xref: /linux/drivers/nvme/host/pci.c (revision 110e6f26af80dfd90b6e5c645b1aed7228aa580d)
1 /*
2  * NVM Express device driver
3  * Copyright (c) 2011-2014, Intel Corporation.
4  *
5  * This program is free software; you can redistribute it and/or modify it
6  * under the terms and conditions of the GNU General Public License,
7  * version 2, as published by the Free Software Foundation.
8  *
9  * This program is distributed in the hope it will be useful, but WITHOUT
10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
12  * more details.
13  */
14 
15 #include <linux/aer.h>
16 #include <linux/bitops.h>
17 #include <linux/blkdev.h>
18 #include <linux/blk-mq.h>
19 #include <linux/cpu.h>
20 #include <linux/delay.h>
21 #include <linux/errno.h>
22 #include <linux/fs.h>
23 #include <linux/genhd.h>
24 #include <linux/hdreg.h>
25 #include <linux/idr.h>
26 #include <linux/init.h>
27 #include <linux/interrupt.h>
28 #include <linux/io.h>
29 #include <linux/kdev_t.h>
30 #include <linux/kernel.h>
31 #include <linux/mm.h>
32 #include <linux/module.h>
33 #include <linux/moduleparam.h>
34 #include <linux/mutex.h>
35 #include <linux/pci.h>
36 #include <linux/poison.h>
37 #include <linux/ptrace.h>
38 #include <linux/sched.h>
39 #include <linux/slab.h>
40 #include <linux/t10-pi.h>
41 #include <linux/timer.h>
42 #include <linux/types.h>
43 #include <linux/io-64-nonatomic-lo-hi.h>
44 #include <asm/unaligned.h>
45 
46 #include "nvme.h"
47 
48 #define NVME_Q_DEPTH		1024
49 #define NVME_AQ_DEPTH		256
50 #define SQ_SIZE(depth)		(depth * sizeof(struct nvme_command))
51 #define CQ_SIZE(depth)		(depth * sizeof(struct nvme_completion))
52 
53 /*
54  * We handle AEN commands ourselves and don't even let the
55  * block layer know about them.
56  */
57 #define NVME_NR_AEN_COMMANDS	1
58 #define NVME_AQ_BLKMQ_DEPTH	(NVME_AQ_DEPTH - NVME_NR_AEN_COMMANDS)
59 
60 static int use_threaded_interrupts;
61 module_param(use_threaded_interrupts, int, 0);
62 
63 static bool use_cmb_sqes = true;
64 module_param(use_cmb_sqes, bool, 0644);
65 MODULE_PARM_DESC(use_cmb_sqes, "use controller's memory buffer for I/O SQes");
66 
67 static struct workqueue_struct *nvme_workq;
68 
69 struct nvme_dev;
70 struct nvme_queue;
71 
72 static int nvme_reset(struct nvme_dev *dev);
73 static void nvme_process_cq(struct nvme_queue *nvmeq);
74 static void nvme_dev_disable(struct nvme_dev *dev, bool shutdown);
75 
76 /*
77  * Represents an NVM Express device.  Each nvme_dev is a PCI function.
78  */
79 struct nvme_dev {
80 	struct nvme_queue **queues;
81 	struct blk_mq_tag_set tagset;
82 	struct blk_mq_tag_set admin_tagset;
83 	u32 __iomem *dbs;
84 	struct device *dev;
85 	struct dma_pool *prp_page_pool;
86 	struct dma_pool *prp_small_pool;
87 	unsigned queue_count;
88 	unsigned online_queues;
89 	unsigned max_qid;
90 	int q_depth;
91 	u32 db_stride;
92 	struct msix_entry *entry;
93 	void __iomem *bar;
94 	struct work_struct reset_work;
95 	struct work_struct scan_work;
96 	struct work_struct remove_work;
97 	struct work_struct async_work;
98 	struct timer_list watchdog_timer;
99 	struct mutex shutdown_lock;
100 	bool subsystem;
101 	void __iomem *cmb;
102 	dma_addr_t cmb_dma_addr;
103 	u64 cmb_size;
104 	u32 cmbsz;
105 	unsigned long flags;
106 
107 #define NVME_CTRL_RESETTING    0
108 #define NVME_CTRL_REMOVING     1
109 
110 	struct nvme_ctrl ctrl;
111 	struct completion ioq_wait;
112 };
113 
114 static inline struct nvme_dev *to_nvme_dev(struct nvme_ctrl *ctrl)
115 {
116 	return container_of(ctrl, struct nvme_dev, ctrl);
117 }
118 
119 /*
120  * An NVM Express queue.  Each device has at least two (one for admin
121  * commands and one for I/O commands).
122  */
123 struct nvme_queue {
124 	struct device *q_dmadev;
125 	struct nvme_dev *dev;
126 	char irqname[24];	/* nvme4294967295-65535\0 */
127 	spinlock_t q_lock;
128 	struct nvme_command *sq_cmds;
129 	struct nvme_command __iomem *sq_cmds_io;
130 	volatile struct nvme_completion *cqes;
131 	struct blk_mq_tags **tags;
132 	dma_addr_t sq_dma_addr;
133 	dma_addr_t cq_dma_addr;
134 	u32 __iomem *q_db;
135 	u16 q_depth;
136 	s16 cq_vector;
137 	u16 sq_tail;
138 	u16 cq_head;
139 	u16 qid;
140 	u8 cq_phase;
141 	u8 cqe_seen;
142 };
143 
144 /*
145  * The nvme_iod describes the data in an I/O, including the list of PRP
146  * entries.  You can't see it in this data structure because C doesn't let
147  * me express that.  Use nvme_init_iod to ensure there's enough space
148  * allocated to store the PRP list.
149  */
150 struct nvme_iod {
151 	struct nvme_queue *nvmeq;
152 	int aborted;
153 	int npages;		/* In the PRP list. 0 means small pool in use */
154 	int nents;		/* Used in scatterlist */
155 	int length;		/* Of data, in bytes */
156 	dma_addr_t first_dma;
157 	struct scatterlist meta_sg; /* metadata requires single contiguous buffer */
158 	struct scatterlist *sg;
159 	struct scatterlist inline_sg[0];
160 };
161 
162 /*
163  * Check we didin't inadvertently grow the command struct
164  */
165 static inline void _nvme_check_size(void)
166 {
167 	BUILD_BUG_ON(sizeof(struct nvme_rw_command) != 64);
168 	BUILD_BUG_ON(sizeof(struct nvme_create_cq) != 64);
169 	BUILD_BUG_ON(sizeof(struct nvme_create_sq) != 64);
170 	BUILD_BUG_ON(sizeof(struct nvme_delete_queue) != 64);
171 	BUILD_BUG_ON(sizeof(struct nvme_features) != 64);
172 	BUILD_BUG_ON(sizeof(struct nvme_format_cmd) != 64);
173 	BUILD_BUG_ON(sizeof(struct nvme_abort_cmd) != 64);
174 	BUILD_BUG_ON(sizeof(struct nvme_command) != 64);
175 	BUILD_BUG_ON(sizeof(struct nvme_id_ctrl) != 4096);
176 	BUILD_BUG_ON(sizeof(struct nvme_id_ns) != 4096);
177 	BUILD_BUG_ON(sizeof(struct nvme_lba_range_type) != 64);
178 	BUILD_BUG_ON(sizeof(struct nvme_smart_log) != 512);
179 }
180 
181 /*
182  * Max size of iod being embedded in the request payload
183  */
184 #define NVME_INT_PAGES		2
185 #define NVME_INT_BYTES(dev)	(NVME_INT_PAGES * (dev)->ctrl.page_size)
186 
187 /*
188  * Will slightly overestimate the number of pages needed.  This is OK
189  * as it only leads to a small amount of wasted memory for the lifetime of
190  * the I/O.
191  */
192 static int nvme_npages(unsigned size, struct nvme_dev *dev)
193 {
194 	unsigned nprps = DIV_ROUND_UP(size + dev->ctrl.page_size,
195 				      dev->ctrl.page_size);
196 	return DIV_ROUND_UP(8 * nprps, PAGE_SIZE - 8);
197 }
198 
199 static unsigned int nvme_iod_alloc_size(struct nvme_dev *dev,
200 		unsigned int size, unsigned int nseg)
201 {
202 	return sizeof(__le64 *) * nvme_npages(size, dev) +
203 			sizeof(struct scatterlist) * nseg;
204 }
205 
206 static unsigned int nvme_cmd_size(struct nvme_dev *dev)
207 {
208 	return sizeof(struct nvme_iod) +
209 		nvme_iod_alloc_size(dev, NVME_INT_BYTES(dev), NVME_INT_PAGES);
210 }
211 
212 static int nvme_admin_init_hctx(struct blk_mq_hw_ctx *hctx, void *data,
213 				unsigned int hctx_idx)
214 {
215 	struct nvme_dev *dev = data;
216 	struct nvme_queue *nvmeq = dev->queues[0];
217 
218 	WARN_ON(hctx_idx != 0);
219 	WARN_ON(dev->admin_tagset.tags[0] != hctx->tags);
220 	WARN_ON(nvmeq->tags);
221 
222 	hctx->driver_data = nvmeq;
223 	nvmeq->tags = &dev->admin_tagset.tags[0];
224 	return 0;
225 }
226 
227 static void nvme_admin_exit_hctx(struct blk_mq_hw_ctx *hctx, unsigned int hctx_idx)
228 {
229 	struct nvme_queue *nvmeq = hctx->driver_data;
230 
231 	nvmeq->tags = NULL;
232 }
233 
234 static int nvme_admin_init_request(void *data, struct request *req,
235 				unsigned int hctx_idx, unsigned int rq_idx,
236 				unsigned int numa_node)
237 {
238 	struct nvme_dev *dev = data;
239 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
240 	struct nvme_queue *nvmeq = dev->queues[0];
241 
242 	BUG_ON(!nvmeq);
243 	iod->nvmeq = nvmeq;
244 	return 0;
245 }
246 
247 static int nvme_init_hctx(struct blk_mq_hw_ctx *hctx, void *data,
248 			  unsigned int hctx_idx)
249 {
250 	struct nvme_dev *dev = data;
251 	struct nvme_queue *nvmeq = dev->queues[hctx_idx + 1];
252 
253 	if (!nvmeq->tags)
254 		nvmeq->tags = &dev->tagset.tags[hctx_idx];
255 
256 	WARN_ON(dev->tagset.tags[hctx_idx] != hctx->tags);
257 	hctx->driver_data = nvmeq;
258 	return 0;
259 }
260 
261 static int nvme_init_request(void *data, struct request *req,
262 				unsigned int hctx_idx, unsigned int rq_idx,
263 				unsigned int numa_node)
264 {
265 	struct nvme_dev *dev = data;
266 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
267 	struct nvme_queue *nvmeq = dev->queues[hctx_idx + 1];
268 
269 	BUG_ON(!nvmeq);
270 	iod->nvmeq = nvmeq;
271 	return 0;
272 }
273 
274 static void nvme_queue_scan(struct nvme_dev *dev)
275 {
276 	/*
277 	 * Do not queue new scan work when a controller is reset during
278 	 * removal.
279 	 */
280 	if (test_bit(NVME_CTRL_REMOVING, &dev->flags))
281 		return;
282 	queue_work(nvme_workq, &dev->scan_work);
283 }
284 
285 static void nvme_complete_async_event(struct nvme_dev *dev,
286 		struct nvme_completion *cqe)
287 {
288 	u16 status = le16_to_cpu(cqe->status) >> 1;
289 	u32 result = le32_to_cpu(cqe->result);
290 
291 	if (status == NVME_SC_SUCCESS || status == NVME_SC_ABORT_REQ) {
292 		++dev->ctrl.event_limit;
293 		queue_work(nvme_workq, &dev->async_work);
294 	}
295 
296 	if (status != NVME_SC_SUCCESS)
297 		return;
298 
299 	switch (result & 0xff07) {
300 	case NVME_AER_NOTICE_NS_CHANGED:
301 		dev_info(dev->ctrl.device, "rescanning\n");
302 		nvme_queue_scan(dev);
303 	default:
304 		dev_warn(dev->ctrl.device, "async event result %08x\n", result);
305 	}
306 }
307 
308 /**
309  * __nvme_submit_cmd() - Copy a command into a queue and ring the doorbell
310  * @nvmeq: The queue to use
311  * @cmd: The command to send
312  *
313  * Safe to use from interrupt context
314  */
315 static void __nvme_submit_cmd(struct nvme_queue *nvmeq,
316 						struct nvme_command *cmd)
317 {
318 	u16 tail = nvmeq->sq_tail;
319 
320 	if (nvmeq->sq_cmds_io)
321 		memcpy_toio(&nvmeq->sq_cmds_io[tail], cmd, sizeof(*cmd));
322 	else
323 		memcpy(&nvmeq->sq_cmds[tail], cmd, sizeof(*cmd));
324 
325 	if (++tail == nvmeq->q_depth)
326 		tail = 0;
327 	writel(tail, nvmeq->q_db);
328 	nvmeq->sq_tail = tail;
329 }
330 
331 static __le64 **iod_list(struct request *req)
332 {
333 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
334 	return (__le64 **)(iod->sg + req->nr_phys_segments);
335 }
336 
337 static int nvme_init_iod(struct request *rq, struct nvme_dev *dev)
338 {
339 	struct nvme_iod *iod = blk_mq_rq_to_pdu(rq);
340 	int nseg = rq->nr_phys_segments;
341 	unsigned size;
342 
343 	if (rq->cmd_flags & REQ_DISCARD)
344 		size = sizeof(struct nvme_dsm_range);
345 	else
346 		size = blk_rq_bytes(rq);
347 
348 	if (nseg > NVME_INT_PAGES || size > NVME_INT_BYTES(dev)) {
349 		iod->sg = kmalloc(nvme_iod_alloc_size(dev, size, nseg), GFP_ATOMIC);
350 		if (!iod->sg)
351 			return BLK_MQ_RQ_QUEUE_BUSY;
352 	} else {
353 		iod->sg = iod->inline_sg;
354 	}
355 
356 	iod->aborted = 0;
357 	iod->npages = -1;
358 	iod->nents = 0;
359 	iod->length = size;
360 	return 0;
361 }
362 
363 static void nvme_free_iod(struct nvme_dev *dev, struct request *req)
364 {
365 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
366 	const int last_prp = dev->ctrl.page_size / 8 - 1;
367 	int i;
368 	__le64 **list = iod_list(req);
369 	dma_addr_t prp_dma = iod->first_dma;
370 
371 	if (iod->npages == 0)
372 		dma_pool_free(dev->prp_small_pool, list[0], prp_dma);
373 	for (i = 0; i < iod->npages; i++) {
374 		__le64 *prp_list = list[i];
375 		dma_addr_t next_prp_dma = le64_to_cpu(prp_list[last_prp]);
376 		dma_pool_free(dev->prp_page_pool, prp_list, prp_dma);
377 		prp_dma = next_prp_dma;
378 	}
379 
380 	if (iod->sg != iod->inline_sg)
381 		kfree(iod->sg);
382 }
383 
384 #ifdef CONFIG_BLK_DEV_INTEGRITY
385 static void nvme_dif_prep(u32 p, u32 v, struct t10_pi_tuple *pi)
386 {
387 	if (be32_to_cpu(pi->ref_tag) == v)
388 		pi->ref_tag = cpu_to_be32(p);
389 }
390 
391 static void nvme_dif_complete(u32 p, u32 v, struct t10_pi_tuple *pi)
392 {
393 	if (be32_to_cpu(pi->ref_tag) == p)
394 		pi->ref_tag = cpu_to_be32(v);
395 }
396 
397 /**
398  * nvme_dif_remap - remaps ref tags to bip seed and physical lba
399  *
400  * The virtual start sector is the one that was originally submitted by the
401  * block layer.	Due to partitioning, MD/DM cloning, etc. the actual physical
402  * start sector may be different. Remap protection information to match the
403  * physical LBA on writes, and back to the original seed on reads.
404  *
405  * Type 0 and 3 do not have a ref tag, so no remapping required.
406  */
407 static void nvme_dif_remap(struct request *req,
408 			void (*dif_swap)(u32 p, u32 v, struct t10_pi_tuple *pi))
409 {
410 	struct nvme_ns *ns = req->rq_disk->private_data;
411 	struct bio_integrity_payload *bip;
412 	struct t10_pi_tuple *pi;
413 	void *p, *pmap;
414 	u32 i, nlb, ts, phys, virt;
415 
416 	if (!ns->pi_type || ns->pi_type == NVME_NS_DPS_PI_TYPE3)
417 		return;
418 
419 	bip = bio_integrity(req->bio);
420 	if (!bip)
421 		return;
422 
423 	pmap = kmap_atomic(bip->bip_vec->bv_page) + bip->bip_vec->bv_offset;
424 
425 	p = pmap;
426 	virt = bip_get_seed(bip);
427 	phys = nvme_block_nr(ns, blk_rq_pos(req));
428 	nlb = (blk_rq_bytes(req) >> ns->lba_shift);
429 	ts = ns->disk->queue->integrity.tuple_size;
430 
431 	for (i = 0; i < nlb; i++, virt++, phys++) {
432 		pi = (struct t10_pi_tuple *)p;
433 		dif_swap(phys, virt, pi);
434 		p += ts;
435 	}
436 	kunmap_atomic(pmap);
437 }
438 #else /* CONFIG_BLK_DEV_INTEGRITY */
439 static void nvme_dif_remap(struct request *req,
440 			void (*dif_swap)(u32 p, u32 v, struct t10_pi_tuple *pi))
441 {
442 }
443 static void nvme_dif_prep(u32 p, u32 v, struct t10_pi_tuple *pi)
444 {
445 }
446 static void nvme_dif_complete(u32 p, u32 v, struct t10_pi_tuple *pi)
447 {
448 }
449 #endif
450 
451 static bool nvme_setup_prps(struct nvme_dev *dev, struct request *req,
452 		int total_len)
453 {
454 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
455 	struct dma_pool *pool;
456 	int length = total_len;
457 	struct scatterlist *sg = iod->sg;
458 	int dma_len = sg_dma_len(sg);
459 	u64 dma_addr = sg_dma_address(sg);
460 	u32 page_size = dev->ctrl.page_size;
461 	int offset = dma_addr & (page_size - 1);
462 	__le64 *prp_list;
463 	__le64 **list = iod_list(req);
464 	dma_addr_t prp_dma;
465 	int nprps, i;
466 
467 	length -= (page_size - offset);
468 	if (length <= 0)
469 		return true;
470 
471 	dma_len -= (page_size - offset);
472 	if (dma_len) {
473 		dma_addr += (page_size - offset);
474 	} else {
475 		sg = sg_next(sg);
476 		dma_addr = sg_dma_address(sg);
477 		dma_len = sg_dma_len(sg);
478 	}
479 
480 	if (length <= page_size) {
481 		iod->first_dma = dma_addr;
482 		return true;
483 	}
484 
485 	nprps = DIV_ROUND_UP(length, page_size);
486 	if (nprps <= (256 / 8)) {
487 		pool = dev->prp_small_pool;
488 		iod->npages = 0;
489 	} else {
490 		pool = dev->prp_page_pool;
491 		iod->npages = 1;
492 	}
493 
494 	prp_list = dma_pool_alloc(pool, GFP_ATOMIC, &prp_dma);
495 	if (!prp_list) {
496 		iod->first_dma = dma_addr;
497 		iod->npages = -1;
498 		return false;
499 	}
500 	list[0] = prp_list;
501 	iod->first_dma = prp_dma;
502 	i = 0;
503 	for (;;) {
504 		if (i == page_size >> 3) {
505 			__le64 *old_prp_list = prp_list;
506 			prp_list = dma_pool_alloc(pool, GFP_ATOMIC, &prp_dma);
507 			if (!prp_list)
508 				return false;
509 			list[iod->npages++] = prp_list;
510 			prp_list[0] = old_prp_list[i - 1];
511 			old_prp_list[i - 1] = cpu_to_le64(prp_dma);
512 			i = 1;
513 		}
514 		prp_list[i++] = cpu_to_le64(dma_addr);
515 		dma_len -= page_size;
516 		dma_addr += page_size;
517 		length -= page_size;
518 		if (length <= 0)
519 			break;
520 		if (dma_len > 0)
521 			continue;
522 		BUG_ON(dma_len < 0);
523 		sg = sg_next(sg);
524 		dma_addr = sg_dma_address(sg);
525 		dma_len = sg_dma_len(sg);
526 	}
527 
528 	return true;
529 }
530 
531 static int nvme_map_data(struct nvme_dev *dev, struct request *req,
532 		struct nvme_command *cmnd)
533 {
534 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
535 	struct request_queue *q = req->q;
536 	enum dma_data_direction dma_dir = rq_data_dir(req) ?
537 			DMA_TO_DEVICE : DMA_FROM_DEVICE;
538 	int ret = BLK_MQ_RQ_QUEUE_ERROR;
539 
540 	sg_init_table(iod->sg, req->nr_phys_segments);
541 	iod->nents = blk_rq_map_sg(q, req, iod->sg);
542 	if (!iod->nents)
543 		goto out;
544 
545 	ret = BLK_MQ_RQ_QUEUE_BUSY;
546 	if (!dma_map_sg(dev->dev, iod->sg, iod->nents, dma_dir))
547 		goto out;
548 
549 	if (!nvme_setup_prps(dev, req, blk_rq_bytes(req)))
550 		goto out_unmap;
551 
552 	ret = BLK_MQ_RQ_QUEUE_ERROR;
553 	if (blk_integrity_rq(req)) {
554 		if (blk_rq_count_integrity_sg(q, req->bio) != 1)
555 			goto out_unmap;
556 
557 		sg_init_table(&iod->meta_sg, 1);
558 		if (blk_rq_map_integrity_sg(q, req->bio, &iod->meta_sg) != 1)
559 			goto out_unmap;
560 
561 		if (rq_data_dir(req))
562 			nvme_dif_remap(req, nvme_dif_prep);
563 
564 		if (!dma_map_sg(dev->dev, &iod->meta_sg, 1, dma_dir))
565 			goto out_unmap;
566 	}
567 
568 	cmnd->rw.prp1 = cpu_to_le64(sg_dma_address(iod->sg));
569 	cmnd->rw.prp2 = cpu_to_le64(iod->first_dma);
570 	if (blk_integrity_rq(req))
571 		cmnd->rw.metadata = cpu_to_le64(sg_dma_address(&iod->meta_sg));
572 	return BLK_MQ_RQ_QUEUE_OK;
573 
574 out_unmap:
575 	dma_unmap_sg(dev->dev, iod->sg, iod->nents, dma_dir);
576 out:
577 	return ret;
578 }
579 
580 static void nvme_unmap_data(struct nvme_dev *dev, struct request *req)
581 {
582 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
583 	enum dma_data_direction dma_dir = rq_data_dir(req) ?
584 			DMA_TO_DEVICE : DMA_FROM_DEVICE;
585 
586 	if (iod->nents) {
587 		dma_unmap_sg(dev->dev, iod->sg, iod->nents, dma_dir);
588 		if (blk_integrity_rq(req)) {
589 			if (!rq_data_dir(req))
590 				nvme_dif_remap(req, nvme_dif_complete);
591 			dma_unmap_sg(dev->dev, &iod->meta_sg, 1, dma_dir);
592 		}
593 	}
594 
595 	nvme_free_iod(dev, req);
596 }
597 
598 /*
599  * We reuse the small pool to allocate the 16-byte range here as it is not
600  * worth having a special pool for these or additional cases to handle freeing
601  * the iod.
602  */
603 static int nvme_setup_discard(struct nvme_queue *nvmeq, struct nvme_ns *ns,
604 		struct request *req, struct nvme_command *cmnd)
605 {
606 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
607 	struct nvme_dsm_range *range;
608 
609 	range = dma_pool_alloc(nvmeq->dev->prp_small_pool, GFP_ATOMIC,
610 						&iod->first_dma);
611 	if (!range)
612 		return BLK_MQ_RQ_QUEUE_BUSY;
613 	iod_list(req)[0] = (__le64 *)range;
614 	iod->npages = 0;
615 
616 	range->cattr = cpu_to_le32(0);
617 	range->nlb = cpu_to_le32(blk_rq_bytes(req) >> ns->lba_shift);
618 	range->slba = cpu_to_le64(nvme_block_nr(ns, blk_rq_pos(req)));
619 
620 	memset(cmnd, 0, sizeof(*cmnd));
621 	cmnd->dsm.opcode = nvme_cmd_dsm;
622 	cmnd->dsm.nsid = cpu_to_le32(ns->ns_id);
623 	cmnd->dsm.prp1 = cpu_to_le64(iod->first_dma);
624 	cmnd->dsm.nr = 0;
625 	cmnd->dsm.attributes = cpu_to_le32(NVME_DSMGMT_AD);
626 	return BLK_MQ_RQ_QUEUE_OK;
627 }
628 
629 /*
630  * NOTE: ns is NULL when called on the admin queue.
631  */
632 static int nvme_queue_rq(struct blk_mq_hw_ctx *hctx,
633 			 const struct blk_mq_queue_data *bd)
634 {
635 	struct nvme_ns *ns = hctx->queue->queuedata;
636 	struct nvme_queue *nvmeq = hctx->driver_data;
637 	struct nvme_dev *dev = nvmeq->dev;
638 	struct request *req = bd->rq;
639 	struct nvme_command cmnd;
640 	int ret = BLK_MQ_RQ_QUEUE_OK;
641 
642 	/*
643 	 * If formated with metadata, require the block layer provide a buffer
644 	 * unless this namespace is formated such that the metadata can be
645 	 * stripped/generated by the controller with PRACT=1.
646 	 */
647 	if (ns && ns->ms && !blk_integrity_rq(req)) {
648 		if (!(ns->pi_type && ns->ms == 8) &&
649 					req->cmd_type != REQ_TYPE_DRV_PRIV) {
650 			blk_mq_end_request(req, -EFAULT);
651 			return BLK_MQ_RQ_QUEUE_OK;
652 		}
653 	}
654 
655 	ret = nvme_init_iod(req, dev);
656 	if (ret)
657 		return ret;
658 
659 	if (req->cmd_flags & REQ_DISCARD) {
660 		ret = nvme_setup_discard(nvmeq, ns, req, &cmnd);
661 	} else {
662 		if (req->cmd_type == REQ_TYPE_DRV_PRIV)
663 			memcpy(&cmnd, req->cmd, sizeof(cmnd));
664 		else if (req->cmd_flags & REQ_FLUSH)
665 			nvme_setup_flush(ns, &cmnd);
666 		else
667 			nvme_setup_rw(ns, req, &cmnd);
668 
669 		if (req->nr_phys_segments)
670 			ret = nvme_map_data(dev, req, &cmnd);
671 	}
672 
673 	if (ret)
674 		goto out;
675 
676 	cmnd.common.command_id = req->tag;
677 	blk_mq_start_request(req);
678 
679 	spin_lock_irq(&nvmeq->q_lock);
680 	if (unlikely(nvmeq->cq_vector < 0)) {
681 		if (ns && !test_bit(NVME_NS_DEAD, &ns->flags))
682 			ret = BLK_MQ_RQ_QUEUE_BUSY;
683 		else
684 			ret = BLK_MQ_RQ_QUEUE_ERROR;
685 		spin_unlock_irq(&nvmeq->q_lock);
686 		goto out;
687 	}
688 	__nvme_submit_cmd(nvmeq, &cmnd);
689 	nvme_process_cq(nvmeq);
690 	spin_unlock_irq(&nvmeq->q_lock);
691 	return BLK_MQ_RQ_QUEUE_OK;
692 out:
693 	nvme_free_iod(dev, req);
694 	return ret;
695 }
696 
697 static void nvme_complete_rq(struct request *req)
698 {
699 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
700 	struct nvme_dev *dev = iod->nvmeq->dev;
701 	int error = 0;
702 
703 	nvme_unmap_data(dev, req);
704 
705 	if (unlikely(req->errors)) {
706 		if (nvme_req_needs_retry(req, req->errors)) {
707 			nvme_requeue_req(req);
708 			return;
709 		}
710 
711 		if (req->cmd_type == REQ_TYPE_DRV_PRIV)
712 			error = req->errors;
713 		else
714 			error = nvme_error_status(req->errors);
715 	}
716 
717 	if (unlikely(iod->aborted)) {
718 		dev_warn(dev->ctrl.device,
719 			"completing aborted command with status: %04x\n",
720 			req->errors);
721 	}
722 
723 	blk_mq_end_request(req, error);
724 }
725 
726 /* We read the CQE phase first to check if the rest of the entry is valid */
727 static inline bool nvme_cqe_valid(struct nvme_queue *nvmeq, u16 head,
728 		u16 phase)
729 {
730 	return (le16_to_cpu(nvmeq->cqes[head].status) & 1) == phase;
731 }
732 
733 static void __nvme_process_cq(struct nvme_queue *nvmeq, unsigned int *tag)
734 {
735 	u16 head, phase;
736 
737 	head = nvmeq->cq_head;
738 	phase = nvmeq->cq_phase;
739 
740 	while (nvme_cqe_valid(nvmeq, head, phase)) {
741 		struct nvme_completion cqe = nvmeq->cqes[head];
742 		struct request *req;
743 
744 		if (++head == nvmeq->q_depth) {
745 			head = 0;
746 			phase = !phase;
747 		}
748 
749 		if (tag && *tag == cqe.command_id)
750 			*tag = -1;
751 
752 		if (unlikely(cqe.command_id >= nvmeq->q_depth)) {
753 			dev_warn(nvmeq->dev->ctrl.device,
754 				"invalid id %d completed on queue %d\n",
755 				cqe.command_id, le16_to_cpu(cqe.sq_id));
756 			continue;
757 		}
758 
759 		/*
760 		 * AEN requests are special as they don't time out and can
761 		 * survive any kind of queue freeze and often don't respond to
762 		 * aborts.  We don't even bother to allocate a struct request
763 		 * for them but rather special case them here.
764 		 */
765 		if (unlikely(nvmeq->qid == 0 &&
766 				cqe.command_id >= NVME_AQ_BLKMQ_DEPTH)) {
767 			nvme_complete_async_event(nvmeq->dev, &cqe);
768 			continue;
769 		}
770 
771 		req = blk_mq_tag_to_rq(*nvmeq->tags, cqe.command_id);
772 		if (req->cmd_type == REQ_TYPE_DRV_PRIV && req->special)
773 			memcpy(req->special, &cqe, sizeof(cqe));
774 		blk_mq_complete_request(req, le16_to_cpu(cqe.status) >> 1);
775 
776 	}
777 
778 	/* If the controller ignores the cq head doorbell and continuously
779 	 * writes to the queue, it is theoretically possible to wrap around
780 	 * the queue twice and mistakenly return IRQ_NONE.  Linux only
781 	 * requires that 0.1% of your interrupts are handled, so this isn't
782 	 * a big problem.
783 	 */
784 	if (head == nvmeq->cq_head && phase == nvmeq->cq_phase)
785 		return;
786 
787 	if (likely(nvmeq->cq_vector >= 0))
788 		writel(head, nvmeq->q_db + nvmeq->dev->db_stride);
789 	nvmeq->cq_head = head;
790 	nvmeq->cq_phase = phase;
791 
792 	nvmeq->cqe_seen = 1;
793 }
794 
795 static void nvme_process_cq(struct nvme_queue *nvmeq)
796 {
797 	__nvme_process_cq(nvmeq, NULL);
798 }
799 
800 static irqreturn_t nvme_irq(int irq, void *data)
801 {
802 	irqreturn_t result;
803 	struct nvme_queue *nvmeq = data;
804 	spin_lock(&nvmeq->q_lock);
805 	nvme_process_cq(nvmeq);
806 	result = nvmeq->cqe_seen ? IRQ_HANDLED : IRQ_NONE;
807 	nvmeq->cqe_seen = 0;
808 	spin_unlock(&nvmeq->q_lock);
809 	return result;
810 }
811 
812 static irqreturn_t nvme_irq_check(int irq, void *data)
813 {
814 	struct nvme_queue *nvmeq = data;
815 	if (nvme_cqe_valid(nvmeq, nvmeq->cq_head, nvmeq->cq_phase))
816 		return IRQ_WAKE_THREAD;
817 	return IRQ_NONE;
818 }
819 
820 static int nvme_poll(struct blk_mq_hw_ctx *hctx, unsigned int tag)
821 {
822 	struct nvme_queue *nvmeq = hctx->driver_data;
823 
824 	if (nvme_cqe_valid(nvmeq, nvmeq->cq_head, nvmeq->cq_phase)) {
825 		spin_lock_irq(&nvmeq->q_lock);
826 		__nvme_process_cq(nvmeq, &tag);
827 		spin_unlock_irq(&nvmeq->q_lock);
828 
829 		if (tag == -1)
830 			return 1;
831 	}
832 
833 	return 0;
834 }
835 
836 static void nvme_async_event_work(struct work_struct *work)
837 {
838 	struct nvme_dev *dev = container_of(work, struct nvme_dev, async_work);
839 	struct nvme_queue *nvmeq = dev->queues[0];
840 	struct nvme_command c;
841 
842 	memset(&c, 0, sizeof(c));
843 	c.common.opcode = nvme_admin_async_event;
844 
845 	spin_lock_irq(&nvmeq->q_lock);
846 	while (dev->ctrl.event_limit > 0) {
847 		c.common.command_id = NVME_AQ_BLKMQ_DEPTH +
848 			--dev->ctrl.event_limit;
849 		__nvme_submit_cmd(nvmeq, &c);
850 	}
851 	spin_unlock_irq(&nvmeq->q_lock);
852 }
853 
854 static int adapter_delete_queue(struct nvme_dev *dev, u8 opcode, u16 id)
855 {
856 	struct nvme_command c;
857 
858 	memset(&c, 0, sizeof(c));
859 	c.delete_queue.opcode = opcode;
860 	c.delete_queue.qid = cpu_to_le16(id);
861 
862 	return nvme_submit_sync_cmd(dev->ctrl.admin_q, &c, NULL, 0);
863 }
864 
865 static int adapter_alloc_cq(struct nvme_dev *dev, u16 qid,
866 						struct nvme_queue *nvmeq)
867 {
868 	struct nvme_command c;
869 	int flags = NVME_QUEUE_PHYS_CONTIG | NVME_CQ_IRQ_ENABLED;
870 
871 	/*
872 	 * Note: we (ab)use the fact the the prp fields survive if no data
873 	 * is attached to the request.
874 	 */
875 	memset(&c, 0, sizeof(c));
876 	c.create_cq.opcode = nvme_admin_create_cq;
877 	c.create_cq.prp1 = cpu_to_le64(nvmeq->cq_dma_addr);
878 	c.create_cq.cqid = cpu_to_le16(qid);
879 	c.create_cq.qsize = cpu_to_le16(nvmeq->q_depth - 1);
880 	c.create_cq.cq_flags = cpu_to_le16(flags);
881 	c.create_cq.irq_vector = cpu_to_le16(nvmeq->cq_vector);
882 
883 	return nvme_submit_sync_cmd(dev->ctrl.admin_q, &c, NULL, 0);
884 }
885 
886 static int adapter_alloc_sq(struct nvme_dev *dev, u16 qid,
887 						struct nvme_queue *nvmeq)
888 {
889 	struct nvme_command c;
890 	int flags = NVME_QUEUE_PHYS_CONTIG | NVME_SQ_PRIO_MEDIUM;
891 
892 	/*
893 	 * Note: we (ab)use the fact the the prp fields survive if no data
894 	 * is attached to the request.
895 	 */
896 	memset(&c, 0, sizeof(c));
897 	c.create_sq.opcode = nvme_admin_create_sq;
898 	c.create_sq.prp1 = cpu_to_le64(nvmeq->sq_dma_addr);
899 	c.create_sq.sqid = cpu_to_le16(qid);
900 	c.create_sq.qsize = cpu_to_le16(nvmeq->q_depth - 1);
901 	c.create_sq.sq_flags = cpu_to_le16(flags);
902 	c.create_sq.cqid = cpu_to_le16(qid);
903 
904 	return nvme_submit_sync_cmd(dev->ctrl.admin_q, &c, NULL, 0);
905 }
906 
907 static int adapter_delete_cq(struct nvme_dev *dev, u16 cqid)
908 {
909 	return adapter_delete_queue(dev, nvme_admin_delete_cq, cqid);
910 }
911 
912 static int adapter_delete_sq(struct nvme_dev *dev, u16 sqid)
913 {
914 	return adapter_delete_queue(dev, nvme_admin_delete_sq, sqid);
915 }
916 
917 static void abort_endio(struct request *req, int error)
918 {
919 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
920 	struct nvme_queue *nvmeq = iod->nvmeq;
921 	u16 status = req->errors;
922 
923 	dev_warn(nvmeq->dev->ctrl.device, "Abort status: 0x%x", status);
924 	atomic_inc(&nvmeq->dev->ctrl.abort_limit);
925 	blk_mq_free_request(req);
926 }
927 
928 static enum blk_eh_timer_return nvme_timeout(struct request *req, bool reserved)
929 {
930 	struct nvme_iod *iod = blk_mq_rq_to_pdu(req);
931 	struct nvme_queue *nvmeq = iod->nvmeq;
932 	struct nvme_dev *dev = nvmeq->dev;
933 	struct request *abort_req;
934 	struct nvme_command cmd;
935 
936 	/*
937 	 * Shutdown immediately if controller times out while starting. The
938 	 * reset work will see the pci device disabled when it gets the forced
939 	 * cancellation error. All outstanding requests are completed on
940 	 * shutdown, so we return BLK_EH_HANDLED.
941 	 */
942 	if (test_bit(NVME_CTRL_RESETTING, &dev->flags)) {
943 		dev_warn(dev->ctrl.device,
944 			 "I/O %d QID %d timeout, disable controller\n",
945 			 req->tag, nvmeq->qid);
946 		nvme_dev_disable(dev, false);
947 		req->errors = NVME_SC_CANCELLED;
948 		return BLK_EH_HANDLED;
949 	}
950 
951 	/*
952  	 * Shutdown the controller immediately and schedule a reset if the
953  	 * command was already aborted once before and still hasn't been
954  	 * returned to the driver, or if this is the admin queue.
955 	 */
956 	if (!nvmeq->qid || iod->aborted) {
957 		dev_warn(dev->ctrl.device,
958 			 "I/O %d QID %d timeout, reset controller\n",
959 			 req->tag, nvmeq->qid);
960 		nvme_dev_disable(dev, false);
961 		queue_work(nvme_workq, &dev->reset_work);
962 
963 		/*
964 		 * Mark the request as handled, since the inline shutdown
965 		 * forces all outstanding requests to complete.
966 		 */
967 		req->errors = NVME_SC_CANCELLED;
968 		return BLK_EH_HANDLED;
969 	}
970 
971 	iod->aborted = 1;
972 
973 	if (atomic_dec_return(&dev->ctrl.abort_limit) < 0) {
974 		atomic_inc(&dev->ctrl.abort_limit);
975 		return BLK_EH_RESET_TIMER;
976 	}
977 
978 	memset(&cmd, 0, sizeof(cmd));
979 	cmd.abort.opcode = nvme_admin_abort_cmd;
980 	cmd.abort.cid = req->tag;
981 	cmd.abort.sqid = cpu_to_le16(nvmeq->qid);
982 
983 	dev_warn(nvmeq->dev->ctrl.device,
984 		"I/O %d QID %d timeout, aborting\n",
985 		 req->tag, nvmeq->qid);
986 
987 	abort_req = nvme_alloc_request(dev->ctrl.admin_q, &cmd,
988 			BLK_MQ_REQ_NOWAIT);
989 	if (IS_ERR(abort_req)) {
990 		atomic_inc(&dev->ctrl.abort_limit);
991 		return BLK_EH_RESET_TIMER;
992 	}
993 
994 	abort_req->timeout = ADMIN_TIMEOUT;
995 	abort_req->end_io_data = NULL;
996 	blk_execute_rq_nowait(abort_req->q, NULL, abort_req, 0, abort_endio);
997 
998 	/*
999 	 * The aborted req will be completed on receiving the abort req.
1000 	 * We enable the timer again. If hit twice, it'll cause a device reset,
1001 	 * as the device then is in a faulty state.
1002 	 */
1003 	return BLK_EH_RESET_TIMER;
1004 }
1005 
1006 static void nvme_cancel_queue_ios(struct request *req, void *data, bool reserved)
1007 {
1008 	struct nvme_queue *nvmeq = data;
1009 	int status;
1010 
1011 	if (!blk_mq_request_started(req))
1012 		return;
1013 
1014 	dev_dbg_ratelimited(nvmeq->dev->ctrl.device,
1015 		 "Cancelling I/O %d QID %d\n", req->tag, nvmeq->qid);
1016 
1017 	status = NVME_SC_ABORT_REQ;
1018 	if (blk_queue_dying(req->q))
1019 		status |= NVME_SC_DNR;
1020 	blk_mq_complete_request(req, status);
1021 }
1022 
1023 static void nvme_free_queue(struct nvme_queue *nvmeq)
1024 {
1025 	dma_free_coherent(nvmeq->q_dmadev, CQ_SIZE(nvmeq->q_depth),
1026 				(void *)nvmeq->cqes, nvmeq->cq_dma_addr);
1027 	if (nvmeq->sq_cmds)
1028 		dma_free_coherent(nvmeq->q_dmadev, SQ_SIZE(nvmeq->q_depth),
1029 					nvmeq->sq_cmds, nvmeq->sq_dma_addr);
1030 	kfree(nvmeq);
1031 }
1032 
1033 static void nvme_free_queues(struct nvme_dev *dev, int lowest)
1034 {
1035 	int i;
1036 
1037 	for (i = dev->queue_count - 1; i >= lowest; i--) {
1038 		struct nvme_queue *nvmeq = dev->queues[i];
1039 		dev->queue_count--;
1040 		dev->queues[i] = NULL;
1041 		nvme_free_queue(nvmeq);
1042 	}
1043 }
1044 
1045 /**
1046  * nvme_suspend_queue - put queue into suspended state
1047  * @nvmeq - queue to suspend
1048  */
1049 static int nvme_suspend_queue(struct nvme_queue *nvmeq)
1050 {
1051 	int vector;
1052 
1053 	spin_lock_irq(&nvmeq->q_lock);
1054 	if (nvmeq->cq_vector == -1) {
1055 		spin_unlock_irq(&nvmeq->q_lock);
1056 		return 1;
1057 	}
1058 	vector = nvmeq->dev->entry[nvmeq->cq_vector].vector;
1059 	nvmeq->dev->online_queues--;
1060 	nvmeq->cq_vector = -1;
1061 	spin_unlock_irq(&nvmeq->q_lock);
1062 
1063 	if (!nvmeq->qid && nvmeq->dev->ctrl.admin_q)
1064 		blk_mq_stop_hw_queues(nvmeq->dev->ctrl.admin_q);
1065 
1066 	irq_set_affinity_hint(vector, NULL);
1067 	free_irq(vector, nvmeq);
1068 
1069 	return 0;
1070 }
1071 
1072 static void nvme_clear_queue(struct nvme_queue *nvmeq)
1073 {
1074 	spin_lock_irq(&nvmeq->q_lock);
1075 	if (nvmeq->tags && *nvmeq->tags)
1076 		blk_mq_all_tag_busy_iter(*nvmeq->tags, nvme_cancel_queue_ios, nvmeq);
1077 	spin_unlock_irq(&nvmeq->q_lock);
1078 }
1079 
1080 static void nvme_disable_admin_queue(struct nvme_dev *dev, bool shutdown)
1081 {
1082 	struct nvme_queue *nvmeq = dev->queues[0];
1083 
1084 	if (!nvmeq)
1085 		return;
1086 	if (nvme_suspend_queue(nvmeq))
1087 		return;
1088 
1089 	if (shutdown)
1090 		nvme_shutdown_ctrl(&dev->ctrl);
1091 	else
1092 		nvme_disable_ctrl(&dev->ctrl, lo_hi_readq(
1093 						dev->bar + NVME_REG_CAP));
1094 
1095 	spin_lock_irq(&nvmeq->q_lock);
1096 	nvme_process_cq(nvmeq);
1097 	spin_unlock_irq(&nvmeq->q_lock);
1098 }
1099 
1100 static int nvme_cmb_qdepth(struct nvme_dev *dev, int nr_io_queues,
1101 				int entry_size)
1102 {
1103 	int q_depth = dev->q_depth;
1104 	unsigned q_size_aligned = roundup(q_depth * entry_size,
1105 					  dev->ctrl.page_size);
1106 
1107 	if (q_size_aligned * nr_io_queues > dev->cmb_size) {
1108 		u64 mem_per_q = div_u64(dev->cmb_size, nr_io_queues);
1109 		mem_per_q = round_down(mem_per_q, dev->ctrl.page_size);
1110 		q_depth = div_u64(mem_per_q, entry_size);
1111 
1112 		/*
1113 		 * Ensure the reduced q_depth is above some threshold where it
1114 		 * would be better to map queues in system memory with the
1115 		 * original depth
1116 		 */
1117 		if (q_depth < 64)
1118 			return -ENOMEM;
1119 	}
1120 
1121 	return q_depth;
1122 }
1123 
1124 static int nvme_alloc_sq_cmds(struct nvme_dev *dev, struct nvme_queue *nvmeq,
1125 				int qid, int depth)
1126 {
1127 	if (qid && dev->cmb && use_cmb_sqes && NVME_CMB_SQS(dev->cmbsz)) {
1128 		unsigned offset = (qid - 1) * roundup(SQ_SIZE(depth),
1129 						      dev->ctrl.page_size);
1130 		nvmeq->sq_dma_addr = dev->cmb_dma_addr + offset;
1131 		nvmeq->sq_cmds_io = dev->cmb + offset;
1132 	} else {
1133 		nvmeq->sq_cmds = dma_alloc_coherent(dev->dev, SQ_SIZE(depth),
1134 					&nvmeq->sq_dma_addr, GFP_KERNEL);
1135 		if (!nvmeq->sq_cmds)
1136 			return -ENOMEM;
1137 	}
1138 
1139 	return 0;
1140 }
1141 
1142 static struct nvme_queue *nvme_alloc_queue(struct nvme_dev *dev, int qid,
1143 							int depth)
1144 {
1145 	struct nvme_queue *nvmeq = kzalloc(sizeof(*nvmeq), GFP_KERNEL);
1146 	if (!nvmeq)
1147 		return NULL;
1148 
1149 	nvmeq->cqes = dma_zalloc_coherent(dev->dev, CQ_SIZE(depth),
1150 					  &nvmeq->cq_dma_addr, GFP_KERNEL);
1151 	if (!nvmeq->cqes)
1152 		goto free_nvmeq;
1153 
1154 	if (nvme_alloc_sq_cmds(dev, nvmeq, qid, depth))
1155 		goto free_cqdma;
1156 
1157 	nvmeq->q_dmadev = dev->dev;
1158 	nvmeq->dev = dev;
1159 	snprintf(nvmeq->irqname, sizeof(nvmeq->irqname), "nvme%dq%d",
1160 			dev->ctrl.instance, qid);
1161 	spin_lock_init(&nvmeq->q_lock);
1162 	nvmeq->cq_head = 0;
1163 	nvmeq->cq_phase = 1;
1164 	nvmeq->q_db = &dev->dbs[qid * 2 * dev->db_stride];
1165 	nvmeq->q_depth = depth;
1166 	nvmeq->qid = qid;
1167 	nvmeq->cq_vector = -1;
1168 	dev->queues[qid] = nvmeq;
1169 	dev->queue_count++;
1170 
1171 	return nvmeq;
1172 
1173  free_cqdma:
1174 	dma_free_coherent(dev->dev, CQ_SIZE(depth), (void *)nvmeq->cqes,
1175 							nvmeq->cq_dma_addr);
1176  free_nvmeq:
1177 	kfree(nvmeq);
1178 	return NULL;
1179 }
1180 
1181 static int queue_request_irq(struct nvme_dev *dev, struct nvme_queue *nvmeq,
1182 							const char *name)
1183 {
1184 	if (use_threaded_interrupts)
1185 		return request_threaded_irq(dev->entry[nvmeq->cq_vector].vector,
1186 					nvme_irq_check, nvme_irq, IRQF_SHARED,
1187 					name, nvmeq);
1188 	return request_irq(dev->entry[nvmeq->cq_vector].vector, nvme_irq,
1189 				IRQF_SHARED, name, nvmeq);
1190 }
1191 
1192 static void nvme_init_queue(struct nvme_queue *nvmeq, u16 qid)
1193 {
1194 	struct nvme_dev *dev = nvmeq->dev;
1195 
1196 	spin_lock_irq(&nvmeq->q_lock);
1197 	nvmeq->sq_tail = 0;
1198 	nvmeq->cq_head = 0;
1199 	nvmeq->cq_phase = 1;
1200 	nvmeq->q_db = &dev->dbs[qid * 2 * dev->db_stride];
1201 	memset((void *)nvmeq->cqes, 0, CQ_SIZE(nvmeq->q_depth));
1202 	dev->online_queues++;
1203 	spin_unlock_irq(&nvmeq->q_lock);
1204 }
1205 
1206 static int nvme_create_queue(struct nvme_queue *nvmeq, int qid)
1207 {
1208 	struct nvme_dev *dev = nvmeq->dev;
1209 	int result;
1210 
1211 	nvmeq->cq_vector = qid - 1;
1212 	result = adapter_alloc_cq(dev, qid, nvmeq);
1213 	if (result < 0)
1214 		return result;
1215 
1216 	result = adapter_alloc_sq(dev, qid, nvmeq);
1217 	if (result < 0)
1218 		goto release_cq;
1219 
1220 	result = queue_request_irq(dev, nvmeq, nvmeq->irqname);
1221 	if (result < 0)
1222 		goto release_sq;
1223 
1224 	nvme_init_queue(nvmeq, qid);
1225 	return result;
1226 
1227  release_sq:
1228 	adapter_delete_sq(dev, qid);
1229  release_cq:
1230 	adapter_delete_cq(dev, qid);
1231 	return result;
1232 }
1233 
1234 static struct blk_mq_ops nvme_mq_admin_ops = {
1235 	.queue_rq	= nvme_queue_rq,
1236 	.complete	= nvme_complete_rq,
1237 	.map_queue	= blk_mq_map_queue,
1238 	.init_hctx	= nvme_admin_init_hctx,
1239 	.exit_hctx      = nvme_admin_exit_hctx,
1240 	.init_request	= nvme_admin_init_request,
1241 	.timeout	= nvme_timeout,
1242 };
1243 
1244 static struct blk_mq_ops nvme_mq_ops = {
1245 	.queue_rq	= nvme_queue_rq,
1246 	.complete	= nvme_complete_rq,
1247 	.map_queue	= blk_mq_map_queue,
1248 	.init_hctx	= nvme_init_hctx,
1249 	.init_request	= nvme_init_request,
1250 	.timeout	= nvme_timeout,
1251 	.poll		= nvme_poll,
1252 };
1253 
1254 static void nvme_dev_remove_admin(struct nvme_dev *dev)
1255 {
1256 	if (dev->ctrl.admin_q && !blk_queue_dying(dev->ctrl.admin_q)) {
1257 		/*
1258 		 * If the controller was reset during removal, it's possible
1259 		 * user requests may be waiting on a stopped queue. Start the
1260 		 * queue to flush these to completion.
1261 		 */
1262 		blk_mq_start_stopped_hw_queues(dev->ctrl.admin_q, true);
1263 		blk_cleanup_queue(dev->ctrl.admin_q);
1264 		blk_mq_free_tag_set(&dev->admin_tagset);
1265 	}
1266 }
1267 
1268 static int nvme_alloc_admin_tags(struct nvme_dev *dev)
1269 {
1270 	if (!dev->ctrl.admin_q) {
1271 		dev->admin_tagset.ops = &nvme_mq_admin_ops;
1272 		dev->admin_tagset.nr_hw_queues = 1;
1273 
1274 		/*
1275 		 * Subtract one to leave an empty queue entry for 'Full Queue'
1276 		 * condition. See NVM-Express 1.2 specification, section 4.1.2.
1277 		 */
1278 		dev->admin_tagset.queue_depth = NVME_AQ_BLKMQ_DEPTH - 1;
1279 		dev->admin_tagset.timeout = ADMIN_TIMEOUT;
1280 		dev->admin_tagset.numa_node = dev_to_node(dev->dev);
1281 		dev->admin_tagset.cmd_size = nvme_cmd_size(dev);
1282 		dev->admin_tagset.driver_data = dev;
1283 
1284 		if (blk_mq_alloc_tag_set(&dev->admin_tagset))
1285 			return -ENOMEM;
1286 
1287 		dev->ctrl.admin_q = blk_mq_init_queue(&dev->admin_tagset);
1288 		if (IS_ERR(dev->ctrl.admin_q)) {
1289 			blk_mq_free_tag_set(&dev->admin_tagset);
1290 			return -ENOMEM;
1291 		}
1292 		if (!blk_get_queue(dev->ctrl.admin_q)) {
1293 			nvme_dev_remove_admin(dev);
1294 			dev->ctrl.admin_q = NULL;
1295 			return -ENODEV;
1296 		}
1297 	} else
1298 		blk_mq_start_stopped_hw_queues(dev->ctrl.admin_q, true);
1299 
1300 	return 0;
1301 }
1302 
1303 static int nvme_configure_admin_queue(struct nvme_dev *dev)
1304 {
1305 	int result;
1306 	u32 aqa;
1307 	u64 cap = lo_hi_readq(dev->bar + NVME_REG_CAP);
1308 	struct nvme_queue *nvmeq;
1309 
1310 	dev->subsystem = readl(dev->bar + NVME_REG_VS) >= NVME_VS(1, 1) ?
1311 						NVME_CAP_NSSRC(cap) : 0;
1312 
1313 	if (dev->subsystem &&
1314 	    (readl(dev->bar + NVME_REG_CSTS) & NVME_CSTS_NSSRO))
1315 		writel(NVME_CSTS_NSSRO, dev->bar + NVME_REG_CSTS);
1316 
1317 	result = nvme_disable_ctrl(&dev->ctrl, cap);
1318 	if (result < 0)
1319 		return result;
1320 
1321 	nvmeq = dev->queues[0];
1322 	if (!nvmeq) {
1323 		nvmeq = nvme_alloc_queue(dev, 0, NVME_AQ_DEPTH);
1324 		if (!nvmeq)
1325 			return -ENOMEM;
1326 	}
1327 
1328 	aqa = nvmeq->q_depth - 1;
1329 	aqa |= aqa << 16;
1330 
1331 	writel(aqa, dev->bar + NVME_REG_AQA);
1332 	lo_hi_writeq(nvmeq->sq_dma_addr, dev->bar + NVME_REG_ASQ);
1333 	lo_hi_writeq(nvmeq->cq_dma_addr, dev->bar + NVME_REG_ACQ);
1334 
1335 	result = nvme_enable_ctrl(&dev->ctrl, cap);
1336 	if (result)
1337 		goto free_nvmeq;
1338 
1339 	nvmeq->cq_vector = 0;
1340 	result = queue_request_irq(dev, nvmeq, nvmeq->irqname);
1341 	if (result) {
1342 		nvmeq->cq_vector = -1;
1343 		goto free_nvmeq;
1344 	}
1345 
1346 	return result;
1347 
1348  free_nvmeq:
1349 	nvme_free_queues(dev, 0);
1350 	return result;
1351 }
1352 
1353 static void nvme_watchdog_timer(unsigned long data)
1354 {
1355 	struct nvme_dev *dev = (struct nvme_dev *)data;
1356 	u32 csts = readl(dev->bar + NVME_REG_CSTS);
1357 
1358 	/*
1359 	 * Skip controllers currently under reset.
1360 	 */
1361 	if (!work_pending(&dev->reset_work) && !work_busy(&dev->reset_work) &&
1362 	    ((csts & NVME_CSTS_CFS) ||
1363 	     (dev->subsystem && (csts & NVME_CSTS_NSSRO)))) {
1364 		if (queue_work(nvme_workq, &dev->reset_work)) {
1365 			dev_warn(dev->dev,
1366 				"Failed status: 0x%x, reset controller.\n",
1367 				csts);
1368 		}
1369 		return;
1370 	}
1371 
1372 	mod_timer(&dev->watchdog_timer, round_jiffies(jiffies + HZ));
1373 }
1374 
1375 static int nvme_create_io_queues(struct nvme_dev *dev)
1376 {
1377 	unsigned i, max;
1378 	int ret = 0;
1379 
1380 	for (i = dev->queue_count; i <= dev->max_qid; i++) {
1381 		if (!nvme_alloc_queue(dev, i, dev->q_depth)) {
1382 			ret = -ENOMEM;
1383 			break;
1384 		}
1385 	}
1386 
1387 	max = min(dev->max_qid, dev->queue_count - 1);
1388 	for (i = dev->online_queues; i <= max; i++) {
1389 		ret = nvme_create_queue(dev->queues[i], i);
1390 		if (ret) {
1391 			nvme_free_queues(dev, i);
1392 			break;
1393 		}
1394 	}
1395 
1396 	/*
1397 	 * Ignore failing Create SQ/CQ commands, we can continue with less
1398 	 * than the desired aount of queues, and even a controller without
1399 	 * I/O queues an still be used to issue admin commands.  This might
1400 	 * be useful to upgrade a buggy firmware for example.
1401 	 */
1402 	return ret >= 0 ? 0 : ret;
1403 }
1404 
1405 static void __iomem *nvme_map_cmb(struct nvme_dev *dev)
1406 {
1407 	u64 szu, size, offset;
1408 	u32 cmbloc;
1409 	resource_size_t bar_size;
1410 	struct pci_dev *pdev = to_pci_dev(dev->dev);
1411 	void __iomem *cmb;
1412 	dma_addr_t dma_addr;
1413 
1414 	if (!use_cmb_sqes)
1415 		return NULL;
1416 
1417 	dev->cmbsz = readl(dev->bar + NVME_REG_CMBSZ);
1418 	if (!(NVME_CMB_SZ(dev->cmbsz)))
1419 		return NULL;
1420 
1421 	cmbloc = readl(dev->bar + NVME_REG_CMBLOC);
1422 
1423 	szu = (u64)1 << (12 + 4 * NVME_CMB_SZU(dev->cmbsz));
1424 	size = szu * NVME_CMB_SZ(dev->cmbsz);
1425 	offset = szu * NVME_CMB_OFST(cmbloc);
1426 	bar_size = pci_resource_len(pdev, NVME_CMB_BIR(cmbloc));
1427 
1428 	if (offset > bar_size)
1429 		return NULL;
1430 
1431 	/*
1432 	 * Controllers may support a CMB size larger than their BAR,
1433 	 * for example, due to being behind a bridge. Reduce the CMB to
1434 	 * the reported size of the BAR
1435 	 */
1436 	if (size > bar_size - offset)
1437 		size = bar_size - offset;
1438 
1439 	dma_addr = pci_resource_start(pdev, NVME_CMB_BIR(cmbloc)) + offset;
1440 	cmb = ioremap_wc(dma_addr, size);
1441 	if (!cmb)
1442 		return NULL;
1443 
1444 	dev->cmb_dma_addr = dma_addr;
1445 	dev->cmb_size = size;
1446 	return cmb;
1447 }
1448 
1449 static inline void nvme_release_cmb(struct nvme_dev *dev)
1450 {
1451 	if (dev->cmb) {
1452 		iounmap(dev->cmb);
1453 		dev->cmb = NULL;
1454 	}
1455 }
1456 
1457 static size_t db_bar_size(struct nvme_dev *dev, unsigned nr_io_queues)
1458 {
1459 	return 4096 + ((nr_io_queues + 1) * 8 * dev->db_stride);
1460 }
1461 
1462 static int nvme_setup_io_queues(struct nvme_dev *dev)
1463 {
1464 	struct nvme_queue *adminq = dev->queues[0];
1465 	struct pci_dev *pdev = to_pci_dev(dev->dev);
1466 	int result, i, vecs, nr_io_queues, size;
1467 
1468 	nr_io_queues = num_possible_cpus();
1469 	result = nvme_set_queue_count(&dev->ctrl, &nr_io_queues);
1470 	if (result < 0)
1471 		return result;
1472 
1473 	/*
1474 	 * Degraded controllers might return an error when setting the queue
1475 	 * count.  We still want to be able to bring them online and offer
1476 	 * access to the admin queue, as that might be only way to fix them up.
1477 	 */
1478 	if (result > 0) {
1479 		dev_err(dev->ctrl.device,
1480 			"Could not set queue count (%d)\n", result);
1481 		nr_io_queues = 0;
1482 		result = 0;
1483 	}
1484 
1485 	if (dev->cmb && NVME_CMB_SQS(dev->cmbsz)) {
1486 		result = nvme_cmb_qdepth(dev, nr_io_queues,
1487 				sizeof(struct nvme_command));
1488 		if (result > 0)
1489 			dev->q_depth = result;
1490 		else
1491 			nvme_release_cmb(dev);
1492 	}
1493 
1494 	size = db_bar_size(dev, nr_io_queues);
1495 	if (size > 8192) {
1496 		iounmap(dev->bar);
1497 		do {
1498 			dev->bar = ioremap(pci_resource_start(pdev, 0), size);
1499 			if (dev->bar)
1500 				break;
1501 			if (!--nr_io_queues)
1502 				return -ENOMEM;
1503 			size = db_bar_size(dev, nr_io_queues);
1504 		} while (1);
1505 		dev->dbs = dev->bar + 4096;
1506 		adminq->q_db = dev->dbs;
1507 	}
1508 
1509 	/* Deregister the admin queue's interrupt */
1510 	free_irq(dev->entry[0].vector, adminq);
1511 
1512 	/*
1513 	 * If we enable msix early due to not intx, disable it again before
1514 	 * setting up the full range we need.
1515 	 */
1516 	if (!pdev->irq)
1517 		pci_disable_msix(pdev);
1518 
1519 	for (i = 0; i < nr_io_queues; i++)
1520 		dev->entry[i].entry = i;
1521 	vecs = pci_enable_msix_range(pdev, dev->entry, 1, nr_io_queues);
1522 	if (vecs < 0) {
1523 		vecs = pci_enable_msi_range(pdev, 1, min(nr_io_queues, 32));
1524 		if (vecs < 0) {
1525 			vecs = 1;
1526 		} else {
1527 			for (i = 0; i < vecs; i++)
1528 				dev->entry[i].vector = i + pdev->irq;
1529 		}
1530 	}
1531 
1532 	/*
1533 	 * Should investigate if there's a performance win from allocating
1534 	 * more queues than interrupt vectors; it might allow the submission
1535 	 * path to scale better, even if the receive path is limited by the
1536 	 * number of interrupts.
1537 	 */
1538 	nr_io_queues = vecs;
1539 	dev->max_qid = nr_io_queues;
1540 
1541 	result = queue_request_irq(dev, adminq, adminq->irqname);
1542 	if (result) {
1543 		adminq->cq_vector = -1;
1544 		goto free_queues;
1545 	}
1546 	return nvme_create_io_queues(dev);
1547 
1548  free_queues:
1549 	nvme_free_queues(dev, 1);
1550 	return result;
1551 }
1552 
1553 static void nvme_set_irq_hints(struct nvme_dev *dev)
1554 {
1555 	struct nvme_queue *nvmeq;
1556 	int i;
1557 
1558 	for (i = 0; i < dev->online_queues; i++) {
1559 		nvmeq = dev->queues[i];
1560 
1561 		if (!nvmeq->tags || !(*nvmeq->tags))
1562 			continue;
1563 
1564 		irq_set_affinity_hint(dev->entry[nvmeq->cq_vector].vector,
1565 					blk_mq_tags_cpumask(*nvmeq->tags));
1566 	}
1567 }
1568 
1569 static void nvme_dev_scan(struct work_struct *work)
1570 {
1571 	struct nvme_dev *dev = container_of(work, struct nvme_dev, scan_work);
1572 
1573 	if (!dev->tagset.tags)
1574 		return;
1575 	nvme_scan_namespaces(&dev->ctrl);
1576 	nvme_set_irq_hints(dev);
1577 }
1578 
1579 static void nvme_del_queue_end(struct request *req, int error)
1580 {
1581 	struct nvme_queue *nvmeq = req->end_io_data;
1582 
1583 	blk_mq_free_request(req);
1584 	complete(&nvmeq->dev->ioq_wait);
1585 }
1586 
1587 static void nvme_del_cq_end(struct request *req, int error)
1588 {
1589 	struct nvme_queue *nvmeq = req->end_io_data;
1590 
1591 	if (!error) {
1592 		unsigned long flags;
1593 
1594 		spin_lock_irqsave(&nvmeq->q_lock, flags);
1595 		nvme_process_cq(nvmeq);
1596 		spin_unlock_irqrestore(&nvmeq->q_lock, flags);
1597 	}
1598 
1599 	nvme_del_queue_end(req, error);
1600 }
1601 
1602 static int nvme_delete_queue(struct nvme_queue *nvmeq, u8 opcode)
1603 {
1604 	struct request_queue *q = nvmeq->dev->ctrl.admin_q;
1605 	struct request *req;
1606 	struct nvme_command cmd;
1607 
1608 	memset(&cmd, 0, sizeof(cmd));
1609 	cmd.delete_queue.opcode = opcode;
1610 	cmd.delete_queue.qid = cpu_to_le16(nvmeq->qid);
1611 
1612 	req = nvme_alloc_request(q, &cmd, BLK_MQ_REQ_NOWAIT);
1613 	if (IS_ERR(req))
1614 		return PTR_ERR(req);
1615 
1616 	req->timeout = ADMIN_TIMEOUT;
1617 	req->end_io_data = nvmeq;
1618 
1619 	blk_execute_rq_nowait(q, NULL, req, false,
1620 			opcode == nvme_admin_delete_cq ?
1621 				nvme_del_cq_end : nvme_del_queue_end);
1622 	return 0;
1623 }
1624 
1625 static void nvme_disable_io_queues(struct nvme_dev *dev)
1626 {
1627 	int pass;
1628 	unsigned long timeout;
1629 	u8 opcode = nvme_admin_delete_sq;
1630 
1631 	for (pass = 0; pass < 2; pass++) {
1632 		int sent = 0, i = dev->queue_count - 1;
1633 
1634 		reinit_completion(&dev->ioq_wait);
1635  retry:
1636 		timeout = ADMIN_TIMEOUT;
1637 		for (; i > 0; i--) {
1638 			struct nvme_queue *nvmeq = dev->queues[i];
1639 
1640 			if (!pass)
1641 				nvme_suspend_queue(nvmeq);
1642 			if (nvme_delete_queue(nvmeq, opcode))
1643 				break;
1644 			++sent;
1645 		}
1646 		while (sent--) {
1647 			timeout = wait_for_completion_io_timeout(&dev->ioq_wait, timeout);
1648 			if (timeout == 0)
1649 				return;
1650 			if (i)
1651 				goto retry;
1652 		}
1653 		opcode = nvme_admin_delete_cq;
1654 	}
1655 }
1656 
1657 /*
1658  * Return: error value if an error occurred setting up the queues or calling
1659  * Identify Device.  0 if these succeeded, even if adding some of the
1660  * namespaces failed.  At the moment, these failures are silent.  TBD which
1661  * failures should be reported.
1662  */
1663 static int nvme_dev_add(struct nvme_dev *dev)
1664 {
1665 	if (!dev->ctrl.tagset) {
1666 		dev->tagset.ops = &nvme_mq_ops;
1667 		dev->tagset.nr_hw_queues = dev->online_queues - 1;
1668 		dev->tagset.timeout = NVME_IO_TIMEOUT;
1669 		dev->tagset.numa_node = dev_to_node(dev->dev);
1670 		dev->tagset.queue_depth =
1671 				min_t(int, dev->q_depth, BLK_MQ_MAX_DEPTH) - 1;
1672 		dev->tagset.cmd_size = nvme_cmd_size(dev);
1673 		dev->tagset.flags = BLK_MQ_F_SHOULD_MERGE;
1674 		dev->tagset.driver_data = dev;
1675 
1676 		if (blk_mq_alloc_tag_set(&dev->tagset))
1677 			return 0;
1678 		dev->ctrl.tagset = &dev->tagset;
1679 	} else {
1680 		blk_mq_update_nr_hw_queues(&dev->tagset, dev->online_queues - 1);
1681 
1682 		/* Free previously allocated queues that are no longer usable */
1683 		nvme_free_queues(dev, dev->online_queues);
1684 	}
1685 
1686 	nvme_queue_scan(dev);
1687 	return 0;
1688 }
1689 
1690 static int nvme_pci_enable(struct nvme_dev *dev)
1691 {
1692 	u64 cap;
1693 	int result = -ENOMEM;
1694 	struct pci_dev *pdev = to_pci_dev(dev->dev);
1695 
1696 	if (pci_enable_device_mem(pdev))
1697 		return result;
1698 
1699 	dev->entry[0].vector = pdev->irq;
1700 	pci_set_master(pdev);
1701 
1702 	if (dma_set_mask_and_coherent(dev->dev, DMA_BIT_MASK(64)) &&
1703 	    dma_set_mask_and_coherent(dev->dev, DMA_BIT_MASK(32)))
1704 		goto disable;
1705 
1706 	if (readl(dev->bar + NVME_REG_CSTS) == -1) {
1707 		result = -ENODEV;
1708 		goto disable;
1709 	}
1710 
1711 	/*
1712 	 * Some devices don't advertse INTx interrupts, pre-enable a single
1713 	 * MSIX vec for setup. We'll adjust this later.
1714 	 */
1715 	if (!pdev->irq) {
1716 		result = pci_enable_msix(pdev, dev->entry, 1);
1717 		if (result < 0)
1718 			goto disable;
1719 	}
1720 
1721 	cap = lo_hi_readq(dev->bar + NVME_REG_CAP);
1722 
1723 	dev->q_depth = min_t(int, NVME_CAP_MQES(cap) + 1, NVME_Q_DEPTH);
1724 	dev->db_stride = 1 << NVME_CAP_STRIDE(cap);
1725 	dev->dbs = dev->bar + 4096;
1726 
1727 	/*
1728 	 * Temporary fix for the Apple controller found in the MacBook8,1 and
1729 	 * some MacBook7,1 to avoid controller resets and data loss.
1730 	 */
1731 	if (pdev->vendor == PCI_VENDOR_ID_APPLE && pdev->device == 0x2001) {
1732 		dev->q_depth = 2;
1733 		dev_warn(dev->dev, "detected Apple NVMe controller, set "
1734 			"queue depth=%u to work around controller resets\n",
1735 			dev->q_depth);
1736 	}
1737 
1738 	if (readl(dev->bar + NVME_REG_VS) >= NVME_VS(1, 2))
1739 		dev->cmb = nvme_map_cmb(dev);
1740 
1741 	pci_enable_pcie_error_reporting(pdev);
1742 	pci_save_state(pdev);
1743 	return 0;
1744 
1745  disable:
1746 	pci_disable_device(pdev);
1747 	return result;
1748 }
1749 
1750 static void nvme_dev_unmap(struct nvme_dev *dev)
1751 {
1752 	if (dev->bar)
1753 		iounmap(dev->bar);
1754 	pci_release_regions(to_pci_dev(dev->dev));
1755 }
1756 
1757 static void nvme_pci_disable(struct nvme_dev *dev)
1758 {
1759 	struct pci_dev *pdev = to_pci_dev(dev->dev);
1760 
1761 	if (pdev->msi_enabled)
1762 		pci_disable_msi(pdev);
1763 	else if (pdev->msix_enabled)
1764 		pci_disable_msix(pdev);
1765 
1766 	if (pci_is_enabled(pdev)) {
1767 		pci_disable_pcie_error_reporting(pdev);
1768 		pci_disable_device(pdev);
1769 	}
1770 }
1771 
1772 static void nvme_dev_disable(struct nvme_dev *dev, bool shutdown)
1773 {
1774 	int i;
1775 	u32 csts = -1;
1776 
1777 	del_timer_sync(&dev->watchdog_timer);
1778 
1779 	mutex_lock(&dev->shutdown_lock);
1780 	if (pci_is_enabled(to_pci_dev(dev->dev))) {
1781 		nvme_stop_queues(&dev->ctrl);
1782 		csts = readl(dev->bar + NVME_REG_CSTS);
1783 	}
1784 	if (csts & NVME_CSTS_CFS || !(csts & NVME_CSTS_RDY)) {
1785 		for (i = dev->queue_count - 1; i >= 0; i--) {
1786 			struct nvme_queue *nvmeq = dev->queues[i];
1787 			nvme_suspend_queue(nvmeq);
1788 		}
1789 	} else {
1790 		nvme_disable_io_queues(dev);
1791 		nvme_disable_admin_queue(dev, shutdown);
1792 	}
1793 	nvme_pci_disable(dev);
1794 
1795 	for (i = dev->queue_count - 1; i >= 0; i--)
1796 		nvme_clear_queue(dev->queues[i]);
1797 	mutex_unlock(&dev->shutdown_lock);
1798 }
1799 
1800 static int nvme_setup_prp_pools(struct nvme_dev *dev)
1801 {
1802 	dev->prp_page_pool = dma_pool_create("prp list page", dev->dev,
1803 						PAGE_SIZE, PAGE_SIZE, 0);
1804 	if (!dev->prp_page_pool)
1805 		return -ENOMEM;
1806 
1807 	/* Optimisation for I/Os between 4k and 128k */
1808 	dev->prp_small_pool = dma_pool_create("prp list 256", dev->dev,
1809 						256, 256, 0);
1810 	if (!dev->prp_small_pool) {
1811 		dma_pool_destroy(dev->prp_page_pool);
1812 		return -ENOMEM;
1813 	}
1814 	return 0;
1815 }
1816 
1817 static void nvme_release_prp_pools(struct nvme_dev *dev)
1818 {
1819 	dma_pool_destroy(dev->prp_page_pool);
1820 	dma_pool_destroy(dev->prp_small_pool);
1821 }
1822 
1823 static void nvme_pci_free_ctrl(struct nvme_ctrl *ctrl)
1824 {
1825 	struct nvme_dev *dev = to_nvme_dev(ctrl);
1826 
1827 	put_device(dev->dev);
1828 	if (dev->tagset.tags)
1829 		blk_mq_free_tag_set(&dev->tagset);
1830 	if (dev->ctrl.admin_q)
1831 		blk_put_queue(dev->ctrl.admin_q);
1832 	kfree(dev->queues);
1833 	kfree(dev->entry);
1834 	kfree(dev);
1835 }
1836 
1837 static void nvme_remove_dead_ctrl(struct nvme_dev *dev, int status)
1838 {
1839 	dev_warn(dev->ctrl.device, "Removing after probe failure status: %d\n", status);
1840 
1841 	kref_get(&dev->ctrl.kref);
1842 	nvme_dev_disable(dev, false);
1843 	if (!schedule_work(&dev->remove_work))
1844 		nvme_put_ctrl(&dev->ctrl);
1845 }
1846 
1847 static void nvme_reset_work(struct work_struct *work)
1848 {
1849 	struct nvme_dev *dev = container_of(work, struct nvme_dev, reset_work);
1850 	int result = -ENODEV;
1851 
1852 	if (WARN_ON(test_bit(NVME_CTRL_RESETTING, &dev->flags)))
1853 		goto out;
1854 
1855 	/*
1856 	 * If we're called to reset a live controller first shut it down before
1857 	 * moving on.
1858 	 */
1859 	if (dev->ctrl.ctrl_config & NVME_CC_ENABLE)
1860 		nvme_dev_disable(dev, false);
1861 
1862 	set_bit(NVME_CTRL_RESETTING, &dev->flags);
1863 
1864 	result = nvme_pci_enable(dev);
1865 	if (result)
1866 		goto out;
1867 
1868 	result = nvme_configure_admin_queue(dev);
1869 	if (result)
1870 		goto out;
1871 
1872 	nvme_init_queue(dev->queues[0], 0);
1873 	result = nvme_alloc_admin_tags(dev);
1874 	if (result)
1875 		goto out;
1876 
1877 	result = nvme_init_identify(&dev->ctrl);
1878 	if (result)
1879 		goto out;
1880 
1881 	result = nvme_setup_io_queues(dev);
1882 	if (result)
1883 		goto out;
1884 
1885 	dev->ctrl.event_limit = NVME_NR_AEN_COMMANDS;
1886 	queue_work(nvme_workq, &dev->async_work);
1887 
1888 	mod_timer(&dev->watchdog_timer, round_jiffies(jiffies + HZ));
1889 
1890 	/*
1891 	 * Keep the controller around but remove all namespaces if we don't have
1892 	 * any working I/O queue.
1893 	 */
1894 	if (dev->online_queues < 2) {
1895 		dev_warn(dev->ctrl.device, "IO queues not created\n");
1896 		nvme_remove_namespaces(&dev->ctrl);
1897 	} else {
1898 		nvme_start_queues(&dev->ctrl);
1899 		nvme_dev_add(dev);
1900 	}
1901 
1902 	clear_bit(NVME_CTRL_RESETTING, &dev->flags);
1903 	return;
1904 
1905  out:
1906 	nvme_remove_dead_ctrl(dev, result);
1907 }
1908 
1909 static void nvme_remove_dead_ctrl_work(struct work_struct *work)
1910 {
1911 	struct nvme_dev *dev = container_of(work, struct nvme_dev, remove_work);
1912 	struct pci_dev *pdev = to_pci_dev(dev->dev);
1913 
1914 	nvme_kill_queues(&dev->ctrl);
1915 	if (pci_get_drvdata(pdev))
1916 		pci_stop_and_remove_bus_device_locked(pdev);
1917 	nvme_put_ctrl(&dev->ctrl);
1918 }
1919 
1920 static int nvme_reset(struct nvme_dev *dev)
1921 {
1922 	if (!dev->ctrl.admin_q || blk_queue_dying(dev->ctrl.admin_q))
1923 		return -ENODEV;
1924 
1925 	if (!queue_work(nvme_workq, &dev->reset_work))
1926 		return -EBUSY;
1927 
1928 	flush_work(&dev->reset_work);
1929 	return 0;
1930 }
1931 
1932 static int nvme_pci_reg_read32(struct nvme_ctrl *ctrl, u32 off, u32 *val)
1933 {
1934 	*val = readl(to_nvme_dev(ctrl)->bar + off);
1935 	return 0;
1936 }
1937 
1938 static int nvme_pci_reg_write32(struct nvme_ctrl *ctrl, u32 off, u32 val)
1939 {
1940 	writel(val, to_nvme_dev(ctrl)->bar + off);
1941 	return 0;
1942 }
1943 
1944 static int nvme_pci_reg_read64(struct nvme_ctrl *ctrl, u32 off, u64 *val)
1945 {
1946 	*val = readq(to_nvme_dev(ctrl)->bar + off);
1947 	return 0;
1948 }
1949 
1950 static bool nvme_pci_io_incapable(struct nvme_ctrl *ctrl)
1951 {
1952 	struct nvme_dev *dev = to_nvme_dev(ctrl);
1953 
1954 	return !dev->bar || dev->online_queues < 2;
1955 }
1956 
1957 static int nvme_pci_reset_ctrl(struct nvme_ctrl *ctrl)
1958 {
1959 	return nvme_reset(to_nvme_dev(ctrl));
1960 }
1961 
1962 static const struct nvme_ctrl_ops nvme_pci_ctrl_ops = {
1963 	.module			= THIS_MODULE,
1964 	.reg_read32		= nvme_pci_reg_read32,
1965 	.reg_write32		= nvme_pci_reg_write32,
1966 	.reg_read64		= nvme_pci_reg_read64,
1967 	.io_incapable		= nvme_pci_io_incapable,
1968 	.reset_ctrl		= nvme_pci_reset_ctrl,
1969 	.free_ctrl		= nvme_pci_free_ctrl,
1970 };
1971 
1972 static int nvme_dev_map(struct nvme_dev *dev)
1973 {
1974 	int bars;
1975 	struct pci_dev *pdev = to_pci_dev(dev->dev);
1976 
1977 	bars = pci_select_bars(pdev, IORESOURCE_MEM);
1978 	if (!bars)
1979 		return -ENODEV;
1980 	if (pci_request_selected_regions(pdev, bars, "nvme"))
1981 		return -ENODEV;
1982 
1983 	dev->bar = ioremap(pci_resource_start(pdev, 0), 8192);
1984 	if (!dev->bar)
1985 		goto release;
1986 
1987        return 0;
1988   release:
1989        pci_release_regions(pdev);
1990        return -ENODEV;
1991 }
1992 
1993 static int nvme_probe(struct pci_dev *pdev, const struct pci_device_id *id)
1994 {
1995 	int node, result = -ENOMEM;
1996 	struct nvme_dev *dev;
1997 
1998 	node = dev_to_node(&pdev->dev);
1999 	if (node == NUMA_NO_NODE)
2000 		set_dev_node(&pdev->dev, 0);
2001 
2002 	dev = kzalloc_node(sizeof(*dev), GFP_KERNEL, node);
2003 	if (!dev)
2004 		return -ENOMEM;
2005 	dev->entry = kzalloc_node(num_possible_cpus() * sizeof(*dev->entry),
2006 							GFP_KERNEL, node);
2007 	if (!dev->entry)
2008 		goto free;
2009 	dev->queues = kzalloc_node((num_possible_cpus() + 1) * sizeof(void *),
2010 							GFP_KERNEL, node);
2011 	if (!dev->queues)
2012 		goto free;
2013 
2014 	dev->dev = get_device(&pdev->dev);
2015 	pci_set_drvdata(pdev, dev);
2016 
2017 	result = nvme_dev_map(dev);
2018 	if (result)
2019 		goto free;
2020 
2021 	INIT_WORK(&dev->scan_work, nvme_dev_scan);
2022 	INIT_WORK(&dev->reset_work, nvme_reset_work);
2023 	INIT_WORK(&dev->remove_work, nvme_remove_dead_ctrl_work);
2024 	INIT_WORK(&dev->async_work, nvme_async_event_work);
2025 	setup_timer(&dev->watchdog_timer, nvme_watchdog_timer,
2026 		(unsigned long)dev);
2027 	mutex_init(&dev->shutdown_lock);
2028 	init_completion(&dev->ioq_wait);
2029 
2030 	result = nvme_setup_prp_pools(dev);
2031 	if (result)
2032 		goto put_pci;
2033 
2034 	result = nvme_init_ctrl(&dev->ctrl, &pdev->dev, &nvme_pci_ctrl_ops,
2035 			id->driver_data);
2036 	if (result)
2037 		goto release_pools;
2038 
2039 	dev_info(dev->ctrl.device, "pci function %s\n", dev_name(&pdev->dev));
2040 
2041 	queue_work(nvme_workq, &dev->reset_work);
2042 	return 0;
2043 
2044  release_pools:
2045 	nvme_release_prp_pools(dev);
2046  put_pci:
2047 	put_device(dev->dev);
2048 	nvme_dev_unmap(dev);
2049  free:
2050 	kfree(dev->queues);
2051 	kfree(dev->entry);
2052 	kfree(dev);
2053 	return result;
2054 }
2055 
2056 static void nvme_reset_notify(struct pci_dev *pdev, bool prepare)
2057 {
2058 	struct nvme_dev *dev = pci_get_drvdata(pdev);
2059 
2060 	if (prepare)
2061 		nvme_dev_disable(dev, false);
2062 	else
2063 		queue_work(nvme_workq, &dev->reset_work);
2064 }
2065 
2066 static void nvme_shutdown(struct pci_dev *pdev)
2067 {
2068 	struct nvme_dev *dev = pci_get_drvdata(pdev);
2069 	nvme_dev_disable(dev, true);
2070 }
2071 
2072 /*
2073  * The driver's remove may be called on a device in a partially initialized
2074  * state. This function must not have any dependencies on the device state in
2075  * order to proceed.
2076  */
2077 static void nvme_remove(struct pci_dev *pdev)
2078 {
2079 	struct nvme_dev *dev = pci_get_drvdata(pdev);
2080 
2081 	del_timer_sync(&dev->watchdog_timer);
2082 
2083 	set_bit(NVME_CTRL_REMOVING, &dev->flags);
2084 	pci_set_drvdata(pdev, NULL);
2085 	flush_work(&dev->async_work);
2086 	flush_work(&dev->scan_work);
2087 	nvme_remove_namespaces(&dev->ctrl);
2088 	nvme_uninit_ctrl(&dev->ctrl);
2089 	nvme_dev_disable(dev, true);
2090 	flush_work(&dev->reset_work);
2091 	nvme_dev_remove_admin(dev);
2092 	nvme_free_queues(dev, 0);
2093 	nvme_release_cmb(dev);
2094 	nvme_release_prp_pools(dev);
2095 	nvme_dev_unmap(dev);
2096 	nvme_put_ctrl(&dev->ctrl);
2097 }
2098 
2099 #ifdef CONFIG_PM_SLEEP
2100 static int nvme_suspend(struct device *dev)
2101 {
2102 	struct pci_dev *pdev = to_pci_dev(dev);
2103 	struct nvme_dev *ndev = pci_get_drvdata(pdev);
2104 
2105 	nvme_dev_disable(ndev, true);
2106 	return 0;
2107 }
2108 
2109 static int nvme_resume(struct device *dev)
2110 {
2111 	struct pci_dev *pdev = to_pci_dev(dev);
2112 	struct nvme_dev *ndev = pci_get_drvdata(pdev);
2113 
2114 	queue_work(nvme_workq, &ndev->reset_work);
2115 	return 0;
2116 }
2117 #endif
2118 
2119 static SIMPLE_DEV_PM_OPS(nvme_dev_pm_ops, nvme_suspend, nvme_resume);
2120 
2121 static pci_ers_result_t nvme_error_detected(struct pci_dev *pdev,
2122 						pci_channel_state_t state)
2123 {
2124 	struct nvme_dev *dev = pci_get_drvdata(pdev);
2125 
2126 	/*
2127 	 * A frozen channel requires a reset. When detected, this method will
2128 	 * shutdown the controller to quiesce. The controller will be restarted
2129 	 * after the slot reset through driver's slot_reset callback.
2130 	 */
2131 	dev_warn(dev->ctrl.device, "error detected: state:%d\n", state);
2132 	switch (state) {
2133 	case pci_channel_io_normal:
2134 		return PCI_ERS_RESULT_CAN_RECOVER;
2135 	case pci_channel_io_frozen:
2136 		nvme_dev_disable(dev, false);
2137 		return PCI_ERS_RESULT_NEED_RESET;
2138 	case pci_channel_io_perm_failure:
2139 		return PCI_ERS_RESULT_DISCONNECT;
2140 	}
2141 	return PCI_ERS_RESULT_NEED_RESET;
2142 }
2143 
2144 static pci_ers_result_t nvme_slot_reset(struct pci_dev *pdev)
2145 {
2146 	struct nvme_dev *dev = pci_get_drvdata(pdev);
2147 
2148 	dev_info(dev->ctrl.device, "restart after slot reset\n");
2149 	pci_restore_state(pdev);
2150 	queue_work(nvme_workq, &dev->reset_work);
2151 	return PCI_ERS_RESULT_RECOVERED;
2152 }
2153 
2154 static void nvme_error_resume(struct pci_dev *pdev)
2155 {
2156 	pci_cleanup_aer_uncorrect_error_status(pdev);
2157 }
2158 
2159 static const struct pci_error_handlers nvme_err_handler = {
2160 	.error_detected	= nvme_error_detected,
2161 	.slot_reset	= nvme_slot_reset,
2162 	.resume		= nvme_error_resume,
2163 	.reset_notify	= nvme_reset_notify,
2164 };
2165 
2166 /* Move to pci_ids.h later */
2167 #define PCI_CLASS_STORAGE_EXPRESS	0x010802
2168 
2169 static const struct pci_device_id nvme_id_table[] = {
2170 	{ PCI_VDEVICE(INTEL, 0x0953),
2171 		.driver_data = NVME_QUIRK_STRIPE_SIZE |
2172 				NVME_QUIRK_DISCARD_ZEROES, },
2173 	{ PCI_VDEVICE(INTEL, 0x5845),	/* Qemu emulated controller */
2174 		.driver_data = NVME_QUIRK_IDENTIFY_CNS, },
2175 	{ PCI_DEVICE_CLASS(PCI_CLASS_STORAGE_EXPRESS, 0xffffff) },
2176 	{ PCI_DEVICE(PCI_VENDOR_ID_APPLE, 0x2001) },
2177 	{ 0, }
2178 };
2179 MODULE_DEVICE_TABLE(pci, nvme_id_table);
2180 
2181 static struct pci_driver nvme_driver = {
2182 	.name		= "nvme",
2183 	.id_table	= nvme_id_table,
2184 	.probe		= nvme_probe,
2185 	.remove		= nvme_remove,
2186 	.shutdown	= nvme_shutdown,
2187 	.driver		= {
2188 		.pm	= &nvme_dev_pm_ops,
2189 	},
2190 	.err_handler	= &nvme_err_handler,
2191 };
2192 
2193 static int __init nvme_init(void)
2194 {
2195 	int result;
2196 
2197 	nvme_workq = alloc_workqueue("nvme", WQ_UNBOUND | WQ_MEM_RECLAIM, 0);
2198 	if (!nvme_workq)
2199 		return -ENOMEM;
2200 
2201 	result = pci_register_driver(&nvme_driver);
2202 	if (result)
2203 		destroy_workqueue(nvme_workq);
2204 	return result;
2205 }
2206 
2207 static void __exit nvme_exit(void)
2208 {
2209 	pci_unregister_driver(&nvme_driver);
2210 	destroy_workqueue(nvme_workq);
2211 	_nvme_check_size();
2212 }
2213 
2214 MODULE_AUTHOR("Matthew Wilcox <willy@linux.intel.com>");
2215 MODULE_LICENSE("GPL");
2216 MODULE_VERSION("1.0");
2217 module_init(nvme_init);
2218 module_exit(nvme_exit);
2219