1 /******************************************************************************
2  *
3  * Back-end of the driver for virtual block devices. This portion of the
4  * driver exports a 'unified' block-device interface that can be accessed
5  * by any operating system that implements a compatible front end. A
6  * reference front-end implementation can be found in:
7  *  drivers/block/xen-blkfront.c
8  *
9  * Copyright (c) 2003-2004, Keir Fraser & Steve Hand
10  * Copyright (c) 2005, Christopher Clark
11  *
12  * This program is free software; you can redistribute it and/or
13  * modify it under the terms of the GNU General Public License version 2
14  * as published by the Free Software Foundation; or, when distributed
15  * separately from the Linux kernel or incorporated into other
16  * software packages, subject to the following license:
17  *
18  * Permission is hereby granted, free of charge, to any person obtaining a copy
19  * of this source file (the "Software"), to deal in the Software without
20  * restriction, including without limitation the rights to use, copy, modify,
21  * merge, publish, distribute, sublicense, and/or sell copies of the Software,
22  * and to permit persons to whom the Software is furnished to do so, subject to
23  * the following conditions:
24  *
25  * The above copyright notice and this permission notice shall be included in
26  * all copies or substantial portions of the Software.
27  *
28  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
29  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
30  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
31  * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
32  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
33  * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
34  * IN THE SOFTWARE.
35  */
36 
37 #define pr_fmt(fmt) "xen-blkback: " fmt
38 
39 #include <linux/spinlock.h>
40 #include <linux/kthread.h>
41 #include <linux/list.h>
42 #include <linux/delay.h>
43 #include <linux/freezer.h>
44 #include <linux/bitmap.h>
45 
46 #include <xen/events.h>
47 #include <xen/page.h>
48 #include <xen/xen.h>
49 #include <asm/xen/hypervisor.h>
50 #include <asm/xen/hypercall.h>
51 #include <xen/balloon.h>
52 #include <xen/grant_table.h>
53 #include "common.h"
54 
55 /*
56  * Maximum number of unused free pages to keep in the internal buffer.
57  * Setting this to a value too low will reduce memory used in each backend,
58  * but can have a performance penalty.
59  *
60  * A sane value is xen_blkif_reqs * BLKIF_MAX_SEGMENTS_PER_REQUEST, but can
61  * be set to a lower value that might degrade performance on some intensive
62  * IO workloads.
63  */
64 
65 static int xen_blkif_max_buffer_pages = 1024;
66 module_param_named(max_buffer_pages, xen_blkif_max_buffer_pages, int, 0644);
67 MODULE_PARM_DESC(max_buffer_pages,
68 "Maximum number of free pages to keep in each block backend buffer");
69 
70 /*
71  * Maximum number of grants to map persistently in blkback. For maximum
72  * performance this should be the total numbers of grants that can be used
73  * to fill the ring, but since this might become too high, specially with
74  * the use of indirect descriptors, we set it to a value that provides good
75  * performance without using too much memory.
76  *
77  * When the list of persistent grants is full we clean it up using a LRU
78  * algorithm.
79  */
80 
81 static int xen_blkif_max_pgrants = 1056;
82 module_param_named(max_persistent_grants, xen_blkif_max_pgrants, int, 0644);
83 MODULE_PARM_DESC(max_persistent_grants,
84                  "Maximum number of grants to map persistently");
85 
86 /*
87  * How long a persistent grant is allowed to remain allocated without being in
88  * use. The time is in seconds, 0 means indefinitely long.
89  */
90 
91 static unsigned int xen_blkif_pgrant_timeout = 60;
92 module_param_named(persistent_grant_unused_seconds, xen_blkif_pgrant_timeout,
93 		   uint, 0644);
94 MODULE_PARM_DESC(persistent_grant_unused_seconds,
95 		 "Time in seconds an unused persistent grant is allowed to "
96 		 "remain allocated. Default is 60, 0 means unlimited.");
97 
98 /*
99  * Maximum number of rings/queues blkback supports, allow as many queues as there
100  * are CPUs if user has not specified a value.
101  */
102 unsigned int xenblk_max_queues;
103 module_param_named(max_queues, xenblk_max_queues, uint, 0644);
104 MODULE_PARM_DESC(max_queues,
105 		 "Maximum number of hardware queues per virtual disk." \
106 		 "By default it is the number of online CPUs.");
107 
108 /*
109  * Maximum order of pages to be used for the shared ring between front and
110  * backend, 4KB page granularity is used.
111  */
112 unsigned int xen_blkif_max_ring_order = XENBUS_MAX_RING_GRANT_ORDER;
113 module_param_named(max_ring_page_order, xen_blkif_max_ring_order, int, 0444);
114 MODULE_PARM_DESC(max_ring_page_order, "Maximum order of pages to be used for the shared ring");
115 /*
116  * The LRU mechanism to clean the lists of persistent grants needs to
117  * be executed periodically. The time interval between consecutive executions
118  * of the purge mechanism is set in ms.
119  */
120 #define LRU_INTERVAL 100
121 
122 /*
123  * When the persistent grants list is full we will remove unused grants
124  * from the list. The percent number of grants to be removed at each LRU
125  * execution.
126  */
127 #define LRU_PERCENT_CLEAN 5
128 
129 /* Run-time switchable: /sys/module/blkback/parameters/ */
130 static unsigned int log_stats;
131 module_param(log_stats, int, 0644);
132 
133 #define BLKBACK_INVALID_HANDLE (~0)
134 
135 /* Number of free pages to remove on each call to gnttab_free_pages */
136 #define NUM_BATCH_FREE_PAGES 10
137 
138 static inline bool persistent_gnt_timeout(struct persistent_gnt *persistent_gnt)
139 {
140 	return xen_blkif_pgrant_timeout &&
141 	       (jiffies - persistent_gnt->last_used >=
142 		HZ * xen_blkif_pgrant_timeout);
143 }
144 
145 static inline int get_free_page(struct xen_blkif_ring *ring, struct page **page)
146 {
147 	unsigned long flags;
148 
149 	spin_lock_irqsave(&ring->free_pages_lock, flags);
150 	if (list_empty(&ring->free_pages)) {
151 		BUG_ON(ring->free_pages_num != 0);
152 		spin_unlock_irqrestore(&ring->free_pages_lock, flags);
153 		return gnttab_alloc_pages(1, page);
154 	}
155 	BUG_ON(ring->free_pages_num == 0);
156 	page[0] = list_first_entry(&ring->free_pages, struct page, lru);
157 	list_del(&page[0]->lru);
158 	ring->free_pages_num--;
159 	spin_unlock_irqrestore(&ring->free_pages_lock, flags);
160 
161 	return 0;
162 }
163 
164 static inline void put_free_pages(struct xen_blkif_ring *ring, struct page **page,
165                                   int num)
166 {
167 	unsigned long flags;
168 	int i;
169 
170 	spin_lock_irqsave(&ring->free_pages_lock, flags);
171 	for (i = 0; i < num; i++)
172 		list_add(&page[i]->lru, &ring->free_pages);
173 	ring->free_pages_num += num;
174 	spin_unlock_irqrestore(&ring->free_pages_lock, flags);
175 }
176 
177 static inline void shrink_free_pagepool(struct xen_blkif_ring *ring, int num)
178 {
179 	/* Remove requested pages in batches of NUM_BATCH_FREE_PAGES */
180 	struct page *page[NUM_BATCH_FREE_PAGES];
181 	unsigned int num_pages = 0;
182 	unsigned long flags;
183 
184 	spin_lock_irqsave(&ring->free_pages_lock, flags);
185 	while (ring->free_pages_num > num) {
186 		BUG_ON(list_empty(&ring->free_pages));
187 		page[num_pages] = list_first_entry(&ring->free_pages,
188 		                                   struct page, lru);
189 		list_del(&page[num_pages]->lru);
190 		ring->free_pages_num--;
191 		if (++num_pages == NUM_BATCH_FREE_PAGES) {
192 			spin_unlock_irqrestore(&ring->free_pages_lock, flags);
193 			gnttab_free_pages(num_pages, page);
194 			spin_lock_irqsave(&ring->free_pages_lock, flags);
195 			num_pages = 0;
196 		}
197 	}
198 	spin_unlock_irqrestore(&ring->free_pages_lock, flags);
199 	if (num_pages != 0)
200 		gnttab_free_pages(num_pages, page);
201 }
202 
203 #define vaddr(page) ((unsigned long)pfn_to_kaddr(page_to_pfn(page)))
204 
205 static int do_block_io_op(struct xen_blkif_ring *ring);
206 static int dispatch_rw_block_io(struct xen_blkif_ring *ring,
207 				struct blkif_request *req,
208 				struct pending_req *pending_req);
209 static void make_response(struct xen_blkif_ring *ring, u64 id,
210 			  unsigned short op, int st);
211 
212 #define foreach_grant_safe(pos, n, rbtree, node) \
213 	for ((pos) = container_of(rb_first((rbtree)), typeof(*(pos)), node), \
214 	     (n) = (&(pos)->node != NULL) ? rb_next(&(pos)->node) : NULL; \
215 	     &(pos)->node != NULL; \
216 	     (pos) = container_of(n, typeof(*(pos)), node), \
217 	     (n) = (&(pos)->node != NULL) ? rb_next(&(pos)->node) : NULL)
218 
219 
220 /*
221  * We don't need locking around the persistent grant helpers
222  * because blkback uses a single-thread for each backend, so we
223  * can be sure that this functions will never be called recursively.
224  *
225  * The only exception to that is put_persistent_grant, that can be called
226  * from interrupt context (by xen_blkbk_unmap), so we have to use atomic
227  * bit operations to modify the flags of a persistent grant and to count
228  * the number of used grants.
229  */
230 static int add_persistent_gnt(struct xen_blkif_ring *ring,
231 			       struct persistent_gnt *persistent_gnt)
232 {
233 	struct rb_node **new = NULL, *parent = NULL;
234 	struct persistent_gnt *this;
235 	struct xen_blkif *blkif = ring->blkif;
236 
237 	if (ring->persistent_gnt_c >= xen_blkif_max_pgrants) {
238 		if (!blkif->vbd.overflow_max_grants)
239 			blkif->vbd.overflow_max_grants = 1;
240 		return -EBUSY;
241 	}
242 	/* Figure out where to put new node */
243 	new = &ring->persistent_gnts.rb_node;
244 	while (*new) {
245 		this = container_of(*new, struct persistent_gnt, node);
246 
247 		parent = *new;
248 		if (persistent_gnt->gnt < this->gnt)
249 			new = &((*new)->rb_left);
250 		else if (persistent_gnt->gnt > this->gnt)
251 			new = &((*new)->rb_right);
252 		else {
253 			pr_alert_ratelimited("trying to add a gref that's already in the tree\n");
254 			return -EINVAL;
255 		}
256 	}
257 
258 	persistent_gnt->active = true;
259 	/* Add new node and rebalance tree. */
260 	rb_link_node(&(persistent_gnt->node), parent, new);
261 	rb_insert_color(&(persistent_gnt->node), &ring->persistent_gnts);
262 	ring->persistent_gnt_c++;
263 	atomic_inc(&ring->persistent_gnt_in_use);
264 	return 0;
265 }
266 
267 static struct persistent_gnt *get_persistent_gnt(struct xen_blkif_ring *ring,
268 						 grant_ref_t gref)
269 {
270 	struct persistent_gnt *data;
271 	struct rb_node *node = NULL;
272 
273 	node = ring->persistent_gnts.rb_node;
274 	while (node) {
275 		data = container_of(node, struct persistent_gnt, node);
276 
277 		if (gref < data->gnt)
278 			node = node->rb_left;
279 		else if (gref > data->gnt)
280 			node = node->rb_right;
281 		else {
282 			if (data->active) {
283 				pr_alert_ratelimited("requesting a grant already in use\n");
284 				return NULL;
285 			}
286 			data->active = true;
287 			atomic_inc(&ring->persistent_gnt_in_use);
288 			return data;
289 		}
290 	}
291 	return NULL;
292 }
293 
294 static void put_persistent_gnt(struct xen_blkif_ring *ring,
295                                struct persistent_gnt *persistent_gnt)
296 {
297 	if (!persistent_gnt->active)
298 		pr_alert_ratelimited("freeing a grant already unused\n");
299 	persistent_gnt->last_used = jiffies;
300 	persistent_gnt->active = false;
301 	atomic_dec(&ring->persistent_gnt_in_use);
302 }
303 
304 static void free_persistent_gnts(struct xen_blkif_ring *ring, struct rb_root *root,
305                                  unsigned int num)
306 {
307 	struct gnttab_unmap_grant_ref unmap[BLKIF_MAX_SEGMENTS_PER_REQUEST];
308 	struct page *pages[BLKIF_MAX_SEGMENTS_PER_REQUEST];
309 	struct persistent_gnt *persistent_gnt;
310 	struct rb_node *n;
311 	int segs_to_unmap = 0;
312 	struct gntab_unmap_queue_data unmap_data;
313 
314 	unmap_data.pages = pages;
315 	unmap_data.unmap_ops = unmap;
316 	unmap_data.kunmap_ops = NULL;
317 
318 	foreach_grant_safe(persistent_gnt, n, root, node) {
319 		BUG_ON(persistent_gnt->handle ==
320 			BLKBACK_INVALID_HANDLE);
321 		gnttab_set_unmap_op(&unmap[segs_to_unmap],
322 			(unsigned long) pfn_to_kaddr(page_to_pfn(
323 				persistent_gnt->page)),
324 			GNTMAP_host_map,
325 			persistent_gnt->handle);
326 
327 		pages[segs_to_unmap] = persistent_gnt->page;
328 
329 		if (++segs_to_unmap == BLKIF_MAX_SEGMENTS_PER_REQUEST ||
330 			!rb_next(&persistent_gnt->node)) {
331 
332 			unmap_data.count = segs_to_unmap;
333 			BUG_ON(gnttab_unmap_refs_sync(&unmap_data));
334 
335 			put_free_pages(ring, pages, segs_to_unmap);
336 			segs_to_unmap = 0;
337 		}
338 
339 		rb_erase(&persistent_gnt->node, root);
340 		kfree(persistent_gnt);
341 		num--;
342 	}
343 	BUG_ON(num != 0);
344 }
345 
346 void xen_blkbk_unmap_purged_grants(struct work_struct *work)
347 {
348 	struct gnttab_unmap_grant_ref unmap[BLKIF_MAX_SEGMENTS_PER_REQUEST];
349 	struct page *pages[BLKIF_MAX_SEGMENTS_PER_REQUEST];
350 	struct persistent_gnt *persistent_gnt;
351 	int segs_to_unmap = 0;
352 	struct xen_blkif_ring *ring = container_of(work, typeof(*ring), persistent_purge_work);
353 	struct gntab_unmap_queue_data unmap_data;
354 
355 	unmap_data.pages = pages;
356 	unmap_data.unmap_ops = unmap;
357 	unmap_data.kunmap_ops = NULL;
358 
359 	while(!list_empty(&ring->persistent_purge_list)) {
360 		persistent_gnt = list_first_entry(&ring->persistent_purge_list,
361 		                                  struct persistent_gnt,
362 		                                  remove_node);
363 		list_del(&persistent_gnt->remove_node);
364 
365 		gnttab_set_unmap_op(&unmap[segs_to_unmap],
366 			vaddr(persistent_gnt->page),
367 			GNTMAP_host_map,
368 			persistent_gnt->handle);
369 
370 		pages[segs_to_unmap] = persistent_gnt->page;
371 
372 		if (++segs_to_unmap == BLKIF_MAX_SEGMENTS_PER_REQUEST) {
373 			unmap_data.count = segs_to_unmap;
374 			BUG_ON(gnttab_unmap_refs_sync(&unmap_data));
375 			put_free_pages(ring, pages, segs_to_unmap);
376 			segs_to_unmap = 0;
377 		}
378 		kfree(persistent_gnt);
379 	}
380 	if (segs_to_unmap > 0) {
381 		unmap_data.count = segs_to_unmap;
382 		BUG_ON(gnttab_unmap_refs_sync(&unmap_data));
383 		put_free_pages(ring, pages, segs_to_unmap);
384 	}
385 }
386 
387 static void purge_persistent_gnt(struct xen_blkif_ring *ring)
388 {
389 	struct persistent_gnt *persistent_gnt;
390 	struct rb_node *n;
391 	unsigned int num_clean, total;
392 	bool scan_used = false;
393 	struct rb_root *root;
394 
395 	if (work_busy(&ring->persistent_purge_work)) {
396 		pr_alert_ratelimited("Scheduled work from previous purge is still busy, cannot purge list\n");
397 		goto out;
398 	}
399 
400 	if (ring->persistent_gnt_c < xen_blkif_max_pgrants ||
401 	    (ring->persistent_gnt_c == xen_blkif_max_pgrants &&
402 	    !ring->blkif->vbd.overflow_max_grants)) {
403 		num_clean = 0;
404 	} else {
405 		num_clean = (xen_blkif_max_pgrants / 100) * LRU_PERCENT_CLEAN;
406 		num_clean = ring->persistent_gnt_c - xen_blkif_max_pgrants +
407 			    num_clean;
408 		num_clean = min(ring->persistent_gnt_c, num_clean);
409 		pr_debug("Going to purge at least %u persistent grants\n",
410 			 num_clean);
411 	}
412 
413 	/*
414 	 * At this point, we can assure that there will be no calls
415          * to get_persistent_grant (because we are executing this code from
416          * xen_blkif_schedule), there can only be calls to put_persistent_gnt,
417          * which means that the number of currently used grants will go down,
418          * but never up, so we will always be able to remove the requested
419          * number of grants.
420 	 */
421 
422 	total = 0;
423 
424 	BUG_ON(!list_empty(&ring->persistent_purge_list));
425 	root = &ring->persistent_gnts;
426 purge_list:
427 	foreach_grant_safe(persistent_gnt, n, root, node) {
428 		BUG_ON(persistent_gnt->handle ==
429 			BLKBACK_INVALID_HANDLE);
430 
431 		if (persistent_gnt->active)
432 			continue;
433 		if (!scan_used && !persistent_gnt_timeout(persistent_gnt))
434 			continue;
435 		if (scan_used && total >= num_clean)
436 			continue;
437 
438 		rb_erase(&persistent_gnt->node, root);
439 		list_add(&persistent_gnt->remove_node,
440 			 &ring->persistent_purge_list);
441 		total++;
442 	}
443 	/*
444 	 * Check whether we also need to start cleaning
445 	 * grants that were used since last purge in order to cope
446 	 * with the requested num
447 	 */
448 	if (!scan_used && total < num_clean) {
449 		pr_debug("Still missing %u purged frames\n", num_clean - total);
450 		scan_used = true;
451 		goto purge_list;
452 	}
453 
454 	if (total) {
455 		ring->persistent_gnt_c -= total;
456 		ring->blkif->vbd.overflow_max_grants = 0;
457 
458 		/* We can defer this work */
459 		schedule_work(&ring->persistent_purge_work);
460 		pr_debug("Purged %u/%u\n", num_clean, total);
461 	}
462 
463 out:
464 	return;
465 }
466 
467 /*
468  * Retrieve from the 'pending_reqs' a free pending_req structure to be used.
469  */
470 static struct pending_req *alloc_req(struct xen_blkif_ring *ring)
471 {
472 	struct pending_req *req = NULL;
473 	unsigned long flags;
474 
475 	spin_lock_irqsave(&ring->pending_free_lock, flags);
476 	if (!list_empty(&ring->pending_free)) {
477 		req = list_entry(ring->pending_free.next, struct pending_req,
478 				 free_list);
479 		list_del(&req->free_list);
480 	}
481 	spin_unlock_irqrestore(&ring->pending_free_lock, flags);
482 	return req;
483 }
484 
485 /*
486  * Return the 'pending_req' structure back to the freepool. We also
487  * wake up the thread if it was waiting for a free page.
488  */
489 static void free_req(struct xen_blkif_ring *ring, struct pending_req *req)
490 {
491 	unsigned long flags;
492 	int was_empty;
493 
494 	spin_lock_irqsave(&ring->pending_free_lock, flags);
495 	was_empty = list_empty(&ring->pending_free);
496 	list_add(&req->free_list, &ring->pending_free);
497 	spin_unlock_irqrestore(&ring->pending_free_lock, flags);
498 	if (was_empty)
499 		wake_up(&ring->pending_free_wq);
500 }
501 
502 /*
503  * Routines for managing virtual block devices (vbds).
504  */
505 static int xen_vbd_translate(struct phys_req *req, struct xen_blkif *blkif,
506 			     int operation)
507 {
508 	struct xen_vbd *vbd = &blkif->vbd;
509 	int rc = -EACCES;
510 
511 	if ((operation != REQ_OP_READ) && vbd->readonly)
512 		goto out;
513 
514 	if (likely(req->nr_sects)) {
515 		blkif_sector_t end = req->sector_number + req->nr_sects;
516 
517 		if (unlikely(end < req->sector_number))
518 			goto out;
519 		if (unlikely(end > vbd_sz(vbd)))
520 			goto out;
521 	}
522 
523 	req->dev  = vbd->pdevice;
524 	req->bdev = vbd->bdev;
525 	rc = 0;
526 
527  out:
528 	return rc;
529 }
530 
531 static void xen_vbd_resize(struct xen_blkif *blkif)
532 {
533 	struct xen_vbd *vbd = &blkif->vbd;
534 	struct xenbus_transaction xbt;
535 	int err;
536 	struct xenbus_device *dev = xen_blkbk_xenbus(blkif->be);
537 	unsigned long long new_size = vbd_sz(vbd);
538 
539 	pr_info("VBD Resize: Domid: %d, Device: (%d, %d)\n",
540 		blkif->domid, MAJOR(vbd->pdevice), MINOR(vbd->pdevice));
541 	pr_info("VBD Resize: new size %llu\n", new_size);
542 	vbd->size = new_size;
543 again:
544 	err = xenbus_transaction_start(&xbt);
545 	if (err) {
546 		pr_warn("Error starting transaction\n");
547 		return;
548 	}
549 	err = xenbus_printf(xbt, dev->nodename, "sectors", "%llu",
550 			    (unsigned long long)vbd_sz(vbd));
551 	if (err) {
552 		pr_warn("Error writing new size\n");
553 		goto abort;
554 	}
555 	/*
556 	 * Write the current state; we will use this to synchronize
557 	 * the front-end. If the current state is "connected" the
558 	 * front-end will get the new size information online.
559 	 */
560 	err = xenbus_printf(xbt, dev->nodename, "state", "%d", dev->state);
561 	if (err) {
562 		pr_warn("Error writing the state\n");
563 		goto abort;
564 	}
565 
566 	err = xenbus_transaction_end(xbt, 0);
567 	if (err == -EAGAIN)
568 		goto again;
569 	if (err)
570 		pr_warn("Error ending transaction\n");
571 	return;
572 abort:
573 	xenbus_transaction_end(xbt, 1);
574 }
575 
576 /*
577  * Notification from the guest OS.
578  */
579 static void blkif_notify_work(struct xen_blkif_ring *ring)
580 {
581 	ring->waiting_reqs = 1;
582 	wake_up(&ring->wq);
583 }
584 
585 irqreturn_t xen_blkif_be_int(int irq, void *dev_id)
586 {
587 	blkif_notify_work(dev_id);
588 	return IRQ_HANDLED;
589 }
590 
591 /*
592  * SCHEDULER FUNCTIONS
593  */
594 
595 static void print_stats(struct xen_blkif_ring *ring)
596 {
597 	pr_info("(%s): oo %3llu  |  rd %4llu  |  wr %4llu  |  f %4llu"
598 		 "  |  ds %4llu | pg: %4u/%4d\n",
599 		 current->comm, ring->st_oo_req,
600 		 ring->st_rd_req, ring->st_wr_req,
601 		 ring->st_f_req, ring->st_ds_req,
602 		 ring->persistent_gnt_c,
603 		 xen_blkif_max_pgrants);
604 	ring->st_print = jiffies + msecs_to_jiffies(10 * 1000);
605 	ring->st_rd_req = 0;
606 	ring->st_wr_req = 0;
607 	ring->st_oo_req = 0;
608 	ring->st_ds_req = 0;
609 }
610 
611 int xen_blkif_schedule(void *arg)
612 {
613 	struct xen_blkif_ring *ring = arg;
614 	struct xen_blkif *blkif = ring->blkif;
615 	struct xen_vbd *vbd = &blkif->vbd;
616 	unsigned long timeout;
617 	int ret;
618 
619 	set_freezable();
620 	while (!kthread_should_stop()) {
621 		if (try_to_freeze())
622 			continue;
623 		if (unlikely(vbd->size != vbd_sz(vbd)))
624 			xen_vbd_resize(blkif);
625 
626 		timeout = msecs_to_jiffies(LRU_INTERVAL);
627 
628 		timeout = wait_event_interruptible_timeout(
629 			ring->wq,
630 			ring->waiting_reqs || kthread_should_stop(),
631 			timeout);
632 		if (timeout == 0)
633 			goto purge_gnt_list;
634 		timeout = wait_event_interruptible_timeout(
635 			ring->pending_free_wq,
636 			!list_empty(&ring->pending_free) ||
637 			kthread_should_stop(),
638 			timeout);
639 		if (timeout == 0)
640 			goto purge_gnt_list;
641 
642 		ring->waiting_reqs = 0;
643 		smp_mb(); /* clear flag *before* checking for work */
644 
645 		ret = do_block_io_op(ring);
646 		if (ret > 0)
647 			ring->waiting_reqs = 1;
648 		if (ret == -EACCES)
649 			wait_event_interruptible(ring->shutdown_wq,
650 						 kthread_should_stop());
651 
652 purge_gnt_list:
653 		if (blkif->vbd.feature_gnt_persistent &&
654 		    time_after(jiffies, ring->next_lru)) {
655 			purge_persistent_gnt(ring);
656 			ring->next_lru = jiffies + msecs_to_jiffies(LRU_INTERVAL);
657 		}
658 
659 		/* Shrink if we have more than xen_blkif_max_buffer_pages */
660 		shrink_free_pagepool(ring, xen_blkif_max_buffer_pages);
661 
662 		if (log_stats && time_after(jiffies, ring->st_print))
663 			print_stats(ring);
664 	}
665 
666 	/* Drain pending purge work */
667 	flush_work(&ring->persistent_purge_work);
668 
669 	if (log_stats)
670 		print_stats(ring);
671 
672 	ring->xenblkd = NULL;
673 
674 	return 0;
675 }
676 
677 /*
678  * Remove persistent grants and empty the pool of free pages
679  */
680 void xen_blkbk_free_caches(struct xen_blkif_ring *ring)
681 {
682 	/* Free all persistent grant pages */
683 	if (!RB_EMPTY_ROOT(&ring->persistent_gnts))
684 		free_persistent_gnts(ring, &ring->persistent_gnts,
685 			ring->persistent_gnt_c);
686 
687 	BUG_ON(!RB_EMPTY_ROOT(&ring->persistent_gnts));
688 	ring->persistent_gnt_c = 0;
689 
690 	/* Since we are shutting down remove all pages from the buffer */
691 	shrink_free_pagepool(ring, 0 /* All */);
692 }
693 
694 static unsigned int xen_blkbk_unmap_prepare(
695 	struct xen_blkif_ring *ring,
696 	struct grant_page **pages,
697 	unsigned int num,
698 	struct gnttab_unmap_grant_ref *unmap_ops,
699 	struct page **unmap_pages)
700 {
701 	unsigned int i, invcount = 0;
702 
703 	for (i = 0; i < num; i++) {
704 		if (pages[i]->persistent_gnt != NULL) {
705 			put_persistent_gnt(ring, pages[i]->persistent_gnt);
706 			continue;
707 		}
708 		if (pages[i]->handle == BLKBACK_INVALID_HANDLE)
709 			continue;
710 		unmap_pages[invcount] = pages[i]->page;
711 		gnttab_set_unmap_op(&unmap_ops[invcount], vaddr(pages[i]->page),
712 				    GNTMAP_host_map, pages[i]->handle);
713 		pages[i]->handle = BLKBACK_INVALID_HANDLE;
714 		invcount++;
715 	}
716 
717 	return invcount;
718 }
719 
720 static void xen_blkbk_unmap_and_respond_callback(int result, struct gntab_unmap_queue_data *data)
721 {
722 	struct pending_req *pending_req = (struct pending_req *)(data->data);
723 	struct xen_blkif_ring *ring = pending_req->ring;
724 	struct xen_blkif *blkif = ring->blkif;
725 
726 	/* BUG_ON used to reproduce existing behaviour,
727 	   but is this the best way to deal with this? */
728 	BUG_ON(result);
729 
730 	put_free_pages(ring, data->pages, data->count);
731 	make_response(ring, pending_req->id,
732 		      pending_req->operation, pending_req->status);
733 	free_req(ring, pending_req);
734 	/*
735 	 * Make sure the request is freed before releasing blkif,
736 	 * or there could be a race between free_req and the
737 	 * cleanup done in xen_blkif_free during shutdown.
738 	 *
739 	 * NB: The fact that we might try to wake up pending_free_wq
740 	 * before drain_complete (in case there's a drain going on)
741 	 * it's not a problem with our current implementation
742 	 * because we can assure there's no thread waiting on
743 	 * pending_free_wq if there's a drain going on, but it has
744 	 * to be taken into account if the current model is changed.
745 	 */
746 	if (atomic_dec_and_test(&ring->inflight) && atomic_read(&blkif->drain)) {
747 		complete(&blkif->drain_complete);
748 	}
749 	xen_blkif_put(blkif);
750 }
751 
752 static void xen_blkbk_unmap_and_respond(struct pending_req *req)
753 {
754 	struct gntab_unmap_queue_data* work = &req->gnttab_unmap_data;
755 	struct xen_blkif_ring *ring = req->ring;
756 	struct grant_page **pages = req->segments;
757 	unsigned int invcount;
758 
759 	invcount = xen_blkbk_unmap_prepare(ring, pages, req->nr_segs,
760 					   req->unmap, req->unmap_pages);
761 
762 	work->data = req;
763 	work->done = xen_blkbk_unmap_and_respond_callback;
764 	work->unmap_ops = req->unmap;
765 	work->kunmap_ops = NULL;
766 	work->pages = req->unmap_pages;
767 	work->count = invcount;
768 
769 	gnttab_unmap_refs_async(&req->gnttab_unmap_data);
770 }
771 
772 
773 /*
774  * Unmap the grant references.
775  *
776  * This could accumulate ops up to the batch size to reduce the number
777  * of hypercalls, but since this is only used in error paths there's
778  * no real need.
779  */
780 static void xen_blkbk_unmap(struct xen_blkif_ring *ring,
781                             struct grant_page *pages[],
782                             int num)
783 {
784 	struct gnttab_unmap_grant_ref unmap[BLKIF_MAX_SEGMENTS_PER_REQUEST];
785 	struct page *unmap_pages[BLKIF_MAX_SEGMENTS_PER_REQUEST];
786 	unsigned int invcount = 0;
787 	int ret;
788 
789 	while (num) {
790 		unsigned int batch = min(num, BLKIF_MAX_SEGMENTS_PER_REQUEST);
791 
792 		invcount = xen_blkbk_unmap_prepare(ring, pages, batch,
793 						   unmap, unmap_pages);
794 		if (invcount) {
795 			ret = gnttab_unmap_refs(unmap, NULL, unmap_pages, invcount);
796 			BUG_ON(ret);
797 			put_free_pages(ring, unmap_pages, invcount);
798 		}
799 		pages += batch;
800 		num -= batch;
801 	}
802 }
803 
804 static int xen_blkbk_map(struct xen_blkif_ring *ring,
805 			 struct grant_page *pages[],
806 			 int num, bool ro)
807 {
808 	struct gnttab_map_grant_ref map[BLKIF_MAX_SEGMENTS_PER_REQUEST];
809 	struct page *pages_to_gnt[BLKIF_MAX_SEGMENTS_PER_REQUEST];
810 	struct persistent_gnt *persistent_gnt = NULL;
811 	phys_addr_t addr = 0;
812 	int i, seg_idx, new_map_idx;
813 	int segs_to_map = 0;
814 	int ret = 0;
815 	int last_map = 0, map_until = 0;
816 	int use_persistent_gnts;
817 	struct xen_blkif *blkif = ring->blkif;
818 
819 	use_persistent_gnts = (blkif->vbd.feature_gnt_persistent);
820 
821 	/*
822 	 * Fill out preq.nr_sects with proper amount of sectors, and setup
823 	 * assign map[..] with the PFN of the page in our domain with the
824 	 * corresponding grant reference for each page.
825 	 */
826 again:
827 	for (i = map_until; i < num; i++) {
828 		uint32_t flags;
829 
830 		if (use_persistent_gnts) {
831 			persistent_gnt = get_persistent_gnt(
832 				ring,
833 				pages[i]->gref);
834 		}
835 
836 		if (persistent_gnt) {
837 			/*
838 			 * We are using persistent grants and
839 			 * the grant is already mapped
840 			 */
841 			pages[i]->page = persistent_gnt->page;
842 			pages[i]->persistent_gnt = persistent_gnt;
843 		} else {
844 			if (get_free_page(ring, &pages[i]->page))
845 				goto out_of_memory;
846 			addr = vaddr(pages[i]->page);
847 			pages_to_gnt[segs_to_map] = pages[i]->page;
848 			pages[i]->persistent_gnt = NULL;
849 			flags = GNTMAP_host_map;
850 			if (!use_persistent_gnts && ro)
851 				flags |= GNTMAP_readonly;
852 			gnttab_set_map_op(&map[segs_to_map++], addr,
853 					  flags, pages[i]->gref,
854 					  blkif->domid);
855 		}
856 		map_until = i + 1;
857 		if (segs_to_map == BLKIF_MAX_SEGMENTS_PER_REQUEST)
858 			break;
859 	}
860 
861 	if (segs_to_map) {
862 		ret = gnttab_map_refs(map, NULL, pages_to_gnt, segs_to_map);
863 		BUG_ON(ret);
864 	}
865 
866 	/*
867 	 * Now swizzle the MFN in our domain with the MFN from the other domain
868 	 * so that when we access vaddr(pending_req,i) it has the contents of
869 	 * the page from the other domain.
870 	 */
871 	for (seg_idx = last_map, new_map_idx = 0; seg_idx < map_until; seg_idx++) {
872 		if (!pages[seg_idx]->persistent_gnt) {
873 			/* This is a newly mapped grant */
874 			BUG_ON(new_map_idx >= segs_to_map);
875 			if (unlikely(map[new_map_idx].status != 0)) {
876 				pr_debug("invalid buffer -- could not remap it\n");
877 				put_free_pages(ring, &pages[seg_idx]->page, 1);
878 				pages[seg_idx]->handle = BLKBACK_INVALID_HANDLE;
879 				ret |= 1;
880 				goto next;
881 			}
882 			pages[seg_idx]->handle = map[new_map_idx].handle;
883 		} else {
884 			continue;
885 		}
886 		if (use_persistent_gnts &&
887 		    ring->persistent_gnt_c < xen_blkif_max_pgrants) {
888 			/*
889 			 * We are using persistent grants, the grant is
890 			 * not mapped but we might have room for it.
891 			 */
892 			persistent_gnt = kmalloc(sizeof(struct persistent_gnt),
893 				                 GFP_KERNEL);
894 			if (!persistent_gnt) {
895 				/*
896 				 * If we don't have enough memory to
897 				 * allocate the persistent_gnt struct
898 				 * map this grant non-persistenly
899 				 */
900 				goto next;
901 			}
902 			persistent_gnt->gnt = map[new_map_idx].ref;
903 			persistent_gnt->handle = map[new_map_idx].handle;
904 			persistent_gnt->page = pages[seg_idx]->page;
905 			if (add_persistent_gnt(ring,
906 			                       persistent_gnt)) {
907 				kfree(persistent_gnt);
908 				persistent_gnt = NULL;
909 				goto next;
910 			}
911 			pages[seg_idx]->persistent_gnt = persistent_gnt;
912 			pr_debug("grant %u added to the tree of persistent grants, using %u/%u\n",
913 				 persistent_gnt->gnt, ring->persistent_gnt_c,
914 				 xen_blkif_max_pgrants);
915 			goto next;
916 		}
917 		if (use_persistent_gnts && !blkif->vbd.overflow_max_grants) {
918 			blkif->vbd.overflow_max_grants = 1;
919 			pr_debug("domain %u, device %#x is using maximum number of persistent grants\n",
920 			         blkif->domid, blkif->vbd.handle);
921 		}
922 		/*
923 		 * We could not map this grant persistently, so use it as
924 		 * a non-persistent grant.
925 		 */
926 next:
927 		new_map_idx++;
928 	}
929 	segs_to_map = 0;
930 	last_map = map_until;
931 	if (map_until != num)
932 		goto again;
933 
934 	return ret;
935 
936 out_of_memory:
937 	pr_alert("%s: out of memory\n", __func__);
938 	put_free_pages(ring, pages_to_gnt, segs_to_map);
939 	for (i = last_map; i < num; i++)
940 		pages[i]->handle = BLKBACK_INVALID_HANDLE;
941 	return -ENOMEM;
942 }
943 
944 static int xen_blkbk_map_seg(struct pending_req *pending_req)
945 {
946 	int rc;
947 
948 	rc = xen_blkbk_map(pending_req->ring, pending_req->segments,
949 			   pending_req->nr_segs,
950 	                   (pending_req->operation != BLKIF_OP_READ));
951 
952 	return rc;
953 }
954 
955 static int xen_blkbk_parse_indirect(struct blkif_request *req,
956 				    struct pending_req *pending_req,
957 				    struct seg_buf seg[],
958 				    struct phys_req *preq)
959 {
960 	struct grant_page **pages = pending_req->indirect_pages;
961 	struct xen_blkif_ring *ring = pending_req->ring;
962 	int indirect_grefs, rc, n, nseg, i;
963 	struct blkif_request_segment *segments = NULL;
964 
965 	nseg = pending_req->nr_segs;
966 	indirect_grefs = INDIRECT_PAGES(nseg);
967 	BUG_ON(indirect_grefs > BLKIF_MAX_INDIRECT_PAGES_PER_REQUEST);
968 
969 	for (i = 0; i < indirect_grefs; i++)
970 		pages[i]->gref = req->u.indirect.indirect_grefs[i];
971 
972 	rc = xen_blkbk_map(ring, pages, indirect_grefs, true);
973 	if (rc)
974 		goto unmap;
975 
976 	for (n = 0, i = 0; n < nseg; n++) {
977 		uint8_t first_sect, last_sect;
978 
979 		if ((n % SEGS_PER_INDIRECT_FRAME) == 0) {
980 			/* Map indirect segments */
981 			if (segments)
982 				kunmap_atomic(segments);
983 			segments = kmap_atomic(pages[n/SEGS_PER_INDIRECT_FRAME]->page);
984 		}
985 		i = n % SEGS_PER_INDIRECT_FRAME;
986 
987 		pending_req->segments[n]->gref = segments[i].gref;
988 
989 		first_sect = READ_ONCE(segments[i].first_sect);
990 		last_sect = READ_ONCE(segments[i].last_sect);
991 		if (last_sect >= (XEN_PAGE_SIZE >> 9) || last_sect < first_sect) {
992 			rc = -EINVAL;
993 			goto unmap;
994 		}
995 
996 		seg[n].nsec = last_sect - first_sect + 1;
997 		seg[n].offset = first_sect << 9;
998 		preq->nr_sects += seg[n].nsec;
999 	}
1000 
1001 unmap:
1002 	if (segments)
1003 		kunmap_atomic(segments);
1004 	xen_blkbk_unmap(ring, pages, indirect_grefs);
1005 	return rc;
1006 }
1007 
1008 static int dispatch_discard_io(struct xen_blkif_ring *ring,
1009 				struct blkif_request *req)
1010 {
1011 	int err = 0;
1012 	int status = BLKIF_RSP_OKAY;
1013 	struct xen_blkif *blkif = ring->blkif;
1014 	struct block_device *bdev = blkif->vbd.bdev;
1015 	unsigned long secure;
1016 	struct phys_req preq;
1017 
1018 	xen_blkif_get(blkif);
1019 
1020 	preq.sector_number = req->u.discard.sector_number;
1021 	preq.nr_sects      = req->u.discard.nr_sectors;
1022 
1023 	err = xen_vbd_translate(&preq, blkif, REQ_OP_WRITE);
1024 	if (err) {
1025 		pr_warn("access denied: DISCARD [%llu->%llu] on dev=%04x\n",
1026 			preq.sector_number,
1027 			preq.sector_number + preq.nr_sects, blkif->vbd.pdevice);
1028 		goto fail_response;
1029 	}
1030 	ring->st_ds_req++;
1031 
1032 	secure = (blkif->vbd.discard_secure &&
1033 		 (req->u.discard.flag & BLKIF_DISCARD_SECURE)) ?
1034 		 BLKDEV_DISCARD_SECURE : 0;
1035 
1036 	err = blkdev_issue_discard(bdev, req->u.discard.sector_number,
1037 				   req->u.discard.nr_sectors,
1038 				   GFP_KERNEL, secure);
1039 fail_response:
1040 	if (err == -EOPNOTSUPP) {
1041 		pr_debug("discard op failed, not supported\n");
1042 		status = BLKIF_RSP_EOPNOTSUPP;
1043 	} else if (err)
1044 		status = BLKIF_RSP_ERROR;
1045 
1046 	make_response(ring, req->u.discard.id, req->operation, status);
1047 	xen_blkif_put(blkif);
1048 	return err;
1049 }
1050 
1051 static int dispatch_other_io(struct xen_blkif_ring *ring,
1052 			     struct blkif_request *req,
1053 			     struct pending_req *pending_req)
1054 {
1055 	free_req(ring, pending_req);
1056 	make_response(ring, req->u.other.id, req->operation,
1057 		      BLKIF_RSP_EOPNOTSUPP);
1058 	return -EIO;
1059 }
1060 
1061 static void xen_blk_drain_io(struct xen_blkif_ring *ring)
1062 {
1063 	struct xen_blkif *blkif = ring->blkif;
1064 
1065 	atomic_set(&blkif->drain, 1);
1066 	do {
1067 		if (atomic_read(&ring->inflight) == 0)
1068 			break;
1069 		wait_for_completion_interruptible_timeout(
1070 				&blkif->drain_complete, HZ);
1071 
1072 		if (!atomic_read(&blkif->drain))
1073 			break;
1074 	} while (!kthread_should_stop());
1075 	atomic_set(&blkif->drain, 0);
1076 }
1077 
1078 static void __end_block_io_op(struct pending_req *pending_req,
1079 		blk_status_t error)
1080 {
1081 	/* An error fails the entire request. */
1082 	if (pending_req->operation == BLKIF_OP_FLUSH_DISKCACHE &&
1083 	    error == BLK_STS_NOTSUPP) {
1084 		pr_debug("flush diskcache op failed, not supported\n");
1085 		xen_blkbk_flush_diskcache(XBT_NIL, pending_req->ring->blkif->be, 0);
1086 		pending_req->status = BLKIF_RSP_EOPNOTSUPP;
1087 	} else if (pending_req->operation == BLKIF_OP_WRITE_BARRIER &&
1088 		   error == BLK_STS_NOTSUPP) {
1089 		pr_debug("write barrier op failed, not supported\n");
1090 		xen_blkbk_barrier(XBT_NIL, pending_req->ring->blkif->be, 0);
1091 		pending_req->status = BLKIF_RSP_EOPNOTSUPP;
1092 	} else if (error) {
1093 		pr_debug("Buffer not up-to-date at end of operation,"
1094 			 " error=%d\n", error);
1095 		pending_req->status = BLKIF_RSP_ERROR;
1096 	}
1097 
1098 	/*
1099 	 * If all of the bio's have completed it is time to unmap
1100 	 * the grant references associated with 'request' and provide
1101 	 * the proper response on the ring.
1102 	 */
1103 	if (atomic_dec_and_test(&pending_req->pendcnt))
1104 		xen_blkbk_unmap_and_respond(pending_req);
1105 }
1106 
1107 /*
1108  * bio callback.
1109  */
1110 static void end_block_io_op(struct bio *bio)
1111 {
1112 	__end_block_io_op(bio->bi_private, bio->bi_status);
1113 	bio_put(bio);
1114 }
1115 
1116 
1117 
1118 /*
1119  * Function to copy the from the ring buffer the 'struct blkif_request'
1120  * (which has the sectors we want, number of them, grant references, etc),
1121  * and transmute  it to the block API to hand it over to the proper block disk.
1122  */
1123 static int
1124 __do_block_io_op(struct xen_blkif_ring *ring)
1125 {
1126 	union blkif_back_rings *blk_rings = &ring->blk_rings;
1127 	struct blkif_request req;
1128 	struct pending_req *pending_req;
1129 	RING_IDX rc, rp;
1130 	int more_to_do = 0;
1131 
1132 	rc = blk_rings->common.req_cons;
1133 	rp = blk_rings->common.sring->req_prod;
1134 	rmb(); /* Ensure we see queued requests up to 'rp'. */
1135 
1136 	if (RING_REQUEST_PROD_OVERFLOW(&blk_rings->common, rp)) {
1137 		rc = blk_rings->common.rsp_prod_pvt;
1138 		pr_warn("Frontend provided bogus ring requests (%d - %d = %d). Halting ring processing on dev=%04x\n",
1139 			rp, rc, rp - rc, ring->blkif->vbd.pdevice);
1140 		return -EACCES;
1141 	}
1142 	while (rc != rp) {
1143 
1144 		if (RING_REQUEST_CONS_OVERFLOW(&blk_rings->common, rc))
1145 			break;
1146 
1147 		if (kthread_should_stop()) {
1148 			more_to_do = 1;
1149 			break;
1150 		}
1151 
1152 		pending_req = alloc_req(ring);
1153 		if (NULL == pending_req) {
1154 			ring->st_oo_req++;
1155 			more_to_do = 1;
1156 			break;
1157 		}
1158 
1159 		switch (ring->blkif->blk_protocol) {
1160 		case BLKIF_PROTOCOL_NATIVE:
1161 			memcpy(&req, RING_GET_REQUEST(&blk_rings->native, rc), sizeof(req));
1162 			break;
1163 		case BLKIF_PROTOCOL_X86_32:
1164 			blkif_get_x86_32_req(&req, RING_GET_REQUEST(&blk_rings->x86_32, rc));
1165 			break;
1166 		case BLKIF_PROTOCOL_X86_64:
1167 			blkif_get_x86_64_req(&req, RING_GET_REQUEST(&blk_rings->x86_64, rc));
1168 			break;
1169 		default:
1170 			BUG();
1171 		}
1172 		blk_rings->common.req_cons = ++rc; /* before make_response() */
1173 
1174 		/* Apply all sanity checks to /private copy/ of request. */
1175 		barrier();
1176 
1177 		switch (req.operation) {
1178 		case BLKIF_OP_READ:
1179 		case BLKIF_OP_WRITE:
1180 		case BLKIF_OP_WRITE_BARRIER:
1181 		case BLKIF_OP_FLUSH_DISKCACHE:
1182 		case BLKIF_OP_INDIRECT:
1183 			if (dispatch_rw_block_io(ring, &req, pending_req))
1184 				goto done;
1185 			break;
1186 		case BLKIF_OP_DISCARD:
1187 			free_req(ring, pending_req);
1188 			if (dispatch_discard_io(ring, &req))
1189 				goto done;
1190 			break;
1191 		default:
1192 			if (dispatch_other_io(ring, &req, pending_req))
1193 				goto done;
1194 			break;
1195 		}
1196 
1197 		/* Yield point for this unbounded loop. */
1198 		cond_resched();
1199 	}
1200 done:
1201 	return more_to_do;
1202 }
1203 
1204 static int
1205 do_block_io_op(struct xen_blkif_ring *ring)
1206 {
1207 	union blkif_back_rings *blk_rings = &ring->blk_rings;
1208 	int more_to_do;
1209 
1210 	do {
1211 		more_to_do = __do_block_io_op(ring);
1212 		if (more_to_do)
1213 			break;
1214 
1215 		RING_FINAL_CHECK_FOR_REQUESTS(&blk_rings->common, more_to_do);
1216 	} while (more_to_do);
1217 
1218 	return more_to_do;
1219 }
1220 /*
1221  * Transmutation of the 'struct blkif_request' to a proper 'struct bio'
1222  * and call the 'submit_bio' to pass it to the underlying storage.
1223  */
1224 static int dispatch_rw_block_io(struct xen_blkif_ring *ring,
1225 				struct blkif_request *req,
1226 				struct pending_req *pending_req)
1227 {
1228 	struct phys_req preq;
1229 	struct seg_buf *seg = pending_req->seg;
1230 	unsigned int nseg;
1231 	struct bio *bio = NULL;
1232 	struct bio **biolist = pending_req->biolist;
1233 	int i, nbio = 0;
1234 	int operation;
1235 	int operation_flags = 0;
1236 	struct blk_plug plug;
1237 	bool drain = false;
1238 	struct grant_page **pages = pending_req->segments;
1239 	unsigned short req_operation;
1240 
1241 	req_operation = req->operation == BLKIF_OP_INDIRECT ?
1242 			req->u.indirect.indirect_op : req->operation;
1243 
1244 	if ((req->operation == BLKIF_OP_INDIRECT) &&
1245 	    (req_operation != BLKIF_OP_READ) &&
1246 	    (req_operation != BLKIF_OP_WRITE)) {
1247 		pr_debug("Invalid indirect operation (%u)\n", req_operation);
1248 		goto fail_response;
1249 	}
1250 
1251 	switch (req_operation) {
1252 	case BLKIF_OP_READ:
1253 		ring->st_rd_req++;
1254 		operation = REQ_OP_READ;
1255 		break;
1256 	case BLKIF_OP_WRITE:
1257 		ring->st_wr_req++;
1258 		operation = REQ_OP_WRITE;
1259 		operation_flags = REQ_SYNC | REQ_IDLE;
1260 		break;
1261 	case BLKIF_OP_WRITE_BARRIER:
1262 		drain = true;
1263 		/* fall through */
1264 	case BLKIF_OP_FLUSH_DISKCACHE:
1265 		ring->st_f_req++;
1266 		operation = REQ_OP_WRITE;
1267 		operation_flags = REQ_PREFLUSH;
1268 		break;
1269 	default:
1270 		operation = 0; /* make gcc happy */
1271 		goto fail_response;
1272 		break;
1273 	}
1274 
1275 	/* Check that the number of segments is sane. */
1276 	nseg = req->operation == BLKIF_OP_INDIRECT ?
1277 	       req->u.indirect.nr_segments : req->u.rw.nr_segments;
1278 
1279 	if (unlikely(nseg == 0 && operation_flags != REQ_PREFLUSH) ||
1280 	    unlikely((req->operation != BLKIF_OP_INDIRECT) &&
1281 		     (nseg > BLKIF_MAX_SEGMENTS_PER_REQUEST)) ||
1282 	    unlikely((req->operation == BLKIF_OP_INDIRECT) &&
1283 		     (nseg > MAX_INDIRECT_SEGMENTS))) {
1284 		pr_debug("Bad number of segments in request (%d)\n", nseg);
1285 		/* Haven't submitted any bio's yet. */
1286 		goto fail_response;
1287 	}
1288 
1289 	preq.nr_sects      = 0;
1290 
1291 	pending_req->ring      = ring;
1292 	pending_req->id        = req->u.rw.id;
1293 	pending_req->operation = req_operation;
1294 	pending_req->status    = BLKIF_RSP_OKAY;
1295 	pending_req->nr_segs   = nseg;
1296 
1297 	if (req->operation != BLKIF_OP_INDIRECT) {
1298 		preq.dev               = req->u.rw.handle;
1299 		preq.sector_number     = req->u.rw.sector_number;
1300 		for (i = 0; i < nseg; i++) {
1301 			pages[i]->gref = req->u.rw.seg[i].gref;
1302 			seg[i].nsec = req->u.rw.seg[i].last_sect -
1303 				req->u.rw.seg[i].first_sect + 1;
1304 			seg[i].offset = (req->u.rw.seg[i].first_sect << 9);
1305 			if ((req->u.rw.seg[i].last_sect >= (XEN_PAGE_SIZE >> 9)) ||
1306 			    (req->u.rw.seg[i].last_sect <
1307 			     req->u.rw.seg[i].first_sect))
1308 				goto fail_response;
1309 			preq.nr_sects += seg[i].nsec;
1310 		}
1311 	} else {
1312 		preq.dev               = req->u.indirect.handle;
1313 		preq.sector_number     = req->u.indirect.sector_number;
1314 		if (xen_blkbk_parse_indirect(req, pending_req, seg, &preq))
1315 			goto fail_response;
1316 	}
1317 
1318 	if (xen_vbd_translate(&preq, ring->blkif, operation) != 0) {
1319 		pr_debug("access denied: %s of [%llu,%llu] on dev=%04x\n",
1320 			 operation == REQ_OP_READ ? "read" : "write",
1321 			 preq.sector_number,
1322 			 preq.sector_number + preq.nr_sects,
1323 			 ring->blkif->vbd.pdevice);
1324 		goto fail_response;
1325 	}
1326 
1327 	/*
1328 	 * This check _MUST_ be done after xen_vbd_translate as the preq.bdev
1329 	 * is set there.
1330 	 */
1331 	for (i = 0; i < nseg; i++) {
1332 		if (((int)preq.sector_number|(int)seg[i].nsec) &
1333 		    ((bdev_logical_block_size(preq.bdev) >> 9) - 1)) {
1334 			pr_debug("Misaligned I/O request from domain %d\n",
1335 				 ring->blkif->domid);
1336 			goto fail_response;
1337 		}
1338 	}
1339 
1340 	/* Wait on all outstanding I/O's and once that has been completed
1341 	 * issue the flush.
1342 	 */
1343 	if (drain)
1344 		xen_blk_drain_io(pending_req->ring);
1345 
1346 	/*
1347 	 * If we have failed at this point, we need to undo the M2P override,
1348 	 * set gnttab_set_unmap_op on all of the grant references and perform
1349 	 * the hypercall to unmap the grants - that is all done in
1350 	 * xen_blkbk_unmap.
1351 	 */
1352 	if (xen_blkbk_map_seg(pending_req))
1353 		goto fail_flush;
1354 
1355 	/*
1356 	 * This corresponding xen_blkif_put is done in __end_block_io_op, or
1357 	 * below (in "!bio") if we are handling a BLKIF_OP_DISCARD.
1358 	 */
1359 	xen_blkif_get(ring->blkif);
1360 	atomic_inc(&ring->inflight);
1361 
1362 	for (i = 0; i < nseg; i++) {
1363 		while ((bio == NULL) ||
1364 		       (bio_add_page(bio,
1365 				     pages[i]->page,
1366 				     seg[i].nsec << 9,
1367 				     seg[i].offset) == 0)) {
1368 
1369 			int nr_iovecs = min_t(int, (nseg-i), BIO_MAX_PAGES);
1370 			bio = bio_alloc(GFP_KERNEL, nr_iovecs);
1371 			if (unlikely(bio == NULL))
1372 				goto fail_put_bio;
1373 
1374 			biolist[nbio++] = bio;
1375 			bio_set_dev(bio, preq.bdev);
1376 			bio->bi_private = pending_req;
1377 			bio->bi_end_io  = end_block_io_op;
1378 			bio->bi_iter.bi_sector  = preq.sector_number;
1379 			bio_set_op_attrs(bio, operation, operation_flags);
1380 		}
1381 
1382 		preq.sector_number += seg[i].nsec;
1383 	}
1384 
1385 	/* This will be hit if the operation was a flush or discard. */
1386 	if (!bio) {
1387 		BUG_ON(operation_flags != REQ_PREFLUSH);
1388 
1389 		bio = bio_alloc(GFP_KERNEL, 0);
1390 		if (unlikely(bio == NULL))
1391 			goto fail_put_bio;
1392 
1393 		biolist[nbio++] = bio;
1394 		bio_set_dev(bio, preq.bdev);
1395 		bio->bi_private = pending_req;
1396 		bio->bi_end_io  = end_block_io_op;
1397 		bio_set_op_attrs(bio, operation, operation_flags);
1398 	}
1399 
1400 	atomic_set(&pending_req->pendcnt, nbio);
1401 	blk_start_plug(&plug);
1402 
1403 	for (i = 0; i < nbio; i++)
1404 		submit_bio(biolist[i]);
1405 
1406 	/* Let the I/Os go.. */
1407 	blk_finish_plug(&plug);
1408 
1409 	if (operation == REQ_OP_READ)
1410 		ring->st_rd_sect += preq.nr_sects;
1411 	else if (operation == REQ_OP_WRITE)
1412 		ring->st_wr_sect += preq.nr_sects;
1413 
1414 	return 0;
1415 
1416  fail_flush:
1417 	xen_blkbk_unmap(ring, pending_req->segments,
1418 	                pending_req->nr_segs);
1419  fail_response:
1420 	/* Haven't submitted any bio's yet. */
1421 	make_response(ring, req->u.rw.id, req_operation, BLKIF_RSP_ERROR);
1422 	free_req(ring, pending_req);
1423 	msleep(1); /* back off a bit */
1424 	return -EIO;
1425 
1426  fail_put_bio:
1427 	for (i = 0; i < nbio; i++)
1428 		bio_put(biolist[i]);
1429 	atomic_set(&pending_req->pendcnt, 1);
1430 	__end_block_io_op(pending_req, BLK_STS_RESOURCE);
1431 	msleep(1); /* back off a bit */
1432 	return -EIO;
1433 }
1434 
1435 
1436 
1437 /*
1438  * Put a response on the ring on how the operation fared.
1439  */
1440 static void make_response(struct xen_blkif_ring *ring, u64 id,
1441 			  unsigned short op, int st)
1442 {
1443 	struct blkif_response *resp;
1444 	unsigned long     flags;
1445 	union blkif_back_rings *blk_rings;
1446 	int notify;
1447 
1448 	spin_lock_irqsave(&ring->blk_ring_lock, flags);
1449 	blk_rings = &ring->blk_rings;
1450 	/* Place on the response ring for the relevant domain. */
1451 	switch (ring->blkif->blk_protocol) {
1452 	case BLKIF_PROTOCOL_NATIVE:
1453 		resp = RING_GET_RESPONSE(&blk_rings->native,
1454 					 blk_rings->native.rsp_prod_pvt);
1455 		break;
1456 	case BLKIF_PROTOCOL_X86_32:
1457 		resp = RING_GET_RESPONSE(&blk_rings->x86_32,
1458 					 blk_rings->x86_32.rsp_prod_pvt);
1459 		break;
1460 	case BLKIF_PROTOCOL_X86_64:
1461 		resp = RING_GET_RESPONSE(&blk_rings->x86_64,
1462 					 blk_rings->x86_64.rsp_prod_pvt);
1463 		break;
1464 	default:
1465 		BUG();
1466 	}
1467 
1468 	resp->id        = id;
1469 	resp->operation = op;
1470 	resp->status    = st;
1471 
1472 	blk_rings->common.rsp_prod_pvt++;
1473 	RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blk_rings->common, notify);
1474 	spin_unlock_irqrestore(&ring->blk_ring_lock, flags);
1475 	if (notify)
1476 		notify_remote_via_irq(ring->irq);
1477 }
1478 
1479 static int __init xen_blkif_init(void)
1480 {
1481 	int rc = 0;
1482 
1483 	if (!xen_domain())
1484 		return -ENODEV;
1485 
1486 	if (xen_blkif_max_ring_order > XENBUS_MAX_RING_GRANT_ORDER) {
1487 		pr_info("Invalid max_ring_order (%d), will use default max: %d.\n",
1488 			xen_blkif_max_ring_order, XENBUS_MAX_RING_GRANT_ORDER);
1489 		xen_blkif_max_ring_order = XENBUS_MAX_RING_GRANT_ORDER;
1490 	}
1491 
1492 	if (xenblk_max_queues == 0)
1493 		xenblk_max_queues = num_online_cpus();
1494 
1495 	rc = xen_blkif_interface_init();
1496 	if (rc)
1497 		goto failed_init;
1498 
1499 	rc = xen_blkif_xenbus_init();
1500 	if (rc)
1501 		goto failed_init;
1502 
1503  failed_init:
1504 	return rc;
1505 }
1506 
1507 module_init(xen_blkif_init);
1508 
1509 static void __exit xen_blkif_fini(void)
1510 {
1511 	xen_blkif_xenbus_fini();
1512 	xen_blkif_interface_fini();
1513 }
1514 
1515 module_exit(xen_blkif_fini);
1516 
1517 MODULE_LICENSE("Dual BSD/GPL");
1518 MODULE_ALIAS("xen-backend:vbd");
1519