1 /*-
2 * Copyright (c) 2009 Yahoo! Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26 /*-
27 * Copyright (c) 2011 LSI Corp.
28 * All rights reserved.
29 *
30 * Redistribution and use in source and binary forms, with or without
31 * modification, are permitted provided that the following conditions
32 * are met:
33 * 1. Redistributions of source code must retain the above copyright
34 * notice, this list of conditions and the following disclaimer.
35 * 2. Redistributions in binary form must reproduce the above copyright
36 * notice, this list of conditions and the following disclaimer in the
37 * documentation and/or other materials provided with the distribution.
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
40 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
42 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
43 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
44 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
45 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
46 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
47 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
48 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
49 * SUCH DAMAGE.
50 *
51 * LSI MPT-Fusion Host Adapter FreeBSD
52 *
53 * $FreeBSD: src/sys/dev/mps/mps_sas.c,v 1.16 2012/01/26 18:17:21 ken Exp $
54 */
55
56 /* Communications core for LSI MPT2 */
57
58 /* TODO Move headers to mpsvar */
59 #include <sys/types.h>
60 #include <sys/param.h>
61 #include <sys/systm.h>
62 #include <sys/kernel.h>
63 #include <sys/module.h>
64 #include <sys/bus.h>
65 #include <sys/conf.h>
66 #include <sys/eventhandler.h>
67 #include <sys/globaldata.h>
68 #include <sys/bio.h>
69 #include <sys/malloc.h>
70 #include <sys/uio.h>
71 #include <sys/sysctl.h>
72 #include <sys/endian.h>
73 #include <sys/queue.h>
74 #include <sys/kthread.h>
75 #include <sys/taskqueue.h>
76 #include <sys/sbuf.h>
77
78 #include <sys/rman.h>
79
80 #include <machine/stdarg.h>
81
82 #include <bus/cam/cam.h>
83 #include <bus/cam/cam_ccb.h>
84 #include <bus/cam/cam_xpt.h>
85 #include <bus/cam/cam_debug.h>
86 #include <bus/cam/cam_sim.h>
87 #include <bus/cam/cam_xpt_sim.h>
88 #include <bus/cam/cam_xpt_periph.h>
89 #include <bus/cam/cam_periph.h>
90 #include <bus/cam/scsi/scsi_all.h>
91 #include <bus/cam/scsi/scsi_message.h>
92 #if 0 /* XXX __FreeBSD_version >= 900026 */
93 #include <bus/cam/scsi/smp_all.h>
94 #endif
95
96 #include <dev/raid/mps/mpi/mpi2_type.h>
97 #include <dev/raid/mps/mpi/mpi2.h>
98 #include <dev/raid/mps/mpi/mpi2_ioc.h>
99 #include <dev/raid/mps/mpi/mpi2_sas.h>
100 #include <dev/raid/mps/mpi/mpi2_cnfg.h>
101 #include <dev/raid/mps/mpi/mpi2_init.h>
102 #include <dev/raid/mps/mpi/mpi2_tool.h>
103 #include <dev/raid/mps/mps_ioctl.h>
104 #include <dev/raid/mps/mpsvar.h>
105 #include <dev/raid/mps/mps_table.h>
106 #include <dev/raid/mps/mps_sas.h>
107
108 #define MPSSAS_DISCOVERY_TIMEOUT 20
109 #define MPSSAS_MAX_DISCOVERY_TIMEOUTS 10 /* 200 seconds */
110
111 /*
112 * static array to check SCSI OpCode for EEDP protection bits
113 */
114 #define PRO_R MPI2_SCSIIO_EEDPFLAGS_CHECK_REMOVE_OP
115 #define PRO_W MPI2_SCSIIO_EEDPFLAGS_INSERT_OP
116 #define PRO_V MPI2_SCSIIO_EEDPFLAGS_INSERT_OP
117 static uint8_t op_code_prot[256] = {
118 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
119 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
120 0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V,
121 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
122 0, PRO_W, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
123 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
124 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
125 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
126 0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V,
127 0, 0, 0, PRO_W, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
128 0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V,
129 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
130 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
131 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
132 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
133 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
134 };
135
136 static void mpssas_log_command(struct mps_command *, const char *, ...)
137 __printflike(2, 3);
138 #if 0 /* XXX unused */
139 static void mpssas_discovery_timeout(void *data);
140 #endif
141 static void mpssas_remove_device(struct mps_softc *, struct mps_command *);
142 static void mpssas_remove_complete(struct mps_softc *, struct mps_command *);
143 static void mpssas_action(struct cam_sim *sim, union ccb *ccb);
144 static void mpssas_poll(struct cam_sim *sim);
145 static void mpssas_scsiio_timeout(void *data);
146 static void mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm);
147 static void mpssas_direct_drive_io(struct mpssas_softc *sassc,
148 struct mps_command *cm, union ccb *ccb);
149 static void mpssas_action_scsiio(struct mpssas_softc *, union ccb *);
150 static void mpssas_scsiio_complete(struct mps_softc *, struct mps_command *);
151 static void mpssas_action_resetdev(struct mpssas_softc *, union ccb *);
152 #if 0 /* __FreeBSD_version >= 900026 */
153 static void mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm);
154 static void mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb,
155 uint64_t sasaddr);
156 static void mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb);
157 #endif //FreeBSD_version >= 900026
158 static void mpssas_resetdev_complete(struct mps_softc *, struct mps_command *);
159 static int mpssas_send_abort(struct mps_softc *sc, struct mps_command *tm, struct mps_command *cm);
160 static int mpssas_send_reset(struct mps_softc *sc, struct mps_command *tm, uint8_t type);
161 static void mpssas_rescan(struct mpssas_softc *sassc, union ccb *ccb);
162 static void mpssas_rescan_done(struct cam_periph *periph, union ccb *done_ccb);
163 static void mpssas_scanner_thread(void *arg);
164 #if 0 /* __FreeBSD_version >= 1000006 */
165 static void mpssas_async(void *callback_arg, uint32_t code,
166 struct cam_path *path, void *arg);
167 #else
168 static void mpssas_check_eedp(struct mpssas_softc *sassc);
169 static void mpssas_read_cap_done(struct cam_periph *periph, union ccb *done_ccb);
170 #endif
171 static int mpssas_send_portenable(struct mps_softc *sc);
172 static void mpssas_portenable_complete(struct mps_softc *sc,
173 struct mps_command *cm);
174
175 struct mpssas_target *
mpssas_find_target_by_handle(struct mpssas_softc * sassc,int start,uint16_t handle)176 mpssas_find_target_by_handle(struct mpssas_softc *sassc, int start, uint16_t handle)
177 {
178 struct mpssas_target *target;
179 int i;
180
181 for (i = start; i < sassc->sc->facts->MaxTargets; i++) {
182 target = &sassc->targets[i];
183 if (target->handle == handle)
184 return (target);
185 }
186
187 return (NULL);
188 }
189
190 /* we need to freeze the simq during attach and diag reset, to avoid failing
191 * commands before device handles have been found by discovery. Since
192 * discovery involves reading config pages and possibly sending commands,
193 * discovery actions may continue even after we receive the end of discovery
194 * event, so refcount discovery actions instead of assuming we can unfreeze
195 * the simq when we get the event.
196 */
197 void
mpssas_startup_increment(struct mpssas_softc * sassc)198 mpssas_startup_increment(struct mpssas_softc *sassc)
199 {
200 if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) {
201 if (sassc->startup_refcount++ == 0) {
202 /* just starting, freeze the simq */
203 mps_dprint(sassc->sc, MPS_INFO,
204 "%s freezing simq\n", __func__);
205 xpt_freeze_simq(sassc->sim, 1);
206 }
207 mps_dprint(sassc->sc, MPS_TRACE, "%s refcount %u\n", __func__,
208 sassc->startup_refcount);
209 }
210 }
211
212 void
mpssas_startup_decrement(struct mpssas_softc * sassc)213 mpssas_startup_decrement(struct mpssas_softc *sassc)
214 {
215 if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) {
216 if (--sassc->startup_refcount == 0) {
217 /* finished all discovery-related actions, release
218 * the simq and rescan for the latest topology.
219 */
220 mps_dprint(sassc->sc, MPS_INFO,
221 "%s releasing simq\n", __func__);
222 sassc->flags &= ~MPSSAS_IN_STARTUP;
223 xpt_release_simq(sassc->sim, 1);
224 mpssas_rescan_target(sassc->sc, NULL);
225 }
226 mps_dprint(sassc->sc, MPS_TRACE, "%s refcount %u\n", __func__,
227 sassc->startup_refcount);
228 }
229 }
230
231 /* LSI's firmware requires us to stop sending commands when we're doing task
232 * management, so refcount the TMs and keep the simq frozen when any are in
233 * use.
234 */
235 struct mps_command *
mpssas_alloc_tm(struct mps_softc * sc)236 mpssas_alloc_tm(struct mps_softc *sc)
237 {
238 struct mps_command *tm;
239
240 tm = mps_alloc_high_priority_command(sc);
241 if (tm != NULL) {
242 if (sc->sassc->tm_count++ == 0) {
243 mps_printf(sc, "%s freezing simq\n", __func__);
244 xpt_freeze_simq(sc->sassc->sim, 1);
245 }
246 mps_dprint(sc, MPS_TRACE, "%s tm_count %u\n", __func__,
247 sc->sassc->tm_count);
248 }
249 return tm;
250 }
251
252 void
mpssas_free_tm(struct mps_softc * sc,struct mps_command * tm)253 mpssas_free_tm(struct mps_softc *sc, struct mps_command *tm)
254 {
255 if (tm == NULL)
256 return;
257
258 /* if there are no TMs in use, we can release the simq. We use our
259 * own refcount so that it's easier for a diag reset to cleanup and
260 * release the simq.
261 */
262 if (--sc->sassc->tm_count == 0) {
263 mps_printf(sc, "%s releasing simq\n", __func__);
264 xpt_release_simq(sc->sassc->sim, 1);
265 }
266 mps_dprint(sc, MPS_TRACE, "%s tm_count %u\n", __func__,
267 sc->sassc->tm_count);
268
269 mps_free_high_priority_command(sc, tm);
270 }
271
272
273 void
mpssas_rescan_target(struct mps_softc * sc,struct mpssas_target * targ)274 mpssas_rescan_target(struct mps_softc *sc, struct mpssas_target *targ)
275 {
276 struct mpssas_softc *sassc = sc->sassc;
277 path_id_t pathid;
278 target_id_t targetid;
279 union ccb *ccb;
280
281 pathid = cam_sim_path(sassc->sim);
282 if (targ == NULL)
283 targetid = CAM_TARGET_WILDCARD;
284 else
285 targetid = targ - sassc->targets;
286
287 /*
288 * Allocate a CCB and schedule a rescan.
289 */
290 ccb = xpt_alloc_ccb();
291
292 if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, pathid,
293 targetid, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
294 mps_dprint(sc, MPS_FAULT, "unable to create path for rescan\n");
295 xpt_free_ccb(&ccb->ccb_h);
296 return;
297 }
298
299 /* XXX Hardwired to scan the bus for now */
300 ccb->ccb_h.func_code = XPT_SCAN_BUS;
301 mps_dprint(sc, MPS_TRACE, "%s targetid %u\n", __func__, targetid);
302 mpssas_rescan(sassc, ccb);
303 }
304
305 static void
mpssas_log_command(struct mps_command * cm,const char * fmt,...)306 mpssas_log_command(struct mps_command *cm, const char *fmt, ...)
307 {
308 struct sbuf sb;
309 __va_list ap;
310 char str[192];
311 char path_str[64];
312
313 if (cm == NULL)
314 return;
315
316 sbuf_new(&sb, str, sizeof(str), 0);
317
318 __va_start(ap, fmt);
319
320 if (cm->cm_ccb != NULL) {
321 xpt_path_string(cm->cm_ccb->csio.ccb_h.path, path_str,
322 sizeof(path_str));
323 sbuf_cat(&sb, path_str);
324 if (cm->cm_ccb->ccb_h.func_code == XPT_SCSI_IO) {
325 scsi_command_string(&cm->cm_ccb->csio, &sb);
326 sbuf_printf(&sb, "length %d ",
327 cm->cm_ccb->csio.dxfer_len);
328 }
329 }
330 else {
331 sbuf_printf(&sb, "(noperiph:%s%d:%u:%u:%u): ",
332 cam_sim_name(cm->cm_sc->sassc->sim),
333 cam_sim_unit(cm->cm_sc->sassc->sim),
334 cam_sim_bus(cm->cm_sc->sassc->sim),
335 cm->cm_targ ? cm->cm_targ->tid : 0xFFFFFFFF,
336 cm->cm_lun);
337 }
338
339 sbuf_printf(&sb, "SMID %u ", cm->cm_desc.Default.SMID);
340 sbuf_vprintf(&sb, fmt, ap);
341 sbuf_finish(&sb);
342 kprintf("%s", sbuf_data(&sb));
343
344 __va_end(ap);
345 }
346
347 static void
mpssas_remove_volume(struct mps_softc * sc,struct mps_command * tm)348 mpssas_remove_volume(struct mps_softc *sc, struct mps_command *tm)
349 {
350 MPI2_SCSI_TASK_MANAGE_REPLY *reply;
351 struct mpssas_target *targ;
352 uint16_t handle;
353
354 mps_dprint(sc, MPS_INFO, "%s\n", __func__);
355
356 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
357 handle = (uint16_t)(uintptr_t)tm->cm_complete_data;
358 targ = tm->cm_targ;
359
360 if (reply == NULL) {
361 /* XXX retry the remove after the diag reset completes? */
362 mps_printf(sc, "%s NULL reply reseting device 0x%04x\n",
363 __func__, handle);
364 mpssas_free_tm(sc, tm);
365 return;
366 }
367
368 if (reply->IOCStatus != MPI2_IOCSTATUS_SUCCESS) {
369 mps_printf(sc, "IOCStatus = 0x%x while resetting device 0x%x\n",
370 reply->IOCStatus, handle);
371 mpssas_free_tm(sc, tm);
372 return;
373 }
374
375 mps_printf(sc, "Reset aborted %u commands\n", reply->TerminationCount);
376 mps_free_reply(sc, tm->cm_reply_data);
377 tm->cm_reply = NULL; /* Ensures the reply won't get re-freed */
378
379 mps_printf(sc, "clearing target %u handle 0x%04x\n", targ->tid, handle);
380
381 /*
382 * Don't clear target if remove fails because things will get confusing.
383 * Leave the devname and sasaddr intact so that we know to avoid reusing
384 * this target id if possible, and so we can assign the same target id
385 * to this device if it comes back in the future.
386 */
387 if (reply->IOCStatus == MPI2_IOCSTATUS_SUCCESS) {
388 targ = tm->cm_targ;
389 targ->handle = 0x0;
390 targ->encl_handle = 0x0;
391 targ->encl_slot = 0x0;
392 targ->exp_dev_handle = 0x0;
393 targ->phy_num = 0x0;
394 targ->linkrate = 0x0;
395 targ->devinfo = 0x0;
396 targ->flags = 0x0;
397 }
398
399 mpssas_free_tm(sc, tm);
400 }
401
402 /*
403 * No Need to call "MPI2_SAS_OP_REMOVE_DEVICE" For Volume removal.
404 * Otherwise Volume Delete is same as Bare Drive Removal.
405 */
406 void
mpssas_prepare_volume_remove(struct mpssas_softc * sassc,uint16_t handle)407 mpssas_prepare_volume_remove(struct mpssas_softc *sassc, uint16_t handle)
408 {
409 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
410 struct mps_softc *sc;
411 struct mps_command *cm;
412 struct mpssas_target *targ = NULL;
413
414 mps_dprint(sassc->sc, MPS_INFO, "%s\n", __func__);
415 sc = sassc->sc;
416
417 #ifdef WD_SUPPORT
418 /*
419 * If this is a WD controller, determine if the disk should be exposed
420 * to the OS or not. If disk should be exposed, return from this
421 * function without doing anything.
422 */
423 if (sc->WD_available && (sc->WD_hide_expose ==
424 MPS_WD_EXPOSE_ALWAYS)) {
425 return;
426 }
427 #endif
428
429 targ = mpssas_find_target_by_handle(sassc, 0, handle);
430 if (targ == NULL) {
431 /* FIXME: what is the action? */
432 /* We don't know about this device? */
433 kprintf("%s %d : invalid handle 0x%x \n", __func__,__LINE__, handle);
434 return;
435 }
436
437 targ->flags |= MPSSAS_TARGET_INREMOVAL;
438
439 cm = mpssas_alloc_tm(sc);
440 if (cm == NULL) {
441 mps_printf(sc, "%s: command alloc failure\n", __func__);
442 return;
443 }
444
445 mpssas_rescan_target(sc, targ);
446
447 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
448 req->DevHandle = targ->handle;
449 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
450 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
451
452 /* SAS Hard Link Reset / SATA Link Reset */
453 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
454
455 cm->cm_targ = targ;
456 cm->cm_data = NULL;
457 cm->cm_desc.HighPriority.RequestFlags =
458 MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY;
459 cm->cm_complete = mpssas_remove_volume;
460 cm->cm_complete_data = (void *)(uintptr_t)handle;
461 mps_map_command(sc, cm);
462 }
463
464 /*
465 * The MPT2 firmware performs debounce on the link to avoid transient link
466 * errors and false removals. When it does decide that link has been lost
467 * and a device need to go away, it expects that the host will perform a
468 * target reset and then an op remove. The reset has the side-effect of
469 * aborting any outstanding requests for the device, which is required for
470 * the op-remove to succeed. It's not clear if the host should check for
471 * the device coming back alive after the reset.
472 */
473 void
mpssas_prepare_remove(struct mpssas_softc * sassc,uint16_t handle)474 mpssas_prepare_remove(struct mpssas_softc *sassc, uint16_t handle)
475 {
476 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
477 struct mps_softc *sc;
478 struct mps_command *cm;
479 struct mpssas_target *targ = NULL;
480
481 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
482
483 /*
484 * If this is a WD controller, determine if the disk should be exposed
485 * to the OS or not. If disk should be exposed, return from this
486 * function without doing anything.
487 */
488 sc = sassc->sc;
489 if ((sc->mps_flags & MPS_FLAGS_WD_AVAILABLE) && (sc->WD_hide_expose ==
490 MPS_WD_EXPOSE_ALWAYS)) {
491 return;
492 }
493
494 targ = mpssas_find_target_by_handle(sassc, 0, handle);
495 if (targ == NULL) {
496 /* FIXME: what is the action? */
497 /* We don't know about this device? */
498 kprintf("%s %d : invalid handle 0x%x \n", __func__,__LINE__, handle);
499 return;
500 }
501
502 targ->flags |= MPSSAS_TARGET_INREMOVAL;
503
504 cm = mpssas_alloc_tm(sc);
505 if (cm == NULL) {
506 mps_printf(sc, "%s: command alloc failure\n", __func__);
507 return;
508 }
509
510 mpssas_rescan_target(sc, targ);
511
512 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
513 memset(req, 0, sizeof(*req));
514 req->DevHandle = targ->handle;
515 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
516 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
517
518 /* SAS Hard Link Reset / SATA Link Reset */
519 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
520
521 cm->cm_targ = targ;
522 cm->cm_data = NULL;
523 cm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY;
524 cm->cm_complete = mpssas_remove_device;
525 cm->cm_complete_data = (void *)(uintptr_t)handle;
526 mps_map_command(sc, cm);
527 }
528
529 static void
mpssas_remove_device(struct mps_softc * sc,struct mps_command * tm)530 mpssas_remove_device(struct mps_softc *sc, struct mps_command *tm)
531 {
532 MPI2_SCSI_TASK_MANAGE_REPLY *reply;
533 MPI2_SAS_IOUNIT_CONTROL_REQUEST *req;
534 struct mpssas_target *targ;
535 struct mps_command *next_cm;
536 uint16_t handle;
537
538 mps_dprint(sc, MPS_INFO, "%s\n", __func__);
539
540 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
541 handle = (uint16_t)(uintptr_t)tm->cm_complete_data;
542 targ = tm->cm_targ;
543
544 /*
545 * Currently there should be no way we can hit this case. It only
546 * happens when we have a failure to allocate chain frames, and
547 * task management commands don't have S/G lists.
548 */
549 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
550 mps_printf(sc, "%s: cm_flags = %#x for remove of handle %#04x! "
551 "This should not happen!\n", __func__, tm->cm_flags,
552 handle);
553 mpssas_free_tm(sc, tm);
554 return;
555 }
556
557 if (reply == NULL) {
558 /* XXX retry the remove after the diag reset completes? */
559 mps_printf(sc, "%s NULL reply reseting device 0x%04x\n",
560 __func__, handle);
561 mpssas_free_tm(sc, tm);
562 return;
563 }
564
565 if (reply->IOCStatus != MPI2_IOCSTATUS_SUCCESS) {
566 mps_printf(sc, "IOCStatus = 0x%x while resetting device 0x%x\n",
567 reply->IOCStatus, handle);
568 mpssas_free_tm(sc, tm);
569 return;
570 }
571
572 mps_dprint(sc, MPS_INFO, "Reset aborted %u commands\n",
573 reply->TerminationCount);
574 mps_free_reply(sc, tm->cm_reply_data);
575 tm->cm_reply = NULL; /* Ensures the reply won't get re-freed */
576
577 /* Reuse the existing command */
578 req = (MPI2_SAS_IOUNIT_CONTROL_REQUEST *)tm->cm_req;
579 memset(req, 0, sizeof(*req));
580 req->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
581 req->Operation = MPI2_SAS_OP_REMOVE_DEVICE;
582 req->DevHandle = handle;
583 tm->cm_data = NULL;
584 tm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
585 tm->cm_complete = mpssas_remove_complete;
586 tm->cm_complete_data = (void *)(uintptr_t)handle;
587
588 mps_map_command(sc, tm);
589
590 mps_dprint(sc, MPS_INFO, "clearing target %u handle 0x%04x\n",
591 targ->tid, handle);
592 TAILQ_FOREACH_MUTABLE(tm, &targ->commands, cm_link, next_cm) {
593 union ccb *ccb;
594
595 mps_dprint(sc, MPS_INFO, "Completing missed command %p\n", tm);
596 ccb = tm->cm_complete_data;
597 ccb->ccb_h.status = CAM_DEV_NOT_THERE;
598 mpssas_scsiio_complete(sc, tm);
599 }
600 }
601
602 static void
mpssas_remove_complete(struct mps_softc * sc,struct mps_command * tm)603 mpssas_remove_complete(struct mps_softc *sc, struct mps_command *tm)
604 {
605 MPI2_SAS_IOUNIT_CONTROL_REPLY *reply;
606 uint16_t handle;
607 struct mpssas_target *targ;
608
609 mps_dprint(sc, MPS_INFO, "%s\n", __func__);
610
611 reply = (MPI2_SAS_IOUNIT_CONTROL_REPLY *)tm->cm_reply;
612 handle = (uint16_t)(uintptr_t)tm->cm_complete_data;
613
614 /*
615 * Currently there should be no way we can hit this case. It only
616 * happens when we have a failure to allocate chain frames, and
617 * task management commands don't have S/G lists.
618 */
619 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
620 mps_printf(sc, "%s: cm_flags = %#x for remove of handle %#04x! "
621 "This should not happen!\n", __func__, tm->cm_flags,
622 handle);
623 mpssas_free_tm(sc, tm);
624 return;
625 }
626
627 if (reply == NULL) {
628 /* most likely a chip reset */
629 mps_printf(sc, "%s NULL reply removing device 0x%04x\n",
630 __func__, handle);
631 mpssas_free_tm(sc, tm);
632 return;
633 }
634
635 mps_printf(sc, "%s on handle 0x%04x, IOCStatus= 0x%x\n", __func__,
636 handle, reply->IOCStatus);
637
638 /*
639 * Don't clear target if remove fails because things will get confusing.
640 * Leave the devname and sasaddr intact so that we know to avoid reusing
641 * this target id if possible, and so we can assign the same target id
642 * to this device if it comes back in the future.
643 */
644 if (reply->IOCStatus == MPI2_IOCSTATUS_SUCCESS) {
645 targ = tm->cm_targ;
646 targ->handle = 0x0;
647 targ->encl_handle = 0x0;
648 targ->encl_slot = 0x0;
649 targ->exp_dev_handle = 0x0;
650 targ->phy_num = 0x0;
651 targ->linkrate = 0x0;
652 targ->devinfo = 0x0;
653 targ->flags = 0x0;
654 }
655
656 mpssas_free_tm(sc, tm);
657 }
658
659 static int
mpssas_register_events(struct mps_softc * sc)660 mpssas_register_events(struct mps_softc *sc)
661 {
662 uint8_t events[16];
663
664 bzero(events, 16);
665 setbit(events, MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE);
666 setbit(events, MPI2_EVENT_SAS_DISCOVERY);
667 setbit(events, MPI2_EVENT_SAS_BROADCAST_PRIMITIVE);
668 setbit(events, MPI2_EVENT_SAS_INIT_DEVICE_STATUS_CHANGE);
669 setbit(events, MPI2_EVENT_SAS_INIT_TABLE_OVERFLOW);
670 setbit(events, MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST);
671 setbit(events, MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE);
672 setbit(events, MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST);
673 setbit(events, MPI2_EVENT_IR_VOLUME);
674 setbit(events, MPI2_EVENT_IR_PHYSICAL_DISK);
675 setbit(events, MPI2_EVENT_IR_OPERATION_STATUS);
676 setbit(events, MPI2_EVENT_LOG_ENTRY_ADDED);
677
678 mps_register_events(sc, events, mpssas_evt_handler, NULL,
679 &sc->sassc->mpssas_eh);
680
681 return (0);
682 }
683
684 int
mps_attach_sas(struct mps_softc * sc)685 mps_attach_sas(struct mps_softc *sc)
686 {
687 struct mpssas_softc *sassc;
688 #if 0 /* __FreeBSD_version >= 1000006 */
689 cam_status status;
690 #endif
691 int unit, error = 0;
692
693 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
694
695 sassc = kmalloc(sizeof(struct mpssas_softc), M_MPT2, M_WAITOK|M_ZERO);
696 sassc->targets = kmalloc(sizeof(struct mpssas_target) *
697 sc->facts->MaxTargets, M_MPT2, M_WAITOK|M_ZERO);
698 sc->sassc = sassc;
699 sassc->sc = sc;
700
701 if ((sassc->devq = cam_simq_alloc(sc->num_reqs)) == NULL) {
702 mps_dprint(sc, MPS_FAULT, "Cannot allocate SIMQ\n");
703 error = ENOMEM;
704 goto out;
705 }
706
707 unit = device_get_unit(sc->mps_dev);
708 sassc->sim = cam_sim_alloc(mpssas_action, mpssas_poll, "mps", sassc,
709 unit, &sc->mps_lock, sc->num_reqs, sc->num_reqs, sassc->devq);
710 cam_simq_release(sassc->devq);
711 if (sassc->sim == NULL) {
712 mps_dprint(sc, MPS_FAULT, "Cannot allocate SIM\n");
713 error = EINVAL;
714 goto out;
715 }
716
717 TAILQ_INIT(&sassc->ev_queue);
718
719 /* Initialize taskqueue for Event Handling */
720 TASK_INIT(&sassc->ev_task, 0, mpssas_firmware_event_work, sc);
721 sassc->ev_tq = taskqueue_create("mps_taskq", M_INTWAIT | M_ZERO,
722 taskqueue_thread_enqueue, &sassc->ev_tq);
723
724 /* Run the task queue with lowest priority */
725 taskqueue_start_threads(&sassc->ev_tq, 1, TDPRI_KERN_DAEMON,
726 -1, "%s taskq",
727 device_get_nameunit(sc->mps_dev));
728
729 TAILQ_INIT(&sassc->ccb_scanq);
730 error = mps_kproc_create(mpssas_scanner_thread, sassc,
731 &sassc->rescan_thread, 0, 0, "mps_scan%d", unit);
732 if (error) {
733 mps_printf(sc, "Error %d starting rescan thread\n", error);
734 goto out;
735 }
736
737 mps_lock(sc);
738 sassc->flags |= MPSSAS_SCANTHREAD;
739
740 /*
741 * XXX There should be a bus for every port on the adapter, but since
742 * we're just going to fake the topology for now, we'll pretend that
743 * everything is just a target on a single bus.
744 */
745 if ((error = xpt_bus_register(sassc->sim, 0)) != 0) {
746 mps_dprint(sc, MPS_FAULT, "Error %d registering SCSI bus\n",
747 error);
748 mps_unlock(sc);
749 goto out;
750 }
751
752 /*
753 * Assume that discovery events will start right away. Freezing
754 * the simq will prevent the CAM boottime scanner from running
755 * before discovery is complete.
756 */
757 sassc->flags |= MPSSAS_IN_STARTUP | MPSSAS_IN_DISCOVERY;
758 xpt_freeze_simq(sassc->sim, 1);
759 sc->sassc->startup_refcount = 0;
760
761 callout_init_mp(&sassc->discovery_callout);
762 sassc->discovery_timeouts = 0;
763
764 sassc->tm_count = 0;
765
766 #if 0 /* __FreeBSD_version >= 1000006 */
767 status = xpt_register_async(AC_ADVINFO_CHANGED, mpssas_async, sc, NULL);
768 if (status != CAM_REQ_CMP) {
769 mps_printf(sc, "Error %#x registering async handler for "
770 "AC_ADVINFO_CHANGED events\n", status);
771 }
772 #endif
773
774 mps_unlock(sc);
775
776 mpssas_register_events(sc);
777 out:
778 if (error)
779 mps_detach_sas(sc);
780 return (error);
781 }
782
783 int
mps_detach_sas(struct mps_softc * sc)784 mps_detach_sas(struct mps_softc *sc)
785 {
786 struct mpssas_softc *sassc;
787
788 mps_dprint(sc, MPS_INFO, "%s\n", __func__);
789
790 if (sc->sassc == NULL)
791 return (0);
792
793 sassc = sc->sassc;
794 mps_deregister_events(sc, sassc->mpssas_eh);
795
796 /*
797 * Drain and free the event handling taskqueue with the lock
798 * unheld so that any parallel processing tasks drain properly
799 * without deadlocking.
800 */
801 if (sassc->ev_tq != NULL)
802 taskqueue_free(sassc->ev_tq);
803
804 /* Make sure CAM doesn't wedge if we had to bail out early. */
805 mps_lock(sc);
806
807 /* Deregister our async handler */
808 #if 0 /* __FreeBSD_version >= 1000006 */
809 xpt_register_async(0, mpssas_async, sc, NULL);
810 #endif
811
812 if (sassc->flags & MPSSAS_IN_STARTUP)
813 xpt_release_simq(sassc->sim, 1);
814
815 if (sassc->sim != NULL) {
816 xpt_bus_deregister(cam_sim_path(sassc->sim));
817 cam_sim_free(sassc->sim);
818 }
819
820 if (sassc->flags & MPSSAS_SCANTHREAD) {
821 sassc->flags |= MPSSAS_SHUTDOWN;
822 wakeup(&sassc->ccb_scanq);
823
824 if (sassc->flags & MPSSAS_SCANTHREAD) {
825 lksleep(&sassc->flags, &sc->mps_lock, 0,
826 "mps_shutdown", 30 * hz);
827 }
828 }
829 mps_unlock(sc);
830
831 kfree(sassc->targets, M_MPT2);
832 kfree(sassc, M_MPT2);
833 sc->sassc = NULL;
834
835 return (0);
836 }
837
838 void
mpssas_discovery_end(struct mpssas_softc * sassc)839 mpssas_discovery_end(struct mpssas_softc *sassc)
840 {
841 struct mps_softc *sc = sassc->sc;
842
843 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
844
845 if (sassc->flags & MPSSAS_DISCOVERY_TIMEOUT_PENDING)
846 callout_stop(&sassc->discovery_callout);
847
848 }
849
850 #if 0 /* XXX unused */
851 static void
852 mpssas_discovery_timeout(void *data)
853 {
854 struct mpssas_softc *sassc = data;
855 struct mps_softc *sc;
856
857 sc = sassc->sc;
858 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
859
860 mps_lock(sc);
861 mps_printf(sc,
862 "Timeout waiting for discovery, interrupts may not be working!\n");
863 sassc->flags &= ~MPSSAS_DISCOVERY_TIMEOUT_PENDING;
864
865 /* Poll the hardware for events in case interrupts aren't working */
866 mps_intr_locked(sc);
867
868 mps_printf(sassc->sc,
869 "Finished polling after discovery timeout at %d\n", ticks);
870
871 if ((sassc->flags & MPSSAS_IN_DISCOVERY) == 0) {
872 mpssas_discovery_end(sassc);
873 } else {
874 if (sassc->discovery_timeouts < MPSSAS_MAX_DISCOVERY_TIMEOUTS) {
875 sassc->flags |= MPSSAS_DISCOVERY_TIMEOUT_PENDING;
876 callout_reset(&sassc->discovery_callout,
877 MPSSAS_DISCOVERY_TIMEOUT * hz,
878 mpssas_discovery_timeout, sassc);
879 sassc->discovery_timeouts++;
880 } else {
881 mps_dprint(sassc->sc, MPS_FAULT,
882 "Discovery timed out, continuing.\n");
883 sassc->flags &= ~MPSSAS_IN_DISCOVERY;
884 mpssas_discovery_end(sassc);
885 }
886 }
887
888 mps_unlock(sc);
889 }
890 #endif
891
892 static void
mpssas_action(struct cam_sim * sim,union ccb * ccb)893 mpssas_action(struct cam_sim *sim, union ccb *ccb)
894 {
895 struct mpssas_softc *sassc;
896
897 sassc = cam_sim_softc(sim);
898
899 mps_dprint(sassc->sc, MPS_TRACE, "%s func 0x%x\n", __func__,
900 ccb->ccb_h.func_code);
901 KKASSERT(lockstatus(&sassc->sc->mps_lock, curthread) != 0);
902
903 switch (ccb->ccb_h.func_code) {
904 case XPT_PATH_INQ:
905 {
906 struct ccb_pathinq *cpi = &ccb->cpi;
907
908 cpi->version_num = 1;
909 cpi->hba_inquiry = PI_SDTR_ABLE|PI_TAG_ABLE|PI_WIDE_16;
910 cpi->target_sprt = 0;
911 cpi->hba_misc = PIM_NOBUSRESET;
912 cpi->hba_eng_cnt = 0;
913 cpi->max_target = sassc->sc->facts->MaxTargets - 1;
914 cpi->max_lun = 8;
915 cpi->initiator_id = sassc->sc->facts->MaxTargets - 1;
916 strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
917 strncpy(cpi->hba_vid, "LSILogic", HBA_IDLEN);
918 strncpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
919 cpi->unit_number = cam_sim_unit(sim);
920 cpi->bus_id = cam_sim_bus(sim);
921 cpi->base_transfer_speed = 150000;
922 cpi->transport = XPORT_SAS;
923 cpi->transport_version = 0;
924 cpi->protocol = PROTO_SCSI;
925 cpi->protocol_version = SCSI_REV_SPC;
926 #if 0 /* __FreeBSD_version >= 800001 */
927 /*
928 * XXX KDM where does this number come from?
929 */
930 cpi->maxio = 256 * 1024;
931 #endif
932 cpi->ccb_h.status = CAM_REQ_CMP;
933 break;
934 }
935 case XPT_GET_TRAN_SETTINGS:
936 {
937 struct ccb_trans_settings *cts;
938 struct ccb_trans_settings_sas *sas;
939 struct ccb_trans_settings_scsi *scsi;
940 struct mpssas_target *targ;
941
942 cts = &ccb->cts;
943 sas = &cts->xport_specific.sas;
944 scsi = &cts->proto_specific.scsi;
945
946 targ = &sassc->targets[cts->ccb_h.target_id];
947 if (targ->handle == 0x0) {
948 cts->ccb_h.status = CAM_TID_INVALID;
949 break;
950 }
951
952 cts->protocol_version = SCSI_REV_SPC2;
953 cts->transport = XPORT_SAS;
954 cts->transport_version = 0;
955
956 sas->valid = CTS_SAS_VALID_SPEED;
957 switch (targ->linkrate) {
958 case 0x08:
959 sas->bitrate = 150000;
960 break;
961 case 0x09:
962 sas->bitrate = 300000;
963 break;
964 case 0x0a:
965 sas->bitrate = 600000;
966 break;
967 default:
968 sas->valid = 0;
969 }
970
971 cts->protocol = PROTO_SCSI;
972 scsi->valid = CTS_SCSI_VALID_TQ;
973 scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
974
975 cts->ccb_h.status = CAM_REQ_CMP;
976 break;
977 }
978 case XPT_CALC_GEOMETRY:
979 cam_calc_geometry(&ccb->ccg, /*extended*/1);
980 break;
981 case XPT_RESET_DEV:
982 mps_printf(sassc->sc, "mpssas_action XPT_RESET_DEV\n");
983 mpssas_action_resetdev(sassc, ccb);
984 return;
985 case XPT_RESET_BUS:
986 case XPT_ABORT:
987 case XPT_TERM_IO:
988 mps_printf(sassc->sc, "mpssas_action faking success for "
989 "abort or reset\n");
990 ccb->ccb_h.status = CAM_REQ_CMP;
991 break;
992 case XPT_SCSI_IO:
993 mpssas_action_scsiio(sassc, ccb);
994 return;
995 #if 0 /* __FreeBSD_version >= 900026 */
996 case XPT_SMP_IO:
997 mpssas_action_smpio(sassc, ccb);
998 return;
999 #endif
1000 default:
1001 ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
1002 break;
1003 }
1004 xpt_done(ccb);
1005
1006 }
1007
1008 static void
mpssas_announce_reset(struct mps_softc * sc,uint32_t ac_code,target_id_t target_id,lun_id_t lun_id)1009 mpssas_announce_reset(struct mps_softc *sc, uint32_t ac_code,
1010 target_id_t target_id, lun_id_t lun_id)
1011 {
1012 path_id_t path_id = cam_sim_path(sc->sassc->sim);
1013 struct cam_path *path;
1014
1015 mps_printf(sc, "%s code %x target %d lun %d\n", __func__,
1016 ac_code, target_id, lun_id);
1017
1018 if (xpt_create_path(&path, NULL,
1019 path_id, target_id, lun_id) != CAM_REQ_CMP) {
1020 mps_printf(sc, "unable to create path for reset "
1021 "notification\n");
1022 return;
1023 }
1024
1025 xpt_async(ac_code, path, NULL);
1026 xpt_free_path(path);
1027 }
1028
1029 static void
mpssas_complete_all_commands(struct mps_softc * sc)1030 mpssas_complete_all_commands(struct mps_softc *sc)
1031 {
1032 struct mps_command *cm;
1033 int i;
1034 int completed;
1035
1036 mps_printf(sc, "%s\n", __func__);
1037 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
1038
1039 /* complete all commands with a NULL reply */
1040 for (i = 1; i < sc->num_reqs; i++) {
1041 cm = &sc->commands[i];
1042 cm->cm_reply = NULL;
1043 completed = 0;
1044
1045 if (cm->cm_flags & MPS_CM_FLAGS_POLLED)
1046 cm->cm_flags |= MPS_CM_FLAGS_COMPLETE;
1047
1048 if (cm->cm_complete != NULL) {
1049 mpssas_log_command(cm,
1050 "completing cm %p state %x ccb %p for diag reset\n",
1051 cm, cm->cm_state, cm->cm_ccb);
1052
1053 cm->cm_complete(sc, cm);
1054 completed = 1;
1055 }
1056
1057 if (cm->cm_flags & MPS_CM_FLAGS_WAKEUP) {
1058 mpssas_log_command(cm,
1059 "waking up cm %p state %x ccb %p for diag reset\n",
1060 cm, cm->cm_state, cm->cm_ccb);
1061 wakeup(cm);
1062 completed = 1;
1063 }
1064
1065 if ((completed == 0) && (cm->cm_state != MPS_CM_STATE_FREE)) {
1066 /* this should never happen, but if it does, log */
1067 mpssas_log_command(cm,
1068 "cm %p state %x flags 0x%x ccb %p during diag "
1069 "reset\n", cm, cm->cm_state, cm->cm_flags,
1070 cm->cm_ccb);
1071 }
1072 }
1073 }
1074
1075 void
mpssas_handle_reinit(struct mps_softc * sc)1076 mpssas_handle_reinit(struct mps_softc *sc)
1077 {
1078 int i;
1079
1080 /* Go back into startup mode and freeze the simq, so that CAM
1081 * doesn't send any commands until after we've rediscovered all
1082 * targets and found the proper device handles for them.
1083 *
1084 * After the reset, portenable will trigger discovery, and after all
1085 * discovery-related activities have finished, the simq will be
1086 * released.
1087 */
1088 mps_printf(sc, "%s startup\n", __func__);
1089 sc->sassc->flags |= MPSSAS_IN_STARTUP;
1090 sc->sassc->flags |= MPSSAS_IN_DISCOVERY;
1091 xpt_freeze_simq(sc->sassc->sim, 1);
1092
1093 /* notify CAM of a bus reset */
1094 mpssas_announce_reset(sc, AC_BUS_RESET, CAM_TARGET_WILDCARD,
1095 CAM_LUN_WILDCARD);
1096
1097 /* complete and cleanup after all outstanding commands */
1098 mpssas_complete_all_commands(sc);
1099
1100 mps_printf(sc, "%s startup %u tm %u after command completion\n",
1101 __func__, sc->sassc->startup_refcount, sc->sassc->tm_count);
1102
1103 /*
1104 * The simq was explicitly frozen above, so set the refcount to 0.
1105 * The simq will be explicitly released after port enable completes.
1106 */
1107 sc->sassc->startup_refcount = 0;
1108
1109 /* zero all the target handles, since they may change after the
1110 * reset, and we have to rediscover all the targets and use the new
1111 * handles.
1112 */
1113 for (i = 0; i < sc->facts->MaxTargets; i++) {
1114 if (sc->sassc->targets[i].outstanding != 0)
1115 mps_printf(sc, "target %u outstanding %u\n",
1116 i, sc->sassc->targets[i].outstanding);
1117 sc->sassc->targets[i].handle = 0x0;
1118 sc->sassc->targets[i].exp_dev_handle = 0x0;
1119 sc->sassc->targets[i].outstanding = 0;
1120 sc->sassc->targets[i].flags = MPSSAS_TARGET_INDIAGRESET;
1121 }
1122 }
1123 static void
mpssas_tm_timeout(void * data)1124 mpssas_tm_timeout(void *data)
1125 {
1126 struct mps_command *tm = data;
1127 struct mps_softc *sc = tm->cm_sc;
1128
1129 mps_lock(sc);
1130 mpssas_log_command(tm, "task mgmt %p timed out\n", tm);
1131 mps_reinit(sc);
1132 mps_unlock(sc);
1133 }
1134
1135 static void
mpssas_logical_unit_reset_complete(struct mps_softc * sc,struct mps_command * tm)1136 mpssas_logical_unit_reset_complete(struct mps_softc *sc, struct mps_command *tm)
1137 {
1138 MPI2_SCSI_TASK_MANAGE_REPLY *reply;
1139 unsigned int cm_count = 0;
1140 struct mps_command *cm;
1141 struct mpssas_target *targ;
1142
1143 callout_stop(&tm->cm_callout);
1144
1145 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
1146 targ = tm->cm_targ;
1147
1148 /*
1149 * Currently there should be no way we can hit this case. It only
1150 * happens when we have a failure to allocate chain frames, and
1151 * task management commands don't have S/G lists.
1152 */
1153 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1154 mps_printf(sc, "%s: cm_flags = %#x for LUN reset! "
1155 "This should not happen!\n", __func__, tm->cm_flags);
1156 mpssas_free_tm(sc, tm);
1157 return;
1158 }
1159
1160 if (reply == NULL) {
1161 mpssas_log_command(tm, "NULL reset reply for tm %p\n", tm);
1162 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1163 /* this completion was due to a reset, just cleanup */
1164 targ->flags &= ~MPSSAS_TARGET_INRESET;
1165 targ->tm = NULL;
1166 mpssas_free_tm(sc, tm);
1167 }
1168 else {
1169 /* we should have gotten a reply. */
1170 mps_reinit(sc);
1171 }
1172 return;
1173 }
1174
1175 mpssas_log_command(tm,
1176 "logical unit reset status 0x%x code 0x%x count %u\n",
1177 reply->IOCStatus, reply->ResponseCode,
1178 reply->TerminationCount);
1179
1180 /* See if there are any outstanding commands for this LUN.
1181 * This could be made more efficient by using a per-LU data
1182 * structure of some sort.
1183 */
1184 TAILQ_FOREACH(cm, &targ->commands, cm_link) {
1185 if (cm->cm_lun == tm->cm_lun)
1186 cm_count++;
1187 }
1188
1189 if (cm_count == 0) {
1190 mpssas_log_command(tm,
1191 "logical unit %u finished recovery after reset\n",
1192 tm->cm_lun);
1193
1194 mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid,
1195 tm->cm_lun);
1196
1197 /* we've finished recovery for this logical unit. check and
1198 * see if some other logical unit has a timedout command
1199 * that needs to be processed.
1200 */
1201 cm = TAILQ_FIRST(&targ->timedout_commands);
1202 if (cm) {
1203 mpssas_send_abort(sc, tm, cm);
1204 }
1205 else {
1206 targ->tm = NULL;
1207 mpssas_free_tm(sc, tm);
1208 }
1209 }
1210 else {
1211 /* if we still have commands for this LUN, the reset
1212 * effectively failed, regardless of the status reported.
1213 * Escalate to a target reset.
1214 */
1215 mpssas_log_command(tm,
1216 "logical unit reset complete for tm %p, but still have %u command(s)\n",
1217 tm, cm_count);
1218 mpssas_send_reset(sc, tm,
1219 MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET);
1220 }
1221 }
1222
1223 static void
mpssas_target_reset_complete(struct mps_softc * sc,struct mps_command * tm)1224 mpssas_target_reset_complete(struct mps_softc *sc, struct mps_command *tm)
1225 {
1226 MPI2_SCSI_TASK_MANAGE_REPLY *reply;
1227 struct mpssas_target *targ;
1228
1229 callout_stop(&tm->cm_callout);
1230
1231 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
1232 targ = tm->cm_targ;
1233
1234 /*
1235 * Currently there should be no way we can hit this case. It only
1236 * happens when we have a failure to allocate chain frames, and
1237 * task management commands don't have S/G lists.
1238 */
1239 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1240 mps_printf(sc, "%s: cm_flags = %#x for target reset! "
1241 "This should not happen!\n", __func__, tm->cm_flags);
1242 mpssas_free_tm(sc, tm);
1243 return;
1244 }
1245
1246 if (reply == NULL) {
1247 mpssas_log_command(tm, "NULL reset reply for tm %p\n", tm);
1248 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1249 /* this completion was due to a reset, just cleanup */
1250 targ->flags &= ~MPSSAS_TARGET_INRESET;
1251 targ->tm = NULL;
1252 mpssas_free_tm(sc, tm);
1253 }
1254 else {
1255 /* we should have gotten a reply. */
1256 mps_reinit(sc);
1257 }
1258 return;
1259 }
1260
1261 mpssas_log_command(tm,
1262 "target reset status 0x%x code 0x%x count %u\n",
1263 reply->IOCStatus, reply->ResponseCode,
1264 reply->TerminationCount);
1265
1266 targ->flags &= ~MPSSAS_TARGET_INRESET;
1267
1268 if (targ->outstanding == 0) {
1269 /* we've finished recovery for this target and all
1270 * of its logical units.
1271 */
1272 mpssas_log_command(tm,
1273 "recovery finished after target reset\n");
1274
1275 mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid,
1276 CAM_LUN_WILDCARD);
1277
1278 targ->tm = NULL;
1279 mpssas_free_tm(sc, tm);
1280 }
1281 else {
1282 /* after a target reset, if this target still has
1283 * outstanding commands, the reset effectively failed,
1284 * regardless of the status reported. escalate.
1285 */
1286 mpssas_log_command(tm,
1287 "target reset complete for tm %p, but still have %u command(s)\n",
1288 tm, targ->outstanding);
1289 mps_reinit(sc);
1290 }
1291 }
1292
1293 #define MPS_RESET_TIMEOUT 30
1294
1295 static int
mpssas_send_reset(struct mps_softc * sc,struct mps_command * tm,uint8_t type)1296 mpssas_send_reset(struct mps_softc *sc, struct mps_command *tm, uint8_t type)
1297 {
1298 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1299 struct mpssas_target *target;
1300 int err;
1301
1302 target = tm->cm_targ;
1303 if (target->handle == 0) {
1304 mps_printf(sc, "%s null devhandle for target_id %d\n",
1305 __func__, target->tid);
1306 return -1;
1307 }
1308
1309 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1310 req->DevHandle = target->handle;
1311 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
1312 req->TaskType = type;
1313
1314 if (type == MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET) {
1315 /* XXX Need to handle invalid LUNs */
1316 MPS_SET_LUN(req->LUN, tm->cm_lun);
1317 tm->cm_targ->logical_unit_resets++;
1318 mpssas_log_command(tm, "sending logical unit reset\n");
1319 tm->cm_complete = mpssas_logical_unit_reset_complete;
1320 }
1321 else if (type == MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET) {
1322 /* Target reset method = SAS Hard Link Reset / SATA Link Reset */
1323 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
1324 tm->cm_targ->target_resets++;
1325 tm->cm_targ->flags |= MPSSAS_TARGET_INRESET;
1326 mpssas_log_command(tm, "sending target reset\n");
1327 tm->cm_complete = mpssas_target_reset_complete;
1328 }
1329 else {
1330 mps_printf(sc, "unexpected reset type 0x%x\n", type);
1331 return -1;
1332 }
1333
1334 tm->cm_data = NULL;
1335 tm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY;
1336 tm->cm_complete_data = (void *)tm;
1337
1338 callout_reset(&tm->cm_callout, MPS_RESET_TIMEOUT * hz,
1339 mpssas_tm_timeout, tm);
1340
1341 err = mps_map_command(sc, tm);
1342 if (err)
1343 mpssas_log_command(tm,
1344 "error %d sending reset type %u\n",
1345 err, type);
1346
1347 return err;
1348 }
1349
1350
1351 static void
mpssas_abort_complete(struct mps_softc * sc,struct mps_command * tm)1352 mpssas_abort_complete(struct mps_softc *sc, struct mps_command *tm)
1353 {
1354 struct mps_command *cm;
1355 MPI2_SCSI_TASK_MANAGE_REPLY *reply;
1356 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1357 struct mpssas_target *targ;
1358
1359 callout_stop(&tm->cm_callout);
1360
1361 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1362 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
1363 targ = tm->cm_targ;
1364
1365 /*
1366 * Currently there should be no way we can hit this case. It only
1367 * happens when we have a failure to allocate chain frames, and
1368 * task management commands don't have S/G lists.
1369 */
1370 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1371 mpssas_log_command(tm,
1372 "cm_flags = %#x for abort %p TaskMID %u!\n",
1373 tm->cm_flags, tm, req->TaskMID);
1374 mpssas_free_tm(sc, tm);
1375 return;
1376 }
1377
1378 if (reply == NULL) {
1379 mpssas_log_command(tm,
1380 "NULL abort reply for tm %p TaskMID %u\n",
1381 tm, req->TaskMID);
1382 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1383 /* this completion was due to a reset, just cleanup */
1384 targ->tm = NULL;
1385 mpssas_free_tm(sc, tm);
1386 }
1387 else {
1388 /* we should have gotten a reply. */
1389 mps_reinit(sc);
1390 }
1391 return;
1392 }
1393
1394 mpssas_log_command(tm,
1395 "abort TaskMID %u status 0x%x code 0x%x count %u\n",
1396 req->TaskMID,
1397 reply->IOCStatus, reply->ResponseCode,
1398 reply->TerminationCount);
1399
1400 cm = TAILQ_FIRST(&tm->cm_targ->timedout_commands);
1401 if (cm == NULL) {
1402 /* if there are no more timedout commands, we're done with
1403 * error recovery for this target.
1404 */
1405 mpssas_log_command(tm,
1406 "finished recovery after aborting TaskMID %u\n",
1407 req->TaskMID);
1408
1409 targ->tm = NULL;
1410 mpssas_free_tm(sc, tm);
1411 }
1412 else if (req->TaskMID != cm->cm_desc.Default.SMID) {
1413 /* abort success, but we have more timedout commands to abort */
1414 mpssas_log_command(tm,
1415 "continuing recovery after aborting TaskMID %u\n",
1416 req->TaskMID);
1417
1418 mpssas_send_abort(sc, tm, cm);
1419 }
1420 else {
1421 /* we didn't get a command completion, so the abort
1422 * failed as far as we're concerned. escalate.
1423 */
1424 mpssas_log_command(tm,
1425 "abort failed for TaskMID %u tm %p\n",
1426 req->TaskMID, tm);
1427
1428 mpssas_send_reset(sc, tm,
1429 MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET);
1430 }
1431 }
1432
1433 #define MPS_ABORT_TIMEOUT 5
1434
1435 static int
mpssas_send_abort(struct mps_softc * sc,struct mps_command * tm,struct mps_command * cm)1436 mpssas_send_abort(struct mps_softc *sc, struct mps_command *tm, struct mps_command *cm)
1437 {
1438 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1439 struct mpssas_target *targ;
1440 int err;
1441
1442 targ = cm->cm_targ;
1443 if (targ->handle == 0) {
1444 mps_printf(sc, "%s null devhandle for target_id %d\n",
1445 __func__, cm->cm_ccb->ccb_h.target_id);
1446 return -1;
1447 }
1448
1449 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1450 req->DevHandle = targ->handle;
1451 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
1452 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK;
1453
1454 /* XXX Need to handle invalid LUNs */
1455 MPS_SET_LUN(req->LUN, cm->cm_ccb->ccb_h.target_lun);
1456
1457 req->TaskMID = cm->cm_desc.Default.SMID;
1458
1459 tm->cm_data = NULL;
1460 tm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY;
1461 tm->cm_complete = mpssas_abort_complete;
1462 tm->cm_complete_data = (void *)tm;
1463 tm->cm_targ = cm->cm_targ;
1464 tm->cm_lun = cm->cm_lun;
1465
1466 callout_reset(&tm->cm_callout, MPS_ABORT_TIMEOUT * hz,
1467 mpssas_tm_timeout, tm);
1468
1469 targ->aborts++;
1470
1471 err = mps_map_command(sc, tm);
1472 if (err)
1473 mpssas_log_command(tm,
1474 "error %d sending abort for cm %p SMID %u\n",
1475 err, cm, req->TaskMID);
1476 return err;
1477 }
1478
1479
1480 static void
mpssas_scsiio_timeout(void * data)1481 mpssas_scsiio_timeout(void *data)
1482 {
1483 struct mps_softc *sc;
1484 struct mps_command *cm;
1485 struct mpssas_target *targ;
1486
1487 cm = (struct mps_command *)data;
1488 sc = cm->cm_sc;
1489
1490 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
1491
1492 mps_printf(sc, "%s checking sc %p cm %p\n", __func__, sc, cm);
1493
1494 /*
1495 * Run the interrupt handler to make sure it's not pending. This
1496 * isn't perfect because the command could have already completed
1497 * and been re-used, though this is unlikely.
1498 */
1499 mps_intr_locked(sc);
1500 if (cm->cm_state == MPS_CM_STATE_FREE) {
1501 mps_printf(sc, "SCSI command %p sc %p almost timed out\n", cm, sc);
1502 return;
1503 }
1504
1505 if (cm->cm_ccb == NULL) {
1506 mps_printf(sc, "command timeout with NULL ccb\n");
1507 return;
1508 }
1509
1510 mpssas_log_command(cm, "command timeout cm %p ccb %p\n",
1511 cm, cm->cm_ccb);
1512
1513 targ = cm->cm_targ;
1514 targ->timeouts++;
1515
1516 /* XXX first, check the firmware state, to see if it's still
1517 * operational. if not, do a diag reset.
1518 */
1519
1520 cm->cm_ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1521 cm->cm_state = MPS_CM_STATE_TIMEDOUT;
1522 TAILQ_INSERT_TAIL(&targ->timedout_commands, cm, cm_recovery);
1523
1524 if (targ->tm != NULL) {
1525 /* target already in recovery, just queue up another
1526 * timedout command to be processed later.
1527 */
1528 mps_printf(sc, "queued timedout cm %p for processing by tm %p\n",
1529 cm, targ->tm);
1530 }
1531 else if ((targ->tm = mpssas_alloc_tm(sc)) != NULL) {
1532 mps_printf(sc, "timedout cm %p allocated tm %p\n",
1533 cm, targ->tm);
1534
1535 /* start recovery by aborting the first timedout command */
1536 mpssas_send_abort(sc, targ->tm, cm);
1537 }
1538 else {
1539 /* XXX queue this target up for recovery once a TM becomes
1540 * available. The firmware only has a limited number of
1541 * HighPriority credits for the high priority requests used
1542 * for task management, and we ran out.
1543 *
1544 * Isilon: don't worry about this for now, since we have
1545 * more credits than disks in an enclosure, and limit
1546 * ourselves to one TM per target for recovery.
1547 */
1548 mps_printf(sc, "timedout cm %p failed to allocate a tm\n",
1549 cm);
1550 }
1551
1552 }
1553
1554 static void
mpssas_action_scsiio(struct mpssas_softc * sassc,union ccb * ccb)1555 mpssas_action_scsiio(struct mpssas_softc *sassc, union ccb *ccb)
1556 {
1557 MPI2_SCSI_IO_REQUEST *req;
1558 struct ccb_scsiio *csio;
1559 struct mps_softc *sc;
1560 struct mpssas_target *targ;
1561 struct mpssas_lun *lun;
1562 struct mps_command *cm;
1563 uint8_t i, lba_byte, *ref_tag_addr;
1564 uint16_t eedp_flags;
1565
1566 sc = sassc->sc;
1567 mps_dprint(sc, MPS_TRACE, "%s ccb %p\n", __func__, ccb);
1568 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
1569
1570 csio = &ccb->csio;
1571 targ = &sassc->targets[csio->ccb_h.target_id];
1572 if (targ->handle == 0x0) {
1573 mps_dprint(sc, MPS_TRACE, "%s NULL handle for target %u\n",
1574 __func__, csio->ccb_h.target_id);
1575 csio->ccb_h.status = CAM_TID_INVALID;
1576 xpt_done(ccb);
1577 return;
1578 }
1579 if (targ->flags & MPS_TARGET_FLAGS_RAID_COMPONENT) {
1580 mps_dprint(sc, MPS_TRACE, "%s Raid component no SCSI IO supported %u\n",
1581 __func__, csio->ccb_h.target_id);
1582 csio->ccb_h.status = CAM_TID_INVALID;
1583 xpt_done(ccb);
1584 return;
1585 }
1586
1587 /*
1588 * If devinfo is 0 this will be a volume. In that case don't tell CAM
1589 * that the volume has timed out. We want volumes to be enumerated
1590 * until they are deleted/removed, not just failed.
1591 */
1592 if (targ->flags & MPSSAS_TARGET_INREMOVAL) {
1593 if (targ->devinfo == 0)
1594 csio->ccb_h.status = CAM_REQ_CMP;
1595 else
1596 csio->ccb_h.status = CAM_SEL_TIMEOUT;
1597 xpt_done(ccb);
1598 return;
1599 }
1600
1601 if ((sc->mps_flags & MPS_FLAGS_SHUTDOWN) != 0) {
1602 mps_dprint(sc, MPS_TRACE, "%s shutting down\n", __func__);
1603 csio->ccb_h.status = CAM_TID_INVALID;
1604 xpt_done(ccb);
1605 return;
1606 }
1607
1608 cm = mps_alloc_command(sc);
1609 if (cm == NULL) {
1610 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
1611 xpt_freeze_simq(sassc->sim, 1);
1612 sassc->flags |= MPSSAS_QUEUE_FROZEN;
1613 }
1614 ccb->ccb_h.status &= ~CAM_SIM_QUEUED;
1615 ccb->ccb_h.status |= CAM_REQUEUE_REQ;
1616 xpt_done(ccb);
1617 return;
1618 }
1619
1620 req = (MPI2_SCSI_IO_REQUEST *)cm->cm_req;
1621 bzero(req, sizeof(*req));
1622 req->DevHandle = targ->handle;
1623 req->Function = MPI2_FUNCTION_SCSI_IO_REQUEST;
1624 req->MsgFlags = 0;
1625 req->SenseBufferLowAddress = cm->cm_sense_busaddr;
1626 req->SenseBufferLength = MPS_SENSE_LEN;
1627 req->SGLFlags = 0;
1628 req->ChainOffset = 0;
1629 req->SGLOffset0 = 24; /* 32bit word offset to the SGL */
1630 req->SGLOffset1= 0;
1631 req->SGLOffset2= 0;
1632 req->SGLOffset3= 0;
1633 req->SkipCount = 0;
1634 req->DataLength = csio->dxfer_len;
1635 req->BidirectionalDataLength = 0;
1636 req->IoFlags = csio->cdb_len;
1637 req->EEDPFlags = 0;
1638
1639 /* Note: BiDirectional transfers are not supported */
1640 switch (csio->ccb_h.flags & CAM_DIR_MASK) {
1641 case CAM_DIR_IN:
1642 req->Control = MPI2_SCSIIO_CONTROL_READ;
1643 cm->cm_flags |= MPS_CM_FLAGS_DATAIN;
1644 break;
1645 case CAM_DIR_OUT:
1646 req->Control = MPI2_SCSIIO_CONTROL_WRITE;
1647 cm->cm_flags |= MPS_CM_FLAGS_DATAOUT;
1648 break;
1649 case CAM_DIR_NONE:
1650 default:
1651 req->Control = MPI2_SCSIIO_CONTROL_NODATATRANSFER;
1652 break;
1653 }
1654
1655 /*
1656 * It looks like the hardware doesn't require an explicit tag
1657 * number for each transaction. SAM Task Management not supported
1658 * at the moment.
1659 */
1660 switch (csio->tag_action) {
1661 case MSG_HEAD_OF_Q_TAG:
1662 req->Control |= MPI2_SCSIIO_CONTROL_HEADOFQ;
1663 break;
1664 case MSG_ORDERED_Q_TAG:
1665 req->Control |= MPI2_SCSIIO_CONTROL_ORDEREDQ;
1666 break;
1667 case MSG_ACA_TASK:
1668 req->Control |= MPI2_SCSIIO_CONTROL_ACAQ;
1669 break;
1670 case CAM_TAG_ACTION_NONE:
1671 case MSG_SIMPLE_Q_TAG:
1672 default:
1673 req->Control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
1674 break;
1675 }
1676 req->Control |= sc->mapping_table[csio->ccb_h.target_id].TLR_bits;
1677
1678 if (MPS_SET_LUN(req->LUN, csio->ccb_h.target_lun) != 0) {
1679 mps_free_command(sc, cm);
1680 ccb->ccb_h.status = CAM_LUN_INVALID;
1681 xpt_done(ccb);
1682 return;
1683 }
1684
1685 if (csio->ccb_h.flags & CAM_CDB_POINTER)
1686 bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len);
1687 else
1688 bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len);
1689 req->IoFlags = csio->cdb_len;
1690
1691 /*
1692 * Check if EEDP is supported and enabled. If it is then check if the
1693 * SCSI opcode could be using EEDP. If so, make sure the LUN exists and
1694 * is formatted for EEDP support. If all of this is true, set CDB up
1695 * for EEDP transfer.
1696 */
1697 eedp_flags = op_code_prot[req->CDB.CDB32[0]];
1698 if (sc->eedp_enabled && eedp_flags) {
1699 SLIST_FOREACH(lun, &targ->luns, lun_link) {
1700 if (lun->lun_id == csio->ccb_h.target_lun) {
1701 break;
1702 }
1703 }
1704
1705 if ((lun != NULL) && (lun->eedp_formatted)) {
1706 req->EEDPBlockSize = lun->eedp_block_size;
1707 eedp_flags |= (MPI2_SCSIIO_EEDPFLAGS_INC_PRI_REFTAG |
1708 MPI2_SCSIIO_EEDPFLAGS_CHECK_REFTAG |
1709 MPI2_SCSIIO_EEDPFLAGS_CHECK_GUARD);
1710 req->EEDPFlags = eedp_flags;
1711
1712 /*
1713 * If CDB less than 32, fill in Primary Ref Tag with
1714 * low 4 bytes of LBA. If CDB is 32, tag stuff is
1715 * already there. Also, set protection bit. FreeBSD
1716 * currently does not support CDBs bigger than 16, but
1717 * the code doesn't hurt, and will be here for the
1718 * future.
1719 */
1720 if (csio->cdb_len != 32) {
1721 lba_byte = (csio->cdb_len == 16) ? 6 : 2;
1722 ref_tag_addr = (uint8_t *)&req->CDB.EEDP32.
1723 PrimaryReferenceTag;
1724 for (i = 0; i < 4; i++) {
1725 *ref_tag_addr =
1726 req->CDB.CDB32[lba_byte + i];
1727 ref_tag_addr++;
1728 }
1729 req->CDB.EEDP32.PrimaryApplicationTagMask =
1730 0xFFFF;
1731 req->CDB.CDB32[1] = (req->CDB.CDB32[1] & 0x1F) |
1732 0x20;
1733 } else {
1734 eedp_flags |=
1735 MPI2_SCSIIO_EEDPFLAGS_INC_PRI_APPTAG;
1736 req->EEDPFlags = eedp_flags;
1737 req->CDB.CDB32[10] = (req->CDB.CDB32[10] &
1738 0x1F) | 0x20;
1739 }
1740 }
1741 }
1742
1743 cm->cm_data = csio->data_ptr;
1744 cm->cm_length = csio->dxfer_len;
1745 cm->cm_sge = &req->SGL;
1746 cm->cm_sglsize = (32 - 24) * 4;
1747 cm->cm_desc.SCSIIO.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
1748 cm->cm_desc.SCSIIO.DevHandle = targ->handle;
1749 cm->cm_complete = mpssas_scsiio_complete;
1750 cm->cm_complete_data = ccb;
1751 cm->cm_targ = targ;
1752 cm->cm_lun = csio->ccb_h.target_lun;
1753 cm->cm_ccb = ccb;
1754
1755 /*
1756 * If HBA is a WD and the command is not for a retry, try to build a
1757 * direct I/O message. If failed, or the command is for a retry, send
1758 * the I/O to the IR volume itself.
1759 */
1760 if (sc->WD_valid_config) {
1761 if (ccb->ccb_h.status != MPS_WD_RETRY) {
1762 mpssas_direct_drive_io(sassc, cm, ccb);
1763 } else {
1764 ccb->ccb_h.status = CAM_REQ_INPROG;
1765 }
1766 }
1767
1768 callout_reset(&cm->cm_callout, (ccb->ccb_h.timeout * hz) / 1000,
1769 mpssas_scsiio_timeout, cm);
1770
1771 targ->issued++;
1772 targ->outstanding++;
1773 TAILQ_INSERT_TAIL(&targ->commands, cm, cm_link);
1774
1775 if ((sc->mps_debug & MPS_TRACE) != 0)
1776 mpssas_log_command(cm, "%s cm %p ccb %p outstanding %u\n",
1777 __func__, cm, ccb, targ->outstanding);
1778
1779 mps_map_command(sc, cm);
1780 return;
1781 }
1782
1783 static void
mpssas_scsiio_complete(struct mps_softc * sc,struct mps_command * cm)1784 mpssas_scsiio_complete(struct mps_softc *sc, struct mps_command *cm)
1785 {
1786 MPI2_SCSI_IO_REPLY *rep;
1787 union ccb *ccb;
1788 struct ccb_scsiio *csio;
1789 struct mpssas_softc *sassc;
1790 struct scsi_vpd_supported_page_list *vpd_list = NULL;
1791 u8 *TLR_bits, TLR_on;
1792 int dir = 0, i;
1793 u16 alloc_len;
1794
1795 mps_dprint(sc, MPS_TRACE,
1796 "%s cm %p SMID %u ccb %p reply %p outstanding %u\n",
1797 __func__, cm, cm->cm_desc.Default.SMID, cm->cm_ccb, cm->cm_reply,
1798 cm->cm_targ->outstanding);
1799
1800 callout_stop(&cm->cm_callout);
1801 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
1802
1803 sassc = sc->sassc;
1804 ccb = cm->cm_complete_data;
1805 csio = &ccb->csio;
1806 rep = (MPI2_SCSI_IO_REPLY *)cm->cm_reply;
1807 /*
1808 * XXX KDM if the chain allocation fails, does it matter if we do
1809 * the sync and unload here? It is simpler to do it in every case,
1810 * assuming it doesn't cause problems.
1811 */
1812 if (cm->cm_data != NULL) {
1813 if (cm->cm_flags & MPS_CM_FLAGS_DATAIN)
1814 dir = BUS_DMASYNC_POSTREAD;
1815 else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT)
1816 dir = BUS_DMASYNC_POSTWRITE;
1817 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir);
1818 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
1819 }
1820
1821 cm->cm_targ->completed++;
1822 cm->cm_targ->outstanding--;
1823 TAILQ_REMOVE(&cm->cm_targ->commands, cm, cm_link);
1824
1825 if (cm->cm_state == MPS_CM_STATE_TIMEDOUT) {
1826 TAILQ_REMOVE(&cm->cm_targ->timedout_commands, cm, cm_recovery);
1827 if (cm->cm_reply != NULL)
1828 mpssas_log_command(cm,
1829 "completed timedout cm %p ccb %p during recovery "
1830 "ioc %x scsi %x state %x xfer %u\n",
1831 cm, cm->cm_ccb,
1832 rep->IOCStatus, rep->SCSIStatus, rep->SCSIState,
1833 rep->TransferCount);
1834 else
1835 mpssas_log_command(cm,
1836 "completed timedout cm %p ccb %p during recovery\n",
1837 cm, cm->cm_ccb);
1838 } else if (cm->cm_targ->tm != NULL) {
1839 if (cm->cm_reply != NULL)
1840 mpssas_log_command(cm,
1841 "completed cm %p ccb %p during recovery "
1842 "ioc %x scsi %x state %x xfer %u\n",
1843 cm, cm->cm_ccb,
1844 rep->IOCStatus, rep->SCSIStatus, rep->SCSIState,
1845 rep->TransferCount);
1846 else
1847 mpssas_log_command(cm,
1848 "completed cm %p ccb %p during recovery\n",
1849 cm, cm->cm_ccb);
1850 } else if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1851 mpssas_log_command(cm,
1852 "reset completed cm %p ccb %p\n",
1853 cm, cm->cm_ccb);
1854 }
1855
1856 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1857 /*
1858 * We ran into an error after we tried to map the command,
1859 * so we're getting a callback without queueing the command
1860 * to the hardware. So we set the status here, and it will
1861 * be retained below. We'll go through the "fast path",
1862 * because there can be no reply when we haven't actually
1863 * gone out to the hardware.
1864 */
1865 ccb->ccb_h.status |= CAM_REQUEUE_REQ;
1866
1867 /*
1868 * Currently the only error included in the mask is
1869 * MPS_CM_FLAGS_CHAIN_FAILED, which means we're out of
1870 * chain frames. We need to freeze the queue until we get
1871 * a command that completed without this error, which will
1872 * hopefully have some chain frames attached that we can
1873 * use. If we wanted to get smarter about it, we would
1874 * only unfreeze the queue in this condition when we're
1875 * sure that we're getting some chain frames back. That's
1876 * probably unnecessary.
1877 */
1878 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
1879 xpt_freeze_simq(sassc->sim, 1);
1880 sassc->flags |= MPSSAS_QUEUE_FROZEN;
1881 mps_dprint(sc, MPS_INFO, "Error sending command, "
1882 "freezing SIM queue\n");
1883 }
1884 }
1885
1886 /* Take the fast path to completion */
1887 if (cm->cm_reply == NULL) {
1888 if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_INPROG) {
1889 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0)
1890 ccb->ccb_h.status = CAM_SCSI_BUS_RESET;
1891 else {
1892 ccb->ccb_h.status = CAM_REQ_CMP;
1893 ccb->csio.scsi_status = SCSI_STATUS_OK;
1894 }
1895 if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
1896 ccb->ccb_h.status |= CAM_RELEASE_SIMQ;
1897 sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
1898 mps_dprint(sc, MPS_INFO,
1899 "Unfreezing SIM queue\n");
1900 }
1901 }
1902
1903 /*
1904 * There are two scenarios where the status won't be
1905 * CAM_REQ_CMP. The first is if MPS_CM_FLAGS_ERROR_MASK is
1906 * set, the second is in the MPS_FLAGS_DIAGRESET above.
1907 */
1908 if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
1909 /*
1910 * Freeze the dev queue so that commands are
1911 * executed in the correct order with after error
1912 * recovery.
1913 */
1914 ccb->ccb_h.status |= CAM_DEV_QFRZN;
1915 xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1);
1916 }
1917 mps_free_command(sc, cm);
1918 xpt_done(ccb);
1919 return;
1920 }
1921
1922 if (sc->mps_debug & MPS_TRACE)
1923 mpssas_log_command(cm,
1924 "ioc %x scsi %x state %x xfer %u\n",
1925 rep->IOCStatus, rep->SCSIStatus,
1926 rep->SCSIState, rep->TransferCount);
1927
1928 /*
1929 * If this is a Direct Drive I/O, reissue the I/O to the original IR
1930 * Volume if an error occurred (normal I/O retry). Use the original
1931 * CCB, but set a flag that this will be a retry so that it's sent to
1932 * the original volume. Free the command but reuse the CCB.
1933 */
1934 if (cm->cm_flags & MPS_CM_FLAGS_DD_IO) {
1935 mps_free_command(sc, cm);
1936 ccb->ccb_h.status = MPS_WD_RETRY;
1937 mpssas_action_scsiio(sassc, ccb);
1938 return;
1939 }
1940
1941 switch (rep->IOCStatus & MPI2_IOCSTATUS_MASK) {
1942 case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN:
1943 csio->resid = cm->cm_length - rep->TransferCount;
1944 /* FALLTHROUGH */
1945 case MPI2_IOCSTATUS_SUCCESS:
1946 case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR:
1947
1948 if ((rep->IOCStatus & MPI2_IOCSTATUS_MASK) ==
1949 MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR)
1950 mpssas_log_command(cm, "recovered error\n");
1951
1952 /* Completion failed at the transport level. */
1953 if (rep->SCSIState & (MPI2_SCSI_STATE_NO_SCSI_STATUS |
1954 MPI2_SCSI_STATE_TERMINATED)) {
1955 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1956 break;
1957 }
1958
1959 /* In a modern packetized environment, an autosense failure
1960 * implies that there's not much else that can be done to
1961 * recover the command.
1962 */
1963 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_FAILED) {
1964 ccb->ccb_h.status = CAM_AUTOSENSE_FAIL;
1965 break;
1966 }
1967
1968 /*
1969 * CAM doesn't care about SAS Response Info data, but if this is
1970 * the state check if TLR should be done. If not, clear the
1971 * TLR_bits for the target.
1972 */
1973 if ((rep->SCSIState & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) &&
1974 ((rep->ResponseInfo & MPI2_SCSI_RI_MASK_REASONCODE) ==
1975 MPS_SCSI_RI_INVALID_FRAME)) {
1976 sc->mapping_table[csio->ccb_h.target_id].TLR_bits =
1977 (u8)MPI2_SCSIIO_CONTROL_NO_TLR;
1978 }
1979
1980 /*
1981 * Intentionally override the normal SCSI status reporting
1982 * for these two cases. These are likely to happen in a
1983 * multi-initiator environment, and we want to make sure that
1984 * CAM retries these commands rather than fail them.
1985 */
1986 if ((rep->SCSIStatus == MPI2_SCSI_STATUS_COMMAND_TERMINATED) ||
1987 (rep->SCSIStatus == MPI2_SCSI_STATUS_TASK_ABORTED)) {
1988 ccb->ccb_h.status = CAM_REQ_ABORTED;
1989 break;
1990 }
1991
1992 /* Handle normal status and sense */
1993 csio->scsi_status = rep->SCSIStatus;
1994 if (rep->SCSIStatus == MPI2_SCSI_STATUS_GOOD)
1995 ccb->ccb_h.status = CAM_REQ_CMP;
1996 else
1997 ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR;
1998
1999 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
2000 int sense_len, returned_sense_len;
2001
2002 returned_sense_len = min(rep->SenseCount,
2003 sizeof(struct scsi_sense_data));
2004 if (returned_sense_len < ccb->csio.sense_len)
2005 ccb->csio.sense_resid = ccb->csio.sense_len -
2006 returned_sense_len;
2007 else
2008 ccb->csio.sense_resid = 0;
2009
2010 sense_len = min(returned_sense_len,
2011 ccb->csio.sense_len - ccb->csio.sense_resid);
2012 bzero(&ccb->csio.sense_data,
2013 sizeof(ccb->csio.sense_data));
2014 bcopy(cm->cm_sense, &ccb->csio.sense_data, sense_len);
2015 ccb->ccb_h.status |= CAM_AUTOSNS_VALID;
2016 }
2017
2018 /*
2019 * Check if this is an INQUIRY command. If it's a VPD inquiry,
2020 * and it's page code 0 (Supported Page List), and there is
2021 * inquiry data, and this is for a sequential access device, and
2022 * the device is an SSP target, and TLR is supported by the
2023 * controller, turn the TLR_bits value ON if page 0x90 is
2024 * supported.
2025 */
2026 if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) &&
2027 (csio->cdb_io.cdb_bytes[1] & SI_EVPD) &&
2028 (csio->cdb_io.cdb_bytes[2] == SVPD_SUPPORTED_PAGE_LIST) &&
2029 (csio->data_ptr != NULL) && (((uint8_t *)cm->cm_data)[0] ==
2030 T_SEQUENTIAL) && (sc->control_TLR) &&
2031 (sc->mapping_table[csio->ccb_h.target_id].device_info &
2032 MPI2_SAS_DEVICE_INFO_SSP_TARGET)) {
2033 vpd_list = (struct scsi_vpd_supported_page_list *)
2034 csio->data_ptr;
2035 TLR_bits = &sc->mapping_table[csio->ccb_h.target_id].
2036 TLR_bits;
2037 *TLR_bits = (u8)MPI2_SCSIIO_CONTROL_NO_TLR;
2038 TLR_on = (u8)MPI2_SCSIIO_CONTROL_TLR_ON;
2039 alloc_len = ((u16)csio->cdb_io.cdb_bytes[3] << 8) +
2040 csio->cdb_io.cdb_bytes[4];
2041 for (i = 0; i < MIN(vpd_list->length, alloc_len); i++) {
2042 if (vpd_list->list[i] == 0x90) {
2043 *TLR_bits = TLR_on;
2044 break;
2045 }
2046 }
2047 }
2048 break;
2049 case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE:
2050 case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
2051 /*
2052 * If devinfo is 0 this will be a volume. In that case don't
2053 * tell CAM that the volume is not there. We want volumes to
2054 * be enumerated until they are deleted/removed, not just
2055 * failed.
2056 */
2057 if (cm->cm_targ->devinfo == 0)
2058 ccb->ccb_h.status = CAM_REQ_CMP;
2059 else
2060 ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2061 break;
2062 case MPI2_IOCSTATUS_INVALID_SGL:
2063 mps_print_scsiio_cmd(sc, cm);
2064 ccb->ccb_h.status = CAM_UNREC_HBA_ERROR;
2065 break;
2066 case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED:
2067 /*
2068 * This is one of the responses that comes back when an I/O
2069 * has been aborted. If it is because of a timeout that we
2070 * initiated, just set the status to CAM_CMD_TIMEOUT.
2071 * Otherwise set it to CAM_REQ_ABORTED. The effect on the
2072 * command is the same (it gets retried, subject to the
2073 * retry counter), the only difference is what gets printed
2074 * on the console.
2075 */
2076 if (cm->cm_state == MPS_CM_STATE_TIMEDOUT)
2077 ccb->ccb_h.status = CAM_CMD_TIMEOUT;
2078 else
2079 ccb->ccb_h.status = CAM_REQ_ABORTED;
2080 break;
2081 case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN:
2082 /* resid is ignored for this condition */
2083 csio->resid = 0;
2084 ccb->ccb_h.status = CAM_DATA_RUN_ERR;
2085 break;
2086 case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED:
2087 case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED:
2088 /*
2089 * Since these are generally external (i.e. hopefully
2090 * transient transport-related) errors, retry these without
2091 * decrementing the retry count.
2092 */
2093 ccb->ccb_h.status = CAM_REQUEUE_REQ;
2094 mpssas_log_command(cm,
2095 "terminated ioc %x scsi %x state %x xfer %u\n",
2096 rep->IOCStatus, rep->SCSIStatus, rep->SCSIState,
2097 rep->TransferCount);
2098 break;
2099 case MPI2_IOCSTATUS_INVALID_FUNCTION:
2100 case MPI2_IOCSTATUS_INTERNAL_ERROR:
2101 case MPI2_IOCSTATUS_INVALID_VPID:
2102 case MPI2_IOCSTATUS_INVALID_FIELD:
2103 case MPI2_IOCSTATUS_INVALID_STATE:
2104 case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED:
2105 case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR:
2106 case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR:
2107 case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
2108 case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED:
2109 default:
2110 mpssas_log_command(cm,
2111 "completed ioc %x scsi %x state %x xfer %u\n",
2112 rep->IOCStatus, rep->SCSIStatus, rep->SCSIState,
2113 rep->TransferCount);
2114 csio->resid = cm->cm_length;
2115 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2116 break;
2117 }
2118
2119 if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
2120 ccb->ccb_h.status |= CAM_RELEASE_SIMQ;
2121 sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
2122 mps_dprint(sc, MPS_INFO, "Command completed, "
2123 "unfreezing SIM queue\n");
2124 }
2125
2126 if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
2127 ccb->ccb_h.status |= CAM_DEV_QFRZN;
2128 xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1);
2129 }
2130
2131 mps_free_command(sc, cm);
2132 xpt_done(ccb);
2133 }
2134
2135 static void
mpssas_direct_drive_io(struct mpssas_softc * sassc,struct mps_command * cm,union ccb * ccb)2136 mpssas_direct_drive_io(struct mpssas_softc *sassc, struct mps_command *cm,
2137 union ccb *ccb) {
2138 pMpi2SCSIIORequest_t pIO_req;
2139 struct mps_softc *sc = sassc->sc;
2140 uint64_t virtLBA;
2141 uint32_t physLBA, stripe_offset, stripe_unit;
2142 uint32_t io_size, column;
2143 uint8_t *ptrLBA, lba_idx, physLBA_byte, *CDB;
2144
2145 /*
2146 * If this is a valid SCSI command (Read6, Read10, Read16, Write6,
2147 * Write10, or Write16), build a direct I/O message. Otherwise, the I/O
2148 * will be sent to the IR volume itself. Since Read6 and Write6 are a
2149 * bit different than the 10/16 CDBs, handle them separately.
2150 */
2151 pIO_req = (pMpi2SCSIIORequest_t)cm->cm_req;
2152 CDB = pIO_req->CDB.CDB32;
2153
2154 /*
2155 * Handle 6 byte CDBs.
2156 */
2157 if ((pIO_req->DevHandle == sc->DD_dev_handle) && ((CDB[0] == READ_6) ||
2158 (CDB[0] == WRITE_6))) {
2159 /*
2160 * Get the transfer size in blocks.
2161 */
2162 io_size = (cm->cm_length >> sc->DD_block_exponent);
2163
2164 /*
2165 * Get virtual LBA given in the CDB.
2166 */
2167 virtLBA = ((uint64_t)(CDB[1] & 0x1F) << 16) |
2168 ((uint64_t)CDB[2] << 8) | (uint64_t)CDB[3];
2169
2170 /*
2171 * Check that LBA range for I/O does not exceed volume's
2172 * MaxLBA.
2173 */
2174 if ((virtLBA + (uint64_t)io_size - 1) <=
2175 sc->DD_max_lba) {
2176 /*
2177 * Check if the I/O crosses a stripe boundary. If not,
2178 * translate the virtual LBA to a physical LBA and set
2179 * the DevHandle for the PhysDisk to be used. If it
2180 * does cross a boundry, do normal I/O. To get the
2181 * right DevHandle to use, get the map number for the
2182 * column, then use that map number to look up the
2183 * DevHandle of the PhysDisk.
2184 */
2185 stripe_offset = (uint32_t)virtLBA &
2186 (sc->DD_stripe_size - 1);
2187 if ((stripe_offset + io_size) <= sc->DD_stripe_size) {
2188 physLBA = (uint32_t)virtLBA >>
2189 sc->DD_stripe_exponent;
2190 stripe_unit = physLBA / sc->DD_num_phys_disks;
2191 column = physLBA % sc->DD_num_phys_disks;
2192 pIO_req->DevHandle =
2193 sc->DD_column_map[column].dev_handle;
2194 cm->cm_desc.SCSIIO.DevHandle =
2195 pIO_req->DevHandle;
2196
2197 physLBA = (stripe_unit <<
2198 sc->DD_stripe_exponent) + stripe_offset;
2199 ptrLBA = &pIO_req->CDB.CDB32[1];
2200 physLBA_byte = (uint8_t)(physLBA >> 16);
2201 *ptrLBA = physLBA_byte;
2202 ptrLBA = &pIO_req->CDB.CDB32[2];
2203 physLBA_byte = (uint8_t)(physLBA >> 8);
2204 *ptrLBA = physLBA_byte;
2205 ptrLBA = &pIO_req->CDB.CDB32[3];
2206 physLBA_byte = (uint8_t)physLBA;
2207 *ptrLBA = physLBA_byte;
2208
2209 /*
2210 * Set flag that Direct Drive I/O is
2211 * being done.
2212 */
2213 cm->cm_flags |= MPS_CM_FLAGS_DD_IO;
2214 }
2215 }
2216 return;
2217 }
2218
2219 /*
2220 * Handle 10 or 16 byte CDBs.
2221 */
2222 if ((pIO_req->DevHandle == sc->DD_dev_handle) && ((CDB[0] == READ_10) ||
2223 (CDB[0] == WRITE_10) || (CDB[0] == READ_16) ||
2224 (CDB[0] == WRITE_16))) {
2225 /*
2226 * For 16-byte CDB's, verify that the upper 4 bytes of the CDB
2227 * are 0. If not, this is accessing beyond 2TB so handle it in
2228 * the else section. 10-byte CDB's are OK.
2229 */
2230 if ((CDB[0] < READ_16) ||
2231 !(CDB[2] | CDB[3] | CDB[4] | CDB[5])) {
2232 /*
2233 * Get the transfer size in blocks.
2234 */
2235 io_size = (cm->cm_length >> sc->DD_block_exponent);
2236
2237 /*
2238 * Get virtual LBA. Point to correct lower 4 bytes of
2239 * LBA in the CDB depending on command.
2240 */
2241 lba_idx = (CDB[0] < READ_16) ? 2 : 6;
2242 virtLBA = ((uint64_t)CDB[lba_idx] << 24) |
2243 ((uint64_t)CDB[lba_idx + 1] << 16) |
2244 ((uint64_t)CDB[lba_idx + 2] << 8) |
2245 (uint64_t)CDB[lba_idx + 3];
2246
2247 /*
2248 * Check that LBA range for I/O does not exceed volume's
2249 * MaxLBA.
2250 */
2251 if ((virtLBA + (uint64_t)io_size - 1) <=
2252 sc->DD_max_lba) {
2253 /*
2254 * Check if the I/O crosses a stripe boundary.
2255 * If not, translate the virtual LBA to a
2256 * physical LBA and set the DevHandle for the
2257 * PhysDisk to be used. If it does cross a
2258 * boundry, do normal I/O. To get the right
2259 * DevHandle to use, get the map number for the
2260 * column, then use that map number to look up
2261 * the DevHandle of the PhysDisk.
2262 */
2263 stripe_offset = (uint32_t)virtLBA &
2264 (sc->DD_stripe_size - 1);
2265 if ((stripe_offset + io_size) <=
2266 sc->DD_stripe_size) {
2267 physLBA = (uint32_t)virtLBA >>
2268 sc->DD_stripe_exponent;
2269 stripe_unit = physLBA /
2270 sc->DD_num_phys_disks;
2271 column = physLBA %
2272 sc->DD_num_phys_disks;
2273 pIO_req->DevHandle =
2274 sc->DD_column_map[column].
2275 dev_handle;
2276 cm->cm_desc.SCSIIO.DevHandle =
2277 pIO_req->DevHandle;
2278
2279 physLBA = (stripe_unit <<
2280 sc->DD_stripe_exponent) +
2281 stripe_offset;
2282 ptrLBA =
2283 &pIO_req->CDB.CDB32[lba_idx];
2284 physLBA_byte = (uint8_t)(physLBA >> 24);
2285 *ptrLBA = physLBA_byte;
2286 ptrLBA =
2287 &pIO_req->CDB.CDB32[lba_idx + 1];
2288 physLBA_byte = (uint8_t)(physLBA >> 16);
2289 *ptrLBA = physLBA_byte;
2290 ptrLBA =
2291 &pIO_req->CDB.CDB32[lba_idx + 2];
2292 physLBA_byte = (uint8_t)(physLBA >> 8);
2293 *ptrLBA = physLBA_byte;
2294 ptrLBA =
2295 &pIO_req->CDB.CDB32[lba_idx + 3];
2296 physLBA_byte = (uint8_t)physLBA;
2297 *ptrLBA = physLBA_byte;
2298
2299 /*
2300 * Set flag that Direct Drive I/O is
2301 * being done.
2302 */
2303 cm->cm_flags |= MPS_CM_FLAGS_DD_IO;
2304 }
2305 }
2306 } else {
2307 /*
2308 * 16-byte CDB and the upper 4 bytes of the CDB are not
2309 * 0. Get the transfer size in blocks.
2310 */
2311 io_size = (cm->cm_length >> sc->DD_block_exponent);
2312
2313 /*
2314 * Get virtual LBA.
2315 */
2316 virtLBA = ((uint64_t)CDB[2] << 54) |
2317 ((uint64_t)CDB[3] << 48) |
2318 ((uint64_t)CDB[4] << 40) |
2319 ((uint64_t)CDB[5] << 32) |
2320 ((uint64_t)CDB[6] << 24) |
2321 ((uint64_t)CDB[7] << 16) |
2322 ((uint64_t)CDB[8] << 8) |
2323 (uint64_t)CDB[9];
2324
2325 /*
2326 * Check that LBA range for I/O does not exceed volume's
2327 * MaxLBA.
2328 */
2329 if ((virtLBA + (uint64_t)io_size - 1) <=
2330 sc->DD_max_lba) {
2331 /*
2332 * Check if the I/O crosses a stripe boundary.
2333 * If not, translate the virtual LBA to a
2334 * physical LBA and set the DevHandle for the
2335 * PhysDisk to be used. If it does cross a
2336 * boundry, do normal I/O. To get the right
2337 * DevHandle to use, get the map number for the
2338 * column, then use that map number to look up
2339 * the DevHandle of the PhysDisk.
2340 */
2341 stripe_offset = (uint32_t)virtLBA &
2342 (sc->DD_stripe_size - 1);
2343 if ((stripe_offset + io_size) <=
2344 sc->DD_stripe_size) {
2345 physLBA = (uint32_t)(virtLBA >>
2346 sc->DD_stripe_exponent);
2347 stripe_unit = physLBA /
2348 sc->DD_num_phys_disks;
2349 column = physLBA %
2350 sc->DD_num_phys_disks;
2351 pIO_req->DevHandle =
2352 sc->DD_column_map[column].
2353 dev_handle;
2354 cm->cm_desc.SCSIIO.DevHandle =
2355 pIO_req->DevHandle;
2356
2357 physLBA = (stripe_unit <<
2358 sc->DD_stripe_exponent) +
2359 stripe_offset;
2360
2361 /*
2362 * Set upper 4 bytes of LBA to 0. We
2363 * assume that the phys disks are less
2364 * than 2 TB's in size. Then, set the
2365 * lower 4 bytes.
2366 */
2367 pIO_req->CDB.CDB32[2] = 0;
2368 pIO_req->CDB.CDB32[3] = 0;
2369 pIO_req->CDB.CDB32[4] = 0;
2370 pIO_req->CDB.CDB32[5] = 0;
2371 ptrLBA = &pIO_req->CDB.CDB32[6];
2372 physLBA_byte = (uint8_t)(physLBA >> 24);
2373 *ptrLBA = physLBA_byte;
2374 ptrLBA = &pIO_req->CDB.CDB32[7];
2375 physLBA_byte = (uint8_t)(physLBA >> 16);
2376 *ptrLBA = physLBA_byte;
2377 ptrLBA = &pIO_req->CDB.CDB32[8];
2378 physLBA_byte = (uint8_t)(physLBA >> 8);
2379 *ptrLBA = physLBA_byte;
2380 ptrLBA = &pIO_req->CDB.CDB32[9];
2381 physLBA_byte = (uint8_t)physLBA;
2382 *ptrLBA = physLBA_byte;
2383
2384 /*
2385 * Set flag that Direct Drive I/O is
2386 * being done.
2387 */
2388 cm->cm_flags |= MPS_CM_FLAGS_DD_IO;
2389 }
2390 }
2391 }
2392 }
2393 }
2394
2395 #if 0 /* __FreeBSD_version >= 900026 */
2396 static void
2397 mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm)
2398 {
2399 MPI2_SMP_PASSTHROUGH_REPLY *rpl;
2400 MPI2_SMP_PASSTHROUGH_REQUEST *req;
2401 uint64_t sasaddr;
2402 union ccb *ccb;
2403
2404 ccb = cm->cm_complete_data;
2405
2406 /*
2407 * Currently there should be no way we can hit this case. It only
2408 * happens when we have a failure to allocate chain frames, and SMP
2409 * commands require two S/G elements only. That should be handled
2410 * in the standard request size.
2411 */
2412 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
2413 mps_printf(sc, "%s: cm_flags = %#x on SMP request!\n",
2414 __func__, cm->cm_flags);
2415 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2416 goto bailout;
2417 }
2418
2419 rpl = (MPI2_SMP_PASSTHROUGH_REPLY *)cm->cm_reply;
2420 if (rpl == NULL) {
2421 mps_dprint(sc, MPS_INFO, "%s: NULL cm_reply!\n", __func__);
2422 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2423 goto bailout;
2424 }
2425
2426 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
2427 sasaddr = le32toh(req->SASAddress.Low);
2428 sasaddr |= ((uint64_t)(le32toh(req->SASAddress.High))) << 32;
2429
2430 if ((rpl->IOCStatus & MPI2_IOCSTATUS_MASK) != MPI2_IOCSTATUS_SUCCESS ||
2431 rpl->SASStatus != MPI2_SASSTATUS_SUCCESS) {
2432 mps_dprint(sc, MPS_INFO, "%s: IOCStatus %04x SASStatus %02x\n",
2433 __func__, rpl->IOCStatus, rpl->SASStatus);
2434 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2435 goto bailout;
2436 }
2437
2438 mps_dprint(sc, MPS_INFO, "%s: SMP request to SAS address "
2439 "%#jx completed successfully\n", __func__,
2440 (uintmax_t)sasaddr);
2441
2442 if (ccb->smpio.smp_response[2] == SMP_FR_ACCEPTED)
2443 ccb->ccb_h.status = CAM_REQ_CMP;
2444 else
2445 ccb->ccb_h.status = CAM_SMP_STATUS_ERROR;
2446
2447 bailout:
2448 /*
2449 * We sync in both directions because we had DMAs in the S/G list
2450 * in both directions.
2451 */
2452 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap,
2453 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
2454 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
2455 mps_free_command(sc, cm);
2456 xpt_done(ccb);
2457 }
2458
2459 static void
2460 mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, uint64_t sasaddr)
2461 {
2462 struct mps_command *cm;
2463 uint8_t *request, *response;
2464 MPI2_SMP_PASSTHROUGH_REQUEST *req;
2465 struct mps_softc *sc;
2466 int error;
2467
2468 sc = sassc->sc;
2469 error = 0;
2470
2471 /*
2472 * XXX We don't yet support physical addresses here.
2473 */
2474 if (ccb->ccb_h.flags & (CAM_DATA_PHYS|CAM_SG_LIST_PHYS)) {
2475 mps_printf(sc, "%s: physical addresses not supported\n",
2476 __func__);
2477 ccb->ccb_h.status = CAM_REQ_INVALID;
2478 xpt_done(ccb);
2479 return;
2480 }
2481
2482 /*
2483 * If the user wants to send an S/G list, check to make sure they
2484 * have single buffers.
2485 */
2486 if (ccb->ccb_h.flags & CAM_SCATTER_VALID) {
2487 /*
2488 * The chip does not support more than one buffer for the
2489 * request or response.
2490 */
2491 if ((ccb->smpio.smp_request_sglist_cnt > 1)
2492 || (ccb->smpio.smp_response_sglist_cnt > 1)) {
2493 mps_printf(sc, "%s: multiple request or response "
2494 "buffer segments not supported for SMP\n",
2495 __func__);
2496 ccb->ccb_h.status = CAM_REQ_INVALID;
2497 xpt_done(ccb);
2498 return;
2499 }
2500
2501 /*
2502 * The CAM_SCATTER_VALID flag was originally implemented
2503 * for the XPT_SCSI_IO CCB, which only has one data pointer.
2504 * We have two. So, just take that flag to mean that we
2505 * might have S/G lists, and look at the S/G segment count
2506 * to figure out whether that is the case for each individual
2507 * buffer.
2508 */
2509 if (ccb->smpio.smp_request_sglist_cnt != 0) {
2510 bus_dma_segment_t *req_sg;
2511
2512 req_sg = (bus_dma_segment_t *)ccb->smpio.smp_request;
2513 request = (uint8_t *)req_sg[0].ds_addr;
2514 } else
2515 request = ccb->smpio.smp_request;
2516
2517 if (ccb->smpio.smp_response_sglist_cnt != 0) {
2518 bus_dma_segment_t *rsp_sg;
2519
2520 rsp_sg = (bus_dma_segment_t *)ccb->smpio.smp_response;
2521 response = (uint8_t *)rsp_sg[0].ds_addr;
2522 } else
2523 response = ccb->smpio.smp_response;
2524 } else {
2525 request = ccb->smpio.smp_request;
2526 response = ccb->smpio.smp_response;
2527 }
2528
2529 cm = mps_alloc_command(sc);
2530 if (cm == NULL) {
2531 mps_printf(sc, "%s: cannot allocate command\n", __func__);
2532 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2533 xpt_done(ccb);
2534 return;
2535 }
2536
2537 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
2538 bzero(req, sizeof(*req));
2539 req->Function = MPI2_FUNCTION_SMP_PASSTHROUGH;
2540
2541 /* Allow the chip to use any route to this SAS address. */
2542 req->PhysicalPort = 0xff;
2543
2544 req->RequestDataLength = ccb->smpio.smp_request_len;
2545 req->SGLFlags =
2546 MPI2_SGLFLAGS_SYSTEM_ADDRESS_SPACE | MPI2_SGLFLAGS_SGL_TYPE_MPI;
2547
2548 mps_dprint(sc, MPS_INFO, "%s: sending SMP request to SAS "
2549 "address %#jx\n", __func__, (uintmax_t)sasaddr);
2550
2551 mpi_init_sge(cm, req, &req->SGL);
2552
2553 /*
2554 * Set up a uio to pass into mps_map_command(). This allows us to
2555 * do one map command, and one busdma call in there.
2556 */
2557 cm->cm_uio.uio_iov = cm->cm_iovec;
2558 cm->cm_uio.uio_iovcnt = 2;
2559 cm->cm_uio.uio_segflg = UIO_SYSSPACE;
2560
2561 /*
2562 * The read/write flag isn't used by busdma, but set it just in
2563 * case. This isn't exactly accurate, either, since we're going in
2564 * both directions.
2565 */
2566 cm->cm_uio.uio_rw = UIO_WRITE;
2567
2568 cm->cm_iovec[0].iov_base = request;
2569 cm->cm_iovec[0].iov_len = req->RequestDataLength;
2570 cm->cm_iovec[1].iov_base = response;
2571 cm->cm_iovec[1].iov_len = ccb->smpio.smp_response_len;
2572
2573 cm->cm_uio.uio_resid = cm->cm_iovec[0].iov_len +
2574 cm->cm_iovec[1].iov_len;
2575
2576 /*
2577 * Trigger a warning message in mps_data_cb() for the user if we
2578 * wind up exceeding two S/G segments. The chip expects one
2579 * segment for the request and another for the response.
2580 */
2581 cm->cm_max_segs = 2;
2582
2583 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
2584 cm->cm_complete = mpssas_smpio_complete;
2585 cm->cm_complete_data = ccb;
2586
2587 /*
2588 * Tell the mapping code that we're using a uio, and that this is
2589 * an SMP passthrough request. There is a little special-case
2590 * logic there (in mps_data_cb()) to handle the bidirectional
2591 * transfer.
2592 */
2593 cm->cm_flags |= MPS_CM_FLAGS_USE_UIO | MPS_CM_FLAGS_SMP_PASS |
2594 MPS_CM_FLAGS_DATAIN | MPS_CM_FLAGS_DATAOUT;
2595
2596 /* The chip data format is little endian. */
2597 req->SASAddress.High = htole32(sasaddr >> 32);
2598 req->SASAddress.Low = htole32(sasaddr);
2599
2600 /*
2601 * XXX Note that we don't have a timeout/abort mechanism here.
2602 * From the manual, it looks like task management requests only
2603 * work for SCSI IO and SATA passthrough requests. We may need to
2604 * have a mechanism to retry requests in the event of a chip reset
2605 * at least. Hopefully the chip will insure that any errors short
2606 * of that are relayed back to the driver.
2607 */
2608 error = mps_map_command(sc, cm);
2609 if ((error != 0) && (error != EINPROGRESS)) {
2610 mps_printf(sc, "%s: error %d returned from mps_map_command()\n",
2611 __func__, error);
2612 goto bailout_error;
2613 }
2614
2615 return;
2616
2617 bailout_error:
2618 mps_free_command(sc, cm);
2619 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2620 xpt_done(ccb);
2621 return;
2622
2623 }
2624
2625 static void
2626 mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb)
2627 {
2628 struct mps_softc *sc;
2629 struct mpssas_target *targ;
2630 uint64_t sasaddr = 0;
2631
2632 sc = sassc->sc;
2633
2634 /*
2635 * Make sure the target exists.
2636 */
2637 targ = &sassc->targets[ccb->ccb_h.target_id];
2638 if (targ->handle == 0x0) {
2639 mps_printf(sc, "%s: target %d does not exist!\n", __func__,
2640 ccb->ccb_h.target_id);
2641 ccb->ccb_h.status = CAM_SEL_TIMEOUT;
2642 xpt_done(ccb);
2643 return;
2644 }
2645
2646 /*
2647 * If this device has an embedded SMP target, we'll talk to it
2648 * directly.
2649 * figure out what the expander's address is.
2650 */
2651 if ((targ->devinfo & MPI2_SAS_DEVICE_INFO_SMP_TARGET) != 0)
2652 sasaddr = targ->sasaddr;
2653
2654 /*
2655 * If we don't have a SAS address for the expander yet, try
2656 * grabbing it from the page 0x83 information cached in the
2657 * transport layer for this target. LSI expanders report the
2658 * expander SAS address as the port-associated SAS address in
2659 * Inquiry VPD page 0x83. Maxim expanders don't report it in page
2660 * 0x83.
2661 *
2662 * XXX KDM disable this for now, but leave it commented out so that
2663 * it is obvious that this is another possible way to get the SAS
2664 * address.
2665 *
2666 * The parent handle method below is a little more reliable, and
2667 * the other benefit is that it works for devices other than SES
2668 * devices. So you can send a SMP request to a da(4) device and it
2669 * will get routed to the expander that device is attached to.
2670 * (Assuming the da(4) device doesn't contain an SMP target...)
2671 */
2672 #if 0
2673 if (sasaddr == 0)
2674 sasaddr = xpt_path_sas_addr(ccb->ccb_h.path);
2675 #endif
2676
2677 /*
2678 * If we still don't have a SAS address for the expander, look for
2679 * the parent device of this device, which is probably the expander.
2680 */
2681 if (sasaddr == 0) {
2682 #ifdef OLD_MPS_PROBE
2683 struct mpssas_target *parent_target;
2684 #endif
2685
2686 if (targ->parent_handle == 0x0) {
2687 mps_printf(sc, "%s: handle %d does not have a valid "
2688 "parent handle!\n", __func__, targ->handle);
2689 ccb->ccb_h.status = CAM_REQ_INVALID;
2690 goto bailout;
2691 }
2692 #ifdef OLD_MPS_PROBE
2693 parent_target = mpssas_find_target_by_handle(sassc, 0,
2694 targ->parent_handle);
2695
2696 if (parent_target == NULL) {
2697 mps_printf(sc, "%s: handle %d does not have a valid "
2698 "parent target!\n", __func__, targ->handle);
2699 ccb->ccb_h.status = CAM_REQ_INVALID;
2700 goto bailout;
2701 }
2702
2703 if ((parent_target->devinfo &
2704 MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) {
2705 mps_printf(sc, "%s: handle %d parent %d does not "
2706 "have an SMP target!\n", __func__,
2707 targ->handle, parent_target->handle);
2708 ccb->ccb_h.status = CAM_REQ_INVALID;
2709 goto bailout;
2710
2711 }
2712
2713 sasaddr = parent_target->sasaddr;
2714 #else /* OLD_MPS_PROBE */
2715 if ((targ->parent_devinfo &
2716 MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) {
2717 mps_printf(sc, "%s: handle %d parent %d does not "
2718 "have an SMP target!\n", __func__,
2719 targ->handle, targ->parent_handle);
2720 ccb->ccb_h.status = CAM_REQ_INVALID;
2721 goto bailout;
2722
2723 }
2724 if (targ->parent_sasaddr == 0x0) {
2725 mps_printf(sc, "%s: handle %d parent handle %d does "
2726 "not have a valid SAS address!\n",
2727 __func__, targ->handle, targ->parent_handle);
2728 ccb->ccb_h.status = CAM_REQ_INVALID;
2729 goto bailout;
2730 }
2731
2732 sasaddr = targ->parent_sasaddr;
2733 #endif /* OLD_MPS_PROBE */
2734
2735 }
2736
2737 if (sasaddr == 0) {
2738 mps_printf(sc, "%s: unable to find SAS address for handle %d\n",
2739 __func__, targ->handle);
2740 ccb->ccb_h.status = CAM_REQ_INVALID;
2741 goto bailout;
2742 }
2743 mpssas_send_smpcmd(sassc, ccb, sasaddr);
2744
2745 return;
2746
2747 bailout:
2748 xpt_done(ccb);
2749
2750 }
2751 #endif //__FreeBSD_version >= 900026
2752
2753 static void
mpssas_action_resetdev(struct mpssas_softc * sassc,union ccb * ccb)2754 mpssas_action_resetdev(struct mpssas_softc *sassc, union ccb *ccb)
2755 {
2756 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
2757 struct mps_softc *sc;
2758 struct mps_command *tm;
2759 struct mpssas_target *targ;
2760
2761 mps_dprint(sassc->sc, MPS_TRACE, __func__);
2762 KKASSERT(lockstatus(&sassc->sc->mps_lock, curthread) != 0);
2763
2764 sc = sassc->sc;
2765 tm = mps_alloc_command(sc);
2766 if (tm == NULL) {
2767 mps_printf(sc, "command alloc failure in mpssas_action_resetdev\n");
2768 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2769 xpt_done(ccb);
2770 return;
2771 }
2772
2773 targ = &sassc->targets[ccb->ccb_h.target_id];
2774 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
2775 req->DevHandle = targ->handle;
2776 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
2777 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
2778
2779 /* SAS Hard Link Reset / SATA Link Reset */
2780 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
2781
2782 tm->cm_data = NULL;
2783 tm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY;
2784 tm->cm_complete = mpssas_resetdev_complete;
2785 tm->cm_complete_data = ccb;
2786 tm->cm_targ = targ;
2787 mps_map_command(sc, tm);
2788 }
2789
2790 static void
mpssas_resetdev_complete(struct mps_softc * sc,struct mps_command * tm)2791 mpssas_resetdev_complete(struct mps_softc *sc, struct mps_command *tm)
2792 {
2793 MPI2_SCSI_TASK_MANAGE_REPLY *resp;
2794 union ccb *ccb;
2795
2796 mps_dprint(sc, MPS_TRACE, __func__);
2797 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
2798
2799 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
2800 ccb = tm->cm_complete_data;
2801
2802 /*
2803 * Currently there should be no way we can hit this case. It only
2804 * happens when we have a failure to allocate chain frames, and
2805 * task management commands don't have S/G lists.
2806 */
2807 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
2808 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
2809
2810 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
2811
2812 mps_printf(sc, "%s: cm_flags = %#x for reset of handle %#04x! "
2813 "This should not happen!\n", __func__, tm->cm_flags,
2814 req->DevHandle);
2815 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2816 goto bailout;
2817 }
2818
2819 kprintf("%s: IOCStatus = 0x%x ResponseCode = 0x%x\n", __func__,
2820 resp->IOCStatus, resp->ResponseCode);
2821
2822 if (resp->ResponseCode == MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) {
2823 ccb->ccb_h.status = CAM_REQ_CMP;
2824 mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid,
2825 CAM_LUN_WILDCARD);
2826 }
2827 else
2828 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
2829
2830 bailout:
2831
2832 mpssas_free_tm(sc, tm);
2833 xpt_done(ccb);
2834 }
2835
2836 static void
mpssas_poll(struct cam_sim * sim)2837 mpssas_poll(struct cam_sim *sim)
2838 {
2839 struct mpssas_softc *sassc;
2840
2841 sassc = cam_sim_softc(sim);
2842
2843 if (sassc->sc->mps_debug & MPS_TRACE) {
2844 /* frequent debug messages during a panic just slow
2845 * everything down too much.
2846 */
2847 mps_printf(sassc->sc, "%s clearing MPS_TRACE\n", __func__);
2848 sassc->sc->mps_debug &= ~MPS_TRACE;
2849 }
2850
2851 mps_intr_locked(sassc->sc);
2852 }
2853
2854 static void
mpssas_rescan_done(struct cam_periph * periph,union ccb * done_ccb)2855 mpssas_rescan_done(struct cam_periph *periph, union ccb *done_ccb)
2856 {
2857 struct mpssas_softc *sassc;
2858 char path_str[64];
2859
2860 if (done_ccb == NULL)
2861 return;
2862
2863 sassc = (struct mpssas_softc *)done_ccb->ccb_h.ppriv_ptr1;
2864
2865 KKASSERT(lockstatus(&sassc->sc->mps_lock, curthread) != 0);
2866
2867 xpt_path_string(done_ccb->ccb_h.path, path_str, sizeof(path_str));
2868 mps_dprint(sassc->sc, MPS_INFO, "Completing rescan for %s\n", path_str);
2869
2870 xpt_free_path(done_ccb->ccb_h.path);
2871 xpt_free_ccb(&done_ccb->ccb_h);
2872
2873 #if 1 /* __FreeBSD_version < 1000006 */
2874 /*
2875 * Before completing scan, get EEDP stuff for all of the existing
2876 * targets.
2877 */
2878 mpssas_check_eedp(sassc);
2879 #endif
2880
2881 }
2882
2883 /* thread to handle bus rescans */
2884 static void
mpssas_scanner_thread(void * arg)2885 mpssas_scanner_thread(void *arg)
2886 {
2887 struct mpssas_softc *sassc;
2888 struct mps_softc *sc;
2889 union ccb *ccb;
2890
2891 sassc = (struct mpssas_softc *)arg;
2892 sc = sassc->sc;
2893
2894 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
2895
2896 mps_lock(sc);
2897 for (;;) {
2898 /* Sleep for 1 second and check the queue status*/
2899 lksleep(&sassc->ccb_scanq, &sc->mps_lock, 0, "mps_scanq", 1 * hz);
2900 if (sassc->flags & MPSSAS_SHUTDOWN) {
2901 mps_dprint(sc, MPS_TRACE, "Scanner shutting down\n");
2902 break;
2903 }
2904 next_work:
2905 /* Get first work */
2906 ccb = (union ccb *)TAILQ_FIRST(&sassc->ccb_scanq);
2907 if (ccb == NULL)
2908 continue;
2909 /* Got first work */
2910 TAILQ_REMOVE(&sassc->ccb_scanq, &ccb->ccb_h, sim_links.tqe);
2911 xpt_action(ccb);
2912 if (sassc->flags & MPSSAS_SHUTDOWN) {
2913 mps_dprint(sc, MPS_TRACE, "Scanner shutting down\n");
2914 break;
2915 }
2916 goto next_work;
2917 }
2918
2919 sassc->flags &= ~MPSSAS_SCANTHREAD;
2920 wakeup(&sassc->flags);
2921 mps_unlock(sc);
2922 mps_dprint(sc, MPS_TRACE, "Scanner exiting\n");
2923 mps_kproc_exit(0);
2924 }
2925
2926 static void
mpssas_rescan(struct mpssas_softc * sassc,union ccb * ccb)2927 mpssas_rescan(struct mpssas_softc *sassc, union ccb *ccb)
2928 {
2929 char path_str[64];
2930
2931 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
2932
2933 KKASSERT(lockstatus(&sassc->sc->mps_lock, curthread) != 0);
2934
2935 if (ccb == NULL)
2936 return;
2937
2938 xpt_path_string(ccb->ccb_h.path, path_str, sizeof(path_str));
2939 mps_dprint(sassc->sc, MPS_INFO, "Queueing rescan for %s\n", path_str);
2940
2941 /* Prepare request */
2942 ccb->ccb_h.ppriv_ptr1 = sassc;
2943 ccb->ccb_h.cbfcnp = mpssas_rescan_done;
2944 xpt_setup_ccb(&ccb->ccb_h, ccb->ccb_h.path, MPS_PRIORITY_XPT);
2945 TAILQ_INSERT_TAIL(&sassc->ccb_scanq, &ccb->ccb_h, sim_links.tqe);
2946 wakeup(&sassc->ccb_scanq);
2947 }
2948
2949 #if 0 /* __FreeBSD_version >= 1000006 */
2950 static void
2951 mpssas_async(void *callback_arg, uint32_t code, struct cam_path *path,
2952 void *arg)
2953 {
2954 struct mps_softc *sc;
2955
2956 sc = (struct mps_softc *)callback_arg;
2957
2958 switch (code) {
2959 case AC_ADVINFO_CHANGED: {
2960 struct mpssas_target *target;
2961 struct mpssas_softc *sassc;
2962 struct scsi_read_capacity_data_long rcap_buf;
2963 struct ccb_dev_advinfo *cdai;
2964 struct mpssas_lun *lun;
2965 lun_id_t lunid;
2966 int found_lun;
2967 uintptr_t buftype;
2968
2969 buftype = (uintptr_t)arg;
2970
2971 found_lun = 0;
2972 sassc = sc->sassc;
2973
2974 /*
2975 * We're only interested in read capacity data changes.
2976 */
2977 if (buftype != CDAI_TYPE_RCAPLONG)
2978 break;
2979
2980 /*
2981 * We're only interested in devices that are attached to
2982 * this controller.
2983 */
2984 if (xpt_path_path_id(path) != sassc->sim->path_id)
2985 break;
2986
2987 /*
2988 * We should have a handle for this, but check to make sure.
2989 */
2990 target = &sassc->targets[xpt_path_target_id(path)];
2991 if (target->handle == 0)
2992 break;
2993
2994 lunid = xpt_path_lun_id(path);
2995
2996 SLIST_FOREACH(lun, &target->luns, lun_link) {
2997 if (lun->lun_id == lunid) {
2998 found_lun = 1;
2999 break;
3000 }
3001 }
3002
3003 if (found_lun == 0) {
3004 lun = kmalloc(sizeof(struct mpssas_lun), M_MPT2,
3005 M_INTWAIT | M_ZERO);
3006 if (lun == NULL) {
3007 mps_dprint(sc, MPS_FAULT, "Unable to alloc "
3008 "LUN for EEDP support.\n");
3009 break;
3010 }
3011 lun->lun_id = lunid;
3012 SLIST_INSERT_HEAD(&target->luns, lun, lun_link);
3013 }
3014
3015 cdai = xpt_alloc_ccb();
3016 bzero(&rcap_buf, sizeof(rcap_buf));
3017 xpt_setup_ccb(&cdai->ccb_h, path, CAM_PRIORITY_NORMAL);
3018 cdai->ccb_h.func_code = XPT_DEV_ADVINFO;
3019 cdai->ccb_h.flags = CAM_DIR_IN;
3020 cdai->buftype = CDAI_TYPE_RCAPLONG;
3021 cdai->flags = 0;
3022 cdai->bufsiz = sizeof(rcap_buf);
3023 cdai->buf = (uint8_t *)&rcap_buf;
3024 xpt_action((union ccb *)cdai);
3025 if ((cdai->ccb_h.status & CAM_DEV_QFRZN) != 0)
3026 cam_release_devq(cdai->ccb_h.path,
3027 0, 0, 0, FALSE);
3028
3029 if (((cdai->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP)
3030 && (rcap_buf.prot & SRC16_PROT_EN)) {
3031 lun->eedp_formatted = TRUE;
3032 lun->eedp_block_size = scsi_4btoul(rcap_buf.length);
3033 } else {
3034 lun->eedp_formatted = FALSE;
3035 lun->eedp_block_size = 0;
3036 }
3037 xpt_free_ccb(&cdai->ccb_h);
3038 break;
3039 }
3040 default:
3041 break;
3042 }
3043 }
3044 #else /* __FreeBSD_version >= 1000006 */
3045
3046 static void
mpssas_check_eedp(struct mpssas_softc * sassc)3047 mpssas_check_eedp(struct mpssas_softc *sassc)
3048 {
3049 struct mps_softc *sc = sassc->sc;
3050 struct ccb_scsiio *csio;
3051 struct scsi_read_capacity_16 *scsi_cmd;
3052 struct scsi_read_capacity_eedp *rcap_buf;
3053 union ccb *ccb;
3054 path_id_t pathid = cam_sim_path(sassc->sim);
3055 target_id_t targetid;
3056 lun_id_t lunid;
3057 struct cam_periph *found_periph;
3058 struct mpssas_target *target;
3059 struct mpssas_lun *lun;
3060 uint8_t found_lun;
3061
3062 /*
3063 * Issue a READ CAPACITY 16 command to each LUN of each target. This
3064 * info is used to determine if the LUN is formatted for EEDP support.
3065 */
3066 for (targetid = 0; targetid < sc->facts->MaxTargets; targetid++) {
3067 target = &sassc->targets[targetid];
3068 if (target->handle == 0x0) {
3069 continue;
3070 }
3071
3072 lunid = 0;
3073 do {
3074 rcap_buf =
3075 kmalloc(sizeof(struct scsi_read_capacity_eedp),
3076 M_MPT2, M_INTWAIT | M_ZERO);
3077 if (rcap_buf == NULL) {
3078 mps_dprint(sc, MPS_FAULT, "Unable to alloc read "
3079 "capacity buffer for EEDP support.\n");
3080 return;
3081 }
3082
3083 ccb = xpt_alloc_ccb();
3084
3085 if (xpt_create_path(&ccb->ccb_h.path, xpt_periph,
3086 pathid, targetid, lunid) != CAM_REQ_CMP) {
3087 mps_dprint(sc, MPS_FAULT, "Unable to create "
3088 "path for EEDP support\n");
3089 kfree(rcap_buf, M_MPT2);
3090 xpt_free_ccb(&ccb->ccb_h);
3091 return;
3092 }
3093
3094 /*
3095 * If a periph is returned, the LUN exists. Create an
3096 * entry in the target's LUN list.
3097 */
3098 if ((found_periph = cam_periph_find(ccb->ccb_h.path,
3099 NULL)) != NULL) {
3100 /*
3101 * If LUN is already in list, don't create a new
3102 * one.
3103 */
3104 found_lun = FALSE;
3105 SLIST_FOREACH(lun, &target->luns, lun_link) {
3106 if (lun->lun_id == lunid) {
3107 found_lun = TRUE;
3108 break;
3109 }
3110 }
3111 if (!found_lun) {
3112 lun = kmalloc(sizeof(struct mpssas_lun),
3113 M_MPT2, M_INTWAIT | M_ZERO);
3114 lun->lun_id = lunid;
3115 SLIST_INSERT_HEAD(&target->luns, lun,
3116 lun_link);
3117 }
3118 lunid++;
3119
3120 /*
3121 * Issue a READ CAPACITY 16 command for the LUN.
3122 * The mpssas_read_cap_done function will load
3123 * the read cap info into the LUN struct.
3124 */
3125 csio = &ccb->csio;
3126 csio->ccb_h.func_code = XPT_SCSI_IO;
3127 csio->ccb_h.flags = CAM_DIR_IN;
3128 csio->ccb_h.retry_count = 4;
3129 csio->ccb_h.cbfcnp = mpssas_read_cap_done;
3130 csio->ccb_h.timeout = 60000;
3131 csio->data_ptr = (uint8_t *)rcap_buf;
3132 csio->dxfer_len = sizeof(struct
3133 scsi_read_capacity_eedp);
3134 csio->sense_len = MPS_SENSE_LEN;
3135 csio->cdb_len = sizeof(*scsi_cmd);
3136 csio->tag_action = MSG_SIMPLE_Q_TAG;
3137
3138 scsi_cmd = (struct scsi_read_capacity_16 *)
3139 &csio->cdb_io.cdb_bytes;
3140 bzero(scsi_cmd, sizeof(*scsi_cmd));
3141 scsi_cmd->opcode = 0x9E;
3142 scsi_cmd->service_action = SRC16_SERVICE_ACTION;
3143 ((uint8_t *)scsi_cmd)[13] = sizeof(struct
3144 scsi_read_capacity_eedp);
3145
3146 /*
3147 * Set the path, target and lun IDs for the READ
3148 * CAPACITY request.
3149 */
3150 ccb->ccb_h.path_id =
3151 xpt_path_path_id(ccb->ccb_h.path);
3152 ccb->ccb_h.target_id =
3153 xpt_path_target_id(ccb->ccb_h.path);
3154 ccb->ccb_h.target_lun =
3155 xpt_path_lun_id(ccb->ccb_h.path);
3156
3157 ccb->ccb_h.ppriv_ptr1 = sassc;
3158 xpt_action(ccb);
3159 } else {
3160 kfree(rcap_buf, M_MPT2);
3161 xpt_free_path(ccb->ccb_h.path);
3162 xpt_free_ccb(&ccb->ccb_h);
3163 }
3164 } while (found_periph);
3165 }
3166 }
3167
3168
3169 static void
mpssas_read_cap_done(struct cam_periph * periph,union ccb * done_ccb)3170 mpssas_read_cap_done(struct cam_periph *periph, union ccb *done_ccb)
3171 {
3172 struct mpssas_softc *sassc;
3173 struct mpssas_target *target;
3174 struct mpssas_lun *lun;
3175 struct scsi_read_capacity_eedp *rcap_buf;
3176
3177 if (done_ccb == NULL)
3178 return;
3179
3180 /*
3181 * Driver need to release devq, it Scsi command is
3182 * generated by driver internally.
3183 * Currently there is a single place where driver
3184 * calls scsi command internally. In future if driver
3185 * calls more scsi command internally, it needs to release
3186 * devq internally, since those command will not go back to
3187 * cam_periph.
3188 */
3189 if ((done_ccb->ccb_h.status & CAM_DEV_QFRZN) ) {
3190 done_ccb->ccb_h.status &= ~CAM_DEV_QFRZN;
3191 xpt_release_devq(done_ccb->ccb_h.path,
3192 /*count*/ 1, /*run_queue*/TRUE);
3193 }
3194
3195 rcap_buf = (struct scsi_read_capacity_eedp *)done_ccb->csio.data_ptr;
3196
3197 /*
3198 * Get the LUN ID for the path and look it up in the LUN list for the
3199 * target.
3200 */
3201 sassc = (struct mpssas_softc *)done_ccb->ccb_h.ppriv_ptr1;
3202 target = &sassc->targets[done_ccb->ccb_h.target_id];
3203 SLIST_FOREACH(lun, &target->luns, lun_link) {
3204 if (lun->lun_id != done_ccb->ccb_h.target_lun)
3205 continue;
3206
3207 /*
3208 * Got the LUN in the target's LUN list. Fill it in
3209 * with EEDP info. If the READ CAP 16 command had some
3210 * SCSI error (common if command is not supported), mark
3211 * the lun as not supporting EEDP and set the block size
3212 * to 0.
3213 */
3214 if (((done_ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP)
3215 || (done_ccb->csio.scsi_status != SCSI_STATUS_OK)) {
3216 lun->eedp_formatted = FALSE;
3217 lun->eedp_block_size = 0;
3218 break;
3219 }
3220
3221 if (rcap_buf->protect & 0x01) {
3222 lun->eedp_formatted = TRUE;
3223 lun->eedp_block_size = scsi_4btoul(rcap_buf->length);
3224 }
3225 break;
3226 }
3227
3228 // Finished with this CCB and path.
3229 kfree(rcap_buf, M_MPT2);
3230 xpt_free_path(done_ccb->ccb_h.path);
3231 xpt_free_ccb(&done_ccb->ccb_h);
3232 }
3233 #endif /* __FreeBSD_version >= 1000006 */
3234
3235 int
mpssas_startup(struct mps_softc * sc)3236 mpssas_startup(struct mps_softc *sc)
3237 {
3238 struct mpssas_softc *sassc;
3239
3240 /*
3241 * Send the port enable message and set the wait_for_port_enable flag.
3242 * This flag helps to keep the simq frozen until all discovery events
3243 * are processed.
3244 */
3245 sassc = sc->sassc;
3246 mpssas_startup_increment(sassc);
3247 sc->wait_for_port_enable = 1;
3248 mpssas_send_portenable(sc);
3249 return (0);
3250 }
3251
3252 static int
mpssas_send_portenable(struct mps_softc * sc)3253 mpssas_send_portenable(struct mps_softc *sc)
3254 {
3255 MPI2_PORT_ENABLE_REQUEST *request;
3256 struct mps_command *cm;
3257
3258 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
3259
3260 if ((cm = mps_alloc_command(sc)) == NULL)
3261 return (EBUSY);
3262 request = (MPI2_PORT_ENABLE_REQUEST *)cm->cm_req;
3263 request->Function = MPI2_FUNCTION_PORT_ENABLE;
3264 request->MsgFlags = 0;
3265 request->VP_ID = 0;
3266 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
3267 cm->cm_complete = mpssas_portenable_complete;
3268 cm->cm_data = NULL;
3269 cm->cm_sge = NULL;
3270
3271 mps_map_command(sc, cm);
3272 mps_dprint(sc, MPS_TRACE,
3273 "mps_send_portenable finished cm %p req %p complete %p\n",
3274 cm, cm->cm_req, cm->cm_complete);
3275 return (0);
3276 }
3277
3278 static void
mpssas_portenable_complete(struct mps_softc * sc,struct mps_command * cm)3279 mpssas_portenable_complete(struct mps_softc *sc, struct mps_command *cm)
3280 {
3281 MPI2_PORT_ENABLE_REPLY *reply;
3282 struct mpssas_softc *sassc;
3283 struct mpssas_target *target;
3284 int i;
3285
3286 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
3287 sassc = sc->sassc;
3288
3289 /*
3290 * Currently there should be no way we can hit this case. It only
3291 * happens when we have a failure to allocate chain frames, and
3292 * port enable commands don't have S/G lists.
3293 */
3294 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
3295 mps_printf(sc, "%s: cm_flags = %#x for port enable! "
3296 "This should not happen!\n", __func__, cm->cm_flags);
3297 }
3298
3299 reply = (MPI2_PORT_ENABLE_REPLY *)cm->cm_reply;
3300 if (reply == NULL)
3301 mps_dprint(sc, MPS_FAULT, "Portenable NULL reply\n");
3302 else if ((reply->IOCStatus & MPI2_IOCSTATUS_MASK) !=
3303 MPI2_IOCSTATUS_SUCCESS)
3304 mps_dprint(sc, MPS_FAULT, "Portenable failed\n");
3305
3306 mps_free_command(sc, cm);
3307 if (sc->mps_ich.ich_arg != NULL) {
3308 mps_dprint(sc, MPS_INFO, "disestablish config intrhook\n");
3309 config_intrhook_disestablish(&sc->mps_ich);
3310 sc->mps_ich.ich_arg = NULL;
3311 }
3312
3313 /*
3314 * Get WarpDrive info after discovery is complete but before the scan
3315 * starts. At this point, all devices are ready to be exposed to the
3316 * OS. If devices should be hidden instead, take them out of the
3317 * 'targets' array before the scan. The devinfo for a disk will have
3318 * some info and a volume's will be 0. Use that to remove disks.
3319 */
3320 mps_wd_config_pages(sc);
3321 if (((sc->mps_flags & MPS_FLAGS_WD_AVAILABLE)
3322 && (sc->WD_hide_expose == MPS_WD_HIDE_ALWAYS))
3323 || (sc->WD_valid_config && (sc->WD_hide_expose ==
3324 MPS_WD_HIDE_IF_VOLUME))) {
3325 for (i = 0; i < sassc->sc->facts->MaxTargets; i++) {
3326 target = &sassc->targets[i];
3327 if (target->devinfo) {
3328 target->devinfo = 0x0;
3329 target->encl_handle = 0x0;
3330 target->encl_slot = 0x0;
3331 target->handle = 0x0;
3332 target->tid = 0x0;
3333 target->linkrate = 0x0;
3334 target->flags = 0x0;
3335 }
3336 }
3337 }
3338
3339 /*
3340 * Done waiting for port enable to complete. Decrement the refcount.
3341 * If refcount is 0, discovery is complete and a rescan of the bus can
3342 * take place. Since the simq was explicitly frozen before port
3343 * enable, it must be explicitly released here to keep the
3344 * freeze/release count in sync.
3345 */
3346 sc->wait_for_port_enable = 0;
3347 sc->port_enable_complete = 1;
3348 mpssas_startup_decrement(sassc);
3349 xpt_release_simq(sassc->sim, 1);
3350 }
3351