xref: /linux/drivers/scsi/xen-scsifront.c (revision 93df8a1ed6231727c5db94a80b1a6bd5ee67cec3)
1 /*
2  * Xen SCSI frontend driver
3  *
4  * Copyright (c) 2008, FUJITSU Limited
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License version 2
8  * as published by the Free Software Foundation; or, when distributed
9  * separately from the Linux kernel or incorporated into other
10  * software packages, subject to the following license:
11  *
12  * Permission is hereby granted, free of charge, to any person obtaining a copy
13  * of this source file (the "Software"), to deal in the Software without
14  * restriction, including without limitation the rights to use, copy, modify,
15  * merge, publish, distribute, sublicense, and/or sell copies of the Software,
16  * and to permit persons to whom the Software is furnished to do so, subject to
17  * the following conditions:
18  *
19  * The above copyright notice and this permission notice shall be included in
20  * all copies or substantial portions of the Software.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
27  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
28  * IN THE SOFTWARE.
29  */
30 
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/device.h>
34 #include <linux/wait.h>
35 #include <linux/interrupt.h>
36 #include <linux/mutex.h>
37 #include <linux/spinlock.h>
38 #include <linux/sched.h>
39 #include <linux/blkdev.h>
40 #include <linux/pfn.h>
41 #include <linux/slab.h>
42 #include <linux/bitops.h>
43 
44 #include <scsi/scsi_cmnd.h>
45 #include <scsi/scsi_device.h>
46 #include <scsi/scsi.h>
47 #include <scsi/scsi_host.h>
48 
49 #include <xen/xen.h>
50 #include <xen/xenbus.h>
51 #include <xen/grant_table.h>
52 #include <xen/events.h>
53 #include <xen/page.h>
54 
55 #include <xen/interface/grant_table.h>
56 #include <xen/interface/io/vscsiif.h>
57 #include <xen/interface/io/protocols.h>
58 
59 #include <asm/xen/hypervisor.h>
60 
61 
62 #define GRANT_INVALID_REF	0
63 
64 #define VSCSIFRONT_OP_ADD_LUN	1
65 #define VSCSIFRONT_OP_DEL_LUN	2
66 #define VSCSIFRONT_OP_READD_LUN	3
67 
68 /* Tuning point. */
69 #define VSCSIIF_DEFAULT_CMD_PER_LUN 10
70 #define VSCSIIF_MAX_TARGET          64
71 #define VSCSIIF_MAX_LUN             255
72 
73 #define VSCSIIF_RING_SIZE	__CONST_RING_SIZE(vscsiif, PAGE_SIZE)
74 #define VSCSIIF_MAX_REQS	VSCSIIF_RING_SIZE
75 
76 #define vscsiif_grants_sg(_sg)	(PFN_UP((_sg) *		\
77 				sizeof(struct scsiif_request_segment)))
78 
79 struct vscsifrnt_shadow {
80 	/* command between backend and frontend */
81 	unsigned char act;
82 	uint16_t rqid;
83 
84 	unsigned int nr_grants;		/* number of grants in gref[] */
85 	struct scsiif_request_segment *sg;	/* scatter/gather elements */
86 
87 	/* Do reset or abort function. */
88 	wait_queue_head_t wq_reset;	/* reset work queue           */
89 	int wait_reset;			/* reset work queue condition */
90 	int32_t rslt_reset;		/* reset response status:     */
91 					/* SUCCESS or FAILED or:      */
92 #define RSLT_RESET_WAITING	0
93 #define RSLT_RESET_ERR		-1
94 
95 	/* Requested struct scsi_cmnd is stored from kernel. */
96 	struct scsi_cmnd *sc;
97 	int gref[vscsiif_grants_sg(SG_ALL) + SG_ALL];
98 };
99 
100 struct vscsifrnt_info {
101 	struct xenbus_device *dev;
102 
103 	struct Scsi_Host *host;
104 	int host_active;
105 
106 	unsigned int evtchn;
107 	unsigned int irq;
108 
109 	grant_ref_t ring_ref;
110 	struct vscsiif_front_ring ring;
111 	struct vscsiif_response	ring_rsp;
112 
113 	spinlock_t shadow_lock;
114 	DECLARE_BITMAP(shadow_free_bitmap, VSCSIIF_MAX_REQS);
115 	struct vscsifrnt_shadow *shadow[VSCSIIF_MAX_REQS];
116 
117 	/* Following items are protected by the host lock. */
118 	wait_queue_head_t wq_sync;
119 	wait_queue_head_t wq_pause;
120 	unsigned int wait_ring_available:1;
121 	unsigned int waiting_pause:1;
122 	unsigned int pause:1;
123 	unsigned callers;
124 
125 	char dev_state_path[64];
126 	struct task_struct *curr;
127 };
128 
129 static DEFINE_MUTEX(scsifront_mutex);
130 
131 static void scsifront_wake_up(struct vscsifrnt_info *info)
132 {
133 	info->wait_ring_available = 0;
134 	wake_up(&info->wq_sync);
135 }
136 
137 static int scsifront_get_rqid(struct vscsifrnt_info *info)
138 {
139 	unsigned long flags;
140 	int free;
141 
142 	spin_lock_irqsave(&info->shadow_lock, flags);
143 
144 	free = find_first_bit(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
145 	__clear_bit(free, info->shadow_free_bitmap);
146 
147 	spin_unlock_irqrestore(&info->shadow_lock, flags);
148 
149 	return free;
150 }
151 
152 static int _scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
153 {
154 	int empty = bitmap_empty(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
155 
156 	__set_bit(id, info->shadow_free_bitmap);
157 	info->shadow[id] = NULL;
158 
159 	return empty || info->wait_ring_available;
160 }
161 
162 static void scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
163 {
164 	unsigned long flags;
165 	int kick;
166 
167 	spin_lock_irqsave(&info->shadow_lock, flags);
168 	kick = _scsifront_put_rqid(info, id);
169 	spin_unlock_irqrestore(&info->shadow_lock, flags);
170 
171 	if (kick)
172 		scsifront_wake_up(info);
173 }
174 
175 static struct vscsiif_request *scsifront_pre_req(struct vscsifrnt_info *info)
176 {
177 	struct vscsiif_front_ring *ring = &(info->ring);
178 	struct vscsiif_request *ring_req;
179 	uint32_t id;
180 
181 	id = scsifront_get_rqid(info);	/* use id in response */
182 	if (id >= VSCSIIF_MAX_REQS)
183 		return NULL;
184 
185 	ring_req = RING_GET_REQUEST(&(info->ring), ring->req_prod_pvt);
186 
187 	ring->req_prod_pvt++;
188 
189 	ring_req->rqid = (uint16_t)id;
190 
191 	return ring_req;
192 }
193 
194 static void scsifront_do_request(struct vscsifrnt_info *info)
195 {
196 	struct vscsiif_front_ring *ring = &(info->ring);
197 	int notify;
198 
199 	RING_PUSH_REQUESTS_AND_CHECK_NOTIFY(ring, notify);
200 	if (notify)
201 		notify_remote_via_irq(info->irq);
202 }
203 
204 static void scsifront_gnttab_done(struct vscsifrnt_info *info, uint32_t id)
205 {
206 	struct vscsifrnt_shadow *s = info->shadow[id];
207 	int i;
208 
209 	if (s->sc->sc_data_direction == DMA_NONE)
210 		return;
211 
212 	for (i = 0; i < s->nr_grants; i++) {
213 		if (unlikely(gnttab_query_foreign_access(s->gref[i]) != 0)) {
214 			shost_printk(KERN_ALERT, info->host, KBUILD_MODNAME
215 				     "grant still in use by backend\n");
216 			BUG();
217 		}
218 		gnttab_end_foreign_access(s->gref[i], 0, 0UL);
219 	}
220 
221 	kfree(s->sg);
222 }
223 
224 static void scsifront_cdb_cmd_done(struct vscsifrnt_info *info,
225 				   struct vscsiif_response *ring_rsp)
226 {
227 	struct scsi_cmnd *sc;
228 	uint32_t id;
229 	uint8_t sense_len;
230 
231 	id = ring_rsp->rqid;
232 	sc = info->shadow[id]->sc;
233 
234 	BUG_ON(sc == NULL);
235 
236 	scsifront_gnttab_done(info, id);
237 	scsifront_put_rqid(info, id);
238 
239 	sc->result = ring_rsp->rslt;
240 	scsi_set_resid(sc, ring_rsp->residual_len);
241 
242 	sense_len = min_t(uint8_t, VSCSIIF_SENSE_BUFFERSIZE,
243 			  ring_rsp->sense_len);
244 
245 	if (sense_len)
246 		memcpy(sc->sense_buffer, ring_rsp->sense_buffer, sense_len);
247 
248 	sc->scsi_done(sc);
249 }
250 
251 static void scsifront_sync_cmd_done(struct vscsifrnt_info *info,
252 				    struct vscsiif_response *ring_rsp)
253 {
254 	uint16_t id = ring_rsp->rqid;
255 	unsigned long flags;
256 	struct vscsifrnt_shadow *shadow = info->shadow[id];
257 	int kick;
258 
259 	spin_lock_irqsave(&info->shadow_lock, flags);
260 	shadow->wait_reset = 1;
261 	switch (shadow->rslt_reset) {
262 	case RSLT_RESET_WAITING:
263 		shadow->rslt_reset = ring_rsp->rslt;
264 		break;
265 	case RSLT_RESET_ERR:
266 		kick = _scsifront_put_rqid(info, id);
267 		spin_unlock_irqrestore(&info->shadow_lock, flags);
268 		kfree(shadow);
269 		if (kick)
270 			scsifront_wake_up(info);
271 		return;
272 	default:
273 		shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
274 			     "bad reset state %d, possibly leaking %u\n",
275 			     shadow->rslt_reset, id);
276 		break;
277 	}
278 	spin_unlock_irqrestore(&info->shadow_lock, flags);
279 
280 	wake_up(&shadow->wq_reset);
281 }
282 
283 static void scsifront_do_response(struct vscsifrnt_info *info,
284 				  struct vscsiif_response *ring_rsp)
285 {
286 	if (WARN(ring_rsp->rqid >= VSCSIIF_MAX_REQS ||
287 		 test_bit(ring_rsp->rqid, info->shadow_free_bitmap),
288 		 "illegal rqid %u returned by backend!\n", ring_rsp->rqid))
289 		return;
290 
291 	if (info->shadow[ring_rsp->rqid]->act == VSCSIIF_ACT_SCSI_CDB)
292 		scsifront_cdb_cmd_done(info, ring_rsp);
293 	else
294 		scsifront_sync_cmd_done(info, ring_rsp);
295 }
296 
297 static int scsifront_ring_drain(struct vscsifrnt_info *info)
298 {
299 	struct vscsiif_response *ring_rsp;
300 	RING_IDX i, rp;
301 	int more_to_do = 0;
302 
303 	rp = info->ring.sring->rsp_prod;
304 	rmb();	/* ordering required respective to dom0 */
305 	for (i = info->ring.rsp_cons; i != rp; i++) {
306 		ring_rsp = RING_GET_RESPONSE(&info->ring, i);
307 		scsifront_do_response(info, ring_rsp);
308 	}
309 
310 	info->ring.rsp_cons = i;
311 
312 	if (i != info->ring.req_prod_pvt)
313 		RING_FINAL_CHECK_FOR_RESPONSES(&info->ring, more_to_do);
314 	else
315 		info->ring.sring->rsp_event = i + 1;
316 
317 	return more_to_do;
318 }
319 
320 static int scsifront_cmd_done(struct vscsifrnt_info *info)
321 {
322 	int more_to_do;
323 	unsigned long flags;
324 
325 	spin_lock_irqsave(info->host->host_lock, flags);
326 
327 	more_to_do = scsifront_ring_drain(info);
328 
329 	info->wait_ring_available = 0;
330 
331 	spin_unlock_irqrestore(info->host->host_lock, flags);
332 
333 	wake_up(&info->wq_sync);
334 
335 	return more_to_do;
336 }
337 
338 static irqreturn_t scsifront_irq_fn(int irq, void *dev_id)
339 {
340 	struct vscsifrnt_info *info = dev_id;
341 
342 	while (scsifront_cmd_done(info))
343 		/* Yield point for this unbounded loop. */
344 		cond_resched();
345 
346 	return IRQ_HANDLED;
347 }
348 
349 static void scsifront_finish_all(struct vscsifrnt_info *info)
350 {
351 	unsigned i;
352 	struct vscsiif_response resp;
353 
354 	scsifront_ring_drain(info);
355 
356 	for (i = 0; i < VSCSIIF_MAX_REQS; i++) {
357 		if (test_bit(i, info->shadow_free_bitmap))
358 			continue;
359 		resp.rqid = i;
360 		resp.sense_len = 0;
361 		resp.rslt = DID_RESET << 16;
362 		resp.residual_len = 0;
363 		scsifront_do_response(info, &resp);
364 	}
365 }
366 
367 static int map_data_for_request(struct vscsifrnt_info *info,
368 				struct scsi_cmnd *sc,
369 				struct vscsiif_request *ring_req,
370 				struct vscsifrnt_shadow *shadow)
371 {
372 	grant_ref_t gref_head;
373 	struct page *page;
374 	int err, ref, ref_cnt = 0;
375 	int grant_ro = (sc->sc_data_direction == DMA_TO_DEVICE);
376 	unsigned int i, off, len, bytes;
377 	unsigned int data_len = scsi_bufflen(sc);
378 	unsigned int data_grants = 0, seg_grants = 0;
379 	struct scatterlist *sg;
380 	unsigned long mfn;
381 	struct scsiif_request_segment *seg;
382 
383 	ring_req->nr_segments = 0;
384 	if (sc->sc_data_direction == DMA_NONE || !data_len)
385 		return 0;
386 
387 	scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i)
388 		data_grants += PFN_UP(sg->offset + sg->length);
389 
390 	if (data_grants > VSCSIIF_SG_TABLESIZE) {
391 		if (data_grants > info->host->sg_tablesize) {
392 			shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
393 			     "Unable to map request_buffer for command!\n");
394 			return -E2BIG;
395 		}
396 		seg_grants = vscsiif_grants_sg(data_grants);
397 		shadow->sg = kcalloc(data_grants,
398 			sizeof(struct scsiif_request_segment), GFP_ATOMIC);
399 		if (!shadow->sg)
400 			return -ENOMEM;
401 	}
402 	seg = shadow->sg ? : ring_req->seg;
403 
404 	err = gnttab_alloc_grant_references(seg_grants + data_grants,
405 					    &gref_head);
406 	if (err) {
407 		kfree(shadow->sg);
408 		shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
409 			     "gnttab_alloc_grant_references() error\n");
410 		return -ENOMEM;
411 	}
412 
413 	if (seg_grants) {
414 		page = virt_to_page(seg);
415 		off = (unsigned long)seg & ~PAGE_MASK;
416 		len = sizeof(struct scsiif_request_segment) * data_grants;
417 		while (len > 0) {
418 			bytes = min_t(unsigned int, len, PAGE_SIZE - off);
419 
420 			ref = gnttab_claim_grant_reference(&gref_head);
421 			BUG_ON(ref == -ENOSPC);
422 
423 			mfn = pfn_to_mfn(page_to_pfn(page));
424 			gnttab_grant_foreign_access_ref(ref,
425 				info->dev->otherend_id, mfn, 1);
426 			shadow->gref[ref_cnt] = ref;
427 			ring_req->seg[ref_cnt].gref   = ref;
428 			ring_req->seg[ref_cnt].offset = (uint16_t)off;
429 			ring_req->seg[ref_cnt].length = (uint16_t)bytes;
430 
431 			page++;
432 			len -= bytes;
433 			off = 0;
434 			ref_cnt++;
435 		}
436 		BUG_ON(seg_grants < ref_cnt);
437 		seg_grants = ref_cnt;
438 	}
439 
440 	scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i) {
441 		page = sg_page(sg);
442 		off = sg->offset;
443 		len = sg->length;
444 
445 		while (len > 0 && data_len > 0) {
446 			/*
447 			 * sg sends a scatterlist that is larger than
448 			 * the data_len it wants transferred for certain
449 			 * IO sizes.
450 			 */
451 			bytes = min_t(unsigned int, len, PAGE_SIZE - off);
452 			bytes = min(bytes, data_len);
453 
454 			ref = gnttab_claim_grant_reference(&gref_head);
455 			BUG_ON(ref == -ENOSPC);
456 
457 			mfn = pfn_to_mfn(page_to_pfn(page));
458 			gnttab_grant_foreign_access_ref(ref,
459 				info->dev->otherend_id, mfn, grant_ro);
460 
461 			shadow->gref[ref_cnt] = ref;
462 			seg->gref   = ref;
463 			seg->offset = (uint16_t)off;
464 			seg->length = (uint16_t)bytes;
465 
466 			page++;
467 			seg++;
468 			len -= bytes;
469 			data_len -= bytes;
470 			off = 0;
471 			ref_cnt++;
472 		}
473 	}
474 
475 	if (seg_grants)
476 		ring_req->nr_segments = VSCSIIF_SG_GRANT | seg_grants;
477 	else
478 		ring_req->nr_segments = (uint8_t)ref_cnt;
479 	shadow->nr_grants = ref_cnt;
480 
481 	return 0;
482 }
483 
484 static struct vscsiif_request *scsifront_command2ring(
485 		struct vscsifrnt_info *info, struct scsi_cmnd *sc,
486 		struct vscsifrnt_shadow *shadow)
487 {
488 	struct vscsiif_request *ring_req;
489 
490 	memset(shadow, 0, sizeof(*shadow));
491 
492 	ring_req = scsifront_pre_req(info);
493 	if (!ring_req)
494 		return NULL;
495 
496 	info->shadow[ring_req->rqid] = shadow;
497 	shadow->rqid = ring_req->rqid;
498 
499 	ring_req->id      = sc->device->id;
500 	ring_req->lun     = sc->device->lun;
501 	ring_req->channel = sc->device->channel;
502 	ring_req->cmd_len = sc->cmd_len;
503 
504 	BUG_ON(sc->cmd_len > VSCSIIF_MAX_COMMAND_SIZE);
505 
506 	memcpy(ring_req->cmnd, sc->cmnd, sc->cmd_len);
507 
508 	ring_req->sc_data_direction   = (uint8_t)sc->sc_data_direction;
509 	ring_req->timeout_per_command = sc->request->timeout / HZ;
510 
511 	return ring_req;
512 }
513 
514 static int scsifront_enter(struct vscsifrnt_info *info)
515 {
516 	if (info->pause)
517 		return 1;
518 	info->callers++;
519 	return 0;
520 }
521 
522 static void scsifront_return(struct vscsifrnt_info *info)
523 {
524 	info->callers--;
525 	if (info->callers)
526 		return;
527 
528 	if (!info->waiting_pause)
529 		return;
530 
531 	info->waiting_pause = 0;
532 	wake_up(&info->wq_pause);
533 }
534 
535 static int scsifront_queuecommand(struct Scsi_Host *shost,
536 				  struct scsi_cmnd *sc)
537 {
538 	struct vscsifrnt_info *info = shost_priv(shost);
539 	struct vscsiif_request *ring_req;
540 	struct vscsifrnt_shadow *shadow = scsi_cmd_priv(sc);
541 	unsigned long flags;
542 	int err;
543 	uint16_t rqid;
544 
545 	spin_lock_irqsave(shost->host_lock, flags);
546 	if (scsifront_enter(info)) {
547 		spin_unlock_irqrestore(shost->host_lock, flags);
548 		return SCSI_MLQUEUE_HOST_BUSY;
549 	}
550 	if (RING_FULL(&info->ring))
551 		goto busy;
552 
553 	ring_req = scsifront_command2ring(info, sc, shadow);
554 	if (!ring_req)
555 		goto busy;
556 
557 	sc->result = 0;
558 
559 	rqid = ring_req->rqid;
560 	ring_req->act = VSCSIIF_ACT_SCSI_CDB;
561 
562 	shadow->sc  = sc;
563 	shadow->act = VSCSIIF_ACT_SCSI_CDB;
564 
565 	err = map_data_for_request(info, sc, ring_req, shadow);
566 	if (err < 0) {
567 		pr_debug("%s: err %d\n", __func__, err);
568 		scsifront_put_rqid(info, rqid);
569 		scsifront_return(info);
570 		spin_unlock_irqrestore(shost->host_lock, flags);
571 		if (err == -ENOMEM)
572 			return SCSI_MLQUEUE_HOST_BUSY;
573 		sc->result = DID_ERROR << 16;
574 		sc->scsi_done(sc);
575 		return 0;
576 	}
577 
578 	scsifront_do_request(info);
579 	scsifront_return(info);
580 	spin_unlock_irqrestore(shost->host_lock, flags);
581 
582 	return 0;
583 
584 busy:
585 	scsifront_return(info);
586 	spin_unlock_irqrestore(shost->host_lock, flags);
587 	pr_debug("%s: busy\n", __func__);
588 	return SCSI_MLQUEUE_HOST_BUSY;
589 }
590 
591 /*
592  * Any exception handling (reset or abort) must be forwarded to the backend.
593  * We have to wait until an answer is returned. This answer contains the
594  * result to be returned to the requestor.
595  */
596 static int scsifront_action_handler(struct scsi_cmnd *sc, uint8_t act)
597 {
598 	struct Scsi_Host *host = sc->device->host;
599 	struct vscsifrnt_info *info = shost_priv(host);
600 	struct vscsifrnt_shadow *shadow, *s = scsi_cmd_priv(sc);
601 	struct vscsiif_request *ring_req;
602 	int err = 0;
603 
604 	shadow = kmalloc(sizeof(*shadow), GFP_NOIO);
605 	if (!shadow)
606 		return FAILED;
607 
608 	spin_lock_irq(host->host_lock);
609 
610 	for (;;) {
611 		if (!RING_FULL(&info->ring)) {
612 			ring_req = scsifront_command2ring(info, sc, shadow);
613 			if (ring_req)
614 				break;
615 		}
616 		if (err || info->pause) {
617 			spin_unlock_irq(host->host_lock);
618 			kfree(shadow);
619 			return FAILED;
620 		}
621 		info->wait_ring_available = 1;
622 		spin_unlock_irq(host->host_lock);
623 		err = wait_event_interruptible(info->wq_sync,
624 					       !info->wait_ring_available);
625 		spin_lock_irq(host->host_lock);
626 	}
627 
628 	if (scsifront_enter(info)) {
629 		spin_unlock_irq(host->host_lock);
630 		return FAILED;
631 	}
632 
633 	ring_req->act = act;
634 	ring_req->ref_rqid = s->rqid;
635 
636 	shadow->act = act;
637 	shadow->rslt_reset = RSLT_RESET_WAITING;
638 	init_waitqueue_head(&shadow->wq_reset);
639 
640 	ring_req->nr_segments = 0;
641 
642 	scsifront_do_request(info);
643 
644 	spin_unlock_irq(host->host_lock);
645 	err = wait_event_interruptible(shadow->wq_reset, shadow->wait_reset);
646 	spin_lock_irq(host->host_lock);
647 
648 	if (!err) {
649 		err = shadow->rslt_reset;
650 		scsifront_put_rqid(info, shadow->rqid);
651 		kfree(shadow);
652 	} else {
653 		spin_lock(&info->shadow_lock);
654 		shadow->rslt_reset = RSLT_RESET_ERR;
655 		spin_unlock(&info->shadow_lock);
656 		err = FAILED;
657 	}
658 
659 	scsifront_return(info);
660 	spin_unlock_irq(host->host_lock);
661 	return err;
662 }
663 
664 static int scsifront_eh_abort_handler(struct scsi_cmnd *sc)
665 {
666 	pr_debug("%s\n", __func__);
667 	return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_ABORT);
668 }
669 
670 static int scsifront_dev_reset_handler(struct scsi_cmnd *sc)
671 {
672 	pr_debug("%s\n", __func__);
673 	return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_RESET);
674 }
675 
676 static int scsifront_sdev_configure(struct scsi_device *sdev)
677 {
678 	struct vscsifrnt_info *info = shost_priv(sdev->host);
679 
680 	if (info && current == info->curr)
681 		xenbus_printf(XBT_NIL, info->dev->nodename,
682 			      info->dev_state_path, "%d", XenbusStateConnected);
683 
684 	return 0;
685 }
686 
687 static void scsifront_sdev_destroy(struct scsi_device *sdev)
688 {
689 	struct vscsifrnt_info *info = shost_priv(sdev->host);
690 
691 	if (info && current == info->curr)
692 		xenbus_printf(XBT_NIL, info->dev->nodename,
693 			      info->dev_state_path, "%d", XenbusStateClosed);
694 }
695 
696 static struct scsi_host_template scsifront_sht = {
697 	.module			= THIS_MODULE,
698 	.name			= "Xen SCSI frontend driver",
699 	.queuecommand		= scsifront_queuecommand,
700 	.eh_abort_handler	= scsifront_eh_abort_handler,
701 	.eh_device_reset_handler = scsifront_dev_reset_handler,
702 	.slave_configure	= scsifront_sdev_configure,
703 	.slave_destroy		= scsifront_sdev_destroy,
704 	.cmd_per_lun		= VSCSIIF_DEFAULT_CMD_PER_LUN,
705 	.can_queue		= VSCSIIF_MAX_REQS,
706 	.this_id		= -1,
707 	.cmd_size		= sizeof(struct vscsifrnt_shadow),
708 	.sg_tablesize		= VSCSIIF_SG_TABLESIZE,
709 	.use_clustering		= DISABLE_CLUSTERING,
710 	.proc_name		= "scsifront",
711 };
712 
713 static int scsifront_alloc_ring(struct vscsifrnt_info *info)
714 {
715 	struct xenbus_device *dev = info->dev;
716 	struct vscsiif_sring *sring;
717 	grant_ref_t gref;
718 	int err = -ENOMEM;
719 
720 	/***** Frontend to Backend ring start *****/
721 	sring = (struct vscsiif_sring *)__get_free_page(GFP_KERNEL);
722 	if (!sring) {
723 		xenbus_dev_fatal(dev, err,
724 			"fail to allocate shared ring (Front to Back)");
725 		return err;
726 	}
727 	SHARED_RING_INIT(sring);
728 	FRONT_RING_INIT(&info->ring, sring, PAGE_SIZE);
729 
730 	err = xenbus_grant_ring(dev, sring, 1, &gref);
731 	if (err < 0) {
732 		free_page((unsigned long)sring);
733 		xenbus_dev_fatal(dev, err,
734 			"fail to grant shared ring (Front to Back)");
735 		return err;
736 	}
737 	info->ring_ref = gref;
738 
739 	err = xenbus_alloc_evtchn(dev, &info->evtchn);
740 	if (err) {
741 		xenbus_dev_fatal(dev, err, "xenbus_alloc_evtchn");
742 		goto free_gnttab;
743 	}
744 
745 	err = bind_evtchn_to_irq(info->evtchn);
746 	if (err <= 0) {
747 		xenbus_dev_fatal(dev, err, "bind_evtchn_to_irq");
748 		goto free_gnttab;
749 	}
750 
751 	info->irq = err;
752 
753 	err = request_threaded_irq(info->irq, NULL, scsifront_irq_fn,
754 				   IRQF_ONESHOT, "scsifront", info);
755 	if (err) {
756 		xenbus_dev_fatal(dev, err, "request_threaded_irq");
757 		goto free_irq;
758 	}
759 
760 	return 0;
761 
762 /* free resource */
763 free_irq:
764 	unbind_from_irqhandler(info->irq, info);
765 free_gnttab:
766 	gnttab_end_foreign_access(info->ring_ref, 0,
767 				  (unsigned long)info->ring.sring);
768 
769 	return err;
770 }
771 
772 static void scsifront_free_ring(struct vscsifrnt_info *info)
773 {
774 	unbind_from_irqhandler(info->irq, info);
775 	gnttab_end_foreign_access(info->ring_ref, 0,
776 				  (unsigned long)info->ring.sring);
777 }
778 
779 static int scsifront_init_ring(struct vscsifrnt_info *info)
780 {
781 	struct xenbus_device *dev = info->dev;
782 	struct xenbus_transaction xbt;
783 	int err;
784 
785 	pr_debug("%s\n", __func__);
786 
787 	err = scsifront_alloc_ring(info);
788 	if (err)
789 		return err;
790 	pr_debug("%s: %u %u\n", __func__, info->ring_ref, info->evtchn);
791 
792 again:
793 	err = xenbus_transaction_start(&xbt);
794 	if (err)
795 		xenbus_dev_fatal(dev, err, "starting transaction");
796 
797 	err = xenbus_printf(xbt, dev->nodename, "ring-ref", "%u",
798 			    info->ring_ref);
799 	if (err) {
800 		xenbus_dev_fatal(dev, err, "%s", "writing ring-ref");
801 		goto fail;
802 	}
803 
804 	err = xenbus_printf(xbt, dev->nodename, "event-channel", "%u",
805 			    info->evtchn);
806 
807 	if (err) {
808 		xenbus_dev_fatal(dev, err, "%s", "writing event-channel");
809 		goto fail;
810 	}
811 
812 	err = xenbus_transaction_end(xbt, 0);
813 	if (err) {
814 		if (err == -EAGAIN)
815 			goto again;
816 		xenbus_dev_fatal(dev, err, "completing transaction");
817 		goto free_sring;
818 	}
819 
820 	return 0;
821 
822 fail:
823 	xenbus_transaction_end(xbt, 1);
824 free_sring:
825 	scsifront_free_ring(info);
826 
827 	return err;
828 }
829 
830 
831 static int scsifront_probe(struct xenbus_device *dev,
832 			   const struct xenbus_device_id *id)
833 {
834 	struct vscsifrnt_info *info;
835 	struct Scsi_Host *host;
836 	int err = -ENOMEM;
837 	char name[TASK_COMM_LEN];
838 
839 	host = scsi_host_alloc(&scsifront_sht, sizeof(*info));
840 	if (!host) {
841 		xenbus_dev_fatal(dev, err, "fail to allocate scsi host");
842 		return err;
843 	}
844 	info = (struct vscsifrnt_info *)host->hostdata;
845 
846 	dev_set_drvdata(&dev->dev, info);
847 	info->dev = dev;
848 
849 	bitmap_fill(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
850 
851 	err = scsifront_init_ring(info);
852 	if (err) {
853 		scsi_host_put(host);
854 		return err;
855 	}
856 
857 	init_waitqueue_head(&info->wq_sync);
858 	init_waitqueue_head(&info->wq_pause);
859 	spin_lock_init(&info->shadow_lock);
860 
861 	snprintf(name, TASK_COMM_LEN, "vscsiif.%d", host->host_no);
862 
863 	host->max_id      = VSCSIIF_MAX_TARGET;
864 	host->max_channel = 0;
865 	host->max_lun     = VSCSIIF_MAX_LUN;
866 	host->max_sectors = (host->sg_tablesize - 1) * PAGE_SIZE / 512;
867 	host->max_cmd_len = VSCSIIF_MAX_COMMAND_SIZE;
868 
869 	err = scsi_add_host(host, &dev->dev);
870 	if (err) {
871 		dev_err(&dev->dev, "fail to add scsi host %d\n", err);
872 		goto free_sring;
873 	}
874 	info->host = host;
875 	info->host_active = 1;
876 
877 	xenbus_switch_state(dev, XenbusStateInitialised);
878 
879 	return 0;
880 
881 free_sring:
882 	scsifront_free_ring(info);
883 	scsi_host_put(host);
884 	return err;
885 }
886 
887 static int scsifront_resume(struct xenbus_device *dev)
888 {
889 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
890 	struct Scsi_Host *host = info->host;
891 	int err;
892 
893 	spin_lock_irq(host->host_lock);
894 
895 	/* Finish all still pending commands. */
896 	scsifront_finish_all(info);
897 
898 	spin_unlock_irq(host->host_lock);
899 
900 	/* Reconnect to dom0. */
901 	scsifront_free_ring(info);
902 	err = scsifront_init_ring(info);
903 	if (err) {
904 		dev_err(&dev->dev, "fail to resume %d\n", err);
905 		scsi_host_put(host);
906 		return err;
907 	}
908 
909 	xenbus_switch_state(dev, XenbusStateInitialised);
910 
911 	return 0;
912 }
913 
914 static int scsifront_suspend(struct xenbus_device *dev)
915 {
916 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
917 	struct Scsi_Host *host = info->host;
918 	int err = 0;
919 
920 	/* No new commands for the backend. */
921 	spin_lock_irq(host->host_lock);
922 	info->pause = 1;
923 	while (info->callers && !err) {
924 		info->waiting_pause = 1;
925 		info->wait_ring_available = 0;
926 		spin_unlock_irq(host->host_lock);
927 		wake_up(&info->wq_sync);
928 		err = wait_event_interruptible(info->wq_pause,
929 					       !info->waiting_pause);
930 		spin_lock_irq(host->host_lock);
931 	}
932 	spin_unlock_irq(host->host_lock);
933 	return err;
934 }
935 
936 static int scsifront_remove(struct xenbus_device *dev)
937 {
938 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
939 
940 	pr_debug("%s: %s removed\n", __func__, dev->nodename);
941 
942 	mutex_lock(&scsifront_mutex);
943 	if (info->host_active) {
944 		/* Scsi_host not yet removed */
945 		scsi_remove_host(info->host);
946 		info->host_active = 0;
947 	}
948 	mutex_unlock(&scsifront_mutex);
949 
950 	scsifront_free_ring(info);
951 	scsi_host_put(info->host);
952 
953 	return 0;
954 }
955 
956 static void scsifront_disconnect(struct vscsifrnt_info *info)
957 {
958 	struct xenbus_device *dev = info->dev;
959 	struct Scsi_Host *host = info->host;
960 
961 	pr_debug("%s: %s disconnect\n", __func__, dev->nodename);
962 
963 	/*
964 	 * When this function is executed, all devices of
965 	 * Frontend have been deleted.
966 	 * Therefore, it need not block I/O before remove_host.
967 	 */
968 
969 	mutex_lock(&scsifront_mutex);
970 	if (info->host_active) {
971 		scsi_remove_host(host);
972 		info->host_active = 0;
973 	}
974 	mutex_unlock(&scsifront_mutex);
975 
976 	xenbus_frontend_closed(dev);
977 }
978 
979 static void scsifront_do_lun_hotplug(struct vscsifrnt_info *info, int op)
980 {
981 	struct xenbus_device *dev = info->dev;
982 	int i, err = 0;
983 	char str[64];
984 	char **dir;
985 	unsigned int dir_n = 0;
986 	unsigned int device_state;
987 	unsigned int hst, chn, tgt, lun;
988 	struct scsi_device *sdev;
989 
990 	dir = xenbus_directory(XBT_NIL, dev->otherend, "vscsi-devs", &dir_n);
991 	if (IS_ERR(dir))
992 		return;
993 
994 	/* mark current task as the one allowed to modify device states */
995 	BUG_ON(info->curr);
996 	info->curr = current;
997 
998 	for (i = 0; i < dir_n; i++) {
999 		/* read status */
1000 		snprintf(str, sizeof(str), "vscsi-devs/%s/state", dir[i]);
1001 		err = xenbus_scanf(XBT_NIL, dev->otherend, str, "%u",
1002 				   &device_state);
1003 		if (XENBUS_EXIST_ERR(err))
1004 			continue;
1005 
1006 		/* virtual SCSI device */
1007 		snprintf(str, sizeof(str), "vscsi-devs/%s/v-dev", dir[i]);
1008 		err = xenbus_scanf(XBT_NIL, dev->otherend, str,
1009 				   "%u:%u:%u:%u", &hst, &chn, &tgt, &lun);
1010 		if (XENBUS_EXIST_ERR(err))
1011 			continue;
1012 
1013 		/*
1014 		 * Front device state path, used in slave_configure called
1015 		 * on successfull scsi_add_device, and in slave_destroy called
1016 		 * on remove of a device.
1017 		 */
1018 		snprintf(info->dev_state_path, sizeof(info->dev_state_path),
1019 			 "vscsi-devs/%s/state", dir[i]);
1020 
1021 		switch (op) {
1022 		case VSCSIFRONT_OP_ADD_LUN:
1023 			if (device_state != XenbusStateInitialised)
1024 				break;
1025 
1026 			if (scsi_add_device(info->host, chn, tgt, lun)) {
1027 				dev_err(&dev->dev, "scsi_add_device\n");
1028 				xenbus_printf(XBT_NIL, dev->nodename,
1029 					      info->dev_state_path,
1030 					      "%d", XenbusStateClosed);
1031 			}
1032 			break;
1033 		case VSCSIFRONT_OP_DEL_LUN:
1034 			if (device_state != XenbusStateClosing)
1035 				break;
1036 
1037 			sdev = scsi_device_lookup(info->host, chn, tgt, lun);
1038 			if (sdev) {
1039 				scsi_remove_device(sdev);
1040 				scsi_device_put(sdev);
1041 			}
1042 			break;
1043 		case VSCSIFRONT_OP_READD_LUN:
1044 			if (device_state == XenbusStateConnected)
1045 				xenbus_printf(XBT_NIL, dev->nodename,
1046 					      info->dev_state_path,
1047 					      "%d", XenbusStateConnected);
1048 			break;
1049 		default:
1050 			break;
1051 		}
1052 	}
1053 
1054 	info->curr = NULL;
1055 
1056 	kfree(dir);
1057 }
1058 
1059 static void scsifront_read_backend_params(struct xenbus_device *dev,
1060 					  struct vscsifrnt_info *info)
1061 {
1062 	unsigned int sg_grant, nr_segs;
1063 	int ret;
1064 	struct Scsi_Host *host = info->host;
1065 
1066 	ret = xenbus_scanf(XBT_NIL, dev->otherend, "feature-sg-grant", "%u",
1067 			   &sg_grant);
1068 	if (ret != 1)
1069 		sg_grant = 0;
1070 	nr_segs = min_t(unsigned int, sg_grant, SG_ALL);
1071 	nr_segs = max_t(unsigned int, nr_segs, VSCSIIF_SG_TABLESIZE);
1072 	nr_segs = min_t(unsigned int, nr_segs,
1073 			VSCSIIF_SG_TABLESIZE * PAGE_SIZE /
1074 			sizeof(struct scsiif_request_segment));
1075 
1076 	if (!info->pause && sg_grant)
1077 		dev_info(&dev->dev, "using up to %d SG entries\n", nr_segs);
1078 	else if (info->pause && nr_segs < host->sg_tablesize)
1079 		dev_warn(&dev->dev,
1080 			 "SG entries decreased from %d to %u - device may not work properly anymore\n",
1081 			 host->sg_tablesize, nr_segs);
1082 
1083 	host->sg_tablesize = nr_segs;
1084 	host->max_sectors = (nr_segs - 1) * PAGE_SIZE / 512;
1085 }
1086 
1087 static void scsifront_backend_changed(struct xenbus_device *dev,
1088 				      enum xenbus_state backend_state)
1089 {
1090 	struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
1091 
1092 	pr_debug("%s: %p %u %u\n", __func__, dev, dev->state, backend_state);
1093 
1094 	switch (backend_state) {
1095 	case XenbusStateUnknown:
1096 	case XenbusStateInitialising:
1097 	case XenbusStateInitWait:
1098 	case XenbusStateInitialised:
1099 		break;
1100 
1101 	case XenbusStateConnected:
1102 		scsifront_read_backend_params(dev, info);
1103 
1104 		if (info->pause) {
1105 			scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_READD_LUN);
1106 			xenbus_switch_state(dev, XenbusStateConnected);
1107 			info->pause = 0;
1108 			return;
1109 		}
1110 
1111 		if (xenbus_read_driver_state(dev->nodename) ==
1112 		    XenbusStateInitialised)
1113 			scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1114 
1115 		if (dev->state != XenbusStateConnected)
1116 			xenbus_switch_state(dev, XenbusStateConnected);
1117 		break;
1118 
1119 	case XenbusStateClosed:
1120 		if (dev->state == XenbusStateClosed)
1121 			break;
1122 		/* Missed the backend's Closing state -- fallthrough */
1123 	case XenbusStateClosing:
1124 		scsifront_disconnect(info);
1125 		break;
1126 
1127 	case XenbusStateReconfiguring:
1128 		scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_DEL_LUN);
1129 		xenbus_switch_state(dev, XenbusStateReconfiguring);
1130 		break;
1131 
1132 	case XenbusStateReconfigured:
1133 		scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1134 		xenbus_switch_state(dev, XenbusStateConnected);
1135 		break;
1136 	}
1137 }
1138 
1139 static const struct xenbus_device_id scsifront_ids[] = {
1140 	{ "vscsi" },
1141 	{ "" }
1142 };
1143 
1144 static struct xenbus_driver scsifront_driver = {
1145 	.ids			= scsifront_ids,
1146 	.probe			= scsifront_probe,
1147 	.remove			= scsifront_remove,
1148 	.resume			= scsifront_resume,
1149 	.suspend		= scsifront_suspend,
1150 	.otherend_changed	= scsifront_backend_changed,
1151 };
1152 
1153 static int __init scsifront_init(void)
1154 {
1155 	if (!xen_domain())
1156 		return -ENODEV;
1157 
1158 	return xenbus_register_frontend(&scsifront_driver);
1159 }
1160 module_init(scsifront_init);
1161 
1162 static void __exit scsifront_exit(void)
1163 {
1164 	xenbus_unregister_driver(&scsifront_driver);
1165 }
1166 module_exit(scsifront_exit);
1167 
1168 MODULE_DESCRIPTION("Xen SCSI frontend driver");
1169 MODULE_LICENSE("GPL");
1170 MODULE_ALIAS("xen:vscsi");
1171 MODULE_AUTHOR("Juergen Gross <jgross@suse.com>");
1172