xref: /linux/drivers/block/xen-blkfront.c (revision a83c29e1d145cca5240952100acd1cd60f25fb5f)
1 /*
2  * blkfront.c
3  *
4  * XenLinux virtual block device driver.
5  *
6  * Copyright (c) 2003-2004, Keir Fraser & Steve Hand
7  * Modifications by Mark A. Williamson are (c) Intel Research Cambridge
8  * Copyright (c) 2004, Christian Limpach
9  * Copyright (c) 2004, Andrew Warfield
10  * Copyright (c) 2005, Christopher Clark
11  * Copyright (c) 2005, XenSource Ltd
12  *
13  * This program is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU General Public License version 2
15  * as published by the Free Software Foundation; or, when distributed
16  * separately from the Linux kernel or incorporated into other
17  * software packages, subject to the following license:
18  *
19  * Permission is hereby granted, free of charge, to any person obtaining a copy
20  * of this source file (the "Software"), to deal in the Software without
21  * restriction, including without limitation the rights to use, copy, modify,
22  * merge, publish, distribute, sublicense, and/or sell copies of the Software,
23  * and to permit persons to whom the Software is furnished to do so, subject to
24  * the following conditions:
25  *
26  * The above copyright notice and this permission notice shall be included in
27  * all copies or substantial portions of the Software.
28  *
29  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
30  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
31  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
32  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
33  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
34  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
35  * IN THE SOFTWARE.
36  */
37 
38 #include <linux/interrupt.h>
39 #include <linux/blkdev.h>
40 #include <linux/blk-mq.h>
41 #include <linux/hdreg.h>
42 #include <linux/cdrom.h>
43 #include <linux/module.h>
44 #include <linux/slab.h>
45 #include <linux/major.h>
46 #include <linux/mutex.h>
47 #include <linux/scatterlist.h>
48 #include <linux/bitmap.h>
49 #include <linux/list.h>
50 #include <linux/workqueue.h>
51 #include <linux/sched/mm.h>
52 
53 #include <xen/xen.h>
54 #include <xen/xenbus.h>
55 #include <xen/grant_table.h>
56 #include <xen/events.h>
57 #include <xen/page.h>
58 #include <xen/platform_pci.h>
59 
60 #include <xen/interface/grant_table.h>
61 #include <xen/interface/io/blkif.h>
62 #include <xen/interface/io/protocols.h>
63 
64 #include <asm/xen/hypervisor.h>
65 
66 /*
67  * The minimal size of segment supported by the block framework is PAGE_SIZE.
68  * When Linux is using a different page size than Xen, it may not be possible
69  * to put all the data in a single segment.
70  * This can happen when the backend doesn't support indirect descriptor and
71  * therefore the maximum amount of data that a request can carry is
72  * BLKIF_MAX_SEGMENTS_PER_REQUEST * XEN_PAGE_SIZE = 44KB
73  *
74  * Note that we only support one extra request. So the Linux page size
75  * should be <= ( 2 * BLKIF_MAX_SEGMENTS_PER_REQUEST * XEN_PAGE_SIZE) =
76  * 88KB.
77  */
78 #define HAS_EXTRA_REQ (BLKIF_MAX_SEGMENTS_PER_REQUEST < XEN_PFN_PER_PAGE)
79 
80 enum blkif_state {
81 	BLKIF_STATE_DISCONNECTED,
82 	BLKIF_STATE_CONNECTED,
83 	BLKIF_STATE_SUSPENDED,
84 	BLKIF_STATE_ERROR,
85 };
86 
87 struct grant {
88 	grant_ref_t gref;
89 	struct page *page;
90 	struct list_head node;
91 };
92 
93 enum blk_req_status {
94 	REQ_PROCESSING,
95 	REQ_WAITING,
96 	REQ_DONE,
97 	REQ_ERROR,
98 	REQ_EOPNOTSUPP,
99 };
100 
101 struct blk_shadow {
102 	struct blkif_request req;
103 	struct request *request;
104 	struct grant **grants_used;
105 	struct grant **indirect_grants;
106 	struct scatterlist *sg;
107 	unsigned int num_sg;
108 	enum blk_req_status status;
109 
110 	#define NO_ASSOCIATED_ID ~0UL
111 	/*
112 	 * Id of the sibling if we ever need 2 requests when handling a
113 	 * block I/O request
114 	 */
115 	unsigned long associated_id;
116 };
117 
118 struct blkif_req {
119 	blk_status_t	error;
120 };
121 
122 static inline struct blkif_req *blkif_req(struct request *rq)
123 {
124 	return blk_mq_rq_to_pdu(rq);
125 }
126 
127 static DEFINE_MUTEX(blkfront_mutex);
128 static const struct block_device_operations xlvbd_block_fops;
129 static struct delayed_work blkfront_work;
130 static LIST_HEAD(info_list);
131 
132 /*
133  * Maximum number of segments in indirect requests, the actual value used by
134  * the frontend driver is the minimum of this value and the value provided
135  * by the backend driver.
136  */
137 
138 static unsigned int xen_blkif_max_segments = 32;
139 module_param_named(max_indirect_segments, xen_blkif_max_segments, uint, 0444);
140 MODULE_PARM_DESC(max_indirect_segments,
141 		 "Maximum amount of segments in indirect requests (default is 32)");
142 
143 static unsigned int xen_blkif_max_queues = 4;
144 module_param_named(max_queues, xen_blkif_max_queues, uint, 0444);
145 MODULE_PARM_DESC(max_queues, "Maximum number of hardware queues/rings used per virtual disk");
146 
147 /*
148  * Maximum order of pages to be used for the shared ring between front and
149  * backend, 4KB page granularity is used.
150  */
151 static unsigned int xen_blkif_max_ring_order;
152 module_param_named(max_ring_page_order, xen_blkif_max_ring_order, int, 0444);
153 MODULE_PARM_DESC(max_ring_page_order, "Maximum order of pages to be used for the shared ring");
154 
155 static bool __read_mostly xen_blkif_trusted = true;
156 module_param_named(trusted, xen_blkif_trusted, bool, 0644);
157 MODULE_PARM_DESC(trusted, "Is the backend trusted");
158 
159 #define BLK_RING_SIZE(info)	\
160 	__CONST_RING_SIZE(blkif, XEN_PAGE_SIZE * (info)->nr_ring_pages)
161 
162 /*
163  * ring-ref%u i=(-1UL) would take 11 characters + 'ring-ref' is 8, so 19
164  * characters are enough. Define to 20 to keep consistent with backend.
165  */
166 #define RINGREF_NAME_LEN (20)
167 /*
168  * queue-%u would take 7 + 10(UINT_MAX) = 17 characters.
169  */
170 #define QUEUE_NAME_LEN (17)
171 
172 /*
173  *  Per-ring info.
174  *  Every blkfront device can associate with one or more blkfront_ring_info,
175  *  depending on how many hardware queues/rings to be used.
176  */
177 struct blkfront_ring_info {
178 	/* Lock to protect data in every ring buffer. */
179 	spinlock_t ring_lock;
180 	struct blkif_front_ring ring;
181 	unsigned int ring_ref[XENBUS_MAX_RING_GRANTS];
182 	unsigned int evtchn, irq;
183 	struct work_struct work;
184 	struct gnttab_free_callback callback;
185 	struct list_head indirect_pages;
186 	struct list_head grants;
187 	unsigned int persistent_gnts_c;
188 	unsigned long shadow_free;
189 	struct blkfront_info *dev_info;
190 	struct blk_shadow shadow[];
191 };
192 
193 /*
194  * We have one of these per vbd, whether ide, scsi or 'other'.  They
195  * hang in private_data off the gendisk structure. We may end up
196  * putting all kinds of interesting stuff here :-)
197  */
198 struct blkfront_info
199 {
200 	struct mutex mutex;
201 	struct xenbus_device *xbdev;
202 	struct gendisk *gd;
203 	u16 sector_size;
204 	unsigned int physical_sector_size;
205 	unsigned long vdisk_info;
206 	int vdevice;
207 	blkif_vdev_t handle;
208 	enum blkif_state connected;
209 	/* Number of pages per ring buffer. */
210 	unsigned int nr_ring_pages;
211 	struct request_queue *rq;
212 	unsigned int feature_flush:1;
213 	unsigned int feature_fua:1;
214 	unsigned int feature_discard:1;
215 	unsigned int feature_secdiscard:1;
216 	/* Connect-time cached feature_persistent parameter */
217 	unsigned int feature_persistent_parm:1;
218 	/* Persistent grants feature negotiation result */
219 	unsigned int feature_persistent:1;
220 	unsigned int bounce:1;
221 	unsigned int discard_granularity;
222 	unsigned int discard_alignment;
223 	/* Number of 4KB segments handled */
224 	unsigned int max_indirect_segments;
225 	int is_ready;
226 	struct blk_mq_tag_set tag_set;
227 	struct blkfront_ring_info *rinfo;
228 	unsigned int nr_rings;
229 	unsigned int rinfo_size;
230 	/* Save uncomplete reqs and bios for migration. */
231 	struct list_head requests;
232 	struct bio_list bio_list;
233 	struct list_head info_list;
234 };
235 
236 static unsigned int nr_minors;
237 static unsigned long *minors;
238 static DEFINE_SPINLOCK(minor_lock);
239 
240 #define PARTS_PER_DISK		16
241 #define PARTS_PER_EXT_DISK      256
242 
243 #define BLKIF_MAJOR(dev) ((dev)>>8)
244 #define BLKIF_MINOR(dev) ((dev) & 0xff)
245 
246 #define EXT_SHIFT 28
247 #define EXTENDED (1<<EXT_SHIFT)
248 #define VDEV_IS_EXTENDED(dev) ((dev)&(EXTENDED))
249 #define BLKIF_MINOR_EXT(dev) ((dev)&(~EXTENDED))
250 #define EMULATED_HD_DISK_MINOR_OFFSET (0)
251 #define EMULATED_HD_DISK_NAME_OFFSET (EMULATED_HD_DISK_MINOR_OFFSET / 256)
252 #define EMULATED_SD_DISK_MINOR_OFFSET (0)
253 #define EMULATED_SD_DISK_NAME_OFFSET (EMULATED_SD_DISK_MINOR_OFFSET / 256)
254 
255 #define DEV_NAME	"xvd"	/* name in /dev */
256 
257 /*
258  * Grants are always the same size as a Xen page (i.e 4KB).
259  * A physical segment is always the same size as a Linux page.
260  * Number of grants per physical segment
261  */
262 #define GRANTS_PER_PSEG	(PAGE_SIZE / XEN_PAGE_SIZE)
263 
264 #define GRANTS_PER_INDIRECT_FRAME \
265 	(XEN_PAGE_SIZE / sizeof(struct blkif_request_segment))
266 
267 #define INDIRECT_GREFS(_grants)		\
268 	DIV_ROUND_UP(_grants, GRANTS_PER_INDIRECT_FRAME)
269 
270 static int blkfront_setup_indirect(struct blkfront_ring_info *rinfo);
271 static void blkfront_gather_backend_features(struct blkfront_info *info);
272 static int negotiate_mq(struct blkfront_info *info);
273 
274 #define for_each_rinfo(info, ptr, idx)				\
275 	for ((ptr) = (info)->rinfo, (idx) = 0;			\
276 	     (idx) < (info)->nr_rings;				\
277 	     (idx)++, (ptr) = (void *)(ptr) + (info)->rinfo_size)
278 
279 static inline struct blkfront_ring_info *
280 get_rinfo(const struct blkfront_info *info, unsigned int i)
281 {
282 	BUG_ON(i >= info->nr_rings);
283 	return (void *)info->rinfo + i * info->rinfo_size;
284 }
285 
286 static int get_id_from_freelist(struct blkfront_ring_info *rinfo)
287 {
288 	unsigned long free = rinfo->shadow_free;
289 
290 	BUG_ON(free >= BLK_RING_SIZE(rinfo->dev_info));
291 	rinfo->shadow_free = rinfo->shadow[free].req.u.rw.id;
292 	rinfo->shadow[free].req.u.rw.id = 0x0fffffee; /* debug */
293 	return free;
294 }
295 
296 static int add_id_to_freelist(struct blkfront_ring_info *rinfo,
297 			      unsigned long id)
298 {
299 	if (rinfo->shadow[id].req.u.rw.id != id)
300 		return -EINVAL;
301 	if (rinfo->shadow[id].request == NULL)
302 		return -EINVAL;
303 	rinfo->shadow[id].req.u.rw.id  = rinfo->shadow_free;
304 	rinfo->shadow[id].request = NULL;
305 	rinfo->shadow_free = id;
306 	return 0;
307 }
308 
309 static int fill_grant_buffer(struct blkfront_ring_info *rinfo, int num)
310 {
311 	struct blkfront_info *info = rinfo->dev_info;
312 	struct page *granted_page;
313 	struct grant *gnt_list_entry, *n;
314 	int i = 0;
315 
316 	while (i < num) {
317 		gnt_list_entry = kzalloc(sizeof(struct grant), GFP_NOIO);
318 		if (!gnt_list_entry)
319 			goto out_of_memory;
320 
321 		if (info->bounce) {
322 			granted_page = alloc_page(GFP_NOIO | __GFP_ZERO);
323 			if (!granted_page) {
324 				kfree(gnt_list_entry);
325 				goto out_of_memory;
326 			}
327 			gnt_list_entry->page = granted_page;
328 		}
329 
330 		gnt_list_entry->gref = INVALID_GRANT_REF;
331 		list_add(&gnt_list_entry->node, &rinfo->grants);
332 		i++;
333 	}
334 
335 	return 0;
336 
337 out_of_memory:
338 	list_for_each_entry_safe(gnt_list_entry, n,
339 	                         &rinfo->grants, node) {
340 		list_del(&gnt_list_entry->node);
341 		if (info->bounce)
342 			__free_page(gnt_list_entry->page);
343 		kfree(gnt_list_entry);
344 		i--;
345 	}
346 	BUG_ON(i != 0);
347 	return -ENOMEM;
348 }
349 
350 static struct grant *get_free_grant(struct blkfront_ring_info *rinfo)
351 {
352 	struct grant *gnt_list_entry;
353 
354 	BUG_ON(list_empty(&rinfo->grants));
355 	gnt_list_entry = list_first_entry(&rinfo->grants, struct grant,
356 					  node);
357 	list_del(&gnt_list_entry->node);
358 
359 	if (gnt_list_entry->gref != INVALID_GRANT_REF)
360 		rinfo->persistent_gnts_c--;
361 
362 	return gnt_list_entry;
363 }
364 
365 static inline void grant_foreign_access(const struct grant *gnt_list_entry,
366 					const struct blkfront_info *info)
367 {
368 	gnttab_page_grant_foreign_access_ref_one(gnt_list_entry->gref,
369 						 info->xbdev->otherend_id,
370 						 gnt_list_entry->page,
371 						 0);
372 }
373 
374 static struct grant *get_grant(grant_ref_t *gref_head,
375 			       unsigned long gfn,
376 			       struct blkfront_ring_info *rinfo)
377 {
378 	struct grant *gnt_list_entry = get_free_grant(rinfo);
379 	struct blkfront_info *info = rinfo->dev_info;
380 
381 	if (gnt_list_entry->gref != INVALID_GRANT_REF)
382 		return gnt_list_entry;
383 
384 	/* Assign a gref to this page */
385 	gnt_list_entry->gref = gnttab_claim_grant_reference(gref_head);
386 	BUG_ON(gnt_list_entry->gref == -ENOSPC);
387 	if (info->bounce)
388 		grant_foreign_access(gnt_list_entry, info);
389 	else {
390 		/* Grant access to the GFN passed by the caller */
391 		gnttab_grant_foreign_access_ref(gnt_list_entry->gref,
392 						info->xbdev->otherend_id,
393 						gfn, 0);
394 	}
395 
396 	return gnt_list_entry;
397 }
398 
399 static struct grant *get_indirect_grant(grant_ref_t *gref_head,
400 					struct blkfront_ring_info *rinfo)
401 {
402 	struct grant *gnt_list_entry = get_free_grant(rinfo);
403 	struct blkfront_info *info = rinfo->dev_info;
404 
405 	if (gnt_list_entry->gref != INVALID_GRANT_REF)
406 		return gnt_list_entry;
407 
408 	/* Assign a gref to this page */
409 	gnt_list_entry->gref = gnttab_claim_grant_reference(gref_head);
410 	BUG_ON(gnt_list_entry->gref == -ENOSPC);
411 	if (!info->bounce) {
412 		struct page *indirect_page;
413 
414 		/* Fetch a pre-allocated page to use for indirect grefs */
415 		BUG_ON(list_empty(&rinfo->indirect_pages));
416 		indirect_page = list_first_entry(&rinfo->indirect_pages,
417 						 struct page, lru);
418 		list_del(&indirect_page->lru);
419 		gnt_list_entry->page = indirect_page;
420 	}
421 	grant_foreign_access(gnt_list_entry, info);
422 
423 	return gnt_list_entry;
424 }
425 
426 static const char *op_name(int op)
427 {
428 	static const char *const names[] = {
429 		[BLKIF_OP_READ] = "read",
430 		[BLKIF_OP_WRITE] = "write",
431 		[BLKIF_OP_WRITE_BARRIER] = "barrier",
432 		[BLKIF_OP_FLUSH_DISKCACHE] = "flush",
433 		[BLKIF_OP_DISCARD] = "discard" };
434 
435 	if (op < 0 || op >= ARRAY_SIZE(names))
436 		return "unknown";
437 
438 	if (!names[op])
439 		return "reserved";
440 
441 	return names[op];
442 }
443 static int xlbd_reserve_minors(unsigned int minor, unsigned int nr)
444 {
445 	unsigned int end = minor + nr;
446 	int rc;
447 
448 	if (end > nr_minors) {
449 		unsigned long *bitmap, *old;
450 
451 		bitmap = kcalloc(BITS_TO_LONGS(end), sizeof(*bitmap),
452 				 GFP_KERNEL);
453 		if (bitmap == NULL)
454 			return -ENOMEM;
455 
456 		spin_lock(&minor_lock);
457 		if (end > nr_minors) {
458 			old = minors;
459 			memcpy(bitmap, minors,
460 			       BITS_TO_LONGS(nr_minors) * sizeof(*bitmap));
461 			minors = bitmap;
462 			nr_minors = BITS_TO_LONGS(end) * BITS_PER_LONG;
463 		} else
464 			old = bitmap;
465 		spin_unlock(&minor_lock);
466 		kfree(old);
467 	}
468 
469 	spin_lock(&minor_lock);
470 	if (find_next_bit(minors, end, minor) >= end) {
471 		bitmap_set(minors, minor, nr);
472 		rc = 0;
473 	} else
474 		rc = -EBUSY;
475 	spin_unlock(&minor_lock);
476 
477 	return rc;
478 }
479 
480 static void xlbd_release_minors(unsigned int minor, unsigned int nr)
481 {
482 	unsigned int end = minor + nr;
483 
484 	BUG_ON(end > nr_minors);
485 	spin_lock(&minor_lock);
486 	bitmap_clear(minors,  minor, nr);
487 	spin_unlock(&minor_lock);
488 }
489 
490 static void blkif_restart_queue_callback(void *arg)
491 {
492 	struct blkfront_ring_info *rinfo = (struct blkfront_ring_info *)arg;
493 	schedule_work(&rinfo->work);
494 }
495 
496 static int blkif_getgeo(struct block_device *bd, struct hd_geometry *hg)
497 {
498 	/* We don't have real geometry info, but let's at least return
499 	   values consistent with the size of the device */
500 	sector_t nsect = get_capacity(bd->bd_disk);
501 	sector_t cylinders = nsect;
502 
503 	hg->heads = 0xff;
504 	hg->sectors = 0x3f;
505 	sector_div(cylinders, hg->heads * hg->sectors);
506 	hg->cylinders = cylinders;
507 	if ((sector_t)(hg->cylinders + 1) * hg->heads * hg->sectors < nsect)
508 		hg->cylinders = 0xffff;
509 	return 0;
510 }
511 
512 static int blkif_ioctl(struct block_device *bdev, blk_mode_t mode,
513 		       unsigned command, unsigned long argument)
514 {
515 	struct blkfront_info *info = bdev->bd_disk->private_data;
516 	int i;
517 
518 	switch (command) {
519 	case CDROMMULTISESSION:
520 		for (i = 0; i < sizeof(struct cdrom_multisession); i++)
521 			if (put_user(0, (char __user *)(argument + i)))
522 				return -EFAULT;
523 		return 0;
524 	case CDROM_GET_CAPABILITY:
525 		if (!(info->vdisk_info & VDISK_CDROM))
526 			return -EINVAL;
527 		return 0;
528 	default:
529 		return -EINVAL;
530 	}
531 }
532 
533 static unsigned long blkif_ring_get_request(struct blkfront_ring_info *rinfo,
534 					    struct request *req,
535 					    struct blkif_request **ring_req)
536 {
537 	unsigned long id;
538 
539 	*ring_req = RING_GET_REQUEST(&rinfo->ring, rinfo->ring.req_prod_pvt);
540 	rinfo->ring.req_prod_pvt++;
541 
542 	id = get_id_from_freelist(rinfo);
543 	rinfo->shadow[id].request = req;
544 	rinfo->shadow[id].status = REQ_PROCESSING;
545 	rinfo->shadow[id].associated_id = NO_ASSOCIATED_ID;
546 
547 	rinfo->shadow[id].req.u.rw.id = id;
548 
549 	return id;
550 }
551 
552 static int blkif_queue_discard_req(struct request *req, struct blkfront_ring_info *rinfo)
553 {
554 	struct blkfront_info *info = rinfo->dev_info;
555 	struct blkif_request *ring_req, *final_ring_req;
556 	unsigned long id;
557 
558 	/* Fill out a communications ring structure. */
559 	id = blkif_ring_get_request(rinfo, req, &final_ring_req);
560 	ring_req = &rinfo->shadow[id].req;
561 
562 	ring_req->operation = BLKIF_OP_DISCARD;
563 	ring_req->u.discard.nr_sectors = blk_rq_sectors(req);
564 	ring_req->u.discard.id = id;
565 	ring_req->u.discard.sector_number = (blkif_sector_t)blk_rq_pos(req);
566 	if (req_op(req) == REQ_OP_SECURE_ERASE && info->feature_secdiscard)
567 		ring_req->u.discard.flag = BLKIF_DISCARD_SECURE;
568 	else
569 		ring_req->u.discard.flag = 0;
570 
571 	/* Copy the request to the ring page. */
572 	*final_ring_req = *ring_req;
573 	rinfo->shadow[id].status = REQ_WAITING;
574 
575 	return 0;
576 }
577 
578 struct setup_rw_req {
579 	unsigned int grant_idx;
580 	struct blkif_request_segment *segments;
581 	struct blkfront_ring_info *rinfo;
582 	struct blkif_request *ring_req;
583 	grant_ref_t gref_head;
584 	unsigned int id;
585 	/* Only used when persistent grant is used and it's a write request */
586 	bool need_copy;
587 	unsigned int bvec_off;
588 	char *bvec_data;
589 
590 	bool require_extra_req;
591 	struct blkif_request *extra_ring_req;
592 };
593 
594 static void blkif_setup_rw_req_grant(unsigned long gfn, unsigned int offset,
595 				     unsigned int len, void *data)
596 {
597 	struct setup_rw_req *setup = data;
598 	int n, ref;
599 	struct grant *gnt_list_entry;
600 	unsigned int fsect, lsect;
601 	/* Convenient aliases */
602 	unsigned int grant_idx = setup->grant_idx;
603 	struct blkif_request *ring_req = setup->ring_req;
604 	struct blkfront_ring_info *rinfo = setup->rinfo;
605 	/*
606 	 * We always use the shadow of the first request to store the list
607 	 * of grant associated to the block I/O request. This made the
608 	 * completion more easy to handle even if the block I/O request is
609 	 * split.
610 	 */
611 	struct blk_shadow *shadow = &rinfo->shadow[setup->id];
612 
613 	if (unlikely(setup->require_extra_req &&
614 		     grant_idx >= BLKIF_MAX_SEGMENTS_PER_REQUEST)) {
615 		/*
616 		 * We are using the second request, setup grant_idx
617 		 * to be the index of the segment array.
618 		 */
619 		grant_idx -= BLKIF_MAX_SEGMENTS_PER_REQUEST;
620 		ring_req = setup->extra_ring_req;
621 	}
622 
623 	if ((ring_req->operation == BLKIF_OP_INDIRECT) &&
624 	    (grant_idx % GRANTS_PER_INDIRECT_FRAME == 0)) {
625 		if (setup->segments)
626 			kunmap_atomic(setup->segments);
627 
628 		n = grant_idx / GRANTS_PER_INDIRECT_FRAME;
629 		gnt_list_entry = get_indirect_grant(&setup->gref_head, rinfo);
630 		shadow->indirect_grants[n] = gnt_list_entry;
631 		setup->segments = kmap_atomic(gnt_list_entry->page);
632 		ring_req->u.indirect.indirect_grefs[n] = gnt_list_entry->gref;
633 	}
634 
635 	gnt_list_entry = get_grant(&setup->gref_head, gfn, rinfo);
636 	ref = gnt_list_entry->gref;
637 	/*
638 	 * All the grants are stored in the shadow of the first
639 	 * request. Therefore we have to use the global index.
640 	 */
641 	shadow->grants_used[setup->grant_idx] = gnt_list_entry;
642 
643 	if (setup->need_copy) {
644 		void *shared_data;
645 
646 		shared_data = kmap_atomic(gnt_list_entry->page);
647 		/*
648 		 * this does not wipe data stored outside the
649 		 * range sg->offset..sg->offset+sg->length.
650 		 * Therefore, blkback *could* see data from
651 		 * previous requests. This is OK as long as
652 		 * persistent grants are shared with just one
653 		 * domain. It may need refactoring if this
654 		 * changes
655 		 */
656 		memcpy(shared_data + offset,
657 		       setup->bvec_data + setup->bvec_off,
658 		       len);
659 
660 		kunmap_atomic(shared_data);
661 		setup->bvec_off += len;
662 	}
663 
664 	fsect = offset >> 9;
665 	lsect = fsect + (len >> 9) - 1;
666 	if (ring_req->operation != BLKIF_OP_INDIRECT) {
667 		ring_req->u.rw.seg[grant_idx] =
668 			(struct blkif_request_segment) {
669 				.gref       = ref,
670 				.first_sect = fsect,
671 				.last_sect  = lsect };
672 	} else {
673 		setup->segments[grant_idx % GRANTS_PER_INDIRECT_FRAME] =
674 			(struct blkif_request_segment) {
675 				.gref       = ref,
676 				.first_sect = fsect,
677 				.last_sect  = lsect };
678 	}
679 
680 	(setup->grant_idx)++;
681 }
682 
683 static void blkif_setup_extra_req(struct blkif_request *first,
684 				  struct blkif_request *second)
685 {
686 	uint16_t nr_segments = first->u.rw.nr_segments;
687 
688 	/*
689 	 * The second request is only present when the first request uses
690 	 * all its segments. It's always the continuity of the first one.
691 	 */
692 	first->u.rw.nr_segments = BLKIF_MAX_SEGMENTS_PER_REQUEST;
693 
694 	second->u.rw.nr_segments = nr_segments - BLKIF_MAX_SEGMENTS_PER_REQUEST;
695 	second->u.rw.sector_number = first->u.rw.sector_number +
696 		(BLKIF_MAX_SEGMENTS_PER_REQUEST * XEN_PAGE_SIZE) / 512;
697 
698 	second->u.rw.handle = first->u.rw.handle;
699 	second->operation = first->operation;
700 }
701 
702 static int blkif_queue_rw_req(struct request *req, struct blkfront_ring_info *rinfo)
703 {
704 	struct blkfront_info *info = rinfo->dev_info;
705 	struct blkif_request *ring_req, *extra_ring_req = NULL;
706 	struct blkif_request *final_ring_req, *final_extra_ring_req = NULL;
707 	unsigned long id, extra_id = NO_ASSOCIATED_ID;
708 	bool require_extra_req = false;
709 	int i;
710 	struct setup_rw_req setup = {
711 		.grant_idx = 0,
712 		.segments = NULL,
713 		.rinfo = rinfo,
714 		.need_copy = rq_data_dir(req) && info->bounce,
715 	};
716 
717 	/*
718 	 * Used to store if we are able to queue the request by just using
719 	 * existing persistent grants, or if we have to get new grants,
720 	 * as there are not sufficiently many free.
721 	 */
722 	bool new_persistent_gnts = false;
723 	struct scatterlist *sg;
724 	int num_sg, max_grefs, num_grant;
725 
726 	max_grefs = req->nr_phys_segments * GRANTS_PER_PSEG;
727 	if (max_grefs > BLKIF_MAX_SEGMENTS_PER_REQUEST)
728 		/*
729 		 * If we are using indirect segments we need to account
730 		 * for the indirect grefs used in the request.
731 		 */
732 		max_grefs += INDIRECT_GREFS(max_grefs);
733 
734 	/* Check if we have enough persistent grants to allocate a requests */
735 	if (rinfo->persistent_gnts_c < max_grefs) {
736 		new_persistent_gnts = true;
737 
738 		if (gnttab_alloc_grant_references(
739 		    max_grefs - rinfo->persistent_gnts_c,
740 		    &setup.gref_head) < 0) {
741 			gnttab_request_free_callback(
742 				&rinfo->callback,
743 				blkif_restart_queue_callback,
744 				rinfo,
745 				max_grefs - rinfo->persistent_gnts_c);
746 			return 1;
747 		}
748 	}
749 
750 	/* Fill out a communications ring structure. */
751 	id = blkif_ring_get_request(rinfo, req, &final_ring_req);
752 	ring_req = &rinfo->shadow[id].req;
753 
754 	num_sg = blk_rq_map_sg(req->q, req, rinfo->shadow[id].sg);
755 	num_grant = 0;
756 	/* Calculate the number of grant used */
757 	for_each_sg(rinfo->shadow[id].sg, sg, num_sg, i)
758 	       num_grant += gnttab_count_grant(sg->offset, sg->length);
759 
760 	require_extra_req = info->max_indirect_segments == 0 &&
761 		num_grant > BLKIF_MAX_SEGMENTS_PER_REQUEST;
762 	BUG_ON(!HAS_EXTRA_REQ && require_extra_req);
763 
764 	rinfo->shadow[id].num_sg = num_sg;
765 	if (num_grant > BLKIF_MAX_SEGMENTS_PER_REQUEST &&
766 	    likely(!require_extra_req)) {
767 		/*
768 		 * The indirect operation can only be a BLKIF_OP_READ or
769 		 * BLKIF_OP_WRITE
770 		 */
771 		BUG_ON(req_op(req) == REQ_OP_FLUSH || req->cmd_flags & REQ_FUA);
772 		ring_req->operation = BLKIF_OP_INDIRECT;
773 		ring_req->u.indirect.indirect_op = rq_data_dir(req) ?
774 			BLKIF_OP_WRITE : BLKIF_OP_READ;
775 		ring_req->u.indirect.sector_number = (blkif_sector_t)blk_rq_pos(req);
776 		ring_req->u.indirect.handle = info->handle;
777 		ring_req->u.indirect.nr_segments = num_grant;
778 	} else {
779 		ring_req->u.rw.sector_number = (blkif_sector_t)blk_rq_pos(req);
780 		ring_req->u.rw.handle = info->handle;
781 		ring_req->operation = rq_data_dir(req) ?
782 			BLKIF_OP_WRITE : BLKIF_OP_READ;
783 		if (req_op(req) == REQ_OP_FLUSH ||
784 		    (req_op(req) == REQ_OP_WRITE && (req->cmd_flags & REQ_FUA))) {
785 			/*
786 			 * Ideally we can do an unordered flush-to-disk.
787 			 * In case the backend onlysupports barriers, use that.
788 			 * A barrier request a superset of FUA, so we can
789 			 * implement it the same way.  (It's also a FLUSH+FUA,
790 			 * since it is guaranteed ordered WRT previous writes.)
791 			 *
792 			 * Note that can end up here with a FUA write and the
793 			 * flags cleared.  This happens when the flag was
794 			 * run-time disabled after a failing I/O, and we'll
795 			 * simplify submit it as a normal write.
796 			 */
797 			if (info->feature_flush && info->feature_fua)
798 				ring_req->operation =
799 					BLKIF_OP_WRITE_BARRIER;
800 			else if (info->feature_flush)
801 				ring_req->operation =
802 					BLKIF_OP_FLUSH_DISKCACHE;
803 		}
804 		ring_req->u.rw.nr_segments = num_grant;
805 		if (unlikely(require_extra_req)) {
806 			extra_id = blkif_ring_get_request(rinfo, req,
807 							  &final_extra_ring_req);
808 			extra_ring_req = &rinfo->shadow[extra_id].req;
809 
810 			/*
811 			 * Only the first request contains the scatter-gather
812 			 * list.
813 			 */
814 			rinfo->shadow[extra_id].num_sg = 0;
815 
816 			blkif_setup_extra_req(ring_req, extra_ring_req);
817 
818 			/* Link the 2 requests together */
819 			rinfo->shadow[extra_id].associated_id = id;
820 			rinfo->shadow[id].associated_id = extra_id;
821 		}
822 	}
823 
824 	setup.ring_req = ring_req;
825 	setup.id = id;
826 
827 	setup.require_extra_req = require_extra_req;
828 	if (unlikely(require_extra_req))
829 		setup.extra_ring_req = extra_ring_req;
830 
831 	for_each_sg(rinfo->shadow[id].sg, sg, num_sg, i) {
832 		BUG_ON(sg->offset + sg->length > PAGE_SIZE);
833 
834 		if (setup.need_copy) {
835 			setup.bvec_off = sg->offset;
836 			setup.bvec_data = kmap_atomic(sg_page(sg));
837 		}
838 
839 		gnttab_foreach_grant_in_range(sg_page(sg),
840 					      sg->offset,
841 					      sg->length,
842 					      blkif_setup_rw_req_grant,
843 					      &setup);
844 
845 		if (setup.need_copy)
846 			kunmap_atomic(setup.bvec_data);
847 	}
848 	if (setup.segments)
849 		kunmap_atomic(setup.segments);
850 
851 	/* Copy request(s) to the ring page. */
852 	*final_ring_req = *ring_req;
853 	rinfo->shadow[id].status = REQ_WAITING;
854 	if (unlikely(require_extra_req)) {
855 		*final_extra_ring_req = *extra_ring_req;
856 		rinfo->shadow[extra_id].status = REQ_WAITING;
857 	}
858 
859 	if (new_persistent_gnts)
860 		gnttab_free_grant_references(setup.gref_head);
861 
862 	return 0;
863 }
864 
865 /*
866  * Generate a Xen blkfront IO request from a blk layer request.  Reads
867  * and writes are handled as expected.
868  *
869  * @req: a request struct
870  */
871 static int blkif_queue_request(struct request *req, struct blkfront_ring_info *rinfo)
872 {
873 	if (unlikely(rinfo->dev_info->connected != BLKIF_STATE_CONNECTED))
874 		return 1;
875 
876 	if (unlikely(req_op(req) == REQ_OP_DISCARD ||
877 		     req_op(req) == REQ_OP_SECURE_ERASE))
878 		return blkif_queue_discard_req(req, rinfo);
879 	else
880 		return blkif_queue_rw_req(req, rinfo);
881 }
882 
883 static inline void flush_requests(struct blkfront_ring_info *rinfo)
884 {
885 	int notify;
886 
887 	RING_PUSH_REQUESTS_AND_CHECK_NOTIFY(&rinfo->ring, notify);
888 
889 	if (notify)
890 		notify_remote_via_irq(rinfo->irq);
891 }
892 
893 static blk_status_t blkif_queue_rq(struct blk_mq_hw_ctx *hctx,
894 			  const struct blk_mq_queue_data *qd)
895 {
896 	unsigned long flags;
897 	int qid = hctx->queue_num;
898 	struct blkfront_info *info = hctx->queue->queuedata;
899 	struct blkfront_ring_info *rinfo = NULL;
900 
901 	rinfo = get_rinfo(info, qid);
902 	blk_mq_start_request(qd->rq);
903 	spin_lock_irqsave(&rinfo->ring_lock, flags);
904 
905 	/*
906 	 * Check if the backend actually supports flushes.
907 	 *
908 	 * While the block layer won't send us flushes if we don't claim to
909 	 * support them, the Xen protocol allows the backend to revoke support
910 	 * at any time.  That is of course a really bad idea and dangerous, but
911 	 * has been allowed for 10+ years.  In that case we simply clear the
912 	 * flags, and directly return here for an empty flush and ignore the
913 	 * FUA flag later on.
914 	 */
915 	if (unlikely(req_op(qd->rq) == REQ_OP_FLUSH && !info->feature_flush))
916 		goto complete;
917 
918 	if (RING_FULL(&rinfo->ring))
919 		goto out_busy;
920 	if (blkif_queue_request(qd->rq, rinfo))
921 		goto out_busy;
922 
923 	flush_requests(rinfo);
924 	spin_unlock_irqrestore(&rinfo->ring_lock, flags);
925 	return BLK_STS_OK;
926 
927 out_busy:
928 	blk_mq_stop_hw_queue(hctx);
929 	spin_unlock_irqrestore(&rinfo->ring_lock, flags);
930 	return BLK_STS_DEV_RESOURCE;
931 complete:
932 	spin_unlock_irqrestore(&rinfo->ring_lock, flags);
933 	blk_mq_end_request(qd->rq, BLK_STS_OK);
934 	return BLK_STS_OK;
935 }
936 
937 static void blkif_complete_rq(struct request *rq)
938 {
939 	blk_mq_end_request(rq, blkif_req(rq)->error);
940 }
941 
942 static const struct blk_mq_ops blkfront_mq_ops = {
943 	.queue_rq = blkif_queue_rq,
944 	.complete = blkif_complete_rq,
945 };
946 
947 static void blkif_set_queue_limits(const struct blkfront_info *info,
948 		struct queue_limits *lim)
949 {
950 	unsigned int segments = info->max_indirect_segments ? :
951 				BLKIF_MAX_SEGMENTS_PER_REQUEST;
952 
953 	if (info->feature_discard) {
954 		lim->max_hw_discard_sectors = UINT_MAX;
955 		if (info->discard_granularity)
956 			lim->discard_granularity = info->discard_granularity;
957 		lim->discard_alignment = info->discard_alignment;
958 		if (info->feature_secdiscard)
959 			lim->max_secure_erase_sectors = UINT_MAX;
960 	}
961 
962 	if (info->feature_flush) {
963 		lim->features |= BLK_FEAT_WRITE_CACHE;
964 		if (info->feature_fua)
965 			lim->features |= BLK_FEAT_FUA;
966 	}
967 
968 	/* Hard sector size and max sectors impersonate the equiv. hardware. */
969 	lim->logical_block_size = info->sector_size;
970 	lim->physical_block_size = info->physical_sector_size;
971 	lim->max_hw_sectors = (segments * XEN_PAGE_SIZE) / 512;
972 
973 	/* Each segment in a request is up to an aligned page in size. */
974 	lim->seg_boundary_mask = PAGE_SIZE - 1;
975 	lim->max_segment_size = PAGE_SIZE;
976 
977 	/* Ensure a merged request will fit in a single I/O ring slot. */
978 	lim->max_segments = segments / GRANTS_PER_PSEG;
979 
980 	/* Make sure buffer addresses are sector-aligned. */
981 	lim->dma_alignment = 511;
982 }
983 
984 static const char *flush_info(struct blkfront_info *info)
985 {
986 	if (info->feature_flush && info->feature_fua)
987 		return "barrier: enabled;";
988 	else if (info->feature_flush)
989 		return "flush diskcache: enabled;";
990 	else
991 		return "barrier or flush: disabled;";
992 }
993 
994 static void xlvbd_flush(struct blkfront_info *info)
995 {
996 	pr_info("blkfront: %s: %s %s %s %s %s %s %s\n",
997 		info->gd->disk_name, flush_info(info),
998 		"persistent grants:", info->feature_persistent ?
999 		"enabled;" : "disabled;", "indirect descriptors:",
1000 		info->max_indirect_segments ? "enabled;" : "disabled;",
1001 		"bounce buffer:", info->bounce ? "enabled" : "disabled;");
1002 }
1003 
1004 static int xen_translate_vdev(int vdevice, int *minor, unsigned int *offset)
1005 {
1006 	int major;
1007 	major = BLKIF_MAJOR(vdevice);
1008 	*minor = BLKIF_MINOR(vdevice);
1009 	switch (major) {
1010 		case XEN_IDE0_MAJOR:
1011 			*offset = (*minor / 64) + EMULATED_HD_DISK_NAME_OFFSET;
1012 			*minor = ((*minor / 64) * PARTS_PER_DISK) +
1013 				EMULATED_HD_DISK_MINOR_OFFSET;
1014 			break;
1015 		case XEN_IDE1_MAJOR:
1016 			*offset = (*minor / 64) + 2 + EMULATED_HD_DISK_NAME_OFFSET;
1017 			*minor = (((*minor / 64) + 2) * PARTS_PER_DISK) +
1018 				EMULATED_HD_DISK_MINOR_OFFSET;
1019 			break;
1020 		case XEN_SCSI_DISK0_MAJOR:
1021 			*offset = (*minor / PARTS_PER_DISK) + EMULATED_SD_DISK_NAME_OFFSET;
1022 			*minor = *minor + EMULATED_SD_DISK_MINOR_OFFSET;
1023 			break;
1024 		case XEN_SCSI_DISK1_MAJOR:
1025 		case XEN_SCSI_DISK2_MAJOR:
1026 		case XEN_SCSI_DISK3_MAJOR:
1027 		case XEN_SCSI_DISK4_MAJOR:
1028 		case XEN_SCSI_DISK5_MAJOR:
1029 		case XEN_SCSI_DISK6_MAJOR:
1030 		case XEN_SCSI_DISK7_MAJOR:
1031 			*offset = (*minor / PARTS_PER_DISK) +
1032 				((major - XEN_SCSI_DISK1_MAJOR + 1) * 16) +
1033 				EMULATED_SD_DISK_NAME_OFFSET;
1034 			*minor = *minor +
1035 				((major - XEN_SCSI_DISK1_MAJOR + 1) * 16 * PARTS_PER_DISK) +
1036 				EMULATED_SD_DISK_MINOR_OFFSET;
1037 			break;
1038 		case XEN_SCSI_DISK8_MAJOR:
1039 		case XEN_SCSI_DISK9_MAJOR:
1040 		case XEN_SCSI_DISK10_MAJOR:
1041 		case XEN_SCSI_DISK11_MAJOR:
1042 		case XEN_SCSI_DISK12_MAJOR:
1043 		case XEN_SCSI_DISK13_MAJOR:
1044 		case XEN_SCSI_DISK14_MAJOR:
1045 		case XEN_SCSI_DISK15_MAJOR:
1046 			*offset = (*minor / PARTS_PER_DISK) +
1047 				((major - XEN_SCSI_DISK8_MAJOR + 8) * 16) +
1048 				EMULATED_SD_DISK_NAME_OFFSET;
1049 			*minor = *minor +
1050 				((major - XEN_SCSI_DISK8_MAJOR + 8) * 16 * PARTS_PER_DISK) +
1051 				EMULATED_SD_DISK_MINOR_OFFSET;
1052 			break;
1053 		case XENVBD_MAJOR:
1054 			*offset = *minor / PARTS_PER_DISK;
1055 			break;
1056 		default:
1057 			printk(KERN_WARNING "blkfront: your disk configuration is "
1058 					"incorrect, please use an xvd device instead\n");
1059 			return -ENODEV;
1060 	}
1061 	return 0;
1062 }
1063 
1064 static char *encode_disk_name(char *ptr, unsigned int n)
1065 {
1066 	if (n >= 26)
1067 		ptr = encode_disk_name(ptr, n / 26 - 1);
1068 	*ptr = 'a' + n % 26;
1069 	return ptr + 1;
1070 }
1071 
1072 static int xlvbd_alloc_gendisk(blkif_sector_t capacity,
1073 		struct blkfront_info *info)
1074 {
1075 	struct queue_limits lim = {};
1076 	struct gendisk *gd;
1077 	int nr_minors = 1;
1078 	int err;
1079 	unsigned int offset;
1080 	int minor;
1081 	int nr_parts;
1082 	char *ptr;
1083 
1084 	BUG_ON(info->gd != NULL);
1085 	BUG_ON(info->rq != NULL);
1086 
1087 	if ((info->vdevice>>EXT_SHIFT) > 1) {
1088 		/* this is above the extended range; something is wrong */
1089 		printk(KERN_WARNING "blkfront: vdevice 0x%x is above the extended range; ignoring\n", info->vdevice);
1090 		return -ENODEV;
1091 	}
1092 
1093 	if (!VDEV_IS_EXTENDED(info->vdevice)) {
1094 		err = xen_translate_vdev(info->vdevice, &minor, &offset);
1095 		if (err)
1096 			return err;
1097 		nr_parts = PARTS_PER_DISK;
1098 	} else {
1099 		minor = BLKIF_MINOR_EXT(info->vdevice);
1100 		nr_parts = PARTS_PER_EXT_DISK;
1101 		offset = minor / nr_parts;
1102 		if (xen_hvm_domain() && offset < EMULATED_HD_DISK_NAME_OFFSET + 4)
1103 			printk(KERN_WARNING "blkfront: vdevice 0x%x might conflict with "
1104 					"emulated IDE disks,\n\t choose an xvd device name"
1105 					"from xvde on\n", info->vdevice);
1106 	}
1107 	if (minor >> MINORBITS) {
1108 		pr_warn("blkfront: %#x's minor (%#x) out of range; ignoring\n",
1109 			info->vdevice, minor);
1110 		return -ENODEV;
1111 	}
1112 
1113 	if ((minor % nr_parts) == 0)
1114 		nr_minors = nr_parts;
1115 
1116 	err = xlbd_reserve_minors(minor, nr_minors);
1117 	if (err)
1118 		return err;
1119 
1120 	memset(&info->tag_set, 0, sizeof(info->tag_set));
1121 	info->tag_set.ops = &blkfront_mq_ops;
1122 	info->tag_set.nr_hw_queues = info->nr_rings;
1123 	if (HAS_EXTRA_REQ && info->max_indirect_segments == 0) {
1124 		/*
1125 		 * When indirect descriptior is not supported, the I/O request
1126 		 * will be split between multiple request in the ring.
1127 		 * To avoid problems when sending the request, divide by
1128 		 * 2 the depth of the queue.
1129 		 */
1130 		info->tag_set.queue_depth =  BLK_RING_SIZE(info) / 2;
1131 	} else
1132 		info->tag_set.queue_depth = BLK_RING_SIZE(info);
1133 	info->tag_set.numa_node = NUMA_NO_NODE;
1134 	info->tag_set.flags = BLK_MQ_F_SHOULD_MERGE;
1135 	info->tag_set.cmd_size = sizeof(struct blkif_req);
1136 	info->tag_set.driver_data = info;
1137 
1138 	err = blk_mq_alloc_tag_set(&info->tag_set);
1139 	if (err)
1140 		goto out_release_minors;
1141 
1142 	blkif_set_queue_limits(info, &lim);
1143 	gd = blk_mq_alloc_disk(&info->tag_set, &lim, info);
1144 	if (IS_ERR(gd)) {
1145 		err = PTR_ERR(gd);
1146 		goto out_free_tag_set;
1147 	}
1148 
1149 	strcpy(gd->disk_name, DEV_NAME);
1150 	ptr = encode_disk_name(gd->disk_name + sizeof(DEV_NAME) - 1, offset);
1151 	BUG_ON(ptr >= gd->disk_name + DISK_NAME_LEN);
1152 	if (nr_minors > 1)
1153 		*ptr = 0;
1154 	else
1155 		snprintf(ptr, gd->disk_name + DISK_NAME_LEN - ptr,
1156 			 "%d", minor & (nr_parts - 1));
1157 
1158 	gd->major = XENVBD_MAJOR;
1159 	gd->first_minor = minor;
1160 	gd->minors = nr_minors;
1161 	gd->fops = &xlvbd_block_fops;
1162 	gd->private_data = info;
1163 	set_capacity(gd, capacity);
1164 
1165 	info->rq = gd->queue;
1166 	info->gd = gd;
1167 
1168 	xlvbd_flush(info);
1169 
1170 	if (info->vdisk_info & VDISK_READONLY)
1171 		set_disk_ro(gd, 1);
1172 	if (info->vdisk_info & VDISK_REMOVABLE)
1173 		gd->flags |= GENHD_FL_REMOVABLE;
1174 
1175 	return 0;
1176 
1177 out_free_tag_set:
1178 	blk_mq_free_tag_set(&info->tag_set);
1179 out_release_minors:
1180 	xlbd_release_minors(minor, nr_minors);
1181 	return err;
1182 }
1183 
1184 /* Already hold rinfo->ring_lock. */
1185 static inline void kick_pending_request_queues_locked(struct blkfront_ring_info *rinfo)
1186 {
1187 	if (!RING_FULL(&rinfo->ring))
1188 		blk_mq_start_stopped_hw_queues(rinfo->dev_info->rq, true);
1189 }
1190 
1191 static void kick_pending_request_queues(struct blkfront_ring_info *rinfo)
1192 {
1193 	unsigned long flags;
1194 
1195 	spin_lock_irqsave(&rinfo->ring_lock, flags);
1196 	kick_pending_request_queues_locked(rinfo);
1197 	spin_unlock_irqrestore(&rinfo->ring_lock, flags);
1198 }
1199 
1200 static void blkif_restart_queue(struct work_struct *work)
1201 {
1202 	struct blkfront_ring_info *rinfo = container_of(work, struct blkfront_ring_info, work);
1203 
1204 	if (rinfo->dev_info->connected == BLKIF_STATE_CONNECTED)
1205 		kick_pending_request_queues(rinfo);
1206 }
1207 
1208 static void blkif_free_ring(struct blkfront_ring_info *rinfo)
1209 {
1210 	struct grant *persistent_gnt, *n;
1211 	struct blkfront_info *info = rinfo->dev_info;
1212 	int i, j, segs;
1213 
1214 	/*
1215 	 * Remove indirect pages, this only happens when using indirect
1216 	 * descriptors but not persistent grants
1217 	 */
1218 	if (!list_empty(&rinfo->indirect_pages)) {
1219 		struct page *indirect_page, *n;
1220 
1221 		BUG_ON(info->bounce);
1222 		list_for_each_entry_safe(indirect_page, n, &rinfo->indirect_pages, lru) {
1223 			list_del(&indirect_page->lru);
1224 			__free_page(indirect_page);
1225 		}
1226 	}
1227 
1228 	/* Remove all persistent grants. */
1229 	if (!list_empty(&rinfo->grants)) {
1230 		list_for_each_entry_safe(persistent_gnt, n,
1231 					 &rinfo->grants, node) {
1232 			list_del(&persistent_gnt->node);
1233 			if (persistent_gnt->gref != INVALID_GRANT_REF) {
1234 				gnttab_end_foreign_access(persistent_gnt->gref,
1235 							  NULL);
1236 				rinfo->persistent_gnts_c--;
1237 			}
1238 			if (info->bounce)
1239 				__free_page(persistent_gnt->page);
1240 			kfree(persistent_gnt);
1241 		}
1242 	}
1243 	BUG_ON(rinfo->persistent_gnts_c != 0);
1244 
1245 	for (i = 0; i < BLK_RING_SIZE(info); i++) {
1246 		/*
1247 		 * Clear persistent grants present in requests already
1248 		 * on the shared ring
1249 		 */
1250 		if (!rinfo->shadow[i].request)
1251 			goto free_shadow;
1252 
1253 		segs = rinfo->shadow[i].req.operation == BLKIF_OP_INDIRECT ?
1254 		       rinfo->shadow[i].req.u.indirect.nr_segments :
1255 		       rinfo->shadow[i].req.u.rw.nr_segments;
1256 		for (j = 0; j < segs; j++) {
1257 			persistent_gnt = rinfo->shadow[i].grants_used[j];
1258 			gnttab_end_foreign_access(persistent_gnt->gref, NULL);
1259 			if (info->bounce)
1260 				__free_page(persistent_gnt->page);
1261 			kfree(persistent_gnt);
1262 		}
1263 
1264 		if (rinfo->shadow[i].req.operation != BLKIF_OP_INDIRECT)
1265 			/*
1266 			 * If this is not an indirect operation don't try to
1267 			 * free indirect segments
1268 			 */
1269 			goto free_shadow;
1270 
1271 		for (j = 0; j < INDIRECT_GREFS(segs); j++) {
1272 			persistent_gnt = rinfo->shadow[i].indirect_grants[j];
1273 			gnttab_end_foreign_access(persistent_gnt->gref, NULL);
1274 			__free_page(persistent_gnt->page);
1275 			kfree(persistent_gnt);
1276 		}
1277 
1278 free_shadow:
1279 		kvfree(rinfo->shadow[i].grants_used);
1280 		rinfo->shadow[i].grants_used = NULL;
1281 		kvfree(rinfo->shadow[i].indirect_grants);
1282 		rinfo->shadow[i].indirect_grants = NULL;
1283 		kvfree(rinfo->shadow[i].sg);
1284 		rinfo->shadow[i].sg = NULL;
1285 	}
1286 
1287 	/* No more gnttab callback work. */
1288 	gnttab_cancel_free_callback(&rinfo->callback);
1289 
1290 	/* Flush gnttab callback work. Must be done with no locks held. */
1291 	flush_work(&rinfo->work);
1292 
1293 	/* Free resources associated with old device channel. */
1294 	xenbus_teardown_ring((void **)&rinfo->ring.sring, info->nr_ring_pages,
1295 			     rinfo->ring_ref);
1296 
1297 	if (rinfo->irq)
1298 		unbind_from_irqhandler(rinfo->irq, rinfo);
1299 	rinfo->evtchn = rinfo->irq = 0;
1300 }
1301 
1302 static void blkif_free(struct blkfront_info *info, int suspend)
1303 {
1304 	unsigned int i;
1305 	struct blkfront_ring_info *rinfo;
1306 
1307 	/* Prevent new requests being issued until we fix things up. */
1308 	info->connected = suspend ?
1309 		BLKIF_STATE_SUSPENDED : BLKIF_STATE_DISCONNECTED;
1310 	/* No more blkif_request(). */
1311 	if (info->rq)
1312 		blk_mq_stop_hw_queues(info->rq);
1313 
1314 	for_each_rinfo(info, rinfo, i)
1315 		blkif_free_ring(rinfo);
1316 
1317 	kvfree(info->rinfo);
1318 	info->rinfo = NULL;
1319 	info->nr_rings = 0;
1320 }
1321 
1322 struct copy_from_grant {
1323 	const struct blk_shadow *s;
1324 	unsigned int grant_idx;
1325 	unsigned int bvec_offset;
1326 	char *bvec_data;
1327 };
1328 
1329 static void blkif_copy_from_grant(unsigned long gfn, unsigned int offset,
1330 				  unsigned int len, void *data)
1331 {
1332 	struct copy_from_grant *info = data;
1333 	char *shared_data;
1334 	/* Convenient aliases */
1335 	const struct blk_shadow *s = info->s;
1336 
1337 	shared_data = kmap_atomic(s->grants_used[info->grant_idx]->page);
1338 
1339 	memcpy(info->bvec_data + info->bvec_offset,
1340 	       shared_data + offset, len);
1341 
1342 	info->bvec_offset += len;
1343 	info->grant_idx++;
1344 
1345 	kunmap_atomic(shared_data);
1346 }
1347 
1348 static enum blk_req_status blkif_rsp_to_req_status(int rsp)
1349 {
1350 	switch (rsp)
1351 	{
1352 	case BLKIF_RSP_OKAY:
1353 		return REQ_DONE;
1354 	case BLKIF_RSP_EOPNOTSUPP:
1355 		return REQ_EOPNOTSUPP;
1356 	case BLKIF_RSP_ERROR:
1357 	default:
1358 		return REQ_ERROR;
1359 	}
1360 }
1361 
1362 /*
1363  * Get the final status of the block request based on two ring response
1364  */
1365 static int blkif_get_final_status(enum blk_req_status s1,
1366 				  enum blk_req_status s2)
1367 {
1368 	BUG_ON(s1 < REQ_DONE);
1369 	BUG_ON(s2 < REQ_DONE);
1370 
1371 	if (s1 == REQ_ERROR || s2 == REQ_ERROR)
1372 		return BLKIF_RSP_ERROR;
1373 	else if (s1 == REQ_EOPNOTSUPP || s2 == REQ_EOPNOTSUPP)
1374 		return BLKIF_RSP_EOPNOTSUPP;
1375 	return BLKIF_RSP_OKAY;
1376 }
1377 
1378 /*
1379  * Return values:
1380  *  1 response processed.
1381  *  0 missing further responses.
1382  * -1 error while processing.
1383  */
1384 static int blkif_completion(unsigned long *id,
1385 			    struct blkfront_ring_info *rinfo,
1386 			    struct blkif_response *bret)
1387 {
1388 	int i = 0;
1389 	struct scatterlist *sg;
1390 	int num_sg, num_grant;
1391 	struct blkfront_info *info = rinfo->dev_info;
1392 	struct blk_shadow *s = &rinfo->shadow[*id];
1393 	struct copy_from_grant data = {
1394 		.grant_idx = 0,
1395 	};
1396 
1397 	num_grant = s->req.operation == BLKIF_OP_INDIRECT ?
1398 		s->req.u.indirect.nr_segments : s->req.u.rw.nr_segments;
1399 
1400 	/* The I/O request may be split in two. */
1401 	if (unlikely(s->associated_id != NO_ASSOCIATED_ID)) {
1402 		struct blk_shadow *s2 = &rinfo->shadow[s->associated_id];
1403 
1404 		/* Keep the status of the current response in shadow. */
1405 		s->status = blkif_rsp_to_req_status(bret->status);
1406 
1407 		/* Wait the second response if not yet here. */
1408 		if (s2->status < REQ_DONE)
1409 			return 0;
1410 
1411 		bret->status = blkif_get_final_status(s->status,
1412 						      s2->status);
1413 
1414 		/*
1415 		 * All the grants is stored in the first shadow in order
1416 		 * to make the completion code simpler.
1417 		 */
1418 		num_grant += s2->req.u.rw.nr_segments;
1419 
1420 		/*
1421 		 * The two responses may not come in order. Only the
1422 		 * first request will store the scatter-gather list.
1423 		 */
1424 		if (s2->num_sg != 0) {
1425 			/* Update "id" with the ID of the first response. */
1426 			*id = s->associated_id;
1427 			s = s2;
1428 		}
1429 
1430 		/*
1431 		 * We don't need anymore the second request, so recycling
1432 		 * it now.
1433 		 */
1434 		if (add_id_to_freelist(rinfo, s->associated_id))
1435 			WARN(1, "%s: can't recycle the second part (id = %ld) of the request\n",
1436 			     info->gd->disk_name, s->associated_id);
1437 	}
1438 
1439 	data.s = s;
1440 	num_sg = s->num_sg;
1441 
1442 	if (bret->operation == BLKIF_OP_READ && info->bounce) {
1443 		for_each_sg(s->sg, sg, num_sg, i) {
1444 			BUG_ON(sg->offset + sg->length > PAGE_SIZE);
1445 
1446 			data.bvec_offset = sg->offset;
1447 			data.bvec_data = kmap_atomic(sg_page(sg));
1448 
1449 			gnttab_foreach_grant_in_range(sg_page(sg),
1450 						      sg->offset,
1451 						      sg->length,
1452 						      blkif_copy_from_grant,
1453 						      &data);
1454 
1455 			kunmap_atomic(data.bvec_data);
1456 		}
1457 	}
1458 	/* Add the persistent grant into the list of free grants */
1459 	for (i = 0; i < num_grant; i++) {
1460 		if (!gnttab_try_end_foreign_access(s->grants_used[i]->gref)) {
1461 			/*
1462 			 * If the grant is still mapped by the backend (the
1463 			 * backend has chosen to make this grant persistent)
1464 			 * we add it at the head of the list, so it will be
1465 			 * reused first.
1466 			 */
1467 			if (!info->feature_persistent) {
1468 				pr_alert("backed has not unmapped grant: %u\n",
1469 					 s->grants_used[i]->gref);
1470 				return -1;
1471 			}
1472 			list_add(&s->grants_used[i]->node, &rinfo->grants);
1473 			rinfo->persistent_gnts_c++;
1474 		} else {
1475 			/*
1476 			 * If the grant is not mapped by the backend we add it
1477 			 * to the tail of the list, so it will not be picked
1478 			 * again unless we run out of persistent grants.
1479 			 */
1480 			s->grants_used[i]->gref = INVALID_GRANT_REF;
1481 			list_add_tail(&s->grants_used[i]->node, &rinfo->grants);
1482 		}
1483 	}
1484 	if (s->req.operation == BLKIF_OP_INDIRECT) {
1485 		for (i = 0; i < INDIRECT_GREFS(num_grant); i++) {
1486 			if (!gnttab_try_end_foreign_access(s->indirect_grants[i]->gref)) {
1487 				if (!info->feature_persistent) {
1488 					pr_alert("backed has not unmapped grant: %u\n",
1489 						 s->indirect_grants[i]->gref);
1490 					return -1;
1491 				}
1492 				list_add(&s->indirect_grants[i]->node, &rinfo->grants);
1493 				rinfo->persistent_gnts_c++;
1494 			} else {
1495 				struct page *indirect_page;
1496 
1497 				/*
1498 				 * Add the used indirect page back to the list of
1499 				 * available pages for indirect grefs.
1500 				 */
1501 				if (!info->bounce) {
1502 					indirect_page = s->indirect_grants[i]->page;
1503 					list_add(&indirect_page->lru, &rinfo->indirect_pages);
1504 				}
1505 				s->indirect_grants[i]->gref = INVALID_GRANT_REF;
1506 				list_add_tail(&s->indirect_grants[i]->node, &rinfo->grants);
1507 			}
1508 		}
1509 	}
1510 
1511 	return 1;
1512 }
1513 
1514 static irqreturn_t blkif_interrupt(int irq, void *dev_id)
1515 {
1516 	struct request *req;
1517 	struct blkif_response bret;
1518 	RING_IDX i, rp;
1519 	unsigned long flags;
1520 	struct blkfront_ring_info *rinfo = (struct blkfront_ring_info *)dev_id;
1521 	struct blkfront_info *info = rinfo->dev_info;
1522 	unsigned int eoiflag = XEN_EOI_FLAG_SPURIOUS;
1523 
1524 	if (unlikely(info->connected != BLKIF_STATE_CONNECTED)) {
1525 		xen_irq_lateeoi(irq, XEN_EOI_FLAG_SPURIOUS);
1526 		return IRQ_HANDLED;
1527 	}
1528 
1529 	spin_lock_irqsave(&rinfo->ring_lock, flags);
1530  again:
1531 	rp = READ_ONCE(rinfo->ring.sring->rsp_prod);
1532 	virt_rmb(); /* Ensure we see queued responses up to 'rp'. */
1533 	if (RING_RESPONSE_PROD_OVERFLOW(&rinfo->ring, rp)) {
1534 		pr_alert("%s: illegal number of responses %u\n",
1535 			 info->gd->disk_name, rp - rinfo->ring.rsp_cons);
1536 		goto err;
1537 	}
1538 
1539 	for (i = rinfo->ring.rsp_cons; i != rp; i++) {
1540 		unsigned long id;
1541 		unsigned int op;
1542 
1543 		eoiflag = 0;
1544 
1545 		RING_COPY_RESPONSE(&rinfo->ring, i, &bret);
1546 		id = bret.id;
1547 
1548 		/*
1549 		 * The backend has messed up and given us an id that we would
1550 		 * never have given to it (we stamp it up to BLK_RING_SIZE -
1551 		 * look in get_id_from_freelist.
1552 		 */
1553 		if (id >= BLK_RING_SIZE(info)) {
1554 			pr_alert("%s: response has incorrect id (%ld)\n",
1555 				 info->gd->disk_name, id);
1556 			goto err;
1557 		}
1558 		if (rinfo->shadow[id].status != REQ_WAITING) {
1559 			pr_alert("%s: response references no pending request\n",
1560 				 info->gd->disk_name);
1561 			goto err;
1562 		}
1563 
1564 		rinfo->shadow[id].status = REQ_PROCESSING;
1565 		req  = rinfo->shadow[id].request;
1566 
1567 		op = rinfo->shadow[id].req.operation;
1568 		if (op == BLKIF_OP_INDIRECT)
1569 			op = rinfo->shadow[id].req.u.indirect.indirect_op;
1570 		if (bret.operation != op) {
1571 			pr_alert("%s: response has wrong operation (%u instead of %u)\n",
1572 				 info->gd->disk_name, bret.operation, op);
1573 			goto err;
1574 		}
1575 
1576 		if (bret.operation != BLKIF_OP_DISCARD) {
1577 			int ret;
1578 
1579 			/*
1580 			 * We may need to wait for an extra response if the
1581 			 * I/O request is split in 2
1582 			 */
1583 			ret = blkif_completion(&id, rinfo, &bret);
1584 			if (!ret)
1585 				continue;
1586 			if (unlikely(ret < 0))
1587 				goto err;
1588 		}
1589 
1590 		if (add_id_to_freelist(rinfo, id)) {
1591 			WARN(1, "%s: response to %s (id %ld) couldn't be recycled!\n",
1592 			     info->gd->disk_name, op_name(bret.operation), id);
1593 			continue;
1594 		}
1595 
1596 		if (bret.status == BLKIF_RSP_OKAY)
1597 			blkif_req(req)->error = BLK_STS_OK;
1598 		else
1599 			blkif_req(req)->error = BLK_STS_IOERR;
1600 
1601 		switch (bret.operation) {
1602 		case BLKIF_OP_DISCARD:
1603 			if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) {
1604 				struct request_queue *rq = info->rq;
1605 
1606 				pr_warn_ratelimited("blkfront: %s: %s op failed\n",
1607 					   info->gd->disk_name, op_name(bret.operation));
1608 				blkif_req(req)->error = BLK_STS_NOTSUPP;
1609 				info->feature_discard = 0;
1610 				info->feature_secdiscard = 0;
1611 				blk_queue_disable_discard(rq);
1612 				blk_queue_disable_secure_erase(rq);
1613 			}
1614 			break;
1615 		case BLKIF_OP_FLUSH_DISKCACHE:
1616 		case BLKIF_OP_WRITE_BARRIER:
1617 			if (unlikely(bret.status == BLKIF_RSP_EOPNOTSUPP)) {
1618 				pr_warn_ratelimited("blkfront: %s: %s op failed\n",
1619 				       info->gd->disk_name, op_name(bret.operation));
1620 				blkif_req(req)->error = BLK_STS_NOTSUPP;
1621 			}
1622 			if (unlikely(bret.status == BLKIF_RSP_ERROR &&
1623 				     rinfo->shadow[id].req.u.rw.nr_segments == 0)) {
1624 				pr_warn_ratelimited("blkfront: %s: empty %s op failed\n",
1625 				       info->gd->disk_name, op_name(bret.operation));
1626 				blkif_req(req)->error = BLK_STS_NOTSUPP;
1627 			}
1628 			if (unlikely(blkif_req(req)->error)) {
1629 				if (blkif_req(req)->error == BLK_STS_NOTSUPP)
1630 					blkif_req(req)->error = BLK_STS_OK;
1631 				info->feature_fua = 0;
1632 				info->feature_flush = 0;
1633 			}
1634 			fallthrough;
1635 		case BLKIF_OP_READ:
1636 		case BLKIF_OP_WRITE:
1637 			if (unlikely(bret.status != BLKIF_RSP_OKAY))
1638 				dev_dbg_ratelimited(&info->xbdev->dev,
1639 					"Bad return from blkdev data request: %#x\n",
1640 					bret.status);
1641 
1642 			break;
1643 		default:
1644 			BUG();
1645 		}
1646 
1647 		if (likely(!blk_should_fake_timeout(req->q)))
1648 			blk_mq_complete_request(req);
1649 	}
1650 
1651 	rinfo->ring.rsp_cons = i;
1652 
1653 	if (i != rinfo->ring.req_prod_pvt) {
1654 		int more_to_do;
1655 		RING_FINAL_CHECK_FOR_RESPONSES(&rinfo->ring, more_to_do);
1656 		if (more_to_do)
1657 			goto again;
1658 	} else
1659 		rinfo->ring.sring->rsp_event = i + 1;
1660 
1661 	kick_pending_request_queues_locked(rinfo);
1662 
1663 	spin_unlock_irqrestore(&rinfo->ring_lock, flags);
1664 
1665 	xen_irq_lateeoi(irq, eoiflag);
1666 
1667 	return IRQ_HANDLED;
1668 
1669  err:
1670 	info->connected = BLKIF_STATE_ERROR;
1671 
1672 	spin_unlock_irqrestore(&rinfo->ring_lock, flags);
1673 
1674 	/* No EOI in order to avoid further interrupts. */
1675 
1676 	pr_alert("%s disabled for further use\n", info->gd->disk_name);
1677 	return IRQ_HANDLED;
1678 }
1679 
1680 
1681 static int setup_blkring(struct xenbus_device *dev,
1682 			 struct blkfront_ring_info *rinfo)
1683 {
1684 	struct blkif_sring *sring;
1685 	int err;
1686 	struct blkfront_info *info = rinfo->dev_info;
1687 	unsigned long ring_size = info->nr_ring_pages * XEN_PAGE_SIZE;
1688 
1689 	err = xenbus_setup_ring(dev, GFP_NOIO, (void **)&sring,
1690 				info->nr_ring_pages, rinfo->ring_ref);
1691 	if (err)
1692 		goto fail;
1693 
1694 	XEN_FRONT_RING_INIT(&rinfo->ring, sring, ring_size);
1695 
1696 	err = xenbus_alloc_evtchn(dev, &rinfo->evtchn);
1697 	if (err)
1698 		goto fail;
1699 
1700 	err = bind_evtchn_to_irqhandler_lateeoi(rinfo->evtchn, blkif_interrupt,
1701 						0, "blkif", rinfo);
1702 	if (err <= 0) {
1703 		xenbus_dev_fatal(dev, err,
1704 				 "bind_evtchn_to_irqhandler failed");
1705 		goto fail;
1706 	}
1707 	rinfo->irq = err;
1708 
1709 	return 0;
1710 fail:
1711 	blkif_free(info, 0);
1712 	return err;
1713 }
1714 
1715 /*
1716  * Write out per-ring/queue nodes including ring-ref and event-channel, and each
1717  * ring buffer may have multi pages depending on ->nr_ring_pages.
1718  */
1719 static int write_per_ring_nodes(struct xenbus_transaction xbt,
1720 				struct blkfront_ring_info *rinfo, const char *dir)
1721 {
1722 	int err;
1723 	unsigned int i;
1724 	const char *message = NULL;
1725 	struct blkfront_info *info = rinfo->dev_info;
1726 
1727 	if (info->nr_ring_pages == 1) {
1728 		err = xenbus_printf(xbt, dir, "ring-ref", "%u", rinfo->ring_ref[0]);
1729 		if (err) {
1730 			message = "writing ring-ref";
1731 			goto abort_transaction;
1732 		}
1733 	} else {
1734 		for (i = 0; i < info->nr_ring_pages; i++) {
1735 			char ring_ref_name[RINGREF_NAME_LEN];
1736 
1737 			snprintf(ring_ref_name, RINGREF_NAME_LEN, "ring-ref%u", i);
1738 			err = xenbus_printf(xbt, dir, ring_ref_name,
1739 					    "%u", rinfo->ring_ref[i]);
1740 			if (err) {
1741 				message = "writing ring-ref";
1742 				goto abort_transaction;
1743 			}
1744 		}
1745 	}
1746 
1747 	err = xenbus_printf(xbt, dir, "event-channel", "%u", rinfo->evtchn);
1748 	if (err) {
1749 		message = "writing event-channel";
1750 		goto abort_transaction;
1751 	}
1752 
1753 	return 0;
1754 
1755 abort_transaction:
1756 	xenbus_transaction_end(xbt, 1);
1757 	if (message)
1758 		xenbus_dev_fatal(info->xbdev, err, "%s", message);
1759 
1760 	return err;
1761 }
1762 
1763 /* Enable the persistent grants feature. */
1764 static bool feature_persistent = true;
1765 module_param(feature_persistent, bool, 0644);
1766 MODULE_PARM_DESC(feature_persistent,
1767 		"Enables the persistent grants feature");
1768 
1769 /* Common code used when first setting up, and when resuming. */
1770 static int talk_to_blkback(struct xenbus_device *dev,
1771 			   struct blkfront_info *info)
1772 {
1773 	const char *message = NULL;
1774 	struct xenbus_transaction xbt;
1775 	int err;
1776 	unsigned int i, max_page_order;
1777 	unsigned int ring_page_order;
1778 	struct blkfront_ring_info *rinfo;
1779 
1780 	if (!info)
1781 		return -ENODEV;
1782 
1783 	/* Check if backend is trusted. */
1784 	info->bounce = !xen_blkif_trusted ||
1785 		       !xenbus_read_unsigned(dev->nodename, "trusted", 1);
1786 
1787 	max_page_order = xenbus_read_unsigned(info->xbdev->otherend,
1788 					      "max-ring-page-order", 0);
1789 	ring_page_order = min(xen_blkif_max_ring_order, max_page_order);
1790 	info->nr_ring_pages = 1 << ring_page_order;
1791 
1792 	err = negotiate_mq(info);
1793 	if (err)
1794 		goto destroy_blkring;
1795 
1796 	for_each_rinfo(info, rinfo, i) {
1797 		/* Create shared ring, alloc event channel. */
1798 		err = setup_blkring(dev, rinfo);
1799 		if (err)
1800 			goto destroy_blkring;
1801 	}
1802 
1803 again:
1804 	err = xenbus_transaction_start(&xbt);
1805 	if (err) {
1806 		xenbus_dev_fatal(dev, err, "starting transaction");
1807 		goto destroy_blkring;
1808 	}
1809 
1810 	if (info->nr_ring_pages > 1) {
1811 		err = xenbus_printf(xbt, dev->nodename, "ring-page-order", "%u",
1812 				    ring_page_order);
1813 		if (err) {
1814 			message = "writing ring-page-order";
1815 			goto abort_transaction;
1816 		}
1817 	}
1818 
1819 	/* We already got the number of queues/rings in _probe */
1820 	if (info->nr_rings == 1) {
1821 		err = write_per_ring_nodes(xbt, info->rinfo, dev->nodename);
1822 		if (err)
1823 			goto destroy_blkring;
1824 	} else {
1825 		char *path;
1826 		size_t pathsize;
1827 
1828 		err = xenbus_printf(xbt, dev->nodename, "multi-queue-num-queues", "%u",
1829 				    info->nr_rings);
1830 		if (err) {
1831 			message = "writing multi-queue-num-queues";
1832 			goto abort_transaction;
1833 		}
1834 
1835 		pathsize = strlen(dev->nodename) + QUEUE_NAME_LEN;
1836 		path = kmalloc(pathsize, GFP_KERNEL);
1837 		if (!path) {
1838 			err = -ENOMEM;
1839 			message = "ENOMEM while writing ring references";
1840 			goto abort_transaction;
1841 		}
1842 
1843 		for_each_rinfo(info, rinfo, i) {
1844 			memset(path, 0, pathsize);
1845 			snprintf(path, pathsize, "%s/queue-%u", dev->nodename, i);
1846 			err = write_per_ring_nodes(xbt, rinfo, path);
1847 			if (err) {
1848 				kfree(path);
1849 				goto destroy_blkring;
1850 			}
1851 		}
1852 		kfree(path);
1853 	}
1854 	err = xenbus_printf(xbt, dev->nodename, "protocol", "%s",
1855 			    XEN_IO_PROTO_ABI_NATIVE);
1856 	if (err) {
1857 		message = "writing protocol";
1858 		goto abort_transaction;
1859 	}
1860 	info->feature_persistent_parm = feature_persistent;
1861 	err = xenbus_printf(xbt, dev->nodename, "feature-persistent", "%u",
1862 			info->feature_persistent_parm);
1863 	if (err)
1864 		dev_warn(&dev->dev,
1865 			 "writing persistent grants feature to xenbus");
1866 
1867 	err = xenbus_transaction_end(xbt, 0);
1868 	if (err) {
1869 		if (err == -EAGAIN)
1870 			goto again;
1871 		xenbus_dev_fatal(dev, err, "completing transaction");
1872 		goto destroy_blkring;
1873 	}
1874 
1875 	for_each_rinfo(info, rinfo, i) {
1876 		unsigned int j;
1877 
1878 		for (j = 0; j < BLK_RING_SIZE(info); j++)
1879 			rinfo->shadow[j].req.u.rw.id = j + 1;
1880 		rinfo->shadow[BLK_RING_SIZE(info)-1].req.u.rw.id = 0x0fffffff;
1881 	}
1882 	xenbus_switch_state(dev, XenbusStateInitialised);
1883 
1884 	return 0;
1885 
1886  abort_transaction:
1887 	xenbus_transaction_end(xbt, 1);
1888 	if (message)
1889 		xenbus_dev_fatal(dev, err, "%s", message);
1890  destroy_blkring:
1891 	blkif_free(info, 0);
1892 	return err;
1893 }
1894 
1895 static int negotiate_mq(struct blkfront_info *info)
1896 {
1897 	unsigned int backend_max_queues;
1898 	unsigned int i;
1899 	struct blkfront_ring_info *rinfo;
1900 
1901 	BUG_ON(info->nr_rings);
1902 
1903 	/* Check if backend supports multiple queues. */
1904 	backend_max_queues = xenbus_read_unsigned(info->xbdev->otherend,
1905 						  "multi-queue-max-queues", 1);
1906 	info->nr_rings = min(backend_max_queues, xen_blkif_max_queues);
1907 	/* We need at least one ring. */
1908 	if (!info->nr_rings)
1909 		info->nr_rings = 1;
1910 
1911 	info->rinfo_size = struct_size(info->rinfo, shadow,
1912 				       BLK_RING_SIZE(info));
1913 	info->rinfo = kvcalloc(info->nr_rings, info->rinfo_size, GFP_KERNEL);
1914 	if (!info->rinfo) {
1915 		xenbus_dev_fatal(info->xbdev, -ENOMEM, "allocating ring_info structure");
1916 		info->nr_rings = 0;
1917 		return -ENOMEM;
1918 	}
1919 
1920 	for_each_rinfo(info, rinfo, i) {
1921 		INIT_LIST_HEAD(&rinfo->indirect_pages);
1922 		INIT_LIST_HEAD(&rinfo->grants);
1923 		rinfo->dev_info = info;
1924 		INIT_WORK(&rinfo->work, blkif_restart_queue);
1925 		spin_lock_init(&rinfo->ring_lock);
1926 	}
1927 	return 0;
1928 }
1929 
1930 /*
1931  * Entry point to this code when a new device is created.  Allocate the basic
1932  * structures and the ring buffer for communication with the backend, and
1933  * inform the backend of the appropriate details for those.  Switch to
1934  * Initialised state.
1935  */
1936 static int blkfront_probe(struct xenbus_device *dev,
1937 			  const struct xenbus_device_id *id)
1938 {
1939 	int err, vdevice;
1940 	struct blkfront_info *info;
1941 
1942 	/* FIXME: Use dynamic device id if this is not set. */
1943 	err = xenbus_scanf(XBT_NIL, dev->nodename,
1944 			   "virtual-device", "%i", &vdevice);
1945 	if (err != 1) {
1946 		/* go looking in the extended area instead */
1947 		err = xenbus_scanf(XBT_NIL, dev->nodename, "virtual-device-ext",
1948 				   "%i", &vdevice);
1949 		if (err != 1) {
1950 			xenbus_dev_fatal(dev, err, "reading virtual-device");
1951 			return err;
1952 		}
1953 	}
1954 
1955 	if (xen_hvm_domain()) {
1956 		char *type;
1957 		int len;
1958 		/* no unplug has been done: do not hook devices != xen vbds */
1959 		if (xen_has_pv_and_legacy_disk_devices()) {
1960 			int major;
1961 
1962 			if (!VDEV_IS_EXTENDED(vdevice))
1963 				major = BLKIF_MAJOR(vdevice);
1964 			else
1965 				major = XENVBD_MAJOR;
1966 
1967 			if (major != XENVBD_MAJOR) {
1968 				printk(KERN_INFO
1969 						"%s: HVM does not support vbd %d as xen block device\n",
1970 						__func__, vdevice);
1971 				return -ENODEV;
1972 			}
1973 		}
1974 		/* do not create a PV cdrom device if we are an HVM guest */
1975 		type = xenbus_read(XBT_NIL, dev->nodename, "device-type", &len);
1976 		if (IS_ERR(type))
1977 			return -ENODEV;
1978 		if (strncmp(type, "cdrom", 5) == 0) {
1979 			kfree(type);
1980 			return -ENODEV;
1981 		}
1982 		kfree(type);
1983 	}
1984 	info = kzalloc(sizeof(*info), GFP_KERNEL);
1985 	if (!info) {
1986 		xenbus_dev_fatal(dev, -ENOMEM, "allocating info structure");
1987 		return -ENOMEM;
1988 	}
1989 
1990 	info->xbdev = dev;
1991 
1992 	mutex_init(&info->mutex);
1993 	info->vdevice = vdevice;
1994 	info->connected = BLKIF_STATE_DISCONNECTED;
1995 
1996 	/* Front end dir is a number, which is used as the id. */
1997 	info->handle = simple_strtoul(strrchr(dev->nodename, '/')+1, NULL, 0);
1998 	dev_set_drvdata(&dev->dev, info);
1999 
2000 	mutex_lock(&blkfront_mutex);
2001 	list_add(&info->info_list, &info_list);
2002 	mutex_unlock(&blkfront_mutex);
2003 
2004 	return 0;
2005 }
2006 
2007 static int blkif_recover(struct blkfront_info *info)
2008 {
2009 	struct queue_limits lim;
2010 	unsigned int r_index;
2011 	struct request *req, *n;
2012 	int rc;
2013 	struct bio *bio;
2014 	struct blkfront_ring_info *rinfo;
2015 
2016 	lim = queue_limits_start_update(info->rq);
2017 	blkfront_gather_backend_features(info);
2018 	blkif_set_queue_limits(info, &lim);
2019 	rc = queue_limits_commit_update(info->rq, &lim);
2020 	if (rc)
2021 		return rc;
2022 
2023 	for_each_rinfo(info, rinfo, r_index) {
2024 		rc = blkfront_setup_indirect(rinfo);
2025 		if (rc)
2026 			return rc;
2027 	}
2028 	xenbus_switch_state(info->xbdev, XenbusStateConnected);
2029 
2030 	/* Now safe for us to use the shared ring */
2031 	info->connected = BLKIF_STATE_CONNECTED;
2032 
2033 	for_each_rinfo(info, rinfo, r_index) {
2034 		/* Kick any other new requests queued since we resumed */
2035 		kick_pending_request_queues(rinfo);
2036 	}
2037 
2038 	list_for_each_entry_safe(req, n, &info->requests, queuelist) {
2039 		/* Requeue pending requests (flush or discard) */
2040 		list_del_init(&req->queuelist);
2041 		BUG_ON(req->nr_phys_segments >
2042 		       (info->max_indirect_segments ? :
2043 			BLKIF_MAX_SEGMENTS_PER_REQUEST));
2044 		blk_mq_requeue_request(req, false);
2045 	}
2046 	blk_mq_start_stopped_hw_queues(info->rq, true);
2047 	blk_mq_kick_requeue_list(info->rq);
2048 
2049 	while ((bio = bio_list_pop(&info->bio_list)) != NULL) {
2050 		/* Traverse the list of pending bios and re-queue them */
2051 		submit_bio(bio);
2052 	}
2053 
2054 	return 0;
2055 }
2056 
2057 /*
2058  * We are reconnecting to the backend, due to a suspend/resume, or a backend
2059  * driver restart.  We tear down our blkif structure and recreate it, but
2060  * leave the device-layer structures intact so that this is transparent to the
2061  * rest of the kernel.
2062  */
2063 static int blkfront_resume(struct xenbus_device *dev)
2064 {
2065 	struct blkfront_info *info = dev_get_drvdata(&dev->dev);
2066 	int err = 0;
2067 	unsigned int i, j;
2068 	struct blkfront_ring_info *rinfo;
2069 
2070 	dev_dbg(&dev->dev, "blkfront_resume: %s\n", dev->nodename);
2071 
2072 	bio_list_init(&info->bio_list);
2073 	INIT_LIST_HEAD(&info->requests);
2074 	for_each_rinfo(info, rinfo, i) {
2075 		struct bio_list merge_bio;
2076 		struct blk_shadow *shadow = rinfo->shadow;
2077 
2078 		for (j = 0; j < BLK_RING_SIZE(info); j++) {
2079 			/* Not in use? */
2080 			if (!shadow[j].request)
2081 				continue;
2082 
2083 			/*
2084 			 * Get the bios in the request so we can re-queue them.
2085 			 */
2086 			if (req_op(shadow[j].request) == REQ_OP_FLUSH ||
2087 			    req_op(shadow[j].request) == REQ_OP_DISCARD ||
2088 			    req_op(shadow[j].request) == REQ_OP_SECURE_ERASE ||
2089 			    shadow[j].request->cmd_flags & REQ_FUA) {
2090 				/*
2091 				 * Flush operations don't contain bios, so
2092 				 * we need to requeue the whole request
2093 				 *
2094 				 * XXX: but this doesn't make any sense for a
2095 				 * write with the FUA flag set..
2096 				 */
2097 				list_add(&shadow[j].request->queuelist, &info->requests);
2098 				continue;
2099 			}
2100 			merge_bio.head = shadow[j].request->bio;
2101 			merge_bio.tail = shadow[j].request->biotail;
2102 			bio_list_merge(&info->bio_list, &merge_bio);
2103 			shadow[j].request->bio = NULL;
2104 			blk_mq_end_request(shadow[j].request, BLK_STS_OK);
2105 		}
2106 	}
2107 
2108 	blkif_free(info, info->connected == BLKIF_STATE_CONNECTED);
2109 
2110 	err = talk_to_blkback(dev, info);
2111 	if (!err)
2112 		blk_mq_update_nr_hw_queues(&info->tag_set, info->nr_rings);
2113 
2114 	/*
2115 	 * We have to wait for the backend to switch to
2116 	 * connected state, since we want to read which
2117 	 * features it supports.
2118 	 */
2119 
2120 	return err;
2121 }
2122 
2123 static void blkfront_closing(struct blkfront_info *info)
2124 {
2125 	struct xenbus_device *xbdev = info->xbdev;
2126 	struct blkfront_ring_info *rinfo;
2127 	unsigned int i;
2128 
2129 	if (xbdev->state == XenbusStateClosing)
2130 		return;
2131 
2132 	/* No more blkif_request(). */
2133 	if (info->rq && info->gd) {
2134 		blk_mq_stop_hw_queues(info->rq);
2135 		blk_mark_disk_dead(info->gd);
2136 	}
2137 
2138 	for_each_rinfo(info, rinfo, i) {
2139 		/* No more gnttab callback work. */
2140 		gnttab_cancel_free_callback(&rinfo->callback);
2141 
2142 		/* Flush gnttab callback work. Must be done with no locks held. */
2143 		flush_work(&rinfo->work);
2144 	}
2145 
2146 	xenbus_frontend_closed(xbdev);
2147 }
2148 
2149 static void blkfront_setup_discard(struct blkfront_info *info)
2150 {
2151 	info->feature_discard = 1;
2152 	info->discard_granularity = xenbus_read_unsigned(info->xbdev->otherend,
2153 							 "discard-granularity",
2154 							 0);
2155 	info->discard_alignment = xenbus_read_unsigned(info->xbdev->otherend,
2156 						       "discard-alignment", 0);
2157 	info->feature_secdiscard =
2158 		!!xenbus_read_unsigned(info->xbdev->otherend, "discard-secure",
2159 				       0);
2160 }
2161 
2162 static int blkfront_setup_indirect(struct blkfront_ring_info *rinfo)
2163 {
2164 	unsigned int psegs, grants, memflags;
2165 	int err, i;
2166 	struct blkfront_info *info = rinfo->dev_info;
2167 
2168 	memflags = memalloc_noio_save();
2169 
2170 	if (info->max_indirect_segments == 0) {
2171 		if (!HAS_EXTRA_REQ)
2172 			grants = BLKIF_MAX_SEGMENTS_PER_REQUEST;
2173 		else {
2174 			/*
2175 			 * When an extra req is required, the maximum
2176 			 * grants supported is related to the size of the
2177 			 * Linux block segment.
2178 			 */
2179 			grants = GRANTS_PER_PSEG;
2180 		}
2181 	}
2182 	else
2183 		grants = info->max_indirect_segments;
2184 	psegs = DIV_ROUND_UP(grants, GRANTS_PER_PSEG);
2185 
2186 	err = fill_grant_buffer(rinfo,
2187 				(grants + INDIRECT_GREFS(grants)) * BLK_RING_SIZE(info));
2188 	if (err)
2189 		goto out_of_memory;
2190 
2191 	if (!info->bounce && info->max_indirect_segments) {
2192 		/*
2193 		 * We are using indirect descriptors but don't have a bounce
2194 		 * buffer, we need to allocate a set of pages that can be
2195 		 * used for mapping indirect grefs
2196 		 */
2197 		int num = INDIRECT_GREFS(grants) * BLK_RING_SIZE(info);
2198 
2199 		BUG_ON(!list_empty(&rinfo->indirect_pages));
2200 		for (i = 0; i < num; i++) {
2201 			struct page *indirect_page = alloc_page(GFP_KERNEL |
2202 								__GFP_ZERO);
2203 			if (!indirect_page)
2204 				goto out_of_memory;
2205 			list_add(&indirect_page->lru, &rinfo->indirect_pages);
2206 		}
2207 	}
2208 
2209 	for (i = 0; i < BLK_RING_SIZE(info); i++) {
2210 		rinfo->shadow[i].grants_used =
2211 			kvcalloc(grants,
2212 				 sizeof(rinfo->shadow[i].grants_used[0]),
2213 				 GFP_KERNEL);
2214 		rinfo->shadow[i].sg = kvcalloc(psegs,
2215 					       sizeof(rinfo->shadow[i].sg[0]),
2216 					       GFP_KERNEL);
2217 		if (info->max_indirect_segments)
2218 			rinfo->shadow[i].indirect_grants =
2219 				kvcalloc(INDIRECT_GREFS(grants),
2220 					 sizeof(rinfo->shadow[i].indirect_grants[0]),
2221 					 GFP_KERNEL);
2222 		if ((rinfo->shadow[i].grants_used == NULL) ||
2223 			(rinfo->shadow[i].sg == NULL) ||
2224 		     (info->max_indirect_segments &&
2225 		     (rinfo->shadow[i].indirect_grants == NULL)))
2226 			goto out_of_memory;
2227 		sg_init_table(rinfo->shadow[i].sg, psegs);
2228 	}
2229 
2230 	memalloc_noio_restore(memflags);
2231 
2232 	return 0;
2233 
2234 out_of_memory:
2235 	for (i = 0; i < BLK_RING_SIZE(info); i++) {
2236 		kvfree(rinfo->shadow[i].grants_used);
2237 		rinfo->shadow[i].grants_used = NULL;
2238 		kvfree(rinfo->shadow[i].sg);
2239 		rinfo->shadow[i].sg = NULL;
2240 		kvfree(rinfo->shadow[i].indirect_grants);
2241 		rinfo->shadow[i].indirect_grants = NULL;
2242 	}
2243 	if (!list_empty(&rinfo->indirect_pages)) {
2244 		struct page *indirect_page, *n;
2245 		list_for_each_entry_safe(indirect_page, n, &rinfo->indirect_pages, lru) {
2246 			list_del(&indirect_page->lru);
2247 			__free_page(indirect_page);
2248 		}
2249 	}
2250 
2251 	memalloc_noio_restore(memflags);
2252 
2253 	return -ENOMEM;
2254 }
2255 
2256 /*
2257  * Gather all backend feature-*
2258  */
2259 static void blkfront_gather_backend_features(struct blkfront_info *info)
2260 {
2261 	unsigned int indirect_segments;
2262 
2263 	info->feature_flush = 0;
2264 	info->feature_fua = 0;
2265 
2266 	/*
2267 	 * If there's no "feature-barrier" defined, then it means
2268 	 * we're dealing with a very old backend which writes
2269 	 * synchronously; nothing to do.
2270 	 *
2271 	 * If there are barriers, then we use flush.
2272 	 */
2273 	if (xenbus_read_unsigned(info->xbdev->otherend, "feature-barrier", 0)) {
2274 		info->feature_flush = 1;
2275 		info->feature_fua = 1;
2276 	}
2277 
2278 	/*
2279 	 * And if there is "feature-flush-cache" use that above
2280 	 * barriers.
2281 	 */
2282 	if (xenbus_read_unsigned(info->xbdev->otherend, "feature-flush-cache",
2283 				 0)) {
2284 		info->feature_flush = 1;
2285 		info->feature_fua = 0;
2286 	}
2287 
2288 	if (xenbus_read_unsigned(info->xbdev->otherend, "feature-discard", 0))
2289 		blkfront_setup_discard(info);
2290 
2291 	if (info->feature_persistent_parm)
2292 		info->feature_persistent =
2293 			!!xenbus_read_unsigned(info->xbdev->otherend,
2294 					       "feature-persistent", 0);
2295 	if (info->feature_persistent)
2296 		info->bounce = true;
2297 
2298 	indirect_segments = xenbus_read_unsigned(info->xbdev->otherend,
2299 					"feature-max-indirect-segments", 0);
2300 	if (indirect_segments > xen_blkif_max_segments)
2301 		indirect_segments = xen_blkif_max_segments;
2302 	if (indirect_segments <= BLKIF_MAX_SEGMENTS_PER_REQUEST)
2303 		indirect_segments = 0;
2304 	info->max_indirect_segments = indirect_segments;
2305 
2306 	if (info->feature_persistent) {
2307 		mutex_lock(&blkfront_mutex);
2308 		schedule_delayed_work(&blkfront_work, HZ * 10);
2309 		mutex_unlock(&blkfront_mutex);
2310 	}
2311 }
2312 
2313 /*
2314  * Invoked when the backend is finally 'ready' (and has told produced
2315  * the details about the physical device - #sectors, size, etc).
2316  */
2317 static void blkfront_connect(struct blkfront_info *info)
2318 {
2319 	unsigned long long sectors;
2320 	int err, i;
2321 	struct blkfront_ring_info *rinfo;
2322 
2323 	switch (info->connected) {
2324 	case BLKIF_STATE_CONNECTED:
2325 		/*
2326 		 * Potentially, the back-end may be signalling
2327 		 * a capacity change; update the capacity.
2328 		 */
2329 		err = xenbus_scanf(XBT_NIL, info->xbdev->otherend,
2330 				   "sectors", "%Lu", &sectors);
2331 		if (XENBUS_EXIST_ERR(err))
2332 			return;
2333 		printk(KERN_INFO "Setting capacity to %Lu\n",
2334 		       sectors);
2335 		set_capacity_and_notify(info->gd, sectors);
2336 
2337 		return;
2338 	case BLKIF_STATE_SUSPENDED:
2339 		/*
2340 		 * If we are recovering from suspension, we need to wait
2341 		 * for the backend to announce it's features before
2342 		 * reconnecting, at least we need to know if the backend
2343 		 * supports indirect descriptors, and how many.
2344 		 */
2345 		blkif_recover(info);
2346 		return;
2347 
2348 	default:
2349 		break;
2350 	}
2351 
2352 	dev_dbg(&info->xbdev->dev, "%s:%s.\n",
2353 		__func__, info->xbdev->otherend);
2354 
2355 	err = xenbus_gather(XBT_NIL, info->xbdev->otherend,
2356 			    "sectors", "%llu", &sectors,
2357 			    "info", "%u", &info->vdisk_info,
2358 			    "sector-size", "%lu", &info->sector_size,
2359 			    NULL);
2360 	if (err) {
2361 		xenbus_dev_fatal(info->xbdev, err,
2362 				 "reading backend fields at %s",
2363 				 info->xbdev->otherend);
2364 		return;
2365 	}
2366 
2367 	/*
2368 	 * physical-sector-size is a newer field, so old backends may not
2369 	 * provide this. Assume physical sector size to be the same as
2370 	 * sector_size in that case.
2371 	 */
2372 	info->physical_sector_size = xenbus_read_unsigned(info->xbdev->otherend,
2373 						    "physical-sector-size",
2374 						    info->sector_size);
2375 	blkfront_gather_backend_features(info);
2376 	for_each_rinfo(info, rinfo, i) {
2377 		err = blkfront_setup_indirect(rinfo);
2378 		if (err) {
2379 			xenbus_dev_fatal(info->xbdev, err, "setup_indirect at %s",
2380 					 info->xbdev->otherend);
2381 			blkif_free(info, 0);
2382 			break;
2383 		}
2384 	}
2385 
2386 	err = xlvbd_alloc_gendisk(sectors, info);
2387 	if (err) {
2388 		xenbus_dev_fatal(info->xbdev, err, "xlvbd_add at %s",
2389 				 info->xbdev->otherend);
2390 		goto fail;
2391 	}
2392 
2393 	xenbus_switch_state(info->xbdev, XenbusStateConnected);
2394 
2395 	/* Kick pending requests. */
2396 	info->connected = BLKIF_STATE_CONNECTED;
2397 	for_each_rinfo(info, rinfo, i)
2398 		kick_pending_request_queues(rinfo);
2399 
2400 	err = device_add_disk(&info->xbdev->dev, info->gd, NULL);
2401 	if (err) {
2402 		put_disk(info->gd);
2403 		blk_mq_free_tag_set(&info->tag_set);
2404 		info->rq = NULL;
2405 		goto fail;
2406 	}
2407 
2408 	info->is_ready = 1;
2409 	return;
2410 
2411 fail:
2412 	blkif_free(info, 0);
2413 	return;
2414 }
2415 
2416 /*
2417  * Callback received when the backend's state changes.
2418  */
2419 static void blkback_changed(struct xenbus_device *dev,
2420 			    enum xenbus_state backend_state)
2421 {
2422 	struct blkfront_info *info = dev_get_drvdata(&dev->dev);
2423 
2424 	dev_dbg(&dev->dev, "blkfront:blkback_changed to state %d.\n", backend_state);
2425 
2426 	switch (backend_state) {
2427 	case XenbusStateInitWait:
2428 		if (dev->state != XenbusStateInitialising)
2429 			break;
2430 		if (talk_to_blkback(dev, info))
2431 			break;
2432 		break;
2433 	case XenbusStateInitialising:
2434 	case XenbusStateInitialised:
2435 	case XenbusStateReconfiguring:
2436 	case XenbusStateReconfigured:
2437 	case XenbusStateUnknown:
2438 		break;
2439 
2440 	case XenbusStateConnected:
2441 		/*
2442 		 * talk_to_blkback sets state to XenbusStateInitialised
2443 		 * and blkfront_connect sets it to XenbusStateConnected
2444 		 * (if connection went OK).
2445 		 *
2446 		 * If the backend (or toolstack) decides to poke at backend
2447 		 * state (and re-trigger the watch by setting the state repeatedly
2448 		 * to XenbusStateConnected (4)) we need to deal with this.
2449 		 * This is allowed as this is used to communicate to the guest
2450 		 * that the size of disk has changed!
2451 		 */
2452 		if ((dev->state != XenbusStateInitialised) &&
2453 		    (dev->state != XenbusStateConnected)) {
2454 			if (talk_to_blkback(dev, info))
2455 				break;
2456 		}
2457 
2458 		blkfront_connect(info);
2459 		break;
2460 
2461 	case XenbusStateClosed:
2462 		if (dev->state == XenbusStateClosed)
2463 			break;
2464 		fallthrough;
2465 	case XenbusStateClosing:
2466 		blkfront_closing(info);
2467 		break;
2468 	}
2469 }
2470 
2471 static void blkfront_remove(struct xenbus_device *xbdev)
2472 {
2473 	struct blkfront_info *info = dev_get_drvdata(&xbdev->dev);
2474 
2475 	dev_dbg(&xbdev->dev, "%s removed", xbdev->nodename);
2476 
2477 	if (info->gd)
2478 		del_gendisk(info->gd);
2479 
2480 	mutex_lock(&blkfront_mutex);
2481 	list_del(&info->info_list);
2482 	mutex_unlock(&blkfront_mutex);
2483 
2484 	blkif_free(info, 0);
2485 	if (info->gd) {
2486 		xlbd_release_minors(info->gd->first_minor, info->gd->minors);
2487 		put_disk(info->gd);
2488 		blk_mq_free_tag_set(&info->tag_set);
2489 	}
2490 
2491 	kfree(info);
2492 }
2493 
2494 static int blkfront_is_ready(struct xenbus_device *dev)
2495 {
2496 	struct blkfront_info *info = dev_get_drvdata(&dev->dev);
2497 
2498 	return info->is_ready && info->xbdev;
2499 }
2500 
2501 static const struct block_device_operations xlvbd_block_fops =
2502 {
2503 	.owner = THIS_MODULE,
2504 	.getgeo = blkif_getgeo,
2505 	.ioctl = blkif_ioctl,
2506 	.compat_ioctl = blkdev_compat_ptr_ioctl,
2507 };
2508 
2509 
2510 static const struct xenbus_device_id blkfront_ids[] = {
2511 	{ "vbd" },
2512 	{ "" }
2513 };
2514 
2515 static struct xenbus_driver blkfront_driver = {
2516 	.ids  = blkfront_ids,
2517 	.probe = blkfront_probe,
2518 	.remove = blkfront_remove,
2519 	.resume = blkfront_resume,
2520 	.otherend_changed = blkback_changed,
2521 	.is_ready = blkfront_is_ready,
2522 };
2523 
2524 static void purge_persistent_grants(struct blkfront_info *info)
2525 {
2526 	unsigned int i;
2527 	unsigned long flags;
2528 	struct blkfront_ring_info *rinfo;
2529 
2530 	for_each_rinfo(info, rinfo, i) {
2531 		struct grant *gnt_list_entry, *tmp;
2532 		LIST_HEAD(grants);
2533 
2534 		spin_lock_irqsave(&rinfo->ring_lock, flags);
2535 
2536 		if (rinfo->persistent_gnts_c == 0) {
2537 			spin_unlock_irqrestore(&rinfo->ring_lock, flags);
2538 			continue;
2539 		}
2540 
2541 		list_for_each_entry_safe(gnt_list_entry, tmp, &rinfo->grants,
2542 					 node) {
2543 			if (gnt_list_entry->gref == INVALID_GRANT_REF ||
2544 			    !gnttab_try_end_foreign_access(gnt_list_entry->gref))
2545 				continue;
2546 
2547 			list_del(&gnt_list_entry->node);
2548 			rinfo->persistent_gnts_c--;
2549 			gnt_list_entry->gref = INVALID_GRANT_REF;
2550 			list_add_tail(&gnt_list_entry->node, &grants);
2551 		}
2552 
2553 		list_splice_tail(&grants, &rinfo->grants);
2554 
2555 		spin_unlock_irqrestore(&rinfo->ring_lock, flags);
2556 	}
2557 }
2558 
2559 static void blkfront_delay_work(struct work_struct *work)
2560 {
2561 	struct blkfront_info *info;
2562 	bool need_schedule_work = false;
2563 
2564 	/*
2565 	 * Note that when using bounce buffers but not persistent grants
2566 	 * there's no need to run blkfront_delay_work because grants are
2567 	 * revoked in blkif_completion or else an error is reported and the
2568 	 * connection is closed.
2569 	 */
2570 
2571 	mutex_lock(&blkfront_mutex);
2572 
2573 	list_for_each_entry(info, &info_list, info_list) {
2574 		if (info->feature_persistent) {
2575 			need_schedule_work = true;
2576 			mutex_lock(&info->mutex);
2577 			purge_persistent_grants(info);
2578 			mutex_unlock(&info->mutex);
2579 		}
2580 	}
2581 
2582 	if (need_schedule_work)
2583 		schedule_delayed_work(&blkfront_work, HZ * 10);
2584 
2585 	mutex_unlock(&blkfront_mutex);
2586 }
2587 
2588 static int __init xlblk_init(void)
2589 {
2590 	int ret;
2591 	int nr_cpus = num_online_cpus();
2592 
2593 	if (!xen_domain())
2594 		return -ENODEV;
2595 
2596 	if (!xen_has_pv_disk_devices())
2597 		return -ENODEV;
2598 
2599 	if (register_blkdev(XENVBD_MAJOR, DEV_NAME)) {
2600 		pr_warn("xen_blk: can't get major %d with name %s\n",
2601 			XENVBD_MAJOR, DEV_NAME);
2602 		return -ENODEV;
2603 	}
2604 
2605 	if (xen_blkif_max_segments < BLKIF_MAX_SEGMENTS_PER_REQUEST)
2606 		xen_blkif_max_segments = BLKIF_MAX_SEGMENTS_PER_REQUEST;
2607 
2608 	if (xen_blkif_max_ring_order > XENBUS_MAX_RING_GRANT_ORDER) {
2609 		pr_info("Invalid max_ring_order (%d), will use default max: %d.\n",
2610 			xen_blkif_max_ring_order, XENBUS_MAX_RING_GRANT_ORDER);
2611 		xen_blkif_max_ring_order = XENBUS_MAX_RING_GRANT_ORDER;
2612 	}
2613 
2614 	if (xen_blkif_max_queues > nr_cpus) {
2615 		pr_info("Invalid max_queues (%d), will use default max: %d.\n",
2616 			xen_blkif_max_queues, nr_cpus);
2617 		xen_blkif_max_queues = nr_cpus;
2618 	}
2619 
2620 	INIT_DELAYED_WORK(&blkfront_work, blkfront_delay_work);
2621 
2622 	ret = xenbus_register_frontend(&blkfront_driver);
2623 	if (ret) {
2624 		unregister_blkdev(XENVBD_MAJOR, DEV_NAME);
2625 		return ret;
2626 	}
2627 
2628 	return 0;
2629 }
2630 module_init(xlblk_init);
2631 
2632 
2633 static void __exit xlblk_exit(void)
2634 {
2635 	cancel_delayed_work_sync(&blkfront_work);
2636 
2637 	xenbus_unregister_driver(&blkfront_driver);
2638 	unregister_blkdev(XENVBD_MAJOR, DEV_NAME);
2639 	kfree(minors);
2640 }
2641 module_exit(xlblk_exit);
2642 
2643 MODULE_DESCRIPTION("Xen virtual block device frontend");
2644 MODULE_LICENSE("GPL");
2645 MODULE_ALIAS_BLOCKDEV_MAJOR(XENVBD_MAJOR);
2646 MODULE_ALIAS("xen:vbd");
2647 MODULE_ALIAS("xenblk");
2648