Merge branch 'upstream' of git://git.infradead.org/users/pcmoore/audit
[firefly-linux-kernel-4.4.55.git] / drivers / target / iscsi / iscsi_target_erl0.c
1 /******************************************************************************
2  * This file contains error recovery level zero functions used by
3  * the iSCSI Target driver.
4  *
5  * (c) Copyright 2007-2013 Datera, Inc.
6  *
7  * Author: Nicholas A. Bellinger <nab@linux-iscsi.org>
8  *
9  * This program is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  ******************************************************************************/
19
20 #include <scsi/iscsi_proto.h>
21 #include <target/target_core_base.h>
22 #include <target/target_core_fabric.h>
23
24 #include <target/iscsi/iscsi_target_core.h>
25 #include "iscsi_target_seq_pdu_list.h"
26 #include "iscsi_target_erl0.h"
27 #include "iscsi_target_erl1.h"
28 #include "iscsi_target_erl2.h"
29 #include "iscsi_target_util.h"
30 #include "iscsi_target.h"
31
32 /*
33  *      Used to set values in struct iscsi_cmd that iscsit_dataout_check_sequence()
34  *      checks against to determine a PDU's Offset+Length is within the current
35  *      DataOUT Sequence.  Used for DataSequenceInOrder=Yes only.
36  */
37 void iscsit_set_dataout_sequence_values(
38         struct iscsi_cmd *cmd)
39 {
40         struct iscsi_conn *conn = cmd->conn;
41         /*
42          * Still set seq_start_offset and seq_end_offset for Unsolicited
43          * DataOUT, even if DataSequenceInOrder=No.
44          */
45         if (cmd->unsolicited_data) {
46                 cmd->seq_start_offset = cmd->write_data_done;
47                 cmd->seq_end_offset = (cmd->write_data_done +
48                         ((cmd->se_cmd.data_length >
49                           conn->sess->sess_ops->FirstBurstLength) ?
50                          conn->sess->sess_ops->FirstBurstLength : cmd->se_cmd.data_length));
51                 return;
52         }
53
54         if (!conn->sess->sess_ops->DataSequenceInOrder)
55                 return;
56
57         if (!cmd->seq_start_offset && !cmd->seq_end_offset) {
58                 cmd->seq_start_offset = cmd->write_data_done;
59                 cmd->seq_end_offset = (cmd->se_cmd.data_length >
60                         conn->sess->sess_ops->MaxBurstLength) ?
61                         (cmd->write_data_done +
62                         conn->sess->sess_ops->MaxBurstLength) : cmd->se_cmd.data_length;
63         } else {
64                 cmd->seq_start_offset = cmd->seq_end_offset;
65                 cmd->seq_end_offset = ((cmd->seq_end_offset +
66                         conn->sess->sess_ops->MaxBurstLength) >=
67                         cmd->se_cmd.data_length) ? cmd->se_cmd.data_length :
68                         (cmd->seq_end_offset +
69                          conn->sess->sess_ops->MaxBurstLength);
70         }
71 }
72
73 static int iscsit_dataout_within_command_recovery_check(
74         struct iscsi_cmd *cmd,
75         unsigned char *buf)
76 {
77         struct iscsi_conn *conn = cmd->conn;
78         struct iscsi_data *hdr = (struct iscsi_data *) buf;
79         u32 payload_length = ntoh24(hdr->dlength);
80
81         /*
82          * We do the within-command recovery checks here as it is
83          * the first function called in iscsi_check_pre_dataout().
84          * Basically, if we are in within-command recovery and
85          * the PDU does not contain the offset the sequence needs,
86          * dump the payload.
87          *
88          * This only applies to DataPDUInOrder=Yes, for
89          * DataPDUInOrder=No we only re-request the failed PDU
90          * and check that all PDUs in a sequence are received
91          * upon end of sequence.
92          */
93         if (conn->sess->sess_ops->DataSequenceInOrder) {
94                 if ((cmd->cmd_flags & ICF_WITHIN_COMMAND_RECOVERY) &&
95                     cmd->write_data_done != be32_to_cpu(hdr->offset))
96                         goto dump;
97
98                 cmd->cmd_flags &= ~ICF_WITHIN_COMMAND_RECOVERY;
99         } else {
100                 struct iscsi_seq *seq;
101
102                 seq = iscsit_get_seq_holder(cmd, be32_to_cpu(hdr->offset),
103                                             payload_length);
104                 if (!seq)
105                         return DATAOUT_CANNOT_RECOVER;
106                 /*
107                  * Set the struct iscsi_seq pointer to reuse later.
108                  */
109                 cmd->seq_ptr = seq;
110
111                 if (conn->sess->sess_ops->DataPDUInOrder) {
112                         if (seq->status ==
113                             DATAOUT_SEQUENCE_WITHIN_COMMAND_RECOVERY &&
114                            (seq->offset != be32_to_cpu(hdr->offset) ||
115                             seq->data_sn != be32_to_cpu(hdr->datasn)))
116                                 goto dump;
117                 } else {
118                         if (seq->status ==
119                              DATAOUT_SEQUENCE_WITHIN_COMMAND_RECOVERY &&
120                             seq->data_sn != be32_to_cpu(hdr->datasn))
121                                 goto dump;
122                 }
123
124                 if (seq->status == DATAOUT_SEQUENCE_COMPLETE)
125                         goto dump;
126
127                 if (seq->status != DATAOUT_SEQUENCE_COMPLETE)
128                         seq->status = 0;
129         }
130
131         return DATAOUT_NORMAL;
132
133 dump:
134         pr_err("Dumping DataOUT PDU Offset: %u Length: %d DataSN:"
135                 " 0x%08x\n", hdr->offset, payload_length, hdr->datasn);
136         return iscsit_dump_data_payload(conn, payload_length, 1);
137 }
138
139 static int iscsit_dataout_check_unsolicited_sequence(
140         struct iscsi_cmd *cmd,
141         unsigned char *buf)
142 {
143         u32 first_burst_len;
144         struct iscsi_conn *conn = cmd->conn;
145         struct iscsi_data *hdr = (struct iscsi_data *) buf;
146         u32 payload_length = ntoh24(hdr->dlength);
147
148
149         if ((be32_to_cpu(hdr->offset) < cmd->seq_start_offset) ||
150            ((be32_to_cpu(hdr->offset) + payload_length) > cmd->seq_end_offset)) {
151                 pr_err("Command ITT: 0x%08x with Offset: %u,"
152                 " Length: %u outside of Unsolicited Sequence %u:%u while"
153                 " DataSequenceInOrder=Yes.\n", cmd->init_task_tag,
154                 be32_to_cpu(hdr->offset), payload_length, cmd->seq_start_offset,
155                         cmd->seq_end_offset);
156                 return DATAOUT_CANNOT_RECOVER;
157         }
158
159         first_burst_len = (cmd->first_burst_len + payload_length);
160
161         if (first_burst_len > conn->sess->sess_ops->FirstBurstLength) {
162                 pr_err("Total %u bytes exceeds FirstBurstLength: %u"
163                         " for this Unsolicited DataOut Burst.\n",
164                         first_burst_len, conn->sess->sess_ops->FirstBurstLength);
165                 transport_send_check_condition_and_sense(&cmd->se_cmd,
166                                 TCM_INCORRECT_AMOUNT_OF_DATA, 0);
167                 return DATAOUT_CANNOT_RECOVER;
168         }
169
170         /*
171          * Perform various MaxBurstLength and ISCSI_FLAG_CMD_FINAL sanity
172          * checks for the current Unsolicited DataOUT Sequence.
173          */
174         if (hdr->flags & ISCSI_FLAG_CMD_FINAL) {
175                 /*
176                  * Ignore ISCSI_FLAG_CMD_FINAL checks while DataPDUInOrder=No, end of
177                  * sequence checks are handled in
178                  * iscsit_dataout_datapduinorder_no_fbit().
179                  */
180                 if (!conn->sess->sess_ops->DataPDUInOrder)
181                         goto out;
182
183                 if ((first_burst_len != cmd->se_cmd.data_length) &&
184                     (first_burst_len != conn->sess->sess_ops->FirstBurstLength)) {
185                         pr_err("Unsolicited non-immediate data"
186                         " received %u does not equal FirstBurstLength: %u, and"
187                         " does not equal ExpXferLen %u.\n", first_burst_len,
188                                 conn->sess->sess_ops->FirstBurstLength,
189                                 cmd->se_cmd.data_length);
190                         transport_send_check_condition_and_sense(&cmd->se_cmd,
191                                         TCM_INCORRECT_AMOUNT_OF_DATA, 0);
192                         return DATAOUT_CANNOT_RECOVER;
193                 }
194         } else {
195                 if (first_burst_len == conn->sess->sess_ops->FirstBurstLength) {
196                         pr_err("Command ITT: 0x%08x reached"
197                         " FirstBurstLength: %u, but ISCSI_FLAG_CMD_FINAL is not set. protocol"
198                                 " error.\n", cmd->init_task_tag,
199                                 conn->sess->sess_ops->FirstBurstLength);
200                         return DATAOUT_CANNOT_RECOVER;
201                 }
202                 if (first_burst_len == cmd->se_cmd.data_length) {
203                         pr_err("Command ITT: 0x%08x reached"
204                         " ExpXferLen: %u, but ISCSI_FLAG_CMD_FINAL is not set. protocol"
205                         " error.\n", cmd->init_task_tag, cmd->se_cmd.data_length);
206                         return DATAOUT_CANNOT_RECOVER;
207                 }
208         }
209
210 out:
211         return DATAOUT_NORMAL;
212 }
213
214 static int iscsit_dataout_check_sequence(
215         struct iscsi_cmd *cmd,
216         unsigned char *buf)
217 {
218         u32 next_burst_len;
219         struct iscsi_conn *conn = cmd->conn;
220         struct iscsi_seq *seq = NULL;
221         struct iscsi_data *hdr = (struct iscsi_data *) buf;
222         u32 payload_length = ntoh24(hdr->dlength);
223
224         /*
225          * For DataSequenceInOrder=Yes: Check that the offset and offset+length
226          * is within range as defined by iscsi_set_dataout_sequence_values().
227          *
228          * For DataSequenceInOrder=No: Check that an struct iscsi_seq exists for
229          * offset+length tuple.
230          */
231         if (conn->sess->sess_ops->DataSequenceInOrder) {
232                 /*
233                  * Due to possibility of recovery DataOUT sent by the initiator
234                  * fullfilling an Recovery R2T, it's best to just dump the
235                  * payload here, instead of erroring out.
236                  */
237                 if ((be32_to_cpu(hdr->offset) < cmd->seq_start_offset) ||
238                    ((be32_to_cpu(hdr->offset) + payload_length) > cmd->seq_end_offset)) {
239                         pr_err("Command ITT: 0x%08x with Offset: %u,"
240                         " Length: %u outside of Sequence %u:%u while"
241                         " DataSequenceInOrder=Yes.\n", cmd->init_task_tag,
242                         be32_to_cpu(hdr->offset), payload_length, cmd->seq_start_offset,
243                                 cmd->seq_end_offset);
244
245                         if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
246                                 return DATAOUT_CANNOT_RECOVER;
247                         return DATAOUT_WITHIN_COMMAND_RECOVERY;
248                 }
249
250                 next_burst_len = (cmd->next_burst_len + payload_length);
251         } else {
252                 seq = iscsit_get_seq_holder(cmd, be32_to_cpu(hdr->offset),
253                                             payload_length);
254                 if (!seq)
255                         return DATAOUT_CANNOT_RECOVER;
256                 /*
257                  * Set the struct iscsi_seq pointer to reuse later.
258                  */
259                 cmd->seq_ptr = seq;
260
261                 if (seq->status == DATAOUT_SEQUENCE_COMPLETE) {
262                         if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
263                                 return DATAOUT_CANNOT_RECOVER;
264                         return DATAOUT_WITHIN_COMMAND_RECOVERY;
265                 }
266
267                 next_burst_len = (seq->next_burst_len + payload_length);
268         }
269
270         if (next_burst_len > conn->sess->sess_ops->MaxBurstLength) {
271                 pr_err("Command ITT: 0x%08x, NextBurstLength: %u and"
272                         " Length: %u exceeds MaxBurstLength: %u. protocol"
273                         " error.\n", cmd->init_task_tag,
274                         (next_burst_len - payload_length),
275                         payload_length, conn->sess->sess_ops->MaxBurstLength);
276                 return DATAOUT_CANNOT_RECOVER;
277         }
278
279         /*
280          * Perform various MaxBurstLength and ISCSI_FLAG_CMD_FINAL sanity
281          * checks for the current DataOUT Sequence.
282          */
283         if (hdr->flags & ISCSI_FLAG_CMD_FINAL) {
284                 /*
285                  * Ignore ISCSI_FLAG_CMD_FINAL checks while DataPDUInOrder=No, end of
286                  * sequence checks are handled in
287                  * iscsit_dataout_datapduinorder_no_fbit().
288                  */
289                 if (!conn->sess->sess_ops->DataPDUInOrder)
290                         goto out;
291
292                 if (conn->sess->sess_ops->DataSequenceInOrder) {
293                         if ((next_burst_len <
294                              conn->sess->sess_ops->MaxBurstLength) &&
295                            ((cmd->write_data_done + payload_length) <
296                              cmd->se_cmd.data_length)) {
297                                 pr_err("Command ITT: 0x%08x set ISCSI_FLAG_CMD_FINAL"
298                                 " before end of DataOUT sequence, protocol"
299                                 " error.\n", cmd->init_task_tag);
300                                 return DATAOUT_CANNOT_RECOVER;
301                         }
302                 } else {
303                         if (next_burst_len < seq->xfer_len) {
304                                 pr_err("Command ITT: 0x%08x set ISCSI_FLAG_CMD_FINAL"
305                                 " before end of DataOUT sequence, protocol"
306                                 " error.\n", cmd->init_task_tag);
307                                 return DATAOUT_CANNOT_RECOVER;
308                         }
309                 }
310         } else {
311                 if (conn->sess->sess_ops->DataSequenceInOrder) {
312                         if (next_burst_len ==
313                                         conn->sess->sess_ops->MaxBurstLength) {
314                                 pr_err("Command ITT: 0x%08x reached"
315                                 " MaxBurstLength: %u, but ISCSI_FLAG_CMD_FINAL is"
316                                 " not set, protocol error.", cmd->init_task_tag,
317                                         conn->sess->sess_ops->MaxBurstLength);
318                                 return DATAOUT_CANNOT_RECOVER;
319                         }
320                         if ((cmd->write_data_done + payload_length) ==
321                                         cmd->se_cmd.data_length) {
322                                 pr_err("Command ITT: 0x%08x reached"
323                                 " last DataOUT PDU in sequence but ISCSI_FLAG_"
324                                 "CMD_FINAL is not set, protocol error.\n",
325                                         cmd->init_task_tag);
326                                 return DATAOUT_CANNOT_RECOVER;
327                         }
328                 } else {
329                         if (next_burst_len == seq->xfer_len) {
330                                 pr_err("Command ITT: 0x%08x reached"
331                                 " last DataOUT PDU in sequence but ISCSI_FLAG_"
332                                 "CMD_FINAL is not set, protocol error.\n",
333                                         cmd->init_task_tag);
334                                 return DATAOUT_CANNOT_RECOVER;
335                         }
336                 }
337         }
338
339 out:
340         return DATAOUT_NORMAL;
341 }
342
343 static int iscsit_dataout_check_datasn(
344         struct iscsi_cmd *cmd,
345         unsigned char *buf)
346 {
347         u32 data_sn = 0;
348         struct iscsi_conn *conn = cmd->conn;
349         struct iscsi_data *hdr = (struct iscsi_data *) buf;
350         u32 payload_length = ntoh24(hdr->dlength);
351
352         /*
353          * Considering the target has no method of re-requesting DataOUT
354          * by DataSN, if we receieve a greater DataSN than expected we
355          * assume the functions for DataPDUInOrder=[Yes,No] below will
356          * handle it.
357          *
358          * If the DataSN is less than expected, dump the payload.
359          */
360         if (conn->sess->sess_ops->DataSequenceInOrder)
361                 data_sn = cmd->data_sn;
362         else {
363                 struct iscsi_seq *seq = cmd->seq_ptr;
364                 data_sn = seq->data_sn;
365         }
366
367         if (be32_to_cpu(hdr->datasn) > data_sn) {
368                 pr_err("Command ITT: 0x%08x, received DataSN: 0x%08x"
369                         " higher than expected 0x%08x.\n", cmd->init_task_tag,
370                                 be32_to_cpu(hdr->datasn), data_sn);
371                 goto recover;
372         } else if (be32_to_cpu(hdr->datasn) < data_sn) {
373                 pr_err("Command ITT: 0x%08x, received DataSN: 0x%08x"
374                         " lower than expected 0x%08x, discarding payload.\n",
375                         cmd->init_task_tag, be32_to_cpu(hdr->datasn), data_sn);
376                 goto dump;
377         }
378
379         return DATAOUT_NORMAL;
380
381 recover:
382         if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
383                 pr_err("Unable to perform within-command recovery"
384                                 " while ERL=0.\n");
385                 return DATAOUT_CANNOT_RECOVER;
386         }
387 dump:
388         if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
389                 return DATAOUT_CANNOT_RECOVER;
390
391         return DATAOUT_WITHIN_COMMAND_RECOVERY;
392 }
393
394 static int iscsit_dataout_pre_datapduinorder_yes(
395         struct iscsi_cmd *cmd,
396         unsigned char *buf)
397 {
398         int dump = 0, recovery = 0;
399         struct iscsi_conn *conn = cmd->conn;
400         struct iscsi_data *hdr = (struct iscsi_data *) buf;
401         u32 payload_length = ntoh24(hdr->dlength);
402
403         /*
404          * For DataSequenceInOrder=Yes: If the offset is greater than the global
405          * DataPDUInOrder=Yes offset counter in struct iscsi_cmd a protcol error has
406          * occurred and fail the connection.
407          *
408          * For DataSequenceInOrder=No: If the offset is greater than the per
409          * sequence DataPDUInOrder=Yes offset counter in struct iscsi_seq a protocol
410          * error has occurred and fail the connection.
411          */
412         if (conn->sess->sess_ops->DataSequenceInOrder) {
413                 if (be32_to_cpu(hdr->offset) != cmd->write_data_done) {
414                         pr_err("Command ITT: 0x%08x, received offset"
415                         " %u different than expected %u.\n", cmd->init_task_tag,
416                                 be32_to_cpu(hdr->offset), cmd->write_data_done);
417                         recovery = 1;
418                         goto recover;
419                 }
420         } else {
421                 struct iscsi_seq *seq = cmd->seq_ptr;
422
423                 if (be32_to_cpu(hdr->offset) > seq->offset) {
424                         pr_err("Command ITT: 0x%08x, received offset"
425                         " %u greater than expected %u.\n", cmd->init_task_tag,
426                                 be32_to_cpu(hdr->offset), seq->offset);
427                         recovery = 1;
428                         goto recover;
429                 } else if (be32_to_cpu(hdr->offset) < seq->offset) {
430                         pr_err("Command ITT: 0x%08x, received offset"
431                         " %u less than expected %u, discarding payload.\n",
432                                 cmd->init_task_tag, be32_to_cpu(hdr->offset),
433                                 seq->offset);
434                         dump = 1;
435                         goto dump;
436                 }
437         }
438
439         return DATAOUT_NORMAL;
440
441 recover:
442         if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
443                 pr_err("Unable to perform within-command recovery"
444                                 " while ERL=0.\n");
445                 return DATAOUT_CANNOT_RECOVER;
446         }
447 dump:
448         if (iscsit_dump_data_payload(conn, payload_length, 1) < 0)
449                 return DATAOUT_CANNOT_RECOVER;
450
451         return (recovery) ? iscsit_recover_dataout_sequence(cmd,
452                 be32_to_cpu(hdr->offset), payload_length) :
453                (dump) ? DATAOUT_WITHIN_COMMAND_RECOVERY : DATAOUT_NORMAL;
454 }
455
456 static int iscsit_dataout_pre_datapduinorder_no(
457         struct iscsi_cmd *cmd,
458         unsigned char *buf)
459 {
460         struct iscsi_pdu *pdu;
461         struct iscsi_data *hdr = (struct iscsi_data *) buf;
462         u32 payload_length = ntoh24(hdr->dlength);
463
464         pdu = iscsit_get_pdu_holder(cmd, be32_to_cpu(hdr->offset),
465                                     payload_length);
466         if (!pdu)
467                 return DATAOUT_CANNOT_RECOVER;
468
469         cmd->pdu_ptr = pdu;
470
471         switch (pdu->status) {
472         case ISCSI_PDU_NOT_RECEIVED:
473         case ISCSI_PDU_CRC_FAILED:
474         case ISCSI_PDU_TIMED_OUT:
475                 break;
476         case ISCSI_PDU_RECEIVED_OK:
477                 pr_err("Command ITT: 0x%08x received already gotten"
478                         " Offset: %u, Length: %u\n", cmd->init_task_tag,
479                                 be32_to_cpu(hdr->offset), payload_length);
480                 return iscsit_dump_data_payload(cmd->conn, payload_length, 1);
481         default:
482                 return DATAOUT_CANNOT_RECOVER;
483         }
484
485         return DATAOUT_NORMAL;
486 }
487
488 static int iscsit_dataout_update_r2t(struct iscsi_cmd *cmd, u32 offset, u32 length)
489 {
490         struct iscsi_r2t *r2t;
491
492         if (cmd->unsolicited_data)
493                 return 0;
494
495         r2t = iscsit_get_r2t_for_eos(cmd, offset, length);
496         if (!r2t)
497                 return -1;
498
499         spin_lock_bh(&cmd->r2t_lock);
500         r2t->seq_complete = 1;
501         cmd->outstanding_r2ts--;
502         spin_unlock_bh(&cmd->r2t_lock);
503
504         return 0;
505 }
506
507 static int iscsit_dataout_update_datapduinorder_no(
508         struct iscsi_cmd *cmd,
509         u32 data_sn,
510         int f_bit)
511 {
512         int ret = 0;
513         struct iscsi_pdu *pdu = cmd->pdu_ptr;
514
515         pdu->data_sn = data_sn;
516
517         switch (pdu->status) {
518         case ISCSI_PDU_NOT_RECEIVED:
519                 pdu->status = ISCSI_PDU_RECEIVED_OK;
520                 break;
521         case ISCSI_PDU_CRC_FAILED:
522                 pdu->status = ISCSI_PDU_RECEIVED_OK;
523                 break;
524         case ISCSI_PDU_TIMED_OUT:
525                 pdu->status = ISCSI_PDU_RECEIVED_OK;
526                 break;
527         default:
528                 return DATAOUT_CANNOT_RECOVER;
529         }
530
531         if (f_bit) {
532                 ret = iscsit_dataout_datapduinorder_no_fbit(cmd, pdu);
533                 if (ret == DATAOUT_CANNOT_RECOVER)
534                         return ret;
535         }
536
537         return DATAOUT_NORMAL;
538 }
539
540 static int iscsit_dataout_post_crc_passed(
541         struct iscsi_cmd *cmd,
542         unsigned char *buf)
543 {
544         int ret, send_r2t = 0;
545         struct iscsi_conn *conn = cmd->conn;
546         struct iscsi_seq *seq = NULL;
547         struct iscsi_data *hdr = (struct iscsi_data *) buf;
548         u32 payload_length = ntoh24(hdr->dlength);
549
550         if (cmd->unsolicited_data) {
551                 if ((cmd->first_burst_len + payload_length) ==
552                      conn->sess->sess_ops->FirstBurstLength) {
553                         if (iscsit_dataout_update_r2t(cmd, be32_to_cpu(hdr->offset),
554                                         payload_length) < 0)
555                                 return DATAOUT_CANNOT_RECOVER;
556                         send_r2t = 1;
557                 }
558
559                 if (!conn->sess->sess_ops->DataPDUInOrder) {
560                         ret = iscsit_dataout_update_datapduinorder_no(cmd,
561                                 be32_to_cpu(hdr->datasn),
562                                 (hdr->flags & ISCSI_FLAG_CMD_FINAL));
563                         if (ret == DATAOUT_CANNOT_RECOVER)
564                                 return ret;
565                 }
566
567                 cmd->first_burst_len += payload_length;
568
569                 if (conn->sess->sess_ops->DataSequenceInOrder)
570                         cmd->data_sn++;
571                 else {
572                         seq = cmd->seq_ptr;
573                         seq->data_sn++;
574                         seq->offset += payload_length;
575                 }
576
577                 if (send_r2t) {
578                         if (seq)
579                                 seq->status = DATAOUT_SEQUENCE_COMPLETE;
580                         cmd->first_burst_len = 0;
581                         cmd->unsolicited_data = 0;
582                 }
583         } else {
584                 if (conn->sess->sess_ops->DataSequenceInOrder) {
585                         if ((cmd->next_burst_len + payload_length) ==
586                              conn->sess->sess_ops->MaxBurstLength) {
587                                 if (iscsit_dataout_update_r2t(cmd,
588                                                 be32_to_cpu(hdr->offset),
589                                                 payload_length) < 0)
590                                         return DATAOUT_CANNOT_RECOVER;
591                                 send_r2t = 1;
592                         }
593
594                         if (!conn->sess->sess_ops->DataPDUInOrder) {
595                                 ret = iscsit_dataout_update_datapduinorder_no(
596                                                 cmd, be32_to_cpu(hdr->datasn),
597                                                 (hdr->flags & ISCSI_FLAG_CMD_FINAL));
598                                 if (ret == DATAOUT_CANNOT_RECOVER)
599                                         return ret;
600                         }
601
602                         cmd->next_burst_len += payload_length;
603                         cmd->data_sn++;
604
605                         if (send_r2t)
606                                 cmd->next_burst_len = 0;
607                 } else {
608                         seq = cmd->seq_ptr;
609
610                         if ((seq->next_burst_len + payload_length) ==
611                              seq->xfer_len) {
612                                 if (iscsit_dataout_update_r2t(cmd,
613                                                 be32_to_cpu(hdr->offset),
614                                                 payload_length) < 0)
615                                         return DATAOUT_CANNOT_RECOVER;
616                                 send_r2t = 1;
617                         }
618
619                         if (!conn->sess->sess_ops->DataPDUInOrder) {
620                                 ret = iscsit_dataout_update_datapduinorder_no(
621                                                 cmd, be32_to_cpu(hdr->datasn),
622                                                 (hdr->flags & ISCSI_FLAG_CMD_FINAL));
623                                 if (ret == DATAOUT_CANNOT_RECOVER)
624                                         return ret;
625                         }
626
627                         seq->data_sn++;
628                         seq->offset += payload_length;
629                         seq->next_burst_len += payload_length;
630
631                         if (send_r2t) {
632                                 seq->next_burst_len = 0;
633                                 seq->status = DATAOUT_SEQUENCE_COMPLETE;
634                         }
635                 }
636         }
637
638         if (send_r2t && conn->sess->sess_ops->DataSequenceInOrder)
639                 cmd->data_sn = 0;
640
641         cmd->write_data_done += payload_length;
642
643         if (cmd->write_data_done == cmd->se_cmd.data_length)
644                 return DATAOUT_SEND_TO_TRANSPORT;
645         else if (send_r2t)
646                 return DATAOUT_SEND_R2T;
647         else
648                 return DATAOUT_NORMAL;
649 }
650
651 static int iscsit_dataout_post_crc_failed(
652         struct iscsi_cmd *cmd,
653         unsigned char *buf)
654 {
655         struct iscsi_conn *conn = cmd->conn;
656         struct iscsi_pdu *pdu;
657         struct iscsi_data *hdr = (struct iscsi_data *) buf;
658         u32 payload_length = ntoh24(hdr->dlength);
659
660         if (conn->sess->sess_ops->DataPDUInOrder)
661                 goto recover;
662         /*
663          * The rest of this function is only called when DataPDUInOrder=No.
664          */
665         pdu = cmd->pdu_ptr;
666
667         switch (pdu->status) {
668         case ISCSI_PDU_NOT_RECEIVED:
669                 pdu->status = ISCSI_PDU_CRC_FAILED;
670                 break;
671         case ISCSI_PDU_CRC_FAILED:
672                 break;
673         case ISCSI_PDU_TIMED_OUT:
674                 pdu->status = ISCSI_PDU_CRC_FAILED;
675                 break;
676         default:
677                 return DATAOUT_CANNOT_RECOVER;
678         }
679
680 recover:
681         return iscsit_recover_dataout_sequence(cmd, be32_to_cpu(hdr->offset),
682                                                 payload_length);
683 }
684
685 /*
686  *      Called from iscsit_handle_data_out() before DataOUT Payload is received
687  *      and CRC computed.
688  */
689 int iscsit_check_pre_dataout(
690         struct iscsi_cmd *cmd,
691         unsigned char *buf)
692 {
693         int ret;
694         struct iscsi_conn *conn = cmd->conn;
695
696         ret = iscsit_dataout_within_command_recovery_check(cmd, buf);
697         if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
698             (ret == DATAOUT_CANNOT_RECOVER))
699                 return ret;
700
701         ret = iscsit_dataout_check_datasn(cmd, buf);
702         if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
703             (ret == DATAOUT_CANNOT_RECOVER))
704                 return ret;
705
706         if (cmd->unsolicited_data) {
707                 ret = iscsit_dataout_check_unsolicited_sequence(cmd, buf);
708                 if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
709                     (ret == DATAOUT_CANNOT_RECOVER))
710                         return ret;
711         } else {
712                 ret = iscsit_dataout_check_sequence(cmd, buf);
713                 if ((ret == DATAOUT_WITHIN_COMMAND_RECOVERY) ||
714                     (ret == DATAOUT_CANNOT_RECOVER))
715                         return ret;
716         }
717
718         return (conn->sess->sess_ops->DataPDUInOrder) ?
719                 iscsit_dataout_pre_datapduinorder_yes(cmd, buf) :
720                 iscsit_dataout_pre_datapduinorder_no(cmd, buf);
721 }
722
723 /*
724  *      Called from iscsit_handle_data_out() after DataOUT Payload is received
725  *      and CRC computed.
726  */
727 int iscsit_check_post_dataout(
728         struct iscsi_cmd *cmd,
729         unsigned char *buf,
730         u8 data_crc_failed)
731 {
732         struct iscsi_conn *conn = cmd->conn;
733
734         cmd->dataout_timeout_retries = 0;
735
736         if (!data_crc_failed)
737                 return iscsit_dataout_post_crc_passed(cmd, buf);
738         else {
739                 if (!conn->sess->sess_ops->ErrorRecoveryLevel) {
740                         pr_err("Unable to recover from DataOUT CRC"
741                                 " failure while ERL=0, closing session.\n");
742                         iscsit_reject_cmd(cmd, ISCSI_REASON_DATA_DIGEST_ERROR,
743                                           buf);
744                         return DATAOUT_CANNOT_RECOVER;
745                 }
746
747                 iscsit_reject_cmd(cmd, ISCSI_REASON_DATA_DIGEST_ERROR, buf);
748                 return iscsit_dataout_post_crc_failed(cmd, buf);
749         }
750 }
751
752 static void iscsit_handle_time2retain_timeout(unsigned long data)
753 {
754         struct iscsi_session *sess = (struct iscsi_session *) data;
755         struct iscsi_portal_group *tpg = sess->tpg;
756         struct se_portal_group *se_tpg = &tpg->tpg_se_tpg;
757
758         spin_lock_bh(&se_tpg->session_lock);
759         if (sess->time2retain_timer_flags & ISCSI_TF_STOP) {
760                 spin_unlock_bh(&se_tpg->session_lock);
761                 return;
762         }
763         if (atomic_read(&sess->session_reinstatement)) {
764                 pr_err("Exiting Time2Retain handler because"
765                                 " session_reinstatement=1\n");
766                 spin_unlock_bh(&se_tpg->session_lock);
767                 return;
768         }
769         sess->time2retain_timer_flags |= ISCSI_TF_EXPIRED;
770
771         pr_err("Time2Retain timer expired for SID: %u, cleaning up"
772                         " iSCSI session.\n", sess->sid);
773         {
774         struct iscsi_tiqn *tiqn = tpg->tpg_tiqn;
775
776         if (tiqn) {
777                 spin_lock(&tiqn->sess_err_stats.lock);
778                 strcpy(tiqn->sess_err_stats.last_sess_fail_rem_name,
779                         (void *)sess->sess_ops->InitiatorName);
780                 tiqn->sess_err_stats.last_sess_failure_type =
781                                 ISCSI_SESS_ERR_CXN_TIMEOUT;
782                 tiqn->sess_err_stats.cxn_timeout_errors++;
783                 atomic_long_inc(&sess->conn_timeout_errors);
784                 spin_unlock(&tiqn->sess_err_stats.lock);
785         }
786         }
787
788         spin_unlock_bh(&se_tpg->session_lock);
789         target_put_session(sess->se_sess);
790 }
791
792 void iscsit_start_time2retain_handler(struct iscsi_session *sess)
793 {
794         int tpg_active;
795         /*
796          * Only start Time2Retain timer when the associated TPG is still in
797          * an ACTIVE (eg: not disabled or shutdown) state.
798          */
799         spin_lock(&sess->tpg->tpg_state_lock);
800         tpg_active = (sess->tpg->tpg_state == TPG_STATE_ACTIVE);
801         spin_unlock(&sess->tpg->tpg_state_lock);
802
803         if (!tpg_active)
804                 return;
805
806         if (sess->time2retain_timer_flags & ISCSI_TF_RUNNING)
807                 return;
808
809         pr_debug("Starting Time2Retain timer for %u seconds on"
810                 " SID: %u\n", sess->sess_ops->DefaultTime2Retain, sess->sid);
811
812         init_timer(&sess->time2retain_timer);
813         sess->time2retain_timer.expires =
814                 (get_jiffies_64() + sess->sess_ops->DefaultTime2Retain * HZ);
815         sess->time2retain_timer.data = (unsigned long)sess;
816         sess->time2retain_timer.function = iscsit_handle_time2retain_timeout;
817         sess->time2retain_timer_flags &= ~ISCSI_TF_STOP;
818         sess->time2retain_timer_flags |= ISCSI_TF_RUNNING;
819         add_timer(&sess->time2retain_timer);
820 }
821
822 /*
823  *      Called with spin_lock_bh(&struct se_portal_group->session_lock) held
824  */
825 int iscsit_stop_time2retain_timer(struct iscsi_session *sess)
826 {
827         struct iscsi_portal_group *tpg = sess->tpg;
828         struct se_portal_group *se_tpg = &tpg->tpg_se_tpg;
829
830         if (sess->time2retain_timer_flags & ISCSI_TF_EXPIRED)
831                 return -1;
832
833         if (!(sess->time2retain_timer_flags & ISCSI_TF_RUNNING))
834                 return 0;
835
836         sess->time2retain_timer_flags |= ISCSI_TF_STOP;
837         spin_unlock(&se_tpg->session_lock);
838
839         del_timer_sync(&sess->time2retain_timer);
840
841         spin_lock(&se_tpg->session_lock);
842         sess->time2retain_timer_flags &= ~ISCSI_TF_RUNNING;
843         pr_debug("Stopped Time2Retain Timer for SID: %u\n",
844                         sess->sid);
845         return 0;
846 }
847
848 void iscsit_connection_reinstatement_rcfr(struct iscsi_conn *conn)
849 {
850         spin_lock_bh(&conn->state_lock);
851         if (atomic_read(&conn->connection_exit)) {
852                 spin_unlock_bh(&conn->state_lock);
853                 goto sleep;
854         }
855
856         if (atomic_read(&conn->transport_failed)) {
857                 spin_unlock_bh(&conn->state_lock);
858                 goto sleep;
859         }
860         spin_unlock_bh(&conn->state_lock);
861
862         if (conn->tx_thread && conn->tx_thread_active)
863                 send_sig(SIGINT, conn->tx_thread, 1);
864         if (conn->rx_thread && conn->rx_thread_active)
865                 send_sig(SIGINT, conn->rx_thread, 1);
866
867 sleep:
868         wait_for_completion(&conn->conn_wait_rcfr_comp);
869         complete(&conn->conn_post_wait_comp);
870 }
871
872 void iscsit_cause_connection_reinstatement(struct iscsi_conn *conn, int sleep)
873 {
874         spin_lock_bh(&conn->state_lock);
875         if (atomic_read(&conn->connection_exit)) {
876                 spin_unlock_bh(&conn->state_lock);
877                 return;
878         }
879
880         if (atomic_read(&conn->transport_failed)) {
881                 spin_unlock_bh(&conn->state_lock);
882                 return;
883         }
884
885         if (atomic_read(&conn->connection_reinstatement)) {
886                 spin_unlock_bh(&conn->state_lock);
887                 return;
888         }
889
890         if (conn->tx_thread && conn->tx_thread_active)
891                 send_sig(SIGINT, conn->tx_thread, 1);
892         if (conn->rx_thread && conn->rx_thread_active)
893                 send_sig(SIGINT, conn->rx_thread, 1);
894
895         atomic_set(&conn->connection_reinstatement, 1);
896         if (!sleep) {
897                 spin_unlock_bh(&conn->state_lock);
898                 return;
899         }
900
901         atomic_set(&conn->sleep_on_conn_wait_comp, 1);
902         spin_unlock_bh(&conn->state_lock);
903
904         wait_for_completion(&conn->conn_wait_comp);
905         complete(&conn->conn_post_wait_comp);
906 }
907 EXPORT_SYMBOL(iscsit_cause_connection_reinstatement);
908
909 void iscsit_fall_back_to_erl0(struct iscsi_session *sess)
910 {
911         pr_debug("Falling back to ErrorRecoveryLevel=0 for SID:"
912                         " %u\n", sess->sid);
913
914         atomic_set(&sess->session_fall_back_to_erl0, 1);
915 }
916
917 static void iscsit_handle_connection_cleanup(struct iscsi_conn *conn)
918 {
919         struct iscsi_session *sess = conn->sess;
920
921         if ((sess->sess_ops->ErrorRecoveryLevel == 2) &&
922             !atomic_read(&sess->session_reinstatement) &&
923             !atomic_read(&sess->session_fall_back_to_erl0))
924                 iscsit_connection_recovery_transport_reset(conn);
925         else {
926                 pr_debug("Performing cleanup for failed iSCSI"
927                         " Connection ID: %hu from %s\n", conn->cid,
928                         sess->sess_ops->InitiatorName);
929                 iscsit_close_connection(conn);
930         }
931 }
932
933 void iscsit_take_action_for_connection_exit(struct iscsi_conn *conn)
934 {
935         spin_lock_bh(&conn->state_lock);
936         if (atomic_read(&conn->connection_exit)) {
937                 spin_unlock_bh(&conn->state_lock);
938                 return;
939         }
940         atomic_set(&conn->connection_exit, 1);
941
942         if (conn->conn_state == TARG_CONN_STATE_IN_LOGOUT) {
943                 spin_unlock_bh(&conn->state_lock);
944                 iscsit_close_connection(conn);
945                 return;
946         }
947
948         if (conn->conn_state == TARG_CONN_STATE_CLEANUP_WAIT) {
949                 spin_unlock_bh(&conn->state_lock);
950                 return;
951         }
952
953         pr_debug("Moving to TARG_CONN_STATE_CLEANUP_WAIT.\n");
954         conn->conn_state = TARG_CONN_STATE_CLEANUP_WAIT;
955         spin_unlock_bh(&conn->state_lock);
956
957         iscsit_handle_connection_cleanup(conn);
958 }
959
960 /*
961  *      This is the simple function that makes the magic of
962  *      sync and steering happen in the follow paradoxical order:
963  *
964  *      0) Receive conn->of_marker (bytes left until next OFMarker)
965  *         bytes into an offload buffer.  When we pass the exact number
966  *         of bytes in conn->of_marker, iscsit_dump_data_payload() and hence
967  *         rx_data() will automatically receive the identical u32 marker
968  *         values and store it in conn->of_marker_offset;
969  *      1) Now conn->of_marker_offset will contain the offset to the start
970  *         of the next iSCSI PDU.  Dump these remaining bytes into another
971  *         offload buffer.
972  *      2) We are done!
973  *         Next byte in the TCP stream will contain the next iSCSI PDU!
974  *         Cool Huh?!
975  */
976 int iscsit_recover_from_unknown_opcode(struct iscsi_conn *conn)
977 {
978         /*
979          * Make sure the remaining bytes to next maker is a sane value.
980          */
981         if (conn->of_marker > (conn->conn_ops->OFMarkInt * 4)) {
982                 pr_err("Remaining bytes to OFMarker: %u exceeds"
983                         " OFMarkInt bytes: %u.\n", conn->of_marker,
984                                 conn->conn_ops->OFMarkInt * 4);
985                 return -1;
986         }
987
988         pr_debug("Advancing %u bytes in TCP stream to get to the"
989                         " next OFMarker.\n", conn->of_marker);
990
991         if (iscsit_dump_data_payload(conn, conn->of_marker, 0) < 0)
992                 return -1;
993
994         /*
995          * Make sure the offset marker we retrived is a valid value.
996          */
997         if (conn->of_marker_offset > (ISCSI_HDR_LEN + (ISCSI_CRC_LEN * 2) +
998             conn->conn_ops->MaxRecvDataSegmentLength)) {
999                 pr_err("OfMarker offset value: %u exceeds limit.\n",
1000                         conn->of_marker_offset);
1001                 return -1;
1002         }
1003
1004         pr_debug("Discarding %u bytes of TCP stream to get to the"
1005                         " next iSCSI Opcode.\n", conn->of_marker_offset);
1006
1007         if (iscsit_dump_data_payload(conn, conn->of_marker_offset, 0) < 0)
1008                 return -1;
1009
1010         return 0;
1011 }