bcache: fix use-after-free in register_bcache()
[platform/kernel/linux-rpi.git] / drivers / md / dm-rq.c
1 /*
2  * Copyright (C) 2016 Red Hat, Inc. All rights reserved.
3  *
4  * This file is released under the GPL.
5  */
6
7 #include "dm-core.h"
8 #include "dm-rq.h"
9
10 #include <linux/elevator.h> /* for rq_end_sector() */
11 #include <linux/blk-mq.h>
12
13 #define DM_MSG_PREFIX "core-rq"
14
15 /*
16  * One of these is allocated per request.
17  */
18 struct dm_rq_target_io {
19         struct mapped_device *md;
20         struct dm_target *ti;
21         struct request *orig, *clone;
22         struct kthread_work work;
23         blk_status_t error;
24         union map_info info;
25         struct dm_stats_aux stats_aux;
26         unsigned long duration_jiffies;
27         unsigned n_sectors;
28         unsigned completed;
29 };
30
31 #define DM_MQ_NR_HW_QUEUES 1
32 #define DM_MQ_QUEUE_DEPTH 2048
33 static unsigned dm_mq_nr_hw_queues = DM_MQ_NR_HW_QUEUES;
34 static unsigned dm_mq_queue_depth = DM_MQ_QUEUE_DEPTH;
35
36 /*
37  * Request-based DM's mempools' reserved IOs set by the user.
38  */
39 #define RESERVED_REQUEST_BASED_IOS      256
40 static unsigned reserved_rq_based_ios = RESERVED_REQUEST_BASED_IOS;
41
42 unsigned dm_get_reserved_rq_based_ios(void)
43 {
44         return __dm_get_module_param(&reserved_rq_based_ios,
45                                      RESERVED_REQUEST_BASED_IOS, DM_RESERVED_MAX_IOS);
46 }
47 EXPORT_SYMBOL_GPL(dm_get_reserved_rq_based_ios);
48
49 static unsigned dm_get_blk_mq_nr_hw_queues(void)
50 {
51         return __dm_get_module_param(&dm_mq_nr_hw_queues, 1, 32);
52 }
53
54 static unsigned dm_get_blk_mq_queue_depth(void)
55 {
56         return __dm_get_module_param(&dm_mq_queue_depth,
57                                      DM_MQ_QUEUE_DEPTH, BLK_MQ_MAX_DEPTH);
58 }
59
60 int dm_request_based(struct mapped_device *md)
61 {
62         return queue_is_mq(md->queue);
63 }
64
65 void dm_start_queue(struct request_queue *q)
66 {
67         blk_mq_unquiesce_queue(q);
68         blk_mq_kick_requeue_list(q);
69 }
70
71 void dm_stop_queue(struct request_queue *q)
72 {
73         if (blk_mq_queue_stopped(q))
74                 return;
75
76         blk_mq_quiesce_queue(q);
77 }
78
79 /*
80  * Partial completion handling for request-based dm
81  */
82 static void end_clone_bio(struct bio *clone)
83 {
84         struct dm_rq_clone_bio_info *info =
85                 container_of(clone, struct dm_rq_clone_bio_info, clone);
86         struct dm_rq_target_io *tio = info->tio;
87         unsigned int nr_bytes = info->orig->bi_iter.bi_size;
88         blk_status_t error = clone->bi_status;
89         bool is_last = !clone->bi_next;
90
91         bio_put(clone);
92
93         if (tio->error)
94                 /*
95                  * An error has already been detected on the request.
96                  * Once error occurred, just let clone->end_io() handle
97                  * the remainder.
98                  */
99                 return;
100         else if (error) {
101                 /*
102                  * Don't notice the error to the upper layer yet.
103                  * The error handling decision is made by the target driver,
104                  * when the request is completed.
105                  */
106                 tio->error = error;
107                 goto exit;
108         }
109
110         /*
111          * I/O for the bio successfully completed.
112          * Notice the data completion to the upper layer.
113          */
114         tio->completed += nr_bytes;
115
116         /*
117          * Update the original request.
118          * Do not use blk_mq_end_request() here, because it may complete
119          * the original request before the clone, and break the ordering.
120          */
121         if (is_last)
122  exit:
123                 blk_update_request(tio->orig, BLK_STS_OK, tio->completed);
124 }
125
126 static struct dm_rq_target_io *tio_from_request(struct request *rq)
127 {
128         return blk_mq_rq_to_pdu(rq);
129 }
130
131 static void rq_end_stats(struct mapped_device *md, struct request *orig)
132 {
133         if (unlikely(dm_stats_used(&md->stats))) {
134                 struct dm_rq_target_io *tio = tio_from_request(orig);
135                 tio->duration_jiffies = jiffies - tio->duration_jiffies;
136                 dm_stats_account_io(&md->stats, rq_data_dir(orig),
137                                     blk_rq_pos(orig), tio->n_sectors, true,
138                                     tio->duration_jiffies, &tio->stats_aux);
139         }
140 }
141
142 /*
143  * Don't touch any member of the md after calling this function because
144  * the md may be freed in dm_put() at the end of this function.
145  * Or do dm_get() before calling this function and dm_put() later.
146  */
147 static void rq_completed(struct mapped_device *md)
148 {
149         /* nudge anyone waiting on suspend queue */
150         if (unlikely(wq_has_sleeper(&md->wait)))
151                 wake_up(&md->wait);
152
153         /*
154          * dm_put() must be at the end of this function. See the comment above
155          */
156         dm_put(md);
157 }
158
159 /*
160  * Complete the clone and the original request.
161  * Must be called without clone's queue lock held,
162  * see end_clone_request() for more details.
163  */
164 static void dm_end_request(struct request *clone, blk_status_t error)
165 {
166         struct dm_rq_target_io *tio = clone->end_io_data;
167         struct mapped_device *md = tio->md;
168         struct request *rq = tio->orig;
169
170         blk_rq_unprep_clone(clone);
171         tio->ti->type->release_clone_rq(clone, NULL);
172
173         rq_end_stats(md, rq);
174         blk_mq_end_request(rq, error);
175         rq_completed(md);
176 }
177
178 static void __dm_mq_kick_requeue_list(struct request_queue *q, unsigned long msecs)
179 {
180         blk_mq_delay_kick_requeue_list(q, msecs);
181 }
182
183 void dm_mq_kick_requeue_list(struct mapped_device *md)
184 {
185         __dm_mq_kick_requeue_list(dm_get_md_queue(md), 0);
186 }
187 EXPORT_SYMBOL(dm_mq_kick_requeue_list);
188
189 static void dm_mq_delay_requeue_request(struct request *rq, unsigned long msecs)
190 {
191         blk_mq_requeue_request(rq, false);
192         __dm_mq_kick_requeue_list(rq->q, msecs);
193 }
194
195 static void dm_requeue_original_request(struct dm_rq_target_io *tio, bool delay_requeue)
196 {
197         struct mapped_device *md = tio->md;
198         struct request *rq = tio->orig;
199         unsigned long delay_ms = delay_requeue ? 100 : 0;
200
201         rq_end_stats(md, rq);
202         if (tio->clone) {
203                 blk_rq_unprep_clone(tio->clone);
204                 tio->ti->type->release_clone_rq(tio->clone, NULL);
205         }
206
207         dm_mq_delay_requeue_request(rq, delay_ms);
208         rq_completed(md);
209 }
210
211 static void dm_done(struct request *clone, blk_status_t error, bool mapped)
212 {
213         int r = DM_ENDIO_DONE;
214         struct dm_rq_target_io *tio = clone->end_io_data;
215         dm_request_endio_fn rq_end_io = NULL;
216
217         if (tio->ti) {
218                 rq_end_io = tio->ti->type->rq_end_io;
219
220                 if (mapped && rq_end_io)
221                         r = rq_end_io(tio->ti, clone, error, &tio->info);
222         }
223
224         if (unlikely(error == BLK_STS_TARGET)) {
225                 if (req_op(clone) == REQ_OP_DISCARD &&
226                     !clone->q->limits.max_discard_sectors)
227                         disable_discard(tio->md);
228                 else if (req_op(clone) == REQ_OP_WRITE_SAME &&
229                          !clone->q->limits.max_write_same_sectors)
230                         disable_write_same(tio->md);
231                 else if (req_op(clone) == REQ_OP_WRITE_ZEROES &&
232                          !clone->q->limits.max_write_zeroes_sectors)
233                         disable_write_zeroes(tio->md);
234         }
235
236         switch (r) {
237         case DM_ENDIO_DONE:
238                 /* The target wants to complete the I/O */
239                 dm_end_request(clone, error);
240                 break;
241         case DM_ENDIO_INCOMPLETE:
242                 /* The target will handle the I/O */
243                 return;
244         case DM_ENDIO_REQUEUE:
245                 /* The target wants to requeue the I/O */
246                 dm_requeue_original_request(tio, false);
247                 break;
248         case DM_ENDIO_DELAY_REQUEUE:
249                 /* The target wants to requeue the I/O after a delay */
250                 dm_requeue_original_request(tio, true);
251                 break;
252         default:
253                 DMWARN("unimplemented target endio return value: %d", r);
254                 BUG();
255         }
256 }
257
258 /*
259  * Request completion handler for request-based dm
260  */
261 static void dm_softirq_done(struct request *rq)
262 {
263         bool mapped = true;
264         struct dm_rq_target_io *tio = tio_from_request(rq);
265         struct request *clone = tio->clone;
266
267         if (!clone) {
268                 struct mapped_device *md = tio->md;
269
270                 rq_end_stats(md, rq);
271                 blk_mq_end_request(rq, tio->error);
272                 rq_completed(md);
273                 return;
274         }
275
276         if (rq->rq_flags & RQF_FAILED)
277                 mapped = false;
278
279         dm_done(clone, tio->error, mapped);
280 }
281
282 /*
283  * Complete the clone and the original request with the error status
284  * through softirq context.
285  */
286 static void dm_complete_request(struct request *rq, blk_status_t error)
287 {
288         struct dm_rq_target_io *tio = tio_from_request(rq);
289
290         tio->error = error;
291         blk_mq_complete_request(rq);
292 }
293
294 /*
295  * Complete the not-mapped clone and the original request with the error status
296  * through softirq context.
297  * Target's rq_end_io() function isn't called.
298  * This may be used when the target's clone_and_map_rq() function fails.
299  */
300 static void dm_kill_unmapped_request(struct request *rq, blk_status_t error)
301 {
302         rq->rq_flags |= RQF_FAILED;
303         dm_complete_request(rq, error);
304 }
305
306 static void end_clone_request(struct request *clone, blk_status_t error)
307 {
308         struct dm_rq_target_io *tio = clone->end_io_data;
309
310         dm_complete_request(tio->orig, error);
311 }
312
313 static blk_status_t dm_dispatch_clone_request(struct request *clone, struct request *rq)
314 {
315         blk_status_t r;
316
317         if (blk_queue_io_stat(clone->q))
318                 clone->rq_flags |= RQF_IO_STAT;
319
320         clone->start_time_ns = ktime_get_ns();
321         r = blk_insert_cloned_request(clone->q, clone);
322         if (r != BLK_STS_OK && r != BLK_STS_RESOURCE && r != BLK_STS_DEV_RESOURCE)
323                 /* must complete clone in terms of original request */
324                 dm_complete_request(rq, r);
325         return r;
326 }
327
328 static int dm_rq_bio_constructor(struct bio *bio, struct bio *bio_orig,
329                                  void *data)
330 {
331         struct dm_rq_target_io *tio = data;
332         struct dm_rq_clone_bio_info *info =
333                 container_of(bio, struct dm_rq_clone_bio_info, clone);
334
335         info->orig = bio_orig;
336         info->tio = tio;
337         bio->bi_end_io = end_clone_bio;
338
339         return 0;
340 }
341
342 static int setup_clone(struct request *clone, struct request *rq,
343                        struct dm_rq_target_io *tio, gfp_t gfp_mask)
344 {
345         int r;
346
347         r = blk_rq_prep_clone(clone, rq, &tio->md->bs, gfp_mask,
348                               dm_rq_bio_constructor, tio);
349         if (r)
350                 return r;
351
352         clone->end_io = end_clone_request;
353         clone->end_io_data = tio;
354
355         tio->clone = clone;
356
357         return 0;
358 }
359
360 static void init_tio(struct dm_rq_target_io *tio, struct request *rq,
361                      struct mapped_device *md)
362 {
363         tio->md = md;
364         tio->ti = NULL;
365         tio->clone = NULL;
366         tio->orig = rq;
367         tio->error = 0;
368         tio->completed = 0;
369         /*
370          * Avoid initializing info for blk-mq; it passes
371          * target-specific data through info.ptr
372          * (see: dm_mq_init_request)
373          */
374         if (!md->init_tio_pdu)
375                 memset(&tio->info, 0, sizeof(tio->info));
376 }
377
378 /*
379  * Returns:
380  * DM_MAPIO_*       : the request has been processed as indicated
381  * DM_MAPIO_REQUEUE : the original request needs to be immediately requeued
382  * < 0              : the request was completed due to failure
383  */
384 static int map_request(struct dm_rq_target_io *tio)
385 {
386         int r;
387         struct dm_target *ti = tio->ti;
388         struct mapped_device *md = tio->md;
389         struct request *rq = tio->orig;
390         struct request *clone = NULL;
391         blk_status_t ret;
392
393         r = ti->type->clone_and_map_rq(ti, rq, &tio->info, &clone);
394         switch (r) {
395         case DM_MAPIO_SUBMITTED:
396                 /* The target has taken the I/O to submit by itself later */
397                 break;
398         case DM_MAPIO_REMAPPED:
399                 if (setup_clone(clone, rq, tio, GFP_ATOMIC)) {
400                         /* -ENOMEM */
401                         ti->type->release_clone_rq(clone, &tio->info);
402                         return DM_MAPIO_REQUEUE;
403                 }
404
405                 /* The target has remapped the I/O so dispatch it */
406                 trace_block_rq_remap(clone->q, clone, disk_devt(dm_disk(md)),
407                                      blk_rq_pos(rq));
408                 ret = dm_dispatch_clone_request(clone, rq);
409                 if (ret == BLK_STS_RESOURCE || ret == BLK_STS_DEV_RESOURCE) {
410                         blk_rq_unprep_clone(clone);
411                         blk_mq_cleanup_rq(clone);
412                         tio->ti->type->release_clone_rq(clone, &tio->info);
413                         tio->clone = NULL;
414                         return DM_MAPIO_REQUEUE;
415                 }
416                 break;
417         case DM_MAPIO_REQUEUE:
418                 /* The target wants to requeue the I/O */
419                 break;
420         case DM_MAPIO_DELAY_REQUEUE:
421                 /* The target wants to requeue the I/O after a delay */
422                 dm_requeue_original_request(tio, true);
423                 break;
424         case DM_MAPIO_KILL:
425                 /* The target wants to complete the I/O */
426                 dm_kill_unmapped_request(rq, BLK_STS_IOERR);
427                 break;
428         default:
429                 DMWARN("unimplemented target map return value: %d", r);
430                 BUG();
431         }
432
433         return r;
434 }
435
436 /* DEPRECATED: previously used for request-based merge heuristic in dm_request_fn() */
437 ssize_t dm_attr_rq_based_seq_io_merge_deadline_show(struct mapped_device *md, char *buf)
438 {
439         return sprintf(buf, "%u\n", 0);
440 }
441
442 ssize_t dm_attr_rq_based_seq_io_merge_deadline_store(struct mapped_device *md,
443                                                      const char *buf, size_t count)
444 {
445         return count;
446 }
447
448 static void dm_start_request(struct mapped_device *md, struct request *orig)
449 {
450         blk_mq_start_request(orig);
451
452         if (unlikely(dm_stats_used(&md->stats))) {
453                 struct dm_rq_target_io *tio = tio_from_request(orig);
454                 tio->duration_jiffies = jiffies;
455                 tio->n_sectors = blk_rq_sectors(orig);
456                 dm_stats_account_io(&md->stats, rq_data_dir(orig),
457                                     blk_rq_pos(orig), tio->n_sectors, false, 0,
458                                     &tio->stats_aux);
459         }
460
461         /*
462          * Hold the md reference here for the in-flight I/O.
463          * We can't rely on the reference count by device opener,
464          * because the device may be closed during the request completion
465          * when all bios are completed.
466          * See the comment in rq_completed() too.
467          */
468         dm_get(md);
469 }
470
471 static int dm_mq_init_request(struct blk_mq_tag_set *set, struct request *rq,
472                               unsigned int hctx_idx, unsigned int numa_node)
473 {
474         struct mapped_device *md = set->driver_data;
475         struct dm_rq_target_io *tio = blk_mq_rq_to_pdu(rq);
476
477         /*
478          * Must initialize md member of tio, otherwise it won't
479          * be available in dm_mq_queue_rq.
480          */
481         tio->md = md;
482
483         if (md->init_tio_pdu) {
484                 /* target-specific per-io data is immediately after the tio */
485                 tio->info.ptr = tio + 1;
486         }
487
488         return 0;
489 }
490
491 static blk_status_t dm_mq_queue_rq(struct blk_mq_hw_ctx *hctx,
492                           const struct blk_mq_queue_data *bd)
493 {
494         struct request *rq = bd->rq;
495         struct dm_rq_target_io *tio = blk_mq_rq_to_pdu(rq);
496         struct mapped_device *md = tio->md;
497         struct dm_target *ti = md->immutable_target;
498
499         if (unlikely(!ti)) {
500                 int srcu_idx;
501                 struct dm_table *map = dm_get_live_table(md, &srcu_idx);
502
503                 ti = dm_table_find_target(map, 0);
504                 dm_put_live_table(md, srcu_idx);
505         }
506
507         if (ti->type->busy && ti->type->busy(ti))
508                 return BLK_STS_RESOURCE;
509
510         dm_start_request(md, rq);
511
512         /* Init tio using md established in .init_request */
513         init_tio(tio, rq, md);
514
515         /*
516          * Establish tio->ti before calling map_request().
517          */
518         tio->ti = ti;
519
520         /* Direct call is fine since .queue_rq allows allocations */
521         if (map_request(tio) == DM_MAPIO_REQUEUE) {
522                 /* Undo dm_start_request() before requeuing */
523                 rq_end_stats(md, rq);
524                 rq_completed(md);
525                 return BLK_STS_RESOURCE;
526         }
527
528         return BLK_STS_OK;
529 }
530
531 static const struct blk_mq_ops dm_mq_ops = {
532         .queue_rq = dm_mq_queue_rq,
533         .complete = dm_softirq_done,
534         .init_request = dm_mq_init_request,
535 };
536
537 int dm_mq_init_request_queue(struct mapped_device *md, struct dm_table *t)
538 {
539         struct request_queue *q;
540         struct dm_target *immutable_tgt;
541         int err;
542
543         md->tag_set = kzalloc_node(sizeof(struct blk_mq_tag_set), GFP_KERNEL, md->numa_node_id);
544         if (!md->tag_set)
545                 return -ENOMEM;
546
547         md->tag_set->ops = &dm_mq_ops;
548         md->tag_set->queue_depth = dm_get_blk_mq_queue_depth();
549         md->tag_set->numa_node = md->numa_node_id;
550         md->tag_set->flags = BLK_MQ_F_SHOULD_MERGE;
551         md->tag_set->nr_hw_queues = dm_get_blk_mq_nr_hw_queues();
552         md->tag_set->driver_data = md;
553
554         md->tag_set->cmd_size = sizeof(struct dm_rq_target_io);
555         immutable_tgt = dm_table_get_immutable_target(t);
556         if (immutable_tgt && immutable_tgt->per_io_data_size) {
557                 /* any target-specific per-io data is immediately after the tio */
558                 md->tag_set->cmd_size += immutable_tgt->per_io_data_size;
559                 md->init_tio_pdu = true;
560         }
561
562         err = blk_mq_alloc_tag_set(md->tag_set);
563         if (err)
564                 goto out_kfree_tag_set;
565
566         q = blk_mq_init_allocated_queue(md->tag_set, md->queue, true);
567         if (IS_ERR(q)) {
568                 err = PTR_ERR(q);
569                 goto out_tag_set;
570         }
571
572         return 0;
573
574 out_tag_set:
575         blk_mq_free_tag_set(md->tag_set);
576 out_kfree_tag_set:
577         kfree(md->tag_set);
578
579         return err;
580 }
581
582 void dm_mq_cleanup_mapped_device(struct mapped_device *md)
583 {
584         if (md->tag_set) {
585                 blk_mq_free_tag_set(md->tag_set);
586                 kfree(md->tag_set);
587         }
588 }
589
590 module_param(reserved_rq_based_ios, uint, S_IRUGO | S_IWUSR);
591 MODULE_PARM_DESC(reserved_rq_based_ios, "Reserved IOs in request-based mempools");
592
593 /* Unused, but preserved for userspace compatibility */
594 static bool use_blk_mq = true;
595 module_param(use_blk_mq, bool, S_IRUGO | S_IWUSR);
596 MODULE_PARM_DESC(use_blk_mq, "Use block multiqueue for request-based DM devices");
597
598 module_param(dm_mq_nr_hw_queues, uint, S_IRUGO | S_IWUSR);
599 MODULE_PARM_DESC(dm_mq_nr_hw_queues, "Number of hardware queues for request-based dm-mq devices");
600
601 module_param(dm_mq_queue_depth, uint, S_IRUGO | S_IWUSR);
602 MODULE_PARM_DESC(dm_mq_queue_depth, "Queue depth for request-based dm-mq devices");