xref: /openbmc/qemu/hw/block/virtio-blk.c (revision 200280af0e19bfaeb9431eb0ee1ee2d8bf8d3a0a)
1 /*
2  * Virtio Block Device
3  *
4  * Copyright IBM, Corp. 2007
5  *
6  * Authors:
7  *  Anthony Liguori   <aliguori@us.ibm.com>
8  *
9  * This work is licensed under the terms of the GNU GPL, version 2.  See
10  * the COPYING file in the top-level directory.
11  *
12  */
13 
14 #include "qemu/osdep.h"
15 #include "qapi/error.h"
16 #include "qemu-common.h"
17 #include "qemu/iov.h"
18 #include "qemu/error-report.h"
19 #include "trace.h"
20 #include "hw/block/block.h"
21 #include "sysemu/blockdev.h"
22 #include "hw/virtio/virtio-blk.h"
23 #include "dataplane/virtio-blk.h"
24 #include "scsi/constants.h"
25 #ifdef __linux__
26 # include <scsi/sg.h>
27 #endif
28 #include "hw/virtio/virtio-bus.h"
29 #include "hw/virtio/virtio-access.h"
30 
31 static void virtio_blk_init_request(VirtIOBlock *s, VirtQueue *vq,
32                                     VirtIOBlockReq *req)
33 {
34     req->dev = s;
35     req->vq = vq;
36     req->qiov.size = 0;
37     req->in_len = 0;
38     req->next = NULL;
39     req->mr_next = NULL;
40 }
41 
42 static void virtio_blk_free_request(VirtIOBlockReq *req)
43 {
44     g_free(req);
45 }
46 
47 static void virtio_blk_req_complete(VirtIOBlockReq *req, unsigned char status)
48 {
49     VirtIOBlock *s = req->dev;
50     VirtIODevice *vdev = VIRTIO_DEVICE(s);
51 
52     trace_virtio_blk_req_complete(vdev, req, status);
53 
54     stb_p(&req->in->status, status);
55     virtqueue_push(req->vq, &req->elem, req->in_len);
56     if (s->dataplane_started && !s->dataplane_disabled) {
57         virtio_blk_data_plane_notify(s->dataplane, req->vq);
58     } else {
59         virtio_notify(vdev, req->vq);
60     }
61 }
62 
63 static int virtio_blk_handle_rw_error(VirtIOBlockReq *req, int error,
64     bool is_read)
65 {
66     BlockErrorAction action = blk_get_error_action(req->dev->blk,
67                                                    is_read, error);
68     VirtIOBlock *s = req->dev;
69 
70     if (action == BLOCK_ERROR_ACTION_STOP) {
71         /* Break the link as the next request is going to be parsed from the
72          * ring again. Otherwise we may end up doing a double completion! */
73         req->mr_next = NULL;
74         req->next = s->rq;
75         s->rq = req;
76     } else if (action == BLOCK_ERROR_ACTION_REPORT) {
77         virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
78         block_acct_failed(blk_get_stats(s->blk), &req->acct);
79         virtio_blk_free_request(req);
80     }
81 
82     blk_error_action(s->blk, action, is_read, error);
83     return action != BLOCK_ERROR_ACTION_IGNORE;
84 }
85 
86 static void virtio_blk_rw_complete(void *opaque, int ret)
87 {
88     VirtIOBlockReq *next = opaque;
89     VirtIOBlock *s = next->dev;
90     VirtIODevice *vdev = VIRTIO_DEVICE(s);
91 
92     aio_context_acquire(blk_get_aio_context(s->conf.conf.blk));
93     while (next) {
94         VirtIOBlockReq *req = next;
95         next = req->mr_next;
96         trace_virtio_blk_rw_complete(vdev, req, ret);
97 
98         if (req->qiov.nalloc != -1) {
99             /* If nalloc is != -1 req->qiov is a local copy of the original
100              * external iovec. It was allocated in submit_requests to be
101              * able to merge requests. */
102             qemu_iovec_destroy(&req->qiov);
103         }
104 
105         if (ret) {
106             int p = virtio_ldl_p(VIRTIO_DEVICE(req->dev), &req->out.type);
107             bool is_read = !(p & VIRTIO_BLK_T_OUT);
108             /* Note that memory may be dirtied on read failure.  If the
109              * virtio request is not completed here, as is the case for
110              * BLOCK_ERROR_ACTION_STOP, the memory may not be copied
111              * correctly during live migration.  While this is ugly,
112              * it is acceptable because the device is free to write to
113              * the memory until the request is completed (which will
114              * happen on the other side of the migration).
115              */
116             if (virtio_blk_handle_rw_error(req, -ret, is_read)) {
117                 continue;
118             }
119         }
120 
121         virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
122         block_acct_done(blk_get_stats(req->dev->blk), &req->acct);
123         virtio_blk_free_request(req);
124     }
125     aio_context_release(blk_get_aio_context(s->conf.conf.blk));
126 }
127 
128 static void virtio_blk_flush_complete(void *opaque, int ret)
129 {
130     VirtIOBlockReq *req = opaque;
131     VirtIOBlock *s = req->dev;
132 
133     aio_context_acquire(blk_get_aio_context(s->conf.conf.blk));
134     if (ret) {
135         if (virtio_blk_handle_rw_error(req, -ret, 0)) {
136             goto out;
137         }
138     }
139 
140     virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
141     block_acct_done(blk_get_stats(req->dev->blk), &req->acct);
142     virtio_blk_free_request(req);
143 
144 out:
145     aio_context_release(blk_get_aio_context(s->conf.conf.blk));
146 }
147 
148 #ifdef __linux__
149 
150 typedef struct {
151     VirtIOBlockReq *req;
152     struct sg_io_hdr hdr;
153 } VirtIOBlockIoctlReq;
154 
155 static void virtio_blk_ioctl_complete(void *opaque, int status)
156 {
157     VirtIOBlockIoctlReq *ioctl_req = opaque;
158     VirtIOBlockReq *req = ioctl_req->req;
159     VirtIOBlock *s = req->dev;
160     VirtIODevice *vdev = VIRTIO_DEVICE(s);
161     struct virtio_scsi_inhdr *scsi;
162     struct sg_io_hdr *hdr;
163 
164     scsi = (void *)req->elem.in_sg[req->elem.in_num - 2].iov_base;
165 
166     if (status) {
167         status = VIRTIO_BLK_S_UNSUPP;
168         virtio_stl_p(vdev, &scsi->errors, 255);
169         goto out;
170     }
171 
172     hdr = &ioctl_req->hdr;
173     /*
174      * From SCSI-Generic-HOWTO: "Some lower level drivers (e.g. ide-scsi)
175      * clear the masked_status field [hence status gets cleared too, see
176      * block/scsi_ioctl.c] even when a CHECK_CONDITION or COMMAND_TERMINATED
177      * status has occurred.  However they do set DRIVER_SENSE in driver_status
178      * field. Also a (sb_len_wr > 0) indicates there is a sense buffer.
179      */
180     if (hdr->status == 0 && hdr->sb_len_wr > 0) {
181         hdr->status = CHECK_CONDITION;
182     }
183 
184     virtio_stl_p(vdev, &scsi->errors,
185                  hdr->status | (hdr->msg_status << 8) |
186                  (hdr->host_status << 16) | (hdr->driver_status << 24));
187     virtio_stl_p(vdev, &scsi->residual, hdr->resid);
188     virtio_stl_p(vdev, &scsi->sense_len, hdr->sb_len_wr);
189     virtio_stl_p(vdev, &scsi->data_len, hdr->dxfer_len);
190 
191 out:
192     aio_context_acquire(blk_get_aio_context(s->conf.conf.blk));
193     virtio_blk_req_complete(req, status);
194     virtio_blk_free_request(req);
195     aio_context_release(blk_get_aio_context(s->conf.conf.blk));
196     g_free(ioctl_req);
197 }
198 
199 #endif
200 
201 static VirtIOBlockReq *virtio_blk_get_request(VirtIOBlock *s, VirtQueue *vq)
202 {
203     VirtIOBlockReq *req = virtqueue_pop(vq, sizeof(VirtIOBlockReq));
204 
205     if (req) {
206         virtio_blk_init_request(s, vq, req);
207     }
208     return req;
209 }
210 
211 static int virtio_blk_handle_scsi_req(VirtIOBlockReq *req)
212 {
213     int status = VIRTIO_BLK_S_OK;
214     struct virtio_scsi_inhdr *scsi = NULL;
215     VirtIODevice *vdev = VIRTIO_DEVICE(req->dev);
216     VirtQueueElement *elem = &req->elem;
217     VirtIOBlock *blk = req->dev;
218 
219 #ifdef __linux__
220     int i;
221     VirtIOBlockIoctlReq *ioctl_req;
222     BlockAIOCB *acb;
223 #endif
224 
225     /*
226      * We require at least one output segment each for the virtio_blk_outhdr
227      * and the SCSI command block.
228      *
229      * We also at least require the virtio_blk_inhdr, the virtio_scsi_inhdr
230      * and the sense buffer pointer in the input segments.
231      */
232     if (elem->out_num < 2 || elem->in_num < 3) {
233         status = VIRTIO_BLK_S_IOERR;
234         goto fail;
235     }
236 
237     /*
238      * The scsi inhdr is placed in the second-to-last input segment, just
239      * before the regular inhdr.
240      */
241     scsi = (void *)elem->in_sg[elem->in_num - 2].iov_base;
242 
243     if (!blk->conf.scsi) {
244         status = VIRTIO_BLK_S_UNSUPP;
245         goto fail;
246     }
247 
248     /*
249      * No support for bidirection commands yet.
250      */
251     if (elem->out_num > 2 && elem->in_num > 3) {
252         status = VIRTIO_BLK_S_UNSUPP;
253         goto fail;
254     }
255 
256 #ifdef __linux__
257     ioctl_req = g_new0(VirtIOBlockIoctlReq, 1);
258     ioctl_req->req = req;
259     ioctl_req->hdr.interface_id = 'S';
260     ioctl_req->hdr.cmd_len = elem->out_sg[1].iov_len;
261     ioctl_req->hdr.cmdp = elem->out_sg[1].iov_base;
262     ioctl_req->hdr.dxfer_len = 0;
263 
264     if (elem->out_num > 2) {
265         /*
266          * If there are more than the minimally required 2 output segments
267          * there is write payload starting from the third iovec.
268          */
269         ioctl_req->hdr.dxfer_direction = SG_DXFER_TO_DEV;
270         ioctl_req->hdr.iovec_count = elem->out_num - 2;
271 
272         for (i = 0; i < ioctl_req->hdr.iovec_count; i++) {
273             ioctl_req->hdr.dxfer_len += elem->out_sg[i + 2].iov_len;
274         }
275 
276         ioctl_req->hdr.dxferp = elem->out_sg + 2;
277 
278     } else if (elem->in_num > 3) {
279         /*
280          * If we have more than 3 input segments the guest wants to actually
281          * read data.
282          */
283         ioctl_req->hdr.dxfer_direction = SG_DXFER_FROM_DEV;
284         ioctl_req->hdr.iovec_count = elem->in_num - 3;
285         for (i = 0; i < ioctl_req->hdr.iovec_count; i++) {
286             ioctl_req->hdr.dxfer_len += elem->in_sg[i].iov_len;
287         }
288 
289         ioctl_req->hdr.dxferp = elem->in_sg;
290     } else {
291         /*
292          * Some SCSI commands don't actually transfer any data.
293          */
294         ioctl_req->hdr.dxfer_direction = SG_DXFER_NONE;
295     }
296 
297     ioctl_req->hdr.sbp = elem->in_sg[elem->in_num - 3].iov_base;
298     ioctl_req->hdr.mx_sb_len = elem->in_sg[elem->in_num - 3].iov_len;
299 
300     acb = blk_aio_ioctl(blk->blk, SG_IO, &ioctl_req->hdr,
301                         virtio_blk_ioctl_complete, ioctl_req);
302     if (!acb) {
303         g_free(ioctl_req);
304         status = VIRTIO_BLK_S_UNSUPP;
305         goto fail;
306     }
307     return -EINPROGRESS;
308 #else
309     abort();
310 #endif
311 
312 fail:
313     /* Just put anything nonzero so that the ioctl fails in the guest.  */
314     if (scsi) {
315         virtio_stl_p(vdev, &scsi->errors, 255);
316     }
317     return status;
318 }
319 
320 static void virtio_blk_handle_scsi(VirtIOBlockReq *req)
321 {
322     int status;
323 
324     status = virtio_blk_handle_scsi_req(req);
325     if (status != -EINPROGRESS) {
326         virtio_blk_req_complete(req, status);
327         virtio_blk_free_request(req);
328     }
329 }
330 
331 static inline void submit_requests(BlockBackend *blk, MultiReqBuffer *mrb,
332                                    int start, int num_reqs, int niov)
333 {
334     QEMUIOVector *qiov = &mrb->reqs[start]->qiov;
335     int64_t sector_num = mrb->reqs[start]->sector_num;
336     bool is_write = mrb->is_write;
337 
338     if (num_reqs > 1) {
339         int i;
340         struct iovec *tmp_iov = qiov->iov;
341         int tmp_niov = qiov->niov;
342 
343         /* mrb->reqs[start]->qiov was initialized from external so we can't
344          * modify it here. We need to initialize it locally and then add the
345          * external iovecs. */
346         qemu_iovec_init(qiov, niov);
347 
348         for (i = 0; i < tmp_niov; i++) {
349             qemu_iovec_add(qiov, tmp_iov[i].iov_base, tmp_iov[i].iov_len);
350         }
351 
352         for (i = start + 1; i < start + num_reqs; i++) {
353             qemu_iovec_concat(qiov, &mrb->reqs[i]->qiov, 0,
354                               mrb->reqs[i]->qiov.size);
355             mrb->reqs[i - 1]->mr_next = mrb->reqs[i];
356         }
357 
358         trace_virtio_blk_submit_multireq(VIRTIO_DEVICE(mrb->reqs[start]->dev),
359                                          mrb, start, num_reqs,
360                                          sector_num << BDRV_SECTOR_BITS,
361                                          qiov->size, is_write);
362         block_acct_merge_done(blk_get_stats(blk),
363                               is_write ? BLOCK_ACCT_WRITE : BLOCK_ACCT_READ,
364                               num_reqs - 1);
365     }
366 
367     if (is_write) {
368         blk_aio_pwritev(blk, sector_num << BDRV_SECTOR_BITS, qiov, 0,
369                         virtio_blk_rw_complete, mrb->reqs[start]);
370     } else {
371         blk_aio_preadv(blk, sector_num << BDRV_SECTOR_BITS, qiov, 0,
372                        virtio_blk_rw_complete, mrb->reqs[start]);
373     }
374 }
375 
376 static int multireq_compare(const void *a, const void *b)
377 {
378     const VirtIOBlockReq *req1 = *(VirtIOBlockReq **)a,
379                          *req2 = *(VirtIOBlockReq **)b;
380 
381     /*
382      * Note that we can't simply subtract sector_num1 from sector_num2
383      * here as that could overflow the return value.
384      */
385     if (req1->sector_num > req2->sector_num) {
386         return 1;
387     } else if (req1->sector_num < req2->sector_num) {
388         return -1;
389     } else {
390         return 0;
391     }
392 }
393 
394 static void virtio_blk_submit_multireq(BlockBackend *blk, MultiReqBuffer *mrb)
395 {
396     int i = 0, start = 0, num_reqs = 0, niov = 0, nb_sectors = 0;
397     uint32_t max_transfer;
398     int64_t sector_num = 0;
399 
400     if (mrb->num_reqs == 1) {
401         submit_requests(blk, mrb, 0, 1, -1);
402         mrb->num_reqs = 0;
403         return;
404     }
405 
406     max_transfer = blk_get_max_transfer(mrb->reqs[0]->dev->blk);
407 
408     qsort(mrb->reqs, mrb->num_reqs, sizeof(*mrb->reqs),
409           &multireq_compare);
410 
411     for (i = 0; i < mrb->num_reqs; i++) {
412         VirtIOBlockReq *req = mrb->reqs[i];
413         if (num_reqs > 0) {
414             /*
415              * NOTE: We cannot merge the requests in below situations:
416              * 1. requests are not sequential
417              * 2. merge would exceed maximum number of IOVs
418              * 3. merge would exceed maximum transfer length of backend device
419              */
420             if (sector_num + nb_sectors != req->sector_num ||
421                 niov > blk_get_max_iov(blk) - req->qiov.niov ||
422                 req->qiov.size > max_transfer ||
423                 nb_sectors > (max_transfer -
424                               req->qiov.size) / BDRV_SECTOR_SIZE) {
425                 submit_requests(blk, mrb, start, num_reqs, niov);
426                 num_reqs = 0;
427             }
428         }
429 
430         if (num_reqs == 0) {
431             sector_num = req->sector_num;
432             nb_sectors = niov = 0;
433             start = i;
434         }
435 
436         nb_sectors += req->qiov.size / BDRV_SECTOR_SIZE;
437         niov += req->qiov.niov;
438         num_reqs++;
439     }
440 
441     submit_requests(blk, mrb, start, num_reqs, niov);
442     mrb->num_reqs = 0;
443 }
444 
445 static void virtio_blk_handle_flush(VirtIOBlockReq *req, MultiReqBuffer *mrb)
446 {
447     block_acct_start(blk_get_stats(req->dev->blk), &req->acct, 0,
448                      BLOCK_ACCT_FLUSH);
449 
450     /*
451      * Make sure all outstanding writes are posted to the backing device.
452      */
453     if (mrb->is_write && mrb->num_reqs > 0) {
454         virtio_blk_submit_multireq(req->dev->blk, mrb);
455     }
456     blk_aio_flush(req->dev->blk, virtio_blk_flush_complete, req);
457 }
458 
459 static bool virtio_blk_sect_range_ok(VirtIOBlock *dev,
460                                      uint64_t sector, size_t size)
461 {
462     uint64_t nb_sectors = size >> BDRV_SECTOR_BITS;
463     uint64_t total_sectors;
464 
465     if (nb_sectors > BDRV_REQUEST_MAX_SECTORS) {
466         return false;
467     }
468     if (sector & dev->sector_mask) {
469         return false;
470     }
471     if (size % dev->conf.conf.logical_block_size) {
472         return false;
473     }
474     blk_get_geometry(dev->blk, &total_sectors);
475     if (sector > total_sectors || nb_sectors > total_sectors - sector) {
476         return false;
477     }
478     return true;
479 }
480 
481 static int virtio_blk_handle_request(VirtIOBlockReq *req, MultiReqBuffer *mrb)
482 {
483     uint32_t type;
484     struct iovec *in_iov = req->elem.in_sg;
485     struct iovec *out_iov = req->elem.out_sg;
486     unsigned in_num = req->elem.in_num;
487     unsigned out_num = req->elem.out_num;
488     VirtIOBlock *s = req->dev;
489     VirtIODevice *vdev = VIRTIO_DEVICE(s);
490 
491     if (req->elem.out_num < 1 || req->elem.in_num < 1) {
492         virtio_error(vdev, "virtio-blk missing headers");
493         return -1;
494     }
495 
496     if (unlikely(iov_to_buf(out_iov, out_num, 0, &req->out,
497                             sizeof(req->out)) != sizeof(req->out))) {
498         virtio_error(vdev, "virtio-blk request outhdr too short");
499         return -1;
500     }
501 
502     iov_discard_front(&out_iov, &out_num, sizeof(req->out));
503 
504     if (in_iov[in_num - 1].iov_len < sizeof(struct virtio_blk_inhdr)) {
505         virtio_error(vdev, "virtio-blk request inhdr too short");
506         return -1;
507     }
508 
509     /* We always touch the last byte, so just see how big in_iov is.  */
510     req->in_len = iov_size(in_iov, in_num);
511     req->in = (void *)in_iov[in_num - 1].iov_base
512               + in_iov[in_num - 1].iov_len
513               - sizeof(struct virtio_blk_inhdr);
514     iov_discard_back(in_iov, &in_num, sizeof(struct virtio_blk_inhdr));
515 
516     type = virtio_ldl_p(VIRTIO_DEVICE(req->dev), &req->out.type);
517 
518     /* VIRTIO_BLK_T_OUT defines the command direction. VIRTIO_BLK_T_BARRIER
519      * is an optional flag. Although a guest should not send this flag if
520      * not negotiated we ignored it in the past. So keep ignoring it. */
521     switch (type & ~(VIRTIO_BLK_T_OUT | VIRTIO_BLK_T_BARRIER)) {
522     case VIRTIO_BLK_T_IN:
523     {
524         bool is_write = type & VIRTIO_BLK_T_OUT;
525         req->sector_num = virtio_ldq_p(VIRTIO_DEVICE(req->dev),
526                                        &req->out.sector);
527 
528         if (is_write) {
529             qemu_iovec_init_external(&req->qiov, out_iov, out_num);
530             trace_virtio_blk_handle_write(vdev, req, req->sector_num,
531                                           req->qiov.size / BDRV_SECTOR_SIZE);
532         } else {
533             qemu_iovec_init_external(&req->qiov, in_iov, in_num);
534             trace_virtio_blk_handle_read(vdev, req, req->sector_num,
535                                          req->qiov.size / BDRV_SECTOR_SIZE);
536         }
537 
538         if (!virtio_blk_sect_range_ok(req->dev, req->sector_num,
539                                       req->qiov.size)) {
540             virtio_blk_req_complete(req, VIRTIO_BLK_S_IOERR);
541             block_acct_invalid(blk_get_stats(req->dev->blk),
542                                is_write ? BLOCK_ACCT_WRITE : BLOCK_ACCT_READ);
543             virtio_blk_free_request(req);
544             return 0;
545         }
546 
547         block_acct_start(blk_get_stats(req->dev->blk),
548                          &req->acct, req->qiov.size,
549                          is_write ? BLOCK_ACCT_WRITE : BLOCK_ACCT_READ);
550 
551         /* merge would exceed maximum number of requests or IO direction
552          * changes */
553         if (mrb->num_reqs > 0 && (mrb->num_reqs == VIRTIO_BLK_MAX_MERGE_REQS ||
554                                   is_write != mrb->is_write ||
555                                   !req->dev->conf.request_merging)) {
556             virtio_blk_submit_multireq(req->dev->blk, mrb);
557         }
558 
559         assert(mrb->num_reqs < VIRTIO_BLK_MAX_MERGE_REQS);
560         mrb->reqs[mrb->num_reqs++] = req;
561         mrb->is_write = is_write;
562         break;
563     }
564     case VIRTIO_BLK_T_FLUSH:
565         virtio_blk_handle_flush(req, mrb);
566         break;
567     case VIRTIO_BLK_T_SCSI_CMD:
568         virtio_blk_handle_scsi(req);
569         break;
570     case VIRTIO_BLK_T_GET_ID:
571     {
572         /*
573          * NB: per existing s/n string convention the string is
574          * terminated by '\0' only when shorter than buffer.
575          */
576         const char *serial = s->conf.serial ? s->conf.serial : "";
577         size_t size = MIN(strlen(serial) + 1,
578                           MIN(iov_size(in_iov, in_num),
579                               VIRTIO_BLK_ID_BYTES));
580         iov_from_buf(in_iov, in_num, 0, serial, size);
581         virtio_blk_req_complete(req, VIRTIO_BLK_S_OK);
582         virtio_blk_free_request(req);
583         break;
584     }
585     default:
586         virtio_blk_req_complete(req, VIRTIO_BLK_S_UNSUPP);
587         virtio_blk_free_request(req);
588     }
589     return 0;
590 }
591 
592 bool virtio_blk_handle_vq(VirtIOBlock *s, VirtQueue *vq)
593 {
594     VirtIOBlockReq *req;
595     MultiReqBuffer mrb = {};
596     bool progress = false;
597 
598     aio_context_acquire(blk_get_aio_context(s->blk));
599     blk_io_plug(s->blk);
600 
601     do {
602         virtio_queue_set_notification(vq, 0);
603 
604         while ((req = virtio_blk_get_request(s, vq))) {
605             progress = true;
606             if (virtio_blk_handle_request(req, &mrb)) {
607                 virtqueue_detach_element(req->vq, &req->elem, 0);
608                 virtio_blk_free_request(req);
609                 break;
610             }
611         }
612 
613         virtio_queue_set_notification(vq, 1);
614     } while (!virtio_queue_empty(vq));
615 
616     if (mrb.num_reqs) {
617         virtio_blk_submit_multireq(s->blk, &mrb);
618     }
619 
620     blk_io_unplug(s->blk);
621     aio_context_release(blk_get_aio_context(s->blk));
622     return progress;
623 }
624 
625 static void virtio_blk_handle_output_do(VirtIOBlock *s, VirtQueue *vq)
626 {
627     virtio_blk_handle_vq(s, vq);
628 }
629 
630 static void virtio_blk_handle_output(VirtIODevice *vdev, VirtQueue *vq)
631 {
632     VirtIOBlock *s = (VirtIOBlock *)vdev;
633 
634     if (s->dataplane) {
635         /* Some guests kick before setting VIRTIO_CONFIG_S_DRIVER_OK so start
636          * dataplane here instead of waiting for .set_status().
637          */
638         virtio_device_start_ioeventfd(vdev);
639         if (!s->dataplane_disabled) {
640             return;
641         }
642     }
643     virtio_blk_handle_output_do(s, vq);
644 }
645 
646 static void virtio_blk_dma_restart_bh(void *opaque)
647 {
648     VirtIOBlock *s = opaque;
649     VirtIOBlockReq *req = s->rq;
650     MultiReqBuffer mrb = {};
651 
652     qemu_bh_delete(s->bh);
653     s->bh = NULL;
654 
655     s->rq = NULL;
656 
657     aio_context_acquire(blk_get_aio_context(s->conf.conf.blk));
658     while (req) {
659         VirtIOBlockReq *next = req->next;
660         if (virtio_blk_handle_request(req, &mrb)) {
661             /* Device is now broken and won't do any processing until it gets
662              * reset. Already queued requests will be lost: let's purge them.
663              */
664             while (req) {
665                 next = req->next;
666                 virtqueue_detach_element(req->vq, &req->elem, 0);
667                 virtio_blk_free_request(req);
668                 req = next;
669             }
670             break;
671         }
672         req = next;
673     }
674 
675     if (mrb.num_reqs) {
676         virtio_blk_submit_multireq(s->blk, &mrb);
677     }
678     aio_context_release(blk_get_aio_context(s->conf.conf.blk));
679 }
680 
681 static void virtio_blk_dma_restart_cb(void *opaque, int running,
682                                       RunState state)
683 {
684     VirtIOBlock *s = opaque;
685 
686     if (!running) {
687         return;
688     }
689 
690     if (!s->bh) {
691         s->bh = aio_bh_new(blk_get_aio_context(s->conf.conf.blk),
692                            virtio_blk_dma_restart_bh, s);
693         qemu_bh_schedule(s->bh);
694     }
695 }
696 
697 static void virtio_blk_reset(VirtIODevice *vdev)
698 {
699     VirtIOBlock *s = VIRTIO_BLK(vdev);
700     AioContext *ctx;
701     VirtIOBlockReq *req;
702 
703     ctx = blk_get_aio_context(s->blk);
704     aio_context_acquire(ctx);
705     blk_drain(s->blk);
706 
707     /* We drop queued requests after blk_drain() because blk_drain() itself can
708      * produce them. */
709     while (s->rq) {
710         req = s->rq;
711         s->rq = req->next;
712         virtqueue_detach_element(req->vq, &req->elem, 0);
713         virtio_blk_free_request(req);
714     }
715 
716     aio_context_release(ctx);
717 
718     assert(!s->dataplane_started);
719     blk_set_enable_write_cache(s->blk, s->original_wce);
720 }
721 
722 /* coalesce internal state, copy to pci i/o region 0
723  */
724 static void virtio_blk_update_config(VirtIODevice *vdev, uint8_t *config)
725 {
726     VirtIOBlock *s = VIRTIO_BLK(vdev);
727     BlockConf *conf = &s->conf.conf;
728     struct virtio_blk_config blkcfg;
729     uint64_t capacity;
730     int64_t length;
731     int blk_size = conf->logical_block_size;
732 
733     blk_get_geometry(s->blk, &capacity);
734     memset(&blkcfg, 0, sizeof(blkcfg));
735     virtio_stq_p(vdev, &blkcfg.capacity, capacity);
736     virtio_stl_p(vdev, &blkcfg.seg_max, 128 - 2);
737     virtio_stw_p(vdev, &blkcfg.geometry.cylinders, conf->cyls);
738     virtio_stl_p(vdev, &blkcfg.blk_size, blk_size);
739     virtio_stw_p(vdev, &blkcfg.min_io_size, conf->min_io_size / blk_size);
740     virtio_stw_p(vdev, &blkcfg.opt_io_size, conf->opt_io_size / blk_size);
741     blkcfg.geometry.heads = conf->heads;
742     /*
743      * We must ensure that the block device capacity is a multiple of
744      * the logical block size. If that is not the case, let's use
745      * sector_mask to adopt the geometry to have a correct picture.
746      * For those devices where the capacity is ok for the given geometry
747      * we don't touch the sector value of the geometry, since some devices
748      * (like s390 dasd) need a specific value. Here the capacity is already
749      * cyls*heads*secs*blk_size and the sector value is not block size
750      * divided by 512 - instead it is the amount of blk_size blocks
751      * per track (cylinder).
752      */
753     length = blk_getlength(s->blk);
754     if (length > 0 && length / conf->heads / conf->secs % blk_size) {
755         blkcfg.geometry.sectors = conf->secs & ~s->sector_mask;
756     } else {
757         blkcfg.geometry.sectors = conf->secs;
758     }
759     blkcfg.size_max = 0;
760     blkcfg.physical_block_exp = get_physical_block_exp(conf);
761     blkcfg.alignment_offset = 0;
762     blkcfg.wce = blk_enable_write_cache(s->blk);
763     virtio_stw_p(vdev, &blkcfg.num_queues, s->conf.num_queues);
764     memcpy(config, &blkcfg, sizeof(struct virtio_blk_config));
765 }
766 
767 static void virtio_blk_set_config(VirtIODevice *vdev, const uint8_t *config)
768 {
769     VirtIOBlock *s = VIRTIO_BLK(vdev);
770     struct virtio_blk_config blkcfg;
771 
772     memcpy(&blkcfg, config, sizeof(blkcfg));
773 
774     aio_context_acquire(blk_get_aio_context(s->blk));
775     blk_set_enable_write_cache(s->blk, blkcfg.wce != 0);
776     aio_context_release(blk_get_aio_context(s->blk));
777 }
778 
779 static uint64_t virtio_blk_get_features(VirtIODevice *vdev, uint64_t features,
780                                         Error **errp)
781 {
782     VirtIOBlock *s = VIRTIO_BLK(vdev);
783 
784     virtio_add_feature(&features, VIRTIO_BLK_F_SEG_MAX);
785     virtio_add_feature(&features, VIRTIO_BLK_F_GEOMETRY);
786     virtio_add_feature(&features, VIRTIO_BLK_F_TOPOLOGY);
787     virtio_add_feature(&features, VIRTIO_BLK_F_BLK_SIZE);
788     if (virtio_has_feature(features, VIRTIO_F_VERSION_1)) {
789         if (s->conf.scsi) {
790             error_setg(errp, "Please set scsi=off for virtio-blk devices in order to use virtio 1.0");
791             return 0;
792         }
793     } else {
794         virtio_clear_feature(&features, VIRTIO_F_ANY_LAYOUT);
795         virtio_add_feature(&features, VIRTIO_BLK_F_SCSI);
796     }
797 
798     if (s->conf.config_wce) {
799         virtio_add_feature(&features, VIRTIO_BLK_F_CONFIG_WCE);
800     }
801     if (blk_enable_write_cache(s->blk)) {
802         virtio_add_feature(&features, VIRTIO_BLK_F_WCE);
803     }
804     if (blk_is_read_only(s->blk)) {
805         virtio_add_feature(&features, VIRTIO_BLK_F_RO);
806     }
807     if (s->conf.num_queues > 1) {
808         virtio_add_feature(&features, VIRTIO_BLK_F_MQ);
809     }
810 
811     return features;
812 }
813 
814 static void virtio_blk_set_status(VirtIODevice *vdev, uint8_t status)
815 {
816     VirtIOBlock *s = VIRTIO_BLK(vdev);
817 
818     if (!(status & (VIRTIO_CONFIG_S_DRIVER | VIRTIO_CONFIG_S_DRIVER_OK))) {
819         assert(!s->dataplane_started);
820     }
821 
822     if (!(status & VIRTIO_CONFIG_S_DRIVER_OK)) {
823         return;
824     }
825 
826     /* A guest that supports VIRTIO_BLK_F_CONFIG_WCE must be able to send
827      * cache flushes.  Thus, the "auto writethrough" behavior is never
828      * necessary for guests that support the VIRTIO_BLK_F_CONFIG_WCE feature.
829      * Leaving it enabled would break the following sequence:
830      *
831      *     Guest started with "-drive cache=writethrough"
832      *     Guest sets status to 0
833      *     Guest sets DRIVER bit in status field
834      *     Guest reads host features (WCE=0, CONFIG_WCE=1)
835      *     Guest writes guest features (WCE=0, CONFIG_WCE=1)
836      *     Guest writes 1 to the WCE configuration field (writeback mode)
837      *     Guest sets DRIVER_OK bit in status field
838      *
839      * s->blk would erroneously be placed in writethrough mode.
840      */
841     if (!virtio_vdev_has_feature(vdev, VIRTIO_BLK_F_CONFIG_WCE)) {
842         aio_context_acquire(blk_get_aio_context(s->blk));
843         blk_set_enable_write_cache(s->blk,
844                                    virtio_vdev_has_feature(vdev,
845                                                            VIRTIO_BLK_F_WCE));
846         aio_context_release(blk_get_aio_context(s->blk));
847     }
848 }
849 
850 static void virtio_blk_save_device(VirtIODevice *vdev, QEMUFile *f)
851 {
852     VirtIOBlock *s = VIRTIO_BLK(vdev);
853     VirtIOBlockReq *req = s->rq;
854 
855     while (req) {
856         qemu_put_sbyte(f, 1);
857 
858         if (s->conf.num_queues > 1) {
859             qemu_put_be32(f, virtio_get_queue_index(req->vq));
860         }
861 
862         qemu_put_virtqueue_element(f, &req->elem);
863         req = req->next;
864     }
865     qemu_put_sbyte(f, 0);
866 }
867 
868 static int virtio_blk_load_device(VirtIODevice *vdev, QEMUFile *f,
869                                   int version_id)
870 {
871     VirtIOBlock *s = VIRTIO_BLK(vdev);
872 
873     while (qemu_get_sbyte(f)) {
874         unsigned nvqs = s->conf.num_queues;
875         unsigned vq_idx = 0;
876         VirtIOBlockReq *req;
877 
878         if (nvqs > 1) {
879             vq_idx = qemu_get_be32(f);
880 
881             if (vq_idx >= nvqs) {
882                 error_report("Invalid virtqueue index in request list: %#x",
883                              vq_idx);
884                 return -EINVAL;
885             }
886         }
887 
888         req = qemu_get_virtqueue_element(vdev, f, sizeof(VirtIOBlockReq));
889         virtio_blk_init_request(s, virtio_get_queue(vdev, vq_idx), req);
890         req->next = s->rq;
891         s->rq = req;
892     }
893 
894     return 0;
895 }
896 
897 static void virtio_blk_resize(void *opaque)
898 {
899     VirtIODevice *vdev = VIRTIO_DEVICE(opaque);
900 
901     virtio_notify_config(vdev);
902 }
903 
904 static const BlockDevOps virtio_block_ops = {
905     .resize_cb = virtio_blk_resize,
906 };
907 
908 static void virtio_blk_device_realize(DeviceState *dev, Error **errp)
909 {
910     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
911     VirtIOBlock *s = VIRTIO_BLK(dev);
912     VirtIOBlkConf *conf = &s->conf;
913     Error *err = NULL;
914     unsigned i;
915 
916     if (!conf->conf.blk) {
917         error_setg(errp, "drive property not set");
918         return;
919     }
920     if (!blk_is_inserted(conf->conf.blk)) {
921         error_setg(errp, "Device needs media, but drive is empty");
922         return;
923     }
924     if (!conf->num_queues) {
925         error_setg(errp, "num-queues property must be larger than 0");
926         return;
927     }
928     if (!is_power_of_2(conf->queue_size) ||
929         conf->queue_size > VIRTQUEUE_MAX_SIZE) {
930         error_setg(errp, "invalid queue-size property (%" PRIu16 "), "
931                    "must be a power of 2 (max %d)",
932                    conf->queue_size, VIRTQUEUE_MAX_SIZE);
933         return;
934     }
935 
936     if (!blkconf_apply_backend_options(&conf->conf,
937                                        blk_is_read_only(conf->conf.blk), true,
938                                        errp)) {
939         return;
940     }
941     s->original_wce = blk_enable_write_cache(conf->conf.blk);
942     if (!blkconf_geometry(&conf->conf, NULL, 65535, 255, 255, errp)) {
943         return;
944     }
945 
946     blkconf_blocksizes(&conf->conf);
947 
948     if (conf->conf.logical_block_size >
949         conf->conf.physical_block_size) {
950         error_setg(errp,
951                    "logical_block_size > physical_block_size not supported");
952         return;
953     }
954 
955     virtio_init(vdev, "virtio-blk", VIRTIO_ID_BLOCK,
956                 sizeof(struct virtio_blk_config));
957 
958     s->blk = conf->conf.blk;
959     s->rq = NULL;
960     s->sector_mask = (s->conf.conf.logical_block_size / BDRV_SECTOR_SIZE) - 1;
961 
962     for (i = 0; i < conf->num_queues; i++) {
963         virtio_add_queue(vdev, conf->queue_size, virtio_blk_handle_output);
964     }
965     virtio_blk_data_plane_create(vdev, conf, &s->dataplane, &err);
966     if (err != NULL) {
967         error_propagate(errp, err);
968         virtio_cleanup(vdev);
969         return;
970     }
971 
972     s->change = qemu_add_vm_change_state_handler(virtio_blk_dma_restart_cb, s);
973     blk_set_dev_ops(s->blk, &virtio_block_ops, s);
974     blk_set_guest_block_size(s->blk, s->conf.conf.logical_block_size);
975 
976     blk_iostatus_enable(s->blk);
977 }
978 
979 static void virtio_blk_device_unrealize(DeviceState *dev, Error **errp)
980 {
981     VirtIODevice *vdev = VIRTIO_DEVICE(dev);
982     VirtIOBlock *s = VIRTIO_BLK(dev);
983 
984     virtio_blk_data_plane_destroy(s->dataplane);
985     s->dataplane = NULL;
986     qemu_del_vm_change_state_handler(s->change);
987     blockdev_mark_auto_del(s->blk);
988     virtio_cleanup(vdev);
989 }
990 
991 static void virtio_blk_instance_init(Object *obj)
992 {
993     VirtIOBlock *s = VIRTIO_BLK(obj);
994 
995     device_add_bootindex_property(obj, &s->conf.conf.bootindex,
996                                   "bootindex", "/disk@0,0",
997                                   DEVICE(obj), NULL);
998 }
999 
1000 static const VMStateDescription vmstate_virtio_blk = {
1001     .name = "virtio-blk",
1002     .minimum_version_id = 2,
1003     .version_id = 2,
1004     .fields = (VMStateField[]) {
1005         VMSTATE_VIRTIO_DEVICE,
1006         VMSTATE_END_OF_LIST()
1007     },
1008 };
1009 
1010 static Property virtio_blk_properties[] = {
1011     DEFINE_BLOCK_PROPERTIES(VirtIOBlock, conf.conf),
1012     DEFINE_BLOCK_ERROR_PROPERTIES(VirtIOBlock, conf.conf),
1013     DEFINE_BLOCK_CHS_PROPERTIES(VirtIOBlock, conf.conf),
1014     DEFINE_PROP_STRING("serial", VirtIOBlock, conf.serial),
1015     DEFINE_PROP_BIT("config-wce", VirtIOBlock, conf.config_wce, 0, true),
1016 #ifdef __linux__
1017     DEFINE_PROP_BIT("scsi", VirtIOBlock, conf.scsi, 0, false),
1018 #endif
1019     DEFINE_PROP_BIT("request-merging", VirtIOBlock, conf.request_merging, 0,
1020                     true),
1021     DEFINE_PROP_UINT16("num-queues", VirtIOBlock, conf.num_queues, 1),
1022     DEFINE_PROP_UINT16("queue-size", VirtIOBlock, conf.queue_size, 128),
1023     DEFINE_PROP_LINK("iothread", VirtIOBlock, conf.iothread, TYPE_IOTHREAD,
1024                      IOThread *),
1025     DEFINE_PROP_END_OF_LIST(),
1026 };
1027 
1028 static void virtio_blk_class_init(ObjectClass *klass, void *data)
1029 {
1030     DeviceClass *dc = DEVICE_CLASS(klass);
1031     VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass);
1032 
1033     dc->props = virtio_blk_properties;
1034     dc->vmsd = &vmstate_virtio_blk;
1035     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
1036     vdc->realize = virtio_blk_device_realize;
1037     vdc->unrealize = virtio_blk_device_unrealize;
1038     vdc->get_config = virtio_blk_update_config;
1039     vdc->set_config = virtio_blk_set_config;
1040     vdc->get_features = virtio_blk_get_features;
1041     vdc->set_status = virtio_blk_set_status;
1042     vdc->reset = virtio_blk_reset;
1043     vdc->save = virtio_blk_save_device;
1044     vdc->load = virtio_blk_load_device;
1045     vdc->start_ioeventfd = virtio_blk_data_plane_start;
1046     vdc->stop_ioeventfd = virtio_blk_data_plane_stop;
1047 }
1048 
1049 static const TypeInfo virtio_blk_info = {
1050     .name = TYPE_VIRTIO_BLK,
1051     .parent = TYPE_VIRTIO_DEVICE,
1052     .instance_size = sizeof(VirtIOBlock),
1053     .instance_init = virtio_blk_instance_init,
1054     .class_init = virtio_blk_class_init,
1055 };
1056 
1057 static void virtio_register_types(void)
1058 {
1059     type_register_static(&virtio_blk_info);
1060 }
1061 
1062 type_init(virtio_register_types)
1063