1 /* 2 * Virtio SCSI HBA 3 * 4 * Copyright IBM, Corp. 2010 5 * Copyright Red Hat, Inc. 2011 6 * 7 * Authors: 8 * Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> 9 * Paolo Bonzini <pbonzini@redhat.com> 10 * 11 * This work is licensed under the terms of the GNU GPL, version 2 or later. 12 * See the COPYING file in the top-level directory. 13 * 14 */ 15 16 #include "qemu/osdep.h" 17 #include "qapi/error.h" 18 #include "standard-headers/linux/virtio_ids.h" 19 #include "hw/virtio/virtio-scsi.h" 20 #include "migration/qemu-file-types.h" 21 #include "qemu/defer-call.h" 22 #include "qemu/error-report.h" 23 #include "qemu/iov.h" 24 #include "qemu/module.h" 25 #include "sysemu/block-backend.h" 26 #include "sysemu/dma.h" 27 #include "hw/qdev-properties.h" 28 #include "hw/scsi/scsi.h" 29 #include "scsi/constants.h" 30 #include "hw/virtio/virtio-bus.h" 31 #include "hw/virtio/virtio-access.h" 32 #include "trace.h" 33 34 typedef struct VirtIOSCSIReq { 35 /* 36 * Note: 37 * - fields up to resp_iov are initialized by virtio_scsi_init_req; 38 * - fields starting at vring are zeroed by virtio_scsi_init_req. 39 */ 40 VirtQueueElement elem; 41 42 VirtIOSCSI *dev; 43 VirtQueue *vq; 44 QEMUSGList qsgl; 45 QEMUIOVector resp_iov; 46 47 /* Used for two-stage request submission and TMFs deferred to BH */ 48 QTAILQ_ENTRY(VirtIOSCSIReq) next; 49 50 /* Used for cancellation of request during TMFs */ 51 int remaining; 52 53 SCSIRequest *sreq; 54 size_t resp_size; 55 enum SCSIXferMode mode; 56 union { 57 VirtIOSCSICmdResp cmd; 58 VirtIOSCSICtrlTMFResp tmf; 59 VirtIOSCSICtrlANResp an; 60 VirtIOSCSIEvent event; 61 } resp; 62 union { 63 VirtIOSCSICmdReq cmd; 64 VirtIOSCSICtrlTMFReq tmf; 65 VirtIOSCSICtrlANReq an; 66 } req; 67 } VirtIOSCSIReq; 68 69 static inline int virtio_scsi_get_lun(uint8_t *lun) 70 { 71 return ((lun[2] << 8) | lun[3]) & 0x3FFF; 72 } 73 74 static inline SCSIDevice *virtio_scsi_device_get(VirtIOSCSI *s, uint8_t *lun) 75 { 76 if (lun[0] != 1) { 77 return NULL; 78 } 79 if (lun[2] != 0 && !(lun[2] >= 0x40 && lun[2] < 0x80)) { 80 return NULL; 81 } 82 return scsi_device_get(&s->bus, 0, lun[1], virtio_scsi_get_lun(lun)); 83 } 84 85 static void virtio_scsi_init_req(VirtIOSCSI *s, VirtQueue *vq, VirtIOSCSIReq *req) 86 { 87 VirtIODevice *vdev = VIRTIO_DEVICE(s); 88 const size_t zero_skip = 89 offsetof(VirtIOSCSIReq, resp_iov) + sizeof(req->resp_iov); 90 91 req->vq = vq; 92 req->dev = s; 93 qemu_sglist_init(&req->qsgl, DEVICE(s), 8, vdev->dma_as); 94 qemu_iovec_init(&req->resp_iov, 1); 95 memset((uint8_t *)req + zero_skip, 0, sizeof(*req) - zero_skip); 96 } 97 98 static void virtio_scsi_free_req(VirtIOSCSIReq *req) 99 { 100 qemu_iovec_destroy(&req->resp_iov); 101 qemu_sglist_destroy(&req->qsgl); 102 g_free(req); 103 } 104 105 static void virtio_scsi_complete_req(VirtIOSCSIReq *req) 106 { 107 VirtIOSCSI *s = req->dev; 108 VirtQueue *vq = req->vq; 109 VirtIODevice *vdev = VIRTIO_DEVICE(s); 110 111 qemu_iovec_from_buf(&req->resp_iov, 0, &req->resp, req->resp_size); 112 virtqueue_push(vq, &req->elem, req->qsgl.size + req->resp_iov.size); 113 if (s->dataplane_started && !s->dataplane_fenced) { 114 virtio_notify_irqfd(vdev, vq); 115 } else { 116 virtio_notify(vdev, vq); 117 } 118 119 if (req->sreq) { 120 req->sreq->hba_private = NULL; 121 scsi_req_unref(req->sreq); 122 } 123 virtio_scsi_free_req(req); 124 } 125 126 static void virtio_scsi_complete_req_bh(void *opaque) 127 { 128 VirtIOSCSIReq *req = opaque; 129 130 virtio_scsi_complete_req(req); 131 } 132 133 /* 134 * Called from virtio_scsi_do_one_tmf_bh() in main loop thread. The main loop 135 * thread cannot touch the virtqueue since that could race with an IOThread. 136 */ 137 static void virtio_scsi_complete_req_from_main_loop(VirtIOSCSIReq *req) 138 { 139 VirtIOSCSI *s = req->dev; 140 141 if (!s->ctx || s->ctx == qemu_get_aio_context()) { 142 /* No need to schedule a BH when there is no IOThread */ 143 virtio_scsi_complete_req(req); 144 } else { 145 /* Run request completion in the IOThread */ 146 aio_wait_bh_oneshot(s->ctx, virtio_scsi_complete_req_bh, req); 147 } 148 } 149 150 static void virtio_scsi_bad_req(VirtIOSCSIReq *req) 151 { 152 virtio_error(VIRTIO_DEVICE(req->dev), "wrong size for virtio-scsi headers"); 153 virtqueue_detach_element(req->vq, &req->elem, 0); 154 virtio_scsi_free_req(req); 155 } 156 157 static size_t qemu_sgl_concat(VirtIOSCSIReq *req, struct iovec *iov, 158 hwaddr *addr, int num, size_t skip) 159 { 160 QEMUSGList *qsgl = &req->qsgl; 161 size_t copied = 0; 162 163 while (num) { 164 if (skip >= iov->iov_len) { 165 skip -= iov->iov_len; 166 } else { 167 qemu_sglist_add(qsgl, *addr + skip, iov->iov_len - skip); 168 copied += iov->iov_len - skip; 169 skip = 0; 170 } 171 iov++; 172 addr++; 173 num--; 174 } 175 176 assert(skip == 0); 177 return copied; 178 } 179 180 static int virtio_scsi_parse_req(VirtIOSCSIReq *req, 181 unsigned req_size, unsigned resp_size) 182 { 183 VirtIODevice *vdev = (VirtIODevice *) req->dev; 184 size_t in_size, out_size; 185 186 if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0, 187 &req->req, req_size) < req_size) { 188 return -EINVAL; 189 } 190 191 if (qemu_iovec_concat_iov(&req->resp_iov, 192 req->elem.in_sg, req->elem.in_num, 0, 193 resp_size) < resp_size) { 194 return -EINVAL; 195 } 196 197 req->resp_size = resp_size; 198 199 /* Old BIOSes left some padding by mistake after the req_size/resp_size. 200 * As a workaround, always consider the first buffer as the virtio-scsi 201 * request/response, making the payload start at the second element 202 * of the iovec. 203 * 204 * The actual length of the response header, stored in req->resp_size, 205 * does not change. 206 * 207 * TODO: always disable this workaround for virtio 1.0 devices. 208 */ 209 if (!virtio_vdev_has_feature(vdev, VIRTIO_F_ANY_LAYOUT)) { 210 if (req->elem.out_num) { 211 req_size = req->elem.out_sg[0].iov_len; 212 } 213 if (req->elem.in_num) { 214 resp_size = req->elem.in_sg[0].iov_len; 215 } 216 } 217 218 out_size = qemu_sgl_concat(req, req->elem.out_sg, 219 &req->elem.out_addr[0], req->elem.out_num, 220 req_size); 221 in_size = qemu_sgl_concat(req, req->elem.in_sg, 222 &req->elem.in_addr[0], req->elem.in_num, 223 resp_size); 224 225 if (out_size && in_size) { 226 return -ENOTSUP; 227 } 228 229 if (out_size) { 230 req->mode = SCSI_XFER_TO_DEV; 231 } else if (in_size) { 232 req->mode = SCSI_XFER_FROM_DEV; 233 } 234 235 return 0; 236 } 237 238 static VirtIOSCSIReq *virtio_scsi_pop_req(VirtIOSCSI *s, VirtQueue *vq) 239 { 240 VirtIOSCSICommon *vs = (VirtIOSCSICommon *)s; 241 VirtIOSCSIReq *req; 242 243 req = virtqueue_pop(vq, sizeof(VirtIOSCSIReq) + vs->cdb_size); 244 if (!req) { 245 return NULL; 246 } 247 virtio_scsi_init_req(s, vq, req); 248 return req; 249 } 250 251 static void virtio_scsi_save_request(QEMUFile *f, SCSIRequest *sreq) 252 { 253 VirtIOSCSIReq *req = sreq->hba_private; 254 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(req->dev); 255 VirtIODevice *vdev = VIRTIO_DEVICE(req->dev); 256 uint32_t n = virtio_get_queue_index(req->vq) - VIRTIO_SCSI_VQ_NUM_FIXED; 257 258 assert(n < vs->conf.num_queues); 259 qemu_put_be32s(f, &n); 260 qemu_put_virtqueue_element(vdev, f, &req->elem); 261 } 262 263 static void *virtio_scsi_load_request(QEMUFile *f, SCSIRequest *sreq) 264 { 265 SCSIBus *bus = sreq->bus; 266 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); 267 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s); 268 VirtIODevice *vdev = VIRTIO_DEVICE(s); 269 VirtIOSCSIReq *req; 270 uint32_t n; 271 272 qemu_get_be32s(f, &n); 273 assert(n < vs->conf.num_queues); 274 req = qemu_get_virtqueue_element(vdev, f, 275 sizeof(VirtIOSCSIReq) + vs->cdb_size); 276 virtio_scsi_init_req(s, vs->cmd_vqs[n], req); 277 278 if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICmdReq) + vs->cdb_size, 279 sizeof(VirtIOSCSICmdResp) + vs->sense_size) < 0) { 280 error_report("invalid SCSI request migration data"); 281 exit(1); 282 } 283 284 scsi_req_ref(sreq); 285 req->sreq = sreq; 286 if (req->sreq->cmd.mode != SCSI_XFER_NONE) { 287 assert(req->sreq->cmd.mode == req->mode); 288 } 289 return req; 290 } 291 292 typedef struct { 293 Notifier notifier; 294 VirtIOSCSIReq *tmf_req; 295 } VirtIOSCSICancelNotifier; 296 297 static void virtio_scsi_cancel_notify(Notifier *notifier, void *data) 298 { 299 VirtIOSCSICancelNotifier *n = container_of(notifier, 300 VirtIOSCSICancelNotifier, 301 notifier); 302 303 if (--n->tmf_req->remaining == 0) { 304 VirtIOSCSIReq *req = n->tmf_req; 305 306 trace_virtio_scsi_tmf_resp(virtio_scsi_get_lun(req->req.tmf.lun), 307 req->req.tmf.tag, req->resp.tmf.response); 308 virtio_scsi_complete_req(req); 309 } 310 g_free(n); 311 } 312 313 static inline void virtio_scsi_ctx_check(VirtIOSCSI *s, SCSIDevice *d) 314 { 315 if (s->dataplane_started && d && blk_is_available(d->conf.blk)) { 316 assert(blk_get_aio_context(d->conf.blk) == s->ctx); 317 } 318 } 319 320 static void virtio_scsi_do_one_tmf_bh(VirtIOSCSIReq *req) 321 { 322 VirtIOSCSI *s = req->dev; 323 SCSIDevice *d = virtio_scsi_device_get(s, req->req.tmf.lun); 324 BusChild *kid; 325 int target; 326 327 switch (req->req.tmf.subtype) { 328 case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET: 329 if (!d) { 330 req->resp.tmf.response = VIRTIO_SCSI_S_BAD_TARGET; 331 goto out; 332 } 333 if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) { 334 req->resp.tmf.response = VIRTIO_SCSI_S_INCORRECT_LUN; 335 goto out; 336 } 337 qatomic_inc(&s->resetting); 338 device_cold_reset(&d->qdev); 339 qatomic_dec(&s->resetting); 340 break; 341 342 case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET: 343 target = req->req.tmf.lun[1]; 344 qatomic_inc(&s->resetting); 345 346 rcu_read_lock(); 347 QTAILQ_FOREACH_RCU(kid, &s->bus.qbus.children, sibling) { 348 SCSIDevice *d1 = SCSI_DEVICE(kid->child); 349 if (d1->channel == 0 && d1->id == target) { 350 device_cold_reset(&d1->qdev); 351 } 352 } 353 rcu_read_unlock(); 354 355 qatomic_dec(&s->resetting); 356 break; 357 358 default: 359 g_assert_not_reached(); 360 break; 361 } 362 363 out: 364 object_unref(OBJECT(d)); 365 virtio_scsi_complete_req_from_main_loop(req); 366 } 367 368 /* Some TMFs must be processed from the main loop thread */ 369 static void virtio_scsi_do_tmf_bh(void *opaque) 370 { 371 VirtIOSCSI *s = opaque; 372 QTAILQ_HEAD(, VirtIOSCSIReq) reqs = QTAILQ_HEAD_INITIALIZER(reqs); 373 VirtIOSCSIReq *req; 374 VirtIOSCSIReq *tmp; 375 376 GLOBAL_STATE_CODE(); 377 378 WITH_QEMU_LOCK_GUARD(&s->tmf_bh_lock) { 379 QTAILQ_FOREACH_SAFE(req, &s->tmf_bh_list, next, tmp) { 380 QTAILQ_REMOVE(&s->tmf_bh_list, req, next); 381 QTAILQ_INSERT_TAIL(&reqs, req, next); 382 } 383 384 qemu_bh_delete(s->tmf_bh); 385 s->tmf_bh = NULL; 386 } 387 388 QTAILQ_FOREACH_SAFE(req, &reqs, next, tmp) { 389 QTAILQ_REMOVE(&reqs, req, next); 390 virtio_scsi_do_one_tmf_bh(req); 391 } 392 } 393 394 static void virtio_scsi_reset_tmf_bh(VirtIOSCSI *s) 395 { 396 VirtIOSCSIReq *req; 397 VirtIOSCSIReq *tmp; 398 399 GLOBAL_STATE_CODE(); 400 401 /* Called after ioeventfd has been stopped, so tmf_bh_lock is not needed */ 402 if (s->tmf_bh) { 403 qemu_bh_delete(s->tmf_bh); 404 s->tmf_bh = NULL; 405 } 406 407 QTAILQ_FOREACH_SAFE(req, &s->tmf_bh_list, next, tmp) { 408 QTAILQ_REMOVE(&s->tmf_bh_list, req, next); 409 410 /* SAM-6 6.3.2 Hard reset */ 411 req->resp.tmf.response = VIRTIO_SCSI_S_TARGET_FAILURE; 412 virtio_scsi_complete_req(req); 413 } 414 } 415 416 static void virtio_scsi_defer_tmf_to_bh(VirtIOSCSIReq *req) 417 { 418 VirtIOSCSI *s = req->dev; 419 420 WITH_QEMU_LOCK_GUARD(&s->tmf_bh_lock) { 421 QTAILQ_INSERT_TAIL(&s->tmf_bh_list, req, next); 422 423 if (!s->tmf_bh) { 424 s->tmf_bh = qemu_bh_new(virtio_scsi_do_tmf_bh, s); 425 qemu_bh_schedule(s->tmf_bh); 426 } 427 } 428 } 429 430 /* Return 0 if the request is ready to be completed and return to guest; 431 * -EINPROGRESS if the request is submitted and will be completed later, in the 432 * case of async cancellation. */ 433 static int virtio_scsi_do_tmf(VirtIOSCSI *s, VirtIOSCSIReq *req) 434 { 435 SCSIDevice *d = virtio_scsi_device_get(s, req->req.tmf.lun); 436 SCSIRequest *r, *next; 437 int ret = 0; 438 439 virtio_scsi_ctx_check(s, d); 440 /* Here VIRTIO_SCSI_S_OK means "FUNCTION COMPLETE". */ 441 req->resp.tmf.response = VIRTIO_SCSI_S_OK; 442 443 /* 444 * req->req.tmf has the QEMU_PACKED attribute. Don't use virtio_tswap32s() 445 * to avoid compiler errors. 446 */ 447 req->req.tmf.subtype = 448 virtio_tswap32(VIRTIO_DEVICE(s), req->req.tmf.subtype); 449 450 trace_virtio_scsi_tmf_req(virtio_scsi_get_lun(req->req.tmf.lun), 451 req->req.tmf.tag, req->req.tmf.subtype); 452 453 switch (req->req.tmf.subtype) { 454 case VIRTIO_SCSI_T_TMF_ABORT_TASK: 455 case VIRTIO_SCSI_T_TMF_QUERY_TASK: 456 if (!d) { 457 goto fail; 458 } 459 if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) { 460 goto incorrect_lun; 461 } 462 QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) { 463 VirtIOSCSIReq *cmd_req = r->hba_private; 464 if (cmd_req && cmd_req->req.cmd.tag == req->req.tmf.tag) { 465 break; 466 } 467 } 468 if (r) { 469 /* 470 * Assert that the request has not been completed yet, we 471 * check for it in the loop above. 472 */ 473 assert(r->hba_private); 474 if (req->req.tmf.subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK) { 475 /* "If the specified command is present in the task set, then 476 * return a service response set to FUNCTION SUCCEEDED". 477 */ 478 req->resp.tmf.response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; 479 } else { 480 VirtIOSCSICancelNotifier *notifier; 481 482 req->remaining = 1; 483 notifier = g_new(VirtIOSCSICancelNotifier, 1); 484 notifier->tmf_req = req; 485 notifier->notifier.notify = virtio_scsi_cancel_notify; 486 scsi_req_cancel_async(r, ¬ifier->notifier); 487 ret = -EINPROGRESS; 488 } 489 } 490 break; 491 492 case VIRTIO_SCSI_T_TMF_LOGICAL_UNIT_RESET: 493 case VIRTIO_SCSI_T_TMF_I_T_NEXUS_RESET: 494 virtio_scsi_defer_tmf_to_bh(req); 495 ret = -EINPROGRESS; 496 break; 497 498 case VIRTIO_SCSI_T_TMF_ABORT_TASK_SET: 499 case VIRTIO_SCSI_T_TMF_CLEAR_TASK_SET: 500 case VIRTIO_SCSI_T_TMF_QUERY_TASK_SET: 501 if (!d) { 502 goto fail; 503 } 504 if (d->lun != virtio_scsi_get_lun(req->req.tmf.lun)) { 505 goto incorrect_lun; 506 } 507 508 /* Add 1 to "remaining" until virtio_scsi_do_tmf returns. 509 * This way, if the bus starts calling back to the notifiers 510 * even before we finish the loop, virtio_scsi_cancel_notify 511 * will not complete the TMF too early. 512 */ 513 req->remaining = 1; 514 QTAILQ_FOREACH_SAFE(r, &d->requests, next, next) { 515 if (r->hba_private) { 516 if (req->req.tmf.subtype == VIRTIO_SCSI_T_TMF_QUERY_TASK_SET) { 517 /* "If there is any command present in the task set, then 518 * return a service response set to FUNCTION SUCCEEDED". 519 */ 520 req->resp.tmf.response = VIRTIO_SCSI_S_FUNCTION_SUCCEEDED; 521 break; 522 } else { 523 VirtIOSCSICancelNotifier *notifier; 524 525 req->remaining++; 526 notifier = g_new(VirtIOSCSICancelNotifier, 1); 527 notifier->notifier.notify = virtio_scsi_cancel_notify; 528 notifier->tmf_req = req; 529 scsi_req_cancel_async(r, ¬ifier->notifier); 530 } 531 } 532 } 533 if (--req->remaining > 0) { 534 ret = -EINPROGRESS; 535 } 536 break; 537 538 case VIRTIO_SCSI_T_TMF_CLEAR_ACA: 539 default: 540 req->resp.tmf.response = VIRTIO_SCSI_S_FUNCTION_REJECTED; 541 break; 542 } 543 544 object_unref(OBJECT(d)); 545 return ret; 546 547 incorrect_lun: 548 req->resp.tmf.response = VIRTIO_SCSI_S_INCORRECT_LUN; 549 object_unref(OBJECT(d)); 550 return ret; 551 552 fail: 553 req->resp.tmf.response = VIRTIO_SCSI_S_BAD_TARGET; 554 object_unref(OBJECT(d)); 555 return ret; 556 } 557 558 static void virtio_scsi_handle_ctrl_req(VirtIOSCSI *s, VirtIOSCSIReq *req) 559 { 560 VirtIODevice *vdev = (VirtIODevice *)s; 561 uint32_t type; 562 int r = 0; 563 564 if (iov_to_buf(req->elem.out_sg, req->elem.out_num, 0, 565 &type, sizeof(type)) < sizeof(type)) { 566 virtio_scsi_bad_req(req); 567 return; 568 } 569 570 virtio_tswap32s(vdev, &type); 571 if (type == VIRTIO_SCSI_T_TMF) { 572 if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlTMFReq), 573 sizeof(VirtIOSCSICtrlTMFResp)) < 0) { 574 virtio_scsi_bad_req(req); 575 return; 576 } else { 577 r = virtio_scsi_do_tmf(s, req); 578 } 579 580 } else if (type == VIRTIO_SCSI_T_AN_QUERY || 581 type == VIRTIO_SCSI_T_AN_SUBSCRIBE) { 582 if (virtio_scsi_parse_req(req, sizeof(VirtIOSCSICtrlANReq), 583 sizeof(VirtIOSCSICtrlANResp)) < 0) { 584 virtio_scsi_bad_req(req); 585 return; 586 } else { 587 req->req.an.event_requested = 588 virtio_tswap32(VIRTIO_DEVICE(s), req->req.an.event_requested); 589 trace_virtio_scsi_an_req(virtio_scsi_get_lun(req->req.an.lun), 590 req->req.an.event_requested); 591 req->resp.an.event_actual = 0; 592 req->resp.an.response = VIRTIO_SCSI_S_OK; 593 } 594 } 595 if (r == 0) { 596 if (type == VIRTIO_SCSI_T_TMF) 597 trace_virtio_scsi_tmf_resp(virtio_scsi_get_lun(req->req.tmf.lun), 598 req->req.tmf.tag, 599 req->resp.tmf.response); 600 else if (type == VIRTIO_SCSI_T_AN_QUERY || 601 type == VIRTIO_SCSI_T_AN_SUBSCRIBE) 602 trace_virtio_scsi_an_resp(virtio_scsi_get_lun(req->req.an.lun), 603 req->resp.an.response); 604 virtio_scsi_complete_req(req); 605 } else { 606 assert(r == -EINPROGRESS); 607 } 608 } 609 610 static void virtio_scsi_handle_ctrl_vq(VirtIOSCSI *s, VirtQueue *vq) 611 { 612 VirtIOSCSIReq *req; 613 614 while ((req = virtio_scsi_pop_req(s, vq))) { 615 virtio_scsi_handle_ctrl_req(s, req); 616 } 617 } 618 619 /* 620 * If dataplane is configured but not yet started, do so now and return true on 621 * success. 622 * 623 * Dataplane is started by the core virtio code but virtqueue handler functions 624 * can also be invoked when a guest kicks before DRIVER_OK, so this helper 625 * function helps us deal with manually starting ioeventfd in that case. 626 */ 627 static bool virtio_scsi_defer_to_dataplane(VirtIOSCSI *s) 628 { 629 if (!s->ctx || s->dataplane_started) { 630 return false; 631 } 632 633 virtio_device_start_ioeventfd(&s->parent_obj.parent_obj); 634 return !s->dataplane_fenced; 635 } 636 637 static void virtio_scsi_handle_ctrl(VirtIODevice *vdev, VirtQueue *vq) 638 { 639 VirtIOSCSI *s = (VirtIOSCSI *)vdev; 640 641 if (virtio_scsi_defer_to_dataplane(s)) { 642 return; 643 } 644 645 virtio_scsi_acquire(s); 646 virtio_scsi_handle_ctrl_vq(s, vq); 647 virtio_scsi_release(s); 648 } 649 650 static void virtio_scsi_complete_cmd_req(VirtIOSCSIReq *req) 651 { 652 trace_virtio_scsi_cmd_resp(virtio_scsi_get_lun(req->req.cmd.lun), 653 req->req.cmd.tag, 654 req->resp.cmd.response, 655 req->resp.cmd.status); 656 /* Sense data is not in req->resp and is copied separately 657 * in virtio_scsi_command_complete. 658 */ 659 req->resp_size = sizeof(VirtIOSCSICmdResp); 660 virtio_scsi_complete_req(req); 661 } 662 663 static void virtio_scsi_command_failed(SCSIRequest *r) 664 { 665 VirtIOSCSIReq *req = r->hba_private; 666 667 if (r->io_canceled) { 668 return; 669 } 670 671 req->resp.cmd.status = GOOD; 672 switch (r->host_status) { 673 case SCSI_HOST_NO_LUN: 674 req->resp.cmd.response = VIRTIO_SCSI_S_INCORRECT_LUN; 675 break; 676 case SCSI_HOST_BUSY: 677 req->resp.cmd.response = VIRTIO_SCSI_S_BUSY; 678 break; 679 case SCSI_HOST_TIME_OUT: 680 case SCSI_HOST_ABORTED: 681 req->resp.cmd.response = VIRTIO_SCSI_S_ABORTED; 682 break; 683 case SCSI_HOST_BAD_RESPONSE: 684 req->resp.cmd.response = VIRTIO_SCSI_S_BAD_TARGET; 685 break; 686 case SCSI_HOST_RESET: 687 req->resp.cmd.response = VIRTIO_SCSI_S_RESET; 688 break; 689 case SCSI_HOST_TRANSPORT_DISRUPTED: 690 req->resp.cmd.response = VIRTIO_SCSI_S_TRANSPORT_FAILURE; 691 break; 692 case SCSI_HOST_TARGET_FAILURE: 693 req->resp.cmd.response = VIRTIO_SCSI_S_TARGET_FAILURE; 694 break; 695 case SCSI_HOST_RESERVATION_ERROR: 696 req->resp.cmd.response = VIRTIO_SCSI_S_NEXUS_FAILURE; 697 break; 698 case SCSI_HOST_ALLOCATION_FAILURE: 699 case SCSI_HOST_MEDIUM_ERROR: 700 case SCSI_HOST_ERROR: 701 default: 702 req->resp.cmd.response = VIRTIO_SCSI_S_FAILURE; 703 break; 704 } 705 virtio_scsi_complete_cmd_req(req); 706 } 707 708 static void virtio_scsi_command_complete(SCSIRequest *r, size_t resid) 709 { 710 VirtIOSCSIReq *req = r->hba_private; 711 uint8_t sense[SCSI_SENSE_BUF_SIZE]; 712 uint32_t sense_len; 713 VirtIODevice *vdev = VIRTIO_DEVICE(req->dev); 714 715 if (r->io_canceled) { 716 return; 717 } 718 719 req->resp.cmd.response = VIRTIO_SCSI_S_OK; 720 req->resp.cmd.status = r->status; 721 if (req->resp.cmd.status == GOOD) { 722 req->resp.cmd.resid = virtio_tswap32(vdev, resid); 723 } else { 724 req->resp.cmd.resid = 0; 725 sense_len = scsi_req_get_sense(r, sense, sizeof(sense)); 726 sense_len = MIN(sense_len, req->resp_iov.size - sizeof(req->resp.cmd)); 727 qemu_iovec_from_buf(&req->resp_iov, sizeof(req->resp.cmd), 728 sense, sense_len); 729 req->resp.cmd.sense_len = virtio_tswap32(vdev, sense_len); 730 } 731 virtio_scsi_complete_cmd_req(req); 732 } 733 734 static int virtio_scsi_parse_cdb(SCSIDevice *dev, SCSICommand *cmd, 735 uint8_t *buf, size_t buf_len, 736 void *hba_private) 737 { 738 VirtIOSCSIReq *req = hba_private; 739 740 if (cmd->len == 0) { 741 cmd->len = MIN(VIRTIO_SCSI_CDB_DEFAULT_SIZE, SCSI_CMD_BUF_SIZE); 742 memcpy(cmd->buf, buf, cmd->len); 743 } 744 745 /* Extract the direction and mode directly from the request, for 746 * host device passthrough. 747 */ 748 cmd->xfer = req->qsgl.size; 749 cmd->mode = req->mode; 750 return 0; 751 } 752 753 static QEMUSGList *virtio_scsi_get_sg_list(SCSIRequest *r) 754 { 755 VirtIOSCSIReq *req = r->hba_private; 756 757 return &req->qsgl; 758 } 759 760 static void virtio_scsi_request_cancelled(SCSIRequest *r) 761 { 762 VirtIOSCSIReq *req = r->hba_private; 763 764 if (!req) { 765 return; 766 } 767 if (qatomic_read(&req->dev->resetting)) { 768 req->resp.cmd.response = VIRTIO_SCSI_S_RESET; 769 } else { 770 req->resp.cmd.response = VIRTIO_SCSI_S_ABORTED; 771 } 772 virtio_scsi_complete_cmd_req(req); 773 } 774 775 static void virtio_scsi_fail_cmd_req(VirtIOSCSIReq *req) 776 { 777 req->resp.cmd.response = VIRTIO_SCSI_S_FAILURE; 778 virtio_scsi_complete_cmd_req(req); 779 } 780 781 static int virtio_scsi_handle_cmd_req_prepare(VirtIOSCSI *s, VirtIOSCSIReq *req) 782 { 783 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s); 784 SCSIDevice *d; 785 int rc; 786 787 rc = virtio_scsi_parse_req(req, sizeof(VirtIOSCSICmdReq) + vs->cdb_size, 788 sizeof(VirtIOSCSICmdResp) + vs->sense_size); 789 if (rc < 0) { 790 if (rc == -ENOTSUP) { 791 virtio_scsi_fail_cmd_req(req); 792 return -ENOTSUP; 793 } else { 794 virtio_scsi_bad_req(req); 795 return -EINVAL; 796 } 797 } 798 trace_virtio_scsi_cmd_req(virtio_scsi_get_lun(req->req.cmd.lun), 799 req->req.cmd.tag, req->req.cmd.cdb[0]); 800 801 d = virtio_scsi_device_get(s, req->req.cmd.lun); 802 if (!d) { 803 req->resp.cmd.response = VIRTIO_SCSI_S_BAD_TARGET; 804 virtio_scsi_complete_cmd_req(req); 805 return -ENOENT; 806 } 807 virtio_scsi_ctx_check(s, d); 808 req->sreq = scsi_req_new(d, req->req.cmd.tag, 809 virtio_scsi_get_lun(req->req.cmd.lun), 810 req->req.cmd.cdb, vs->cdb_size, req); 811 812 if (req->sreq->cmd.mode != SCSI_XFER_NONE 813 && (req->sreq->cmd.mode != req->mode || 814 req->sreq->cmd.xfer > req->qsgl.size)) { 815 req->resp.cmd.response = VIRTIO_SCSI_S_OVERRUN; 816 virtio_scsi_complete_cmd_req(req); 817 object_unref(OBJECT(d)); 818 return -ENOBUFS; 819 } 820 scsi_req_ref(req->sreq); 821 defer_call_begin(); 822 object_unref(OBJECT(d)); 823 return 0; 824 } 825 826 static void virtio_scsi_handle_cmd_req_submit(VirtIOSCSI *s, VirtIOSCSIReq *req) 827 { 828 SCSIRequest *sreq = req->sreq; 829 if (scsi_req_enqueue(sreq)) { 830 scsi_req_continue(sreq); 831 } 832 defer_call_end(); 833 scsi_req_unref(sreq); 834 } 835 836 static void virtio_scsi_handle_cmd_vq(VirtIOSCSI *s, VirtQueue *vq) 837 { 838 VirtIOSCSIReq *req, *next; 839 int ret = 0; 840 bool suppress_notifications = virtio_queue_get_notification(vq); 841 842 QTAILQ_HEAD(, VirtIOSCSIReq) reqs = QTAILQ_HEAD_INITIALIZER(reqs); 843 844 do { 845 if (suppress_notifications) { 846 virtio_queue_set_notification(vq, 0); 847 } 848 849 while ((req = virtio_scsi_pop_req(s, vq))) { 850 ret = virtio_scsi_handle_cmd_req_prepare(s, req); 851 if (!ret) { 852 QTAILQ_INSERT_TAIL(&reqs, req, next); 853 } else if (ret == -EINVAL) { 854 /* The device is broken and shouldn't process any request */ 855 while (!QTAILQ_EMPTY(&reqs)) { 856 req = QTAILQ_FIRST(&reqs); 857 QTAILQ_REMOVE(&reqs, req, next); 858 defer_call_end(); 859 scsi_req_unref(req->sreq); 860 virtqueue_detach_element(req->vq, &req->elem, 0); 861 virtio_scsi_free_req(req); 862 } 863 } 864 } 865 866 if (suppress_notifications) { 867 virtio_queue_set_notification(vq, 1); 868 } 869 } while (ret != -EINVAL && !virtio_queue_empty(vq)); 870 871 QTAILQ_FOREACH_SAFE(req, &reqs, next, next) { 872 virtio_scsi_handle_cmd_req_submit(s, req); 873 } 874 } 875 876 static void virtio_scsi_handle_cmd(VirtIODevice *vdev, VirtQueue *vq) 877 { 878 /* use non-QOM casts in the data path */ 879 VirtIOSCSI *s = (VirtIOSCSI *)vdev; 880 881 if (virtio_scsi_defer_to_dataplane(s)) { 882 return; 883 } 884 885 virtio_scsi_acquire(s); 886 virtio_scsi_handle_cmd_vq(s, vq); 887 virtio_scsi_release(s); 888 } 889 890 static void virtio_scsi_get_config(VirtIODevice *vdev, 891 uint8_t *config) 892 { 893 VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config; 894 VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(vdev); 895 896 virtio_stl_p(vdev, &scsiconf->num_queues, s->conf.num_queues); 897 virtio_stl_p(vdev, &scsiconf->seg_max, 898 s->conf.seg_max_adjust ? s->conf.virtqueue_size - 2 : 128 - 2); 899 virtio_stl_p(vdev, &scsiconf->max_sectors, s->conf.max_sectors); 900 virtio_stl_p(vdev, &scsiconf->cmd_per_lun, s->conf.cmd_per_lun); 901 virtio_stl_p(vdev, &scsiconf->event_info_size, sizeof(VirtIOSCSIEvent)); 902 virtio_stl_p(vdev, &scsiconf->sense_size, s->sense_size); 903 virtio_stl_p(vdev, &scsiconf->cdb_size, s->cdb_size); 904 virtio_stw_p(vdev, &scsiconf->max_channel, VIRTIO_SCSI_MAX_CHANNEL); 905 virtio_stw_p(vdev, &scsiconf->max_target, VIRTIO_SCSI_MAX_TARGET); 906 virtio_stl_p(vdev, &scsiconf->max_lun, VIRTIO_SCSI_MAX_LUN); 907 } 908 909 static void virtio_scsi_set_config(VirtIODevice *vdev, 910 const uint8_t *config) 911 { 912 VirtIOSCSIConfig *scsiconf = (VirtIOSCSIConfig *)config; 913 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev); 914 915 if ((uint32_t) virtio_ldl_p(vdev, &scsiconf->sense_size) >= 65536 || 916 (uint32_t) virtio_ldl_p(vdev, &scsiconf->cdb_size) >= 256) { 917 virtio_error(vdev, 918 "bad data written to virtio-scsi configuration space"); 919 return; 920 } 921 922 vs->sense_size = virtio_ldl_p(vdev, &scsiconf->sense_size); 923 vs->cdb_size = virtio_ldl_p(vdev, &scsiconf->cdb_size); 924 } 925 926 static uint64_t virtio_scsi_get_features(VirtIODevice *vdev, 927 uint64_t requested_features, 928 Error **errp) 929 { 930 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 931 932 /* Firstly sync all virtio-scsi possible supported features */ 933 requested_features |= s->host_features; 934 return requested_features; 935 } 936 937 static void virtio_scsi_reset(VirtIODevice *vdev) 938 { 939 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 940 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(vdev); 941 942 assert(!s->dataplane_started); 943 944 virtio_scsi_reset_tmf_bh(s); 945 946 qatomic_inc(&s->resetting); 947 bus_cold_reset(BUS(&s->bus)); 948 qatomic_dec(&s->resetting); 949 950 vs->sense_size = VIRTIO_SCSI_SENSE_DEFAULT_SIZE; 951 vs->cdb_size = VIRTIO_SCSI_CDB_DEFAULT_SIZE; 952 s->events_dropped = false; 953 } 954 955 typedef struct { 956 uint32_t event; 957 uint32_t reason; 958 union { 959 /* Used by messages specific to a device */ 960 struct { 961 uint32_t id; 962 uint32_t lun; 963 } address; 964 }; 965 } VirtIOSCSIEventInfo; 966 967 static void virtio_scsi_push_event(VirtIOSCSI *s, 968 const VirtIOSCSIEventInfo *info) 969 { 970 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s); 971 VirtIOSCSIReq *req; 972 VirtIOSCSIEvent *evt; 973 VirtIODevice *vdev = VIRTIO_DEVICE(s); 974 uint32_t event = info->event; 975 uint32_t reason = info->reason; 976 977 if (!(vdev->status & VIRTIO_CONFIG_S_DRIVER_OK)) { 978 return; 979 } 980 981 req = virtio_scsi_pop_req(s, vs->event_vq); 982 if (!req) { 983 s->events_dropped = true; 984 return; 985 } 986 987 if (s->events_dropped) { 988 event |= VIRTIO_SCSI_T_EVENTS_MISSED; 989 s->events_dropped = false; 990 } 991 992 if (virtio_scsi_parse_req(req, 0, sizeof(VirtIOSCSIEvent))) { 993 virtio_scsi_bad_req(req); 994 return; 995 } 996 997 evt = &req->resp.event; 998 memset(evt, 0, sizeof(VirtIOSCSIEvent)); 999 evt->event = virtio_tswap32(vdev, event); 1000 evt->reason = virtio_tswap32(vdev, reason); 1001 if (event != VIRTIO_SCSI_T_EVENTS_MISSED) { 1002 evt->lun[0] = 1; 1003 evt->lun[1] = info->address.id; 1004 1005 /* Linux wants us to keep the same encoding we use for REPORT LUNS. */ 1006 if (info->address.lun >= 256) { 1007 evt->lun[2] = (info->address.lun >> 8) | 0x40; 1008 } 1009 evt->lun[3] = info->address.lun & 0xFF; 1010 } 1011 trace_virtio_scsi_event(virtio_scsi_get_lun(evt->lun), event, reason); 1012 1013 virtio_scsi_complete_req(req); 1014 } 1015 1016 static void virtio_scsi_handle_event_vq(VirtIOSCSI *s, VirtQueue *vq) 1017 { 1018 if (s->events_dropped) { 1019 VirtIOSCSIEventInfo info = { 1020 .event = VIRTIO_SCSI_T_NO_EVENT, 1021 }; 1022 virtio_scsi_push_event(s, &info); 1023 } 1024 } 1025 1026 static void virtio_scsi_handle_event(VirtIODevice *vdev, VirtQueue *vq) 1027 { 1028 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 1029 1030 if (virtio_scsi_defer_to_dataplane(s)) { 1031 return; 1032 } 1033 1034 virtio_scsi_acquire(s); 1035 virtio_scsi_handle_event_vq(s, vq); 1036 virtio_scsi_release(s); 1037 } 1038 1039 static void virtio_scsi_change(SCSIBus *bus, SCSIDevice *dev, SCSISense sense) 1040 { 1041 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); 1042 VirtIODevice *vdev = VIRTIO_DEVICE(s); 1043 1044 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_CHANGE) && 1045 dev->type != TYPE_ROM) { 1046 VirtIOSCSIEventInfo info = { 1047 .event = VIRTIO_SCSI_T_PARAM_CHANGE, 1048 .reason = sense.asc | (sense.ascq << 8), 1049 .address = { 1050 .id = dev->id, 1051 .lun = dev->lun, 1052 }, 1053 }; 1054 1055 virtio_scsi_acquire(s); 1056 virtio_scsi_push_event(s, &info); 1057 virtio_scsi_release(s); 1058 } 1059 } 1060 1061 static void virtio_scsi_pre_hotplug(HotplugHandler *hotplug_dev, 1062 DeviceState *dev, Error **errp) 1063 { 1064 SCSIDevice *sd = SCSI_DEVICE(dev); 1065 sd->hba_supports_iothread = true; 1066 } 1067 1068 static void virtio_scsi_hotplug(HotplugHandler *hotplug_dev, DeviceState *dev, 1069 Error **errp) 1070 { 1071 VirtIODevice *vdev = VIRTIO_DEVICE(hotplug_dev); 1072 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 1073 SCSIDevice *sd = SCSI_DEVICE(dev); 1074 AioContext *old_context; 1075 int ret; 1076 1077 if (s->ctx && !s->dataplane_fenced) { 1078 if (blk_op_is_blocked(sd->conf.blk, BLOCK_OP_TYPE_DATAPLANE, errp)) { 1079 return; 1080 } 1081 old_context = blk_get_aio_context(sd->conf.blk); 1082 aio_context_acquire(old_context); 1083 ret = blk_set_aio_context(sd->conf.blk, s->ctx, errp); 1084 aio_context_release(old_context); 1085 if (ret < 0) { 1086 return; 1087 } 1088 } 1089 1090 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG)) { 1091 VirtIOSCSIEventInfo info = { 1092 .event = VIRTIO_SCSI_T_TRANSPORT_RESET, 1093 .reason = VIRTIO_SCSI_EVT_RESET_RESCAN, 1094 .address = { 1095 .id = sd->id, 1096 .lun = sd->lun, 1097 }, 1098 }; 1099 1100 virtio_scsi_acquire(s); 1101 virtio_scsi_push_event(s, &info); 1102 scsi_bus_set_ua(&s->bus, SENSE_CODE(REPORTED_LUNS_CHANGED)); 1103 virtio_scsi_release(s); 1104 } 1105 } 1106 1107 static void virtio_scsi_hotunplug(HotplugHandler *hotplug_dev, DeviceState *dev, 1108 Error **errp) 1109 { 1110 VirtIODevice *vdev = VIRTIO_DEVICE(hotplug_dev); 1111 VirtIOSCSI *s = VIRTIO_SCSI(vdev); 1112 SCSIDevice *sd = SCSI_DEVICE(dev); 1113 VirtIOSCSIEventInfo info = { 1114 .event = VIRTIO_SCSI_T_TRANSPORT_RESET, 1115 .reason = VIRTIO_SCSI_EVT_RESET_REMOVED, 1116 .address = { 1117 .id = sd->id, 1118 .lun = sd->lun, 1119 }, 1120 }; 1121 1122 qdev_simple_device_unplug_cb(hotplug_dev, dev, errp); 1123 1124 if (s->ctx) { 1125 virtio_scsi_acquire(s); 1126 /* If other users keep the BlockBackend in the iothread, that's ok */ 1127 blk_set_aio_context(sd->conf.blk, qemu_get_aio_context(), NULL); 1128 virtio_scsi_release(s); 1129 } 1130 1131 if (virtio_vdev_has_feature(vdev, VIRTIO_SCSI_F_HOTPLUG)) { 1132 virtio_scsi_acquire(s); 1133 virtio_scsi_push_event(s, &info); 1134 scsi_bus_set_ua(&s->bus, SENSE_CODE(REPORTED_LUNS_CHANGED)); 1135 virtio_scsi_release(s); 1136 } 1137 } 1138 1139 /* Suspend virtqueue ioeventfd processing during drain */ 1140 static void virtio_scsi_drained_begin(SCSIBus *bus) 1141 { 1142 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); 1143 VirtIODevice *vdev = VIRTIO_DEVICE(s); 1144 uint32_t total_queues = VIRTIO_SCSI_VQ_NUM_FIXED + 1145 s->parent_obj.conf.num_queues; 1146 1147 /* 1148 * Drain is called when stopping dataplane but the host notifier has 1149 * already been detached. Detaching multiple times is a no-op if nothing 1150 * else is using the monitoring same file descriptor, but avoid it just in 1151 * case. 1152 * 1153 * Also, don't detach if dataplane has not even been started yet because 1154 * the host notifier isn't attached. 1155 */ 1156 if (s->dataplane_stopping || !s->dataplane_started) { 1157 return; 1158 } 1159 1160 for (uint32_t i = 0; i < total_queues; i++) { 1161 VirtQueue *vq = virtio_get_queue(vdev, i); 1162 virtio_queue_aio_detach_host_notifier(vq, s->ctx); 1163 } 1164 } 1165 1166 /* Resume virtqueue ioeventfd processing after drain */ 1167 static void virtio_scsi_drained_end(SCSIBus *bus) 1168 { 1169 VirtIOSCSI *s = container_of(bus, VirtIOSCSI, bus); 1170 VirtIODevice *vdev = VIRTIO_DEVICE(s); 1171 uint32_t total_queues = VIRTIO_SCSI_VQ_NUM_FIXED + 1172 s->parent_obj.conf.num_queues; 1173 1174 /* 1175 * Drain is called when stopping dataplane. Keep the host notifier detached 1176 * so it's not left dangling after dataplane is stopped. 1177 * 1178 * Also, don't attach if dataplane has not even been started yet. We're not 1179 * ready. 1180 */ 1181 if (s->dataplane_stopping || !s->dataplane_started) { 1182 return; 1183 } 1184 1185 for (uint32_t i = 0; i < total_queues; i++) { 1186 VirtQueue *vq = virtio_get_queue(vdev, i); 1187 virtio_queue_aio_attach_host_notifier(vq, s->ctx); 1188 } 1189 } 1190 1191 static struct SCSIBusInfo virtio_scsi_scsi_info = { 1192 .tcq = true, 1193 .max_channel = VIRTIO_SCSI_MAX_CHANNEL, 1194 .max_target = VIRTIO_SCSI_MAX_TARGET, 1195 .max_lun = VIRTIO_SCSI_MAX_LUN, 1196 1197 .complete = virtio_scsi_command_complete, 1198 .fail = virtio_scsi_command_failed, 1199 .cancel = virtio_scsi_request_cancelled, 1200 .change = virtio_scsi_change, 1201 .parse_cdb = virtio_scsi_parse_cdb, 1202 .get_sg_list = virtio_scsi_get_sg_list, 1203 .save_request = virtio_scsi_save_request, 1204 .load_request = virtio_scsi_load_request, 1205 .drained_begin = virtio_scsi_drained_begin, 1206 .drained_end = virtio_scsi_drained_end, 1207 }; 1208 1209 void virtio_scsi_common_realize(DeviceState *dev, 1210 VirtIOHandleOutput ctrl, 1211 VirtIOHandleOutput evt, 1212 VirtIOHandleOutput cmd, 1213 Error **errp) 1214 { 1215 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 1216 VirtIOSCSICommon *s = VIRTIO_SCSI_COMMON(dev); 1217 int i; 1218 1219 virtio_init(vdev, VIRTIO_ID_SCSI, sizeof(VirtIOSCSIConfig)); 1220 1221 if (s->conf.num_queues == VIRTIO_SCSI_AUTO_NUM_QUEUES) { 1222 s->conf.num_queues = 1; 1223 } 1224 if (s->conf.num_queues == 0 || 1225 s->conf.num_queues > VIRTIO_QUEUE_MAX - VIRTIO_SCSI_VQ_NUM_FIXED) { 1226 error_setg(errp, "Invalid number of queues (= %" PRIu32 "), " 1227 "must be a positive integer less than %d.", 1228 s->conf.num_queues, 1229 VIRTIO_QUEUE_MAX - VIRTIO_SCSI_VQ_NUM_FIXED); 1230 virtio_cleanup(vdev); 1231 return; 1232 } 1233 if (s->conf.virtqueue_size <= 2) { 1234 error_setg(errp, "invalid virtqueue_size property (= %" PRIu32 "), " 1235 "must be > 2", s->conf.virtqueue_size); 1236 return; 1237 } 1238 s->cmd_vqs = g_new0(VirtQueue *, s->conf.num_queues); 1239 s->sense_size = VIRTIO_SCSI_SENSE_DEFAULT_SIZE; 1240 s->cdb_size = VIRTIO_SCSI_CDB_DEFAULT_SIZE; 1241 1242 s->ctrl_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, ctrl); 1243 s->event_vq = virtio_add_queue(vdev, s->conf.virtqueue_size, evt); 1244 for (i = 0; i < s->conf.num_queues; i++) { 1245 s->cmd_vqs[i] = virtio_add_queue(vdev, s->conf.virtqueue_size, cmd); 1246 } 1247 } 1248 1249 static void virtio_scsi_device_realize(DeviceState *dev, Error **errp) 1250 { 1251 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 1252 VirtIOSCSI *s = VIRTIO_SCSI(dev); 1253 Error *err = NULL; 1254 1255 QTAILQ_INIT(&s->tmf_bh_list); 1256 qemu_mutex_init(&s->tmf_bh_lock); 1257 1258 virtio_scsi_common_realize(dev, 1259 virtio_scsi_handle_ctrl, 1260 virtio_scsi_handle_event, 1261 virtio_scsi_handle_cmd, 1262 &err); 1263 if (err != NULL) { 1264 error_propagate(errp, err); 1265 return; 1266 } 1267 1268 scsi_bus_init_named(&s->bus, sizeof(s->bus), dev, 1269 &virtio_scsi_scsi_info, vdev->bus_name); 1270 /* override default SCSI bus hotplug-handler, with virtio-scsi's one */ 1271 qbus_set_hotplug_handler(BUS(&s->bus), OBJECT(dev)); 1272 1273 virtio_scsi_dataplane_setup(s, errp); 1274 } 1275 1276 void virtio_scsi_common_unrealize(DeviceState *dev) 1277 { 1278 VirtIODevice *vdev = VIRTIO_DEVICE(dev); 1279 VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(dev); 1280 int i; 1281 1282 virtio_delete_queue(vs->ctrl_vq); 1283 virtio_delete_queue(vs->event_vq); 1284 for (i = 0; i < vs->conf.num_queues; i++) { 1285 virtio_delete_queue(vs->cmd_vqs[i]); 1286 } 1287 g_free(vs->cmd_vqs); 1288 virtio_cleanup(vdev); 1289 } 1290 1291 static void virtio_scsi_device_unrealize(DeviceState *dev) 1292 { 1293 VirtIOSCSI *s = VIRTIO_SCSI(dev); 1294 1295 virtio_scsi_reset_tmf_bh(s); 1296 1297 qbus_set_hotplug_handler(BUS(&s->bus), NULL); 1298 virtio_scsi_common_unrealize(dev); 1299 qemu_mutex_destroy(&s->tmf_bh_lock); 1300 } 1301 1302 static Property virtio_scsi_properties[] = { 1303 DEFINE_PROP_UINT32("num_queues", VirtIOSCSI, parent_obj.conf.num_queues, 1304 VIRTIO_SCSI_AUTO_NUM_QUEUES), 1305 DEFINE_PROP_UINT32("virtqueue_size", VirtIOSCSI, 1306 parent_obj.conf.virtqueue_size, 256), 1307 DEFINE_PROP_BOOL("seg_max_adjust", VirtIOSCSI, 1308 parent_obj.conf.seg_max_adjust, true), 1309 DEFINE_PROP_UINT32("max_sectors", VirtIOSCSI, parent_obj.conf.max_sectors, 1310 0xFFFF), 1311 DEFINE_PROP_UINT32("cmd_per_lun", VirtIOSCSI, parent_obj.conf.cmd_per_lun, 1312 128), 1313 DEFINE_PROP_BIT("hotplug", VirtIOSCSI, host_features, 1314 VIRTIO_SCSI_F_HOTPLUG, true), 1315 DEFINE_PROP_BIT("param_change", VirtIOSCSI, host_features, 1316 VIRTIO_SCSI_F_CHANGE, true), 1317 DEFINE_PROP_LINK("iothread", VirtIOSCSI, parent_obj.conf.iothread, 1318 TYPE_IOTHREAD, IOThread *), 1319 DEFINE_PROP_END_OF_LIST(), 1320 }; 1321 1322 static const VMStateDescription vmstate_virtio_scsi = { 1323 .name = "virtio-scsi", 1324 .minimum_version_id = 1, 1325 .version_id = 1, 1326 .fields = (VMStateField[]) { 1327 VMSTATE_VIRTIO_DEVICE, 1328 VMSTATE_END_OF_LIST() 1329 }, 1330 }; 1331 1332 static void virtio_scsi_common_class_init(ObjectClass *klass, void *data) 1333 { 1334 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1335 DeviceClass *dc = DEVICE_CLASS(klass); 1336 1337 vdc->get_config = virtio_scsi_get_config; 1338 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1339 } 1340 1341 static void virtio_scsi_class_init(ObjectClass *klass, void *data) 1342 { 1343 DeviceClass *dc = DEVICE_CLASS(klass); 1344 VirtioDeviceClass *vdc = VIRTIO_DEVICE_CLASS(klass); 1345 HotplugHandlerClass *hc = HOTPLUG_HANDLER_CLASS(klass); 1346 1347 device_class_set_props(dc, virtio_scsi_properties); 1348 dc->vmsd = &vmstate_virtio_scsi; 1349 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1350 vdc->realize = virtio_scsi_device_realize; 1351 vdc->unrealize = virtio_scsi_device_unrealize; 1352 vdc->set_config = virtio_scsi_set_config; 1353 vdc->get_features = virtio_scsi_get_features; 1354 vdc->reset = virtio_scsi_reset; 1355 vdc->start_ioeventfd = virtio_scsi_dataplane_start; 1356 vdc->stop_ioeventfd = virtio_scsi_dataplane_stop; 1357 hc->pre_plug = virtio_scsi_pre_hotplug; 1358 hc->plug = virtio_scsi_hotplug; 1359 hc->unplug = virtio_scsi_hotunplug; 1360 } 1361 1362 static const TypeInfo virtio_scsi_common_info = { 1363 .name = TYPE_VIRTIO_SCSI_COMMON, 1364 .parent = TYPE_VIRTIO_DEVICE, 1365 .instance_size = sizeof(VirtIOSCSICommon), 1366 .abstract = true, 1367 .class_init = virtio_scsi_common_class_init, 1368 }; 1369 1370 static const TypeInfo virtio_scsi_info = { 1371 .name = TYPE_VIRTIO_SCSI, 1372 .parent = TYPE_VIRTIO_SCSI_COMMON, 1373 .instance_size = sizeof(VirtIOSCSI), 1374 .class_init = virtio_scsi_class_init, 1375 .interfaces = (InterfaceInfo[]) { 1376 { TYPE_HOTPLUG_HANDLER }, 1377 { } 1378 } 1379 }; 1380 1381 static void virtio_register_types(void) 1382 { 1383 type_register_static(&virtio_scsi_common_info); 1384 type_register_static(&virtio_scsi_info); 1385 } 1386 1387 type_init(virtio_register_types) 1388