bhyve ahci: Improve robustness of TRIM handling
The previous fix for a stack buffer leak in the ahci device model
actually broke the handling of TRIM as one of the checks it added
caused TRIM commands to never be completed. This resulted in command
timeouts if a guest OS did a 'newfs -E' of an AHCI disk, for example.
Also, for the invalid case the previous check was handling, the device
model should be failing with an error rather than claiming success.
To resolve this, validate the length of a TRIM request and fail with
an error if it exceeds the maximum number of supported blocks
advertised via IDENTIFY. In addition, if the PRDT does not provide
enough data, fail the command with an error rather than performing a
partial completion.
This is somewhat complicated by the implementation of TRIM in the ahci
device model. A single TRIM request can specify multiple LBA ranges.
The device model handles this by dispatching blockif_delete() requests
one at a time. When a blockif_delete() request completes, the device
model locates the TRIM buffer and searches for the next LBA range to
handle. Previously, the device model would re-read the trim buffer
from guest memory each time. However, this was subject to some
unpleasant races if the guest changed the PRDT entries or CFIS while a
command was in flight. Instead, read the buffer of trim ranges once
and cache it across multipe internal blockif requests.
Reviewed by: mav
Fixes: 71fa171c6480 bhyve: Initialize stack buffer in pci_ahci
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47224
(cherry picked from commit 8c8ebbb045185396083cd3e4d333fe1851930ee7)
(cherry picked from commit 3981cf108773d6b29c8e100bc3b4a105eae681ec)