1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2009 Yahoo! Inc.
5  * Copyright (c) 2011-2015 LSI Corp.
6  * Copyright (c) 2013-2015 Avago Technologies
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28  * SUCH DAMAGE.
29  *
30  * Avago Technologies (LSI) MPT-Fusion Host Adapter FreeBSD
31  *
32  * $FreeBSD: stable/12/sys/dev/mps/mps_sas.c 371125 2021-12-01 19:00:45Z mav $
33  */
34 
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD: stable/12/sys/dev/mps/mps_sas.c 371125 2021-12-01 19:00:45Z mav $");
37 
38 /* Communications core for Avago Technologies (LSI) MPT2 */
39 
40 /* TODO Move headers to mpsvar */
41 #include <sys/types.h>
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/kernel.h>
45 #include <sys/selinfo.h>
46 #include <sys/module.h>
47 #include <sys/bus.h>
48 #include <sys/conf.h>
49 #include <sys/bio.h>
50 #include <sys/malloc.h>
51 #include <sys/uio.h>
52 #include <sys/sysctl.h>
53 #include <sys/endian.h>
54 #include <sys/queue.h>
55 #include <sys/kthread.h>
56 #include <sys/taskqueue.h>
57 #include <sys/sbuf.h>
58 
59 #include <machine/bus.h>
60 #include <machine/resource.h>
61 #include <sys/rman.h>
62 
63 #include <machine/stdarg.h>
64 
65 #include <cam/cam.h>
66 #include <cam/cam_ccb.h>
67 #include <cam/cam_xpt.h>
68 #include <cam/cam_debug.h>
69 #include <cam/cam_sim.h>
70 #include <cam/cam_xpt_sim.h>
71 #include <cam/cam_xpt_periph.h>
72 #include <cam/cam_periph.h>
73 #include <cam/scsi/scsi_all.h>
74 #include <cam/scsi/scsi_message.h>
75 #if __FreeBSD_version >= 900026
76 #include <cam/scsi/smp_all.h>
77 #endif
78 
79 #include <dev/mps/mpi/mpi2_type.h>
80 #include <dev/mps/mpi/mpi2.h>
81 #include <dev/mps/mpi/mpi2_ioc.h>
82 #include <dev/mps/mpi/mpi2_sas.h>
83 #include <dev/mps/mpi/mpi2_cnfg.h>
84 #include <dev/mps/mpi/mpi2_init.h>
85 #include <dev/mps/mpi/mpi2_tool.h>
86 #include <dev/mps/mps_ioctl.h>
87 #include <dev/mps/mpsvar.h>
88 #include <dev/mps/mps_table.h>
89 #include <dev/mps/mps_sas.h>
90 
91 #define MPSSAS_DISCOVERY_TIMEOUT	20
92 #define MPSSAS_MAX_DISCOVERY_TIMEOUTS	10 /* 200 seconds */
93 
94 /*
95  * static array to check SCSI OpCode for EEDP protection bits
96  */
97 #define	PRO_R MPI2_SCSIIO_EEDPFLAGS_CHECK_REMOVE_OP
98 #define	PRO_W MPI2_SCSIIO_EEDPFLAGS_INSERT_OP
99 #define	PRO_V MPI2_SCSIIO_EEDPFLAGS_INSERT_OP
100 static uint8_t op_code_prot[256] = {
101 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
102 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
103 	0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V,
104 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
105 	0, PRO_W, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
106 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
107 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
108 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
109 	0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V,
110 	0, 0, 0, PRO_W, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
111 	0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V,
112 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
113 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
114 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
115 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
116 	0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
117 };
118 
119 MALLOC_DEFINE(M_MPSSAS, "MPSSAS", "MPS SAS memory");
120 
121 static void mpssas_remove_device(struct mps_softc *, struct mps_command *);
122 static void mpssas_remove_complete(struct mps_softc *, struct mps_command *);
123 static void mpssas_action(struct cam_sim *sim, union ccb *ccb);
124 static void mpssas_poll(struct cam_sim *sim);
125 static int mpssas_send_abort(struct mps_softc *sc, struct mps_command *tm,
126     struct mps_command *cm);
127 static void mpssas_scsiio_timeout(void *data);
128 static void mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm);
129 static void mpssas_direct_drive_io(struct mpssas_softc *sassc,
130     struct mps_command *cm, union ccb *ccb);
131 static void mpssas_action_scsiio(struct mpssas_softc *, union ccb *);
132 static void mpssas_scsiio_complete(struct mps_softc *, struct mps_command *);
133 static void mpssas_action_resetdev(struct mpssas_softc *, union ccb *);
134 #if __FreeBSD_version >= 900026
135 static void mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm);
136 static void mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb,
137 			       uint64_t sasaddr);
138 static void mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb);
139 #endif //FreeBSD_version >= 900026
140 static void mpssas_resetdev_complete(struct mps_softc *, struct mps_command *);
141 static void mpssas_async(void *callback_arg, uint32_t code,
142 			 struct cam_path *path, void *arg);
143 #if (__FreeBSD_version < 901503) || \
144     ((__FreeBSD_version >= 1000000) && (__FreeBSD_version < 1000006))
145 static void mpssas_check_eedp(struct mps_softc *sc, struct cam_path *path,
146 			      struct ccb_getdev *cgd);
147 static void mpssas_read_cap_done(struct cam_periph *periph, union ccb *done_ccb);
148 #endif
149 static int mpssas_send_portenable(struct mps_softc *sc);
150 static void mpssas_portenable_complete(struct mps_softc *sc,
151     struct mps_command *cm);
152 
153 struct mpssas_target *
mpssas_find_target_by_handle(struct mpssas_softc * sassc,int start,uint16_t handle)154 mpssas_find_target_by_handle(struct mpssas_softc *sassc, int start, uint16_t handle)
155 {
156 	struct mpssas_target *target;
157 	int i;
158 
159 	for (i = start; i < sassc->maxtargets; i++) {
160 		target = &sassc->targets[i];
161 		if (target->handle == handle)
162 			return (target);
163 	}
164 
165 	return (NULL);
166 }
167 
168 /* we need to freeze the simq during attach and diag reset, to avoid failing
169  * commands before device handles have been found by discovery.  Since
170  * discovery involves reading config pages and possibly sending commands,
171  * discovery actions may continue even after we receive the end of discovery
172  * event, so refcount discovery actions instead of assuming we can unfreeze
173  * the simq when we get the event.
174  */
175 void
mpssas_startup_increment(struct mpssas_softc * sassc)176 mpssas_startup_increment(struct mpssas_softc *sassc)
177 {
178 	MPS_FUNCTRACE(sassc->sc);
179 
180 	if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) {
181 		if (sassc->startup_refcount++ == 0) {
182 			/* just starting, freeze the simq */
183 			mps_dprint(sassc->sc, MPS_INIT,
184 			    "%s freezing simq\n", __func__);
185 #if __FreeBSD_version >= 1000039
186 			xpt_hold_boot();
187 #endif
188 			xpt_freeze_simq(sassc->sim, 1);
189 		}
190 		mps_dprint(sassc->sc, MPS_INIT, "%s refcount %u\n", __func__,
191 		    sassc->startup_refcount);
192 	}
193 }
194 
195 void
mpssas_release_simq_reinit(struct mpssas_softc * sassc)196 mpssas_release_simq_reinit(struct mpssas_softc *sassc)
197 {
198 	if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
199 		sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
200 		xpt_release_simq(sassc->sim, 1);
201 		mps_dprint(sassc->sc, MPS_INFO, "Unfreezing SIM queue\n");
202 	}
203 }
204 
205 void
mpssas_startup_decrement(struct mpssas_softc * sassc)206 mpssas_startup_decrement(struct mpssas_softc *sassc)
207 {
208 	MPS_FUNCTRACE(sassc->sc);
209 
210 	if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) {
211 		if (--sassc->startup_refcount == 0) {
212 			/* finished all discovery-related actions, release
213 			 * the simq and rescan for the latest topology.
214 			 */
215 			mps_dprint(sassc->sc, MPS_INIT,
216 			    "%s releasing simq\n", __func__);
217 			sassc->flags &= ~MPSSAS_IN_STARTUP;
218 			xpt_release_simq(sassc->sim, 1);
219 #if __FreeBSD_version >= 1000039
220 			xpt_release_boot();
221 #else
222 			mpssas_rescan_target(sassc->sc, NULL);
223 #endif
224 		}
225 		mps_dprint(sassc->sc, MPS_INIT, "%s refcount %u\n", __func__,
226 		    sassc->startup_refcount);
227 	}
228 }
229 
230 /*
231  * The firmware requires us to stop sending commands when we're doing task
232  * management.
233  * XXX The logic for serializing the device has been made lazy and moved to
234  * mpssas_prepare_for_tm().
235  */
236 struct mps_command *
mpssas_alloc_tm(struct mps_softc * sc)237 mpssas_alloc_tm(struct mps_softc *sc)
238 {
239 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
240 	struct mps_command *tm;
241 
242 	tm = mps_alloc_high_priority_command(sc);
243 	if (tm == NULL)
244 		return (NULL);
245 
246 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
247 	req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
248 	return tm;
249 }
250 
251 void
mpssas_free_tm(struct mps_softc * sc,struct mps_command * tm)252 mpssas_free_tm(struct mps_softc *sc, struct mps_command *tm)
253 {
254 	int target_id = 0xFFFFFFFF;
255 
256 	if (tm == NULL)
257 		return;
258 
259 	/*
260 	 * For TM's the devq is frozen for the device.  Unfreeze it here and
261 	 * free the resources used for freezing the devq.  Must clear the
262 	 * INRESET flag as well or scsi I/O will not work.
263 	 */
264 	if (tm->cm_targ != NULL) {
265 		tm->cm_targ->flags &= ~MPSSAS_TARGET_INRESET;
266 		target_id = tm->cm_targ->tid;
267 	}
268 	if (tm->cm_ccb) {
269 		mps_dprint(sc, MPS_INFO, "Unfreezing devq for target ID %d\n",
270 		    target_id);
271 		xpt_release_devq(tm->cm_ccb->ccb_h.path, 1, TRUE);
272 		xpt_free_path(tm->cm_ccb->ccb_h.path);
273 		xpt_free_ccb(tm->cm_ccb);
274 	}
275 
276 	mps_free_high_priority_command(sc, tm);
277 }
278 
279 void
mpssas_rescan_target(struct mps_softc * sc,struct mpssas_target * targ)280 mpssas_rescan_target(struct mps_softc *sc, struct mpssas_target *targ)
281 {
282 	struct mpssas_softc *sassc = sc->sassc;
283 	path_id_t pathid;
284 	target_id_t targetid;
285 	union ccb *ccb;
286 
287 	MPS_FUNCTRACE(sc);
288 	pathid = cam_sim_path(sassc->sim);
289 	if (targ == NULL)
290 		targetid = CAM_TARGET_WILDCARD;
291 	else
292 		targetid = targ - sassc->targets;
293 
294 	/*
295 	 * Allocate a CCB and schedule a rescan.
296 	 */
297 	ccb = xpt_alloc_ccb_nowait();
298 	if (ccb == NULL) {
299 		mps_dprint(sc, MPS_ERROR, "unable to alloc CCB for rescan\n");
300 		return;
301 	}
302 
303 	if (xpt_create_path(&ccb->ccb_h.path, NULL, pathid,
304 	    targetid, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
305 		mps_dprint(sc, MPS_ERROR, "unable to create path for rescan\n");
306 		xpt_free_ccb(ccb);
307 		return;
308 	}
309 
310 	if (targetid == CAM_TARGET_WILDCARD)
311 		ccb->ccb_h.func_code = XPT_SCAN_BUS;
312 	else
313 		ccb->ccb_h.func_code = XPT_SCAN_TGT;
314 
315 	mps_dprint(sc, MPS_TRACE, "%s targetid %u\n", __func__, targetid);
316 	xpt_rescan(ccb);
317 }
318 
319 static void
mpssas_log_command(struct mps_command * cm,u_int level,const char * fmt,...)320 mpssas_log_command(struct mps_command *cm, u_int level, const char *fmt, ...)
321 {
322 	struct sbuf sb;
323 	va_list ap;
324 	char str[224];
325 	char path_str[64];
326 
327 	if (cm == NULL)
328 		return;
329 
330 	/* No need to be in here if debugging isn't enabled */
331 	if ((cm->cm_sc->mps_debug & level) == 0)
332 		return;
333 
334 	sbuf_new(&sb, str, sizeof(str), 0);
335 
336 	va_start(ap, fmt);
337 
338 	if (cm->cm_ccb != NULL) {
339 		xpt_path_string(cm->cm_ccb->csio.ccb_h.path, path_str,
340 				sizeof(path_str));
341 		sbuf_cat(&sb, path_str);
342 		if (cm->cm_ccb->ccb_h.func_code == XPT_SCSI_IO) {
343 			scsi_command_string(&cm->cm_ccb->csio, &sb);
344 			sbuf_printf(&sb, "length %d ",
345 				    cm->cm_ccb->csio.dxfer_len);
346 		}
347 	}
348 	else {
349 		sbuf_printf(&sb, "(noperiph:%s%d:%u:%u:%u): ",
350 		    cam_sim_name(cm->cm_sc->sassc->sim),
351 		    cam_sim_unit(cm->cm_sc->sassc->sim),
352 		    cam_sim_bus(cm->cm_sc->sassc->sim),
353 		    cm->cm_targ ? cm->cm_targ->tid : 0xFFFFFFFF,
354 		    cm->cm_lun);
355 	}
356 
357 	sbuf_printf(&sb, "SMID %u ", cm->cm_desc.Default.SMID);
358 	sbuf_vprintf(&sb, fmt, ap);
359 	sbuf_finish(&sb);
360 	mps_print_field(cm->cm_sc, "%s", sbuf_data(&sb));
361 
362 	va_end(ap);
363 }
364 
365 
366 static void
mpssas_remove_volume(struct mps_softc * sc,struct mps_command * tm)367 mpssas_remove_volume(struct mps_softc *sc, struct mps_command *tm)
368 {
369 	MPI2_SCSI_TASK_MANAGE_REPLY *reply;
370 	struct mpssas_target *targ;
371 	uint16_t handle;
372 
373 	MPS_FUNCTRACE(sc);
374 
375 	reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
376 	handle = (uint16_t)(uintptr_t)tm->cm_complete_data;
377 	targ = tm->cm_targ;
378 
379 	if (reply == NULL) {
380 		/* XXX retry the remove after the diag reset completes? */
381 		mps_dprint(sc, MPS_FAULT,
382 		    "%s NULL reply resetting device 0x%04x\n", __func__,
383 		    handle);
384 		mpssas_free_tm(sc, tm);
385 		return;
386 	}
387 
388 	if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) !=
389 	    MPI2_IOCSTATUS_SUCCESS) {
390 		mps_dprint(sc, MPS_ERROR,
391 		   "IOCStatus = 0x%x while resetting device 0x%x\n",
392 		   le16toh(reply->IOCStatus), handle);
393 	}
394 
395 	mps_dprint(sc, MPS_XINFO,
396 	    "Reset aborted %u commands\n", reply->TerminationCount);
397 	mps_free_reply(sc, tm->cm_reply_data);
398 	tm->cm_reply = NULL;	/* Ensures the reply won't get re-freed */
399 
400 	mps_dprint(sc, MPS_XINFO,
401 	    "clearing target %u handle 0x%04x\n", targ->tid, handle);
402 
403 	/*
404 	 * Don't clear target if remove fails because things will get confusing.
405 	 * Leave the devname and sasaddr intact so that we know to avoid reusing
406 	 * this target id if possible, and so we can assign the same target id
407 	 * to this device if it comes back in the future.
408 	 */
409 	if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) ==
410 	    MPI2_IOCSTATUS_SUCCESS) {
411 		targ = tm->cm_targ;
412 		targ->handle = 0x0;
413 		targ->encl_handle = 0x0;
414 		targ->encl_slot = 0x0;
415 		targ->exp_dev_handle = 0x0;
416 		targ->phy_num = 0x0;
417 		targ->linkrate = 0x0;
418 		targ->devinfo = 0x0;
419 		targ->flags = 0x0;
420 	}
421 
422 	mpssas_free_tm(sc, tm);
423 }
424 
425 
426 /*
427  * No Need to call "MPI2_SAS_OP_REMOVE_DEVICE" For Volume removal.
428  * Otherwise Volume Delete is same as Bare Drive Removal.
429  */
430 void
mpssas_prepare_volume_remove(struct mpssas_softc * sassc,uint16_t handle)431 mpssas_prepare_volume_remove(struct mpssas_softc *sassc, uint16_t handle)
432 {
433 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
434 	struct mps_softc *sc;
435 	struct mps_command *tm;
436 	struct mpssas_target *targ = NULL;
437 
438 	MPS_FUNCTRACE(sassc->sc);
439 	sc = sassc->sc;
440 
441 #ifdef WD_SUPPORT
442 	/*
443 	 * If this is a WD controller, determine if the disk should be exposed
444 	 * to the OS or not.  If disk should be exposed, return from this
445 	 * function without doing anything.
446 	 */
447 	if (sc->WD_available && (sc->WD_hide_expose ==
448 	    MPS_WD_EXPOSE_ALWAYS)) {
449 		return;
450 	}
451 #endif //WD_SUPPORT
452 
453 	targ = mpssas_find_target_by_handle(sassc, 0, handle);
454 	if (targ == NULL) {
455 		/* FIXME: what is the action? */
456 		/* We don't know about this device? */
457 		mps_dprint(sc, MPS_ERROR,
458 		   "%s %d : invalid handle 0x%x \n", __func__,__LINE__, handle);
459 		return;
460 	}
461 
462 	targ->flags |= MPSSAS_TARGET_INREMOVAL;
463 
464 	tm = mpssas_alloc_tm(sc);
465 	if (tm == NULL) {
466 		mps_dprint(sc, MPS_ERROR,
467 		    "%s: command alloc failure\n", __func__);
468 		return;
469 	}
470 
471 	mpssas_rescan_target(sc, targ);
472 
473 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
474 	req->DevHandle = targ->handle;
475 	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
476 
477 	/* SAS Hard Link Reset / SATA Link Reset */
478 	req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
479 
480 	tm->cm_targ = targ;
481 	tm->cm_data = NULL;
482 	tm->cm_complete = mpssas_remove_volume;
483 	tm->cm_complete_data = (void *)(uintptr_t)handle;
484 
485 	mps_dprint(sc, MPS_INFO, "%s: Sending reset for target ID %d\n",
486 	    __func__, targ->tid);
487 	mpssas_prepare_for_tm(sc, tm, targ, CAM_LUN_WILDCARD);
488 
489 	mps_map_command(sc, tm);
490 }
491 
492 /*
493  * The MPT2 firmware performs debounce on the link to avoid transient link
494  * errors and false removals.  When it does decide that link has been lost
495  * and a device need to go away, it expects that the host will perform a
496  * target reset and then an op remove.  The reset has the side-effect of
497  * aborting any outstanding requests for the device, which is required for
498  * the op-remove to succeed.  It's not clear if the host should check for
499  * the device coming back alive after the reset.
500  */
501 void
mpssas_prepare_remove(struct mpssas_softc * sassc,uint16_t handle)502 mpssas_prepare_remove(struct mpssas_softc *sassc, uint16_t handle)
503 {
504 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
505 	struct mps_softc *sc;
506 	struct mps_command *cm;
507 	struct mpssas_target *targ = NULL;
508 
509 	MPS_FUNCTRACE(sassc->sc);
510 
511 	sc = sassc->sc;
512 
513 	targ = mpssas_find_target_by_handle(sassc, 0, handle);
514 	if (targ == NULL) {
515 		/* FIXME: what is the action? */
516 		/* We don't know about this device? */
517 		mps_dprint(sc, MPS_ERROR,
518 		    "%s : invalid handle 0x%x \n", __func__, handle);
519 		return;
520 	}
521 
522 	targ->flags |= MPSSAS_TARGET_INREMOVAL;
523 
524 	cm = mpssas_alloc_tm(sc);
525 	if (cm == NULL) {
526 		mps_dprint(sc, MPS_ERROR,
527 		    "%s: command alloc failure\n", __func__);
528 		return;
529 	}
530 
531 	mpssas_rescan_target(sc, targ);
532 
533 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
534 	req->DevHandle = htole16(targ->handle);
535 	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
536 
537 	/* SAS Hard Link Reset / SATA Link Reset */
538 	req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
539 
540 	cm->cm_targ = targ;
541 	cm->cm_data = NULL;
542 	cm->cm_complete = mpssas_remove_device;
543 	cm->cm_complete_data = (void *)(uintptr_t)handle;
544 
545 	mps_dprint(sc, MPS_INFO, "%s: Sending reset for target ID %d\n",
546 	    __func__, targ->tid);
547 	mpssas_prepare_for_tm(sc, cm, targ, CAM_LUN_WILDCARD);
548 
549 	mps_map_command(sc, cm);
550 }
551 
552 static void
mpssas_remove_device(struct mps_softc * sc,struct mps_command * tm)553 mpssas_remove_device(struct mps_softc *sc, struct mps_command *tm)
554 {
555 	MPI2_SCSI_TASK_MANAGE_REPLY *reply;
556 	MPI2_SAS_IOUNIT_CONTROL_REQUEST *req;
557 	struct mpssas_target *targ;
558 	uint16_t handle;
559 
560 	MPS_FUNCTRACE(sc);
561 
562 	reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
563 	handle = (uint16_t)(uintptr_t)tm->cm_complete_data;
564 	targ = tm->cm_targ;
565 
566 	/*
567 	 * Currently there should be no way we can hit this case.  It only
568 	 * happens when we have a failure to allocate chain frames, and
569 	 * task management commands don't have S/G lists.
570 	 */
571 	if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
572 		mps_dprint(sc, MPS_ERROR,
573 		    "%s: cm_flags = %#x for remove of handle %#04x! "
574 		    "This should not happen!\n", __func__, tm->cm_flags,
575 		    handle);
576 	}
577 
578 	if (reply == NULL) {
579 		/* XXX retry the remove after the diag reset completes? */
580 		mps_dprint(sc, MPS_FAULT,
581 		    "%s NULL reply resetting device 0x%04x\n", __func__,
582 		    handle);
583 		mpssas_free_tm(sc, tm);
584 		return;
585 	}
586 
587 	if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) !=
588 	    MPI2_IOCSTATUS_SUCCESS) {
589 		mps_dprint(sc, MPS_ERROR,
590 		   "IOCStatus = 0x%x while resetting device 0x%x\n",
591 		   le16toh(reply->IOCStatus), handle);
592 	}
593 
594 	mps_dprint(sc, MPS_XINFO, "Reset aborted %u commands\n",
595 	    le32toh(reply->TerminationCount));
596 	mps_free_reply(sc, tm->cm_reply_data);
597 	tm->cm_reply = NULL;	/* Ensures the reply won't get re-freed */
598 
599 	/* Reuse the existing command */
600 	req = (MPI2_SAS_IOUNIT_CONTROL_REQUEST *)tm->cm_req;
601 	memset(req, 0, sizeof(*req));
602 	req->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
603 	req->Operation = MPI2_SAS_OP_REMOVE_DEVICE;
604 	req->DevHandle = htole16(handle);
605 	tm->cm_data = NULL;
606 	tm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
607 	tm->cm_complete = mpssas_remove_complete;
608 	tm->cm_complete_data = (void *)(uintptr_t)handle;
609 
610 	/*
611 	 * Wait to send the REMOVE_DEVICE until all the commands have cleared.
612 	 * They should be aborted or time out and we'll kick thus off there
613 	 * if so.
614 	 */
615 	if (TAILQ_FIRST(&targ->commands) == NULL) {
616 		mps_dprint(sc, MPS_INFO, "No pending commands: starting remove_device\n");
617 		mps_map_command(sc, tm);
618 		targ->pending_remove_tm = NULL;
619 	} else {
620 		targ->pending_remove_tm = tm;
621 	}
622 
623 
624 	mps_dprint(sc, MPS_XINFO, "clearing target %u handle 0x%04x\n",
625 		   targ->tid, handle);
626 }
627 
628 static void
mpssas_remove_complete(struct mps_softc * sc,struct mps_command * tm)629 mpssas_remove_complete(struct mps_softc *sc, struct mps_command *tm)
630 {
631 	MPI2_SAS_IOUNIT_CONTROL_REPLY *reply;
632 	uint16_t handle;
633 	struct mpssas_target *targ;
634 	struct mpssas_lun *lun;
635 
636 	MPS_FUNCTRACE(sc);
637 
638 	reply = (MPI2_SAS_IOUNIT_CONTROL_REPLY *)tm->cm_reply;
639 	handle = (uint16_t)(uintptr_t)tm->cm_complete_data;
640 	targ = tm->cm_targ;
641 
642 	/*
643 	 * At this point, we should have no pending commands for the target.
644 	 * The remove target has just completed.
645 	 */
646 	KASSERT(TAILQ_FIRST(&targ->commands) == NULL,
647 	    ("%s: no commands should be pending\n", __func__));
648 
649 
650 	/*
651 	 * Currently there should be no way we can hit this case.  It only
652 	 * happens when we have a failure to allocate chain frames, and
653 	 * task management commands don't have S/G lists.
654 	 */
655 	if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
656 		mps_dprint(sc, MPS_XINFO,
657 			   "%s: cm_flags = %#x for remove of handle %#04x! "
658 			   "This should not happen!\n", __func__, tm->cm_flags,
659 			   handle);
660 		mpssas_free_tm(sc, tm);
661 		return;
662 	}
663 
664 	if (reply == NULL) {
665 		/* most likely a chip reset */
666 		mps_dprint(sc, MPS_FAULT,
667 		    "%s NULL reply removing device 0x%04x\n", __func__, handle);
668 		mpssas_free_tm(sc, tm);
669 		return;
670 	}
671 
672 	mps_dprint(sc, MPS_XINFO,
673 	    "%s on handle 0x%04x, IOCStatus= 0x%x\n", __func__,
674 	    handle, le16toh(reply->IOCStatus));
675 
676 	/*
677 	 * Don't clear target if remove fails because things will get confusing.
678 	 * Leave the devname and sasaddr intact so that we know to avoid reusing
679 	 * this target id if possible, and so we can assign the same target id
680 	 * to this device if it comes back in the future.
681 	 */
682 	if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) ==
683 	    MPI2_IOCSTATUS_SUCCESS) {
684 		targ->handle = 0x0;
685 		targ->encl_handle = 0x0;
686 		targ->encl_slot = 0x0;
687 		targ->exp_dev_handle = 0x0;
688 		targ->phy_num = 0x0;
689 		targ->linkrate = 0x0;
690 		targ->devinfo = 0x0;
691 		targ->flags = 0x0;
692 
693 		while(!SLIST_EMPTY(&targ->luns)) {
694 			lun = SLIST_FIRST(&targ->luns);
695 			SLIST_REMOVE_HEAD(&targ->luns, lun_link);
696 			free(lun, M_MPT2);
697 		}
698 	}
699 
700 
701 	mpssas_free_tm(sc, tm);
702 }
703 
704 static int
mpssas_register_events(struct mps_softc * sc)705 mpssas_register_events(struct mps_softc *sc)
706 {
707 	u32 events[MPI2_EVENT_NOTIFY_EVENTMASK_WORDS];
708 
709 	bzero(events, 16);
710 	setbit(events, MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE);
711 	setbit(events, MPI2_EVENT_SAS_DISCOVERY);
712 	setbit(events, MPI2_EVENT_SAS_BROADCAST_PRIMITIVE);
713 	setbit(events, MPI2_EVENT_SAS_INIT_DEVICE_STATUS_CHANGE);
714 	setbit(events, MPI2_EVENT_SAS_INIT_TABLE_OVERFLOW);
715 	setbit(events, MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST);
716 	setbit(events, MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE);
717 	setbit(events, MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST);
718 	setbit(events, MPI2_EVENT_IR_VOLUME);
719 	setbit(events, MPI2_EVENT_IR_PHYSICAL_DISK);
720 	setbit(events, MPI2_EVENT_IR_OPERATION_STATUS);
721 	setbit(events, MPI2_EVENT_LOG_ENTRY_ADDED);
722 
723 	mps_register_events(sc, events, mpssas_evt_handler, NULL,
724 	    &sc->sassc->mpssas_eh);
725 
726 	return (0);
727 }
728 
729 int
mps_attach_sas(struct mps_softc * sc)730 mps_attach_sas(struct mps_softc *sc)
731 {
732 	struct mpssas_softc *sassc;
733 	cam_status status;
734 	int unit, error = 0, reqs;
735 
736 	MPS_FUNCTRACE(sc);
737 	mps_dprint(sc, MPS_INIT, "%s entered\n", __func__);
738 
739 	sassc = malloc(sizeof(struct mpssas_softc), M_MPT2, M_WAITOK|M_ZERO);
740 
741 	/*
742 	 * XXX MaxTargets could change during a reinit.  Since we don't
743 	 * resize the targets[] array during such an event, cache the value
744 	 * of MaxTargets here so that we don't get into trouble later.  This
745 	 * should move into the reinit logic.
746 	 */
747 	sassc->maxtargets = sc->facts->MaxTargets + sc->facts->MaxVolumes;
748 	sassc->targets = malloc(sizeof(struct mpssas_target) *
749 	    sassc->maxtargets, M_MPT2, M_WAITOK|M_ZERO);
750 	sc->sassc = sassc;
751 	sassc->sc = sc;
752 
753 	reqs = sc->num_reqs - sc->num_prireqs - 1;
754 	if ((sassc->devq = cam_simq_alloc(reqs)) == NULL) {
755 		mps_dprint(sc, MPS_ERROR, "Cannot allocate SIMQ\n");
756 		error = ENOMEM;
757 		goto out;
758 	}
759 
760 	unit = device_get_unit(sc->mps_dev);
761 	sassc->sim = cam_sim_alloc(mpssas_action, mpssas_poll, "mps", sassc,
762 	    unit, &sc->mps_mtx, reqs, reqs, sassc->devq);
763 	if (sassc->sim == NULL) {
764 		mps_dprint(sc, MPS_INIT|MPS_ERROR, "Cannot allocate SIM\n");
765 		error = EINVAL;
766 		goto out;
767 	}
768 
769 	TAILQ_INIT(&sassc->ev_queue);
770 
771 	/* Initialize taskqueue for Event Handling */
772 	TASK_INIT(&sassc->ev_task, 0, mpssas_firmware_event_work, sc);
773 	sassc->ev_tq = taskqueue_create("mps_taskq", M_NOWAIT | M_ZERO,
774 	    taskqueue_thread_enqueue, &sassc->ev_tq);
775 	taskqueue_start_threads(&sassc->ev_tq, 1, PRIBIO, "%s taskq",
776 	    device_get_nameunit(sc->mps_dev));
777 
778 	mps_lock(sc);
779 
780 	/*
781 	 * XXX There should be a bus for every port on the adapter, but since
782 	 * we're just going to fake the topology for now, we'll pretend that
783 	 * everything is just a target on a single bus.
784 	 */
785 	if ((error = xpt_bus_register(sassc->sim, sc->mps_dev, 0)) != 0) {
786 		mps_dprint(sc, MPS_INIT|MPS_ERROR,
787 		    "Error %d registering SCSI bus\n", error);
788 		mps_unlock(sc);
789 		goto out;
790 	}
791 
792 	/*
793 	 * Assume that discovery events will start right away.
794 	 *
795 	 * Hold off boot until discovery is complete.
796 	 */
797 	sassc->flags |= MPSSAS_IN_STARTUP | MPSSAS_IN_DISCOVERY;
798 	sc->sassc->startup_refcount = 0;
799 	mpssas_startup_increment(sassc);
800 
801 	callout_init(&sassc->discovery_callout, 1 /*mpsafe*/);
802 
803 	/*
804 	 * Register for async events so we can determine the EEDP
805 	 * capabilities of devices.
806 	 */
807 	status = xpt_create_path(&sassc->path, /*periph*/NULL,
808 	    cam_sim_path(sc->sassc->sim), CAM_TARGET_WILDCARD,
809 	    CAM_LUN_WILDCARD);
810 	if (status != CAM_REQ_CMP) {
811 		mps_dprint(sc, MPS_ERROR|MPS_INIT,
812 		    "Error %#x creating sim path\n", status);
813 		sassc->path = NULL;
814 	} else {
815 		int event;
816 
817 #if (__FreeBSD_version >= 1000006) || \
818     ((__FreeBSD_version >= 901503) && (__FreeBSD_version < 1000000))
819 		event = AC_ADVINFO_CHANGED;
820 #else
821 		event = AC_FOUND_DEVICE;
822 #endif
823 		status = xpt_register_async(event, mpssas_async, sc,
824 					    sassc->path);
825 		if (status != CAM_REQ_CMP) {
826 			mps_dprint(sc, MPS_ERROR,
827 			    "Error %#x registering async handler for "
828 			    "AC_ADVINFO_CHANGED events\n", status);
829 			xpt_free_path(sassc->path);
830 			sassc->path = NULL;
831 		}
832 	}
833 	if (status != CAM_REQ_CMP) {
834 		/*
835 		 * EEDP use is the exception, not the rule.
836 		 * Warn the user, but do not fail to attach.
837 		 */
838 		mps_printf(sc, "EEDP capabilities disabled.\n");
839 	}
840 
841 	mps_unlock(sc);
842 
843 	mpssas_register_events(sc);
844 out:
845 	if (error)
846 		mps_detach_sas(sc);
847 
848 	mps_dprint(sc, MPS_INIT, "%s exit error= %d\n", __func__, error);
849 	return (error);
850 }
851 
852 int
mps_detach_sas(struct mps_softc * sc)853 mps_detach_sas(struct mps_softc *sc)
854 {
855 	struct mpssas_softc *sassc;
856 	struct mpssas_lun *lun, *lun_tmp;
857 	struct mpssas_target *targ;
858 	int i;
859 
860 	MPS_FUNCTRACE(sc);
861 
862 	if (sc->sassc == NULL)
863 		return (0);
864 
865 	sassc = sc->sassc;
866 	mps_deregister_events(sc, sassc->mpssas_eh);
867 
868 	/*
869 	 * Drain and free the event handling taskqueue with the lock
870 	 * unheld so that any parallel processing tasks drain properly
871 	 * without deadlocking.
872 	 */
873 	if (sassc->ev_tq != NULL)
874 		taskqueue_free(sassc->ev_tq);
875 
876 	/* Make sure CAM doesn't wedge if we had to bail out early. */
877 	mps_lock(sc);
878 
879 	while (sassc->startup_refcount != 0)
880 		mpssas_startup_decrement(sassc);
881 
882 	/* Deregister our async handler */
883 	if (sassc->path != NULL) {
884 		xpt_register_async(0, mpssas_async, sc, sassc->path);
885 		xpt_free_path(sassc->path);
886 		sassc->path = NULL;
887 	}
888 
889 	if (sassc->flags & MPSSAS_IN_STARTUP)
890 		xpt_release_simq(sassc->sim, 1);
891 
892 	if (sassc->sim != NULL) {
893 		xpt_bus_deregister(cam_sim_path(sassc->sim));
894 		cam_sim_free(sassc->sim, FALSE);
895 	}
896 
897 	mps_unlock(sc);
898 
899 	if (sassc->devq != NULL)
900 		cam_simq_free(sassc->devq);
901 
902 	for(i=0; i< sassc->maxtargets ;i++) {
903 		targ = &sassc->targets[i];
904 		SLIST_FOREACH_SAFE(lun, &targ->luns, lun_link, lun_tmp) {
905 			free(lun, M_MPT2);
906 		}
907 	}
908 	free(sassc->targets, M_MPT2);
909 	free(sassc, M_MPT2);
910 	sc->sassc = NULL;
911 
912 	return (0);
913 }
914 
915 void
mpssas_discovery_end(struct mpssas_softc * sassc)916 mpssas_discovery_end(struct mpssas_softc *sassc)
917 {
918 	struct mps_softc *sc = sassc->sc;
919 
920 	MPS_FUNCTRACE(sc);
921 
922 	if (sassc->flags & MPSSAS_DISCOVERY_TIMEOUT_PENDING)
923 		callout_stop(&sassc->discovery_callout);
924 
925 	/*
926 	 * After discovery has completed, check the mapping table for any
927 	 * missing devices and update their missing counts. Only do this once
928 	 * whenever the driver is initialized so that missing counts aren't
929 	 * updated unnecessarily. Note that just because discovery has
930 	 * completed doesn't mean that events have been processed yet. The
931 	 * check_devices function is a callout timer that checks if ALL devices
932 	 * are missing. If so, it will wait a little longer for events to
933 	 * complete and keep resetting itself until some device in the mapping
934 	 * table is not missing, meaning that event processing has started.
935 	 */
936 	if (sc->track_mapping_events) {
937 		mps_dprint(sc, MPS_XINFO | MPS_MAPPING, "Discovery has "
938 		    "completed. Check for missing devices in the mapping "
939 		    "table.\n");
940 		callout_reset(&sc->device_check_callout,
941 		    MPS_MISSING_CHECK_DELAY * hz, mps_mapping_check_devices,
942 		    sc);
943 	}
944 }
945 
946 static void
mpssas_action(struct cam_sim * sim,union ccb * ccb)947 mpssas_action(struct cam_sim *sim, union ccb *ccb)
948 {
949 	struct mpssas_softc *sassc;
950 
951 	sassc = cam_sim_softc(sim);
952 
953 	MPS_FUNCTRACE(sassc->sc);
954 	mps_dprint(sassc->sc, MPS_TRACE, "ccb func_code 0x%x\n",
955 	    ccb->ccb_h.func_code);
956 	mtx_assert(&sassc->sc->mps_mtx, MA_OWNED);
957 
958 	switch (ccb->ccb_h.func_code) {
959 	case XPT_PATH_INQ:
960 	{
961 		struct ccb_pathinq *cpi = &ccb->cpi;
962 		struct mps_softc *sc = sassc->sc;
963 
964 		cpi->version_num = 1;
965 		cpi->hba_inquiry = PI_SDTR_ABLE|PI_TAG_ABLE|PI_WIDE_16;
966 		cpi->target_sprt = 0;
967 #if __FreeBSD_version >= 1000039
968 		cpi->hba_misc = PIM_NOBUSRESET | PIM_UNMAPPED | PIM_NOSCAN;
969 #else
970 		cpi->hba_misc = PIM_NOBUSRESET | PIM_UNMAPPED;
971 #endif
972 		cpi->hba_eng_cnt = 0;
973 		cpi->max_target = sassc->maxtargets - 1;
974 		cpi->max_lun = 255;
975 
976 		/*
977 		 * initiator_id is set here to an ID outside the set of valid
978 		 * target IDs (including volumes).
979 		 */
980 		cpi->initiator_id = sassc->maxtargets;
981 		strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
982 		strlcpy(cpi->hba_vid, "Avago Tech", HBA_IDLEN);
983 		strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
984 		cpi->unit_number = cam_sim_unit(sim);
985 		cpi->bus_id = cam_sim_bus(sim);
986 		cpi->base_transfer_speed = 150000;
987 		cpi->transport = XPORT_SAS;
988 		cpi->transport_version = 0;
989 		cpi->protocol = PROTO_SCSI;
990 		cpi->protocol_version = SCSI_REV_SPC;
991 		cpi->maxio = sc->maxio;
992 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
993 		break;
994 	}
995 	case XPT_GET_TRAN_SETTINGS:
996 	{
997 		struct ccb_trans_settings	*cts;
998 		struct ccb_trans_settings_sas	*sas;
999 		struct ccb_trans_settings_scsi	*scsi;
1000 		struct mpssas_target *targ;
1001 
1002 		cts = &ccb->cts;
1003 		sas = &cts->xport_specific.sas;
1004 		scsi = &cts->proto_specific.scsi;
1005 
1006 		KASSERT(cts->ccb_h.target_id < sassc->maxtargets,
1007 		    ("Target %d out of bounds in XPT_GET_TRANS_SETTINGS\n",
1008 		    cts->ccb_h.target_id));
1009 		targ = &sassc->targets[cts->ccb_h.target_id];
1010 		if (targ->handle == 0x0) {
1011 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
1012 			break;
1013 		}
1014 
1015 		cts->protocol_version = SCSI_REV_SPC2;
1016 		cts->transport = XPORT_SAS;
1017 		cts->transport_version = 0;
1018 
1019 		sas->valid = CTS_SAS_VALID_SPEED;
1020 		switch (targ->linkrate) {
1021 		case 0x08:
1022 			sas->bitrate = 150000;
1023 			break;
1024 		case 0x09:
1025 			sas->bitrate = 300000;
1026 			break;
1027 		case 0x0a:
1028 			sas->bitrate = 600000;
1029 			break;
1030 		default:
1031 			sas->valid = 0;
1032 		}
1033 
1034 		cts->protocol = PROTO_SCSI;
1035 		scsi->valid = CTS_SCSI_VALID_TQ;
1036 		scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
1037 
1038 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
1039 		break;
1040 	}
1041 	case XPT_CALC_GEOMETRY:
1042 		cam_calc_geometry(&ccb->ccg, /*extended*/1);
1043 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
1044 		break;
1045 	case XPT_RESET_DEV:
1046 		mps_dprint(sassc->sc, MPS_XINFO, "mpssas_action XPT_RESET_DEV\n");
1047 		mpssas_action_resetdev(sassc, ccb);
1048 		return;
1049 	case XPT_RESET_BUS:
1050 	case XPT_ABORT:
1051 	case XPT_TERM_IO:
1052 		mps_dprint(sassc->sc, MPS_XINFO,
1053 		    "mpssas_action faking success for abort or reset\n");
1054 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
1055 		break;
1056 	case XPT_SCSI_IO:
1057 		mpssas_action_scsiio(sassc, ccb);
1058 		return;
1059 #if __FreeBSD_version >= 900026
1060 	case XPT_SMP_IO:
1061 		mpssas_action_smpio(sassc, ccb);
1062 		return;
1063 #endif
1064 	default:
1065 		mpssas_set_ccbstatus(ccb, CAM_FUNC_NOTAVAIL);
1066 		break;
1067 	}
1068 	xpt_done(ccb);
1069 
1070 }
1071 
1072 static void
mpssas_announce_reset(struct mps_softc * sc,uint32_t ac_code,target_id_t target_id,lun_id_t lun_id)1073 mpssas_announce_reset(struct mps_softc *sc, uint32_t ac_code,
1074     target_id_t target_id, lun_id_t lun_id)
1075 {
1076 	path_id_t path_id = cam_sim_path(sc->sassc->sim);
1077 	struct cam_path *path;
1078 
1079 	mps_dprint(sc, MPS_XINFO, "%s code %x target %d lun %jx\n", __func__,
1080 	    ac_code, target_id, (uintmax_t)lun_id);
1081 
1082 	if (xpt_create_path(&path, NULL,
1083 		path_id, target_id, lun_id) != CAM_REQ_CMP) {
1084 		mps_dprint(sc, MPS_ERROR, "unable to create path for reset "
1085 			   "notification\n");
1086 		return;
1087 	}
1088 
1089 	xpt_async(ac_code, path, NULL);
1090 	xpt_free_path(path);
1091 }
1092 
1093 static void
mpssas_complete_all_commands(struct mps_softc * sc)1094 mpssas_complete_all_commands(struct mps_softc *sc)
1095 {
1096 	struct mps_command *cm;
1097 	int i;
1098 	int completed;
1099 
1100 	MPS_FUNCTRACE(sc);
1101 	mtx_assert(&sc->mps_mtx, MA_OWNED);
1102 
1103 	/* complete all commands with a NULL reply */
1104 	for (i = 1; i < sc->num_reqs; i++) {
1105 		cm = &sc->commands[i];
1106 		if (cm->cm_state == MPS_CM_STATE_FREE)
1107 			continue;
1108 
1109 		cm->cm_state = MPS_CM_STATE_BUSY;
1110 		cm->cm_reply = NULL;
1111 		completed = 0;
1112 
1113 		if (cm->cm_flags & MPS_CM_FLAGS_SATA_ID_TIMEOUT) {
1114 			MPASS(cm->cm_data);
1115 			free(cm->cm_data, M_MPT2);
1116 			cm->cm_data = NULL;
1117 		}
1118 
1119 		if (cm->cm_flags & MPS_CM_FLAGS_POLLED)
1120 			cm->cm_flags |= MPS_CM_FLAGS_COMPLETE;
1121 
1122 		if (cm->cm_complete != NULL) {
1123 			mpssas_log_command(cm, MPS_RECOVERY,
1124 			    "completing cm %p state %x ccb %p for diag reset\n",
1125 			    cm, cm->cm_state, cm->cm_ccb);
1126 
1127 			cm->cm_complete(sc, cm);
1128 			completed = 1;
1129 		} else if (cm->cm_flags & MPS_CM_FLAGS_WAKEUP) {
1130 			mpssas_log_command(cm, MPS_RECOVERY,
1131 			    "waking up cm %p state %x ccb %p for diag reset\n",
1132 			    cm, cm->cm_state, cm->cm_ccb);
1133 			wakeup(cm);
1134 			completed = 1;
1135 		}
1136 
1137 		if ((completed == 0) && (cm->cm_state != MPS_CM_STATE_FREE)) {
1138 			/* this should never happen, but if it does, log */
1139 			mpssas_log_command(cm, MPS_RECOVERY,
1140 			    "cm %p state %x flags 0x%x ccb %p during diag "
1141 			    "reset\n", cm, cm->cm_state, cm->cm_flags,
1142 			    cm->cm_ccb);
1143 		}
1144 	}
1145 
1146 	sc->io_cmds_active = 0;
1147 }
1148 
1149 void
mpssas_handle_reinit(struct mps_softc * sc)1150 mpssas_handle_reinit(struct mps_softc *sc)
1151 {
1152 	int i;
1153 
1154 	/* Go back into startup mode and freeze the simq, so that CAM
1155 	 * doesn't send any commands until after we've rediscovered all
1156 	 * targets and found the proper device handles for them.
1157 	 *
1158 	 * After the reset, portenable will trigger discovery, and after all
1159 	 * discovery-related activities have finished, the simq will be
1160 	 * released.
1161 	 */
1162 	mps_dprint(sc, MPS_INIT, "%s startup\n", __func__);
1163 	sc->sassc->flags |= MPSSAS_IN_STARTUP;
1164 	sc->sassc->flags |= MPSSAS_IN_DISCOVERY;
1165 	mpssas_startup_increment(sc->sassc);
1166 
1167 	/* notify CAM of a bus reset */
1168 	mpssas_announce_reset(sc, AC_BUS_RESET, CAM_TARGET_WILDCARD,
1169 	    CAM_LUN_WILDCARD);
1170 
1171 	/* complete and cleanup after all outstanding commands */
1172 	mpssas_complete_all_commands(sc);
1173 
1174 	mps_dprint(sc, MPS_INIT,
1175 	    "%s startup %u after command completion\n", __func__,
1176 	    sc->sassc->startup_refcount);
1177 
1178 	/* zero all the target handles, since they may change after the
1179 	 * reset, and we have to rediscover all the targets and use the new
1180 	 * handles.
1181 	 */
1182 	for (i = 0; i < sc->sassc->maxtargets; i++) {
1183 		if (sc->sassc->targets[i].outstanding != 0)
1184 			mps_dprint(sc, MPS_INIT, "target %u outstanding %u\n",
1185 			    i, sc->sassc->targets[i].outstanding);
1186 		sc->sassc->targets[i].handle = 0x0;
1187 		sc->sassc->targets[i].exp_dev_handle = 0x0;
1188 		sc->sassc->targets[i].outstanding = 0;
1189 		sc->sassc->targets[i].flags = MPSSAS_TARGET_INDIAGRESET;
1190 	}
1191 }
1192 
1193 static void
mpssas_tm_timeout(void * data)1194 mpssas_tm_timeout(void *data)
1195 {
1196 	struct mps_command *tm = data;
1197 	struct mps_softc *sc = tm->cm_sc;
1198 
1199 	mtx_assert(&sc->mps_mtx, MA_OWNED);
1200 
1201 	mpssas_log_command(tm, MPS_INFO|MPS_RECOVERY,
1202 	    "task mgmt %p timed out\n", tm);
1203 
1204 	KASSERT(tm->cm_state == MPS_CM_STATE_INQUEUE,
1205 	    ("command not inqueue\n"));
1206 
1207 	tm->cm_state = MPS_CM_STATE_BUSY;
1208 	mps_reinit(sc);
1209 }
1210 
1211 static void
mpssas_logical_unit_reset_complete(struct mps_softc * sc,struct mps_command * tm)1212 mpssas_logical_unit_reset_complete(struct mps_softc *sc, struct mps_command *tm)
1213 {
1214 	MPI2_SCSI_TASK_MANAGE_REPLY *reply;
1215 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1216 	unsigned int cm_count = 0;
1217 	struct mps_command *cm;
1218 	struct mpssas_target *targ;
1219 
1220 	callout_stop(&tm->cm_callout);
1221 
1222 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1223 	reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
1224 	targ = tm->cm_targ;
1225 
1226 	/*
1227 	 * Currently there should be no way we can hit this case.  It only
1228 	 * happens when we have a failure to allocate chain frames, and
1229 	 * task management commands don't have S/G lists.
1230 	 * XXXSL So should it be an assertion?
1231 	 */
1232 	if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1233 		mps_dprint(sc, MPS_RECOVERY|MPS_ERROR,
1234 		    "%s: cm_flags = %#x for LUN reset! "
1235 		   "This should not happen!\n", __func__, tm->cm_flags);
1236 		mpssas_free_tm(sc, tm);
1237 		return;
1238 	}
1239 
1240 	if (reply == NULL) {
1241 		mps_dprint(sc, MPS_RECOVERY, "NULL reset reply for tm %p\n",
1242 		    tm);
1243 		if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1244 			/* this completion was due to a reset, just cleanup */
1245 			mps_dprint(sc, MPS_RECOVERY, "Hardware undergoing "
1246 			    "reset, ignoring NULL LUN reset reply\n");
1247 			targ->tm = NULL;
1248 			mpssas_free_tm(sc, tm);
1249 		}
1250 		else {
1251 			/* we should have gotten a reply. */
1252 			mps_dprint(sc, MPS_INFO|MPS_RECOVERY, "NULL reply on "
1253 			    "LUN reset attempt, resetting controller\n");
1254 			mps_reinit(sc);
1255 		}
1256 		return;
1257 	}
1258 
1259 	mps_dprint(sc, MPS_RECOVERY,
1260 	    "logical unit reset status 0x%x code 0x%x count %u\n",
1261 	    le16toh(reply->IOCStatus), le32toh(reply->ResponseCode),
1262 	    le32toh(reply->TerminationCount));
1263 
1264 	/*
1265 	 * See if there are any outstanding commands for this LUN.
1266 	 * This could be made more efficient by using a per-LU data
1267 	 * structure of some sort.
1268 	 */
1269 	TAILQ_FOREACH(cm, &targ->commands, cm_link) {
1270 		if (cm->cm_lun == tm->cm_lun)
1271 			cm_count++;
1272 	}
1273 
1274 	if (cm_count == 0) {
1275 		mps_dprint(sc, MPS_RECOVERY|MPS_INFO,
1276 		    "Finished recovery after LUN reset for target %u\n",
1277 		    targ->tid);
1278 
1279 		mpssas_announce_reset(sc, AC_SENT_BDR, targ->tid, tm->cm_lun);
1280 
1281 		/*
1282 		 * We've finished recovery for this logical unit.  check and
1283 		 * see if some other logical unit has a timedout command
1284 		 * that needs to be processed.
1285 		 */
1286 		cm = TAILQ_FIRST(&targ->timedout_commands);
1287 		if (cm) {
1288 			mps_dprint(sc, MPS_INFO|MPS_RECOVERY,
1289 			    "More commands to abort for target %u\n",
1290 			    targ->tid);
1291 			mpssas_send_abort(sc, tm, cm);
1292 		} else {
1293 			targ->tm = NULL;
1294 			mpssas_free_tm(sc, tm);
1295 		}
1296 	} else {
1297 		/*
1298 		 * If we still have commands for this LUN, the reset
1299 		 * effectively failed, regardless of the status reported.
1300 		 * Escalate to a target reset.
1301 		 */
1302 		mps_dprint(sc, MPS_INFO|MPS_RECOVERY,
1303 		    "logical unit reset complete for target %u, but still "
1304 		    "have %u command(s), sending target reset\n", targ->tid,
1305 		    cm_count);
1306 		mpssas_send_reset(sc, tm,
1307 		    MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET);
1308 	}
1309 }
1310 
1311 static void
mpssas_target_reset_complete(struct mps_softc * sc,struct mps_command * tm)1312 mpssas_target_reset_complete(struct mps_softc *sc, struct mps_command *tm)
1313 {
1314 	MPI2_SCSI_TASK_MANAGE_REPLY *reply;
1315 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1316 	struct mpssas_target *targ;
1317 
1318 	callout_stop(&tm->cm_callout);
1319 
1320 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1321 	reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
1322 	targ = tm->cm_targ;
1323 
1324 	/*
1325 	 * Currently there should be no way we can hit this case.  It only
1326 	 * happens when we have a failure to allocate chain frames, and
1327 	 * task management commands don't have S/G lists.
1328 	 */
1329 	if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1330 		mps_dprint(sc, MPS_ERROR,"%s: cm_flags = %#x for target reset! "
1331 			   "This should not happen!\n", __func__, tm->cm_flags);
1332 		mpssas_free_tm(sc, tm);
1333 		return;
1334 	}
1335 
1336 	if (reply == NULL) {
1337 		mps_dprint(sc, MPS_RECOVERY,
1338 		    "NULL target reset reply for tm %pi TaskMID %u\n",
1339 		    tm, le16toh(req->TaskMID));
1340 		if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1341 			/* this completion was due to a reset, just cleanup */
1342 			mps_dprint(sc, MPS_RECOVERY, "Hardware undergoing "
1343 			    "reset, ignoring NULL target reset reply\n");
1344 			targ->tm = NULL;
1345 			mpssas_free_tm(sc, tm);
1346 		} else {
1347 			/* we should have gotten a reply. */
1348 			mps_dprint(sc, MPS_INFO|MPS_RECOVERY, "NULL reply on "
1349 			    "target reset attempt, resetting controller\n");
1350 			mps_reinit(sc);
1351 		}
1352 		return;
1353 	}
1354 
1355 	mps_dprint(sc, MPS_RECOVERY,
1356 	    "target reset status 0x%x code 0x%x count %u\n",
1357 	    le16toh(reply->IOCStatus), le32toh(reply->ResponseCode),
1358 	    le32toh(reply->TerminationCount));
1359 
1360 	if (targ->outstanding == 0) {
1361 		/* we've finished recovery for this target and all
1362 		 * of its logical units.
1363 		 */
1364 		mps_dprint(sc, MPS_RECOVERY|MPS_INFO,
1365 		    "Finished reset recovery for target %u\n", targ->tid);
1366 
1367 		mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid,
1368 		    CAM_LUN_WILDCARD);
1369 
1370 		targ->tm = NULL;
1371 		mpssas_free_tm(sc, tm);
1372 	} else {
1373 		/*
1374 		 * After a target reset, if this target still has
1375 		 * outstanding commands, the reset effectively failed,
1376 		 * regardless of the status reported.  escalate.
1377 		 */
1378 		mps_dprint(sc, MPS_INFO|MPS_RECOVERY,
1379 		    "Target reset complete for target %u, but still have %u "
1380 		    "command(s), resetting controller\n", targ->tid,
1381 		    targ->outstanding);
1382 		mps_reinit(sc);
1383 	}
1384 }
1385 
1386 #define MPS_RESET_TIMEOUT 30
1387 
1388 int
mpssas_send_reset(struct mps_softc * sc,struct mps_command * tm,uint8_t type)1389 mpssas_send_reset(struct mps_softc *sc, struct mps_command *tm, uint8_t type)
1390 {
1391 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1392 	struct mpssas_target *target;
1393 	int err;
1394 
1395 	target = tm->cm_targ;
1396 	if (target->handle == 0) {
1397 		mps_dprint(sc, MPS_ERROR,"%s null devhandle for target_id %d\n",
1398 		    __func__, target->tid);
1399 		return -1;
1400 	}
1401 
1402 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1403 	req->DevHandle = htole16(target->handle);
1404 	req->TaskType = type;
1405 
1406 	if (type == MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET) {
1407 		/* XXX Need to handle invalid LUNs */
1408 		MPS_SET_LUN(req->LUN, tm->cm_lun);
1409 		tm->cm_targ->logical_unit_resets++;
1410 		mps_dprint(sc, MPS_RECOVERY|MPS_INFO,
1411 		    "Sending logical unit reset to target %u lun %d\n",
1412 		    target->tid, tm->cm_lun);
1413 		tm->cm_complete = mpssas_logical_unit_reset_complete;
1414 		mpssas_prepare_for_tm(sc, tm, target, tm->cm_lun);
1415 	} else if (type == MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET) {
1416 		/*
1417 		 * Target reset method =
1418 		 * 	SAS Hard Link Reset / SATA Link Reset
1419 		 */
1420 		req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
1421 		tm->cm_targ->target_resets++;
1422 		mps_dprint(sc, MPS_RECOVERY|MPS_INFO,
1423 		    "Sending target reset to target %u\n", target->tid);
1424 		tm->cm_complete = mpssas_target_reset_complete;
1425 		mpssas_prepare_for_tm(sc, tm, target, CAM_LUN_WILDCARD);
1426 	} else {
1427 		mps_dprint(sc, MPS_ERROR, "unexpected reset type 0x%x\n", type);
1428 		return -1;
1429 	}
1430 
1431 	tm->cm_data = NULL;
1432 	tm->cm_complete_data = (void *)tm;
1433 
1434 	callout_reset(&tm->cm_callout, MPS_RESET_TIMEOUT * hz,
1435 	    mpssas_tm_timeout, tm);
1436 
1437 	err = mps_map_command(sc, tm);
1438 	if (err)
1439 		mps_dprint(sc, MPS_ERROR|MPS_RECOVERY,
1440 		    "error %d sending reset type %u\n",
1441 		    err, type);
1442 
1443 	return err;
1444 }
1445 
1446 
1447 static void
mpssas_abort_complete(struct mps_softc * sc,struct mps_command * tm)1448 mpssas_abort_complete(struct mps_softc *sc, struct mps_command *tm)
1449 {
1450 	struct mps_command *cm;
1451 	MPI2_SCSI_TASK_MANAGE_REPLY *reply;
1452 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1453 	struct mpssas_target *targ;
1454 
1455 	callout_stop(&tm->cm_callout);
1456 
1457 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1458 	reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
1459 	targ = tm->cm_targ;
1460 
1461 	/*
1462 	 * Currently there should be no way we can hit this case.  It only
1463 	 * happens when we have a failure to allocate chain frames, and
1464 	 * task management commands don't have S/G lists.
1465 	 */
1466 	if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
1467 		mps_dprint(sc, MPS_RECOVERY,
1468 		    "cm_flags = %#x for abort %p TaskMID %u!\n",
1469 		    tm->cm_flags, tm, le16toh(req->TaskMID));
1470 		mpssas_free_tm(sc, tm);
1471 		return;
1472 	}
1473 
1474 	if (reply == NULL) {
1475 		mps_dprint(sc, MPS_RECOVERY,
1476 		    "NULL abort reply for tm %p TaskMID %u\n",
1477 		    tm, le16toh(req->TaskMID));
1478 		if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
1479 			/* this completion was due to a reset, just cleanup */
1480 			mps_dprint(sc, MPS_RECOVERY, "Hardware undergoing "
1481 			    "reset, ignoring NULL abort reply\n");
1482 			targ->tm = NULL;
1483 			mpssas_free_tm(sc, tm);
1484 		} else {
1485 			/* we should have gotten a reply. */
1486 			mps_dprint(sc, MPS_INFO|MPS_RECOVERY, "NULL reply on "
1487 			    "abort attempt, resetting controller\n");
1488 			mps_reinit(sc);
1489 		}
1490 		return;
1491 	}
1492 
1493 	mps_dprint(sc, MPS_RECOVERY,
1494 	    "abort TaskMID %u status 0x%x code 0x%x count %u\n",
1495 	    le16toh(req->TaskMID),
1496 	    le16toh(reply->IOCStatus), le32toh(reply->ResponseCode),
1497 	    le32toh(reply->TerminationCount));
1498 
1499 	cm = TAILQ_FIRST(&tm->cm_targ->timedout_commands);
1500 	if (cm == NULL) {
1501 		/*
1502 		 * If there are no more timedout commands, we're done with
1503 		 * error recovery for this target.
1504 		 */
1505 		mps_dprint(sc, MPS_INFO|MPS_RECOVERY,
1506 		    "Finished abort recovery for target %u\n", targ->tid);
1507 
1508 		targ->tm = NULL;
1509 		mpssas_free_tm(sc, tm);
1510 	} else if (le16toh(req->TaskMID) != cm->cm_desc.Default.SMID) {
1511 		/* abort success, but we have more timedout commands to abort */
1512 		mps_dprint(sc, MPS_INFO|MPS_RECOVERY,
1513 		    "Continuing abort recovery for target %u\n", targ->tid);
1514 
1515 		mpssas_send_abort(sc, tm, cm);
1516 	} else {
1517 		/* we didn't get a command completion, so the abort
1518 		 * failed as far as we're concerned.  escalate.
1519 		 */
1520 		mps_dprint(sc, MPS_RECOVERY,
1521 		    "Abort failed for target %u, sending logical unit reset\n",
1522 		    targ->tid);
1523 
1524 		mpssas_send_reset(sc, tm,
1525 		    MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET);
1526 	}
1527 }
1528 
1529 #define MPS_ABORT_TIMEOUT 5
1530 
1531 static int
mpssas_send_abort(struct mps_softc * sc,struct mps_command * tm,struct mps_command * cm)1532 mpssas_send_abort(struct mps_softc *sc, struct mps_command *tm, struct mps_command *cm)
1533 {
1534 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1535 	struct mpssas_target *targ;
1536 	int err;
1537 
1538 	targ = cm->cm_targ;
1539 	if (targ->handle == 0) {
1540 		mps_dprint(sc, MPS_ERROR|MPS_RECOVERY,
1541 		    "%s null devhandle for target_id %d\n",
1542 		    __func__, cm->cm_ccb->ccb_h.target_id);
1543 		return -1;
1544 	}
1545 
1546 	mpssas_log_command(cm, MPS_RECOVERY|MPS_INFO,
1547 	    "Aborting command %p\n", cm);
1548 
1549 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
1550 	req->DevHandle = htole16(targ->handle);
1551 	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK;
1552 
1553 	/* XXX Need to handle invalid LUNs */
1554 	MPS_SET_LUN(req->LUN, cm->cm_ccb->ccb_h.target_lun);
1555 
1556 	req->TaskMID = htole16(cm->cm_desc.Default.SMID);
1557 
1558 	tm->cm_data = NULL;
1559 	tm->cm_complete = mpssas_abort_complete;
1560 	tm->cm_complete_data = (void *)tm;
1561 	tm->cm_targ = cm->cm_targ;
1562 	tm->cm_lun = cm->cm_lun;
1563 
1564 	callout_reset(&tm->cm_callout, MPS_ABORT_TIMEOUT * hz,
1565 	    mpssas_tm_timeout, tm);
1566 
1567 	targ->aborts++;
1568 
1569 	mpssas_prepare_for_tm(sc, tm, targ, tm->cm_lun);
1570 
1571 	err = mps_map_command(sc, tm);
1572 	if (err)
1573 		mps_dprint(sc, MPS_ERROR|MPS_RECOVERY,
1574 		    "error %d sending abort for cm %p SMID %u\n",
1575 		    err, cm, req->TaskMID);
1576 	return err;
1577 }
1578 
1579 static void
mpssas_scsiio_timeout(void * data)1580 mpssas_scsiio_timeout(void *data)
1581 {
1582 	sbintime_t elapsed, now;
1583 	union ccb *ccb;
1584 	struct mps_softc *sc;
1585 	struct mps_command *cm;
1586 	struct mpssas_target *targ;
1587 
1588 	cm = (struct mps_command *)data;
1589 	sc = cm->cm_sc;
1590 	ccb = cm->cm_ccb;
1591 	now = sbinuptime();
1592 
1593 	MPS_FUNCTRACE(sc);
1594 	mtx_assert(&sc->mps_mtx, MA_OWNED);
1595 
1596 	mps_dprint(sc, MPS_XINFO|MPS_RECOVERY, "Timeout checking cm %p\n", sc);
1597 
1598 	/*
1599 	 * Run the interrupt handler to make sure it's not pending.  This
1600 	 * isn't perfect because the command could have already completed
1601 	 * and been re-used, though this is unlikely.
1602 	 */
1603 	mps_intr_locked(sc);
1604 	if (cm->cm_flags & MPS_CM_FLAGS_ON_RECOVERY) {
1605 		mpssas_log_command(cm, MPS_XINFO,
1606 		    "SCSI command %p almost timed out\n", cm);
1607 		return;
1608 	}
1609 
1610 	if (cm->cm_ccb == NULL) {
1611 		mps_dprint(sc, MPS_ERROR, "command timeout with NULL ccb\n");
1612 		return;
1613 	}
1614 
1615 	targ = cm->cm_targ;
1616 	targ->timeouts++;
1617 
1618 	elapsed = now - ccb->ccb_h.qos.sim_data;
1619 	mpssas_log_command(cm, MPS_INFO|MPS_RECOVERY,
1620 	    "Command timeout on target %u(0x%04x) %d set, %d.%d elapsed\n",
1621 	    targ->tid, targ->handle, ccb->ccb_h.timeout,
1622 	    sbintime_getsec(elapsed), elapsed & 0xffffffff);
1623 
1624 	/* XXX first, check the firmware state, to see if it's still
1625 	 * operational.  if not, do a diag reset.
1626 	 */
1627 	mpssas_set_ccbstatus(cm->cm_ccb, CAM_CMD_TIMEOUT);
1628 	cm->cm_flags |= MPS_CM_FLAGS_ON_RECOVERY | MPS_CM_FLAGS_TIMEDOUT;
1629 	TAILQ_INSERT_TAIL(&targ->timedout_commands, cm, cm_recovery);
1630 
1631 	if (targ->tm != NULL) {
1632 		/* target already in recovery, just queue up another
1633 		 * timedout command to be processed later.
1634 		 */
1635 		mps_dprint(sc, MPS_RECOVERY,
1636 		    "queued timedout cm %p for processing by tm %p\n",
1637 		    cm, targ->tm);
1638 	} else if ((targ->tm = mpssas_alloc_tm(sc)) != NULL) {
1639 		mps_dprint(sc, MPS_RECOVERY|MPS_INFO,
1640 		    "Sending abort to target %u for SMID %d\n", targ->tid,
1641 		    cm->cm_desc.Default.SMID);
1642 		mps_dprint(sc, MPS_RECOVERY, "timedout cm %p allocated tm %p\n",
1643 		    cm, targ->tm);
1644 
1645 		/* start recovery by aborting the first timedout command */
1646 		mpssas_send_abort(sc, targ->tm, cm);
1647 	} else {
1648 		/* XXX queue this target up for recovery once a TM becomes
1649 		 * available.  The firmware only has a limited number of
1650 		 * HighPriority credits for the high priority requests used
1651 		 * for task management, and we ran out.
1652 		 *
1653 		 * Isilon: don't worry about this for now, since we have
1654 		 * more credits than disks in an enclosure, and limit
1655 		 * ourselves to one TM per target for recovery.
1656 		 */
1657 		mps_dprint(sc, MPS_ERROR|MPS_RECOVERY,
1658 		    "timedout cm %p failed to allocate a tm\n", cm);
1659 	}
1660 
1661 }
1662 
1663 static void
mpssas_action_scsiio(struct mpssas_softc * sassc,union ccb * ccb)1664 mpssas_action_scsiio(struct mpssas_softc *sassc, union ccb *ccb)
1665 {
1666 	MPI2_SCSI_IO_REQUEST *req;
1667 	struct ccb_scsiio *csio;
1668 	struct mps_softc *sc;
1669 	struct mpssas_target *targ;
1670 	struct mpssas_lun *lun;
1671 	struct mps_command *cm;
1672 	uint8_t i, lba_byte, *ref_tag_addr;
1673 	uint16_t eedp_flags;
1674 	uint32_t mpi_control;
1675 
1676 	sc = sassc->sc;
1677 	MPS_FUNCTRACE(sc);
1678 	mtx_assert(&sc->mps_mtx, MA_OWNED);
1679 
1680 	csio = &ccb->csio;
1681 	KASSERT(csio->ccb_h.target_id < sassc->maxtargets,
1682 	    ("Target %d out of bounds in XPT_SCSI_IO\n",
1683 	     csio->ccb_h.target_id));
1684 	targ = &sassc->targets[csio->ccb_h.target_id];
1685 	mps_dprint(sc, MPS_TRACE, "ccb %p target flag %x\n", ccb, targ->flags);
1686 	if (targ->handle == 0x0) {
1687 		mps_dprint(sc, MPS_ERROR, "%s NULL handle for target %u\n",
1688 		    __func__, csio->ccb_h.target_id);
1689 		mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
1690 		xpt_done(ccb);
1691 		return;
1692 	}
1693 	if (targ->flags & MPS_TARGET_FLAGS_RAID_COMPONENT) {
1694 		mps_dprint(sc, MPS_ERROR, "%s Raid component no SCSI IO "
1695 		    "supported %u\n", __func__, csio->ccb_h.target_id);
1696 		mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
1697 		xpt_done(ccb);
1698 		return;
1699 	}
1700 	/*
1701 	 * Sometimes, it is possible to get a command that is not "In
1702 	 * Progress" and was actually aborted by the upper layer.  Check for
1703 	 * this here and complete the command without error.
1704 	 */
1705 	if (mpssas_get_ccbstatus(ccb) != CAM_REQ_INPROG) {
1706 		mps_dprint(sc, MPS_TRACE, "%s Command is not in progress for "
1707 		    "target %u\n", __func__, csio->ccb_h.target_id);
1708 		xpt_done(ccb);
1709 		return;
1710 	}
1711 	/*
1712 	 * If devinfo is 0 this will be a volume.  In that case don't tell CAM
1713 	 * that the volume has timed out.  We want volumes to be enumerated
1714 	 * until they are deleted/removed, not just failed. In either event,
1715 	 * we're removing the target due to a firmware event telling us
1716 	 * the device is now gone (as opposed to some transient event). Since
1717 	 * we're opting to remove failed devices from the OS's view, we need
1718 	 * to propagate that status up the stack.
1719 	 */
1720 	if (targ->flags & MPSSAS_TARGET_INREMOVAL) {
1721 		if (targ->devinfo == 0)
1722 			mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
1723 		else
1724 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
1725 		xpt_done(ccb);
1726 		return;
1727 	}
1728 
1729 	if ((sc->mps_flags & MPS_FLAGS_SHUTDOWN) != 0) {
1730 		mps_dprint(sc, MPS_INFO, "%s shutting down\n", __func__);
1731 		mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
1732 		xpt_done(ccb);
1733 		return;
1734 	}
1735 
1736 	/*
1737 	 * If target has a reset in progress, freeze the devq and return.  The
1738 	 * devq will be released when the TM reset is finished.
1739 	 */
1740 	if (targ->flags & MPSSAS_TARGET_INRESET) {
1741 		ccb->ccb_h.status = CAM_BUSY | CAM_DEV_QFRZN;
1742 		mps_dprint(sc, MPS_INFO, "%s: Freezing devq for target ID %d\n",
1743 		    __func__, targ->tid);
1744 		xpt_freeze_devq(ccb->ccb_h.path, 1);
1745 		xpt_done(ccb);
1746 		return;
1747 	}
1748 
1749 	cm = mps_alloc_command(sc);
1750 	if (cm == NULL || (sc->mps_flags & MPS_FLAGS_DIAGRESET)) {
1751 		if (cm != NULL) {
1752 			mps_free_command(sc, cm);
1753 		}
1754 		if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
1755 			xpt_freeze_simq(sassc->sim, 1);
1756 			sassc->flags |= MPSSAS_QUEUE_FROZEN;
1757 		}
1758 		ccb->ccb_h.status &= ~CAM_SIM_QUEUED;
1759 		ccb->ccb_h.status |= CAM_REQUEUE_REQ;
1760 		xpt_done(ccb);
1761 		return;
1762 	}
1763 
1764 	req = (MPI2_SCSI_IO_REQUEST *)cm->cm_req;
1765 	bzero(req, sizeof(*req));
1766 	req->DevHandle = htole16(targ->handle);
1767 	req->Function = MPI2_FUNCTION_SCSI_IO_REQUEST;
1768 	req->MsgFlags = 0;
1769 	req->SenseBufferLowAddress = htole32(cm->cm_sense_busaddr);
1770 	req->SenseBufferLength = MPS_SENSE_LEN;
1771 	req->SGLFlags = 0;
1772 	req->ChainOffset = 0;
1773 	req->SGLOffset0 = 24;	/* 32bit word offset to the SGL */
1774 	req->SGLOffset1= 0;
1775 	req->SGLOffset2= 0;
1776 	req->SGLOffset3= 0;
1777 	req->SkipCount = 0;
1778 	req->DataLength = htole32(csio->dxfer_len);
1779 	req->BidirectionalDataLength = 0;
1780 	req->IoFlags = htole16(csio->cdb_len);
1781 	req->EEDPFlags = 0;
1782 
1783 	/* Note: BiDirectional transfers are not supported */
1784 	switch (csio->ccb_h.flags & CAM_DIR_MASK) {
1785 	case CAM_DIR_IN:
1786 		mpi_control = MPI2_SCSIIO_CONTROL_READ;
1787 		cm->cm_flags |= MPS_CM_FLAGS_DATAIN;
1788 		break;
1789 	case CAM_DIR_OUT:
1790 		mpi_control = MPI2_SCSIIO_CONTROL_WRITE;
1791 		cm->cm_flags |= MPS_CM_FLAGS_DATAOUT;
1792 		break;
1793 	case CAM_DIR_NONE:
1794 	default:
1795 		mpi_control = MPI2_SCSIIO_CONTROL_NODATATRANSFER;
1796 		break;
1797 	}
1798 
1799 	if (csio->cdb_len == 32)
1800                 mpi_control |= 4 << MPI2_SCSIIO_CONTROL_ADDCDBLEN_SHIFT;
1801 	/*
1802 	 * It looks like the hardware doesn't require an explicit tag
1803 	 * number for each transaction.  SAM Task Management not supported
1804 	 * at the moment.
1805 	 */
1806 	switch (csio->tag_action) {
1807 	case MSG_HEAD_OF_Q_TAG:
1808 		mpi_control |= MPI2_SCSIIO_CONTROL_HEADOFQ;
1809 		break;
1810 	case MSG_ORDERED_Q_TAG:
1811 		mpi_control |= MPI2_SCSIIO_CONTROL_ORDEREDQ;
1812 		break;
1813 	case MSG_ACA_TASK:
1814 		mpi_control |= MPI2_SCSIIO_CONTROL_ACAQ;
1815 		break;
1816 	case CAM_TAG_ACTION_NONE:
1817 	case MSG_SIMPLE_Q_TAG:
1818 	default:
1819 		mpi_control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
1820 		break;
1821 	}
1822 	mpi_control |= (csio->priority << MPI2_SCSIIO_CONTROL_TASKPRI_SHIFT) &
1823 	    MPI2_SCSIIO_CONTROL_TASKPRI_MASK;
1824 	mpi_control |= sc->mapping_table[csio->ccb_h.target_id].TLR_bits;
1825 	req->Control = htole32(mpi_control);
1826 	if (MPS_SET_LUN(req->LUN, csio->ccb_h.target_lun) != 0) {
1827 		mps_free_command(sc, cm);
1828 		mpssas_set_ccbstatus(ccb, CAM_LUN_INVALID);
1829 		xpt_done(ccb);
1830 		return;
1831 	}
1832 
1833 	if (csio->ccb_h.flags & CAM_CDB_POINTER)
1834 		bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len);
1835 	else
1836 		bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len);
1837 	req->IoFlags = htole16(csio->cdb_len);
1838 
1839 	/*
1840 	 * Check if EEDP is supported and enabled.  If it is then check if the
1841 	 * SCSI opcode could be using EEDP.  If so, make sure the LUN exists and
1842 	 * is formatted for EEDP support.  If all of this is true, set CDB up
1843 	 * for EEDP transfer.
1844 	 */
1845 	eedp_flags = op_code_prot[req->CDB.CDB32[0]];
1846 	if (sc->eedp_enabled && eedp_flags) {
1847 		SLIST_FOREACH(lun, &targ->luns, lun_link) {
1848 			if (lun->lun_id == csio->ccb_h.target_lun) {
1849 				break;
1850 			}
1851 		}
1852 
1853 		if ((lun != NULL) && (lun->eedp_formatted)) {
1854 			req->EEDPBlockSize = htole16(lun->eedp_block_size);
1855 			eedp_flags |= (MPI2_SCSIIO_EEDPFLAGS_INC_PRI_REFTAG |
1856 			    MPI2_SCSIIO_EEDPFLAGS_CHECK_REFTAG |
1857 			    MPI2_SCSIIO_EEDPFLAGS_CHECK_GUARD);
1858 			req->EEDPFlags = htole16(eedp_flags);
1859 
1860 			/*
1861 			 * If CDB less than 32, fill in Primary Ref Tag with
1862 			 * low 4 bytes of LBA.  If CDB is 32, tag stuff is
1863 			 * already there.  Also, set protection bit.  FreeBSD
1864 			 * currently does not support CDBs bigger than 16, but
1865 			 * the code doesn't hurt, and will be here for the
1866 			 * future.
1867 			 */
1868 			if (csio->cdb_len != 32) {
1869 				lba_byte = (csio->cdb_len == 16) ? 6 : 2;
1870 				ref_tag_addr = (uint8_t *)&req->CDB.EEDP32.
1871 				    PrimaryReferenceTag;
1872 				for (i = 0; i < 4; i++) {
1873 					*ref_tag_addr =
1874 					    req->CDB.CDB32[lba_byte + i];
1875 					ref_tag_addr++;
1876 				}
1877 				req->CDB.EEDP32.PrimaryReferenceTag =
1878 					htole32(req->CDB.EEDP32.PrimaryReferenceTag);
1879 				req->CDB.EEDP32.PrimaryApplicationTagMask =
1880 				    0xFFFF;
1881 				req->CDB.CDB32[1] = (req->CDB.CDB32[1] & 0x1F) |
1882 				    0x20;
1883 			} else {
1884 				eedp_flags |=
1885 				    MPI2_SCSIIO_EEDPFLAGS_INC_PRI_APPTAG;
1886 				req->EEDPFlags = htole16(eedp_flags);
1887 				req->CDB.CDB32[10] = (req->CDB.CDB32[10] &
1888 				    0x1F) | 0x20;
1889 			}
1890 		}
1891 	}
1892 
1893 	cm->cm_length = csio->dxfer_len;
1894 	if (cm->cm_length != 0) {
1895 		cm->cm_data = ccb;
1896 		cm->cm_flags |= MPS_CM_FLAGS_USE_CCB;
1897 	} else {
1898 		cm->cm_data = NULL;
1899 	}
1900 	cm->cm_sge = &req->SGL;
1901 	cm->cm_sglsize = (32 - 24) * 4;
1902 	cm->cm_desc.SCSIIO.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
1903 	cm->cm_desc.SCSIIO.DevHandle = htole16(targ->handle);
1904 	cm->cm_complete = mpssas_scsiio_complete;
1905 	cm->cm_complete_data = ccb;
1906 	cm->cm_targ = targ;
1907 	cm->cm_lun = csio->ccb_h.target_lun;
1908 	cm->cm_ccb = ccb;
1909 
1910 	/*
1911 	 * If HBA is a WD and the command is not for a retry, try to build a
1912 	 * direct I/O message. If failed, or the command is for a retry, send
1913 	 * the I/O to the IR volume itself.
1914 	 */
1915 	if (sc->WD_valid_config) {
1916 		if (ccb->ccb_h.sim_priv.entries[0].field == MPS_WD_RETRY) {
1917 			mpssas_direct_drive_io(sassc, cm, ccb);
1918 		} else {
1919 			mpssas_set_ccbstatus(ccb, CAM_REQ_INPROG);
1920 		}
1921 	}
1922 
1923 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
1924 	if (csio->bio != NULL)
1925 		biotrack(csio->bio, __func__);
1926 #endif
1927 	csio->ccb_h.qos.sim_data = sbinuptime();
1928 	callout_reset_sbt(&cm->cm_callout, SBT_1MS * ccb->ccb_h.timeout, 0,
1929 	    mpssas_scsiio_timeout, cm, 0);
1930 
1931 	targ->issued++;
1932 	targ->outstanding++;
1933 	TAILQ_INSERT_TAIL(&targ->commands, cm, cm_link);
1934 	ccb->ccb_h.status |= CAM_SIM_QUEUED;
1935 
1936 	mpssas_log_command(cm, MPS_XINFO, "%s cm %p ccb %p outstanding %u\n",
1937 	    __func__, cm, ccb, targ->outstanding);
1938 
1939 	mps_map_command(sc, cm);
1940 	return;
1941 }
1942 
1943 /**
1944  * mps_sc_failed_io_info - translated non-succesfull SCSI_IO request
1945  */
1946 static void
mps_sc_failed_io_info(struct mps_softc * sc,struct ccb_scsiio * csio,Mpi2SCSIIOReply_t * mpi_reply)1947 mps_sc_failed_io_info(struct mps_softc *sc, struct ccb_scsiio *csio,
1948     Mpi2SCSIIOReply_t *mpi_reply)
1949 {
1950 	u32 response_info;
1951 	u8 *response_bytes;
1952 	u16 ioc_status = le16toh(mpi_reply->IOCStatus) &
1953 	    MPI2_IOCSTATUS_MASK;
1954 	u8 scsi_state = mpi_reply->SCSIState;
1955 	u8 scsi_status = mpi_reply->SCSIStatus;
1956 	u32 log_info = le32toh(mpi_reply->IOCLogInfo);
1957 	const char *desc_ioc_state, *desc_scsi_status;
1958 
1959 	if (log_info == 0x31170000)
1960 		return;
1961 
1962 	desc_ioc_state = mps_describe_table(mps_iocstatus_string,
1963 	    ioc_status);
1964 	desc_scsi_status = mps_describe_table(mps_scsi_status_string,
1965 	    scsi_status);
1966 
1967 	mps_dprint(sc, MPS_XINFO, "\thandle(0x%04x), ioc_status(%s)(0x%04x)\n",
1968 	    le16toh(mpi_reply->DevHandle), desc_ioc_state, ioc_status);
1969 
1970 	/*
1971 	 *We can add more detail about underflow data here
1972 	 * TO-DO
1973 	 */
1974 	mps_dprint(sc, MPS_XINFO, "\tscsi_status(%s)(0x%02x), "
1975 	    "scsi_state %b\n", desc_scsi_status, scsi_status,
1976 	    scsi_state, "\20" "\1AutosenseValid" "\2AutosenseFailed"
1977 	    "\3NoScsiStatus" "\4Terminated" "\5Response InfoValid");
1978 
1979 	if (sc->mps_debug & MPS_XINFO &&
1980 		scsi_state & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
1981 		mps_dprint(sc, MPS_XINFO, "-> Sense Buffer Data : Start :\n");
1982 		scsi_sense_print(csio);
1983 		mps_dprint(sc, MPS_XINFO, "-> Sense Buffer Data : End :\n");
1984 	}
1985 
1986 	if (scsi_state & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) {
1987 		response_info = le32toh(mpi_reply->ResponseInfo);
1988 		response_bytes = (u8 *)&response_info;
1989 		mps_dprint(sc, MPS_XINFO, "response code(0x%1x): %s\n",
1990 		    response_bytes[0],
1991 		    mps_describe_table(mps_scsi_taskmgmt_string,
1992 		    response_bytes[0]));
1993 	}
1994 }
1995 
1996 static void
mpssas_scsiio_complete(struct mps_softc * sc,struct mps_command * cm)1997 mpssas_scsiio_complete(struct mps_softc *sc, struct mps_command *cm)
1998 {
1999 	MPI2_SCSI_IO_REPLY *rep;
2000 	union ccb *ccb;
2001 	struct ccb_scsiio *csio;
2002 	struct mpssas_softc *sassc;
2003 	struct scsi_vpd_supported_page_list *vpd_list = NULL;
2004 	u8 *TLR_bits, TLR_on;
2005 	int dir = 0, i;
2006 	u16 alloc_len;
2007 	struct mpssas_target *target;
2008 	target_id_t target_id;
2009 
2010 	MPS_FUNCTRACE(sc);
2011 	mps_dprint(sc, MPS_TRACE,
2012 	    "cm %p SMID %u ccb %p reply %p outstanding %u\n", cm,
2013 	    cm->cm_desc.Default.SMID, cm->cm_ccb, cm->cm_reply,
2014 	    cm->cm_targ->outstanding);
2015 
2016 	callout_stop(&cm->cm_callout);
2017 	mtx_assert(&sc->mps_mtx, MA_OWNED);
2018 
2019 	sassc = sc->sassc;
2020 	ccb = cm->cm_complete_data;
2021 	csio = &ccb->csio;
2022 	target_id = csio->ccb_h.target_id;
2023 	rep = (MPI2_SCSI_IO_REPLY *)cm->cm_reply;
2024 	/*
2025 	 * XXX KDM if the chain allocation fails, does it matter if we do
2026 	 * the sync and unload here?  It is simpler to do it in every case,
2027 	 * assuming it doesn't cause problems.
2028 	 */
2029 	if (cm->cm_data != NULL) {
2030 		if (cm->cm_flags & MPS_CM_FLAGS_DATAIN)
2031 			dir = BUS_DMASYNC_POSTREAD;
2032 		else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT)
2033 			dir = BUS_DMASYNC_POSTWRITE;
2034 		bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir);
2035 		bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
2036 	}
2037 
2038 	cm->cm_targ->completed++;
2039 	cm->cm_targ->outstanding--;
2040 	TAILQ_REMOVE(&cm->cm_targ->commands, cm, cm_link);
2041 	ccb->ccb_h.status &= ~(CAM_STATUS_MASK | CAM_SIM_QUEUED);
2042 
2043 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
2044 	if (ccb->csio.bio != NULL)
2045 		biotrack(ccb->csio.bio, __func__);
2046 #endif
2047 
2048 	if (cm->cm_flags & MPS_CM_FLAGS_ON_RECOVERY) {
2049 		TAILQ_REMOVE(&cm->cm_targ->timedout_commands, cm, cm_recovery);
2050 		KASSERT(cm->cm_state == MPS_CM_STATE_BUSY,
2051 		    ("Not busy for CM_FLAGS_TIMEDOUT: %d\n", cm->cm_state));
2052 		cm->cm_flags &= ~MPS_CM_FLAGS_ON_RECOVERY;
2053 		if (cm->cm_reply != NULL)
2054 			mpssas_log_command(cm, MPS_RECOVERY,
2055 			    "completed timedout cm %p ccb %p during recovery "
2056 			    "ioc %x scsi %x state %x xfer %u\n",
2057 			    cm, cm->cm_ccb, le16toh(rep->IOCStatus),
2058 			    rep->SCSIStatus, rep->SCSIState,
2059 			    le32toh(rep->TransferCount));
2060 		else
2061 			mpssas_log_command(cm, MPS_RECOVERY,
2062 			    "completed timedout cm %p ccb %p during recovery\n",
2063 			    cm, cm->cm_ccb);
2064 	} else if (cm->cm_targ->tm != NULL) {
2065 		if (cm->cm_reply != NULL)
2066 			mpssas_log_command(cm, MPS_RECOVERY,
2067 			    "completed cm %p ccb %p during recovery "
2068 			    "ioc %x scsi %x state %x xfer %u\n",
2069 			    cm, cm->cm_ccb, le16toh(rep->IOCStatus),
2070 			    rep->SCSIStatus, rep->SCSIState,
2071 			    le32toh(rep->TransferCount));
2072 		else
2073 			mpssas_log_command(cm, MPS_RECOVERY,
2074 			    "completed cm %p ccb %p during recovery\n",
2075 			    cm, cm->cm_ccb);
2076 	} else if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) {
2077 		mpssas_log_command(cm, MPS_RECOVERY,
2078 		    "reset completed cm %p ccb %p\n",
2079 		    cm, cm->cm_ccb);
2080 	}
2081 
2082 	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
2083 		/*
2084 		 * We ran into an error after we tried to map the command,
2085 		 * so we're getting a callback without queueing the command
2086 		 * to the hardware.  So we set the status here, and it will
2087 		 * be retained below.  We'll go through the "fast path",
2088 		 * because there can be no reply when we haven't actually
2089 		 * gone out to the hardware.
2090 		 */
2091 		mpssas_set_ccbstatus(ccb, CAM_REQUEUE_REQ);
2092 
2093 		/*
2094 		 * Currently the only error included in the mask is
2095 		 * MPS_CM_FLAGS_CHAIN_FAILED, which means we're out of
2096 		 * chain frames.  We need to freeze the queue until we get
2097 		 * a command that completed without this error, which will
2098 		 * hopefully have some chain frames attached that we can
2099 		 * use.  If we wanted to get smarter about it, we would
2100 		 * only unfreeze the queue in this condition when we're
2101 		 * sure that we're getting some chain frames back.  That's
2102 		 * probably unnecessary.
2103 		 */
2104 		if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
2105 			xpt_freeze_simq(sassc->sim, 1);
2106 			sassc->flags |= MPSSAS_QUEUE_FROZEN;
2107 			mps_dprint(sc, MPS_XINFO, "Error sending command, "
2108 				   "freezing SIM queue\n");
2109 		}
2110 	}
2111 
2112 	/*
2113 	 * If this is a Start Stop Unit command and it was issued by the driver
2114 	 * during shutdown, decrement the refcount to account for all of the
2115 	 * commands that were sent.  All SSU commands should be completed before
2116 	 * shutdown completes, meaning SSU_refcount will be 0 after SSU_started
2117 	 * is TRUE.
2118 	 */
2119 	if (sc->SSU_started && (csio->cdb_io.cdb_bytes[0] == START_STOP_UNIT)) {
2120 		mps_dprint(sc, MPS_INFO, "Decrementing SSU count.\n");
2121 		sc->SSU_refcount--;
2122 	}
2123 
2124 	/* Take the fast path to completion */
2125 	if (cm->cm_reply == NULL) {
2126 		if (mpssas_get_ccbstatus(ccb) == CAM_REQ_INPROG) {
2127 			if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0)
2128 				mpssas_set_ccbstatus(ccb, CAM_SCSI_BUS_RESET);
2129 			else {
2130 				mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
2131 				ccb->csio.scsi_status = SCSI_STATUS_OK;
2132 			}
2133 			if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
2134 				ccb->ccb_h.status |= CAM_RELEASE_SIMQ;
2135 				sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
2136 				mps_dprint(sc, MPS_XINFO,
2137 				    "Unfreezing SIM queue\n");
2138 			}
2139 		}
2140 
2141 		/*
2142 		 * There are two scenarios where the status won't be
2143 		 * CAM_REQ_CMP.  The first is if MPS_CM_FLAGS_ERROR_MASK is
2144 		 * set, the second is in the MPS_FLAGS_DIAGRESET above.
2145 		 */
2146 		if (mpssas_get_ccbstatus(ccb) != CAM_REQ_CMP) {
2147 			/*
2148 			 * Freeze the dev queue so that commands are
2149 			 * executed in the correct order after error
2150 			 * recovery.
2151 			 */
2152 			ccb->ccb_h.status |= CAM_DEV_QFRZN;
2153 			xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1);
2154 		}
2155 		mps_free_command(sc, cm);
2156 		xpt_done(ccb);
2157 		return;
2158 	}
2159 
2160 	mpssas_log_command(cm, MPS_XINFO,
2161 	    "ioc %x scsi %x state %x xfer %u\n",
2162 	    le16toh(rep->IOCStatus), rep->SCSIStatus, rep->SCSIState,
2163 	    le32toh(rep->TransferCount));
2164 
2165 	/*
2166 	 * If this is a Direct Drive I/O, reissue the I/O to the original IR
2167 	 * Volume if an error occurred (normal I/O retry).  Use the original
2168 	 * CCB, but set a flag that this will be a retry so that it's sent to
2169 	 * the original volume.  Free the command but reuse the CCB.
2170 	 */
2171 	if (cm->cm_flags & MPS_CM_FLAGS_DD_IO) {
2172 		mps_free_command(sc, cm);
2173 		ccb->ccb_h.sim_priv.entries[0].field = MPS_WD_RETRY;
2174 		mpssas_action_scsiio(sassc, ccb);
2175 		return;
2176 	} else
2177 		ccb->ccb_h.sim_priv.entries[0].field = 0;
2178 
2179 	switch (le16toh(rep->IOCStatus) & MPI2_IOCSTATUS_MASK) {
2180 	case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN:
2181 		csio->resid = cm->cm_length - le32toh(rep->TransferCount);
2182 		/* FALLTHROUGH */
2183 	case MPI2_IOCSTATUS_SUCCESS:
2184 	case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR:
2185 
2186 		if ((le16toh(rep->IOCStatus) & MPI2_IOCSTATUS_MASK) ==
2187 		    MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR)
2188 			mpssas_log_command(cm, MPS_XINFO, "recovered error\n");
2189 
2190 		/* Completion failed at the transport level. */
2191 		if (rep->SCSIState & (MPI2_SCSI_STATE_NO_SCSI_STATUS |
2192 		    MPI2_SCSI_STATE_TERMINATED)) {
2193 			mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
2194 			break;
2195 		}
2196 
2197 		/* In a modern packetized environment, an autosense failure
2198 		 * implies that there's not much else that can be done to
2199 		 * recover the command.
2200 		 */
2201 		if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_FAILED) {
2202 			mpssas_set_ccbstatus(ccb, CAM_AUTOSENSE_FAIL);
2203 			break;
2204 		}
2205 
2206 		/*
2207 		 * CAM doesn't care about SAS Response Info data, but if this is
2208 		 * the state check if TLR should be done.  If not, clear the
2209 		 * TLR_bits for the target.
2210 		 */
2211 		if ((rep->SCSIState & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) &&
2212 		    ((le32toh(rep->ResponseInfo) &
2213 		    MPI2_SCSI_RI_MASK_REASONCODE) ==
2214 		    MPS_SCSI_RI_INVALID_FRAME)) {
2215 			sc->mapping_table[target_id].TLR_bits =
2216 			    (u8)MPI2_SCSIIO_CONTROL_NO_TLR;
2217 		}
2218 
2219 		/*
2220 		 * Intentionally override the normal SCSI status reporting
2221 		 * for these two cases.  These are likely to happen in a
2222 		 * multi-initiator environment, and we want to make sure that
2223 		 * CAM retries these commands rather than fail them.
2224 		 */
2225 		if ((rep->SCSIStatus == MPI2_SCSI_STATUS_COMMAND_TERMINATED) ||
2226 		    (rep->SCSIStatus == MPI2_SCSI_STATUS_TASK_ABORTED)) {
2227 			mpssas_set_ccbstatus(ccb, CAM_REQ_ABORTED);
2228 			break;
2229 		}
2230 
2231 		/* Handle normal status and sense */
2232 		csio->scsi_status = rep->SCSIStatus;
2233 		if (rep->SCSIStatus == MPI2_SCSI_STATUS_GOOD)
2234 			mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
2235 		else
2236 			mpssas_set_ccbstatus(ccb, CAM_SCSI_STATUS_ERROR);
2237 
2238 		if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
2239 			int sense_len, returned_sense_len;
2240 
2241 			returned_sense_len = min(le32toh(rep->SenseCount),
2242 			    sizeof(struct scsi_sense_data));
2243 			if (returned_sense_len < ccb->csio.sense_len)
2244 				ccb->csio.sense_resid = ccb->csio.sense_len -
2245 					returned_sense_len;
2246 			else
2247 				ccb->csio.sense_resid = 0;
2248 
2249 			sense_len = min(returned_sense_len,
2250 			    ccb->csio.sense_len - ccb->csio.sense_resid);
2251 			bzero(&ccb->csio.sense_data,
2252 			      sizeof(ccb->csio.sense_data));
2253 			bcopy(cm->cm_sense, &ccb->csio.sense_data, sense_len);
2254 			ccb->ccb_h.status |= CAM_AUTOSNS_VALID;
2255 		}
2256 
2257 		/*
2258 		 * Check if this is an INQUIRY command.  If it's a VPD inquiry,
2259 		 * and it's page code 0 (Supported Page List), and there is
2260 		 * inquiry data, and this is for a sequential access device, and
2261 		 * the device is an SSP target, and TLR is supported by the
2262 		 * controller, turn the TLR_bits value ON if page 0x90 is
2263 		 * supported.
2264 		 */
2265 		if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) &&
2266 		    (csio->cdb_io.cdb_bytes[1] & SI_EVPD) &&
2267 		    (csio->cdb_io.cdb_bytes[2] == SVPD_SUPPORTED_PAGE_LIST) &&
2268 		    ((csio->ccb_h.flags & CAM_DATA_MASK) == CAM_DATA_VADDR) &&
2269 		    (csio->data_ptr != NULL) &&
2270 		    ((csio->data_ptr[0] & 0x1f) == T_SEQUENTIAL) &&
2271 		    (sc->control_TLR) &&
2272 		    (sc->mapping_table[target_id].device_info &
2273 		    MPI2_SAS_DEVICE_INFO_SSP_TARGET)) {
2274 			vpd_list = (struct scsi_vpd_supported_page_list *)
2275 			    csio->data_ptr;
2276 			TLR_bits = &sc->mapping_table[target_id].TLR_bits;
2277 			*TLR_bits = (u8)MPI2_SCSIIO_CONTROL_NO_TLR;
2278 			TLR_on = (u8)MPI2_SCSIIO_CONTROL_TLR_ON;
2279 			alloc_len = ((u16)csio->cdb_io.cdb_bytes[3] << 8) +
2280 			    csio->cdb_io.cdb_bytes[4];
2281 			alloc_len -= csio->resid;
2282 			for (i = 0; i < MIN(vpd_list->length, alloc_len); i++) {
2283 				if (vpd_list->list[i] == 0x90) {
2284 					*TLR_bits = TLR_on;
2285 					break;
2286 				}
2287 			}
2288 		}
2289 
2290 		/*
2291 		 * If this is a SATA direct-access end device, mark it so that
2292 		 * a SCSI StartStopUnit command will be sent to it when the
2293 		 * driver is being shutdown.
2294 		 */
2295 		if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) &&
2296 		    ((csio->data_ptr[0] & 0x1f) == T_DIRECT) &&
2297 		    (sc->mapping_table[target_id].device_info &
2298 		    MPI2_SAS_DEVICE_INFO_SATA_DEVICE) &&
2299 		    ((sc->mapping_table[target_id].device_info &
2300 		    MPI2_SAS_DEVICE_INFO_MASK_DEVICE_TYPE) ==
2301 		    MPI2_SAS_DEVICE_INFO_END_DEVICE)) {
2302 			target = &sassc->targets[target_id];
2303 			target->supports_SSU = TRUE;
2304 			mps_dprint(sc, MPS_XINFO, "Target %d supports SSU\n",
2305 			    target_id);
2306 		}
2307 		break;
2308 	case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE:
2309 	case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
2310 		/*
2311 		 * If devinfo is 0 this will be a volume.  In that case don't
2312 		 * tell CAM that the volume is not there.  We want volumes to
2313 		 * be enumerated until they are deleted/removed, not just
2314 		 * failed.
2315 		 */
2316 		if (cm->cm_targ->devinfo == 0)
2317 			mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
2318 		else
2319 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
2320 		break;
2321 	case MPI2_IOCSTATUS_INVALID_SGL:
2322 		mps_print_scsiio_cmd(sc, cm);
2323 		mpssas_set_ccbstatus(ccb, CAM_UNREC_HBA_ERROR);
2324 		break;
2325 	case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED:
2326 		/*
2327 		 * This is one of the responses that comes back when an I/O
2328 		 * has been aborted.  If it is because of a timeout that we
2329 		 * initiated, just set the status to CAM_CMD_TIMEOUT.
2330 		 * Otherwise set it to CAM_REQ_ABORTED.  The effect on the
2331 		 * command is the same (it gets retried, subject to the
2332 		 * retry counter), the only difference is what gets printed
2333 		 * on the console.
2334 		 */
2335 		if (cm->cm_flags & MPS_CM_FLAGS_TIMEDOUT)
2336 			mpssas_set_ccbstatus(ccb, CAM_CMD_TIMEOUT);
2337 		else
2338 			mpssas_set_ccbstatus(ccb, CAM_REQ_ABORTED);
2339 		break;
2340 	case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN:
2341 		/* resid is ignored for this condition */
2342 		csio->resid = 0;
2343 		mpssas_set_ccbstatus(ccb, CAM_DATA_RUN_ERR);
2344 		break;
2345 	case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED:
2346 	case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED:
2347 		/*
2348 		 * These can sometimes be transient transport-related
2349 		 * errors, and sometimes persistent drive-related errors.
2350 		 * We used to retry these without decrementing the retry
2351 		 * count by returning CAM_REQUEUE_REQ.  Unfortunately, if
2352 		 * we hit a persistent drive problem that returns one of
2353 		 * these error codes, we would retry indefinitely.  So,
2354 		 * return CAM_REQ_CMP_ERROR so that we decrement the retry
2355 		 * count and avoid infinite retries.  We're taking the
2356 		 * potential risk of flagging false failures in the event
2357 		 * of a topology-related error (e.g. a SAS expander problem
2358 		 * causes a command addressed to a drive to fail), but
2359 		 * avoiding getting into an infinite retry loop. However,
2360 		 * if we get them while were moving a device, we should
2361 		 * fail the request as 'not there' because the device
2362 		 * is effectively gone.
2363 		 */
2364 		if (cm->cm_targ->flags & MPSSAS_TARGET_INREMOVAL)
2365 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
2366 		else
2367 			mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
2368 		mps_dprint(sc, MPS_INFO,
2369 		    "Controller reported %s tgt %u SMID %u loginfo %x%s\n",
2370 		    mps_describe_table(mps_iocstatus_string,
2371 		    le16toh(rep->IOCStatus) & MPI2_IOCSTATUS_MASK),
2372 		    target_id, cm->cm_desc.Default.SMID,
2373 		    le32toh(rep->IOCLogInfo),
2374 		    (cm->cm_targ->flags & MPSSAS_TARGET_INREMOVAL) ? " departing" : "");
2375 		mps_dprint(sc, MPS_XINFO,
2376 		    "SCSIStatus %x SCSIState %x xfercount %u\n",
2377 		    rep->SCSIStatus, rep->SCSIState,
2378 		    le32toh(rep->TransferCount));
2379 		break;
2380 	case MPI2_IOCSTATUS_INVALID_FUNCTION:
2381 	case MPI2_IOCSTATUS_INTERNAL_ERROR:
2382 	case MPI2_IOCSTATUS_INVALID_VPID:
2383 	case MPI2_IOCSTATUS_INVALID_FIELD:
2384 	case MPI2_IOCSTATUS_INVALID_STATE:
2385 	case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED:
2386 	case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR:
2387 	case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR:
2388 	case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
2389 	case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED:
2390 	default:
2391 		mpssas_log_command(cm, MPS_XINFO,
2392 		    "completed ioc %x loginfo %x scsi %x state %x xfer %u\n",
2393 		    le16toh(rep->IOCStatus), le32toh(rep->IOCLogInfo),
2394 		    rep->SCSIStatus, rep->SCSIState,
2395 		    le32toh(rep->TransferCount));
2396 		csio->resid = cm->cm_length;
2397 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
2398 		break;
2399 	}
2400 
2401 	mps_sc_failed_io_info(sc,csio,rep);
2402 
2403 	if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
2404 		ccb->ccb_h.status |= CAM_RELEASE_SIMQ;
2405 		sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
2406 		mps_dprint(sc, MPS_XINFO, "Command completed, "
2407 		    "unfreezing SIM queue\n");
2408 	}
2409 
2410 	if (mpssas_get_ccbstatus(ccb) != CAM_REQ_CMP) {
2411 		ccb->ccb_h.status |= CAM_DEV_QFRZN;
2412 		xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1);
2413 	}
2414 
2415 	/*
2416 	 * Check to see if we're removing the device. If so, and this is the
2417 	 * last command on the queue, proceed with the deferred removal of the
2418 	 * device.  Note, for removing a volume, this won't trigger because
2419 	 * pending_remove_tm will be NULL.
2420 	 */
2421 	if (cm->cm_targ->flags & MPSSAS_TARGET_INREMOVAL) {
2422 		if (TAILQ_FIRST(&cm->cm_targ->commands) == NULL &&
2423 		    cm->cm_targ->pending_remove_tm != NULL) {
2424 			mps_dprint(sc, MPS_INFO, "Last pending command complete: starting remove_device\n");
2425 			mps_map_command(sc, cm->cm_targ->pending_remove_tm);
2426 			cm->cm_targ->pending_remove_tm = NULL;
2427 		}
2428 	}
2429 
2430 	mps_free_command(sc, cm);
2431 	xpt_done(ccb);
2432 }
2433 
2434 /* All Request reached here are Endian safe */
2435 static void
mpssas_direct_drive_io(struct mpssas_softc * sassc,struct mps_command * cm,union ccb * ccb)2436 mpssas_direct_drive_io(struct mpssas_softc *sassc, struct mps_command *cm,
2437     union ccb *ccb) {
2438 	pMpi2SCSIIORequest_t	pIO_req;
2439 	struct mps_softc	*sc = sassc->sc;
2440 	uint64_t		virtLBA;
2441 	uint32_t		physLBA, stripe_offset, stripe_unit;
2442 	uint32_t		io_size, column;
2443 	uint8_t			*ptrLBA, lba_idx, physLBA_byte, *CDB;
2444 
2445 	/*
2446 	 * If this is a valid SCSI command (Read6, Read10, Read16, Write6,
2447 	 * Write10, or Write16), build a direct I/O message.  Otherwise, the I/O
2448 	 * will be sent to the IR volume itself.  Since Read6 and Write6 are a
2449 	 * bit different than the 10/16 CDBs, handle them separately.
2450 	 */
2451 	pIO_req = (pMpi2SCSIIORequest_t)cm->cm_req;
2452 	CDB = pIO_req->CDB.CDB32;
2453 
2454 	/*
2455 	 * Handle 6 byte CDBs.
2456 	 */
2457 	if ((pIO_req->DevHandle == sc->DD_dev_handle) && ((CDB[0] == READ_6) ||
2458 	    (CDB[0] == WRITE_6))) {
2459 		/*
2460 		 * Get the transfer size in blocks.
2461 		 */
2462 		io_size = (cm->cm_length >> sc->DD_block_exponent);
2463 
2464 		/*
2465 		 * Get virtual LBA given in the CDB.
2466 		 */
2467 		virtLBA = ((uint64_t)(CDB[1] & 0x1F) << 16) |
2468 		    ((uint64_t)CDB[2] << 8) | (uint64_t)CDB[3];
2469 
2470 		/*
2471 		 * Check that LBA range for I/O does not exceed volume's
2472 		 * MaxLBA.
2473 		 */
2474 		if ((virtLBA + (uint64_t)io_size - 1) <=
2475 		    sc->DD_max_lba) {
2476 			/*
2477 			 * Check if the I/O crosses a stripe boundary.  If not,
2478 			 * translate the virtual LBA to a physical LBA and set
2479 			 * the DevHandle for the PhysDisk to be used.  If it
2480 			 * does cross a boundary, do normal I/O.  To get the
2481 			 * right DevHandle to use, get the map number for the
2482 			 * column, then use that map number to look up the
2483 			 * DevHandle of the PhysDisk.
2484 			 */
2485 			stripe_offset = (uint32_t)virtLBA &
2486 			    (sc->DD_stripe_size - 1);
2487 			if ((stripe_offset + io_size) <= sc->DD_stripe_size) {
2488 				physLBA = (uint32_t)virtLBA >>
2489 				    sc->DD_stripe_exponent;
2490 				stripe_unit = physLBA / sc->DD_num_phys_disks;
2491 				column = physLBA % sc->DD_num_phys_disks;
2492 				pIO_req->DevHandle =
2493 				    htole16(sc->DD_column_map[column].dev_handle);
2494 				/* ???? Is this endian safe*/
2495 				cm->cm_desc.SCSIIO.DevHandle =
2496 				    pIO_req->DevHandle;
2497 
2498 				physLBA = (stripe_unit <<
2499 				    sc->DD_stripe_exponent) + stripe_offset;
2500 				ptrLBA = &pIO_req->CDB.CDB32[1];
2501 				physLBA_byte = (uint8_t)(physLBA >> 16);
2502 				*ptrLBA = physLBA_byte;
2503 				ptrLBA = &pIO_req->CDB.CDB32[2];
2504 				physLBA_byte = (uint8_t)(physLBA >> 8);
2505 				*ptrLBA = physLBA_byte;
2506 				ptrLBA = &pIO_req->CDB.CDB32[3];
2507 				physLBA_byte = (uint8_t)physLBA;
2508 				*ptrLBA = physLBA_byte;
2509 
2510 				/*
2511 				 * Set flag that Direct Drive I/O is
2512 				 * being done.
2513 				 */
2514 				cm->cm_flags |= MPS_CM_FLAGS_DD_IO;
2515 			}
2516 		}
2517 		return;
2518 	}
2519 
2520 	/*
2521 	 * Handle 10, 12 or 16 byte CDBs.
2522 	 */
2523 	if ((pIO_req->DevHandle == sc->DD_dev_handle) && ((CDB[0] == READ_10) ||
2524 	    (CDB[0] == WRITE_10) || (CDB[0] == READ_16) ||
2525 	    (CDB[0] == WRITE_16) || (CDB[0] == READ_12) ||
2526 	    (CDB[0] == WRITE_12))) {
2527 		/*
2528 		 * For 16-byte CDB's, verify that the upper 4 bytes of the CDB
2529 		 * are 0.  If not, this is accessing beyond 2TB so handle it in
2530 		 * the else section.  10-byte and 12-byte CDB's are OK.
2531 		 * FreeBSD sends very rare 12 byte READ/WRITE, but driver is
2532 		 * ready to accept 12byte CDB for Direct IOs.
2533 		 */
2534 		if ((CDB[0] == READ_10 || CDB[0] == WRITE_10) ||
2535 		    (CDB[0] == READ_12 || CDB[0] == WRITE_12) ||
2536 		    !(CDB[2] | CDB[3] | CDB[4] | CDB[5])) {
2537 			/*
2538 			 * Get the transfer size in blocks.
2539 			 */
2540 			io_size = (cm->cm_length >> sc->DD_block_exponent);
2541 
2542 			/*
2543 			 * Get virtual LBA.  Point to correct lower 4 bytes of
2544 			 * LBA in the CDB depending on command.
2545 			 */
2546 			lba_idx = ((CDB[0] == READ_12) ||
2547 				(CDB[0] == WRITE_12) ||
2548 				(CDB[0] == READ_10) ||
2549 				(CDB[0] == WRITE_10))? 2 : 6;
2550 			virtLBA = ((uint64_t)CDB[lba_idx] << 24) |
2551 			    ((uint64_t)CDB[lba_idx + 1] << 16) |
2552 			    ((uint64_t)CDB[lba_idx + 2] << 8) |
2553 			    (uint64_t)CDB[lba_idx + 3];
2554 
2555 			/*
2556 			 * Check that LBA range for I/O does not exceed volume's
2557 			 * MaxLBA.
2558 			 */
2559 			if ((virtLBA + (uint64_t)io_size - 1) <=
2560 			    sc->DD_max_lba) {
2561 				/*
2562 				 * Check if the I/O crosses a stripe boundary.
2563 				 * If not, translate the virtual LBA to a
2564 				 * physical LBA and set the DevHandle for the
2565 				 * PhysDisk to be used.  If it does cross a
2566 				 * boundary, do normal I/O.  To get the right
2567 				 * DevHandle to use, get the map number for the
2568 				 * column, then use that map number to look up
2569 				 * the DevHandle of the PhysDisk.
2570 				 */
2571 				stripe_offset = (uint32_t)virtLBA &
2572 				    (sc->DD_stripe_size - 1);
2573 				if ((stripe_offset + io_size) <=
2574 				    sc->DD_stripe_size) {
2575 					physLBA = (uint32_t)virtLBA >>
2576 					    sc->DD_stripe_exponent;
2577 					stripe_unit = physLBA /
2578 					    sc->DD_num_phys_disks;
2579 					column = physLBA %
2580 					    sc->DD_num_phys_disks;
2581 					pIO_req->DevHandle =
2582 					    htole16(sc->DD_column_map[column].
2583 					    dev_handle);
2584 					cm->cm_desc.SCSIIO.DevHandle =
2585 					    pIO_req->DevHandle;
2586 
2587 					physLBA = (stripe_unit <<
2588 					    sc->DD_stripe_exponent) +
2589 					    stripe_offset;
2590 					ptrLBA =
2591 					    &pIO_req->CDB.CDB32[lba_idx];
2592 					physLBA_byte = (uint8_t)(physLBA >> 24);
2593 					*ptrLBA = physLBA_byte;
2594 					ptrLBA =
2595 					    &pIO_req->CDB.CDB32[lba_idx + 1];
2596 					physLBA_byte = (uint8_t)(physLBA >> 16);
2597 					*ptrLBA = physLBA_byte;
2598 					ptrLBA =
2599 					    &pIO_req->CDB.CDB32[lba_idx + 2];
2600 					physLBA_byte = (uint8_t)(physLBA >> 8);
2601 					*ptrLBA = physLBA_byte;
2602 					ptrLBA =
2603 					    &pIO_req->CDB.CDB32[lba_idx + 3];
2604 					physLBA_byte = (uint8_t)physLBA;
2605 					*ptrLBA = physLBA_byte;
2606 
2607 					/*
2608 					 * Set flag that Direct Drive I/O is
2609 					 * being done.
2610 					 */
2611 					cm->cm_flags |= MPS_CM_FLAGS_DD_IO;
2612 				}
2613 			}
2614 		} else {
2615 			/*
2616 			 * 16-byte CDB and the upper 4 bytes of the CDB are not
2617 			 * 0.  Get the transfer size in blocks.
2618 			 */
2619 			io_size = (cm->cm_length >> sc->DD_block_exponent);
2620 
2621 			/*
2622 			 * Get virtual LBA.
2623 			 */
2624 			virtLBA = ((uint64_t)CDB[2] << 54) |
2625 			    ((uint64_t)CDB[3] << 48) |
2626 			    ((uint64_t)CDB[4] << 40) |
2627 			    ((uint64_t)CDB[5] << 32) |
2628 			    ((uint64_t)CDB[6] << 24) |
2629 			    ((uint64_t)CDB[7] << 16) |
2630 			    ((uint64_t)CDB[8] << 8) |
2631 			    (uint64_t)CDB[9];
2632 
2633 			/*
2634 			 * Check that LBA range for I/O does not exceed volume's
2635 			 * MaxLBA.
2636 			 */
2637 			if ((virtLBA + (uint64_t)io_size - 1) <=
2638 			    sc->DD_max_lba) {
2639 				/*
2640 				 * Check if the I/O crosses a stripe boundary.
2641 				 * If not, translate the virtual LBA to a
2642 				 * physical LBA and set the DevHandle for the
2643 				 * PhysDisk to be used.  If it does cross a
2644 				 * boundary, do normal I/O.  To get the right
2645 				 * DevHandle to use, get the map number for the
2646 				 * column, then use that map number to look up
2647 				 * the DevHandle of the PhysDisk.
2648 				 */
2649 				stripe_offset = (uint32_t)virtLBA &
2650 				    (sc->DD_stripe_size - 1);
2651 				if ((stripe_offset + io_size) <=
2652 				    sc->DD_stripe_size) {
2653 					physLBA = (uint32_t)(virtLBA >>
2654 					    sc->DD_stripe_exponent);
2655 					stripe_unit = physLBA /
2656 					    sc->DD_num_phys_disks;
2657 					column = physLBA %
2658 					    sc->DD_num_phys_disks;
2659 					pIO_req->DevHandle =
2660 					    htole16(sc->DD_column_map[column].
2661 					    dev_handle);
2662 					cm->cm_desc.SCSIIO.DevHandle =
2663 					    pIO_req->DevHandle;
2664 
2665 					physLBA = (stripe_unit <<
2666 					    sc->DD_stripe_exponent) +
2667 					    stripe_offset;
2668 
2669 					/*
2670 					 * Set upper 4 bytes of LBA to 0.  We
2671 					 * assume that the phys disks are less
2672 					 * than 2 TB's in size.  Then, set the
2673 					 * lower 4 bytes.
2674 					 */
2675 					pIO_req->CDB.CDB32[2] = 0;
2676 					pIO_req->CDB.CDB32[3] = 0;
2677 					pIO_req->CDB.CDB32[4] = 0;
2678 					pIO_req->CDB.CDB32[5] = 0;
2679 					ptrLBA = &pIO_req->CDB.CDB32[6];
2680 					physLBA_byte = (uint8_t)(physLBA >> 24);
2681 					*ptrLBA = physLBA_byte;
2682 					ptrLBA = &pIO_req->CDB.CDB32[7];
2683 					physLBA_byte = (uint8_t)(physLBA >> 16);
2684 					*ptrLBA = physLBA_byte;
2685 					ptrLBA = &pIO_req->CDB.CDB32[8];
2686 					physLBA_byte = (uint8_t)(physLBA >> 8);
2687 					*ptrLBA = physLBA_byte;
2688 					ptrLBA = &pIO_req->CDB.CDB32[9];
2689 					physLBA_byte = (uint8_t)physLBA;
2690 					*ptrLBA = physLBA_byte;
2691 
2692 					/*
2693 					 * Set flag that Direct Drive I/O is
2694 					 * being done.
2695 					 */
2696 					cm->cm_flags |= MPS_CM_FLAGS_DD_IO;
2697 				}
2698 			}
2699 		}
2700 	}
2701 }
2702 
2703 #if __FreeBSD_version >= 900026
2704 static void
mpssas_smpio_complete(struct mps_softc * sc,struct mps_command * cm)2705 mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm)
2706 {
2707 	MPI2_SMP_PASSTHROUGH_REPLY *rpl;
2708 	MPI2_SMP_PASSTHROUGH_REQUEST *req;
2709 	uint64_t sasaddr;
2710 	union ccb *ccb;
2711 
2712 	ccb = cm->cm_complete_data;
2713 
2714 	/*
2715 	 * Currently there should be no way we can hit this case.  It only
2716 	 * happens when we have a failure to allocate chain frames, and SMP
2717 	 * commands require two S/G elements only.  That should be handled
2718 	 * in the standard request size.
2719 	 */
2720 	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
2721 		mps_dprint(sc, MPS_ERROR,"%s: cm_flags = %#x on SMP request!\n",
2722 			   __func__, cm->cm_flags);
2723 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
2724 		goto bailout;
2725         }
2726 
2727 	rpl = (MPI2_SMP_PASSTHROUGH_REPLY *)cm->cm_reply;
2728 	if (rpl == NULL) {
2729 		mps_dprint(sc, MPS_ERROR, "%s: NULL cm_reply!\n", __func__);
2730 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
2731 		goto bailout;
2732 	}
2733 
2734 	req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
2735 	sasaddr = le32toh(req->SASAddress.Low);
2736 	sasaddr |= ((uint64_t)(le32toh(req->SASAddress.High))) << 32;
2737 
2738 	if ((le16toh(rpl->IOCStatus) & MPI2_IOCSTATUS_MASK) !=
2739 	    MPI2_IOCSTATUS_SUCCESS ||
2740 	    rpl->SASStatus != MPI2_SASSTATUS_SUCCESS) {
2741 		mps_dprint(sc, MPS_XINFO, "%s: IOCStatus %04x SASStatus %02x\n",
2742 		    __func__, le16toh(rpl->IOCStatus), rpl->SASStatus);
2743 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
2744 		goto bailout;
2745 	}
2746 
2747 	mps_dprint(sc, MPS_XINFO, "%s: SMP request to SAS address "
2748 		   "%#jx completed successfully\n", __func__,
2749 		   (uintmax_t)sasaddr);
2750 
2751 	if (ccb->smpio.smp_response[2] == SMP_FR_ACCEPTED)
2752 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
2753 	else
2754 		mpssas_set_ccbstatus(ccb, CAM_SMP_STATUS_ERROR);
2755 
2756 bailout:
2757 	/*
2758 	 * We sync in both directions because we had DMAs in the S/G list
2759 	 * in both directions.
2760 	 */
2761 	bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap,
2762 			BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
2763 	bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
2764 	mps_free_command(sc, cm);
2765 	xpt_done(ccb);
2766 }
2767 
2768 static void
mpssas_send_smpcmd(struct mpssas_softc * sassc,union ccb * ccb,uint64_t sasaddr)2769 mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, uint64_t sasaddr)
2770 {
2771 	struct mps_command *cm;
2772 	uint8_t *request, *response;
2773 	MPI2_SMP_PASSTHROUGH_REQUEST *req;
2774 	struct mps_softc *sc;
2775 	int error;
2776 
2777 	sc = sassc->sc;
2778 	error = 0;
2779 
2780 	/*
2781 	 * XXX We don't yet support physical addresses here.
2782 	 */
2783 	switch ((ccb->ccb_h.flags & CAM_DATA_MASK)) {
2784 	case CAM_DATA_PADDR:
2785 	case CAM_DATA_SG_PADDR:
2786 		mps_dprint(sc, MPS_ERROR,
2787 			   "%s: physical addresses not supported\n", __func__);
2788 		mpssas_set_ccbstatus(ccb, CAM_REQ_INVALID);
2789 		xpt_done(ccb);
2790 		return;
2791 	case CAM_DATA_SG:
2792 		/*
2793 		 * The chip does not support more than one buffer for the
2794 		 * request or response.
2795 		 */
2796 	 	if ((ccb->smpio.smp_request_sglist_cnt > 1)
2797 		  || (ccb->smpio.smp_response_sglist_cnt > 1)) {
2798 			mps_dprint(sc, MPS_ERROR,
2799 				   "%s: multiple request or response "
2800 				   "buffer segments not supported for SMP\n",
2801 				   __func__);
2802 			mpssas_set_ccbstatus(ccb, CAM_REQ_INVALID);
2803 			xpt_done(ccb);
2804 			return;
2805 		}
2806 
2807 		/*
2808 		 * The CAM_SCATTER_VALID flag was originally implemented
2809 		 * for the XPT_SCSI_IO CCB, which only has one data pointer.
2810 		 * We have two.  So, just take that flag to mean that we
2811 		 * might have S/G lists, and look at the S/G segment count
2812 		 * to figure out whether that is the case for each individual
2813 		 * buffer.
2814 		 */
2815 		if (ccb->smpio.smp_request_sglist_cnt != 0) {
2816 			bus_dma_segment_t *req_sg;
2817 
2818 			req_sg = (bus_dma_segment_t *)ccb->smpio.smp_request;
2819 			request = (uint8_t *)(uintptr_t)req_sg[0].ds_addr;
2820 		} else
2821 			request = ccb->smpio.smp_request;
2822 
2823 		if (ccb->smpio.smp_response_sglist_cnt != 0) {
2824 			bus_dma_segment_t *rsp_sg;
2825 
2826 			rsp_sg = (bus_dma_segment_t *)ccb->smpio.smp_response;
2827 			response = (uint8_t *)(uintptr_t)rsp_sg[0].ds_addr;
2828 		} else
2829 			response = ccb->smpio.smp_response;
2830 		break;
2831 	case CAM_DATA_VADDR:
2832 		request = ccb->smpio.smp_request;
2833 		response = ccb->smpio.smp_response;
2834 		break;
2835 	default:
2836 		mpssas_set_ccbstatus(ccb, CAM_REQ_INVALID);
2837 		xpt_done(ccb);
2838 		return;
2839 	}
2840 
2841 	cm = mps_alloc_command(sc);
2842 	if (cm == NULL) {
2843 		mps_dprint(sc, MPS_ERROR,
2844 		    "%s: cannot allocate command\n", __func__);
2845 		mpssas_set_ccbstatus(ccb, CAM_RESRC_UNAVAIL);
2846 		xpt_done(ccb);
2847 		return;
2848 	}
2849 
2850 	req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
2851 	bzero(req, sizeof(*req));
2852 	req->Function = MPI2_FUNCTION_SMP_PASSTHROUGH;
2853 
2854 	/* Allow the chip to use any route to this SAS address. */
2855 	req->PhysicalPort = 0xff;
2856 
2857 	req->RequestDataLength = htole16(ccb->smpio.smp_request_len);
2858 	req->SGLFlags =
2859 	    MPI2_SGLFLAGS_SYSTEM_ADDRESS_SPACE | MPI2_SGLFLAGS_SGL_TYPE_MPI;
2860 
2861 	mps_dprint(sc, MPS_XINFO, "%s: sending SMP request to SAS "
2862 	    "address %#jx\n", __func__, (uintmax_t)sasaddr);
2863 
2864 	mpi_init_sge(cm, req, &req->SGL);
2865 
2866 	/*
2867 	 * Set up a uio to pass into mps_map_command().  This allows us to
2868 	 * do one map command, and one busdma call in there.
2869 	 */
2870 	cm->cm_uio.uio_iov = cm->cm_iovec;
2871 	cm->cm_uio.uio_iovcnt = 2;
2872 	cm->cm_uio.uio_segflg = UIO_SYSSPACE;
2873 
2874 	/*
2875 	 * The read/write flag isn't used by busdma, but set it just in
2876 	 * case.  This isn't exactly accurate, either, since we're going in
2877 	 * both directions.
2878 	 */
2879 	cm->cm_uio.uio_rw = UIO_WRITE;
2880 
2881 	cm->cm_iovec[0].iov_base = request;
2882 	cm->cm_iovec[0].iov_len = le16toh(req->RequestDataLength);
2883 	cm->cm_iovec[1].iov_base = response;
2884 	cm->cm_iovec[1].iov_len = ccb->smpio.smp_response_len;
2885 
2886 	cm->cm_uio.uio_resid = cm->cm_iovec[0].iov_len +
2887 			       cm->cm_iovec[1].iov_len;
2888 
2889 	/*
2890 	 * Trigger a warning message in mps_data_cb() for the user if we
2891 	 * wind up exceeding two S/G segments.  The chip expects one
2892 	 * segment for the request and another for the response.
2893 	 */
2894 	cm->cm_max_segs = 2;
2895 
2896 	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
2897 	cm->cm_complete = mpssas_smpio_complete;
2898 	cm->cm_complete_data = ccb;
2899 
2900 	/*
2901 	 * Tell the mapping code that we're using a uio, and that this is
2902 	 * an SMP passthrough request.  There is a little special-case
2903 	 * logic there (in mps_data_cb()) to handle the bidirectional
2904 	 * transfer.
2905 	 */
2906 	cm->cm_flags |= MPS_CM_FLAGS_USE_UIO | MPS_CM_FLAGS_SMP_PASS |
2907 			MPS_CM_FLAGS_DATAIN | MPS_CM_FLAGS_DATAOUT;
2908 
2909 	/* The chip data format is little endian. */
2910 	req->SASAddress.High = htole32(sasaddr >> 32);
2911 	req->SASAddress.Low = htole32(sasaddr);
2912 
2913 	/*
2914 	 * XXX Note that we don't have a timeout/abort mechanism here.
2915 	 * From the manual, it looks like task management requests only
2916 	 * work for SCSI IO and SATA passthrough requests.  We may need to
2917 	 * have a mechanism to retry requests in the event of a chip reset
2918 	 * at least.  Hopefully the chip will insure that any errors short
2919 	 * of that are relayed back to the driver.
2920 	 */
2921 	error = mps_map_command(sc, cm);
2922 	if ((error != 0) && (error != EINPROGRESS)) {
2923 		mps_dprint(sc, MPS_ERROR,
2924 			   "%s: error %d returned from mps_map_command()\n",
2925 			   __func__, error);
2926 		goto bailout_error;
2927 	}
2928 
2929 	return;
2930 
2931 bailout_error:
2932 	mps_free_command(sc, cm);
2933 	mpssas_set_ccbstatus(ccb, CAM_RESRC_UNAVAIL);
2934 	xpt_done(ccb);
2935 	return;
2936 
2937 }
2938 
2939 static void
mpssas_action_smpio(struct mpssas_softc * sassc,union ccb * ccb)2940 mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb)
2941 {
2942 	struct mps_softc *sc;
2943 	struct mpssas_target *targ;
2944 	uint64_t sasaddr = 0;
2945 
2946 	sc = sassc->sc;
2947 
2948 	/*
2949 	 * Make sure the target exists.
2950 	 */
2951 	KASSERT(ccb->ccb_h.target_id < sassc->maxtargets,
2952 	    ("Target %d out of bounds in XPT_SMP_IO\n", ccb->ccb_h.target_id));
2953 	targ = &sassc->targets[ccb->ccb_h.target_id];
2954 	if (targ->handle == 0x0) {
2955 		mps_dprint(sc, MPS_ERROR,
2956 			   "%s: target %d does not exist!\n", __func__,
2957 			   ccb->ccb_h.target_id);
2958 		mpssas_set_ccbstatus(ccb, CAM_SEL_TIMEOUT);
2959 		xpt_done(ccb);
2960 		return;
2961 	}
2962 
2963 	/*
2964 	 * If this device has an embedded SMP target, we'll talk to it
2965 	 * directly.
2966 	 * figure out what the expander's address is.
2967 	 */
2968 	if ((targ->devinfo & MPI2_SAS_DEVICE_INFO_SMP_TARGET) != 0)
2969 		sasaddr = targ->sasaddr;
2970 
2971 	/*
2972 	 * If we don't have a SAS address for the expander yet, try
2973 	 * grabbing it from the page 0x83 information cached in the
2974 	 * transport layer for this target.  LSI expanders report the
2975 	 * expander SAS address as the port-associated SAS address in
2976 	 * Inquiry VPD page 0x83.  Maxim expanders don't report it in page
2977 	 * 0x83.
2978 	 *
2979 	 * XXX KDM disable this for now, but leave it commented out so that
2980 	 * it is obvious that this is another possible way to get the SAS
2981 	 * address.
2982 	 *
2983 	 * The parent handle method below is a little more reliable, and
2984 	 * the other benefit is that it works for devices other than SES
2985 	 * devices.  So you can send a SMP request to a da(4) device and it
2986 	 * will get routed to the expander that device is attached to.
2987 	 * (Assuming the da(4) device doesn't contain an SMP target...)
2988 	 */
2989 #if 0
2990 	if (sasaddr == 0)
2991 		sasaddr = xpt_path_sas_addr(ccb->ccb_h.path);
2992 #endif
2993 
2994 	/*
2995 	 * If we still don't have a SAS address for the expander, look for
2996 	 * the parent device of this device, which is probably the expander.
2997 	 */
2998 	if (sasaddr == 0) {
2999 #ifdef OLD_MPS_PROBE
3000 		struct mpssas_target *parent_target;
3001 #endif
3002 
3003 		if (targ->parent_handle == 0x0) {
3004 			mps_dprint(sc, MPS_ERROR,
3005 				   "%s: handle %d does not have a valid "
3006 				   "parent handle!\n", __func__, targ->handle);
3007 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
3008 			goto bailout;
3009 		}
3010 #ifdef OLD_MPS_PROBE
3011 		parent_target = mpssas_find_target_by_handle(sassc, 0,
3012 			targ->parent_handle);
3013 
3014 		if (parent_target == NULL) {
3015 			mps_dprint(sc, MPS_ERROR,
3016 				   "%s: handle %d does not have a valid "
3017 				   "parent target!\n", __func__, targ->handle);
3018 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
3019 			goto bailout;
3020 		}
3021 
3022 		if ((parent_target->devinfo &
3023 		     MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) {
3024 			mps_dprint(sc, MPS_ERROR,
3025 				   "%s: handle %d parent %d does not "
3026 				   "have an SMP target!\n", __func__,
3027 				   targ->handle, parent_target->handle);
3028 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
3029 			goto bailout;
3030 
3031 		}
3032 
3033 		sasaddr = parent_target->sasaddr;
3034 #else /* OLD_MPS_PROBE */
3035 		if ((targ->parent_devinfo &
3036 		     MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) {
3037 			mps_dprint(sc, MPS_ERROR,
3038 				   "%s: handle %d parent %d does not "
3039 				   "have an SMP target!\n", __func__,
3040 				   targ->handle, targ->parent_handle);
3041 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
3042 			goto bailout;
3043 
3044 		}
3045 		if (targ->parent_sasaddr == 0x0) {
3046 			mps_dprint(sc, MPS_ERROR,
3047 				   "%s: handle %d parent handle %d does "
3048 				   "not have a valid SAS address!\n",
3049 				   __func__, targ->handle, targ->parent_handle);
3050 			mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
3051 			goto bailout;
3052 		}
3053 
3054 		sasaddr = targ->parent_sasaddr;
3055 #endif /* OLD_MPS_PROBE */
3056 
3057 	}
3058 
3059 	if (sasaddr == 0) {
3060 		mps_dprint(sc, MPS_INFO,
3061 			   "%s: unable to find SAS address for handle %d\n",
3062 			   __func__, targ->handle);
3063 		mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE);
3064 		goto bailout;
3065 	}
3066 	mpssas_send_smpcmd(sassc, ccb, sasaddr);
3067 
3068 	return;
3069 
3070 bailout:
3071 	xpt_done(ccb);
3072 
3073 }
3074 #endif //__FreeBSD_version >= 900026
3075 
3076 static void
mpssas_action_resetdev(struct mpssas_softc * sassc,union ccb * ccb)3077 mpssas_action_resetdev(struct mpssas_softc *sassc, union ccb *ccb)
3078 {
3079 	MPI2_SCSI_TASK_MANAGE_REQUEST *req;
3080 	struct mps_softc *sc;
3081 	struct mps_command *tm;
3082 	struct mpssas_target *targ;
3083 
3084 	MPS_FUNCTRACE(sassc->sc);
3085 	mtx_assert(&sassc->sc->mps_mtx, MA_OWNED);
3086 
3087 	KASSERT(ccb->ccb_h.target_id < sassc->maxtargets,
3088 	    ("Target %d out of bounds in XPT_RESET_DEV\n",
3089 	     ccb->ccb_h.target_id));
3090 	sc = sassc->sc;
3091 	tm = mpssas_alloc_tm(sc);
3092 	if (tm == NULL) {
3093 		mps_dprint(sc, MPS_ERROR,
3094 		    "command alloc failure in mpssas_action_resetdev\n");
3095 		mpssas_set_ccbstatus(ccb, CAM_RESRC_UNAVAIL);
3096 		xpt_done(ccb);
3097 		return;
3098 	}
3099 
3100 	targ = &sassc->targets[ccb->ccb_h.target_id];
3101 	req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
3102 	req->DevHandle = htole16(targ->handle);
3103 	req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
3104 
3105 	/* SAS Hard Link Reset / SATA Link Reset */
3106 	req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
3107 
3108 	tm->cm_data = NULL;
3109 	tm->cm_complete = mpssas_resetdev_complete;
3110 	tm->cm_complete_data = ccb;
3111 	tm->cm_targ = targ;
3112 
3113 	mpssas_prepare_for_tm(sc, tm, targ, CAM_LUN_WILDCARD);
3114 	mps_map_command(sc, tm);
3115 }
3116 
3117 static void
mpssas_resetdev_complete(struct mps_softc * sc,struct mps_command * tm)3118 mpssas_resetdev_complete(struct mps_softc *sc, struct mps_command *tm)
3119 {
3120 	MPI2_SCSI_TASK_MANAGE_REPLY *resp;
3121 	union ccb *ccb;
3122 
3123 	MPS_FUNCTRACE(sc);
3124 	mtx_assert(&sc->mps_mtx, MA_OWNED);
3125 
3126 	resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply;
3127 	ccb = tm->cm_complete_data;
3128 
3129 	/*
3130 	 * Currently there should be no way we can hit this case.  It only
3131 	 * happens when we have a failure to allocate chain frames, and
3132 	 * task management commands don't have S/G lists.
3133 	 */
3134 	if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
3135 		MPI2_SCSI_TASK_MANAGE_REQUEST *req;
3136 
3137 		req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req;
3138 
3139 		mps_dprint(sc, MPS_ERROR,
3140 			   "%s: cm_flags = %#x for reset of handle %#04x! "
3141 			   "This should not happen!\n", __func__, tm->cm_flags,
3142 			   req->DevHandle);
3143 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
3144 		goto bailout;
3145 	}
3146 
3147 	mps_dprint(sc, MPS_XINFO,
3148 	    "%s: IOCStatus = 0x%x ResponseCode = 0x%x\n", __func__,
3149 	    le16toh(resp->IOCStatus), le32toh(resp->ResponseCode));
3150 
3151 	if (le32toh(resp->ResponseCode) == MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) {
3152 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP);
3153 		mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid,
3154 		    CAM_LUN_WILDCARD);
3155 	}
3156 	else
3157 		mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR);
3158 
3159 bailout:
3160 
3161 	mpssas_free_tm(sc, tm);
3162 	xpt_done(ccb);
3163 }
3164 
3165 static void
mpssas_poll(struct cam_sim * sim)3166 mpssas_poll(struct cam_sim *sim)
3167 {
3168 	struct mpssas_softc *sassc;
3169 
3170 	sassc = cam_sim_softc(sim);
3171 
3172 	if (sassc->sc->mps_debug & MPS_TRACE) {
3173 		/* frequent debug messages during a panic just slow
3174 		 * everything down too much.
3175 		 */
3176 		mps_printf(sassc->sc, "%s clearing MPS_TRACE\n", __func__);
3177 		sassc->sc->mps_debug &= ~MPS_TRACE;
3178 	}
3179 
3180 	mps_intr_locked(sassc->sc);
3181 }
3182 
3183 static void
mpssas_async(void * callback_arg,uint32_t code,struct cam_path * path,void * arg)3184 mpssas_async(void *callback_arg, uint32_t code, struct cam_path *path,
3185 	     void *arg)
3186 {
3187 	struct mps_softc *sc;
3188 
3189 	sc = (struct mps_softc *)callback_arg;
3190 
3191 	switch (code) {
3192 #if (__FreeBSD_version >= 1000006) || \
3193     ((__FreeBSD_version >= 901503) && (__FreeBSD_version < 1000000))
3194 	case AC_ADVINFO_CHANGED: {
3195 		struct mpssas_target *target;
3196 		struct mpssas_softc *sassc;
3197 		struct scsi_read_capacity_data_long rcap_buf;
3198 		struct ccb_dev_advinfo cdai;
3199 		struct mpssas_lun *lun;
3200 		lun_id_t lunid;
3201 		int found_lun;
3202 		uintptr_t buftype;
3203 
3204 		buftype = (uintptr_t)arg;
3205 
3206 		found_lun = 0;
3207 		sassc = sc->sassc;
3208 
3209 		/*
3210 		 * We're only interested in read capacity data changes.
3211 		 */
3212 		if (buftype != CDAI_TYPE_RCAPLONG)
3213 			break;
3214 
3215 		/*
3216 		 * We should have a handle for this, but check to make sure.
3217 		 */
3218 		KASSERT(xpt_path_target_id(path) < sassc->maxtargets,
3219 		    ("Target %d out of bounds in mpssas_async\n",
3220 		    xpt_path_target_id(path)));
3221 		target = &sassc->targets[xpt_path_target_id(path)];
3222 		if (target->handle == 0)
3223 			break;
3224 
3225 		lunid = xpt_path_lun_id(path);
3226 
3227 		SLIST_FOREACH(lun, &target->luns, lun_link) {
3228 			if (lun->lun_id == lunid) {
3229 				found_lun = 1;
3230 				break;
3231 			}
3232 		}
3233 
3234 		if (found_lun == 0) {
3235 			lun = malloc(sizeof(struct mpssas_lun), M_MPT2,
3236 				     M_NOWAIT | M_ZERO);
3237 			if (lun == NULL) {
3238 				mps_dprint(sc, MPS_ERROR, "Unable to alloc "
3239 					   "LUN for EEDP support.\n");
3240 				break;
3241 			}
3242 			lun->lun_id = lunid;
3243 			SLIST_INSERT_HEAD(&target->luns, lun, lun_link);
3244 		}
3245 
3246 		bzero(&rcap_buf, sizeof(rcap_buf));
3247 		bzero(&cdai, sizeof(cdai));
3248 		xpt_setup_ccb(&cdai.ccb_h, path, CAM_PRIORITY_NORMAL);
3249 		cdai.ccb_h.func_code = XPT_DEV_ADVINFO;
3250 		cdai.ccb_h.flags = CAM_DIR_IN;
3251 		cdai.buftype = CDAI_TYPE_RCAPLONG;
3252 #if (__FreeBSD_version >= 1100061) || \
3253     ((__FreeBSD_version >= 1001510) && (__FreeBSD_version < 1100000))
3254 		cdai.flags = CDAI_FLAG_NONE;
3255 #else
3256 		cdai.flags = 0;
3257 #endif
3258 		cdai.bufsiz = sizeof(rcap_buf);
3259 		cdai.buf = (uint8_t *)&rcap_buf;
3260 		xpt_action((union ccb *)&cdai);
3261 		if ((cdai.ccb_h.status & CAM_DEV_QFRZN) != 0)
3262 			cam_release_devq(cdai.ccb_h.path,
3263 					 0, 0, 0, FALSE);
3264 
3265 		if ((mpssas_get_ccbstatus((union ccb *)&cdai) == CAM_REQ_CMP)
3266 		 && (rcap_buf.prot & SRC16_PROT_EN)) {
3267 			switch (rcap_buf.prot & SRC16_P_TYPE) {
3268 			case SRC16_PTYPE_1:
3269 			case SRC16_PTYPE_3:
3270 				lun->eedp_formatted = TRUE;
3271 				lun->eedp_block_size =
3272 				    scsi_4btoul(rcap_buf.length);
3273 				break;
3274 			case SRC16_PTYPE_2:
3275 			default:
3276 				lun->eedp_formatted = FALSE;
3277 				lun->eedp_block_size = 0;
3278 				break;
3279 			}
3280 		} else {
3281 			lun->eedp_formatted = FALSE;
3282 			lun->eedp_block_size = 0;
3283 		}
3284 		break;
3285 	}
3286 #else
3287 	case AC_FOUND_DEVICE: {
3288 		struct ccb_getdev *cgd;
3289 
3290 		cgd = arg;
3291 		mpssas_check_eedp(sc, path, cgd);
3292 		break;
3293 	}
3294 #endif
3295 	default:
3296 		break;
3297 	}
3298 }
3299 
3300 #if (__FreeBSD_version < 901503) || \
3301     ((__FreeBSD_version >= 1000000) && (__FreeBSD_version < 1000006))
3302 static void
mpssas_check_eedp(struct mps_softc * sc,struct cam_path * path,struct ccb_getdev * cgd)3303 mpssas_check_eedp(struct mps_softc *sc, struct cam_path *path,
3304 		  struct ccb_getdev *cgd)
3305 {
3306 	struct mpssas_softc *sassc = sc->sassc;
3307 	struct ccb_scsiio *csio;
3308 	struct scsi_read_capacity_16 *scsi_cmd;
3309 	struct scsi_read_capacity_eedp *rcap_buf;
3310 	path_id_t pathid;
3311 	target_id_t targetid;
3312 	lun_id_t lunid;
3313 	union ccb *ccb;
3314 	struct cam_path *local_path;
3315 	struct mpssas_target *target;
3316 	struct mpssas_lun *lun;
3317 	uint8_t	found_lun;
3318 	char path_str[64];
3319 
3320 	sassc = sc->sassc;
3321 	pathid = cam_sim_path(sassc->sim);
3322 	targetid = xpt_path_target_id(path);
3323 	lunid = xpt_path_lun_id(path);
3324 
3325 	KASSERT(targetid < sassc->maxtargets,
3326 	    ("Target %d out of bounds in mpssas_check_eedp\n",
3327 	     targetid));
3328 	target = &sassc->targets[targetid];
3329 	if (target->handle == 0x0)
3330 		return;
3331 
3332 	/*
3333 	 * Determine if the device is EEDP capable.
3334 	 *
3335 	 * If this flag is set in the inquiry data,
3336 	 * the device supports protection information,
3337 	 * and must support the 16 byte read
3338 	 * capacity command, otherwise continue without
3339 	 * sending read cap 16
3340 	 */
3341 	if ((cgd->inq_data.spc3_flags & SPC3_SID_PROTECT) == 0)
3342 		return;
3343 
3344 	/*
3345 	 * Issue a READ CAPACITY 16 command.  This info
3346 	 * is used to determine if the LUN is formatted
3347 	 * for EEDP support.
3348 	 */
3349 	ccb = xpt_alloc_ccb_nowait();
3350 	if (ccb == NULL) {
3351 		mps_dprint(sc, MPS_ERROR, "Unable to alloc CCB "
3352 		    "for EEDP support.\n");
3353 		return;
3354 	}
3355 
3356 	if (xpt_create_path(&local_path, xpt_periph,
3357 	    pathid, targetid, lunid) != CAM_REQ_CMP) {
3358 		mps_dprint(sc, MPS_ERROR, "Unable to create "
3359 		    "path for EEDP support\n");
3360 		xpt_free_ccb(ccb);
3361 		return;
3362 	}
3363 
3364 	/*
3365 	 * If LUN is already in list, don't create a new
3366 	 * one.
3367 	 */
3368 	found_lun = FALSE;
3369 	SLIST_FOREACH(lun, &target->luns, lun_link) {
3370 		if (lun->lun_id == lunid) {
3371 			found_lun = TRUE;
3372 			break;
3373 		}
3374 	}
3375 	if (!found_lun) {
3376 		lun = malloc(sizeof(struct mpssas_lun), M_MPT2,
3377 		    M_NOWAIT | M_ZERO);
3378 		if (lun == NULL) {
3379 			mps_dprint(sc, MPS_ERROR,
3380 			    "Unable to alloc LUN for EEDP support.\n");
3381 			xpt_free_path(local_path);
3382 			xpt_free_ccb(ccb);
3383 			return;
3384 		}
3385 		lun->lun_id = lunid;
3386 		SLIST_INSERT_HEAD(&target->luns, lun,
3387 		    lun_link);
3388 	}
3389 
3390 	xpt_path_string(local_path, path_str, sizeof(path_str));
3391 
3392 	mps_dprint(sc, MPS_INFO, "Sending read cap: path %s handle %d\n",
3393 	    path_str, target->handle);
3394 
3395 	/*
3396 	 * Issue a READ CAPACITY 16 command for the LUN.
3397 	 * The mpssas_read_cap_done function will load
3398 	 * the read cap info into the LUN struct.
3399 	 */
3400 	rcap_buf = malloc(sizeof(struct scsi_read_capacity_eedp),
3401 	    M_MPT2, M_NOWAIT | M_ZERO);
3402 	if (rcap_buf == NULL) {
3403 		mps_dprint(sc, MPS_FAULT,
3404 		    "Unable to alloc read capacity buffer for EEDP support.\n");
3405 		xpt_free_path(ccb->ccb_h.path);
3406 		xpt_free_ccb(ccb);
3407 		return;
3408 	}
3409 	xpt_setup_ccb(&ccb->ccb_h, local_path, CAM_PRIORITY_XPT);
3410 	csio = &ccb->csio;
3411 	csio->ccb_h.func_code = XPT_SCSI_IO;
3412 	csio->ccb_h.flags = CAM_DIR_IN;
3413 	csio->ccb_h.retry_count = 4;
3414 	csio->ccb_h.cbfcnp = mpssas_read_cap_done;
3415 	csio->ccb_h.timeout = 60000;
3416 	csio->data_ptr = (uint8_t *)rcap_buf;
3417 	csio->dxfer_len = sizeof(struct scsi_read_capacity_eedp);
3418 	csio->sense_len = MPS_SENSE_LEN;
3419 	csio->cdb_len = sizeof(*scsi_cmd);
3420 	csio->tag_action = MSG_SIMPLE_Q_TAG;
3421 
3422 	scsi_cmd = (struct scsi_read_capacity_16 *)&csio->cdb_io.cdb_bytes;
3423 	bzero(scsi_cmd, sizeof(*scsi_cmd));
3424 	scsi_cmd->opcode = 0x9E;
3425 	scsi_cmd->service_action = SRC16_SERVICE_ACTION;
3426 	((uint8_t *)scsi_cmd)[13] = sizeof(struct scsi_read_capacity_eedp);
3427 
3428 	ccb->ccb_h.ppriv_ptr1 = sassc;
3429 	xpt_action(ccb);
3430 }
3431 
3432 static void
mpssas_read_cap_done(struct cam_periph * periph,union ccb * done_ccb)3433 mpssas_read_cap_done(struct cam_periph *periph, union ccb *done_ccb)
3434 {
3435 	struct mpssas_softc *sassc;
3436 	struct mpssas_target *target;
3437 	struct mpssas_lun *lun;
3438 	struct scsi_read_capacity_eedp *rcap_buf;
3439 
3440 	if (done_ccb == NULL)
3441 		return;
3442 
3443 	/* Driver need to release devq, it Scsi command is
3444 	 * generated by driver internally.
3445 	 * Currently there is a single place where driver
3446 	 * calls scsi command internally. In future if driver
3447 	 * calls more scsi command internally, it needs to release
3448 	 * devq internally, since those command will not go back to
3449 	 * cam_periph.
3450 	 */
3451 	if ((done_ccb->ccb_h.status & CAM_DEV_QFRZN) ) {
3452         	done_ccb->ccb_h.status &= ~CAM_DEV_QFRZN;
3453 		xpt_release_devq(done_ccb->ccb_h.path,
3454 			       	/*count*/ 1, /*run_queue*/TRUE);
3455 	}
3456 
3457 	rcap_buf = (struct scsi_read_capacity_eedp *)done_ccb->csio.data_ptr;
3458 
3459 	/*
3460 	 * Get the LUN ID for the path and look it up in the LUN list for the
3461 	 * target.
3462 	 */
3463 	sassc = (struct mpssas_softc *)done_ccb->ccb_h.ppriv_ptr1;
3464 	KASSERT(done_ccb->ccb_h.target_id < sassc->maxtargets,
3465 	    ("Target %d out of bounds in mpssas_read_cap_done\n",
3466 	     done_ccb->ccb_h.target_id));
3467 	target = &sassc->targets[done_ccb->ccb_h.target_id];
3468 	SLIST_FOREACH(lun, &target->luns, lun_link) {
3469 		if (lun->lun_id != done_ccb->ccb_h.target_lun)
3470 			continue;
3471 
3472 		/*
3473 		 * Got the LUN in the target's LUN list.  Fill it in
3474 		 * with EEDP info.  If the READ CAP 16 command had some
3475 		 * SCSI error (common if command is not supported), mark
3476 		 * the lun as not supporting EEDP and set the block size
3477 		 * to 0.
3478 		 */
3479 		if ((mpssas_get_ccbstatus(done_ccb) != CAM_REQ_CMP)
3480 		 || (done_ccb->csio.scsi_status != SCSI_STATUS_OK)) {
3481 			lun->eedp_formatted = FALSE;
3482 			lun->eedp_block_size = 0;
3483 			break;
3484 		}
3485 
3486 		if (rcap_buf->protect & 0x01) {
3487 			mps_dprint(sassc->sc, MPS_INFO, "LUN %d for "
3488  			    "target ID %d is formatted for EEDP "
3489  			    "support.\n", done_ccb->ccb_h.target_lun,
3490  			    done_ccb->ccb_h.target_id);
3491 			lun->eedp_formatted = TRUE;
3492 			lun->eedp_block_size = scsi_4btoul(rcap_buf->length);
3493 		}
3494 		break;
3495 	}
3496 
3497 	// Finished with this CCB and path.
3498 	free(rcap_buf, M_MPT2);
3499 	xpt_free_path(done_ccb->ccb_h.path);
3500 	xpt_free_ccb(done_ccb);
3501 }
3502 #endif /* (__FreeBSD_version < 901503) || \
3503           ((__FreeBSD_version >= 1000000) && (__FreeBSD_version < 1000006)) */
3504 
3505 /*
3506  * Set the INRESET flag for this target so that no I/O will be sent to
3507  * the target until the reset has completed.  If an I/O request does
3508  * happen, the devq will be frozen.  The CCB holds the path which is
3509  * used to release the devq.  The devq is released and the CCB is freed
3510  * when the TM completes.
3511  */
3512 void
mpssas_prepare_for_tm(struct mps_softc * sc,struct mps_command * tm,struct mpssas_target * target,lun_id_t lun_id)3513 mpssas_prepare_for_tm(struct mps_softc *sc, struct mps_command *tm,
3514     struct mpssas_target *target, lun_id_t lun_id)
3515 {
3516 	union ccb *ccb;
3517 	path_id_t path_id;
3518 
3519 	ccb = xpt_alloc_ccb_nowait();
3520 	if (ccb) {
3521 		path_id = cam_sim_path(sc->sassc->sim);
3522 		if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, path_id,
3523 		    target->tid, lun_id) != CAM_REQ_CMP) {
3524 			xpt_free_ccb(ccb);
3525 		} else {
3526 			tm->cm_ccb = ccb;
3527 			tm->cm_targ = target;
3528 			target->flags |= MPSSAS_TARGET_INRESET;
3529 		}
3530 	}
3531 }
3532 
3533 int
mpssas_startup(struct mps_softc * sc)3534 mpssas_startup(struct mps_softc *sc)
3535 {
3536 
3537 	/*
3538 	 * Send the port enable message and set the wait_for_port_enable flag.
3539 	 * This flag helps to keep the simq frozen until all discovery events
3540 	 * are processed.
3541 	 */
3542 	sc->wait_for_port_enable = 1;
3543 	mpssas_send_portenable(sc);
3544 	return (0);
3545 }
3546 
3547 static int
mpssas_send_portenable(struct mps_softc * sc)3548 mpssas_send_portenable(struct mps_softc *sc)
3549 {
3550 	MPI2_PORT_ENABLE_REQUEST *request;
3551 	struct mps_command *cm;
3552 
3553 	MPS_FUNCTRACE(sc);
3554 
3555 	if ((cm = mps_alloc_command(sc)) == NULL)
3556 		return (EBUSY);
3557 	request = (MPI2_PORT_ENABLE_REQUEST *)cm->cm_req;
3558 	request->Function = MPI2_FUNCTION_PORT_ENABLE;
3559 	request->MsgFlags = 0;
3560 	request->VP_ID = 0;
3561 	cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
3562 	cm->cm_complete = mpssas_portenable_complete;
3563 	cm->cm_data = NULL;
3564 	cm->cm_sge = NULL;
3565 
3566 	mps_map_command(sc, cm);
3567 	mps_dprint(sc, MPS_XINFO,
3568 	    "mps_send_portenable finished cm %p req %p complete %p\n",
3569 	    cm, cm->cm_req, cm->cm_complete);
3570 	return (0);
3571 }
3572 
3573 static void
mpssas_portenable_complete(struct mps_softc * sc,struct mps_command * cm)3574 mpssas_portenable_complete(struct mps_softc *sc, struct mps_command *cm)
3575 {
3576 	MPI2_PORT_ENABLE_REPLY *reply;
3577 	struct mpssas_softc *sassc;
3578 
3579 	MPS_FUNCTRACE(sc);
3580 	sassc = sc->sassc;
3581 
3582 	/*
3583 	 * Currently there should be no way we can hit this case.  It only
3584 	 * happens when we have a failure to allocate chain frames, and
3585 	 * port enable commands don't have S/G lists.
3586 	 */
3587 	if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) {
3588 		mps_dprint(sc, MPS_ERROR, "%s: cm_flags = %#x for port enable! "
3589 			   "This should not happen!\n", __func__, cm->cm_flags);
3590 	}
3591 
3592 	reply = (MPI2_PORT_ENABLE_REPLY *)cm->cm_reply;
3593 	if (reply == NULL)
3594 		mps_dprint(sc, MPS_FAULT, "Portenable NULL reply\n");
3595 	else if (le16toh(reply->IOCStatus & MPI2_IOCSTATUS_MASK) !=
3596 	    MPI2_IOCSTATUS_SUCCESS)
3597 		mps_dprint(sc, MPS_FAULT, "Portenable failed\n");
3598 
3599 	mps_free_command(sc, cm);
3600 
3601 	/*
3602 	 * Get WarpDrive info after discovery is complete but before the scan
3603 	 * starts.  At this point, all devices are ready to be exposed to the
3604 	 * OS.  If devices should be hidden instead, take them out of the
3605 	 * 'targets' array before the scan.  The devinfo for a disk will have
3606 	 * some info and a volume's will be 0.  Use that to remove disks.
3607 	 */
3608 	mps_wd_config_pages(sc);
3609 
3610 	/*
3611 	 * Done waiting for port enable to complete.  Decrement the refcount.
3612 	 * If refcount is 0, discovery is complete and a rescan of the bus can
3613 	 * take place.  Since the simq was explicitly frozen before port
3614 	 * enable, it must be explicitly released here to keep the
3615 	 * freeze/release count in sync.
3616 	 */
3617 	sc->wait_for_port_enable = 0;
3618 	sc->port_enable_complete = 1;
3619 	wakeup(&sc->port_enable_complete);
3620 	mpssas_startup_decrement(sassc);
3621 }
3622 
3623 int
mpssas_check_id(struct mpssas_softc * sassc,int id)3624 mpssas_check_id(struct mpssas_softc *sassc, int id)
3625 {
3626 	struct mps_softc *sc = sassc->sc;
3627 	char *ids;
3628 	char *name;
3629 
3630 	ids = &sc->exclude_ids[0];
3631 	while((name = strsep(&ids, ",")) != NULL) {
3632 		if (name[0] == '\0')
3633 			continue;
3634 		if (strtol(name, NULL, 0) == (long)id)
3635 			return (1);
3636 	}
3637 
3638 	return (0);
3639 }
3640 
3641 void
mpssas_realloc_targets(struct mps_softc * sc,int maxtargets)3642 mpssas_realloc_targets(struct mps_softc *sc, int maxtargets)
3643 {
3644 	struct mpssas_softc *sassc;
3645 	struct mpssas_lun *lun, *lun_tmp;
3646 	struct mpssas_target *targ;
3647 	int i;
3648 
3649 	sassc = sc->sassc;
3650 	/*
3651 	 * The number of targets is based on IOC Facts, so free all of
3652 	 * the allocated LUNs for each target and then the target buffer
3653 	 * itself.
3654 	 */
3655 	for (i=0; i< maxtargets; i++) {
3656 		targ = &sassc->targets[i];
3657 		SLIST_FOREACH_SAFE(lun, &targ->luns, lun_link, lun_tmp) {
3658 			free(lun, M_MPT2);
3659 		}
3660 	}
3661 	free(sassc->targets, M_MPT2);
3662 
3663 	sassc->targets = malloc(sizeof(struct mpssas_target) * maxtargets,
3664 	    M_MPT2, M_WAITOK|M_ZERO);
3665 }
3666