[mirror_qemu.git] / hw / block / dataplane / virtio-blk.c

/*
 * Dedicated thread for virtio-blk I/O processing
 *
 * Copyright 2012 IBM, Corp.
 * Copyright 2012 Red Hat, Inc. and/or its affiliates
 *
 * Authors:
 *   Stefan Hajnoczi <stefanha@redhat.com>
 *
 * This work is licensed under the terms of the GNU GPL, version 2 or later.
 * See the COPYING file in the top-level directory.
 *
 */

#include "trace.h"
#include "qemu/iov.h"
#include "qemu/thread.h"
#include "qemu/error-report.h"
#include "hw/virtio/dataplane/vring.h"
#include "ioq.h"
#include "block/block.h"
#include "hw/virtio/virtio-blk.h"
#include "virtio-blk.h"
#include "block/aio.h"
#include "hw/virtio/virtio-bus.h"

enum {
    SEG_MAX = 126,                  /* maximum number of I/O segments */
    VRING_MAX = SEG_MAX + 2,        /* maximum number of vring descriptors */
    REQ_MAX = VRING_MAX,            /* maximum number of requests in the vring,
                                     * is VRING_MAX / 2 with traditional and
                                     * VRING_MAX with indirect descriptors */
};

typedef struct {
    struct iocb iocb;               /* Linux AIO control block */
    QEMUIOVector *inhdr;            /* iovecs for virtio_blk_inhdr */
    unsigned int head;              /* vring descriptor index */
    struct iovec *bounce_iov;       /* used if guest buffers are unaligned */
    QEMUIOVector *read_qiov;        /* for read completion /w bounce buffer */
} VirtIOBlockRequest;

struct VirtIOBlockDataPlane {
    bool started;
    bool stopping;
    QEMUBH *start_bh;
    QemuThread thread;

    VirtIOBlkConf *blk;
    int fd;                         /* image file descriptor */

    VirtIODevice *vdev;
    Vring vring;                    /* virtqueue vring */
    EventNotifier *guest_notifier;  /* irq */

    /* Note that these EventNotifiers are assigned by value.  This is
     * fine as long as you do not call event_notifier_cleanup on them
     * (because you don't own the file descriptor or handle; you just
     * use it).
     */
    AioContext *ctx;
    EventNotifier io_notifier;      /* Linux AIO completion */
    EventNotifier host_notifier;    /* doorbell */

    IOQueue ioqueue;                /* Linux AIO queue (should really be per
                                       dataplane thread) */
    VirtIOBlockRequest requests[REQ_MAX]; /* pool of requests, managed by the
                                             queue */

    unsigned int num_reqs;
};

/* Raise an interrupt to signal guest, if necessary */
static void notify_guest(VirtIOBlockDataPlane *s)
{
    if (!vring_should_notify(s->vdev, &s->vring)) {
        return;
    }

    event_notifier_set(s->guest_notifier);
}

static void complete_request(struct iocb *iocb, ssize_t ret, void *opaque)
{
    VirtIOBlockDataPlane *s = opaque;
    VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
    struct virtio_blk_inhdr hdr;
    int len;

    if (likely(ret >= 0)) {
        hdr.status = VIRTIO_BLK_S_OK;
        len = ret;
    } else {
        hdr.status = VIRTIO_BLK_S_IOERR;
        len = 0;
    }

    trace_virtio_blk_data_plane_complete_request(s, req->head, ret);

    if (req->read_qiov) {
        assert(req->bounce_iov);
        qemu_iovec_from_buf(req->read_qiov, 0, req->bounce_iov->iov_base, len);
        qemu_iovec_destroy(req->read_qiov);
        g_slice_free(QEMUIOVector, req->read_qiov);
    }

    if (req->bounce_iov) {
        qemu_vfree(req->bounce_iov->iov_base);
        g_slice_free(struct iovec, req->bounce_iov);
    }

    qemu_iovec_from_buf(req->inhdr, 0, &hdr, sizeof(hdr));
    qemu_iovec_destroy(req->inhdr);
    g_slice_free(QEMUIOVector, req->inhdr);

    /* According to the virtio specification len should be the number of bytes
     * written to, but for virtio-blk it seems to be the number of bytes
     * transferred plus the status bytes.
     */
    vring_push(&s->vring, req->head, len + sizeof(hdr));

    s->num_reqs--;
}

static void complete_request_early(VirtIOBlockDataPlane *s, unsigned int head,
                                   QEMUIOVector *inhdr, unsigned char status)
{
    struct virtio_blk_inhdr hdr = {
        .status = status,
    };

    qemu_iovec_from_buf(inhdr, 0, &hdr, sizeof(hdr));
    qemu_iovec_destroy(inhdr);
    g_slice_free(QEMUIOVector, inhdr);

    vring_push(&s->vring, head, sizeof(hdr));
    notify_guest(s);
}

/* Get disk serial number */
static void do_get_id_cmd(VirtIOBlockDataPlane *s,
                          struct iovec *iov, unsigned int iov_cnt,
                          unsigned int head, QEMUIOVector *inhdr)
{
    char id[VIRTIO_BLK_ID_BYTES];

    /* Serial number not NUL-terminated when shorter than buffer */
    strncpy(id, s->blk->serial ? s->blk->serial : "", sizeof(id));
    iov_from_buf(iov, iov_cnt, 0, id, sizeof(id));
    complete_request_early(s, head, inhdr, VIRTIO_BLK_S_OK);
}

static int do_rdwr_cmd(VirtIOBlockDataPlane *s, bool read,
                       struct iovec *iov, unsigned int iov_cnt,
                       long long offset, unsigned int head,
                       QEMUIOVector *inhdr)
{
    struct iocb *iocb;
    QEMUIOVector qiov;
    struct iovec *bounce_iov = NULL;
    QEMUIOVector *read_qiov = NULL;

    qemu_iovec_init_external(&qiov, iov, iov_cnt);
    if (!bdrv_qiov_is_aligned(s->blk->conf.bs, &qiov)) {
        void *bounce_buffer = qemu_blockalign(s->blk->conf.bs, qiov.size);

        if (read) {
            /* Need to copy back from bounce buffer on completion */
            read_qiov = g_slice_new(QEMUIOVector);
            qemu_iovec_init(read_qiov, iov_cnt);
            qemu_iovec_concat_iov(read_qiov, iov, iov_cnt, 0, qiov.size);
        } else {
            qemu_iovec_to_buf(&qiov, 0, bounce_buffer, qiov.size);
        }

        /* Redirect I/O to aligned bounce buffer */
        bounce_iov = g_slice_new(struct iovec);
        bounce_iov->iov_base = bounce_buffer;
        bounce_iov->iov_len = qiov.size;
        iov = bounce_iov;
        iov_cnt = 1;
    }

    iocb = ioq_rdwr(&s->ioqueue, read, iov, iov_cnt, offset);

    /* Fill in virtio block metadata needed for completion */
    VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
    req->head = head;
    req->inhdr = inhdr;
    req->bounce_iov = bounce_iov;
    req->read_qiov = read_qiov;
    return 0;
}

static int process_request(IOQueue *ioq, struct iovec iov[],
                           unsigned int out_num, unsigned int in_num,
                           unsigned int head)
{
    VirtIOBlockDataPlane *s = container_of(ioq, VirtIOBlockDataPlane, ioqueue);
    struct iovec *in_iov = &iov[out_num];
    struct virtio_blk_outhdr outhdr;
    QEMUIOVector *inhdr;
    size_t in_size;

    /* Copy in outhdr */
    if (unlikely(iov_to_buf(iov, out_num, 0, &outhdr,
                            sizeof(outhdr)) != sizeof(outhdr))) {
        error_report("virtio-blk request outhdr too short");
        return -EFAULT;
    }
    iov_discard_front(&iov, &out_num, sizeof(outhdr));

    /* Grab inhdr for later */
    in_size = iov_size(in_iov, in_num);
    if (in_size < sizeof(struct virtio_blk_inhdr)) {
        error_report("virtio_blk request inhdr too short");
        return -EFAULT;
    }
    inhdr = g_slice_new(QEMUIOVector);
    qemu_iovec_init(inhdr, 1);
    qemu_iovec_concat_iov(inhdr, in_iov, in_num,
            in_size - sizeof(struct virtio_blk_inhdr),
            sizeof(struct virtio_blk_inhdr));
    iov_discard_back(in_iov, &in_num, sizeof(struct virtio_blk_inhdr));

    /* TODO Linux sets the barrier bit even when not advertised! */
    outhdr.type &= ~VIRTIO_BLK_T_BARRIER;

    switch (outhdr.type) {
    case VIRTIO_BLK_T_IN:
        do_rdwr_cmd(s, true, in_iov, in_num, outhdr.sector * 512, head, inhdr);
        return 0;

    case VIRTIO_BLK_T_OUT:
        do_rdwr_cmd(s, false, iov, out_num, outhdr.sector * 512, head, inhdr);
        return 0;

    case VIRTIO_BLK_T_SCSI_CMD:
        /* TODO support SCSI commands */
        complete_request_early(s, head, inhdr, VIRTIO_BLK_S_UNSUPP);
        return 0;

    case VIRTIO_BLK_T_FLUSH:
        /* TODO fdsync not supported by Linux AIO, do it synchronously here! */
        if (qemu_fdatasync(s->fd) < 0) {
            complete_request_early(s, head, inhdr, VIRTIO_BLK_S_IOERR);
        } else {
            complete_request_early(s, head, inhdr, VIRTIO_BLK_S_OK);
        }
        return 0;

    case VIRTIO_BLK_T_GET_ID:
        do_get_id_cmd(s, in_iov, in_num, head, inhdr);
        return 0;

    default:
        error_report("virtio-blk unsupported request type %#x", outhdr.type);
        qemu_iovec_destroy(inhdr);
        g_slice_free(QEMUIOVector, inhdr);
        return -EFAULT;
    }
}

static void handle_notify(EventNotifier *e)
{
    VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
                                           host_notifier);

    /* There is one array of iovecs into which all new requests are extracted
     * from the vring.  Requests are read from the vring and the translated
     * descriptors are written to the iovecs array.  The iovecs do not have to
     * persist across handle_notify() calls because the kernel copies the
     * iovecs on io_submit().
     *
     * Handling io_submit() EAGAIN may require storing the requests across
     * handle_notify() calls until the kernel has sufficient resources to
     * accept more I/O.  This is not implemented yet.
     */
    struct iovec iovec[VRING_MAX];
    struct iovec *end = &iovec[VRING_MAX];
    struct iovec *iov = iovec;

    /* When a request is read from the vring, the index of the first descriptor
     * (aka head) is returned so that the completed request can be pushed onto
     * the vring later.
     *
     * The number of hypervisor read-only iovecs is out_num.  The number of
     * hypervisor write-only iovecs is in_num.
     */
    int head;
    unsigned int out_num = 0, in_num = 0;
    unsigned int num_queued;

    event_notifier_test_and_clear(&s->host_notifier);
    for (;;) {
        /* Disable guest->host notifies to avoid unnecessary vmexits */
        vring_disable_notification(s->vdev, &s->vring);

        for (;;) {
            head = vring_pop(s->vdev, &s->vring, iov, end, &out_num, &in_num);
            if (head < 0) {
                break; /* no more requests */
            }

            trace_virtio_blk_data_plane_process_request(s, out_num, in_num,
                                                        head);

            if (process_request(&s->ioqueue, iov, out_num, in_num, head) < 0) {
                vring_set_broken(&s->vring);
                break;
            }
            iov += out_num + in_num;
        }

        if (likely(head == -EAGAIN)) { /* vring emptied */
            /* Re-enable guest->host notifies and stop processing the vring.
             * But if the guest has snuck in more descriptors, keep processing.
             */
            if (vring_enable_notification(s->vdev, &s->vring)) {
                break;
            }
        } else { /* head == -ENOBUFS or fatal error, iovecs[] is depleted */
            /* Since there are no iovecs[] left, stop processing for now.  Do
             * not re-enable guest->host notifies since the I/O completion
             * handler knows to check for more vring descriptors anyway.
             */
            break;
        }
    }

    num_queued = ioq_num_queued(&s->ioqueue);
    if (num_queued > 0) {
        s->num_reqs += num_queued;

        int rc = ioq_submit(&s->ioqueue);
        if (unlikely(rc < 0)) {
            fprintf(stderr, "ioq_submit failed %d\n", rc);
            exit(1);
        }
    }
}

static void handle_io(EventNotifier *e)
{
    VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
                                           io_notifier);

    event_notifier_test_and_clear(&s->io_notifier);
    if (ioq_run_completion(&s->ioqueue, complete_request, s) > 0) {
        notify_guest(s);
    }

    /* If there were more requests than iovecs, the vring will not be empty yet
     * so check again.  There should now be enough resources to process more
     * requests.
     */
    if (unlikely(vring_more_avail(&s->vring))) {
        handle_notify(&s->host_notifier);
    }
}

static void *data_plane_thread(void *opaque)
{
    VirtIOBlockDataPlane *s = opaque;

    while (!s->stopping || s->num_reqs > 0) {
        aio_poll(s->ctx, true);
    }
    return NULL;
}

static void start_data_plane_bh(void *opaque)
{
    VirtIOBlockDataPlane *s = opaque;

    qemu_bh_delete(s->start_bh);
    s->start_bh = NULL;
    qemu_thread_create(&s->thread, data_plane_thread,
                       s, QEMU_THREAD_JOINABLE);
}

bool virtio_blk_data_plane_create(VirtIODevice *vdev, VirtIOBlkConf *blk,
                                  VirtIOBlockDataPlane **dataplane)
{
    VirtIOBlockDataPlane *s;
    int fd;

    *dataplane = NULL;

    if (!blk->data_plane) {
        return true;
    }

    if (blk->scsi) {
        error_report("device is incompatible with x-data-plane, use scsi=off");
        return false;
    }

    if (blk->config_wce) {
        error_report("device is incompatible with x-data-plane, "
                     "use config-wce=off");
        return false;
    }

    /* If dataplane is (re-)enabled while the guest is running there could be
     * block jobs that can conflict.
     */
    if (bdrv_in_use(blk->conf.bs)) {
        error_report("cannot start dataplane thread while device is in use");
        return false;
    }

    fd = raw_get_aio_fd(blk->conf.bs);
    if (fd < 0) {
        error_report("drive is incompatible with x-data-plane, "
                     "use format=raw,cache=none,aio=native");
        return false;
    }

    s = g_new0(VirtIOBlockDataPlane, 1);
    s->vdev = vdev;
    s->fd = fd;
    s->blk = blk;

    /* Prevent block operations that conflict with data plane thread */
    bdrv_set_in_use(blk->conf.bs, 1);

    *dataplane = s;
    return true;
}

void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
{
    if (!s) {
        return;
    }

    virtio_blk_data_plane_stop(s);
    bdrv_set_in_use(s->blk->conf.bs, 0);
    g_free(s);
}

void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s)
{
    BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
    VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
    VirtQueue *vq;
    int i;

    if (s->started) {
        return;
    }

    vq = virtio_get_queue(s->vdev, 0);
    if (!vring_setup(&s->vring, s->vdev, 0)) {
        return;
    }

    s->ctx = aio_context_new();

    /* Set up guest notifier (irq) */
    if (k->set_guest_notifiers(qbus->parent, 1, true) != 0) {
        fprintf(stderr, "virtio-blk failed to set guest notifier, "
                "ensure -enable-kvm is set\n");
        exit(1);
    }
    s->guest_notifier = virtio_queue_get_guest_notifier(vq);

    /* Set up virtqueue notify */
    if (k->set_host_notifier(qbus->parent, 0, true) != 0) {
        fprintf(stderr, "virtio-blk failed to set host notifier\n");
        exit(1);
    }
    s->host_notifier = *virtio_queue_get_host_notifier(vq);
    aio_set_event_notifier(s->ctx, &s->host_notifier, handle_notify, NULL);

    /* Set up ioqueue */
    ioq_init(&s->ioqueue, s->fd, REQ_MAX);
    for (i = 0; i < ARRAY_SIZE(s->requests); i++) {
        ioq_put_iocb(&s->ioqueue, &s->requests[i].iocb);
    }
    s->io_notifier = *ioq_get_notifier(&s->ioqueue);
    aio_set_event_notifier(s->ctx, &s->io_notifier, handle_io, NULL);

    s->started = true;
    trace_virtio_blk_data_plane_start(s);

    /* Kick right away to begin processing requests already in vring */
    event_notifier_set(virtio_queue_get_host_notifier(vq));

    /* Spawn thread in BH so it inherits iothread cpusets */
    s->start_bh = qemu_bh_new(start_data_plane_bh, s);
    qemu_bh_schedule(s->start_bh);
}

void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
{
    BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
    VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
    if (!s->started || s->stopping) {
        return;
    }
    s->stopping = true;
    trace_virtio_blk_data_plane_stop(s);

    /* Stop thread or cancel pending thread creation BH */
    if (s->start_bh) {
        qemu_bh_delete(s->start_bh);
        s->start_bh = NULL;
    } else {
        aio_notify(s->ctx);
        qemu_thread_join(&s->thread);
    }

    aio_set_event_notifier(s->ctx, &s->io_notifier, NULL, NULL);
    ioq_cleanup(&s->ioqueue);

    aio_set_event_notifier(s->ctx, &s->host_notifier, NULL, NULL);
    k->set_host_notifier(qbus->parent, 0, false);

    aio_context_unref(s->ctx);

    /* Clean up guest notifier (irq) */
    k->set_guest_notifiers(qbus->parent, 1, false);

    vring_teardown(&s->vring, s->vdev, 0);
    s->started = false;
    s->stopping = false;
}
Commit	Line	Data
e72f66a0 SH	1	/*
	2	* Dedicated thread for virtio-blk I/O processing
	3	*
	4	* Copyright 2012 IBM, Corp.
	5	* Copyright 2012 Red Hat, Inc. and/or its affiliates
	6	*
	7	* Authors:
	8	* Stefan Hajnoczi <stefanha@redhat.com>
	9	*
	10	* This work is licensed under the terms of the GNU GPL, version 2 or later.
	11	* See the COPYING file in the top-level directory.
	12	*
	13	*/
	14
	15	#include "trace.h"
	16	#include "qemu/iov.h"
e72f66a0	17	#include "qemu/thread.h"
b4a42f81	18	#include "qemu/error-report.h"
0d09e41a	19	#include "hw/virtio/dataplane/vring.h"
e72f66a0	20	#include "ioq.h"
b4a42f81	21	#include "block/block.h"
0d09e41a PB	22	#include "hw/virtio/virtio-blk.h"
0d09e41a PB	23	#include "virtio-blk.h"
2c20e711	24	#include "block/aio.h"
1c819449	25	#include "hw/virtio/virtio-bus.h"
e72f66a0 SH	26
	27	enum {
	28	SEG_MAX = 126, /* maximum number of I/O segments */
	29	VRING_MAX = SEG_MAX + 2, /* maximum number of vring descriptors */
	30	REQ_MAX = VRING_MAX, /* maximum number of requests in the vring,
	31	* is VRING_MAX / 2 with traditional and
	32	* VRING_MAX with indirect descriptors */
	33	};
	34
	35	typedef struct {
	36	struct iocb iocb; /* Linux AIO control block */
	37	QEMUIOVector inhdr; / iovecs for virtio_blk_inhdr */
	38	unsigned int head; /* vring descriptor index */
de0161c0 SH	39	struct iovec bounce_iov; / used if guest buffers are unaligned */
de0161c0 SH	40	QEMUIOVector read_qiov; / for read completion /w bounce buffer */
e72f66a0 SH	41	} VirtIOBlockRequest;
	42
	43	struct VirtIOBlockDataPlane {
	44	bool started;
cd7fdfe5	45	bool stopping;
e72f66a0 SH	46	QEMUBH *start_bh;
	47	QemuThread thread;
	48
	49	VirtIOBlkConf *blk;
	50	int fd; /* image file descriptor */
	51
	52	VirtIODevice *vdev;
	53	Vring vring; /* virtqueue vring */
	54	EventNotifier guest_notifier; / irq */
	55
2c20e711 PB	56	/* Note that these EventNotifiers are assigned by value. This is
	57	* fine as long as you do not call event_notifier_cleanup on them
	58	* (because you don't own the file descriptor or handle; you just
	59	* use it).
	60	*/
	61	AioContext *ctx;
	62	EventNotifier io_notifier; /* Linux AIO completion */
	63	EventNotifier host_notifier; /* doorbell */
e72f66a0 SH	64
	65	IOQueue ioqueue; /* Linux AIO queue (should really be per
	66	dataplane thread) */
	67	VirtIOBlockRequest requests[REQ_MAX]; /* pool of requests, managed by the
	68	queue */
	69
	70	unsigned int num_reqs;
e72f66a0 SH	71	};
	72
	73	/* Raise an interrupt to signal guest, if necessary */
	74	static void notify_guest(VirtIOBlockDataPlane *s)
	75	{
	76	if (!vring_should_notify(s->vdev, &s->vring)) {
	77	return;
	78	}
	79
	80	event_notifier_set(s->guest_notifier);
	81	}
	82
	83	static void complete_request(struct iocb iocb, ssize_t ret, void opaque)
	84	{
	85	VirtIOBlockDataPlane *s = opaque;
	86	VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
	87	struct virtio_blk_inhdr hdr;
	88	int len;
	89
	90	if (likely(ret >= 0)) {
	91	hdr.status = VIRTIO_BLK_S_OK;
	92	len = ret;
	93	} else {
	94	hdr.status = VIRTIO_BLK_S_IOERR;
	95	len = 0;
	96	}
	97
	98	trace_virtio_blk_data_plane_complete_request(s, req->head, ret);
	99
de0161c0 SH	100	if (req->read_qiov) {
	101	assert(req->bounce_iov);
	102	qemu_iovec_from_buf(req->read_qiov, 0, req->bounce_iov->iov_base, len);
	103	qemu_iovec_destroy(req->read_qiov);
	104	g_slice_free(QEMUIOVector, req->read_qiov);
	105	}
	106
	107	if (req->bounce_iov) {
	108	qemu_vfree(req->bounce_iov->iov_base);
	109	g_slice_free(struct iovec, req->bounce_iov);
	110	}
	111
e72f66a0 SH	112	qemu_iovec_from_buf(req->inhdr, 0, &hdr, sizeof(hdr));
	113	qemu_iovec_destroy(req->inhdr);
	114	g_slice_free(QEMUIOVector, req->inhdr);
	115
	116	/* According to the virtio specification len should be the number of bytes
	117	* written to, but for virtio-blk it seems to be the number of bytes
	118	* transferred plus the status bytes.
	119	*/
	120	vring_push(&s->vring, req->head, len + sizeof(hdr));
	121
	122	s->num_reqs--;
	123	}
	124
	125	static void complete_request_early(VirtIOBlockDataPlane *s, unsigned int head,
	126	QEMUIOVector *inhdr, unsigned char status)
	127	{
	128	struct virtio_blk_inhdr hdr = {
	129	.status = status,
	130	};
	131
	132	qemu_iovec_from_buf(inhdr, 0, &hdr, sizeof(hdr));
	133	qemu_iovec_destroy(inhdr);
	134	g_slice_free(QEMUIOVector, inhdr);
	135
	136	vring_push(&s->vring, head, sizeof(hdr));
	137	notify_guest(s);
	138	}
	139
	140	/* Get disk serial number */
	141	static void do_get_id_cmd(VirtIOBlockDataPlane *s,
	142	struct iovec *iov, unsigned int iov_cnt,
	143	unsigned int head, QEMUIOVector *inhdr)
	144	{
	145	char id[VIRTIO_BLK_ID_BYTES];
	146
	147	/* Serial number not NUL-terminated when shorter than buffer */
	148	strncpy(id, s->blk->serial ? s->blk->serial : "", sizeof(id));
	149	iov_from_buf(iov, iov_cnt, 0, id, sizeof(id));
	150	complete_request_early(s, head, inhdr, VIRTIO_BLK_S_OK);
	151	}
	152
b5ef1aab SH	153	static int do_rdwr_cmd(VirtIOBlockDataPlane *s, bool read,
	154	struct iovec *iov, unsigned int iov_cnt,
	155	long long offset, unsigned int head,
	156	QEMUIOVector *inhdr)
	157	{
	158	struct iocb *iocb;
de0161c0 SH	159	QEMUIOVector qiov;
	160	struct iovec *bounce_iov = NULL;
	161	QEMUIOVector *read_qiov = NULL;
	162
	163	qemu_iovec_init_external(&qiov, iov, iov_cnt);
	164	if (!bdrv_qiov_is_aligned(s->blk->conf.bs, &qiov)) {
	165	void *bounce_buffer = qemu_blockalign(s->blk->conf.bs, qiov.size);
	166
	167	if (read) {
	168	/* Need to copy back from bounce buffer on completion */
	169	read_qiov = g_slice_new(QEMUIOVector);
	170	qemu_iovec_init(read_qiov, iov_cnt);
	171	qemu_iovec_concat_iov(read_qiov, iov, iov_cnt, 0, qiov.size);
	172	} else {
	173	qemu_iovec_to_buf(&qiov, 0, bounce_buffer, qiov.size);
	174	}
	175
	176	/* Redirect I/O to aligned bounce buffer */
	177	bounce_iov = g_slice_new(struct iovec);
	178	bounce_iov->iov_base = bounce_buffer;
	179	bounce_iov->iov_len = qiov.size;
	180	iov = bounce_iov;
	181	iov_cnt = 1;
	182	}
b5ef1aab SH	183
	184	iocb = ioq_rdwr(&s->ioqueue, read, iov, iov_cnt, offset);
	185
	186	/* Fill in virtio block metadata needed for completion */
	187	VirtIOBlockRequest *req = container_of(iocb, VirtIOBlockRequest, iocb);
	188	req->head = head;
	189	req->inhdr = inhdr;
de0161c0 SH	190	req->bounce_iov = bounce_iov;
de0161c0 SH	191	req->read_qiov = read_qiov;
b5ef1aab SH	192	return 0;
	193	}
	194
e72f66a0 SH	195	static int process_request(IOQueue *ioq, struct iovec iov[],
	196	unsigned int out_num, unsigned int in_num,
	197	unsigned int head)
	198	{
	199	VirtIOBlockDataPlane *s = container_of(ioq, VirtIOBlockDataPlane, ioqueue);
	200	struct iovec *in_iov = &iov[out_num];
	201	struct virtio_blk_outhdr outhdr;
	202	QEMUIOVector *inhdr;
	203	size_t in_size;
e72f66a0 SH	204
	205	/* Copy in outhdr */
	206	if (unlikely(iov_to_buf(iov, out_num, 0, &outhdr,
	207	sizeof(outhdr)) != sizeof(outhdr))) {
	208	error_report("virtio-blk request outhdr too short");
	209	return -EFAULT;
	210	}
	211	iov_discard_front(&iov, &out_num, sizeof(outhdr));
	212
	213	/* Grab inhdr for later */
	214	in_size = iov_size(in_iov, in_num);
	215	if (in_size < sizeof(struct virtio_blk_inhdr)) {
	216	error_report("virtio_blk request inhdr too short");
	217	return -EFAULT;
	218	}
	219	inhdr = g_slice_new(QEMUIOVector);
	220	qemu_iovec_init(inhdr, 1);
	221	qemu_iovec_concat_iov(inhdr, in_iov, in_num,
	222	in_size - sizeof(struct virtio_blk_inhdr),
	223	sizeof(struct virtio_blk_inhdr));
	224	iov_discard_back(in_iov, &in_num, sizeof(struct virtio_blk_inhdr));
	225
	226	/* TODO Linux sets the barrier bit even when not advertised! */
	227	outhdr.type &= ~VIRTIO_BLK_T_BARRIER;
	228
	229	switch (outhdr.type) {
	230	case VIRTIO_BLK_T_IN:
b5ef1aab SH	231	do_rdwr_cmd(s, true, in_iov, in_num, outhdr.sector * 512, head, inhdr);
b5ef1aab SH	232	return 0;
e72f66a0 SH	233
e72f66a0 SH	234	case VIRTIO_BLK_T_OUT:
b5ef1aab SH	235	do_rdwr_cmd(s, false, iov, out_num, outhdr.sector * 512, head, inhdr);
b5ef1aab SH	236	return 0;
e72f66a0 SH	237
	238	case VIRTIO_BLK_T_SCSI_CMD:
	239	/* TODO support SCSI commands */
	240	complete_request_early(s, head, inhdr, VIRTIO_BLK_S_UNSUPP);
	241	return 0;
	242
	243	case VIRTIO_BLK_T_FLUSH:
	244	/* TODO fdsync not supported by Linux AIO, do it synchronously here! */
	245	if (qemu_fdatasync(s->fd) < 0) {
	246	complete_request_early(s, head, inhdr, VIRTIO_BLK_S_IOERR);
	247	} else {
	248	complete_request_early(s, head, inhdr, VIRTIO_BLK_S_OK);
	249	}
	250	return 0;
	251
	252	case VIRTIO_BLK_T_GET_ID:
	253	do_get_id_cmd(s, in_iov, in_num, head, inhdr);
	254	return 0;
	255
	256	default:
	257	error_report("virtio-blk unsupported request type %#x", outhdr.type);
	258	qemu_iovec_destroy(inhdr);
	259	g_slice_free(QEMUIOVector, inhdr);
	260	return -EFAULT;
	261	}
e72f66a0 SH	262	}
e72f66a0 SH	263
2c20e711	264	static void handle_notify(EventNotifier *e)
e72f66a0	265	{
2c20e711 PB	266	VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
2c20e711 PB	267	host_notifier);
e72f66a0 SH	268
	269	/* There is one array of iovecs into which all new requests are extracted
	270	* from the vring. Requests are read from the vring and the translated
	271	* descriptors are written to the iovecs array. The iovecs do not have to
	272	* persist across handle_notify() calls because the kernel copies the
	273	* iovecs on io_submit().
	274	*
	275	* Handling io_submit() EAGAIN may require storing the requests across
	276	* handle_notify() calls until the kernel has sufficient resources to
	277	* accept more I/O. This is not implemented yet.
	278	*/
	279	struct iovec iovec[VRING_MAX];
	280	struct iovec *end = &iovec[VRING_MAX];
	281	struct iovec *iov = iovec;
	282
	283	/* When a request is read from the vring, the index of the first descriptor
	284	* (aka head) is returned so that the completed request can be pushed onto
	285	* the vring later.
	286	*
	287	* The number of hypervisor read-only iovecs is out_num. The number of
	288	* hypervisor write-only iovecs is in_num.
	289	*/
	290	int head;
	291	unsigned int out_num = 0, in_num = 0;
	292	unsigned int num_queued;
	293
2c20e711	294	event_notifier_test_and_clear(&s->host_notifier);
e72f66a0 SH	295	for (;;) {
	296	/* Disable guest->host notifies to avoid unnecessary vmexits */
	297	vring_disable_notification(s->vdev, &s->vring);
	298
	299	for (;;) {
	300	head = vring_pop(s->vdev, &s->vring, iov, end, &out_num, &in_num);
	301	if (head < 0) {
	302	break; /* no more requests */
	303	}
	304
	305	trace_virtio_blk_data_plane_process_request(s, out_num, in_num,
	306	head);
	307
	308	if (process_request(&s->ioqueue, iov, out_num, in_num, head) < 0) {
	309	vring_set_broken(&s->vring);
	310	break;
	311	}
	312	iov += out_num + in_num;
	313	}
	314
	315	if (likely(head == -EAGAIN)) { /* vring emptied */
	316	/* Re-enable guest->host notifies and stop processing the vring.
	317	* But if the guest has snuck in more descriptors, keep processing.
	318	*/
	319	if (vring_enable_notification(s->vdev, &s->vring)) {
	320	break;
	321	}
	322	} else { /* head == -ENOBUFS or fatal error, iovecs[] is depleted */
	323	/* Since there are no iovecs[] left, stop processing for now. Do
	324	* not re-enable guest->host notifies since the I/O completion
	325	* handler knows to check for more vring descriptors anyway.
	326	*/
	327	break;
	328	}
	329	}
	330
	331	num_queued = ioq_num_queued(&s->ioqueue);
	332	if (num_queued > 0) {
	333	s->num_reqs += num_queued;
	334
	335	int rc = ioq_submit(&s->ioqueue);
	336	if (unlikely(rc < 0)) {
	337	fprintf(stderr, "ioq_submit failed %d\n", rc);
	338	exit(1);
	339	}
	340	}
	341	}
	342
2c20e711	343	static void handle_io(EventNotifier *e)
e72f66a0	344	{
2c20e711 PB	345	VirtIOBlockDataPlane *s = container_of(e, VirtIOBlockDataPlane,
2c20e711 PB	346	io_notifier);
e72f66a0	347
2c20e711	348	event_notifier_test_and_clear(&s->io_notifier);
e72f66a0 SH	349	if (ioq_run_completion(&s->ioqueue, complete_request, s) > 0) {
	350	notify_guest(s);
	351	}
	352
	353	/* If there were more requests than iovecs, the vring will not be empty yet
	354	* so check again. There should now be enough resources to process more
	355	* requests.
	356	*/
	357	if (unlikely(vring_more_avail(&s->vring))) {
2c20e711	358	handle_notify(&s->host_notifier);
e72f66a0 SH	359	}
	360	}
	361
	362	static void data_plane_thread(void opaque)
	363	{
	364	VirtIOBlockDataPlane *s = opaque;
	365
bf0da4df	366	while (!s->stopping \|\| s->num_reqs > 0) {
2c20e711	367	aio_poll(s->ctx, true);
bf0da4df	368	}
e72f66a0 SH	369	return NULL;
	370	}
	371
	372	static void start_data_plane_bh(void *opaque)
	373	{
	374	VirtIOBlockDataPlane *s = opaque;
	375
	376	qemu_bh_delete(s->start_bh);
	377	s->start_bh = NULL;
	378	qemu_thread_create(&s->thread, data_plane_thread,
	379	s, QEMU_THREAD_JOINABLE);
	380	}
	381
	382	bool virtio_blk_data_plane_create(VirtIODevice vdev, VirtIOBlkConf blk,
	383	VirtIOBlockDataPlane **dataplane)
	384	{
	385	VirtIOBlockDataPlane *s;
	386	int fd;
	387
	388	*dataplane = NULL;
	389
	390	if (!blk->data_plane) {
	391	return true;
	392	}
	393
	394	if (blk->scsi) {
	395	error_report("device is incompatible with x-data-plane, use scsi=off");
	396	return false;
	397	}
	398
	399	if (blk->config_wce) {
	400	error_report("device is incompatible with x-data-plane, "
	401	"use config-wce=off");
	402	return false;
	403	}
	404
b0f2027c SH	405	/* If dataplane is (re-)enabled while the guest is running there could be
	406	* block jobs that can conflict.
	407	*/
	408	if (bdrv_in_use(blk->conf.bs)) {
	409	error_report("cannot start dataplane thread while device is in use");
	410	return false;
	411	}
	412
e72f66a0 SH	413	fd = raw_get_aio_fd(blk->conf.bs);
	414	if (fd < 0) {
	415	error_report("drive is incompatible with x-data-plane, "
	416	"use format=raw,cache=none,aio=native");
	417	return false;
	418	}
	419
	420	s = g_new0(VirtIOBlockDataPlane, 1);
	421	s->vdev = vdev;
	422	s->fd = fd;
	423	s->blk = blk;
	424
	425	/* Prevent block operations that conflict with data plane thread */
	426	bdrv_set_in_use(blk->conf.bs, 1);
	427
e72f66a0 SH	428	*dataplane = s;
	429	return true;
	430	}
	431
	432	void virtio_blk_data_plane_destroy(VirtIOBlockDataPlane *s)
	433	{
	434	if (!s) {
	435	return;
	436	}
	437
	438	virtio_blk_data_plane_stop(s);
e72f66a0 SH	439	bdrv_set_in_use(s->blk->conf.bs, 0);
	440	g_free(s);
	441	}
	442
	443	void virtio_blk_data_plane_start(VirtIOBlockDataPlane *s)
	444	{
1c819449 FK	445	BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
1c819449 FK	446	VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
e72f66a0 SH	447	VirtQueue *vq;
	448	int i;
	449
	450	if (s->started) {
	451	return;
	452	}
	453
	454	vq = virtio_get_queue(s->vdev, 0);
	455	if (!vring_setup(&s->vring, s->vdev, 0)) {
	456	return;
	457	}
	458
2c20e711	459	s->ctx = aio_context_new();
e72f66a0 SH	460
e72f66a0 SH	461	/* Set up guest notifier (irq) */
1c819449	462	if (k->set_guest_notifiers(qbus->parent, 1, true) != 0) {
e72f66a0 SH	463	fprintf(stderr, "virtio-blk failed to set guest notifier, "
	464	"ensure -enable-kvm is set\n");
	465	exit(1);
	466	}
	467	s->guest_notifier = virtio_queue_get_guest_notifier(vq);
	468
	469	/* Set up virtqueue notify */
1c819449	470	if (k->set_host_notifier(qbus->parent, 0, true) != 0) {
e72f66a0 SH	471	fprintf(stderr, "virtio-blk failed to set host notifier\n");
	472	exit(1);
	473	}
2c20e711	474	s->host_notifier = *virtio_queue_get_host_notifier(vq);
ce689368	475	aio_set_event_notifier(s->ctx, &s->host_notifier, handle_notify, NULL);
e72f66a0 SH	476
	477	/* Set up ioqueue */
	478	ioq_init(&s->ioqueue, s->fd, REQ_MAX);
	479	for (i = 0; i < ARRAY_SIZE(s->requests); i++) {
	480	ioq_put_iocb(&s->ioqueue, &s->requests[i].iocb);
	481	}
2c20e711	482	s->io_notifier = *ioq_get_notifier(&s->ioqueue);
ce689368	483	aio_set_event_notifier(s->ctx, &s->io_notifier, handle_io, NULL);
e72f66a0 SH	484
	485	s->started = true;
	486	trace_virtio_blk_data_plane_start(s);
	487
	488	/* Kick right away to begin processing requests already in vring */
	489	event_notifier_set(virtio_queue_get_host_notifier(vq));
	490
	491	/* Spawn thread in BH so it inherits iothread cpusets */
	492	s->start_bh = qemu_bh_new(start_data_plane_bh, s);
	493	qemu_bh_schedule(s->start_bh);
	494	}
	495
	496	void virtio_blk_data_plane_stop(VirtIOBlockDataPlane *s)
	497	{
1c819449 FK	498	BusState *qbus = BUS(qdev_get_parent_bus(DEVICE(s->vdev)));
1c819449 FK	499	VirtioBusClass *k = VIRTIO_BUS_GET_CLASS(qbus);
cd7fdfe5	500	if (!s->started \|\| s->stopping) {
e72f66a0 SH	501	return;
e72f66a0 SH	502	}
cd7fdfe5	503	s->stopping = true;
e72f66a0 SH	504	trace_virtio_blk_data_plane_stop(s);
	505
	506	/* Stop thread or cancel pending thread creation BH */
	507	if (s->start_bh) {
	508	qemu_bh_delete(s->start_bh);
	509	s->start_bh = NULL;
	510	} else {
2c20e711	511	aio_notify(s->ctx);
e72f66a0 SH	512	qemu_thread_join(&s->thread);
	513	}
	514
2c20e711	515	aio_set_event_notifier(s->ctx, &s->io_notifier, NULL, NULL);
e72f66a0 SH	516	ioq_cleanup(&s->ioqueue);
e72f66a0 SH	517
2c20e711	518	aio_set_event_notifier(s->ctx, &s->host_notifier, NULL, NULL);
1c819449	519	k->set_host_notifier(qbus->parent, 0, false);
e72f66a0	520
2c20e711	521	aio_context_unref(s->ctx);
e72f66a0 SH	522
e72f66a0 SH	523	/* Clean up guest notifier (irq) */
1c819449	524	k->set_guest_notifiers(qbus->parent, 1, false);
e72f66a0	525
9154b02c	526	vring_teardown(&s->vring, s->vdev, 0);
cd7fdfe5 SH	527	s->started = false;
cd7fdfe5 SH	528	s->stopping = false;
e72f66a0	529	}