search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / drivers / scsi / virtio_scsi.c
blob9237427728cede9a2b359e20526e4f54ce09ecba
1 /*
2 * Virtio SCSI HBA driver
3 *
4 * Copyright IBM Corp. 2010
5 * Copyright Red Hat, Inc. 2011
6 *
7 * Authors:
8 * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>
9 * Paolo Bonzini <pbonzini@redhat.com>
10 *
11 * This work is licensed under the terms of the GNU GPL, version 2 or later.
12 * See the COPYING file in the top-level directory.
13 *
14 */
15
16 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
17
18 #include <linux/module.h>
19 #include <linux/slab.h>
20 #include <linux/mempool.h>
21 #include <linux/virtio.h>
22 #include <linux/virtio_ids.h>
23 #include <linux/virtio_config.h>
24 #include <linux/virtio_scsi.h>
25 #include <linux/cpu.h>
26 #include <linux/blkdev.h>
27 #include <scsi/scsi_host.h>
28 #include <scsi/scsi_device.h>
29 #include <scsi/scsi_cmnd.h>
30 #include <scsi/scsi_tcq.h>
31 #include <scsi/scsi_devinfo.h>
32 #include <linux/seqlock.h>
33
34 #define VIRTIO_SCSI_MEMPOOL_SZ 64
35 #define VIRTIO_SCSI_EVENT_LEN 8
36 #define VIRTIO_SCSI_VQ_BASE 2
37
38 /* Command queue element */
39 struct virtio_scsi_cmd {
40 struct scsi_cmnd *sc;
41 struct completion *comp;
42 union {
43 struct virtio_scsi_cmd_req cmd;
44 struct virtio_scsi_cmd_req_pi cmd_pi;
45 struct virtio_scsi_ctrl_tmf_req tmf;
46 struct virtio_scsi_ctrl_an_req an;
47 } req;
48 union {
49 struct virtio_scsi_cmd_resp cmd;
50 struct virtio_scsi_ctrl_tmf_resp tmf;
51 struct virtio_scsi_ctrl_an_resp an;
52 struct virtio_scsi_event evt;
53 } resp;
54 } ____cacheline_aligned_in_smp;
55
56 struct virtio_scsi_event_node {
57 struct virtio_scsi *vscsi;
58 struct virtio_scsi_event event;
59 struct work_struct work;
60 };
61
62 struct virtio_scsi_vq {
63 /* Protects vq */
64 spinlock_t vq_lock;
65
66 struct virtqueue *vq;
67 };
68
69 /*
70 * Per-target queue state.
71 *
72 * This struct holds the data needed by the queue steering policy. When a
73 * target is sent multiple requests, we need to drive them to the same queue so
74 * that FIFO processing order is kept. However, if a target was idle, we can
75 * choose a queue arbitrarily. In this case the queue is chosen according to
76 * the current VCPU, so the driver expects the number of request queues to be
77 * equal to the number of VCPUs. This makes it easy and fast to select the
78 * queue, and also lets the driver optimize the IRQ affinity for the virtqueues
79 * (each virtqueue's affinity is set to the CPU that "owns" the queue).
80 *
81 * tgt_seq is held to serialize reading and writing req_vq.
82 *
83 * Decrements of reqs are never concurrent with writes of req_vq: before the
84 * decrement reqs will be != 0; after the decrement the virtqueue completion
85 * routine will not use the req_vq so it can be changed by a new request.
86 * Thus they can happen outside the tgt_seq, provided of course we make reqs
87 * an atomic_t.
88 */
89 struct virtio_scsi_target_state {
90 seqcount_t tgt_seq;
91
92 /* Count of outstanding requests. */
93 atomic_t reqs;
94
95 /* Currently active virtqueue for requests sent to this target. */
96 struct virtio_scsi_vq *req_vq;
97 };
98
99 /* Driver instance state */
100 struct virtio_scsi {
101 struct virtio_device *vdev;
102
103 /* Get some buffers ready for event vq */
104 struct virtio_scsi_event_node event_list[VIRTIO_SCSI_EVENT_LEN];
105
106 u32 num_queues;
107
108 /* If the affinity hint is set for virtqueues */
109 bool affinity_hint_set;
110
111 /* CPU hotplug notifier */
112 struct notifier_block nb;
113
114 /* Protected by event_vq lock */
115 bool stop_events;
116
117 struct virtio_scsi_vq ctrl_vq;
118 struct virtio_scsi_vq event_vq;
119 struct virtio_scsi_vq req_vqs[];
120 };
121
122 static struct kmem_cache *virtscsi_cmd_cache;
123 static mempool_t *virtscsi_cmd_pool;
124
125 static inline struct Scsi_Host *virtio_scsi_host(struct virtio_device *vdev)
126 {
127 return vdev->priv;
128 }
129
130 static void virtscsi_compute_resid(struct scsi_cmnd *sc, u32 resid)
131 {
132 if (!resid)
133 return;
134
135 if (!scsi_bidi_cmnd(sc)) {
136 scsi_set_resid(sc, resid);
137 return;
138 }
139
140 scsi_in(sc)->resid = min(resid, scsi_in(sc)->length);
141 scsi_out(sc)->resid = resid - scsi_in(sc)->resid;
142 }
143
144 /**
145 * virtscsi_complete_cmd - finish a scsi_cmd and invoke scsi_done
146 *
147 * Called with vq_lock held.
148 */
149 static void virtscsi_complete_cmd(struct virtio_scsi *vscsi, void *buf)
150 {
151 struct virtio_scsi_cmd *cmd = buf;
152 struct scsi_cmnd *sc = cmd->sc;
153 struct virtio_scsi_cmd_resp *resp = &cmd->resp.cmd;
154 struct virtio_scsi_target_state *tgt =
155 scsi_target(sc->device)->hostdata;
156
157 dev_dbg(&sc->device->sdev_gendev,
158 "cmd %p response %u status %#02x sense_len %u\n",
159 sc, resp->response, resp->status, resp->sense_len);
160
161 sc->result = resp->status;
162 virtscsi_compute_resid(sc, virtio32_to_cpu(vscsi->vdev, resp->resid));
163 switch (resp->response) {
164 case VIRTIO_SCSI_S_OK:
165 set_host_byte(sc, DID_OK);
166 break;
167 case VIRTIO_SCSI_S_OVERRUN:
168 set_host_byte(sc, DID_ERROR);
169 break;
170 case VIRTIO_SCSI_S_ABORTED:
171 set_host_byte(sc, DID_ABORT);
172 break;
173 case VIRTIO_SCSI_S_BAD_TARGET:
174 set_host_byte(sc, DID_BAD_TARGET);
175 break;
176 case VIRTIO_SCSI_S_RESET:
177 set_host_byte(sc, DID_RESET);
178 break;
179 case VIRTIO_SCSI_S_BUSY:
180 set_host_byte(sc, DID_BUS_BUSY);
181 break;
182 case VIRTIO_SCSI_S_TRANSPORT_FAILURE:
183 set_host_byte(sc, DID_TRANSPORT_DISRUPTED);
184 break;
185 case VIRTIO_SCSI_S_TARGET_FAILURE:
186 set_host_byte(sc, DID_TARGET_FAILURE);
187 break;
188 case VIRTIO_SCSI_S_NEXUS_FAILURE:
189 set_host_byte(sc, DID_NEXUS_FAILURE);
190 break;
191 default:
192 scmd_printk(KERN_WARNING, sc, "Unknown response %d",
193 resp->response);
194 /* fall through */
195 case VIRTIO_SCSI_S_FAILURE:
196 set_host_byte(sc, DID_ERROR);
197 break;
198 }
199
200 WARN_ON(virtio32_to_cpu(vscsi->vdev, resp->sense_len) >
201 VIRTIO_SCSI_SENSE_SIZE);
202 if (sc->sense_buffer) {
203 memcpy(sc->sense_buffer, resp->sense,
204 min_t(u32,
205 virtio32_to_cpu(vscsi->vdev, resp->sense_len),
206 VIRTIO_SCSI_SENSE_SIZE));
207 if (resp->sense_len)
208 set_driver_byte(sc, DRIVER_SENSE);
209 }
210
211 sc->scsi_done(sc);
212
213 atomic_dec(&tgt->reqs);
214 }
215
216 static void virtscsi_vq_done(struct virtio_scsi *vscsi,
217 struct virtio_scsi_vq *virtscsi_vq,
218 void (*fn)(struct virtio_scsi *vscsi, void *buf))
219 {
220 void *buf;
221 unsigned int len;
222 unsigned long flags;
223 struct virtqueue *vq = virtscsi_vq->vq;
224
225 spin_lock_irqsave(&virtscsi_vq->vq_lock, flags);
226 do {
227 virtqueue_disable_cb(vq);
228 while ((buf = virtqueue_get_buf(vq, &len)) != NULL)
229 fn(vscsi, buf);
230
231 if (unlikely(virtqueue_is_broken(vq)))
232 break;
233 } while (!virtqueue_enable_cb(vq));
234 spin_unlock_irqrestore(&virtscsi_vq->vq_lock, flags);
235 }
236
237 static void virtscsi_req_done(struct virtqueue *vq)
238 {
239 struct Scsi_Host *sh = virtio_scsi_host(vq->vdev);
240 struct virtio_scsi *vscsi = shost_priv(sh);
241 int index = vq->index - VIRTIO_SCSI_VQ_BASE;
242 struct virtio_scsi_vq *req_vq = &vscsi->req_vqs[index];
243
244 virtscsi_vq_done(vscsi, req_vq, virtscsi_complete_cmd);
245 };
246
247 static void virtscsi_poll_requests(struct virtio_scsi *vscsi)
248 {
249 int i, num_vqs;
250
251 num_vqs = vscsi->num_queues;
252 for (i = 0; i < num_vqs; i++)
253 virtscsi_vq_done(vscsi, &vscsi->req_vqs[i],
254 virtscsi_complete_cmd);
255 }
256
257 static void virtscsi_complete_free(struct virtio_scsi *vscsi, void *buf)
258 {
259 struct virtio_scsi_cmd *cmd = buf;
260
261 if (cmd->comp)
262 complete_all(cmd->comp);
263 }
264
265 static void virtscsi_ctrl_done(struct virtqueue *vq)
266 {
267 struct Scsi_Host *sh = virtio_scsi_host(vq->vdev);
268 struct virtio_scsi *vscsi = shost_priv(sh);
269
270 virtscsi_vq_done(vscsi, &vscsi->ctrl_vq, virtscsi_complete_free);
271 };
272
273 static void virtscsi_handle_event(struct work_struct *work);
274
275 static int virtscsi_kick_event(struct virtio_scsi *vscsi,
276 struct virtio_scsi_event_node *event_node)
277 {
278 int err;
279 struct scatterlist sg;
280 unsigned long flags;
281
282 INIT_WORK(&event_node->work, virtscsi_handle_event);
283 sg_init_one(&sg, &event_node->event, sizeof(struct virtio_scsi_event));
284
285 spin_lock_irqsave(&vscsi->event_vq.vq_lock, flags);
286
287 err = virtqueue_add_inbuf(vscsi->event_vq.vq, &sg, 1, event_node,
288 GFP_ATOMIC);
289 if (!err)
290 virtqueue_kick(vscsi->event_vq.vq);
291
292 spin_unlock_irqrestore(&vscsi->event_vq.vq_lock, flags);
293
294 return err;
295 }
296
297 static int virtscsi_kick_event_all(struct virtio_scsi *vscsi)
298 {
299 int i;
300
301 for (i = 0; i < VIRTIO_SCSI_EVENT_LEN; i++) {
302 vscsi->event_list[i].vscsi = vscsi;
303 virtscsi_kick_event(vscsi, &vscsi->event_list[i]);
304 }
305
306 return 0;
307 }
308
309 static void virtscsi_cancel_event_work(struct virtio_scsi *vscsi)
310 {
311 int i;
312
313 /* Stop scheduling work before calling cancel_work_sync. */
314 spin_lock_irq(&vscsi->event_vq.vq_lock);
315 vscsi->stop_events = true;
316 spin_unlock_irq(&vscsi->event_vq.vq_lock);
317
318 for (i = 0; i < VIRTIO_SCSI_EVENT_LEN; i++)
319 cancel_work_sync(&vscsi->event_list[i].work);
320 }
321
322 static void virtscsi_handle_transport_reset(struct virtio_scsi *vscsi,
323 struct virtio_scsi_event *event)
324 {
325 struct scsi_device *sdev;
326 struct Scsi_Host *shost = virtio_scsi_host(vscsi->vdev);
327 unsigned int target = event->lun[1];
328 unsigned int lun = (event->lun[2] << 8) | event->lun[3];
329
330 switch (virtio32_to_cpu(vscsi->vdev, event->reason)) {
331 case VIRTIO_SCSI_EVT_RESET_RESCAN:
332 scsi_add_device(shost, 0, target, lun);
333 break;
334 case VIRTIO_SCSI_EVT_RESET_REMOVED:
335 sdev = scsi_device_lookup(shost, 0, target, lun);
336 if (sdev) {
337 scsi_remove_device(sdev);
338 scsi_device_put(sdev);
339 } else {
340 pr_err("SCSI device %d 0 %d %d not found\n",
341 shost->host_no, target, lun);
342 }
343 break;
344 default:
345 pr_info("Unsupport virtio scsi event reason %x\n", event->reason);
346 }
347 }
348
349 static void virtscsi_handle_param_change(struct virtio_scsi *vscsi,
350 struct virtio_scsi_event *event)
351 {
352 struct scsi_device *sdev;
353 struct Scsi_Host *shost = virtio_scsi_host(vscsi->vdev);
354 unsigned int target = event->lun[1];
355 unsigned int lun = (event->lun[2] << 8) | event->lun[3];
356 u8 asc = virtio32_to_cpu(vscsi->vdev, event->reason) & 255;
357 u8 ascq = virtio32_to_cpu(vscsi->vdev, event->reason) >> 8;
358
359 sdev = scsi_device_lookup(shost, 0, target, lun);
360 if (!sdev) {
361 pr_err("SCSI device %d 0 %d %d not found\n",
362 shost->host_no, target, lun);
363 return;
364 }
365
366 /* Handle "Parameters changed", "Mode parameters changed", and
367 "Capacity data has changed". */
368 if (asc == 0x2a && (ascq == 0x00 || ascq == 0x01 || ascq == 0x09))
369 scsi_rescan_device(&sdev->sdev_gendev);
370
371 scsi_device_put(sdev);
372 }
373
374 static void virtscsi_handle_event(struct work_struct *work)
375 {
376 struct virtio_scsi_event_node *event_node =
377 container_of(work, struct virtio_scsi_event_node, work);
378 struct virtio_scsi *vscsi = event_node->vscsi;
379 struct virtio_scsi_event *event = &event_node->event;
380
381 if (event->event &
382 cpu_to_virtio32(vscsi->vdev, VIRTIO_SCSI_T_EVENTS_MISSED)) {
383 event->event &= ~cpu_to_virtio32(vscsi->vdev,
384 VIRTIO_SCSI_T_EVENTS_MISSED);
385 scsi_scan_host(virtio_scsi_host(vscsi->vdev));
386 }
387
388 switch (virtio32_to_cpu(vscsi->vdev, event->event)) {
389 case VIRTIO_SCSI_T_NO_EVENT:
390 break;
391 case VIRTIO_SCSI_T_TRANSPORT_RESET:
392 virtscsi_handle_transport_reset(vscsi, event);
393 break;
394 case VIRTIO_SCSI_T_PARAM_CHANGE:
395 virtscsi_handle_param_change(vscsi, event);
396 break;
397 default:
398 pr_err("Unsupport virtio scsi event %x\n", event->event);
399 }
400 virtscsi_kick_event(vscsi, event_node);
401 }
402
403 static void virtscsi_complete_event(struct virtio_scsi *vscsi, void *buf)
404 {
405 struct virtio_scsi_event_node *event_node = buf;
406
407 if (!vscsi->stop_events)
408 queue_work(system_freezable_wq, &event_node->work);
409 }
410
411 static void virtscsi_event_done(struct virtqueue *vq)
412 {
413 struct Scsi_Host *sh = virtio_scsi_host(vq->vdev);
414 struct virtio_scsi *vscsi = shost_priv(sh);
415
416 virtscsi_vq_done(vscsi, &vscsi->event_vq, virtscsi_complete_event);
417 };
418
419 /**
420 * virtscsi_add_cmd - add a virtio_scsi_cmd to a virtqueue
421 * @vq : the struct virtqueue we're talking about
422 * @cmd : command structure
423 * @req_size : size of the request buffer
424 * @resp_size : size of the response buffer
425 */
426 static int virtscsi_add_cmd(struct virtqueue *vq,
427 struct virtio_scsi_cmd *cmd,
428 size_t req_size, size_t resp_size)
429 {
430 struct scsi_cmnd *sc = cmd->sc;
431 struct scatterlist *sgs[6], req, resp;
432 struct sg_table *out, *in;
433 unsigned out_num = 0, in_num = 0;
434
435 out = in = NULL;
436
437 if (sc && sc->sc_data_direction != DMA_NONE) {
438 if (sc->sc_data_direction != DMA_FROM_DEVICE)
439 out = &scsi_out(sc)->table;
440 if (sc->sc_data_direction != DMA_TO_DEVICE)
441 in = &scsi_in(sc)->table;
442 }
443
444 /* Request header. */
445 sg_init_one(&req, &cmd->req, req_size);
446 sgs[out_num++] = &req;
447
448 /* Data-out buffer. */
449 if (out) {
450 /* Place WRITE protection SGLs before Data OUT payload */
451 if (scsi_prot_sg_count(sc))
452 sgs[out_num++] = scsi_prot_sglist(sc);
453 sgs[out_num++] = out->sgl;
454 }
455
456 /* Response header. */
457 sg_init_one(&resp, &cmd->resp, resp_size);
458 sgs[out_num + in_num++] = &resp;
459
460 /* Data-in buffer */
461 if (in) {
462 /* Place READ protection SGLs before Data IN payload */
463 if (scsi_prot_sg_count(sc))
464 sgs[out_num + in_num++] = scsi_prot_sglist(sc);
465 sgs[out_num + in_num++] = in->sgl;
466 }
467
468 return virtqueue_add_sgs(vq, sgs, out_num, in_num, cmd, GFP_ATOMIC);
469 }
470
471 static int virtscsi_kick_cmd(struct virtio_scsi_vq *vq,
472 struct virtio_scsi_cmd *cmd,
473 size_t req_size, size_t resp_size)
474 {
475 unsigned long flags;
476 int err;
477 bool needs_kick = false;
478
479 spin_lock_irqsave(&vq->vq_lock, flags);
480 err = virtscsi_add_cmd(vq->vq, cmd, req_size, resp_size);
481 if (!err)
482 needs_kick = virtqueue_kick_prepare(vq->vq);
483
484 spin_unlock_irqrestore(&vq->vq_lock, flags);
485
486 if (needs_kick)
487 virtqueue_notify(vq->vq);
488 return err;
489 }
490
491 static void virtio_scsi_init_hdr(struct virtio_device *vdev,
492 struct virtio_scsi_cmd_req *cmd,
493 struct scsi_cmnd *sc)
494 {
495 cmd->lun[0] = 1;
496 cmd->lun[1] = sc->device->id;
497 cmd->lun[2] = (sc->device->lun >> 8) | 0x40;
498 cmd->lun[3] = sc->device->lun & 0xff;
499 cmd->tag = cpu_to_virtio64(vdev, (unsigned long)sc);
500 cmd->task_attr = VIRTIO_SCSI_S_SIMPLE;
501 cmd->prio = 0;
502 cmd->crn = 0;
503 }
504
505 #ifdef CONFIG_BLK_DEV_INTEGRITY
506 static void virtio_scsi_init_hdr_pi(struct virtio_device *vdev,
507 struct virtio_scsi_cmd_req_pi *cmd_pi,
508 struct scsi_cmnd *sc)
509 {
510 struct request *rq = sc->request;
511 struct blk_integrity *bi;
512
513 virtio_scsi_init_hdr(vdev, (struct virtio_scsi_cmd_req *)cmd_pi, sc);
514
515 if (!rq || !scsi_prot_sg_count(sc))
516 return;
517
518 bi = blk_get_integrity(rq->rq_disk);
519
520 if (sc->sc_data_direction == DMA_TO_DEVICE)
521 cmd_pi->pi_bytesout = cpu_to_virtio32(vdev,
522 blk_rq_sectors(rq) *
523 bi->tuple_size);
524 else if (sc->sc_data_direction == DMA_FROM_DEVICE)
525 cmd_pi->pi_bytesin = cpu_to_virtio32(vdev,
526 blk_rq_sectors(rq) *
527 bi->tuple_size);
528 }
529 #endif
530
531 static int virtscsi_queuecommand(struct virtio_scsi *vscsi,
532 struct virtio_scsi_vq *req_vq,
533 struct scsi_cmnd *sc)
534 {
535 struct Scsi_Host *shost = virtio_scsi_host(vscsi->vdev);
536 struct virtio_scsi_cmd *cmd = scsi_cmd_priv(sc);
537 unsigned long flags;
538 int req_size;
539 int ret;
540
541 BUG_ON(scsi_sg_count(sc) > shost->sg_tablesize);
542
543 /* TODO: check feature bit and fail if unsupported? */
544 BUG_ON(sc->sc_data_direction == DMA_BIDIRECTIONAL);
545
546 dev_dbg(&sc->device->sdev_gendev,
547 "cmd %p CDB: %#02x\n", sc, sc->cmnd[0]);
548
549 memset(cmd, 0, sizeof(*cmd));
550 cmd->sc = sc;
551
552 BUG_ON(sc->cmd_len > VIRTIO_SCSI_CDB_SIZE);
553
554 #ifdef CONFIG_BLK_DEV_INTEGRITY
555 if (virtio_has_feature(vscsi->vdev, VIRTIO_SCSI_F_T10_PI)) {
556 virtio_scsi_init_hdr_pi(vscsi->vdev, &cmd->req.cmd_pi, sc);
557 memcpy(cmd->req.cmd_pi.cdb, sc->cmnd, sc->cmd_len);
558 req_size = sizeof(cmd->req.cmd_pi);
559 } else
560 #endif
561 {
562 virtio_scsi_init_hdr(vscsi->vdev, &cmd->req.cmd, sc);
563 memcpy(cmd->req.cmd.cdb, sc->cmnd, sc->cmd_len);
564 req_size = sizeof(cmd->req.cmd);
565 }
566
567 ret = virtscsi_kick_cmd(req_vq, cmd, req_size, sizeof(cmd->resp.cmd));
568 if (ret == -EIO) {
569 cmd->resp.cmd.response = VIRTIO_SCSI_S_BAD_TARGET;
570 spin_lock_irqsave(&req_vq->vq_lock, flags);
571 virtscsi_complete_cmd(vscsi, cmd);
572 spin_unlock_irqrestore(&req_vq->vq_lock, flags);
573 } else if (ret != 0) {
574 return SCSI_MLQUEUE_HOST_BUSY;
575 }
576 return 0;
577 }
578
579 static int virtscsi_queuecommand_single(struct Scsi_Host *sh,
580 struct scsi_cmnd *sc)
581 {
582 struct virtio_scsi *vscsi = shost_priv(sh);
583 struct virtio_scsi_target_state *tgt =
584 scsi_target(sc->device)->hostdata;
585
586 atomic_inc(&tgt->reqs);
587 return virtscsi_queuecommand(vscsi, &vscsi->req_vqs[0], sc);
588 }
589
590 static struct virtio_scsi_vq *virtscsi_pick_vq_mq(struct virtio_scsi *vscsi,
591 struct scsi_cmnd *sc)
592 {
593 u32 tag = blk_mq_unique_tag(sc->request);
594 u16 hwq = blk_mq_unique_tag_to_hwq(tag);
595
596 return &vscsi->req_vqs[hwq];
597 }
598
599 static struct virtio_scsi_vq *virtscsi_pick_vq(struct virtio_scsi *vscsi,
600 struct virtio_scsi_target_state *tgt)
601 {
602 struct virtio_scsi_vq *vq;
603 unsigned long flags;
604 u32 queue_num;
605
606 local_irq_save(flags);
607 if (atomic_inc_return(&tgt->reqs) > 1) {
608 unsigned long seq;
609
610 do {
611 seq = read_seqcount_begin(&tgt->tgt_seq);
612 vq = tgt->req_vq;
613 } while (read_seqcount_retry(&tgt->tgt_seq, seq));
614 } else {
615 /* no writes can be concurrent because of atomic_t */
616 write_seqcount_begin(&tgt->tgt_seq);
617
618 /* keep previous req_vq if a reader just arrived */
619 if (unlikely(atomic_read(&tgt->reqs) > 1)) {
620 vq = tgt->req_vq;
621 goto unlock;
622 }
623
624 queue_num = smp_processor_id();
625 while (unlikely(queue_num >= vscsi->num_queues))
626 queue_num -= vscsi->num_queues;
627 tgt->req_vq = vq = &vscsi->req_vqs[queue_num];
628 unlock:
629 write_seqcount_end(&tgt->tgt_seq);
630 }
631 local_irq_restore(flags);
632
633 return vq;
634 }
635
636 static int virtscsi_queuecommand_multi(struct Scsi_Host *sh,
637 struct scsi_cmnd *sc)
638 {
639 struct virtio_scsi *vscsi = shost_priv(sh);
640 struct virtio_scsi_target_state *tgt =
641 scsi_target(sc->device)->hostdata;
642 struct virtio_scsi_vq *req_vq;
643
644 if (shost_use_blk_mq(sh))
645 req_vq = virtscsi_pick_vq_mq(vscsi, sc);
646 else
647 req_vq = virtscsi_pick_vq(vscsi, tgt);
648
649 return virtscsi_queuecommand(vscsi, req_vq, sc);
650 }
651
652 static int virtscsi_tmf(struct virtio_scsi *vscsi, struct virtio_scsi_cmd *cmd)
653 {
654 DECLARE_COMPLETION_ONSTACK(comp);
655 int ret = FAILED;
656
657 cmd->comp = &comp;
658 if (virtscsi_kick_cmd(&vscsi->ctrl_vq, cmd,
659 sizeof cmd->req.tmf, sizeof cmd->resp.tmf) < 0)
660 goto out;
661
662 wait_for_completion(&comp);
663 if (cmd->resp.tmf.response == VIRTIO_SCSI_S_OK ||
664 cmd->resp.tmf.response == VIRTIO_SCSI_S_FUNCTION_SUCCEEDED)
665 ret = SUCCESS;
666
667 /*
668 * The spec guarantees that all requests related to the TMF have
669 * been completed, but the callback might not have run yet if
670 * we're using independent interrupts (e.g. MSI). Poll the
671 * virtqueues once.
672 *
673 * In the abort case, sc->scsi_done will do nothing, because
674 * the block layer must have detected a timeout and as a result
675 * REQ_ATOM_COMPLETE has been set.
676 */
677 virtscsi_poll_requests(vscsi);
678
679 out:
680 mempool_free(cmd, virtscsi_cmd_pool);
681 return ret;
682 }
683
684 static int virtscsi_device_reset(struct scsi_cmnd *sc)
685 {
686 struct virtio_scsi *vscsi = shost_priv(sc->device->host);
687 struct virtio_scsi_cmd *cmd;
688
689 sdev_printk(KERN_INFO, sc->device, "device reset\n");
690 cmd = mempool_alloc(virtscsi_cmd_pool, GFP_NOIO);
691 if (!cmd)
692 return FAILED;
693
694 memset(cmd, 0, sizeof(*cmd));
695 cmd->req.tmf = (struct virtio_scsi_ctrl_tmf_req){
696 .type = VIRTIO_SCSI_T_TMF,
697 .subtype = cpu_to_virtio32(vscsi->vdev,
698 VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET),
699 .lun[0] = 1,
700 .lun[1] = sc->device->id,
701 .lun[2] = (sc->device->lun >> 8) | 0x40,
702 .lun[3] = sc->device->lun & 0xff,
703 };
704 return virtscsi_tmf(vscsi, cmd);
705 }
706
707 static int virtscsi_device_alloc(struct scsi_device *sdevice)
708 {
709 /*
710 * Passed through SCSI targets (e.g. with qemu's 'scsi-block')
711 * may have transfer limits which come from the host SCSI
712 * controller or something on the host side other than the
713 * target itself.
714 *
715 * To make this work properly, the hypervisor can adjust the
716 * target's VPD information to advertise these limits. But
717 * for that to work, the guest has to look at the VPD pages,
718 * which we won't do by default if it is an SPC-2 device, even
719 * if it does actually support it.
720 *
721 * So, set the blist to always try to read the VPD pages.
722 */
723 sdevice->sdev_bflags = BLIST_TRY_VPD_PAGES;
724
725 return 0;
726 }
727
728
729 /**
730 * virtscsi_change_queue_depth() - Change a virtscsi target's queue depth
731 * @sdev: Virtscsi target whose queue depth to change
732 * @qdepth: New queue depth
733 */
734 static int virtscsi_change_queue_depth(struct scsi_device *sdev, int qdepth)
735 {
736 struct Scsi_Host *shost = sdev->host;
737 int max_depth = shost->cmd_per_lun;
738
739 return scsi_change_queue_depth(sdev, min(max_depth, qdepth));
740 }
741
742 static int virtscsi_abort(struct scsi_cmnd *sc)
743 {
744 struct virtio_scsi *vscsi = shost_priv(sc->device->host);
745 struct virtio_scsi_cmd *cmd;
746
747 scmd_printk(KERN_INFO, sc, "abort\n");
748 cmd = mempool_alloc(virtscsi_cmd_pool, GFP_NOIO);
749 if (!cmd)
750 return FAILED;
751
752 memset(cmd, 0, sizeof(*cmd));
753 cmd->req.tmf = (struct virtio_scsi_ctrl_tmf_req){
754 .type = VIRTIO_SCSI_T_TMF,
755 .subtype = VIRTIO_SCSI_T_TMF_ABORT_TASK,
756 .lun[0] = 1,
757 .lun[1] = sc->device->id,
758 .lun[2] = (sc->device->lun >> 8) | 0x40,
759 .lun[3] = sc->device->lun & 0xff,
760 .tag = cpu_to_virtio64(vscsi->vdev, (unsigned long)sc),
761 };
762 return virtscsi_tmf(vscsi, cmd);
763 }
764
765 static int virtscsi_target_alloc(struct scsi_target *starget)
766 {
767 struct Scsi_Host *sh = dev_to_shost(starget->dev.parent);
768 struct virtio_scsi *vscsi = shost_priv(sh);
769
770 struct virtio_scsi_target_state *tgt =
771 kmalloc(sizeof(*tgt), GFP_KERNEL);
772 if (!tgt)
773 return -ENOMEM;
774
775 seqcount_init(&tgt->tgt_seq);
776 atomic_set(&tgt->reqs, 0);
777 tgt->req_vq = &vscsi->req_vqs[0];
778
779 starget->hostdata = tgt;
780 return 0;
781 }
782
783 static void virtscsi_target_destroy(struct scsi_target *starget)
784 {
785 struct virtio_scsi_target_state *tgt = starget->hostdata;
786 kfree(tgt);
787 }
788
789 static struct scsi_host_template virtscsi_host_template_single = {
790 .module = THIS_MODULE,
791 .name = "Virtio SCSI HBA",
792 .proc_name = "virtio_scsi",
793 .this_id = -1,
794 .cmd_size = sizeof(struct virtio_scsi_cmd),
795 .queuecommand = virtscsi_queuecommand_single,
796 .change_queue_depth = virtscsi_change_queue_depth,
797 .eh_abort_handler = virtscsi_abort,
798 .eh_device_reset_handler = virtscsi_device_reset,
799 .slave_alloc = virtscsi_device_alloc,
800
801 .can_queue = 1024,
802 .dma_boundary = UINT_MAX,
803 .use_clustering = ENABLE_CLUSTERING,
804 .target_alloc = virtscsi_target_alloc,
805 .target_destroy = virtscsi_target_destroy,
806 .track_queue_depth = 1,
807 };
808
809 static struct scsi_host_template virtscsi_host_template_multi = {
810 .module = THIS_MODULE,
811 .name = "Virtio SCSI HBA",
812 .proc_name = "virtio_scsi",
813 .this_id = -1,
814 .cmd_size = sizeof(struct virtio_scsi_cmd),
815 .queuecommand = virtscsi_queuecommand_multi,
816 .change_queue_depth = virtscsi_change_queue_depth,
817 .eh_abort_handler = virtscsi_abort,
818 .eh_device_reset_handler = virtscsi_device_reset,
819
820 .slave_alloc = virtscsi_device_alloc,
821 .can_queue = 1024,
822 .dma_boundary = UINT_MAX,
823 .use_clustering = ENABLE_CLUSTERING,
824 .target_alloc = virtscsi_target_alloc,
825 .target_destroy = virtscsi_target_destroy,
826 .track_queue_depth = 1,
827 };
828
829 #define virtscsi_config_get(vdev, fld) \
830 ({ \
831 typeof(((struct virtio_scsi_config *)0)->fld) __val; \
832 virtio_cread(vdev, struct virtio_scsi_config, fld, &__val); \
833 __val; \
834 })
835
836 #define virtscsi_config_set(vdev, fld, val) \
837 do { \
838 typeof(((struct virtio_scsi_config *)0)->fld) __val = (val); \
839 virtio_cwrite(vdev, struct virtio_scsi_config, fld, &__val); \
840 } while(0)
841
842 static void __virtscsi_set_affinity(struct virtio_scsi *vscsi, bool affinity)
843 {
844 int i;
845 int cpu;
846
847 /* In multiqueue mode, when the number of cpu is equal
848 * to the number of request queues, we let the qeueues
849 * to be private to one cpu by setting the affinity hint
850 * to eliminate the contention.
851 */
852 if ((vscsi->num_queues == 1 ||
853 vscsi->num_queues != num_online_cpus()) && affinity) {
854 if (vscsi->affinity_hint_set)
855 affinity = false;
856 else
857 return;
858 }
859
860 if (affinity) {
861 i = 0;
862 for_each_online_cpu(cpu) {
863 virtqueue_set_affinity(vscsi->req_vqs[i].vq, cpu);
864 i++;
865 }
866
867 vscsi->affinity_hint_set = true;
868 } else {
869 for (i = 0; i < vscsi->num_queues; i++) {
870 if (!vscsi->req_vqs[i].vq)
871 continue;
872
873 virtqueue_set_affinity(vscsi->req_vqs[i].vq, -1);
874 }
875
876 vscsi->affinity_hint_set = false;
877 }
878 }
879
880 static void virtscsi_set_affinity(struct virtio_scsi *vscsi, bool affinity)
881 {
882 get_online_cpus();
883 __virtscsi_set_affinity(vscsi, affinity);
884 put_online_cpus();
885 }
886
887 static int virtscsi_cpu_callback(struct notifier_block *nfb,
888 unsigned long action, void *hcpu)
889 {
890 struct virtio_scsi *vscsi = container_of(nfb, struct virtio_scsi, nb);
891 switch(action) {
892 case CPU_ONLINE:
893 case CPU_ONLINE_FROZEN:
894 case CPU_DEAD:
895 case CPU_DEAD_FROZEN:
896 __virtscsi_set_affinity(vscsi, true);
897 break;
898 default:
899 break;
900 }
901 return NOTIFY_OK;
902 }
903
904 static void virtscsi_init_vq(struct virtio_scsi_vq *virtscsi_vq,
905 struct virtqueue *vq)
906 {
907 spin_lock_init(&virtscsi_vq->vq_lock);
908 virtscsi_vq->vq = vq;
909 }
910
911 static void virtscsi_remove_vqs(struct virtio_device *vdev)
912 {
913 struct Scsi_Host *sh = virtio_scsi_host(vdev);
914 struct virtio_scsi *vscsi = shost_priv(sh);
915
916 virtscsi_set_affinity(vscsi, false);
917
918 /* Stop all the virtqueues. */
919 vdev->config->reset(vdev);
920
921 vdev->config->del_vqs(vdev);
922 }
923
924 static int virtscsi_init(struct virtio_device *vdev,
925 struct virtio_scsi *vscsi)
926 {
927 int err;
928 u32 i;
929 u32 num_vqs;
930 vq_callback_t **callbacks;
931 const char **names;
932 struct virtqueue **vqs;
933
934 num_vqs = vscsi->num_queues + VIRTIO_SCSI_VQ_BASE;
935 vqs = kmalloc(num_vqs * sizeof(struct virtqueue *), GFP_KERNEL);
936 callbacks = kmalloc(num_vqs * sizeof(vq_callback_t *), GFP_KERNEL);
937 names = kmalloc(num_vqs * sizeof(char *), GFP_KERNEL);
938
939 if (!callbacks || !vqs || !names) {
940 err = -ENOMEM;
941 goto out;
942 }
943
944 callbacks[0] = virtscsi_ctrl_done;
945 callbacks[1] = virtscsi_event_done;
946 names[0] = "control";
947 names[1] = "event";
948 for (i = VIRTIO_SCSI_VQ_BASE; i < num_vqs; i++) {
949 callbacks[i] = virtscsi_req_done;
950 names[i] = "request";
951 }
952
953 /* Discover virtqueues and write information to configuration. */
954 err = vdev->config->find_vqs(vdev, num_vqs, vqs, callbacks, names);
955 if (err)
956 goto out;
957
958 virtscsi_init_vq(&vscsi->ctrl_vq, vqs[0]);
959 virtscsi_init_vq(&vscsi->event_vq, vqs[1]);
960 for (i = VIRTIO_SCSI_VQ_BASE; i < num_vqs; i++)
961 virtscsi_init_vq(&vscsi->req_vqs[i - VIRTIO_SCSI_VQ_BASE],
962 vqs[i]);
963
964 virtscsi_set_affinity(vscsi, true);
965
966 virtscsi_config_set(vdev, cdb_size, VIRTIO_SCSI_CDB_SIZE);
967 virtscsi_config_set(vdev, sense_size, VIRTIO_SCSI_SENSE_SIZE);
968
969 err = 0;
970
971 out:
972 kfree(names);
973 kfree(callbacks);
974 kfree(vqs);
975 if (err)
976 virtscsi_remove_vqs(vdev);
977 return err;
978 }
979
980 static int virtscsi_probe(struct virtio_device *vdev)
981 {
982 struct Scsi_Host *shost;
983 struct virtio_scsi *vscsi;
984 int err;
985 u32 sg_elems, num_targets;
986 u32 cmd_per_lun;
987 u32 num_queues;
988 struct scsi_host_template *hostt;
989
990 if (!vdev->config->get) {
991 dev_err(&vdev->dev, "%s failure: config access disabled\n",
992 __func__);
993 return -EINVAL;
994 }
995
996 /* We need to know how many queues before we allocate. */
997 num_queues = virtscsi_config_get(vdev, num_queues) ? : 1;
998
999 num_targets = virtscsi_config_get(vdev, max_target) + 1;
1000
1001 if (num_queues == 1)
1002 hostt = &virtscsi_host_template_single;
1003 else
1004 hostt = &virtscsi_host_template_multi;
1005
1006 shost = scsi_host_alloc(hostt,
1007 sizeof(*vscsi) + sizeof(vscsi->req_vqs[0]) * num_queues);
1008 if (!shost)
1009 return -ENOMEM;
1010
1011 sg_elems = virtscsi_config_get(vdev, seg_max) ?: 1;
1012 shost->sg_tablesize = sg_elems;
1013 vscsi = shost_priv(shost);
1014 vscsi->vdev = vdev;
1015 vscsi->num_queues = num_queues;
1016 vdev->priv = shost;
1017
1018 err = virtscsi_init(vdev, vscsi);
1019 if (err)
1020 goto virtscsi_init_failed;
1021
1022 vscsi->nb.notifier_call = &virtscsi_cpu_callback;
1023 err = register_hotcpu_notifier(&vscsi->nb);
1024 if (err) {
1025 pr_err("registering cpu notifier failed\n");
1026 goto scsi_add_host_failed;
1027 }
1028
1029 cmd_per_lun = virtscsi_config_get(vdev, cmd_per_lun) ?: 1;
1030 shost->cmd_per_lun = min_t(u32, cmd_per_lun, shost->can_queue);
1031 shost->max_sectors = virtscsi_config_get(vdev, max_sectors) ?: 0xFFFF;
1032
1033 /* LUNs > 256 are reported with format 1, so they go in the range
1034 * 16640-32767.
1035 */
1036 shost->max_lun = virtscsi_config_get(vdev, max_lun) + 1 + 0x4000;
1037 shost->max_id = num_targets;
1038 shost->max_channel = 0;
1039 shost->max_cmd_len = VIRTIO_SCSI_CDB_SIZE;
1040 shost->nr_hw_queues = num_queues;
1041
1042 #ifdef CONFIG_BLK_DEV_INTEGRITY
1043 if (virtio_has_feature(vdev, VIRTIO_SCSI_F_T10_PI)) {
1044 int host_prot;
1045
1046 host_prot = SHOST_DIF_TYPE1_PROTECTION | SHOST_DIF_TYPE2_PROTECTION |
1047 SHOST_DIF_TYPE3_PROTECTION | SHOST_DIX_TYPE1_PROTECTION |
1048 SHOST_DIX_TYPE2_PROTECTION | SHOST_DIX_TYPE3_PROTECTION;
1049
1050 scsi_host_set_prot(shost, host_prot);
1051 scsi_host_set_guard(shost, SHOST_DIX_GUARD_CRC);
1052 }
1053 #endif
1054
1055 err = scsi_add_host(shost, &vdev->dev);
1056 if (err)
1057 goto scsi_add_host_failed;
1058
1059 virtio_device_ready(vdev);
1060
1061 if (virtio_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG))
1062 virtscsi_kick_event_all(vscsi);
1063
1064 scsi_scan_host(shost);
1065 return 0;
1066
1067 scsi_add_host_failed:
1068 vdev->config->del_vqs(vdev);
1069 virtscsi_init_failed:
1070 scsi_host_put(shost);
1071 return err;
1072 }
1073
1074 static void virtscsi_remove(struct virtio_device *vdev)
1075 {
1076 struct Scsi_Host *shost = virtio_scsi_host(vdev);
1077 struct virtio_scsi *vscsi = shost_priv(shost);
1078
1079 if (virtio_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG))
1080 virtscsi_cancel_event_work(vscsi);
1081
1082 scsi_remove_host(shost);
1083
1084 unregister_hotcpu_notifier(&vscsi->nb);
1085
1086 virtscsi_remove_vqs(vdev);
1087 scsi_host_put(shost);
1088 }
1089
1090 #ifdef CONFIG_PM_SLEEP
1091 static int virtscsi_freeze(struct virtio_device *vdev)
1092 {
1093 struct Scsi_Host *sh = virtio_scsi_host(vdev);
1094 struct virtio_scsi *vscsi = shost_priv(sh);
1095
1096 unregister_hotcpu_notifier(&vscsi->nb);
1097 virtscsi_remove_vqs(vdev);
1098 return 0;
1099 }
1100
1101 static int virtscsi_restore(struct virtio_device *vdev)
1102 {
1103 struct Scsi_Host *sh = virtio_scsi_host(vdev);
1104 struct virtio_scsi *vscsi = shost_priv(sh);
1105 int err;
1106
1107 err = virtscsi_init(vdev, vscsi);
1108 if (err)
1109 return err;
1110
1111 err = register_hotcpu_notifier(&vscsi->nb);
1112 if (err) {
1113 vdev->config->del_vqs(vdev);
1114 return err;
1115 }
1116
1117 virtio_device_ready(vdev);
1118
1119 if (virtio_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG))
1120 virtscsi_kick_event_all(vscsi);
1121
1122 return err;
1123 }
1124 #endif
1125
1126 static struct virtio_device_id id_table[] = {
1127 { VIRTIO_ID_SCSI, VIRTIO_DEV_ANY_ID },
1128 { 0 },
1129 };
1130
1131 static unsigned int features[] = {
1132 VIRTIO_SCSI_F_HOTPLUG,
1133 VIRTIO_SCSI_F_CHANGE,
1134 #ifdef CONFIG_BLK_DEV_INTEGRITY
1135 VIRTIO_SCSI_F_T10_PI,
1136 #endif
1137 };
1138
1139 static struct virtio_driver virtio_scsi_driver = {
1140 .feature_table = features,
1141 .feature_table_size = ARRAY_SIZE(features),
1142 .driver.name = KBUILD_MODNAME,
1143 .driver.owner = THIS_MODULE,
1144 .id_table = id_table,
1145 .probe = virtscsi_probe,
1146 #ifdef CONFIG_PM_SLEEP
1147 .freeze = virtscsi_freeze,
1148 .restore = virtscsi_restore,
1149 #endif
1150 .remove = virtscsi_remove,
1151 };
1152
1153 static int __init init(void)
1154 {
1155 int ret = -ENOMEM;
1156
1157 virtscsi_cmd_cache = KMEM_CACHE(virtio_scsi_cmd, 0);
1158 if (!virtscsi_cmd_cache) {
1159 pr_err("kmem_cache_create() for virtscsi_cmd_cache failed\n");
1160 goto error;
1161 }
1162
1163
1164 virtscsi_cmd_pool =
1165 mempool_create_slab_pool(VIRTIO_SCSI_MEMPOOL_SZ,
1166 virtscsi_cmd_cache);
1167 if (!virtscsi_cmd_pool) {
1168 pr_err("mempool_create() for virtscsi_cmd_pool failed\n");
1169 goto error;
1170 }
1171 ret = register_virtio_driver(&virtio_scsi_driver);
1172 if (ret < 0)
1173 goto error;
1174
1175 return 0;
1176
1177 error:
1178 if (virtscsi_cmd_pool) {
1179 mempool_destroy(virtscsi_cmd_pool);
1180 virtscsi_cmd_pool = NULL;
1181 }
1182 if (virtscsi_cmd_cache) {
1183 kmem_cache_destroy(virtscsi_cmd_cache);
1184 virtscsi_cmd_cache = NULL;
1185 }
1186 return ret;
1187 }
1188
1189 static void __exit fini(void)
1190 {
1191 unregister_virtio_driver(&virtio_scsi_driver);
1192 mempool_destroy(virtscsi_cmd_pool);
1193 kmem_cache_destroy(virtscsi_cmd_cache);
1194 }
1195 module_init(init);
1196 module_exit(fini);
1197
1198 MODULE_DEVICE_TABLE(virtio, id_table);
1199 MODULE_DESCRIPTION("Virtio SCSI HBA driver");
1200 MODULE_LICENSE("GPL");
Linux with added FPC-III support