Fix a handful of audit-related issue
[linux-2.6-microblaze.git] / drivers / scsi / xen-scsifront.c
1 /*
2  * Xen SCSI frontend driver
3  *
4  * Copyright (c) 2008, FUJITSU Limited
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License version 2
8  * as published by the Free Software Foundation; or, when distributed
9  * separately from the Linux kernel or incorporated into other
10  * software packages, subject to the following license:
11  *
12  * Permission is hereby granted, free of charge, to any person obtaining a copy
13  * of this source file (the "Software"), to deal in the Software without
14  * restriction, including without limitation the rights to use, copy, modify,
15  * merge, publish, distribute, sublicense, and/or sell copies of the Software,
16  * and to permit persons to whom the Software is furnished to do so, subject to
17  * the following conditions:
18  *
19  * The above copyright notice and this permission notice shall be included in
20  * all copies or substantial portions of the Software.
21  *
22  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
23  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
24  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
25  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
26  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
27  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
28  * IN THE SOFTWARE.
29  */
30
31 #include <linux/module.h>
32 #include <linux/kernel.h>
33 #include <linux/device.h>
34 #include <linux/wait.h>
35 #include <linux/interrupt.h>
36 #include <linux/mutex.h>
37 #include <linux/spinlock.h>
38 #include <linux/sched.h>
39 #include <linux/blkdev.h>
40 #include <linux/pfn.h>
41 #include <linux/slab.h>
42 #include <linux/bitops.h>
43
44 #include <scsi/scsi_cmnd.h>
45 #include <scsi/scsi_device.h>
46 #include <scsi/scsi.h>
47 #include <scsi/scsi_host.h>
48
49 #include <xen/xen.h>
50 #include <xen/xenbus.h>
51 #include <xen/grant_table.h>
52 #include <xen/events.h>
53 #include <xen/page.h>
54
55 #include <xen/interface/grant_table.h>
56 #include <xen/interface/io/vscsiif.h>
57 #include <xen/interface/io/protocols.h>
58
59 #include <asm/xen/hypervisor.h>
60
61
62 #define GRANT_INVALID_REF       0
63
64 #define VSCSIFRONT_OP_ADD_LUN   1
65 #define VSCSIFRONT_OP_DEL_LUN   2
66 #define VSCSIFRONT_OP_READD_LUN 3
67
68 /* Tuning point. */
69 #define VSCSIIF_DEFAULT_CMD_PER_LUN 10
70 #define VSCSIIF_MAX_TARGET          64
71 #define VSCSIIF_MAX_LUN             255
72
73 #define VSCSIIF_RING_SIZE       __CONST_RING_SIZE(vscsiif, PAGE_SIZE)
74 #define VSCSIIF_MAX_REQS        VSCSIIF_RING_SIZE
75
76 #define vscsiif_grants_sg(_sg)  (PFN_UP((_sg) *         \
77                                 sizeof(struct scsiif_request_segment)))
78
79 struct vscsifrnt_shadow {
80         /* command between backend and frontend */
81         unsigned char act;
82         uint8_t nr_segments;
83         uint16_t rqid;
84         uint16_t ref_rqid;
85
86         unsigned int nr_grants;         /* number of grants in gref[] */
87         struct scsiif_request_segment *sg;      /* scatter/gather elements */
88         struct scsiif_request_segment seg[VSCSIIF_SG_TABLESIZE];
89
90         /* Do reset or abort function. */
91         wait_queue_head_t wq_reset;     /* reset work queue           */
92         int wait_reset;                 /* reset work queue condition */
93         int32_t rslt_reset;             /* reset response status:     */
94                                         /* SUCCESS or FAILED or:      */
95 #define RSLT_RESET_WAITING      0
96 #define RSLT_RESET_ERR          -1
97
98         /* Requested struct scsi_cmnd is stored from kernel. */
99         struct scsi_cmnd *sc;
100         int gref[vscsiif_grants_sg(SG_ALL) + SG_ALL];
101 };
102
103 struct vscsifrnt_info {
104         struct xenbus_device *dev;
105
106         struct Scsi_Host *host;
107         int host_active;
108
109         unsigned int evtchn;
110         unsigned int irq;
111
112         grant_ref_t ring_ref;
113         struct vscsiif_front_ring ring;
114         struct vscsiif_response ring_rsp;
115
116         spinlock_t shadow_lock;
117         DECLARE_BITMAP(shadow_free_bitmap, VSCSIIF_MAX_REQS);
118         struct vscsifrnt_shadow *shadow[VSCSIIF_MAX_REQS];
119
120         /* Following items are protected by the host lock. */
121         wait_queue_head_t wq_sync;
122         wait_queue_head_t wq_pause;
123         unsigned int wait_ring_available:1;
124         unsigned int waiting_pause:1;
125         unsigned int pause:1;
126         unsigned callers;
127
128         char dev_state_path[64];
129         struct task_struct *curr;
130 };
131
132 static DEFINE_MUTEX(scsifront_mutex);
133
134 static void scsifront_wake_up(struct vscsifrnt_info *info)
135 {
136         info->wait_ring_available = 0;
137         wake_up(&info->wq_sync);
138 }
139
140 static int scsifront_get_rqid(struct vscsifrnt_info *info)
141 {
142         unsigned long flags;
143         int free;
144
145         spin_lock_irqsave(&info->shadow_lock, flags);
146
147         free = find_first_bit(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
148         __clear_bit(free, info->shadow_free_bitmap);
149
150         spin_unlock_irqrestore(&info->shadow_lock, flags);
151
152         return free;
153 }
154
155 static int _scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
156 {
157         int empty = bitmap_empty(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
158
159         __set_bit(id, info->shadow_free_bitmap);
160         info->shadow[id] = NULL;
161
162         return empty || info->wait_ring_available;
163 }
164
165 static void scsifront_put_rqid(struct vscsifrnt_info *info, uint32_t id)
166 {
167         unsigned long flags;
168         int kick;
169
170         spin_lock_irqsave(&info->shadow_lock, flags);
171         kick = _scsifront_put_rqid(info, id);
172         spin_unlock_irqrestore(&info->shadow_lock, flags);
173
174         if (kick)
175                 scsifront_wake_up(info);
176 }
177
178 static int scsifront_do_request(struct vscsifrnt_info *info,
179                                 struct vscsifrnt_shadow *shadow)
180 {
181         struct vscsiif_front_ring *ring = &(info->ring);
182         struct vscsiif_request *ring_req;
183         struct scsi_cmnd *sc = shadow->sc;
184         uint32_t id;
185         int i, notify;
186
187         if (RING_FULL(&info->ring))
188                 return -EBUSY;
189
190         id = scsifront_get_rqid(info);  /* use id in response */
191         if (id >= VSCSIIF_MAX_REQS)
192                 return -EBUSY;
193
194         info->shadow[id] = shadow;
195         shadow->rqid = id;
196
197         ring_req = RING_GET_REQUEST(&(info->ring), ring->req_prod_pvt);
198         ring->req_prod_pvt++;
199
200         ring_req->rqid        = id;
201         ring_req->act         = shadow->act;
202         ring_req->ref_rqid    = shadow->ref_rqid;
203         ring_req->nr_segments = shadow->nr_segments;
204
205         ring_req->id      = sc->device->id;
206         ring_req->lun     = sc->device->lun;
207         ring_req->channel = sc->device->channel;
208         ring_req->cmd_len = sc->cmd_len;
209
210         BUG_ON(sc->cmd_len > VSCSIIF_MAX_COMMAND_SIZE);
211
212         memcpy(ring_req->cmnd, sc->cmnd, sc->cmd_len);
213
214         ring_req->sc_data_direction   = (uint8_t)sc->sc_data_direction;
215         ring_req->timeout_per_command = sc->request->timeout / HZ;
216
217         for (i = 0; i < (shadow->nr_segments & ~VSCSIIF_SG_GRANT); i++)
218                 ring_req->seg[i] = shadow->seg[i];
219
220         RING_PUSH_REQUESTS_AND_CHECK_NOTIFY(ring, notify);
221         if (notify)
222                 notify_remote_via_irq(info->irq);
223
224         return 0;
225 }
226
227 static void scsifront_gnttab_done(struct vscsifrnt_info *info,
228                                   struct vscsifrnt_shadow *shadow)
229 {
230         int i;
231
232         if (shadow->sc->sc_data_direction == DMA_NONE)
233                 return;
234
235         for (i = 0; i < shadow->nr_grants; i++) {
236                 if (unlikely(gnttab_query_foreign_access(shadow->gref[i]))) {
237                         shost_printk(KERN_ALERT, info->host, KBUILD_MODNAME
238                                      "grant still in use by backend\n");
239                         BUG();
240                 }
241                 gnttab_end_foreign_access(shadow->gref[i], 0, 0UL);
242         }
243
244         kfree(shadow->sg);
245 }
246
247 static void scsifront_cdb_cmd_done(struct vscsifrnt_info *info,
248                                    struct vscsiif_response *ring_rsp)
249 {
250         struct vscsifrnt_shadow *shadow;
251         struct scsi_cmnd *sc;
252         uint32_t id;
253         uint8_t sense_len;
254
255         id = ring_rsp->rqid;
256         shadow = info->shadow[id];
257         sc = shadow->sc;
258
259         BUG_ON(sc == NULL);
260
261         scsifront_gnttab_done(info, shadow);
262         scsifront_put_rqid(info, id);
263
264         sc->result = ring_rsp->rslt;
265         scsi_set_resid(sc, ring_rsp->residual_len);
266
267         sense_len = min_t(uint8_t, VSCSIIF_SENSE_BUFFERSIZE,
268                           ring_rsp->sense_len);
269
270         if (sense_len)
271                 memcpy(sc->sense_buffer, ring_rsp->sense_buffer, sense_len);
272
273         sc->scsi_done(sc);
274 }
275
276 static void scsifront_sync_cmd_done(struct vscsifrnt_info *info,
277                                     struct vscsiif_response *ring_rsp)
278 {
279         uint16_t id = ring_rsp->rqid;
280         unsigned long flags;
281         struct vscsifrnt_shadow *shadow = info->shadow[id];
282         int kick;
283
284         spin_lock_irqsave(&info->shadow_lock, flags);
285         shadow->wait_reset = 1;
286         switch (shadow->rslt_reset) {
287         case RSLT_RESET_WAITING:
288                 shadow->rslt_reset = ring_rsp->rslt;
289                 break;
290         case RSLT_RESET_ERR:
291                 kick = _scsifront_put_rqid(info, id);
292                 spin_unlock_irqrestore(&info->shadow_lock, flags);
293                 kfree(shadow);
294                 if (kick)
295                         scsifront_wake_up(info);
296                 return;
297         default:
298                 shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
299                              "bad reset state %d, possibly leaking %u\n",
300                              shadow->rslt_reset, id);
301                 break;
302         }
303         spin_unlock_irqrestore(&info->shadow_lock, flags);
304
305         wake_up(&shadow->wq_reset);
306 }
307
308 static void scsifront_do_response(struct vscsifrnt_info *info,
309                                   struct vscsiif_response *ring_rsp)
310 {
311         if (WARN(ring_rsp->rqid >= VSCSIIF_MAX_REQS ||
312                  test_bit(ring_rsp->rqid, info->shadow_free_bitmap),
313                  "illegal rqid %u returned by backend!\n", ring_rsp->rqid))
314                 return;
315
316         if (info->shadow[ring_rsp->rqid]->act == VSCSIIF_ACT_SCSI_CDB)
317                 scsifront_cdb_cmd_done(info, ring_rsp);
318         else
319                 scsifront_sync_cmd_done(info, ring_rsp);
320 }
321
322 static int scsifront_ring_drain(struct vscsifrnt_info *info)
323 {
324         struct vscsiif_response *ring_rsp;
325         RING_IDX i, rp;
326         int more_to_do = 0;
327
328         rp = info->ring.sring->rsp_prod;
329         rmb();  /* ordering required respective to dom0 */
330         for (i = info->ring.rsp_cons; i != rp; i++) {
331                 ring_rsp = RING_GET_RESPONSE(&info->ring, i);
332                 scsifront_do_response(info, ring_rsp);
333         }
334
335         info->ring.rsp_cons = i;
336
337         if (i != info->ring.req_prod_pvt)
338                 RING_FINAL_CHECK_FOR_RESPONSES(&info->ring, more_to_do);
339         else
340                 info->ring.sring->rsp_event = i + 1;
341
342         return more_to_do;
343 }
344
345 static int scsifront_cmd_done(struct vscsifrnt_info *info)
346 {
347         int more_to_do;
348         unsigned long flags;
349
350         spin_lock_irqsave(info->host->host_lock, flags);
351
352         more_to_do = scsifront_ring_drain(info);
353
354         info->wait_ring_available = 0;
355
356         spin_unlock_irqrestore(info->host->host_lock, flags);
357
358         wake_up(&info->wq_sync);
359
360         return more_to_do;
361 }
362
363 static irqreturn_t scsifront_irq_fn(int irq, void *dev_id)
364 {
365         struct vscsifrnt_info *info = dev_id;
366
367         while (scsifront_cmd_done(info))
368                 /* Yield point for this unbounded loop. */
369                 cond_resched();
370
371         return IRQ_HANDLED;
372 }
373
374 static void scsifront_finish_all(struct vscsifrnt_info *info)
375 {
376         unsigned i;
377         struct vscsiif_response resp;
378
379         scsifront_ring_drain(info);
380
381         for (i = 0; i < VSCSIIF_MAX_REQS; i++) {
382                 if (test_bit(i, info->shadow_free_bitmap))
383                         continue;
384                 resp.rqid = i;
385                 resp.sense_len = 0;
386                 resp.rslt = DID_RESET << 16;
387                 resp.residual_len = 0;
388                 scsifront_do_response(info, &resp);
389         }
390 }
391
392 static int map_data_for_request(struct vscsifrnt_info *info,
393                                 struct scsi_cmnd *sc,
394                                 struct vscsifrnt_shadow *shadow)
395 {
396         grant_ref_t gref_head;
397         struct page *page;
398         int err, ref, ref_cnt = 0;
399         int grant_ro = (sc->sc_data_direction == DMA_TO_DEVICE);
400         unsigned int i, off, len, bytes;
401         unsigned int data_len = scsi_bufflen(sc);
402         unsigned int data_grants = 0, seg_grants = 0;
403         struct scatterlist *sg;
404         struct scsiif_request_segment *seg;
405
406         if (sc->sc_data_direction == DMA_NONE || !data_len)
407                 return 0;
408
409         scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i)
410                 data_grants += PFN_UP(sg->offset + sg->length);
411
412         if (data_grants > VSCSIIF_SG_TABLESIZE) {
413                 if (data_grants > info->host->sg_tablesize) {
414                         shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
415                              "Unable to map request_buffer for command!\n");
416                         return -E2BIG;
417                 }
418                 seg_grants = vscsiif_grants_sg(data_grants);
419                 shadow->sg = kcalloc(data_grants,
420                         sizeof(struct scsiif_request_segment), GFP_ATOMIC);
421                 if (!shadow->sg)
422                         return -ENOMEM;
423         }
424         seg = shadow->sg ? : shadow->seg;
425
426         err = gnttab_alloc_grant_references(seg_grants + data_grants,
427                                             &gref_head);
428         if (err) {
429                 kfree(shadow->sg);
430                 shost_printk(KERN_ERR, info->host, KBUILD_MODNAME
431                              "gnttab_alloc_grant_references() error\n");
432                 return -ENOMEM;
433         }
434
435         if (seg_grants) {
436                 page = virt_to_page(seg);
437                 off = offset_in_page(seg);
438                 len = sizeof(struct scsiif_request_segment) * data_grants;
439                 while (len > 0) {
440                         bytes = min_t(unsigned int, len, PAGE_SIZE - off);
441
442                         ref = gnttab_claim_grant_reference(&gref_head);
443                         BUG_ON(ref == -ENOSPC);
444
445                         gnttab_grant_foreign_access_ref(ref,
446                                 info->dev->otherend_id,
447                                 xen_page_to_gfn(page), 1);
448                         shadow->gref[ref_cnt] = ref;
449                         shadow->seg[ref_cnt].gref   = ref;
450                         shadow->seg[ref_cnt].offset = (uint16_t)off;
451                         shadow->seg[ref_cnt].length = (uint16_t)bytes;
452
453                         page++;
454                         len -= bytes;
455                         off = 0;
456                         ref_cnt++;
457                 }
458                 BUG_ON(seg_grants < ref_cnt);
459                 seg_grants = ref_cnt;
460         }
461
462         scsi_for_each_sg(sc, sg, scsi_sg_count(sc), i) {
463                 page = sg_page(sg);
464                 off = sg->offset;
465                 len = sg->length;
466
467                 while (len > 0 && data_len > 0) {
468                         /*
469                          * sg sends a scatterlist that is larger than
470                          * the data_len it wants transferred for certain
471                          * IO sizes.
472                          */
473                         bytes = min_t(unsigned int, len, PAGE_SIZE - off);
474                         bytes = min(bytes, data_len);
475
476                         ref = gnttab_claim_grant_reference(&gref_head);
477                         BUG_ON(ref == -ENOSPC);
478
479                         gnttab_grant_foreign_access_ref(ref,
480                                 info->dev->otherend_id,
481                                 xen_page_to_gfn(page),
482                                 grant_ro);
483
484                         shadow->gref[ref_cnt] = ref;
485                         seg->gref   = ref;
486                         seg->offset = (uint16_t)off;
487                         seg->length = (uint16_t)bytes;
488
489                         page++;
490                         seg++;
491                         len -= bytes;
492                         data_len -= bytes;
493                         off = 0;
494                         ref_cnt++;
495                 }
496         }
497
498         if (seg_grants)
499                 shadow->nr_segments = VSCSIIF_SG_GRANT | seg_grants;
500         else
501                 shadow->nr_segments = (uint8_t)ref_cnt;
502         shadow->nr_grants = ref_cnt;
503
504         return 0;
505 }
506
507 static int scsifront_enter(struct vscsifrnt_info *info)
508 {
509         if (info->pause)
510                 return 1;
511         info->callers++;
512         return 0;
513 }
514
515 static void scsifront_return(struct vscsifrnt_info *info)
516 {
517         info->callers--;
518         if (info->callers)
519                 return;
520
521         if (!info->waiting_pause)
522                 return;
523
524         info->waiting_pause = 0;
525         wake_up(&info->wq_pause);
526 }
527
528 static int scsifront_queuecommand(struct Scsi_Host *shost,
529                                   struct scsi_cmnd *sc)
530 {
531         struct vscsifrnt_info *info = shost_priv(shost);
532         struct vscsifrnt_shadow *shadow = scsi_cmd_priv(sc);
533         unsigned long flags;
534         int err;
535
536         sc->result = 0;
537
538         shadow->sc  = sc;
539         shadow->act = VSCSIIF_ACT_SCSI_CDB;
540
541         spin_lock_irqsave(shost->host_lock, flags);
542         if (scsifront_enter(info)) {
543                 spin_unlock_irqrestore(shost->host_lock, flags);
544                 return SCSI_MLQUEUE_HOST_BUSY;
545         }
546
547         err = map_data_for_request(info, sc, shadow);
548         if (err < 0) {
549                 pr_debug("%s: err %d\n", __func__, err);
550                 scsifront_return(info);
551                 spin_unlock_irqrestore(shost->host_lock, flags);
552                 if (err == -ENOMEM)
553                         return SCSI_MLQUEUE_HOST_BUSY;
554                 sc->result = DID_ERROR << 16;
555                 sc->scsi_done(sc);
556                 return 0;
557         }
558
559         if (scsifront_do_request(info, shadow)) {
560                 scsifront_gnttab_done(info, shadow);
561                 goto busy;
562         }
563
564         scsifront_return(info);
565         spin_unlock_irqrestore(shost->host_lock, flags);
566
567         return 0;
568
569 busy:
570         scsifront_return(info);
571         spin_unlock_irqrestore(shost->host_lock, flags);
572         pr_debug("%s: busy\n", __func__);
573         return SCSI_MLQUEUE_HOST_BUSY;
574 }
575
576 /*
577  * Any exception handling (reset or abort) must be forwarded to the backend.
578  * We have to wait until an answer is returned. This answer contains the
579  * result to be returned to the requestor.
580  */
581 static int scsifront_action_handler(struct scsi_cmnd *sc, uint8_t act)
582 {
583         struct Scsi_Host *host = sc->device->host;
584         struct vscsifrnt_info *info = shost_priv(host);
585         struct vscsifrnt_shadow *shadow, *s = scsi_cmd_priv(sc);
586         int err = 0;
587
588         shadow = kzalloc(sizeof(*shadow), GFP_NOIO);
589         if (!shadow)
590                 return FAILED;
591
592         shadow->act = act;
593         shadow->rslt_reset = RSLT_RESET_WAITING;
594         shadow->sc = sc;
595         shadow->ref_rqid = s->rqid;
596         init_waitqueue_head(&shadow->wq_reset);
597
598         spin_lock_irq(host->host_lock);
599
600         for (;;) {
601                 if (scsifront_enter(info))
602                         goto fail;
603
604                 if (!scsifront_do_request(info, shadow))
605                         break;
606
607                 scsifront_return(info);
608                 if (err)
609                         goto fail;
610                 info->wait_ring_available = 1;
611                 spin_unlock_irq(host->host_lock);
612                 err = wait_event_interruptible(info->wq_sync,
613                                                !info->wait_ring_available);
614                 spin_lock_irq(host->host_lock);
615         }
616
617         spin_unlock_irq(host->host_lock);
618         err = wait_event_interruptible(shadow->wq_reset, shadow->wait_reset);
619         spin_lock_irq(host->host_lock);
620
621         if (!err) {
622                 err = shadow->rslt_reset;
623                 scsifront_put_rqid(info, shadow->rqid);
624                 kfree(shadow);
625         } else {
626                 spin_lock(&info->shadow_lock);
627                 shadow->rslt_reset = RSLT_RESET_ERR;
628                 spin_unlock(&info->shadow_lock);
629                 err = FAILED;
630         }
631
632         scsifront_return(info);
633         spin_unlock_irq(host->host_lock);
634         return err;
635
636 fail:
637         spin_unlock_irq(host->host_lock);
638         kfree(shadow);
639         return FAILED;
640 }
641
642 static int scsifront_eh_abort_handler(struct scsi_cmnd *sc)
643 {
644         pr_debug("%s\n", __func__);
645         return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_ABORT);
646 }
647
648 static int scsifront_dev_reset_handler(struct scsi_cmnd *sc)
649 {
650         pr_debug("%s\n", __func__);
651         return scsifront_action_handler(sc, VSCSIIF_ACT_SCSI_RESET);
652 }
653
654 static int scsifront_sdev_configure(struct scsi_device *sdev)
655 {
656         struct vscsifrnt_info *info = shost_priv(sdev->host);
657         int err;
658
659         if (info && current == info->curr) {
660                 err = xenbus_printf(XBT_NIL, info->dev->nodename,
661                               info->dev_state_path, "%d", XenbusStateConnected);
662                 if (err) {
663                         xenbus_dev_error(info->dev, err,
664                                 "%s: writing dev_state_path", __func__);
665                         return err;
666                 }
667         }
668
669         return 0;
670 }
671
672 static void scsifront_sdev_destroy(struct scsi_device *sdev)
673 {
674         struct vscsifrnt_info *info = shost_priv(sdev->host);
675         int err;
676
677         if (info && current == info->curr) {
678                 err = xenbus_printf(XBT_NIL, info->dev->nodename,
679                               info->dev_state_path, "%d", XenbusStateClosed);
680                 if (err)
681                         xenbus_dev_error(info->dev, err,
682                                 "%s: writing dev_state_path", __func__);
683         }
684 }
685
686 static struct scsi_host_template scsifront_sht = {
687         .module                 = THIS_MODULE,
688         .name                   = "Xen SCSI frontend driver",
689         .queuecommand           = scsifront_queuecommand,
690         .eh_abort_handler       = scsifront_eh_abort_handler,
691         .eh_device_reset_handler = scsifront_dev_reset_handler,
692         .slave_configure        = scsifront_sdev_configure,
693         .slave_destroy          = scsifront_sdev_destroy,
694         .cmd_per_lun            = VSCSIIF_DEFAULT_CMD_PER_LUN,
695         .can_queue              = VSCSIIF_MAX_REQS,
696         .this_id                = -1,
697         .cmd_size               = sizeof(struct vscsifrnt_shadow),
698         .sg_tablesize           = VSCSIIF_SG_TABLESIZE,
699         .proc_name              = "scsifront",
700 };
701
702 static int scsifront_alloc_ring(struct vscsifrnt_info *info)
703 {
704         struct xenbus_device *dev = info->dev;
705         struct vscsiif_sring *sring;
706         grant_ref_t gref;
707         int err = -ENOMEM;
708
709         /***** Frontend to Backend ring start *****/
710         sring = (struct vscsiif_sring *)__get_free_page(GFP_KERNEL);
711         if (!sring) {
712                 xenbus_dev_fatal(dev, err,
713                         "fail to allocate shared ring (Front to Back)");
714                 return err;
715         }
716         SHARED_RING_INIT(sring);
717         FRONT_RING_INIT(&info->ring, sring, PAGE_SIZE);
718
719         err = xenbus_grant_ring(dev, sring, 1, &gref);
720         if (err < 0) {
721                 free_page((unsigned long)sring);
722                 xenbus_dev_fatal(dev, err,
723                         "fail to grant shared ring (Front to Back)");
724                 return err;
725         }
726         info->ring_ref = gref;
727
728         err = xenbus_alloc_evtchn(dev, &info->evtchn);
729         if (err) {
730                 xenbus_dev_fatal(dev, err, "xenbus_alloc_evtchn");
731                 goto free_gnttab;
732         }
733
734         err = bind_evtchn_to_irq(info->evtchn);
735         if (err <= 0) {
736                 xenbus_dev_fatal(dev, err, "bind_evtchn_to_irq");
737                 goto free_gnttab;
738         }
739
740         info->irq = err;
741
742         err = request_threaded_irq(info->irq, NULL, scsifront_irq_fn,
743                                    IRQF_ONESHOT, "scsifront", info);
744         if (err) {
745                 xenbus_dev_fatal(dev, err, "request_threaded_irq");
746                 goto free_irq;
747         }
748
749         return 0;
750
751 /* free resource */
752 free_irq:
753         unbind_from_irqhandler(info->irq, info);
754 free_gnttab:
755         gnttab_end_foreign_access(info->ring_ref, 0,
756                                   (unsigned long)info->ring.sring);
757
758         return err;
759 }
760
761 static void scsifront_free_ring(struct vscsifrnt_info *info)
762 {
763         unbind_from_irqhandler(info->irq, info);
764         gnttab_end_foreign_access(info->ring_ref, 0,
765                                   (unsigned long)info->ring.sring);
766 }
767
768 static int scsifront_init_ring(struct vscsifrnt_info *info)
769 {
770         struct xenbus_device *dev = info->dev;
771         struct xenbus_transaction xbt;
772         int err;
773
774         pr_debug("%s\n", __func__);
775
776         err = scsifront_alloc_ring(info);
777         if (err)
778                 return err;
779         pr_debug("%s: %u %u\n", __func__, info->ring_ref, info->evtchn);
780
781 again:
782         err = xenbus_transaction_start(&xbt);
783         if (err)
784                 xenbus_dev_fatal(dev, err, "starting transaction");
785
786         err = xenbus_printf(xbt, dev->nodename, "ring-ref", "%u",
787                             info->ring_ref);
788         if (err) {
789                 xenbus_dev_fatal(dev, err, "%s", "writing ring-ref");
790                 goto fail;
791         }
792
793         err = xenbus_printf(xbt, dev->nodename, "event-channel", "%u",
794                             info->evtchn);
795
796         if (err) {
797                 xenbus_dev_fatal(dev, err, "%s", "writing event-channel");
798                 goto fail;
799         }
800
801         err = xenbus_transaction_end(xbt, 0);
802         if (err) {
803                 if (err == -EAGAIN)
804                         goto again;
805                 xenbus_dev_fatal(dev, err, "completing transaction");
806                 goto free_sring;
807         }
808
809         return 0;
810
811 fail:
812         xenbus_transaction_end(xbt, 1);
813 free_sring:
814         scsifront_free_ring(info);
815
816         return err;
817 }
818
819
820 static int scsifront_probe(struct xenbus_device *dev,
821                            const struct xenbus_device_id *id)
822 {
823         struct vscsifrnt_info *info;
824         struct Scsi_Host *host;
825         int err = -ENOMEM;
826         char name[TASK_COMM_LEN];
827
828         host = scsi_host_alloc(&scsifront_sht, sizeof(*info));
829         if (!host) {
830                 xenbus_dev_fatal(dev, err, "fail to allocate scsi host");
831                 return err;
832         }
833         info = (struct vscsifrnt_info *)host->hostdata;
834
835         dev_set_drvdata(&dev->dev, info);
836         info->dev = dev;
837
838         bitmap_fill(info->shadow_free_bitmap, VSCSIIF_MAX_REQS);
839
840         err = scsifront_init_ring(info);
841         if (err) {
842                 scsi_host_put(host);
843                 return err;
844         }
845
846         init_waitqueue_head(&info->wq_sync);
847         init_waitqueue_head(&info->wq_pause);
848         spin_lock_init(&info->shadow_lock);
849
850         snprintf(name, TASK_COMM_LEN, "vscsiif.%d", host->host_no);
851
852         host->max_id      = VSCSIIF_MAX_TARGET;
853         host->max_channel = 0;
854         host->max_lun     = VSCSIIF_MAX_LUN;
855         host->max_sectors = (host->sg_tablesize - 1) * PAGE_SIZE / 512;
856         host->max_cmd_len = VSCSIIF_MAX_COMMAND_SIZE;
857
858         err = scsi_add_host(host, &dev->dev);
859         if (err) {
860                 dev_err(&dev->dev, "fail to add scsi host %d\n", err);
861                 goto free_sring;
862         }
863         info->host = host;
864         info->host_active = 1;
865
866         xenbus_switch_state(dev, XenbusStateInitialised);
867
868         return 0;
869
870 free_sring:
871         scsifront_free_ring(info);
872         scsi_host_put(host);
873         return err;
874 }
875
876 static int scsifront_resume(struct xenbus_device *dev)
877 {
878         struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
879         struct Scsi_Host *host = info->host;
880         int err;
881
882         spin_lock_irq(host->host_lock);
883
884         /* Finish all still pending commands. */
885         scsifront_finish_all(info);
886
887         spin_unlock_irq(host->host_lock);
888
889         /* Reconnect to dom0. */
890         scsifront_free_ring(info);
891         err = scsifront_init_ring(info);
892         if (err) {
893                 dev_err(&dev->dev, "fail to resume %d\n", err);
894                 scsi_host_put(host);
895                 return err;
896         }
897
898         xenbus_switch_state(dev, XenbusStateInitialised);
899
900         return 0;
901 }
902
903 static int scsifront_suspend(struct xenbus_device *dev)
904 {
905         struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
906         struct Scsi_Host *host = info->host;
907         int err = 0;
908
909         /* No new commands for the backend. */
910         spin_lock_irq(host->host_lock);
911         info->pause = 1;
912         while (info->callers && !err) {
913                 info->waiting_pause = 1;
914                 info->wait_ring_available = 0;
915                 spin_unlock_irq(host->host_lock);
916                 wake_up(&info->wq_sync);
917                 err = wait_event_interruptible(info->wq_pause,
918                                                !info->waiting_pause);
919                 spin_lock_irq(host->host_lock);
920         }
921         spin_unlock_irq(host->host_lock);
922         return err;
923 }
924
925 static int scsifront_remove(struct xenbus_device *dev)
926 {
927         struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
928
929         pr_debug("%s: %s removed\n", __func__, dev->nodename);
930
931         mutex_lock(&scsifront_mutex);
932         if (info->host_active) {
933                 /* Scsi_host not yet removed */
934                 scsi_remove_host(info->host);
935                 info->host_active = 0;
936         }
937         mutex_unlock(&scsifront_mutex);
938
939         scsifront_free_ring(info);
940         scsi_host_put(info->host);
941
942         return 0;
943 }
944
945 static void scsifront_disconnect(struct vscsifrnt_info *info)
946 {
947         struct xenbus_device *dev = info->dev;
948         struct Scsi_Host *host = info->host;
949
950         pr_debug("%s: %s disconnect\n", __func__, dev->nodename);
951
952         /*
953          * When this function is executed, all devices of
954          * Frontend have been deleted.
955          * Therefore, it need not block I/O before remove_host.
956          */
957
958         mutex_lock(&scsifront_mutex);
959         if (info->host_active) {
960                 scsi_remove_host(host);
961                 info->host_active = 0;
962         }
963         mutex_unlock(&scsifront_mutex);
964
965         xenbus_frontend_closed(dev);
966 }
967
968 static void scsifront_do_lun_hotplug(struct vscsifrnt_info *info, int op)
969 {
970         struct xenbus_device *dev = info->dev;
971         int i, err = 0;
972         char str[64];
973         char **dir;
974         unsigned int dir_n = 0;
975         unsigned int device_state;
976         unsigned int hst, chn, tgt, lun;
977         struct scsi_device *sdev;
978
979         dir = xenbus_directory(XBT_NIL, dev->otherend, "vscsi-devs", &dir_n);
980         if (IS_ERR(dir))
981                 return;
982
983         /* mark current task as the one allowed to modify device states */
984         BUG_ON(info->curr);
985         info->curr = current;
986
987         for (i = 0; i < dir_n; i++) {
988                 /* read status */
989                 snprintf(str, sizeof(str), "vscsi-devs/%s/state", dir[i]);
990                 err = xenbus_scanf(XBT_NIL, dev->otherend, str, "%u",
991                                    &device_state);
992                 if (XENBUS_EXIST_ERR(err))
993                         continue;
994
995                 /* virtual SCSI device */
996                 snprintf(str, sizeof(str), "vscsi-devs/%s/v-dev", dir[i]);
997                 err = xenbus_scanf(XBT_NIL, dev->otherend, str,
998                                    "%u:%u:%u:%u", &hst, &chn, &tgt, &lun);
999                 if (XENBUS_EXIST_ERR(err))
1000                         continue;
1001
1002                 /*
1003                  * Front device state path, used in slave_configure called
1004                  * on successfull scsi_add_device, and in slave_destroy called
1005                  * on remove of a device.
1006                  */
1007                 snprintf(info->dev_state_path, sizeof(info->dev_state_path),
1008                          "vscsi-devs/%s/state", dir[i]);
1009
1010                 switch (op) {
1011                 case VSCSIFRONT_OP_ADD_LUN:
1012                         if (device_state != XenbusStateInitialised)
1013                                 break;
1014
1015                         if (scsi_add_device(info->host, chn, tgt, lun)) {
1016                                 dev_err(&dev->dev, "scsi_add_device\n");
1017                                 err = xenbus_printf(XBT_NIL, dev->nodename,
1018                                               info->dev_state_path,
1019                                               "%d", XenbusStateClosed);
1020                                 if (err)
1021                                         xenbus_dev_error(dev, err,
1022                                                 "%s: writing dev_state_path", __func__);
1023                         }
1024                         break;
1025                 case VSCSIFRONT_OP_DEL_LUN:
1026                         if (device_state != XenbusStateClosing)
1027                                 break;
1028
1029                         sdev = scsi_device_lookup(info->host, chn, tgt, lun);
1030                         if (sdev) {
1031                                 scsi_remove_device(sdev);
1032                                 scsi_device_put(sdev);
1033                         }
1034                         break;
1035                 case VSCSIFRONT_OP_READD_LUN:
1036                         if (device_state == XenbusStateConnected) {
1037                                 err = xenbus_printf(XBT_NIL, dev->nodename,
1038                                               info->dev_state_path,
1039                                               "%d", XenbusStateConnected);
1040                                 if (err)
1041                                         xenbus_dev_error(dev, err,
1042                                                 "%s: writing dev_state_path", __func__);
1043                         }
1044                         break;
1045                 default:
1046                         break;
1047                 }
1048         }
1049
1050         info->curr = NULL;
1051
1052         kfree(dir);
1053 }
1054
1055 static void scsifront_read_backend_params(struct xenbus_device *dev,
1056                                           struct vscsifrnt_info *info)
1057 {
1058         unsigned int sg_grant, nr_segs;
1059         struct Scsi_Host *host = info->host;
1060
1061         sg_grant = xenbus_read_unsigned(dev->otherend, "feature-sg-grant", 0);
1062         nr_segs = min_t(unsigned int, sg_grant, SG_ALL);
1063         nr_segs = max_t(unsigned int, nr_segs, VSCSIIF_SG_TABLESIZE);
1064         nr_segs = min_t(unsigned int, nr_segs,
1065                         VSCSIIF_SG_TABLESIZE * PAGE_SIZE /
1066                         sizeof(struct scsiif_request_segment));
1067
1068         if (!info->pause && sg_grant)
1069                 dev_info(&dev->dev, "using up to %d SG entries\n", nr_segs);
1070         else if (info->pause && nr_segs < host->sg_tablesize)
1071                 dev_warn(&dev->dev,
1072                          "SG entries decreased from %d to %u - device may not work properly anymore\n",
1073                          host->sg_tablesize, nr_segs);
1074
1075         host->sg_tablesize = nr_segs;
1076         host->max_sectors = (nr_segs - 1) * PAGE_SIZE / 512;
1077 }
1078
1079 static void scsifront_backend_changed(struct xenbus_device *dev,
1080                                       enum xenbus_state backend_state)
1081 {
1082         struct vscsifrnt_info *info = dev_get_drvdata(&dev->dev);
1083
1084         pr_debug("%s: %p %u %u\n", __func__, dev, dev->state, backend_state);
1085
1086         switch (backend_state) {
1087         case XenbusStateUnknown:
1088         case XenbusStateInitialising:
1089         case XenbusStateInitWait:
1090         case XenbusStateInitialised:
1091                 break;
1092
1093         case XenbusStateConnected:
1094                 scsifront_read_backend_params(dev, info);
1095
1096                 if (info->pause) {
1097                         scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_READD_LUN);
1098                         xenbus_switch_state(dev, XenbusStateConnected);
1099                         info->pause = 0;
1100                         return;
1101                 }
1102
1103                 if (xenbus_read_driver_state(dev->nodename) ==
1104                     XenbusStateInitialised)
1105                         scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1106
1107                 if (dev->state != XenbusStateConnected)
1108                         xenbus_switch_state(dev, XenbusStateConnected);
1109                 break;
1110
1111         case XenbusStateClosed:
1112                 if (dev->state == XenbusStateClosed)
1113                         break;
1114                 /* fall through - Missed the backend's Closing state */
1115         case XenbusStateClosing:
1116                 scsifront_disconnect(info);
1117                 break;
1118
1119         case XenbusStateReconfiguring:
1120                 scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_DEL_LUN);
1121                 xenbus_switch_state(dev, XenbusStateReconfiguring);
1122                 break;
1123
1124         case XenbusStateReconfigured:
1125                 scsifront_do_lun_hotplug(info, VSCSIFRONT_OP_ADD_LUN);
1126                 xenbus_switch_state(dev, XenbusStateConnected);
1127                 break;
1128         }
1129 }
1130
1131 static const struct xenbus_device_id scsifront_ids[] = {
1132         { "vscsi" },
1133         { "" }
1134 };
1135
1136 static struct xenbus_driver scsifront_driver = {
1137         .ids                    = scsifront_ids,
1138         .probe                  = scsifront_probe,
1139         .remove                 = scsifront_remove,
1140         .resume                 = scsifront_resume,
1141         .suspend                = scsifront_suspend,
1142         .otherend_changed       = scsifront_backend_changed,
1143 };
1144
1145 static int __init scsifront_init(void)
1146 {
1147         if (!xen_domain())
1148                 return -ENODEV;
1149
1150         return xenbus_register_frontend(&scsifront_driver);
1151 }
1152 module_init(scsifront_init);
1153
1154 static void __exit scsifront_exit(void)
1155 {
1156         xenbus_unregister_driver(&scsifront_driver);
1157 }
1158 module_exit(scsifront_exit);
1159
1160 MODULE_DESCRIPTION("Xen SCSI frontend driver");
1161 MODULE_LICENSE("GPL");
1162 MODULE_ALIAS("xen:vscsi");
1163 MODULE_AUTHOR("Juergen Gross <jgross@suse.com>");