Commit Graph

2005 Commits

Author SHA1 Message Date
Kenneth D. Merry
6f579fdb17 Fix a potential sleep while holding a mutex in the sa(4) driver.
If the user issues a MTIOCEXTGET ioctl, and the tape drive in question has
a serial number that is longer than 80 characters, we malloc a buffer in
saextget() to hold the output of cam_strvis().

Since a mutex is held in that codepath, doing a M_WAITOK malloc could lead
to sleeping while holding a mutex.  Change it to a M_NOWAIT malloc and bail
out if we fail to allocate the memory.  Devices with serial numbers longer
than 80 bytes are very rare (I don't recall seeing one), so this
should be a very unusual case to hit.  But it is a bug that should be fixed.

sys/cam/scsi/scsi_sa.c:
	In saextget(), if we need to malloc a buffer to hold the output of
	cam_strvis(), don't wait for the memory.  Fail and return an error
	if we can't allocate the memory immediately.

PR:		kern/220094
Submitted by:	Jia-Ju Bai <baijiaju1990@163.com>
MFC after:	3 days
Sponsored by:	Spectra Logic
2017-06-19 20:48:00 +00:00
Gleb Smirnoff
779f106aa1 Listening sockets improvements.
o Separate fields of struct socket that belong to listening from
  fields that belong to normal dataflow, and unionize them.  This
  shrinks the structure a bit.
  - Take out selinfo's from the socket buffers into the socket. The
    first reason is to support braindamaged scenario when a socket is
    added to kevent(2) and then listen(2) is cast on it. The second
    reason is that there is future plan to make socket buffers pluggable,
    so that for a dataflow socket a socket buffer can be changed, and
    in this case we also want to keep same selinfos through the lifetime
    of a socket.
  - Remove struct struct so_accf. Since now listening stuff no longer
    affects struct socket size, just move its fields into listening part
    of the union.
  - Provide sol_upcall field and enforce that so_upcall_set() may be called
    only on a dataflow socket, which has buffers, and for listening sockets
    provide solisten_upcall_set().

o Remove ACCEPT_LOCK() global.
  - Add a mutex to socket, to be used instead of socket buffer lock to lock
    fields of struct socket that don't belong to a socket buffer.
  - Allow to acquire two socket locks, but the first one must belong to a
    listening socket.
  - Make soref()/sorele() to use atomic(9).  This allows in some situations
    to do soref() without owning socket lock.  There is place for improvement
    here, it is possible to make sorele() also to lock optionally.
  - Most protocols aren't touched by this change, except UNIX local sockets.
    See below for more information.

o Reduce copy-and-paste in kernel modules that accept connections from
  listening sockets: provide function solisten_dequeue(), and use it in
  the following modules: ctl(4), iscsi(4), ng_btsocket(4), ng_ksocket(4),
  infiniband, rpc.

o UNIX local sockets.
  - Removal of ACCEPT_LOCK() global uncovered several races in the UNIX
    local sockets.  Most races exist around spawning a new socket, when we
    are connecting to a local listening socket.  To cover them, we need to
    hold locks on both PCBs when spawning a third one.  This means holding
    them across sonewconn().  This creates a LOR between pcb locks and
    unp_list_lock.
  - To fix the new LOR, abandon the global unp_list_lock in favor of global
    unp_link_lock.  Indeed, separating these two locks didn't provide us any
    extra parralelism in the UNIX sockets.
  - Now call into uipc_attach() may happen with unp_link_lock hold if, we
    are accepting, or without unp_link_lock in case if we are just creating
    a socket.
  - Another problem in UNIX sockets is that uipc_close() basicly did nothing
    for a listening socket.  The vnode remained opened for connections.  This
    is fixed by removing vnode in uipc_close().  Maybe the right way would be
    to do it for all sockets (not only listening), simply move the vnode
    teardown from uipc_detach() to uipc_close()?

Sponsored by:		Netflix
Differential Revision:	https://reviews.freebsd.org/D9770
2017-06-08 21:30:34 +00:00
Wojciech Macek
631f8f40d3 Introduce Genesys GL3224 quirks
The Genesys chip is failing when issueing READ_CAP(16) command.
Force a quirk to disable it and use READ_CAP(10) instead.

Also, depending on used firmware, GL3224 can be recognized
either as 'storage device' or 'mass storage class' -
enable both variants in scsi_quirk_table.

Submitted by:    Wojciech Macek <wma@semihalf.com>
                 Konrad Adamczyk <ka@semihalf.com>
Obtained from:   Semihalf
Sponsored by:    Stormshield
Reviewed by:     mav
Differential revision: https://reviews.freebsd.org/D10902
2017-05-29 09:22:53 +00:00
Andriy Gapon
b5617df55b Allow PROBE_SPINUP to fail in CAM ATA transport
The motivation for this is two-fold.

1. Some old WD SATA disks may appear as if they need to be spun up
when they are already spinning.  Those disks would respond with
an error to the spin-up request.

2. Even if we really fail to spin up the disk, we still can try to
proceed to the subsequent phases.  If we fail later on, then no
difference.  Otherwise we get a chance to communicate with the
disk which is better than completely ignoring it, because a user
can try to recover the disk.

Reviewed by:	mav
MFC after:	3 weeks
Differential Revision: https://reviews.freebsd.org/D10896
2017-05-26 17:44:47 +00:00
Kenneth D. Merry
64409eeee7 Add basic programmable early warning error injection to the sa(4) driver.
This will help application developers simulate end of tape conditions.

To inject an error in sa0:

sysctl kern.cam.sa.0.inject_eom=1

This will return the next read or write request queued with 0 bytes
written.  Any subsequent writes or reads will go along as usual.

This will also cause the early warning position flag to get set
for the next position query.  So, 'mt status' will show the BPEW
(Beyond Programmable Early Warning) flag on the first query after
an error injection.  After that, the position flags will be as they
are in the underlying tape drive.

Also, update the sa(4) man page to describe tape parameters,
which can be set via 'mt param'.

sys/cam/scsi/scsi_sa.c:
	In saregister(), create the inject_eom sysctl variable.

	In sastart(), check to see whether inject_eom is set.  If
	so, return the read or write with 0 bytes written to
	indicate EOM.  Set the set_pews_status flag so that we
	fake PEWS status in the next position call for reads, and the
	next 3 calls for writes.  This allows the user to see the BPEW
	flag one time via 'mt status'.

	In sagetpos(), check the set_pews_status flag and fake
	PEWS status and decrement the counter if it is set.

share/man/man4/sa.4:
	Document the inject_eom sysctl variable.

	Document all of the parameters currently supported via
	'mt param'.

usr.bin/mt/mt.1:
	Point the user to the sa(4) man page for more details on
	supported parameters.

MFC after:	3 days
Sponsored by:	Spectra Logic
2017-05-05 20:00:53 +00:00
Kenneth D. Merry
6da3b2f7f0 Add the SCSI Solid State Media Log page (0x11) definition.
sys/cam/scsi/scsi_all.h:
	Add the SCSI Solid State Media log page (0x11) structure
	definition.  This gives the percentage used (in terms of
	lifetime flash wear) of an SSD.

MFC after:	3 days
Sponsored by:	Spectra Logic
2017-05-04 17:23:39 +00:00
Kenneth D. Merry
6953d22b15 Fix error recovery behavior in the pass(4) driver.
After FreeBSD SVN revision 236814, the pass(4) driver changed from
only doing error recovery when the CAM_PASS_ERR_RECOVER flag was
set on a CCB to sometimes doing error recovery if the passed in
retry count was non-zero.

Error recovery would happen if two conditions were met:

1.  The error recovery action was simply a retry.  (Which is most
    cases.)
2.  The retry_count is non-zero. (Which happened a lot because of
    cut-and-pasted code.)

This explains a bug I noticed in with camcontrol:

# camcontrol tur da34 -v
Unit is ready
# camcontrol reset da34
Reset of 1:172:0 was successful

At this point, there should be a Unit Attention:

# camcontrol tur da34 -v
Unit is ready

No Unit Attention.

Try it again:

# camcontrol reset da34
Reset of 1:172:0 was successful

Now set the retry_count to 0 for the TUR:

# camcontrol tur da34 -v -C 0
Unit is not ready
(pass42:mps1:0:172:0): TEST UNIT READY. CDB: 00 00 00 00 00 00
(pass42:mps1:0:172:0): CAM status: SCSI Status Error
(pass42:mps1:0:172:0): SCSI status: Check Condition
(pass42:mps1:0:172:0): SCSI sense: UNIT ATTENTION asc:29,2 (SCSI bus reset occurred)
(pass42:mps1:0:172:0): Field Replaceable Unit: 2

There is the unit attention. camcontrol(8) has a default
retry_count of 1, in case someone sets the -E flag without
setting -C.

The CAM_PASS_ERR_RECOVER behavior was only broken with the
CAMIOCOMMAND ioctl, which is the synchronous pass(4) API.  It has
worked as intended (error recovery is only done when the flag
is set) in the asynchronous API (CAMIOQUEUE ioctl).

sys/cam/scsi/scsi_pass.c:
	In passsendccb(), when calling cam_periph_runccb(), only
	specify the error routine when CAM_PASS_ERR_RECOVER is set.

share/man/man4/pass.4:
	Document that CAM_PASS_ERR_RECOVER is needed to enable
	error recovery.

Reported by:	Terry Kennedy <TERRY@glaver.org>
PR:		kern/218572
MFC after:	1 week
Sponsored by:	Spectra Logic
2017-05-03 20:59:47 +00:00
Kenneth D. Merry
c36036beff Don't bother retrying errors for encrypted drives that are locked.
sys/cam/scsi/scsi_all.c:
	In the asc_table, if we get a 0x20,0x02 error ("Access denied -
	no access rights"), don't bother retrying.  Instead, immediately
	fail the command.

	This is the error returned by Self Encrypting Drives (SED) when
	they are locked.

MFC after:	3 days
Sponsored by:	Spectra Logic
2017-05-03 14:53:27 +00:00
Scott Long
da0d7209e0 Fix an unsafe malloc usage with sbufs.
Reported by:	ken
Sponsored by:	Netflix
2017-05-03 05:33:15 +00:00
Kenneth D. Merry
4ab558860e Add the SCSI SSC Manufacturer assigned serial number VPD page.
This is current as of SSC-5r03.

Submitted by:	Sam Klopsch
MFC after:	3 days
2017-05-02 14:52:28 +00:00
Alexander Motin
d0cfe1010e Change ctl_free_lun() locking.
This fixes potential callout_drain() sleep under non-sleepable lock.

PR:		218167
MFC after:	2 weeks
2017-04-24 12:52:42 +00:00
Alexander Motin
68bf823f9f Slightly compact the code.
MFC after:	2 weeks
2017-04-24 12:44:04 +00:00
Scott Long
fb2cec6f53 Reorder the minimum_cmd_size code to make it a little smaller and
easier to read.
2017-04-20 20:46:34 +00:00
Scott Long
5d01277f59 Add infrastructure to the ATA and SCSI transports that supports
using a driver-supplied sbuf for printing device discovery
announcements. This helps ensure that messages to the console
will be properly serialized (through sbuf_putbuf) and not be
truncated and interleaved with other messages. The
infrastructure mirrors the existing xpt_announce_periph()
entry point and is opt-in for now. No content or formatting
changes are visible to the operator other than the new coherency.

While here, eliminate the stack usage of the temporary
announcement buffer in some of the drivers. It's moved to the
softc for now, but future work will eliminate it entirely by
making the code flow more linear. Future work will also address
locking so that the sbufs can be dynamically sized.

The scsi_da, scs_cd, scsi_ses, and ata_da drivers are converted
at this point, other drivers can be converted at a later date.
A tunable+sysctl, kern.cam.announce_nosbuf, exists for testing
purposes but will be removed later.

TODO:
Eliminate all of the code duplication and temporary buffers.  The
old printf-based methods will be retired, and xpt_announce_periph()
will just be a wrapper that uses a dynamically sized sbuf.  This
requires that the register and deregister paths be made malloc-safe,
which they aren't currently.

Sponsored by:	Netflix
2017-04-19 15:04:52 +00:00
Conrad Meyer
ac30bca611 da(4): Fix a TRIM regression introduced in r308155
According to Warner, multiple TRIM BIOs are collapsed into a single CCB with
NULL bp.  It is invalid to biotrack() NULL, and results in a fault.  So,
don't do that.

Reported by:	asomers@
Sponsored by:	Dell EMC Isilon
2017-04-18 21:05:05 +00:00
Alexander Motin
bb8cea1b21 Fix few minor issues found by Clang Analyzer.
MFC after:	2 weeks
2017-04-09 07:54:39 +00:00
Enji Cooper
653e7d6396 Split iscsi(4) ctl frontend off of ctl(4) as cfiscsi(4)
The goal of this work is to remove the explicit dependency for ctl(4)
on iscsi(4), so end-users without iscsi(4) support in the kernel can
use ctl(4) for its other functions.

This allows those without iscsi(4) support built into the kernel to use
ctl(4) as a test mechanism. As a sidenote, this was possible around the
10.0-RELEASE period, but made impossible for end-users without iscsi(4)
between 10.0-RELEASE and 11.0-RELEASE.

Automatically load cfiscsi(4) from ctladm(8) and ctld(8) for backwards
compatibility with previously releases. The automatic loading feature is
compiled into the beforementioned tools if MK_ISCSI == yes when building
world.

Add a manpage for cfiscsi(4) and refer to it in ctl(4).

Differential Revision:	D10099
MFC after:	2 months
Relnotes:	yes
Reviewed by:	mav, trasz
Sponsored by:	Dell EMC Isilon
2017-03-30 04:56:27 +00:00
Michael Gmelin
9fc511b8a5 In r289137 the legacy_aliases compatibility shims for ata were removed,
also remove a leftover define used for implementing them.

Reviewed by:	mav
Differential Revision:	https://reviews.freebsd.org/D6726
2017-03-28 23:02:41 +00:00
Bryan Drewery
9ff3cdff12 Release ccb if mode_buffer allocation fails.
MFC after:	2 weeks
Obtained from:	OneFS
Sponsored by:	Dell EMC Isilon
2017-03-28 00:39:41 +00:00
Alexander Motin
62df0949fd Remove "UNMAPPED" messages printed on da periph attach.
I think this message is not very useful for end user.  Also its formatting
does not match other messages printed at that time.  Those who really need
this information can always find it in `camcontrol negotiate daX -v`.

MFC after:	2 weeks
2017-03-23 10:50:45 +00:00
Warner Losh
79d80af216 Implement moving SD.
From the paper "Incremental calculation of weighted mean and variance"
by Tony Finch Februrary 2009, retrieved from
http://people.ds.cam.ac.uk/fanf2/hermes/doc/antiforgery/stats.pdf
converted to use shifting.
2017-03-22 19:18:47 +00:00
Alexander Motin
331d00ba74 Minor cosmetic addition to r315673.
Now CAM_SIM_LOCK() macros are not used and may be removed later.

MFC after:	2 weeks
2017-03-21 09:24:07 +00:00
Alexander Motin
401ed17ad0 Make CAM SIM lock optional.
For three years now CAM does not use SIM lock, but still enforces SIM to
use it.  Remove this requirement, allowing SIMs to have any locking they
prefer, if they pass no mutex to cam_sim_alloc().

MFC after:	2 weeks
2017-03-21 09:12:41 +00:00
Alexander Motin
b1303ffeb2 Increase device openings to tagged maximum.
Some SIMs report much less untagged device openings then tagged ones.
Target mode devices are not handled by regular probing routines, and so
there is nothing to increase queue size for them to the SIM's maximum.
To fix that resize the queue explicitly on ctl periph registration.
This radically improves performance of mpt(4) in target mode.

Also fetch and report device queue statistics in `ctladm dumpstructs`,
since regular way of `camcontrol tags` is not usable in target mode.

MFC after:	2 weeks
2017-03-11 18:46:46 +00:00
Alexander Motin
2ef6e7aea8 Allow XPT_GDEV_STATS for UNCONFIGURED devices.
Queue statistics has nothing to do with presence or absence of INQUIRY
data, etc.  Target mode devices are never configured, but have queues.

MFC after:	2 weeks
2017-03-11 18:23:05 +00:00
Alexander Motin
ad0f05e629 Abort all ATIOs and INOTs queued to SIM on LUN disable.
Some SIMs may not abort them implicitly, that either fail the LUN disable
request or just make us wait for those CCBs forever.  With this change
I can successfully disable LUNs on mpt(4).  For isp(4), which aborts them
implicitly, this change should be irrelevant.

MFC after:	2 weeks
2017-03-10 21:09:33 +00:00
Alexander Motin
832529c5bd Switch work_queue from TAILQ to STAILQ.
It is mostly FIFO and we don't need random removal there.

MFC after:	2 weeks
2017-03-10 20:20:00 +00:00
Alexander Motin
45400376e0 Request change of SIM target role only when it is different.
Separate WWNs change into separate request to know what actually failed.

MFC after:	2 weeks
2017-03-10 19:43:45 +00:00
Alexander Motin
6fffdbbd67 Add initial support for UNMAP granularity.
Report UNMAP granularity as stripesize/-offset if we have no other values
to report there.

Add new quirk DA_Q_STRICT_UNMAP for cases when target is too critical to
misaligned UNMAP request, reporting errors instead of being suboptimal.
Setting this quirk makes da periph to forcefully align all UNMAP requests
to avoid those errors by the cost of some odd ranges not being UNMAP'ed.
This makes UNMAP usable within VMware 6.x VMs, just now 100% efficient.

MFC after:	2 weeks
2017-03-08 11:24:33 +00:00
Alexander Motin
94173c3c9b Add mechanism to unload CAM periph drivers.
For now it allows to unload CTL kernel module if there are no target-capable
SIMs in CAM.  As next step full teardown of CAM targets can be implemented.
2017-03-07 17:41:08 +00:00
Mark Johnston
a0bbf9e0e3 Reject userland CCBs that have CAM_UNLOCKED set.
CAM_UNLOCKED is internal flag and cannot correctly be set by userland.
Return EINVAL from CAMIOCOMMAND and CAMIOQUEUE if it is set.

Also fix leaks in some of the error paths for CAMIOQUEUE.

PR:		215356
Reviewed by:	ken, mav
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D9869
2017-03-03 20:51:57 +00:00
Alexander Motin
9d42b1fc43 Add check missed in r314257.
MFC after:	11 days
2017-03-01 17:35:56 +00:00
Alexander Motin
3a13860a1b Make ctl_queue_sense() not sleep.
It may be called in non-sleepable frontend context.

MFC after:	2 weeks
2017-02-28 11:56:17 +00:00
Alexander Motin
9ff948d05f Polish handling of different reset flavours.
The biggest change is that ctl_remove_initiator() now generates I_T NEXUS
LOSS event, cleaning part of LUs state related to the initiator.

MFC after:	2 weeks
2017-02-27 14:59:00 +00:00
Alexander Motin
b371466e29 Add support for SIMs without autosense.
If we asked to send sense data by setting CAM_SEND_SENSE, but SIM didn't
confirm transmission by setting CAM_SENT_SENSE, assume it was not sent.
Queue the I/O back to CTL for later REQUEST SENSE with ctl_queue_sense().
This is needed for error reporting on SPI HBAs like ahc(4)/ahd(4).

MFC after:	2 weeks
2017-02-26 19:23:03 +00:00
Alexander Motin
15b2cdedca Use resid field of CTIO to detect under/overruns.
MFC after:	2 weeks
2017-02-26 12:54:27 +00:00
Warner Losh
2379d1d6ed Move inclusion of opt_printf.h around so that we can compile all the
SCSI modules outside of a sub-build from the kernel.

Differential Revision: https://reviews.freebsd.org/D9653
Sponsored by: Netflix
2017-02-25 22:11:10 +00:00
Alexander Motin
a9d2a1930b Add reporting SAS protocol, in case we ever have one.
MFC after:	2 weeks
2017-02-25 14:36:24 +00:00
Alexander Motin
6563855634 Reenable CTL_WITH_CA, optimizing it for lower memory usage.
This code was disabled due to its high memory usage.  But now we need this
functionality for cfumass(4) frontend, since USB MS BBB transport does not
support autosense.

MFC after:	2 weeks
2017-02-25 14:20:30 +00:00
Alexander Motin
03ea6ef2db Axe out some forever disabled questionable functionality.
This code is complicated enough even in its base shape.

MFC after:	2 weeks
2017-02-25 04:24:51 +00:00
Alexander Motin
3afd480696 Improve CAM target frontend reference counting.
Before this change it was possible to trigger some use-after-free panics
by disabling LUNs/ports under heavy load.

MFC after:	2 weeks
2017-02-25 04:04:11 +00:00
Alexander Motin
d7c2cc352e Explicitly abort ATIO if CTIO sending status has failed.
This helps SIM to free related resources in questionable cases.

MFC after:	2 weeks
2017-02-24 12:12:30 +00:00
Alexander Motin
8d1316f914 We can't access periph after ctlfe_free_ccb().
MFC after:	2 weeks
2017-02-24 11:25:32 +00:00
Alexander Motin
a504738fac Unify ATIO/INOT CCBs requeuing.
MFC after:	2 weeks
2017-02-24 09:16:21 +00:00
Alexander Motin
6b0878502e Some code cleanup.
MFC after:	2 weeks
2017-02-24 07:47:50 +00:00
Alexander Motin
3b63a91d6d Do not blindly free completed ATIOs/INOTs on invalidation.
When LUN is disabled, SIM starts returning queued ATIOs/INOTs.  But at the
same time there can be some ATIOs/INOTs still carrying real new requests.
If we free those, SIM may leak some resources, forever expecting for any
response from us.  So try to be careful, separating ATIOs/INOTs carrying
requests which still must be processed, from ATIOs/INOTs completed with
errors which can be freed.

MFC after:	2 weeks
2017-02-21 06:10:11 +00:00
Alexander Motin
950c5aca4a Remove dead mentions of CAM target mode APIs from drivers.
This makes grepping kernel for target mode implementation much easier.
2017-02-19 17:27:58 +00:00
Alexander Motin
46511441fb Change XCOPY memory allocations.
Before this change XCOPY code could allocate memory in chunks up to 16-32MB
(VMware does XCOPY in 4MB chunks by default), that could be difficult for
VM subsystem to do due to KVA fragmentation, that sometimes created huge
allocation delays, blocking any I/O for respective LU for that time.

This change limits allocations down to TPC_MAX_IO_SIZE, which is 1MB now.
1MB is also not a cookie, but ZFS also can do that for large blocks, so
it should be less dramatic.  As drawback this increases CPU overhead, but
it still look acceptable comparing to time consumed by ZFS read/write.

MFC after:	1 week
2017-02-18 06:03:16 +00:00
Kenneth D. Merry
e9200a6cc2 Make ctl(4) build with CTL_IO_DELAY defined.
sys/cam/ctl/ctl.c:
	In ctl_datamove(), inside CTL_IO_DELAY, add a lun variable and fill
	it in before trying to dereference it.

MFC after:	3 days
Sponsored by:	Spectra Logic
2017-02-17 20:15:27 +00:00
Alexander Motin
7a465c285f Change the way MaxCmdSN is used.
Before this change MaxCmdSN was reported as CmdSN + delta, that made it
limit number of requests in transmission from the initiator to target,
that was pretty useless.  After this change MaxCmdSN limits number of
requests queued to CTL, i.e. maximal queue depth for the initiator.
The default limit is 256 outstanding requests per initiator at a time.

This code uses existing cs_outstanding_ctl_pdus counter to track queue
depth.  It's semantics doen't perfectly match, but close enough to not
add another counter.  Just don't set the maxtags below 2.

MFC after:	2 weeks
2017-02-17 05:22:58 +00:00