf)
1194 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1195 
1196 	if (!core_scsi3_ua_clear_for_request_sense(cmd, &ua_asc, &ua_ascq))
1197 		scsi_build_sense_buffer(desc_format, buf, UNIT_ATTENTION,
1198 					ua_asc, ua_ascq);
1199 	else
1200 		scsi_build_sense_buffer(desc_format, buf, NO_SENSE, 0x0, 0x0);
1201 
1202 	memcpy(rbuf, buf, min_t(u32, sizeof(buf), cmd->data_length));
1203 	transport_kunmap_data_sg(cmd);
1204 
1205 	target_complete_cmd(cmd, GOOD);
1206 	return 0;
1207 }
1208 
spc_emulate_report_luns(struct se_cmd * cmd)1209 sense_reason_t spc_emulate_report_luns(struct se_cmd *cmd)
1210 {
1211 	struct se_dev_entry *deve;
1212 	struct se_session *sess = cmd->se_sess;
1213 	struct se_node_acl *nacl;
1214 	struct scsi_lun slun;
1215 	unsigned char *buf;
1216 	u32 lun_count = 0, offset = 8;
1217 	__be32 len;
1218 
1219 	buf = transport_kmap_data_sg(cmd);
1220 	if (cmd->data_length && !buf)
1221 		return TCM_LOGICAL_UNIT_COMMUNICATION_FAILURE;
1222 
1223 	/*
1224 	 * If no struct se_session pointer is present, this struct se_cmd is
1225 	 * coming via a target_core_mod PASSTHROUGH op, and not through
1226 	 * a $FABRIC_MOD.  In that case, report LUN=0 only.
1227 	 */
1228 	if (!sess)
1229 		goto done;
1230 
1231 	nacl = sess->se_node_acl;
1232 
1233 	rcu_read_lock();
1234 	hlist_for_each_entry_rcu(deve, &nacl->lun_entry_hlist, link) {
1235 		/*
1236 		 * We determine the correct LUN LIST LENGTH even once we
1237 		 * have reached the initial allocation length.
1238 		 * See SPC2-R20 7.19.
1239 		 */
1240 		lun_count++;
1241 		if (offset >= cmd->data_length)
1242 			continue;
1243 
1244 		int_to_scsilun(deve->mapped_lun, &slun);
1245 		memcpy(buf + offset, &slun,
1246 		       min(8u, cmd->data_length - offset));
1247 		offset += 8;
1248 	}
1249 	rcu_read_unlock();
1250 
1251 	/*
1252 	 * See SPC3 r07, page 159.
1253 	 */
1254 done:
1255 	/*
1256 	 * If no LUNs are accessible, report virtual LUN 0.
1257 	 */
1258 	if (lun_count == 0) {
1259 		int_to_scsilun(0, &slun);
1260 		if (cmd->data_length > 8)
1261 			memcpy(buf + offset, &slun,
1262 			       min(8u, cmd->data_length - offset));
1263 		lun_count = 1;
1264 	}
1265 
1266 	if (buf) {
1267 		len = cpu_to_be32(lun_count * 8);
1268 		memcpy(buf, &len, min_t(int, sizeof len, cmd->data_length));
1269 		transport_kunmap_data_sg(cmd);
1270 	}
1271 
1272 	target_complete_cmd_with_length(cmd, GOOD, 8 + lun_count * 8);
1273 	return 0;
1274 }
1275 EXPORT_SYMBOL(spc_emulate_report_luns);
1276 
1277 static sense_reason_t
spc_emulate_testunitready(struct se_cmd * cmd)1278 spc_emulate_testunitready(struct se_cmd *cmd)
1279 {
1280 	target_complete_cmd(cmd, GOOD);
1281 	return 0;
1282 }
1283 
1284 sense_reason_t
spc_parse_cdb(struct se_cmd * cmd,unsigned int * size)1285 spc_parse_cdb(struct se_cmd *cmd, unsigned int *size)
1286 {
1287 	struct se_device *dev = cmd->se_dev;
1288 	unsigned char *cdb = cmd->t_task_cdb;
1289 
1290 	if (!dev->dev_attrib.emulate_pr &&
1291 	    ((cdb[0] == PERSISTENT_RESERVE_IN) ||
1292 	     (cdb[0] == PERSISTENT_RESERVE_OUT) ||
1293 	     (cdb[0] == RELEASE || cdb[0] == RELEASE_10) ||
1294 	     (cdb[0] == RESERVE || cdb[0] == RESERVE_10))) {
1295 		return TCM_UNSUPPORTED_SCSI_OPCODE;
1296 	}
1297 
1298 	switch (cdb[0]) {
1299 	case MODE_SELECT:
1300 		*size = cdb[4];
1301 		cmd->execute_cmd = spc_emulate_modeselect;
1302 		break;
1303 	case MODE_SELECT_10:
1304 		*size = get_unaligned_be16(&cdb[7]);
1305 		cmd->execute_cmd = spc_emulate_modeselect;
1306 		break;
1307 	case MODE_SENSE:
1308 		*size = cdb[4];
1309 		cmd->execute_cmd = spc_emulate_modesense;
1310 		break;
1311 	case MODE_SENSE_10:
1312 		*size = get_unaligned_be16(&cdb[7]);
1313 		cmd->execute_cmd = spc_emulate_modesense;
1314 		break;
1315 	case LOG_SELECT:
1316 	case LOG_SENSE:
1317 		*size = get_unaligned_be16(&cdb[7]);
1318 		break;
1319 	case PERSISTENT_RESERVE_IN:
1320 		*size = get_unaligned_be16(&cdb[7]);
1321 		cmd->execute_cmd = target_scsi3_emulate_pr_in;
1322 		break;
1323 	case PERSISTENT_RESERVE_OUT:
1324 		*size = get_unaligned_be32(&cdb[5]);
1325 		cmd->execute_cmd = target_scsi3_emulate_pr_out;
1326 		break;
1327 	case RELEASE:
1328 	case RELEASE_10:
1329 		if (cdb[0] == RELEASE_10)
1330 			*size = get_unaligned_be16(&cdb[7]);
1331 		else
1332 			*size = cmd->data_length;
1333 
1334 		cmd->execute_cmd = target_scsi2_reservation_release;
1335 		break;
1336 	case RESERVE:
1337 	case RESERVE_10:
1338 		/*
1339 		 * The SPC-2 RESERVE does not contain a size in the SCSI CDB.
1340 		 * Assume the passthrough or $FABRIC_MOD will tell us about it.
1341 		 */
1342 		if (cdb[0] == RESERVE_10)
1343 			*size = get_unaligned_be16(&cdb[7]);
1344 		else
1345 			*size = cmd->data_length;
1346 
1347 		cmd->execute_cmd = target_scsi2_reservation_reserve;
1348 		break;
1349 	case REQUEST_SENSE:
1350 		*size = cdb[4];
1351 		cmd->execute_cmd = spc_emulate_request_sense;
1352 		break;
1353 	case INQUIRY:
1354 		*size = get_unaligned_be16(&cdb[3]);
1355 
1356 		/*
1357 		 * Do implicit HEAD_OF_QUEUE processing for INQUIRY.
1358 		 * See spc4r17 section 5.3
1359 		 */
1360 		cmd->sam_task_attr = TCM_HEAD_TAG;
1361 		cmd->execute_cmd = spc_emulate_inquiry;
1362 		break;
1363 	case SECURITY_PROTOCOL_IN:
1364 	case SECURITY_PROTOCOL_OUT:
1365 		*size = get_unaligned_be32(&cdb[6]);
1366 		break;
1367 	case EXTENDED_COPY:
1368 		*size = get_unaligned_be32(&cdb[10]);
1369 		cmd->execute_cmd = target_do_xcopy;
1370 		break;
1371 	case RECEIVE_COPY_RESULTS:
1372 		*size = get_unaligned_be32(&cdb[10]);
1373 		cmd->execute_cmd = target_do_receive_copy_results;
1374 		break;
1375 	case READ_ATTRIBUTE:
1376 	case WRITE_ATTRIBUTE:
1377 		*size = get_unaligned_be32(&cdb[10]);
1378 		break;
1379 	case RECEIVE_DIAGNOSTIC:
1380 	case SEND_DIAGNOSTIC:
1381 		*size = get_unaligned_be16(&cdb[3]);
1382 		break;
1383 	case WRITE_BUFFER:
1384 		*size = get_unaligned_be24(&cdb[6]);
1385 		break;
1386 	case REPORT_LUNS:
1387 		cmd->execute_cmd = spc_emulate_report_luns;
1388 		*size = get_unaligned_be32(&cdb[6]);
1389 		/*
1390 		 * Do implicit HEAD_OF_QUEUE processing for REPORT_LUNS
1391 		 * See spc4r17 section 5.3
1392 		 */
1393 		cmd->sam_task_attr = TCM_HEAD_TAG;
1394 		break;
1395 	case TEST_UNIT_READY:
1396 		cmd->execute_cmd = spc_emulate_testunitready;
1397 		*size = 0;
1398 		break;
1399 	case MAINTENANCE_IN:
1400 		if (dev->transport->get_device_type(dev) != TYPE_ROM) {
1401 			/*
1402 			 * MAINTENANCE_IN from SCC-2
1403 			 * Check for emulated MI_REPORT_TARGET_PGS
1404 			 */
1405 			if ((cdb[1] & 0x1f) == MI_REPORT_TARGET_PGS) {
1406 				cmd->execute_cmd =
1407 					target_emulate_report_target_port_groups;
1408 			}
1409 			*size = get_unaligned_be32(&cdb[6]);
1410 		} else {
1411 			/*
1412 			 * GPCMD_SEND_KEY from multi media commands
1413 			 */
1414 			*size = get_unaligned_be16(&cdb[8]);
1415 		}
1416 		break;
1417 	case MAINTENANCE_OUT:
1418 		if (dev->transport->get_device_type(dev) != TYPE_ROM) {
1419 			/*
1420 			 * MAINTENANCE_OUT from SCC-2
1421 			 * Check for emulated MO_SET_TARGET_PGS.
1422 			 */
1423 			if (cdb[1] == MO_SET_TARGET_PGS) {
1424 				cmd->execute_cmd =
1425 					target_emulate_set_target_port_groups;
1426 			}
1427 			*size = get_unaligned_be32(&cdb[6]);
1428 		} else {
1429 			/*
1430 			 * GPCMD_SEND_KEY from multi media commands
1431 			 */
1432 			*size = get_unaligned_be16(&cdb[8]);
1433 		}
1434 		break;
1435 	default:
1436 		return TCM_UNSUPPORTED_SCSI_OPCODE;
1437 	}
1438 
1439 	return 0;
1440 }
1441 EXPORT_SYMBOL(spc_parse_cdb);
1442