1 /*	$OpenBSD: ncr53c9x.c,v 1.22 2004/01/15 17:51:42 miod Exp $	*/
2 /*     $NetBSD: ncr53c9x.c,v 1.56 2000/11/30 14:41:46 thorpej Exp $    */
3 
4 /*
5  * Copyright (c) 1996 Charles M. Hannum.  All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  *    notice, this list of conditions and the following disclaimer in the
14  *    documentation and/or other materials provided with the distribution.
15  * 3. All advertising materials mentioning features or use of this software
16  *    must display the following acknowledgement:
17  *	This product includes software developed by Charles M. Hannum.
18  * 4. The name of the author may not be used to endorse or promote products
19  *    derived from this software without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
22  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
23  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
24  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
25  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
26  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
30  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*
34  * Copyright (c) 1994 Peter Galbavy
35  * Copyright (c) 1995 Paul Kranenburg
36  * All rights reserved.
37  *
38  * Redistribution and use in source and binary forms, with or without
39  * modification, are permitted provided that the following conditions
40  * are met:
41  * 1. Redistributions of source code must retain the above copyright
42  *    notice, this list of conditions and the following disclaimer.
43  * 2. Redistributions in binary form must reproduce the above copyright
44  *    notice, this list of conditions and the following disclaimer in the
45  *    documentation and/or other materials provided with the distribution.
46  *
47  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
48  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
49  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
50  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
51  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
52  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
53  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
54  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
55  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
56  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
57  * POSSIBILITY OF SUCH DAMAGE.
58  */
59 
60 /*
61  * Based on aic6360 by Jarle Greipsland
62  *
63  * Acknowledgements: Many of the algorithms used in this driver are
64  * inspired by the work of Julian Elischer (julian@tfs.com) and
65  * Charles Hannum (mycroft@duality.gnu.ai.mit.edu).  Thanks a million!
66  */
67 
68 #include <sys/types.h>
69 #include <sys/param.h>
70 #include <sys/systm.h>
71 #include <sys/kernel.h>
72 #include <sys/errno.h>
73 #include <sys/ioctl.h>
74 #include <sys/device.h>
75 #include <sys/buf.h>
76 #include <sys/malloc.h>
77 #include <sys/proc.h>
78 #include <sys/user.h>
79 #include <sys/queue.h>
80 #include <sys/pool.h>
81 
82 #include <scsi/scsi_all.h>
83 #include <scsi/scsiconf.h>
84 #include <scsi/scsi_message.h>
85 
86 #include <machine/cpu.h>
87 
88 #include <dev/ic/ncr53c9xreg.h>
89 #include <dev/ic/ncr53c9xvar.h>
90 
91 int ncr53c9x_debug = 0; /*NCR_SHOWPHASE|NCR_SHOWMISC|NCR_SHOWTRAC|NCR_SHOWCMDS;*/
92 #ifdef DEBUG
93 int ncr53c9x_notag = 0;
94 #endif
95 
96 /*static*/ void	ncr53c9x_readregs(struct ncr53c9x_softc *);
97 /*static*/ void	ncr53c9x_select(struct ncr53c9x_softc *,
98 					    struct ncr53c9x_ecb *);
99 /*static*/ int ncr53c9x_reselect(struct ncr53c9x_softc *, int, int, int);
100 /*static*/ void	ncr53c9x_scsi_reset(struct ncr53c9x_softc *);
101 /*static*/ int	ncr53c9x_poll(struct ncr53c9x_softc *,
102 					    struct scsi_xfer *, int);
103 /*static*/ void	ncr53c9x_sched(struct ncr53c9x_softc *);
104 /*static*/ void	ncr53c9x_done(struct ncr53c9x_softc *,
105 					    struct ncr53c9x_ecb *);
106 /*static*/ void	ncr53c9x_msgin(struct ncr53c9x_softc *);
107 /*static*/ void	ncr53c9x_msgout(struct ncr53c9x_softc *);
108 /*static*/ void	ncr53c9x_timeout(void *arg);
109 /*static*/ void ncr53c9x_watch(void *arg);
110 /*static*/ void	ncr53c9x_abort(struct ncr53c9x_softc *,
111 					    struct ncr53c9x_ecb *);
112 /*static*/ void ncr53c9x_dequeue(struct ncr53c9x_softc *,
113 					    struct ncr53c9x_ecb *);
114 
115 void ncr53c9x_sense(struct ncr53c9x_softc *,
116 					    struct ncr53c9x_ecb *);
117 void ncr53c9x_free_ecb(struct ncr53c9x_softc *,
118 					    struct ncr53c9x_ecb *, int);
119 struct ncr53c9x_ecb *ncr53c9x_get_ecb(struct ncr53c9x_softc *, int);
120 
121 static inline int ncr53c9x_stp2cpb(struct ncr53c9x_softc *, int);
122 static inline void ncr53c9x_setsync(struct ncr53c9x_softc *,
123 					    struct ncr53c9x_tinfo *);
124 static struct ncr53c9x_linfo *ncr53c9x_lunsearch(struct ncr53c9x_tinfo *,
125     int64_t lun);
126 
127 static void ncr53c9x_wrfifo(struct ncr53c9x_softc *, u_char *, int);
128 static int ncr53c9x_rdfifo(struct ncr53c9x_softc *, int);
129 #define NCR_RDFIFO_START	0
130 #define NCR_RDFIFO_CONTINUE	1
131 
132 #define NCR_SET_COUNT(sc, size) do {						\
133 			NCR_WRITE_REG((sc), NCR_TCL, (size));			\
134 			NCR_WRITE_REG((sc), NCR_TCM, (size) >> 8);		\
135 			if ((sc->sc_cfg2 & NCRCFG2_FE) ||			\
136 			    (sc->sc_rev == NCR_VARIANT_FAS366)) {		\
137 				NCR_WRITE_REG((sc), NCR_TCH, (size) >> 16);	\
138 			}							\
139 			if (sc->sc_rev == NCR_VARIANT_FAS366) {			\
140 				NCR_WRITE_REG(sc, NCR_RCH, 0);			\
141 			}							\
142 } while (0)
143 
144 static int ecb_pool_initialized = 0;
145 static struct pool ecb_pool;
146 
147 struct cfdriver esp_cd = {
148 	NULL, "esp", DV_DULL
149 };
150 
151 /*
152  * Names for the NCR53c9x variants, corresponding to the variant tags
153  * in ncr53c9xvar.h.
154  */
155 const char *ncr53c9x_variant_names[] = {
156 	"ESP100",
157 	"ESP100A",
158 	"ESP200",
159 	"NCR53C94",
160 	"NCR53C96",
161 	"ESP406",
162 	"FAS408",
163 	"FAS216",
164 	"AM53C974",
165 	"FAS366/HME",
166 };
167 
168 /*
169  * Search linked list for LUN info by LUN id.
170  */
171 static struct ncr53c9x_linfo *
ncr53c9x_lunsearch(ti,lun)172 ncr53c9x_lunsearch(ti, lun)
173 	struct ncr53c9x_tinfo *ti;
174 	int64_t lun;
175 {
176 	struct ncr53c9x_linfo *li;
177 	LIST_FOREACH(li, &ti->luns, link)
178 	    if (li->lun == lun)
179 		    return (li);
180 	return (NULL);
181 }
182 
183 /*
184  * Attach this instance, and then all the sub-devices
185  */
186 void
ncr53c9x_attach(sc,adapter,dev)187 ncr53c9x_attach(sc, adapter, dev)
188 	struct ncr53c9x_softc *sc;
189 	struct scsi_adapter *adapter;
190 	struct scsi_device *dev;
191 {
192 	timeout_set(&sc->sc_watchdog, ncr53c9x_watch, sc);
193 	/*
194 	 * Allocate SCSI message buffers.
195 	 * Front-ends can override allocation to avoid alignment
196 	 * handling in the DMA engines. Note that that ncr53c9x_msgout()
197 	 * can request a 1 byte DMA transfer.
198 	 */
199 	if (sc->sc_omess == NULL)
200 		sc->sc_omess = malloc(NCR_MAX_MSG_LEN, M_DEVBUF, M_NOWAIT);
201 
202 	if (sc->sc_imess == NULL)
203 		sc->sc_imess = malloc(NCR_MAX_MSG_LEN+1, M_DEVBUF, M_NOWAIT);
204 
205 	if (sc->sc_omess == NULL || sc->sc_imess == NULL) {
206 		printf("out of memory\n");
207 		return;
208 	}
209 
210 	/*
211 	 * Note, the front-end has set us up to print the chip variation.
212 	 */
213 	if (sc->sc_rev >= NCR_VARIANT_MAX) {
214 		printf("\n%s: unknown variant %d, devices not attached\n",
215 		    sc->sc_dev.dv_xname, sc->sc_rev);
216 		return;
217 	}
218 
219 	printf(": %s, %dMHz, SCSI ID %d\n",
220 	    ncr53c9x_variant_names[sc->sc_rev], sc->sc_freq, sc->sc_id);
221 
222 	sc->sc_ccf = FREQTOCCF(sc->sc_freq);
223 
224 	/* The value *must not* be == 1. Make it 2 */
225 	if (sc->sc_ccf == 1)
226 		sc->sc_ccf = 2;
227 
228 	/*
229 	 * The recommended timeout is 250ms. This register is loaded
230 	 * with a value calculated as follows, from the docs:
231 	 *
232 	 *		(timout period) x (CLK frequency)
233 	 *	reg = -------------------------------------
234 	 *		 8192 x (Clock Conversion Factor)
235 	 *
236 	 * Since CCF has a linear relation to CLK, this generally computes
237 	 * to the constant of 153.
238 	 */
239 	sc->sc_timeout = ((250 * 1000) * sc->sc_freq) / (8192 * sc->sc_ccf);
240 
241 	/* CCF register only has 3 bits; 0 is actually 8 */
242 	sc->sc_ccf &= 7;
243 
244 	/* Reset state & bus */
245 	sc->sc_cfflags = sc->sc_dev.dv_cfdata->cf_flags;
246 	sc->sc_state = 0;
247 	ncr53c9x_init(sc, 1);
248 
249 	/*
250 	 * fill in the prototype scsi_link.
251 	 */
252 	sc->sc_link.adapter_softc = sc;
253 	sc->sc_link.adapter_target = sc->sc_id;
254 	sc->sc_link.adapter = adapter;
255 	sc->sc_link.device = dev;
256 	sc->sc_link.openings = 2;
257 
258 	/*
259 	 * Now try to attach all the sub-devices
260 	 */
261 	config_found(&sc->sc_dev, &sc->sc_link, scsiprint);
262 	timeout_add(&sc->sc_watchdog, 60*hz);
263 }
264 
265 /*
266  * This is the generic ncr53c9x reset function. It does not reset the SCSI bus,
267  * only this controller, but kills any on-going commands, and also stops
268  * and resets the DMA.
269  *
270  * After reset, registers are loaded with the defaults from the attach
271  * routine above.
272  */
273 void
ncr53c9x_reset(sc)274 ncr53c9x_reset(sc)
275 	struct ncr53c9x_softc *sc;
276 {
277 
278 	/* reset DMA first */
279 	NCRDMA_RESET(sc);
280 
281 	/* reset SCSI chip */
282 	NCRCMD(sc, NCRCMD_RSTCHIP);
283 	NCRCMD(sc, NCRCMD_NOP);
284 	DELAY(500);
285 
286 	/* do these backwards, and fall through */
287 	switch (sc->sc_rev) {
288 	case NCR_VARIANT_ESP406:
289 	case NCR_VARIANT_FAS408:
290 		NCR_WRITE_REG(sc, NCR_CFG5, sc->sc_cfg5 | NCRCFG5_SINT);
291 		NCR_WRITE_REG(sc, NCR_CFG4, sc->sc_cfg4);
292 	case NCR_VARIANT_AM53C974:
293 	case NCR_VARIANT_FAS216:
294 	case NCR_VARIANT_NCR53C94:
295 	case NCR_VARIANT_NCR53C96:
296 	case NCR_VARIANT_ESP200:
297 		sc->sc_features |= NCR_F_HASCFG3;
298 		NCR_WRITE_REG(sc, NCR_CFG3, sc->sc_cfg3);
299 	case NCR_VARIANT_ESP100A:
300 		sc->sc_features |= NCR_F_SELATN3;
301 		NCR_WRITE_REG(sc, NCR_CFG2, sc->sc_cfg2);
302 	case NCR_VARIANT_ESP100:
303 		NCR_WRITE_REG(sc, NCR_CFG1, sc->sc_cfg1);
304 		NCR_WRITE_REG(sc, NCR_CCF, sc->sc_ccf);
305 		NCR_WRITE_REG(sc, NCR_SYNCOFF, 0);
306 		NCR_WRITE_REG(sc, NCR_TIMEOUT, sc->sc_timeout);
307 		break;
308 	case NCR_VARIANT_FAS366:
309 		sc->sc_features |=
310 		    NCR_F_SELATN3 | NCR_F_HASCFG3 | NCR_F_FASTSCSI;
311 		sc->sc_cfg3 = NCRFASCFG3_FASTCLK | NCRFASCFG3_OBAUTO;
312 		sc->sc_cfg3_fscsi = NCRFASCFG3_FASTSCSI;
313 		NCR_WRITE_REG(sc, NCR_CFG3, sc->sc_cfg3);
314 		sc->sc_cfg2 = 0; /* NCRCFG2_HMEFE | NCRCFG2_HME32 */
315 		NCR_WRITE_REG(sc, NCR_CFG2, sc->sc_cfg2);
316 		NCR_WRITE_REG(sc, NCR_CFG1, sc->sc_cfg1);
317 		NCR_WRITE_REG(sc, NCR_CCF, sc->sc_ccf);
318 		NCR_WRITE_REG(sc, NCR_SYNCOFF, 0);
319 		NCR_WRITE_REG(sc, NCR_TIMEOUT, sc->sc_timeout);
320 		break;
321 	default:
322 		printf("%s: unknown revision code, assuming ESP100\n",
323 		    sc->sc_dev.dv_xname);
324 		NCR_WRITE_REG(sc, NCR_CFG1, sc->sc_cfg1);
325 		NCR_WRITE_REG(sc, NCR_CCF, sc->sc_ccf);
326 		NCR_WRITE_REG(sc, NCR_SYNCOFF, 0);
327 		NCR_WRITE_REG(sc, NCR_TIMEOUT, sc->sc_timeout);
328 	}
329 
330 	if (sc->sc_rev == NCR_VARIANT_AM53C974)
331 		NCR_WRITE_REG(sc, NCR_AMDCFG4, sc->sc_cfg4);
332 
333 #if 0
334 	printf("%s: ncr53c9x_reset: revision %d\n",
335 	    sc->sc_dev.dv_xname, sc->sc_rev);
336 	printf("%s: ncr53c9x_reset: cfg1 0x%x, cfg2 0x%x, cfg3 0x%x, ccf 0x%x, timeout 0x%x\n",
337 	    sc->sc_dev.dv_xname,
338 	    sc->sc_cfg1, sc->sc_cfg2, sc->sc_cfg3,
339 	    sc->sc_ccf, sc->sc_timeout);
340 #endif
341 }
342 
343 /*
344  * Reset the SCSI bus, but not the chip
345  */
346 void
ncr53c9x_scsi_reset(sc)347 ncr53c9x_scsi_reset(sc)
348 	struct ncr53c9x_softc *sc;
349 {
350 
351 	(*sc->sc_glue->gl_dma_stop)(sc);
352 
353 	printf("%s: resetting SCSI bus\n", sc->sc_dev.dv_xname);
354 	NCRCMD(sc, NCRCMD_RSTSCSI);
355 }
356 
357 /*
358  * Initialize ncr53c9x state machine
359  */
360 void
ncr53c9x_init(sc,doreset)361 ncr53c9x_init(sc, doreset)
362 	struct ncr53c9x_softc *sc;
363 	int doreset;
364 {
365 	struct ncr53c9x_ecb *ecb;
366 	struct ncr53c9x_linfo *li;
367 	int r, i;
368 
369 	NCR_TRACE(("[NCR_INIT(%d) %d] ", doreset, sc->sc_state));
370 
371 	if (!ecb_pool_initialized) {
372 		/* All instances share this pool */
373 		pool_init(&ecb_pool, sizeof(struct ncr53c9x_ecb), 0, 0, 0,
374 		    "ncr53c9x_ecb", NULL);
375 		ecb_pool_initialized = 1;
376 	}
377 
378 	if (sc->sc_state == 0) {
379 		/* First time through; initialize. */
380 
381 		TAILQ_INIT(&sc->ready_list);
382 		sc->sc_nexus = NULL;
383 		bzero(sc->sc_tinfo, sizeof(sc->sc_tinfo));
384 		for (r = 0; r < NCR_NTARG; r++) {
385 			LIST_INIT(&sc->sc_tinfo[r].luns);
386 		}
387 	} else {
388 		/* Cancel any active commands. */
389 		sc->sc_state = NCR_CLEANING;
390 		sc->sc_msgify = 0;
391 		if ((ecb = sc->sc_nexus) != NULL) {
392 			ecb->xs->error = XS_TIMEOUT;
393 			ncr53c9x_done(sc, ecb);
394 		}
395 		for (r = 0; r < 8; r++) {
396 			LIST_FOREACH(li, &sc->sc_tinfo[r].luns, link) {
397 				if ((ecb = li->untagged)) {
398 					li->untagged = NULL;
399 					/*
400 					 * XXXXXXX
401 					 * Should we terminate a command
402 					 * that never reached the disk?
403 					 */
404 					li->busy = 0;
405 					ecb->xs->error = XS_TIMEOUT;
406 					ncr53c9x_done(sc, ecb);
407 				}
408 				for (i = 0; i<256; i++)
409 					if ((ecb = li->queued[i])) {
410 						li->queued[i] = NULL;
411 						ecb->xs->error = XS_TIMEOUT;
412 						ncr53c9x_done(sc, ecb);
413 					}
414 				li->used = 0;
415 			}
416 		}
417 	}
418 
419 	/*
420 	 * reset the chip to a known state
421 	 */
422 	ncr53c9x_reset(sc);
423 
424 	sc->sc_phase = sc->sc_prevphase = INVALID_PHASE;
425 	for (r = 0; r < 8; r++) {
426 		struct ncr53c9x_tinfo *ti = &sc->sc_tinfo[r];
427 /* XXX - config flags per target: low bits: no reselect; high bits: no synch */
428 
429                 ti->flags = ((sc->sc_minsync && !(sc->sc_cfflags & (1<<(r+8))))
430 		    ? 0 : T_SYNCHOFF) |
431 		    ((sc->sc_cfflags & (1<<r)) ? T_RSELECTOFF : 0) |
432 		    T_NEED_TO_RESET;
433 #ifdef DEBUG
434 		 if (ncr53c9x_notag)
435 			 ti->flags &= ~T_TAG;
436 #endif
437 		ti->period = sc->sc_minsync;
438 		ti->offset = 0;
439 		ti->cfg3 = 0;
440 	}
441 
442 	if (doreset) {
443 		sc->sc_state = NCR_SBR;
444 		NCRCMD(sc, NCRCMD_RSTSCSI);
445 	} else {
446 		sc->sc_state = NCR_IDLE;
447 		ncr53c9x_sched(sc);
448 	}
449 }
450 
451 /*
452  * Read the NCR registers, and save their contents for later use.
453  * NCR_STAT, NCR_STEP & NCR_INTR are mostly zeroed out when reading
454  * NCR_INTR - so make sure it is the last read.
455  *
456  * I think that (from reading the docs) most bits in these registers
457  * only make sense when he DMA CSR has an interrupt showing. Call only
458  * if an interrupt is pending.
459  */
460 __inline__ void
ncr53c9x_readregs(sc)461 ncr53c9x_readregs(sc)
462 	struct ncr53c9x_softc *sc;
463 {
464 
465 	sc->sc_espstat = NCR_READ_REG(sc, NCR_STAT);
466 	/* Only the stepo bits are of interest */
467 	sc->sc_espstep = NCR_READ_REG(sc, NCR_STEP) & NCRSTEP_MASK;
468 
469 	if (sc->sc_rev == NCR_VARIANT_FAS366)
470 		sc->sc_espstat2 = NCR_READ_REG(sc, NCR_STAT2);
471 
472 	sc->sc_espintr = NCR_READ_REG(sc, NCR_INTR);
473 
474 	if (sc->sc_glue->gl_clear_latched_intr != NULL)
475 		(*sc->sc_glue->gl_clear_latched_intr)(sc);
476 
477 	/*
478 	 * Determine the SCSI bus phase, return either a real SCSI bus phase
479 	 * or some pseudo phase we use to detect certain exceptions.
480 	 */
481 
482 	sc->sc_phase = (sc->sc_espintr & NCRINTR_DIS)
483 			? /* Disconnected */ BUSFREE_PHASE
484 			: sc->sc_espstat & NCRSTAT_PHASE;
485 
486 	NCR_MISC(("regs[intr=%02x,stat=%02x,step=%02x,stat2=%02x] ",
487 		sc->sc_espintr, sc->sc_espstat, sc->sc_espstep, sc->sc_espstat2));
488 }
489 
490 /*
491  * Convert Synchronous Transfer Period to chip register Clock Per Byte value.
492  */
493 static inline int
ncr53c9x_stp2cpb(sc,period)494 ncr53c9x_stp2cpb(sc, period)
495 	struct ncr53c9x_softc *sc;
496 	int period;
497 {
498 	int v;
499 	v = (sc->sc_freq * period) / 250;
500 	if (ncr53c9x_cpb2stp(sc, v) < period)
501 		/* Correct round-down error */
502 		v++;
503 	return (v);
504 }
505 
506 static inline void
ncr53c9x_setsync(sc,ti)507 ncr53c9x_setsync(sc, ti)
508 	struct ncr53c9x_softc *sc;
509 	struct ncr53c9x_tinfo *ti;
510 {
511 	u_char syncoff, synctp;
512 	u_char cfg3 = sc->sc_cfg3 | ti->cfg3;
513 
514 	if (ti->flags & T_SYNCMODE) {
515 		syncoff = ti->offset;
516 		synctp = ncr53c9x_stp2cpb(sc, ti->period);
517 		if (sc->sc_features & NCR_F_FASTSCSI) {
518 			/*
519 			 * If the period is 200ns or less (ti->period <= 50),
520 			 * put the chip in Fast SCSI mode.
521 			 */
522 			if (ti->period <= 50)
523 				/*
524 				 * There are (at least) 4 variations of the
525 				 * configuration 3 register.  The drive attach
526 				 * routine sets the appropriate bit to put the
527 				 * chip into Fast SCSI mode so that it doesn't
528 				 * have to be figured out here each time.
529 				 */
530 				cfg3 |= (sc->sc_rev == NCR_VARIANT_AM53C974) ?
531 				    NCRAMDCFG3_FSCSI : NCRCFG3_FSCSI;
532 		}
533 
534 		/*
535 		 * Am53c974 requires different SYNCTP values when the
536 		 * FSCSI bit is off.
537 		 */
538 		if (sc->sc_rev == NCR_VARIANT_AM53C974 &&
539 		    (cfg3 & NCRAMDCFG3_FSCSI) == 0)
540 			synctp--;
541 	} else {
542 		syncoff = 0;
543 		synctp = 0;
544 	}
545 
546 	if (sc->sc_features & NCR_F_HASCFG3)
547 		NCR_WRITE_REG(sc, NCR_CFG3, cfg3);
548 
549 	NCR_WRITE_REG(sc, NCR_SYNCOFF, syncoff);
550 	NCR_WRITE_REG(sc, NCR_SYNCTP, synctp);
551 }
552 
553 /*
554  * Send a command to a target, set the driver state to NCR_SELECTING
555  * and let the caller take care of the rest.
556  *
557  * Keeping this as a function allows me to say that this may be done
558  * by DMA instead of programmed I/O soon.
559  */
560 void
ncr53c9x_select(sc,ecb)561 ncr53c9x_select(sc, ecb)
562 	struct ncr53c9x_softc *sc;
563 	struct ncr53c9x_ecb *ecb;
564 {
565 	struct scsi_link *sc_link = ecb->xs->sc_link;
566 	int target = sc_link->target;
567 	int lun = sc_link->lun;
568 	struct ncr53c9x_tinfo *ti = &sc->sc_tinfo[target];
569 	int tiflags = ti->flags;
570 	u_char *cmd;
571 	int clen;
572 	int selatn3, selatns;
573 	size_t dmasize;
574 
575 	NCR_TRACE(("[ncr53c9x_select(t%d,l%d,cmd:%x,tag%x,%x)] ",
576 		   target, lun, ecb->cmd.cmd.opcode, ecb->tag[0], ecb->tag[1]));
577 
578 	sc->sc_state = NCR_SELECTING;
579 	/*
580 	 * Schedule the timeout now, the first time we will go away
581 	 * expecting to come back due to an interrupt, because it is
582 	 * always possible that the interrupt may never happen.
583 	 */
584 	if ((ecb->xs->flags & SCSI_POLL) == 0) {
585 		int timeout = ecb->timeout;
586 
587 		if (timeout > 1000000)
588 			timeout = (timeout / 1000) * hz;
589 		else
590 			timeout = (timeout * hz) / 1000;
591 		timeout_add(&ecb->to, timeout);
592 	}
593 
594 	/*
595 	 * The docs say the target register is never reset, and I
596 	 * can't think of a better place to set it
597 	 */
598 	if (sc->sc_rev == NCR_VARIANT_FAS366) {
599 		NCRCMD(sc, NCRCMD_FLUSH);
600 		NCR_WRITE_REG(sc, NCR_SELID, target | NCR_BUSID_HME);
601 	} else {
602 		NCR_WRITE_REG(sc, NCR_SELID, target);
603 	}
604 	ncr53c9x_setsync(sc, ti);
605 
606 	if ((ecb->flags & ECB_SENSE) != 0) {
607 		/*
608 		 * For REQUEST SENSE, we should not send an IDENTIFY or
609 		 * otherwise mangle the target.  There should be no MESSAGE IN
610 		 * phase.
611 		 */
612 		if (sc->sc_features & NCR_F_DMASELECT) {
613 			/* setup DMA transfer for command */
614 			dmasize = clen = ecb->clen;
615 			sc->sc_cmdlen = clen;
616 			sc->sc_cmdp = (caddr_t)&ecb->cmd.cmd;
617 
618 			/* Program the SCSI counter */
619 			NCR_SET_COUNT(sc, dmasize);
620 
621 			if (sc->sc_rev != NCR_VARIANT_FAS366)
622 				NCRCMD(sc, NCRCMD_NOP|NCRCMD_DMA);
623 
624 			/* And get the targets attention */
625 			NCRCMD(sc, NCRCMD_SELNATN | NCRCMD_DMA);
626 			NCRDMA_SETUP(sc, &sc->sc_cmdp, &sc->sc_cmdlen, 0, &dmasize);
627 			NCRDMA_GO(sc);
628 		} else {
629 			ncr53c9x_wrfifo(sc, (u_char *)&ecb->cmd.cmd, ecb->clen);
630 			NCRCMD(sc, NCRCMD_SELNATN);
631 		}
632 		return;
633 	}
634 
635 	selatn3 = selatns = 0;
636 	if (ecb->tag[0] != 0) {
637 		if (sc->sc_features & NCR_F_SELATN3)
638 			/* use SELATN3 to send tag messages */
639 			selatn3 = 1;
640 		else
641 			/* We don't have SELATN3; use SELATNS to send tags */
642 			selatns = 1;
643 	}
644 
645 	if (ti->flags & T_NEGOTIATE) {
646 		/* We have to use SELATNS to send sync/wide messages */
647 		selatn3 = 0;
648 		selatns = 1;
649 	}
650 
651 	cmd = (u_char *)&ecb->cmd.cmd;
652 
653 	if (selatn3) {
654 		/* We'll use tags with SELATN3 */
655 		clen = ecb->clen + 3;
656 		cmd -= 3;
657 		cmd[0] = MSG_IDENTIFY(lun, 1);	/* msg[0] */
658 		cmd[1] = ecb->tag[0];		/* msg[1] */
659 		cmd[2] = ecb->tag[1];		/* msg[2] */
660 	} else {
661 		/* We don't have tags, or will send messages with SELATNS */
662 		clen = ecb->clen + 1;
663 		cmd -= 1;
664 		cmd[0] = MSG_IDENTIFY(lun, (tiflags & T_RSELECTOFF) == 0);
665 	}
666 
667 	if ((sc->sc_features & NCR_F_DMASELECT) && !selatns) {
668 
669 		/* setup DMA transfer for command */
670 		dmasize = clen;
671 		sc->sc_cmdlen = clen;
672 		sc->sc_cmdp = cmd;
673 
674 		/* Program the SCSI counter */
675 		NCR_SET_COUNT(sc, dmasize);
676 
677 		/* load the count in */
678 		/* if (sc->sc_rev != NCR_VARIANT_FAS366) */
679 			NCRCMD(sc, NCRCMD_NOP|NCRCMD_DMA);
680 
681 		/* And get the targets attention */
682 		if (selatn3) {
683 			sc->sc_msgout = SEND_TAG;
684 			sc->sc_flags |= NCR_ATN;
685 			NCRCMD(sc, NCRCMD_SELATN3 | NCRCMD_DMA);
686 		} else
687 			NCRCMD(sc, NCRCMD_SELATN | NCRCMD_DMA);
688 		NCRDMA_SETUP(sc, &sc->sc_cmdp, &sc->sc_cmdlen, 0, &dmasize);
689 		NCRDMA_GO(sc);
690 		return;
691 	}
692 
693 	/*
694 	 * Who am I. This is where we tell the target that we are
695 	 * happy for it to disconnect etc.
696 	 */
697 
698 	/* Now get the command into the FIFO */
699 	ncr53c9x_wrfifo(sc, cmd, clen);
700 
701 	/* And get the targets attention */
702 	if (selatns) {
703 		NCR_MISC(("SELATNS \n"));
704 		/* Arbitrate, select and stop after IDENTIFY message */
705 		NCRCMD(sc, NCRCMD_SELATNS);
706 	} else if (selatn3) {
707 		sc->sc_msgout = SEND_TAG;
708 		sc->sc_flags |= NCR_ATN;
709 		NCRCMD(sc, NCRCMD_SELATN3);
710 	} else
711 		NCRCMD(sc, NCRCMD_SELATN);
712 }
713 
714 void
ncr53c9x_free_ecb(sc,ecb,flags)715 ncr53c9x_free_ecb(sc, ecb, flags)
716 	struct ncr53c9x_softc *sc;
717 	struct ncr53c9x_ecb *ecb;
718 	int flags;
719 {
720 	int s;
721 
722 	s = splbio();
723 	ecb->flags = 0;
724 	pool_put(&ecb_pool, (void *)ecb);
725 	splx(s);
726 }
727 
728 struct ncr53c9x_ecb *
ncr53c9x_get_ecb(sc,flags)729 ncr53c9x_get_ecb(sc, flags)
730 	struct ncr53c9x_softc *sc;
731 	int flags;
732 {
733 	struct ncr53c9x_ecb *ecb;
734 	int s, wait = 0;
735 
736 	if ((curproc != NULL) && ((flags & SCSI_NOSLEEP) == 0))
737 		wait = PR_WAITOK;
738 
739 	s = splbio();
740 	ecb = (struct ncr53c9x_ecb *)pool_get(&ecb_pool, wait);
741 	splx(s);
742 	if (ecb == NULL)
743 		return (NULL);
744 	bzero(ecb, sizeof(*ecb));
745 	timeout_set(&ecb->to, ncr53c9x_timeout, ecb);
746 	ecb->flags |= ECB_ALLOC;
747 	return (ecb);
748 }
749 
750 /*
751  * DRIVER FUNCTIONS CALLABLE FROM HIGHER LEVEL DRIVERS
752  */
753 
754 /*
755  * Start a SCSI-command
756  * This function is called by the higher level SCSI-driver to queue/run
757  * SCSI-commands.
758  */
759 int
ncr53c9x_scsi_cmd(xs)760 ncr53c9x_scsi_cmd(xs)
761 	struct scsi_xfer *xs;
762 {
763 	struct scsi_link *sc_link = xs->sc_link;
764 	struct ncr53c9x_softc *sc = sc_link->adapter_softc;
765 	struct ncr53c9x_ecb *ecb;
766 	struct ncr53c9x_tinfo *ti;
767 	struct ncr53c9x_linfo *li;
768 	int64_t lun = sc_link->lun;
769 	int s, flags;
770 
771 	NCR_TRACE(("[ncr53c9x_scsi_cmd] "));
772 	NCR_CMDS(("[0x%x, %d]->%d ", (int)xs->cmd->opcode, xs->cmdlen,
773 	    sc_link->target));
774 
775 	flags = xs->flags;
776 	ti = &sc->sc_tinfo[sc_link->target];
777 	li = TINFO_LUN(ti, lun);
778 	if (li == NULL) {
779 		/* Initialize LUN info and add to list. */
780 		if ((li = malloc(sizeof(*li), M_DEVBUF, M_NOWAIT)) == NULL) {
781 			return (TRY_AGAIN_LATER);
782 		}
783 		bzero(li, sizeof(*li));
784 		li->last_used = time.tv_sec;
785 		li->lun = lun;
786 		s = splbio();
787 		LIST_INSERT_HEAD(&ti->luns, li, link);
788 		if (lun < NCR_NLUN)
789 			ti->lun[lun] = li;
790 		splx(s);
791 	}
792 
793 	if ((ecb = ncr53c9x_get_ecb(sc, flags)) == NULL)
794 		return (TRY_AGAIN_LATER);
795 
796 	/* Initialize ecb */
797 	ecb->xs = xs;
798 	ecb->timeout = xs->timeout;
799 
800 	if (flags & SCSI_RESET) {
801 		ecb->flags |= ECB_RESET;
802 		ecb->clen = 0;
803 		ecb->dleft = 0;
804 	} else {
805 		bcopy(xs->cmd, &ecb->cmd.cmd, xs->cmdlen);
806 		ecb->clen = xs->cmdlen;
807 		ecb->daddr = xs->data;
808 		ecb->dleft = xs->datalen;
809 	}
810 	ecb->stat = 0;
811 
812 	s = splbio();
813 
814 	TAILQ_INSERT_TAIL(&sc->ready_list, ecb, chain);
815 	ecb->flags |= ECB_READY;
816 	if (sc->sc_state == NCR_IDLE)
817 		ncr53c9x_sched(sc);
818 
819 	splx(s);
820 
821 	if ((flags & SCSI_POLL) == 0)
822 		return (SUCCESSFULLY_QUEUED);
823 
824 	/* Not allowed to use interrupts, use polling instead */
825 	if (ncr53c9x_poll(sc, xs, ecb->timeout)) {
826 		ncr53c9x_timeout(ecb);
827 		if (ncr53c9x_poll(sc, xs, ecb->timeout))
828 			ncr53c9x_timeout(ecb);
829 	}
830 	return (COMPLETE);
831 }
832 
833 /*
834  * Used when interrupt driven I/O isn't allowed, e.g. during boot.
835  */
836 int
ncr53c9x_poll(sc,xs,count)837 ncr53c9x_poll(sc, xs, count)
838 	struct ncr53c9x_softc *sc;
839 	struct scsi_xfer *xs;
840 	int count;
841 {
842 
843 	NCR_TRACE(("[ncr53c9x_poll] "));
844 	while (count) {
845 		if (NCRDMA_ISINTR(sc)) {
846 			ncr53c9x_intr(sc);
847 		}
848 #if alternatively
849 		if (NCR_READ_REG(sc, NCR_STAT) & NCRSTAT_INT)
850 			ncr53c9x_intr(sc);
851 #endif
852 		if ((xs->flags & ITSDONE) != 0)
853 			return (0);
854 		if (sc->sc_state == NCR_IDLE) {
855 			NCR_TRACE(("[ncr53c9x_poll: rescheduling] "));
856 			ncr53c9x_sched(sc);
857 		}
858 		DELAY(1000);
859 		count--;
860 	}
861 	return (1);
862 }
863 
864 
865 /*
866  * LOW LEVEL SCSI UTILITIES
867  */
868 
869 /*
870  * Schedule a scsi operation.  This has now been pulled out of the interrupt
871  * handler so that we may call it from ncr53c9x_scsi_cmd and ncr53c9x_done.
872  * This may save us an unnecessary interrupt just to get things going.
873  * Should only be called when state == NCR_IDLE and at bio pl.
874  */
875 void
ncr53c9x_sched(sc)876 ncr53c9x_sched(sc)
877 	struct ncr53c9x_softc *sc;
878 {
879 	struct ncr53c9x_ecb *ecb;
880 	struct scsi_link *sc_link;
881 	struct ncr53c9x_tinfo *ti;
882 	int lun;
883 	struct ncr53c9x_linfo *li;
884 	int s, tag;
885 
886 	NCR_TRACE(("[ncr53c9x_sched] "));
887 	if (sc->sc_state != NCR_IDLE)
888 		panic("ncr53c9x_sched: not IDLE (state=%d)", sc->sc_state);
889 
890 	/*
891 	 * Find first ecb in ready queue that is for a target/lunit
892 	 * combinations that is not busy.
893 	 */
894 	for (ecb = sc->ready_list.tqh_first; ecb; ecb = ecb->chain.tqe_next) {
895 		sc_link = ecb->xs->sc_link;
896 		ti = &sc->sc_tinfo[sc_link->target];
897 		lun = sc_link->lun;
898 
899 		/* Select type of tag for this command */
900 		if ((ti->flags & (T_RSELECTOFF)) != 0)
901 			tag = 0;
902 		else if ((ti->flags & T_TAG) == 0)
903 			tag = 0;
904 		else if ((ecb->flags & ECB_SENSE) != 0)
905 			tag = 0;
906 		else if (ecb->xs->flags & SCSI_URGENT)
907 			tag = MSG_HEAD_OF_Q_TAG;
908 		else
909 			tag = MSG_SIMPLE_Q_TAG;
910 #if 0
911 		/* XXXX Use tags for polled commands? */
912 		if (ecb->xs->flags & SCSI_POLL)
913 			tag = 0;
914 #endif
915 		s = splbio();
916 		li = TINFO_LUN(ti, lun);
917 		if (!li) {
918 			/* Initialize LUN info and add to list. */
919 			if ((li = malloc(sizeof(*li), M_DEVBUF, M_NOWAIT)) == NULL) {
920 				splx(s);
921 				continue;
922 			}
923 			bzero(li, sizeof(*li));
924 			li->lun = lun;
925 
926 			LIST_INSERT_HEAD(&ti->luns, li, link);
927 			if (lun < NCR_NLUN)
928 				ti->lun[lun] = li;
929 		}
930 		li->last_used = time.tv_sec;
931 		if (!tag) {
932 			/* Try to issue this as an un-tagged command */
933 			if (!li->untagged)
934 				li->untagged = ecb;
935 		}
936 		if (li->untagged) {
937 			tag = 0;
938 			if ((li->busy != 1) && !li->used) {
939 				/* We need to issue this untagged command now */
940 				ecb = li->untagged;
941 				sc_link = ecb->xs->sc_link;
942 			}
943 			else {
944 				/* Not ready yet */
945 				splx(s);
946 				continue;
947 			}
948 		}
949 		ecb->tag[0] = tag;
950 		if (tag) {
951 			int i;
952 
953 			/* Allocate a tag */
954 			if (li->used == 255) {
955 				/* no free tags */
956 				splx(s);
957 				continue;
958 			}
959 			/* Start from the last used location */
960 			for (i=li->avail; i<256; i++) {
961 				if (li->queued[i] == NULL)
962 					break;
963 			}
964 			/* Couldn't find one, start again from the beginning */
965 			if (i == 256) {
966 				for (i = 0; i<256; i++) {
967 					if (li->queued[i] == NULL)
968 						break;
969 				}
970 			}
971 #ifdef DIAGNOSTIC
972 			if (i == 256)
973 				panic("ncr53c9x_sched: tag alloc failure");
974 #endif
975 
976 			/* Save where to start next time. */
977 			li->avail = i+1;
978 			li->used++;
979 
980 			li->queued[i] = ecb;
981 			ecb->tag[1] = i;
982 		}
983 		splx(s);
984 		if (li->untagged && (li->busy != 1)) {
985 			li->busy = 1;
986 			TAILQ_REMOVE(&sc->ready_list, ecb, chain);
987 			ecb->flags &= ~ECB_READY;
988 			sc->sc_nexus = ecb;
989 			ncr53c9x_select(sc, ecb);
990 			break;
991 		}
992 		if (!li->untagged && tag) {
993 			TAILQ_REMOVE(&sc->ready_list, ecb, chain);
994 			ecb->flags &= ~ECB_READY;
995 			sc->sc_nexus = ecb;
996 			ncr53c9x_select(sc, ecb);
997 			break;
998 		} else
999 			NCR_MISC(("%d:%d busy\n",
1000 				  sc_link->target,
1001 				  sc_link->lun));
1002 	}
1003 }
1004 
1005 void
ncr53c9x_sense(sc,ecb)1006 ncr53c9x_sense(sc, ecb)
1007 	struct ncr53c9x_softc *sc;
1008 	struct ncr53c9x_ecb *ecb;
1009 {
1010 	struct scsi_xfer *xs = ecb->xs;
1011 	struct scsi_link *sc_link = xs->sc_link;
1012 	struct ncr53c9x_tinfo *ti = &sc->sc_tinfo[sc_link->target];
1013 	struct scsi_sense *ss = (void *)&ecb->cmd.cmd;
1014 	struct ncr53c9x_linfo *li;
1015 	int lun = sc_link->lun;
1016 
1017 	NCR_MISC(("requesting sense "));
1018 	/* Next, setup a request sense command block */
1019 	bzero(ss, sizeof(*ss));
1020 	ss->opcode = REQUEST_SENSE;
1021 	ss->byte2 = sc_link->lun << 5;
1022 	ss->length = sizeof(struct scsi_sense_data);
1023 	ecb->clen = sizeof(*ss);
1024 	ecb->daddr = (char *)&xs->sense;
1025 	ecb->dleft = sizeof(struct scsi_sense_data);
1026 	ecb->flags |= ECB_SENSE;
1027 	ecb->timeout = NCR_SENSE_TIMEOUT;
1028 	ti->senses++;
1029 	li = TINFO_LUN(ti, lun);
1030 	if (li->busy) li->busy = 0;
1031 	ncr53c9x_dequeue(sc, ecb);
1032 	li->untagged = ecb;
1033 	li->busy = 2;
1034 	if (ecb == sc->sc_nexus) {
1035 		ncr53c9x_select(sc, ecb);
1036 	} else {
1037 		TAILQ_INSERT_HEAD(&sc->ready_list, ecb, chain);
1038 		ecb->flags |= ECB_READY;
1039 		if (sc->sc_state == NCR_IDLE)
1040 			ncr53c9x_sched(sc);
1041 	}
1042 }
1043 
1044 /*
1045  * POST PROCESSING OF SCSI_CMD (usually current)
1046  */
1047 void
ncr53c9x_done(sc,ecb)1048 ncr53c9x_done(sc, ecb)
1049 	struct ncr53c9x_softc *sc;
1050 	struct ncr53c9x_ecb *ecb;
1051 {
1052 	struct scsi_xfer *xs = ecb->xs;
1053 	struct scsi_link *sc_link = xs->sc_link;
1054 	struct ncr53c9x_tinfo *ti = &sc->sc_tinfo[sc_link->target];
1055 	int lun = sc_link->lun;
1056 	struct ncr53c9x_linfo *li = TINFO_LUN(ti, lun);
1057 
1058 	NCR_TRACE(("[ncr53c9x_done(error:%x)] ", xs->error));
1059 
1060 	timeout_del(&ecb->to);
1061 
1062 	if (ecb->stat == SCSI_QUEUE_FULL) {
1063 		/*
1064 		 * Set current throttle -- we should reset
1065 		 * this periodically
1066 		 */
1067 		sc_link->openings = li->used - 1;
1068 		printf("\n%s: QFULL -- throttling to %d commands\n",
1069 		    sc->sc_dev.dv_xname, sc_link->openings);
1070 	}
1071 
1072 	/*
1073 	 * Now, if we've come here with no error code, i.e. we've kept the
1074 	 * initial XS_NOERROR, and the status code signals that we should
1075 	 * check sense, we'll need to set up a request sense cmd block and
1076 	 * push the command back into the ready queue *before* any other
1077 	 * commands for this target/lunit, else we lose the sense info.
1078 	 * We don't support chk sense conditions for the request sense cmd.
1079 	 */
1080 	if (xs->error == XS_NOERROR) {
1081 		xs->status = ecb->stat;
1082 		if ((ecb->flags & ECB_ABORT) != 0) {
1083 			xs->error = XS_TIMEOUT;
1084 		} else if ((ecb->flags & ECB_SENSE) != 0) {
1085 			xs->error = XS_SENSE;
1086 		} else if ((ecb->stat & ST_MASK) == SCSI_CHECK) {
1087 			/* First, save the return values */
1088 			xs->resid = ecb->dleft;
1089 			ncr53c9x_sense(sc, ecb);
1090 			return;
1091 		} else {
1092 			xs->resid = ecb->dleft;
1093 		}
1094 	}
1095 
1096 	xs->flags |= ITSDONE;
1097 
1098 #ifdef NCR53C9X_DEBUG
1099 	if (ncr53c9x_debug & NCR_SHOWMISC) {
1100 		if (xs->resid != 0)
1101 			printf("resid=%lu ", (unsigned long)xs->resid);
1102 		if (xs->error == XS_SENSE)
1103 			printf("sense=0x%02x\n", xs->sense.error_code);
1104 		else
1105 			printf("error=%d\n", xs->error);
1106 	}
1107 #endif
1108 
1109 	/*
1110 	 * Remove the ECB from whatever queue it's on.
1111 	 */
1112 	ncr53c9x_dequeue(sc, ecb);
1113 	if (ecb == sc->sc_nexus) {
1114 		sc->sc_nexus = NULL;
1115 		if (sc->sc_state != NCR_CLEANING) {
1116 			sc->sc_state = NCR_IDLE;
1117 			ncr53c9x_sched(sc);
1118 		}
1119 	}
1120 
1121 	if (xs->error == XS_SELTIMEOUT) {
1122 		/* Selection timeout -- discard this LUN if empty */
1123 		if (!li->untagged && !li->used) {
1124 			if (lun < NCR_NLUN)
1125 				ti->lun[lun] = NULL;
1126 			LIST_REMOVE(li, link);
1127 			free(li, M_DEVBUF);
1128 		}
1129 	}
1130 
1131 	ncr53c9x_free_ecb(sc, ecb, xs->flags);
1132 	ti->cmds++;
1133 	scsi_done(xs);
1134 }
1135 
1136 void
ncr53c9x_dequeue(sc,ecb)1137 ncr53c9x_dequeue(sc, ecb)
1138 	struct ncr53c9x_softc *sc;
1139 	struct ncr53c9x_ecb *ecb;
1140 {
1141 	struct ncr53c9x_tinfo *ti =
1142 	    &sc->sc_tinfo[ecb->xs->sc_link->target];
1143 	struct ncr53c9x_linfo *li;
1144 	int64_t lun = ecb->xs->sc_link->lun;
1145 
1146 	li = TINFO_LUN(ti, lun);
1147 #ifdef DIAGNOSTIC
1148 	if ((!li) || (li->lun != lun))
1149 		panic("ncr53c9x_dequeue: lun %qx for ecb %p does not exist",
1150 		    (long long)lun, ecb);
1151 #endif
1152 	if (li->untagged == ecb) {
1153 		li->busy = 0;
1154 		li->untagged = NULL;
1155 	}
1156 	if (ecb->tag[0] && li->queued[ecb->tag[1]]) {
1157 #ifdef DIAGNOSTIC
1158 		if (li->queued[ecb->tag[1]] && (li->queued[ecb->tag[1]] != ecb))
1159 			panic("ncr53c9x_dequeue: slot %d for lun %qx has %p "
1160 			    "instead of ecb %p", ecb->tag[1],
1161 			    (long long)lun,
1162 			    li->queued[ecb->tag[1]], ecb);
1163 #endif
1164 		li->queued[ecb->tag[1]] = NULL;
1165 		li->used --;
1166 
1167 	}
1168 	if (ecb->flags & ECB_READY) {
1169 		ecb->flags &= ~ECB_READY;
1170 		TAILQ_REMOVE(&sc->ready_list, ecb, chain);
1171 	}
1172  }
1173 
1174 /*
1175  * INTERRUPT/PROTOCOL ENGINE
1176  */
1177 
1178 /*
1179  * Schedule an outgoing message by prioritizing it, and asserting
1180  * attention on the bus. We can only do this when we are the initiator
1181  * else there will be an illegal command interrupt.
1182  */
1183 #define ncr53c9x_sched_msgout(m) \
1184 	do {							\
1185 		NCR_MISC(("ncr53c9x_sched_msgout %x %d ", m, __LINE__));	\
1186 		NCRCMD(sc, NCRCMD_SETATN);			\
1187 		sc->sc_flags |= NCR_ATN;			\
1188 		sc->sc_msgpriq |= (m);				\
1189 	} while (0)
1190 
1191 static void
ncr53c9x_flushfifo(struct ncr53c9x_softc * sc)1192 ncr53c9x_flushfifo(struct ncr53c9x_softc *sc)
1193 {
1194 	NCR_MISC(("[flushfifo] "));
1195 
1196 	NCRCMD(sc, NCRCMD_FLUSH);
1197 
1198 	if (sc->sc_phase == COMMAND_PHASE ||
1199 	    sc->sc_phase == MESSAGE_OUT_PHASE)
1200 		DELAY(2);
1201 }
1202 
1203 static int
ncr53c9x_rdfifo(struct ncr53c9x_softc * sc,int how)1204 ncr53c9x_rdfifo(struct ncr53c9x_softc *sc, int how)
1205 {
1206 	int i, n;
1207 	u_char *buf;
1208 
1209 	switch(how) {
1210 	case NCR_RDFIFO_START:
1211 		buf = sc->sc_imess;
1212 		sc->sc_imlen = 0;
1213 		break;
1214 	case NCR_RDFIFO_CONTINUE:
1215 		buf = sc->sc_imess + sc->sc_imlen;
1216 		break;
1217 	default:
1218 		panic("ncr53c9x_rdfifo: bad flag");
1219 		break;
1220 	}
1221 
1222 	/*
1223 	 * XXX buffer (sc_imess) size for message
1224 	 */
1225 
1226 	n = NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF;
1227 
1228 	if (sc->sc_rev == NCR_VARIANT_FAS366) {
1229 		n *= 2;
1230 
1231 		for (i = 0; i < n; i++)
1232 			buf[i] = NCR_READ_REG(sc, NCR_FIFO);
1233 
1234 		if (sc->sc_espstat2 & FAS_STAT2_ISHUTTLE) {
1235 
1236 			NCR_WRITE_REG(sc, NCR_FIFO, 0);
1237 			buf[i++] = NCR_READ_REG(sc, NCR_FIFO);
1238 
1239 			NCR_READ_REG(sc, NCR_FIFO);
1240 
1241 			ncr53c9x_flushfifo(sc);
1242 		}
1243 	} else {
1244 		for (i = 0; i < n; i++)
1245 			buf[i] = NCR_READ_REG(sc, NCR_FIFO);
1246 	}
1247 
1248 	sc->sc_imlen += i;
1249 
1250 #ifdef NCR53C9X_DEBUG
1251 	{
1252 		int j;
1253 
1254 		NCR_TRACE(("\n[rdfifo %s (%d):",
1255 		    (how == NCR_RDFIFO_START) ? "start" : "cont",
1256 		    (int)sc->sc_imlen));
1257 		if (ncr53c9x_debug & NCR_SHOWTRAC) {
1258 			for (j = 0; j < sc->sc_imlen; j++)
1259 				printf(" %02x", sc->sc_imess[j]);
1260 			printf("]\n");
1261 		}
1262 	}
1263 #endif
1264 	return sc->sc_imlen;
1265 }
1266 
1267 static void
ncr53c9x_wrfifo(struct ncr53c9x_softc * sc,u_char * p,int len)1268 ncr53c9x_wrfifo(struct ncr53c9x_softc *sc, u_char *p, int len)
1269 {
1270 	int i;
1271 
1272 #ifdef NCR53C9X_DEBUG
1273 	NCR_MISC(("[wrfifo(%d):", len));
1274 	if (ncr53c9x_debug & NCR_SHOWTRAC) {
1275 		for (i = 0; i < len; i++)
1276 			printf(" %02x", p[i]);
1277 		printf("]\n");
1278 	}
1279 #endif
1280 
1281 	for (i = 0; i < len; i++) {
1282 		NCR_WRITE_REG(sc, NCR_FIFO, p[i]);
1283 
1284 		if (sc->sc_rev == NCR_VARIANT_FAS366)
1285 			NCR_WRITE_REG(sc, NCR_FIFO, 0);
1286 	}
1287 }
1288 
1289 int
ncr53c9x_reselect(sc,message,tagtype,tagid)1290 ncr53c9x_reselect(sc, message, tagtype, tagid)
1291 	struct ncr53c9x_softc *sc;
1292 	int message;
1293 	int tagtype;
1294 	int tagid;
1295 {
1296 	u_char selid, target, lun;
1297 	struct ncr53c9x_ecb *ecb = NULL;
1298 	struct ncr53c9x_tinfo *ti;
1299 	struct ncr53c9x_linfo *li;
1300 
1301 	if (sc->sc_rev == NCR_VARIANT_FAS366) {
1302 		target = sc->sc_selid;
1303 	} else {
1304 		/*
1305 		 * The SCSI chip made a snapshot of the data bus while the reselection
1306 		 * was being negotiated.  This enables us to determine which target did
1307 		 * the reselect.
1308 		 */
1309 		selid = sc->sc_selid & ~(1 << sc->sc_id);
1310 		if (selid & (selid - 1)) {
1311 			printf("%s: reselect with invalid selid %02x;"
1312 			    " sending DEVICE RESET\n", sc->sc_dev.dv_xname, selid);
1313 			goto reset;
1314 
1315 		}
1316 		target = ffs(selid) - 1;
1317 	}
1318 	lun = message & 0x07;
1319 
1320 	/*
1321 	 * Search wait queue for disconnected cmd
1322 	 * The list should be short, so I haven't bothered with
1323 	 * any more sophisticated structures than a simple
1324 	 * singly linked list.
1325 	 */
1326 	ti = &sc->sc_tinfo[target];
1327 	li = TINFO_LUN(ti, lun);
1328 
1329 	/*
1330 	 * We can get as far as the LUN with the IDENTIFY
1331 	 * message.  Check to see if we're running an
1332 	 * un-tagged command.  Otherwise ack the IDENTIFY
1333 	 * and wait for a tag message.
1334 	 */
1335 	if (li != NULL) {
1336 		if (li->untagged != NULL && li->busy)
1337 			ecb = li->untagged;
1338 		else if (tagtype != MSG_SIMPLE_Q_TAG) {
1339 			/* Wait for tag to come by */
1340 			sc->sc_state = NCR_IDENTIFIED;
1341 			return (0);
1342 		} else if (tagtype) ecb = li->queued[tagid];
1343 	}
1344 	if (ecb == NULL) {
1345 		printf("%s: reselect from target %d lun %d tag %x:%x with no nexus;"
1346 		    " sending ABORT\n", sc->sc_dev.dv_xname, target, lun, tagtype, tagid);
1347 		goto abort;
1348 	}
1349 
1350 	/* Make this nexus active again. */
1351 	sc->sc_state = NCR_CONNECTED;
1352 	sc->sc_nexus = ecb;
1353 	ncr53c9x_setsync(sc, ti);
1354 
1355 	if (ecb->flags & ECB_RESET)
1356 		ncr53c9x_sched_msgout(SEND_DEV_RESET);
1357 	else if (ecb->flags & ECB_ABORT)
1358 		ncr53c9x_sched_msgout(SEND_ABORT);
1359 
1360 	/* Do an implicit RESTORE POINTERS. */
1361 	sc->sc_dp = ecb->daddr;
1362 	sc->sc_dleft = ecb->dleft;
1363 
1364 	return (0);
1365 
1366 reset:
1367 	ncr53c9x_sched_msgout(SEND_DEV_RESET);
1368 	return (1);
1369 
1370 abort:
1371 	ncr53c9x_sched_msgout(SEND_ABORT);
1372 	return (1);
1373 }
1374 
1375 #define IS1BYTEMSG(m) (((m) != 1 && (m) < 0x20) || (m) & 0x80)
1376 #define IS2BYTEMSG(m) (((m) & 0xf0) == 0x20)
1377 #define ISEXTMSG(m) ((m) == 1)
1378 
1379 static inline int
__verify_msg_format(u_char * p,int len)1380 __verify_msg_format(u_char *p, int len)
1381 {
1382 
1383 	if (len == 1 && IS1BYTEMSG(p[0]))
1384 		return 1;
1385 	if (len == 2 && IS2BYTEMSG(p[0]))
1386 		return 1;
1387 	if (len >= 3 && ISEXTMSG(p[0]) &&
1388 	    len == p[1] + 2)
1389 		return 1;
1390 
1391 	return 0;
1392 }
1393 
1394 /*
1395  * Get an incoming message as initiator.
1396  *
1397  * The SCSI bus must already be in MESSAGE_IN_PHASE and there is a
1398  * byte in the FIFO
1399  */
1400 void
ncr53c9x_msgin(sc)1401 ncr53c9x_msgin(sc)
1402 	struct ncr53c9x_softc *sc;
1403 {
1404 
1405 	NCR_TRACE(("[ncr53c9x_msgin(curmsglen:%ld)] ", (long)sc->sc_imlen));
1406 
1407 	if (sc->sc_imlen == 0) {
1408 		printf("%s: msgin: no msg byte available\n", sc->sc_dev.dv_xname);
1409 		return;
1410 	}
1411 
1412 	/*
1413 	 * Prepare for a new message.  A message should (according
1414 	 * to the SCSI standard) be transmitted in one single
1415 	 * MESSAGE_IN_PHASE. If we have been in some other phase,
1416 	 * then this is a new message.
1417 	 */
1418 	if (sc->sc_prevphase != MESSAGE_IN_PHASE && sc->sc_state != NCR_RESELECTED) {
1419 		printf("%s: phase change, dropping message, prev %d, state %d\n",
1420 		    sc->sc_dev.dv_xname, sc->sc_prevphase, sc->sc_state);
1421 		sc->sc_flags &= ~NCR_DROP_MSGI;
1422 		sc->sc_imlen = 0;
1423 	}
1424 
1425 	NCR_TRACE(("<msgbyte:0x%02x>", sc->sc_imess[0]));
1426 
1427 	/*
1428 	 * If we're going to reject the message, don't bother storing
1429 	 * the incoming bytes.  But still, we need to ACK them.
1430 	 */
1431 	if ((sc->sc_flags & NCR_DROP_MSGI)) {
1432 		NCRCMD(sc, NCRCMD_MSGOK);
1433 		printf("<dropping msg byte %x>",
1434 			sc->sc_imess[sc->sc_imlen]);
1435 		return;
1436 	}
1437 
1438 	if (sc->sc_imlen >= NCR_MAX_MSG_LEN) {
1439 		ncr53c9x_sched_msgout(SEND_REJECT);
1440 		sc->sc_flags |= NCR_DROP_MSGI;
1441 	} else {
1442 		u_char *pb;
1443 		int plen;
1444 
1445 		switch (sc->sc_state) {
1446 			/*
1447 			 * if received message is the first of reselection
1448 			 * then first byte is selid, and then message
1449 			 */
1450 		case NCR_RESELECTED:
1451 			pb = sc->sc_imess + 1;
1452 			plen = sc->sc_imlen - 1;
1453 			break;
1454 		default:
1455 			pb = sc->sc_imess;
1456 			plen = sc->sc_imlen;
1457 			break;
1458 		}
1459 
1460 		if (__verify_msg_format(pb, plen))
1461 			goto gotit;
1462 	}
1463 
1464 	/* Ack what we have so far */
1465 	NCRCMD(sc, NCRCMD_MSGOK);
1466 	return;
1467 
1468 gotit:
1469 	NCR_MSGS(("gotmsg(%x) state %d", sc->sc_imess[0], sc->sc_state));
1470 	/* we got complete message, flush the imess, XXX nobody uses imlen below */
1471 	sc->sc_imlen = 0;
1472 
1473 	/*
1474 	 * Now we should have a complete message (1 byte, 2 byte
1475 	 * and moderately long extended messages).  We only handle
1476 	 * extended messages which total length is shorter than
1477 	 * NCR_MAX_MSG_LEN.  Longer messages will be amputated.
1478 	 */
1479 	switch (sc->sc_state) {
1480 		struct ncr53c9x_ecb *ecb;
1481 		struct ncr53c9x_tinfo *ti;
1482 		struct ncr53c9x_linfo *li;
1483 		int lun;
1484 
1485 	case NCR_CONNECTED:
1486 		ecb = sc->sc_nexus;
1487 		ti = &sc->sc_tinfo[ecb->xs->sc_link->target];
1488 
1489 		switch (sc->sc_imess[0]) {
1490 		case MSG_CMDCOMPLETE:
1491 			NCR_MSGS(("cmdcomplete "));
1492 			if (sc->sc_dleft < 0) {
1493 				sc_print_addr(ecb->xs->sc_link);
1494 				printf("got %ld extra bytes\n",
1495 				    -(long)sc->sc_dleft);
1496 				sc->sc_dleft = 0;
1497 			}
1498 			ecb->dleft = (ecb->flags & ECB_TENTATIVE_DONE)
1499 				? 0
1500 				: sc->sc_dleft;
1501 			if ((ecb->flags & ECB_SENSE) == 0)
1502 				ecb->xs->resid = ecb->dleft;
1503 			sc->sc_state = NCR_CMDCOMPLETE;
1504 			break;
1505 
1506 		case MSG_MESSAGE_REJECT:
1507 			NCR_MSGS(("msg reject (msgout=%x) ", sc->sc_msgout));
1508 			switch (sc->sc_msgout) {
1509 			case SEND_TAG:
1510 				/* Target does not like tagged queuing.
1511 				 *  - Flush the command queue
1512 				 *  - Disable tagged queuing for the target
1513 				 *  - Dequeue ecb from the queued array.
1514 				 */
1515 				printf("%s: tagged queuing rejected: target %d\n",
1516 				    sc->sc_dev.dv_xname, ecb->xs->sc_link->target);
1517 
1518 				NCR_MSGS(("(rejected sent tag)"));
1519 				NCRCMD(sc, NCRCMD_FLUSH);
1520 				DELAY(1);
1521 				ti->flags &= ~T_TAG;
1522 				lun = ecb->xs->sc_link->lun;
1523 				li = TINFO_LUN(ti, lun);
1524 				if (ecb->tag[0] &&
1525 				    li->queued[ecb->tag[1]] != NULL) {
1526 					li->queued[ecb->tag[1]] = NULL;
1527 					li->used--;
1528 				}
1529 				ecb->tag[0] = ecb->tag[1] = 0;
1530 				li->untagged = ecb;
1531 				li->busy = 1;
1532 				break;
1533 
1534 			case SEND_SDTR:
1535 				printf("%s: sync transfer rejected: target %d\n",
1536 				    sc->sc_dev.dv_xname, ecb->xs->sc_link->target);
1537 				sc->sc_flags &= ~NCR_SYNCHNEGO;
1538 				ti->flags &= ~(T_NEGOTIATE | T_SYNCMODE);
1539 				ncr53c9x_setsync(sc, ti);
1540 				break;
1541 
1542 			case SEND_WDTR:
1543 				printf("%s: wide transfer rejected: target %d\n",
1544 				    sc->sc_dev.dv_xname, ecb->xs->sc_link->target);
1545 				ti->flags &= ~T_WIDE;
1546 				ti->width = 0;
1547 				break;
1548 
1549 			case SEND_INIT_DET_ERR:
1550 				goto abort;
1551 			}
1552 			break;
1553 
1554 		case MSG_NOOP:
1555 			NCR_MSGS(("noop "));
1556 			break;
1557 
1558 		case MSG_HEAD_OF_Q_TAG:
1559 		case MSG_SIMPLE_Q_TAG:
1560 		case MSG_ORDERED_Q_TAG:
1561 			NCR_MSGS(("TAG %x:%x", sc->sc_imess[0], sc->sc_imess[1]));
1562 			break;
1563 
1564 		case MSG_DISCONNECT:
1565 			NCR_MSGS(("disconnect "));
1566 			ti->dconns++;
1567 			sc->sc_state = NCR_DISCONNECT;
1568 
1569 			/*
1570 			 * Mark the fact that all bytes have moved. The
1571 			 * target may not bother to do a SAVE POINTERS
1572 			 * at this stage. This flag will set the residual
1573 			 * count to zero on MSG COMPLETE.
1574 			 */
1575 			if (sc->sc_dleft == 0)
1576 				ecb->flags |= ECB_TENTATIVE_DONE;
1577 
1578 			break;
1579 
1580 		case MSG_SAVEDATAPOINTER:
1581 			NCR_MSGS(("save datapointer "));
1582 			ecb->daddr = sc->sc_dp;
1583 			ecb->dleft = sc->sc_dleft;
1584 			break;
1585 
1586 		case MSG_RESTOREPOINTERS:
1587 			NCR_MSGS(("restore datapointer "));
1588 			sc->sc_dp = ecb->daddr;
1589 			sc->sc_dleft = ecb->dleft;
1590 			break;
1591 
1592 		case MSG_EXTENDED:
1593 			NCR_MSGS(("extended(%x) ", sc->sc_imess[2]));
1594 			switch (sc->sc_imess[2]) {
1595 			case MSG_EXT_SDTR:
1596 				NCR_MSGS(("SDTR period %d, offset %d ",
1597 					sc->sc_imess[3], sc->sc_imess[4]));
1598 				if (sc->sc_imess[1] != 3)
1599 					goto reject;
1600 				ti->period = sc->sc_imess[3];
1601 				ti->offset = sc->sc_imess[4];
1602 				ti->flags &= ~T_NEGOTIATE;
1603 				if (sc->sc_minsync == 0 ||
1604 				    ti->offset == 0 ||
1605 				    ti->period > 124) {
1606 #ifdef NCR53C9X_DEBUG
1607 					sc_print_addr(ecb->xs->sc_link);
1608 					printf("async mode\n");
1609 #endif
1610 					if ((sc->sc_flags&NCR_SYNCHNEGO)
1611 					    == 0) {
1612 						/*
1613 						 * target initiated negotiation
1614 						 */
1615 						ti->offset = 0;
1616 						ti->flags &= ~T_SYNCMODE;
1617 						ncr53c9x_sched_msgout(
1618 						    SEND_SDTR);
1619 					} else {
1620 						/* we are async */
1621 						ti->flags &= ~T_SYNCMODE;
1622 					}
1623 				} else {
1624 #ifdef NCR53C9X_DEBUG
1625 					int r = 250/ti->period;
1626 					int s = (100*250)/ti->period - 100*r;
1627 #endif
1628 					int p;
1629 
1630 					p = ncr53c9x_stp2cpb(sc, ti->period);
1631 					ti->period = ncr53c9x_cpb2stp(sc, p);
1632 #ifdef NCR53C9X_DEBUG
1633 					sc_print_addr(ecb->xs->sc_link);
1634 					printf("max sync rate %d.%02dMB/s\n",
1635 						r, s);
1636 #endif
1637 					if ((sc->sc_flags&NCR_SYNCHNEGO) == 0) {
1638 						/*
1639 						 * target initiated negotiation
1640 						 */
1641 						if (ti->period <
1642 						    sc->sc_minsync)
1643 							ti->period =
1644 							    sc->sc_minsync;
1645 						if (ti->offset > 15)
1646 							ti->offset = 15;
1647 						ti->flags &= ~T_SYNCMODE;
1648 						ncr53c9x_sched_msgout(
1649 						    SEND_SDTR);
1650 					} else {
1651 						/* we are sync */
1652 						ti->flags |= T_SYNCMODE;
1653 					}
1654 				}
1655 				sc->sc_flags &= ~NCR_SYNCHNEGO;
1656 				ncr53c9x_setsync(sc, ti);
1657 				break;
1658 
1659 			case MSG_EXT_WDTR:
1660 				printf("%s: wide mode %d\n",
1661 				    sc->sc_dev.dv_xname, sc->sc_imess[3]);
1662 				if (sc->sc_imess[3] == 1) {
1663 					ti->cfg3 |= NCRFASCFG3_EWIDE;
1664 					ncr53c9x_setsync(sc, ti);
1665 				} else
1666 					ti->width = 0;
1667 				ti->flags &= ~T_WIDE;
1668 				break;
1669 			default:
1670 				sc_print_addr(ecb->xs->sc_link);
1671 				printf("unrecognized MESSAGE EXTENDED;"
1672 				    " sending REJECT\n");
1673 				goto reject;
1674 			}
1675 			break;
1676 
1677 		default:
1678 			NCR_MSGS(("ident "));
1679 			sc_print_addr(ecb->xs->sc_link);
1680 			printf("unrecognized MESSAGE; sending REJECT\n");
1681 		reject:
1682 			ncr53c9x_sched_msgout(SEND_REJECT);
1683 			break;
1684 		}
1685 		break;
1686 
1687 	case NCR_IDENTIFIED:
1688 		/*
1689 		 * IDENTIFY message was received and queue tag is expected now
1690 		 */
1691 		if ((sc->sc_imess[0] != MSG_SIMPLE_Q_TAG) ||
1692 		    (sc->sc_msgify == 0)) {
1693 			printf("%s: TAG reselect without IDENTIFY;"
1694 			    " MSG %x;"
1695 			    " sending DEVICE RESET\n",
1696 			    sc->sc_dev.dv_xname,
1697 			    sc->sc_imess[0]);
1698 			goto reset;
1699 		}
1700 		(void) ncr53c9x_reselect(sc, sc->sc_msgify,
1701 		    sc->sc_imess[0], sc->sc_imess[1]);
1702 		break;
1703 
1704 	case NCR_RESELECTED:
1705 		if (MSG_ISIDENTIFY(sc->sc_imess[1])) {
1706 			sc->sc_msgify = sc->sc_imess[1];
1707 		} else {
1708 			printf("%s: reselect without IDENTIFY;"
1709 			    " MSG %x;"
1710 			    " sending DEVICE RESET\n",
1711 			    sc->sc_dev.dv_xname,
1712 			    sc->sc_imess[1]);
1713 			goto reset;
1714 		}
1715 		(void) ncr53c9x_reselect(sc, sc->sc_msgify, 0, 0);
1716 		break;
1717 
1718 	default:
1719 		printf("%s: unexpected MESSAGE IN; sending DEVICE RESET\n",
1720 		    sc->sc_dev.dv_xname);
1721 	reset:
1722 		ncr53c9x_sched_msgout(SEND_DEV_RESET);
1723 		break;
1724 
1725 	abort:
1726 		ncr53c9x_sched_msgout(SEND_ABORT);
1727 		break;
1728 	}
1729 
1730 	/* if we have more messages to send set ATN */
1731 	if (sc->sc_msgpriq)
1732 		NCRCMD(sc, NCRCMD_SETATN);
1733 
1734 	/* Ack last message byte */
1735 	NCRCMD(sc, NCRCMD_MSGOK);
1736 
1737 	/* Done, reset message pointer. */
1738 	sc->sc_flags &= ~NCR_DROP_MSGI;
1739 	sc->sc_imlen = 0;
1740 }
1741 
1742 
1743 /*
1744  * Send the highest priority, scheduled message
1745  */
1746 void
ncr53c9x_msgout(sc)1747 ncr53c9x_msgout(sc)
1748 	struct ncr53c9x_softc *sc;
1749 {
1750 	struct ncr53c9x_tinfo *ti;
1751 	struct ncr53c9x_ecb *ecb;
1752 	size_t size;
1753 
1754 	NCR_TRACE(("[ncr53c9x_msgout(priq:%x, prevphase:%x)]",
1755 	    sc->sc_msgpriq, sc->sc_prevphase));
1756 
1757 	/*
1758 	 * XXX - the NCR_ATN flag is not in sync with the actual ATN
1759 	 *	 condition on the SCSI bus. The 53c9x chip
1760 	 *	 automatically turns off ATN before sending the
1761 	 *	 message byte.  (see also the comment below in the
1762 	 *	 default case when picking out a message to send)
1763 	 */
1764 	if (sc->sc_flags & NCR_ATN) {
1765 		if (sc->sc_prevphase != MESSAGE_OUT_PHASE) {
1766 		new:
1767 			NCRCMD(sc, NCRCMD_FLUSH);
1768 /*			DELAY(1); */
1769 			sc->sc_msgoutq = 0;
1770 			sc->sc_omlen = 0;
1771 		}
1772 	} else {
1773 		if (sc->sc_prevphase == MESSAGE_OUT_PHASE) {
1774 			ncr53c9x_sched_msgout(sc->sc_msgoutq);
1775 			goto new;
1776 		} else {
1777 			printf("%s at line %d: unexpected MESSAGE OUT phase\n",
1778 			    sc->sc_dev.dv_xname, __LINE__);
1779 		}
1780 	}
1781 
1782 	if (sc->sc_omlen == 0) {
1783 		/* Pick up highest priority message */
1784 		sc->sc_msgout = sc->sc_msgpriq & -sc->sc_msgpriq;
1785 		sc->sc_msgoutq |= sc->sc_msgout;
1786 		sc->sc_msgpriq &= ~sc->sc_msgout;
1787 		sc->sc_omlen = 1;		/* "Default" message len */
1788 		switch (sc->sc_msgout) {
1789 		case SEND_SDTR:
1790 			ecb = sc->sc_nexus;
1791 			ti = &sc->sc_tinfo[ecb->xs->sc_link->target];
1792 			sc->sc_omess[0] = MSG_EXTENDED;
1793 			sc->sc_omess[1] = 3;
1794 			sc->sc_omess[2] = MSG_EXT_SDTR;
1795 			sc->sc_omess[3] = ti->period;
1796 			sc->sc_omess[4] = ti->offset;
1797 			sc->sc_omlen = 5;
1798 			if ((sc->sc_flags & NCR_SYNCHNEGO) == 0) {
1799 				ti->flags |= T_SYNCMODE;
1800 				ncr53c9x_setsync(sc, ti);
1801 			}
1802 			break;
1803 		case SEND_WDTR:
1804 			ecb = sc->sc_nexus;
1805 			ti = &sc->sc_tinfo[ecb->xs->sc_link->target];
1806 			sc->sc_omess[0] = MSG_EXTENDED;
1807 			sc->sc_omess[1] = 2;
1808 			sc->sc_omess[2] = MSG_EXT_WDTR;
1809 			sc->sc_omess[3] = ti->width;
1810 			sc->sc_omlen = 4;
1811 			break;
1812 		case SEND_IDENTIFY:
1813 			if (sc->sc_state != NCR_CONNECTED) {
1814 				printf("%s at line %d: no nexus\n",
1815 				    sc->sc_dev.dv_xname, __LINE__);
1816 			}
1817 			ecb = sc->sc_nexus;
1818 			sc->sc_omess[0] =
1819 			    MSG_IDENTIFY(ecb->xs->sc_link->lun, 0);
1820 			break;
1821 		case SEND_TAG:
1822 			if (sc->sc_state != NCR_CONNECTED) {
1823 				printf("%s at line %d: no nexus\n",
1824 				    sc->sc_dev.dv_xname, __LINE__);
1825 			}
1826 			ecb = sc->sc_nexus;
1827 			sc->sc_omess[0] = ecb->tag[0];
1828 			sc->sc_omess[1] = ecb->tag[1];
1829 			sc->sc_omlen = 2;
1830 			break;
1831 		case SEND_DEV_RESET:
1832 			sc->sc_flags |= NCR_ABORTING;
1833 			sc->sc_omess[0] = MSG_BUS_DEV_RESET;
1834 			ecb = sc->sc_nexus;
1835 			ti = &sc->sc_tinfo[ecb->xs->sc_link->target];
1836 			ti->flags &= ~T_SYNCMODE;
1837 			if ((ti->flags & T_SYNCHOFF) == 0)
1838 				/* We can re-start sync negotiation */
1839 				ti->flags |= T_NEGOTIATE;
1840 			break;
1841 		case SEND_PARITY_ERROR:
1842 			sc->sc_omess[0] = MSG_PARITY_ERROR;
1843 			break;
1844 		case SEND_ABORT:
1845 			sc->sc_flags |= NCR_ABORTING;
1846 			sc->sc_omess[0] = MSG_ABORT;
1847 			break;
1848 		case SEND_INIT_DET_ERR:
1849 			sc->sc_omess[0] = MSG_INITIATOR_DET_ERR;
1850 			break;
1851 		case SEND_REJECT:
1852 			sc->sc_omess[0] = MSG_MESSAGE_REJECT;
1853 			break;
1854 		default:
1855 			/*
1856 			 * We normally do not get here, since the chip
1857 			 * automatically turns off ATN before the last
1858 			 * byte of a message is sent to the target.
1859 			 * However, if the target rejects our (multi-byte)
1860 			 * message early by switching to MSG IN phase
1861 			 * ATN remains on, so the target may return to
1862 			 * MSG OUT phase. If there are no scheduled messages
1863 			 * left we send a NO-OP.
1864 			 *
1865 			 * XXX - Note that this leaves no useful purpose for
1866 			 * the NCR_ATN flag.
1867 			 */
1868 			sc->sc_flags &= ~NCR_ATN;
1869 			sc->sc_omess[0] = MSG_NOOP;
1870 			break;
1871 		}
1872 		sc->sc_omp = sc->sc_omess;
1873 	}
1874 
1875 #ifdef DEBUG
1876 	{
1877 		int i;
1878 
1879 		for (i = 0; i<sc->sc_omlen; i++)
1880 			NCR_MISC(("<msgbyte:0x%02x>", sc->sc_omess[i]));
1881 	}
1882 #endif
1883 	if (sc->sc_rev == NCR_VARIANT_FAS366) {
1884 		/*
1885 		 * XXX fifo size
1886 		 */
1887 		ncr53c9x_flushfifo(sc);
1888 		ncr53c9x_wrfifo(sc, sc->sc_omp, sc->sc_omlen);
1889 		NCRCMD(sc, NCRCMD_TRANS);
1890 	} else {
1891 		/* (re)send the message */
1892 		size = min(sc->sc_omlen, sc->sc_maxxfer);
1893 		NCRDMA_SETUP(sc, &sc->sc_omp, &sc->sc_omlen, 0, &size);
1894 		/* Program the SCSI counter */
1895 		NCR_SET_COUNT(sc, size);
1896 
1897                /* Load the count in and start the message-out transfer */
1898 		NCRCMD(sc, NCRCMD_NOP|NCRCMD_DMA);
1899 		NCRCMD(sc, NCRCMD_TRANS|NCRCMD_DMA);
1900 		NCRDMA_GO(sc);
1901 	}
1902 }
1903 
1904 /*
1905  * This is the most critical part of the driver, and has to know
1906  * how to deal with *all* error conditions and phases from the SCSI
1907  * bus. If there are no errors and the DMA was active, then call the
1908  * DMA pseudo-interrupt handler. If this returns 1, then that was it
1909  * and we can return from here without further processing.
1910  *
1911  * Most of this needs verifying.
1912  */
1913 int sdebug = 0;
1914 int
ncr53c9x_intr(arg)1915 ncr53c9x_intr(arg)
1916 	void *arg;
1917 {
1918 	struct ncr53c9x_softc *sc = arg;
1919 	struct ncr53c9x_ecb *ecb;
1920 	struct scsi_link *sc_link;
1921 	struct ncr53c9x_tinfo *ti;
1922 	size_t size;
1923 	int nfifo;
1924 
1925 	NCR_TRACE(("[ncr53c9x_intr: state %d] ", sc->sc_state));
1926 
1927 	if (!NCRDMA_ISINTR(sc))
1928 		return (0);
1929 
1930 again:
1931 	/* and what do the registers say... */
1932 	ncr53c9x_readregs(sc);
1933 
1934 	sc->sc_intrcnt.ev_count++;
1935 
1936 	/*
1937 	 * At the moment, only a SCSI Bus Reset or Illegal
1938 	 * Command are classed as errors. A disconnect is a
1939 	 * valid condition, and we let the code check is the
1940 	 * "NCR_BUSFREE_OK" flag was set before declaring it
1941 	 * and error.
1942 	 *
1943 	 * Also, the status register tells us about "Gross
1944 	 * Errors" and "Parity errors". Only the Gross Error
1945 	 * is really bad, and the parity errors are dealt
1946 	 * with later
1947 	 *
1948 	 * TODO
1949 	 *      If there are too many parity error, go to slow
1950 	 *      cable mode ?
1951 	 */
1952 
1953 	/* SCSI Reset */
1954 	if (sc->sc_espintr & NCRINTR_SBR) {
1955 		if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
1956 			NCRCMD(sc, NCRCMD_FLUSH);
1957 			DELAY(1);
1958 		}
1959 		if (sc->sc_state != NCR_SBR) {
1960 			printf("%s: SCSI bus reset\n",
1961 				sc->sc_dev.dv_xname);
1962 			ncr53c9x_init(sc, 0); /* Restart everything */
1963 			return (1);
1964 		}
1965 #if 0
1966 /*XXX*/		printf("<expected bus reset: "
1967 			"[intr %x, stat %x, step %d]>\n",
1968 			sc->sc_espintr, sc->sc_espstat,
1969 			sc->sc_espstep);
1970 #endif
1971 		if (sc->sc_nexus)
1972 			panic("%s: nexus in reset state",
1973 		      sc->sc_dev.dv_xname);
1974 		goto sched;
1975 	}
1976 
1977 	ecb = sc->sc_nexus;
1978 
1979 #define NCRINTR_ERR (NCRINTR_SBR|NCRINTR_ILL)
1980 	if (sc->sc_espintr & NCRINTR_ERR ||
1981 	    sc->sc_espstat & NCRSTAT_GE) {
1982 
1983 		if (sc->sc_espstat & NCRSTAT_GE) {
1984 			/* Gross Error; no target ? */
1985 			if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
1986 				NCRCMD(sc, NCRCMD_FLUSH);
1987 				DELAY(1);
1988 			}
1989 			if (sc->sc_state == NCR_CONNECTED ||
1990 			    sc->sc_state == NCR_SELECTING) {
1991 				ecb->xs->error = XS_TIMEOUT;
1992 				ncr53c9x_done(sc, ecb);
1993 			}
1994 			return (1);
1995 		}
1996 
1997 		if (sc->sc_espintr & NCRINTR_ILL) {
1998 			if (sc->sc_flags & NCR_EXPECT_ILLCMD) {
1999 				/*
2000 				 * Eat away "Illegal command" interrupt
2001 				 * on a ESP100 caused by a re-selection
2002 				 * while we were trying to select
2003 				 * another target.
2004 				 */
2005 #ifdef DEBUG
2006 				printf("%s: ESP100 work-around activated\n",
2007 					sc->sc_dev.dv_xname);
2008 #endif
2009 				sc->sc_flags &= ~NCR_EXPECT_ILLCMD;
2010 				return (1);
2011 			}
2012 			/* illegal command, out of sync ? */
2013 			printf("%s: illegal command: 0x%x "
2014 			    "(state %d, phase %x, prevphase %x)\n",
2015 				sc->sc_dev.dv_xname, sc->sc_lastcmd,
2016 				sc->sc_state, sc->sc_phase,
2017 				sc->sc_prevphase);
2018 			if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2019 				NCRCMD(sc, NCRCMD_FLUSH);
2020 				DELAY(1);
2021 			}
2022 			ncr53c9x_init(sc, 1); /* Restart everything */
2023 			return (1);
2024 		}
2025 	}
2026 	sc->sc_flags &= ~NCR_EXPECT_ILLCMD;
2027 
2028 	/*
2029 	 * Call if DMA is active.
2030 	 *
2031 	 * If DMA_INTR returns true, then maybe go 'round the loop
2032 	 * again in case there is no more DMA queued, but a phase
2033 	 * change is expected.
2034 	 */
2035 	if (NCRDMA_ISACTIVE(sc)) {
2036 		int r = NCRDMA_INTR(sc);
2037 		if (r == -1) {
2038 			printf("%s: DMA error; resetting\n",
2039 				sc->sc_dev.dv_xname);
2040 			ncr53c9x_init(sc, 1);
2041 		}
2042 		/* If DMA active here, then go back to work... */
2043 		if (NCRDMA_ISACTIVE(sc))
2044 			return (1);
2045 
2046 		if ((sc->sc_espstat & NCRSTAT_TC) == 0) {
2047 			/*
2048 			 * DMA not completed.  If we can not find a
2049 			 * acceptable explanation, print a diagnostic.
2050 			 */
2051 			if (sc->sc_state == NCR_SELECTING)
2052 				/*
2053 				 * This can happen if we are reselected
2054 				 * while using DMA to select a target.
2055 				 */
2056 				/*void*/;
2057 			else if (sc->sc_prevphase == MESSAGE_OUT_PHASE){
2058 				/*
2059 				 * Our (multi-byte) message (eg SDTR)
2060 				 * was interrupted by the target to
2061 				 * send a MSG REJECT.
2062 				 * Print diagnostic if current phase
2063 				 * is not MESSAGE IN.
2064 				 */
2065 				if (sc->sc_phase != MESSAGE_IN_PHASE)
2066 				    printf("%s: !TC on MSG OUT"
2067 				       " [intr %x, stat %x, step %d]"
2068 				       " prevphase %x, resid %lx\n",
2069 					sc->sc_dev.dv_xname,
2070 					sc->sc_espintr,
2071 					sc->sc_espstat,
2072 					sc->sc_espstep,
2073 					sc->sc_prevphase,
2074 					(u_long)sc->sc_omlen);
2075 			} else if (sc->sc_dleft == 0) {
2076 				/*
2077 				 * The DMA operation was started for
2078 				 * a DATA transfer. Print a diagnostic
2079 				 * if the DMA counter and TC bit
2080 				 * appear to be out of sync.
2081 				 */
2082 				printf("%s: !TC on DATA XFER"
2083 				       " [intr %x, stat %x, step %d]"
2084 				       " prevphase %x, resid %x\n",
2085 					sc->sc_dev.dv_xname,
2086 					sc->sc_espintr,
2087 					sc->sc_espstat,
2088 					sc->sc_espstep,
2089 					sc->sc_prevphase,
2090 					ecb?ecb->dleft:-1);
2091 			}
2092 		}
2093 	}
2094 
2095 	/*
2096 	 * check for less serious errors
2097 	 */
2098 	if (sc->sc_espstat & NCRSTAT_PE) {
2099 		printf("%s: SCSI bus parity error\n", sc->sc_dev.dv_xname);
2100 		if (sc->sc_prevphase == MESSAGE_IN_PHASE)
2101 			ncr53c9x_sched_msgout(SEND_PARITY_ERROR);
2102 		else
2103 			ncr53c9x_sched_msgout(SEND_INIT_DET_ERR);
2104 	}
2105 
2106 	if (sc->sc_espintr & NCRINTR_DIS) {
2107 		sc->sc_msgify = 0;
2108 		NCR_MISC(("<DISC [intr %x, stat %x, step %d]>",
2109 			sc->sc_espintr,sc->sc_espstat,sc->sc_espstep));
2110 		if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2111 			NCRCMD(sc, NCRCMD_FLUSH);
2112 /*			DELAY(1); */
2113 		}
2114 		/*
2115 		 * This command must (apparently) be issued within
2116 		 * 250mS of a disconnect. So here you are...
2117 		 */
2118 		NCRCMD(sc, NCRCMD_ENSEL);
2119 
2120 		switch (sc->sc_state) {
2121 		case NCR_RESELECTED:
2122 			goto sched;
2123 
2124 		case NCR_SELECTING:
2125 		{
2126 			struct ncr53c9x_linfo *li;
2127 
2128 			ecb->xs->error = XS_SELTIMEOUT;
2129 
2130 			/* Selection timeout -- discard all LUNs if empty */
2131 			sc_link = ecb->xs->sc_link;
2132 			ti = &sc->sc_tinfo[sc_link->target];
2133 			li = ti->luns.lh_first;
2134 			while (li) {
2135 				if (!li->untagged && !li->used) {
2136 					if (li->lun < NCR_NLUN)
2137 						ti->lun[li->lun] = NULL;
2138 					LIST_REMOVE(li, link);
2139 					free(li, M_DEVBUF);
2140 					/* Restart the search at the beginning */
2141 					li = ti->luns.lh_first;
2142 					continue;
2143 				}
2144 				li = li->link.le_next;
2145 			}
2146 			goto finish;
2147 		}
2148 		case NCR_CONNECTED:
2149 			if ((sc->sc_flags & NCR_SYNCHNEGO)) {
2150 #ifdef NCR53C9X_DEBUG
2151 				if (ecb)
2152 					sc_print_addr(ecb->xs->sc_link);
2153 				printf("sync nego not completed!\n");
2154 #endif
2155 				ti = &sc->sc_tinfo[ecb->xs->sc_link->target];
2156 				sc->sc_flags &= ~NCR_SYNCHNEGO;
2157 				ti->flags &= ~(T_NEGOTIATE | T_SYNCMODE);
2158 			}
2159 
2160 			/* it may be OK to disconnect */
2161 			if ((sc->sc_flags & NCR_ABORTING) == 0) {
2162 				/*
2163 				 * Section 5.1.1 of the SCSI 2 spec
2164 				 * suggests issuing a REQUEST SENSE
2165 				 * following an unexpected disconnect.
2166 				 * Some devices go into a contingent
2167 				 * allegiance condition when
2168 				 * disconnecting, and this is necessary
2169 				 * to clean up their state.
2170 				 */
2171 				printf("%s: unexpected disconnect; ",
2172 				    sc->sc_dev.dv_xname);
2173 				if (ecb->flags & ECB_SENSE) {
2174 					printf("resetting\n");
2175 					goto reset;
2176 				}
2177 				printf("sending REQUEST SENSE\n");
2178 				timeout_del(&ecb->to);
2179 				ncr53c9x_sense(sc, ecb);
2180 				goto out;
2181 			}
2182 
2183 			ecb->xs->error = XS_TIMEOUT;
2184 			goto finish;
2185 
2186 		case NCR_DISCONNECT:
2187 			sc->sc_nexus = NULL;
2188 			goto sched;
2189 
2190 		case NCR_CMDCOMPLETE:
2191 			goto finish;
2192 		}
2193 	}
2194 
2195 	switch (sc->sc_state) {
2196 
2197 	case NCR_SBR:
2198 		printf("%s: waiting for SCSI Bus Reset to happen\n",
2199 			sc->sc_dev.dv_xname);
2200 		return (1);
2201 
2202 	case NCR_RESELECTED:
2203 		/*
2204 		 * we must be continuing a message ?
2205 		 */
2206 		if (sc->sc_phase != MESSAGE_IN_PHASE) {
2207 			printf("%s: target didn't identify\n",
2208 				sc->sc_dev.dv_xname);
2209 			ncr53c9x_init(sc, 1);
2210 			return (1);
2211 		}
2212 printf("<<RESELECT CONT'd>>");
2213 #if XXXX
2214 		ncr53c9x_msgin(sc);
2215 		if (sc->sc_state != NCR_CONNECTED) {
2216 			/* IDENTIFY fail?! */
2217 			printf("%s: identify failed\n",
2218 				sc->sc_dev.dv_xname);
2219 			ncr53c9x_init(sc, 1);
2220 			return (1);
2221 		}
2222 #endif
2223 		break;
2224 
2225 	case NCR_IDENTIFIED:
2226 		ecb = sc->sc_nexus;
2227 		if (sc->sc_phase != MESSAGE_IN_PHASE) {
2228 			int i = (NCR_READ_REG(sc, NCR_FFLAG)
2229 			    & NCRFIFO_FF);
2230 			/*
2231 			 * Things are seriously fucked up.
2232 			 * Pull the brakes, i.e. reset
2233 			 */
2234 			printf("%s: target didn't send tag: %d bytes in fifo\n",
2235 			    sc->sc_dev.dv_xname, i);
2236 			/* Drain and display fifo */
2237 			while (i-- > 0)
2238 				printf("[%d] ", NCR_READ_REG(sc, NCR_FIFO));
2239 			ncr53c9x_init(sc, 1);
2240 			return (1);
2241 		} else
2242 			goto msgin;
2243 
2244 		break;
2245 	case NCR_IDLE:
2246 	case NCR_SELECTING:
2247 		ecb = sc->sc_nexus;
2248 		if (sc->sc_espintr & NCRINTR_RESEL) {
2249 			sc->sc_msgpriq = sc->sc_msgout = sc->sc_msgoutq = 0;
2250 			sc->sc_flags = 0;
2251 			/*
2252 			 * If we're trying to select a
2253 			 * target ourselves, push our command
2254 			 * back into the ready list.
2255 			 */
2256 			if (sc->sc_state == NCR_SELECTING) {
2257 				NCR_MISC(("backoff selector "));
2258 				timeout_del(&ecb->to);
2259 				ncr53c9x_dequeue(sc, ecb);
2260 				TAILQ_INSERT_HEAD(&sc->ready_list, ecb, chain);
2261 				ecb->flags |= ECB_READY;
2262 				ecb = sc->sc_nexus = NULL;
2263 			}
2264 			sc->sc_state = NCR_RESELECTED;
2265 			if (sc->sc_phase != MESSAGE_IN_PHASE) {
2266 				/*
2267 				 * Things are seriously fucked up.
2268 				 * Pull the brakes, i.e. reset
2269 				 */
2270 				printf("%s: target didn't identify\n",
2271 					sc->sc_dev.dv_xname);
2272 				ncr53c9x_init(sc, 1);
2273 				return (1);
2274 			}
2275 			/*
2276 			 * The C90 only inhibits FIFO writes until
2277 			 * reselection is complete, instead of
2278 			 * waiting until the interrupt status register
2279 			 * has been read. So, if the reselect happens
2280 			 * while we were entering a command bytes (for
2281 			 * another target) some of those bytes can
2282 			 * appear in the FIFO here, after the
2283 			 * interrupt is taken.
2284 			 */
2285 			nfifo = ncr53c9x_rdfifo(sc, NCR_RDFIFO_START);
2286 
2287 			if (nfifo < 2 ||
2288 			    (nfifo > 2 &&
2289 			     sc->sc_rev != NCR_VARIANT_ESP100)) {
2290 				printf("%s: RESELECT: "
2291 				    "%d bytes in FIFO! "
2292 				    "[intr %x, stat %x, step %d, prevphase %x]\n",
2293 					sc->sc_dev.dv_xname,
2294 					nfifo,
2295 					sc->sc_espintr,
2296 					sc->sc_espstat,
2297 					sc->sc_espstep,
2298 					sc->sc_prevphase);
2299 				ncr53c9x_init(sc, 1);
2300 				return (1);
2301 			}
2302 			sc->sc_selid = sc->sc_imess[0];
2303 			NCR_MISC(("selid=%2x ", sc->sc_selid));
2304 
2305 			/* Handle identify message */
2306 			ncr53c9x_msgin(sc);
2307 			if (nfifo != 2) {
2308 				/*
2309 				 * Note: this should not happen
2310 				 * with `dmaselect' on.
2311 				 */
2312 				sc->sc_flags |= NCR_EXPECT_ILLCMD;
2313 				NCRCMD(sc, NCRCMD_FLUSH);
2314 			} else if (sc->sc_features & NCR_F_DMASELECT &&
2315 				   sc->sc_rev == NCR_VARIANT_ESP100) {
2316 				sc->sc_flags |= NCR_EXPECT_ILLCMD;
2317 			}
2318 
2319 			if (sc->sc_state != NCR_CONNECTED &&
2320 			    sc->sc_state != NCR_IDENTIFIED) {
2321 				/* IDENTIFY fail?! */
2322 				printf("%s: identify failed, state %d, intr %02x\n",
2323 					sc->sc_dev.dv_xname, sc->sc_state,
2324 				    sc->sc_espintr);
2325 				ncr53c9x_init(sc, 1);
2326 				return (1);
2327 			}
2328 			goto shortcut; /* ie. next phase expected soon */
2329 		}
2330 
2331 #define	NCRINTR_DONE	(NCRINTR_FC|NCRINTR_BS)
2332 		if ((sc->sc_espintr & NCRINTR_DONE) == NCRINTR_DONE) {
2333 			/*
2334 			 * Arbitration won; examine the `step' register
2335 			 * to determine how far the selection could progress.
2336 			 */
2337 			ecb = sc->sc_nexus;
2338 			if (!ecb)
2339 				panic("ncr53c9x: no nexus");
2340 
2341 			sc_link = ecb->xs->sc_link;
2342 			ti = &sc->sc_tinfo[sc_link->target];
2343 
2344 			switch (sc->sc_espstep) {
2345 			case 0:
2346 				/*
2347 				 * The target did not respond with a
2348 				 * message out phase - probably an old
2349 				 * device that doesn't recognize ATN.
2350 				 * Clear ATN and just continue, the
2351 				 * target should be in the command
2352 				 * phase.
2353 				 * XXXX check for command phase?
2354 				 */
2355 				NCRCMD(sc, NCRCMD_RSTATN);
2356 				break;
2357 			case 1:
2358 				if ((ti->flags & T_NEGOTIATE) == 0 &&
2359 				    ecb->tag[0] == 0) {
2360 					printf("%s: step 1 & !NEG\n",
2361 						sc->sc_dev.dv_xname);
2362 					goto reset;
2363 				}
2364 				if (sc->sc_phase != MESSAGE_OUT_PHASE) {
2365 					printf("%s: !MSGOUT\n",
2366 						sc->sc_dev.dv_xname);
2367 					goto reset;
2368 				}
2369 				if (ti->flags & T_WIDE) {
2370 					ncr53c9x_sched_msgout(SEND_WDTR);
2371 				}
2372 				if (ti->flags & T_NEGOTIATE) {
2373 					/* Start negotiating */
2374 					ti->period = sc->sc_minsync;
2375 					ti->offset = 15;
2376 					sc->sc_flags |= NCR_SYNCHNEGO;
2377 					if (ecb->tag[0])
2378 						ncr53c9x_sched_msgout(SEND_TAG|SEND_SDTR);
2379 					else
2380 						ncr53c9x_sched_msgout(SEND_SDTR);
2381 				} else {
2382 					/* Could not do ATN3 so send TAG */
2383 					ncr53c9x_sched_msgout(SEND_TAG);
2384 				}
2385 				sc->sc_prevphase = MESSAGE_OUT_PHASE; /* XXXX */
2386 				break;
2387 			case 3:
2388 				/*
2389 				 * Grr, this is supposed to mean
2390 				 * "target left command phase  prematurely".
2391 				 * It seems to happen regularly when
2392 				 * sync mode is on.
2393 				 * Look at FIFO to see if command went out.
2394 				 * (Timing problems?)
2395 				 */
2396 				if (sc->sc_features & NCR_F_DMASELECT) {
2397 					if (sc->sc_cmdlen == 0)
2398 						/* Hope for the best.. */
2399 						break;
2400 				} else if ((NCR_READ_REG(sc, NCR_FFLAG)
2401 					    & NCRFIFO_FF) == 0) {
2402 					/* Hope for the best.. */
2403 					break;
2404 				}
2405 				printf("(%s:%d:%d): selection failed;"
2406 					" %d left in FIFO "
2407 					"[intr %x, stat %x, step %d]\n",
2408 					sc->sc_dev.dv_xname,
2409 					sc_link->target,
2410 					sc_link->lun,
2411 					NCR_READ_REG(sc, NCR_FFLAG)
2412 					 & NCRFIFO_FF,
2413 					sc->sc_espintr, sc->sc_espstat,
2414 					sc->sc_espstep);
2415 				NCRCMD(sc, NCRCMD_FLUSH);
2416 				ncr53c9x_sched_msgout(SEND_ABORT);
2417 				return (1);
2418 			case 2:
2419 				/* Select stuck at Command Phase */
2420 				NCRCMD(sc, NCRCMD_FLUSH);
2421 				break;
2422 			case 4:
2423 				if (sc->sc_features & NCR_F_DMASELECT &&
2424 				    sc->sc_cmdlen != 0)
2425 					printf("(%s:%d:%d): select; "
2426 					       "%lu left in DMA buffer "
2427 					"[intr %x, stat %x, step %d]\n",
2428 						sc->sc_dev.dv_xname,
2429 						sc_link->target,
2430 						sc_link->lun,
2431 						(u_long)sc->sc_cmdlen,
2432 						sc->sc_espintr,
2433 						sc->sc_espstat,
2434 						sc->sc_espstep);
2435 				/* So far, everything went fine */
2436 				break;
2437 			}
2438 
2439 			sc->sc_prevphase = INVALID_PHASE; /* ?? */
2440 			/* Do an implicit RESTORE POINTERS. */
2441 			sc->sc_dp = ecb->daddr;
2442 			sc->sc_dleft = ecb->dleft;
2443 			sc->sc_state = NCR_CONNECTED;
2444 			break;
2445 
2446 		} else {
2447 
2448 			printf("%s: unexpected status after select"
2449 				": [intr %x, stat %x, step %x]\n",
2450 				sc->sc_dev.dv_xname,
2451 				sc->sc_espintr, sc->sc_espstat,
2452 				sc->sc_espstep);
2453 			NCRCMD(sc, NCRCMD_FLUSH);
2454 			DELAY(1);
2455 			goto reset;
2456 		}
2457 		if (sc->sc_state == NCR_IDLE) {
2458 			printf("%s: stray interrupt\n",
2459 			    sc->sc_dev.dv_xname);
2460 				return (0);
2461 		}
2462 		break;
2463 
2464 	case NCR_CONNECTED:
2465 		if (sc->sc_flags & NCR_ICCS) {
2466 			/* "Initiate Command Complete Steps" in progress */
2467 			u_char msg;
2468 
2469 			sc->sc_flags &= ~NCR_ICCS;
2470 
2471 			if (!(sc->sc_espintr & NCRINTR_DONE)) {
2472 				printf("%s: ICCS: "
2473 				      ": [intr %x, stat %x, step %x]\n",
2474 					sc->sc_dev.dv_xname,
2475 					sc->sc_espintr, sc->sc_espstat,
2476 					sc->sc_espstep);
2477 			}
2478 			ncr53c9x_rdfifo(sc, NCR_RDFIFO_START);
2479 			if (sc->sc_imlen < 2)
2480 				printf("%s: can't get status, only %d bytes\n",
2481 				    sc->sc_dev.dv_xname, (int)sc->sc_imlen);
2482 			ecb->stat = sc->sc_imess[sc->sc_imlen - 2];
2483 			msg = sc->sc_imess[sc->sc_imlen - 1];
2484 			NCR_PHASE(("<stat:(%x,%x)>", ecb->stat, msg));
2485 			if (msg == MSG_CMDCOMPLETE) {
2486 				ecb->dleft = (ecb->flags & ECB_TENTATIVE_DONE)
2487 					? 0
2488 					: sc->sc_dleft;
2489 				if ((ecb->flags & ECB_SENSE) == 0)
2490 					ecb->xs->resid = ecb->dleft;
2491 				sc->sc_state = NCR_CMDCOMPLETE;
2492 			} else
2493 				printf("%s: STATUS_PHASE: msg %d\n",
2494 					sc->sc_dev.dv_xname, msg);
2495 			sc->sc_imlen = 0;
2496 			NCRCMD(sc, NCRCMD_MSGOK);
2497 			goto shortcut; /* ie. wait for disconnect */
2498 		}
2499 		break;
2500 	default:
2501 		/* Don't panic: reset. */
2502 		printf("%s: invalid state: %d",
2503 		      sc->sc_dev.dv_xname,
2504 		      sc->sc_state);
2505 		ncr53c9x_scsi_reset(sc);
2506 		goto out;
2507 		break;
2508 	}
2509 
2510 	/*
2511 	 * Driver is now in state NCR_CONNECTED, i.e. we
2512 	 * have a current command working the SCSI bus.
2513 	 */
2514 	if (sc->sc_state != NCR_CONNECTED || ecb == NULL) {
2515 		panic("ncr53c9x no nexus");
2516 	}
2517 
2518 	switch (sc->sc_phase) {
2519 	case MESSAGE_OUT_PHASE:
2520 		NCR_PHASE(("MESSAGE_OUT_PHASE "));
2521 		ncr53c9x_msgout(sc);
2522 		sc->sc_prevphase = MESSAGE_OUT_PHASE;
2523 		break;
2524 	case MESSAGE_IN_PHASE:
2525 msgin:
2526 		NCR_PHASE(("MESSAGE_IN_PHASE "));
2527 		if (sc->sc_espintr & NCRINTR_BS) {
2528 			if ((sc->sc_rev != NCR_VARIANT_FAS366) ||
2529 			    !(sc->sc_espstat2 & FAS_STAT2_EMPTY)) {
2530 				NCRCMD(sc, NCRCMD_FLUSH);
2531 			}
2532 			sc->sc_flags |= NCR_WAITI;
2533 			NCRCMD(sc, NCRCMD_TRANS);
2534 		} else if (sc->sc_espintr & NCRINTR_FC) {
2535 			if ((sc->sc_flags & NCR_WAITI) == 0) {
2536 				printf("%s: MSGIN: unexpected FC bit: "
2537 					"[intr %x, stat %x, step %x]\n",
2538 				sc->sc_dev.dv_xname,
2539 				sc->sc_espintr, sc->sc_espstat,
2540 				sc->sc_espstep);
2541 			}
2542 			sc->sc_flags &= ~NCR_WAITI;
2543 			ncr53c9x_rdfifo(sc,
2544 			    (sc->sc_prevphase == sc->sc_phase) ?
2545 			    NCR_RDFIFO_CONTINUE : NCR_RDFIFO_START);
2546 			ncr53c9x_msgin(sc);
2547 		} else {
2548 			printf("%s: MSGIN: weird bits: "
2549 				"[intr %x, stat %x, step %x]\n",
2550 				sc->sc_dev.dv_xname,
2551 				sc->sc_espintr, sc->sc_espstat,
2552 				sc->sc_espstep);
2553 		}
2554 		sc->sc_prevphase = MESSAGE_IN_PHASE;
2555 		goto shortcut;	/* i.e. expect data to be ready */
2556 		break;
2557 	case COMMAND_PHASE:
2558 		/*
2559 		 * Send the command block. Normally we don't see this
2560 		 * phase because the SEL_ATN command takes care of
2561 		 * all this. However, we end up here if either the
2562 		 * target or we wanted to exchange some more messages
2563 		 * first (e.g. to start negotiations).
2564 		 */
2565 
2566 		NCR_PHASE(("COMMAND_PHASE 0x%02x (%d) ",
2567 			ecb->cmd.cmd.opcode, ecb->clen));
2568 		if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2569 			NCRCMD(sc, NCRCMD_FLUSH);
2570 /*			DELAY(1); */
2571 		}
2572 		if (sc->sc_features & NCR_F_DMASELECT) {
2573 			size_t size;
2574 			/* setup DMA transfer for command */
2575 			size = ecb->clen;
2576 			sc->sc_cmdlen = size;
2577 			sc->sc_cmdp = (caddr_t)&ecb->cmd.cmd;
2578 			NCRDMA_SETUP(sc, &sc->sc_cmdp, &sc->sc_cmdlen,
2579 				     0, &size);
2580 			/* Program the SCSI counter */
2581 			NCR_SET_COUNT(sc, size);
2582 
2583 			/* load the count in */
2584 			NCRCMD(sc, NCRCMD_NOP|NCRCMD_DMA);
2585 
2586 			/* start the command transfer */
2587 			NCRCMD(sc, NCRCMD_TRANS | NCRCMD_DMA);
2588 			NCRDMA_GO(sc);
2589 		} else {
2590 			ncr53c9x_wrfifo(sc, (u_char *)&ecb->cmd.cmd, ecb->clen);
2591 			NCRCMD(sc, NCRCMD_TRANS);
2592 		}
2593 		sc->sc_prevphase = COMMAND_PHASE;
2594 		break;
2595 	case DATA_OUT_PHASE:
2596 		NCR_PHASE(("DATA_OUT_PHASE [%ld] ",(long)sc->sc_dleft));
2597 		NCRCMD(sc, NCRCMD_FLUSH);
2598 		size = min(sc->sc_dleft, sc->sc_maxxfer);
2599 		NCRDMA_SETUP(sc, &sc->sc_dp, (size_t *)&sc->sc_dleft,
2600 			  0, &size);
2601 		sc->sc_prevphase = DATA_OUT_PHASE;
2602 		goto setup_xfer;
2603 	case DATA_IN_PHASE:
2604 		NCR_PHASE(("DATA_IN_PHASE "));
2605 		if (sc->sc_rev == NCR_VARIANT_ESP100)
2606 			NCRCMD(sc, NCRCMD_FLUSH);
2607 		size = min(sc->sc_dleft, sc->sc_maxxfer);
2608 		NCRDMA_SETUP(sc, &sc->sc_dp, (size_t *)&sc->sc_dleft,
2609 			  1, &size);
2610 		sc->sc_prevphase = DATA_IN_PHASE;
2611 	setup_xfer:
2612 		/* Target returned to data phase: wipe "done" memory */
2613 		ecb->flags &= ~ECB_TENTATIVE_DONE;
2614 
2615 		/* Program the SCSI counter */
2616 		NCR_SET_COUNT(sc, size);
2617 
2618 		/* load the count in */
2619 		NCRCMD(sc, NCRCMD_NOP|NCRCMD_DMA);
2620 
2621 		/*
2622 		 * Note that if `size' is 0, we've already transceived
2623 		 * all the bytes we want but we're still in DATA PHASE.
2624 		 * Apparently, the device needs padding. Also, a
2625 		 * transfer size of 0 means "maximum" to the chip
2626 		 * DMA logic.
2627 		 */
2628 		NCRCMD(sc,
2629 		       (size==0?NCRCMD_TRPAD:NCRCMD_TRANS)|NCRCMD_DMA);
2630 		NCRDMA_GO(sc);
2631 		return (1);
2632 	case STATUS_PHASE:
2633 		NCR_PHASE(("STATUS_PHASE "));
2634 		sc->sc_flags |= NCR_ICCS;
2635 		NCRCMD(sc, NCRCMD_ICCS);
2636 		sc->sc_prevphase = STATUS_PHASE;
2637 		goto shortcut;	/* i.e. expect status results soon */
2638 		break;
2639 	case INVALID_PHASE:
2640 		break;
2641 	default:
2642 		printf("%s: unexpected bus phase; resetting\n",
2643 		    sc->sc_dev.dv_xname);
2644 		goto reset;
2645 	}
2646 
2647 out:
2648 	return (1);
2649 
2650 reset:
2651 	ncr53c9x_init(sc, 1);
2652 	goto out;
2653 
2654 finish:
2655 	ncr53c9x_done(sc, ecb);
2656 	goto out;
2657 
2658 sched:
2659 	sc->sc_state = NCR_IDLE;
2660 	ncr53c9x_sched(sc);
2661 	goto out;
2662 
2663 shortcut:
2664 	/*
2665 	 * The idea is that many of the SCSI operations take very little
2666 	 * time, and going away and getting interrupted is too high an
2667 	 * overhead to pay. For example, selecting, sending a message
2668 	 * and command and then doing some work can be done in one "pass".
2669 	 *
2670 	 * The delay is a heuristic. It is 2 when at 20MHz, 2 at 25MHz and 1
2671 	 * at 40MHz. This needs testing.
2672 	 */
2673 	{
2674 		struct timeval wait, cur;
2675 
2676 		microtime(&wait);
2677 		wait.tv_usec += 50/sc->sc_freq;
2678 		if (wait.tv_usec > 1000000) {
2679 			wait.tv_sec++;
2680 			wait.tv_usec -= 1000000;
2681 		}
2682 		do {
2683 			if (NCRDMA_ISINTR(sc))
2684 				goto again;
2685 			microtime(&cur);
2686 		} while (cur.tv_sec <= wait.tv_sec &&
2687 		    cur.tv_usec <= wait.tv_usec);
2688 	}
2689 	goto out;
2690 }
2691 
2692 void
ncr53c9x_abort(sc,ecb)2693 ncr53c9x_abort(sc, ecb)
2694 	struct ncr53c9x_softc *sc;
2695 	struct ncr53c9x_ecb *ecb;
2696 {
2697 
2698 	/* 2 secs for the abort */
2699 	ecb->timeout = NCR_ABORT_TIMEOUT;
2700 	ecb->flags |= ECB_ABORT;
2701 
2702 	if (ecb == sc->sc_nexus) {
2703 		int timeout = ecb->timeout;
2704 
2705 		/*
2706 		 * If we're still selecting, the message will be scheduled
2707 		 * after selection is complete.
2708 		 */
2709 		if (sc->sc_state == NCR_CONNECTED)
2710 			ncr53c9x_sched_msgout(SEND_ABORT);
2711 
2712 		/*
2713 		 * Reschedule timeout.
2714 		 */
2715 		if (timeout > 1000000)
2716 			timeout = (timeout / 1000) * hz;
2717 		else
2718 			timeout = (timeout * hz) / 1000;
2719 		timeout_add(&ecb->to, timeout);
2720 	} else {
2721 		/*
2722 		 * Just leave the command where it is.
2723 		 * XXX - what choice do we have but to reset the SCSI
2724 		 *	 eventually?
2725 		 */
2726 		if (sc->sc_state == NCR_IDLE)
2727 			ncr53c9x_sched(sc);
2728 	}
2729 }
2730 
2731 void
ncr53c9x_timeout(arg)2732 ncr53c9x_timeout(arg)
2733 	void *arg;
2734 {
2735 	struct ncr53c9x_ecb *ecb = arg;
2736 	struct scsi_xfer *xs = ecb->xs;
2737 	struct scsi_link *sc_link = xs->sc_link;
2738 	struct ncr53c9x_softc *sc = sc_link->adapter_softc;
2739 	struct ncr53c9x_tinfo *ti = &sc->sc_tinfo[sc_link->target];
2740 	int s;
2741 
2742 	sc_print_addr(sc_link);
2743 	printf("%s: timed out [ecb %p (flags 0x%x, dleft %x, stat %x)], "
2744 	       "<state %d, nexus %p, phase(l %x, c %x, p %x), resid %lx, "
2745 	       "msg(q %x,o %x) %s>",
2746 		sc->sc_dev.dv_xname,
2747 		ecb, ecb->flags, ecb->dleft, ecb->stat,
2748 		sc->sc_state, sc->sc_nexus,
2749 		NCR_READ_REG(sc, NCR_STAT),
2750 		sc->sc_phase, sc->sc_prevphase,
2751 		(long)sc->sc_dleft, sc->sc_msgpriq, sc->sc_msgout,
2752 		NCRDMA_ISACTIVE(sc) ? "DMA active" : "");
2753 #if NCR53C9X_DEBUG > 1
2754 	printf("TRACE: %s.", ecb->trace);
2755 #endif
2756 
2757 	s = splbio();
2758 
2759 	if (ecb->flags & ECB_ABORT) {
2760 		/* abort timed out */
2761 		printf(" AGAIN\n");
2762 
2763 		ncr53c9x_init(sc, 1);
2764 	} else {
2765 		/* abort the operation that has timed out */
2766 		printf("\n");
2767 		xs->error = XS_TIMEOUT;
2768 		ncr53c9x_abort(sc, ecb);
2769 
2770 		/* Disable sync mode if stuck in a data phase */
2771 		if (ecb == sc->sc_nexus &&
2772 		    (ti->flags & T_SYNCMODE) != 0 &&
2773 		    (sc->sc_phase & (MSGI|CDI)) == 0) {
2774 			sc_print_addr(sc_link);
2775 			printf("sync negotiation disabled\n");
2776 			sc->sc_cfflags |= (1<<(sc_link->target+8));
2777 		}
2778 	}
2779 
2780 	splx(s);
2781 }
2782 
2783 void
ncr53c9x_watch(arg)2784 ncr53c9x_watch(arg)
2785 	void *arg;
2786 {
2787 	struct ncr53c9x_softc *sc = (struct ncr53c9x_softc *)arg;
2788 	struct ncr53c9x_tinfo *ti;
2789 	struct ncr53c9x_linfo *li;
2790 	int t, s;
2791 	/* Delete any structures that have not been used in 10min. */
2792 	time_t old = time.tv_sec - (10*60);
2793 
2794 	s = splbio();
2795 	for (t=0; t<NCR_NTARG; t++) {
2796 		ti = &sc->sc_tinfo[t];
2797 		li = ti->luns.lh_first;
2798 		while (li) {
2799 			if (li->last_used < old && !li->untagged && !li->used) {
2800 				if (li->lun < NCR_NLUN)
2801 					ti->lun[li->lun] = NULL;
2802 				LIST_REMOVE(li, link);
2803 				free(li, M_DEVBUF);
2804 				/* Restart the search at the beginning */
2805 				li = ti->luns.lh_first;
2806 				continue;
2807 			}
2808 			li = li->link.le_next;
2809 		}
2810 	}
2811 	splx(s);
2812 	timeout_add(&sc->sc_watchdog, 60*hz);
2813 }
2814