1 /* 2 * Virtio SCSI HBA 3 * 4 * Copyright IBM, Corp. 2010 5 * Copyright Red Hat, Inc. 2011 6 * 7 * Authors: 8 * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> 9 * Paolo Bonzini <pbonzini@redhat.com> 10 * 11 * This work is licensed under the terms of the GNU GPL, version 2 or later. 12 * See the COPYING file in the top-level directory. 13 * 14 */ 15 16 #include "qemu/osdep.h" 17 #include "qapi/error.h" 18 #include "standard-headers/linux/virtio_ids.h" 19 #include "hw/virtio/virtio-scsi.h" 20 #include "migration/qemu-file-types.h" 21 #include "qemu/error-report.h" 22 #include "qemu/iov.h" 23 #include "qemu/module.h" 24 #include "sysemu/block-backend.h" 25 #include "hw/qdev-properties.h" 26 #include "hw/scsi/scsi.h" 27 #include "scsi/constants.h" 28 #include "hw/virtio/virtio-bus.h" 29 #include "hw/virtio/virtio-access.h" 30 #include "trace.h" 31 32 static inline int virtio_scsi_get_lun(uint8_t *lun) 33 { 34 return ((lun[2] << 8) | lun[3]) & 0x3FFF; 35 } 36 37 static inline SCSIDevice *virtio_scsi_device_get(VirtIOSCSI *s, uint8_t *lun) 38 { 39 if (lun[0] != 1) { 40 return NULL; 41 } 42 if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) { 43 return NULL; 44 } 45 return scsi_device_get(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun)); 46 } 47 48 void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req) 49 { 50 VirtIODevice *vdev = VIRTIO_DEVICE(s); 51 const size_t zero_skip = 52 offsetof(VirtIOSCSIReq, resp_iov) + sizeof(req->resp_iov); 53 54 req->vq = vq; 55 req->dev = s; 56 qemu_sglist_init(&req->qsgl, DEVICE(s), 8, vdev->dma_as); 57 qemu_iovec_init(&req->resp_iov, 1); 58 memset((uint8_t *)req + zero_skip, 0, sizeof(*req) - zero_skip); 59 } 60 61 void virtio_scsi_free_req(VirtIOSCSIReq *req) 62 { 63 qemu_iovec_destroy(&req->resp_iov); 64 qemu_sglist_destroy(&req->qsgl); 65 g_free(req); 66 } 67 68 static void virtio_scsi_complete_req(VirtIOSCSIReq *req) 69 { 70 VirtIOSCSI *s = req->dev; 71 VirtQueue *vq = req->vq; 72 VirtIODevice *vdev = VIRTIO_DEVICE(s); 73 74 qemu_iovec_from_buf(&req->resp_iov, 0, &req->resp, req->resp_size); 75 virtqueue_push(vq, &req->elem, req->qsgl.size + req->resp_iov.size); 76 if (s->dataplane_started && !s->dataplane_fenced) { 77 virtio_notify_irqfd(vdev, vq); 78 } else { 79 virtio_notify(vdev, vq); 80 } 81 82 if (req->sreq) { 83 req->sreq->hba_private = NULL; 84 scsi_req_unref(req->sreq); 85 } 86 virtio_scsi_free_req(req); 87 } 88 89 static void virtio_scsi_bad_req(VirtIOSCSIReq *req) 90 { 91 virtio_error(VIRTIO_DEVICE(req->dev), "wrong size for virtio-scsi headers"); 92 virtqueue_detach_element(req->vq, &req->elem, 0); 93 virtio_scsi_free_req(req); 94 } 95 96 static size_t qemu_sgl_concat(VirtIOSCSIReq *req, struct iovec *iov, 97 hwaddr *addr, int num, size_t skip) 98 { 99 QEMUSGList *qsgl = &req->qsgl; 100 size_t copied = 0; 101 102 while (num) { 103 if (skip >= iov->iov_len) { 104 skip -= iov->iov_len; 105 } else { 106 qemu_sglist_add(qsgl, *addr + skip, iov->iov_len - skip); 107 copied += iov->iov_len - skip; 108 skip = 0; 109 } 110 iov++; 111 addr++; 112 num--; 113 } 114 115 assert(skip == 0); 116 return copied; 117 } 118 119 static int virtio_scsi_parse_req(VirtIOSCSIReq *req, 120 unsigned req_size, unsigned resp_size) 121 { 122 VirtIODevice *vdev = (VirtIODevice *) req->dev; 123 size_t in_size, out_size; 124 125 if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0, 126 &req->req, req_size) < req_size) { 127 return -EINVAL; 128 } 129 130 if (qemu_iovec_concat_iov(&req->resp_iov, 131 req->elem.in_sg, req->elem.in_num, 0, 132 resp_size) < resp_size) { 133 return -EINVAL; 134 } 135 136 req->resp_size = resp_size; 137 138 /* Old BIOSes left some padding by mistake after the req_size/resp_size. 139 * As a workaround, always consider the first buffer as the virtio-scsi 140 * request/response, making the payload start at the second element 141 * of the iovec. 142 * 143 * The actual length of the response header, stored in req->resp_size, 144 * does not change. 145 * 146 * TODO: always disable this workaround for virtio 1.0 devices. 147 */ 148 if (!virtio_vdev_has_feature(vdev, VIRTIO_F_ANY_LAYOUT)) { 149 if (req->elem.out_num) { 150 req_size = req->elem.out_sg[0].iov_len; 151 } 152 if (req->elem.in_num) { 153 resp_size = req->elem.in_sg[0].iov_len; 154 } 155 } 156 157 out_size = qemu_sgl_concat(req, req->elem.out_sg, 158 &req->elem.out_addr[0], req->elem.out_num, 159 req_size); 160 in_size = qemu_sgl_concat(req, req->elem.in_sg, 161 &req->elem.in_addr[0], req->elem.in_num, 162 resp_size); 163 164 if (out_size && in_size) { 165 return -ENOTSUP; 166 } 167 168 if (out_size) { 169 req->mode = SCSI_XFER_TO_DEV; 170 } else if (in_size) { 171 req->mode = SCSI_XFER_FROM_DEV; 172 } 173 174 return 0; 175 } 176 177 static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq) 178 { 179 VirtIOSCSICommon *vs = (VirtIOSCSICommon *)s; 180 VirtIOSCSIReq *req; 181 182 req = virtqueue_pop(vq, sizeof(VirtIOSCSIReq) + vs->cdb_size); 183 if (!req) { 184 return NULL; 185 } 186 virtio_scsi_init_req(s, vq, req); 187 return req; 188 } 189 190 static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq) 191 { 192 VirtIOSCSIReq *req = sreq->hba_private; 193 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(req->dev); 194 VirtIODevice *vdev = VIRTIO_DEVICE(req->dev); 195 uint32_t n = virtio_get_queue_index(req->vq) - VIRTIO_SCSI_VQ_NUM_FIXED; 196 197 assert(n < vs->conf.num_queues); 198 qemu_put_be32s(f, &n); 199 qemu_put_virtqueue_element(vdev, f, &req->elem); 200 } 201 202 static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq) 203 { 204 SCSIBus *bus = sreq->bus; 205 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); 206 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s); 207 VirtIODevice *vdev = VIRTIO_DEVICE(s); 208 VirtIOSCSIReq *req; 209 uint32_t n; 210 211 qemu_get_be32s(f, &n); 212 assert(n < vs->conf.num_queues); 213 req = qemu_get_virtqueue_element(vdev, f, 214 sizeof(VirtIOSCSIReq) + vs->cdb_size); 215 virtio_scsi_init_req(s, vs->cmd_vqs[n], req); 216 217 if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICmdReq) + vs->cdb_size, 218 sizeof(VirtIOSCSICmdResp) + vs->sense_size) < 0) { 219 error_report("invalid SCSI request migration data"); 220 exit(1); 221 } 222 223 scsi_req_ref(sreq); 224 req->sreq = sreq; 225 if (req->sreq->cmd.mode != SCSI_XFER_NONE) { 226 assert(req->sreq->cmd.mode == req->mode); 227 } 228 return req; 229 } 230 231 typedef struct { 232 Notifier notifier; 233 VirtIOSCSIReq *tmf_req; 234 } VirtIOSCSICancelNotifier; 235 236 static void virtio_scsi_cancel_notify(Notifier *notifier, void *data) 237 { 238 VirtIOSCSICancelNotifier *n = container_of(notifier, 239 VirtIOSCSICancelNotifier, 240 notifier); 241 242 if (--n->tmf_req->remaining == 0) { 243 VirtIOSCSIReq *req = n->tmf_req; 244 245 trace_virtio_scsi_tmf_resp(virtio_scsi_get_lun(req->req.tmf.lun), 246 req->req.tmf.tag, req->resp.tmf.response); 247 virtio_scsi_complete_req(req); 248 } 249 g_free(n); 250 } 251 252 static inline void virtio_scsi_ctx_check(VirtIOSCSI *s, SCSIDevice *d) 253 { 254 if (s->dataplane_started && d && blk_is_available(d->conf.blk)) { 255 assert(blk_get_aio_context(d->conf.blk) == s->ctx); 256 } 257 } 258 259 /* Return 0 if the request is ready to be completed and return to guest; 260 * -EINPROGRESS if the request is submitted and will be completed later, in the 261 * case of async cancellation. */ 262 static int virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req) 263 { 264 SCSIDevice *d = virtio_scsi_device_get(s, req->req.tmf.lun); 265 SCSIRequest *r, *next; 266 BusChild *kid; 267 int target; 268 int ret = 0; 269 270 virtio_scsi_ctx_check(s, d); 271 /* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */ 272 req->resp.tmf.response = VIRTIO_SCSI_S_OK; 273 274 /* 275 * req->req.tmf has the QEMU_PACKED attribute. Don't use virtio_tswap32s() 276 * to avoid compiler errors. 277 */ 278 req->req.tmf.subtype = 279 virtio_tswap32(VIRTIO_DEVICE(s), req->req.tmf.subtype); 280 281 trace_virtio_scsi_tmf_req(virtio_scsi_get_lun(req->req.tmf.lun), 282 req->req.tmf.tag, req->req.tmf.subtype); 283 284 switch (req->req.tmf.subtype) { 285 case VIRTIO_SCSI_T_TMF_ABORT_TASK: 286 case VIRTIO_SCSI_T_TMF_QUERY_TASK: 287 if (!d) { 288 goto fail; 289 } 290 if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) { 291 goto incorrect_lun; 292 } 293 QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) { 294 VirtIOSCSIReq *cmd_req = r->hba_private; 295 if (cmd_req && cmd_req->req.cmd.tag == req->req.tmf.tag) { 296 break; 297 } 298 } 299 if (r) { 300 /* 301 * Assert that the request has not been completed yet, we 302 * check for it in the loop above. 303 */ 304 assert(r->hba_private); 305 if (req->req.tmf.subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK) { 306 /* "If the specified command is present in the task set, then 307 * return a service response set to FUNCTION SUCCEEDED". 308 */ 309 req->resp.tmf.response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; 310 } else { 311 VirtIOSCSICancelNotifier *notifier; 312 313 req->remaining = 1; 314 notifier = g_new(VirtIOSCSICancelNotifier, 1); 315 notifier->tmf_req = req; 316 notifier->notifier.notify = virtio_scsi_cancel_notify; 317 scsi_req_cancel_async(r, ¬ifier->notifier); 318 ret = -EINPROGRESS; 319 } 320 } 321 break; 322 323 case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET: 324 if (!d) { 325 goto fail; 326 } 327 if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) { 328 goto incorrect_lun; 329 } 330 s->resetting++; 331 qdev_reset_all(&d->qdev); 332 s->resetting--; 333 break; 334 335 case VIRTIO_SCSI_T_TMF_ABORT_TASK_SET: 336 case VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET: 337 case VIRTIO_SCSI_T_TMF_QUERY_TASK_SET: 338 if (!d) { 339 goto fail; 340 } 341 if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) { 342 goto incorrect_lun; 343 } 344 345 /* Add 1 to "remaining" until virtio_scsi_do_tmf returns. 346 * This way, if the bus starts calling back to the notifiers 347 * even before we finish the loop, virtio_scsi_cancel_notify 348 * will not complete the TMF too early. 349 */ 350 req->remaining = 1; 351 QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) { 352 if (r->hba_private) { 353 if (req->req.tmf.subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK_SET) { 354 /* "If there is any command present in the task set, then 355 * return a service response set to FUNCTION SUCCEEDED". 356 */ 357 req->resp.tmf.response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; 358 break; 359 } else { 360 VirtIOSCSICancelNotifier *notifier; 361 362 req->remaining++; 363 notifier = g_new(VirtIOSCSICancelNotifier, 1); 364 notifier->notifier.notify = virtio_scsi_cancel_notify; 365 notifier->tmf_req = req; 366 scsi_req_cancel_async(r, ¬ifier->notifier); 367 } 368 } 369 } 370 if (--req->remaining > 0) { 371 ret = -EINPROGRESS; 372 } 373 break; 374 375 case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET: 376 target = req->req.tmf.lun[1]; 377 s->resetting++; 378 379 rcu_read_lock(); 380 QTAILQ_FOREACH_RCU(kid, &s->bus.qbus.children, sibling) { 381 SCSIDevice *d1 = SCSI_DEVICE(kid->child); 382 if (d1->channel == 0 && d1->id == target) { 383 qdev_reset_all(&d1->qdev); 384 } 385 } 386 rcu_read_unlock(); 387 388 s->resetting--; 389 break; 390 391 case VIRTIO_SCSI_T_TMF_CLEAR_ACA: 392 default: 393 req->resp.tmf.response = VIRTIO_SCSI_S_FUNCTION_REJECTED; 394 break; 395 } 396 397 object_unref(OBJECT(d)); 398 return ret; 399 400 incorrect_lun: 401 req->resp.tmf.response = VIRTIO_SCSI_S_INCORRECT_LUN; 402 object_unref(OBJECT(d)); 403 return ret; 404 405 fail: 406 req->resp.tmf.response = VIRTIO_SCSI_S_BAD_TARGET; 407 object_unref(OBJECT(d)); 408 return ret; 409 } 410 411 static void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s, VirtIOSCSIReq *req) 412 { 413 VirtIODevice *vdev = (VirtIODevice *)s; 414 uint32_t type; 415 int r = 0; 416 417 if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0, 418 &type, sizeof(type)) < sizeof(type)) { 419 virtio_scsi_bad_req(req); 420 return; 421 } 422 423 virtio_tswap32s(vdev, &type); 424 if (type == VIRTIO_SCSI_T_TMF) { 425 if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlTMFReq), 426 sizeof(VirtIOSCSICtrlTMFResp)) < 0) { 427 virtio_scsi_bad_req(req); 428 return; 429 } else { 430 r = virtio_scsi_do_tmf(s, req); 431 } 432 433 } else if (type == VIRTIO_SCSI_T_AN_QUERY || 434 type == VIRTIO_SCSI_T_AN_SUBSCRIBE) { 435 if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlANReq), 436 sizeof(VirtIOSCSICtrlANResp)) < 0) { 437 virtio_scsi_bad_req(req); 438 return; 439 } else { 440 req->req.an.event_requested = 441 virtio_tswap32(VIRTIO_DEVICE(s), req->req.an.event_requested); 442 trace_virtio_scsi_an_req(virtio_scsi_get_lun(req->req.an.lun), 443 req->req.an.event_requested); 444 req->resp.an.event_actual = 0; 445 req->resp.an.response = VIRTIO_SCSI_S_OK; 446 } 447 } 448 if (r == 0) { 449 if (type == VIRTIO_SCSI_T_TMF) 450 trace_virtio_scsi_tmf_resp(virtio_scsi_get_lun(req->req.tmf.lun), 451 req->req.tmf.tag, 452 req->resp.tmf.response); 453 else if (type == VIRTIO_SCSI_T_AN_QUERY || 454 type == VIRTIO_SCSI_T_AN_SUBSCRIBE) 455 trace_virtio_scsi_an_resp(virtio_scsi_get_lun(req->req.an.lun), 456 req->resp.an.response); 457 virtio_scsi_complete_req(req); 458 } else { 459 assert(r == -EINPROGRESS); 460 } 461 } 462 463 bool virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq) 464 { 465 VirtIOSCSIReq *req; 466 bool progress = false; 467 468 while ((req = virtio_scsi_pop_req(s, vq))) { 469 progress = true; 470 virtio_scsi_handle_ctrl_req(s, req); 471 } 472 return progress; 473 } 474 475 static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 476 { 477 VirtIOSCSI *s = (VirtIOSCSI *)vdev; 478 479 if (s->ctx) { 480 virtio_device_start_ioeventfd(vdev); 481 if (!s->dataplane_fenced) { 482 return; 483 } 484 } 485 virtio_scsi_acquire(s); 486 virtio_scsi_handle_ctrl_vq(s, vq); 487 virtio_scsi_release(s); 488 } 489 490 static void virtio_scsi_complete_cmd_req(VirtIOSCSIReq *req) 491 { 492 trace_virtio_scsi_cmd_resp(virtio_scsi_get_lun(req->req.cmd.lun), 493 req->req.cmd.tag, 494 req->resp.cmd.response, 495 req->resp.cmd.status); 496 /* Sense data is not in req->resp and is copied separately 497 * in virtio_scsi_command_complete. 498 */ 499 req->resp_size = sizeof(VirtIOSCSICmdResp); 500 virtio_scsi_complete_req(req); 501 } 502 503 static void virtio_scsi_command_complete(SCSIRequest *r, size_t resid) 504 { 505 VirtIOSCSIReq *req = r->hba_private; 506 uint8_t sense[SCSI_SENSE_BUF_SIZE]; 507 uint32_t sense_len; 508 VirtIODevice *vdev = VIRTIO_DEVICE(req->dev); 509 510 if (r->io_canceled) { 511 return; 512 } 513 514 req->resp.cmd.response = VIRTIO_SCSI_S_OK; 515 req->resp.cmd.status = r->status; 516 if (req->resp.cmd.status == GOOD) { 517 req->resp.cmd.resid = virtio_tswap32(vdev, resid); 518 } else { 519 req->resp.cmd.resid = 0; 520 sense_len = scsi_req_get_sense(r, sense, sizeof(sense)); 521 sense_len = MIN(sense_len, req->resp_iov.size - sizeof(req->resp.cmd)); 522 qemu_iovec_from_buf(&req->resp_iov, sizeof(req->resp.cmd), 523 sense, sense_len); 524 req->resp.cmd.sense_len = virtio_tswap32(vdev, sense_len); 525 } 526 virtio_scsi_complete_cmd_req(req); 527 } 528 529 static int virtio_scsi_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, 530 uint8_t *buf, void *hba_private) 531 { 532 VirtIOSCSIReq *req = hba_private; 533 534 if (cmd->len == 0) { 535 cmd->len = MIN(VIRTIO_SCSI_CDB_DEFAULT_SIZE, SCSI_CMD_BUF_SIZE); 536 memcpy(cmd->buf, buf, cmd->len); 537 } 538 539 /* Extract the direction and mode directly from the request, for 540 * host device passthrough. 541 */ 542 cmd->xfer = req->qsgl.size; 543 cmd->mode = req->mode; 544 return 0; 545 } 546 547 static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r) 548 { 549 VirtIOSCSIReq *req = r->hba_private; 550 551 return &req->qsgl; 552 } 553 554 static void virtio_scsi_request_cancelled(SCSIRequest *r) 555 { 556 VirtIOSCSIReq *req = r->hba_private; 557 558 if (!req) { 559 return; 560 } 561 if (req->dev->resetting) { 562 req->resp.cmd.response = VIRTIO_SCSI_S_RESET; 563 } else { 564 req->resp.cmd.response = VIRTIO_SCSI_S_ABORTED; 565 } 566 virtio_scsi_complete_cmd_req(req); 567 } 568 569 static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req) 570 { 571 req->resp.cmd.response = VIRTIO_SCSI_S_FAILURE; 572 virtio_scsi_complete_cmd_req(req); 573 } 574 575 static int virtio_scsi_handle_cmd_req_prepare(VirtIOSCSI *s, VirtIOSCSIReq *req) 576 { 577 VirtIOSCSICommon *vs = &s->parent_obj; 578 SCSIDevice *d; 579 int rc; 580 581 rc = virtio_scsi_parse_req(req, sizeof(VirtIOSCSICmdReq) + vs->cdb_size, 582 sizeof(VirtIOSCSICmdResp) + vs->sense_size); 583 if (rc < 0) { 584 if (rc == -ENOTSUP) { 585 virtio_scsi_fail_cmd_req(req); 586 return -ENOTSUP; 587 } else { 588 virtio_scsi_bad_req(req); 589 return -EINVAL; 590 } 591 } 592 trace_virtio_scsi_cmd_req(virtio_scsi_get_lun(req->req.cmd.lun), 593 req->req.cmd.tag, req->req.cmd.cdb[0]); 594 595 d = virtio_scsi_device_get(s, req->req.cmd.lun); 596 if (!d) { 597 req->resp.cmd.response = VIRTIO_SCSI_S_BAD_TARGET; 598 virtio_scsi_complete_cmd_req(req); 599 return -ENOENT; 600 } 601 virtio_scsi_ctx_check(s, d); 602 req->sreq = scsi_req_new(d, req->req.cmd.tag, 603 virtio_scsi_get_lun(req->req.cmd.lun), 604 req->req.cmd.cdb, req); 605 606 if (req->sreq->cmd.mode != SCSI_XFER_NONE 607 && (req->sreq->cmd.mode != req->mode || 608 req->sreq->cmd.xfer > req->qsgl.size)) { 609 req->resp.cmd.response = VIRTIO_SCSI_S_OVERRUN; 610 virtio_scsi_complete_cmd_req(req); 611 object_unref(OBJECT(d)); 612 return -ENOBUFS; 613 } 614 scsi_req_ref(req->sreq); 615 blk_io_plug(d->conf.blk); 616 object_unref(OBJECT(d)); 617 return 0; 618 } 619 620 static void virtio_scsi_handle_cmd_req_submit(VirtIOSCSI *s, VirtIOSCSIReq *req) 621 { 622 SCSIRequest *sreq = req->sreq; 623 if (scsi_req_enqueue(sreq)) { 624 scsi_req_continue(sreq); 625 } 626 blk_io_unplug(sreq->dev->conf.blk); 627 scsi_req_unref(sreq); 628 } 629 630 bool virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq) 631 { 632 VirtIOSCSIReq *req, *next; 633 int ret = 0; 634 bool suppress_notifications = virtio_queue_get_notification(vq); 635 bool progress = false; 636 637 QTAILQ_HEAD(, VirtIOSCSIReq) reqs = QTAILQ_HEAD_INITIALIZER(reqs); 638 639 do { 640 if (suppress_notifications) { 641 virtio_queue_set_notification(vq, 0); 642 } 643 644 while ((req = virtio_scsi_pop_req(s, vq))) { 645 progress = true; 646 ret = virtio_scsi_handle_cmd_req_prepare(s, req); 647 if (!ret) { 648 QTAILQ_INSERT_TAIL(&reqs, req, next); 649 } else if (ret == -EINVAL) { 650 /* The device is broken and shouldn't process any request */ 651 while (!QTAILQ_EMPTY(&reqs)) { 652 req = QTAILQ_FIRST(&reqs); 653 QTAILQ_REMOVE(&reqs, req, next); 654 blk_io_unplug(req->sreq->dev->conf.blk); 655 scsi_req_unref(req->sreq); 656 virtqueue_detach_element(req->vq, &req->elem, 0); 657 virtio_scsi_free_req(req); 658 } 659 } 660 } 661 662 if (suppress_notifications) { 663 virtio_queue_set_notification(vq, 1); 664 } 665 } while (ret != -EINVAL && !virtio_queue_empty(vq)); 666 667 QTAILQ_FOREACH_SAFE(req, &reqs, next, next) { 668 virtio_scsi_handle_cmd_req_submit(s, req); 669 } 670 return progress; 671 } 672 673 static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq) 674 { 675 /* use non-QOM casts in the data path */ 676 VirtIOSCSI *s = (VirtIOSCSI *)vdev; 677 678 if (s->ctx) { 679 virtio_device_start_ioeventfd(vdev); 680 if (!s->dataplane_fenced) { 681 return; 682 } 683 } 684 virtio_scsi_acquire(s); 685 virtio_scsi_handle_cmd_vq(s, vq); 686 virtio_scsi_release(s); 687 } 688 689 static void virtio_scsi_get_config(VirtIODevice *vdev, 690 uint8_t *config) 691 { 692 VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config; 693 VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(vdev); 694 695 virtio_stl_p(vdev, &scsiconf->num_queues, s->conf.num_queues); 696 virtio_stl_p(vdev, &scsiconf->seg_max, 697 s->conf.seg_max_adjust ? s->conf.virtqueue_size - 2 : 128 - 2); 698 virtio_stl_p(vdev, &scsiconf->max_sectors, s->conf.max_sectors); 699 virtio_stl_p(vdev, &scsiconf->cmd_per_lun, s->conf.cmd_per_lun); 700 virtio_stl_p(vdev, &scsiconf->event_info_size, sizeof(VirtIOSCSIEvent)); 701 virtio_stl_p(vdev, &scsiconf->sense_size, s->sense_size); 702 virtio_stl_p(vdev, &scsiconf->cdb_size, s->cdb_size); 703 virtio_stw_p(vdev, &scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL); 704 virtio_stw_p(vdev, &scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET); 705 virtio_stl_p(vdev, &scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN); 706 } 707 708 static void virtio_scsi_set_config(VirtIODevice *vdev, 709 const uint8_t *config) 710 { 711 VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config; 712 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev); 713 714 if ((uint32_t) virtio_ldl_p(vdev, &scsiconf->sense_size) >= 65536 || 715 (uint32_t) virtio_ldl_p(vdev, &scsiconf->cdb_size) >= 256) { 716 virtio_error(vdev, 717 "bad data written to virtio-scsi configuration space"); 718 return; 719 } 720 721 vs->sense_size = virtio_ldl_p(vdev, &scsiconf->sense_size); 722 vs->cdb_size = virtio_ldl_p(vdev, &scsiconf->cdb_size); 723 } 724 725 static uint64_t virtio_scsi_get_features(VirtIODevice *vdev, 726 uint64_t requested_features, 727 Error **errp) 728 { 729 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 730 731 /* Firstly sync all virtio-scsi possible supported features */ 732 requested_features |= s->host_features; 733 return requested_features; 734 } 735 736 static void virtio_scsi_reset(VirtIODevice *vdev) 737 { 738 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 739 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev); 740 741 assert(!s->dataplane_started); 742 s->resetting++; 743 qbus_reset_all(BUS(&s->bus)); 744 s->resetting--; 745 746 vs->sense_size = VIRTIO_SCSI_SENSE_DEFAULT_SIZE; 747 vs->cdb_size = VIRTIO_SCSI_CDB_DEFAULT_SIZE; 748 s->events_dropped = false; 749 } 750 751 void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev, 752 uint32_t event, uint32_t reason) 753 { 754 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s); 755 VirtIOSCSIReq *req; 756 VirtIOSCSIEvent *evt; 757 VirtIODevice *vdev = VIRTIO_DEVICE(s); 758 759 if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) { 760 return; 761 } 762 763 req = virtio_scsi_pop_req(s, vs->event_vq); 764 if (!req) { 765 s->events_dropped = true; 766 return; 767 } 768 769 if (s->events_dropped) { 770 event |= VIRTIO_SCSI_T_EVENTS_MISSED; 771 s->events_dropped = false; 772 } 773 774 if (virtio_scsi_parse_req(req, 0, sizeof(VirtIOSCSIEvent))) { 775 virtio_scsi_bad_req(req); 776 return; 777 } 778 779 evt = &req->resp.event; 780 memset(evt, 0, sizeof(VirtIOSCSIEvent)); 781 evt->event = virtio_tswap32(vdev, event); 782 evt->reason = virtio_tswap32(vdev, reason); 783 if (!dev) { 784 assert(event == VIRTIO_SCSI_T_EVENTS_MISSED); 785 } else { 786 evt->lun[0] = 1; 787 evt->lun[1] = dev->id; 788 789 /* Linux wants us to keep the same encoding we use for REPORT LUNS. */ 790 if (dev->lun >= 256) { 791 evt->lun[2] = (dev->lun >> 8) | 0x40; 792 } 793 evt->lun[3] = dev->lun & 0xFF; 794 } 795 trace_virtio_scsi_event(virtio_scsi_get_lun(evt->lun), event, reason); 796 797 virtio_scsi_complete_req(req); 798 } 799 800 bool virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq) 801 { 802 if (s->events_dropped) { 803 virtio_scsi_push_event(s, NULL, VIRTIO_SCSI_T_NO_EVENT, 0); 804 return true; 805 } 806 return false; 807 } 808 809 static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq) 810 { 811 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 812 813 if (s->ctx) { 814 virtio_device_start_ioeventfd(vdev); 815 if (!s->dataplane_fenced) { 816 return; 817 } 818 } 819 virtio_scsi_acquire(s); 820 virtio_scsi_handle_event_vq(s, vq); 821 virtio_scsi_release(s); 822 } 823 824 static void virtio_scsi_change(SCSIBus *bus, SCSIDevice *dev, SCSISense sense) 825 { 826 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); 827 VirtIODevice *vdev = VIRTIO_DEVICE(s); 828 829 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_CHANGE) && 830 dev->type != TYPE_ROM) { 831 virtio_scsi_acquire(s); 832 virtio_scsi_push_event(s, dev, VIRTIO_SCSI_T_PARAM_CHANGE, 833 sense.asc | (sense.ascq << 8)); 834 virtio_scsi_release(s); 835 } 836 } 837 838 static void virtio_scsi_pre_hotplug(HotplugHandler *hotplug_dev, 839 DeviceState *dev, Error **errp) 840 { 841 SCSIDevice *sd = SCSI_DEVICE(dev); 842 sd->hba_supports_iothread = true; 843 } 844 845 static void virtio_scsi_hotplug(HotplugHandler *hotplug_dev, DeviceState *dev, 846 Error **errp) 847 { 848 VirtIODevice *vdev = VIRTIO_DEVICE(hotplug_dev); 849 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 850 SCSIDevice *sd = SCSI_DEVICE(dev); 851 AioContext *old_context; 852 int ret; 853 854 if (s->ctx && !s->dataplane_fenced) { 855 if (blk_op_is_blocked(sd->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) { 856 return; 857 } 858 old_context = blk_get_aio_context(sd->conf.blk); 859 aio_context_acquire(old_context); 860 ret = blk_set_aio_context(sd->conf.blk, s->ctx, errp); 861 aio_context_release(old_context); 862 if (ret < 0) { 863 return; 864 } 865 } 866 867 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG)) { 868 virtio_scsi_acquire(s); 869 virtio_scsi_push_event(s, sd, 870 VIRTIO_SCSI_T_TRANSPORT_RESET, 871 VIRTIO_SCSI_EVT_RESET_RESCAN); 872 virtio_scsi_release(s); 873 } 874 } 875 876 static void virtio_scsi_hotunplug(HotplugHandler *hotplug_dev, DeviceState *dev, 877 Error **errp) 878 { 879 VirtIODevice *vdev = VIRTIO_DEVICE(hotplug_dev); 880 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 881 SCSIDevice *sd = SCSI_DEVICE(dev); 882 AioContext *ctx = s->ctx ?: qemu_get_aio_context(); 883 884 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG)) { 885 virtio_scsi_acquire(s); 886 virtio_scsi_push_event(s, sd, 887 VIRTIO_SCSI_T_TRANSPORT_RESET, 888 VIRTIO_SCSI_EVT_RESET_REMOVED); 889 virtio_scsi_release(s); 890 } 891 892 aio_disable_external(ctx); 893 qdev_simple_device_unplug_cb(hotplug_dev, dev, errp); 894 aio_enable_external(ctx); 895 896 if (s->ctx) { 897 virtio_scsi_acquire(s); 898 /* If other users keep the BlockBackend in the iothread, that's ok */ 899 blk_set_aio_context(sd->conf.blk, qemu_get_aio_context(), NULL); 900 virtio_scsi_release(s); 901 } 902 } 903 904 static struct SCSIBusInfo virtio_scsi_scsi_info = { 905 .tcq = true, 906 .max_channel = VIRTIO_SCSI_MAX_CHANNEL, 907 .max_target = VIRTIO_SCSI_MAX_TARGET, 908 .max_lun = VIRTIO_SCSI_MAX_LUN, 909 910 .complete = virtio_scsi_command_complete, 911 .cancel = virtio_scsi_request_cancelled, 912 .change = virtio_scsi_change, 913 .parse_cdb = virtio_scsi_parse_cdb, 914 .get_sg_list = virtio_scsi_get_sg_list, 915 .save_request = virtio_scsi_save_request, 916 .load_request = virtio_scsi_load_request, 917 }; 918 919 void virtio_scsi_common_realize(DeviceState *dev, 920 VirtIOHandleOutput ctrl, 921 VirtIOHandleOutput evt, 922 VirtIOHandleOutput cmd, 923 Error **errp) 924 { 925 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 926 VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(dev); 927 int i; 928 929 virtio_init(vdev, "virtio-scsi", VIRTIO_ID_SCSI, 930 sizeof(VirtIOSCSIConfig)); 931 932 if (s->conf.num_queues == VIRTIO_SCSI_AUTO_NUM_QUEUES) { 933 s->conf.num_queues = 1; 934 } 935 if (s->conf.num_queues == 0 || 936 s->conf.num_queues > VIRTIO_QUEUE_MAX - VIRTIO_SCSI_VQ_NUM_FIXED) { 937 error_setg(errp, "Invalid number of queues (= %" PRIu32 "), " 938 "must be a positive integer less than %d.", 939 s->conf.num_queues, 940 VIRTIO_QUEUE_MAX - VIRTIO_SCSI_VQ_NUM_FIXED); 941 virtio_cleanup(vdev); 942 return; 943 } 944 if (s->conf.virtqueue_size <= 2) { 945 error_setg(errp, "invalid virtqueue_size property (= %" PRIu32 "), " 946 "must be > 2", s->conf.virtqueue_size); 947 return; 948 } 949 s->cmd_vqs = g_new0(VirtQueue *, s->conf.num_queues); 950 s->sense_size = VIRTIO_SCSI_SENSE_DEFAULT_SIZE; 951 s->cdb_size = VIRTIO_SCSI_CDB_DEFAULT_SIZE; 952 953 s->ctrl_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, ctrl); 954 s->event_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, evt); 955 for (i = 0; i < s->conf.num_queues; i++) { 956 s->cmd_vqs[i] = virtio_add_queue(vdev, s->conf.virtqueue_size, cmd); 957 } 958 } 959 960 static void virtio_scsi_device_realize(DeviceState *dev, Error **errp) 961 { 962 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 963 VirtIOSCSI *s = VIRTIO_SCSI(dev); 964 Error *err = NULL; 965 966 virtio_scsi_common_realize(dev, 967 virtio_scsi_handle_ctrl, 968 virtio_scsi_handle_event, 969 virtio_scsi_handle_cmd, 970 &err); 971 if (err != NULL) { 972 error_propagate(errp, err); 973 return; 974 } 975 976 scsi_bus_new(&s->bus, sizeof(s->bus), dev, 977 &virtio_scsi_scsi_info, vdev->bus_name); 978 /* override default SCSI bus hotplug-handler, with virtio-scsi's one */ 979 qbus_set_hotplug_handler(BUS(&s->bus), OBJECT(dev)); 980 981 virtio_scsi_dataplane_setup(s, errp); 982 } 983 984 void virtio_scsi_common_unrealize(DeviceState *dev) 985 { 986 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 987 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(dev); 988 int i; 989 990 virtio_delete_queue(vs->ctrl_vq); 991 virtio_delete_queue(vs->event_vq); 992 for (i = 0; i < vs->conf.num_queues; i++) { 993 virtio_delete_queue(vs->cmd_vqs[i]); 994 } 995 g_free(vs->cmd_vqs); 996 virtio_cleanup(vdev); 997 } 998 999 static void virtio_scsi_device_unrealize(DeviceState *dev) 1000 { 1001 VirtIOSCSI *s = VIRTIO_SCSI(dev); 1002 1003 qbus_set_hotplug_handler(BUS(&s->bus), NULL); 1004 virtio_scsi_common_unrealize(dev); 1005 } 1006 1007 static Property virtio_scsi_properties[] = { 1008 DEFINE_PROP_UINT32("num_queues", VirtIOSCSI, parent_obj.conf.num_queues, 1009 VIRTIO_SCSI_AUTO_NUM_QUEUES), 1010 DEFINE_PROP_UINT32("virtqueue_size", VirtIOSCSI, 1011 parent_obj.conf.virtqueue_size, 256), 1012 DEFINE_PROP_BOOL("seg_max_adjust", VirtIOSCSI, 1013 parent_obj.conf.seg_max_adjust, true), 1014 DEFINE_PROP_UINT32("max_sectors", VirtIOSCSI, parent_obj.conf.max_sectors, 1015 0xFFFF), 1016 DEFINE_PROP_UINT32("cmd_per_lun", VirtIOSCSI, parent_obj.conf.cmd_per_lun, 1017 128), 1018 DEFINE_PROP_BIT("hotplug", VirtIOSCSI, host_features, 1019 VIRTIO_SCSI_F_HOTPLUG, true), 1020 DEFINE_PROP_BIT("param_change", VirtIOSCSI, host_features, 1021 VIRTIO_SCSI_F_CHANGE, true), 1022 DEFINE_PROP_LINK("iothread", VirtIOSCSI, parent_obj.conf.iothread, 1023 TYPE_IOTHREAD, IOThread *), 1024 DEFINE_PROP_END_OF_LIST(), 1025 }; 1026 1027 static const VMStateDescription vmstate_virtio_scsi = { 1028 .name = "virtio-scsi", 1029 .minimum_version_id = 1, 1030 .version_id = 1, 1031 .fields = (VMStateField[]) { 1032 VMSTATE_VIRTIO_DEVICE, 1033 VMSTATE_END_OF_LIST() 1034 }, 1035 }; 1036 1037 static void virtio_scsi_common_class_init(ObjectClass *klass, void *data) 1038 { 1039 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1040 DeviceClass *dc = DEVICE_CLASS(klass); 1041 1042 vdc->get_config = virtio_scsi_get_config; 1043 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1044 } 1045 1046 static void virtio_scsi_class_init(ObjectClass *klass, void *data) 1047 { 1048 DeviceClass *dc = DEVICE_CLASS(klass); 1049 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1050 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass); 1051 1052 device_class_set_props(dc, virtio_scsi_properties); 1053 dc->vmsd = &vmstate_virtio_scsi; 1054 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1055 vdc->realize = virtio_scsi_device_realize; 1056 vdc->unrealize = virtio_scsi_device_unrealize; 1057 vdc->set_config = virtio_scsi_set_config; 1058 vdc->get_features = virtio_scsi_get_features; 1059 vdc->reset = virtio_scsi_reset; 1060 vdc->start_ioeventfd = virtio_scsi_dataplane_start; 1061 vdc->stop_ioeventfd = virtio_scsi_dataplane_stop; 1062 hc->pre_plug = virtio_scsi_pre_hotplug; 1063 hc->plug = virtio_scsi_hotplug; 1064 hc->unplug = virtio_scsi_hotunplug; 1065 } 1066 1067 static const TypeInfo virtio_scsi_common_info = { 1068 .name = TYPE_VIRTIO_SCSI_COMMON, 1069 .parent = TYPE_VIRTIO_DEVICE, 1070 .instance_size = sizeof(VirtIOSCSICommon), 1071 .abstract = true, 1072 .class_init = virtio_scsi_common_class_init, 1073 }; 1074 1075 static const TypeInfo virtio_scsi_info = { 1076 .name = TYPE_VIRTIO_SCSI, 1077 .parent = TYPE_VIRTIO_SCSI_COMMON, 1078 .instance_size = sizeof(VirtIOSCSI), 1079 .class_init = virtio_scsi_class_init, 1080 .interfaces = (InterfaceInfo[]) { 1081 { TYPE_HOTPLUG_HANDLER }, 1082 { } 1083 } 1084 }; 1085 1086 static void virtio_register_types(void) 1087 { 1088 type_register_static(&virtio_scsi_common_info); 1089 type_register_static(&virtio_scsi_info); 1090 } 1091 1092 type_init(virtio_register_types) 1093