mps_sas.c revision ae423e2b0bd32708332466f6b17b3489acb98410
1/*-
2 * Copyright (c) 2009 Yahoo! Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in the
12 *    documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27#include <sys/cdefs.h>
28__FBSDID("$FreeBSD$");
29
30/* Communications core for LSI MPT2 */
31
32#include <sys/types.h>
33#include <sys/param.h>
34#include <sys/systm.h>
35#include <sys/kernel.h>
36#include <sys/selinfo.h>
37#include <sys/module.h>
38#include <sys/bus.h>
39#include <sys/conf.h>
40#include <sys/bio.h>
41#include <sys/malloc.h>
42#include <sys/uio.h>
43#include <sys/sysctl.h>
44#include <sys/sglist.h>
45#include <sys/endian.h>
46
47#include <machine/bus.h>
48#include <machine/resource.h>
49#include <sys/rman.h>
50
51#include <cam/cam.h>
52#include <cam/cam_ccb.h>
53#include <cam/cam_debug.h>
54#include <cam/cam_sim.h>
55#include <cam/cam_xpt_sim.h>
56#include <cam/cam_xpt_periph.h>
57#include <cam/cam_periph.h>
58#include <cam/scsi/scsi_all.h>
59#include <cam/scsi/scsi_message.h>
60#if __FreeBSD_version >= 900026
61#include <cam/scsi/smp_all.h>
62#endif
63
64#include <dev/mps/mpi/mpi2_type.h>
65#include <dev/mps/mpi/mpi2.h>
66#include <dev/mps/mpi/mpi2_ioc.h>
67#include <dev/mps/mpi/mpi2_sas.h>
68#include <dev/mps/mpi/mpi2_cnfg.h>
69#include <dev/mps/mpi/mpi2_init.h>
70#include <dev/mps/mpsvar.h>
71#include <dev/mps/mps_table.h>
72
73struct mpssas_target {
74	uint16_t	handle;
75	uint8_t		linkrate;
76	uint64_t	devname;
77	uint64_t	sasaddr;
78	uint32_t	devinfo;
79	uint16_t	encl_handle;
80	uint16_t	encl_slot;
81	uint16_t	parent_handle;
82	int		flags;
83#define MPSSAS_TARGET_INABORT	(1 << 0)
84#define MPSSAS_TARGET_INRESET	(1 << 1)
85#define MPSSAS_TARGET_INCHIPRESET (1 << 2)
86#define MPSSAS_TARGET_INRECOVERY 0x7
87	uint16_t	tid;
88};
89
90struct mpssas_softc {
91	struct mps_softc	*sc;
92	u_int			flags;
93#define MPSSAS_IN_DISCOVERY	(1 << 0)
94#define MPSSAS_IN_STARTUP	(1 << 1)
95#define MPSSAS_DISCOVERY_TIMEOUT_PENDING	(1 << 2)
96#define MPSSAS_QUEUE_FROZEN	(1 << 3)
97	struct mpssas_target	*targets;
98	struct cam_devq		*devq;
99	struct cam_sim		*sim;
100	struct cam_path		*path;
101	struct intr_config_hook	sas_ich;
102	struct callout		discovery_callout;
103	u_int			discovery_timeouts;
104	struct mps_event_handle	*mpssas_eh;
105};
106
107struct mpssas_devprobe {
108	struct mps_config_params	params;
109	u_int			state;
110#define MPSSAS_PROBE_DEV1	0x01
111#define MPSSAS_PROBE_DEV2	0x02
112#define MPSSAS_PROBE_PHY	0x03
113#define MPSSAS_PROBE_EXP	0x04
114#define MPSSAS_PROBE_PHY2	0x05
115#define MPSSAS_PROBE_EXP2	0x06
116	struct mpssas_target	target;
117};
118
119#define MPSSAS_DISCOVERY_TIMEOUT	20
120#define MPSSAS_MAX_DISCOVERY_TIMEOUTS	10 /* 200 seconds */
121
122MALLOC_DEFINE(M_MPSSAS, "MPSSAS", "MPS SAS memory");
123
124static __inline int mpssas_set_lun(uint8_t *lun, u_int ccblun);
125static struct mpssas_target * mpssas_alloc_target(struct mpssas_softc *,
126    struct mpssas_target *);
127static struct mpssas_target * mpssas_find_target(struct mpssas_softc *, int,
128     uint16_t);
129static void mpssas_announce_device(struct mpssas_softc *,
130     struct mpssas_target *);
131static void mpssas_startup(void *data);
132static void mpssas_discovery_end(struct mpssas_softc *sassc);
133static void mpssas_discovery_timeout(void *data);
134static void mpssas_prepare_remove(struct mpssas_softc *,
135    MPI2_EVENT_SAS_TOPO_PHY_ENTRY *);
136static void mpssas_remove_device(struct mps_softc *, struct mps_command *);
137static void mpssas_remove_complete(struct mps_softc *, struct mps_command *);
138static void mpssas_action(struct cam_sim *sim, union ccb *ccb);
139static void mpssas_poll(struct cam_sim *sim);
140static void mpssas_probe_device(struct mps_softc *sc, uint16_t handle);
141static void mpssas_probe_device_complete(struct mps_softc *sc,
142     struct mps_config_params *params);
143static void mpssas_scsiio_timeout(void *data);
144static void mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm);
145static void mpssas_recovery(struct mps_softc *, struct mps_command *);
146static int mpssas_map_tm_request(struct mps_softc *sc, struct mps_command *cm);
147static void mpssas_issue_tm_request(struct mps_softc *sc,
148				    struct mps_command *cm);
149static void mpssas_tm_complete(struct mps_softc *sc, struct mps_command *cm,
150			       int error);
151static int mpssas_complete_tm_request(struct mps_softc *sc,
152				      struct mps_command *cm, int free_cm);
153static void mpssas_action_scsiio(struct mpssas_softc *, union ccb *);
154static void mpssas_scsiio_complete(struct mps_softc *, struct mps_command *);
155#if __FreeBSD_version >= 900026
156static void mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm);
157static void mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb,
158			       uint64_t sasaddr);
159static void mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb);
160#endif /* __FreeBSD_version >= 900026 */
161static void mpssas_resetdev(struct mpssas_softc *, struct mps_command *);
162static void mpssas_action_resetdev(struct mpssas_softc *, union ccb *);
163static void mpssas_resetdev_complete(struct mps_softc *, struct mps_command *);
164static void mpssas_freeze_device(struct mpssas_softc *, struct mpssas_target *);
165static void mpssas_unfreeze_device(struct mpssas_softc *, struct mpssas_target *) __unused;
166
167/*
168 * Abstracted so that the driver can be backwards and forwards compatible
169 * with future versions of CAM that will provide this functionality.
170 */
171#define MPS_SET_LUN(lun, ccblun)	\
172	mpssas_set_lun(lun, ccblun)
173
174static __inline int
175mpssas_set_lun(uint8_t *lun, u_int ccblun)
176{
177	uint64_t *newlun;
178
179	newlun = (uint64_t *)lun;
180	*newlun = 0;
181	if (ccblun <= 0xff) {
182		/* Peripheral device address method, LUN is 0 to 255 */
183		lun[1] = ccblun;
184	} else if (ccblun <= 0x3fff) {
185		/* Flat space address method, LUN is <= 16383 */
186		scsi_ulto2b(ccblun, lun);
187		lun[0] |= 0x40;
188	} else if (ccblun <= 0xffffff) {
189		/* Extended flat space address method, LUN is <= 16777215 */
190		scsi_ulto3b(ccblun, &lun[1]);
191		/* Extended Flat space address method */
192		lun[0] = 0xc0;
193		/* Length = 1, i.e. LUN is 3 bytes long */
194		lun[0] |= 0x10;
195		/* Extended Address Method */
196		lun[0] |= 0x02;
197	} else {
198		return (EINVAL);
199	}
200
201	return (0);
202}
203
204static struct mpssas_target *
205mpssas_alloc_target(struct mpssas_softc *sassc, struct mpssas_target *probe)
206{
207	struct mpssas_target *target;
208	int start;
209
210	mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
211
212	/*
213	 * If it's not a sata or sas target, CAM won't be able to see it.  Put
214	 * it into a high-numbered slot so that it's accessible but not
215	 * interrupting the target numbering sequence of real drives.
216	 */
217	if ((probe->devinfo & (MPI2_SAS_DEVICE_INFO_SSP_TARGET |
218	    MPI2_SAS_DEVICE_INFO_STP_TARGET | MPI2_SAS_DEVICE_INFO_SATA_DEVICE))
219	    == 0) {
220		start = 200;
221	} else {
222		/*
223		 * Use the enclosure number and slot number as a hint for target
224		 * numbering.  If that doesn't produce a sane result, search the
225		 * entire space.
226		 */
227#if 0
228		start = probe->encl_handle * 16 + probe->encl_slot;
229#else
230		start = probe->encl_slot;
231#endif
232		if (start >= sassc->sc->facts->MaxTargets)
233			start = 0;
234	}
235
236	target = mpssas_find_target(sassc, start, 0);
237
238	/*
239	 * Nothing found on the first pass, try a second pass that searches the
240	 * entire space.
241	 */
242	if (target == NULL)
243		target = mpssas_find_target(sassc, 0, 0);
244
245	return (target);
246}
247
248static struct mpssas_target *
249mpssas_find_target(struct mpssas_softc *sassc, int start, uint16_t handle)
250{
251	struct mpssas_target *target;
252	int i;
253
254	for (i = start; i < sassc->sc->facts->MaxTargets; i++) {
255		target = &sassc->targets[i];
256		if (target->handle == handle)
257			return (target);
258	}
259
260	return (NULL);
261}
262
263/*
264 * Start the probe sequence for a given device handle.  This will not
265 * block.
266 */
267static void
268mpssas_probe_device(struct mps_softc *sc, uint16_t handle)
269{
270	struct mpssas_devprobe *probe;
271	struct mps_config_params *params;
272	MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr;
273	int error;
274
275	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
276
277	probe = malloc(sizeof(*probe), M_MPSSAS, M_NOWAIT | M_ZERO);
278	if (probe == NULL) {
279		mps_dprint(sc, MPS_FAULT, "Out of memory starting probe\n");
280		return;
281	}
282	params = &probe->params;
283	hdr = &params->hdr.Ext;
284
285	params->action = MPI2_CONFIG_ACTION_PAGE_HEADER;
286	params->page_address = MPI2_SAS_DEVICE_PGAD_FORM_HANDLE | handle;
287	hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_DEVICE;
288	hdr->ExtPageLength = 0;
289	hdr->PageNumber = 0;
290	hdr->PageVersion = 0;
291	params->buffer = NULL;
292	params->length = 0;
293	params->callback = mpssas_probe_device_complete;
294	params->cbdata = probe;
295	probe->target.handle = handle;
296	probe->state = MPSSAS_PROBE_DEV1;
297
298	if ((error = mps_read_config_page(sc, params)) != 0) {
299		free(probe, M_MPSSAS);
300		mps_dprint(sc, MPS_FAULT, "Failure starting device probe\n");
301		return;
302	}
303}
304
305static void
306mpssas_probe_device_complete(struct mps_softc *sc,
307    struct mps_config_params *params)
308{
309	MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr;
310	struct mpssas_devprobe *probe;
311	int error;
312
313	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
314
315	hdr = &params->hdr.Ext;
316	probe = params->cbdata;
317
318	switch (probe->state) {
319	case MPSSAS_PROBE_DEV1:
320	case MPSSAS_PROBE_PHY:
321	case MPSSAS_PROBE_EXP:
322		if (params->status != MPI2_IOCSTATUS_SUCCESS) {
323			mps_dprint(sc, MPS_FAULT,
324			    "Probe Failure 0x%x state %d\n", params->status,
325			    probe->state);
326			free(probe, M_MPSSAS);
327			return;
328		}
329		params->action = MPI2_CONFIG_ACTION_PAGE_READ_CURRENT;
330		params->length = hdr->ExtPageLength * 4;
331		params->buffer = malloc(params->length, M_MPSSAS,
332		    M_ZERO|M_NOWAIT);
333		if (params->buffer == NULL) {
334			mps_dprint(sc, MPS_FAULT, "Out of memory at state "
335			   "0x%x, size 0x%x\n", probe->state, params->length);
336			free(probe, M_MPSSAS);
337			return;
338		}
339		if (probe->state == MPSSAS_PROBE_DEV1)
340			probe->state = MPSSAS_PROBE_DEV2;
341		else if (probe->state == MPSSAS_PROBE_PHY)
342			probe->state = MPSSAS_PROBE_PHY2;
343		else if (probe->state == MPSSAS_PROBE_EXP)
344			probe->state = MPSSAS_PROBE_EXP2;
345		error = mps_read_config_page(sc, params);
346		break;
347	case MPSSAS_PROBE_DEV2:
348	{
349		MPI2_CONFIG_PAGE_SAS_DEV_0 *buf;
350
351		if (params->status != MPI2_IOCSTATUS_SUCCESS) {
352			mps_dprint(sc, MPS_FAULT,
353			    "Probe Failure 0x%x state %d\n", params->status,
354			    probe->state);
355			free(params->buffer, M_MPSSAS);
356			free(probe, M_MPSSAS);
357			return;
358		}
359		buf = params->buffer;
360		mps_print_sasdev0(sc, buf);
361
362		probe->target.devname = mps_to_u64(&buf->DeviceName);
363		probe->target.devinfo = buf->DeviceInfo;
364		probe->target.encl_handle = buf->EnclosureHandle;
365		probe->target.encl_slot = buf->Slot;
366		probe->target.sasaddr = mps_to_u64(&buf->SASAddress);
367		probe->target.parent_handle = buf->ParentDevHandle;
368
369		if (buf->DeviceInfo & MPI2_SAS_DEVICE_INFO_DIRECT_ATTACH) {
370			params->page_address =
371			    MPI2_SAS_PHY_PGAD_FORM_PHY_NUMBER | buf->PhyNum;
372			hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_PHY;
373			hdr->PageNumber = 0;
374			probe->state = MPSSAS_PROBE_PHY;
375		} else {
376			params->page_address =
377			    MPI2_SAS_EXPAND_PGAD_FORM_HNDL_PHY_NUM |
378			    buf->ParentDevHandle | (buf->PhyNum << 16);
379			hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_EXPANDER;
380			hdr->PageNumber = 1;
381			probe->state = MPSSAS_PROBE_EXP;
382		}
383		params->action = MPI2_CONFIG_ACTION_PAGE_HEADER;
384		hdr->ExtPageLength = 0;
385		hdr->PageVersion = 0;
386		params->buffer = NULL;
387		params->length = 0;
388		free(buf, M_MPSSAS);
389		error = mps_read_config_page(sc, params);
390		break;
391	}
392	case MPSSAS_PROBE_PHY2:
393	case MPSSAS_PROBE_EXP2:
394	{
395		MPI2_CONFIG_PAGE_SAS_PHY_0 *phy;
396		MPI2_CONFIG_PAGE_EXPANDER_1 *exp;
397		struct mpssas_softc *sassc;
398		struct mpssas_target *targ;
399		char devstring[80];
400		uint16_t handle;
401
402		if (params->status != MPI2_IOCSTATUS_SUCCESS) {
403			mps_dprint(sc, MPS_FAULT,
404			    "Probe Failure 0x%x state %d\n", params->status,
405			    probe->state);
406			free(params->buffer, M_MPSSAS);
407			free(probe, M_MPSSAS);
408			return;
409		}
410
411		if (probe->state == MPSSAS_PROBE_PHY2) {
412			phy = params->buffer;
413			mps_print_sasphy0(sc, phy);
414			probe->target.linkrate = phy->NegotiatedLinkRate & 0xf;
415		} else {
416			exp = params->buffer;
417			mps_print_expander1(sc, exp);
418			probe->target.linkrate = exp->NegotiatedLinkRate & 0xf;
419		}
420		free(params->buffer, M_MPSSAS);
421
422		sassc = sc->sassc;
423		handle = probe->target.handle;
424		if ((targ = mpssas_find_target(sassc, 0, handle)) != NULL) {
425			mps_printf(sc, "Ignoring dup device handle 0x%04x\n",
426			    handle);
427			free(probe, M_MPSSAS);
428			return;
429		}
430		if ((targ = mpssas_alloc_target(sassc, &probe->target)) == NULL) {
431			mps_printf(sc, "Target table overflow, handle 0x%04x\n",
432			    handle);
433			free(probe, M_MPSSAS);
434			return;
435		}
436
437		*targ = probe->target;	/* Copy the attributes */
438		targ->tid = targ - sassc->targets;
439		mps_describe_devinfo(targ->devinfo, devstring, 80);
440		if (bootverbose)
441			mps_printf(sc, "Found device <%s> <%s> <0x%04x> "
442			    "<%d/%d>\n", devstring,
443			    mps_describe_table(mps_linkrate_names,
444			    targ->linkrate), targ->handle, targ->encl_handle,
445			    targ->encl_slot);
446
447		free(probe, M_MPSSAS);
448		mpssas_announce_device(sassc, targ);
449		break;
450	}
451	default:
452		printf("what?\n");
453	}
454}
455
456/*
457 * The MPT2 firmware performs debounce on the link to avoid transient link errors
458 * and false removals.  When it does decide that link has been lost and a device
459 * need to go away, it expects that the host will perform a target reset and then
460 * an op remove.  The reset has the side-effect of aborting any outstanding
461 * requests for the device, which is required for the op-remove to succeed.  It's
462 * not clear if the host should check for the device coming back alive after the
463 * reset.
464 */
465static void
466mpssas_prepare_remove(struct mpssas_softc *sassc, MPI2_EVENT_SAS_TOPO_PHY_ENTRY *phy)
467{
468	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
469	struct mps_softc *sc;
470	struct mps_command *cm;
471	struct mpssas_target *targ = NULL;
472	uint16_t handle;
473
474	mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
475
476	handle = phy->AttachedDevHandle;
477	targ = mpssas_find_target(sassc, 0, handle);
478	if (targ == NULL)
479		/* We don't know about this device? */
480		return;
481
482	sc = sassc->sc;
483	cm = mps_alloc_command(sc);
484	if (cm == NULL) {
485		mps_printf(sc, "comand alloc failure in mpssas_prepare_remove\n");
486		return;
487	}
488
489	mps_dprint(sc, MPS_INFO, "Preparing to remove target %d\n", targ->tid);
490
491	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
492	memset(req, 0, sizeof(*req));
493	req->DevHandle = targ->handle;
494	req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
495	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
496
497	/* SAS Hard Link Reset / SATA Link Reset */
498	req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
499
500	cm->cm_data = NULL;
501	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
502	cm->cm_complete = mpssas_remove_device;
503	cm->cm_targ = targ;
504	mpssas_issue_tm_request(sc, cm);
505}
506
507static void
508mpssas_remove_device(struct mps_softc *sc, struct mps_command *cm)
509{
510	MPI2_SCSI_TASK_MANAGE_REPLY *reply;
511	MPI2_SAS_IOUNIT_CONTROL_REQUEST *req;
512	struct mpssas_target *targ;
513	struct mps_command *next_cm;
514	uint16_t handle;
515
516	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
517
518	reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
519	handle = cm->cm_targ->handle;
520
521	mpssas_complete_tm_request(sc, cm, /*free_cm*/ 0);
522
523	/*
524	 * Currently there should be no way we can hit this case.  It only
525	 * happens when we have a failure to allocate chain frames, and
526	 * task management commands don't have S/G lists.
527	 */
528	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
529		mps_printf(sc, "%s: cm_flags = %#x for remove of handle %#04x! "
530			   "This should not happen!\n", __func__, cm->cm_flags,
531			   handle);
532		return;
533	}
534
535	if (reply->IOCStatus != MPI2_IOCSTATUS_SUCCESS) {
536		mps_printf(sc, "Failure 0x%x reseting device 0x%04x\n",
537		   reply->IOCStatus, handle);
538		mps_free_command(sc, cm);
539		return;
540	}
541
542	mps_dprint(sc, MPS_INFO, "Reset aborted %u commands\n",
543	    reply->TerminationCount);
544	mps_free_reply(sc, cm->cm_reply_data);
545
546	/* Reuse the existing command */
547	req = (MPI2_SAS_IOUNIT_CONTROL_REQUEST *)cm->cm_req;
548	memset(req, 0, sizeof(*req));
549	req->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
550	req->Operation = MPI2_SAS_OP_REMOVE_DEVICE;
551	req->DevHandle = handle;
552	cm->cm_data = NULL;
553	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
554	cm->cm_flags &= ~MPS_CM_FLAGS_COMPLETE;
555	cm->cm_complete = mpssas_remove_complete;
556
557	mps_map_command(sc, cm);
558
559	mps_dprint(sc, MPS_INFO, "clearing target handle 0x%04x\n", handle);
560	TAILQ_FOREACH_SAFE(cm, &sc->io_list, cm_link, next_cm) {
561		union ccb *ccb;
562
563		if (cm->cm_targ->handle != handle)
564			continue;
565
566		mps_dprint(sc, MPS_INFO, "Completing missed command %p\n", cm);
567		ccb = cm->cm_complete_data;
568		ccb->ccb_h.status = CAM_DEV_NOT_THERE;
569		mpssas_scsiio_complete(sc, cm);
570	}
571	targ = mpssas_find_target(sc->sassc, 0, handle);
572	if (targ != NULL) {
573		targ->handle = 0x0;
574		mpssas_announce_device(sc->sassc, targ);
575	}
576}
577
578static void
579mpssas_remove_complete(struct mps_softc *sc, struct mps_command *cm)
580{
581	MPI2_SAS_IOUNIT_CONTROL_REPLY *reply;
582
583	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
584
585	reply = (MPI2_SAS_IOUNIT_CONTROL_REPLY *)cm->cm_reply;
586
587	mps_printf(sc, "mpssas_remove_complete on target 0x%04x,"
588	   " IOCStatus= 0x%x\n", cm->cm_targ->tid, reply->IOCStatus);
589
590	mps_free_command(sc, cm);
591}
592
593static void
594mpssas_evt_handler(struct mps_softc *sc, uintptr_t data,
595    MPI2_EVENT_NOTIFICATION_REPLY *event)
596{
597	struct mpssas_softc *sassc;
598
599	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
600
601	sassc = sc->sassc;
602	mps_print_evt_sas(sc, event);
603
604	switch (event->Event) {
605	case MPI2_EVENT_SAS_DISCOVERY:
606	{
607		MPI2_EVENT_DATA_SAS_DISCOVERY *data;
608
609		data = (MPI2_EVENT_DATA_SAS_DISCOVERY *)&event->EventData;
610
611		if (data->ReasonCode & MPI2_EVENT_SAS_DISC_RC_STARTED)
612			mps_dprint(sc, MPS_TRACE,"SAS discovery start event\n");
613		if (data->ReasonCode & MPI2_EVENT_SAS_DISC_RC_COMPLETED) {
614			mps_dprint(sc, MPS_TRACE, "SAS discovery end event\n");
615			sassc->flags &= ~MPSSAS_IN_DISCOVERY;
616			mpssas_discovery_end(sassc);
617		}
618		break;
619	}
620	case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST:
621	{
622		MPI2_EVENT_DATA_SAS_TOPOLOGY_CHANGE_LIST *data;
623		MPI2_EVENT_SAS_TOPO_PHY_ENTRY *phy;
624		int i;
625
626		data = (MPI2_EVENT_DATA_SAS_TOPOLOGY_CHANGE_LIST *)
627		    &event->EventData;
628
629		if (data->ExpStatus == MPI2_EVENT_SAS_TOPO_ES_ADDED) {
630			if (bootverbose)
631				printf("Expander found at enclosure %d\n",
632				    data->EnclosureHandle);
633			mpssas_probe_device(sc, data->ExpanderDevHandle);
634		}
635
636		for (i = 0; i < data->NumEntries; i++) {
637			phy = &data->PHY[i];
638			switch (phy->PhyStatus & MPI2_EVENT_SAS_TOPO_RC_MASK) {
639			case MPI2_EVENT_SAS_TOPO_RC_TARG_ADDED:
640				mpssas_probe_device(sc, phy->AttachedDevHandle);
641				break;
642			case MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING:
643				mpssas_prepare_remove(sassc, phy);
644				break;
645			case MPI2_EVENT_SAS_TOPO_RC_PHY_CHANGED:
646			case MPI2_EVENT_SAS_TOPO_RC_NO_CHANGE:
647			case MPI2_EVENT_SAS_TOPO_RC_DELAY_NOT_RESPONDING:
648			default:
649				break;
650			}
651		}
652
653		break;
654	}
655	case MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE:
656		break;
657	default:
658		break;
659	}
660
661	mps_free_reply(sc, data);
662}
663
664static int
665mpssas_register_events(struct mps_softc *sc)
666{
667	uint8_t events[16];
668
669	bzero(events, 16);
670	setbit(events, MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE);
671	setbit(events, MPI2_EVENT_SAS_DISCOVERY);
672	setbit(events, MPI2_EVENT_SAS_BROADCAST_PRIMITIVE);
673	setbit(events, MPI2_EVENT_SAS_INIT_DEVICE_STATUS_CHANGE);
674	setbit(events, MPI2_EVENT_SAS_INIT_TABLE_OVERFLOW);
675	setbit(events, MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST);
676	setbit(events, MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE);
677
678	mps_register_events(sc, events, mpssas_evt_handler, NULL,
679	    &sc->sassc->mpssas_eh);
680
681	return (0);
682}
683
684int
685mps_attach_sas(struct mps_softc *sc)
686{
687	struct mpssas_softc *sassc;
688	int error = 0;
689	int num_sim_reqs;
690
691	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
692
693	sassc = malloc(sizeof(struct mpssas_softc), M_MPT2, M_WAITOK|M_ZERO);
694	sassc->targets = malloc(sizeof(struct mpssas_target) *
695	    sc->facts->MaxTargets, M_MPT2, M_WAITOK|M_ZERO);
696	sc->sassc = sassc;
697	sassc->sc = sc;
698
699	/*
700	 * Tell CAM that we can handle 5 fewer requests than we have
701	 * allocated.  If we allow the full number of requests, all I/O
702	 * will halt when we run out of resources.  Things work fine with
703	 * just 1 less request slot given to CAM than we have allocated.
704	 * We also need a couple of extra commands so that we can send down
705	 * abort, reset, etc. requests when commands time out.  Otherwise
706	 * we could wind up in a situation with sc->num_reqs requests down
707	 * on the card and no way to send an abort.
708	 *
709	 * XXX KDM need to figure out why I/O locks up if all commands are
710	 * used.
711	 */
712	num_sim_reqs = sc->num_reqs - 5;
713
714	if ((sassc->devq = cam_simq_alloc(num_sim_reqs)) == NULL) {
715		mps_dprint(sc, MPS_FAULT, "Cannot allocate SIMQ\n");
716		error = ENOMEM;
717		goto out;
718	}
719
720	sassc->sim = cam_sim_alloc(mpssas_action, mpssas_poll, "mps", sassc,
721	    device_get_unit(sc->mps_dev), &sc->mps_mtx, num_sim_reqs,
722	    num_sim_reqs, sassc->devq);
723	if (sassc->sim == NULL) {
724		mps_dprint(sc, MPS_FAULT, "Cannot allocate SIM\n");
725		error = EINVAL;
726		goto out;
727	}
728
729	/*
730	 * XXX There should be a bus for every port on the adapter, but since
731	 * we're just going to fake the topology for now, we'll pretend that
732	 * everything is just a target on a single bus.
733	 */
734	mps_lock(sc);
735	if ((error = xpt_bus_register(sassc->sim, sc->mps_dev, 0)) != 0) {
736		mps_dprint(sc, MPS_FAULT, "Error %d registering SCSI bus\n",
737		    error);
738		mps_unlock(sc);
739		goto out;
740	}
741
742	/*
743	 * Assume that discovery events will start right away.  Freezing
744	 * the simq will prevent the CAM boottime scanner from running
745	 * before discovery is complete.
746	 */
747	sassc->flags = MPSSAS_IN_STARTUP | MPSSAS_IN_DISCOVERY;
748	xpt_freeze_simq(sassc->sim, 1);
749
750	mps_unlock(sc);
751
752	callout_init(&sassc->discovery_callout, 1 /*mpsafe*/);
753	sassc->discovery_timeouts = 0;
754
755	mpssas_register_events(sc);
756out:
757	if (error)
758		mps_detach_sas(sc);
759	return (error);
760}
761
762int
763mps_detach_sas(struct mps_softc *sc)
764{
765	struct mpssas_softc *sassc;
766
767	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
768
769	if (sc->sassc == NULL)
770		return (0);
771
772	sassc = sc->sassc;
773
774	/* Make sure CAM doesn't wedge if we had to bail out early. */
775	mps_lock(sc);
776	if (sassc->flags & MPSSAS_IN_STARTUP)
777		xpt_release_simq(sassc->sim, 1);
778	mps_unlock(sc);
779
780	if (sassc->mpssas_eh != NULL)
781		mps_deregister_events(sc, sassc->mpssas_eh);
782
783	mps_lock(sc);
784
785	if (sassc->sim != NULL) {
786		xpt_bus_deregister(cam_sim_path(sassc->sim));
787		cam_sim_free(sassc->sim, FALSE);
788	}
789	mps_unlock(sc);
790
791	if (sassc->devq != NULL)
792		cam_simq_free(sassc->devq);
793
794	free(sassc->targets, M_MPT2);
795	free(sassc, M_MPT2);
796	sc->sassc = NULL;
797
798	return (0);
799}
800
801static void
802mpssas_discovery_end(struct mpssas_softc *sassc)
803{
804	struct mps_softc *sc = sassc->sc;
805
806	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
807
808	if (sassc->flags & MPSSAS_DISCOVERY_TIMEOUT_PENDING)
809		callout_stop(&sassc->discovery_callout);
810
811	if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) {
812		mps_dprint(sc, MPS_INFO,
813		    "mpssas_discovery_end: removing confighook\n");
814		sassc->flags &= ~MPSSAS_IN_STARTUP;
815		xpt_release_simq(sassc->sim, 1);
816	}
817#if 0
818	mpssas_announce_device(sassc, NULL);
819#endif
820
821}
822
823static void
824mpssas_announce_device(struct mpssas_softc *sassc, struct mpssas_target *targ)
825{
826	union ccb *ccb;
827	int bus, tid, lun;
828
829	/*
830	 * Force a rescan, a hackish way to announce devices.
831	 * XXX Doing a scan on an individual device is hackish in that it
832	 *     won't scan the LUNs.
833	 * XXX Does it matter if any of this fails?
834	 */
835	bus = cam_sim_path(sassc->sim);
836	if (targ != NULL) {
837		tid = targ->tid;
838		lun = 0;
839	} else {
840		tid = CAM_TARGET_WILDCARD;
841		lun = CAM_LUN_WILDCARD;
842	}
843	ccb = xpt_alloc_ccb_nowait();
844	if (ccb == NULL)
845		return;
846	if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, bus, tid,
847	    CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
848		xpt_free_ccb(ccb);
849		return;
850	}
851	mps_dprint(sassc->sc, MPS_INFO, "Triggering rescan of %d:%d:-1\n",
852	    bus, tid);
853	xpt_rescan(ccb);
854}
855
856static void
857mpssas_startup(void *data)
858{
859	struct mpssas_softc *sassc = data;
860
861	mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
862
863	mps_lock(sassc->sc);
864	if ((sassc->flags & MPSSAS_IN_DISCOVERY) == 0) {
865		mpssas_discovery_end(sassc);
866	} else {
867		if (sassc->discovery_timeouts < MPSSAS_MAX_DISCOVERY_TIMEOUTS) {
868			sassc->flags |= MPSSAS_DISCOVERY_TIMEOUT_PENDING;
869			callout_reset(&sassc->discovery_callout,
870			    MPSSAS_DISCOVERY_TIMEOUT * hz,
871			    mpssas_discovery_timeout, sassc);
872			sassc->discovery_timeouts++;
873		} else {
874			mps_dprint(sassc->sc, MPS_FAULT,
875			    "Discovery timed out, continuing.\n");
876			sassc->flags &= ~MPSSAS_IN_DISCOVERY;
877			mpssas_discovery_end(sassc);
878		}
879	}
880	mps_unlock(sassc->sc);
881
882	return;
883}
884
885static void
886mpssas_discovery_timeout(void *data)
887{
888	struct mpssas_softc *sassc = data;
889	struct mps_softc *sc;
890
891	sc = sassc->sc;
892	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
893
894	mps_lock(sc);
895	mps_printf(sc,
896	    "Timeout waiting for discovery, interrupts may not be working!\n");
897	sassc->flags &= ~MPSSAS_DISCOVERY_TIMEOUT_PENDING;
898
899	/* Poll the hardware for events in case interrupts aren't working */
900	mps_intr_locked(sc);
901	mps_unlock(sc);
902
903	/* Check the status of discovery and re-arm the timeout if needed */
904	mpssas_startup(sassc);
905}
906
907static void
908mpssas_action(struct cam_sim *sim, union ccb *ccb)
909{
910	struct mpssas_softc *sassc;
911
912	sassc = cam_sim_softc(sim);
913
914	mps_dprint(sassc->sc, MPS_TRACE, "%s func 0x%x\n", __func__,
915	    ccb->ccb_h.func_code);
916
917	switch (ccb->ccb_h.func_code) {
918	case XPT_PATH_INQ:
919	{
920		struct ccb_pathinq *cpi = &ccb->cpi;
921
922		cpi->version_num = 1;
923		cpi->hba_inquiry = PI_SDTR_ABLE|PI_TAG_ABLE|PI_WIDE_16;
924		cpi->target_sprt = 0;
925		cpi->hba_misc = PIM_NOBUSRESET;
926		cpi->hba_eng_cnt = 0;
927		cpi->max_target = sassc->sc->facts->MaxTargets - 1;
928		cpi->max_lun = 0;
929		cpi->initiator_id = 255;
930		strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
931		strncpy(cpi->hba_vid, "LSILogic", HBA_IDLEN);
932		strncpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
933		cpi->unit_number = cam_sim_unit(sim);
934		cpi->bus_id = cam_sim_bus(sim);
935		cpi->base_transfer_speed = 150000;
936		cpi->transport = XPORT_SAS;
937		cpi->transport_version = 0;
938		cpi->protocol = PROTO_SCSI;
939		cpi->protocol_version = SCSI_REV_SPC;
940		cpi->ccb_h.status = CAM_REQ_CMP;
941		break;
942	}
943	case XPT_GET_TRAN_SETTINGS:
944	{
945		struct ccb_trans_settings	*cts;
946		struct ccb_trans_settings_sas	*sas;
947		struct ccb_trans_settings_scsi	*scsi;
948		struct mpssas_target *targ;
949
950		cts = &ccb->cts;
951		sas = &cts->xport_specific.sas;
952		scsi = &cts->proto_specific.scsi;
953
954		targ = &sassc->targets[cts->ccb_h.target_id];
955		if (targ->handle == 0x0) {
956			cts->ccb_h.status = CAM_TID_INVALID;
957			break;
958		}
959
960		cts->protocol_version = SCSI_REV_SPC2;
961		cts->transport = XPORT_SAS;
962		cts->transport_version = 0;
963
964		sas->valid = CTS_SAS_VALID_SPEED;
965		switch (targ->linkrate) {
966		case 0x08:
967			sas->bitrate = 150000;
968			break;
969		case 0x09:
970			sas->bitrate = 300000;
971			break;
972		case 0x0a:
973			sas->bitrate = 600000;
974			break;
975		default:
976			sas->valid = 0;
977		}
978
979		cts->protocol = PROTO_SCSI;
980		scsi->valid = CTS_SCSI_VALID_TQ;
981		scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
982
983		cts->ccb_h.status = CAM_REQ_CMP;
984		break;
985	}
986	case XPT_CALC_GEOMETRY:
987		cam_calc_geometry(&ccb->ccg, /*extended*/1);
988		ccb->ccb_h.status = CAM_REQ_CMP;
989		break;
990	case XPT_RESET_DEV:
991		mpssas_action_resetdev(sassc, ccb);
992		return;
993	case XPT_RESET_BUS:
994	case XPT_ABORT:
995	case XPT_TERM_IO:
996		ccb->ccb_h.status = CAM_REQ_CMP;
997		break;
998	case XPT_SCSI_IO:
999		mpssas_action_scsiio(sassc, ccb);
1000		return;
1001#if __FreeBSD_version >= 900026
1002	case XPT_SMP_IO:
1003		mpssas_action_smpio(sassc, ccb);
1004		return;
1005#endif /* __FreeBSD_version >= 900026 */
1006	default:
1007		ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
1008		break;
1009	}
1010	xpt_done(ccb);
1011
1012}
1013
1014#if 0
1015static void
1016mpssas_resettimeout_complete(struct mps_softc *sc, struct mps_command *cm)
1017{
1018	MPI2_SCSI_TASK_MANAGE_REPLY *resp;
1019	uint16_t code;
1020
1021	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
1022
1023	resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
1024	code = resp->ResponseCode;
1025
1026	mps_free_command(sc, cm);
1027	mpssas_unfreeze_device(sassc, targ);
1028
1029	if (code != MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) {
1030		mps_reset_controller(sc);
1031	}
1032
1033	return;
1034}
1035#endif
1036
1037static void
1038mpssas_scsiio_timeout(void *data)
1039{
1040	union ccb *ccb;
1041	struct mps_softc *sc;
1042	struct mps_command *cm;
1043	struct mpssas_target *targ;
1044#if 0
1045	char cdb_str[(SCSI_MAX_CDBLEN * 3) + 1];
1046#endif
1047
1048	cm = (struct mps_command *)data;
1049	sc = cm->cm_sc;
1050
1051	/*
1052	 * Run the interrupt handler to make sure it's not pending.  This
1053	 * isn't perfect because the command could have already completed
1054	 * and been re-used, though this is unlikely.
1055	 */
1056	mps_lock(sc);
1057	mps_intr_locked(sc);
1058	if (cm->cm_state == MPS_CM_STATE_FREE) {
1059		mps_unlock(sc);
1060		return;
1061	}
1062
1063	ccb = cm->cm_complete_data;
1064	targ = cm->cm_targ;
1065	if (targ == 0x00)
1066		/* Driver bug */
1067		targ = &sc->sassc->targets[ccb->ccb_h.target_id];
1068
1069	xpt_print(ccb->ccb_h.path, "SCSI command timeout on device handle "
1070		  "0x%04x SMID %d\n", targ->handle, cm->cm_desc.Default.SMID);
1071	/*
1072	 * XXX KDM this is useful for debugging purposes, but the existing
1073	 * scsi_op_desc() implementation can't handle a NULL value for
1074	 * inq_data.  So this will remain commented out until I bring in
1075	 * those changes as well.
1076	 */
1077#if 0
1078	xpt_print(ccb->ccb_h.path, "Timed out command: %s. CDB %s\n",
1079		  scsi_op_desc((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
1080		  		ccb->csio.cdb_io.cdb_ptr[0] :
1081				ccb->csio.cdb_io.cdb_bytes[0], NULL),
1082		  scsi_cdb_string((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
1083				   ccb->csio.cdb_io.cdb_ptr :
1084				   ccb->csio.cdb_io.cdb_bytes, cdb_str,
1085		  		   sizeof(cdb_str)));
1086#endif
1087
1088	/* Inform CAM about the timeout and that recovery is starting. */
1089#if 0
1090	if ((targ->flags & MPSSAS_TARGET_INRECOVERY) == 0) {
1091		mpssas_freeze_device(sc->sassc, targ);
1092		ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1093		xpt_done(ccb);
1094	}
1095#endif
1096	mpssas_freeze_device(sc->sassc, targ);
1097	ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1098
1099	/*
1100	 * recycle the command into recovery so that there's no risk of
1101	 * command allocation failure.
1102	 */
1103	cm->cm_state = MPS_CM_STATE_TIMEDOUT;
1104	mpssas_recovery(sc, cm);
1105	mps_unlock(sc);
1106}
1107
1108static void
1109mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm)
1110{
1111	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1112
1113	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
1114
1115	/*
1116	 * Currently there should be no way we can hit this case.  It only
1117	 * happens when we have a failure to allocate chain frames, and
1118	 * task management commands don't have S/G lists.
1119	 */
1120	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1121		mps_printf(sc, "%s: cm_flags = %#x for abort on handle %#04x! "
1122			   "This should not happen!\n", __func__, cm->cm_flags,
1123			   req->DevHandle);
1124	}
1125
1126	mps_printf(sc, "%s: abort request on handle %#04x SMID %d "
1127		   "complete\n", __func__, req->DevHandle, req->TaskMID);
1128
1129	mpssas_complete_tm_request(sc, cm, /*free_cm*/ 1);
1130}
1131
1132static void
1133mpssas_recovery(struct mps_softc *sc, struct mps_command *abort_cm)
1134{
1135	struct mps_command *cm;
1136	MPI2_SCSI_TASK_MANAGE_REQUEST *req, *orig_req;
1137
1138	cm = mps_alloc_command(sc);
1139	if (cm == NULL) {
1140		mps_printf(sc, "%s: command allocation failure\n", __func__);
1141		return;
1142	}
1143
1144	cm->cm_targ = abort_cm->cm_targ;
1145	cm->cm_complete = mpssas_abort_complete;
1146
1147	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
1148	orig_req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)abort_cm->cm_req;
1149	req->DevHandle = abort_cm->cm_targ->handle;
1150	req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
1151	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK;
1152	memcpy(req->LUN, orig_req->LUN, sizeof(req->LUN));
1153	req->TaskMID = abort_cm->cm_desc.Default.SMID;
1154
1155	cm->cm_data = NULL;
1156	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
1157
1158	mpssas_issue_tm_request(sc, cm);
1159
1160}
1161
1162/*
1163 * Can return 0 or EINPROGRESS on success.  Any other value means failure.
1164 */
1165static int
1166mpssas_map_tm_request(struct mps_softc *sc, struct mps_command *cm)
1167{
1168	int error;
1169
1170	error = 0;
1171
1172	cm->cm_flags |= MPS_CM_FLAGS_ACTIVE;
1173	error = mps_map_command(sc, cm);
1174	if ((error == 0)
1175	 || (error == EINPROGRESS))
1176		sc->tm_cmds_active++;
1177
1178	return (error);
1179}
1180
1181static void
1182mpssas_issue_tm_request(struct mps_softc *sc, struct mps_command *cm)
1183{
1184	int freeze_queue, send_command, error;
1185
1186	freeze_queue = 0;
1187	send_command = 0;
1188	error = 0;
1189
1190	mtx_assert(&sc->mps_mtx, MA_OWNED);
1191
1192	/*
1193	 * If there are no other pending task management commands, go
1194	 * ahead and send this one.  There is a small amount of anecdotal
1195	 * evidence that sending lots of task management commands at once
1196	 * may cause the controller to lock up.  Or, if the user has
1197	 * configured the driver (via the allow_multiple_tm_cmds variable) to
1198	 * not serialize task management commands, go ahead and send the
1199	 * command if even other task management commands are pending.
1200	 */
1201	if (TAILQ_FIRST(&sc->tm_list) == NULL) {
1202		send_command = 1;
1203		freeze_queue = 1;
1204	} else if (sc->allow_multiple_tm_cmds != 0)
1205		send_command = 1;
1206
1207	TAILQ_INSERT_TAIL(&sc->tm_list, cm, cm_link);
1208	if (send_command != 0) {
1209		/*
1210		 * Freeze the SIM queue while we issue the task management
1211		 * command.  According to the Fusion-MPT 2.0 spec, task
1212		 * management requests are serialized, and so the host
1213		 * should not send any I/O requests while task management
1214		 * requests are pending.
1215		 */
1216		if (freeze_queue != 0)
1217			xpt_freeze_simq(sc->sassc->sim, 1);
1218
1219		error = mpssas_map_tm_request(sc, cm);
1220
1221		/*
1222		 * At present, there is no error path back from
1223		 * mpssas_map_tm_request() (which calls mps_map_command())
1224		 * when cm->cm_data == NULL.  But since there is a return
1225		 * value, we check it just in case the implementation
1226		 * changes later.
1227		 */
1228		if ((error != 0)
1229		 && (error != EINPROGRESS))
1230			mpssas_tm_complete(sc, cm,
1231			    MPI2_SCSITASKMGMT_RSP_TM_FAILED);
1232	}
1233}
1234
1235static void
1236mpssas_tm_complete(struct mps_softc *sc, struct mps_command *cm, int error)
1237{
1238	MPI2_SCSI_TASK_MANAGE_REPLY *resp;
1239
1240	resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
1241
1242	if (resp != NULL)
1243		resp->ResponseCode = error;
1244
1245	/*
1246	 * Call the callback for this command, it will be
1247	 * removed from the list and freed via the callback.
1248	 */
1249	cm->cm_complete(sc, cm);
1250}
1251
1252/*
1253 * Complete a task management request.  The basic completion operation will
1254 * always succeed.  Returns status for sending any further task management
1255 * commands that were queued.
1256 */
1257static int
1258mpssas_complete_tm_request(struct mps_softc *sc, struct mps_command *cm,
1259			   int free_cm)
1260{
1261	int error;
1262
1263	error = 0;
1264
1265	mtx_assert(&sc->mps_mtx, MA_OWNED);
1266
1267	TAILQ_REMOVE(&sc->tm_list, cm, cm_link);
1268	cm->cm_flags &= ~MPS_CM_FLAGS_ACTIVE;
1269	sc->tm_cmds_active--;
1270
1271	if (free_cm != 0)
1272		mps_free_command(sc, cm);
1273
1274	if (TAILQ_FIRST(&sc->tm_list) == NULL) {
1275		/*
1276		 * Release the SIM queue, we froze it when we sent the first
1277		 * task management request.
1278		 */
1279		xpt_release_simq(sc->sassc->sim, 1);
1280	} else if ((sc->tm_cmds_active == 0)
1281		|| (sc->allow_multiple_tm_cmds != 0)) {
1282		int error;
1283		struct mps_command *cm2;
1284
1285restart_traversal:
1286
1287		/*
1288		 * We don't bother using TAILQ_FOREACH_SAFE here, but
1289		 * rather use the standard version and just restart the
1290		 * list traversal if we run into the error case.
1291		 * TAILQ_FOREACH_SAFE allows safe removal of the current
1292		 * list element, but if you have a queue of task management
1293		 * commands, all of which have mapping errors, you'll end
1294		 * up with recursive calls to this routine and so you could
1295		 * wind up removing more than just the current list element.
1296		 */
1297		TAILQ_FOREACH(cm2, &sc->tm_list, cm_link) {
1298			MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1299
1300			/* This command is active, no need to send it again */
1301			if (cm2->cm_flags & MPS_CM_FLAGS_ACTIVE)
1302				continue;
1303
1304			req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm2->cm_req;
1305
1306			mps_printf(sc, "%s: sending deferred task management "
1307			    "request for handle %#04x SMID %d\n", __func__,
1308			    req->DevHandle, req->TaskMID);
1309
1310			error = mpssas_map_tm_request(sc, cm2);
1311
1312			/*
1313			 * Check for errors.  If we had an error, complete
1314			 * this command with an error, and keep going through
1315			 * the list until we are able to send at least one
1316			 * command or all of them are completed with errors.
1317			 *
1318			 * We don't want to wind up in a situation where
1319			 * we're stalled out with no way for queued task
1320			 * management commands to complete.
1321			 *
1322			 * Note that there is not currently an error path
1323			 * back from mpssas_map_tm_request() (which calls
1324			 * mps_map_command()) when cm->cm_data == NULL.
1325			 * But we still want to check for errors here in
1326			 * case the implementation changes, or in case
1327			 * there is some reason for a data payload here.
1328			 */
1329			if ((error != 0)
1330			 && (error != EINPROGRESS)) {
1331				mpssas_tm_complete(sc, cm,
1332				    MPI2_SCSITASKMGMT_RSP_TM_FAILED);
1333
1334				/*
1335				 * If we don't currently have any commands
1336				 * active, go back to the beginning and see
1337				 * if there are any more that can be started.
1338				 * Otherwise, we're done here.
1339				 */
1340				if (sc->tm_cmds_active == 0)
1341					goto restart_traversal;
1342				else
1343					break;
1344			}
1345
1346			/*
1347			 * If the user only wants one task management command
1348			 * active at a time, we're done, since we've
1349			 * already successfully sent a command at this point.
1350			 */
1351			if (sc->allow_multiple_tm_cmds == 0)
1352				break;
1353		}
1354	}
1355
1356	return (error);
1357}
1358
1359static void
1360mpssas_action_scsiio(struct mpssas_softc *sassc, union ccb *ccb)
1361{
1362	MPI2_SCSI_IO_REQUEST *req;
1363	struct ccb_scsiio *csio;
1364	struct mps_softc *sc;
1365	struct mpssas_target *targ;
1366	struct mps_command *cm;
1367
1368	mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
1369
1370	sc = sassc->sc;
1371
1372	csio = &ccb->csio;
1373	targ = &sassc->targets[csio->ccb_h.target_id];
1374	if (targ->handle == 0x0) {
1375		csio->ccb_h.status = CAM_SEL_TIMEOUT;
1376		xpt_done(ccb);
1377		return;
1378	}
1379
1380	cm = mps_alloc_command(sc);
1381	if (cm == NULL) {
1382		if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
1383			xpt_freeze_simq(sassc->sim, 1);
1384			sassc->flags |= MPSSAS_QUEUE_FROZEN;
1385		}
1386		ccb->ccb_h.status &= ~CAM_SIM_QUEUED;
1387		ccb->ccb_h.status |= CAM_REQUEUE_REQ;
1388		xpt_done(ccb);
1389		return;
1390	}
1391
1392	req = (MPI2_SCSI_IO_REQUEST *)cm->cm_req;
1393	bzero(req, sizeof(*req));
1394	req->DevHandle = targ->handle;
1395	req->Function = MPI2_FUNCTION_SCSI_IO_REQUEST;
1396	req->MsgFlags = 0;
1397	req->SenseBufferLowAddress = cm->cm_sense_busaddr;
1398	req->SenseBufferLength = MPS_SENSE_LEN;
1399	req->SGLFlags = 0;
1400	req->ChainOffset = 0;
1401	req->SGLOffset0 = 24;	/* 32bit word offset to the SGL */
1402	req->SGLOffset1= 0;
1403	req->SGLOffset2= 0;
1404	req->SGLOffset3= 0;
1405	req->SkipCount = 0;
1406	req->DataLength = csio->dxfer_len;
1407	req->BidirectionalDataLength = 0;
1408	req->IoFlags = csio->cdb_len;
1409	req->EEDPFlags = 0;
1410
1411	/* Note: BiDirectional transfers are not supported */
1412	switch (csio->ccb_h.flags & CAM_DIR_MASK) {
1413	case CAM_DIR_IN:
1414		req->Control = MPI2_SCSIIO_CONTROL_READ;
1415		cm->cm_flags |= MPS_CM_FLAGS_DATAIN;
1416		break;
1417	case CAM_DIR_OUT:
1418		req->Control = MPI2_SCSIIO_CONTROL_WRITE;
1419		cm->cm_flags |= MPS_CM_FLAGS_DATAOUT;
1420		break;
1421	case CAM_DIR_NONE:
1422	default:
1423		req->Control = MPI2_SCSIIO_CONTROL_NODATATRANSFER;
1424		break;
1425	}
1426
1427	/*
1428	 * It looks like the hardware doesn't require an explicit tag
1429	 * number for each transaction.  SAM Task Management not supported
1430	 * at the moment.
1431	 */
1432	switch (csio->tag_action) {
1433	case MSG_HEAD_OF_Q_TAG:
1434		req->Control |= MPI2_SCSIIO_CONTROL_HEADOFQ;
1435		break;
1436	case MSG_ORDERED_Q_TAG:
1437		req->Control |= MPI2_SCSIIO_CONTROL_ORDEREDQ;
1438		break;
1439	case MSG_ACA_TASK:
1440		req->Control |= MPI2_SCSIIO_CONTROL_ACAQ;
1441		break;
1442	case CAM_TAG_ACTION_NONE:
1443	case MSG_SIMPLE_Q_TAG:
1444	default:
1445		req->Control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
1446		break;
1447	}
1448
1449	if (MPS_SET_LUN(req->LUN, csio->ccb_h.target_lun) != 0) {
1450		mps_free_command(sc, cm);
1451		ccb->ccb_h.status = CAM_LUN_INVALID;
1452		xpt_done(ccb);
1453		return;
1454	}
1455
1456	if (csio->ccb_h.flags & CAM_CDB_POINTER)
1457		bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len);
1458	else
1459		bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len);
1460	req->IoFlags = csio->cdb_len;
1461
1462	/*
1463	 * XXX need to handle S/G lists and physical addresses here.
1464	 */
1465	cm->cm_data = csio->data_ptr;
1466	cm->cm_length = csio->dxfer_len;
1467	cm->cm_sge = &req->SGL;
1468	cm->cm_sglsize = (32 - 24) * 4;
1469	cm->cm_desc.SCSIIO.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
1470	cm->cm_desc.SCSIIO.DevHandle = targ->handle;
1471	cm->cm_complete = mpssas_scsiio_complete;
1472	cm->cm_complete_data = ccb;
1473	cm->cm_targ = targ;
1474
1475	sc->io_cmds_active++;
1476	if (sc->io_cmds_active > sc->io_cmds_highwater)
1477		sc->io_cmds_highwater = sc->io_cmds_active;
1478
1479	TAILQ_INSERT_TAIL(&sc->io_list, cm, cm_link);
1480	callout_reset(&cm->cm_callout, (ccb->ccb_h.timeout * hz) / 1000,
1481	   mpssas_scsiio_timeout, cm);
1482
1483	mps_map_command(sc, cm);
1484	return;
1485}
1486
1487static void
1488mpssas_scsiio_complete(struct mps_softc *sc, struct mps_command *cm)
1489{
1490	MPI2_SCSI_IO_REPLY *rep;
1491	union ccb *ccb;
1492	struct mpssas_softc *sassc;
1493	u_int sense_len;
1494	int dir = 0;
1495
1496	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
1497
1498	callout_stop(&cm->cm_callout);
1499	TAILQ_REMOVE(&sc->io_list, cm, cm_link);
1500	sc->io_cmds_active--;
1501
1502	sassc = sc->sassc;
1503	ccb = cm->cm_complete_data;
1504	rep = (MPI2_SCSI_IO_REPLY *)cm->cm_reply;
1505
1506	/*
1507	 * XXX KDM if the chain allocation fails, does it matter if we do
1508	 * the sync and unload here?  It is simpler to do it in every case,
1509	 * assuming it doesn't cause problems.
1510	 */
1511	if (cm->cm_data != NULL) {
1512		if (cm->cm_flags & MPS_CM_FLAGS_DATAIN)
1513			dir = BUS_DMASYNC_POSTREAD;
1514		else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT)
1515			dir = BUS_DMASYNC_POSTWRITE;;
1516		bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir);
1517		bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
1518	}
1519
1520	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1521		/*
1522		 * We ran into an error after we tried to map the command,
1523		 * so we're getting a callback without queueing the command
1524		 * to the hardware.  So we set the status here, and it will
1525		 * be retained below.  We'll go through the "fast path",
1526		 * because there can be no reply when we haven't actually
1527		 * gone out to the hardware.
1528		 */
1529		ccb->ccb_h.status |= CAM_REQUEUE_REQ;
1530
1531		/*
1532		 * Currently the only error included in the mask is
1533		 * MPS_CM_FLAGS_CHAIN_FAILED, which means we're out of
1534		 * chain frames.  We need to freeze the queue until we get
1535		 * a command that completed without this error, which will
1536		 * hopefully have some chain frames attached that we can
1537		 * use.  If we wanted to get smarter about it, we would
1538		 * only unfreeze the queue in this condition when we're
1539		 * sure that we're getting some chain frames back.  That's
1540		 * probably unnecessary.
1541		 */
1542		if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
1543			xpt_freeze_simq(sassc->sim, 1);
1544			sassc->flags |= MPSSAS_QUEUE_FROZEN;
1545			mps_printf(sc, "Error sending command, freezing "
1546				   "SIM queue\n");
1547		}
1548	}
1549
1550	/* Take the fast path to completion */
1551	if (cm->cm_reply == NULL) {
1552		if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_INPROG) {
1553			ccb->ccb_h.status = CAM_REQ_CMP;
1554			ccb->csio.scsi_status = SCSI_STATUS_OK;
1555
1556			if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
1557				ccb->ccb_h.status |= CAM_RELEASE_SIMQ;
1558				sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
1559				mps_printf(sc, "Unfreezing SIM queue\n");
1560			}
1561		} else {
1562			ccb->ccb_h.status |= CAM_DEV_QFRZN;
1563			xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1);
1564		}
1565		mps_free_command(sc, cm);
1566		xpt_done(ccb);
1567		return;
1568	}
1569
1570	mps_dprint(sc, MPS_INFO, "(%d:%d:%d) IOCStatus= 0x%x, "
1571	    "ScsiStatus= 0x%x, SCSIState= 0x%x TransferCount= 0x%x\n",
1572	    xpt_path_path_id(ccb->ccb_h.path),
1573	    xpt_path_target_id(ccb->ccb_h.path),
1574	    xpt_path_lun_id(ccb->ccb_h.path), rep->IOCStatus,
1575	    rep->SCSIStatus, rep->SCSIState, rep->TransferCount);
1576
1577	switch (rep->IOCStatus & MPI2_IOCSTATUS_MASK) {
1578	case MPI2_IOCSTATUS_BUSY:
1579	case MPI2_IOCSTATUS_INSUFFICIENT_RESOURCES:
1580		/*
1581		 * The controller is overloaded, try waiting a bit for it
1582		 * to free up.
1583		 */
1584		ccb->ccb_h.status = CAM_BUSY;
1585		break;
1586	case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN:
1587		ccb->csio.resid = cm->cm_length - rep->TransferCount;
1588		/* FALLTHROUGH */
1589	case MPI2_IOCSTATUS_SUCCESS:
1590	case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR:
1591		ccb->ccb_h.status = CAM_REQ_CMP;
1592		break;
1593	case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN:
1594		/* resid is ignored for this condition */
1595		ccb->csio.resid = 0;
1596		ccb->ccb_h.status = CAM_DATA_RUN_ERR;
1597		break;
1598	case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE:
1599	case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
1600		ccb->ccb_h.status = CAM_DEV_NOT_THERE;
1601		break;
1602	case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED:
1603		/*
1604		 * This is one of the responses that comes back when an I/O
1605		 * has been aborted.  If it is because of a timeout that we
1606		 * initiated, just set the status to CAM_CMD_TIMEOUT.
1607		 * Otherwise set it to CAM_REQ_ABORTED.  The effect on the
1608		 * command is the same (it gets retried, subject to the
1609		 * retry counter), the only difference is what gets printed
1610		 * on the console.
1611		 */
1612		if (cm->cm_state == MPS_CM_STATE_TIMEDOUT)
1613			ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1614		else
1615			ccb->ccb_h.status = CAM_REQ_ABORTED;
1616		break;
1617	case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED:
1618	case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED:
1619#if 0
1620		ccb->ccb_h.status = CAM_REQ_ABORTED;
1621#endif
1622		mps_printf(sc, "(%d:%d:%d) terminated ioc %x scsi %x state %x "
1623			   "xfer %u\n", xpt_path_path_id(ccb->ccb_h.path),
1624			   xpt_path_target_id(ccb->ccb_h.path),
1625			   xpt_path_lun_id(ccb->ccb_h.path),
1626			   rep->IOCStatus, rep->SCSIStatus, rep->SCSIState,
1627			   rep->TransferCount);
1628		ccb->ccb_h.status = CAM_REQUEUE_REQ;
1629		break;
1630	case MPI2_IOCSTATUS_INVALID_SGL:
1631		mps_print_scsiio_cmd(sc, cm);
1632		ccb->ccb_h.status = CAM_UNREC_HBA_ERROR;
1633		break;
1634	case MPI2_IOCSTATUS_INVALID_FUNCTION:
1635	case MPI2_IOCSTATUS_INTERNAL_ERROR:
1636	case MPI2_IOCSTATUS_INVALID_VPID:
1637	case MPI2_IOCSTATUS_INVALID_FIELD:
1638	case MPI2_IOCSTATUS_INVALID_STATE:
1639	case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED:
1640	case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR:
1641	case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR:
1642	case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
1643	case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED:
1644	default:
1645		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1646	}
1647
1648
1649	if ((rep->SCSIState & MPI2_SCSI_STATE_NO_SCSI_STATUS) == 0) {
1650		ccb->csio.scsi_status = rep->SCSIStatus;
1651
1652		switch (rep->SCSIStatus) {
1653		case MPI2_SCSI_STATUS_TASK_SET_FULL:
1654		case MPI2_SCSI_STATUS_CHECK_CONDITION:
1655			ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR;
1656			break;
1657		case MPI2_SCSI_STATUS_COMMAND_TERMINATED:
1658		case MPI2_SCSI_STATUS_TASK_ABORTED:
1659			ccb->ccb_h.status = CAM_REQ_ABORTED;
1660			break;
1661		case MPI2_SCSI_STATUS_GOOD:
1662		default:
1663			break;
1664		}
1665	}
1666
1667	if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
1668		sense_len = MIN(rep->SenseCount,
1669		    sizeof(struct scsi_sense_data));
1670		if (sense_len < rep->SenseCount)
1671			ccb->csio.sense_resid = rep->SenseCount - sense_len;
1672		bcopy(cm->cm_sense, &ccb->csio.sense_data, sense_len);
1673		ccb->ccb_h.status |= CAM_AUTOSNS_VALID;
1674	}
1675
1676	if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_FAILED)
1677		ccb->ccb_h.status = CAM_AUTOSENSE_FAIL;
1678
1679	if (rep->SCSIState & MPI2_SCSI_STATE_RESPONSE_INFO_VALID)
1680		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1681
1682	if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
1683		ccb->ccb_h.status |= CAM_RELEASE_SIMQ;
1684		sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
1685		mps_printf(sc, "Command completed, unfreezing SIM queue\n");
1686	}
1687	if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
1688		ccb->ccb_h.status |= CAM_DEV_QFRZN;
1689		xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1);
1690	}
1691	mps_free_command(sc, cm);
1692	xpt_done(ccb);
1693}
1694
1695#if __FreeBSD_version >= 900026
1696static void
1697mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm)
1698{
1699	MPI2_SMP_PASSTHROUGH_REPLY *rpl;
1700	MPI2_SMP_PASSTHROUGH_REQUEST *req;
1701	uint64_t sasaddr;
1702	union ccb *ccb;
1703
1704	ccb = cm->cm_complete_data;
1705
1706	/*
1707	 * Currently there should be no way we can hit this case.  It only
1708	 * happens when we have a failure to allocate chain frames, and SMP
1709	 * commands require two S/G elements only.  That should be handled
1710	 * in the standard request size.
1711	 */
1712	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1713		mps_printf(sc, "%s: cm_flags = %#x on SMP request!\n",
1714			   __func__, cm->cm_flags);
1715		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1716		goto bailout;
1717	}
1718
1719	rpl = (MPI2_SMP_PASSTHROUGH_REPLY *)cm->cm_reply;
1720	if (rpl == NULL) {
1721		mps_dprint(sc, MPS_INFO, "%s: NULL cm_reply!\n", __func__);
1722		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1723		goto bailout;
1724	}
1725
1726	req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
1727	sasaddr = le32toh(req->SASAddress.Low);
1728	sasaddr |= ((uint64_t)(le32toh(req->SASAddress.High))) << 32;
1729
1730	if ((rpl->IOCStatus & MPI2_IOCSTATUS_MASK) != MPI2_IOCSTATUS_SUCCESS ||
1731	    rpl->SASStatus != MPI2_SASSTATUS_SUCCESS) {
1732		mps_dprint(sc, MPS_INFO, "%s: IOCStatus %04x SASStatus %02x\n",
1733		    __func__, rpl->IOCStatus, rpl->SASStatus);
1734		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1735		goto bailout;
1736	}
1737
1738	mps_dprint(sc, MPS_INFO, "%s: SMP request to SAS address "
1739		   "%#jx completed successfully\n", __func__,
1740		   (uintmax_t)sasaddr);
1741
1742	if (ccb->smpio.smp_response[2] == SMP_FR_ACCEPTED)
1743		ccb->ccb_h.status = CAM_REQ_CMP;
1744	else
1745		ccb->ccb_h.status = CAM_SMP_STATUS_ERROR;
1746
1747bailout:
1748	/*
1749	 * We sync in both directions because we had DMAs in the S/G list
1750	 * in both directions.
1751	 */
1752	bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap,
1753			BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1754	bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
1755	mps_free_command(sc, cm);
1756	xpt_done(ccb);
1757}
1758
1759static void
1760mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, uint64_t sasaddr)
1761{
1762	struct mps_command *cm;
1763	uint8_t *request, *response;
1764	MPI2_SMP_PASSTHROUGH_REQUEST *req;
1765	struct mps_softc *sc;
1766	struct sglist *sg;
1767	int error;
1768
1769	sc = sassc->sc;
1770	sg = NULL;
1771	error = 0;
1772
1773	/*
1774	 * XXX We don't yet support physical addresses here.
1775	 */
1776	if (ccb->ccb_h.flags & (CAM_DATA_PHYS|CAM_SG_LIST_PHYS)) {
1777		mps_printf(sc, "%s: physical addresses not supported\n",
1778			   __func__);
1779		ccb->ccb_h.status = CAM_REQ_INVALID;
1780		xpt_done(ccb);
1781		return;
1782	}
1783
1784	/*
1785	 * If the user wants to send an S/G list, check to make sure they
1786	 * have single buffers.
1787	 */
1788	if (ccb->ccb_h.flags & CAM_SCATTER_VALID) {
1789		/*
1790		 * The chip does not support more than one buffer for the
1791		 * request or response.
1792		 */
1793	 	if ((ccb->smpio.smp_request_sglist_cnt > 1)
1794		  || (ccb->smpio.smp_response_sglist_cnt > 1)) {
1795			mps_printf(sc, "%s: multiple request or response "
1796				   "buffer segments not supported for SMP\n",
1797				   __func__);
1798			ccb->ccb_h.status = CAM_REQ_INVALID;
1799			xpt_done(ccb);
1800			return;
1801		}
1802
1803		/*
1804		 * The CAM_SCATTER_VALID flag was originally implemented
1805		 * for the XPT_SCSI_IO CCB, which only has one data pointer.
1806		 * We have two.  So, just take that flag to mean that we
1807		 * might have S/G lists, and look at the S/G segment count
1808		 * to figure out whether that is the case for each individual
1809		 * buffer.
1810		 */
1811		if (ccb->smpio.smp_request_sglist_cnt != 0) {
1812			bus_dma_segment_t *req_sg;
1813
1814			req_sg = (bus_dma_segment_t *)ccb->smpio.smp_request;
1815			request = (uint8_t *)req_sg[0].ds_addr;
1816		} else
1817			request = ccb->smpio.smp_request;
1818
1819		if (ccb->smpio.smp_response_sglist_cnt != 0) {
1820			bus_dma_segment_t *rsp_sg;
1821
1822			rsp_sg = (bus_dma_segment_t *)ccb->smpio.smp_response;
1823			response = (uint8_t *)rsp_sg[0].ds_addr;
1824		} else
1825			response = ccb->smpio.smp_response;
1826	} else {
1827		request = ccb->smpio.smp_request;
1828		response = ccb->smpio.smp_response;
1829	}
1830
1831	cm = mps_alloc_command(sc);
1832	if (cm == NULL) {
1833		mps_printf(sc, "%s: cannot allocate command\n", __func__);
1834		ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1835		xpt_done(ccb);
1836		return;
1837	}
1838
1839	req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
1840	bzero(req, sizeof(*req));
1841	req->Function = MPI2_FUNCTION_SMP_PASSTHROUGH;
1842
1843	/* Allow the chip to use any route to this SAS address. */
1844	req->PhysicalPort = 0xff;
1845
1846	req->RequestDataLength = ccb->smpio.smp_request_len;
1847	req->SGLFlags =
1848	    MPI2_SGLFLAGS_SYSTEM_ADDRESS_SPACE | MPI2_SGLFLAGS_SGL_TYPE_MPI;
1849
1850	mps_dprint(sc, MPS_INFO, "%s: sending SMP request to SAS "
1851		   "address %#jx\n", __func__, (uintmax_t)sasaddr);
1852
1853	mpi_init_sge(cm, req, &req->SGL);
1854
1855	/*
1856	 * Set up a uio to pass into mps_map_command().  This allows us to
1857	 * do one map command, and one busdma call in there.
1858	 */
1859	cm->cm_uio.uio_iov = cm->cm_iovec;
1860	cm->cm_uio.uio_iovcnt = 2;
1861	cm->cm_uio.uio_segflg = UIO_SYSSPACE;
1862
1863	/*
1864	 * The read/write flag isn't used by busdma, but set it just in
1865	 * case.  This isn't exactly accurate, either, since we're going in
1866	 * both directions.
1867	 */
1868	cm->cm_uio.uio_rw = UIO_WRITE;
1869
1870	cm->cm_iovec[0].iov_base = request;
1871	cm->cm_iovec[0].iov_len = req->RequestDataLength;
1872	cm->cm_iovec[1].iov_base = response;
1873	cm->cm_iovec[1].iov_len = ccb->smpio.smp_response_len;
1874
1875	cm->cm_uio.uio_resid = cm->cm_iovec[0].iov_len +
1876			       cm->cm_iovec[1].iov_len;
1877
1878	/*
1879	 * Trigger a warning message in mps_data_cb() for the user if we
1880	 * wind up exceeding two S/G segments.  The chip expects one
1881	 * segment for the request and another for the response.
1882	 */
1883	cm->cm_max_segs = 2;
1884
1885	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
1886	cm->cm_complete = mpssas_smpio_complete;
1887	cm->cm_complete_data = ccb;
1888
1889	/*
1890	 * Tell the mapping code that we're using a uio, and that this is
1891	 * an SMP passthrough request.  There is a little special-case
1892	 * logic there (in mps_data_cb()) to handle the bidirectional
1893	 * transfer.
1894	 */
1895	cm->cm_flags |= MPS_CM_FLAGS_USE_UIO | MPS_CM_FLAGS_SMP_PASS |
1896			MPS_CM_FLAGS_DATAIN | MPS_CM_FLAGS_DATAOUT;
1897
1898	/* The chip data format is little endian. */
1899	req->SASAddress.High = htole32(sasaddr >> 32);
1900	req->SASAddress.Low = htole32(sasaddr);
1901
1902	/*
1903	 * XXX Note that we don't have a timeout/abort mechanism here.
1904	 * From the manual, it looks like task management requests only
1905	 * work for SCSI IO and SATA passthrough requests.  We may need to
1906	 * have a mechanism to retry requests in the event of a chip reset
1907	 * at least.  Hopefully the chip will insure that any errors short
1908	 * of that are relayed back to the driver.
1909	 */
1910	error = mps_map_command(sc, cm);
1911	if ((error != 0) && (error != EINPROGRESS)) {
1912		mps_printf(sc, "%s: error %d returned from mps_map_command()\n",
1913			   __func__, error);
1914		goto bailout_error;
1915	}
1916
1917	return;
1918
1919bailout_error:
1920	mps_free_command(sc, cm);
1921	ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1922	xpt_done(ccb);
1923	return;
1924
1925}
1926
1927static void
1928mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb)
1929{
1930	struct mps_softc *sc;
1931	struct mpssas_target *targ;
1932	uint64_t sasaddr = 0;
1933
1934	sc = sassc->sc;
1935
1936	/*
1937	 * Make sure the target exists.
1938	 */
1939	targ = &sassc->targets[ccb->ccb_h.target_id];
1940	if (targ->handle == 0x0) {
1941		mps_printf(sc, "%s: target %d does not exist!\n", __func__,
1942			   ccb->ccb_h.target_id);
1943		ccb->ccb_h.status = CAM_SEL_TIMEOUT;
1944		xpt_done(ccb);
1945		return;
1946	}
1947
1948	/*
1949	 * If this device has an embedded SMP target, we'll talk to it
1950	 * directly.
1951	 * figure out what the expander's address is.
1952	 */
1953	if ((targ->devinfo & MPI2_SAS_DEVICE_INFO_SMP_TARGET) != 0)
1954		sasaddr = targ->sasaddr;
1955
1956	/*
1957	 * If we don't have a SAS address for the expander yet, try
1958	 * grabbing it from the page 0x83 information cached in the
1959	 * transport layer for this target.  LSI expanders report the
1960	 * expander SAS address as the port-associated SAS address in
1961	 * Inquiry VPD page 0x83.  Maxim expanders don't report it in page
1962	 * 0x83.
1963	 *
1964	 * XXX KDM disable this for now, but leave it commented out so that
1965	 * it is obvious that this is another possible way to get the SAS
1966	 * address.
1967	 *
1968	 * The parent handle method below is a little more reliable, and
1969	 * the other benefit is that it works for devices other than SES
1970	 * devices.  So you can send a SMP request to a da(4) device and it
1971	 * will get routed to the expander that device is attached to.
1972	 * (Assuming the da(4) device doesn't contain an SMP target...)
1973	 */
1974#if 0
1975	if (sasaddr == 0)
1976		sasaddr = xpt_path_sas_addr(ccb->ccb_h.path);
1977#endif
1978
1979	/*
1980	 * If we still don't have a SAS address for the expander, look for
1981	 * the parent device of this device, which is probably the expander.
1982	 */
1983	if (sasaddr == 0) {
1984		struct mpssas_target *parent_target;
1985
1986		if (targ->parent_handle == 0x0) {
1987			mps_printf(sc, "%s: handle %d does not have a valid "
1988				   "parent handle!\n", __func__, targ->handle);
1989			ccb->ccb_h.status = CAM_REQ_INVALID;
1990			goto bailout;
1991		}
1992		parent_target = mpssas_find_target(sassc, 0,
1993						   targ->parent_handle);
1994
1995		if (parent_target == NULL) {
1996			mps_printf(sc, "%s: handle %d does not have a valid "
1997				   "parent target!\n", __func__, targ->handle);
1998			ccb->ccb_h.status = CAM_REQ_INVALID;
1999			goto bailout;
2000		}
2001
2002		if ((parent_target->devinfo &
2003		     MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) {
2004			mps_printf(sc, "%s: handle %d parent %d does not "
2005				   "have an SMP target!\n", __func__,
2006				   targ->handle, parent_target->handle);
2007			ccb->ccb_h.status = CAM_REQ_INVALID;
2008			goto bailout;
2009
2010		}
2011
2012		sasaddr = parent_target->sasaddr;
2013	}
2014
2015	if (sasaddr == 0) {
2016		mps_printf(sc, "%s: unable to find SAS address for handle %d\n",
2017			   __func__, targ->handle);
2018		ccb->ccb_h.status = CAM_REQ_INVALID;
2019		goto bailout;
2020	}
2021	mpssas_send_smpcmd(sassc, ccb, sasaddr);
2022
2023	return;
2024
2025bailout:
2026	xpt_done(ccb);
2027
2028}
2029
2030#endif /* __FreeBSD_version >= 900026 */
2031
2032static void
2033mpssas_action_resetdev(struct mpssas_softc *sassc, union ccb *ccb)
2034{
2035	struct mps_softc *sc;
2036	struct mps_command *cm;
2037	struct mpssas_target *targ;
2038
2039	sc = sassc->sc;
2040	targ = &sassc->targets[ccb->ccb_h.target_id];
2041
2042	if (targ->flags & MPSSAS_TARGET_INRECOVERY) {
2043		ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2044		xpt_done(ccb);
2045		return;
2046	}
2047
2048	cm = mps_alloc_command(sc);
2049	if (cm == NULL) {
2050		mps_printf(sc, "%s: cannot alloc command\n", __func__);
2051		ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2052		xpt_done(ccb);
2053		return;
2054	}
2055
2056	cm->cm_targ = targ;
2057	cm->cm_complete = mpssas_resetdev_complete;
2058	cm->cm_complete_data = ccb;
2059
2060	mpssas_resetdev(sassc, cm);
2061}
2062
2063static void
2064mpssas_resetdev(struct mpssas_softc *sassc, struct mps_command *cm)
2065{
2066	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
2067	struct mps_softc *sc;
2068
2069	mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
2070
2071	sc = sassc->sc;
2072
2073	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
2074	req->DevHandle = cm->cm_targ->handle;
2075	req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
2076	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
2077
2078	/* SAS Hard Link Reset / SATA Link Reset */
2079	req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
2080
2081	cm->cm_data = NULL;
2082	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
2083
2084	mpssas_issue_tm_request(sc, cm);
2085}
2086
2087static void
2088mpssas_resetdev_complete(struct mps_softc *sc, struct mps_command *cm)
2089{
2090	MPI2_SCSI_TASK_MANAGE_REPLY *resp;
2091	union ccb *ccb;
2092
2093	mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
2094
2095	resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
2096	ccb = cm->cm_complete_data;
2097
2098	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
2099		MPI2_SCSI_TASK_MANAGE_REQUEST *req;
2100
2101		req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
2102
2103		mps_printf(sc, "%s: cm_flags = %#x for reset of handle %#04x! "
2104			   "This should not happen!\n", __func__, cm->cm_flags,
2105			   req->DevHandle);
2106
2107		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2108		goto bailout;
2109	}
2110
2111	printf("resetdev complete IOCStatus= 0x%x ResponseCode= 0x%x\n",
2112	    resp->IOCStatus, resp->ResponseCode);
2113
2114	if (resp->ResponseCode == MPI2_SCSITASKMGMT_RSP_TM_COMPLETE)
2115		ccb->ccb_h.status = CAM_REQ_CMP;
2116	else
2117		ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2118
2119bailout:
2120	mpssas_complete_tm_request(sc, cm, /*free_cm*/ 1);
2121
2122	xpt_done(ccb);
2123}
2124
2125static void
2126mpssas_poll(struct cam_sim *sim)
2127{
2128	struct mpssas_softc *sassc;
2129
2130	sassc = cam_sim_softc(sim);
2131	mps_intr_locked(sassc->sc);
2132}
2133
2134static void
2135mpssas_freeze_device(struct mpssas_softc *sassc, struct mpssas_target *targ)
2136{
2137}
2138
2139static void
2140mpssas_unfreeze_device(struct mpssas_softc *sassc, struct mpssas_target *targ)
2141{
2142}
2143
2144