1
/*-
2
 * SPDX-License-Identifier: BSD-2-Clause
3
 *
4
 * Copyright (c) 2012 The FreeBSD Foundation
5
 *
6
 * This software was developed by Edward Tomasz Napierala under sponsorship
7
 * from the FreeBSD Foundation.
8
 *
9
 * Redistribution and use in source and binary forms, with or without
10
 * modification, are permitted provided that the following conditions
11
 * are met:
12
 * 1. Redistributions of source code must retain the above copyright
13
 *    notice, this list of conditions and the following disclaimer.
14
 * 2. Redistributions in binary form must reproduce the above copyright
15
 *    notice, this list of conditions and the following disclaimer in the
16
 *    documentation and/or other materials provided with the distribution.
17
 *
18
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
 * SUCH DAMAGE.
29
 */
30

31
/*
32
 * CTL frontend for the iSCSI protocol.
33
 */
34

35
#include <sys/param.h>
36
#include <sys/capsicum.h>
37
#include <sys/condvar.h>
38
#include <sys/endian.h>
39
#include <sys/file.h>
40
#include <sys/kernel.h>
41
#include <sys/kthread.h>
42
#include <sys/lock.h>
43
#include <sys/malloc.h>
44
#include <sys/module.h>
45
#include <sys/mutex.h>
46
#include <sys/queue.h>
47
#include <sys/sbuf.h>
48
#include <sys/socket.h>
49
#include <sys/sysctl.h>
50
#include <sys/systm.h>
51
#include <sys/uio.h>
52
#include <sys/unistd.h>
53
#include <sys/nv.h>
54
#include <sys/dnv.h>
55
#include <vm/uma.h>
56

57
#include <cam/scsi/scsi_all.h>
58
#include <cam/scsi/scsi_da.h>
59
#include <cam/ctl/ctl_io.h>
60
#include <cam/ctl/ctl.h>
61
#include <cam/ctl/ctl_backend.h>
62
#include <cam/ctl/ctl_error.h>
63
#include <cam/ctl/ctl_frontend.h>
64
#include <cam/ctl/ctl_debug.h>
65
#include <cam/ctl/ctl_ha.h>
66
#include <cam/ctl/ctl_ioctl.h>
67
#include <cam/ctl/ctl_private.h>
68

69
#include <dev/iscsi/icl.h>
70
#include <dev/iscsi/icl_wrappers.h>
71
#include <dev/iscsi/iscsi_proto.h>
72
#include <cam/ctl/ctl_frontend_iscsi.h>
73

74
#ifdef ICL_KERNEL_PROXY
75
#include <sys/socketvar.h>
76
#endif
77

78
#ifdef ICL_KERNEL_PROXY
79
FEATURE(cfiscsi_kernel_proxy, "iSCSI target built with ICL_KERNEL_PROXY");
80
#endif
81

82
/* Used for internal nexus reset task. */
83
#define ISCSI_BHS_OPCODE_INTERNAL	0x3e
84

85
static MALLOC_DEFINE(M_CFISCSI, "cfiscsi", "Memory used for CTL iSCSI frontend");
86
static uma_zone_t cfiscsi_data_wait_zone;
87

88
SYSCTL_NODE(_kern_cam_ctl, OID_AUTO, iscsi, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
89
    "CAM Target Layer iSCSI Frontend");
90
static int debug = 1;
91
SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, debug, CTLFLAG_RWTUN,
92
    &debug, 1, "Enable debug messages");
93
static int ping_timeout = 5;
94
SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, ping_timeout, CTLFLAG_RWTUN,
95
    &ping_timeout, 5, "Interval between ping (NOP-Out) requests, in seconds");
96
static int login_timeout = 60;
97
SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, login_timeout, CTLFLAG_RWTUN,
98
    &login_timeout, 60, "Time to wait for ctld(8) to finish Login Phase, in seconds");
99
static int maxtags = 256;
100
SYSCTL_INT(_kern_cam_ctl_iscsi, OID_AUTO, maxtags, CTLFLAG_RWTUN,
101
    &maxtags, 0, "Max number of requests queued by initiator");
102

103
#define	CFISCSI_DEBUG(X, ...)						\
104
	do {								\
105
		if (debug > 1) {					\
106
			printf("%s: " X "\n",				\
107
			    __func__, ## __VA_ARGS__);			\
108
		}							\
109
	} while (0)
110

111
#define	CFISCSI_WARN(X, ...)						\
112
	do {								\
113
		if (debug > 0) {					\
114
			printf("WARNING: %s: " X "\n",			\
115
			    __func__, ## __VA_ARGS__);			\
116
		}							\
117
	} while (0)
118

119
#define	CFISCSI_SESSION_DEBUG(S, X, ...)				\
120
	do {								\
121
		if (debug > 1) {					\
122
			printf("%s: %s (%s): " X "\n",			\
123
			    __func__, S->cs_initiator_addr,		\
124
			    S->cs_initiator_name, ## __VA_ARGS__);	\
125
		}							\
126
	} while (0)
127

128
#define	CFISCSI_SESSION_WARN(S, X, ...)					\
129
	do  {								\
130
		if (debug > 0) {					\
131
			printf("WARNING: %s (%s): " X "\n",		\
132
			    S->cs_initiator_addr,			\
133
			    S->cs_initiator_name, ## __VA_ARGS__);	\
134
		}							\
135
	} while (0)
136

137
#define CFISCSI_SESSION_LOCK(X)		mtx_lock(&X->cs_lock)
138
#define CFISCSI_SESSION_UNLOCK(X)	mtx_unlock(&X->cs_lock)
139
#define CFISCSI_SESSION_LOCK_ASSERT(X)	mtx_assert(&X->cs_lock, MA_OWNED)
140

141
#define	CONN_SESSION(X)			((struct cfiscsi_session *)(X)->ic_prv0)
142
#define	PDU_SESSION(X)			CONN_SESSION((X)->ip_conn)
143

144
struct cfiscsi_priv {
145
	void		*request;
146
	uint32_t	 expdatasn;
147
	uint32_t	 r2tsn;
148
};
149
#define	PRIV(io)	\
150
    ((struct cfiscsi_priv *)&(io)->io_hdr.ctl_private[CTL_PRIV_FRONTEND])
151
#define	PRIV_REQUEST(io)		PRIV(io)->request
152
#define	PRIV_EXPDATASN(io)		PRIV(io)->expdatasn
153
#define	PRIV_R2TSN(io)			PRIV(io)->r2tsn
154

155
static int	cfiscsi_init(void);
156
static int	cfiscsi_shutdown(void);
157
static void	cfiscsi_online(void *arg);
158
static void	cfiscsi_offline(void *arg);
159
static int	cfiscsi_info(void *arg, struct sbuf *sb);
160
static int	cfiscsi_ioctl(struct cdev *dev,
161
		    u_long cmd, caddr_t addr, int flag, struct thread *td);
162
static void	cfiscsi_datamove(union ctl_io *io);
163
static void	cfiscsi_datamove_in(union ctl_io *io);
164
static void	cfiscsi_datamove_out(union ctl_io *io);
165
static void	cfiscsi_done(union ctl_io *io);
166
static bool	cfiscsi_pdu_update_cmdsn(const struct icl_pdu *request);
167
static void	cfiscsi_pdu_handle_nop_out(struct icl_pdu *request);
168
static void	cfiscsi_pdu_handle_scsi_command(struct icl_pdu *request);
169
static void	cfiscsi_pdu_handle_task_request(struct icl_pdu *request);
170
static void	cfiscsi_pdu_handle_data_out(struct icl_pdu *request);
171
static void	cfiscsi_pdu_handle_logout_request(struct icl_pdu *request);
172
static void	cfiscsi_session_terminate(struct cfiscsi_session *cs);
173
static struct cfiscsi_data_wait	*cfiscsi_data_wait_new(
174
		    struct cfiscsi_session *cs, union ctl_io *io,
175
		    uint32_t initiator_task_tag,
176
		    uint32_t *target_transfer_tagp);
177
static void	cfiscsi_data_wait_free(struct cfiscsi_session *cs,
178
		    struct cfiscsi_data_wait *cdw);
179
static struct cfiscsi_target	*cfiscsi_target_find(struct cfiscsi_softc
180
		    *softc, const char *name, uint16_t tag);
181
static struct cfiscsi_target	*cfiscsi_target_find_or_create(
182
    struct cfiscsi_softc *softc, const char *name, const char *alias,
183
    uint16_t tag);
184
static void	cfiscsi_target_release(struct cfiscsi_target *ct);
185
static void	cfiscsi_session_delete(struct cfiscsi_session *cs);
186

187
static struct cfiscsi_softc cfiscsi_softc;
188

189
static struct ctl_frontend cfiscsi_frontend =
190
{
191
	.name = "iscsi",
192
	.init = cfiscsi_init,
193
	.ioctl = cfiscsi_ioctl,
194
	.shutdown = cfiscsi_shutdown,
195
};
196
CTL_FRONTEND_DECLARE(cfiscsi, cfiscsi_frontend);
197
MODULE_DEPEND(cfiscsi, icl, 1, 1, 1);
198

199
static struct icl_pdu *
200
cfiscsi_pdu_new_response(struct icl_pdu *request, int flags)
201
{
202

203
	return (icl_pdu_new(request->ip_conn, flags));
204
}
205

206
static bool
207
cfiscsi_pdu_update_cmdsn(const struct icl_pdu *request)
208
{
209
	const struct iscsi_bhs_scsi_command *bhssc;
210
	struct cfiscsi_session *cs;
211
	uint32_t cmdsn, curcmdsn;
212

213
	cs = PDU_SESSION(request);
214

215
	/*
216
	 * Every incoming PDU - not just NOP-Out - resets the ping timer.
217
	 * The purpose of the timeout is to reset the connection when it stalls;
218
	 * we don't want this to happen when NOP-In or NOP-Out ends up delayed
219
	 * in some queue.
220
	 */
221
	cs->cs_timeout = 0;
222

223
	/*
224
	 * Immediate commands carry cmdsn, but it is neither incremented nor
225
	 * verified.
226
	 */
227
	if (request->ip_bhs->bhs_opcode & ISCSI_BHS_OPCODE_IMMEDIATE)
228
		return (false);
229

230
	/*
231
	 * Data-Out PDUs don't contain CmdSN.
232
	 */
233
	if (request->ip_bhs->bhs_opcode == ISCSI_BHS_OPCODE_SCSI_DATA_OUT)
234
		return (false);
235

236
	/*
237
	 * We're only using fields common for all the request
238
	 * (initiator -> target) PDUs.
239
	 */
240
	bhssc = (const struct iscsi_bhs_scsi_command *)request->ip_bhs;
241
	curcmdsn = cmdsn = ntohl(bhssc->bhssc_cmdsn);
242

243
	/*
244
	 * Increment session cmdsn and exit if we received the expected value.
245
	 */
246
	do {
247
		if (atomic_fcmpset_32(&cs->cs_cmdsn, &curcmdsn, cmdsn + 1))
248
			return (false);
249
	} while (curcmdsn == cmdsn);
250

251
	/*
252
	 * The target MUST silently ignore any non-immediate command outside
253
	 * of this range.
254
	 */
255
	if (ISCSI_SNLT(cmdsn, curcmdsn) ||
256
	    ISCSI_SNGT(cmdsn, curcmdsn - 1 + maxtags)) {
257
		CFISCSI_SESSION_WARN(cs, "received PDU with CmdSN %u, "
258
		    "while expected %u", cmdsn, curcmdsn);
259
		return (true);
260
	}
261

262
	/*
263
	 * We don't support multiple connections now, so any discontinuity in
264
	 * CmdSN means lost PDUs.  Since we don't support PDU retransmission --
265
	 * terminate the connection.
266
	 */
267
	CFISCSI_SESSION_WARN(cs, "received PDU with CmdSN %u, "
268
	    "while expected %u; dropping connection",
269
	    cmdsn, curcmdsn);
270
	cfiscsi_session_terminate(cs);
271
	return (true);
272
}
273

274
static void
275
cfiscsi_pdu_handle(struct icl_pdu *request)
276
{
277
	struct cfiscsi_session *cs;
278
	bool ignore;
279

280
	cs = PDU_SESSION(request);
281

282
	ignore = cfiscsi_pdu_update_cmdsn(request);
283
	if (ignore) {
284
		icl_pdu_free(request);
285
		return;
286
	}
287

288
	/*
289
	 * Handle the PDU; this includes e.g. receiving the remaining
290
	 * part of PDU and submitting the SCSI command to CTL
291
	 * or queueing a reply.  The handling routine is responsible
292
	 * for freeing the PDU when it's no longer needed.
293
	 */
294
	switch (request->ip_bhs->bhs_opcode &
295
	    ~ISCSI_BHS_OPCODE_IMMEDIATE) {
296
	case ISCSI_BHS_OPCODE_NOP_OUT:
297
		cfiscsi_pdu_handle_nop_out(request);
298
		break;
299
	case ISCSI_BHS_OPCODE_SCSI_COMMAND:
300
		cfiscsi_pdu_handle_scsi_command(request);
301
		break;
302
	case ISCSI_BHS_OPCODE_TASK_REQUEST:
303
		cfiscsi_pdu_handle_task_request(request);
304
		break;
305
	case ISCSI_BHS_OPCODE_SCSI_DATA_OUT:
306
		cfiscsi_pdu_handle_data_out(request);
307
		break;
308
	case ISCSI_BHS_OPCODE_LOGOUT_REQUEST:
309
		cfiscsi_pdu_handle_logout_request(request);
310
		break;
311
	default:
312
		CFISCSI_SESSION_WARN(cs, "received PDU with unsupported "
313
		    "opcode 0x%x; dropping connection",
314
		    request->ip_bhs->bhs_opcode);
315
		icl_pdu_free(request);
316
		cfiscsi_session_terminate(cs);
317
	}
318

319
}
320

321
static void
322
cfiscsi_receive_callback(struct icl_pdu *request)
323
{
324
#ifdef ICL_KERNEL_PROXY
325
	struct cfiscsi_session *cs;
326

327
	cs = PDU_SESSION(request);
328
	if (cs->cs_waiting_for_ctld || cs->cs_login_phase) {
329
		if (cs->cs_login_pdu == NULL)
330
			cs->cs_login_pdu = request;
331
		else
332
			icl_pdu_free(request);
333
		cv_signal(&cs->cs_login_cv);
334
		return;
335
	}
336
#endif
337

338
	cfiscsi_pdu_handle(request);
339
}
340

341
static void
342
cfiscsi_error_callback(struct icl_conn *ic)
343
{
344
	struct cfiscsi_session *cs;
345

346
	cs = CONN_SESSION(ic);
347

348
	CFISCSI_SESSION_WARN(cs, "connection error; dropping connection");
349
	cfiscsi_session_terminate(cs);
350
}
351

352
static int
353
cfiscsi_pdu_prepare(struct icl_pdu *response)
354
{
355
	struct cfiscsi_session *cs;
356
	struct iscsi_bhs_scsi_response *bhssr;
357
	bool advance_statsn = true;
358
	uint32_t cmdsn;
359

360
	cs = PDU_SESSION(response);
361

362
	CFISCSI_SESSION_LOCK_ASSERT(cs);
363

364
	/*
365
	 * We're only using fields common for all the response
366
	 * (target -> initiator) PDUs.
367
	 */
368
	bhssr = (struct iscsi_bhs_scsi_response *)response->ip_bhs;
369

370
	/*
371
	 * 10.8.3: "The StatSN for this connection is not advanced
372
	 * after this PDU is sent."
373
	 */
374
	if (bhssr->bhssr_opcode == ISCSI_BHS_OPCODE_R2T)
375
		advance_statsn = false;
376

377
	/*
378
	 * 10.19.2: "However, when the Initiator Task Tag is set to 0xffffffff,
379
	 * StatSN for the connection is not advanced after this PDU is sent."
380
	 */
381
	if (bhssr->bhssr_opcode == ISCSI_BHS_OPCODE_NOP_IN && 
382
	    bhssr->bhssr_initiator_task_tag == 0xffffffff)
383
		advance_statsn = false;
384

385
	/*
386
	 * See the comment below - StatSN is not meaningful and must
387
	 * not be advanced.
388
	 */
389
	if (bhssr->bhssr_opcode == ISCSI_BHS_OPCODE_SCSI_DATA_IN &&
390
	    (bhssr->bhssr_flags & BHSDI_FLAGS_S) == 0)
391
		advance_statsn = false;
392

393
	/*
394
	 * 10.7.3: "The fields StatSN, Status, and Residual Count
395
	 * only have meaningful content if the S bit is set to 1."
396
	 */
397
	if (bhssr->bhssr_opcode != ISCSI_BHS_OPCODE_SCSI_DATA_IN ||
398
	    (bhssr->bhssr_flags & BHSDI_FLAGS_S))
399
		bhssr->bhssr_statsn = htonl(cs->cs_statsn);
400
	cmdsn = cs->cs_cmdsn;
401
	bhssr->bhssr_expcmdsn = htonl(cmdsn);
402
	bhssr->bhssr_maxcmdsn = htonl(cmdsn - 1 +
403
	    imax(0, maxtags - cs->cs_outstanding_ctl_pdus));
404

405
	if (advance_statsn)
406
		cs->cs_statsn++;
407

408
	return (0);
409
}
410

411
static void
412
cfiscsi_pdu_queue(struct icl_pdu *response)
413
{
414
	struct cfiscsi_session *cs;
415

416
	cs = PDU_SESSION(response);
417

418
	CFISCSI_SESSION_LOCK(cs);
419
	cfiscsi_pdu_prepare(response);
420
	icl_pdu_queue(response);
421
	CFISCSI_SESSION_UNLOCK(cs);
422
}
423

424
 static void
425
cfiscsi_pdu_queue_cb(struct icl_pdu *response, icl_pdu_cb cb)
426
{
427
	struct cfiscsi_session *cs = PDU_SESSION(response);
428

429
	CFISCSI_SESSION_LOCK(cs);
430
	cfiscsi_pdu_prepare(response);
431
	icl_pdu_queue_cb(response, cb);
432
	CFISCSI_SESSION_UNLOCK(cs);
433
}
434

435
static void
436
cfiscsi_pdu_handle_nop_out(struct icl_pdu *request)
437
{
438
	struct cfiscsi_session *cs;
439
	struct iscsi_bhs_nop_out *bhsno;
440
	struct iscsi_bhs_nop_in *bhsni;
441
	struct icl_pdu *response;
442
	void *data = NULL;
443
	size_t datasize;
444
	int error;
445

446
	cs = PDU_SESSION(request);
447
	bhsno = (struct iscsi_bhs_nop_out *)request->ip_bhs;
448

449
	if (bhsno->bhsno_initiator_task_tag == 0xffffffff) {
450
		/*
451
		 * Nothing to do, iscsi_pdu_update_statsn() already
452
		 * zeroed the timeout.
453
		 */
454
		icl_pdu_free(request);
455
		return;
456
	}
457

458
	datasize = icl_pdu_data_segment_length(request);
459
	if (datasize > 0) {
460
		data = malloc(datasize, M_CFISCSI, M_NOWAIT | M_ZERO);
461
		if (data == NULL) {
462
			CFISCSI_SESSION_WARN(cs, "failed to allocate memory; "
463
			    "dropping connection");
464
			icl_pdu_free(request);
465
			cfiscsi_session_terminate(cs);
466
			return;
467
		}
468
		icl_pdu_get_data(request, 0, data, datasize);
469
	}
470

471
	response = cfiscsi_pdu_new_response(request, M_NOWAIT);
472
	if (response == NULL) {
473
		CFISCSI_SESSION_WARN(cs, "failed to allocate memory; "
474
		    "droppping connection");
475
		free(data, M_CFISCSI);
476
		icl_pdu_free(request);
477
		cfiscsi_session_terminate(cs);
478
		return;
479
	}
480
	bhsni = (struct iscsi_bhs_nop_in *)response->ip_bhs;
481
	bhsni->bhsni_opcode = ISCSI_BHS_OPCODE_NOP_IN;
482
	bhsni->bhsni_flags = 0x80;
483
	bhsni->bhsni_initiator_task_tag = bhsno->bhsno_initiator_task_tag;
484
	bhsni->bhsni_target_transfer_tag = 0xffffffff;
485
	if (datasize > 0) {
486
		error = icl_pdu_append_data(response, data, datasize, M_NOWAIT);
487
		if (error != 0) {
488
			CFISCSI_SESSION_WARN(cs, "failed to allocate memory; "
489
			    "dropping connection");
490
			free(data, M_CFISCSI);
491
			icl_pdu_free(request);
492
			icl_pdu_free(response);
493
			cfiscsi_session_terminate(cs);
494
			return;
495
		}
496
		free(data, M_CFISCSI);
497
	}
498

499
	icl_pdu_free(request);
500
	cfiscsi_pdu_queue(response);
501
}
502

503
static void
504
cfiscsi_pdu_handle_scsi_command(struct icl_pdu *request)
505
{
506
	struct iscsi_bhs_scsi_command *bhssc;
507
	struct cfiscsi_session *cs;
508
	union ctl_io *io;
509
	int error;
510

511
	cs = PDU_SESSION(request);
512
	bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs;
513
	//CFISCSI_SESSION_DEBUG(cs, "initiator task tag 0x%x",
514
	//    bhssc->bhssc_initiator_task_tag);
515

516
	if (request->ip_data_len > 0 && cs->cs_immediate_data == false) {
517
		CFISCSI_SESSION_WARN(cs, "unsolicited data with "
518
		    "ImmediateData=No; dropping connection");
519
		icl_pdu_free(request);
520
		cfiscsi_session_terminate(cs);
521
		return;
522
	}
523
	io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref);
524
	ctl_zero_io(io);
525
	PRIV_REQUEST(io) = request;
526
	io->io_hdr.io_type = CTL_IO_SCSI;
527
	io->io_hdr.nexus.initid = cs->cs_ctl_initid;
528
	io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port;
529
	io->io_hdr.nexus.targ_lun = ctl_decode_lun(be64toh(bhssc->bhssc_lun));
530
	io->scsiio.priority = (bhssc->bhssc_pri & BHSSC_PRI_MASK) >>
531
	    BHSSC_PRI_SHIFT;
532
	io->scsiio.tag_num = bhssc->bhssc_initiator_task_tag;
533
	switch ((bhssc->bhssc_flags & BHSSC_FLAGS_ATTR)) {
534
	case BHSSC_FLAGS_ATTR_UNTAGGED:
535
		io->scsiio.tag_type = CTL_TAG_UNTAGGED;
536
		break;
537
	case BHSSC_FLAGS_ATTR_SIMPLE:
538
		io->scsiio.tag_type = CTL_TAG_SIMPLE;
539
		break;
540
	case BHSSC_FLAGS_ATTR_ORDERED:
541
        	io->scsiio.tag_type = CTL_TAG_ORDERED;
542
		break;
543
	case BHSSC_FLAGS_ATTR_HOQ:
544
        	io->scsiio.tag_type = CTL_TAG_HEAD_OF_QUEUE;
545
		break;
546
	case BHSSC_FLAGS_ATTR_ACA:
547
		io->scsiio.tag_type = CTL_TAG_ACA;
548
		break;
549
	default:
550
		io->scsiio.tag_type = CTL_TAG_UNTAGGED;
551
		CFISCSI_SESSION_WARN(cs, "unhandled tag type %d",
552
		    bhssc->bhssc_flags & BHSSC_FLAGS_ATTR);
553
		break;
554
	}
555
	io->scsiio.cdb_len = sizeof(bhssc->bhssc_cdb); /* Which is 16. */
556
	memcpy(io->scsiio.cdb, bhssc->bhssc_cdb, sizeof(bhssc->bhssc_cdb));
557
	refcount_acquire(&cs->cs_outstanding_ctl_pdus);
558
	error = ctl_run(io);
559
	if (error != CTL_RETVAL_COMPLETE) {
560
		CFISCSI_SESSION_WARN(cs, "ctl_run() failed; error %d; "
561
		    "dropping connection", error);
562
		ctl_free_io(io);
563
		refcount_release(&cs->cs_outstanding_ctl_pdus);
564
		icl_pdu_free(request);
565
		cfiscsi_session_terminate(cs);
566
	}
567
}
568

569
static void
570
cfiscsi_pdu_handle_task_request(struct icl_pdu *request)
571
{
572
	struct iscsi_bhs_task_management_request *bhstmr;
573
	struct iscsi_bhs_task_management_response *bhstmr2;
574
	struct icl_pdu *response;
575
	struct cfiscsi_session *cs;
576
	union ctl_io *io;
577
	int error;
578

579
	cs = PDU_SESSION(request);
580
	bhstmr = (struct iscsi_bhs_task_management_request *)request->ip_bhs;
581
	io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref);
582
	ctl_zero_io(io);
583
	PRIV_REQUEST(io) = request;
584
	io->io_hdr.io_type = CTL_IO_TASK;
585
	io->io_hdr.nexus.initid = cs->cs_ctl_initid;
586
	io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port;
587
	io->io_hdr.nexus.targ_lun = ctl_decode_lun(be64toh(bhstmr->bhstmr_lun));
588
	io->taskio.tag_type = CTL_TAG_SIMPLE; /* XXX */
589

590
	switch (bhstmr->bhstmr_function & ~0x80) {
591
	case BHSTMR_FUNCTION_ABORT_TASK:
592
#if 0
593
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_ABORT_TASK");
594
#endif
595
		io->taskio.task_action = CTL_TASK_ABORT_TASK;
596
		io->taskio.tag_num = bhstmr->bhstmr_referenced_task_tag;
597
		break;
598
	case BHSTMR_FUNCTION_ABORT_TASK_SET:
599
#if 0
600
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_ABORT_TASK_SET");
601
#endif
602
		io->taskio.task_action = CTL_TASK_ABORT_TASK_SET;
603
		break;
604
	case BHSTMR_FUNCTION_CLEAR_TASK_SET:
605
#if 0
606
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_CLEAR_TASK_SET");
607
#endif
608
		io->taskio.task_action = CTL_TASK_CLEAR_TASK_SET;
609
		break;
610
	case BHSTMR_FUNCTION_LOGICAL_UNIT_RESET:
611
#if 0
612
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_LOGICAL_UNIT_RESET");
613
#endif
614
		io->taskio.task_action = CTL_TASK_LUN_RESET;
615
		break;
616
	case BHSTMR_FUNCTION_TARGET_WARM_RESET:
617
#if 0
618
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_TARGET_WARM_RESET");
619
#endif
620
		io->taskio.task_action = CTL_TASK_TARGET_RESET;
621
		break;
622
	case BHSTMR_FUNCTION_TARGET_COLD_RESET:
623
#if 0
624
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_TARGET_COLD_RESET");
625
#endif
626
		io->taskio.task_action = CTL_TASK_TARGET_RESET;
627
		break;
628
	case BHSTMR_FUNCTION_QUERY_TASK:
629
#if 0
630
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_QUERY_TASK");
631
#endif
632
		io->taskio.task_action = CTL_TASK_QUERY_TASK;
633
		io->taskio.tag_num = bhstmr->bhstmr_referenced_task_tag;
634
		break;
635
	case BHSTMR_FUNCTION_QUERY_TASK_SET:
636
#if 0
637
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_QUERY_TASK_SET");
638
#endif
639
		io->taskio.task_action = CTL_TASK_QUERY_TASK_SET;
640
		break;
641
	case BHSTMR_FUNCTION_I_T_NEXUS_RESET:
642
#if 0
643
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_I_T_NEXUS_RESET");
644
#endif
645
		io->taskio.task_action = CTL_TASK_I_T_NEXUS_RESET;
646
		break;
647
	case BHSTMR_FUNCTION_QUERY_ASYNC_EVENT:
648
#if 0
649
		CFISCSI_SESSION_DEBUG(cs, "BHSTMR_FUNCTION_QUERY_ASYNC_EVENT");
650
#endif
651
		io->taskio.task_action = CTL_TASK_QUERY_ASYNC_EVENT;
652
		break;
653
	default:
654
		CFISCSI_SESSION_DEBUG(cs, "unsupported function 0x%x",
655
		    bhstmr->bhstmr_function & ~0x80);
656
		ctl_free_io(io);
657

658
		response = cfiscsi_pdu_new_response(request, M_NOWAIT);
659
		if (response == NULL) {
660
			CFISCSI_SESSION_WARN(cs, "failed to allocate memory; "
661
			    "dropping connection");
662
			icl_pdu_free(request);
663
			cfiscsi_session_terminate(cs);
664
			return;
665
		}
666
		bhstmr2 = (struct iscsi_bhs_task_management_response *)
667
		    response->ip_bhs;
668
		bhstmr2->bhstmr_opcode = ISCSI_BHS_OPCODE_TASK_RESPONSE;
669
		bhstmr2->bhstmr_flags = 0x80;
670
		bhstmr2->bhstmr_response =
671
		    BHSTMR_RESPONSE_FUNCTION_NOT_SUPPORTED;
672
		bhstmr2->bhstmr_initiator_task_tag =
673
		    bhstmr->bhstmr_initiator_task_tag;
674
		icl_pdu_free(request);
675
		cfiscsi_pdu_queue(response);
676
		return;
677
	}
678

679
	refcount_acquire(&cs->cs_outstanding_ctl_pdus);
680
	error = ctl_run(io);
681
	if (error != CTL_RETVAL_COMPLETE) {
682
		CFISCSI_SESSION_WARN(cs, "ctl_run() failed; error %d; "
683
		    "dropping connection", error);
684
		ctl_free_io(io);
685
		refcount_release(&cs->cs_outstanding_ctl_pdus);
686
		icl_pdu_free(request);
687
		cfiscsi_session_terminate(cs);
688
	}
689
}
690

691
static bool
692
cfiscsi_handle_data_segment(struct icl_pdu *request, struct cfiscsi_data_wait *cdw)
693
{
694
	struct iscsi_bhs_data_out *bhsdo;
695
	struct cfiscsi_session *cs;
696
	struct ctl_sg_entry ctl_sg_entry, *ctl_sglist;
697
	size_t copy_len, len, off, buffer_offset;
698
	int ctl_sg_count;
699
	union ctl_io *io;
700

701
	cs = PDU_SESSION(request);
702

703
	KASSERT((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
704
	    ISCSI_BHS_OPCODE_SCSI_DATA_OUT ||
705
	    (request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
706
	    ISCSI_BHS_OPCODE_SCSI_COMMAND,
707
	    ("bad opcode 0x%x", request->ip_bhs->bhs_opcode));
708

709
	/*
710
	 * We're only using fields common for Data-Out and SCSI Command PDUs.
711
	 */
712
	bhsdo = (struct iscsi_bhs_data_out *)request->ip_bhs;
713

714
	io = cdw->cdw_ctl_io;
715
	KASSERT((io->io_hdr.flags & CTL_FLAG_DATA_MASK) != CTL_FLAG_DATA_IN,
716
	    ("CTL_FLAG_DATA_IN"));
717

718
#if 0
719
	CFISCSI_SESSION_DEBUG(cs, "received %zd bytes out of %d",
720
	    request->ip_data_len, io->scsiio.kern_total_len);
721
#endif
722

723
	if (io->scsiio.kern_sg_entries > 0) {
724
		ctl_sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
725
		ctl_sg_count = io->scsiio.kern_sg_entries;
726
	} else {
727
		ctl_sglist = &ctl_sg_entry;
728
		ctl_sglist->addr = io->scsiio.kern_data_ptr;
729
		ctl_sglist->len = io->scsiio.kern_data_len;
730
		ctl_sg_count = 1;
731
	}
732

733
	if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
734
	    ISCSI_BHS_OPCODE_SCSI_DATA_OUT)
735
		buffer_offset = ntohl(bhsdo->bhsdo_buffer_offset);
736
	else
737
		buffer_offset = 0;
738
	len = icl_pdu_data_segment_length(request);
739

740
	/*
741
	 * Make sure the offset, as sent by the initiator, matches the offset
742
	 * we're supposed to be at in the scatter-gather list.
743
	 */
744
	if (buffer_offset >
745
	    io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled ||
746
	    buffer_offset + len <=
747
	    io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled) {
748
		CFISCSI_SESSION_WARN(cs, "received bad buffer offset %zd, "
749
		    "expected %zd; dropping connection", buffer_offset,
750
		    (size_t)io->scsiio.kern_rel_offset +
751
		    (size_t)io->scsiio.ext_data_filled);
752
		ctl_set_data_phase_error(&io->scsiio);
753
		cfiscsi_session_terminate(cs);
754
		return (true);
755
	}
756

757
	/*
758
	 * This is the offset within the PDU data segment, as opposed
759
	 * to buffer_offset, which is the offset within the task (SCSI
760
	 * command).
761
	 */
762
	off = io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled -
763
	    buffer_offset;
764

765
	/*
766
	 * Iterate over the scatter/gather segments, filling them with data
767
	 * from the PDU data segment.  Note that this can get called multiple
768
	 * times for one SCSI command; the cdw structure holds state for the
769
	 * scatter/gather list.
770
	 */
771
	for (;;) {
772
		KASSERT(cdw->cdw_sg_index < ctl_sg_count,
773
		    ("cdw->cdw_sg_index >= ctl_sg_count"));
774
		if (cdw->cdw_sg_len == 0) {
775
			cdw->cdw_sg_addr = ctl_sglist[cdw->cdw_sg_index].addr;
776
			cdw->cdw_sg_len = ctl_sglist[cdw->cdw_sg_index].len;
777
		}
778
		KASSERT(off <= len, ("len > off"));
779
		copy_len = len - off;
780
		if (copy_len > cdw->cdw_sg_len)
781
			copy_len = cdw->cdw_sg_len;
782

783
		icl_pdu_get_data(request, off, cdw->cdw_sg_addr, copy_len);
784
		cdw->cdw_sg_addr += copy_len;
785
		cdw->cdw_sg_len -= copy_len;
786
		off += copy_len;
787
		io->scsiio.ext_data_filled += copy_len;
788
		io->scsiio.kern_data_resid -= copy_len;
789

790
		if (cdw->cdw_sg_len == 0) {
791
			/*
792
			 * End of current segment.
793
			 */
794
			if (cdw->cdw_sg_index == ctl_sg_count - 1) {
795
				/*
796
				 * Last segment in scatter/gather list.
797
				 */
798
				break;
799
			}
800
			cdw->cdw_sg_index++;
801
		}
802

803
		if (off == len) {
804
			/*
805
			 * End of PDU payload.
806
			 */
807
			break;
808
		}
809
	}
810

811
	if (len > off) {
812
		/*
813
		 * In case of unsolicited data, it's possible that the buffer
814
		 * provided by CTL is smaller than negotiated FirstBurstLength.
815
		 * Just ignore the superfluous data; will ask for them with R2T
816
		 * on next call to cfiscsi_datamove().
817
		 *
818
		 * This obviously can only happen with SCSI Command PDU. 
819
		 */
820
		if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
821
		    ISCSI_BHS_OPCODE_SCSI_COMMAND)
822
			return (true);
823

824
		CFISCSI_SESSION_WARN(cs, "received too much data: got %zd bytes, "
825
		    "expected %zd; dropping connection",
826
		    icl_pdu_data_segment_length(request), off);
827
		ctl_set_data_phase_error(&io->scsiio);
828
		cfiscsi_session_terminate(cs);
829
		return (true);
830
	}
831

832
	if (io->scsiio.ext_data_filled == cdw->cdw_r2t_end &&
833
	    (bhsdo->bhsdo_flags & BHSDO_FLAGS_F) == 0) {
834
		CFISCSI_SESSION_WARN(cs, "got the final packet without "
835
		    "the F flag; flags = 0x%x; dropping connection",
836
		    bhsdo->bhsdo_flags);
837
		ctl_set_data_phase_error(&io->scsiio);
838
		cfiscsi_session_terminate(cs);
839
		return (true);
840
	}
841

842
	if (io->scsiio.ext_data_filled != cdw->cdw_r2t_end &&
843
	    (bhsdo->bhsdo_flags & BHSDO_FLAGS_F) != 0) {
844
		if ((request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
845
		    ISCSI_BHS_OPCODE_SCSI_DATA_OUT) {
846
			CFISCSI_SESSION_WARN(cs, "got the final packet, but the "
847
			    "transmitted size was %zd bytes instead of %d; "
848
			    "dropping connection",
849
			    (size_t)io->scsiio.ext_data_filled,
850
			    cdw->cdw_r2t_end);
851
			ctl_set_data_phase_error(&io->scsiio);
852
			cfiscsi_session_terminate(cs);
853
			return (true);
854
		} else {
855
			/*
856
			 * For SCSI Command PDU, this just means we need to
857
			 * solicit more data by sending R2T.
858
			 */
859
			return (false);
860
		}
861
	}
862

863
	if (io->scsiio.ext_data_filled == cdw->cdw_r2t_end) {
864
#if 0
865
		CFISCSI_SESSION_DEBUG(cs, "no longer expecting Data-Out with target "
866
		    "transfer tag 0x%x", cdw->cdw_target_transfer_tag);
867
#endif
868

869
		return (true);
870
	}
871

872
	return (false);
873
}
874

875
static void
876
cfiscsi_pdu_handle_data_out(struct icl_pdu *request)
877
{
878
	struct iscsi_bhs_data_out *bhsdo;
879
	struct cfiscsi_session *cs;
880
	struct cfiscsi_data_wait *cdw = NULL;
881
	union ctl_io *io;
882
	bool done;
883

884
	cs = PDU_SESSION(request);
885
	bhsdo = (struct iscsi_bhs_data_out *)request->ip_bhs;
886

887
	CFISCSI_SESSION_LOCK(cs);
888
	TAILQ_FOREACH(cdw, &cs->cs_waiting_for_data_out, cdw_next) {
889
#if 0
890
		CFISCSI_SESSION_DEBUG(cs, "have ttt 0x%x, itt 0x%x; looking for "
891
		    "ttt 0x%x, itt 0x%x",
892
		    bhsdo->bhsdo_target_transfer_tag,
893
		    bhsdo->bhsdo_initiator_task_tag,
894
		    cdw->cdw_target_transfer_tag, cdw->cdw_initiator_task_tag));
895
#endif
896
		if (bhsdo->bhsdo_target_transfer_tag ==
897
		    cdw->cdw_target_transfer_tag)
898
			break;
899
	}
900
	CFISCSI_SESSION_UNLOCK(cs);
901
	if (cdw == NULL) {
902
		CFISCSI_SESSION_WARN(cs, "data transfer tag 0x%x, initiator task tag "
903
		    "0x%x, not found; dropping connection",
904
		    bhsdo->bhsdo_target_transfer_tag, bhsdo->bhsdo_initiator_task_tag);
905
		icl_pdu_free(request);
906
		cfiscsi_session_terminate(cs);
907
		return;
908
	}
909

910
	if (cdw->cdw_datasn != ntohl(bhsdo->bhsdo_datasn)) {
911
		CFISCSI_SESSION_WARN(cs, "received Data-Out PDU with "
912
		    "DataSN %u, while expected %u; dropping connection",
913
		    ntohl(bhsdo->bhsdo_datasn), cdw->cdw_datasn);
914
		icl_pdu_free(request);
915
		cfiscsi_session_terminate(cs);
916
		return;
917
	}
918
	cdw->cdw_datasn += request->ip_additional_pdus + 1;
919

920
	io = cdw->cdw_ctl_io;
921
	KASSERT((io->io_hdr.flags & CTL_FLAG_DATA_MASK) != CTL_FLAG_DATA_IN,
922
	    ("CTL_FLAG_DATA_IN"));
923

924
	done = cfiscsi_handle_data_segment(request, cdw);
925
	if (done) {
926
		CFISCSI_SESSION_LOCK(cs);
927
		TAILQ_REMOVE(&cs->cs_waiting_for_data_out, cdw, cdw_next);
928
		CFISCSI_SESSION_UNLOCK(cs);
929
		done = (io->scsiio.ext_data_filled != cdw->cdw_r2t_end ||
930
		    io->scsiio.ext_data_filled == io->scsiio.kern_data_len);
931
		cfiscsi_data_wait_free(cs, cdw);
932
		io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
933
		if (done)
934
			ctl_datamove_done(io, false);
935
		else
936
			cfiscsi_datamove_out(io);
937
	}
938

939
	icl_pdu_free(request);
940
}
941

942
static void
943
cfiscsi_pdu_handle_logout_request(struct icl_pdu *request)
944
{
945
	struct iscsi_bhs_logout_request *bhslr;
946
	struct iscsi_bhs_logout_response *bhslr2;
947
	struct icl_pdu *response;
948
	struct cfiscsi_session *cs;
949

950
	cs = PDU_SESSION(request);
951
	bhslr = (struct iscsi_bhs_logout_request *)request->ip_bhs;
952
	switch (bhslr->bhslr_reason & 0x7f) {
953
	case BHSLR_REASON_CLOSE_SESSION:
954
	case BHSLR_REASON_CLOSE_CONNECTION:
955
		response = cfiscsi_pdu_new_response(request, M_NOWAIT);
956
		if (response == NULL) {
957
			CFISCSI_SESSION_DEBUG(cs, "failed to allocate memory");
958
			icl_pdu_free(request);
959
			cfiscsi_session_terminate(cs);
960
			return;
961
		}
962
		bhslr2 = (struct iscsi_bhs_logout_response *)response->ip_bhs;
963
		bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
964
		bhslr2->bhslr_flags = 0x80;
965
		bhslr2->bhslr_response = BHSLR_RESPONSE_CLOSED_SUCCESSFULLY;
966
		bhslr2->bhslr_initiator_task_tag =
967
		    bhslr->bhslr_initiator_task_tag;
968
		icl_pdu_free(request);
969
		cfiscsi_pdu_queue(response);
970
		cfiscsi_session_terminate(cs);
971
		break;
972
	case BHSLR_REASON_REMOVE_FOR_RECOVERY:
973
		response = cfiscsi_pdu_new_response(request, M_NOWAIT);
974
		if (response == NULL) {
975
			CFISCSI_SESSION_WARN(cs,
976
			    "failed to allocate memory; dropping connection");
977
			icl_pdu_free(request);
978
			cfiscsi_session_terminate(cs);
979
			return;
980
		}
981
		bhslr2 = (struct iscsi_bhs_logout_response *)response->ip_bhs;
982
		bhslr2->bhslr_opcode = ISCSI_BHS_OPCODE_LOGOUT_RESPONSE;
983
		bhslr2->bhslr_flags = 0x80;
984
		bhslr2->bhslr_response = BHSLR_RESPONSE_RECOVERY_NOT_SUPPORTED;
985
		bhslr2->bhslr_initiator_task_tag =
986
		    bhslr->bhslr_initiator_task_tag;
987
		icl_pdu_free(request);
988
		cfiscsi_pdu_queue(response);
989
		break;
990
	default:
991
		CFISCSI_SESSION_WARN(cs, "invalid reason 0%x; dropping connection",
992
		    bhslr->bhslr_reason);
993
		icl_pdu_free(request);
994
		cfiscsi_session_terminate(cs);
995
		break;
996
	}
997
}
998

999
static void
1000
cfiscsi_callout(void *context)
1001
{
1002
	struct icl_pdu *cp;
1003
	struct iscsi_bhs_nop_in *bhsni;
1004
	struct cfiscsi_session *cs;
1005

1006
	cs = context;
1007

1008
	if (cs->cs_terminating) 
1009
		return;
1010

1011
	callout_schedule(&cs->cs_callout, 1 * hz);
1012

1013
	atomic_add_int(&cs->cs_timeout, 1);
1014

1015
#ifdef ICL_KERNEL_PROXY
1016
	if (cs->cs_waiting_for_ctld || cs->cs_login_phase) {
1017
		if (login_timeout > 0 && cs->cs_timeout > login_timeout) {
1018
			CFISCSI_SESSION_WARN(cs, "login timed out after "
1019
			    "%d seconds; dropping connection", cs->cs_timeout);
1020
			cfiscsi_session_terminate(cs);
1021
		}
1022
		return;
1023
	}
1024
#endif
1025

1026
	if (ping_timeout <= 0) {
1027
		/*
1028
		 * Pings are disabled.  Don't send NOP-In in this case;
1029
		 * user might have disabled pings to work around problems
1030
		 * with certain initiators that can't properly handle
1031
		 * NOP-In, such as iPXE.  Reset the timeout, to avoid
1032
		 * triggering reconnection, should the user decide to
1033
		 * reenable them.
1034
		 */
1035
		cs->cs_timeout = 0;
1036
		return;
1037
	}
1038

1039
	if (cs->cs_timeout >= ping_timeout) {
1040
		CFISCSI_SESSION_WARN(cs, "no ping reply (NOP-Out) after %d seconds; "
1041
		    "dropping connection",  ping_timeout);
1042
		cfiscsi_session_terminate(cs);
1043
		return;
1044
	}
1045

1046
	/*
1047
	 * If the ping was reset less than one second ago - which means
1048
	 * that we've received some PDU during the last second - assume
1049
	 * the traffic flows correctly and don't bother sending a NOP-Out.
1050
	 *
1051
	 * (It's 2 - one for one second, and one for incrementing is_timeout
1052
	 * earlier in this routine.)
1053
	 */
1054
	if (cs->cs_timeout < 2)
1055
		return;
1056

1057
	cp = icl_pdu_new(cs->cs_conn, M_NOWAIT);
1058
	if (cp == NULL) {
1059
		CFISCSI_SESSION_WARN(cs, "failed to allocate memory");
1060
		return;
1061
	}
1062
	bhsni = (struct iscsi_bhs_nop_in *)cp->ip_bhs;
1063
	bhsni->bhsni_opcode = ISCSI_BHS_OPCODE_NOP_IN;
1064
	bhsni->bhsni_flags = 0x80;
1065
	bhsni->bhsni_initiator_task_tag = 0xffffffff;
1066

1067
	cfiscsi_pdu_queue(cp);
1068
}
1069

1070
static struct cfiscsi_data_wait *
1071
cfiscsi_data_wait_new(struct cfiscsi_session *cs, union ctl_io *io,
1072
    uint32_t initiator_task_tag, uint32_t *target_transfer_tagp)
1073
{
1074
	struct cfiscsi_data_wait *cdw;
1075
	int error;
1076

1077
	cdw = uma_zalloc(cfiscsi_data_wait_zone, M_NOWAIT | M_ZERO);
1078
	if (cdw == NULL) {
1079
		CFISCSI_SESSION_WARN(cs,
1080
		    "failed to allocate %zd bytes", sizeof(*cdw));
1081
		return (NULL);
1082
	}
1083

1084
	error = icl_conn_transfer_setup(cs->cs_conn, PRIV_REQUEST(io), io,
1085
	    target_transfer_tagp, &cdw->cdw_icl_prv);
1086
	if (error != 0) {
1087
		CFISCSI_SESSION_WARN(cs,
1088
		    "icl_conn_transfer_setup() failed with error %d", error);
1089
		uma_zfree(cfiscsi_data_wait_zone, cdw);
1090
		return (NULL);
1091
	}
1092

1093
	cdw->cdw_ctl_io = io;
1094
	cdw->cdw_target_transfer_tag = *target_transfer_tagp;
1095
	cdw->cdw_initiator_task_tag = initiator_task_tag;
1096

1097
	return (cdw);
1098
}
1099

1100
static void
1101
cfiscsi_data_wait_free(struct cfiscsi_session *cs,
1102
    struct cfiscsi_data_wait *cdw)
1103
{
1104

1105
	icl_conn_transfer_done(cs->cs_conn, cdw->cdw_icl_prv);
1106
	uma_zfree(cfiscsi_data_wait_zone, cdw);
1107
}
1108

1109
static void
1110
cfiscsi_data_wait_abort(struct cfiscsi_session *cs,
1111
    struct cfiscsi_data_wait *cdw, int status)
1112
{
1113
	union ctl_io *cdw_io;
1114

1115
	/*
1116
	 * Set nonzero port status; this prevents backends from
1117
	 * assuming that the data transfer actually succeeded
1118
	 * and writing uninitialized data to disk.
1119
	 */
1120
	MPASS(status != 0);
1121
	cdw_io = cdw->cdw_ctl_io;
1122
	cdw_io->io_hdr.flags &= ~CTL_FLAG_DMA_INPROG;
1123
	cdw_io->scsiio.io_hdr.port_status = status;
1124
	cfiscsi_data_wait_free(cs, cdw);
1125
	ctl_datamove_done(cdw_io, false);
1126
}
1127

1128
static void
1129
cfiscsi_session_terminate_tasks(struct cfiscsi_session *cs)
1130
{
1131
	struct cfiscsi_data_wait *cdw;
1132
	struct icl_pdu *ip;
1133
	union ctl_io *io;
1134
	int error, last, wait;
1135

1136
	if (cs->cs_target == NULL)
1137
		return;		/* No target yet, so nothing to do. */
1138
	ip = icl_pdu_new(cs->cs_conn, M_WAITOK);
1139
	ip->ip_bhs->bhs_opcode = ISCSI_BHS_OPCODE_INTERNAL;
1140
	io = ctl_alloc_io(cs->cs_target->ct_port.ctl_pool_ref);
1141
	ctl_zero_io(io);
1142
	PRIV_REQUEST(io) = ip;
1143
	io->io_hdr.io_type = CTL_IO_TASK;
1144
	io->io_hdr.nexus.initid = cs->cs_ctl_initid;
1145
	io->io_hdr.nexus.targ_port = cs->cs_target->ct_port.targ_port;
1146
	io->io_hdr.nexus.targ_lun = 0;
1147
	io->taskio.tag_type = CTL_TAG_SIMPLE; /* XXX */
1148
	io->taskio.task_action = CTL_TASK_I_T_NEXUS_RESET;
1149
	wait = cs->cs_outstanding_ctl_pdus;
1150
	refcount_acquire(&cs->cs_outstanding_ctl_pdus);
1151
	error = ctl_run(io);
1152
	if (error != CTL_RETVAL_COMPLETE) {
1153
		CFISCSI_SESSION_WARN(cs, "ctl_run() failed; error %d", error);
1154
		refcount_release(&cs->cs_outstanding_ctl_pdus);
1155
		ctl_free_io(io);
1156
		icl_pdu_free(ip);
1157
	}
1158

1159
	CFISCSI_SESSION_LOCK(cs);
1160
	cs->cs_terminating_tasks = true;
1161
	while ((cdw = TAILQ_FIRST(&cs->cs_waiting_for_data_out)) != NULL) {
1162
		TAILQ_REMOVE(&cs->cs_waiting_for_data_out, cdw, cdw_next);
1163
		CFISCSI_SESSION_UNLOCK(cs);
1164
		cfiscsi_data_wait_abort(cs, cdw, 42);
1165
		CFISCSI_SESSION_LOCK(cs);
1166
	}
1167
	CFISCSI_SESSION_UNLOCK(cs);
1168

1169
	/*
1170
	 * Wait for CTL to terminate all the tasks.
1171
	 */
1172
	if (wait > 0)
1173
		CFISCSI_SESSION_WARN(cs,
1174
		    "waiting for CTL to terminate %d tasks", wait);
1175
	for (;;) {
1176
		refcount_acquire(&cs->cs_outstanding_ctl_pdus);
1177
		last = refcount_release(&cs->cs_outstanding_ctl_pdus);
1178
		if (last != 0)
1179
			break;
1180
		tsleep(__DEVOLATILE(void *, &cs->cs_outstanding_ctl_pdus),
1181
		    0, "cfiscsi_terminate", hz / 100);
1182
	}
1183
	if (wait > 0)
1184
		CFISCSI_SESSION_WARN(cs, "tasks terminated");
1185
}
1186

1187
static void
1188
cfiscsi_maintenance_thread(void *arg)
1189
{
1190
	struct cfiscsi_session *cs;
1191

1192
	cs = arg;
1193

1194
	for (;;) {
1195
		CFISCSI_SESSION_LOCK(cs);
1196
		if (cs->cs_terminating == false || cs->cs_handoff_in_progress)
1197
			cv_wait(&cs->cs_maintenance_cv, &cs->cs_lock);
1198
		CFISCSI_SESSION_UNLOCK(cs);
1199

1200
		if (cs->cs_terminating && cs->cs_handoff_in_progress == false) {
1201
			/*
1202
			 * We used to wait up to 30 seconds to deliver queued
1203
			 * PDUs to the initiator.  We also tried hard to deliver
1204
			 * SCSI Responses for the aborted PDUs.  We don't do
1205
			 * that anymore.  We might need to revisit that.
1206
			 */
1207
			callout_drain(&cs->cs_callout);
1208
			icl_conn_close(cs->cs_conn);
1209

1210
			/*
1211
			 * At this point ICL receive thread is no longer
1212
			 * running; no new tasks can be queued.
1213
			 */
1214
			cfiscsi_session_terminate_tasks(cs);
1215
			cfiscsi_session_delete(cs);
1216
			kthread_exit();
1217
			return;
1218
		}
1219
		CFISCSI_SESSION_DEBUG(cs, "nothing to do");
1220
	}
1221
}
1222

1223
static void
1224
cfiscsi_session_terminate(struct cfiscsi_session *cs)
1225
{
1226

1227
	cs->cs_terminating = true;
1228
	cv_signal(&cs->cs_maintenance_cv);
1229
#ifdef ICL_KERNEL_PROXY
1230
	cv_signal(&cs->cs_login_cv);
1231
#endif
1232
}
1233

1234
static int
1235
cfiscsi_session_register_initiator(struct cfiscsi_session *cs)
1236
{
1237
	struct cfiscsi_target *ct;
1238
	char *name;
1239
	int i;
1240

1241
	KASSERT(cs->cs_ctl_initid == -1, ("already registered"));
1242

1243
	ct = cs->cs_target;
1244
	name = strdup(cs->cs_initiator_id, M_CTL);
1245
	i = ctl_add_initiator(&ct->ct_port, -1, 0, name);
1246
	if (i < 0) {
1247
		CFISCSI_SESSION_WARN(cs, "ctl_add_initiator failed with error %d",
1248
		    i);
1249
		cs->cs_ctl_initid = -1;
1250
		return (1);
1251
	}
1252
	cs->cs_ctl_initid = i;
1253
#if 0
1254
	CFISCSI_SESSION_DEBUG(cs, "added initiator id %d", i);
1255
#endif
1256

1257
	return (0);
1258
}
1259

1260
static void
1261
cfiscsi_session_unregister_initiator(struct cfiscsi_session *cs)
1262
{
1263
	int error;
1264

1265
	if (cs->cs_ctl_initid == -1)
1266
		return;
1267

1268
	error = ctl_remove_initiator(&cs->cs_target->ct_port, cs->cs_ctl_initid);
1269
	if (error != 0) {
1270
		CFISCSI_SESSION_WARN(cs, "ctl_remove_initiator failed with error %d",
1271
		    error);
1272
	}
1273
	cs->cs_ctl_initid = -1;
1274
}
1275

1276
static struct cfiscsi_session *
1277
cfiscsi_session_new(struct cfiscsi_softc *softc, const char *offload)
1278
{
1279
	struct cfiscsi_session *cs;
1280
	int error;
1281

1282
	cs = malloc(sizeof(*cs), M_CFISCSI, M_NOWAIT | M_ZERO);
1283
	if (cs == NULL) {
1284
		CFISCSI_WARN("malloc failed");
1285
		return (NULL);
1286
	}
1287
	cs->cs_ctl_initid = -1;
1288

1289
	refcount_init(&cs->cs_outstanding_ctl_pdus, 0);
1290
	TAILQ_INIT(&cs->cs_waiting_for_data_out);
1291
	mtx_init(&cs->cs_lock, "cfiscsi_lock", NULL, MTX_DEF);
1292
	cv_init(&cs->cs_maintenance_cv, "cfiscsi_mt");
1293
#ifdef ICL_KERNEL_PROXY
1294
	cv_init(&cs->cs_login_cv, "cfiscsi_login");
1295
#endif
1296

1297
	/*
1298
	 * The purpose of this is to avoid racing with session shutdown.
1299
	 * Otherwise we could have the maintenance thread call icl_conn_close()
1300
	 * before we call icl_conn_handoff().
1301
	 */
1302
	cs->cs_handoff_in_progress = true;
1303

1304
	cs->cs_conn = icl_new_conn(offload, false, "cfiscsi", &cs->cs_lock);
1305
	if (cs->cs_conn == NULL) {
1306
		free(cs, M_CFISCSI);
1307
		return (NULL);
1308
	}
1309
	cs->cs_conn->ic_receive = cfiscsi_receive_callback;
1310
	cs->cs_conn->ic_error = cfiscsi_error_callback;
1311
	cs->cs_conn->ic_prv0 = cs;
1312

1313
	error = kthread_add(cfiscsi_maintenance_thread, cs, NULL, NULL, 0, 0, "cfiscsimt");
1314
	if (error != 0) {
1315
		CFISCSI_SESSION_WARN(cs, "kthread_add(9) failed with error %d", error);
1316
		free(cs, M_CFISCSI);
1317
		return (NULL);
1318
	}
1319

1320
	mtx_lock(&softc->lock);
1321
	cs->cs_id = ++softc->last_session_id;
1322
	TAILQ_INSERT_TAIL(&softc->sessions, cs, cs_next);
1323
	mtx_unlock(&softc->lock);
1324

1325
	/*
1326
	 * Start pinging the initiator.
1327
	 */
1328
	callout_init(&cs->cs_callout, 1);
1329
	callout_reset(&cs->cs_callout, 1 * hz, cfiscsi_callout, cs);
1330

1331
	return (cs);
1332
}
1333

1334
static void
1335
cfiscsi_session_delete(struct cfiscsi_session *cs)
1336
{
1337
	struct cfiscsi_softc *softc;
1338

1339
	softc = &cfiscsi_softc;
1340

1341
	KASSERT(cs->cs_outstanding_ctl_pdus == 0,
1342
	    ("destroying session with outstanding CTL pdus"));
1343
	KASSERT(TAILQ_EMPTY(&cs->cs_waiting_for_data_out),
1344
	    ("destroying session with non-empty queue"));
1345

1346
	mtx_lock(&softc->lock);
1347
	TAILQ_REMOVE(&softc->sessions, cs, cs_next);
1348
	mtx_unlock(&softc->lock);
1349

1350
	cfiscsi_session_unregister_initiator(cs);
1351
	if (cs->cs_target != NULL)
1352
		cfiscsi_target_release(cs->cs_target);
1353
	icl_conn_close(cs->cs_conn);
1354
	icl_conn_free(cs->cs_conn);
1355
	free(cs, M_CFISCSI);
1356
	cv_signal(&softc->sessions_cv);
1357
}
1358

1359
static int
1360
cfiscsi_init(void)
1361
{
1362
	struct cfiscsi_softc *softc;
1363

1364
	softc = &cfiscsi_softc;
1365
	bzero(softc, sizeof(*softc));
1366
	mtx_init(&softc->lock, "cfiscsi", NULL, MTX_DEF);
1367

1368
	cv_init(&softc->sessions_cv, "cfiscsi_sessions");
1369
#ifdef ICL_KERNEL_PROXY
1370
	cv_init(&softc->accept_cv, "cfiscsi_accept");
1371
#endif
1372
	TAILQ_INIT(&softc->sessions);
1373
	TAILQ_INIT(&softc->targets);
1374

1375
	cfiscsi_data_wait_zone = uma_zcreate("cfiscsi_data_wait",
1376
	    sizeof(struct cfiscsi_data_wait), NULL, NULL, NULL, NULL,
1377
	    UMA_ALIGN_PTR, 0);
1378

1379
	return (0);
1380
}
1381

1382
static int
1383
cfiscsi_shutdown(void)
1384
{
1385
	struct cfiscsi_softc *softc = &cfiscsi_softc;
1386

1387
	if (!TAILQ_EMPTY(&softc->sessions) || !TAILQ_EMPTY(&softc->targets))
1388
		return (EBUSY);
1389

1390
	uma_zdestroy(cfiscsi_data_wait_zone);
1391
#ifdef ICL_KERNEL_PROXY
1392
	cv_destroy(&softc->accept_cv);
1393
#endif
1394
	cv_destroy(&softc->sessions_cv);
1395
	mtx_destroy(&softc->lock);
1396
	return (0);
1397
}
1398

1399
#ifdef ICL_KERNEL_PROXY
1400
static void
1401
cfiscsi_accept(struct socket *so, struct sockaddr *sa, int portal_id)
1402
{
1403
	struct cfiscsi_session *cs;
1404

1405
	cs = cfiscsi_session_new(&cfiscsi_softc, NULL);
1406
	if (cs == NULL) {
1407
		CFISCSI_WARN("failed to create session");
1408
		return;
1409
	}
1410

1411
	icl_conn_handoff_sock(cs->cs_conn, so);
1412
	cs->cs_initiator_sa = sa;
1413
	cs->cs_portal_id = portal_id;
1414
	cs->cs_handoff_in_progress = false;
1415
	cs->cs_waiting_for_ctld = true;
1416
	cv_signal(&cfiscsi_softc.accept_cv);
1417

1418
	CFISCSI_SESSION_LOCK(cs);
1419
	/*
1420
	 * Wake up the maintenance thread if we got scheduled for termination
1421
	 * somewhere between cfiscsi_session_new() and icl_conn_handoff_sock().
1422
	 */
1423
	if (cs->cs_terminating)
1424
		cfiscsi_session_terminate(cs);
1425
	CFISCSI_SESSION_UNLOCK(cs);
1426
}
1427
#endif
1428

1429
static void
1430
cfiscsi_online(void *arg)
1431
{
1432
	struct cfiscsi_softc *softc;
1433
	struct cfiscsi_target *ct;
1434
	int online;
1435

1436
	ct = (struct cfiscsi_target *)arg;
1437
	softc = ct->ct_softc;
1438

1439
	mtx_lock(&softc->lock);
1440
	if (ct->ct_online) {
1441
		mtx_unlock(&softc->lock);
1442
		return;
1443
	}
1444
	ct->ct_online = 1;
1445
	online = softc->online++;
1446
	mtx_unlock(&softc->lock);
1447
	if (online > 0)
1448
		return;
1449

1450
#ifdef ICL_KERNEL_PROXY
1451
	if (softc->listener != NULL)
1452
		icl_listen_free(softc->listener);
1453
	softc->listener = icl_listen_new(cfiscsi_accept);
1454
#endif
1455
}
1456

1457
static void
1458
cfiscsi_offline(void *arg)
1459
{
1460
	struct cfiscsi_softc *softc;
1461
	struct cfiscsi_target *ct;
1462
	struct cfiscsi_session *cs;
1463
	int error, online;
1464

1465
	ct = (struct cfiscsi_target *)arg;
1466
	softc = ct->ct_softc;
1467

1468
	mtx_lock(&softc->lock);
1469
	if (!ct->ct_online) {
1470
		mtx_unlock(&softc->lock);
1471
		return;
1472
	}
1473
	ct->ct_online = 0;
1474
	online = --softc->online;
1475

1476
	do {
1477
		TAILQ_FOREACH(cs, &softc->sessions, cs_next) {
1478
			if (cs->cs_target == ct)
1479
				cfiscsi_session_terminate(cs);
1480
		}
1481
		TAILQ_FOREACH(cs, &softc->sessions, cs_next) {
1482
			if (cs->cs_target == ct)
1483
				break;
1484
		}
1485
		if (cs != NULL) {
1486
			error = cv_wait_sig(&softc->sessions_cv, &softc->lock);
1487
			if (error != 0) {
1488
				CFISCSI_SESSION_DEBUG(cs,
1489
				    "cv_wait failed with error %d\n", error);
1490
				break;
1491
			}
1492
		}
1493
	} while (cs != NULL && ct->ct_online == 0);
1494
	mtx_unlock(&softc->lock);
1495
	if (online > 0)
1496
		return;
1497

1498
#ifdef ICL_KERNEL_PROXY
1499
	icl_listen_free(softc->listener);
1500
	softc->listener = NULL;
1501
#endif
1502
}
1503

1504
static int
1505
cfiscsi_info(void *arg, struct sbuf *sb)
1506
{
1507
	struct cfiscsi_target *ct = (struct cfiscsi_target *)arg;
1508
	int retval;
1509

1510
	retval = sbuf_printf(sb, "\t<cfiscsi_state>%d</cfiscsi_state>\n",
1511
	    ct->ct_state);
1512
	return (retval);
1513
}
1514

1515
static void
1516
cfiscsi_ioctl_handoff(struct ctl_iscsi *ci)
1517
{
1518
	struct cfiscsi_softc *softc;
1519
	struct cfiscsi_session *cs, *cs2;
1520
	struct cfiscsi_target *ct;
1521
	struct ctl_iscsi_handoff_params *cihp;
1522
	int error;
1523

1524
	cihp = (struct ctl_iscsi_handoff_params *)&(ci->data);
1525
	softc = &cfiscsi_softc;
1526

1527
	CFISCSI_DEBUG("new connection from %s (%s) to %s",
1528
	    cihp->initiator_name, cihp->initiator_addr,
1529
	    cihp->target_name);
1530

1531
	ct = cfiscsi_target_find(softc, cihp->target_name,
1532
	    cihp->portal_group_tag);
1533
	if (ct == NULL) {
1534
		ci->status = CTL_ISCSI_ERROR;
1535
		snprintf(ci->error_str, sizeof(ci->error_str),
1536
		    "%s: target not found", __func__);
1537
		return;
1538
	}
1539

1540
#ifdef ICL_KERNEL_PROXY
1541
	if (cihp->socket > 0 && cihp->connection_id > 0) {
1542
		snprintf(ci->error_str, sizeof(ci->error_str),
1543
		    "both socket and connection_id set");
1544
		ci->status = CTL_ISCSI_ERROR;
1545
		cfiscsi_target_release(ct);
1546
		return;
1547
	}
1548
	if (cihp->socket == 0) {
1549
		mtx_lock(&cfiscsi_softc.lock);
1550
		TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) {
1551
			if (cs->cs_id == cihp->connection_id)
1552
				break;
1553
		}
1554
		if (cs == NULL) {
1555
			mtx_unlock(&cfiscsi_softc.lock);
1556
			snprintf(ci->error_str, sizeof(ci->error_str),
1557
			    "connection not found");
1558
			ci->status = CTL_ISCSI_ERROR;
1559
			cfiscsi_target_release(ct);
1560
			return;
1561
		}
1562
		mtx_unlock(&cfiscsi_softc.lock);
1563
	} else {
1564
#endif
1565
		cs = cfiscsi_session_new(softc, cihp->offload);
1566
		if (cs == NULL) {
1567
			ci->status = CTL_ISCSI_ERROR;
1568
			snprintf(ci->error_str, sizeof(ci->error_str),
1569
			    "%s: cfiscsi_session_new failed", __func__);
1570
			cfiscsi_target_release(ct);
1571
			return;
1572
		}
1573
#ifdef ICL_KERNEL_PROXY
1574
	}
1575
#endif
1576

1577
	/*
1578
	 * First PDU of Full Feature phase has the same CmdSN as the last
1579
	 * PDU from the Login Phase received from the initiator.  Thus,
1580
	 * the -1 below.
1581
	 */
1582
	cs->cs_cmdsn = cihp->cmdsn;
1583
	cs->cs_statsn = cihp->statsn;
1584
	cs->cs_conn->ic_max_recv_data_segment_length =
1585
	    cihp->max_recv_data_segment_length;
1586
	cs->cs_conn->ic_max_send_data_segment_length =
1587
	    cihp->max_send_data_segment_length;
1588
	cs->cs_max_burst_length = cihp->max_burst_length;
1589
	cs->cs_first_burst_length = cihp->first_burst_length;
1590
	cs->cs_immediate_data = !!cihp->immediate_data;
1591
	if (cihp->header_digest == CTL_ISCSI_DIGEST_CRC32C)
1592
		cs->cs_conn->ic_header_crc32c = true;
1593
	if (cihp->data_digest == CTL_ISCSI_DIGEST_CRC32C)
1594
		cs->cs_conn->ic_data_crc32c = true;
1595

1596
	strlcpy(cs->cs_initiator_name,
1597
	    cihp->initiator_name, sizeof(cs->cs_initiator_name));
1598
	strlcpy(cs->cs_initiator_addr,
1599
	    cihp->initiator_addr, sizeof(cs->cs_initiator_addr));
1600
	strlcpy(cs->cs_initiator_alias,
1601
	    cihp->initiator_alias, sizeof(cs->cs_initiator_alias));
1602
	memcpy(cs->cs_initiator_isid,
1603
	    cihp->initiator_isid, sizeof(cs->cs_initiator_isid));
1604
	snprintf(cs->cs_initiator_id, sizeof(cs->cs_initiator_id),
1605
	    "%s,i,0x%02x%02x%02x%02x%02x%02x", cs->cs_initiator_name,
1606
	    cihp->initiator_isid[0], cihp->initiator_isid[1],
1607
	    cihp->initiator_isid[2], cihp->initiator_isid[3],
1608
	    cihp->initiator_isid[4], cihp->initiator_isid[5]);
1609

1610
	mtx_lock(&softc->lock);
1611
	if (ct->ct_online == 0) {
1612
		mtx_unlock(&softc->lock);
1613
		CFISCSI_SESSION_LOCK(cs);
1614
		cs->cs_handoff_in_progress = false;
1615
		cfiscsi_session_terminate(cs);
1616
		CFISCSI_SESSION_UNLOCK(cs);
1617
		cfiscsi_target_release(ct);
1618
		ci->status = CTL_ISCSI_ERROR;
1619
		snprintf(ci->error_str, sizeof(ci->error_str),
1620
		    "%s: port offline", __func__);
1621
		return;
1622
	}
1623
	cs->cs_target = ct;
1624
	mtx_unlock(&softc->lock);
1625

1626
restart:
1627
	if (!cs->cs_terminating) {
1628
		mtx_lock(&softc->lock);
1629
		TAILQ_FOREACH(cs2, &softc->sessions, cs_next) {
1630
			if (cs2 != cs && cs2->cs_tasks_aborted == false &&
1631
			    cs->cs_target == cs2->cs_target &&
1632
			    strcmp(cs->cs_initiator_id, cs2->cs_initiator_id) == 0) {
1633
				if (strcmp(cs->cs_initiator_addr,
1634
				    cs2->cs_initiator_addr) != 0) {
1635
					CFISCSI_SESSION_WARN(cs2,
1636
					    "session reinstatement from "
1637
					    "different address %s",
1638
					    cs->cs_initiator_addr);
1639
				} else {
1640
					CFISCSI_SESSION_DEBUG(cs2,
1641
					    "session reinstatement");
1642
				}
1643
				cfiscsi_session_terminate(cs2);
1644
				mtx_unlock(&softc->lock);
1645
				pause("cfiscsi_reinstate", 1);
1646
				goto restart;
1647
			}
1648
		}
1649
		mtx_unlock(&softc->lock);
1650
	}
1651

1652
	/*
1653
	 * Register initiator with CTL.
1654
	 */
1655
	cfiscsi_session_register_initiator(cs);
1656

1657
#ifdef ICL_KERNEL_PROXY
1658
	if (cihp->socket > 0) {
1659
#endif
1660
		error = icl_conn_handoff(cs->cs_conn, cihp->socket);
1661
		if (error != 0) {
1662
			CFISCSI_SESSION_LOCK(cs);
1663
			cs->cs_handoff_in_progress = false;
1664
			cfiscsi_session_terminate(cs);
1665
			CFISCSI_SESSION_UNLOCK(cs);
1666
			ci->status = CTL_ISCSI_ERROR;
1667
			snprintf(ci->error_str, sizeof(ci->error_str),
1668
			    "%s: icl_conn_handoff failed with error %d",
1669
			    __func__, error);
1670
			return;
1671
		}
1672
#ifdef ICL_KERNEL_PROXY
1673
	}
1674
#endif
1675

1676
#ifdef ICL_KERNEL_PROXY
1677
	cs->cs_login_phase = false;
1678

1679
	/*
1680
	 * First PDU of the Full Feature phase has likely already arrived.
1681
	 * We have to pick it up and execute properly.
1682
	 */
1683
	if (cs->cs_login_pdu != NULL) {
1684
		CFISCSI_SESSION_DEBUG(cs, "picking up first PDU");
1685
		cfiscsi_pdu_handle(cs->cs_login_pdu);
1686
		cs->cs_login_pdu = NULL;
1687
	}
1688
#endif
1689

1690
	CFISCSI_SESSION_LOCK(cs);
1691
	cs->cs_handoff_in_progress = false;
1692

1693
	/*
1694
	 * Wake up the maintenance thread if we got scheduled for termination.
1695
	 */
1696
	if (cs->cs_terminating)
1697
		cfiscsi_session_terminate(cs);
1698
	CFISCSI_SESSION_UNLOCK(cs);
1699

1700
	ci->status = CTL_ISCSI_OK;
1701
}
1702

1703
static void
1704
cfiscsi_ioctl_list(struct ctl_iscsi *ci)
1705
{
1706
	struct ctl_iscsi_list_params *cilp;
1707
	struct cfiscsi_session *cs;
1708
	struct cfiscsi_softc *softc;
1709
	struct sbuf *sb;
1710
	int error;
1711

1712
	cilp = (struct ctl_iscsi_list_params *)&(ci->data);
1713
	softc = &cfiscsi_softc;
1714

1715
	sb = sbuf_new(NULL, NULL, cilp->alloc_len, SBUF_FIXEDLEN);
1716
	if (sb == NULL) {
1717
		ci->status = CTL_ISCSI_ERROR;
1718
		snprintf(ci->error_str, sizeof(ci->error_str),
1719
		    "Unable to allocate %d bytes for iSCSI session list",
1720
		    cilp->alloc_len);
1721
		return;
1722
	}
1723

1724
	sbuf_cat(sb, "<ctlislist>\n");
1725
	mtx_lock(&softc->lock);
1726
	TAILQ_FOREACH(cs, &softc->sessions, cs_next) {
1727
		if (cs->cs_target == NULL)
1728
			continue;
1729
		error = sbuf_printf(sb, "<connection id=\"%d\">"
1730
		    "<initiator>%s</initiator>"
1731
		    "<initiator_addr>%s</initiator_addr>"
1732
		    "<initiator_alias>%s</initiator_alias>"
1733
		    "<target>%s</target>"
1734
		    "<target_alias>%s</target_alias>"
1735
		    "<target_portal_group_tag>%u</target_portal_group_tag>"
1736
		    "<header_digest>%s</header_digest>"
1737
		    "<data_digest>%s</data_digest>"
1738
		    "<max_recv_data_segment_length>%d</max_recv_data_segment_length>"
1739
		    "<max_send_data_segment_length>%d</max_send_data_segment_length>"
1740
		    "<max_burst_length>%d</max_burst_length>"
1741
		    "<first_burst_length>%d</first_burst_length>"
1742
		    "<immediate_data>%d</immediate_data>"
1743
		    "<iser>%d</iser>"
1744
		    "<offload>%s</offload>"
1745
		    "</connection>\n",
1746
		    cs->cs_id,
1747
		    cs->cs_initiator_name, cs->cs_initiator_addr, cs->cs_initiator_alias,
1748
		    cs->cs_target->ct_name, cs->cs_target->ct_alias,
1749
		    cs->cs_target->ct_tag,
1750
		    cs->cs_conn->ic_header_crc32c ? "CRC32C" : "None",
1751
		    cs->cs_conn->ic_data_crc32c ? "CRC32C" : "None",
1752
		    cs->cs_conn->ic_max_recv_data_segment_length,
1753
		    cs->cs_conn->ic_max_send_data_segment_length,
1754
		    cs->cs_max_burst_length,
1755
		    cs->cs_first_burst_length,
1756
		    cs->cs_immediate_data,
1757
		    cs->cs_conn->ic_iser,
1758
		    cs->cs_conn->ic_offload);
1759
		if (error != 0)
1760
			break;
1761
	}
1762
	mtx_unlock(&softc->lock);
1763
	error = sbuf_cat(sb, "</ctlislist>\n");
1764
	if (error != 0) {
1765
		sbuf_delete(sb);
1766
		ci->status = CTL_ISCSI_LIST_NEED_MORE_SPACE;
1767
		snprintf(ci->error_str, sizeof(ci->error_str),
1768
		    "Out of space, %d bytes is too small", cilp->alloc_len);
1769
		return;
1770
	}
1771
	sbuf_finish(sb);
1772

1773
	error = copyout(sbuf_data(sb), cilp->conn_xml, sbuf_len(sb) + 1);
1774
	if (error != 0) {
1775
		sbuf_delete(sb);
1776
		snprintf(ci->error_str, sizeof(ci->error_str),
1777
		    "copyout failed with error %d", error);
1778
		ci->status = CTL_ISCSI_ERROR;
1779
		return;
1780
	}
1781
	cilp->fill_len = sbuf_len(sb) + 1;
1782
	ci->status = CTL_ISCSI_OK;
1783
	sbuf_delete(sb);
1784
}
1785

1786
static void
1787
cfiscsi_ioctl_logout(struct ctl_iscsi *ci)
1788
{
1789
	struct icl_pdu *response;
1790
	struct iscsi_bhs_asynchronous_message *bhsam;
1791
	struct ctl_iscsi_logout_params *cilp;
1792
	struct cfiscsi_session *cs;
1793
	struct cfiscsi_softc *softc;
1794
	int found = 0;
1795

1796
	cilp = (struct ctl_iscsi_logout_params *)&(ci->data);
1797
	softc = &cfiscsi_softc;
1798

1799
	mtx_lock(&softc->lock);
1800
	TAILQ_FOREACH(cs, &softc->sessions, cs_next) {
1801
		if (cilp->all == 0 && cs->cs_id != cilp->connection_id &&
1802
		    strcmp(cs->cs_initiator_name, cilp->initiator_name) != 0 &&
1803
		    strcmp(cs->cs_initiator_addr, cilp->initiator_addr) != 0)
1804
			continue;
1805

1806
		response = icl_pdu_new(cs->cs_conn, M_NOWAIT);
1807
		if (response == NULL) {
1808
			ci->status = CTL_ISCSI_ERROR;
1809
			snprintf(ci->error_str, sizeof(ci->error_str),
1810
			    "Unable to allocate memory");
1811
			mtx_unlock(&softc->lock);
1812
			return;
1813
		}
1814
		bhsam =
1815
		    (struct iscsi_bhs_asynchronous_message *)response->ip_bhs;
1816
		bhsam->bhsam_opcode = ISCSI_BHS_OPCODE_ASYNC_MESSAGE;
1817
		bhsam->bhsam_flags = 0x80;
1818
		bhsam->bhsam_async_event = BHSAM_EVENT_TARGET_REQUESTS_LOGOUT;
1819
		bhsam->bhsam_parameter3 = htons(10);
1820
		cfiscsi_pdu_queue(response);
1821
		found++;
1822
	}
1823
	mtx_unlock(&softc->lock);
1824

1825
	if (found == 0) {
1826
		ci->status = CTL_ISCSI_SESSION_NOT_FOUND;
1827
		snprintf(ci->error_str, sizeof(ci->error_str),
1828
		    "No matching connections found");
1829
		return;
1830
	}
1831

1832
	ci->status = CTL_ISCSI_OK;
1833
}
1834

1835
static void
1836
cfiscsi_ioctl_terminate(struct ctl_iscsi *ci)
1837
{
1838
	struct icl_pdu *response;
1839
	struct iscsi_bhs_asynchronous_message *bhsam;
1840
	struct ctl_iscsi_terminate_params *citp;
1841
	struct cfiscsi_session *cs;
1842
	struct cfiscsi_softc *softc;
1843
	int found = 0;
1844

1845
	citp = (struct ctl_iscsi_terminate_params *)&(ci->data);
1846
	softc = &cfiscsi_softc;
1847

1848
	mtx_lock(&softc->lock);
1849
	TAILQ_FOREACH(cs, &softc->sessions, cs_next) {
1850
		if (citp->all == 0 && cs->cs_id != citp->connection_id &&
1851
		    strcmp(cs->cs_initiator_name, citp->initiator_name) != 0 &&
1852
		    strcmp(cs->cs_initiator_addr, citp->initiator_addr) != 0)
1853
			continue;
1854

1855
		response = icl_pdu_new(cs->cs_conn, M_NOWAIT);
1856
		if (response == NULL) {
1857
			/*
1858
			 * Oh well.  Just terminate the connection.
1859
			 */
1860
		} else {
1861
			bhsam = (struct iscsi_bhs_asynchronous_message *)
1862
			    response->ip_bhs;
1863
			bhsam->bhsam_opcode = ISCSI_BHS_OPCODE_ASYNC_MESSAGE;
1864
			bhsam->bhsam_flags = 0x80;
1865
			bhsam->bhsam_0xffffffff = 0xffffffff;
1866
			bhsam->bhsam_async_event =
1867
			    BHSAM_EVENT_TARGET_TERMINATES_SESSION;
1868
			cfiscsi_pdu_queue(response);
1869
		}
1870
		cfiscsi_session_terminate(cs);
1871
		found++;
1872
	}
1873
	mtx_unlock(&softc->lock);
1874

1875
	if (found == 0) {
1876
		ci->status = CTL_ISCSI_SESSION_NOT_FOUND;
1877
		snprintf(ci->error_str, sizeof(ci->error_str),
1878
		    "No matching connections found");
1879
		return;
1880
	}
1881

1882
	ci->status = CTL_ISCSI_OK;
1883
}
1884

1885
static void
1886
cfiscsi_ioctl_limits(struct ctl_iscsi *ci)
1887
{
1888
	struct ctl_iscsi_limits_params *cilp;
1889
	struct icl_drv_limits idl;
1890
	int error;
1891

1892
	cilp = (struct ctl_iscsi_limits_params *)&(ci->data);
1893

1894
	error = icl_limits(cilp->offload, false, cilp->socket, &idl);
1895
	if (error != 0) {
1896
		ci->status = CTL_ISCSI_ERROR;
1897
		snprintf(ci->error_str, sizeof(ci->error_str),
1898
			"%s: icl_limits failed with error %d",
1899
			__func__, error);
1900
		return;
1901
	}
1902

1903
	cilp->max_recv_data_segment_length =
1904
	    idl.idl_max_recv_data_segment_length;
1905
	cilp->max_send_data_segment_length =
1906
	    idl.idl_max_send_data_segment_length;
1907
	cilp->max_burst_length = idl.idl_max_burst_length;
1908
	cilp->first_burst_length = idl.idl_first_burst_length;
1909

1910
	ci->status = CTL_ISCSI_OK;
1911
}
1912

1913
#ifdef ICL_KERNEL_PROXY
1914
static void
1915
cfiscsi_ioctl_listen(struct ctl_iscsi *ci)
1916
{
1917
	struct ctl_iscsi_listen_params *cilp;
1918
	struct sockaddr *sa;
1919
	int error;
1920

1921
	cilp = (struct ctl_iscsi_listen_params *)&(ci->data);
1922

1923
	if (cfiscsi_softc.listener == NULL) {
1924
		CFISCSI_DEBUG("no listener");
1925
		snprintf(ci->error_str, sizeof(ci->error_str), "no listener");
1926
		ci->status = CTL_ISCSI_ERROR;
1927
		return;
1928
	}
1929

1930
	error = getsockaddr(&sa, (void *)cilp->addr, cilp->addrlen);
1931
	if (error != 0) {
1932
		CFISCSI_DEBUG("getsockaddr, error %d", error);
1933
		snprintf(ci->error_str, sizeof(ci->error_str), "getsockaddr failed");
1934
		ci->status = CTL_ISCSI_ERROR;
1935
		return;
1936
	}
1937

1938
	error = icl_listen_add(cfiscsi_softc.listener, cilp->iser, cilp->domain,
1939
	    cilp->socktype, cilp->protocol, sa, cilp->portal_id);
1940
	if (error != 0) {
1941
		free(sa, M_SONAME);
1942
		CFISCSI_DEBUG("icl_listen_add, error %d", error);
1943
		snprintf(ci->error_str, sizeof(ci->error_str),
1944
		    "icl_listen_add failed, error %d", error);
1945
		ci->status = CTL_ISCSI_ERROR;
1946
		return;
1947
	}
1948

1949
	ci->status = CTL_ISCSI_OK;
1950
}
1951

1952
static void
1953
cfiscsi_ioctl_accept(struct ctl_iscsi *ci)
1954
{
1955
	struct ctl_iscsi_accept_params *ciap;
1956
	struct cfiscsi_session *cs;
1957
	int error;
1958

1959
	ciap = (struct ctl_iscsi_accept_params *)&(ci->data);
1960

1961
	mtx_lock(&cfiscsi_softc.lock);
1962
	for (;;) {
1963
		TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) {
1964
			if (cs->cs_waiting_for_ctld)
1965
				break;
1966
		}
1967
		if (cs != NULL)
1968
			break;
1969
		error = cv_wait_sig(&cfiscsi_softc.accept_cv, &cfiscsi_softc.lock);
1970
		if (error != 0) {
1971
			mtx_unlock(&cfiscsi_softc.lock);
1972
			snprintf(ci->error_str, sizeof(ci->error_str), "interrupted");
1973
			ci->status = CTL_ISCSI_ERROR;
1974
			return;
1975
		}
1976
	}
1977
	mtx_unlock(&cfiscsi_softc.lock);
1978

1979
	cs->cs_waiting_for_ctld = false;
1980
	cs->cs_login_phase = true;
1981

1982
	ciap->connection_id = cs->cs_id;
1983
	ciap->portal_id = cs->cs_portal_id;
1984
	ciap->initiator_addrlen = cs->cs_initiator_sa->sa_len;
1985
	error = copyout(cs->cs_initiator_sa, ciap->initiator_addr,
1986
	    cs->cs_initiator_sa->sa_len);
1987
	if (error != 0) {
1988
		snprintf(ci->error_str, sizeof(ci->error_str),
1989
		    "copyout failed with error %d", error);
1990
		ci->status = CTL_ISCSI_ERROR;
1991
		return;
1992
	}
1993

1994
	ci->status = CTL_ISCSI_OK;
1995
}
1996

1997
static void
1998
cfiscsi_ioctl_send(struct ctl_iscsi *ci)
1999
{
2000
	struct ctl_iscsi_send_params *cisp;
2001
	struct cfiscsi_session *cs;
2002
	struct icl_pdu *ip;
2003
	size_t datalen;
2004
	void *data;
2005
	int error;
2006

2007
	cisp = (struct ctl_iscsi_send_params *)&(ci->data);
2008

2009
	mtx_lock(&cfiscsi_softc.lock);
2010
	TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) {
2011
		if (cs->cs_id == cisp->connection_id)
2012
			break;
2013
	}
2014
	if (cs == NULL) {
2015
		mtx_unlock(&cfiscsi_softc.lock);
2016
		snprintf(ci->error_str, sizeof(ci->error_str), "connection not found");
2017
		ci->status = CTL_ISCSI_ERROR;
2018
		return;
2019
	}
2020
	mtx_unlock(&cfiscsi_softc.lock);
2021

2022
#if 0
2023
	if (cs->cs_login_phase == false)
2024
		return (EBUSY);
2025
#endif
2026

2027
	if (cs->cs_terminating) {
2028
		snprintf(ci->error_str, sizeof(ci->error_str), "connection is terminating");
2029
		ci->status = CTL_ISCSI_ERROR;
2030
		return;
2031
	}
2032

2033
	datalen = cisp->data_segment_len;
2034
	/*
2035
	 * XXX
2036
	 */
2037
	//if (datalen > CFISCSI_MAX_DATA_SEGMENT_LENGTH) {
2038
	if (datalen > 65535) {
2039
		snprintf(ci->error_str, sizeof(ci->error_str), "data segment too big");
2040
		ci->status = CTL_ISCSI_ERROR;
2041
		return;
2042
	}
2043
	if (datalen > 0) {
2044
		data = malloc(datalen, M_CFISCSI, M_WAITOK);
2045
		error = copyin(cisp->data_segment, data, datalen);
2046
		if (error != 0) {
2047
			free(data, M_CFISCSI);
2048
			snprintf(ci->error_str, sizeof(ci->error_str), "copyin error %d", error);
2049
			ci->status = CTL_ISCSI_ERROR;
2050
			return;
2051
		}
2052
	}
2053

2054
	ip = icl_pdu_new(cs->cs_conn, M_WAITOK);
2055
	memcpy(ip->ip_bhs, cisp->bhs, sizeof(*ip->ip_bhs));
2056
	if (datalen > 0) {
2057
		icl_pdu_append_data(ip, data, datalen, M_WAITOK);
2058
		free(data, M_CFISCSI);
2059
	}
2060
	CFISCSI_SESSION_LOCK(cs);
2061
	icl_pdu_queue(ip);
2062
	CFISCSI_SESSION_UNLOCK(cs);
2063
	ci->status = CTL_ISCSI_OK;
2064
}
2065

2066
static void
2067
cfiscsi_ioctl_receive(struct ctl_iscsi *ci)
2068
{
2069
	struct ctl_iscsi_receive_params *cirp;
2070
	struct cfiscsi_session *cs;
2071
	struct icl_pdu *ip;
2072
	void *data;
2073
	int error;
2074

2075
	cirp = (struct ctl_iscsi_receive_params *)&(ci->data);
2076

2077
	mtx_lock(&cfiscsi_softc.lock);
2078
	TAILQ_FOREACH(cs, &cfiscsi_softc.sessions, cs_next) {
2079
		if (cs->cs_id == cirp->connection_id)
2080
			break;
2081
	}
2082
	if (cs == NULL) {
2083
		mtx_unlock(&cfiscsi_softc.lock);
2084
		snprintf(ci->error_str, sizeof(ci->error_str),
2085
		    "connection not found");
2086
		ci->status = CTL_ISCSI_ERROR;
2087
		return;
2088
	}
2089
	mtx_unlock(&cfiscsi_softc.lock);
2090

2091
#if 0
2092
	if (is->is_login_phase == false)
2093
		return (EBUSY);
2094
#endif
2095

2096
	CFISCSI_SESSION_LOCK(cs);
2097
	while (cs->cs_login_pdu == NULL && cs->cs_terminating == false) {
2098
		error = cv_wait_sig(&cs->cs_login_cv, &cs->cs_lock);
2099
		if (error != 0) {
2100
			CFISCSI_SESSION_UNLOCK(cs);
2101
			snprintf(ci->error_str, sizeof(ci->error_str),
2102
			    "interrupted by signal");
2103
			ci->status = CTL_ISCSI_ERROR;
2104
			return;
2105
		}
2106
	}
2107

2108
	if (cs->cs_terminating) {
2109
		CFISCSI_SESSION_UNLOCK(cs);
2110
		snprintf(ci->error_str, sizeof(ci->error_str),
2111
		    "connection terminating");
2112
		ci->status = CTL_ISCSI_ERROR;
2113
		return;
2114
	}
2115
	ip = cs->cs_login_pdu;
2116
	cs->cs_login_pdu = NULL;
2117
	CFISCSI_SESSION_UNLOCK(cs);
2118

2119
	if (ip->ip_data_len > cirp->data_segment_len) {
2120
		icl_pdu_free(ip);
2121
		snprintf(ci->error_str, sizeof(ci->error_str),
2122
		    "data segment too big");
2123
		ci->status = CTL_ISCSI_ERROR;
2124
		return;
2125
	}
2126

2127
	copyout(ip->ip_bhs, cirp->bhs, sizeof(*ip->ip_bhs));
2128
	if (ip->ip_data_len > 0) {
2129
		data = malloc(ip->ip_data_len, M_CFISCSI, M_WAITOK);
2130
		icl_pdu_get_data(ip, 0, data, ip->ip_data_len);
2131
		copyout(data, cirp->data_segment, ip->ip_data_len);
2132
		free(data, M_CFISCSI);
2133
	}
2134

2135
	icl_pdu_free(ip);
2136
	ci->status = CTL_ISCSI_OK;
2137
}
2138

2139
#endif /* !ICL_KERNEL_PROXY */
2140

2141
static void
2142
cfiscsi_ioctl_port_create(struct ctl_req *req)
2143
{
2144
	struct cfiscsi_target *ct;
2145
	struct ctl_port *port;
2146
	const char *target, *alias, *val;
2147
	struct scsi_vpd_id_descriptor *desc;
2148
	int retval, len, idlen;
2149
	uint16_t tag;
2150

2151
	target = dnvlist_get_string(req->args_nvl, "cfiscsi_target", NULL);
2152
	if (target == NULL) {
2153
		req->status = CTL_LUN_ERROR;
2154
		snprintf(req->error_str, sizeof(req->error_str),
2155
		    "Missing required argument: cfiscsi_target");
2156
		return;
2157
	}
2158

2159
	val = dnvlist_get_string(req->args_nvl, "cfiscsi_portal_group_tag",
2160
	    NULL);
2161
	if (val == NULL) {
2162
		req->status = CTL_LUN_ERROR;
2163
		snprintf(req->error_str, sizeof(req->error_str),
2164
		    "Missing required argument: cfiscsi_portal_group_tag");
2165
		return;
2166
	}
2167

2168
	alias = dnvlist_get_string(req->args_nvl, "cfiscsi_target_alias", NULL);
2169

2170
	tag = strtoul(val, NULL, 0);
2171
	ct = cfiscsi_target_find_or_create(&cfiscsi_softc, target, alias, tag);
2172
	if (ct == NULL) {
2173
		req->status = CTL_LUN_ERROR;
2174
		snprintf(req->error_str, sizeof(req->error_str),
2175
		    "failed to create target \"%s\"", target);
2176
		return;
2177
	}
2178
	if (ct->ct_state == CFISCSI_TARGET_STATE_ACTIVE) {
2179
		req->status = CTL_LUN_ERROR;
2180
		snprintf(req->error_str, sizeof(req->error_str),
2181
		    "target \"%s\" for portal group tag %u already exists",
2182
		    target, tag);
2183
		cfiscsi_target_release(ct);
2184
		return;
2185
	}
2186
	port = &ct->ct_port;
2187
	// WAT
2188
	if (ct->ct_state == CFISCSI_TARGET_STATE_DYING)
2189
		goto done;
2190

2191
	port->frontend = &cfiscsi_frontend;
2192
	port->port_type = CTL_PORT_ISCSI;
2193
	/* XXX KDM what should the real number be here? */
2194
	port->num_requested_ctl_io = 4096;
2195
	port->port_name = "iscsi";
2196
	port->physical_port = (int)tag;
2197
	port->virtual_port = ct->ct_target_id;
2198
	port->port_online = cfiscsi_online;
2199
	port->port_offline = cfiscsi_offline;
2200
	port->port_info = cfiscsi_info;
2201
	port->onoff_arg = ct;
2202
	port->fe_datamove = cfiscsi_datamove;
2203
	port->fe_done = cfiscsi_done;
2204
	port->targ_port = -1;
2205
	port->options = nvlist_clone(req->args_nvl);
2206

2207
	/* Generate Port ID. */
2208
	idlen = strlen(target) + strlen(",t,0x0001") + 1;
2209
	idlen = roundup2(idlen, 4);
2210
	len = sizeof(struct scsi_vpd_device_id) + idlen;
2211
	port->port_devid = malloc(sizeof(struct ctl_devid) + len,
2212
	    M_CTL, M_WAITOK | M_ZERO);
2213
	port->port_devid->len = len;
2214
	desc = (struct scsi_vpd_id_descriptor *)port->port_devid->data;
2215
	desc->proto_codeset = (SCSI_PROTO_ISCSI << 4) | SVPD_ID_CODESET_UTF8;
2216
	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_PORT |
2217
	    SVPD_ID_TYPE_SCSI_NAME;
2218
	desc->length = idlen;
2219
	snprintf(desc->identifier, idlen, "%s,t,0x%4.4x", target, tag);
2220

2221
	/* Generate Target ID. */
2222
	idlen = strlen(target) + 1;
2223
	idlen = roundup2(idlen, 4);
2224
	len = sizeof(struct scsi_vpd_device_id) + idlen;
2225
	port->target_devid = malloc(sizeof(struct ctl_devid) + len,
2226
	    M_CTL, M_WAITOK | M_ZERO);
2227
	port->target_devid->len = len;
2228
	desc = (struct scsi_vpd_id_descriptor *)port->target_devid->data;
2229
	desc->proto_codeset = (SCSI_PROTO_ISCSI << 4) | SVPD_ID_CODESET_UTF8;
2230
	desc->id_type = SVPD_ID_PIV | SVPD_ID_ASSOC_TARGET |
2231
	    SVPD_ID_TYPE_SCSI_NAME;
2232
	desc->length = idlen;
2233
	strlcpy(desc->identifier, target, idlen);
2234

2235
	retval = ctl_port_register(port);
2236
	if (retval != 0) {
2237
		free(port->port_devid, M_CFISCSI);
2238
		free(port->target_devid, M_CFISCSI);
2239
		cfiscsi_target_release(ct);
2240
		req->status = CTL_LUN_ERROR;
2241
		snprintf(req->error_str, sizeof(req->error_str),
2242
		    "ctl_port_register() failed with error %d", retval);
2243
		return;
2244
	}
2245
done:
2246
	ct->ct_state = CFISCSI_TARGET_STATE_ACTIVE;
2247
	req->status = CTL_LUN_OK;
2248
	req->result_nvl = nvlist_create(0);
2249
	nvlist_add_number(req->result_nvl, "port_id", port->targ_port);
2250
}
2251

2252
static void
2253
cfiscsi_ioctl_port_remove(struct ctl_req *req)
2254
{
2255
	struct cfiscsi_target *ct;
2256
	const char *target, *val;
2257
	uint16_t tag;
2258

2259
	target = dnvlist_get_string(req->args_nvl, "cfiscsi_target", NULL);
2260
	if (target == NULL) {
2261
		req->status = CTL_LUN_ERROR;
2262
		snprintf(req->error_str, sizeof(req->error_str),
2263
		    "Missing required argument: cfiscsi_target");
2264
		return;
2265
	}
2266

2267
	val = dnvlist_get_string(req->args_nvl, "cfiscsi_portal_group_tag",
2268
	    NULL);
2269
	if (val == NULL) {
2270
		req->status = CTL_LUN_ERROR;
2271
		snprintf(req->error_str, sizeof(req->error_str),
2272
		    "Missing required argument: cfiscsi_portal_group_tag");
2273
		return;
2274
	}
2275

2276
	tag = strtoul(val, NULL, 0);
2277
	ct = cfiscsi_target_find(&cfiscsi_softc, target, tag);
2278
	if (ct == NULL) {
2279
		req->status = CTL_LUN_ERROR;
2280
		snprintf(req->error_str, sizeof(req->error_str),
2281
		    "can't find target \"%s\"", target);
2282
		return;
2283
	}
2284

2285
	ct->ct_state = CFISCSI_TARGET_STATE_DYING;
2286
	ctl_port_offline(&ct->ct_port);
2287
	cfiscsi_target_release(ct);
2288
	cfiscsi_target_release(ct);
2289
	req->status = CTL_LUN_OK;
2290
}
2291

2292
static int
2293
cfiscsi_ioctl(struct cdev *dev,
2294
    u_long cmd, caddr_t addr, int flag, struct thread *td)
2295
{
2296
	struct ctl_iscsi *ci;
2297
	struct ctl_req *req;
2298

2299
	if (cmd == CTL_PORT_REQ) {
2300
		req = (struct ctl_req *)addr;
2301
		switch (req->reqtype) {
2302
		case CTL_REQ_CREATE:
2303
			cfiscsi_ioctl_port_create(req);
2304
			break;
2305
		case CTL_REQ_REMOVE:
2306
			cfiscsi_ioctl_port_remove(req);
2307
			break;
2308
		default:
2309
			req->status = CTL_LUN_ERROR;
2310
			snprintf(req->error_str, sizeof(req->error_str),
2311
			    "Unsupported request type %d", req->reqtype);
2312
		}
2313
		return (0);
2314
	}
2315

2316
	if (cmd != CTL_ISCSI)
2317
		return (ENOTTY);
2318

2319
	ci = (struct ctl_iscsi *)addr;
2320
	switch (ci->type) {
2321
	case CTL_ISCSI_HANDOFF:
2322
		cfiscsi_ioctl_handoff(ci);
2323
		break;
2324
	case CTL_ISCSI_LIST:
2325
		cfiscsi_ioctl_list(ci);
2326
		break;
2327
	case CTL_ISCSI_LOGOUT:
2328
		cfiscsi_ioctl_logout(ci);
2329
		break;
2330
	case CTL_ISCSI_TERMINATE:
2331
		cfiscsi_ioctl_terminate(ci);
2332
		break;
2333
	case CTL_ISCSI_LIMITS:
2334
		cfiscsi_ioctl_limits(ci);
2335
		break;
2336
#ifdef ICL_KERNEL_PROXY
2337
	case CTL_ISCSI_LISTEN:
2338
		cfiscsi_ioctl_listen(ci);
2339
		break;
2340
	case CTL_ISCSI_ACCEPT:
2341
		cfiscsi_ioctl_accept(ci);
2342
		break;
2343
	case CTL_ISCSI_SEND:
2344
		cfiscsi_ioctl_send(ci);
2345
		break;
2346
	case CTL_ISCSI_RECEIVE:
2347
		cfiscsi_ioctl_receive(ci);
2348
		break;
2349
#else
2350
	case CTL_ISCSI_LISTEN:
2351
	case CTL_ISCSI_ACCEPT:
2352
	case CTL_ISCSI_SEND:
2353
	case CTL_ISCSI_RECEIVE:
2354
		ci->status = CTL_ISCSI_ERROR;
2355
		snprintf(ci->error_str, sizeof(ci->error_str),
2356
		    "%s: CTL compiled without ICL_KERNEL_PROXY",
2357
		    __func__);
2358
		break;
2359
#endif /* !ICL_KERNEL_PROXY */
2360
	default:
2361
		ci->status = CTL_ISCSI_ERROR;
2362
		snprintf(ci->error_str, sizeof(ci->error_str),
2363
		    "%s: invalid iSCSI request type %d", __func__, ci->type);
2364
		break;
2365
	}
2366

2367
	return (0);
2368
}
2369

2370
static void
2371
cfiscsi_target_hold(struct cfiscsi_target *ct)
2372
{
2373

2374
	refcount_acquire(&ct->ct_refcount);
2375
}
2376

2377
static void
2378
cfiscsi_target_release(struct cfiscsi_target *ct)
2379
{
2380
	struct cfiscsi_softc *softc;
2381

2382
	softc = ct->ct_softc;
2383
	mtx_lock(&softc->lock);
2384
	if (refcount_release(&ct->ct_refcount)) {
2385
		TAILQ_REMOVE(&softc->targets, ct, ct_next);
2386
		mtx_unlock(&softc->lock);
2387
		if (ct->ct_state != CFISCSI_TARGET_STATE_INVALID) {
2388
			ct->ct_state = CFISCSI_TARGET_STATE_INVALID;
2389
			if (ctl_port_deregister(&ct->ct_port) != 0)
2390
				printf("%s: ctl_port_deregister() failed\n",
2391
				    __func__);
2392
		}
2393
		free(ct, M_CFISCSI);
2394

2395
		return;
2396
	}
2397
	mtx_unlock(&softc->lock);
2398
}
2399

2400
static struct cfiscsi_target *
2401
cfiscsi_target_find(struct cfiscsi_softc *softc, const char *name, uint16_t tag)
2402
{
2403
	struct cfiscsi_target *ct;
2404

2405
	mtx_lock(&softc->lock);
2406
	TAILQ_FOREACH(ct, &softc->targets, ct_next) {
2407
		if (ct->ct_tag != tag ||
2408
		    strcmp(name, ct->ct_name) != 0 ||
2409
		    ct->ct_state != CFISCSI_TARGET_STATE_ACTIVE)
2410
			continue;
2411
		cfiscsi_target_hold(ct);
2412
		mtx_unlock(&softc->lock);
2413
		return (ct);
2414
	}
2415
	mtx_unlock(&softc->lock);
2416

2417
	return (NULL);
2418
}
2419

2420
static struct cfiscsi_target *
2421
cfiscsi_target_find_or_create(struct cfiscsi_softc *softc, const char *name,
2422
    const char *alias, uint16_t tag)
2423
{
2424
	struct cfiscsi_target *ct, *newct;
2425

2426
	if (name[0] == '\0' || strlen(name) >= CTL_ISCSI_NAME_LEN)
2427
		return (NULL);
2428

2429
	newct = malloc(sizeof(*newct), M_CFISCSI, M_WAITOK | M_ZERO);
2430

2431
	mtx_lock(&softc->lock);
2432
	TAILQ_FOREACH(ct, &softc->targets, ct_next) {
2433
		if (ct->ct_tag != tag ||
2434
		    strcmp(name, ct->ct_name) != 0 ||
2435
		    ct->ct_state == CFISCSI_TARGET_STATE_INVALID)
2436
			continue;
2437
		cfiscsi_target_hold(ct);
2438
		mtx_unlock(&softc->lock);
2439
		free(newct, M_CFISCSI);
2440
		return (ct);
2441
	}
2442

2443
	strlcpy(newct->ct_name, name, sizeof(newct->ct_name));
2444
	if (alias != NULL)
2445
		strlcpy(newct->ct_alias, alias, sizeof(newct->ct_alias));
2446
	newct->ct_tag = tag;
2447
	refcount_init(&newct->ct_refcount, 1);
2448
	newct->ct_softc = softc;
2449
	if (TAILQ_EMPTY(&softc->targets))
2450
		softc->last_target_id = 0;
2451
	newct->ct_target_id = ++softc->last_target_id;
2452
	TAILQ_INSERT_TAIL(&softc->targets, newct, ct_next);
2453
	mtx_unlock(&softc->lock);
2454

2455
	return (newct);
2456
}
2457

2458
static void
2459
cfiscsi_pdu_done(struct icl_pdu *ip, int error)
2460
{
2461

2462
	if (error != 0)
2463
		; // XXX: Do something on error?
2464
	((ctl_ref)ip->ip_prv0)(ip->ip_prv1, -1);
2465
}
2466

2467
static void
2468
cfiscsi_datamove_in(union ctl_io *io)
2469
{
2470
	struct cfiscsi_session *cs;
2471
	struct icl_pdu *request, *response;
2472
	const struct iscsi_bhs_scsi_command *bhssc;
2473
	struct iscsi_bhs_data_in *bhsdi;
2474
	struct ctl_sg_entry ctl_sg_entry, *ctl_sglist;
2475
	size_t len, expected_len, sg_len, buffer_offset;
2476
	size_t max_send_data_segment_length;
2477
	const char *sg_addr;
2478
	icl_pdu_cb cb;
2479
	int ctl_sg_count, error, i;
2480

2481
	request = PRIV_REQUEST(io);
2482
	cs = PDU_SESSION(request);
2483

2484
	bhssc = (const struct iscsi_bhs_scsi_command *)request->ip_bhs;
2485
	KASSERT((bhssc->bhssc_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
2486
	    ISCSI_BHS_OPCODE_SCSI_COMMAND,
2487
	    ("bhssc->bhssc_opcode != ISCSI_BHS_OPCODE_SCSI_COMMAND"));
2488

2489
	if (io->scsiio.kern_sg_entries > 0) {
2490
		ctl_sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
2491
		ctl_sg_count = io->scsiio.kern_sg_entries;
2492
	} else {
2493
		ctl_sglist = &ctl_sg_entry;
2494
		ctl_sglist->addr = io->scsiio.kern_data_ptr;
2495
		ctl_sglist->len = io->scsiio.kern_data_len;
2496
		ctl_sg_count = 1;
2497
	}
2498

2499
	/*
2500
	 * This is the offset within the current SCSI command; for the first
2501
	 * call to cfiscsi_datamove() it will be 0, and for subsequent ones
2502
	 * it will be the sum of lengths of previous ones.
2503
	 */
2504
	buffer_offset = io->scsiio.kern_rel_offset;
2505

2506
	/*
2507
	 * This is the transfer length expected by the initiator.  It can be
2508
	 * different from the amount of data from the SCSI point of view.
2509
	 */
2510
	expected_len = ntohl(bhssc->bhssc_expected_data_transfer_length);
2511

2512
	/*
2513
	 * If the transfer is outside of expected length -- we are done.
2514
	 */
2515
	if (buffer_offset >= expected_len) {
2516
#if 0
2517
		CFISCSI_SESSION_DEBUG(cs, "buffer_offset = %zd, "
2518
		    "already sent the expected len", buffer_offset);
2519
#endif
2520
		ctl_datamove_done(io, true);
2521
		return;
2522
	}
2523

2524
	if (io->scsiio.kern_data_ref != NULL)
2525
		cb = cfiscsi_pdu_done;
2526
	else
2527
		cb = NULL;
2528

2529
	i = 0;
2530
	sg_addr = NULL;
2531
	sg_len = 0;
2532
	response = NULL;
2533
	bhsdi = NULL;
2534
	if (cs->cs_conn->ic_hw_isomax != 0)
2535
		max_send_data_segment_length = cs->cs_conn->ic_hw_isomax;
2536
	else
2537
		max_send_data_segment_length =
2538
		    cs->cs_conn->ic_max_send_data_segment_length;
2539
	for (;;) {
2540
		if (response == NULL) {
2541
			response = cfiscsi_pdu_new_response(request, M_NOWAIT);
2542
			if (response == NULL) {
2543
				CFISCSI_SESSION_WARN(cs, "failed to "
2544
				    "allocate memory; dropping connection");
2545
				ctl_set_busy(&io->scsiio);
2546
				ctl_datamove_done(io, true);
2547
				cfiscsi_session_terminate(cs);
2548
				return;
2549
			}
2550
			bhsdi = (struct iscsi_bhs_data_in *)response->ip_bhs;
2551
			bhsdi->bhsdi_opcode = ISCSI_BHS_OPCODE_SCSI_DATA_IN;
2552
			bhsdi->bhsdi_initiator_task_tag =
2553
			    bhssc->bhssc_initiator_task_tag;
2554
			bhsdi->bhsdi_target_transfer_tag = 0xffffffff;
2555
			bhsdi->bhsdi_datasn = htonl(PRIV_EXPDATASN(io));
2556
			bhsdi->bhsdi_buffer_offset = htonl(buffer_offset);
2557
		}
2558

2559
		KASSERT(i < ctl_sg_count, ("i >= ctl_sg_count"));
2560
		if (sg_len == 0) {
2561
			sg_addr = ctl_sglist[i].addr;
2562
			sg_len = ctl_sglist[i].len;
2563
			KASSERT(sg_len > 0, ("sg_len <= 0"));
2564
		}
2565

2566
		len = sg_len;
2567

2568
		/*
2569
		 * Truncate to maximum data segment length.
2570
		 */
2571
		KASSERT(response->ip_data_len < max_send_data_segment_length,
2572
		    ("ip_data_len %zd >= max_send_data_segment_length %zd",
2573
		    response->ip_data_len, max_send_data_segment_length));
2574
		if (response->ip_data_len + len > max_send_data_segment_length) {
2575
			len = max_send_data_segment_length - response->ip_data_len;
2576
			KASSERT(len <= sg_len, ("len %zd > sg_len %zd",
2577
			    len, sg_len));
2578
		}
2579

2580
		/*
2581
		 * Truncate to expected data transfer length.
2582
		 */
2583
		KASSERT(buffer_offset + response->ip_data_len < expected_len,
2584
		    ("buffer_offset %zd + ip_data_len %zd >= expected_len %zd",
2585
		    buffer_offset, response->ip_data_len, expected_len));
2586
		if (buffer_offset + response->ip_data_len + len > expected_len) {
2587
			CFISCSI_SESSION_DEBUG(cs, "truncating from %zd "
2588
			    "to expected data transfer length %zd",
2589
			    buffer_offset + response->ip_data_len + len, expected_len);
2590
			len = expected_len - (buffer_offset + response->ip_data_len);
2591
			KASSERT(len <= sg_len, ("len %zd > sg_len %zd",
2592
			    len, sg_len));
2593
		}
2594

2595
		error = icl_pdu_append_data(response, sg_addr, len,
2596
		    M_NOWAIT | (cb ? ICL_NOCOPY : 0));
2597
		if (error != 0) {
2598
			CFISCSI_SESSION_WARN(cs, "failed to "
2599
			    "allocate memory; dropping connection");
2600
			icl_pdu_free(response);
2601
			ctl_set_busy(&io->scsiio);
2602
			ctl_datamove_done(io, true);
2603
			cfiscsi_session_terminate(cs);
2604
			return;
2605
		}
2606
		sg_addr += len;
2607
		sg_len -= len;
2608
		io->scsiio.kern_data_resid -= len;
2609

2610
		KASSERT(buffer_offset + response->ip_data_len <= expected_len,
2611
		    ("buffer_offset %zd + ip_data_len %zd > expected_len %zd",
2612
		    buffer_offset, response->ip_data_len, expected_len));
2613
		if (buffer_offset + response->ip_data_len == expected_len) {
2614
			/*
2615
			 * Already have the amount of data the initiator wanted.
2616
			 */
2617
			break;
2618
		}
2619

2620
		if (sg_len == 0) {
2621
			/*
2622
			 * End of scatter-gather segment;
2623
			 * proceed to the next one...
2624
			 */
2625
			if (i == ctl_sg_count - 1) {
2626
				/*
2627
				 * ... unless this was the last one.
2628
				 */
2629
				break;
2630
			}
2631
			i++;
2632
		}
2633

2634
		if (response->ip_data_len == max_send_data_segment_length) {
2635
			/*
2636
			 * Can't stuff more data into the current PDU;
2637
			 * queue it.  Note that's not enough to check
2638
			 * for kern_data_resid == 0 instead; there
2639
			 * may be several Data-In PDUs for the final
2640
			 * call to cfiscsi_datamove(), and we want
2641
			 * to set the F flag only on the last of them.
2642
			 */
2643
			buffer_offset += response->ip_data_len;
2644
			if (buffer_offset == io->scsiio.kern_total_len ||
2645
			    buffer_offset == expected_len) {
2646
				buffer_offset -= response->ip_data_len;
2647
				break;
2648
			}
2649
			PRIV_EXPDATASN(io) += howmany(response->ip_data_len,
2650
			    cs->cs_conn->ic_max_send_data_segment_length);
2651
			if (cb != NULL) {
2652
				response->ip_prv0 = io->scsiio.kern_data_ref;
2653
				response->ip_prv1 = io->scsiio.kern_data_arg;
2654
				io->scsiio.kern_data_ref(io->scsiio.kern_data_arg, 1);
2655
			}
2656
			cfiscsi_pdu_queue_cb(response, cb);
2657
			response = NULL;
2658
			bhsdi = NULL;
2659
		}
2660
	}
2661
	if (response != NULL) {
2662
		buffer_offset += response->ip_data_len;
2663
		if (buffer_offset == io->scsiio.kern_total_len ||
2664
		    buffer_offset == expected_len) {
2665
			bhsdi->bhsdi_flags |= BHSDI_FLAGS_F;
2666
			if (io->io_hdr.status == CTL_SUCCESS) {
2667
				bhsdi->bhsdi_flags |= BHSDI_FLAGS_S;
2668
				if (io->scsiio.kern_total_len <
2669
				    ntohl(bhssc->bhssc_expected_data_transfer_length)) {
2670
					bhsdi->bhsdi_flags |= BHSSR_FLAGS_RESIDUAL_UNDERFLOW;
2671
					bhsdi->bhsdi_residual_count =
2672
					    htonl(ntohl(bhssc->bhssc_expected_data_transfer_length) -
2673
					    io->scsiio.kern_total_len);
2674
				} else if (io->scsiio.kern_total_len >
2675
				    ntohl(bhssc->bhssc_expected_data_transfer_length)) {
2676
					bhsdi->bhsdi_flags |= BHSSR_FLAGS_RESIDUAL_OVERFLOW;
2677
					bhsdi->bhsdi_residual_count =
2678
					    htonl(io->scsiio.kern_total_len -
2679
					    ntohl(bhssc->bhssc_expected_data_transfer_length));
2680
				}
2681
				bhsdi->bhsdi_status = io->scsiio.scsi_status;
2682
				io->io_hdr.flags |= CTL_FLAG_STATUS_SENT;
2683
			}
2684
		}
2685
		KASSERT(response->ip_data_len > 0, ("sending empty Data-In"));
2686
		PRIV_EXPDATASN(io) += howmany(response->ip_data_len,
2687
		    cs->cs_conn->ic_max_send_data_segment_length);
2688
		if (cb != NULL) {
2689
			response->ip_prv0 = io->scsiio.kern_data_ref;
2690
			response->ip_prv1 = io->scsiio.kern_data_arg;
2691
			io->scsiio.kern_data_ref(io->scsiio.kern_data_arg, 1);
2692
		}
2693
		cfiscsi_pdu_queue_cb(response, cb);
2694
	}
2695

2696
	ctl_datamove_done(io, true);
2697
}
2698

2699
static void
2700
cfiscsi_datamove_out(union ctl_io *io)
2701
{
2702
	struct cfiscsi_session *cs;
2703
	struct icl_pdu *request, *response;
2704
	const struct iscsi_bhs_scsi_command *bhssc;
2705
	struct iscsi_bhs_r2t *bhsr2t;
2706
	struct cfiscsi_data_wait *cdw;
2707
	struct ctl_sg_entry ctl_sg_entry, *ctl_sglist;
2708
	uint32_t expected_len, datamove_len, r2t_off, r2t_len;
2709
	uint32_t target_transfer_tag;
2710
	bool done;
2711

2712
	request = PRIV_REQUEST(io);
2713
	cs = PDU_SESSION(request);
2714

2715
	bhssc = (const struct iscsi_bhs_scsi_command *)request->ip_bhs;
2716
	KASSERT((bhssc->bhssc_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
2717
	    ISCSI_BHS_OPCODE_SCSI_COMMAND,
2718
	    ("bhssc->bhssc_opcode != ISCSI_BHS_OPCODE_SCSI_COMMAND"));
2719

2720
	/*
2721
	 * Complete write underflow.  Not a single byte to read.  Return.
2722
	 */
2723
	expected_len = ntohl(bhssc->bhssc_expected_data_transfer_length);
2724
	if (io->scsiio.kern_rel_offset >= expected_len) {
2725
		ctl_datamove_done(io, true);
2726
		return;
2727
	}
2728

2729
	datamove_len = MIN(io->scsiio.kern_data_len,
2730
	    expected_len - io->scsiio.kern_rel_offset);
2731

2732
	target_transfer_tag =
2733
	    atomic_fetchadd_32(&cs->cs_target_transfer_tag, 1);
2734
	if (target_transfer_tag == 0xffffffff) {
2735
		target_transfer_tag =
2736
		    atomic_fetchadd_32(&cs->cs_target_transfer_tag, 1);
2737
	}
2738
	cdw = cfiscsi_data_wait_new(cs, io, bhssc->bhssc_initiator_task_tag,
2739
	    &target_transfer_tag);
2740
	if (cdw == NULL) {
2741
		CFISCSI_SESSION_WARN(cs, "failed to "
2742
		    "allocate memory; dropping connection");
2743
		ctl_set_busy(&io->scsiio);
2744
		ctl_datamove_done(io, true);
2745
		cfiscsi_session_terminate(cs);
2746
		return;
2747
	}
2748
#if 0
2749
	CFISCSI_SESSION_DEBUG(cs, "expecting Data-Out with initiator "
2750
	    "task tag 0x%x, target transfer tag 0x%x",
2751
	    bhssc->bhssc_initiator_task_tag, target_transfer_tag);
2752
#endif
2753

2754
	cdw->cdw_ctl_io = io;
2755
	cdw->cdw_target_transfer_tag = target_transfer_tag;
2756
	cdw->cdw_initiator_task_tag = bhssc->bhssc_initiator_task_tag;
2757
	cdw->cdw_r2t_end = datamove_len;
2758
	cdw->cdw_datasn = 0;
2759

2760
	/* Set initial data pointer for the CDW respecting ext_data_filled. */
2761
	if (io->scsiio.kern_sg_entries > 0) {
2762
		ctl_sglist = (struct ctl_sg_entry *)io->scsiio.kern_data_ptr;
2763
	} else {
2764
		ctl_sglist = &ctl_sg_entry;
2765
		ctl_sglist->addr = io->scsiio.kern_data_ptr;
2766
		ctl_sglist->len = datamove_len;
2767
	}
2768
	cdw->cdw_sg_index = 0;
2769
	cdw->cdw_sg_addr = ctl_sglist[cdw->cdw_sg_index].addr;
2770
	cdw->cdw_sg_len = ctl_sglist[cdw->cdw_sg_index].len;
2771
	r2t_off = io->scsiio.ext_data_filled;
2772
	while (r2t_off > 0) {
2773
		if (r2t_off >= cdw->cdw_sg_len) {
2774
			r2t_off -= cdw->cdw_sg_len;
2775
			cdw->cdw_sg_index++;
2776
			cdw->cdw_sg_addr = ctl_sglist[cdw->cdw_sg_index].addr;
2777
			cdw->cdw_sg_len = ctl_sglist[cdw->cdw_sg_index].len;
2778
			continue;
2779
		}
2780
		cdw->cdw_sg_addr += r2t_off;
2781
		cdw->cdw_sg_len -= r2t_off;
2782
		r2t_off = 0;
2783
	}
2784

2785
	if (cs->cs_immediate_data &&
2786
	    io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled <
2787
	    icl_pdu_data_segment_length(request)) {
2788
		done = cfiscsi_handle_data_segment(request, cdw);
2789
		if (done) {
2790
			cfiscsi_data_wait_free(cs, cdw);
2791
			ctl_datamove_done(io, true);
2792
			return;
2793
		}
2794
	}
2795

2796
	r2t_off = io->scsiio.kern_rel_offset + io->scsiio.ext_data_filled;
2797
	r2t_len = MIN(datamove_len - io->scsiio.ext_data_filled,
2798
	    cs->cs_max_burst_length);
2799
	cdw->cdw_r2t_end = io->scsiio.ext_data_filled + r2t_len;
2800

2801
	CFISCSI_SESSION_LOCK(cs);
2802
	if (cs->cs_terminating_tasks) {
2803
		CFISCSI_SESSION_UNLOCK(cs);
2804
		KASSERT((io->io_hdr.flags & CTL_FLAG_ABORT) != 0,
2805
		    ("%s: I/O request %p on termating session %p not aborted",
2806
		    __func__, io, cs));
2807
		CFISCSI_SESSION_WARN(cs, "aborting data_wait for aborted I/O");
2808
		cfiscsi_data_wait_abort(cs, cdw, 44);
2809
		return;
2810
	}
2811
	TAILQ_INSERT_TAIL(&cs->cs_waiting_for_data_out, cdw, cdw_next);
2812
	CFISCSI_SESSION_UNLOCK(cs);
2813

2814
	/*
2815
	 * XXX: We should limit the number of outstanding R2T PDUs
2816
	 * 	per task to MaxOutstandingR2T.
2817
	 */
2818
	response = cfiscsi_pdu_new_response(request, M_NOWAIT);
2819
	if (response == NULL) {
2820
		CFISCSI_SESSION_WARN(cs, "failed to "
2821
		    "allocate memory; dropping connection");
2822
		ctl_set_busy(&io->scsiio);
2823
		ctl_datamove_done(io, true);
2824
		cfiscsi_session_terminate(cs);
2825
		return;
2826
	}
2827
	io->io_hdr.flags |= CTL_FLAG_DMA_INPROG;
2828
	bhsr2t = (struct iscsi_bhs_r2t *)response->ip_bhs;
2829
	bhsr2t->bhsr2t_opcode = ISCSI_BHS_OPCODE_R2T;
2830
	bhsr2t->bhsr2t_flags = 0x80;
2831
	bhsr2t->bhsr2t_lun = bhssc->bhssc_lun;
2832
	bhsr2t->bhsr2t_initiator_task_tag = bhssc->bhssc_initiator_task_tag;
2833
	bhsr2t->bhsr2t_target_transfer_tag = target_transfer_tag;
2834
	/*
2835
	 * XXX: Here we assume that cfiscsi_datamove() won't ever
2836
	 *	be running concurrently on several CPUs for a given
2837
	 *	command.
2838
	 */
2839
	bhsr2t->bhsr2t_r2tsn = htonl(PRIV_R2TSN(io)++);
2840
	/*
2841
	 * This is the offset within the current SCSI command;
2842
	 * i.e. for the first call of datamove(), it will be 0,
2843
	 * and for subsequent ones it will be the sum of lengths
2844
	 * of previous ones.
2845
	 *
2846
	 * The ext_data_filled is to account for unsolicited
2847
	 * (immediate) data that might have already arrived.
2848
	 */
2849
	bhsr2t->bhsr2t_buffer_offset = htonl(r2t_off);
2850
	/*
2851
	 * This is the total length (sum of S/G lengths) this call
2852
	 * to cfiscsi_datamove() is supposed to handle, limited by
2853
	 * MaxBurstLength.
2854
	 */
2855
	bhsr2t->bhsr2t_desired_data_transfer_length = htonl(r2t_len);
2856
	cfiscsi_pdu_queue(response);
2857
}
2858

2859
static void
2860
cfiscsi_datamove(union ctl_io *io)
2861
{
2862

2863
	if ((io->io_hdr.flags & CTL_FLAG_DATA_MASK) == CTL_FLAG_DATA_IN)
2864
		cfiscsi_datamove_in(io);
2865
	else {
2866
		/* We hadn't received anything during this datamove yet. */
2867
		io->scsiio.ext_data_filled = 0;
2868
		cfiscsi_datamove_out(io);
2869
	}
2870
}
2871

2872
static void
2873
cfiscsi_scsi_command_done(union ctl_io *io)
2874
{
2875
	struct icl_pdu *request, *response;
2876
	struct iscsi_bhs_scsi_command *bhssc;
2877
	struct iscsi_bhs_scsi_response *bhssr;
2878
#ifdef DIAGNOSTIC
2879
	struct cfiscsi_data_wait *cdw;
2880
	struct cfiscsi_session *cs;
2881
#endif
2882
	uint16_t sense_length;
2883

2884
	request = PRIV_REQUEST(io);
2885
	bhssc = (struct iscsi_bhs_scsi_command *)request->ip_bhs;
2886
	KASSERT((bhssc->bhssc_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
2887
	    ISCSI_BHS_OPCODE_SCSI_COMMAND,
2888
	    ("replying to wrong opcode 0x%x", bhssc->bhssc_opcode));
2889

2890
	//CFISCSI_SESSION_DEBUG(cs, "initiator task tag 0x%x",
2891
	//    bhssc->bhssc_initiator_task_tag);
2892

2893
#ifdef DIAGNOSTIC
2894
	cs = PDU_SESSION(request);
2895
	CFISCSI_SESSION_LOCK(cs);
2896
	TAILQ_FOREACH(cdw, &cs->cs_waiting_for_data_out, cdw_next)
2897
		KASSERT(bhssc->bhssc_initiator_task_tag !=
2898
		    cdw->cdw_initiator_task_tag, ("dangling cdw"));
2899
	CFISCSI_SESSION_UNLOCK(cs);
2900
#endif
2901

2902
	/*
2903
	 * Do not return status for aborted commands.
2904
	 * There are exceptions, but none supported by CTL yet.
2905
	 */
2906
	if (((io->io_hdr.flags & CTL_FLAG_ABORT) &&
2907
	     (io->io_hdr.flags & CTL_FLAG_ABORT_STATUS) == 0) ||
2908
	    (io->io_hdr.flags & CTL_FLAG_STATUS_SENT)) {
2909
		ctl_free_io(io);
2910
		icl_pdu_free(request);
2911
		return;
2912
	}
2913

2914
	response = cfiscsi_pdu_new_response(request, M_WAITOK);
2915
	bhssr = (struct iscsi_bhs_scsi_response *)response->ip_bhs;
2916
	bhssr->bhssr_opcode = ISCSI_BHS_OPCODE_SCSI_RESPONSE;
2917
	bhssr->bhssr_flags = 0x80;
2918
	/*
2919
	 * XXX: We don't deal with bidirectional under/overflows;
2920
	 *	does anything actually support those?
2921
	 */
2922
	if (io->scsiio.kern_total_len <
2923
	    ntohl(bhssc->bhssc_expected_data_transfer_length)) {
2924
		bhssr->bhssr_flags |= BHSSR_FLAGS_RESIDUAL_UNDERFLOW;
2925
		bhssr->bhssr_residual_count =
2926
		    htonl(ntohl(bhssc->bhssc_expected_data_transfer_length) -
2927
		    io->scsiio.kern_total_len);
2928
		//CFISCSI_SESSION_DEBUG(cs, "underflow; residual count %d",
2929
		//    ntohl(bhssr->bhssr_residual_count));
2930
	} else if (io->scsiio.kern_total_len >
2931
	    ntohl(bhssc->bhssc_expected_data_transfer_length)) {
2932
		bhssr->bhssr_flags |= BHSSR_FLAGS_RESIDUAL_OVERFLOW;
2933
		bhssr->bhssr_residual_count = htonl(io->scsiio.kern_total_len -
2934
		    ntohl(bhssc->bhssc_expected_data_transfer_length));
2935
		//CFISCSI_SESSION_DEBUG(cs, "overflow; residual count %d",
2936
		//    ntohl(bhssr->bhssr_residual_count));
2937
	}
2938
	bhssr->bhssr_response = BHSSR_RESPONSE_COMMAND_COMPLETED;
2939
	bhssr->bhssr_status = io->scsiio.scsi_status;
2940
	bhssr->bhssr_initiator_task_tag = bhssc->bhssc_initiator_task_tag;
2941
	bhssr->bhssr_expdatasn = htonl(PRIV_EXPDATASN(io));
2942

2943
	if (io->scsiio.sense_len > 0) {
2944
#if 0
2945
		CFISCSI_SESSION_DEBUG(cs, "returning %d bytes of sense data",
2946
		    io->scsiio.sense_len);
2947
#endif
2948
		sense_length = htons(io->scsiio.sense_len);
2949
		icl_pdu_append_data(response,
2950
		    &sense_length, sizeof(sense_length), M_WAITOK);
2951
		icl_pdu_append_data(response,
2952
		    &io->scsiio.sense_data, io->scsiio.sense_len, M_WAITOK);
2953
	}
2954

2955
	ctl_free_io(io);
2956
	icl_pdu_free(request);
2957
	cfiscsi_pdu_queue(response);
2958
}
2959

2960
static void
2961
cfiscsi_task_management_done(union ctl_io *io)
2962
{
2963
	struct icl_pdu *request, *response;
2964
	struct iscsi_bhs_task_management_request *bhstmr;
2965
	struct iscsi_bhs_task_management_response *bhstmr2;
2966
	struct cfiscsi_data_wait *cdw, *tmpcdw;
2967
	struct cfiscsi_session *cs, *tcs;
2968
	struct cfiscsi_softc *softc;
2969
	int cold_reset = 0;
2970

2971
	request = PRIV_REQUEST(io);
2972
	cs = PDU_SESSION(request);
2973
	bhstmr = (struct iscsi_bhs_task_management_request *)request->ip_bhs;
2974
	KASSERT((bhstmr->bhstmr_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) ==
2975
	    ISCSI_BHS_OPCODE_TASK_REQUEST,
2976
	    ("replying to wrong opcode 0x%x", bhstmr->bhstmr_opcode));
2977

2978
#if 0
2979
	CFISCSI_SESSION_DEBUG(cs, "initiator task tag 0x%x; referenced task tag 0x%x",
2980
	    bhstmr->bhstmr_initiator_task_tag,
2981
	    bhstmr->bhstmr_referenced_task_tag);
2982
#endif
2983

2984
	if ((bhstmr->bhstmr_function & ~0x80) ==
2985
	    BHSTMR_FUNCTION_ABORT_TASK) {
2986
		/*
2987
		 * Make sure we no longer wait for Data-Out for this command.
2988
		 */
2989
		CFISCSI_SESSION_LOCK(cs);
2990
		TAILQ_FOREACH_SAFE(cdw,
2991
		    &cs->cs_waiting_for_data_out, cdw_next, tmpcdw) {
2992
			if (bhstmr->bhstmr_referenced_task_tag !=
2993
			    cdw->cdw_initiator_task_tag)
2994
				continue;
2995

2996
#if 0
2997
			CFISCSI_SESSION_DEBUG(cs, "removing csw for initiator task "
2998
			    "tag 0x%x", bhstmr->bhstmr_initiator_task_tag);
2999
#endif
3000
			TAILQ_REMOVE(&cs->cs_waiting_for_data_out,
3001
			    cdw, cdw_next);
3002
			cfiscsi_data_wait_abort(cs, cdw, 43);
3003
		}
3004
		CFISCSI_SESSION_UNLOCK(cs);
3005
	}
3006
	if ((bhstmr->bhstmr_function & ~0x80) ==
3007
	    BHSTMR_FUNCTION_TARGET_COLD_RESET &&
3008
	    io->io_hdr.status == CTL_SUCCESS)
3009
		cold_reset = 1;
3010

3011
	response = cfiscsi_pdu_new_response(request, M_WAITOK);
3012
	bhstmr2 = (struct iscsi_bhs_task_management_response *)
3013
	    response->ip_bhs;
3014
	bhstmr2->bhstmr_opcode = ISCSI_BHS_OPCODE_TASK_RESPONSE;
3015
	bhstmr2->bhstmr_flags = 0x80;
3016
	switch (io->taskio.task_status) {
3017
	case CTL_TASK_FUNCTION_COMPLETE:
3018
		bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_COMPLETE;
3019
		break;
3020
	case CTL_TASK_FUNCTION_SUCCEEDED:
3021
		bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_SUCCEEDED;
3022
		break;
3023
	case CTL_TASK_LUN_DOES_NOT_EXIST:
3024
		bhstmr2->bhstmr_response = BHSTMR_RESPONSE_LUN_DOES_NOT_EXIST;
3025
		break;
3026
	case CTL_TASK_FUNCTION_NOT_SUPPORTED:
3027
	default:
3028
		bhstmr2->bhstmr_response = BHSTMR_RESPONSE_FUNCTION_NOT_SUPPORTED;
3029
		break;
3030
	}
3031
	memcpy(bhstmr2->bhstmr_additional_reponse_information,
3032
	    io->taskio.task_resp, sizeof(io->taskio.task_resp));
3033
	bhstmr2->bhstmr_initiator_task_tag = bhstmr->bhstmr_initiator_task_tag;
3034

3035
	ctl_free_io(io);
3036
	icl_pdu_free(request);
3037
	cfiscsi_pdu_queue(response);
3038

3039
	if (cold_reset) {
3040
		softc = cs->cs_target->ct_softc;
3041
		mtx_lock(&softc->lock);
3042
		TAILQ_FOREACH(tcs, &softc->sessions, cs_next) {
3043
			if (tcs->cs_target == cs->cs_target)
3044
				cfiscsi_session_terminate(tcs);
3045
		}
3046
		mtx_unlock(&softc->lock);
3047
	}
3048
}
3049

3050
static void
3051
cfiscsi_done(union ctl_io *io)
3052
{
3053
	struct icl_pdu *request;
3054
	struct cfiscsi_session *cs;
3055

3056
	KASSERT(((io->io_hdr.status & CTL_STATUS_MASK) != CTL_STATUS_NONE),
3057
		("invalid CTL status %#x", io->io_hdr.status));
3058

3059
	request = PRIV_REQUEST(io);
3060
	cs = PDU_SESSION(request);
3061

3062
	switch (request->ip_bhs->bhs_opcode & ~ISCSI_BHS_OPCODE_IMMEDIATE) {
3063
	case ISCSI_BHS_OPCODE_SCSI_COMMAND:
3064
		cfiscsi_scsi_command_done(io);
3065
		break;
3066
	case ISCSI_BHS_OPCODE_TASK_REQUEST:
3067
		cfiscsi_task_management_done(io);
3068
		break;
3069
	case ISCSI_BHS_OPCODE_INTERNAL:
3070
		/*
3071
		 * Implicit task termination has just completed; nothing to do.
3072
		 */
3073
		icl_pdu_free(request);
3074
		cs->cs_tasks_aborted = true;
3075
		refcount_release(&cs->cs_outstanding_ctl_pdus);
3076
		wakeup(__DEVOLATILE(void *, &cs->cs_outstanding_ctl_pdus));
3077
		ctl_free_io(io);
3078
		return;
3079
	default:
3080
		panic("cfiscsi_done called with wrong opcode 0x%x",
3081
		    request->ip_bhs->bhs_opcode);
3082
	}
3083

3084
	refcount_release(&cs->cs_outstanding_ctl_pdus);
3085
}
3086

3087