lkdtm: Add Control Flow Integrity test
[linux/fpc-iii.git] / drivers / scsi / xen-scsifront.c
blobf0068e96a177fc0b48390d826638181983fdb248
1 /*
2 * Xen SCSI frontend driver
4 * Copyright (c) 2008, FUJITSU Limited
6 * This program is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU General Public License version 2
8 * as published by the Free Software Foundation; or, when distributed
9 * separately from the Linux kernel or incorporated into other
10 * software packages, subject to the following license:
12 * Permission is hereby granted, free of charge, to any person obtaining a copy
13 * of this source file (the "Software"), to deal in the Software without
14 * restriction, including without limitation the rights to use, copy, modify,
15 * merge, publish, distribute, sublicense, and/or sell copies of the Software,
16 * and to permit persons to whom the Software is furnished to do so, subject to
17 * the following conditions:
19 * The above copyright notice and this permission notice shall be included in
20 * all copies or substantial portions of the Software.
22 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
27 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
28 * IN THE SOFTWARE.
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/device.h>
34 #include <linux/wait.h>
35 #include <linux/interrupt.h>
36 #include <linux/mutex.h>
37 #include <linux/spinlock.h>
38 #include <linux/sched.h>
39 #include <linux/blkdev.h>
40 #include <linux/pfn.h>
41 #include <linux/slab.h>
42 #include <linux/bitops.h>
44 #include <scsi/scsi_cmnd.h>
45 #include <scsi/scsi_device.h>
46 #include <scsi/scsi.h>
47 #include <scsi/scsi_host.h>
49 #include <xen/xen.h>
50 #include <xen/xenbus.h>
51 #include <xen/grant_table.h>
52 #include <xen/events.h>
53 #include <xen/page.h>
55 #include <xen/interface/grant_table.h>
56 #include <xen/interface/io/vscsiif.h>
57 #include <xen/interface/io/protocols.h>
59 #include <asm/xen/hypervisor.h>
62 #define GRANT_INVALID_REF 0
64 #define VSCSIFRONT_OP_ADD_LUN 1
65 #define VSCSIFRONT_OP_DEL_LUN 2
66 #define VSCSIFRONT_OP_READD_LUN 3
68 /* Tuning point. */
69 #define VSCSIIF_DEFAULT_CMD_PER_LUN 10
70 #define VSCSIIF_MAX_TARGET 64
71 #define VSCSIIF_MAX_LUN 255
73 #define VSCSIIF_RING_SIZE __CONST_RING_SIZE(vscsiif, PAGE_SIZE)
74 #define VSCSIIF_MAX_REQS VSCSIIF_RING_SIZE
76 #define vscsiif_grants_sg(_sg) (PFN_UP((_sg) * \
77 sizeof(struct scsiif_request_segment)))
79 struct vscsifrnt_shadow {
80 /* command between backend and frontend */
81 unsigned char act;
82 uint8_t nr_segments;
83 uint16_t rqid;
84 uint16_t ref_rqid;
86 unsigned int nr_grants; /* number of grants in gref[] */
87 struct scsiif_request_segment *sg; /* scatter/gather elements */
88 struct scsiif_request_segment seg[VSCSIIF_SG_TABLESIZE];
90 /* Do reset or abort function. */
91 wait_queue_head_t wq_reset; /* reset work queue */
92 int wait_reset; /* reset work queue condition */
93 int32_t rslt_reset; /* reset response status: */
94 /* SUCCESS or FAILED or: */
95 #define RSLT_RESET_WAITING 0
96 #define RSLT_RESET_ERR -1
98 /* Requested struct scsi_cmnd is stored from kernel. */
99 struct scsi_cmnd *sc;
100 int gref[vscsiif_grants_sg(SG_ALL) + SG_ALL];
103 struct vscsifrnt_info {
104 struct xenbus_device *dev;
106 struct Scsi_Host *host;
107 int host_active;
109 unsigned int evtchn;
110 unsigned int irq;
112 grant_ref_t ring_ref;
113 struct vscsiif_front_ring ring;
114 struct vscsiif_response ring_rsp;
116 spinlock_t shadow_lock;
117 DECLARE_BITMAP(shadow_free_bitmap, VSCSIIF_MAX_REQS);
118 struct vscsifrnt_shadow *shadow[VSCSIIF_MAX_REQS];
120 /* Following items are protected by the host lock. */
121 wait_queue_head_t wq_sync;
122 wait_queue_head_t wq_pause;
123 unsigned int wait_ring_available:1;
124 unsigned int waiting_pause:1;
125 unsigned int pause:1;
126 unsigned callers;
128 char dev_state_path[64];
129 struct task_struct *curr;
132 static DEFINE_MUTEX(scsifront_mutex);
134 static void scsifront_wake_up(struct vscsifrnt_info *info)
136 info->wait_ring_available = 0;
137 wake_up(&info->wq_sync);
140 static int scsifront_get_rqid(struct vscsifrnt_info *info)
142 unsigned long flags;
143 int free;
145 spin_lock_irqsave(&info->shadow_lock, flags);
147 free = find_first_bit(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
148 __clear_bit(free, info->shadow_free_bitmap);
150 spin_unlock_irqrestore(&info->shadow_lock, flags);
152 return free;
155 static int _scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
157 int empty = bitmap_empty(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
159 __set_bit(id, info->shadow_free_bitmap);
160 info->shadow[id] = NULL;
162 return empty || info->wait_ring_available;
165 static void scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
167 unsigned long flags;
168 int kick;
170 spin_lock_irqsave(&info->shadow_lock, flags);
171 kick = _scsifront_put_rqid(info, id);
172 spin_unlock_irqrestore(&info->shadow_lock, flags);
174 if (kick)
175 scsifront_wake_up(info);
178 static int scsifront_do_request(struct vscsifrnt_info *info,
179 struct vscsifrnt_shadow *shadow)
181 struct vscsiif_front_ring *ring = &(info->ring);
182 struct vscsiif_request *ring_req;
183 struct scsi_cmnd *sc = shadow->sc;
184 uint32_t id;
185 int i, notify;
187 if (RING_FULL(&info->ring))
188 return -EBUSY;
190 id = scsifront_get_rqid(info); /* use id in response */
191 if (id >= VSCSIIF_MAX_REQS)
192 return -EBUSY;
194 info->shadow[id] = shadow;
195 shadow->rqid = id;
197 ring_req = RING_GET_REQUEST(&(info->ring), ring->req_prod_pvt);
198 ring->req_prod_pvt++;
200 ring_req->rqid = id;
201 ring_req->act = shadow->act;
202 ring_req->ref_rqid = shadow->ref_rqid;
203 ring_req->nr_segments = shadow->nr_segments;
205 ring_req->id = sc->device->id;
206 ring_req->lun = sc->device->lun;
207 ring_req->channel = sc->device->channel;
208 ring_req->cmd_len = sc->cmd_len;
210 BUG_ON(sc->cmd_len > VSCSIIF_MAX_COMMAND_SIZE);
212 memcpy(ring_req->cmnd, sc->cmnd, sc->cmd_len);
214 ring_req->sc_data_direction = (uint8_t)sc->sc_data_direction;
215 ring_req->timeout_per_command = sc->request->timeout / HZ;
217 for (i = 0; i < (shadow->nr_segments & ~VSCSIIF_SG_GRANT); i++)
218 ring_req->seg[i] = shadow->seg[i];
220 RING_PUSH_REQUESTS_AND_CHECK_NOTIFY(ring, notify);
221 if (notify)
222 notify_remote_via_irq(info->irq);
224 return 0;
227 static void scsifront_gnttab_done(struct vscsifrnt_info *info,
228 struct vscsifrnt_shadow *shadow)
230 int i;
232 if (shadow->sc->sc_data_direction == DMA_NONE)
233 return;
235 for (i = 0; i < shadow->nr_grants; i++) {
236 if (unlikely(gnttab_query_foreign_access(shadow->gref[i]))) {
237 shost_printk(KERN_ALERT, info->host, KBUILD_MODNAME
238 "grant still in use by backend\n");
239 BUG();
241 gnttab_end_foreign_access(shadow->gref[i], 0, 0UL);
244 kfree(shadow->sg);
247 static void scsifront_cdb_cmd_done(struct vscsifrnt_info *info,
248 struct vscsiif_response *ring_rsp)
250 struct vscsifrnt_shadow *shadow;
251 struct scsi_cmnd *sc;
252 uint32_t id;
253 uint8_t sense_len;
255 id = ring_rsp->rqid;
256 shadow = info->shadow[id];
257 sc = shadow->sc;
259 BUG_ON(sc == NULL);
261 scsifront_gnttab_done(info, shadow);
262 scsifront_put_rqid(info, id);
264 sc->result = ring_rsp->rslt;
265 scsi_set_resid(sc, ring_rsp->residual_len);
267 sense_len = min_t(uint8_t, VSCSIIF_SENSE_BUFFERSIZE,
268 ring_rsp->sense_len);
270 if (sense_len)
271 memcpy(sc->sense_buffer, ring_rsp->sense_buffer, sense_len);
273 sc->scsi_done(sc);
276 static void scsifront_sync_cmd_done(struct vscsifrnt_info *info,
277 struct vscsiif_response *ring_rsp)
279 uint16_t id = ring_rsp->rqid;
280 unsigned long flags;
281 struct vscsifrnt_shadow *shadow = info->shadow[id];
282 int kick;
284 spin_lock_irqsave(&info->shadow_lock, flags);
285 shadow->wait_reset = 1;
286 switch (shadow->rslt_reset) {
287 case RSLT_RESET_WAITING:
288 shadow->rslt_reset = ring_rsp->rslt;
289 break;
290 case RSLT_RESET_ERR:
291 kick = _scsifront_put_rqid(info, id);
292 spin_unlock_irqrestore(&info->shadow_lock, flags);
293 kfree(shadow);
294 if (kick)
295 scsifront_wake_up(info);
296 return;
297 default:
298 shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
299 "bad reset state %d, possibly leaking %u\n",
300 shadow->rslt_reset, id);
301 break;
303 spin_unlock_irqrestore(&info->shadow_lock, flags);
305 wake_up(&shadow->wq_reset);
308 static void scsifront_do_response(struct vscsifrnt_info *info,
309 struct vscsiif_response *ring_rsp)
311 if (WARN(ring_rsp->rqid >= VSCSIIF_MAX_REQS ||
312 test_bit(ring_rsp->rqid, info->shadow_free_bitmap),
313 "illegal rqid %u returned by backend!\n", ring_rsp->rqid))
314 return;
316 if (info->shadow[ring_rsp->rqid]->act == VSCSIIF_ACT_SCSI_CDB)
317 scsifront_cdb_cmd_done(info, ring_rsp);
318 else
319 scsifront_sync_cmd_done(info, ring_rsp);
322 static int scsifront_ring_drain(struct vscsifrnt_info *info)
324 struct vscsiif_response *ring_rsp;
325 RING_IDX i, rp;
326 int more_to_do = 0;
328 rp = info->ring.sring->rsp_prod;
329 rmb(); /* ordering required respective to dom0 */
330 for (i = info->ring.rsp_cons; i != rp; i++) {
331 ring_rsp = RING_GET_RESPONSE(&info->ring, i);
332 scsifront_do_response(info, ring_rsp);
335 info->ring.rsp_cons = i;
337 if (i != info->ring.req_prod_pvt)
338 RING_FINAL_CHECK_FOR_RESPONSES(&info->ring, more_to_do);
339 else
340 info->ring.sring->rsp_event = i + 1;
342 return more_to_do;
345 static int scsifront_cmd_done(struct vscsifrnt_info *info)
347 int more_to_do;
348 unsigned long flags;
350 spin_lock_irqsave(info->host->host_lock, flags);
352 more_to_do = scsifront_ring_drain(info);
354 info->wait_ring_available = 0;
356 spin_unlock_irqrestore(info->host->host_lock, flags);
358 wake_up(&info->wq_sync);
360 return more_to_do;
363 static irqreturn_t scsifront_irq_fn(int irq, void *dev_id)
365 struct vscsifrnt_info *info = dev_id;
367 while (scsifront_cmd_done(info))
368 /* Yield point for this unbounded loop. */
369 cond_resched();
371 return IRQ_HANDLED;
374 static void scsifront_finish_all(struct vscsifrnt_info *info)
376 unsigned i;
377 struct vscsiif_response resp;
379 scsifront_ring_drain(info);
381 for (i = 0; i < VSCSIIF_MAX_REQS; i++) {
382 if (test_bit(i, info->shadow_free_bitmap))
383 continue;
384 resp.rqid = i;
385 resp.sense_len = 0;
386 resp.rslt = DID_RESET << 16;
387 resp.residual_len = 0;
388 scsifront_do_response(info, &resp);
392 static int map_data_for_request(struct vscsifrnt_info *info,
393 struct scsi_cmnd *sc,
394 struct vscsifrnt_shadow *shadow)
396 grant_ref_t gref_head;
397 struct page *page;
398 int err, ref, ref_cnt = 0;
399 int grant_ro = (sc->sc_data_direction == DMA_TO_DEVICE);
400 unsigned int i, off, len, bytes;
401 unsigned int data_len = scsi_bufflen(sc);
402 unsigned int data_grants = 0, seg_grants = 0;
403 struct scatterlist *sg;
404 struct scsiif_request_segment *seg;
406 if (sc->sc_data_direction == DMA_NONE || !data_len)
407 return 0;
409 scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i)
410 data_grants += PFN_UP(sg->offset + sg->length);
412 if (data_grants > VSCSIIF_SG_TABLESIZE) {
413 if (data_grants > info->host->sg_tablesize) {
414 shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
415 "Unable to map request_buffer for command!\n");
416 return -E2BIG;
418 seg_grants = vscsiif_grants_sg(data_grants);
419 shadow->sg = kcalloc(data_grants,
420 sizeof(struct scsiif_request_segment), GFP_ATOMIC);
421 if (!shadow->sg)
422 return -ENOMEM;
424 seg = shadow->sg ? : shadow->seg;
426 err = gnttab_alloc_grant_references(seg_grants + data_grants,
427 &gref_head);
428 if (err) {
429 kfree(shadow->sg);
430 shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
431 "gnttab_alloc_grant_references() error\n");
432 return -ENOMEM;
435 if (seg_grants) {
436 page = virt_to_page(seg);
437 off = offset_in_page(seg);
438 len = sizeof(struct scsiif_request_segment) * data_grants;
439 while (len > 0) {
440 bytes = min_t(unsigned int, len, PAGE_SIZE - off);
442 ref = gnttab_claim_grant_reference(&gref_head);
443 BUG_ON(ref == -ENOSPC);
445 gnttab_grant_foreign_access_ref(ref,
446 info->dev->otherend_id,
447 xen_page_to_gfn(page), 1);
448 shadow->gref[ref_cnt] = ref;
449 shadow->seg[ref_cnt].gref = ref;
450 shadow->seg[ref_cnt].offset = (uint16_t)off;
451 shadow->seg[ref_cnt].length = (uint16_t)bytes;
453 page++;
454 len -= bytes;
455 off = 0;
456 ref_cnt++;
458 BUG_ON(seg_grants < ref_cnt);
459 seg_grants = ref_cnt;
462 scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i) {
463 page = sg_page(sg);
464 off = sg->offset;
465 len = sg->length;
467 while (len > 0 && data_len > 0) {
469 * sg sends a scatterlist that is larger than
470 * the data_len it wants transferred for certain
471 * IO sizes.
473 bytes = min_t(unsigned int, len, PAGE_SIZE - off);
474 bytes = min(bytes, data_len);
476 ref = gnttab_claim_grant_reference(&gref_head);
477 BUG_ON(ref == -ENOSPC);
479 gnttab_grant_foreign_access_ref(ref,
480 info->dev->otherend_id,
481 xen_page_to_gfn(page),
482 grant_ro);
484 shadow->gref[ref_cnt] = ref;
485 seg->gref = ref;
486 seg->offset = (uint16_t)off;
487 seg->length = (uint16_t)bytes;
489 page++;
490 seg++;
491 len -= bytes;
492 data_len -= bytes;
493 off = 0;
494 ref_cnt++;
498 if (seg_grants)
499 shadow->nr_segments = VSCSIIF_SG_GRANT | seg_grants;
500 else
501 shadow->nr_segments = (uint8_t)ref_cnt;
502 shadow->nr_grants = ref_cnt;
504 return 0;
507 static int scsifront_enter(struct vscsifrnt_info *info)
509 if (info->pause)
510 return 1;
511 info->callers++;
512 return 0;
515 static void scsifront_return(struct vscsifrnt_info *info)
517 info->callers--;
518 if (info->callers)
519 return;
521 if (!info->waiting_pause)
522 return;
524 info->waiting_pause = 0;
525 wake_up(&info->wq_pause);
528 static int scsifront_queuecommand(struct Scsi_Host *shost,
529 struct scsi_cmnd *sc)
531 struct vscsifrnt_info *info = shost_priv(shost);
532 struct vscsifrnt_shadow *shadow = scsi_cmd_priv(sc);
533 unsigned long flags;
534 int err;
536 sc->result = 0;
538 shadow->sc = sc;
539 shadow->act = VSCSIIF_ACT_SCSI_CDB;
541 spin_lock_irqsave(shost->host_lock, flags);
542 if (scsifront_enter(info)) {
543 spin_unlock_irqrestore(shost->host_lock, flags);
544 return SCSI_MLQUEUE_HOST_BUSY;
547 err = map_data_for_request(info, sc, shadow);
548 if (err < 0) {
549 pr_debug("%s: err %d\n", __func__, err);
550 scsifront_return(info);
551 spin_unlock_irqrestore(shost->host_lock, flags);
552 if (err == -ENOMEM)
553 return SCSI_MLQUEUE_HOST_BUSY;
554 sc->result = DID_ERROR << 16;
555 sc->scsi_done(sc);
556 return 0;
559 if (scsifront_do_request(info, shadow)) {
560 scsifront_gnttab_done(info, shadow);
561 goto busy;
564 scsifront_return(info);
565 spin_unlock_irqrestore(shost->host_lock, flags);
567 return 0;
569 busy:
570 scsifront_return(info);
571 spin_unlock_irqrestore(shost->host_lock, flags);
572 pr_debug("%s: busy\n", __func__);
573 return SCSI_MLQUEUE_HOST_BUSY;
577 * Any exception handling (reset or abort) must be forwarded to the backend.
578 * We have to wait until an answer is returned. This answer contains the
579 * result to be returned to the requestor.
581 static int scsifront_action_handler(struct scsi_cmnd *sc, uint8_t act)
583 struct Scsi_Host *host = sc->device->host;
584 struct vscsifrnt_info *info = shost_priv(host);
585 struct vscsifrnt_shadow *shadow, *s = scsi_cmd_priv(sc);
586 int err = 0;
588 shadow = kzalloc(sizeof(*shadow), GFP_NOIO);
589 if (!shadow)
590 return FAILED;
592 shadow->act = act;
593 shadow->rslt_reset = RSLT_RESET_WAITING;
594 shadow->sc = sc;
595 shadow->ref_rqid = s->rqid;
596 init_waitqueue_head(&shadow->wq_reset);
598 spin_lock_irq(host->host_lock);
600 for (;;) {
601 if (scsifront_enter(info))
602 goto fail;
604 if (!scsifront_do_request(info, shadow))
605 break;
607 scsifront_return(info);
608 if (err)
609 goto fail;
610 info->wait_ring_available = 1;
611 spin_unlock_irq(host->host_lock);
612 err = wait_event_interruptible(info->wq_sync,
613 !info->wait_ring_available);
614 spin_lock_irq(host->host_lock);
617 spin_unlock_irq(host->host_lock);
618 err = wait_event_interruptible(shadow->wq_reset, shadow->wait_reset);
619 spin_lock_irq(host->host_lock);
621 if (!err) {
622 err = shadow->rslt_reset;
623 scsifront_put_rqid(info, shadow->rqid);
624 kfree(shadow);
625 } else {
626 spin_lock(&info->shadow_lock);
627 shadow->rslt_reset = RSLT_RESET_ERR;
628 spin_unlock(&info->shadow_lock);
629 err = FAILED;
632 scsifront_return(info);
633 spin_unlock_irq(host->host_lock);
634 return err;
636 fail:
637 spin_unlock_irq(host->host_lock);
638 kfree(shadow);
639 return FAILED;
642 static int scsifront_eh_abort_handler(struct scsi_cmnd *sc)
644 pr_debug("%s\n", __func__);
645 return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_ABORT);
648 static int scsifront_dev_reset_handler(struct scsi_cmnd *sc)
650 pr_debug("%s\n", __func__);
651 return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_RESET);
654 static int scsifront_sdev_configure(struct scsi_device *sdev)
656 struct vscsifrnt_info *info = shost_priv(sdev->host);
657 int err;
659 if (info && current == info->curr) {
660 err = xenbus_printf(XBT_NIL, info->dev->nodename,
661 info->dev_state_path, "%d", XenbusStateConnected);
662 if (err) {
663 xenbus_dev_error(info->dev, err,
664 "%s: writing dev_state_path", __func__);
665 return err;
669 return 0;
672 static void scsifront_sdev_destroy(struct scsi_device *sdev)
674 struct vscsifrnt_info *info = shost_priv(sdev->host);
675 int err;
677 if (info && current == info->curr) {
678 err = xenbus_printf(XBT_NIL, info->dev->nodename,
679 info->dev_state_path, "%d", XenbusStateClosed);
680 if (err)
681 xenbus_dev_error(info->dev, err,
682 "%s: writing dev_state_path", __func__);
686 static struct scsi_host_template scsifront_sht = {
687 .module = THIS_MODULE,
688 .name = "Xen SCSI frontend driver",
689 .queuecommand = scsifront_queuecommand,
690 .eh_abort_handler = scsifront_eh_abort_handler,
691 .eh_device_reset_handler = scsifront_dev_reset_handler,
692 .slave_configure = scsifront_sdev_configure,
693 .slave_destroy = scsifront_sdev_destroy,
694 .cmd_per_lun = VSCSIIF_DEFAULT_CMD_PER_LUN,
695 .can_queue = VSCSIIF_MAX_REQS,
696 .this_id = -1,
697 .cmd_size = sizeof(struct vscsifrnt_shadow),
698 .sg_tablesize = VSCSIIF_SG_TABLESIZE,
699 .proc_name = "scsifront",
702 static int scsifront_alloc_ring(struct vscsifrnt_info *info)
704 struct xenbus_device *dev = info->dev;
705 struct vscsiif_sring *sring;
706 grant_ref_t gref;
707 int err = -ENOMEM;
709 /***** Frontend to Backend ring start *****/
710 sring = (struct vscsiif_sring *)__get_free_page(GFP_KERNEL);
711 if (!sring) {
712 xenbus_dev_fatal(dev, err,
713 "fail to allocate shared ring (Front to Back)");
714 return err;
716 SHARED_RING_INIT(sring);
717 FRONT_RING_INIT(&info->ring, sring, PAGE_SIZE);
719 err = xenbus_grant_ring(dev, sring, 1, &gref);
720 if (err < 0) {
721 free_page((unsigned long)sring);
722 xenbus_dev_fatal(dev, err,
723 "fail to grant shared ring (Front to Back)");
724 return err;
726 info->ring_ref = gref;
728 err = xenbus_alloc_evtchn(dev, &info->evtchn);
729 if (err) {
730 xenbus_dev_fatal(dev, err, "xenbus_alloc_evtchn");
731 goto free_gnttab;
734 err = bind_evtchn_to_irq(info->evtchn);
735 if (err <= 0) {
736 xenbus_dev_fatal(dev, err, "bind_evtchn_to_irq");
737 goto free_gnttab;
740 info->irq = err;
742 err = request_threaded_irq(info->irq, NULL, scsifront_irq_fn,
743 IRQF_ONESHOT, "scsifront", info);
744 if (err) {
745 xenbus_dev_fatal(dev, err, "request_threaded_irq");
746 goto free_irq;
749 return 0;
751 /* free resource */
752 free_irq:
753 unbind_from_irqhandler(info->irq, info);
754 free_gnttab:
755 gnttab_end_foreign_access(info->ring_ref, 0,
756 (unsigned long)info->ring.sring);
758 return err;
761 static void scsifront_free_ring(struct vscsifrnt_info *info)
763 unbind_from_irqhandler(info->irq, info);
764 gnttab_end_foreign_access(info->ring_ref, 0,
765 (unsigned long)info->ring.sring);
768 static int scsifront_init_ring(struct vscsifrnt_info *info)
770 struct xenbus_device *dev = info->dev;
771 struct xenbus_transaction xbt;
772 int err;
774 pr_debug("%s\n", __func__);
776 err = scsifront_alloc_ring(info);
777 if (err)
778 return err;
779 pr_debug("%s: %u %u\n", __func__, info->ring_ref, info->evtchn);
781 again:
782 err = xenbus_transaction_start(&xbt);
783 if (err)
784 xenbus_dev_fatal(dev, err, "starting transaction");
786 err = xenbus_printf(xbt, dev->nodename, "ring-ref", "%u",
787 info->ring_ref);
788 if (err) {
789 xenbus_dev_fatal(dev, err, "%s", "writing ring-ref");
790 goto fail;
793 err = xenbus_printf(xbt, dev->nodename, "event-channel", "%u",
794 info->evtchn);
796 if (err) {
797 xenbus_dev_fatal(dev, err, "%s", "writing event-channel");
798 goto fail;
801 err = xenbus_transaction_end(xbt, 0);
802 if (err) {
803 if (err == -EAGAIN)
804 goto again;
805 xenbus_dev_fatal(dev, err, "completing transaction");
806 goto free_sring;
809 return 0;
811 fail:
812 xenbus_transaction_end(xbt, 1);
813 free_sring:
814 scsifront_free_ring(info);
816 return err;
820 static int scsifront_probe(struct xenbus_device *dev,
821 const struct xenbus_device_id *id)
823 struct vscsifrnt_info *info;
824 struct Scsi_Host *host;
825 int err = -ENOMEM;
826 char name[TASK_COMM_LEN];
828 host = scsi_host_alloc(&scsifront_sht, sizeof(*info));
829 if (!host) {
830 xenbus_dev_fatal(dev, err, "fail to allocate scsi host");
831 return err;
833 info = (struct vscsifrnt_info *)host->hostdata;
835 dev_set_drvdata(&dev->dev, info);
836 info->dev = dev;
838 bitmap_fill(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
840 err = scsifront_init_ring(info);
841 if (err) {
842 scsi_host_put(host);
843 return err;
846 init_waitqueue_head(&info->wq_sync);
847 init_waitqueue_head(&info->wq_pause);
848 spin_lock_init(&info->shadow_lock);
850 snprintf(name, TASK_COMM_LEN, "vscsiif.%d", host->host_no);
852 host->max_id = VSCSIIF_MAX_TARGET;
853 host->max_channel = 0;
854 host->max_lun = VSCSIIF_MAX_LUN;
855 host->max_sectors = (host->sg_tablesize - 1) * PAGE_SIZE / 512;
856 host->max_cmd_len = VSCSIIF_MAX_COMMAND_SIZE;
858 err = scsi_add_host(host, &dev->dev);
859 if (err) {
860 dev_err(&dev->dev, "fail to add scsi host %d\n", err);
861 goto free_sring;
863 info->host = host;
864 info->host_active = 1;
866 xenbus_switch_state(dev, XenbusStateInitialised);
868 return 0;
870 free_sring:
871 scsifront_free_ring(info);
872 scsi_host_put(host);
873 return err;
876 static int scsifront_resume(struct xenbus_device *dev)
878 struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
879 struct Scsi_Host *host = info->host;
880 int err;
882 spin_lock_irq(host->host_lock);
884 /* Finish all still pending commands. */
885 scsifront_finish_all(info);
887 spin_unlock_irq(host->host_lock);
889 /* Reconnect to dom0. */
890 scsifront_free_ring(info);
891 err = scsifront_init_ring(info);
892 if (err) {
893 dev_err(&dev->dev, "fail to resume %d\n", err);
894 scsi_host_put(host);
895 return err;
898 xenbus_switch_state(dev, XenbusStateInitialised);
900 return 0;
903 static int scsifront_suspend(struct xenbus_device *dev)
905 struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
906 struct Scsi_Host *host = info->host;
907 int err = 0;
909 /* No new commands for the backend. */
910 spin_lock_irq(host->host_lock);
911 info->pause = 1;
912 while (info->callers && !err) {
913 info->waiting_pause = 1;
914 info->wait_ring_available = 0;
915 spin_unlock_irq(host->host_lock);
916 wake_up(&info->wq_sync);
917 err = wait_event_interruptible(info->wq_pause,
918 !info->waiting_pause);
919 spin_lock_irq(host->host_lock);
921 spin_unlock_irq(host->host_lock);
922 return err;
925 static int scsifront_remove(struct xenbus_device *dev)
927 struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
929 pr_debug("%s: %s removed\n", __func__, dev->nodename);
931 mutex_lock(&scsifront_mutex);
932 if (info->host_active) {
933 /* Scsi_host not yet removed */
934 scsi_remove_host(info->host);
935 info->host_active = 0;
937 mutex_unlock(&scsifront_mutex);
939 scsifront_free_ring(info);
940 scsi_host_put(info->host);
942 return 0;
945 static void scsifront_disconnect(struct vscsifrnt_info *info)
947 struct xenbus_device *dev = info->dev;
948 struct Scsi_Host *host = info->host;
950 pr_debug("%s: %s disconnect\n", __func__, dev->nodename);
953 * When this function is executed, all devices of
954 * Frontend have been deleted.
955 * Therefore, it need not block I/O before remove_host.
958 mutex_lock(&scsifront_mutex);
959 if (info->host_active) {
960 scsi_remove_host(host);
961 info->host_active = 0;
963 mutex_unlock(&scsifront_mutex);
965 xenbus_frontend_closed(dev);
968 static void scsifront_do_lun_hotplug(struct vscsifrnt_info *info, int op)
970 struct xenbus_device *dev = info->dev;
971 int i, err = 0;
972 char str[64];
973 char **dir;
974 unsigned int dir_n = 0;
975 unsigned int device_state;
976 unsigned int hst, chn, tgt, lun;
977 struct scsi_device *sdev;
979 dir = xenbus_directory(XBT_NIL, dev->otherend, "vscsi-devs", &dir_n);
980 if (IS_ERR(dir))
981 return;
983 /* mark current task as the one allowed to modify device states */
984 BUG_ON(info->curr);
985 info->curr = current;
987 for (i = 0; i < dir_n; i++) {
988 /* read status */
989 snprintf(str, sizeof(str), "vscsi-devs/%s/state", dir[i]);
990 err = xenbus_scanf(XBT_NIL, dev->otherend, str, "%u",
991 &device_state);
992 if (XENBUS_EXIST_ERR(err))
993 continue;
995 /* virtual SCSI device */
996 snprintf(str, sizeof(str), "vscsi-devs/%s/v-dev", dir[i]);
997 err = xenbus_scanf(XBT_NIL, dev->otherend, str,
998 "%u:%u:%u:%u", &hst, &chn, &tgt, &lun);
999 if (XENBUS_EXIST_ERR(err))
1000 continue;
1003 * Front device state path, used in slave_configure called
1004 * on successfull scsi_add_device, and in slave_destroy called
1005 * on remove of a device.
1007 snprintf(info->dev_state_path, sizeof(info->dev_state_path),
1008 "vscsi-devs/%s/state", dir[i]);
1010 switch (op) {
1011 case VSCSIFRONT_OP_ADD_LUN:
1012 if (device_state != XenbusStateInitialised)
1013 break;
1015 if (scsi_add_device(info->host, chn, tgt, lun)) {
1016 dev_err(&dev->dev, "scsi_add_device\n");
1017 err = xenbus_printf(XBT_NIL, dev->nodename,
1018 info->dev_state_path,
1019 "%d", XenbusStateClosed);
1020 if (err)
1021 xenbus_dev_error(dev, err,
1022 "%s: writing dev_state_path", __func__);
1024 break;
1025 case VSCSIFRONT_OP_DEL_LUN:
1026 if (device_state != XenbusStateClosing)
1027 break;
1029 sdev = scsi_device_lookup(info->host, chn, tgt, lun);
1030 if (sdev) {
1031 scsi_remove_device(sdev);
1032 scsi_device_put(sdev);
1034 break;
1035 case VSCSIFRONT_OP_READD_LUN:
1036 if (device_state == XenbusStateConnected) {
1037 err = xenbus_printf(XBT_NIL, dev->nodename,
1038 info->dev_state_path,
1039 "%d", XenbusStateConnected);
1040 if (err)
1041 xenbus_dev_error(dev, err,
1042 "%s: writing dev_state_path", __func__);
1044 break;
1045 default:
1046 break;
1050 info->curr = NULL;
1052 kfree(dir);
1055 static void scsifront_read_backend_params(struct xenbus_device *dev,
1056 struct vscsifrnt_info *info)
1058 unsigned int sg_grant, nr_segs;
1059 struct Scsi_Host *host = info->host;
1061 sg_grant = xenbus_read_unsigned(dev->otherend, "feature-sg-grant", 0);
1062 nr_segs = min_t(unsigned int, sg_grant, SG_ALL);
1063 nr_segs = max_t(unsigned int, nr_segs, VSCSIIF_SG_TABLESIZE);
1064 nr_segs = min_t(unsigned int, nr_segs,
1065 VSCSIIF_SG_TABLESIZE * PAGE_SIZE /
1066 sizeof(struct scsiif_request_segment));
1068 if (!info->pause && sg_grant)
1069 dev_info(&dev->dev, "using up to %d SG entries\n", nr_segs);
1070 else if (info->pause && nr_segs < host->sg_tablesize)
1071 dev_warn(&dev->dev,
1072 "SG entries decreased from %d to %u - device may not work properly anymore\n",
1073 host->sg_tablesize, nr_segs);
1075 host->sg_tablesize = nr_segs;
1076 host->max_sectors = (nr_segs - 1) * PAGE_SIZE / 512;
1079 static void scsifront_backend_changed(struct xenbus_device *dev,
1080 enum xenbus_state backend_state)
1082 struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
1084 pr_debug("%s: %p %u %u\n", __func__, dev, dev->state, backend_state);
1086 switch (backend_state) {
1087 case XenbusStateUnknown:
1088 case XenbusStateInitialising:
1089 case XenbusStateInitWait:
1090 case XenbusStateInitialised:
1091 break;
1093 case XenbusStateConnected:
1094 scsifront_read_backend_params(dev, info);
1096 if (info->pause) {
1097 scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_READD_LUN);
1098 xenbus_switch_state(dev, XenbusStateConnected);
1099 info->pause = 0;
1100 return;
1103 if (xenbus_read_driver_state(dev->nodename) ==
1104 XenbusStateInitialised)
1105 scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1107 if (dev->state != XenbusStateConnected)
1108 xenbus_switch_state(dev, XenbusStateConnected);
1109 break;
1111 case XenbusStateClosed:
1112 if (dev->state == XenbusStateClosed)
1113 break;
1114 /* fall through - Missed the backend's Closing state */
1115 case XenbusStateClosing:
1116 scsifront_disconnect(info);
1117 break;
1119 case XenbusStateReconfiguring:
1120 scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_DEL_LUN);
1121 xenbus_switch_state(dev, XenbusStateReconfiguring);
1122 break;
1124 case XenbusStateReconfigured:
1125 scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1126 xenbus_switch_state(dev, XenbusStateConnected);
1127 break;
1131 static const struct xenbus_device_id scsifront_ids[] = {
1132 { "vscsi" },
1133 { "" }
1136 static struct xenbus_driver scsifront_driver = {
1137 .ids = scsifront_ids,
1138 .probe = scsifront_probe,
1139 .remove = scsifront_remove,
1140 .resume = scsifront_resume,
1141 .suspend = scsifront_suspend,
1142 .otherend_changed = scsifront_backend_changed,
1145 static int __init scsifront_init(void)
1147 if (!xen_domain())
1148 return -ENODEV;
1150 return xenbus_register_frontend(&scsifront_driver);
1152 module_init(scsifront_init);
1154 static void __exit scsifront_exit(void)
1156 xenbus_unregister_driver(&scsifront_driver);
1158 module_exit(scsifront_exit);
1160 MODULE_DESCRIPTION("Xen SCSI frontend driver");
1161 MODULE_LICENSE("GPL");
1162 MODULE_ALIAS("xen:vscsi");
1163 MODULE_AUTHOR("Juergen Gross <jgross@suse.com>");