Commit 65b0c78d authored by Sebastian Andrzej Siewior's avatar Sebastian Andrzej Siewior Committed by Nicholas Bellinger

target/rd: fix or rewrite the copy routine

So the code assumes that the sg list is only a array while in reality
loopback SGL memory via scsi_cmnd into target-core may be already
chained.  This patch converts ramdisk code to use sg_miter logic from
scatterlist.h in order to properly support passthrough SGL usage with
transport_generic_map_mem_to_cmd() via loopback.

With this patch the bug goes away. However after umount/mount of the
device my files are gone. So something is still not right. After looking
at it for a while I decided to rewrite the that part of the code and now
things do work for me.

For reference:
- http://article.gmane.org/gmane.linux.scsi.target.devel/595
  the sg_next() conversion
- http://article.gmane.org/gmane.linux.scsi.target.devel/602
  the rewrite of the copy code

(nab: Fix compile warning in rd_MEMCPY)
Signed-off-by: default avatarSebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc: stable@kernel.org
Signed-off-by: default avatarNicholas Bellinger <nab@linux-iscsi.org>
parent 5bff9e85
...@@ -343,235 +343,74 @@ static struct rd_dev_sg_table *rd_get_sg_table(struct rd_dev *rd_dev, u32 page) ...@@ -343,235 +343,74 @@ static struct rd_dev_sg_table *rd_get_sg_table(struct rd_dev *rd_dev, u32 page)
return NULL; return NULL;
} }
/* rd_MEMCPY_read(): static int rd_MEMCPY(struct rd_request *req, u32 read_rd)
*
*
*/
static int rd_MEMCPY_read(struct rd_request *req)
{ {
struct se_task *task = &req->rd_task; struct se_task *task = &req->rd_task;
struct rd_dev *dev = req->rd_task.task_se_cmd->se_dev->dev_ptr; struct rd_dev *dev = req->rd_task.task_se_cmd->se_dev->dev_ptr;
struct rd_dev_sg_table *table; struct rd_dev_sg_table *table;
struct scatterlist *sg_d, *sg_s; struct scatterlist *rd_sg;
void *dst, *src; struct sg_mapping_iter m;
u32 i = 0, j = 0, dst_offset = 0, src_offset = 0;
u32 length, page_end = 0, table_sg_end;
u32 rd_offset = req->rd_offset; u32 rd_offset = req->rd_offset;
u32 src_len;
table = rd_get_sg_table(dev, req->rd_page); table = rd_get_sg_table(dev, req->rd_page);
if (!table) if (!table)
return -EINVAL; return -EINVAL;
table_sg_end = (table->page_end_offset - req->rd_page); rd_sg = &table->sg_table[req->rd_page - table->page_start_offset];
sg_d = task->task_sg;
sg_s = &table->sg_table[req->rd_page - table->page_start_offset];
pr_debug("RD[%u]: Read LBA: %llu, Size: %u Page: %u, Offset:" pr_debug("RD[%u]: %s LBA: %llu, Size: %u Page: %u, Offset: %u\n",
" %u\n", dev->rd_dev_id, task->task_lba, req->rd_size, dev->rd_dev_id, read_rd ? "Read" : "Write",
req->rd_page, req->rd_offset); task->task_lba, req->rd_size, req->rd_page,
rd_offset);
src_offset = rd_offset;
src_len = PAGE_SIZE - rd_offset;
sg_miter_start(&m, task->task_sg, task->task_sg_nents,
read_rd ? SG_MITER_TO_SG : SG_MITER_FROM_SG);
while (req->rd_size) { while (req->rd_size) {
if ((sg_d[i].length - dst_offset) < u32 len;
(sg_s[j].length - src_offset)) { void *rd_addr;
length = (sg_d[i].length - dst_offset);
pr_debug("Step 1 - sg_d[%d]: %p length: %d"
" offset: %u sg_s[%d].length: %u\n", i,
&sg_d[i], sg_d[i].length, sg_d[i].offset, j,
sg_s[j].length);
pr_debug("Step 1 - length: %u dst_offset: %u"
" src_offset: %u\n", length, dst_offset,
src_offset);
if (length > req->rd_size)
length = req->rd_size;
dst = sg_virt(&sg_d[i++]) + dst_offset;
BUG_ON(!dst);
src = sg_virt(&sg_s[j]) + src_offset;
BUG_ON(!src);
dst_offset = 0;
src_offset = length;
page_end = 0;
} else {
length = (sg_s[j].length - src_offset);
pr_debug("Step 2 - sg_d[%d]: %p length: %d"
" offset: %u sg_s[%d].length: %u\n", i,
&sg_d[i], sg_d[i].length, sg_d[i].offset,
j, sg_s[j].length);
pr_debug("Step 2 - length: %u dst_offset: %u"
" src_offset: %u\n", length, dst_offset,
src_offset);
if (length > req->rd_size)
length = req->rd_size;
dst = sg_virt(&sg_d[i]) + dst_offset;
BUG_ON(!dst);
if (sg_d[i].length == length) {
i++;
dst_offset = 0;
} else
dst_offset = length;
src = sg_virt(&sg_s[j++]) + src_offset;
BUG_ON(!src);
src_offset = 0;
page_end = 1;
}
memcpy(dst, src, length); sg_miter_next(&m);
len = min((u32)m.length, src_len);
m.consumed = len;
pr_debug("page: %u, remaining size: %u, length: %u," rd_addr = sg_virt(rd_sg) + rd_offset;
" i: %u, j: %u\n", req->rd_page,
(req->rd_size - length), length, i, j);
req->rd_size -= length; if (read_rd)
if (!req->rd_size) memcpy(m.addr, rd_addr, len);
return 0; else
memcpy(rd_addr, m.addr, len);
if (!page_end) req->rd_size -= len;
if (!req->rd_size)
continue; continue;
if (++req->rd_page <= table->page_end_offset) { src_len -= len;
pr_debug("page: %u in same page table\n", if (src_len) {
req->rd_page); rd_offset += len;
continue; continue;
} }
pr_debug("getting new page table for page: %u\n", /* rd page completed, next one please */
req->rd_page); req->rd_page++;
rd_offset = 0;
table = rd_get_sg_table(dev, req->rd_page); src_len = PAGE_SIZE;
if (!table) if (req->rd_page <= table->page_end_offset) {
return -EINVAL; rd_sg++;
sg_s = &table->sg_table[j = 0];
}
return 0;
}
/* rd_MEMCPY_write():
*
*
*/
static int rd_MEMCPY_write(struct rd_request *req)
{
struct se_task *task = &req->rd_task;
struct rd_dev *dev = req->rd_task.task_se_cmd->se_dev->dev_ptr;
struct rd_dev_sg_table *table;
struct scatterlist *sg_d, *sg_s;
void *dst, *src;
u32 i = 0, j = 0, dst_offset = 0, src_offset = 0;
u32 length, page_end = 0, table_sg_end;
u32 rd_offset = req->rd_offset;
table = rd_get_sg_table(dev, req->rd_page);
if (!table)
return -EINVAL;
table_sg_end = (table->page_end_offset - req->rd_page);
sg_d = &table->sg_table[req->rd_page - table->page_start_offset];
sg_s = task->task_sg;
pr_debug("RD[%d] Write LBA: %llu, Size: %u, Page: %u,"
" Offset: %u\n", dev->rd_dev_id, task->task_lba, req->rd_size,
req->rd_page, req->rd_offset);
dst_offset = rd_offset;
while (req->rd_size) {
if ((sg_s[i].length - src_offset) <
(sg_d[j].length - dst_offset)) {
length = (sg_s[i].length - src_offset);
pr_debug("Step 1 - sg_s[%d]: %p length: %d"
" offset: %d sg_d[%d].length: %u\n", i,
&sg_s[i], sg_s[i].length, sg_s[i].offset,
j, sg_d[j].length);
pr_debug("Step 1 - length: %u src_offset: %u"
" dst_offset: %u\n", length, src_offset,
dst_offset);
if (length > req->rd_size)
length = req->rd_size;
src = sg_virt(&sg_s[i++]) + src_offset;
BUG_ON(!src);
dst = sg_virt(&sg_d[j]) + dst_offset;
BUG_ON(!dst);
src_offset = 0;
dst_offset = length;
page_end = 0;
} else {
length = (sg_d[j].length - dst_offset);
pr_debug("Step 2 - sg_s[%d]: %p length: %d"
" offset: %d sg_d[%d].length: %u\n", i,
&sg_s[i], sg_s[i].length, sg_s[i].offset,
j, sg_d[j].length);
pr_debug("Step 2 - length: %u src_offset: %u"
" dst_offset: %u\n", length, src_offset,
dst_offset);
if (length > req->rd_size)
length = req->rd_size;
src = sg_virt(&sg_s[i]) + src_offset;
BUG_ON(!src);
if (sg_s[i].length == length) {
i++;
src_offset = 0;
} else
src_offset = length;
dst = sg_virt(&sg_d[j++]) + dst_offset;
BUG_ON(!dst);
dst_offset = 0;
page_end = 1;
}
memcpy(dst, src, length);
pr_debug("page: %u, remaining size: %u, length: %u,"
" i: %u, j: %u\n", req->rd_page,
(req->rd_size - length), length, i, j);
req->rd_size -= length;
if (!req->rd_size)
return 0;
if (!page_end)
continue;
if (++req->rd_page <= table->page_end_offset) {
pr_debug("page: %u in same page table\n",
req->rd_page);
continue; continue;
} }
pr_debug("getting new page table for page: %u\n",
req->rd_page);
table = rd_get_sg_table(dev, req->rd_page); table = rd_get_sg_table(dev, req->rd_page);
if (!table) if (!table) {
sg_miter_stop(&m);
return -EINVAL; return -EINVAL;
}
sg_d = &table->sg_table[j = 0]; /* since we increment, the first sg entry is correct */
rd_sg = table->sg_table;
} }
sg_miter_stop(&m);
return 0; return 0;
} }
...@@ -591,11 +430,7 @@ static int rd_MEMCPY_do_task(struct se_task *task) ...@@ -591,11 +430,7 @@ static int rd_MEMCPY_do_task(struct se_task *task)
req->rd_page = tmp; req->rd_page = tmp;
req->rd_size = task->task_size; req->rd_size = task->task_size;
if (task->task_data_direction == DMA_FROM_DEVICE) ret = rd_MEMCPY(req, task->task_data_direction == DMA_FROM_DEVICE);
ret = rd_MEMCPY_read(req);
else
ret = rd_MEMCPY_write(req);
if (ret != 0) if (ret != 0)
return ret; return ret;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment