1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /* Copyright 2010 QLogic Corporation */
23 
24 /*
25  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
26  * Use is subject to license terms.
27  */
28 
29 #pragma ident	"Copyright 2010 QLogic Corporation; ql_ioctl.c"
30 
31 /*
32  * ISP2xxx Solaris Fibre Channel Adapter (FCA) driver source file.
33  * Fibre Channel Adapter (FCA) driver IOCTL source file.
34  *
35  * ***********************************************************************
36  * *									**
37  * *				NOTICE					**
38  * *		COPYRIGHT (C) 1996-2010 QLOGIC CORPORATION		**
39  * *			ALL RIGHTS RESERVED				**
40  * *									**
41  * ***********************************************************************
42  *
43  */
44 
45 #include <ql_apps.h>
46 #include <ql_api.h>
47 #include <ql_debug.h>
48 #include <ql_init.h>
49 #include <ql_ioctl.h>
50 #include <ql_mbx.h>
51 #include <ql_xioctl.h>
52 
53 /*
54  * Local Function Prototypes.
55  */
56 static int ql_busy_notification(ql_adapter_state_t *);
57 static int ql_idle_notification(ql_adapter_state_t *);
58 static int ql_get_feature_bits(ql_adapter_state_t *ha, uint16_t *features);
59 static int ql_set_feature_bits(ql_adapter_state_t *ha, uint16_t features);
60 static int ql_set_nvram_adapter_defaults(ql_adapter_state_t *ha);
61 static void ql_load_nvram(ql_adapter_state_t *ha, uint8_t addr,
62     uint16_t value);
63 static int ql_24xx_load_nvram(ql_adapter_state_t *, uint32_t, uint32_t);
64 static int ql_adm_op(ql_adapter_state_t *, void *, int);
65 static int ql_adm_adapter_info(ql_adapter_state_t *, ql_adm_op_t *, int);
66 static int ql_adm_extended_logging(ql_adapter_state_t *, ql_adm_op_t *);
67 static int ql_adm_device_list(ql_adapter_state_t *, ql_adm_op_t *, int);
68 static int ql_adm_update_properties(ql_adapter_state_t *);
69 static int ql_adm_prop_update_int(ql_adapter_state_t *, ql_adm_op_t *, int);
70 static int ql_adm_loop_reset(ql_adapter_state_t *);
71 static int ql_adm_fw_dump(ql_adapter_state_t *, ql_adm_op_t *, void *, int);
72 static int ql_adm_nvram_dump(ql_adapter_state_t *, ql_adm_op_t *, int);
73 static int ql_adm_nvram_load(ql_adapter_state_t *, ql_adm_op_t *, int);
74 static int ql_adm_flash_load(ql_adapter_state_t *, ql_adm_op_t *, int);
75 static int ql_adm_vpd_dump(ql_adapter_state_t *, ql_adm_op_t *, int);
76 static int ql_adm_vpd_load(ql_adapter_state_t *, ql_adm_op_t *, int);
77 static int ql_adm_vpd_gettag(ql_adapter_state_t *, ql_adm_op_t *, int);
78 static int ql_adm_updfwmodule(ql_adapter_state_t *, ql_adm_op_t *, int);
79 static uint8_t *ql_vpd_findtag(ql_adapter_state_t *, uint8_t *, int8_t *);
80 
81 /* ************************************************************************ */
82 /*				cb_ops functions			    */
83 /* ************************************************************************ */
84 
85 /*
86  * ql_open
87  *	opens device
88  *
89  * Input:
90  *	dev_p = device pointer
91  *	flags = open flags
92  *	otype = open type
93  *	cred_p = credentials pointer
94  *
95  * Returns:
96  *	0 = success
97  *
98  * Context:
99  *	Kernel context.
100  */
101 /* ARGSUSED */
102 int
103 ql_open(dev_t *dev_p, int flags, int otyp, cred_t *cred_p)
104 {
105 	ql_adapter_state_t	*ha;
106 	int			rval = 0;
107 
108 	ha = ddi_get_soft_state(ql_state, (int32_t)getminor(*dev_p));
109 	if (ha == NULL) {
110 		QL_PRINT_2(CE_CONT, "failed, no adapter\n");
111 		return (ENXIO);
112 	}
113 
114 	QL_PRINT_3(CE_CONT, "(%d): started\n", ha->instance);
115 
116 	/* Allow only character opens */
117 	if (otyp != OTYP_CHR) {
118 		QL_PRINT_2(CE_CONT, "(%d): failed, open type\n",
119 		    ha->instance);
120 		return (EINVAL);
121 	}
122 
123 	ADAPTER_STATE_LOCK(ha);
124 	if (flags & FEXCL && ha->flags & QL_OPENED) {
125 		ADAPTER_STATE_UNLOCK(ha);
126 		rval = EBUSY;
127 	} else {
128 		ha->flags |= QL_OPENED;
129 		ADAPTER_STATE_UNLOCK(ha);
130 	}
131 
132 	if (rval != 0) {
133 		EL(ha, "failed, rval = %xh\n", rval);
134 	} else {
135 		/*EMPTY*/
136 		QL_PRINT_3(CE_CONT, "(%d): done\n", ha->instance);
137 	}
138 	return (rval);
139 }
140 
141 /*
142  * ql_close
143  *	opens device
144  *
145  * Input:
146  *	dev_p = device pointer
147  *	flags = open flags
148  *	otype = open type
149  *	cred_p = credentials pointer
150  *
151  * Returns:
152  *	0 = success
153  *
154  * Context:
155  *	Kernel context.
156  */
157 /* ARGSUSED */
158 int
159 ql_close(dev_t dev, int flags, int otyp, cred_t *cred_p)
160 {
161 	ql_adapter_state_t	*ha;
162 	int			rval = 0;
163 
164 	ha = ddi_get_soft_state(ql_state, (int32_t)getminor(dev));
165 	if (ha == NULL) {
166 		QL_PRINT_2(CE_CONT, "failed, no adapter\n");
167 		return (ENXIO);
168 	}
169 
170 	QL_PRINT_3(CE_CONT, "(%d): started\n", ha->instance);
171 
172 	if (otyp != OTYP_CHR) {
173 		QL_PRINT_2(CE_CONT, "(%d): failed, open type\n",
174 		    ha->instance);
175 		return (EINVAL);
176 	}
177 
178 	ADAPTER_STATE_LOCK(ha);
179 	ha->flags &= ~QL_OPENED;
180 	ADAPTER_STATE_UNLOCK(ha);
181 
182 	if (rval != 0) {
183 		EL(ha, "failed, rval = %xh\n", rval);
184 	} else {
185 		/*EMPTY*/
186 		QL_PRINT_3(CE_CONT, "(%d): done\n", ha->instance);
187 	}
188 	return (rval);
189 }
190 
191 /*
192  * ql_ioctl
193  *	control a character device
194  *
195  * Input:
196  *	dev = device number
197  *	cmd = function to perform
198  *	arg = data type varies with request
199  *	mode = flags
200  *	cred_p = credentials pointer
201  *	rval_p = pointer to result value
202  *
203  * Returns:
204  *	0 = success
205  *
206  * Context:
207  *	Kernel context.
208  */
209 /* ARGSUSED */
210 int
211 ql_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *cred_p,
212     int *rval_p)
213 {
214 	ql_adapter_state_t	*ha;
215 	int			rval = 0;
216 
217 	if (ddi_in_panic()) {
218 		QL_PRINT_2(CE_CONT, "ql_ioctl: ddi_in_panic exit\n");
219 		return (ENOPROTOOPT);
220 	}
221 
222 	ha = ddi_get_soft_state(ql_state, (int32_t)getminor(dev));
223 	if (ha == NULL)	{
224 		QL_PRINT_2(CE_CONT, "failed, no adapter\n");
225 		return (ENXIO);
226 	}
227 
228 	QL_PRINT_3(CE_CONT, "(%d): started\n", ha->instance);
229 
230 	/*
231 	 * Quick clean exit for qla2x00 foapi calls which are
232 	 * not supported in qlc.
233 	 */
234 	if (cmd >= QL_FOAPI_START && cmd <= QL_FOAPI_END) {
235 		QL_PRINT_9(CE_CONT, "failed, fo api not supported\n");
236 		return (ENOTTY);
237 	}
238 
239 	/* PWR management busy. */
240 	rval = ql_busy_notification(ha);
241 	if (rval != FC_SUCCESS)	 {
242 		EL(ha, "failed, ql_busy_notification\n");
243 		return (ENXIO);
244 	}
245 
246 	rval = ql_xioctl(ha, cmd, arg, mode, cred_p, rval_p);
247 	if (rval == ENOPROTOOPT || rval == EINVAL) {
248 		switch (cmd) {
249 		case QL_GET_ADAPTER_FEATURE_BITS: {
250 			uint16_t bits;
251 
252 			rval = ql_get_feature_bits(ha, &bits);
253 
254 			if (!rval && ddi_copyout((void *)&bits, (void *)arg,
255 			    sizeof (bits), mode)) {
256 				rval = EFAULT;
257 			}
258 			break;
259 		}
260 
261 		case QL_SET_ADAPTER_FEATURE_BITS: {
262 			uint16_t bits;
263 
264 			if (ddi_copyin((void *)arg, (void *)&bits,
265 			    sizeof (bits), mode)) {
266 				rval = EFAULT;
267 				break;
268 			}
269 
270 			rval = ql_set_feature_bits(ha, bits);
271 			break;
272 		}
273 
274 		case QL_SET_ADAPTER_NVRAM_DEFAULTS:
275 			rval = ql_set_nvram_adapter_defaults(ha);
276 			break;
277 
278 		case QL_UTIL_LOAD:
279 			rval = ql_nv_util_load(ha, (void *)arg, mode);
280 			break;
281 
282 		case QL_UTIL_DUMP:
283 			rval = ql_nv_util_dump(ha, (void *)arg, mode);
284 			break;
285 
286 		case QL_ADM_OP:
287 			rval = ql_adm_op(ha, (void *)arg, mode);
288 			break;
289 
290 		default:
291 			EL(ha, "unknown command = %d\n", cmd);
292 			rval = ENOTTY;
293 			break;
294 		}
295 	}
296 
297 	/* PWR management idle. */
298 	(void) ql_idle_notification(ha);
299 
300 	if (rval != 0) {
301 		EL(ha, "failed, rval = %d\n", rval);
302 	} else {
303 		/*EMPTY*/
304 		QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
305 	}
306 	return (rval);
307 }
308 
309 /*
310  * ql_busy_notification
311  *	Adapter busy notification.
312  *
313  * Input:
314  *	ha = adapter state pointer.
315  *
316  * Returns:
317  *	FC_SUCCESS
318  *	FC_FAILURE
319  *
320  * Context:
321  *	Kernel context.
322  */
323 static int
324 ql_busy_notification(ql_adapter_state_t *ha)
325 {
326 	if (!ha->pm_capable) {
327 		return (FC_SUCCESS);
328 	}
329 
330 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
331 
332 	QL_PM_LOCK(ha);
333 	ha->busy++;
334 	QL_PM_UNLOCK(ha);
335 
336 	if (pm_busy_component(ha->dip, 0) != DDI_SUCCESS) {
337 		QL_PM_LOCK(ha);
338 		ha->busy--;
339 		QL_PM_UNLOCK(ha);
340 
341 		EL(ha, "pm_busy_component failed = %xh\n", FC_FAILURE);
342 		return (FC_FAILURE);
343 	}
344 
345 	QL_PM_LOCK(ha);
346 	if (ha->power_level != PM_LEVEL_D0) {
347 		QL_PM_UNLOCK(ha);
348 		if (pm_raise_power(ha->dip, 0, 1) != DDI_SUCCESS) {
349 			QL_PM_LOCK(ha);
350 			ha->busy--;
351 			QL_PM_UNLOCK(ha);
352 			return (FC_FAILURE);
353 		}
354 	} else {
355 		QL_PM_UNLOCK(ha);
356 	}
357 
358 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
359 
360 	return (FC_SUCCESS);
361 }
362 
363 /*
364  * ql_idle_notification
365  *	Adapter idle notification.
366  *
367  * Input:
368  *	ha = adapter state pointer.
369  *
370  * Returns:
371  *	FC_SUCCESS
372  *	FC_FAILURE
373  *
374  * Context:
375  *	Kernel context.
376  */
377 static int
378 ql_idle_notification(ql_adapter_state_t *ha)
379 {
380 	if (!ha->pm_capable) {
381 		return (FC_SUCCESS);
382 	}
383 
384 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
385 
386 	if (pm_idle_component(ha->dip, 0) != DDI_SUCCESS) {
387 		EL(ha, "pm_idle_component failed = %xh\n", FC_FAILURE);
388 		return (FC_FAILURE);
389 	}
390 
391 	QL_PM_LOCK(ha);
392 	ha->busy--;
393 	QL_PM_UNLOCK(ha);
394 
395 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
396 
397 	return (FC_SUCCESS);
398 }
399 
400 /*
401  * Get adapter feature bits from NVRAM
402  */
403 static int
404 ql_get_feature_bits(ql_adapter_state_t *ha, uint16_t *features)
405 {
406 	int			count;
407 	volatile uint16_t	data;
408 	uint32_t		nv_cmd;
409 	uint32_t		start_addr;
410 	int			rval;
411 	uint32_t		offset = offsetof(nvram_t, adapter_features);
412 
413 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
414 
415 	if (CFG_IST(ha, CFG_CTRL_24258081)) {
416 		EL(ha, "Not supported for 24xx\n");
417 		return (EINVAL);
418 	}
419 
420 	/*
421 	 * The offset can't be greater than max of 8 bits and
422 	 * the following code breaks if the offset isn't at
423 	 * 2 byte boundary.
424 	 */
425 	rval = ql_lock_nvram(ha, &start_addr, LNF_NVRAM_DATA);
426 	if (rval != QL_SUCCESS) {
427 		EL(ha, "failed, ql_lock_nvram=%xh\n", rval);
428 		return (EIO);
429 	}
430 
431 	/*
432 	 * Have the most significant 3 bits represent the read operation
433 	 * followed by the 8 bits representing the offset at which we
434 	 * are going to perform the read operation
435 	 */
436 	offset >>= 1;
437 	offset += start_addr;
438 	nv_cmd = (offset << 16) | NV_READ_OP;
439 	nv_cmd <<= 5;
440 
441 	/*
442 	 * Select the chip and feed the command and address
443 	 */
444 	for (count = 0; count < 11; count++) {
445 		if (nv_cmd & BIT_31) {
446 			ql_nv_write(ha, NV_DATA_OUT);
447 		} else {
448 			ql_nv_write(ha, 0);
449 		}
450 		nv_cmd <<= 1;
451 	}
452 
453 	*features = 0;
454 	for (count = 0; count < 16; count++) {
455 		WRT16_IO_REG(ha, nvram, NV_SELECT | NV_CLOCK);
456 		ql_nv_delay();
457 
458 		data = RD16_IO_REG(ha, nvram);
459 		*features <<= 1;
460 		if (data & NV_DATA_IN) {
461 			*features = (uint16_t)(*features | 0x1);
462 		}
463 
464 		WRT16_IO_REG(ha, nvram, NV_SELECT);
465 		ql_nv_delay();
466 	}
467 
468 	/*
469 	 * Deselect the chip
470 	 */
471 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
472 
473 	ql_release_nvram(ha);
474 
475 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
476 
477 	return (0);
478 }
479 
480 /*
481  * Set adapter feature bits in NVRAM
482  */
483 static int
484 ql_set_feature_bits(ql_adapter_state_t *ha, uint16_t features)
485 {
486 	int		rval;
487 	uint32_t	count;
488 	nvram_t		*nv;
489 	uint16_t	*wptr;
490 	uint8_t		*bptr;
491 	uint8_t		csum;
492 	uint32_t	start_addr;
493 
494 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
495 
496 	if (CFG_IST(ha, CFG_CTRL_24258081)) {
497 		EL(ha, "Not supported for 24xx\n");
498 		return (EINVAL);
499 	}
500 
501 	nv = kmem_zalloc(sizeof (*nv), KM_SLEEP);
502 	if (nv == NULL) {
503 		EL(ha, "failed, kmem_zalloc\n");
504 		return (ENOMEM);
505 	}
506 
507 	rval = ql_lock_nvram(ha, &start_addr, LNF_NVRAM_DATA);
508 	if (rval != QL_SUCCESS) {
509 		EL(ha, "failed, ql_lock_nvram=%xh\n", rval);
510 		kmem_free(nv, sizeof (*nv));
511 		return (EIO);
512 	}
513 	rval = 0;
514 
515 	/*
516 	 * Read off the whole NVRAM
517 	 */
518 	wptr = (uint16_t *)nv;
519 	csum = 0;
520 	for (count = 0; count < sizeof (nvram_t) / 2; count++) {
521 		*wptr = (uint16_t)ql_get_nvram_word(ha, count + start_addr);
522 		csum = (uint8_t)(csum + (uint8_t)*wptr);
523 		csum = (uint8_t)(csum + (uint8_t)(*wptr >> 8));
524 		wptr++;
525 	}
526 
527 	/*
528 	 * If the checksum is BAD then fail it right here.
529 	 */
530 	if (csum) {
531 		kmem_free(nv, sizeof (*nv));
532 		ql_release_nvram(ha);
533 		return (EBADF);
534 	}
535 
536 	nv->adapter_features[0] = (uint8_t)((features & 0xFF00) >> 8);
537 	nv->adapter_features[1] = (uint8_t)(features & 0xFF);
538 
539 	/*
540 	 * Recompute the chesksum now
541 	 */
542 	bptr = (uint8_t *)nv;
543 	for (count = 0; count < sizeof (nvram_t) - 1; count++) {
544 		csum = (uint8_t)(csum + *bptr++);
545 	}
546 	csum = (uint8_t)(~csum + 1);
547 	nv->checksum = csum;
548 
549 	/*
550 	 * Now load the NVRAM
551 	 */
552 	wptr = (uint16_t *)nv;
553 	for (count = 0; count < sizeof (nvram_t) / 2; count++) {
554 		ql_load_nvram(ha, (uint8_t)(count + start_addr), *wptr++);
555 	}
556 
557 	/*
558 	 * Read NVRAM and verify the contents
559 	 */
560 	wptr = (uint16_t *)nv;
561 	csum = 0;
562 	for (count = 0; count < sizeof (nvram_t) / 2; count++) {
563 		if (ql_get_nvram_word(ha, count + start_addr) != *wptr) {
564 			rval = EIO;
565 			break;
566 		}
567 		csum = (uint8_t)(csum + (uint8_t)*wptr);
568 		csum = (uint8_t)(csum + (uint8_t)(*wptr >> 8));
569 		wptr++;
570 	}
571 
572 	if (csum) {
573 		rval = EINVAL;
574 	}
575 
576 	kmem_free(nv, sizeof (*nv));
577 	ql_release_nvram(ha);
578 
579 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
580 
581 	return (rval);
582 }
583 
584 /*
585  * Fix this function to update just feature bits and checksum in NVRAM
586  */
587 static int
588 ql_set_nvram_adapter_defaults(ql_adapter_state_t *ha)
589 {
590 	int		rval;
591 	uint32_t	count;
592 	uint32_t	start_addr;
593 
594 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
595 
596 	rval = ql_lock_nvram(ha, &start_addr, LNF_NVRAM_DATA);
597 	if (rval != QL_SUCCESS) {
598 		EL(ha, "failed, ql_lock_nvram=%xh\n", rval);
599 		return (EIO);
600 	}
601 	rval = 0;
602 
603 	if (CFG_IST(ha, CFG_CTRL_24258081)) {
604 		nvram_24xx_t	*nv;
605 		uint32_t	*longptr;
606 		uint32_t	csum = 0;
607 
608 		nv = kmem_zalloc(sizeof (*nv), KM_SLEEP);
609 		if (nv == NULL) {
610 			EL(ha, "failed, kmem_zalloc\n");
611 			return (ENOMEM);
612 		}
613 
614 		nv->nvram_version[0] = LSB(ICB_24XX_VERSION);
615 		nv->nvram_version[1] = MSB(ICB_24XX_VERSION);
616 
617 		nv->version[0] = 1;
618 		nv->max_frame_length[1] = 8;
619 		nv->execution_throttle[0] = 16;
620 		nv->login_retry_count[0] = 8;
621 
622 		nv->firmware_options_1[0] = BIT_2 | BIT_1;
623 		nv->firmware_options_1[1] = BIT_5;
624 		nv->firmware_options_2[0] = BIT_5;
625 		nv->firmware_options_2[1] = BIT_4;
626 		nv->firmware_options_3[1] = BIT_6;
627 
628 		/*
629 		 * Set default host adapter parameters
630 		 */
631 		nv->host_p[0] = BIT_4 | BIT_1;
632 		nv->host_p[1] = BIT_3 | BIT_2;
633 		nv->reset_delay = 5;
634 		nv->max_luns_per_target[0] = 128;
635 		nv->port_down_retry_count[0] = 30;
636 		nv->link_down_timeout[0] = 30;
637 
638 		/*
639 		 * compute the chesksum now
640 		 */
641 		longptr = (uint32_t *)nv;
642 		csum = 0;
643 		for (count = 0; count < (sizeof (nvram_24xx_t)/4)-1; count++) {
644 			csum += *longptr;
645 			longptr++;
646 		}
647 		csum = (uint32_t)(~csum + 1);
648 		LITTLE_ENDIAN_32((long)csum);
649 		*longptr = csum;
650 
651 		/*
652 		 * Now load the NVRAM
653 		 */
654 		longptr = (uint32_t *)nv;
655 		for (count = 0; count < sizeof (nvram_24xx_t) / 4; count++) {
656 			(void) ql_24xx_load_nvram(ha,
657 			    (uint32_t)(count + start_addr), *longptr++);
658 		}
659 
660 		/*
661 		 * Read NVRAM and verify the contents
662 		 */
663 		csum = 0;
664 		longptr = (uint32_t *)nv;
665 		for (count = 0; count < sizeof (nvram_24xx_t) / 4; count++) {
666 			rval = ql_24xx_read_flash(ha, count + start_addr,
667 			    longptr);
668 			if (rval != QL_SUCCESS) {
669 				EL(ha, "24xx_read_flash failed=%xh\n", rval);
670 				break;
671 			}
672 			csum += *longptr;
673 		}
674 
675 		if (csum) {
676 			rval = EINVAL;
677 		}
678 		kmem_free(nv, sizeof (nvram_24xx_t));
679 	} else {
680 		nvram_t		*nv;
681 		uint16_t	*wptr;
682 		uint8_t		*bptr;
683 		uint8_t		csum;
684 
685 		nv = kmem_zalloc(sizeof (*nv), KM_SLEEP);
686 		if (nv == NULL) {
687 			EL(ha, "failed, kmem_zalloc\n");
688 			return (ENOMEM);
689 		}
690 		/*
691 		 * Set default initialization control block.
692 		 */
693 		nv->parameter_block_version = ICB_VERSION;
694 		nv->firmware_options[0] = BIT_4 | BIT_3 | BIT_2 | BIT_1;
695 		nv->firmware_options[1] = BIT_7 | BIT_5 | BIT_2;
696 
697 		nv->max_frame_length[1] = 4;
698 		nv->max_iocb_allocation[1] = 1;
699 		nv->execution_throttle[0] = 16;
700 		nv->login_retry_count = 8;
701 		nv->port_name[0] = 33;
702 		nv->port_name[3] = 224;
703 		nv->port_name[4] = 139;
704 		nv->login_timeout = 4;
705 
706 		/*
707 		 * Set default host adapter parameters
708 		 */
709 		nv->host_p[0] = BIT_1;
710 		nv->host_p[1] = BIT_2;
711 		nv->reset_delay = 5;
712 		nv->port_down_retry_count = 8;
713 		nv->maximum_luns_per_target[0] = 8;
714 
715 		/*
716 		 * compute the chesksum now
717 		 */
718 		bptr = (uint8_t *)nv;
719 		csum = 0;
720 		for (count = 0; count < sizeof (nvram_t) - 1; count++) {
721 			csum = (uint8_t)(csum + *bptr++);
722 		}
723 		csum = (uint8_t)(~csum + 1);
724 		nv->checksum = csum;
725 
726 		/*
727 		 * Now load the NVRAM
728 		 */
729 		wptr = (uint16_t *)nv;
730 		for (count = 0; count < sizeof (nvram_t) / 2; count++) {
731 			ql_load_nvram(ha, (uint8_t)(count + start_addr),
732 			    *wptr++);
733 		}
734 
735 		/*
736 		 * Read NVRAM and verify the contents
737 		 */
738 		wptr = (uint16_t *)nv;
739 		csum = 0;
740 		for (count = 0; count < sizeof (nvram_t) / 2; count++) {
741 			if (ql_get_nvram_word(ha, count + start_addr) !=
742 			    *wptr) {
743 				rval = EIO;
744 				break;
745 			}
746 			csum = (uint8_t)(csum + (uint8_t)*wptr);
747 			csum = (uint8_t)(csum + (uint8_t)(*wptr >> 8));
748 			wptr++;
749 		}
750 		if (csum) {
751 			rval = EINVAL;
752 		}
753 		kmem_free(nv, sizeof (*nv));
754 	}
755 	ql_release_nvram(ha);
756 
757 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
758 
759 	return (rval);
760 }
761 
762 static void
763 ql_load_nvram(ql_adapter_state_t *ha, uint8_t addr, uint16_t value)
764 {
765 	int			count;
766 	volatile uint16_t	word;
767 	volatile uint32_t	nv_cmd;
768 
769 	ql_nv_write(ha, NV_DATA_OUT);
770 	ql_nv_write(ha, 0);
771 	ql_nv_write(ha, 0);
772 
773 	for (word = 0; word < 8; word++) {
774 		ql_nv_write(ha, NV_DATA_OUT);
775 	}
776 
777 	/*
778 	 * Deselect the chip
779 	 */
780 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
781 	ql_nv_delay();
782 
783 	/*
784 	 * Erase Location
785 	 */
786 	nv_cmd = (addr << 16) | NV_ERASE_OP;
787 	nv_cmd <<= 5;
788 	for (count = 0; count < 11; count++) {
789 		if (nv_cmd & BIT_31) {
790 			ql_nv_write(ha, NV_DATA_OUT);
791 		} else {
792 			ql_nv_write(ha, 0);
793 		}
794 		nv_cmd <<= 1;
795 	}
796 
797 	/*
798 	 * Wait for Erase to Finish
799 	 */
800 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
801 	ql_nv_delay();
802 	WRT16_IO_REG(ha, nvram, NV_SELECT);
803 	word = 0;
804 	while ((word & NV_DATA_IN) == 0) {
805 		ql_nv_delay();
806 		word = RD16_IO_REG(ha, nvram);
807 	}
808 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
809 	ql_nv_delay();
810 
811 	/*
812 	 * Write data now
813 	 */
814 	nv_cmd = (addr << 16) | NV_WRITE_OP;
815 	nv_cmd |= value;
816 	nv_cmd <<= 5;
817 	for (count = 0; count < 27; count++) {
818 		if (nv_cmd & BIT_31) {
819 			ql_nv_write(ha, NV_DATA_OUT);
820 		} else {
821 			ql_nv_write(ha, 0);
822 		}
823 		nv_cmd <<= 1;
824 	}
825 
826 	/*
827 	 * Wait for NVRAM to become ready
828 	 */
829 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
830 	ql_nv_delay();
831 	WRT16_IO_REG(ha, nvram, NV_SELECT);
832 	word = 0;
833 	while ((word & NV_DATA_IN) == 0) {
834 		ql_nv_delay();
835 		word = RD16_IO_REG(ha, nvram);
836 	}
837 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
838 	ql_nv_delay();
839 
840 	/*
841 	 * Disable writes
842 	 */
843 	ql_nv_write(ha, NV_DATA_OUT);
844 	for (count = 0; count < 10; count++) {
845 		ql_nv_write(ha, 0);
846 	}
847 
848 	/*
849 	 * Deselect the chip now
850 	 */
851 	WRT16_IO_REG(ha, nvram, NV_DESELECT);
852 }
853 
854 /*
855  * ql_24xx_load_nvram
856  *	Enable NVRAM and writes a 32bit word to ISP24xx NVRAM.
857  *
858  * Input:
859  *	ha:	adapter state pointer.
860  *	addr:	NVRAM address.
861  *	value:	data.
862  *
863  * Returns:
864  *	ql local function return status code.
865  *
866  * Context:
867  *	Kernel context.
868  */
869 static int
870 ql_24xx_load_nvram(ql_adapter_state_t *ha, uint32_t addr, uint32_t value)
871 {
872 	int	rval;
873 
874 	/* Enable flash write. */
875 	if (!(CFG_IST(ha, CFG_CTRL_8081))) {
876 		WRT32_IO_REG(ha, ctrl_status,
877 		    RD32_IO_REG(ha, ctrl_status) | ISP_FLASH_ENABLE);
878 		RD32_IO_REG(ha, ctrl_status);	/* PCI Posting. */
879 	}
880 
881 	/* Disable NVRAM write-protection. */
882 	if (CFG_IST(ha, CFG_CTRL_2422)) {
883 		(void) ql_24xx_write_flash(ha, NVRAM_CONF_ADDR | 0x101, 0);
884 	} else {
885 		if ((rval = ql_24xx_unprotect_flash(ha)) != QL_SUCCESS) {
886 			EL(ha, "unprotect_flash failed, rval=%xh\n", rval);
887 			return (rval);
888 		}
889 	}
890 
891 	/* Write to flash. */
892 	rval = ql_24xx_write_flash(ha, addr, value);
893 
894 	/* Enable NVRAM write-protection. */
895 	if (CFG_IST(ha, CFG_CTRL_2422)) {
896 		/* TODO: Check if 0x8c is correct -- sb: 0x9c ? */
897 		(void) ql_24xx_write_flash(ha, NVRAM_CONF_ADDR | 0x101, 0x8c);
898 	} else {
899 		ql_24xx_protect_flash(ha);
900 	}
901 
902 	/* Disable flash write. */
903 	if (!(CFG_IST(ha, CFG_CTRL_81XX))) {
904 		WRT32_IO_REG(ha, ctrl_status,
905 		    RD32_IO_REG(ha, ctrl_status) & ~ISP_FLASH_ENABLE);
906 		RD32_IO_REG(ha, ctrl_status);	/* PCI Posting. */
907 	}
908 
909 	return (rval);
910 }
911 
912 /*
913  * ql_nv_util_load
914  *	Loads NVRAM from application.
915  *
916  * Input:
917  *	ha = adapter state pointer.
918  *	bp = user buffer address.
919  *
920  * Returns:
921  *
922  * Context:
923  *	Kernel context.
924  */
925 int
926 ql_nv_util_load(ql_adapter_state_t *ha, void *bp, int mode)
927 {
928 	uint8_t		cnt;
929 	void		*nv;
930 	uint16_t	*wptr;
931 	uint16_t	data;
932 	uint32_t	start_addr, *lptr, data32;
933 	nvram_t		*nptr;
934 	int		rval;
935 
936 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
937 
938 	if ((nv = kmem_zalloc(ha->nvram_cache->size, KM_SLEEP)) == NULL) {
939 		EL(ha, "failed, kmem_zalloc\n");
940 		return (ENOMEM);
941 	}
942 
943 	if (ddi_copyin(bp, nv, ha->nvram_cache->size, mode) != 0) {
944 		EL(ha, "Buffer copy failed\n");
945 		kmem_free(nv, ha->nvram_cache->size);
946 		return (EFAULT);
947 	}
948 
949 	/* See if the buffer passed to us looks sane */
950 	nptr = (nvram_t *)nv;
951 	if (nptr->id[0] != 'I' || nptr->id[1] != 'S' || nptr->id[2] != 'P' ||
952 	    nptr->id[3] != ' ') {
953 		EL(ha, "failed, buffer sanity check\n");
954 		kmem_free(nv, ha->nvram_cache->size);
955 		return (EINVAL);
956 	}
957 
958 	/* Quiesce I/O */
959 	if (ql_stall_driver(ha, 0) != QL_SUCCESS) {
960 		EL(ha, "ql_stall_driver failed\n");
961 		kmem_free(nv, ha->nvram_cache->size);
962 		return (EBUSY);
963 	}
964 
965 	rval = ql_lock_nvram(ha, &start_addr, LNF_NVRAM_DATA);
966 	if (rval != QL_SUCCESS) {
967 		EL(ha, "failed, ql_lock_nvram=%xh\n", rval);
968 		kmem_free(nv, ha->nvram_cache->size);
969 		ql_restart_driver(ha);
970 		return (EIO);
971 	}
972 
973 	/* Load NVRAM. */
974 	if (CFG_IST(ha, CFG_CTRL_258081)) {
975 		GLOBAL_HW_UNLOCK();
976 		start_addr &= ~ha->flash_data_addr;
977 		start_addr <<= 2;
978 		if ((rval = ql_r_m_w_flash(ha, bp, ha->nvram_cache->size,
979 		    start_addr, mode)) != QL_SUCCESS) {
980 			EL(ha, "nvram load failed, rval = %0xh\n", rval);
981 		}
982 		GLOBAL_HW_LOCK();
983 	} else if (CFG_IST(ha, CFG_CTRL_2422)) {
984 		lptr = (uint32_t *)nv;
985 		for (cnt = 0; cnt < ha->nvram_cache->size / 4; cnt++) {
986 			data32 = *lptr++;
987 			LITTLE_ENDIAN_32(&data32);
988 			rval = ql_24xx_load_nvram(ha, cnt + start_addr,
989 			    data32);
990 			if (rval != QL_SUCCESS) {
991 				EL(ha, "failed, 24xx_load_nvram=%xh\n", rval);
992 				break;
993 			}
994 		}
995 	} else {
996 		wptr = (uint16_t *)nv;
997 		for (cnt = 0; cnt < ha->nvram_cache->size / 2; cnt++) {
998 			data = *wptr++;
999 			LITTLE_ENDIAN_16(&data);
1000 			ql_load_nvram(ha, (uint8_t)(cnt + start_addr), data);
1001 		}
1002 	}
1003 	/* switch to the new one */
1004 	NVRAM_CACHE_LOCK(ha);
1005 
1006 	kmem_free(ha->nvram_cache->cache, ha->nvram_cache->size);
1007 	ha->nvram_cache->cache = (void *)nptr;
1008 
1009 	NVRAM_CACHE_UNLOCK(ha);
1010 
1011 	ql_release_nvram(ha);
1012 	ql_restart_driver(ha);
1013 
1014 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1015 
1016 	if (rval == QL_SUCCESS) {
1017 		return (0);
1018 	}
1019 
1020 	return (EFAULT);
1021 }
1022 
1023 /*
1024  * ql_nv_util_dump
1025  *	Dumps NVRAM to application.
1026  *
1027  * Input:
1028  *	ha = adapter state pointer.
1029  *	bp = user buffer address.
1030  *
1031  * Returns:
1032  *
1033  * Context:
1034  *	Kernel context.
1035  */
1036 int
1037 ql_nv_util_dump(ql_adapter_state_t *ha, void *bp, int mode)
1038 {
1039 	uint32_t	start_addr;
1040 	int		rval2, rval = 0;
1041 
1042 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1043 
1044 	if (ha->nvram_cache == NULL ||
1045 	    ha->nvram_cache->size == NULL ||
1046 	    ha->nvram_cache->cache == NULL) {
1047 		EL(ha, "failed, kmem_zalloc\n");
1048 		return (ENOMEM);
1049 	} else if (ha->nvram_cache->valid != 1) {
1050 
1051 		/* Quiesce I/O */
1052 		if (ql_stall_driver(ha, 0) != QL_SUCCESS) {
1053 			EL(ha, "ql_stall_driver failed\n");
1054 			return (EBUSY);
1055 		}
1056 
1057 		rval2 = ql_lock_nvram(ha, &start_addr, LNF_NVRAM_DATA);
1058 		if (rval2 != QL_SUCCESS) {
1059 			EL(ha, "failed, ql_lock_nvram=%xh\n", rval2);
1060 			ql_restart_driver(ha);
1061 			return (EIO);
1062 		}
1063 		NVRAM_CACHE_LOCK(ha);
1064 
1065 		rval2 = ql_get_nvram(ha, ha->nvram_cache->cache,
1066 		    start_addr, ha->nvram_cache->size);
1067 		if (rval2 != QL_SUCCESS) {
1068 			rval = rval2;
1069 		} else {
1070 			ha->nvram_cache->valid = 1;
1071 			EL(ha, "nvram cache now valid.");
1072 		}
1073 
1074 		NVRAM_CACHE_UNLOCK(ha);
1075 
1076 		ql_release_nvram(ha);
1077 		ql_restart_driver(ha);
1078 
1079 		if (rval != 0) {
1080 			EL(ha, "failed to dump nvram, rval=%x\n", rval);
1081 			return (rval);
1082 		}
1083 	}
1084 
1085 	if (ddi_copyout(ha->nvram_cache->cache, bp,
1086 	    ha->nvram_cache->size, mode) != 0) {
1087 		EL(ha, "Buffer copy failed\n");
1088 		return (EFAULT);
1089 	}
1090 
1091 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1092 
1093 	return (0);
1094 }
1095 
1096 int
1097 ql_get_nvram(ql_adapter_state_t *ha, void *dest_addr, uint32_t src_addr,
1098     uint32_t size)
1099 {
1100 	int rval = QL_SUCCESS;
1101 	int cnt;
1102 	/* Dump NVRAM. */
1103 	if (CFG_IST(ha, CFG_CTRL_24258081)) {
1104 		uint32_t	*lptr = (uint32_t *)dest_addr;
1105 
1106 		for (cnt = 0; cnt < size / 4; cnt++) {
1107 			rval = ql_24xx_read_flash(ha, src_addr++, lptr);
1108 			if (rval != QL_SUCCESS) {
1109 				EL(ha, "read_flash failed=%xh\n", rval);
1110 				rval = EAGAIN;
1111 				break;
1112 			}
1113 			LITTLE_ENDIAN_32(lptr);
1114 			lptr++;
1115 		}
1116 	} else {
1117 		uint16_t	data;
1118 		uint16_t	*wptr = (uint16_t *)dest_addr;
1119 
1120 		for (cnt = 0; cnt < size / 2; cnt++) {
1121 			data = (uint16_t)ql_get_nvram_word(ha, cnt +
1122 			    src_addr);
1123 			LITTLE_ENDIAN_16(&data);
1124 			*wptr++ = data;
1125 		}
1126 	}
1127 	return (rval);
1128 }
1129 
1130 /*
1131  * ql_vpd_load
1132  *	Loads VPD from application.
1133  *
1134  * Input:
1135  *	ha = adapter state pointer.
1136  *	bp = user buffer address.
1137  *
1138  * Returns:
1139  *
1140  * Context:
1141  *	Kernel context.
1142  */
1143 int
1144 ql_vpd_load(ql_adapter_state_t *ha, void *bp, int mode)
1145 {
1146 	uint8_t		cnt;
1147 	uint8_t		*vpd, *vpdptr, *vbuf;
1148 	uint32_t	start_addr, vpd_size, *lptr, data32;
1149 	int		rval;
1150 
1151 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1152 
1153 	if ((CFG_IST(ha, CFG_CTRL_24258081)) == 0) {
1154 		EL(ha, "unsupported adapter feature\n");
1155 		return (ENOTSUP);
1156 	}
1157 
1158 	vpd_size = QL_24XX_VPD_SIZE;
1159 
1160 	if ((vpd = kmem_zalloc(vpd_size, KM_SLEEP)) == NULL) {
1161 		EL(ha, "failed, kmem_zalloc\n");
1162 		return (ENOMEM);
1163 	}
1164 
1165 	if (ddi_copyin(bp, vpd, vpd_size, mode) != 0) {
1166 		EL(ha, "Buffer copy failed\n");
1167 		kmem_free(vpd, vpd_size);
1168 		return (EFAULT);
1169 	}
1170 
1171 	/* Sanity check the user supplied data via checksum */
1172 	if ((vpdptr = ql_vpd_findtag(ha, vpd, "RV")) == NULL) {
1173 		EL(ha, "vpd RV tag missing\n");
1174 		kmem_free(vpd, vpd_size);
1175 		return (EINVAL);
1176 	}
1177 
1178 	vpdptr += 3;
1179 	cnt = 0;
1180 	vbuf = vpd;
1181 	while (vbuf <= vpdptr) {
1182 		cnt += *vbuf++;
1183 	}
1184 	if (cnt != 0) {
1185 		EL(ha, "mismatched checksum, cal=%xh, passed=%xh\n",
1186 		    (uint8_t)cnt, (uintptr_t)vpdptr);
1187 		kmem_free(vpd, vpd_size);
1188 		return (EINVAL);
1189 	}
1190 
1191 	/* Quiesce I/O */
1192 	if (ql_stall_driver(ha, 0) != QL_SUCCESS) {
1193 		EL(ha, "ql_stall_driver failed\n");
1194 		kmem_free(vpd, vpd_size);
1195 		return (EBUSY);
1196 	}
1197 
1198 	rval = ql_lock_nvram(ha, &start_addr, LNF_VPD_DATA);
1199 	if (rval != QL_SUCCESS) {
1200 		EL(ha, "failed, ql_lock_nvram=%xh\n", rval);
1201 		kmem_free(vpd, vpd_size);
1202 		ql_restart_driver(ha);
1203 		return (EIO);
1204 	}
1205 
1206 	/* Load VPD. */
1207 	if (CFG_IST(ha, CFG_CTRL_258081)) {
1208 		GLOBAL_HW_UNLOCK();
1209 		start_addr &= ~ha->flash_data_addr;
1210 		start_addr <<= 2;
1211 		if ((rval = ql_r_m_w_flash(ha, bp, vpd_size, start_addr,
1212 		    mode)) != QL_SUCCESS) {
1213 			EL(ha, "vpd load error: %xh\n", rval);
1214 		}
1215 		GLOBAL_HW_LOCK();
1216 	} else {
1217 		lptr = (uint32_t *)vpd;
1218 		for (cnt = 0; cnt < vpd_size / 4; cnt++) {
1219 			data32 = *lptr++;
1220 			LITTLE_ENDIAN_32(&data32);
1221 			rval = ql_24xx_load_nvram(ha, cnt + start_addr,
1222 			    data32);
1223 			if (rval != QL_SUCCESS) {
1224 				EL(ha, "failed, 24xx_load_nvram=%xh\n", rval);
1225 				break;
1226 			}
1227 		}
1228 	}
1229 
1230 	kmem_free(vpd, vpd_size);
1231 
1232 	/* Update the vcache */
1233 	CACHE_LOCK(ha);
1234 
1235 	if (rval != QL_SUCCESS) {
1236 		EL(ha, "failed, load\n");
1237 	} else if ((ha->vcache == NULL) && ((ha->vcache =
1238 	    kmem_zalloc(vpd_size, KM_SLEEP)) == NULL)) {
1239 		EL(ha, "failed, kmem_zalloc2\n");
1240 	} else if (ddi_copyin(bp, ha->vcache, vpd_size, mode) != 0) {
1241 		EL(ha, "Buffer copy2 failed\n");
1242 		kmem_free(ha->vcache, vpd_size);
1243 		ha->vcache = NULL;
1244 	}
1245 
1246 	CACHE_UNLOCK(ha);
1247 
1248 	ql_release_nvram(ha);
1249 	ql_restart_driver(ha);
1250 
1251 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1252 
1253 	if (rval == QL_SUCCESS) {
1254 		return (0);
1255 	}
1256 
1257 	return (EFAULT);
1258 }
1259 
1260 /*
1261  * ql_vpd_dump
1262  *	Dumps VPD to application buffer.
1263  *
1264  * Input:
1265  *	ha = adapter state pointer.
1266  *	bp = user buffer address.
1267  *
1268  * Returns:
1269  *
1270  * Context:
1271  *	Kernel context.
1272  */
1273 int
1274 ql_vpd_dump(ql_adapter_state_t *ha, void *bp, int mode)
1275 {
1276 	uint8_t		cnt;
1277 	void		*vpd;
1278 	uint32_t	start_addr, vpd_size, *lptr;
1279 	int		rval = 0;
1280 
1281 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1282 
1283 	if ((CFG_IST(ha, CFG_CTRL_24258081)) == 0) {
1284 		EL(ha, "unsupported adapter feature\n");
1285 		return (EACCES);
1286 	}
1287 
1288 	vpd_size = QL_24XX_VPD_SIZE;
1289 
1290 	CACHE_LOCK(ha);
1291 
1292 	if (ha->vcache != NULL) {
1293 		/* copy back the vpd cache data */
1294 		if (ddi_copyout(ha->vcache, bp, vpd_size, mode) != 0) {
1295 			EL(ha, "Buffer copy failed\n");
1296 			rval = EFAULT;
1297 		}
1298 		CACHE_UNLOCK(ha);
1299 		return (rval);
1300 	}
1301 
1302 	if ((vpd = kmem_zalloc(vpd_size, KM_SLEEP)) == NULL) {
1303 		CACHE_UNLOCK(ha);
1304 		EL(ha, "failed, kmem_zalloc\n");
1305 		return (ENOMEM);
1306 	}
1307 
1308 	/* Quiesce I/O */
1309 	if (ql_stall_driver(ha, 0) != QL_SUCCESS) {
1310 		CACHE_UNLOCK(ha);
1311 		EL(ha, "ql_stall_driver failed\n");
1312 		kmem_free(vpd, vpd_size);
1313 		return (EBUSY);
1314 	}
1315 
1316 	rval = ql_lock_nvram(ha, &start_addr, LNF_VPD_DATA);
1317 	if (rval != QL_SUCCESS) {
1318 		CACHE_UNLOCK(ha);
1319 		EL(ha, "failed, ql_lock_nvram=%xh\n", rval);
1320 		kmem_free(vpd, vpd_size);
1321 		ql_restart_driver(ha);
1322 		return (EIO);
1323 	}
1324 
1325 	/* Dump VPD. */
1326 	lptr = (uint32_t *)vpd;
1327 
1328 	for (cnt = 0; cnt < vpd_size / 4; cnt++) {
1329 		rval = ql_24xx_read_flash(ha, start_addr++, lptr);
1330 		if (rval != QL_SUCCESS) {
1331 			EL(ha, "read_flash failed=%xh\n", rval);
1332 			rval = EAGAIN;
1333 			break;
1334 		}
1335 		LITTLE_ENDIAN_32(lptr);
1336 		lptr++;
1337 	}
1338 
1339 	ql_release_nvram(ha);
1340 	ql_restart_driver(ha);
1341 
1342 	if (ddi_copyout(vpd, bp, vpd_size, mode) != 0) {
1343 		CACHE_UNLOCK(ha);
1344 		EL(ha, "Buffer copy failed\n");
1345 		kmem_free(vpd, vpd_size);
1346 		return (EFAULT);
1347 	}
1348 
1349 	ha->vcache = vpd;
1350 
1351 	CACHE_UNLOCK(ha);
1352 
1353 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1354 
1355 	if (rval != QL_SUCCESS) {
1356 		return (EFAULT);
1357 	} else {
1358 		return (0);
1359 	}
1360 }
1361 
1362 /*
1363  * ql_vpd_findtag
1364  *	Search the passed vpd buffer for the requested VPD tag type.
1365  *
1366  * Input:
1367  *	ha	= adapter state pointer.
1368  *	vpdbuf	= Pointer to start of the buffer to search
1369  *	op	= VPD opcode to find (must be NULL terminated).
1370  *
1371  * Returns:
1372  *	Pointer to the opcode in the buffer if opcode found.
1373  *	NULL if opcode is not found.
1374  *
1375  * Context:
1376  *	Kernel context.
1377  */
1378 static uint8_t *
1379 ql_vpd_findtag(ql_adapter_state_t *ha, uint8_t *vpdbuf, int8_t *opcode)
1380 {
1381 	uint8_t		*vpd = vpdbuf;
1382 	uint8_t		*end = vpdbuf + QL_24XX_VPD_SIZE;
1383 	uint32_t	found = 0;
1384 
1385 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1386 
1387 	if (vpdbuf == NULL || opcode == NULL) {
1388 		EL(ha, "null parameter passed!\n");
1389 		return (NULL);
1390 	}
1391 
1392 	while (vpd < end) {
1393 
1394 		/* check for end of vpd */
1395 		if (vpd[0] == VPD_TAG_END) {
1396 			if (opcode[0] == VPD_TAG_END) {
1397 				found = 1;
1398 			} else {
1399 				found = 0;
1400 			}
1401 			break;
1402 		}
1403 
1404 		/* check opcode */
1405 		if (bcmp(opcode, vpd, strlen(opcode)) == 0) {
1406 			/* found opcode requested */
1407 			found = 1;
1408 			break;
1409 		}
1410 
1411 		/*
1412 		 * Didn't find the opcode, so calculate start of
1413 		 * next tag. Depending on the current tag type,
1414 		 * the length field can be 1 or 2 bytes
1415 		 */
1416 		if (!(strncmp((char *)vpd, (char *)VPD_TAG_PRODID, 1))) {
1417 			vpd += (vpd[2] << 8) + vpd[1] + 3;
1418 		} else if (*vpd == VPD_TAG_LRT || *vpd == VPD_TAG_LRTC) {
1419 			vpd += 3;
1420 		} else {
1421 			vpd += vpd[2] +3;
1422 		}
1423 	}
1424 
1425 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1426 
1427 	return (found == 1 ? vpd : NULL);
1428 }
1429 
1430 /*
1431  * ql_vpd_lookup
1432  *	Return the VPD data for the request VPD tag
1433  *
1434  * Input:
1435  *	ha	= adapter state pointer.
1436  *	opcode	= VPD opcode to find (must be NULL terminated).
1437  *	bp	= Pointer to returned data buffer.
1438  *	bplen	= Length of returned data buffer.
1439  *
1440  * Returns:
1441  *	Length of data copied into returned data buffer.
1442  *		>0 = VPD data field (NULL terminated)
1443  *		 0 = no data.
1444  *		-1 = Could not find opcode in vpd buffer / error.
1445  *
1446  * Context:
1447  *	Kernel context.
1448  *
1449  * NB: The opcode buffer and the bp buffer *could* be the same buffer!
1450  *
1451  */
1452 int32_t
1453 ql_vpd_lookup(ql_adapter_state_t *ha, uint8_t *opcode, uint8_t *bp,
1454     int32_t bplen)
1455 {
1456 	uint8_t		*vpd;
1457 	uint8_t		*vpdbuf;
1458 	int32_t		len = -1;
1459 
1460 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1461 
1462 	if (opcode == NULL || bp == NULL || bplen < 1) {
1463 		EL(ha, "invalid parameter passed: opcode=%ph, "
1464 		    "bp=%ph, bplen=%xh\n", opcode, bp, bplen);
1465 		return (len);
1466 	}
1467 
1468 	if ((CFG_IST(ha, CFG_CTRL_24258081)) == 0) {
1469 		return (len);
1470 	}
1471 
1472 	if ((vpdbuf = (uint8_t *)kmem_zalloc(QL_24XX_VPD_SIZE,
1473 	    KM_SLEEP)) == NULL) {
1474 		EL(ha, "unable to allocate vpd memory\n");
1475 		return (len);
1476 	}
1477 
1478 	if ((ql_vpd_dump(ha, vpdbuf, (int)FKIOCTL)) != 0) {
1479 		kmem_free(vpdbuf, QL_24XX_VPD_SIZE);
1480 		EL(ha, "unable to retrieve VPD data\n");
1481 		return (len);
1482 	}
1483 
1484 	if ((vpd = ql_vpd_findtag(ha, vpdbuf, (int8_t *)opcode)) != NULL) {
1485 		/*
1486 		 * Found the tag
1487 		 */
1488 		if (*opcode == VPD_TAG_END || *opcode == VPD_TAG_LRT ||
1489 		    *opcode == VPD_TAG_LRTC) {
1490 			/*
1491 			 * we found it, but the tag doesn't have a data
1492 			 * field.
1493 			 */
1494 			len = 0;
1495 		} else if (!(strncmp((char *)vpd, (char *)
1496 		    VPD_TAG_PRODID, 1))) {
1497 			len = vpd[2] << 8;
1498 			len += vpd[1];
1499 		} else {
1500 			len = vpd[2];
1501 		}
1502 
1503 		/*
1504 		 * make sure that the vpd len doesn't exceed the
1505 		 * vpd end
1506 		 */
1507 		if (vpd+len > vpdbuf + QL_24XX_VPD_SIZE) {
1508 			EL(ha, "vpd tag len (%xh) exceeds vpd buffer "
1509 			    "length\n", len);
1510 			len = -1;
1511 		}
1512 	}
1513 
1514 	if (len >= 0) {
1515 		/*
1516 		 * make sure we don't exceed callers buffer space len
1517 		 */
1518 		if (len > bplen) {
1519 			len = bplen-1;
1520 		}
1521 
1522 		/* copy the data back */
1523 		(void) strncpy((int8_t *)bp, (int8_t *)(vpd+3), (int64_t)len);
1524 		bp[len] = NULL;
1525 	} else {
1526 		/* error -- couldn't find tag */
1527 		bp[0] = NULL;
1528 		if (opcode[1] != NULL) {
1529 			EL(ha, "unable to find tag '%s'\n", opcode);
1530 		} else {
1531 			EL(ha, "unable to find tag '%xh'\n", opcode[0]);
1532 		}
1533 	}
1534 
1535 	kmem_free(vpdbuf, QL_24XX_VPD_SIZE);
1536 
1537 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1538 
1539 	return (len);
1540 }
1541 
1542 /*
1543  * ql_r_m_w_flash
1544  *	Read modify write from user space to flash.
1545  *
1546  * Input:
1547  *	ha:	adapter state pointer.
1548  *	dp:	source byte pointer.
1549  *	bc:	byte count.
1550  *	faddr:	flash byte address.
1551  *	mode:	flags.
1552  *
1553  * Returns:
1554  *	ql local function return status code.
1555  *
1556  * Context:
1557  *	Kernel context.
1558  */
1559 int
1560 ql_r_m_w_flash(ql_adapter_state_t *ha, caddr_t dp, uint32_t bc, uint32_t faddr,
1561     int mode)
1562 {
1563 	uint8_t		*bp;
1564 	uint32_t	xfer, bsize, saddr, ofst;
1565 	int		rval = 0;
1566 
1567 	QL_PRINT_9(CE_CONT, "(%d): started, dp=%ph, faddr=%xh, bc=%xh\n",
1568 	    ha->instance, (void *)dp, faddr, bc);
1569 
1570 	bsize = ha->xioctl->fdesc.block_size;
1571 	saddr = faddr & ~(bsize - 1);
1572 	ofst = faddr & (bsize - 1);
1573 
1574 	if ((bp = kmem_zalloc(bsize, KM_SLEEP)) == NULL) {
1575 		EL(ha, "kmem_zalloc=null\n");
1576 		return (QL_MEMORY_ALLOC_FAILED);
1577 	}
1578 
1579 	while (bc) {
1580 		xfer = bc > bsize ? bsize : bc;
1581 		if (ofst + xfer > bsize) {
1582 			xfer = bsize - ofst;
1583 		}
1584 		QL_PRINT_9(CE_CONT, "(%d): dp=%ph, saddr=%xh, bc=%xh, "
1585 		    "ofst=%xh, xfer=%xh\n", ha->instance, (void *)dp, saddr,
1586 		    bc, ofst, xfer);
1587 
1588 		if (ofst || xfer < bsize) {
1589 			/* Dump Flash sector. */
1590 			if ((rval = ql_dump_fcode(ha, bp, bsize, saddr)) !=
1591 			    QL_SUCCESS) {
1592 				EL(ha, "dump_flash status=%x\n", rval);
1593 				break;
1594 			}
1595 		}
1596 
1597 		/* Set new data. */
1598 		if ((rval = ddi_copyin(dp, (caddr_t)(bp + ofst), xfer,
1599 		    mode)) != 0) {
1600 			EL(ha, "ddi_copyin status=%xh, dp=%ph, ofst=%xh, "
1601 			    "xfer=%xh\n", rval, (void *)dp, ofst, xfer);
1602 			rval = QL_FUNCTION_FAILED;
1603 			break;
1604 		}
1605 
1606 		/* Write to flash. */
1607 		if ((rval = ql_load_fcode(ha, bp, bsize, saddr)) !=
1608 		    QL_SUCCESS) {
1609 			EL(ha, "load_flash status=%x\n", rval);
1610 			break;
1611 		}
1612 		bc -= xfer;
1613 		dp += xfer;
1614 		saddr += bsize;
1615 		ofst = 0;
1616 	}
1617 
1618 	kmem_free(bp, bsize);
1619 
1620 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1621 
1622 	return (rval);
1623 }
1624 
1625 /*
1626  * ql_adm_op
1627  *	Performs qladm utility operations
1628  *
1629  * Input:
1630  *	ha:	adapter state pointer.
1631  *	arg:	driver_op_t structure pointer.
1632  *	mode:	flags.
1633  *
1634  * Returns:
1635  *
1636  * Context:
1637  *	Kernel context.
1638  */
1639 static int
1640 ql_adm_op(ql_adapter_state_t *ha, void *arg, int mode)
1641 {
1642 	ql_adm_op_t		dop;
1643 	int			rval = 0;
1644 
1645 	if (ddi_copyin(arg, &dop, sizeof (ql_adm_op_t), mode) != 0) {
1646 		EL(ha, "failed, driver_op_t ddi_copyin\n");
1647 		return (EFAULT);
1648 	}
1649 
1650 	QL_PRINT_9(CE_CONT, "(%d): started, cmd=%xh, buffer=%llx,"
1651 	    " length=%xh, option=%xh\n", ha->instance, dop.cmd, dop.buffer,
1652 	    dop.length, dop.option);
1653 
1654 	switch (dop.cmd) {
1655 	case QL_ADAPTER_INFO:
1656 		rval = ql_adm_adapter_info(ha, &dop, mode);
1657 		break;
1658 
1659 	case QL_EXTENDED_LOGGING:
1660 		rval = ql_adm_extended_logging(ha, &dop);
1661 		break;
1662 
1663 	case QL_LOOP_RESET:
1664 		rval = ql_adm_loop_reset(ha);
1665 		break;
1666 
1667 	case QL_DEVICE_LIST:
1668 		rval = ql_adm_device_list(ha, &dop, mode);
1669 		break;
1670 
1671 	case QL_PROP_UPDATE_INT:
1672 		rval = ql_adm_prop_update_int(ha, &dop, mode);
1673 		break;
1674 
1675 	case QL_UPDATE_PROPERTIES:
1676 		rval = ql_adm_update_properties(ha);
1677 		break;
1678 
1679 	case QL_FW_DUMP:
1680 		rval = ql_adm_fw_dump(ha, &dop, arg, mode);
1681 		break;
1682 
1683 	case QL_NVRAM_LOAD:
1684 		rval = ql_adm_nvram_load(ha, &dop, mode);
1685 		break;
1686 
1687 	case QL_NVRAM_DUMP:
1688 		rval = ql_adm_nvram_dump(ha, &dop, mode);
1689 		break;
1690 
1691 	case QL_FLASH_LOAD:
1692 		rval = ql_adm_flash_load(ha, &dop, mode);
1693 		break;
1694 
1695 	case QL_VPD_LOAD:
1696 		rval = ql_adm_vpd_load(ha, &dop, mode);
1697 		break;
1698 
1699 	case QL_VPD_DUMP:
1700 		rval = ql_adm_vpd_dump(ha, &dop, mode);
1701 		break;
1702 
1703 	case QL_VPD_GETTAG:
1704 		rval = ql_adm_vpd_gettag(ha, &dop, mode);
1705 		break;
1706 
1707 	case QL_UPD_FWMODULE:
1708 		rval = ql_adm_updfwmodule(ha, &dop, mode);
1709 		break;
1710 
1711 	default:
1712 		EL(ha, "unsupported driver op cmd: %x\n", dop.cmd);
1713 		return (EINVAL);
1714 	}
1715 
1716 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1717 
1718 	return (rval);
1719 }
1720 
1721 /*
1722  * ql_adm_adapter_info
1723  *	Performs qladm QL_ADAPTER_INFO command
1724  *
1725  * Input:
1726  *	ha:	adapter state pointer.
1727  *	dop:	ql_adm_op_t structure pointer.
1728  *	mode:	flags.
1729  *
1730  * Returns:
1731  *
1732  * Context:
1733  *	Kernel context.
1734  */
1735 static int
1736 ql_adm_adapter_info(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
1737 {
1738 	ql_adapter_info_t	hba;
1739 	uint8_t			*dp;
1740 	uint32_t		length;
1741 	int			rval, i;
1742 
1743 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1744 
1745 	hba.device_id = ha->device_id;
1746 
1747 	dp = CFG_IST(ha, CFG_CTRL_24258081) ?
1748 	    &ha->init_ctrl_blk.cb24.port_name[0] :
1749 	    &ha->init_ctrl_blk.cb.port_name[0];
1750 	bcopy(dp, hba.wwpn, 8);
1751 
1752 	hba.d_id = ha->d_id.b24;
1753 
1754 	if (ha->xioctl->fdesc.flash_size == 0 &&
1755 	    !(CFG_IST(ha, CFG_CTRL_2200) && !ha->subven_id)) {
1756 		if (ql_stall_driver(ha, 0) != QL_SUCCESS) {
1757 			EL(ha, "ql_stall_driver failed\n");
1758 			return (EBUSY);
1759 		}
1760 
1761 		if ((rval = ql_setup_fcache(ha)) != QL_SUCCESS) {
1762 			EL(ha, "ql_setup_flash failed=%xh\n", rval);
1763 			if (rval == QL_FUNCTION_TIMEOUT) {
1764 				return (EBUSY);
1765 			}
1766 			return (EIO);
1767 		}
1768 
1769 		/* Resume I/O */
1770 		if (CFG_IST(ha, CFG_CTRL_24258081)) {
1771 			ql_restart_driver(ha);
1772 		} else {
1773 			EL(ha, "isp_abort_needed for restart\n");
1774 			ql_awaken_task_daemon(ha, NULL, ISP_ABORT_NEEDED,
1775 			    DRIVER_STALL);
1776 		}
1777 	}
1778 	hba.flash_size = ha->xioctl->fdesc.flash_size;
1779 
1780 	(void) strcpy(hba.driver_ver, QL_VERSION);
1781 
1782 	(void) sprintf(hba.fw_ver, "%d.%d.%d", ha->fw_major_version,
1783 	    ha->fw_minor_version, ha->fw_subminor_version);
1784 
1785 	bzero(hba.fcode_ver, sizeof (hba.fcode_ver));
1786 
1787 	/*LINTED [Solaris DDI_DEV_T_ANY Lint warning]*/
1788 	rval = ddi_getlongprop(DDI_DEV_T_ANY, ha->dip,
1789 	    DDI_PROP_DONTPASS | DDI_PROP_CANSLEEP, "version", (caddr_t)&dp, &i);
1790 	length = i;
1791 	if (rval != DDI_PROP_SUCCESS) {
1792 		EL(ha, "failed, ddi_getlongprop=%xh\n", rval);
1793 	} else {
1794 		if (length > (uint32_t)sizeof (hba.fcode_ver)) {
1795 			length = sizeof (hba.fcode_ver) - 1;
1796 		}
1797 		bcopy((void *)dp, (void *)hba.fcode_ver, length);
1798 		kmem_free(dp, length);
1799 	}
1800 
1801 	if (ddi_copyout((void *)&hba, (void *)(uintptr_t)dop->buffer,
1802 	    dop->length, mode) != 0) {
1803 		EL(ha, "failed, ddi_copyout\n");
1804 		return (EFAULT);
1805 	}
1806 
1807 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1808 
1809 	return (0);
1810 }
1811 
1812 /*
1813  * ql_adm_extended_logging
1814  *	Performs qladm QL_EXTENDED_LOGGING command
1815  *
1816  * Input:
1817  *	ha:	adapter state pointer.
1818  *	dop:	ql_adm_op_t structure pointer.
1819  *
1820  * Returns:
1821  *
1822  * Context:
1823  *	Kernel context.
1824  */
1825 static int
1826 ql_adm_extended_logging(ql_adapter_state_t *ha, ql_adm_op_t *dop)
1827 {
1828 	char	prop_name[MAX_PROP_LENGTH];
1829 	int	rval;
1830 
1831 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1832 
1833 	(void) sprintf(prop_name, "hba%d-extended-logging", ha->instance);
1834 
1835 	/*LINTED [Solaris DDI_DEV_T_NONE Lint warning]*/
1836 	rval = ddi_prop_update_int(DDI_DEV_T_NONE, ha->dip, prop_name,
1837 	    (int)dop->option);
1838 	if (rval != DDI_PROP_SUCCESS) {
1839 		EL(ha, "failed, prop_update = %xh\n", rval);
1840 		return (EINVAL);
1841 	} else {
1842 		dop->option ?
1843 		    (ha->cfg_flags |= CFG_ENABLE_EXTENDED_LOGGING) :
1844 		    (ha->cfg_flags &= ~CFG_ENABLE_EXTENDED_LOGGING);
1845 	}
1846 
1847 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1848 
1849 	return (0);
1850 }
1851 
1852 /*
1853  * ql_adm_loop_reset
1854  *	Performs qladm QL_LOOP_RESET command
1855  *
1856  * Input:
1857  *	ha:	adapter state pointer.
1858  *
1859  * Returns:
1860  *
1861  * Context:
1862  *	Kernel context.
1863  */
1864 static int
1865 ql_adm_loop_reset(ql_adapter_state_t *ha)
1866 {
1867 	int	rval;
1868 
1869 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1870 
1871 	if (ha->task_daemon_flags & LOOP_DOWN) {
1872 		(void) ql_full_login_lip(ha);
1873 	} else if ((rval = ql_full_login_lip(ha)) != QL_SUCCESS) {
1874 		EL(ha, "failed, ql_initiate_lip=%xh\n", rval);
1875 		return (EIO);
1876 	}
1877 
1878 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1879 
1880 	return (0);
1881 }
1882 
1883 /*
1884  * ql_adm_device_list
1885  *	Performs qladm QL_DEVICE_LIST command
1886  *
1887  * Input:
1888  *	ha:	adapter state pointer.
1889  *	dop:	ql_adm_op_t structure pointer.
1890  *	mode:	flags.
1891  *
1892  * Returns:
1893  *
1894  * Context:
1895  *	Kernel context.
1896  */
1897 static int
1898 ql_adm_device_list(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
1899 {
1900 	ql_device_info_t	dev;
1901 	ql_link_t		*link;
1902 	ql_tgt_t		*tq;
1903 	uint32_t		index, cnt;
1904 
1905 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1906 
1907 	cnt = 0;
1908 	dev.address = 0xffffffff;
1909 
1910 	/* Scan port list for requested target and fill in the values */
1911 	for (link = NULL, index = 0;
1912 	    index < DEVICE_HEAD_LIST_SIZE && link == NULL; index++) {
1913 		for (link = ha->dev[index].first; link != NULL;
1914 		    link = link->next) {
1915 			tq = link->base_address;
1916 
1917 			if (!VALID_TARGET_ID(ha, tq->loop_id)) {
1918 				continue;
1919 			}
1920 			if (cnt != dop->option) {
1921 				cnt++;
1922 				continue;
1923 			}
1924 			/* fill in the values */
1925 			bcopy(tq->port_name, dev.wwpn, 8);
1926 			dev.address = tq->d_id.b24;
1927 			dev.loop_id = tq->loop_id;
1928 			if (tq->flags & TQF_TAPE_DEVICE) {
1929 				dev.type = FCT_TAPE;
1930 			} else if (tq->flags & TQF_INITIATOR_DEVICE) {
1931 				dev.type = FCT_INITIATOR;
1932 			} else {
1933 				dev.type = FCT_TARGET;
1934 			}
1935 			break;
1936 		}
1937 	}
1938 
1939 	if (ddi_copyout((void *)&dev, (void *)(uintptr_t)dop->buffer,
1940 	    dop->length, mode) != 0) {
1941 		EL(ha, "failed, ddi_copyout\n");
1942 		return (EFAULT);
1943 	}
1944 
1945 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
1946 
1947 	return (0);
1948 }
1949 
1950 /*
1951  * ql_adm_update_properties
1952  *	Performs qladm QL_UPDATE_PROPERTIES command
1953  *
1954  * Input:
1955  *	ha:	adapter state pointer.
1956  *
1957  * Returns:
1958  *
1959  * Context:
1960  *	Kernel context.
1961  */
1962 static int
1963 ql_adm_update_properties(ql_adapter_state_t *ha)
1964 {
1965 	ql_comb_init_cb_t	init_ctrl_blk;
1966 	ql_comb_ip_init_cb_t	ip_init_ctrl_blk;
1967 
1968 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
1969 
1970 	/* Stall driver instance. */
1971 	(void) ql_stall_driver(ha, 0);
1972 
1973 	/* Save init control blocks. */
1974 	bcopy(&ha->init_ctrl_blk, &init_ctrl_blk, sizeof (ql_comb_init_cb_t));
1975 	bcopy(&ha->ip_init_ctrl_blk, &ip_init_ctrl_blk,
1976 	    sizeof (ql_comb_ip_init_cb_t));
1977 
1978 	/* Update PCI configration. */
1979 	(void) ql_pci_sbus_config(ha);
1980 
1981 	/* Get configuration properties. */
1982 	(void) ql_nvram_config(ha);
1983 
1984 	/* Check for init firmware required. */
1985 	if (bcmp(&ha->init_ctrl_blk, &init_ctrl_blk,
1986 	    sizeof (ql_comb_init_cb_t)) != 0 ||
1987 	    bcmp(&ha->ip_init_ctrl_blk, &ip_init_ctrl_blk,
1988 	    sizeof (ql_comb_ip_init_cb_t)) != 0) {
1989 
1990 		EL(ha, "isp_abort_needed\n");
1991 		ha->loop_down_timer = LOOP_DOWN_TIMER_START;
1992 		TASK_DAEMON_LOCK(ha);
1993 		ha->task_daemon_flags |= LOOP_DOWN | ISP_ABORT_NEEDED;
1994 		TASK_DAEMON_UNLOCK(ha);
1995 	}
1996 
1997 	/* Update AEN queue. */
1998 	if (ha->xioctl->flags & QL_AEN_TRACKING_ENABLE) {
1999 		ql_enqueue_aen(ha, MBA_PORT_UPDATE, NULL);
2000 	}
2001 
2002 	/* Restart driver instance. */
2003 	ql_restart_driver(ha);
2004 
2005 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2006 
2007 	return (0);
2008 }
2009 
2010 /*
2011  * ql_adm_prop_update_int
2012  *	Performs qladm QL_PROP_UPDATE_INT command
2013  *
2014  * Input:
2015  *	ha:	adapter state pointer.
2016  *	dop:	ql_adm_op_t structure pointer.
2017  *	mode:	flags.
2018  *
2019  * Returns:
2020  *
2021  * Context:
2022  *	Kernel context.
2023  */
2024 static int
2025 ql_adm_prop_update_int(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2026 {
2027 	char	*prop_name;
2028 	int	rval;
2029 
2030 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2031 
2032 	prop_name = kmem_zalloc(dop->length, KM_SLEEP);
2033 	if (prop_name == NULL) {
2034 		EL(ha, "failed, kmem_zalloc\n");
2035 		return (ENOMEM);
2036 	}
2037 
2038 	if (ddi_copyin((void *)(uintptr_t)dop->buffer, prop_name, dop->length,
2039 	    mode) != 0) {
2040 		EL(ha, "failed, prop_name ddi_copyin\n");
2041 		kmem_free(prop_name, dop->length);
2042 		return (EFAULT);
2043 	}
2044 
2045 	/*LINTED [Solaris DDI_DEV_T_ANY Lint warning]*/
2046 	if ((rval = ddi_prop_update_int(DDI_DEV_T_NONE, ha->dip, prop_name,
2047 	    (int)dop->option)) != DDI_PROP_SUCCESS) {
2048 		EL(ha, "failed, prop_update=%xh\n", rval);
2049 		kmem_free(prop_name, dop->length);
2050 		return (EINVAL);
2051 	}
2052 
2053 	kmem_free(prop_name, dop->length);
2054 
2055 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2056 
2057 	return (0);
2058 }
2059 
2060 /*
2061  * ql_adm_fw_dump
2062  *	Performs qladm QL_FW_DUMP command
2063  *
2064  * Input:
2065  *	ha:	adapter state pointer.
2066  *	dop:	ql_adm_op_t structure pointer.
2067  *	udop:	user space ql_adm_op_t structure pointer.
2068  *	mode:	flags.
2069  *
2070  * Returns:
2071  *
2072  * Context:
2073  *	Kernel context.
2074  */
2075 static int
2076 ql_adm_fw_dump(ql_adapter_state_t *ha, ql_adm_op_t *dop, void *udop, int mode)
2077 {
2078 	caddr_t	dmp;
2079 
2080 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2081 
2082 	if (dop->length < ha->risc_dump_size) {
2083 		EL(ha, "failed, incorrect length=%xh, size=%xh\n",
2084 		    dop->length, ha->risc_dump_size);
2085 		return (EINVAL);
2086 	}
2087 
2088 	if (ha->ql_dump_state & QL_DUMP_VALID) {
2089 		dmp = kmem_zalloc(ha->risc_dump_size, KM_SLEEP);
2090 		if (dmp == NULL) {
2091 			EL(ha, "failed, kmem_zalloc\n");
2092 			return (ENOMEM);
2093 		}
2094 
2095 		dop->length = (uint32_t)ql_ascii_fw_dump(ha, dmp);
2096 		if (ddi_copyout((void *)dmp, (void *)(uintptr_t)dop->buffer,
2097 		    dop->length, mode) != 0) {
2098 			EL(ha, "failed, ddi_copyout\n");
2099 			kmem_free(dmp, ha->risc_dump_size);
2100 			return (EFAULT);
2101 		}
2102 
2103 		kmem_free(dmp, ha->risc_dump_size);
2104 		ha->ql_dump_state |= QL_DUMP_UPLOADED;
2105 
2106 	} else {
2107 		EL(ha, "failed, no dump file\n");
2108 		dop->length = 0;
2109 	}
2110 
2111 	if (ddi_copyout(dop, udop, sizeof (ql_adm_op_t), mode) != 0) {
2112 		EL(ha, "failed, driver_op_t ddi_copyout\n");
2113 		return (EFAULT);
2114 	}
2115 
2116 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2117 
2118 	return (0);
2119 }
2120 
2121 /*
2122  * ql_adm_nvram_dump
2123  *	Performs qladm QL_NVRAM_DUMP command
2124  *
2125  * Input:
2126  *	ha:	adapter state pointer.
2127  *	dop:	ql_adm_op_t structure pointer.
2128  *	mode:	flags.
2129  *
2130  * Returns:
2131  *
2132  * Context:
2133  *	Kernel context.
2134  */
2135 static int
2136 ql_adm_nvram_dump(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2137 {
2138 	int		rval;
2139 
2140 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2141 
2142 	if (dop->length < ha->nvram_cache->size) {
2143 		EL(ha, "failed, length=%xh, size=%xh\n", dop->length,
2144 		    ha->nvram_cache->size);
2145 		return (EINVAL);
2146 	}
2147 
2148 	if ((rval = ql_nv_util_dump(ha, (void *)(uintptr_t)dop->buffer,
2149 	    mode)) != 0) {
2150 		EL(ha, "failed, ql_nv_util_dump\n");
2151 	} else {
2152 		/*EMPTY*/
2153 		QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2154 	}
2155 
2156 	return (rval);
2157 }
2158 
2159 /*
2160  * ql_adm_nvram_load
2161  *	Performs qladm QL_NVRAM_LOAD command
2162  *
2163  * Input:
2164  *	ha:	adapter state pointer.
2165  *	dop:	ql_adm_op_t structure pointer.
2166  *	mode:	flags.
2167  *
2168  * Returns:
2169  *
2170  * Context:
2171  *	Kernel context.
2172  */
2173 static int
2174 ql_adm_nvram_load(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2175 {
2176 	int		rval;
2177 
2178 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2179 
2180 	if (dop->length < ha->nvram_cache->size) {
2181 		EL(ha, "failed, length=%xh, size=%xh\n", dop->length,
2182 		    ha->nvram_cache->size);
2183 		return (EINVAL);
2184 	}
2185 
2186 	if ((rval = ql_nv_util_load(ha, (void *)(uintptr_t)dop->buffer,
2187 	    mode)) != 0) {
2188 		EL(ha, "failed, ql_nv_util_dump\n");
2189 	} else {
2190 		/*EMPTY*/
2191 		QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2192 	}
2193 
2194 	return (rval);
2195 }
2196 
2197 /*
2198  * ql_adm_flash_load
2199  *	Performs qladm QL_FLASH_LOAD command
2200  *
2201  * Input:
2202  *	ha:	adapter state pointer.
2203  *	dop:	ql_adm_op_t structure pointer.
2204  *	mode:	flags.
2205  *
2206  * Returns:
2207  *
2208  * Context:
2209  *	Kernel context.
2210  */
2211 static int
2212 ql_adm_flash_load(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2213 {
2214 	uint8_t	*dp;
2215 	int	rval;
2216 
2217 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2218 
2219 	if ((dp = kmem_zalloc(dop->length, KM_SLEEP)) == NULL) {
2220 		EL(ha, "failed, kmem_zalloc\n");
2221 		return (ENOMEM);
2222 	}
2223 
2224 	if (ddi_copyin((void *)(uintptr_t)dop->buffer, dp, dop->length,
2225 	    mode) != 0) {
2226 		EL(ha, "ddi_copyin failed\n");
2227 		kmem_free(dp, dop->length);
2228 		return (EFAULT);
2229 	}
2230 
2231 	if (ql_stall_driver(ha, 0) != QL_SUCCESS) {
2232 		EL(ha, "ql_stall_driver failed\n");
2233 		kmem_free(dp, dop->length);
2234 		return (EBUSY);
2235 	}
2236 
2237 	rval = (CFG_IST(ha, CFG_CTRL_24258081) ?
2238 	    ql_24xx_load_flash(ha, dp, dop->length, dop->option) :
2239 	    ql_load_flash(ha, dp, dop->length));
2240 
2241 	ql_restart_driver(ha);
2242 
2243 	kmem_free(dp, dop->length);
2244 
2245 	if (rval != QL_SUCCESS) {
2246 		EL(ha, "failed\n");
2247 		return (EIO);
2248 	}
2249 
2250 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2251 
2252 	return (0);
2253 }
2254 
2255 /*
2256  * ql_adm_vpd_dump
2257  *	Performs qladm QL_VPD_DUMP command
2258  *
2259  * Input:
2260  *	ha:	adapter state pointer.
2261  *	dop:	ql_adm_op_t structure pointer.
2262  *	mode:	flags.
2263  *
2264  * Returns:
2265  *
2266  * Context:
2267  *	Kernel context.
2268  */
2269 static int
2270 ql_adm_vpd_dump(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2271 {
2272 	int		rval;
2273 
2274 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2275 
2276 	if ((CFG_IST(ha, CFG_CTRL_24258081)) == 0) {
2277 		EL(ha, "hba does not support VPD\n");
2278 		return (EINVAL);
2279 	}
2280 
2281 	if (dop->length < QL_24XX_VPD_SIZE) {
2282 		EL(ha, "failed, length=%xh, size=%xh\n", dop->length,
2283 		    QL_24XX_VPD_SIZE);
2284 		return (EINVAL);
2285 	}
2286 
2287 	if ((rval = ql_vpd_dump(ha, (void *)(uintptr_t)dop->buffer, mode))
2288 	    != 0) {
2289 		EL(ha, "failed, ql_vpd_dump\n");
2290 	} else {
2291 		/*EMPTY*/
2292 		QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2293 	}
2294 
2295 	return (rval);
2296 }
2297 
2298 /*
2299  * ql_adm_vpd_load
2300  *	Performs qladm QL_VPD_LOAD command
2301  *
2302  * Input:
2303  *	ha:	adapter state pointer.
2304  *	dop:	ql_adm_op_t structure pointer.
2305  *	mode:	flags.
2306  *
2307  * Returns:
2308  *
2309  * Context:
2310  *	Kernel context.
2311  */
2312 static int
2313 ql_adm_vpd_load(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2314 {
2315 	int		rval;
2316 
2317 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2318 
2319 	if ((CFG_IST(ha, CFG_CTRL_24258081)) == 0) {
2320 		EL(ha, "hba does not support VPD\n");
2321 		return (EINVAL);
2322 	}
2323 
2324 	if (dop->length < QL_24XX_VPD_SIZE) {
2325 		EL(ha, "failed, length=%xh, size=%xh\n", dop->length,
2326 		    QL_24XX_VPD_SIZE);
2327 		return (EINVAL);
2328 	}
2329 
2330 	if ((rval = ql_vpd_load(ha, (void *)(uintptr_t)dop->buffer, mode))
2331 	    != 0) {
2332 		EL(ha, "failed, ql_vpd_dump\n");
2333 	} else {
2334 		/*EMPTY*/
2335 		QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2336 	}
2337 
2338 	return (rval);
2339 }
2340 
2341 /*
2342  * ql_adm_vpd_gettag
2343  *	Performs qladm QL_VPD_GETTAG command
2344  *
2345  * Input:
2346  *	ha:	adapter state pointer.
2347  *	dop:	ql_adm_op_t structure pointer.
2348  *	mode:	flags.
2349  *
2350  * Returns:
2351  *
2352  * Context:
2353  *	Kernel context.
2354  */
2355 static int
2356 ql_adm_vpd_gettag(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2357 {
2358 	int		rval = 0;
2359 	uint8_t		*lbuf;
2360 
2361 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2362 
2363 	if ((CFG_IST(ha, CFG_CTRL_24258081)) == 0) {
2364 		EL(ha, "hba does not support VPD\n");
2365 		return (EINVAL);
2366 	}
2367 
2368 	if ((lbuf = (uint8_t *)kmem_zalloc(dop->length, KM_SLEEP)) == NULL) {
2369 		EL(ha, "mem alloc failure of %xh bytes\n", dop->length);
2370 		rval = EFAULT;
2371 	} else {
2372 		if (ddi_copyin((void *)(uintptr_t)dop->buffer, lbuf,
2373 		    dop->length, mode) != 0) {
2374 			EL(ha, "ddi_copyin failed\n");
2375 			kmem_free(lbuf, dop->length);
2376 			return (EFAULT);
2377 		}
2378 
2379 		if ((rval = ql_vpd_lookup(ha, lbuf, lbuf, (int32_t)
2380 		    dop->length)) < 0) {
2381 			EL(ha, "failed vpd_lookup\n");
2382 		} else {
2383 			if (ddi_copyout(lbuf, (void *)(uintptr_t)dop->buffer,
2384 			    strlen((int8_t *)lbuf)+1, mode) != 0) {
2385 				EL(ha, "failed, ddi_copyout\n");
2386 				rval = EFAULT;
2387 			} else {
2388 				rval = 0;
2389 			}
2390 		}
2391 		kmem_free(lbuf, dop->length);
2392 	}
2393 
2394 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2395 
2396 	return (rval);
2397 }
2398 
2399 /*
2400  * ql_adm_updfwmodule
2401  *	Performs qladm QL_UPD_FWMODULE command
2402  *
2403  * Input:
2404  *	ha:	adapter state pointer.
2405  *	dop:	ql_adm_op_t structure pointer.
2406  *	mode:	flags.
2407  *
2408  * Returns:
2409  *
2410  * Context:
2411  *	Kernel context.
2412  */
2413 /* ARGSUSED */
2414 static int
2415 ql_adm_updfwmodule(ql_adapter_state_t *ha, ql_adm_op_t *dop, int mode)
2416 {
2417 	int			rval = DDI_SUCCESS;
2418 	ql_link_t		*link;
2419 	ql_adapter_state_t	*ha2 = NULL;
2420 	uint16_t		fw_class = (uint16_t)dop->option;
2421 
2422 	QL_PRINT_9(CE_CONT, "(%d): started\n", ha->instance);
2423 
2424 	/* zero the firmware module reference count */
2425 	for (link = ql_hba.first; link != NULL; link = link->next) {
2426 		ha2 = link->base_address;
2427 		if (fw_class == ha2->fw_class) {
2428 			if ((rval = ddi_modclose(ha2->fw_module)) !=
2429 			    DDI_SUCCESS) {
2430 				EL(ha2, "modclose rval=%xh\n", rval);
2431 				break;
2432 			}
2433 			ha2->fw_module = NULL;
2434 		}
2435 	}
2436 
2437 	/* reload the f/w modules */
2438 	for (link = ql_hba.first; link != NULL; link = link->next) {
2439 		ha2 = link->base_address;
2440 
2441 		if ((fw_class == ha2->fw_class) && (ha2->fw_class == NULL)) {
2442 			if ((rval = (int32_t)ql_fwmodule_resolve(ha2)) !=
2443 			    QL_SUCCESS) {
2444 				EL(ha2, "unable to load f/w module: '%x' "
2445 				    "(rval=%xh)\n", ha2->fw_class, rval);
2446 				rval = EFAULT;
2447 			} else {
2448 				EL(ha2, "f/w module updated: '%x'\n",
2449 				    ha2->fw_class);
2450 			}
2451 
2452 			EL(ha2, "isp abort needed (%d)\n", ha->instance);
2453 
2454 			ql_awaken_task_daemon(ha2, NULL, ISP_ABORT_NEEDED, 0);
2455 
2456 			rval = 0;
2457 		}
2458 	}
2459 
2460 	QL_PRINT_9(CE_CONT, "(%d): done\n", ha->instance);
2461 
2462 	return (rval);
2463 }
2464