Paul Durrant [Tue, 24 Jul 2018 14:46:22 +0000 (15:46 +0100)]
Back-port rsp_event manipulation changes from master
Rather than updating rsp_event at the end of every poll, the code in
master sets it to req_prod_pvt during submission to attempt to defer events
until the last request has been processed.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Eric Mackay [Mon, 17 Jul 2017 10:31:39 +0000 (11:31 +0100)]
Added a function called from DriverEntry where...
we can safely read registry keys and convert strings at PASSIVE_LEVEL
The MSDN documentation for various registry key access and string
conversion functions requires the caller to be at PASSIVE_LEVEL.
One of the reasons for this is that the string conversion tables used by
functions such as RtlAnsiStringToUnicodeString are stored in paged pool
memory. Both the page fault handler and the process scheduler run at
DISPATCH_LEVEL, therefore you must not touch memory at DISPATCH_LEVEL that
could be paged out. A process running at DISPATCH_LEVEL cannot be
preempted for the page fault handler to run.
To aid Static Driver Verifier code analysis and inform developers, I have
added SAL annotations that indicate PASSIVE_LEVEL is required on certain
registry access functions.
Signed-off-by: Eric Mackay <mackayem@amazon.com>
Re-based onto master and adjusted for style. Note this involved fixing
whitespace issues in frontend.c.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Backported to staging-8.2
Paul Durrant [Mon, 8 May 2017 16:09:02 +0000 (17:09 +0100)]
Reboot request keys should be volatile
When a driver makes a reboot request it should use a volatile registry key.
The monitor service will explicitly remove the key prior to reboot but,
if the reboot is initiated in some other way and the key is non-volatile,
the monitor service will then needlessly prompt for a second reboot.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 20 Feb 2017 14:03:50 +0000 (14:03 +0000)]
Fix race setting SrbStatus
SrbStatus needs to be set to PENDING right at the beginning of the
prepare functions, before the SRB has been added to any queue, otherwise
we risk a race with the completion code.
Reported-by: Andreas Kinzler <ml-ak@posteo.de> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Fri, 17 Feb 2017 15:29:35 +0000 (15:29 +0000)]
Fix race calculating SrbExt->Count
It is possible under heavy loads for the backend to
start completing sub-requests of a Srb before the
SrbExt Count is set. This would leave the count unable
to reach 0 (as 1 or more requests are skipped by count
being overridden)
Owen Smith [Fri, 17 Feb 2017 15:27:03 +0000 (15:27 +0000)]
Ensure event channel is unmasked
If the Pdo is paused, the notifier dpc will not
unmask the event channel. When the Pdo is unpaused, the
event channel remains masked, so no more interrupts
get delivered.
Owen Smith [Fri, 3 Feb 2017 14:03:52 +0000 (14:03 +0000)]
Add registry overrides for features
Add a REG_DWORD to XenVbd's Parameters key, with names based
on the features, as per xenstore value, and set to 0 to
override use of that feature.
For example,
"HKLM\System\CCS\Services\XenVbd\Parameters" "feature-barrier" 0
will prevent the frontend issuing BLKIF_OP_WRITE_BARRIERs
"HKLM\System\CCS\Services\XenVbd\Parameters" "feature-discard" 0
will prevent the frontend issuing BLKIF_OP_DISCARDs
Owen Smith [Fri, 6 Jan 2017 12:02:55 +0000 (12:02 +0000)]
Fix pool leaks exposed by DriverVerifier
* RegistryCloseKey was not called in DriverRequestReboot
* RegistryTeardown was not being called in DriverUnload
* __RegistryFree was not being called in RegistryCreateKey
* Reordered DriverEntry slightly for improved code consistancy
Owen Smith [Mon, 5 Dec 2016 15:58:46 +0000 (15:58 +0000)]
Succeed SRBs that the backend doesnt support
If the backend does not support BLKIF_OP_DISCARD, BLKIF_OP_WRITE_BARRIER,
or BLKIF_OP_FLUSH_DISKCACHE, the first request will be failed and
subsiquent requests will be succeeded instead of being passed to the
backend. Bring the SRB status into line in both of these situations.
Signed-off-by: Owen Smith <owen.smith@citrix.com>
Remove rather scary warning and instead log any features being disabled.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Tue, 22 Nov 2016 15:09:55 +0000 (15:09 +0000)]
Send BLKIF_OP_FLUSH_DISKCACHE
If the backend supports flush, send BLKIF_OP_FLUSH_DISKCACHE in
response to SCSIOP_SYNCHRONIZE_CACHE, and advertise the cache
to Windows. Also tracks count of cache operations. If the backend
does not support flush, but supports barrier, send
BLKIF_OP_WRITE_BARRIER instead, but do not advertise the cache to
Windows, as its assumed the backend will guarantee writes are
flushed if the storage requires flushing.
Paul Durrant [Thu, 6 Oct 2016 13:48:09 +0000 (14:48 +0100)]
Make use of the 'physical-sector-size' reported by the backend
blkif backends can report a 'physical-sector-size' as will as
'sector-size'. XENVBD currently reads this xenstore key but does
nothing with the value. This patch makes use of the value to set the
LogicalPerPhysicalExponent field in the READ_CAPACITY16_DATA structure
which is populated in response to a SCSIOP_READ_CAPACITY16 CDB.
The patch also modifies XENDISK to discover the logical block size by
sending a SCSIOP_READ_CAPACITY16 rather than relying on an IOCTL to
query StorageAccessAlignmentProperty being sent down the stack and
succeeded by STORPORT (which does not seem to be the case for Windows 10).
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Mon, 3 Oct 2016 07:31:44 +0000 (08:31 +0100)]
Don't include null terminator in synthesized VendorId identifier
The VendorId identifier on SCSI page 83 is 16 bytes long (+header).
When synthesizing the inquiry data, either by global flag, or missing
xenstore data (sm-data/scsi/0x12/0x83), the NULL terminator on the
VendorId should not be included in the field. When this happens, any
query will decode 3 identifiers (VendorId, EUI64, VendorSpecific) instead
of the intended 2 (VendorId, VendorSpecific). This breaks the XenServer
VSS provider that uses the VendorSpecific identifier to retrieve the
vdi-uuid. This is only an issue when the inquiry data is synthesized and
additional identifiers are required, which is not a common use case.
Paul Durrant [Tue, 9 Aug 2016 14:19:29 +0000 (15:19 +0100)]
Use new monitor request key
The monitor service now uses a request key in registry under HKLM/SOFTWARE.
This patch modifies __DriverRequestReboot() to use the new key, which is
now set as a parameter by the INF file.
This patch also takes this opportunity to update the registry source module
to being it up to date with the XENBUS source base, and make wider use of it.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 2 Aug 2016 09:56:23 +0000 (10:56 +0100)]
Don't send a NUL terminator to QEMU's debug port
Logging a NUL terminator via QEMU's debug port seems to upset upstream
QEMU. It's also unnecessary anyway as QEMU will break log lines at a
newline character.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
It appears that this code is called when determining if Windows
can remove a PV disk. Without it Windows will not know the
disk is removable and will refuse to allow it to be removed
Ben Chalmers [Mon, 11 Jul 2016 13:29:04 +0000 (14:29 +0100)]
Only break FrontendBackend thread loop when alerted
Returns a missed '!' character without which the FrontendBackend
thread exits immediately - rather than when we Alert the thread
that we wish it to exit
Owen Smith [Fri, 22 Apr 2016 10:29:31 +0000 (11:29 +0100)]
Remove logging from failed Pdo Pnp IRPs
Logging fail codes for unhandled Pnp IRPs is unneccesary and adds
significant noise with multiple VBDs. Its unlikely the return value
from storport is going to add significant insight to diagnose
problems.
Owen Smith [Tue, 19 Apr 2016 15:50:08 +0000 (16:50 +0100)]
Create a seperate thread per VBD to handle backend change watches
Using a single thread for all backend watch events pust unneccesary
strain on xenstore when multiple vbds are in use, as each change
causes XenVbd to check several values in all backend areas.
Paul Durrant [Mon, 29 Feb 2016 10:20:50 +0000 (10:20 +0000)]
Override PartMgr SanPolicy
This patch makes sure that PartMgr's SanPolicy is 1 after XENVBD
installation, which means that newly plugged VBDs will come online as most
admins will expect.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Dave Buches [Fri, 22 Jan 2016 04:30:03 +0000 (20:30 -0800)]
Fixed improper SCSI UNMAP request implementation
The XenDisk disk class filter driver was generating requests
that did not adhere to the t10 SBC-3 SCSI specification for UNMAP
operations. Specifically, the data length and block descriptor data
length fields were not populated properly per the spec.
Although the XenVBD miniport driver handled these malformed
requests correctly, it failed to handle *properly* formed requests,
which would result in unpredictable behavior.
Additionally, the XenDisk filter wasn't properly responding to
StorageDeviceTrimProperty queries per the MSDN spec. Specifically,
the DEVICE_TRIM_DESCRIPTOR::Version structure member needs to be set
to sizeof(DEVICE_TRIM_DESCRIPTOR).
Paul Durrant [Thu, 10 Dec 2015 11:39:37 +0000 (11:39 +0000)]
Don't use C runtime version of toupper()
It seems that, despite its trivial functionality, the runtime implementation
insists on converting to Unicode! This means the function is actually only
safe at PASSIVE_LEVEL.
This patch implements __toupper() as a replacement with no such hidden
nastiness and modifies callers to use that.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Wed, 2 Dec 2015 15:16:49 +0000 (15:16 +0000)]
Remove BlockRing.Outstanding / BlockRingAbort
The BlockRing Outstanding stat is duplicated by SubmittedReqs.Count.
Remove BlockRing.Outstanding and the BlockRingAbort function as the
stat is not useful, and can trigger ASSERTion failures when requests
are stuck outstanding on a broken ring that is being destroyed.
Paul Durrant [Tue, 24 Nov 2015 17:47:59 +0000 (17:47 +0000)]
Publish distribution information and hotplug capability to xenstore
My recent patch series to Xen added a documented path and format for
publishing information about PV driver distributions and hotplug
capability to xenstore.
This patch adds code to populate the documented paths (should they exist)
with information about the XENVBD driver package and the driver's ability
to handle hotplug events.
Suggested-by: Owen Smith <owen.smith@citrix.com> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Owen Smith [Thu, 22 Oct 2015 13:13:48 +0000 (14:13 +0100)]
Kick notifier DPC directly.
EVTCHN(Trigger, ...) was changed with the FiFo event channel
implementation, which led to a performance regression. Kicking
the notifier does not require triggering the local end of the
event channel, so shortcut this process by queueing the notifier
DPC directly.
Paul Durrant [Thu, 22 Oct 2015 14:55:20 +0000 (15:55 +0100)]
Add a registry override to veto driver installations
There are certain cases where a local installer package may wish to
prevent Windows Update installations of drivers. This can be achieved by
having the co-installer check for a registry value and fail it's pre-install
phase if the value is present.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 8 Sep 2015 16:36:00 +0000 (17:36 +0100)]
Parameterize vendor prefix and PCI device id
The XenServer PV vendor prefix ('XS') and PCI device (C000) are still
hard-coded into the XENVBD package. These need to be stripped out and
replaced by values that can be customized at build time. This patch does
that.
The patch also reverts to building version.h and customizing xenvbd.inf
directly in build.py.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 3 Sep 2015 16:36:43 +0000 (17:36 +0100)]
Clear unplug requests from co-installer
When XENVBD is uninstalled there is no suitable notification in kernel
which can be used to clear any remaining unplug requests. This leads to
a certain 0x7B bugcheck on reboot. This patch therefore does the job
from the co-installer since this seems to be the only way.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Thu, 3 Sep 2015 16:22:35 +0000 (17:22 +0100)]
Simplify unplug request
Since the PDO driver in XENVBD's case is in-box, we don't need to defer
requesting emulated device unplug to when PDOs are started, we can do it
when the FDO is started.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Tue, 11 Aug 2015 08:09:01 +0000 (09:09 +0100)]
Reduce the number of registered watches per target
XENVBD registers watches for changes in various per-VBD backend quantities,
e.g. state. All these watches, however, trigger one common event and so it
is wasteful of the guest's watch quota. Instead register a single watch on
the backend key, which will fire if any key below it is modified. This may
cause the event to be set slightly more often, but saves 3 watches per
target.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Fri, 7 Aug 2015 16:03:16 +0000 (17:03 +0100)]
Set per-disk queue depth
Windows apparently defaults to a queue depth of 20, which is a bit on the
small side. This patch sets the value to the maximum possible, which is
apparently 254 instead of the documented 255.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Wed, 22 Jul 2015 15:44:49 +0000 (16:44 +0100)]
Add missing unplug request
If a new target is enumerated during a device relations query then no
request is made for unplug, or reboot. This patch adds the necessary code
to rectify this issue.
Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Paul Durrant [Mon, 15 Jun 2015 11:10:45 +0000 (12:10 +0100)]
Fix device relations in xendisk filter
Incorrect handling breaks device removal. The crucial point is that a
PDO in the case of a filter should always disappear when an
IRP_MN_REMOVE_DEVICE comes down the stack. It does not need to stick around
in some cases, like a true PDO.
Signed-off-by: Ghiya, Murtaza <murtazg@amazon.com> Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
projects / pvdrivers / win / xenvbd.git / log