1 /*
2  * Xen SCSI frontend driver
3  *
4  * Copyright (c) 2008, FUJITSU Limited
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License version 2
8  * as published by the Free Software Foundation; or, when distributed
9  * separately from the Linux kernel or incorporated into other
10  * software packages, subject to the following license:
11  *
12  * Permission is hereby granted, free of charge, to any person obtaining a copy
13  * of this source file (the "Software"), to deal in the Software without
14  * restriction, including without limitation the rights to use, copy, modify,
15  * merge, publish, distribute, sublicense, and/or sell copies of the Software,
16  * and to permit persons to whom the Software is furnished to do so, subject to
17  * the following conditions:
18  *
19  * The above copyright notice and this permission notice shall be included in
20  * all copies or substantial portions of the Software.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
27  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
28  * IN THE SOFTWARE.
29  */
30 
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/device.h>
34 #include <linux/wait.h>
35 #include <linux/interrupt.h>
36 #include <linux/mutex.h>
37 #include <linux/spinlock.h>
38 #include <linux/sched.h>
39 #include <linux/blkdev.h>
40 #include <linux/pfn.h>
41 #include <linux/slab.h>
42 #include <linux/bitops.h>
43 
44 #include <scsi/scsi_cmnd.h>
45 #include <scsi/scsi_device.h>
46 #include <scsi/scsi.h>
47 #include <scsi/scsi_host.h>
48 
49 #include <xen/xen.h>
50 #include <xen/xenbus.h>
51 #include <xen/grant_table.h>
52 #include <xen/events.h>
53 #include <xen/page.h>
54 
55 #include <xen/interface/grant_table.h>
56 #include <xen/interface/io/vscsiif.h>
57 #include <xen/interface/io/protocols.h>
58 
59 #include <asm/xen/hypervisor.h>
60 
61 
62 #define GRANT_INVALID_REF	0
63 
64 #define VSCSIFRONT_OP_ADD_LUN	1
65 #define VSCSIFRONT_OP_DEL_LUN	2
66 #define VSCSIFRONT_OP_READD_LUN	3
67 
68 /* Tuning point. */
69 #define VSCSIIF_DEFAULT_CMD_PER_LUN 10
70 #define VSCSIIF_MAX_TARGET          64
71 #define VSCSIIF_MAX_LUN             255
72 
73 #define VSCSIIF_RING_SIZE	__CONST_RING_SIZE(vscsiif, PAGE_SIZE)
74 #define VSCSIIF_MAX_REQS	VSCSIIF_RING_SIZE
75 
76 #define vscsiif_grants_sg(_sg)	(PFN_UP((_sg) *		\
77 				sizeof(struct scsiif_request_segment)))
78 
79 struct vscsifrnt_shadow {
80 	/* command between backend and frontend */
81 	unsigned char act;
82 	uint8_t nr_segments;
83 	uint16_t rqid;
84 	uint16_t ref_rqid;
85 
86 	unsigned int nr_grants;		/* number of grants in gref[] */
87 	struct scsiif_request_segment *sg;	/* scatter/gather elements */
88 	struct scsiif_request_segment seg[VSCSIIF_SG_TABLESIZE];
89 
90 	/* Do reset or abort function. */
91 	wait_queue_head_t wq_reset;	/* reset work queue           */
92 	int wait_reset;			/* reset work queue condition */
93 	int32_t rslt_reset;		/* reset response status:     */
94 					/* SUCCESS or FAILED or:      */
95 #define RSLT_RESET_WAITING	0
96 #define RSLT_RESET_ERR		-1
97 
98 	/* Requested struct scsi_cmnd is stored from kernel. */
99 	struct scsi_cmnd *sc;
100 	int gref[vscsiif_grants_sg(SG_ALL) + SG_ALL];
101 };
102 
103 struct vscsifrnt_info {
104 	struct xenbus_device *dev;
105 
106 	struct Scsi_Host *host;
107 	int host_active;
108 
109 	unsigned int evtchn;
110 	unsigned int irq;
111 
112 	grant_ref_t ring_ref;
113 	struct vscsiif_front_ring ring;
114 	struct vscsiif_response	ring_rsp;
115 
116 	spinlock_t shadow_lock;
117 	DECLARE_BITMAP(shadow_free_bitmap, VSCSIIF_MAX_REQS);
118 	struct vscsifrnt_shadow *shadow[VSCSIIF_MAX_REQS];
119 
120 	/* Following items are protected by the host lock. */
121 	wait_queue_head_t wq_sync;
122 	wait_queue_head_t wq_pause;
123 	unsigned int wait_ring_available:1;
124 	unsigned int waiting_pause:1;
125 	unsigned int pause:1;
126 	unsigned callers;
127 
128 	char dev_state_path[64];
129 	struct task_struct *curr;
130 };
131 
132 static DEFINE_MUTEX(scsifront_mutex);
133 
scsifront_wake_up(struct vscsifrnt_info * info)134 static void scsifront_wake_up(struct vscsifrnt_info *info)
135 {
136 	info->wait_ring_available = 0;
137 	wake_up(&info->wq_sync);
138 }
139 
scsifront_get_rqid(struct vscsifrnt_info * info)140 static int scsifront_get_rqid(struct vscsifrnt_info *info)
141 {
142 	unsigned long flags;
143 	int free;
144 
145 	spin_lock_irqsave(&info->shadow_lock, flags);
146 
147 	free = find_first_bit(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
148 	__clear_bit(free, info->shadow_free_bitmap);
149 
150 	spin_unlock_irqrestore(&info->shadow_lock, flags);
151 
152 	return free;
153 }
154 
_scsifront_put_rqid(struct vscsifrnt_info * info,uint32_t id)155 static int _scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
156 {
157 	int empty = bitmap_empty(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
158 
159 	__set_bit(id, info->shadow_free_bitmap);
160 	info->shadow[id] = NULL;
161 
162 	return empty || info->wait_ring_available;
163 }
164 
scsifront_put_rqid(struct vscsifrnt_info * info,uint32_t id)165 static void scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
166 {
167 	unsigned long flags;
168 	int kick;
169 
170 	spin_lock_irqsave(&info->shadow_lock, flags);
171 	kick = _scsifront_put_rqid(info, id);
172 	spin_unlock_irqrestore(&info->shadow_lock, flags);
173 
174 	if (kick)
175 		scsifront_wake_up(info);
176 }
177 
scsifront_do_request(struct vscsifrnt_info * info,struct vscsifrnt_shadow * shadow)178 static int scsifront_do_request(struct vscsifrnt_info *info,
179 				struct vscsifrnt_shadow *shadow)
180 {
181 	struct vscsiif_front_ring *ring = &(info->ring);
182 	struct vscsiif_request *ring_req;
183 	struct scsi_cmnd *sc = shadow->sc;
184 	uint32_t id;
185 	int i, notify;
186 
187 	if (RING_FULL(&info->ring))
188 		return -EBUSY;
189 
190 	id = scsifront_get_rqid(info);	/* use id in response */
191 	if (id >= VSCSIIF_MAX_REQS)
192 		return -EBUSY;
193 
194 	info->shadow[id] = shadow;
195 	shadow->rqid = id;
196 
197 	ring_req = RING_GET_REQUEST(&(info->ring), ring->req_prod_pvt);
198 	ring->req_prod_pvt++;
199 
200 	ring_req->rqid        = id;
201 	ring_req->act         = shadow->act;
202 	ring_req->ref_rqid    = shadow->ref_rqid;
203 	ring_req->nr_segments = shadow->nr_segments;
204 
205 	ring_req->id      = sc->device->id;
206 	ring_req->lun     = sc->device->lun;
207 	ring_req->channel = sc->device->channel;
208 	ring_req->cmd_len = sc->cmd_len;
209 
210 	BUG_ON(sc->cmd_len > VSCSIIF_MAX_COMMAND_SIZE);
211 
212 	memcpy(ring_req->cmnd, sc->cmnd, sc->cmd_len);
213 
214 	ring_req->sc_data_direction   = (uint8_t)sc->sc_data_direction;
215 	ring_req->timeout_per_command = sc->request->timeout / HZ;
216 
217 	for (i = 0; i < (shadow->nr_segments & ~VSCSIIF_SG_GRANT); i++)
218 		ring_req->seg[i] = shadow->seg[i];
219 
220 	RING_PUSH_REQUESTS_AND_CHECK_NOTIFY(ring, notify);
221 	if (notify)
222 		notify_remote_via_irq(info->irq);
223 
224 	return 0;
225 }
226 
scsifront_gnttab_done(struct vscsifrnt_info * info,struct vscsifrnt_shadow * shadow)227 static void scsifront_gnttab_done(struct vscsifrnt_info *info,
228 				  struct vscsifrnt_shadow *shadow)
229 {
230 	int i;
231 
232 	if (shadow->sc->sc_data_direction == DMA_NONE)
233 		return;
234 
235 	for (i = 0; i < shadow->nr_grants; i++) {
236 		if (unlikely(gnttab_query_foreign_access(shadow->gref[i]))) {
237 			shost_printk(KERN_ALERT, info->host, KBUILD_MODNAME
238 				     "grant still in use by backend\n");
239 			BUG();
240 		}
241 		gnttab_end_foreign_access(shadow->gref[i], 0, 0UL);
242 	}
243 
244 	kfree(shadow->sg);
245 }
246 
scsifront_cdb_cmd_done(struct vscsifrnt_info * info,struct vscsiif_response * ring_rsp)247 static void scsifront_cdb_cmd_done(struct vscsifrnt_info *info,
248 				   struct vscsiif_response *ring_rsp)
249 {
250 	struct vscsifrnt_shadow *shadow;
251 	struct scsi_cmnd *sc;
252 	uint32_t id;
253 	uint8_t sense_len;
254 
255 	id = ring_rsp->rqid;
256 	shadow = info->shadow[id];
257 	sc = shadow->sc;
258 
259 	BUG_ON(sc == NULL);
260 
261 	scsifront_gnttab_done(info, shadow);
262 	scsifront_put_rqid(info, id);
263 
264 	sc->result = ring_rsp->rslt;
265 	scsi_set_resid(sc, ring_rsp->residual_len);
266 
267 	sense_len = min_t(uint8_t, VSCSIIF_SENSE_BUFFERSIZE,
268 			  ring_rsp->sense_len);
269 
270 	if (sense_len)
271 		memcpy(sc->sense_buffer, ring_rsp->sense_buffer, sense_len);
272 
273 	sc->scsi_done(sc);
274 }
275 
scsifront_sync_cmd_done(struct vscsifrnt_info * info,struct vscsiif_response * ring_rsp)276 static void scsifront_sync_cmd_done(struct vscsifrnt_info *info,
277 				    struct vscsiif_response *ring_rsp)
278 {
279 	uint16_t id = ring_rsp->rqid;
280 	unsigned long flags;
281 	struct vscsifrnt_shadow *shadow = info->shadow[id];
282 	int kick;
283 
284 	spin_lock_irqsave(&info->shadow_lock, flags);
285 	shadow->wait_reset = 1;
286 	switch (shadow->rslt_reset) {
287 	case RSLT_RESET_WAITING:
288 		shadow->rslt_reset = ring_rsp->rslt;
289 		break;
290 	case RSLT_RESET_ERR:
291 		kick = _scsifront_put_rqid(info, id);
292 		spin_unlock_irqrestore(&info->shadow_lock, flags);
293 		kfree(shadow);
294 		if (kick)
295 			scsifront_wake_up(info);
296 		return;
297 	default:
298 		shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
299 			     "bad reset state %d, possibly leaking %u\n",
300 			     shadow->rslt_reset, id);
301 		break;
302 	}
303 	spin_unlock_irqrestore(&info->shadow_lock, flags);
304 
305 	wake_up(&shadow->wq_reset);
306 }
307 
scsifront_do_response(struct vscsifrnt_info * info,struct vscsiif_response * ring_rsp)308 static void scsifront_do_response(struct vscsifrnt_info *info,
309 				  struct vscsiif_response *ring_rsp)
310 {
311 	if (WARN(ring_rsp->rqid >= VSCSIIF_MAX_REQS ||
312 		 test_bit(ring_rsp->rqid, info->shadow_free_bitmap),
313 		 "illegal rqid %u returned by backend!\n", ring_rsp->rqid))
314 		return;
315 
316 	if (info->shadow[ring_rsp->rqid]->act == VSCSIIF_ACT_SCSI_CDB)
317 		scsifront_cdb_cmd_done(info, ring_rsp);
318 	else
319 		scsifront_sync_cmd_done(info, ring_rsp);
320 }
321 
scsifront_ring_drain(struct vscsifrnt_info * info)322 static int scsifront_ring_drain(struct vscsifrnt_info *info)
323 {
324 	struct vscsiif_response *ring_rsp;
325 	RING_IDX i, rp;
326 	int more_to_do = 0;
327 
328 	rp = info->ring.sring->rsp_prod;
329 	rmb();	/* ordering required respective to dom0 */
330 	for (i = info->ring.rsp_cons; i != rp; i++) {
331 		ring_rsp = RING_GET_RESPONSE(&info->ring, i);
332 		scsifront_do_response(info, ring_rsp);
333 	}
334 
335 	info->ring.rsp_cons = i;
336 
337 	if (i != info->ring.req_prod_pvt)
338 		RING_FINAL_CHECK_FOR_RESPONSES(&info->ring, more_to_do);
339 	else
340 		info->ring.sring->rsp_event = i + 1;
341 
342 	return more_to_do;
343 }
344 
scsifront_cmd_done(struct vscsifrnt_info * info)345 static int scsifront_cmd_done(struct vscsifrnt_info *info)
346 {
347 	int more_to_do;
348 	unsigned long flags;
349 
350 	spin_lock_irqsave(info->host->host_lock, flags);
351 
352 	more_to_do = scsifront_ring_drain(info);
353 
354 	info->wait_ring_available = 0;
355 
356 	spin_unlock_irqrestore(info->host->host_lock, flags);
357 
358 	wake_up(&info->wq_sync);
359 
360 	return more_to_do;
361 }
362 
scsifront_irq_fn(int irq,void * dev_id)363 static irqreturn_t scsifront_irq_fn(int irq, void *dev_id)
364 {
365 	struct vscsifrnt_info *info = dev_id;
366 
367 	while (scsifront_cmd_done(info))
368 		/* Yield point for this unbounded loop. */
369 		cond_resched();
370 
371 	return IRQ_HANDLED;
372 }
373 
scsifront_finish_all(struct vscsifrnt_info * info)374 static void scsifront_finish_all(struct vscsifrnt_info *info)
375 {
376 	unsigned i;
377 	struct vscsiif_response resp;
378 
379 	scsifront_ring_drain(info);
380 
381 	for (i = 0; i < VSCSIIF_MAX_REQS; i++) {
382 		if (test_bit(i, info->shadow_free_bitmap))
383 			continue;
384 		resp.rqid = i;
385 		resp.sense_len = 0;
386 		resp.rslt = DID_RESET << 16;
387 		resp.residual_len = 0;
388 		scsifront_do_response(info, &resp);
389 	}
390 }
391 
map_data_for_request(struct vscsifrnt_info * info,struct scsi_cmnd * sc,struct vscsifrnt_shadow * shadow)392 static int map_data_for_request(struct vscsifrnt_info *info,
393 				struct scsi_cmnd *sc,
394 				struct vscsifrnt_shadow *shadow)
395 {
396 	grant_ref_t gref_head;
397 	struct page *page;
398 	int err, ref, ref_cnt = 0;
399 	int grant_ro = (sc->sc_data_direction == DMA_TO_DEVICE);
400 	unsigned int i, off, len, bytes;
401 	unsigned int data_len = scsi_bufflen(sc);
402 	unsigned int data_grants = 0, seg_grants = 0;
403 	struct scatterlist *sg;
404 	struct scsiif_request_segment *seg;
405 
406 	if (sc->sc_data_direction == DMA_NONE || !data_len)
407 		return 0;
408 
409 	scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i)
410 		data_grants += PFN_UP(sg->offset + sg->length);
411 
412 	if (data_grants > VSCSIIF_SG_TABLESIZE) {
413 		if (data_grants > info->host->sg_tablesize) {
414 			shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
415 			     "Unable to map request_buffer for command!\n");
416 			return -E2BIG;
417 		}
418 		seg_grants = vscsiif_grants_sg(data_grants);
419 		shadow->sg = kcalloc(data_grants,
420 			sizeof(struct scsiif_request_segment), GFP_ATOMIC);
421 		if (!shadow->sg)
422 			return -ENOMEM;
423 	}
424 	seg = shadow->sg ? : shadow->seg;
425 
426 	err = gnttab_alloc_grant_references(seg_grants + data_grants,
427 					    &gref_head);
428 	if (err) {
429 		kfree(shadow->sg);
430 		shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
431 			     "gnttab_alloc_grant_references() error\n");
432 		return -ENOMEM;
433 	}
434 
435 	if (seg_grants) {
436 		page = virt_to_page(seg);
437 		off = offset_in_page(seg);
438 		len = sizeof(struct scsiif_request_segment) * data_grants;
439 		while (len > 0) {
440 			bytes = min_t(unsigned int, len, PAGE_SIZE - off);
441 
442 			ref = gnttab_claim_grant_reference(&gref_head);
443 			BUG_ON(ref == -ENOSPC);
444 
445 			gnttab_grant_foreign_access_ref(ref,
446 				info->dev->otherend_id,
447 				xen_page_to_gfn(page), 1);
448 			shadow->gref[ref_cnt] = ref;
449 			shadow->seg[ref_cnt].gref   = ref;
450 			shadow->seg[ref_cnt].offset = (uint16_t)off;
451 			shadow->seg[ref_cnt].length = (uint16_t)bytes;
452 
453 			page++;
454 			len -= bytes;
455 			off = 0;
456 			ref_cnt++;
457 		}
458 		BUG_ON(seg_grants < ref_cnt);
459 		seg_grants = ref_cnt;
460 	}
461 
462 	scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i) {
463 		page = sg_page(sg);
464 		off = sg->offset;
465 		len = sg->length;
466 
467 		while (len > 0 && data_len > 0) {
468 			/*
469 			 * sg sends a scatterlist that is larger than
470 			 * the data_len it wants transferred for certain
471 			 * IO sizes.
472 			 */
473 			bytes = min_t(unsigned int, len, PAGE_SIZE - off);
474 			bytes = min(bytes, data_len);
475 
476 			ref = gnttab_claim_grant_reference(&gref_head);
477 			BUG_ON(ref == -ENOSPC);
478 
479 			gnttab_grant_foreign_access_ref(ref,
480 				info->dev->otherend_id,
481 				xen_page_to_gfn(page),
482 				grant_ro);
483 
484 			shadow->gref[ref_cnt] = ref;
485 			seg->gref   = ref;
486 			seg->offset = (uint16_t)off;
487 			seg->length = (uint16_t)bytes;
488 
489 			page++;
490 			seg++;
491 			len -= bytes;
492 			data_len -= bytes;
493 			off = 0;
494 			ref_cnt++;
495 		}
496 	}
497 
498 	if (seg_grants)
499 		shadow->nr_segments = VSCSIIF_SG_GRANT | seg_grants;
500 	else
501 		shadow->nr_segments = (uint8_t)ref_cnt;
502 	shadow->nr_grants = ref_cnt;
503 
504 	return 0;
505 }
506 
scsifront_enter(struct vscsifrnt_info * info)507 static int scsifront_enter(struct vscsifrnt_info *info)
508 {
509 	if (info->pause)
510 		return 1;
511 	info->callers++;
512 	return 0;
513 }
514 
scsifront_return(struct vscsifrnt_info * info)515 static void scsifront_return(struct vscsifrnt_info *info)
516 {
517 	info->callers--;
518 	if (info->callers)
519 		return;
520 
521 	if (!info->waiting_pause)
522 		return;
523 
524 	info->waiting_pause = 0;
525 	wake_up(&info->wq_pause);
526 }
527 
scsifront_queuecommand(struct Scsi_Host * shost,struct scsi_cmnd * sc)528 static int scsifront_queuecommand(struct Scsi_Host *shost,
529 				  struct scsi_cmnd *sc)
530 {
531 	struct vscsifrnt_info *info = shost_priv(shost);
532 	struct vscsifrnt_shadow *shadow = scsi_cmd_priv(sc);
533 	unsigned long flags;
534 	int err;
535 
536 	sc->result = 0;
537 
538 	shadow->sc  = sc;
539 	shadow->act = VSCSIIF_ACT_SCSI_CDB;
540 
541 	spin_lock_irqsave(shost->host_lock, flags);
542 	if (scsifront_enter(info)) {
543 		spin_unlock_irqrestore(shost->host_lock, flags);
544 		return SCSI_MLQUEUE_HOST_BUSY;
545 	}
546 
547 	err = map_data_for_request(info, sc, shadow);
548 	if (err < 0) {
549 		pr_debug("%s: err %d\n", __func__, err);
550 		scsifront_return(info);
551 		spin_unlock_irqrestore(shost->host_lock, flags);
552 		if (err == -ENOMEM)
553 			return SCSI_MLQUEUE_HOST_BUSY;
554 		sc->result = DID_ERROR << 16;
555 		sc->scsi_done(sc);
556 		return 0;
557 	}
558 
559 	if (scsifront_do_request(info, shadow)) {
560 		scsifront_gnttab_done(info, shadow);
561 		goto busy;
562 	}
563 
564 	scsifront_return(info);
565 	spin_unlock_irqrestore(shost->host_lock, flags);
566 
567 	return 0;
568 
569 busy:
570 	scsifront_return(info);
571 	spin_unlock_irqrestore(shost->host_lock, flags);
572 	pr_debug("%s: busy\n", __func__);
573 	return SCSI_MLQUEUE_HOST_BUSY;
574 }
575 
576 /*
577  * Any exception handling (reset or abort) must be forwarded to the backend.
578  * We have to wait until an answer is returned. This answer contains the
579  * result to be returned to the requestor.
580  */
scsifront_action_handler(struct scsi_cmnd * sc,uint8_t act)581 static int scsifront_action_handler(struct scsi_cmnd *sc, uint8_t act)
582 {
583 	struct Scsi_Host *host = sc->device->host;
584 	struct vscsifrnt_info *info = shost_priv(host);
585 	struct vscsifrnt_shadow *shadow, *s = scsi_cmd_priv(sc);
586 	int err = 0;
587 
588 	shadow = kzalloc(sizeof(*shadow), GFP_NOIO);
589 	if (!shadow)
590 		return FAILED;
591 
592 	shadow->act = act;
593 	shadow->rslt_reset = RSLT_RESET_WAITING;
594 	shadow->sc = sc;
595 	shadow->ref_rqid = s->rqid;
596 	init_waitqueue_head(&shadow->wq_reset);
597 
598 	spin_lock_irq(host->host_lock);
599 
600 	for (;;) {
601 		if (scsifront_enter(info))
602 			goto fail;
603 
604 		if (!scsifront_do_request(info, shadow))
605 			break;
606 
607 		scsifront_return(info);
608 		if (err)
609 			goto fail;
610 		info->wait_ring_available = 1;
611 		spin_unlock_irq(host->host_lock);
612 		err = wait_event_interruptible(info->wq_sync,
613 					       !info->wait_ring_available);
614 		spin_lock_irq(host->host_lock);
615 	}
616 
617 	spin_unlock_irq(host->host_lock);
618 	err = wait_event_interruptible(shadow->wq_reset, shadow->wait_reset);
619 	spin_lock_irq(host->host_lock);
620 
621 	if (!err) {
622 		err = shadow->rslt_reset;
623 		scsifront_put_rqid(info, shadow->rqid);
624 		kfree(shadow);
625 	} else {
626 		spin_lock(&info->shadow_lock);
627 		shadow->rslt_reset = RSLT_RESET_ERR;
628 		spin_unlock(&info->shadow_lock);
629 		err = FAILED;
630 	}
631 
632 	scsifront_return(info);
633 	spin_unlock_irq(host->host_lock);
634 	return err;
635 
636 fail:
637 	spin_unlock_irq(host->host_lock);
638 	kfree(shadow);
639 	return FAILED;
640 }
641 
scsifront_eh_abort_handler(struct scsi_cmnd * sc)642 static int scsifront_eh_abort_handler(struct scsi_cmnd *sc)
643 {
644 	pr_debug("%s\n", __func__);
645 	return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_ABORT);
646 }
647 
scsifront_dev_reset_handler(struct scsi_cmnd * sc)648 static int scsifront_dev_reset_handler(struct scsi_cmnd *sc)
649 {
650 	pr_debug("%s\n", __func__);
651 	return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_RESET);
652 }
653 
scsifront_sdev_configure(struct scsi_device * sdev)654 static int scsifront_sdev_configure(struct scsi_device *sdev)
655 {
656 	struct vscsifrnt_info *info = shost_priv(sdev->host);
657 	int err;
658 
659 	if (info && current == info->curr) {
660 		err = xenbus_printf(XBT_NIL, info->dev->nodename,
661 			      info->dev_state_path, "%d", XenbusStateConnected);
662 		if (err) {
663 			xenbus_dev_error(info->dev, err,
664 				"%s: writing dev_state_path", __func__);
665 			return err;
666 		}
667 	}
668 
669 	return 0;
670 }
671 
scsifront_sdev_destroy(struct scsi_device * sdev)672 static void scsifront_sdev_destroy(struct scsi_device *sdev)
673 {
674 	struct vscsifrnt_info *info = shost_priv(sdev->host);
675 	int err;
676 
677 	if (info && current == info->curr) {
678 		err = xenbus_printf(XBT_NIL, info->dev->nodename,
679 			      info->dev_state_path, "%d", XenbusStateClosed);
680 		if (err)
681 			xenbus_dev_error(info->dev, err,
682 				"%s: writing dev_state_path", __func__);
683 	}
684 }
685 
686 static struct scsi_host_template scsifront_sht = {
687 	.module			= THIS_MODULE,
688 	.name			= "Xen SCSI frontend driver",
689 	.queuecommand		= scsifront_queuecommand,
690 	.eh_abort_handler	= scsifront_eh_abort_handler,
691 	.eh_device_reset_handler = scsifront_dev_reset_handler,
692 	.slave_configure	= scsifront_sdev_configure,
693 	.slave_destroy		= scsifront_sdev_destroy,
694 	.cmd_per_lun		= VSCSIIF_DEFAULT_CMD_PER_LUN,
695 	.can_queue		= VSCSIIF_MAX_REQS,
696 	.this_id		= -1,
697 	.cmd_size		= sizeof(struct vscsifrnt_shadow),
698 	.sg_tablesize		= VSCSIIF_SG_TABLESIZE,
699 	.use_clustering		= DISABLE_CLUSTERING,
700 	.proc_name		= "scsifront",
701 };
702 
scsifront_alloc_ring(struct vscsifrnt_info * info)703 static int scsifront_alloc_ring(struct vscsifrnt_info *info)
704 {
705 	struct xenbus_device *dev = info->dev;
706 	struct vscsiif_sring *sring;
707 	grant_ref_t gref;
708 	int err = -ENOMEM;
709 
710 	/***** Frontend to Backend ring start *****/
711 	sring = (struct vscsiif_sring *)__get_free_page(GFP_KERNEL);
712 	if (!sring) {
713 		xenbus_dev_fatal(dev, err,
714 			"fail to allocate shared ring (Front to Back)");
715 		return err;
716 	}
717 	SHARED_RING_INIT(sring);
718 	FRONT_RING_INIT(&info->ring, sring, PAGE_SIZE);
719 
720 	err = xenbus_grant_ring(dev, sring, 1, &gref);
721 	if (err < 0) {
722 		free_page((unsigned long)sring);
723 		xenbus_dev_fatal(dev, err,
724 			"fail to grant shared ring (Front to Back)");
725 		return err;
726 	}
727 	info->ring_ref = gref;
728 
729 	err = xenbus_alloc_evtchn(dev, &info->evtchn);
730 	if (err) {
731 		xenbus_dev_fatal(dev, err, "xenbus_alloc_evtchn");
732 		goto free_gnttab;
733 	}
734 
735 	err = bind_evtchn_to_irq(info->evtchn);
736 	if (err <= 0) {
737 		xenbus_dev_fatal(dev, err, "bind_evtchn_to_irq");
738 		goto free_gnttab;
739 	}
740 
741 	info->irq = err;
742 
743 	err = request_threaded_irq(info->irq, NULL, scsifront_irq_fn,
744 				   IRQF_ONESHOT, "scsifront", info);
745 	if (err) {
746 		xenbus_dev_fatal(dev, err, "request_threaded_irq");
747 		goto free_irq;
748 	}
749 
750 	return 0;
751 
752 /* free resource */
753 free_irq:
754 	unbind_from_irqhandler(info->irq, info);
755 free_gnttab:
756 	gnttab_end_foreign_access(info->ring_ref, 0,
757 				  (unsigned long)info->ring.sring);
758 
759 	return err;
760 }
761 
scsifront_free_ring(struct vscsifrnt_info * info)762 static void scsifront_free_ring(struct vscsifrnt_info *info)
763 {
764 	unbind_from_irqhandler(info->irq, info);
765 	gnttab_end_foreign_access(info->ring_ref, 0,
766 				  (unsigned long)info->ring.sring);
767 }
768 
scsifront_init_ring(struct vscsifrnt_info * info)769 static int scsifront_init_ring(struct vscsifrnt_info *info)
770 {
771 	struct xenbus_device *dev = info->dev;
772 	struct xenbus_transaction xbt;
773 	int err;
774 
775 	pr_debug("%s\n", __func__);
776 
777 	err = scsifront_alloc_ring(info);
778 	if (err)
779 		return err;
780 	pr_debug("%s: %u %u\n", __func__, info->ring_ref, info->evtchn);
781 
782 again:
783 	err = xenbus_transaction_start(&xbt);
784 	if (err)
785 		xenbus_dev_fatal(dev, err, "starting transaction");
786 
787 	err = xenbus_printf(xbt, dev->nodename, "ring-ref", "%u",
788 			    info->ring_ref);
789 	if (err) {
790 		xenbus_dev_fatal(dev, err, "%s", "writing ring-ref");
791 		goto fail;
792 	}
793 
794 	err = xenbus_printf(xbt, dev->nodename, "event-channel", "%u",
795 			    info->evtchn);
796 
797 	if (err) {
798 		xenbus_dev_fatal(dev, err, "%s", "writing event-channel");
799 		goto fail;
800 	}
801 
802 	err = xenbus_transaction_end(xbt, 0);
803 	if (err) {
804 		if (err == -EAGAIN)
805 			goto again;
806 		xenbus_dev_fatal(dev, err, "completing transaction");
807 		goto free_sring;
808 	}
809 
810 	return 0;
811 
812 fail:
813 	xenbus_transaction_end(xbt, 1);
814 free_sring:
815 	scsifront_free_ring(info);
816 
817 	return err;
818 }
819 
820 
scsifront_probe(struct xenbus_device * dev,const struct xenbus_device_id * id)821 static int scsifront_probe(struct xenbus_device *dev,
822 			   const struct xenbus_device_id *id)
823 {
824 	struct vscsifrnt_info *info;
825 	struct Scsi_Host *host;
826 	int err = -ENOMEM;
827 	char name[TASK_COMM_LEN];
828 
829 	host = scsi_host_alloc(&scsifront_sht, sizeof(*info));
830 	if (!host) {
831 		xenbus_dev_fatal(dev, err, "fail to allocate scsi host");
832 		return err;
833 	}
834 	info = (struct vscsifrnt_info *)host->hostdata;
835 
836 	dev_set_drvdata(&dev->dev, info);
837 	info->dev = dev;
838 
839 	bitmap_fill(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
840 
841 	err = scsifront_init_ring(info);
842 	if (err) {
843 		scsi_host_put(host);
844 		return err;
845 	}
846 
847 	init_waitqueue_head(&info->wq_sync);
848 	init_waitqueue_head(&info->wq_pause);
849 	spin_lock_init(&info->shadow_lock);
850 
851 	snprintf(name, TASK_COMM_LEN, "vscsiif.%d", host->host_no);
852 
853 	host->max_id      = VSCSIIF_MAX_TARGET;
854 	host->max_channel = 0;
855 	host->max_lun     = VSCSIIF_MAX_LUN;
856 	host->max_sectors = (host->sg_tablesize - 1) * PAGE_SIZE / 512;
857 	host->max_cmd_len = VSCSIIF_MAX_COMMAND_SIZE;
858 
859 	err = scsi_add_host(host, &dev->dev);
860 	if (err) {
861 		dev_err(&dev->dev, "fail to add scsi host %d\n", err);
862 		goto free_sring;
863 	}
864 	info->host = host;
865 	info->host_active = 1;
866 
867 	xenbus_switch_state(dev, XenbusStateInitialised);
868 
869 	return 0;
870 
871 free_sring:
872 	scsifront_free_ring(info);
873 	scsi_host_put(host);
874 	return err;
875 }
876 
scsifront_resume(struct xenbus_device * dev)877 static int scsifront_resume(struct xenbus_device *dev)
878 {
879 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
880 	struct Scsi_Host *host = info->host;
881 	int err;
882 
883 	spin_lock_irq(host->host_lock);
884 
885 	/* Finish all still pending commands. */
886 	scsifront_finish_all(info);
887 
888 	spin_unlock_irq(host->host_lock);
889 
890 	/* Reconnect to dom0. */
891 	scsifront_free_ring(info);
892 	err = scsifront_init_ring(info);
893 	if (err) {
894 		dev_err(&dev->dev, "fail to resume %d\n", err);
895 		scsi_host_put(host);
896 		return err;
897 	}
898 
899 	xenbus_switch_state(dev, XenbusStateInitialised);
900 
901 	return 0;
902 }
903 
scsifront_suspend(struct xenbus_device * dev)904 static int scsifront_suspend(struct xenbus_device *dev)
905 {
906 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
907 	struct Scsi_Host *host = info->host;
908 	int err = 0;
909 
910 	/* No new commands for the backend. */
911 	spin_lock_irq(host->host_lock);
912 	info->pause = 1;
913 	while (info->callers && !err) {
914 		info->waiting_pause = 1;
915 		info->wait_ring_available = 0;
916 		spin_unlock_irq(host->host_lock);
917 		wake_up(&info->wq_sync);
918 		err = wait_event_interruptible(info->wq_pause,
919 					       !info->waiting_pause);
920 		spin_lock_irq(host->host_lock);
921 	}
922 	spin_unlock_irq(host->host_lock);
923 	return err;
924 }
925 
scsifront_remove(struct xenbus_device * dev)926 static int scsifront_remove(struct xenbus_device *dev)
927 {
928 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
929 
930 	pr_debug("%s: %s removed\n", __func__, dev->nodename);
931 
932 	mutex_lock(&scsifront_mutex);
933 	if (info->host_active) {
934 		/* Scsi_host not yet removed */
935 		scsi_remove_host(info->host);
936 		info->host_active = 0;
937 	}
938 	mutex_unlock(&scsifront_mutex);
939 
940 	scsifront_free_ring(info);
941 	scsi_host_put(info->host);
942 
943 	return 0;
944 }
945 
scsifront_disconnect(struct vscsifrnt_info * info)946 static void scsifront_disconnect(struct vscsifrnt_info *info)
947 {
948 	struct xenbus_device *dev = info->dev;
949 	struct Scsi_Host *host = info->host;
950 
951 	pr_debug("%s: %s disconnect\n", __func__, dev->nodename);
952 
953 	/*
954 	 * When this function is executed, all devices of
955 	 * Frontend have been deleted.
956 	 * Therefore, it need not block I/O before remove_host.
957 	 */
958 
959 	mutex_lock(&scsifront_mutex);
960 	if (info->host_active) {
961 		scsi_remove_host(host);
962 		info->host_active = 0;
963 	}
964 	mutex_unlock(&scsifront_mutex);
965 
966 	xenbus_frontend_closed(dev);
967 }
968 
scsifront_do_lun_hotplug(struct vscsifrnt_info * info,int op)969 static void scsifront_do_lun_hotplug(struct vscsifrnt_info *info, int op)
970 {
971 	struct xenbus_device *dev = info->dev;
972 	int i, err = 0;
973 	char str[64];
974 	char **dir;
975 	unsigned int dir_n = 0;
976 	unsigned int device_state;
977 	unsigned int hst, chn, tgt, lun;
978 	struct scsi_device *sdev;
979 
980 	dir = xenbus_directory(XBT_NIL, dev->otherend, "vscsi-devs", &dir_n);
981 	if (IS_ERR(dir))
982 		return;
983 
984 	/* mark current task as the one allowed to modify device states */
985 	BUG_ON(info->curr);
986 	info->curr = current;
987 
988 	for (i = 0; i < dir_n; i++) {
989 		/* read status */
990 		snprintf(str, sizeof(str), "vscsi-devs/%s/state", dir[i]);
991 		err = xenbus_scanf(XBT_NIL, dev->otherend, str, "%u",
992 				   &device_state);
993 		if (XENBUS_EXIST_ERR(err))
994 			continue;
995 
996 		/* virtual SCSI device */
997 		snprintf(str, sizeof(str), "vscsi-devs/%s/v-dev", dir[i]);
998 		err = xenbus_scanf(XBT_NIL, dev->otherend, str,
999 				   "%u:%u:%u:%u", &hst, &chn, &tgt, &lun);
1000 		if (XENBUS_EXIST_ERR(err))
1001 			continue;
1002 
1003 		/*
1004 		 * Front device state path, used in slave_configure called
1005 		 * on successfull scsi_add_device, and in slave_destroy called
1006 		 * on remove of a device.
1007 		 */
1008 		snprintf(info->dev_state_path, sizeof(info->dev_state_path),
1009 			 "vscsi-devs/%s/state", dir[i]);
1010 
1011 		switch (op) {
1012 		case VSCSIFRONT_OP_ADD_LUN:
1013 			if (device_state != XenbusStateInitialised)
1014 				break;
1015 
1016 			if (scsi_add_device(info->host, chn, tgt, lun)) {
1017 				dev_err(&dev->dev, "scsi_add_device\n");
1018 				err = xenbus_printf(XBT_NIL, dev->nodename,
1019 					      info->dev_state_path,
1020 					      "%d", XenbusStateClosed);
1021 				if (err)
1022 					xenbus_dev_error(dev, err,
1023 						"%s: writing dev_state_path", __func__);
1024 			}
1025 			break;
1026 		case VSCSIFRONT_OP_DEL_LUN:
1027 			if (device_state != XenbusStateClosing)
1028 				break;
1029 
1030 			sdev = scsi_device_lookup(info->host, chn, tgt, lun);
1031 			if (sdev) {
1032 				scsi_remove_device(sdev);
1033 				scsi_device_put(sdev);
1034 			}
1035 			break;
1036 		case VSCSIFRONT_OP_READD_LUN:
1037 			if (device_state == XenbusStateConnected) {
1038 				err = xenbus_printf(XBT_NIL, dev->nodename,
1039 					      info->dev_state_path,
1040 					      "%d", XenbusStateConnected);
1041 				if (err)
1042 					xenbus_dev_error(dev, err,
1043 						"%s: writing dev_state_path", __func__);
1044 			}
1045 			break;
1046 		default:
1047 			break;
1048 		}
1049 	}
1050 
1051 	info->curr = NULL;
1052 
1053 	kfree(dir);
1054 }
1055 
scsifront_read_backend_params(struct xenbus_device * dev,struct vscsifrnt_info * info)1056 static void scsifront_read_backend_params(struct xenbus_device *dev,
1057 					  struct vscsifrnt_info *info)
1058 {
1059 	unsigned int sg_grant, nr_segs;
1060 	struct Scsi_Host *host = info->host;
1061 
1062 	sg_grant = xenbus_read_unsigned(dev->otherend, "feature-sg-grant", 0);
1063 	nr_segs = min_t(unsigned int, sg_grant, SG_ALL);
1064 	nr_segs = max_t(unsigned int, nr_segs, VSCSIIF_SG_TABLESIZE);
1065 	nr_segs = min_t(unsigned int, nr_segs,
1066 			VSCSIIF_SG_TABLESIZE * PAGE_SIZE /
1067 			sizeof(struct scsiif_request_segment));
1068 
1069 	if (!info->pause && sg_grant)
1070 		dev_info(&dev->dev, "using up to %d SG entries\n", nr_segs);
1071 	else if (info->pause && nr_segs < host->sg_tablesize)
1072 		dev_warn(&dev->dev,
1073 			 "SG entries decreased from %d to %u - device may not work properly anymore\n",
1074 			 host->sg_tablesize, nr_segs);
1075 
1076 	host->sg_tablesize = nr_segs;
1077 	host->max_sectors = (nr_segs - 1) * PAGE_SIZE / 512;
1078 }
1079 
scsifront_backend_changed(struct xenbus_device * dev,enum xenbus_state backend_state)1080 static void scsifront_backend_changed(struct xenbus_device *dev,
1081 				      enum xenbus_state backend_state)
1082 {
1083 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
1084 
1085 	pr_debug("%s: %p %u %u\n", __func__, dev, dev->state, backend_state);
1086 
1087 	switch (backend_state) {
1088 	case XenbusStateUnknown:
1089 	case XenbusStateInitialising:
1090 	case XenbusStateInitWait:
1091 	case XenbusStateInitialised:
1092 		break;
1093 
1094 	case XenbusStateConnected:
1095 		scsifront_read_backend_params(dev, info);
1096 
1097 		if (info->pause) {
1098 			scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_READD_LUN);
1099 			xenbus_switch_state(dev, XenbusStateConnected);
1100 			info->pause = 0;
1101 			return;
1102 		}
1103 
1104 		if (xenbus_read_driver_state(dev->nodename) ==
1105 		    XenbusStateInitialised)
1106 			scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1107 
1108 		if (dev->state != XenbusStateConnected)
1109 			xenbus_switch_state(dev, XenbusStateConnected);
1110 		break;
1111 
1112 	case XenbusStateClosed:
1113 		if (dev->state == XenbusStateClosed)
1114 			break;
1115 		/* Missed the backend's Closing state -- fallthrough */
1116 	case XenbusStateClosing:
1117 		scsifront_disconnect(info);
1118 		break;
1119 
1120 	case XenbusStateReconfiguring:
1121 		scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_DEL_LUN);
1122 		xenbus_switch_state(dev, XenbusStateReconfiguring);
1123 		break;
1124 
1125 	case XenbusStateReconfigured:
1126 		scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1127 		xenbus_switch_state(dev, XenbusStateConnected);
1128 		break;
1129 	}
1130 }
1131 
1132 static const struct xenbus_device_id scsifront_ids[] = {
1133 	{ "vscsi" },
1134 	{ "" }
1135 };
1136 
1137 static struct xenbus_driver scsifront_driver = {
1138 	.ids			= scsifront_ids,
1139 	.probe			= scsifront_probe,
1140 	.remove			= scsifront_remove,
1141 	.resume			= scsifront_resume,
1142 	.suspend		= scsifront_suspend,
1143 	.otherend_changed	= scsifront_backend_changed,
1144 };
1145 
scsifront_init(void)1146 static int __init scsifront_init(void)
1147 {
1148 	if (!xen_domain())
1149 		return -ENODEV;
1150 
1151 	return xenbus_register_frontend(&scsifront_driver);
1152 }
1153 module_init(scsifront_init);
1154 
scsifront_exit(void)1155 static void __exit scsifront_exit(void)
1156 {
1157 	xenbus_unregister_driver(&scsifront_driver);
1158 }
1159 module_exit(scsifront_exit);
1160 
1161 MODULE_DESCRIPTION("Xen SCSI frontend driver");
1162 MODULE_LICENSE("GPL");
1163 MODULE_ALIAS("xen:vscsi");
1164 MODULE_AUTHOR("Juergen Gross <jgross@suse.com>");
1165