1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*  Xenbus code for blkif backend
3     Copyright (C) 2005 Rusty Russell <rusty@rustcorp.com.au>
4     Copyright (C) 2005 XenSource Ltd
5 
6 
7 */
8 
9 #define pr_fmt(fmt) "xen-blkback: " fmt
10 
11 #include <stdarg.h>
12 #include <linux/module.h>
13 #include <linux/kthread.h>
14 #include <xen/events.h>
15 #include <xen/grant_table.h>
16 #include "common.h"
17 
18 /* On the XenBus the max length of 'ring-ref%u'. */
19 #define RINGREF_NAME_LEN (20)
20 
21 struct backend_info {
22 	struct xenbus_device	*dev;
23 	struct xen_blkif	*blkif;
24 	struct xenbus_watch	backend_watch;
25 	unsigned		major;
26 	unsigned		minor;
27 	char			*mode;
28 };
29 
30 static struct kmem_cache *xen_blkif_cachep;
31 static void connect(struct backend_info *);
32 static int connect_ring(struct backend_info *);
33 static void backend_changed(struct xenbus_watch *, const char *,
34 			    const char *);
35 static void xen_blkif_free(struct xen_blkif *blkif);
36 static void xen_vbd_free(struct xen_vbd *vbd);
37 
38 struct xenbus_device *xen_blkbk_xenbus(struct backend_info *be)
39 {
40 	return be->dev;
41 }
42 
43 /*
44  * The last request could free the device from softirq context and
45  * xen_blkif_free() can sleep.
46  */
47 static void xen_blkif_deferred_free(struct work_struct *work)
48 {
49 	struct xen_blkif *blkif;
50 
51 	blkif = container_of(work, struct xen_blkif, free_work);
52 	xen_blkif_free(blkif);
53 }
54 
55 static int blkback_name(struct xen_blkif *blkif, char *buf)
56 {
57 	char *devpath, *devname;
58 	struct xenbus_device *dev = blkif->be->dev;
59 
60 	devpath = xenbus_read(XBT_NIL, dev->nodename, "dev", NULL);
61 	if (IS_ERR(devpath))
62 		return PTR_ERR(devpath);
63 
64 	devname = strstr(devpath, "/dev/");
65 	if (devname != NULL)
66 		devname += strlen("/dev/");
67 	else
68 		devname  = devpath;
69 
70 	snprintf(buf, TASK_COMM_LEN, "%d.%s", blkif->domid, devname);
71 	kfree(devpath);
72 
73 	return 0;
74 }
75 
76 static void xen_update_blkif_status(struct xen_blkif *blkif)
77 {
78 	int err;
79 	char name[TASK_COMM_LEN];
80 	struct xen_blkif_ring *ring;
81 	int i;
82 
83 	/* Not ready to connect? */
84 	if (!blkif->rings || !blkif->rings[0].irq || !blkif->vbd.bdev)
85 		return;
86 
87 	/* Already connected? */
88 	if (blkif->be->dev->state == XenbusStateConnected)
89 		return;
90 
91 	/* Attempt to connect: exit if we fail to. */
92 	connect(blkif->be);
93 	if (blkif->be->dev->state != XenbusStateConnected)
94 		return;
95 
96 	err = blkback_name(blkif, name);
97 	if (err) {
98 		xenbus_dev_error(blkif->be->dev, err, "get blkback dev name");
99 		return;
100 	}
101 
102 	err = filemap_write_and_wait(blkif->vbd.bdev->bd_inode->i_mapping);
103 	if (err) {
104 		xenbus_dev_error(blkif->be->dev, err, "block flush");
105 		return;
106 	}
107 	invalidate_inode_pages2(blkif->vbd.bdev->bd_inode->i_mapping);
108 
109 	for (i = 0; i < blkif->nr_rings; i++) {
110 		ring = &blkif->rings[i];
111 		ring->xenblkd = kthread_run(xen_blkif_schedule, ring, "%s-%d", name, i);
112 		if (IS_ERR(ring->xenblkd)) {
113 			err = PTR_ERR(ring->xenblkd);
114 			ring->xenblkd = NULL;
115 			xenbus_dev_fatal(blkif->be->dev, err,
116 					"start %s-%d xenblkd", name, i);
117 			goto out;
118 		}
119 	}
120 	return;
121 
122 out:
123 	while (--i >= 0) {
124 		ring = &blkif->rings[i];
125 		kthread_stop(ring->xenblkd);
126 	}
127 	return;
128 }
129 
130 static int xen_blkif_alloc_rings(struct xen_blkif *blkif)
131 {
132 	unsigned int r;
133 
134 	blkif->rings = kcalloc(blkif->nr_rings, sizeof(struct xen_blkif_ring),
135 			       GFP_KERNEL);
136 	if (!blkif->rings)
137 		return -ENOMEM;
138 
139 	for (r = 0; r < blkif->nr_rings; r++) {
140 		struct xen_blkif_ring *ring = &blkif->rings[r];
141 
142 		spin_lock_init(&ring->blk_ring_lock);
143 		init_waitqueue_head(&ring->wq);
144 		INIT_LIST_HEAD(&ring->pending_free);
145 		INIT_LIST_HEAD(&ring->persistent_purge_list);
146 		INIT_WORK(&ring->persistent_purge_work, xen_blkbk_unmap_purged_grants);
147 		gnttab_page_cache_init(&ring->free_pages);
148 
149 		spin_lock_init(&ring->pending_free_lock);
150 		init_waitqueue_head(&ring->pending_free_wq);
151 		init_waitqueue_head(&ring->shutdown_wq);
152 		ring->blkif = blkif;
153 		ring->st_print = jiffies;
154 		ring->active = true;
155 	}
156 
157 	return 0;
158 }
159 
160 static struct xen_blkif *xen_blkif_alloc(domid_t domid)
161 {
162 	struct xen_blkif *blkif;
163 
164 	BUILD_BUG_ON(MAX_INDIRECT_PAGES > BLKIF_MAX_INDIRECT_PAGES_PER_REQUEST);
165 
166 	blkif = kmem_cache_zalloc(xen_blkif_cachep, GFP_KERNEL);
167 	if (!blkif)
168 		return ERR_PTR(-ENOMEM);
169 
170 	blkif->domid = domid;
171 	atomic_set(&blkif->refcnt, 1);
172 	init_completion(&blkif->drain_complete);
173 
174 	/*
175 	 * Because freeing back to the cache may be deferred, it is not
176 	 * safe to unload the module (and hence destroy the cache) until
177 	 * this has completed. To prevent premature unloading, take an
178 	 * extra module reference here and release only when the object
179 	 * has been freed back to the cache.
180 	 */
181 	__module_get(THIS_MODULE);
182 	INIT_WORK(&blkif->free_work, xen_blkif_deferred_free);
183 
184 	return blkif;
185 }
186 
187 static int xen_blkif_map(struct xen_blkif_ring *ring, grant_ref_t *gref,
188 			 unsigned int nr_grefs, unsigned int evtchn)
189 {
190 	int err;
191 	struct xen_blkif *blkif = ring->blkif;
192 	const struct blkif_common_sring *sring_common;
193 	RING_IDX rsp_prod, req_prod;
194 	unsigned int size;
195 
196 	/* Already connected through? */
197 	if (ring->irq)
198 		return 0;
199 
200 	err = xenbus_map_ring_valloc(blkif->be->dev, gref, nr_grefs,
201 				     &ring->blk_ring);
202 	if (err < 0)
203 		return err;
204 
205 	sring_common = (struct blkif_common_sring *)ring->blk_ring;
206 	rsp_prod = READ_ONCE(sring_common->rsp_prod);
207 	req_prod = READ_ONCE(sring_common->req_prod);
208 
209 	switch (blkif->blk_protocol) {
210 	case BLKIF_PROTOCOL_NATIVE:
211 	{
212 		struct blkif_sring *sring_native =
213 			(struct blkif_sring *)ring->blk_ring;
214 
215 		BACK_RING_ATTACH(&ring->blk_rings.native, sring_native,
216 				 rsp_prod, XEN_PAGE_SIZE * nr_grefs);
217 		size = __RING_SIZE(sring_native, XEN_PAGE_SIZE * nr_grefs);
218 		break;
219 	}
220 	case BLKIF_PROTOCOL_X86_32:
221 	{
222 		struct blkif_x86_32_sring *sring_x86_32 =
223 			(struct blkif_x86_32_sring *)ring->blk_ring;
224 
225 		BACK_RING_ATTACH(&ring->blk_rings.x86_32, sring_x86_32,
226 				 rsp_prod, XEN_PAGE_SIZE * nr_grefs);
227 		size = __RING_SIZE(sring_x86_32, XEN_PAGE_SIZE * nr_grefs);
228 		break;
229 	}
230 	case BLKIF_PROTOCOL_X86_64:
231 	{
232 		struct blkif_x86_64_sring *sring_x86_64 =
233 			(struct blkif_x86_64_sring *)ring->blk_ring;
234 
235 		BACK_RING_ATTACH(&ring->blk_rings.x86_64, sring_x86_64,
236 				 rsp_prod, XEN_PAGE_SIZE * nr_grefs);
237 		size = __RING_SIZE(sring_x86_64, XEN_PAGE_SIZE * nr_grefs);
238 		break;
239 	}
240 	default:
241 		BUG();
242 	}
243 
244 	err = -EIO;
245 	if (req_prod - rsp_prod > size)
246 		goto fail;
247 
248 	err = bind_interdomain_evtchn_to_irqhandler_lateeoi(blkif->domid,
249 			evtchn, xen_blkif_be_int, 0, "blkif-backend", ring);
250 	if (err < 0)
251 		goto fail;
252 	ring->irq = err;
253 
254 	return 0;
255 
256 fail:
257 	xenbus_unmap_ring_vfree(blkif->be->dev, ring->blk_ring);
258 	ring->blk_rings.common.sring = NULL;
259 	return err;
260 }
261 
262 static int xen_blkif_disconnect(struct xen_blkif *blkif)
263 {
264 	struct pending_req *req, *n;
265 	unsigned int j, r;
266 	bool busy = false;
267 
268 	for (r = 0; r < blkif->nr_rings; r++) {
269 		struct xen_blkif_ring *ring = &blkif->rings[r];
270 		unsigned int i = 0;
271 
272 		if (!ring->active)
273 			continue;
274 
275 		if (ring->xenblkd) {
276 			kthread_stop(ring->xenblkd);
277 			ring->xenblkd = NULL;
278 			wake_up(&ring->shutdown_wq);
279 		}
280 
281 		/* The above kthread_stop() guarantees that at this point we
282 		 * don't have any discard_io or other_io requests. So, checking
283 		 * for inflight IO is enough.
284 		 */
285 		if (atomic_read(&ring->inflight) > 0) {
286 			busy = true;
287 			continue;
288 		}
289 
290 		if (ring->irq) {
291 			unbind_from_irqhandler(ring->irq, ring);
292 			ring->irq = 0;
293 		}
294 
295 		if (ring->blk_rings.common.sring) {
296 			xenbus_unmap_ring_vfree(blkif->be->dev, ring->blk_ring);
297 			ring->blk_rings.common.sring = NULL;
298 		}
299 
300 		/* Remove all persistent grants and the cache of ballooned pages. */
301 		xen_blkbk_free_caches(ring);
302 
303 		/* Check that there is no request in use */
304 		list_for_each_entry_safe(req, n, &ring->pending_free, free_list) {
305 			list_del(&req->free_list);
306 
307 			for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++)
308 				kfree(req->segments[j]);
309 
310 			for (j = 0; j < MAX_INDIRECT_PAGES; j++)
311 				kfree(req->indirect_pages[j]);
312 
313 			kfree(req);
314 			i++;
315 		}
316 
317 		BUG_ON(atomic_read(&ring->persistent_gnt_in_use) != 0);
318 		BUG_ON(!list_empty(&ring->persistent_purge_list));
319 		BUG_ON(!RB_EMPTY_ROOT(&ring->persistent_gnts));
320 		BUG_ON(ring->free_pages.num_pages != 0);
321 		BUG_ON(ring->persistent_gnt_c != 0);
322 		WARN_ON(i != (XEN_BLKIF_REQS_PER_PAGE * blkif->nr_ring_pages));
323 		ring->active = false;
324 	}
325 	if (busy)
326 		return -EBUSY;
327 
328 	blkif->nr_ring_pages = 0;
329 	/*
330 	 * blkif->rings was allocated in connect_ring, so we should free it in
331 	 * here.
332 	 */
333 	kfree(blkif->rings);
334 	blkif->rings = NULL;
335 	blkif->nr_rings = 0;
336 
337 	return 0;
338 }
339 
340 static void xen_blkif_free(struct xen_blkif *blkif)
341 {
342 	WARN_ON(xen_blkif_disconnect(blkif));
343 	xen_vbd_free(&blkif->vbd);
344 	kfree(blkif->be->mode);
345 	kfree(blkif->be);
346 
347 	/* Make sure everything is drained before shutting down */
348 	kmem_cache_free(xen_blkif_cachep, blkif);
349 	module_put(THIS_MODULE);
350 }
351 
352 int __init xen_blkif_interface_init(void)
353 {
354 	xen_blkif_cachep = kmem_cache_create("blkif_cache",
355 					     sizeof(struct xen_blkif),
356 					     0, 0, NULL);
357 	if (!xen_blkif_cachep)
358 		return -ENOMEM;
359 
360 	return 0;
361 }
362 
363 void xen_blkif_interface_fini(void)
364 {
365 	kmem_cache_destroy(xen_blkif_cachep);
366 	xen_blkif_cachep = NULL;
367 }
368 
369 /*
370  *  sysfs interface for VBD I/O requests
371  */
372 
373 #define VBD_SHOW_ALLRING(name, format)					\
374 	static ssize_t show_##name(struct device *_dev,			\
375 				   struct device_attribute *attr,	\
376 				   char *buf)				\
377 	{								\
378 		struct xenbus_device *dev = to_xenbus_device(_dev);	\
379 		struct backend_info *be = dev_get_drvdata(&dev->dev);	\
380 		struct xen_blkif *blkif = be->blkif;			\
381 		unsigned int i;						\
382 		unsigned long long result = 0;				\
383 									\
384 		if (!blkif->rings)				\
385 			goto out;					\
386 									\
387 		for (i = 0; i < blkif->nr_rings; i++) {		\
388 			struct xen_blkif_ring *ring = &blkif->rings[i];	\
389 									\
390 			result += ring->st_##name;			\
391 		}							\
392 									\
393 out:									\
394 		return sprintf(buf, format, result);			\
395 	}								\
396 	static DEVICE_ATTR(name, 0444, show_##name, NULL)
397 
398 VBD_SHOW_ALLRING(oo_req,  "%llu\n");
399 VBD_SHOW_ALLRING(rd_req,  "%llu\n");
400 VBD_SHOW_ALLRING(wr_req,  "%llu\n");
401 VBD_SHOW_ALLRING(f_req,  "%llu\n");
402 VBD_SHOW_ALLRING(ds_req,  "%llu\n");
403 VBD_SHOW_ALLRING(rd_sect, "%llu\n");
404 VBD_SHOW_ALLRING(wr_sect, "%llu\n");
405 
406 static struct attribute *xen_vbdstat_attrs[] = {
407 	&dev_attr_oo_req.attr,
408 	&dev_attr_rd_req.attr,
409 	&dev_attr_wr_req.attr,
410 	&dev_attr_f_req.attr,
411 	&dev_attr_ds_req.attr,
412 	&dev_attr_rd_sect.attr,
413 	&dev_attr_wr_sect.attr,
414 	NULL
415 };
416 
417 static const struct attribute_group xen_vbdstat_group = {
418 	.name = "statistics",
419 	.attrs = xen_vbdstat_attrs,
420 };
421 
422 #define VBD_SHOW(name, format, args...)					\
423 	static ssize_t show_##name(struct device *_dev,			\
424 				   struct device_attribute *attr,	\
425 				   char *buf)				\
426 	{								\
427 		struct xenbus_device *dev = to_xenbus_device(_dev);	\
428 		struct backend_info *be = dev_get_drvdata(&dev->dev);	\
429 									\
430 		return sprintf(buf, format, ##args);			\
431 	}								\
432 	static DEVICE_ATTR(name, 0444, show_##name, NULL)
433 
434 VBD_SHOW(physical_device, "%x:%x\n", be->major, be->minor);
435 VBD_SHOW(mode, "%s\n", be->mode);
436 
437 static int xenvbd_sysfs_addif(struct xenbus_device *dev)
438 {
439 	int error;
440 
441 	error = device_create_file(&dev->dev, &dev_attr_physical_device);
442 	if (error)
443 		goto fail1;
444 
445 	error = device_create_file(&dev->dev, &dev_attr_mode);
446 	if (error)
447 		goto fail2;
448 
449 	error = sysfs_create_group(&dev->dev.kobj, &xen_vbdstat_group);
450 	if (error)
451 		goto fail3;
452 
453 	return 0;
454 
455 fail3:	sysfs_remove_group(&dev->dev.kobj, &xen_vbdstat_group);
456 fail2:	device_remove_file(&dev->dev, &dev_attr_mode);
457 fail1:	device_remove_file(&dev->dev, &dev_attr_physical_device);
458 	return error;
459 }
460 
461 static void xenvbd_sysfs_delif(struct xenbus_device *dev)
462 {
463 	sysfs_remove_group(&dev->dev.kobj, &xen_vbdstat_group);
464 	device_remove_file(&dev->dev, &dev_attr_mode);
465 	device_remove_file(&dev->dev, &dev_attr_physical_device);
466 }
467 
468 static void xen_vbd_free(struct xen_vbd *vbd)
469 {
470 	if (vbd->bdev)
471 		blkdev_put(vbd->bdev, vbd->readonly ? FMODE_READ : FMODE_WRITE);
472 	vbd->bdev = NULL;
473 }
474 
475 /* Enable the persistent grants feature. */
476 static bool feature_persistent = true;
477 module_param(feature_persistent, bool, 0644);
478 MODULE_PARM_DESC(feature_persistent,
479 		"Enables the persistent grants feature");
480 
481 static int xen_vbd_create(struct xen_blkif *blkif, blkif_vdev_t handle,
482 			  unsigned major, unsigned minor, int readonly,
483 			  int cdrom)
484 {
485 	struct xen_vbd *vbd;
486 	struct block_device *bdev;
487 	struct request_queue *q;
488 
489 	vbd = &blkif->vbd;
490 	vbd->handle   = handle;
491 	vbd->readonly = readonly;
492 	vbd->type     = 0;
493 
494 	vbd->pdevice  = MKDEV(major, minor);
495 
496 	bdev = blkdev_get_by_dev(vbd->pdevice, vbd->readonly ?
497 				 FMODE_READ : FMODE_WRITE, NULL);
498 
499 	if (IS_ERR(bdev)) {
500 		pr_warn("xen_vbd_create: device %08x could not be opened\n",
501 			vbd->pdevice);
502 		return -ENOENT;
503 	}
504 
505 	vbd->bdev = bdev;
506 	if (vbd->bdev->bd_disk == NULL) {
507 		pr_warn("xen_vbd_create: device %08x doesn't exist\n",
508 			vbd->pdevice);
509 		xen_vbd_free(vbd);
510 		return -ENOENT;
511 	}
512 	vbd->size = vbd_sz(vbd);
513 
514 	if (vbd->bdev->bd_disk->flags & GENHD_FL_CD || cdrom)
515 		vbd->type |= VDISK_CDROM;
516 	if (vbd->bdev->bd_disk->flags & GENHD_FL_REMOVABLE)
517 		vbd->type |= VDISK_REMOVABLE;
518 
519 	q = bdev_get_queue(bdev);
520 	if (q && test_bit(QUEUE_FLAG_WC, &q->queue_flags))
521 		vbd->flush_support = true;
522 
523 	if (q && blk_queue_secure_erase(q))
524 		vbd->discard_secure = true;
525 
526 	vbd->feature_gnt_persistent = feature_persistent;
527 
528 	pr_debug("Successful creation of handle=%04x (dom=%u)\n",
529 		handle, blkif->domid);
530 	return 0;
531 }
532 
533 static int xen_blkbk_remove(struct xenbus_device *dev)
534 {
535 	struct backend_info *be = dev_get_drvdata(&dev->dev);
536 
537 	pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
538 
539 	if (be->major || be->minor)
540 		xenvbd_sysfs_delif(dev);
541 
542 	if (be->backend_watch.node) {
543 		unregister_xenbus_watch(&be->backend_watch);
544 		kfree(be->backend_watch.node);
545 		be->backend_watch.node = NULL;
546 	}
547 
548 	dev_set_drvdata(&dev->dev, NULL);
549 
550 	if (be->blkif) {
551 		xen_blkif_disconnect(be->blkif);
552 
553 		/* Put the reference we set in xen_blkif_alloc(). */
554 		xen_blkif_put(be->blkif);
555 	}
556 
557 	return 0;
558 }
559 
560 int xen_blkbk_flush_diskcache(struct xenbus_transaction xbt,
561 			      struct backend_info *be, int state)
562 {
563 	struct xenbus_device *dev = be->dev;
564 	int err;
565 
566 	err = xenbus_printf(xbt, dev->nodename, "feature-flush-cache",
567 			    "%d", state);
568 	if (err)
569 		dev_warn(&dev->dev, "writing feature-flush-cache (%d)", err);
570 
571 	return err;
572 }
573 
574 static void xen_blkbk_discard(struct xenbus_transaction xbt, struct backend_info *be)
575 {
576 	struct xenbus_device *dev = be->dev;
577 	struct xen_blkif *blkif = be->blkif;
578 	int err;
579 	int state = 0;
580 	struct block_device *bdev = be->blkif->vbd.bdev;
581 	struct request_queue *q = bdev_get_queue(bdev);
582 
583 	if (!xenbus_read_unsigned(dev->nodename, "discard-enable", 1))
584 		return;
585 
586 	if (blk_queue_discard(q)) {
587 		err = xenbus_printf(xbt, dev->nodename,
588 			"discard-granularity", "%u",
589 			q->limits.discard_granularity);
590 		if (err) {
591 			dev_warn(&dev->dev, "writing discard-granularity (%d)", err);
592 			return;
593 		}
594 		err = xenbus_printf(xbt, dev->nodename,
595 			"discard-alignment", "%u",
596 			q->limits.discard_alignment);
597 		if (err) {
598 			dev_warn(&dev->dev, "writing discard-alignment (%d)", err);
599 			return;
600 		}
601 		state = 1;
602 		/* Optional. */
603 		err = xenbus_printf(xbt, dev->nodename,
604 				    "discard-secure", "%d",
605 				    blkif->vbd.discard_secure);
606 		if (err) {
607 			dev_warn(&dev->dev, "writing discard-secure (%d)", err);
608 			return;
609 		}
610 	}
611 	err = xenbus_printf(xbt, dev->nodename, "feature-discard",
612 			    "%d", state);
613 	if (err)
614 		dev_warn(&dev->dev, "writing feature-discard (%d)", err);
615 }
616 
617 int xen_blkbk_barrier(struct xenbus_transaction xbt,
618 		      struct backend_info *be, int state)
619 {
620 	struct xenbus_device *dev = be->dev;
621 	int err;
622 
623 	err = xenbus_printf(xbt, dev->nodename, "feature-barrier",
624 			    "%d", state);
625 	if (err)
626 		dev_warn(&dev->dev, "writing feature-barrier (%d)", err);
627 
628 	return err;
629 }
630 
631 /*
632  * Entry point to this code when a new device is created.  Allocate the basic
633  * structures, and watch the store waiting for the hotplug scripts to tell us
634  * the device's physical major and minor numbers.  Switch to InitWait.
635  */
636 static int xen_blkbk_probe(struct xenbus_device *dev,
637 			   const struct xenbus_device_id *id)
638 {
639 	int err;
640 	struct backend_info *be = kzalloc(sizeof(struct backend_info),
641 					  GFP_KERNEL);
642 
643 	/* match the pr_debug in xen_blkbk_remove */
644 	pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
645 
646 	if (!be) {
647 		xenbus_dev_fatal(dev, -ENOMEM,
648 				 "allocating backend structure");
649 		return -ENOMEM;
650 	}
651 	be->dev = dev;
652 	dev_set_drvdata(&dev->dev, be);
653 
654 	be->blkif = xen_blkif_alloc(dev->otherend_id);
655 	if (IS_ERR(be->blkif)) {
656 		err = PTR_ERR(be->blkif);
657 		be->blkif = NULL;
658 		xenbus_dev_fatal(dev, err, "creating block interface");
659 		goto fail;
660 	}
661 
662 	err = xenbus_printf(XBT_NIL, dev->nodename,
663 			    "feature-max-indirect-segments", "%u",
664 			    MAX_INDIRECT_SEGMENTS);
665 	if (err)
666 		dev_warn(&dev->dev,
667 			 "writing %s/feature-max-indirect-segments (%d)",
668 			 dev->nodename, err);
669 
670 	/* Multi-queue: advertise how many queues are supported by us.*/
671 	err = xenbus_printf(XBT_NIL, dev->nodename,
672 			    "multi-queue-max-queues", "%u", xenblk_max_queues);
673 	if (err)
674 		pr_warn("Error writing multi-queue-max-queues\n");
675 
676 	/* setup back pointer */
677 	be->blkif->be = be;
678 
679 	err = xenbus_watch_pathfmt(dev, &be->backend_watch, NULL,
680 				   backend_changed,
681 				   "%s/%s", dev->nodename, "physical-device");
682 	if (err)
683 		goto fail;
684 
685 	err = xenbus_printf(XBT_NIL, dev->nodename, "max-ring-page-order", "%u",
686 			    xen_blkif_max_ring_order);
687 	if (err)
688 		pr_warn("%s write out 'max-ring-page-order' failed\n", __func__);
689 
690 	err = xenbus_switch_state(dev, XenbusStateInitWait);
691 	if (err)
692 		goto fail;
693 
694 	return 0;
695 
696 fail:
697 	pr_warn("%s failed\n", __func__);
698 	xen_blkbk_remove(dev);
699 	return err;
700 }
701 
702 /*
703  * Callback received when the hotplug scripts have placed the physical-device
704  * node.  Read it and the mode node, and create a vbd.  If the frontend is
705  * ready, connect.
706  */
707 static void backend_changed(struct xenbus_watch *watch,
708 			    const char *path, const char *token)
709 {
710 	int err;
711 	unsigned major;
712 	unsigned minor;
713 	struct backend_info *be
714 		= container_of(watch, struct backend_info, backend_watch);
715 	struct xenbus_device *dev = be->dev;
716 	int cdrom = 0;
717 	unsigned long handle;
718 	char *device_type;
719 
720 	pr_debug("%s %p %d\n", __func__, dev, dev->otherend_id);
721 
722 	err = xenbus_scanf(XBT_NIL, dev->nodename, "physical-device", "%x:%x",
723 			   &major, &minor);
724 	if (XENBUS_EXIST_ERR(err)) {
725 		/*
726 		 * Since this watch will fire once immediately after it is
727 		 * registered, we expect this.  Ignore it, and wait for the
728 		 * hotplug scripts.
729 		 */
730 		return;
731 	}
732 	if (err != 2) {
733 		xenbus_dev_fatal(dev, err, "reading physical-device");
734 		return;
735 	}
736 
737 	if (be->major | be->minor) {
738 		if (be->major != major || be->minor != minor)
739 			pr_warn("changing physical device (from %x:%x to %x:%x) not supported.\n",
740 				be->major, be->minor, major, minor);
741 		return;
742 	}
743 
744 	be->mode = xenbus_read(XBT_NIL, dev->nodename, "mode", NULL);
745 	if (IS_ERR(be->mode)) {
746 		err = PTR_ERR(be->mode);
747 		be->mode = NULL;
748 		xenbus_dev_fatal(dev, err, "reading mode");
749 		return;
750 	}
751 
752 	device_type = xenbus_read(XBT_NIL, dev->otherend, "device-type", NULL);
753 	if (!IS_ERR(device_type)) {
754 		cdrom = strcmp(device_type, "cdrom") == 0;
755 		kfree(device_type);
756 	}
757 
758 	/* Front end dir is a number, which is used as the handle. */
759 	err = kstrtoul(strrchr(dev->otherend, '/') + 1, 0, &handle);
760 	if (err) {
761 		kfree(be->mode);
762 		be->mode = NULL;
763 		return;
764 	}
765 
766 	be->major = major;
767 	be->minor = minor;
768 
769 	err = xen_vbd_create(be->blkif, handle, major, minor,
770 			     !strchr(be->mode, 'w'), cdrom);
771 
772 	if (err)
773 		xenbus_dev_fatal(dev, err, "creating vbd structure");
774 	else {
775 		err = xenvbd_sysfs_addif(dev);
776 		if (err) {
777 			xen_vbd_free(&be->blkif->vbd);
778 			xenbus_dev_fatal(dev, err, "creating sysfs entries");
779 		}
780 	}
781 
782 	if (err) {
783 		kfree(be->mode);
784 		be->mode = NULL;
785 		be->major = 0;
786 		be->minor = 0;
787 	} else {
788 		/* We're potentially connected now */
789 		xen_update_blkif_status(be->blkif);
790 	}
791 }
792 
793 /*
794  * Callback received when the frontend's state changes.
795  */
796 static void frontend_changed(struct xenbus_device *dev,
797 			     enum xenbus_state frontend_state)
798 {
799 	struct backend_info *be = dev_get_drvdata(&dev->dev);
800 	int err;
801 
802 	pr_debug("%s %p %s\n", __func__, dev, xenbus_strstate(frontend_state));
803 
804 	switch (frontend_state) {
805 	case XenbusStateInitialising:
806 		if (dev->state == XenbusStateClosed) {
807 			pr_info("%s: prepare for reconnect\n", dev->nodename);
808 			xenbus_switch_state(dev, XenbusStateInitWait);
809 		}
810 		break;
811 
812 	case XenbusStateInitialised:
813 	case XenbusStateConnected:
814 		/*
815 		 * Ensure we connect even when two watches fire in
816 		 * close succession and we miss the intermediate value
817 		 * of frontend_state.
818 		 */
819 		if (dev->state == XenbusStateConnected)
820 			break;
821 
822 		/*
823 		 * Enforce precondition before potential leak point.
824 		 * xen_blkif_disconnect() is idempotent.
825 		 */
826 		err = xen_blkif_disconnect(be->blkif);
827 		if (err) {
828 			xenbus_dev_fatal(dev, err, "pending I/O");
829 			break;
830 		}
831 
832 		err = connect_ring(be);
833 		if (err) {
834 			/*
835 			 * Clean up so that memory resources can be used by
836 			 * other devices. connect_ring reported already error.
837 			 */
838 			xen_blkif_disconnect(be->blkif);
839 			break;
840 		}
841 		xen_update_blkif_status(be->blkif);
842 		break;
843 
844 	case XenbusStateClosing:
845 		xenbus_switch_state(dev, XenbusStateClosing);
846 		break;
847 
848 	case XenbusStateClosed:
849 		xen_blkif_disconnect(be->blkif);
850 		xenbus_switch_state(dev, XenbusStateClosed);
851 		if (xenbus_dev_is_online(dev))
852 			break;
853 		fallthrough;
854 		/* if not online */
855 	case XenbusStateUnknown:
856 		/* implies xen_blkif_disconnect() via xen_blkbk_remove() */
857 		device_unregister(&dev->dev);
858 		break;
859 
860 	default:
861 		xenbus_dev_fatal(dev, -EINVAL, "saw state %d at frontend",
862 				 frontend_state);
863 		break;
864 	}
865 }
866 
867 /* Once a memory pressure is detected, squeeze free page pools for a while. */
868 static unsigned int buffer_squeeze_duration_ms = 10;
869 module_param_named(buffer_squeeze_duration_ms,
870 		buffer_squeeze_duration_ms, int, 0644);
871 MODULE_PARM_DESC(buffer_squeeze_duration_ms,
872 "Duration in ms to squeeze pages buffer when a memory pressure is detected");
873 
874 /*
875  * Callback received when the memory pressure is detected.
876  */
877 static void reclaim_memory(struct xenbus_device *dev)
878 {
879 	struct backend_info *be = dev_get_drvdata(&dev->dev);
880 
881 	if (!be)
882 		return;
883 	be->blkif->buffer_squeeze_end = jiffies +
884 		msecs_to_jiffies(buffer_squeeze_duration_ms);
885 }
886 
887 /* ** Connection ** */
888 
889 /*
890  * Write the physical details regarding the block device to the store, and
891  * switch to Connected state.
892  */
893 static void connect(struct backend_info *be)
894 {
895 	struct xenbus_transaction xbt;
896 	int err;
897 	struct xenbus_device *dev = be->dev;
898 
899 	pr_debug("%s %s\n", __func__, dev->otherend);
900 
901 	/* Supply the information about the device the frontend needs */
902 again:
903 	err = xenbus_transaction_start(&xbt);
904 	if (err) {
905 		xenbus_dev_fatal(dev, err, "starting transaction");
906 		return;
907 	}
908 
909 	/* If we can't advertise it is OK. */
910 	xen_blkbk_flush_diskcache(xbt, be, be->blkif->vbd.flush_support);
911 
912 	xen_blkbk_discard(xbt, be);
913 
914 	xen_blkbk_barrier(xbt, be, be->blkif->vbd.flush_support);
915 
916 	err = xenbus_printf(xbt, dev->nodename, "feature-persistent", "%u",
917 			be->blkif->vbd.feature_gnt_persistent);
918 	if (err) {
919 		xenbus_dev_fatal(dev, err, "writing %s/feature-persistent",
920 				 dev->nodename);
921 		goto abort;
922 	}
923 
924 	err = xenbus_printf(xbt, dev->nodename, "sectors", "%llu",
925 			    (unsigned long long)vbd_sz(&be->blkif->vbd));
926 	if (err) {
927 		xenbus_dev_fatal(dev, err, "writing %s/sectors",
928 				 dev->nodename);
929 		goto abort;
930 	}
931 
932 	/* FIXME: use a typename instead */
933 	err = xenbus_printf(xbt, dev->nodename, "info", "%u",
934 			    be->blkif->vbd.type |
935 			    (be->blkif->vbd.readonly ? VDISK_READONLY : 0));
936 	if (err) {
937 		xenbus_dev_fatal(dev, err, "writing %s/info",
938 				 dev->nodename);
939 		goto abort;
940 	}
941 	err = xenbus_printf(xbt, dev->nodename, "sector-size", "%lu",
942 			    (unsigned long)
943 			    bdev_logical_block_size(be->blkif->vbd.bdev));
944 	if (err) {
945 		xenbus_dev_fatal(dev, err, "writing %s/sector-size",
946 				 dev->nodename);
947 		goto abort;
948 	}
949 	err = xenbus_printf(xbt, dev->nodename, "physical-sector-size", "%u",
950 			    bdev_physical_block_size(be->blkif->vbd.bdev));
951 	if (err)
952 		xenbus_dev_error(dev, err, "writing %s/physical-sector-size",
953 				 dev->nodename);
954 
955 	err = xenbus_transaction_end(xbt, 0);
956 	if (err == -EAGAIN)
957 		goto again;
958 	if (err)
959 		xenbus_dev_fatal(dev, err, "ending transaction");
960 
961 	err = xenbus_switch_state(dev, XenbusStateConnected);
962 	if (err)
963 		xenbus_dev_fatal(dev, err, "%s: switching to Connected state",
964 				 dev->nodename);
965 
966 	return;
967  abort:
968 	xenbus_transaction_end(xbt, 1);
969 }
970 
971 /*
972  * Each ring may have multi pages, depends on "ring-page-order".
973  */
974 static int read_per_ring_refs(struct xen_blkif_ring *ring, const char *dir)
975 {
976 	unsigned int ring_ref[XENBUS_MAX_RING_GRANTS];
977 	struct pending_req *req, *n;
978 	int err, i, j;
979 	struct xen_blkif *blkif = ring->blkif;
980 	struct xenbus_device *dev = blkif->be->dev;
981 	unsigned int nr_grefs, evtchn;
982 
983 	err = xenbus_scanf(XBT_NIL, dir, "event-channel", "%u",
984 			  &evtchn);
985 	if (err != 1) {
986 		err = -EINVAL;
987 		xenbus_dev_fatal(dev, err, "reading %s/event-channel", dir);
988 		return err;
989 	}
990 
991 	nr_grefs = blkif->nr_ring_pages;
992 
993 	if (unlikely(!nr_grefs)) {
994 		WARN_ON(true);
995 		return -EINVAL;
996 	}
997 
998 	for (i = 0; i < nr_grefs; i++) {
999 		char ring_ref_name[RINGREF_NAME_LEN];
1000 
1001 		snprintf(ring_ref_name, RINGREF_NAME_LEN, "ring-ref%u", i);
1002 		err = xenbus_scanf(XBT_NIL, dir, ring_ref_name,
1003 				   "%u", &ring_ref[i]);
1004 
1005 		if (err != 1) {
1006 			if (nr_grefs == 1)
1007 				break;
1008 
1009 			err = -EINVAL;
1010 			xenbus_dev_fatal(dev, err, "reading %s/%s",
1011 					 dir, ring_ref_name);
1012 			return err;
1013 		}
1014 	}
1015 
1016 	if (err != 1) {
1017 		WARN_ON(nr_grefs != 1);
1018 
1019 		err = xenbus_scanf(XBT_NIL, dir, "ring-ref", "%u",
1020 				   &ring_ref[0]);
1021 		if (err != 1) {
1022 			err = -EINVAL;
1023 			xenbus_dev_fatal(dev, err, "reading %s/ring-ref", dir);
1024 			return err;
1025 		}
1026 	}
1027 
1028 	err = -ENOMEM;
1029 	for (i = 0; i < nr_grefs * XEN_BLKIF_REQS_PER_PAGE; i++) {
1030 		req = kzalloc(sizeof(*req), GFP_KERNEL);
1031 		if (!req)
1032 			goto fail;
1033 		list_add_tail(&req->free_list, &ring->pending_free);
1034 		for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++) {
1035 			req->segments[j] = kzalloc(sizeof(*req->segments[0]), GFP_KERNEL);
1036 			if (!req->segments[j])
1037 				goto fail;
1038 		}
1039 		for (j = 0; j < MAX_INDIRECT_PAGES; j++) {
1040 			req->indirect_pages[j] = kzalloc(sizeof(*req->indirect_pages[0]),
1041 							 GFP_KERNEL);
1042 			if (!req->indirect_pages[j])
1043 				goto fail;
1044 		}
1045 	}
1046 
1047 	/* Map the shared frame, irq etc. */
1048 	err = xen_blkif_map(ring, ring_ref, nr_grefs, evtchn);
1049 	if (err) {
1050 		xenbus_dev_fatal(dev, err, "mapping ring-ref port %u", evtchn);
1051 		goto fail;
1052 	}
1053 
1054 	return 0;
1055 
1056 fail:
1057 	list_for_each_entry_safe(req, n, &ring->pending_free, free_list) {
1058 		list_del(&req->free_list);
1059 		for (j = 0; j < MAX_INDIRECT_SEGMENTS; j++) {
1060 			if (!req->segments[j])
1061 				break;
1062 			kfree(req->segments[j]);
1063 		}
1064 		for (j = 0; j < MAX_INDIRECT_PAGES; j++) {
1065 			if (!req->indirect_pages[j])
1066 				break;
1067 			kfree(req->indirect_pages[j]);
1068 		}
1069 		kfree(req);
1070 	}
1071 	return err;
1072 }
1073 
1074 static int connect_ring(struct backend_info *be)
1075 {
1076 	struct xenbus_device *dev = be->dev;
1077 	struct xen_blkif *blkif = be->blkif;
1078 	char protocol[64] = "";
1079 	int err, i;
1080 	char *xspath;
1081 	size_t xspathsize;
1082 	const size_t xenstore_path_ext_size = 11; /* sufficient for "/queue-NNN" */
1083 	unsigned int requested_num_queues = 0;
1084 	unsigned int ring_page_order;
1085 
1086 	pr_debug("%s %s\n", __func__, dev->otherend);
1087 
1088 	blkif->blk_protocol = BLKIF_PROTOCOL_DEFAULT;
1089 	err = xenbus_scanf(XBT_NIL, dev->otherend, "protocol",
1090 			   "%63s", protocol);
1091 	if (err <= 0)
1092 		strcpy(protocol, "unspecified, assuming default");
1093 	else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_NATIVE))
1094 		blkif->blk_protocol = BLKIF_PROTOCOL_NATIVE;
1095 	else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_X86_32))
1096 		blkif->blk_protocol = BLKIF_PROTOCOL_X86_32;
1097 	else if (0 == strcmp(protocol, XEN_IO_PROTO_ABI_X86_64))
1098 		blkif->blk_protocol = BLKIF_PROTOCOL_X86_64;
1099 	else {
1100 		xenbus_dev_fatal(dev, err, "unknown fe protocol %s", protocol);
1101 		return -ENOSYS;
1102 	}
1103 	if (blkif->vbd.feature_gnt_persistent)
1104 		blkif->vbd.feature_gnt_persistent =
1105 			xenbus_read_unsigned(dev->otherend,
1106 					"feature-persistent", 0);
1107 
1108 	blkif->vbd.overflow_max_grants = 0;
1109 
1110 	/*
1111 	 * Read the number of hardware queues from frontend.
1112 	 */
1113 	requested_num_queues = xenbus_read_unsigned(dev->otherend,
1114 						    "multi-queue-num-queues",
1115 						    1);
1116 	if (requested_num_queues > xenblk_max_queues
1117 	    || requested_num_queues == 0) {
1118 		/* Buggy or malicious guest. */
1119 		xenbus_dev_fatal(dev, err,
1120 				"guest requested %u queues, exceeding the maximum of %u.",
1121 				requested_num_queues, xenblk_max_queues);
1122 		return -ENOSYS;
1123 	}
1124 	blkif->nr_rings = requested_num_queues;
1125 	if (xen_blkif_alloc_rings(blkif))
1126 		return -ENOMEM;
1127 
1128 	pr_info("%s: using %d queues, protocol %d (%s) %s\n", dev->nodename,
1129 		 blkif->nr_rings, blkif->blk_protocol, protocol,
1130 		 blkif->vbd.feature_gnt_persistent ? "persistent grants" : "");
1131 
1132 	ring_page_order = xenbus_read_unsigned(dev->otherend,
1133 					       "ring-page-order", 0);
1134 
1135 	if (ring_page_order > xen_blkif_max_ring_order) {
1136 		err = -EINVAL;
1137 		xenbus_dev_fatal(dev, err,
1138 				 "requested ring page order %d exceed max:%d",
1139 				 ring_page_order,
1140 				 xen_blkif_max_ring_order);
1141 		return err;
1142 	}
1143 
1144 	blkif->nr_ring_pages = 1 << ring_page_order;
1145 
1146 	if (blkif->nr_rings == 1)
1147 		return read_per_ring_refs(&blkif->rings[0], dev->otherend);
1148 	else {
1149 		xspathsize = strlen(dev->otherend) + xenstore_path_ext_size;
1150 		xspath = kmalloc(xspathsize, GFP_KERNEL);
1151 		if (!xspath) {
1152 			xenbus_dev_fatal(dev, -ENOMEM, "reading ring references");
1153 			return -ENOMEM;
1154 		}
1155 
1156 		for (i = 0; i < blkif->nr_rings; i++) {
1157 			memset(xspath, 0, xspathsize);
1158 			snprintf(xspath, xspathsize, "%s/queue-%u", dev->otherend, i);
1159 			err = read_per_ring_refs(&blkif->rings[i], xspath);
1160 			if (err) {
1161 				kfree(xspath);
1162 				return err;
1163 			}
1164 		}
1165 		kfree(xspath);
1166 	}
1167 	return 0;
1168 }
1169 
1170 static const struct xenbus_device_id xen_blkbk_ids[] = {
1171 	{ "vbd" },
1172 	{ "" }
1173 };
1174 
1175 static struct xenbus_driver xen_blkbk_driver = {
1176 	.ids  = xen_blkbk_ids,
1177 	.probe = xen_blkbk_probe,
1178 	.remove = xen_blkbk_remove,
1179 	.otherend_changed = frontend_changed,
1180 	.allow_rebind = true,
1181 	.reclaim_memory = reclaim_memory,
1182 };
1183 
1184 int xen_blkif_xenbus_init(void)
1185 {
1186 	return xenbus_register_backend(&xen_blkbk_driver);
1187 }
1188 
1189 void xen_blkif_xenbus_fini(void)
1190 {
1191 	xenbus_unregister_driver(&xen_blkbk_driver);
1192 }
1193