/* * CDDL HEADER START * * The contents of this file are subject to the terms of the * Common Development and Distribution License, Version 1.0 only * (the "License"). You may not use this file except in compliance * with the License. * * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE * or http://www.opensolaris.org/os/licensing. * See the License for the specific language governing permissions * and limitations under the License. * * When distributing Covered Code, include this CDDL HEADER in each * file and include the License file at usr/src/OPENSOLARIS.LICENSE. * If applicable, add the following below this CDDL HEADER, with the * fields enclosed by brackets "[]" replaced with your own identifying * information: Portions Copyright [yyyy] [name of copyright owner] * * CDDL HEADER END */ /* * Copyright 2005 Sun Microsystems, Inc. All rights reserved. * Use is subject to license terms. */ #pragma ident "%Z%%M% %I% %E% SMI" #include <sys/types.h> #include <sys/sysmacros.h> #include <sys/buf.h> #include <sys/errno.h> #include <sys/modctl.h> #include <sys/conf.h> #include <sys/stat.h> #include <sys/kmem.h> #include <sys/proc.h> #include <sys/cpuvar.h> #include <sys/ddi_impldefs.h> #include <sys/ddi.h> #include <sys/sunddi.h> #include <sys/sunndi.h> #include <sys/debug.h> #include <sys/bofi.h> #include <sys/dvma.h> #include <sys/bofi_impl.h> /* * Testing the resilience of a hardened device driver requires a suitably wide * range of different types of "typical" hardware faults to be injected, * preferably in a controlled and repeatable fashion. This is not in general * possible via hardware, so the "fault injection test harness" is provided. * This works by intercepting calls from the driver to various DDI routines, * and then corrupting the result of those DDI routine calls as if the * hardware had caused the corruption. * * Conceptually, the bofi driver consists of two parts: * * A driver interface that supports a number of ioctls which allow error * definitions ("errdefs") to be defined and subsequently managed. The * driver is a clone driver, so each open will create a separate * invocation. Any errdefs created by using ioctls to that invocation * will automatically be deleted when that invocation is closed. * * Intercept routines: When the bofi driver is attached, it edits the * bus_ops structure of the bus nexus specified by the "bofi-nexus" * field in the "bofi.conf" file, thus allowing the * bofi driver to intercept various ddi functions. These intercept * routines primarily carry out fault injections based on the errdefs * created for that device. * * Faults can be injected into: * * DMA (corrupting data for DMA to/from memory areas defined by * ddi_dma_setup(), ddi_dma_bind_handle(), etc) * * Physical IO (corrupting data sent/received via ddi_get8(), ddi_put8(), * etc), * * Interrupts (generating spurious interrupts, losing interrupts, * delaying interrupts). * * By default, ddi routines called from all drivers will be intercepted * and faults potentially injected. However, the "bofi-to-test" field in * the "bofi.conf" file can be set to a space-separated list of drivers to * test (or by preceding each driver name in the list with an "!", a list * of drivers not to test). * * In addition to fault injection, the bofi driver does a number of static * checks which are controlled by properties in the "bofi.conf" file. * * "bofi-ddi-check" - if set will validate that there are no PIO access * other than those using the DDI routines (ddi_get8(), ddi_put8(), etc). * * "bofi-range-check" - if set to values 1 (warning) or 2 (panic), will * validate that calls to ddi_get8(), ddi_put8(), etc are not made * specifying addresses outside the range of the access_handle. * * "bofi-sync-check" - if set will validate that calls to ddi_dma_sync() * are being made correctly. */ extern void *bp_mapin_common(struct buf *, int); static int bofi_ddi_check; static int bofi_sync_check; static int bofi_range_check; static struct bofi_link bofi_link_array[BOFI_NLINKS], *bofi_link_freelist; #define LLSZMASK (sizeof (uint64_t)-1) #define HDL_HASH_TBL_SIZE 64 static struct bofi_shadow hhash_table[HDL_HASH_TBL_SIZE]; static struct bofi_shadow dhash_table[HDL_HASH_TBL_SIZE]; #define HDL_DHASH(x) \ (&dhash_table[((uintptr_t)(x) >> 3) & (HDL_HASH_TBL_SIZE-1)]) #define HDL_HHASH(x) \ (&hhash_table[((uintptr_t)(x) >> 5) & (HDL_HASH_TBL_SIZE-1)]) static struct bofi_shadow shadow_list; static struct bofi_errent *errent_listp; static char driver_list[NAMESIZE]; static int driver_list_size; static int driver_list_neg; static char nexus_name[NAMESIZE]; static int initialized = 0; #define NCLONES 256 static int clone_tab[NCLONES]; static dev_info_t *our_dip; static kmutex_t bofi_mutex; static kmutex_t clone_tab_mutex; static kmutex_t bofi_low_mutex; static ddi_iblock_cookie_t bofi_low_cookie; static uint_t bofi_signal(caddr_t arg); static int bofi_getinfo(dev_info_t *, ddi_info_cmd_t, void *, void **); static int bofi_attach(dev_info_t *, ddi_attach_cmd_t); static int bofi_detach(dev_info_t *, ddi_detach_cmd_t); static int bofi_open(dev_t *, int, int, cred_t *); static int bofi_close(dev_t, int, int, cred_t *); static int bofi_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); static int bofi_errdef_alloc(struct bofi_errdef *, char *, struct bofi_errent *); static int bofi_errdef_free(struct bofi_errent *); static void bofi_start(struct bofi_errctl *, char *); static void bofi_stop(struct bofi_errctl *, char *); static void bofi_broadcast(struct bofi_errctl *, char *); static void bofi_clear_acc_chk(struct bofi_errctl *, char *); static void bofi_clear_errors(struct bofi_errctl *, char *); static void bofi_clear_errdefs(struct bofi_errctl *, char *); static int bofi_errdef_check(struct bofi_errstate *, struct acc_log_elem **); static int bofi_errdef_check_w(struct bofi_errstate *, struct acc_log_elem **); static int bofi_map(dev_info_t *, dev_info_t *, ddi_map_req_t *, off_t, off_t, caddr_t *); static int bofi_dma_map(dev_info_t *, dev_info_t *, struct ddi_dma_req *, ddi_dma_handle_t *); static int bofi_dma_allochdl(dev_info_t *, dev_info_t *, ddi_dma_attr_t *, int (*)(caddr_t), caddr_t, ddi_dma_handle_t *); static int bofi_dma_freehdl(dev_info_t *, dev_info_t *, ddi_dma_handle_t); static int bofi_dma_bindhdl(dev_info_t *, dev_info_t *, ddi_dma_handle_t, struct ddi_dma_req *, ddi_dma_cookie_t *, uint_t *); static int bofi_dma_unbindhdl(dev_info_t *, dev_info_t *, ddi_dma_handle_t); static int bofi_dma_flush(dev_info_t *, dev_info_t *, ddi_dma_handle_t, off_t, size_t, uint_t); static int bofi_dma_ctl(dev_info_t *, dev_info_t *, ddi_dma_handle_t, enum ddi_dma_ctlops, off_t *, size_t *, caddr_t *, uint_t); static int bofi_dma_win(dev_info_t *, dev_info_t *, ddi_dma_handle_t, uint_t, off_t *, size_t *, ddi_dma_cookie_t *, uint_t *); static int bofi_intr_ops(dev_info_t *dip, dev_info_t *rdip, ddi_intr_op_t intr_op, ddi_intr_handle_impl_t *hdlp, void *result); #if defined(__sparc) static void bofi_dvma_kaddr_load(ddi_dma_handle_t, caddr_t, uint_t, uint_t, ddi_dma_cookie_t *); static void bofi_dvma_unload(ddi_dma_handle_t, uint_t, uint_t); static void bofi_dvma_sync(ddi_dma_handle_t, uint_t, uint_t); static void bofi_dvma_reserve(dev_info_t *, ddi_dma_handle_t); #endif static int driver_under_test(dev_info_t *); static int bofi_check_acc_hdl(ddi_acc_impl_t *); static int bofi_check_dma_hdl(ddi_dma_impl_t *); static int bofi_post_event(dev_info_t *dip, dev_info_t *rdip, ddi_eventcookie_t eventhdl, void *impl_data); static struct bus_ops bofi_bus_ops = { BUSO_REV, bofi_map, NULL, NULL, NULL, i_ddi_map_fault, bofi_dma_map, bofi_dma_allochdl, bofi_dma_freehdl, bofi_dma_bindhdl, bofi_dma_unbindhdl, bofi_dma_flush, bofi_dma_win, bofi_dma_ctl, NULL, ddi_bus_prop_op, ndi_busop_get_eventcookie, ndi_busop_add_eventcall, ndi_busop_remove_eventcall, bofi_post_event, NULL, 0, 0, 0, 0, 0, 0, 0, bofi_intr_ops }; static struct cb_ops bofi_cb_ops = { bofi_open, /* open */ bofi_close, /* close */ nodev, /* strategy */ nodev, /* print */ nodev, /* dump */ nodev, /* read */ nodev, /* write */ bofi_ioctl, /* ioctl */ nodev, /* devmap */ nodev, /* mmap */ nodev, /* segmap */ nochpoll, /* chpoll */ ddi_prop_op, /* prop_op */ NULL, /* for STREAMS drivers */ D_MP, /* driver compatibility flag */ CB_REV, /* cb_ops revision */ nodev, /* aread */ nodev /* awrite */ }; static struct dev_ops bofi_ops = { DEVO_REV, /* driver build version */ 0, /* device reference count */ bofi_getinfo, nulldev, nulldev, /* probe */ bofi_attach, bofi_detach, nulldev, /* reset */ &bofi_cb_ops, (struct bus_ops *)NULL, nulldev /* power */ }; /* module configuration stuff */ static void *statep; static struct modldrv modldrv = { &mod_driverops, "bofi driver %I%", &bofi_ops }; static struct modlinkage modlinkage = { MODREV_1, &modldrv, 0 }; static struct bus_ops save_bus_ops; #if defined(__sparc) static struct dvma_ops bofi_dvma_ops = { DVMAO_REV, bofi_dvma_kaddr_load, bofi_dvma_unload, bofi_dvma_sync }; #endif /* * support routine - map user page into kernel virtual */ static caddr_t dmareq_mapin(offset_t len, caddr_t addr, struct as *as, int flag) { struct buf buf; struct proc proc; /* * mock up a buf structure so we can call bp_mapin_common() */ buf.b_flags = B_PHYS; buf.b_un.b_addr = (caddr_t)addr; buf.b_bcount = (size_t)len; proc.p_as = as; buf.b_proc = &proc; return (bp_mapin_common(&buf, flag)); } /* * support routine - map page chain into kernel virtual */ static caddr_t dmareq_pp_mapin(offset_t len, uint_t offset, page_t *pp, int flag) { struct buf buf; /* * mock up a buf structure so we can call bp_mapin_common() */ buf.b_flags = B_PAGEIO; buf.b_un.b_addr = (caddr_t)(uintptr_t)offset; buf.b_bcount = (size_t)len; buf.b_pages = pp; return (bp_mapin_common(&buf, flag)); } /* * support routine - map page array into kernel virtual */ static caddr_t dmareq_pplist_mapin(uint_t len, caddr_t addr, page_t **pplist, struct as *as, int flag) { struct buf buf; struct proc proc; /* * mock up a buf structure so we can call bp_mapin_common() */ buf.b_flags = B_PHYS|B_SHADOW; buf.b_un.b_addr = addr; buf.b_bcount = len; buf.b_shadow = pplist; proc.p_as = as; buf.b_proc = &proc; return (bp_mapin_common(&buf, flag)); } /* * support routine - map dmareq into kernel virtual if not already * fills in *lenp with length * *mapaddr will be new kernel virtual address - or null if no mapping needed */ static caddr_t ddi_dmareq_mapin(struct ddi_dma_req *dmareqp, caddr_t *mapaddrp, offset_t *lenp) { int sleep = (dmareqp->dmar_fp == DDI_DMA_SLEEP) ? VM_SLEEP: VM_NOSLEEP; *lenp = dmareqp->dmar_object.dmao_size; if (dmareqp->dmar_object.dmao_type == DMA_OTYP_PAGES) { *mapaddrp = dmareq_pp_mapin(dmareqp->dmar_object.dmao_size, dmareqp->dmar_object.dmao_obj.pp_obj.pp_offset, dmareqp->dmar_object.dmao_obj.pp_obj.pp_pp, sleep); return (*mapaddrp); } else if (dmareqp->dmar_object.dmao_obj.virt_obj.v_priv != NULL) { *mapaddrp = dmareq_pplist_mapin(dmareqp->dmar_object.dmao_size, dmareqp->dmar_object.dmao_obj.virt_obj.v_addr, dmareqp->dmar_object.dmao_obj.virt_obj.v_priv, dmareqp->dmar_object.dmao_obj.virt_obj.v_as, sleep); return (*mapaddrp); } else if (dmareqp->dmar_object.dmao_obj.virt_obj.v_as == &kas) { *mapaddrp = NULL; return (dmareqp->dmar_object.dmao_obj.virt_obj.v_addr); } else if (dmareqp->dmar_object.dmao_obj.virt_obj.v_as == NULL) { *mapaddrp = NULL; return (dmareqp->dmar_object.dmao_obj.virt_obj.v_addr); } else { *mapaddrp = dmareq_mapin(dmareqp->dmar_object.dmao_size, dmareqp->dmar_object.dmao_obj.virt_obj.v_addr, dmareqp->dmar_object.dmao_obj.virt_obj.v_as, sleep); return (*mapaddrp); } } /* * support routine - free off kernel virtual mapping as allocated by * ddi_dmareq_mapin() */ static void ddi_dmareq_mapout(caddr_t addr, offset_t len) { struct buf buf; if (addr == NULL) return; /* * mock up a buf structure */ buf.b_flags = B_REMAPPED; buf.b_un.b_addr = addr; buf.b_bcount = (size_t)len; bp_mapout(&buf); } static time_t bofi_gettime() { timestruc_t ts; gethrestime(&ts); return (ts.tv_sec); } /* * reset the bus_ops structure of the specified nexus to point to * the original values in the save_bus_ops structure. * * Note that both this routine and modify_bus_ops() rely on the current * behavior of the framework in that nexus drivers are not unloadable * */ static int reset_bus_ops(char *name, struct bus_ops *bop) { struct modctl *modp; struct modldrv *mp; struct bus_ops *bp; struct dev_ops *ops; mutex_enter(&mod_lock); /* * find specified module */ modp = &modules; do { if (strcmp(name, modp->mod_modname) == 0) { if (!modp->mod_linkage) { mutex_exit(&mod_lock); return (0); } mp = modp->mod_linkage->ml_linkage[0]; if (!mp || !mp->drv_dev_ops) { mutex_exit(&mod_lock); return (0); } ops = mp->drv_dev_ops; bp = ops->devo_bus_ops; if (!bp) { mutex_exit(&mod_lock); return (0); } if (ops->devo_refcnt > 0) { /* * As long as devices are active with modified * bus ops bofi must not go away. There may be * drivers with modified access or dma handles. */ mutex_exit(&mod_lock); return (0); } cmn_err(CE_NOTE, "bofi reset bus_ops for %s", mp->drv_linkinfo); bp->bus_intr_op = bop->bus_intr_op; bp->bus_post_event = bop->bus_post_event; bp->bus_map = bop->bus_map; bp->bus_dma_map = bop->bus_dma_map; bp->bus_dma_allochdl = bop->bus_dma_allochdl; bp->bus_dma_freehdl = bop->bus_dma_freehdl; bp->bus_dma_bindhdl = bop->bus_dma_bindhdl; bp->bus_dma_unbindhdl = bop->bus_dma_unbindhdl; bp->bus_dma_flush = bop->bus_dma_flush; bp->bus_dma_win = bop->bus_dma_win; bp->bus_dma_ctl = bop->bus_dma_ctl; mutex_exit(&mod_lock); return (1); } } while ((modp = modp->mod_next) != &modules); mutex_exit(&mod_lock); return (0); } /* * modify the bus_ops structure of the specified nexus to point to bofi * routines, saving the original values in the save_bus_ops structure */ static int modify_bus_ops(char *name, struct bus_ops *bop) { struct modctl *modp; struct modldrv *mp; struct bus_ops *bp; struct dev_ops *ops; if (ddi_name_to_major(name) == -1) return (0); mutex_enter(&mod_lock); /* * find specified module */ modp = &modules; do { if (strcmp(name, modp->mod_modname) == 0) { if (!modp->mod_linkage) { mutex_exit(&mod_lock); return (0); } mp = modp->mod_linkage->ml_linkage[0]; if (!mp || !mp->drv_dev_ops) { mutex_exit(&mod_lock); return (0); } ops = mp->drv_dev_ops; bp = ops->devo_bus_ops; if (!bp) { mutex_exit(&mod_lock); return (0); } if (ops->devo_refcnt == 0) { /* * If there is no device active for this * module then there is nothing to do for bofi. */ mutex_exit(&mod_lock); return (0); } cmn_err(CE_NOTE, "bofi modify bus_ops for %s", mp->drv_linkinfo); save_bus_ops = *bp; bp->bus_intr_op = bop->bus_intr_op; bp->bus_post_event = bop->bus_post_event; bp->bus_map = bop->bus_map; bp->bus_dma_map = bop->bus_dma_map; bp->bus_dma_allochdl = bop->bus_dma_allochdl; bp->bus_dma_freehdl = bop->bus_dma_freehdl; bp->bus_dma_bindhdl = bop->bus_dma_bindhdl; bp->bus_dma_unbindhdl = bop->bus_dma_unbindhdl; bp->bus_dma_flush = bop->bus_dma_flush; bp->bus_dma_win = bop->bus_dma_win; bp->bus_dma_ctl = bop->bus_dma_ctl; mutex_exit(&mod_lock); return (1); } } while ((modp = modp->mod_next) != &modules); mutex_exit(&mod_lock); return (0); } int _init(void) { int e; e = ddi_soft_state_init(&statep, sizeof (struct bofi_errent), 1); if (e != 0) return (e); if ((e = mod_install(&modlinkage)) != 0) ddi_soft_state_fini(&statep); return (e); } int _fini(void) { int e; if ((e = mod_remove(&modlinkage)) != 0) return (e); ddi_soft_state_fini(&statep); return (e); } int _info(struct modinfo *modinfop) { return (mod_info(&modlinkage, modinfop)); } static int bofi_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) { char *name; char buf[80]; int i; int s, ss; int size = NAMESIZE; int new_string; char *ptr; if (cmd != DDI_ATTACH) return (DDI_FAILURE); /* * only one instance - but we clone using the open routine */ if (ddi_get_instance(dip) > 0) return (DDI_FAILURE); if (!initialized) { if ((name = ddi_get_name(dip)) == NULL) return (DDI_FAILURE); (void) snprintf(buf, sizeof (buf), "%s,ctl", name); if (ddi_create_minor_node(dip, buf, S_IFCHR, 0, DDI_PSEUDO, NULL) == DDI_FAILURE) return (DDI_FAILURE); if (ddi_get_soft_iblock_cookie(dip, DDI_SOFTINT_MED, &bofi_low_cookie) != DDI_SUCCESS) { ddi_remove_minor_node(dip, buf); return (DDI_FAILURE); /* fail attach */ } /* * get nexus name (from conf file) */ if (ddi_prop_op(DDI_DEV_T_ANY, dip, PROP_LEN_AND_VAL_BUF, 0, "bofi-nexus", nexus_name, &size) != DDI_PROP_SUCCESS) { ddi_remove_minor_node(dip, buf); return (DDI_FAILURE); } /* * get whether to do dma map kmem private checking */ if ((bofi_range_check = ddi_prop_lookup_string(DDI_DEV_T_ANY, dip, 0, "bofi-range-check", &ptr)) != DDI_PROP_SUCCESS) bofi_range_check = 0; else if (strcmp(ptr, "panic") == 0) bofi_range_check = 2; else if (strcmp(ptr, "warn") == 0) bofi_range_check = 1; else bofi_range_check = 0; ddi_prop_free(ptr); /* * get whether to prevent direct access to register */ if ((bofi_ddi_check = ddi_prop_lookup_string(DDI_DEV_T_ANY, dip, 0, "bofi-ddi-check", &ptr)) != DDI_PROP_SUCCESS) bofi_ddi_check = 0; else if (strcmp(ptr, "on") == 0) bofi_ddi_check = 1; else bofi_ddi_check = 0; ddi_prop_free(ptr); /* * get whether to do copy on ddi_dma_sync */ if ((bofi_sync_check = ddi_prop_lookup_string(DDI_DEV_T_ANY, dip, 0, "bofi-sync-check", &ptr)) != DDI_PROP_SUCCESS) bofi_sync_check = 0; else if (strcmp(ptr, "on") == 0) bofi_sync_check = 1; else bofi_sync_check = 0; ddi_prop_free(ptr); /* * get driver-under-test names (from conf file) */ size = NAMESIZE; if (ddi_prop_op(DDI_DEV_T_ANY, dip, PROP_LEN_AND_VAL_BUF, 0, "bofi-to-test", driver_list, &size) != DDI_PROP_SUCCESS) driver_list[0] = 0; /* * and convert into a sequence of strings */ driver_list_neg = 1; new_string = 1; driver_list_size = strlen(driver_list); for (i = 0; i < driver_list_size; i++) { if (driver_list[i] == ' ') { driver_list[i] = '\0'; new_string = 1; } else if (new_string) { if (driver_list[i] != '!') driver_list_neg = 0; new_string = 0; } } /* * initialize mutex, lists */ mutex_init(&clone_tab_mutex, NULL, MUTEX_DRIVER, NULL); /* * fake up iblock cookie - need to protect outselves * against drivers that use hilevel interrupts */ ss = spl8(); s = spl8(); splx(ss); mutex_init(&bofi_mutex, NULL, MUTEX_SPIN, (void *)(uintptr_t)s); mutex_init(&bofi_low_mutex, NULL, MUTEX_DRIVER, (void *)bofi_low_cookie); shadow_list.next = &shadow_list; shadow_list.prev = &shadow_list; for (i = 0; i < HDL_HASH_TBL_SIZE; i++) { hhash_table[i].hnext = &hhash_table[i]; hhash_table[i].hprev = &hhash_table[i]; dhash_table[i].dnext = &dhash_table[i]; dhash_table[i].dprev = &dhash_table[i]; } for (i = 1; i < BOFI_NLINKS; i++) bofi_link_array[i].link = &bofi_link_array[i-1]; bofi_link_freelist = &bofi_link_array[BOFI_NLINKS - 1]; /* * overlay bus_ops structure */ if (modify_bus_ops(nexus_name, &bofi_bus_ops) == 0) { ddi_remove_minor_node(dip, buf); mutex_destroy(&clone_tab_mutex); mutex_destroy(&bofi_mutex); mutex_destroy(&bofi_low_mutex); return (DDI_FAILURE); } /* * save dip for getinfo */ our_dip = dip; ddi_report_dev(dip); initialized = 1; } return (DDI_SUCCESS); } static int bofi_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) { char *name; char buf[80]; if (cmd != DDI_DETACH) return (DDI_FAILURE); if (ddi_get_instance(dip) > 0) return (DDI_FAILURE); if ((name = ddi_get_name(dip)) == NULL) return (DDI_FAILURE); (void) snprintf(buf, sizeof (buf), "%s,ctl", name); mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); /* * make sure test bofi is no longer in use */ if (shadow_list.next != &shadow_list || errent_listp != NULL) { mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (DDI_FAILURE); } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); /* * restore bus_ops structure */ if (reset_bus_ops(nexus_name, &save_bus_ops) == 0) return (DDI_FAILURE); mutex_destroy(&clone_tab_mutex); mutex_destroy(&bofi_mutex); mutex_destroy(&bofi_low_mutex); ddi_remove_minor_node(dip, buf); our_dip = NULL; initialized = 0; return (DDI_SUCCESS); } /* ARGSUSED */ static int bofi_getinfo(dev_info_t *dip, ddi_info_cmd_t cmd, void *arg, void **result) { dev_t dev = (dev_t)arg; int minor = (int)getminor(dev); int retval; switch (cmd) { case DDI_INFO_DEVT2DEVINFO: if (minor != 0 || our_dip == NULL) { *result = (void *)NULL; retval = DDI_FAILURE; } else { *result = (void *)our_dip; retval = DDI_SUCCESS; } break; case DDI_INFO_DEVT2INSTANCE: *result = (void *)0; retval = DDI_SUCCESS; break; default: retval = DDI_FAILURE; } return (retval); } /* ARGSUSED */ static int bofi_open(dev_t *devp, int flag, int otyp, cred_t *credp) { int minor = (int)getminor(*devp); struct bofi_errent *softc; /* * only allow open on minor=0 - the clone device */ if (minor != 0) return (ENXIO); /* * fail if not attached */ if (!initialized) return (ENXIO); /* * find a free slot and grab it */ mutex_enter(&clone_tab_mutex); for (minor = 1; minor < NCLONES; minor++) { if (clone_tab[minor] == 0) { clone_tab[minor] = 1; break; } } mutex_exit(&clone_tab_mutex); if (minor == NCLONES) return (EAGAIN); /* * soft state structure for this clone is used to maintain a list * of allocated errdefs so they can be freed on close */ if (ddi_soft_state_zalloc(statep, minor) != DDI_SUCCESS) { mutex_enter(&clone_tab_mutex); clone_tab[minor] = 0; mutex_exit(&clone_tab_mutex); return (EAGAIN); } softc = ddi_get_soft_state(statep, minor); softc->cnext = softc; softc->cprev = softc; *devp = makedevice(getmajor(*devp), minor); return (0); } /* ARGSUSED */ static int bofi_close(dev_t dev, int flag, int otyp, cred_t *credp) { int minor = (int)getminor(dev); struct bofi_errent *softc; struct bofi_errent *ep, *next_ep; softc = ddi_get_soft_state(statep, minor); if (softc == NULL) return (ENXIO); /* * find list of errdefs and free them off */ for (ep = softc->cnext; ep != softc; ) { next_ep = ep->cnext; (void) bofi_errdef_free(ep); ep = next_ep; } /* * free clone tab slot */ mutex_enter(&clone_tab_mutex); clone_tab[minor] = 0; mutex_exit(&clone_tab_mutex); ddi_soft_state_free(statep, minor); return (0); } /* ARGSUSED */ static int bofi_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *credp, int *rvalp) { struct bofi_errent *softc; int minor = (int)getminor(dev); struct bofi_errdef errdef; struct bofi_errctl errctl; struct bofi_errstate errstate; void *ed_handle; struct bofi_get_handles get_handles; struct bofi_get_hdl_info hdl_info; struct handle_info *hdlip; struct handle_info *hib; char *buffer; char *bufptr; char *endbuf; int req_count, count, err; char *namep; struct bofi_shadow *hp; int retval; struct bofi_shadow *hhashp; int i; switch (cmd) { case BOFI_ADD_DEF: /* * add a new error definition */ #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_errdef32 errdef_32; if (ddi_copyin((void *)arg, &errdef_32, sizeof (struct bofi_errdef32), mode)) { return (EFAULT); } errdef.namesize = errdef_32.namesize; (void) strncpy(errdef.name, errdef_32.name, NAMESIZE); errdef.instance = errdef_32.instance; errdef.rnumber = errdef_32.rnumber; errdef.offset = errdef_32.offset; errdef.len = errdef_32.len; errdef.access_type = errdef_32.access_type; errdef.access_count = errdef_32.access_count; errdef.fail_count = errdef_32.fail_count; errdef.acc_chk = errdef_32.acc_chk; errdef.optype = errdef_32.optype; errdef.operand = errdef_32.operand; errdef.log.logsize = errdef_32.log.logsize; errdef.log.entries = errdef_32.log.entries; errdef.log.flags = errdef_32.log.flags; errdef.log.wrapcnt = errdef_32.log.wrapcnt; errdef.log.start_time = errdef_32.log.start_time; errdef.log.stop_time = errdef_32.log.stop_time; errdef.log.logbase = (caddr_t)(uintptr_t)errdef_32.log.logbase; errdef.errdef_handle = errdef_32.errdef_handle; break; } case DDI_MODEL_NONE: if (ddi_copyin((void *)arg, &errdef, sizeof (struct bofi_errdef), mode)) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyin((void *)arg, &errdef, sizeof (struct bofi_errdef), mode) != 0) return (EFAULT); #endif /* _MULTI_DATAMODEL */ /* * do some validation */ if (errdef.fail_count == 0) errdef.optype = 0; if (errdef.optype != 0) { if (errdef.access_type & BOFI_INTR && errdef.optype != BOFI_DELAY_INTR && errdef.optype != BOFI_LOSE_INTR && errdef.optype != BOFI_EXTRA_INTR) return (EINVAL); if ((errdef.access_type & (BOFI_DMA_RW|BOFI_PIO_R)) && errdef.optype == BOFI_NO_TRANSFER) return (EINVAL); if ((errdef.access_type & (BOFI_PIO_RW)) && errdef.optype != BOFI_EQUAL && errdef.optype != BOFI_OR && errdef.optype != BOFI_XOR && errdef.optype != BOFI_AND && errdef.optype != BOFI_NO_TRANSFER) return (EINVAL); } /* * find softstate for this clone, so we can tag * new errdef on to it */ softc = ddi_get_soft_state(statep, minor); if (softc == NULL) return (ENXIO); /* * read in name */ if (errdef.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errdef.namesize+1, KM_SLEEP); (void) strncpy(namep, errdef.name, errdef.namesize); if (bofi_errdef_alloc(&errdef, namep, softc) != DDI_SUCCESS) { (void) bofi_errdef_free((struct bofi_errent *) (uintptr_t)errdef.errdef_handle); kmem_free(namep, errdef.namesize+1); return (EINVAL); } /* * copy out errdef again, including filled in errdef_handle */ #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_errdef32 errdef_32; errdef_32.namesize = errdef.namesize; (void) strncpy(errdef_32.name, errdef.name, NAMESIZE); errdef_32.instance = errdef.instance; errdef_32.rnumber = errdef.rnumber; errdef_32.offset = errdef.offset; errdef_32.len = errdef.len; errdef_32.access_type = errdef.access_type; errdef_32.access_count = errdef.access_count; errdef_32.fail_count = errdef.fail_count; errdef_32.acc_chk = errdef.acc_chk; errdef_32.optype = errdef.optype; errdef_32.operand = errdef.operand; errdef_32.log.logsize = errdef.log.logsize; errdef_32.log.entries = errdef.log.entries; errdef_32.log.flags = errdef.log.flags; errdef_32.log.wrapcnt = errdef.log.wrapcnt; errdef_32.log.start_time = errdef.log.start_time; errdef_32.log.stop_time = errdef.log.stop_time; errdef_32.log.logbase = (caddr32_t)(uintptr_t)errdef.log.logbase; errdef_32.errdef_handle = errdef.errdef_handle; if (ddi_copyout(&errdef_32, (void *)arg, sizeof (struct bofi_errdef32), mode) != 0) { (void) bofi_errdef_free((struct bofi_errent *) errdef.errdef_handle); kmem_free(namep, errdef.namesize+1); return (EFAULT); } break; } case DDI_MODEL_NONE: if (ddi_copyout(&errdef, (void *)arg, sizeof (struct bofi_errdef), mode) != 0) { (void) bofi_errdef_free((struct bofi_errent *) errdef.errdef_handle); kmem_free(namep, errdef.namesize+1); return (EFAULT); } break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyout(&errdef, (void *)arg, sizeof (struct bofi_errdef), mode) != 0) { (void) bofi_errdef_free((struct bofi_errent *) (uintptr_t)errdef.errdef_handle); kmem_free(namep, errdef.namesize+1); return (EFAULT); } #endif /* _MULTI_DATAMODEL */ return (0); case BOFI_DEL_DEF: /* * delete existing errdef */ if (ddi_copyin((void *)arg, &ed_handle, sizeof (void *), mode) != 0) return (EFAULT); return (bofi_errdef_free((struct bofi_errent *)ed_handle)); case BOFI_START: /* * start all errdefs corresponding to * this name and instance */ if (ddi_copyin((void *)arg, &errctl, sizeof (struct bofi_errctl), mode) != 0) return (EFAULT); /* * copy in name */ if (errctl.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errctl.namesize+1, KM_SLEEP); (void) strncpy(namep, errctl.name, errctl.namesize); bofi_start(&errctl, namep); kmem_free(namep, errctl.namesize+1); return (0); case BOFI_STOP: /* * stop all errdefs corresponding to * this name and instance */ if (ddi_copyin((void *)arg, &errctl, sizeof (struct bofi_errctl), mode) != 0) return (EFAULT); /* * copy in name */ if (errctl.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errctl.namesize+1, KM_SLEEP); (void) strncpy(namep, errctl.name, errctl.namesize); bofi_stop(&errctl, namep); kmem_free(namep, errctl.namesize+1); return (0); case BOFI_BROADCAST: /* * wakeup all errdefs corresponding to * this name and instance */ if (ddi_copyin((void *)arg, &errctl, sizeof (struct bofi_errctl), mode) != 0) return (EFAULT); /* * copy in name */ if (errctl.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errctl.namesize+1, KM_SLEEP); (void) strncpy(namep, errctl.name, errctl.namesize); bofi_broadcast(&errctl, namep); kmem_free(namep, errctl.namesize+1); return (0); case BOFI_CLEAR_ACC_CHK: /* * clear "acc_chk" for all errdefs corresponding to * this name and instance */ if (ddi_copyin((void *)arg, &errctl, sizeof (struct bofi_errctl), mode) != 0) return (EFAULT); /* * copy in name */ if (errctl.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errctl.namesize+1, KM_SLEEP); (void) strncpy(namep, errctl.name, errctl.namesize); bofi_clear_acc_chk(&errctl, namep); kmem_free(namep, errctl.namesize+1); return (0); case BOFI_CLEAR_ERRORS: /* * set "fail_count" to 0 for all errdefs corresponding to * this name and instance whose "access_count" * has expired. */ if (ddi_copyin((void *)arg, &errctl, sizeof (struct bofi_errctl), mode) != 0) return (EFAULT); /* * copy in name */ if (errctl.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errctl.namesize+1, KM_SLEEP); (void) strncpy(namep, errctl.name, errctl.namesize); bofi_clear_errors(&errctl, namep); kmem_free(namep, errctl.namesize+1); return (0); case BOFI_CLEAR_ERRDEFS: /* * set "access_count" and "fail_count" to 0 for all errdefs * corresponding to this name and instance */ if (ddi_copyin((void *)arg, &errctl, sizeof (struct bofi_errctl), mode) != 0) return (EFAULT); /* * copy in name */ if (errctl.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(errctl.namesize+1, KM_SLEEP); (void) strncpy(namep, errctl.name, errctl.namesize); bofi_clear_errdefs(&errctl, namep); kmem_free(namep, errctl.namesize+1); return (0); case BOFI_CHK_STATE: { struct acc_log_elem *klg; size_t uls; /* * get state for this errdef - read in dummy errstate * with just the errdef_handle filled in */ #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_errstate32 errstate_32; if (ddi_copyin((void *)arg, &errstate_32, sizeof (struct bofi_errstate32), mode) != 0) { return (EFAULT); } errstate.fail_time = errstate_32.fail_time; errstate.msg_time = errstate_32.msg_time; errstate.access_count = errstate_32.access_count; errstate.fail_count = errstate_32.fail_count; errstate.acc_chk = errstate_32.acc_chk; errstate.errmsg_count = errstate_32.errmsg_count; (void) strncpy(errstate.buffer, errstate_32.buffer, ERRMSGSIZE); errstate.severity = errstate_32.severity; errstate.log.logsize = errstate_32.log.logsize; errstate.log.entries = errstate_32.log.entries; errstate.log.flags = errstate_32.log.flags; errstate.log.wrapcnt = errstate_32.log.wrapcnt; errstate.log.start_time = errstate_32.log.start_time; errstate.log.stop_time = errstate_32.log.stop_time; errstate.log.logbase = (caddr_t)(uintptr_t)errstate_32.log.logbase; errstate.errdef_handle = errstate_32.errdef_handle; break; } case DDI_MODEL_NONE: if (ddi_copyin((void *)arg, &errstate, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyin((void *)arg, &errstate, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); #endif /* _MULTI_DATAMODEL */ if ((retval = bofi_errdef_check(&errstate, &klg)) == EINVAL) return (EINVAL); /* * copy out real errstate structure */ uls = errstate.log.logsize; if (errstate.log.entries > uls && uls) /* insufficient user memory */ errstate.log.entries = uls; /* always pass back a time */ if (errstate.log.stop_time == 0ul) (void) drv_getparm(TIME, &(errstate.log.stop_time)); #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_errstate32 errstate_32; errstate_32.fail_time = errstate.fail_time; errstate_32.msg_time = errstate.msg_time; errstate_32.access_count = errstate.access_count; errstate_32.fail_count = errstate.fail_count; errstate_32.acc_chk = errstate.acc_chk; errstate_32.errmsg_count = errstate.errmsg_count; (void) strncpy(errstate_32.buffer, errstate.buffer, ERRMSGSIZE); errstate_32.severity = errstate.severity; errstate_32.log.logsize = errstate.log.logsize; errstate_32.log.entries = errstate.log.entries; errstate_32.log.flags = errstate.log.flags; errstate_32.log.wrapcnt = errstate.log.wrapcnt; errstate_32.log.start_time = errstate.log.start_time; errstate_32.log.stop_time = errstate.log.stop_time; errstate_32.log.logbase = (caddr32_t)(uintptr_t)errstate.log.logbase; errstate_32.errdef_handle = errstate.errdef_handle; if (ddi_copyout(&errstate_32, (void *)arg, sizeof (struct bofi_errstate32), mode) != 0) return (EFAULT); break; } case DDI_MODEL_NONE: if (ddi_copyout(&errstate, (void *)arg, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyout(&errstate, (void *)arg, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); #endif /* _MULTI_DATAMODEL */ if (uls && errstate.log.entries && ddi_copyout(klg, errstate.log.logbase, errstate.log.entries * sizeof (struct acc_log_elem), mode) != 0) { return (EFAULT); } return (retval); } case BOFI_CHK_STATE_W: { struct acc_log_elem *klg; size_t uls; /* * get state for this errdef - read in dummy errstate * with just the errdef_handle filled in. Then wait for * a ddi_report_fault message to come back */ #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_errstate32 errstate_32; if (ddi_copyin((void *)arg, &errstate_32, sizeof (struct bofi_errstate32), mode) != 0) { return (EFAULT); } errstate.fail_time = errstate_32.fail_time; errstate.msg_time = errstate_32.msg_time; errstate.access_count = errstate_32.access_count; errstate.fail_count = errstate_32.fail_count; errstate.acc_chk = errstate_32.acc_chk; errstate.errmsg_count = errstate_32.errmsg_count; (void) strncpy(errstate.buffer, errstate_32.buffer, ERRMSGSIZE); errstate.severity = errstate_32.severity; errstate.log.logsize = errstate_32.log.logsize; errstate.log.entries = errstate_32.log.entries; errstate.log.flags = errstate_32.log.flags; errstate.log.wrapcnt = errstate_32.log.wrapcnt; errstate.log.start_time = errstate_32.log.start_time; errstate.log.stop_time = errstate_32.log.stop_time; errstate.log.logbase = (caddr_t)(uintptr_t)errstate_32.log.logbase; errstate.errdef_handle = errstate_32.errdef_handle; break; } case DDI_MODEL_NONE: if (ddi_copyin((void *)arg, &errstate, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyin((void *)arg, &errstate, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); #endif /* _MULTI_DATAMODEL */ if ((retval = bofi_errdef_check_w(&errstate, &klg)) == EINVAL) return (EINVAL); /* * copy out real errstate structure */ uls = errstate.log.logsize; uls = errstate.log.logsize; if (errstate.log.entries > uls && uls) /* insufficient user memory */ errstate.log.entries = uls; /* always pass back a time */ if (errstate.log.stop_time == 0ul) (void) drv_getparm(TIME, &(errstate.log.stop_time)); #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_errstate32 errstate_32; errstate_32.fail_time = errstate.fail_time; errstate_32.msg_time = errstate.msg_time; errstate_32.access_count = errstate.access_count; errstate_32.fail_count = errstate.fail_count; errstate_32.acc_chk = errstate.acc_chk; errstate_32.errmsg_count = errstate.errmsg_count; (void) strncpy(errstate_32.buffer, errstate.buffer, ERRMSGSIZE); errstate_32.severity = errstate.severity; errstate_32.log.logsize = errstate.log.logsize; errstate_32.log.entries = errstate.log.entries; errstate_32.log.flags = errstate.log.flags; errstate_32.log.wrapcnt = errstate.log.wrapcnt; errstate_32.log.start_time = errstate.log.start_time; errstate_32.log.stop_time = errstate.log.stop_time; errstate_32.log.logbase = (caddr32_t)(uintptr_t)errstate.log.logbase; errstate_32.errdef_handle = errstate.errdef_handle; if (ddi_copyout(&errstate_32, (void *)arg, sizeof (struct bofi_errstate32), mode) != 0) return (EFAULT); break; } case DDI_MODEL_NONE: if (ddi_copyout(&errstate, (void *)arg, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyout(&errstate, (void *)arg, sizeof (struct bofi_errstate), mode) != 0) return (EFAULT); #endif /* _MULTI_DATAMODEL */ if (uls && errstate.log.entries && ddi_copyout(klg, errstate.log.logbase, errstate.log.entries * sizeof (struct acc_log_elem), mode) != 0) { return (EFAULT); } return (retval); } case BOFI_GET_HANDLES: /* * display existing handles */ #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_get_handles32 get_handles_32; if (ddi_copyin((void *)arg, &get_handles_32, sizeof (get_handles_32), mode) != 0) { return (EFAULT); } get_handles.namesize = get_handles_32.namesize; (void) strncpy(get_handles.name, get_handles_32.name, NAMESIZE); get_handles.instance = get_handles_32.instance; get_handles.count = get_handles_32.count; get_handles.buffer = (caddr_t)(uintptr_t)get_handles_32.buffer; break; } case DDI_MODEL_NONE: if (ddi_copyin((void *)arg, &get_handles, sizeof (get_handles), mode) != 0) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyin((void *)arg, &get_handles, sizeof (get_handles), mode) != 0) return (EFAULT); #endif /* _MULTI_DATAMODEL */ /* * read in name */ if (get_handles.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(get_handles.namesize+1, KM_SLEEP); (void) strncpy(namep, get_handles.name, get_handles.namesize); req_count = get_handles.count; bufptr = buffer = kmem_zalloc(req_count, KM_SLEEP); endbuf = bufptr + req_count; /* * display existing handles */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); for (i = 0; i < HDL_HASH_TBL_SIZE; i++) { hhashp = &hhash_table[i]; for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) { if (!driver_under_test(hp->dip)) continue; if (ddi_name_to_major(ddi_get_name(hp->dip)) != ddi_name_to_major(namep)) continue; if (hp->instance != get_handles.instance) continue; /* * print information per handle - note that * DMA* means an unbound DMA handle */ (void) snprintf(bufptr, (size_t)(endbuf-bufptr), " %s %d %s ", hp->name, hp->instance, (hp->type == BOFI_INT_HDL) ? "INTR" : (hp->type == BOFI_ACC_HDL) ? "PIO" : (hp->type == BOFI_DMA_HDL) ? "DMA" : (hp->hparrayp != NULL) ? "DVMA" : "DMA*"); bufptr += strlen(bufptr); if (hp->type == BOFI_ACC_HDL) { if (hp->len == INT_MAX - hp->offset) (void) snprintf(bufptr, (size_t)(endbuf-bufptr), "reg set %d off 0x%llx\n", hp->rnumber, hp->offset); else (void) snprintf(bufptr, (size_t)(endbuf-bufptr), "reg set %d off 0x%llx" " len 0x%llx\n", hp->rnumber, hp->offset, hp->len); } else if (hp->type == BOFI_DMA_HDL) (void) snprintf(bufptr, (size_t)(endbuf-bufptr), "handle no %d len 0x%llx" " addr 0x%p\n", hp->rnumber, hp->len, (void *)hp->addr); else if (hp->type == BOFI_NULL && hp->hparrayp == NULL) (void) snprintf(bufptr, (size_t)(endbuf-bufptr), "handle no %d\n", hp->rnumber); else (void) snprintf(bufptr, (size_t)(endbuf-bufptr), "\n"); bufptr += strlen(bufptr); } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); err = ddi_copyout(buffer, get_handles.buffer, req_count, mode); kmem_free(namep, get_handles.namesize+1); kmem_free(buffer, req_count); if (err != 0) return (EFAULT); else return (0); case BOFI_GET_HANDLE_INFO: /* * display existing handles */ #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_get_hdl_info32 hdl_info_32; if (ddi_copyin((void *)arg, &hdl_info_32, sizeof (hdl_info_32), mode)) { return (EFAULT); } hdl_info.namesize = hdl_info_32.namesize; (void) strncpy(hdl_info.name, hdl_info_32.name, NAMESIZE); hdl_info.count = hdl_info_32.count; hdl_info.hdli = (caddr_t)(uintptr_t)hdl_info_32.hdli; break; } case DDI_MODEL_NONE: if (ddi_copyin((void *)arg, &hdl_info, sizeof (hdl_info), mode)) return (EFAULT); break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyin((void *)arg, &hdl_info, sizeof (hdl_info), mode)) return (EFAULT); #endif /* _MULTI_DATAMODEL */ if (hdl_info.namesize > NAMESIZE) return (EINVAL); namep = kmem_zalloc(hdl_info.namesize + 1, KM_SLEEP); (void) strncpy(namep, hdl_info.name, hdl_info.namesize); req_count = hdl_info.count; count = hdl_info.count = 0; /* the actual no of handles */ if (req_count > 0) { hib = hdlip = kmem_zalloc(req_count * sizeof (struct handle_info), KM_SLEEP); } else { hib = hdlip = 0; req_count = hdl_info.count = 0; } /* * display existing handles */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); for (i = 0; i < HDL_HASH_TBL_SIZE; i++) { hhashp = &hhash_table[i]; for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) { if (!driver_under_test(hp->dip) || ddi_name_to_major(ddi_get_name(hp->dip)) != ddi_name_to_major(namep) || ++(hdl_info.count) > req_count || count == req_count) continue; hdlip->instance = hp->instance; hdlip->rnumber = hp->rnumber; switch (hp->type) { case BOFI_ACC_HDL: hdlip->access_type = BOFI_PIO_RW; hdlip->offset = hp->offset; hdlip->len = hp->len; break; case BOFI_DMA_HDL: hdlip->access_type = 0; if (hp->flags & DDI_DMA_WRITE) hdlip->access_type |= BOFI_DMA_W; if (hp->flags & DDI_DMA_READ) hdlip->access_type |= BOFI_DMA_R; hdlip->len = hp->len; hdlip->addr_cookie = (uint64_t)(uintptr_t)hp->addr; break; case BOFI_INT_HDL: hdlip->access_type = BOFI_INTR; break; default: hdlip->access_type = 0; break; } hdlip++; count++; } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); err = 0; #ifdef _MULTI_DATAMODEL switch (ddi_model_convert_from(mode & FMODELS)) { case DDI_MODEL_ILP32: { /* * For use when a 32 bit app makes a call into a * 64 bit ioctl */ struct bofi_get_hdl_info32 hdl_info_32; hdl_info_32.namesize = hdl_info.namesize; (void) strncpy(hdl_info_32.name, hdl_info.name, NAMESIZE); hdl_info_32.count = hdl_info.count; hdl_info_32.hdli = (caddr32_t)(uintptr_t)hdl_info.hdli; if (ddi_copyout(&hdl_info_32, (void *)arg, sizeof (hdl_info_32), mode) != 0) { kmem_free(namep, hdl_info.namesize+1); if (req_count > 0) kmem_free(hib, req_count * sizeof (*hib)); return (EFAULT); } break; } case DDI_MODEL_NONE: if (ddi_copyout(&hdl_info, (void *)arg, sizeof (hdl_info), mode) != 0) { kmem_free(namep, hdl_info.namesize+1); if (req_count > 0) kmem_free(hib, req_count * sizeof (*hib)); return (EFAULT); } break; } #else /* ! _MULTI_DATAMODEL */ if (ddi_copyout(&hdl_info, (void *)arg, sizeof (hdl_info), mode) != 0) { kmem_free(namep, hdl_info.namesize+1); if (req_count > 0) kmem_free(hib, req_count * sizeof (*hib)); return (EFAULT); } #endif /* ! _MULTI_DATAMODEL */ if (count > 0) { if (ddi_copyout(hib, hdl_info.hdli, count * sizeof (*hib), mode) != 0) { kmem_free(namep, hdl_info.namesize+1); if (req_count > 0) kmem_free(hib, req_count * sizeof (*hib)); return (EFAULT); } } kmem_free(namep, hdl_info.namesize+1); if (req_count > 0) kmem_free(hib, req_count * sizeof (*hib)); return (err); default: return (ENOTTY); } } /* * add a new error definition */ static int bofi_errdef_alloc(struct bofi_errdef *errdefp, char *namep, struct bofi_errent *softc) { struct bofi_errent *ep; struct bofi_shadow *hp; struct bofi_link *lp; /* * allocate errdef structure and put on in-use list */ ep = kmem_zalloc(sizeof (struct bofi_errent), KM_SLEEP); ep->errdef = *errdefp; ep->name = namep; ep->errdef.errdef_handle = (uint64_t)(uintptr_t)ep; ep->errstate.errdef_handle = (uint64_t)(uintptr_t)ep; cv_init(&ep->cv, NULL, CV_DRIVER, NULL); /* * allocate space for logging */ ep->errdef.log.entries = 0; ep->errdef.log.wrapcnt = 0; if (ep->errdef.access_type & BOFI_LOG) ep->logbase = kmem_alloc(sizeof (struct acc_log_elem) * ep->errdef.log.logsize, KM_SLEEP); else ep->logbase = NULL; /* * put on in-use list */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); ep->next = errent_listp; errent_listp = ep; /* * and add it to the per-clone list */ ep->cnext = softc->cnext; softc->cnext->cprev = ep; ep->cprev = softc; softc->cnext = ep; /* * look for corresponding shadow handle structures and if we find any * tag this errdef structure on to their link lists. */ for (hp = shadow_list.next; hp != &shadow_list; hp = hp->next) { if (ddi_name_to_major(hp->name) == ddi_name_to_major(namep) && hp->instance == errdefp->instance && (((errdefp->access_type & BOFI_DMA_RW) && (ep->errdef.rnumber == -1 || hp->rnumber == ep->errdef.rnumber) && hp->type == BOFI_DMA_HDL && (((uintptr_t)(hp->addr + ep->errdef.offset + ep->errdef.len) & ~LLSZMASK) > ((uintptr_t)((hp->addr + ep->errdef.offset) + LLSZMASK) & ~LLSZMASK))) || ((errdefp->access_type & BOFI_INTR) && hp->type == BOFI_INT_HDL) || ((errdefp->access_type & BOFI_PIO_RW) && hp->type == BOFI_ACC_HDL && (errdefp->rnumber == -1 || hp->rnumber == errdefp->rnumber) && (errdefp->len == 0 || hp->offset < errdefp->offset + errdefp->len) && hp->offset + hp->len > errdefp->offset))) { lp = bofi_link_freelist; if (lp != NULL) { bofi_link_freelist = lp->link; lp->errentp = ep; lp->link = hp->link; hp->link = lp; } } } errdefp->errdef_handle = (uint64_t)(uintptr_t)ep; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); ep->softintr_id = NULL; return (ddi_add_softintr(our_dip, DDI_SOFTINT_MED, &ep->softintr_id, NULL, NULL, bofi_signal, (caddr_t)&ep->errdef)); } /* * delete existing errdef */ static int bofi_errdef_free(struct bofi_errent *ep) { struct bofi_errent *hep, *prev_hep; struct bofi_link *lp, *prev_lp, *next_lp; struct bofi_shadow *hp; mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); /* * don't just assume its a valid ep - check that its on the * in-use list */ prev_hep = NULL; for (hep = errent_listp; hep != NULL; ) { if (hep == ep) break; prev_hep = hep; hep = hep->next; } if (hep == NULL) { mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (EINVAL); } /* * found it - delete from in-use list */ if (prev_hep) prev_hep->next = hep->next; else errent_listp = hep->next; /* * and take it off the per-clone list */ hep->cnext->cprev = hep->cprev; hep->cprev->cnext = hep->cnext; /* * see if we are on any shadow handle link lists - and if we * are then take us off */ for (hp = shadow_list.next; hp != &shadow_list; hp = hp->next) { prev_lp = NULL; for (lp = hp->link; lp != NULL; ) { if (lp->errentp == ep) { if (prev_lp) prev_lp->link = lp->link; else hp->link = lp->link; next_lp = lp->link; lp->link = bofi_link_freelist; bofi_link_freelist = lp; lp = next_lp; } else { prev_lp = lp; lp = lp->link; } } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); cv_destroy(&ep->cv); kmem_free(ep->name, ep->errdef.namesize+1); if ((ep->errdef.access_type & BOFI_LOG) && ep->errdef.log.logsize && ep->logbase) /* double check */ kmem_free(ep->logbase, sizeof (struct acc_log_elem) * ep->errdef.log.logsize); if (ep->softintr_id) ddi_remove_softintr(ep->softintr_id); kmem_free(ep, sizeof (struct bofi_errent)); return (0); } /* * start all errdefs corresponding to this name and instance */ static void bofi_start(struct bofi_errctl *errctlp, char *namep) { struct bofi_errent *ep; /* * look for any errdefs with matching name and instance */ mutex_enter(&bofi_low_mutex); for (ep = errent_listp; ep != NULL; ep = ep->next) if (strncmp(namep, ep->name, NAMESIZE) == 0 && errctlp->instance == ep->errdef.instance) { ep->state |= BOFI_DEV_ACTIVE; (void) drv_getparm(TIME, &(ep->errdef.log.start_time)); ep->errdef.log.stop_time = 0ul; } mutex_exit(&bofi_low_mutex); } /* * stop all errdefs corresponding to this name and instance */ static void bofi_stop(struct bofi_errctl *errctlp, char *namep) { struct bofi_errent *ep; /* * look for any errdefs with matching name and instance */ mutex_enter(&bofi_low_mutex); for (ep = errent_listp; ep != NULL; ep = ep->next) if (strncmp(namep, ep->name, NAMESIZE) == 0 && errctlp->instance == ep->errdef.instance) { ep->state &= ~BOFI_DEV_ACTIVE; if (ep->errdef.log.stop_time == 0ul) (void) drv_getparm(TIME, &(ep->errdef.log.stop_time)); } mutex_exit(&bofi_low_mutex); } /* * wake up any thread waiting on this errdefs */ static uint_t bofi_signal(caddr_t arg) { struct bofi_errdef *edp = (struct bofi_errdef *)arg; struct bofi_errent *hep; struct bofi_errent *ep = (struct bofi_errent *)(uintptr_t)edp->errdef_handle; mutex_enter(&bofi_low_mutex); for (hep = errent_listp; hep != NULL; ) { if (hep == ep) break; hep = hep->next; } if (hep == NULL) { mutex_exit(&bofi_low_mutex); return (DDI_INTR_UNCLAIMED); } if ((ep->errdef.access_type & BOFI_LOG) && (edp->log.flags & BOFI_LOG_FULL)) { edp->log.stop_time = bofi_gettime(); ep->state |= BOFI_NEW_MESSAGE; if (ep->state & BOFI_MESSAGE_WAIT) cv_broadcast(&ep->cv); ep->state &= ~BOFI_MESSAGE_WAIT; } if (ep->errstate.msg_time != 0) { ep->state |= BOFI_NEW_MESSAGE; if (ep->state & BOFI_MESSAGE_WAIT) cv_broadcast(&ep->cv); ep->state &= ~BOFI_MESSAGE_WAIT; } mutex_exit(&bofi_low_mutex); return (DDI_INTR_CLAIMED); } /* * wake up all errdefs corresponding to this name and instance */ static void bofi_broadcast(struct bofi_errctl *errctlp, char *namep) { struct bofi_errent *ep; /* * look for any errdefs with matching name and instance */ mutex_enter(&bofi_low_mutex); for (ep = errent_listp; ep != NULL; ep = ep->next) if (strncmp(namep, ep->name, NAMESIZE) == 0 && errctlp->instance == ep->errdef.instance) { /* * wake up sleepers */ ep->state |= BOFI_NEW_MESSAGE; if (ep->state & BOFI_MESSAGE_WAIT) cv_broadcast(&ep->cv); ep->state &= ~BOFI_MESSAGE_WAIT; } mutex_exit(&bofi_low_mutex); } /* * clear "acc_chk" for all errdefs corresponding to this name and instance * and wake them up. */ static void bofi_clear_acc_chk(struct bofi_errctl *errctlp, char *namep) { struct bofi_errent *ep; /* * look for any errdefs with matching name and instance */ mutex_enter(&bofi_low_mutex); for (ep = errent_listp; ep != NULL; ep = ep->next) if (strncmp(namep, ep->name, NAMESIZE) == 0 && errctlp->instance == ep->errdef.instance) { mutex_enter(&bofi_mutex); if (ep->errdef.access_count == 0 && ep->errdef.fail_count == 0) ep->errdef.acc_chk = 0; mutex_exit(&bofi_mutex); /* * wake up sleepers */ ep->state |= BOFI_NEW_MESSAGE; if (ep->state & BOFI_MESSAGE_WAIT) cv_broadcast(&ep->cv); ep->state &= ~BOFI_MESSAGE_WAIT; } mutex_exit(&bofi_low_mutex); } /* * set "fail_count" to 0 for all errdefs corresponding to this name and instance * whose "access_count" has expired, set "acc_chk" to 0 and wake them up. */ static void bofi_clear_errors(struct bofi_errctl *errctlp, char *namep) { struct bofi_errent *ep; /* * look for any errdefs with matching name and instance */ mutex_enter(&bofi_low_mutex); for (ep = errent_listp; ep != NULL; ep = ep->next) if (strncmp(namep, ep->name, NAMESIZE) == 0 && errctlp->instance == ep->errdef.instance) { mutex_enter(&bofi_mutex); if (ep->errdef.access_count == 0) { ep->errdef.acc_chk = 0; ep->errdef.fail_count = 0; mutex_exit(&bofi_mutex); if (ep->errdef.log.stop_time == 0ul) (void) drv_getparm(TIME, &(ep->errdef.log.stop_time)); } else mutex_exit(&bofi_mutex); /* * wake up sleepers */ ep->state |= BOFI_NEW_MESSAGE; if (ep->state & BOFI_MESSAGE_WAIT) cv_broadcast(&ep->cv); ep->state &= ~BOFI_MESSAGE_WAIT; } mutex_exit(&bofi_low_mutex); } /* * set "access_count" and "fail_count" to 0 for all errdefs corresponding to * this name and instance, set "acc_chk" to 0, and wake them up. */ static void bofi_clear_errdefs(struct bofi_errctl *errctlp, char *namep) { struct bofi_errent *ep; /* * look for any errdefs with matching name and instance */ mutex_enter(&bofi_low_mutex); for (ep = errent_listp; ep != NULL; ep = ep->next) if (strncmp(namep, ep->name, NAMESIZE) == 0 && errctlp->instance == ep->errdef.instance) { mutex_enter(&bofi_mutex); ep->errdef.acc_chk = 0; ep->errdef.access_count = 0; ep->errdef.fail_count = 0; mutex_exit(&bofi_mutex); if (ep->errdef.log.stop_time == 0ul) (void) drv_getparm(TIME, &(ep->errdef.log.stop_time)); /* * wake up sleepers */ ep->state |= BOFI_NEW_MESSAGE; if (ep->state & BOFI_MESSAGE_WAIT) cv_broadcast(&ep->cv); ep->state &= ~BOFI_MESSAGE_WAIT; } mutex_exit(&bofi_low_mutex); } /* * get state for this errdef */ static int bofi_errdef_check(struct bofi_errstate *errstatep, struct acc_log_elem **logpp) { struct bofi_errent *hep; struct bofi_errent *ep; ep = (struct bofi_errent *)(uintptr_t)errstatep->errdef_handle; mutex_enter(&bofi_low_mutex); /* * don't just assume its a valid ep - check that its on the * in-use list */ for (hep = errent_listp; hep != NULL; hep = hep->next) if (hep == ep) break; if (hep == NULL) { mutex_exit(&bofi_low_mutex); return (EINVAL); } mutex_enter(&bofi_mutex); ep->errstate.access_count = ep->errdef.access_count; ep->errstate.fail_count = ep->errdef.fail_count; ep->errstate.acc_chk = ep->errdef.acc_chk; ep->errstate.log = ep->errdef.log; *logpp = ep->logbase; *errstatep = ep->errstate; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (0); } /* * Wait for a ddi_report_fault message to come back for this errdef * Then return state for this errdef. * fault report is intercepted by bofi_post_event, which triggers * bofi_signal via a softint, which will wake up this routine if * we are waiting */ static int bofi_errdef_check_w(struct bofi_errstate *errstatep, struct acc_log_elem **logpp) { struct bofi_errent *hep; struct bofi_errent *ep; int rval = 0; ep = (struct bofi_errent *)(uintptr_t)errstatep->errdef_handle; mutex_enter(&bofi_low_mutex); retry: /* * don't just assume its a valid ep - check that its on the * in-use list */ for (hep = errent_listp; hep != NULL; hep = hep->next) if (hep == ep) break; if (hep == NULL) { mutex_exit(&bofi_low_mutex); return (EINVAL); } /* * wait for ddi_report_fault for the devinfo corresponding * to this errdef */ if (rval == 0 && !(ep->state & BOFI_NEW_MESSAGE)) { ep->state |= BOFI_MESSAGE_WAIT; if (cv_wait_sig(&ep->cv, &bofi_low_mutex) == 0) rval = EINTR; goto retry; } ep->state &= ~BOFI_NEW_MESSAGE; /* * we either didn't need to sleep, we've been woken up or we've been * signaled - either way return state now */ mutex_enter(&bofi_mutex); ep->errstate.access_count = ep->errdef.access_count; ep->errstate.fail_count = ep->errdef.fail_count; ep->errstate.acc_chk = ep->errdef.acc_chk; ep->errstate.log = ep->errdef.log; *logpp = ep->logbase; *errstatep = ep->errstate; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (rval); } /* * support routine - check if requested driver is defined as under test in the * conf file. */ static int driver_under_test(dev_info_t *rdip) { int i; char *rname; major_t rmaj; rname = ddi_get_name(rdip); rmaj = ddi_name_to_major(rname); /* * Enforce the user to specifically request the following drivers. */ for (i = 0; i < driver_list_size; i += (1 + strlen(&driver_list[i]))) { if (driver_list_neg == 0) { if (rmaj == ddi_name_to_major(&driver_list[i])) return (1); } else { if (rmaj == ddi_name_to_major(&driver_list[i+1])) return (0); } } if (driver_list_neg == 0) return (0); else return (1); } static void log_acc_event(struct bofi_errent *ep, uint_t at, offset_t offset, off_t len, size_t repcount, uint64_t *valuep) { struct bofi_errdef *edp = &(ep->errdef); struct acc_log *log = &edp->log; ASSERT(log != NULL); ASSERT(MUTEX_HELD(&bofi_mutex)); if (log->flags & BOFI_LOG_REPIO) repcount = 1; else if (repcount == 0 && edp->access_count > 0 && (log->flags & BOFI_LOG_FULL) == 0) edp->access_count += 1; if (repcount && log->entries < log->logsize) { struct acc_log_elem *elem = ep->logbase + log->entries; if (log->flags & BOFI_LOG_TIMESTAMP) elem->access_time = bofi_gettime(); elem->access_type = at; elem->offset = offset; elem->value = valuep ? *valuep : 0ll; elem->size = len; elem->repcount = repcount; ++log->entries; if (log->entries == log->logsize) { log->flags |= BOFI_LOG_FULL; ddi_trigger_softintr(((struct bofi_errent *) (uintptr_t)edp->errdef_handle)->softintr_id); } } if ((log->flags & BOFI_LOG_WRAP) && edp->access_count <= 1) { log->wrapcnt++; edp->access_count = log->logsize; log->entries = 0; /* wrap back to the start */ } } /* * got a condition match on dma read/write - check counts and corrupt * data if necessary * * bofi_mutex always held when this is called. */ static void do_dma_corrupt(struct bofi_shadow *hp, struct bofi_errent *ep, uint_t synctype, off_t off, off_t length) { uint64_t operand; int i; off_t len; caddr_t logaddr; uint64_t *addr; uint64_t *endaddr; ASSERT(MUTEX_HELD(&bofi_mutex)); if ((ep->errdef.access_count || ep->errdef.fail_count) && (ep->errdef.access_type & BOFI_LOG)) { uint_t atype; if (synctype == DDI_DMA_SYNC_FORDEV) atype = BOFI_DMA_W; else if (synctype == DDI_DMA_SYNC_FORCPU || synctype == DDI_DMA_SYNC_FORKERNEL) atype = BOFI_DMA_R; else atype = 0; if ((off <= ep->errdef.offset && off + length > ep->errdef.offset) || (off > ep->errdef.offset && off < ep->errdef.offset + ep->errdef.len)) { logaddr = (caddr_t)((uintptr_t)(hp->addr + off + LLSZMASK) & ~LLSZMASK); log_acc_event(ep, atype, logaddr - hp->addr, length, 1, 0); } } if (ep->errdef.access_count > 1) { ep->errdef.access_count--; } else if (ep->errdef.fail_count > 0) { ep->errdef.fail_count--; ep->errdef.access_count = 0; /* * OK do the corruption */ if (ep->errstate.fail_time == 0) ep->errstate.fail_time = bofi_gettime(); /* * work out how much to corrupt * * Make sure endaddr isn't greater than hp->addr + hp->len. * If endaddr becomes less than addr len becomes negative * and the following loop isn't entered. */ addr = (uint64_t *)((uintptr_t)((hp->addr + ep->errdef.offset) + LLSZMASK) & ~LLSZMASK); endaddr = (uint64_t *)((uintptr_t)(hp->addr + min(hp->len, ep->errdef.offset + ep->errdef.len)) & ~LLSZMASK); len = endaddr - addr; operand = ep->errdef.operand; switch (ep->errdef.optype) { case BOFI_EQUAL : for (i = 0; i < len; i++) *(addr + i) = operand; break; case BOFI_AND : for (i = 0; i < len; i++) *(addr + i) &= operand; break; case BOFI_OR : for (i = 0; i < len; i++) *(addr + i) |= operand; break; case BOFI_XOR : for (i = 0; i < len; i++) *(addr + i) ^= operand; break; default: /* do nothing */ break; } } } static uint64_t do_bofi_rd8(struct bofi_shadow *, caddr_t); static uint64_t do_bofi_rd16(struct bofi_shadow *, caddr_t); static uint64_t do_bofi_rd32(struct bofi_shadow *, caddr_t); static uint64_t do_bofi_rd64(struct bofi_shadow *, caddr_t); /* * check all errdefs linked to this shadow handle. If we've got a condition * match check counts and corrupt data if necessary * * bofi_mutex always held when this is called. * * because of possibility of BOFI_NO_TRANSFER, we couldn't get data * from io-space before calling this, so we pass in the func to do the * transfer as a parameter. */ static uint64_t do_pior_corrupt(struct bofi_shadow *hp, caddr_t addr, uint64_t (*func)(), size_t repcount, size_t accsize) { struct bofi_errent *ep; struct bofi_link *lp; uint64_t operand; uintptr_t minlen; intptr_t base; int done_get = 0; uint64_t get_val, gv; ASSERT(MUTEX_HELD(&bofi_mutex)); /* * check through all errdefs associated with this shadow handle */ for (lp = hp->link; lp != NULL; lp = lp->link) { ep = lp->errentp; if (ep->errdef.len == 0) minlen = hp->len; else minlen = min(hp->len, ep->errdef.len); base = addr - hp->addr - ep->errdef.offset + hp->offset; if ((ep->errdef.access_type & BOFI_PIO_R) && (ep->state & BOFI_DEV_ACTIVE) && base >= 0 && base < minlen) { /* * condition match for pio read */ if (ep->errdef.access_count > 1) { ep->errdef.access_count--; if (done_get == 0) { done_get = 1; gv = get_val = func(hp, addr); } if (ep->errdef.access_type & BOFI_LOG) { log_acc_event(ep, BOFI_PIO_R, addr - hp->addr, accsize, repcount, &gv); } } else if (ep->errdef.fail_count > 0) { ep->errdef.fail_count--; ep->errdef.access_count = 0; /* * OK do corruption */ if (ep->errstate.fail_time == 0) ep->errstate.fail_time = bofi_gettime(); operand = ep->errdef.operand; if (done_get == 0) { if (ep->errdef.optype == BOFI_NO_TRANSFER) /* * no transfer - bomb out */ return (operand); done_get = 1; gv = get_val = func(hp, addr); } if (ep->errdef.access_type & BOFI_LOG) { log_acc_event(ep, BOFI_PIO_R, addr - hp->addr, accsize, repcount, &gv); } switch (ep->errdef.optype) { case BOFI_EQUAL : get_val = operand; break; case BOFI_AND : get_val &= operand; break; case BOFI_OR : get_val |= operand; break; case BOFI_XOR : get_val ^= operand; break; default: /* do nothing */ break; } } } } if (done_get == 0) return (func(hp, addr)); else return (get_val); } /* * check all errdefs linked to this shadow handle. If we've got a condition * match check counts and corrupt data if necessary * * bofi_mutex always held when this is called. * * because of possibility of BOFI_NO_TRANSFER, we return 0 if no data * is to be written out to io-space, 1 otherwise */ static int do_piow_corrupt(struct bofi_shadow *hp, caddr_t addr, uint64_t *valuep, size_t size, size_t repcount) { struct bofi_errent *ep; struct bofi_link *lp; uintptr_t minlen; intptr_t base; uint64_t v = *valuep; ASSERT(MUTEX_HELD(&bofi_mutex)); /* * check through all errdefs associated with this shadow handle */ for (lp = hp->link; lp != NULL; lp = lp->link) { ep = lp->errentp; if (ep->errdef.len == 0) minlen = hp->len; else minlen = min(hp->len, ep->errdef.len); base = (caddr_t)addr - hp->addr - ep->errdef.offset +hp->offset; if ((ep->errdef.access_type & BOFI_PIO_W) && (ep->state & BOFI_DEV_ACTIVE) && base >= 0 && base < minlen) { /* * condition match for pio write */ if (ep->errdef.access_count > 1) { ep->errdef.access_count--; if (ep->errdef.access_type & BOFI_LOG) log_acc_event(ep, BOFI_PIO_W, addr - hp->addr, size, repcount, &v); } else if (ep->errdef.fail_count > 0) { ep->errdef.fail_count--; ep->errdef.access_count = 0; if (ep->errdef.access_type & BOFI_LOG) log_acc_event(ep, BOFI_PIO_W, addr - hp->addr, size, repcount, &v); /* * OK do corruption */ if (ep->errstate.fail_time == 0) ep->errstate.fail_time = bofi_gettime(); switch (ep->errdef.optype) { case BOFI_EQUAL : *valuep = ep->errdef.operand; break; case BOFI_AND : *valuep &= ep->errdef.operand; break; case BOFI_OR : *valuep |= ep->errdef.operand; break; case BOFI_XOR : *valuep ^= ep->errdef.operand; break; case BOFI_NO_TRANSFER : /* * no transfer - bomb out */ return (0); default: /* do nothing */ break; } } } } return (1); } static uint64_t do_bofi_rd8(struct bofi_shadow *hp, caddr_t addr) { return (hp->save.acc.ahi_get8(&hp->save.acc, (uint8_t *)addr)); } #define BOFI_READ_CHECKS(type) \ if (bofi_ddi_check) \ addr = (type *)((uintptr_t)addr - 64 + hp->addr); \ if (bofi_range_check && ((caddr_t)addr < hp->addr || \ (caddr_t)addr - hp->addr >= hp->len)) { \ cmn_err((bofi_range_check == 2) ? CE_PANIC : CE_WARN, \ "ddi_get() out of range addr %p not in %p/%llx", \ (void *)addr, (void *)hp->addr, hp->len); \ return (0); \ } /* * our getb() routine - use tryenter */ static uint8_t bofi_rd8(ddi_acc_impl_t *handle, uint8_t *addr) { struct bofi_shadow *hp; uint8_t retval; hp = handle->ahi_common.ah_bus_private; BOFI_READ_CHECKS(uint8_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) return (hp->save.acc.ahi_get8(&hp->save.acc, addr)); retval = (uint8_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd8, 1, 1); mutex_exit(&bofi_mutex); return (retval); } static uint64_t do_bofi_rd16(struct bofi_shadow *hp, caddr_t addr) { return (hp->save.acc.ahi_get16(&hp->save.acc, (uint16_t *)addr)); } /* * our getw() routine - use tryenter */ static uint16_t bofi_rd16(ddi_acc_impl_t *handle, uint16_t *addr) { struct bofi_shadow *hp; uint16_t retval; hp = handle->ahi_common.ah_bus_private; BOFI_READ_CHECKS(uint16_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) return (hp->save.acc.ahi_get16(&hp->save.acc, addr)); retval = (uint16_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd16, 1, 2); mutex_exit(&bofi_mutex); return (retval); } static uint64_t do_bofi_rd32(struct bofi_shadow *hp, caddr_t addr) { return (hp->save.acc.ahi_get32(&hp->save.acc, (uint32_t *)addr)); } /* * our getl() routine - use tryenter */ static uint32_t bofi_rd32(ddi_acc_impl_t *handle, uint32_t *addr) { struct bofi_shadow *hp; uint32_t retval; hp = handle->ahi_common.ah_bus_private; BOFI_READ_CHECKS(uint32_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) return (hp->save.acc.ahi_get32(&hp->save.acc, addr)); retval = (uint32_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd32, 1, 4); mutex_exit(&bofi_mutex); return (retval); } static uint64_t do_bofi_rd64(struct bofi_shadow *hp, caddr_t addr) { return (hp->save.acc.ahi_get64(&hp->save.acc, (uint64_t *)addr)); } /* * our getll() routine - use tryenter */ static uint64_t bofi_rd64(ddi_acc_impl_t *handle, uint64_t *addr) { struct bofi_shadow *hp; uint64_t retval; hp = handle->ahi_common.ah_bus_private; BOFI_READ_CHECKS(uint64_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) return (hp->save.acc.ahi_get64(&hp->save.acc, addr)); retval = (uint64_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd64, 1, 8); mutex_exit(&bofi_mutex); return (retval); } #define BOFI_WRITE_TESTS(type) \ if (bofi_ddi_check) \ addr = (type *)((uintptr_t)addr - 64 + hp->addr); \ if (bofi_range_check && ((caddr_t)addr < hp->addr || \ (caddr_t)addr - hp->addr >= hp->len)) { \ cmn_err((bofi_range_check == 2) ? CE_PANIC : CE_WARN, \ "ddi_put() out of range addr %p not in %p/%llx\n", \ (void *)addr, (void *)hp->addr, hp->len); \ return; \ } /* * our putb() routine - use tryenter */ static void bofi_wr8(ddi_acc_impl_t *handle, uint8_t *addr, uint8_t value) { struct bofi_shadow *hp; uint64_t llvalue = value; hp = handle->ahi_common.ah_bus_private; BOFI_WRITE_TESTS(uint8_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_put8(&hp->save.acc, addr, (uint8_t)llvalue); return; } if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 1, 1)) hp->save.acc.ahi_put8(&hp->save.acc, addr, (uint8_t)llvalue); mutex_exit(&bofi_mutex); } /* * our putw() routine - use tryenter */ static void bofi_wr16(ddi_acc_impl_t *handle, uint16_t *addr, uint16_t value) { struct bofi_shadow *hp; uint64_t llvalue = value; hp = handle->ahi_common.ah_bus_private; BOFI_WRITE_TESTS(uint16_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_put16(&hp->save.acc, addr, (uint16_t)llvalue); return; } if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 2, 1)) hp->save.acc.ahi_put16(&hp->save.acc, addr, (uint16_t)llvalue); mutex_exit(&bofi_mutex); } /* * our putl() routine - use tryenter */ static void bofi_wr32(ddi_acc_impl_t *handle, uint32_t *addr, uint32_t value) { struct bofi_shadow *hp; uint64_t llvalue = value; hp = handle->ahi_common.ah_bus_private; BOFI_WRITE_TESTS(uint32_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_put32(&hp->save.acc, addr, (uint32_t)llvalue); return; } if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 4, 1)) hp->save.acc.ahi_put32(&hp->save.acc, addr, (uint32_t)llvalue); mutex_exit(&bofi_mutex); } /* * our putll() routine - use tryenter */ static void bofi_wr64(ddi_acc_impl_t *handle, uint64_t *addr, uint64_t value) { struct bofi_shadow *hp; uint64_t llvalue = value; hp = handle->ahi_common.ah_bus_private; BOFI_WRITE_TESTS(uint64_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_put64(&hp->save.acc, addr, (uint64_t)llvalue); return; } if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 8, 1)) hp->save.acc.ahi_put64(&hp->save.acc, addr, (uint64_t)llvalue); mutex_exit(&bofi_mutex); } #define BOFI_REP_READ_TESTS(type) \ if (bofi_ddi_check) \ dev_addr = (type *)((uintptr_t)dev_addr - 64 + hp->addr); \ if (bofi_range_check && ((caddr_t)dev_addr < hp->addr || \ (caddr_t)(dev_addr + repcount) - hp->addr > hp->len)) { \ cmn_err((bofi_range_check == 2) ? CE_PANIC : CE_WARN, \ "ddi_rep_get() out of range addr %p not in %p/%llx\n", \ (void *)dev_addr, (void *)hp->addr, hp->len); \ if ((caddr_t)dev_addr < hp->addr || \ (caddr_t)dev_addr - hp->addr >= hp->len) \ return; \ repcount = (type *)(hp->addr + hp->len) - dev_addr; \ } /* * our rep_getb() routine - use tryenter */ static void bofi_rep_rd8(ddi_acc_impl_t *handle, uint8_t *host_addr, uint8_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint8_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_READ_TESTS(uint8_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_get8(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); *(host_addr + i) = (uint8_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd8, i ? 0 : repcount, 1); } mutex_exit(&bofi_mutex); } /* * our rep_getw() routine - use tryenter */ static void bofi_rep_rd16(ddi_acc_impl_t *handle, uint16_t *host_addr, uint16_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint16_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_READ_TESTS(uint16_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_get16(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); *(host_addr + i) = (uint16_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd16, i ? 0 : repcount, 2); } mutex_exit(&bofi_mutex); } /* * our rep_getl() routine - use tryenter */ static void bofi_rep_rd32(ddi_acc_impl_t *handle, uint32_t *host_addr, uint32_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint32_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_READ_TESTS(uint32_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_get32(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); *(host_addr + i) = (uint32_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd32, i ? 0 : repcount, 4); } mutex_exit(&bofi_mutex); } /* * our rep_getll() routine - use tryenter */ static void bofi_rep_rd64(ddi_acc_impl_t *handle, uint64_t *host_addr, uint64_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint64_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_READ_TESTS(uint64_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_get64(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); *(host_addr + i) = (uint64_t)do_pior_corrupt(hp, (caddr_t)addr, do_bofi_rd64, i ? 0 : repcount, 8); } mutex_exit(&bofi_mutex); } #define BOFI_REP_WRITE_TESTS(type) \ if (bofi_ddi_check) \ dev_addr = (type *)((uintptr_t)dev_addr - 64 + hp->addr); \ if (bofi_range_check && ((caddr_t)dev_addr < hp->addr || \ (caddr_t)(dev_addr + repcount) - hp->addr > hp->len)) { \ cmn_err((bofi_range_check == 2) ? CE_PANIC : CE_WARN, \ "ddi_rep_put() out of range addr %p not in %p/%llx\n", \ (void *)dev_addr, (void *)hp->addr, hp->len); \ if ((caddr_t)dev_addr < hp->addr || \ (caddr_t)dev_addr - hp->addr >= hp->len) \ return; \ repcount = (type *)(hp->addr + hp->len) - dev_addr; \ } /* * our rep_putb() routine - use tryenter */ static void bofi_rep_wr8(ddi_acc_impl_t *handle, uint8_t *host_addr, uint8_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint64_t llvalue; uint8_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_WRITE_TESTS(uint8_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_put8(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { llvalue = *(host_addr + i); addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 1, i ? 0 : repcount)) hp->save.acc.ahi_put8(&hp->save.acc, addr, (uint8_t)llvalue); } mutex_exit(&bofi_mutex); } /* * our rep_putw() routine - use tryenter */ static void bofi_rep_wr16(ddi_acc_impl_t *handle, uint16_t *host_addr, uint16_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint64_t llvalue; uint16_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_WRITE_TESTS(uint16_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_put16(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { llvalue = *(host_addr + i); addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 2, i ? 0 : repcount)) hp->save.acc.ahi_put16(&hp->save.acc, addr, (uint16_t)llvalue); } mutex_exit(&bofi_mutex); } /* * our rep_putl() routine - use tryenter */ static void bofi_rep_wr32(ddi_acc_impl_t *handle, uint32_t *host_addr, uint32_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint64_t llvalue; uint32_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_WRITE_TESTS(uint32_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_put32(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { llvalue = *(host_addr + i); addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 4, i ? 0 : repcount)) hp->save.acc.ahi_put32(&hp->save.acc, addr, (uint32_t)llvalue); } mutex_exit(&bofi_mutex); } /* * our rep_putll() routine - use tryenter */ static void bofi_rep_wr64(ddi_acc_impl_t *handle, uint64_t *host_addr, uint64_t *dev_addr, size_t repcount, uint_t flags) { struct bofi_shadow *hp; int i; uint64_t llvalue; uint64_t *addr; hp = handle->ahi_common.ah_bus_private; BOFI_REP_WRITE_TESTS(uint64_t) if (!hp->link || !mutex_tryenter(&bofi_mutex)) { hp->save.acc.ahi_rep_put64(&hp->save.acc, host_addr, dev_addr, repcount, flags); return; } for (i = 0; i < repcount; i++) { llvalue = *(host_addr + i); addr = dev_addr + ((flags == DDI_DEV_AUTOINCR) ? i : 0); if (do_piow_corrupt(hp, (caddr_t)addr, &llvalue, 8, i ? 0 : repcount)) hp->save.acc.ahi_put64(&hp->save.acc, addr, (uint64_t)llvalue); } mutex_exit(&bofi_mutex); } /* * our ddi_map routine */ static int bofi_map(dev_info_t *dip, dev_info_t *rdip, ddi_map_req_t *reqp, off_t offset, off_t len, caddr_t *vaddrp) { ddi_acc_impl_t *ap; struct bofi_shadow *hp; struct bofi_errent *ep; struct bofi_link *lp, *next_lp; int retval; struct bofi_shadow *dhashp; struct bofi_shadow *hhashp; switch (reqp->map_op) { case DDI_MO_MAP_LOCKED: /* * for this case get nexus to do real work first */ retval = save_bus_ops.bus_map(dip, rdip, reqp, offset, len, vaddrp); if (retval != DDI_SUCCESS) return (retval); ap = (ddi_acc_impl_t *)reqp->map_handlep; if (ap == NULL) return (DDI_SUCCESS); /* * if driver_list is set, only intercept those drivers */ if (!driver_under_test(ap->ahi_common.ah_dip)) return (DDI_SUCCESS); /* * support for ddi_regs_map_setup() * - allocate shadow handle structure and fill it in */ hp = kmem_zalloc(sizeof (struct bofi_shadow), KM_SLEEP); (void) strncpy(hp->name, ddi_get_name(ap->ahi_common.ah_dip), NAMESIZE); hp->instance = ddi_get_instance(ap->ahi_common.ah_dip); hp->dip = ap->ahi_common.ah_dip; hp->addr = *vaddrp; /* * return spurious value to catch direct access to registers */ if (bofi_ddi_check) *vaddrp = (caddr_t)64; hp->rnumber = ((ddi_acc_hdl_t *)ap)->ah_rnumber; hp->offset = offset; if (len == 0) hp->len = INT_MAX - offset; else hp->len = min(len, INT_MAX - offset); hp->hdl.acc_handle = (ddi_acc_handle_t)ap; hp->link = NULL; hp->type = BOFI_ACC_HDL; /* * save existing function pointers and plug in our own */ hp->save.acc = *ap; ap->ahi_get8 = bofi_rd8; ap->ahi_get16 = bofi_rd16; ap->ahi_get32 = bofi_rd32; ap->ahi_get64 = bofi_rd64; ap->ahi_put8 = bofi_wr8; ap->ahi_put16 = bofi_wr16; ap->ahi_put32 = bofi_wr32; ap->ahi_put64 = bofi_wr64; ap->ahi_rep_get8 = bofi_rep_rd8; ap->ahi_rep_get16 = bofi_rep_rd16; ap->ahi_rep_get32 = bofi_rep_rd32; ap->ahi_rep_get64 = bofi_rep_rd64; ap->ahi_rep_put8 = bofi_rep_wr8; ap->ahi_rep_put16 = bofi_rep_wr16; ap->ahi_rep_put32 = bofi_rep_wr32; ap->ahi_rep_put64 = bofi_rep_wr64; ap->ahi_fault_check = bofi_check_acc_hdl; #if defined(__sparc) #else ap->ahi_acc_attr &= ~DDI_ACCATTR_DIRECT; #endif /* * stick in a pointer to our shadow handle */ ap->ahi_common.ah_bus_private = hp; /* * add to dhash, hhash and inuse lists */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hp->next = shadow_list.next; shadow_list.next->prev = hp; hp->prev = &shadow_list; shadow_list.next = hp; hhashp = HDL_HHASH(ap); hp->hnext = hhashp->hnext; hhashp->hnext->hprev = hp; hp->hprev = hhashp; hhashp->hnext = hp; dhashp = HDL_DHASH(hp->dip); hp->dnext = dhashp->dnext; dhashp->dnext->dprev = hp; hp->dprev = dhashp; dhashp->dnext = hp; /* * chain on any pre-existing errdefs that apply to this * acc_handle */ for (ep = errent_listp; ep != NULL; ep = ep->next) { if (ddi_name_to_major(hp->name) == ddi_name_to_major(ep->name) && hp->instance == ep->errdef.instance && (ep->errdef.access_type & BOFI_PIO_RW) && (ep->errdef.rnumber == -1 || hp->rnumber == ep->errdef.rnumber) && (ep->errdef.len == 0 || offset < ep->errdef.offset + ep->errdef.len) && offset + hp->len > ep->errdef.offset) { lp = bofi_link_freelist; if (lp != NULL) { bofi_link_freelist = lp->link; lp->errentp = ep; lp->link = hp->link; hp->link = lp; } } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (DDI_SUCCESS); case DDI_MO_UNMAP: ap = (ddi_acc_impl_t *)reqp->map_handlep; if (ap == NULL) break; /* * support for ddi_regs_map_free() * - check we really have a shadow handle for this one */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(ap); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.acc_handle == (ddi_acc_handle_t)ap) break; if (hp == hhashp) { mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); break; } /* * got a shadow handle - restore original pointers */ *ap = hp->save.acc; *vaddrp = hp->addr; /* * remove from dhash, hhash and inuse lists */ hp->hnext->hprev = hp->hprev; hp->hprev->hnext = hp->hnext; hp->dnext->dprev = hp->dprev; hp->dprev->dnext = hp->dnext; hp->next->prev = hp->prev; hp->prev->next = hp->next; /* * free any errdef link structures tagged onto the shadow handle */ for (lp = hp->link; lp != NULL; ) { next_lp = lp->link; lp->link = bofi_link_freelist; bofi_link_freelist = lp; lp = next_lp; } hp->link = NULL; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); /* * finally delete shadow handle */ kmem_free(hp, sizeof (struct bofi_shadow)); break; default: break; } return (save_bus_ops.bus_map(dip, rdip, reqp, offset, len, vaddrp)); } /* * chain any pre-existing errdefs on to newly created dma handle * if required call do_dma_corrupt() to corrupt data */ static void chain_on_errdefs(struct bofi_shadow *hp) { struct bofi_errent *ep; struct bofi_link *lp; ASSERT(MUTEX_HELD(&bofi_mutex)); /* * chain on any pre-existing errdefs that apply to this dma_handle */ for (ep = errent_listp; ep != NULL; ep = ep->next) { if (ddi_name_to_major(hp->name) == ddi_name_to_major(ep->name) && hp->instance == ep->errdef.instance && (ep->errdef.rnumber == -1 || hp->rnumber == ep->errdef.rnumber) && ((ep->errdef.access_type & BOFI_DMA_RW) && (((uintptr_t)(hp->addr + ep->errdef.offset + ep->errdef.len) & ~LLSZMASK) > ((uintptr_t)((hp->addr + ep->errdef.offset) + LLSZMASK) & ~LLSZMASK)))) { /* * got a match - link it on */ lp = bofi_link_freelist; if (lp != NULL) { bofi_link_freelist = lp->link; lp->errentp = ep; lp->link = hp->link; hp->link = lp; if ((ep->errdef.access_type & BOFI_DMA_W) && (hp->flags & DDI_DMA_WRITE) && (ep->state & BOFI_DEV_ACTIVE)) { do_dma_corrupt(hp, ep, DDI_DMA_SYNC_FORDEV, 0, hp->len); } } } } } /* * need to do copy byte-by-byte in case one of pages is little-endian */ static void xbcopy(void *from, void *to, u_longlong_t len) { uchar_t *f = from; uchar_t *t = to; while (len--) *t++ = *f++; } /* * our ddi_dma_map routine */ static int bofi_dma_map(dev_info_t *dip, dev_info_t *rdip, struct ddi_dma_req *dmareqp, ddi_dma_handle_t *handlep) { struct bofi_shadow *hp, *xhp; int maxrnumber = 0; int retval = DDI_DMA_NORESOURCES; auto struct ddi_dma_req dmareq; int sleep; struct bofi_shadow *dhashp; struct bofi_shadow *hhashp; ddi_dma_impl_t *mp; unsigned long pagemask = ddi_ptob(rdip, 1) - 1; /* * if driver_list is set, only intercept those drivers */ if (handlep == NULL || !driver_under_test(rdip)) return (save_bus_ops.bus_dma_map(dip, rdip, dmareqp, handlep)); sleep = (dmareqp->dmar_fp == DDI_DMA_SLEEP) ? KM_SLEEP : KM_NOSLEEP; /* * allocate shadow handle structure and fill it in */ hp = kmem_zalloc(sizeof (struct bofi_shadow), sleep); if (hp == NULL) goto error; (void) strncpy(hp->name, ddi_get_name(rdip), NAMESIZE); hp->instance = ddi_get_instance(rdip); hp->dip = rdip; hp->flags = dmareqp->dmar_flags; hp->link = NULL; hp->type = BOFI_DMA_HDL; /* * get a kernel virtual mapping */ hp->addr = ddi_dmareq_mapin(dmareqp, &hp->mapaddr, &hp->len); if (hp->addr == NULL) goto error; if (bofi_sync_check) { /* * Take a copy and pass pointers to this up to nexus instead. * Data will be copied from the original on explicit * and implicit ddi_dma_sync() * * - maintain page alignment because some devices assume it. */ hp->origaddr = hp->addr; hp->allocaddr = ddi_umem_alloc( ((uintptr_t)hp->addr & pagemask) + hp->len, sleep, &hp->umem_cookie); if (hp->allocaddr == NULL) goto error; hp->addr = hp->allocaddr + ((uintptr_t)hp->addr & pagemask); if (dmareqp->dmar_flags & DDI_DMA_WRITE) xbcopy(hp->origaddr, hp->addr, hp->len); dmareq = *dmareqp; dmareq.dmar_object.dmao_size = hp->len; dmareq.dmar_object.dmao_type = DMA_OTYP_VADDR; dmareq.dmar_object.dmao_obj.virt_obj.v_as = &kas; dmareq.dmar_object.dmao_obj.virt_obj.v_addr = hp->addr; dmareq.dmar_object.dmao_obj.virt_obj.v_priv = NULL; dmareqp = &dmareq; } /* * call nexus to do the real work */ retval = save_bus_ops.bus_dma_map(dip, rdip, dmareqp, handlep); if (retval != DDI_SUCCESS) goto error2; /* * now set dma_handle to point to real handle */ hp->hdl.dma_handle = *handlep; /* * unset DMP_NOSYNC */ mp = (ddi_dma_impl_t *)*handlep; mp->dmai_rflags &= ~DMP_NOSYNC; mp->dmai_fault_check = bofi_check_dma_hdl; /* * bind and unbind are cached in devinfo - must overwrite them * - note that our bind and unbind are quite happy dealing with * any handles for this devinfo that were previously allocated */ if (save_bus_ops.bus_dma_bindhdl == DEVI(rdip)->devi_bus_dma_bindfunc) DEVI(rdip)->devi_bus_dma_bindfunc = bofi_dma_bindhdl; if (save_bus_ops.bus_dma_unbindhdl == DEVI(rdip)->devi_bus_dma_unbindfunc) DEVI(rdip)->devi_bus_dma_unbindfunc = bofi_dma_unbindhdl; mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); /* * get an "rnumber" for this handle - really just seeking to * get a unique number - generally only care for early allocated * handles - so we get as far as INT_MAX, just stay there */ dhashp = HDL_DHASH(hp->dip); for (xhp = dhashp->dnext; xhp != dhashp; xhp = xhp->dnext) if (ddi_name_to_major(xhp->name) == ddi_name_to_major(hp->name) && xhp->instance == hp->instance && xhp->type == BOFI_DMA_HDL) if (xhp->rnumber >= maxrnumber) { if (xhp->rnumber == INT_MAX) maxrnumber = INT_MAX; else maxrnumber = xhp->rnumber + 1; } hp->rnumber = maxrnumber; /* * add to dhash, hhash and inuse lists */ hp->next = shadow_list.next; shadow_list.next->prev = hp; hp->prev = &shadow_list; shadow_list.next = hp; hhashp = HDL_HHASH(*handlep); hp->hnext = hhashp->hnext; hhashp->hnext->hprev = hp; hp->hprev = hhashp; hhashp->hnext = hp; dhashp = HDL_DHASH(hp->dip); hp->dnext = dhashp->dnext; dhashp->dnext->dprev = hp; hp->dprev = dhashp; dhashp->dnext = hp; /* * chain on any pre-existing errdefs that apply to this * acc_handle and corrupt if required (as there is an implicit * ddi_dma_sync() in this call) */ chain_on_errdefs(hp); mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); error: if (dmareqp->dmar_fp != DDI_DMA_DONTWAIT) { /* * what to do here? Wait a bit and try again */ (void) timeout((void (*)())dmareqp->dmar_fp, dmareqp->dmar_arg, 10); } error2: if (hp) { ddi_dmareq_mapout(hp->mapaddr, hp->len); if (bofi_sync_check && hp->allocaddr) ddi_umem_free(hp->umem_cookie); kmem_free(hp, sizeof (struct bofi_shadow)); } return (retval); } /* * our ddi_dma_allochdl routine */ static int bofi_dma_allochdl(dev_info_t *dip, dev_info_t *rdip, ddi_dma_attr_t *attrp, int (*waitfp)(caddr_t), caddr_t arg, ddi_dma_handle_t *handlep) { int retval = DDI_DMA_NORESOURCES; struct bofi_shadow *hp, *xhp; int maxrnumber = 0; struct bofi_shadow *dhashp; struct bofi_shadow *hhashp; ddi_dma_impl_t *mp; /* * if driver_list is set, only intercept those drivers */ if (!driver_under_test(rdip)) return (save_bus_ops.bus_dma_allochdl(dip, rdip, attrp, waitfp, arg, handlep)); /* * allocate shadow handle structure and fill it in */ hp = kmem_zalloc(sizeof (struct bofi_shadow), ((waitfp == DDI_DMA_SLEEP) ? KM_SLEEP : KM_NOSLEEP)); if (hp == NULL) { /* * what to do here? Wait a bit and try again */ if (waitfp != DDI_DMA_DONTWAIT) (void) timeout((void (*)())waitfp, arg, 10); return (retval); } (void) strncpy(hp->name, ddi_get_name(rdip), NAMESIZE); hp->instance = ddi_get_instance(rdip); hp->dip = rdip; hp->link = NULL; hp->type = BOFI_NULL; /* * call nexus to do the real work */ retval = save_bus_ops.bus_dma_allochdl(dip, rdip, attrp, waitfp, arg, handlep); if (retval != DDI_SUCCESS) { kmem_free(hp, sizeof (struct bofi_shadow)); return (retval); } /* * now point set dma_handle to point to real handle */ hp->hdl.dma_handle = *handlep; mp = (ddi_dma_impl_t *)*handlep; mp->dmai_fault_check = bofi_check_dma_hdl; /* * bind and unbind are cached in devinfo - must overwrite them * - note that our bind and unbind are quite happy dealing with * any handles for this devinfo that were previously allocated */ if (save_bus_ops.bus_dma_bindhdl == DEVI(rdip)->devi_bus_dma_bindfunc) DEVI(rdip)->devi_bus_dma_bindfunc = bofi_dma_bindhdl; if (save_bus_ops.bus_dma_unbindhdl == DEVI(rdip)->devi_bus_dma_unbindfunc) DEVI(rdip)->devi_bus_dma_unbindfunc = bofi_dma_unbindhdl; mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); /* * get an "rnumber" for this handle - really just seeking to * get a unique number - generally only care for early allocated * handles - so we get as far as INT_MAX, just stay there */ dhashp = HDL_DHASH(hp->dip); for (xhp = dhashp->dnext; xhp != dhashp; xhp = xhp->dnext) if (ddi_name_to_major(xhp->name) == ddi_name_to_major(hp->name) && xhp->instance == hp->instance && (xhp->type == BOFI_DMA_HDL || xhp->type == BOFI_NULL)) if (xhp->rnumber >= maxrnumber) { if (xhp->rnumber == INT_MAX) maxrnumber = INT_MAX; else maxrnumber = xhp->rnumber + 1; } hp->rnumber = maxrnumber; /* * add to dhash, hhash and inuse lists */ hp->next = shadow_list.next; shadow_list.next->prev = hp; hp->prev = &shadow_list; shadow_list.next = hp; hhashp = HDL_HHASH(*handlep); hp->hnext = hhashp->hnext; hhashp->hnext->hprev = hp; hp->hprev = hhashp; hhashp->hnext = hp; dhashp = HDL_DHASH(hp->dip); hp->dnext = dhashp->dnext; dhashp->dnext->dprev = hp; hp->dprev = dhashp; dhashp->dnext = hp; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); } /* * our ddi_dma_freehdl routine */ static int bofi_dma_freehdl(dev_info_t *dip, dev_info_t *rdip, ddi_dma_handle_t handle) { int retval; struct bofi_shadow *hp; struct bofi_shadow *hhashp; /* * find shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == handle) break; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); /* * call nexus to do the real work */ retval = save_bus_ops.bus_dma_freehdl(dip, rdip, handle); if (retval != DDI_SUCCESS) { return (retval); } /* * did we really have a shadow for this handle */ if (hp == hhashp) return (retval); /* * yes we have - see if it's still bound */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); if (hp->type != BOFI_NULL) panic("driver freeing bound dma_handle"); /* * remove from dhash, hhash and inuse lists */ hp->hnext->hprev = hp->hprev; hp->hprev->hnext = hp->hnext; hp->dnext->dprev = hp->dprev; hp->dprev->dnext = hp->dnext; hp->next->prev = hp->prev; hp->prev->next = hp->next; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); kmem_free(hp, sizeof (struct bofi_shadow)); return (retval); } /* * our ddi_dma_bindhdl routine */ static int bofi_dma_bindhdl(dev_info_t *dip, dev_info_t *rdip, ddi_dma_handle_t handle, struct ddi_dma_req *dmareqp, ddi_dma_cookie_t *cookiep, uint_t *ccountp) { int retval = DDI_DMA_NORESOURCES; auto struct ddi_dma_req dmareq; struct bofi_shadow *hp; struct bofi_shadow *hhashp; ddi_dma_impl_t *mp; unsigned long pagemask = ddi_ptob(rdip, 1) - 1; /* * check we really have a shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == handle) break; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (hp == hhashp) { /* * no we don't - just call nexus to do the real work */ return save_bus_ops.bus_dma_bindhdl(dip, rdip, handle, dmareqp, cookiep, ccountp); } /* * yes we have - see if it's already bound */ if (hp->type != BOFI_NULL) return (DDI_DMA_INUSE); hp->flags = dmareqp->dmar_flags; /* * get a kernel virtual mapping */ hp->addr = ddi_dmareq_mapin(dmareqp, &hp->mapaddr, &hp->len); if (hp->addr == NULL) goto error; if (bofi_sync_check) { /* * Take a copy and pass pointers to this up to nexus instead. * Data will be copied from the original on explicit * and implicit ddi_dma_sync() * * - maintain page alignment because some devices assume it. */ hp->origaddr = hp->addr; hp->allocaddr = ddi_umem_alloc( ((uintptr_t)hp->addr & pagemask) + hp->len, (dmareqp->dmar_fp == DDI_DMA_SLEEP) ? KM_SLEEP : KM_NOSLEEP, &hp->umem_cookie); if (hp->allocaddr == NULL) goto error; hp->addr = hp->allocaddr + ((uintptr_t)hp->addr & pagemask); if (dmareqp->dmar_flags & DDI_DMA_WRITE) xbcopy(hp->origaddr, hp->addr, hp->len); dmareq = *dmareqp; dmareq.dmar_object.dmao_size = hp->len; dmareq.dmar_object.dmao_type = DMA_OTYP_VADDR; dmareq.dmar_object.dmao_obj.virt_obj.v_as = &kas; dmareq.dmar_object.dmao_obj.virt_obj.v_addr = hp->addr; dmareq.dmar_object.dmao_obj.virt_obj.v_priv = NULL; dmareqp = &dmareq; } /* * call nexus to do the real work */ retval = save_bus_ops.bus_dma_bindhdl(dip, rdip, handle, dmareqp, cookiep, ccountp); if (retval != DDI_SUCCESS) goto error2; /* * unset DMP_NOSYNC */ mp = (ddi_dma_impl_t *)handle; mp->dmai_rflags &= ~DMP_NOSYNC; /* * chain on any pre-existing errdefs that apply to this * acc_handle and corrupt if required (as there is an implicit * ddi_dma_sync() in this call) */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hp->type = BOFI_DMA_HDL; chain_on_errdefs(hp); mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); error: if (dmareqp->dmar_fp != DDI_DMA_DONTWAIT) { /* * what to do here? Wait a bit and try again */ (void) timeout((void (*)())dmareqp->dmar_fp, dmareqp->dmar_arg, 10); } error2: if (hp) { ddi_dmareq_mapout(hp->mapaddr, hp->len); if (bofi_sync_check && hp->allocaddr) ddi_umem_free(hp->umem_cookie); hp->mapaddr = NULL; hp->allocaddr = NULL; hp->origaddr = NULL; } return (retval); } /* * our ddi_dma_unbindhdl routine */ static int bofi_dma_unbindhdl(dev_info_t *dip, dev_info_t *rdip, ddi_dma_handle_t handle) { struct bofi_link *lp, *next_lp; struct bofi_errent *ep; int retval; struct bofi_shadow *hp; struct bofi_shadow *hhashp; /* * call nexus to do the real work */ retval = save_bus_ops.bus_dma_unbindhdl(dip, rdip, handle); if (retval != DDI_SUCCESS) return (retval); /* * check we really have a shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == handle) break; if (hp == hhashp) { mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); } /* * yes we have - see if it's already unbound */ if (hp->type == BOFI_NULL) panic("driver unbinding unbound dma_handle"); /* * free any errdef link structures tagged on to this * shadow handle */ for (lp = hp->link; lp != NULL; ) { next_lp = lp->link; /* * there is an implicit sync_for_cpu on free - * may need to corrupt */ ep = lp->errentp; if ((ep->errdef.access_type & BOFI_DMA_R) && (hp->flags & DDI_DMA_READ) && (ep->state & BOFI_DEV_ACTIVE)) { do_dma_corrupt(hp, ep, DDI_DMA_SYNC_FORCPU, 0, hp->len); } lp->link = bofi_link_freelist; bofi_link_freelist = lp; lp = next_lp; } hp->link = NULL; hp->type = BOFI_NULL; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (bofi_sync_check && (hp->flags & DDI_DMA_READ)) /* * implicit sync_for_cpu - copy data back */ if (hp->allocaddr) xbcopy(hp->addr, hp->origaddr, hp->len); ddi_dmareq_mapout(hp->mapaddr, hp->len); if (bofi_sync_check && hp->allocaddr) ddi_umem_free(hp->umem_cookie); hp->mapaddr = NULL; hp->allocaddr = NULL; hp->origaddr = NULL; return (retval); } /* * our ddi_dma_sync routine */ static int bofi_dma_flush(dev_info_t *dip, dev_info_t *rdip, ddi_dma_handle_t handle, off_t off, size_t len, uint_t flags) { struct bofi_link *lp; struct bofi_errent *ep; struct bofi_shadow *hp; struct bofi_shadow *hhashp; int retval; if (flags == DDI_DMA_SYNC_FORCPU || flags == DDI_DMA_SYNC_FORKERNEL) { /* * in this case get nexus driver to do sync first */ retval = save_bus_ops.bus_dma_flush(dip, rdip, handle, off, len, flags); if (retval != DDI_SUCCESS) return (retval); } /* * check we really have a shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == handle && hp->type == BOFI_DMA_HDL) break; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (hp != hhashp) { /* * yes - do we need to copy data from original */ if (bofi_sync_check && flags == DDI_DMA_SYNC_FORDEV) if (hp->allocaddr) xbcopy(hp->origaddr+off, hp->addr+off, len ? len : (hp->len - off)); /* * yes - check if we need to corrupt the data */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); for (lp = hp->link; lp != NULL; lp = lp->link) { ep = lp->errentp; if ((((ep->errdef.access_type & BOFI_DMA_R) && (flags == DDI_DMA_SYNC_FORCPU || flags == DDI_DMA_SYNC_FORKERNEL)) || ((ep->errdef.access_type & BOFI_DMA_W) && (flags == DDI_DMA_SYNC_FORDEV))) && (ep->state & BOFI_DEV_ACTIVE)) { do_dma_corrupt(hp, ep, flags, off, len ? len : (hp->len - off)); } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); /* * do we need to copy data to original */ if (bofi_sync_check && (flags == DDI_DMA_SYNC_FORCPU || flags == DDI_DMA_SYNC_FORKERNEL)) if (hp->allocaddr) xbcopy(hp->addr+off, hp->origaddr+off, len ? len : (hp->len - off)); } if (flags == DDI_DMA_SYNC_FORDEV) /* * in this case get nexus driver to do sync last */ retval = save_bus_ops.bus_dma_flush(dip, rdip, handle, off, len, flags); return (retval); } /* * our dma_win routine */ static int bofi_dma_win(dev_info_t *dip, dev_info_t *rdip, ddi_dma_handle_t handle, uint_t win, off_t *offp, size_t *lenp, ddi_dma_cookie_t *cookiep, uint_t *ccountp) { struct bofi_shadow *hp; struct bofi_shadow *hhashp; int retval; ddi_dma_impl_t *mp; /* * call nexus to do the real work */ retval = save_bus_ops.bus_dma_win(dip, rdip, handle, win, offp, lenp, cookiep, ccountp); if (retval != DDI_SUCCESS) return (retval); /* * check we really have a shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == handle) break; if (hp != hhashp) { /* * yes - make sure DMP_NOSYNC is unset */ mp = (ddi_dma_impl_t *)handle; mp->dmai_rflags &= ~DMP_NOSYNC; } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); } /* * our dma_ctl routine */ static int bofi_dma_ctl(dev_info_t *dip, dev_info_t *rdip, ddi_dma_handle_t handle, enum ddi_dma_ctlops request, off_t *offp, size_t *lenp, caddr_t *objp, uint_t flags) { struct bofi_link *lp, *next_lp; struct bofi_errent *ep; struct bofi_shadow *hp; struct bofi_shadow *hhashp; int retval; int i; struct bofi_shadow *dummyhp; ddi_dma_impl_t *mp; /* * get nexus to do real work */ retval = save_bus_ops.bus_dma_ctl(dip, rdip, handle, request, offp, lenp, objp, flags); if (retval != DDI_SUCCESS) return (retval); /* * if driver_list is set, only intercept those drivers */ if (!driver_under_test(rdip)) return (DDI_SUCCESS); #if defined(__sparc) /* * check if this is a dvma_reserve - that one's like a * dma_allochdl and needs to be handled separately */ if (request == DDI_DMA_RESERVE) { bofi_dvma_reserve(rdip, *(ddi_dma_handle_t *)objp); return (DDI_SUCCESS); } #endif /* * check we really have a shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == handle) break; if (hp == hhashp) { mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); } /* * yes we have - see what kind of command this is */ switch (request) { case DDI_DMA_RELEASE: /* * dvma release - release dummy handle and all the index handles */ dummyhp = hp; dummyhp->hnext->hprev = dummyhp->hprev; dummyhp->hprev->hnext = dummyhp->hnext; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); for (i = 0; i < dummyhp->len; i++) { hp = dummyhp->hparrayp[i]; /* * chek none of the index handles were still loaded */ if (hp->type != BOFI_NULL) panic("driver releasing loaded dvma"); /* * remove from dhash and inuse lists */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hp->dnext->dprev = hp->dprev; hp->dprev->dnext = hp->dnext; hp->next->prev = hp->prev; hp->prev->next = hp->next; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (bofi_sync_check && hp->allocaddr) ddi_umem_free(hp->umem_cookie); kmem_free(hp, sizeof (struct bofi_shadow)); } kmem_free(dummyhp->hparrayp, dummyhp->len * sizeof (struct bofi_shadow *)); kmem_free(dummyhp, sizeof (struct bofi_shadow)); return (retval); case DDI_DMA_FREE: /* * ddi_dma_free case - remove from dhash, hhash and inuse lists */ hp->hnext->hprev = hp->hprev; hp->hprev->hnext = hp->hnext; hp->dnext->dprev = hp->dprev; hp->dprev->dnext = hp->dnext; hp->next->prev = hp->prev; hp->prev->next = hp->next; /* * free any errdef link structures tagged on to this * shadow handle */ for (lp = hp->link; lp != NULL; ) { next_lp = lp->link; /* * there is an implicit sync_for_cpu on free - * may need to corrupt */ ep = lp->errentp; if ((ep->errdef.access_type & BOFI_DMA_R) && (hp->flags & DDI_DMA_READ) && (ep->state & BOFI_DEV_ACTIVE)) { do_dma_corrupt(hp, ep, DDI_DMA_SYNC_FORCPU, 0, hp->len); } lp->link = bofi_link_freelist; bofi_link_freelist = lp; lp = next_lp; } hp->link = NULL; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (bofi_sync_check && (hp->flags & DDI_DMA_READ)) if (hp->allocaddr) xbcopy(hp->addr, hp->origaddr, hp->len); ddi_dmareq_mapout(hp->mapaddr, hp->len); if (bofi_sync_check && hp->allocaddr) ddi_umem_free(hp->umem_cookie); kmem_free(hp, sizeof (struct bofi_shadow)); return (retval); case DDI_DMA_MOVWIN: mp = (ddi_dma_impl_t *)handle; mp->dmai_rflags &= ~DMP_NOSYNC; break; case DDI_DMA_NEXTWIN: mp = (ddi_dma_impl_t *)handle; mp->dmai_rflags &= ~DMP_NOSYNC; break; default: break; } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); } #if defined(__sparc) /* * dvma reserve case from bofi_dma_ctl() */ static void bofi_dvma_reserve(dev_info_t *rdip, ddi_dma_handle_t handle) { struct bofi_shadow *hp; struct bofi_shadow *dummyhp; struct bofi_shadow *dhashp; struct bofi_shadow *hhashp; ddi_dma_impl_t *mp; struct fast_dvma *nexus_private; int i, count; mp = (ddi_dma_impl_t *)handle; count = mp->dmai_ndvmapages; /* * allocate dummy shadow handle structure */ dummyhp = kmem_zalloc(sizeof (*dummyhp), KM_SLEEP); if (mp->dmai_rflags & DMP_BYPASSNEXUS) { /* * overlay our routines over the nexus's dvma routines */ nexus_private = (struct fast_dvma *)mp->dmai_nexus_private; dummyhp->save.dvma_ops = *(nexus_private->ops); nexus_private->ops = &bofi_dvma_ops; } /* * now fill in the dummy handle. This just gets put on hhash queue * so our dvma routines can find and index off to the handle they * really want. */ (void) strncpy(dummyhp->name, ddi_get_name(rdip), NAMESIZE); dummyhp->instance = ddi_get_instance(rdip); dummyhp->rnumber = -1; dummyhp->dip = rdip; dummyhp->len = count; dummyhp->hdl.dma_handle = handle; dummyhp->link = NULL; dummyhp->type = BOFI_NULL; /* * allocate space for real handles */ dummyhp->hparrayp = kmem_alloc(count * sizeof (struct bofi_shadow *), KM_SLEEP); for (i = 0; i < count; i++) { /* * allocate shadow handle structures and fill them in */ hp = kmem_zalloc(sizeof (*hp), KM_SLEEP); (void) strncpy(hp->name, ddi_get_name(rdip), NAMESIZE); hp->instance = ddi_get_instance(rdip); hp->rnumber = -1; hp->dip = rdip; hp->hdl.dma_handle = 0; hp->link = NULL; hp->type = BOFI_NULL; if (bofi_sync_check) { unsigned long pagemask = ddi_ptob(rdip, 1) - 1; /* * Take a copy and set this to be hp->addr * Data will be copied to and from the original on * explicit and implicit ddi_dma_sync() * * - maintain page alignment because some devices * assume it. */ hp->allocaddr = ddi_umem_alloc( ((int)hp->addr & pagemask) + pagemask + 1, KM_SLEEP, &hp->umem_cookie); hp->addr = hp->allocaddr + ((int)hp->addr & pagemask); } /* * add to dhash and inuse lists. * these don't go on hhash queue. */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hp->next = shadow_list.next; shadow_list.next->prev = hp; hp->prev = &shadow_list; shadow_list.next = hp; dhashp = HDL_DHASH(hp->dip); hp->dnext = dhashp->dnext; dhashp->dnext->dprev = hp; hp->dprev = dhashp; dhashp->dnext = hp; dummyhp->hparrayp[i] = hp; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); } /* * add dummy handle to hhash list only */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(handle); dummyhp->hnext = hhashp->hnext; hhashp->hnext->hprev = dummyhp; dummyhp->hprev = hhashp; hhashp->hnext = dummyhp; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); } /* * our dvma_kaddr_load() */ static void bofi_dvma_kaddr_load(ddi_dma_handle_t h, caddr_t a, uint_t len, uint_t index, ddi_dma_cookie_t *cp) { struct bofi_shadow *dummyhp; struct bofi_shadow *hp; struct bofi_shadow *hhashp; struct bofi_errent *ep; struct bofi_link *lp; /* * check we really have a dummy shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(h); for (dummyhp = hhashp->hnext; dummyhp != hhashp; dummyhp = dummyhp->hnext) if (dummyhp->hdl.dma_handle == h) break; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (dummyhp == hhashp) { /* * no dummy shadow - panic */ panic("driver dvma_kaddr_load with no reserve"); } /* * find real hp */ hp = dummyhp->hparrayp[index]; /* * check its not already loaded */ if (hp->type != BOFI_NULL) panic("driver loading loaded dvma"); /* * if were doing copying, just need to change origaddr and get * nexus to map hp->addr again * if not, set hp->addr to new address. * - note these are always kernel virtual addresses - no need to map */ if (bofi_sync_check && hp->allocaddr) { hp->origaddr = a; a = hp->addr; } else hp->addr = a; hp->len = len; /* * get nexus to do the real work */ dummyhp->save.dvma_ops.dvma_kaddr_load(h, a, len, index, cp); /* * chain on any pre-existing errdefs that apply to this dma_handle * no need to corrupt - there's no implicit dma_sync on this one */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hp->type = BOFI_DMA_HDL; for (ep = errent_listp; ep != NULL; ep = ep->next) { if (ddi_name_to_major(hp->name) == ddi_name_to_major(ep->name) && hp->instance == ep->errdef.instance && (ep->errdef.rnumber == -1 || hp->rnumber == ep->errdef.rnumber) && ((ep->errdef.access_type & BOFI_DMA_RW) && (((uintptr_t)(hp->addr + ep->errdef.offset + ep->errdef.len) & ~LLSZMASK) > ((uintptr_t)((hp->addr + ep->errdef.offset) + LLSZMASK) & ~LLSZMASK)))) { lp = bofi_link_freelist; if (lp != NULL) { bofi_link_freelist = lp->link; lp->errentp = ep; lp->link = hp->link; hp->link = lp; } } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); } /* * our dvma_unload() */ static void bofi_dvma_unload(ddi_dma_handle_t h, uint_t index, uint_t view) { struct bofi_link *lp, *next_lp; struct bofi_errent *ep; struct bofi_shadow *dummyhp; struct bofi_shadow *hp; struct bofi_shadow *hhashp; /* * check we really have a dummy shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(h); for (dummyhp = hhashp->hnext; dummyhp != hhashp; dummyhp = dummyhp->hnext) if (dummyhp->hdl.dma_handle == h) break; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (dummyhp == hhashp) { /* * no dummy shadow - panic */ panic("driver dvma_unload with no reserve"); } dummyhp->save.dvma_ops.dvma_unload(h, index, view); /* * find real hp */ hp = dummyhp->hparrayp[index]; /* * check its not already unloaded */ if (hp->type == BOFI_NULL) panic("driver unloading unloaded dvma"); /* * free any errdef link structures tagged on to this * shadow handle - do corruption if necessary */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); for (lp = hp->link; lp != NULL; ) { next_lp = lp->link; ep = lp->errentp; if ((ep->errdef.access_type & BOFI_DMA_R) && (view == DDI_DMA_SYNC_FORCPU || view == DDI_DMA_SYNC_FORKERNEL) && (ep->state & BOFI_DEV_ACTIVE)) { do_dma_corrupt(hp, ep, view, 0, hp->len); } lp->link = bofi_link_freelist; bofi_link_freelist = lp; lp = next_lp; } hp->link = NULL; hp->type = BOFI_NULL; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); /* * if there is an explicit sync_for_cpu, then do copy to original */ if (bofi_sync_check && (view == DDI_DMA_SYNC_FORCPU || view == DDI_DMA_SYNC_FORKERNEL)) if (hp->allocaddr) xbcopy(hp->addr, hp->origaddr, hp->len); } /* * our dvma_unload() */ static void bofi_dvma_sync(ddi_dma_handle_t h, uint_t index, uint_t view) { struct bofi_link *lp; struct bofi_errent *ep; struct bofi_shadow *hp; struct bofi_shadow *dummyhp; struct bofi_shadow *hhashp; /* * check we really have a dummy shadow for this handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(h); for (dummyhp = hhashp->hnext; dummyhp != hhashp; dummyhp = dummyhp->hnext) if (dummyhp->hdl.dma_handle == h) break; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); if (dummyhp == hhashp) { /* * no dummy shadow - panic */ panic("driver dvma_sync with no reserve"); } /* * find real hp */ hp = dummyhp->hparrayp[index]; /* * check its already loaded */ if (hp->type == BOFI_NULL) panic("driver syncing unloaded dvma"); if (view == DDI_DMA_SYNC_FORCPU || view == DDI_DMA_SYNC_FORKERNEL) /* * in this case do sync first */ dummyhp->save.dvma_ops.dvma_sync(h, index, view); /* * if there is an explicit sync_for_dev, then do copy from original */ if (bofi_sync_check && view == DDI_DMA_SYNC_FORDEV) { if (hp->allocaddr) xbcopy(hp->origaddr, hp->addr, hp->len); } /* * do corruption if necessary */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); for (lp = hp->link; lp != NULL; lp = lp->link) { ep = lp->errentp; if ((((ep->errdef.access_type & BOFI_DMA_R) && (view == DDI_DMA_SYNC_FORCPU || view == DDI_DMA_SYNC_FORKERNEL)) || ((ep->errdef.access_type & BOFI_DMA_W) && (view == DDI_DMA_SYNC_FORDEV))) && (ep->state & BOFI_DEV_ACTIVE)) { do_dma_corrupt(hp, ep, view, 0, hp->len); } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); /* * if there is an explicit sync_for_cpu, then do copy to original */ if (bofi_sync_check && (view == DDI_DMA_SYNC_FORCPU || view == DDI_DMA_SYNC_FORKERNEL)) { if (hp->allocaddr) xbcopy(hp->addr, hp->origaddr, hp->len); } if (view == DDI_DMA_SYNC_FORDEV) /* * in this case do sync last */ dummyhp->save.dvma_ops.dvma_sync(h, index, view); } #endif /* * bofi intercept routine - gets called instead of users interrupt routine */ static uint_t bofi_intercept_intr(caddr_t xp) { struct bofi_errent *ep; struct bofi_link *lp; struct bofi_shadow *hp; int intr_count = 1; int i; uint_t retval = DDI_INTR_UNCLAIMED; uint_t result; int unclaimed_counter = 0; int jabber_detected = 0; hp = (struct bofi_shadow *)xp; /* * check if nothing to do */ if (hp->link == NULL) return (hp->save.intr.int_handler (hp->save.intr.int_handler_arg1, NULL)); mutex_enter(&bofi_mutex); /* * look for any errdefs */ for (lp = hp->link; lp != NULL; lp = lp->link) { ep = lp->errentp; if (ep->state & BOFI_DEV_ACTIVE) { /* * got one */ if ((ep->errdef.access_count || ep->errdef.fail_count) && (ep->errdef.access_type & BOFI_LOG)) log_acc_event(ep, BOFI_INTR, 0, 0, 1, 0); if (ep->errdef.access_count > 1) { ep->errdef.access_count--; } else if (ep->errdef.fail_count > 0) { ep->errdef.fail_count--; ep->errdef.access_count = 0; /* * OK do "corruption" */ if (ep->errstate.fail_time == 0) ep->errstate.fail_time = bofi_gettime(); switch (ep->errdef.optype) { case BOFI_DELAY_INTR: if (!hp->hilevel) { drv_usecwait (ep->errdef.operand); } break; case BOFI_LOSE_INTR: intr_count = 0; break; case BOFI_EXTRA_INTR: intr_count += ep->errdef.operand; break; default: break; } } } } mutex_exit(&bofi_mutex); /* * send extra or fewer interrupts as requested */ for (i = 0; i < intr_count; i++) { result = hp->save.intr.int_handler (hp->save.intr.int_handler_arg1, NULL); if (result == DDI_INTR_CLAIMED) unclaimed_counter >>= 1; else if (++unclaimed_counter >= 20) jabber_detected = 1; if (i == 0) retval = result; } /* * if more than 1000 spurious interrupts requested and * jabber not detected - give warning */ if (intr_count > 1000 && !jabber_detected) panic("undetected interrupt jabber: %s%d", hp->name, hp->instance); /* * return first response - or "unclaimed" if none */ return (retval); } /* * our ddi_check_acc_hdl */ /* ARGSUSED */ static int bofi_check_acc_hdl(ddi_acc_impl_t *handle) { struct bofi_shadow *hp; struct bofi_link *lp; uint_t result = 0; hp = handle->ahi_common.ah_bus_private; if (!hp->link || !mutex_tryenter(&bofi_mutex)) { return (0); } for (lp = hp->link; lp != NULL; lp = lp->link) { /* * OR in error state from all associated * errdef structures */ if (lp->errentp->errdef.access_count == 0 && (lp->errentp->state & BOFI_DEV_ACTIVE)) { result = (lp->errentp->errdef.acc_chk & 1); } } mutex_exit(&bofi_mutex); return (result); } /* * our ddi_check_dma_hdl */ /* ARGSUSED */ static int bofi_check_dma_hdl(ddi_dma_impl_t *handle) { struct bofi_shadow *hp; struct bofi_link *lp; struct bofi_shadow *hhashp; uint_t result = 0; if (!mutex_tryenter(&bofi_mutex)) { return (0); } hhashp = HDL_HHASH(handle); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) if (hp->hdl.dma_handle == (ddi_dma_handle_t)handle) break; if (hp == hhashp) { mutex_exit(&bofi_mutex); return (0); } if (!hp->link) { mutex_exit(&bofi_mutex); return (0); } for (lp = hp->link; lp != NULL; lp = lp->link) { /* * OR in error state from all associated * errdef structures */ if (lp->errentp->errdef.access_count == 0 && (lp->errentp->state & BOFI_DEV_ACTIVE)) { result = ((lp->errentp->errdef.acc_chk & 2) ? 1 : 0); } } mutex_exit(&bofi_mutex); return (result); } /* ARGSUSED */ static int bofi_post_event(dev_info_t *dip, dev_info_t *rdip, ddi_eventcookie_t eventhdl, void *impl_data) { ddi_eventcookie_t ec; struct ddi_fault_event_data *arg; struct bofi_errent *ep; struct bofi_shadow *hp; struct bofi_shadow *dhashp; struct bofi_link *lp; ASSERT(eventhdl); if (ddi_get_eventcookie(dip, DDI_DEVI_FAULT_EVENT, &ec) != DDI_SUCCESS) return (DDI_FAILURE); if (ec != eventhdl) return (save_bus_ops.bus_post_event(dip, rdip, eventhdl, impl_data)); arg = (struct ddi_fault_event_data *)impl_data; mutex_enter(&bofi_mutex); /* * find shadow handles with appropriate dev_infos * and set error reported on all associated errdef structures */ dhashp = HDL_DHASH(arg->f_dip); for (hp = dhashp->dnext; hp != dhashp; hp = hp->dnext) { if (hp->dip == arg->f_dip) { for (lp = hp->link; lp != NULL; lp = lp->link) { ep = lp->errentp; ep->errstate.errmsg_count++; if ((ep->errstate.msg_time == NULL || ep->errstate.severity > arg->f_impact) && (ep->state & BOFI_DEV_ACTIVE)) { ep->errstate.msg_time = bofi_gettime(); ep->errstate.severity = arg->f_impact; (void) strncpy(ep->errstate.buffer, arg->f_message, ERRMSGSIZE); ddi_trigger_softintr(ep->softintr_id); } } } } mutex_exit(&bofi_mutex); return (save_bus_ops.bus_post_event(dip, rdip, eventhdl, impl_data)); } /* * our intr_ops routine */ static int bofi_intr_ops(dev_info_t *dip, dev_info_t *rdip, ddi_intr_op_t intr_op, ddi_intr_handle_impl_t *hdlp, void *result) { int retval; struct bofi_shadow *hp; struct bofi_shadow *dhashp; struct bofi_shadow *hhashp; struct bofi_errent *ep; struct bofi_link *lp, *next_lp; switch (intr_op) { case DDI_INTROP_ADDISR: /* * if driver_list is set, only intercept those drivers */ if (!driver_under_test(rdip)) return (save_bus_ops.bus_intr_op(dip, rdip, intr_op, hdlp, result)); /* * allocate shadow handle structure and fill in */ hp = kmem_zalloc(sizeof (struct bofi_shadow), KM_SLEEP); (void) strncpy(hp->name, ddi_get_name(rdip), NAMESIZE); hp->instance = ddi_get_instance(rdip); hp->save.intr.int_handler = hdlp->ih_cb_func; hp->save.intr.int_handler_arg1 = hdlp->ih_cb_arg1; hdlp->ih_cb_func = (ddi_intr_handler_t *)bofi_intercept_intr; hdlp->ih_cb_arg1 = (caddr_t)hp; hp->bofi_inum = hdlp->ih_inum; hp->dip = rdip; hp->link = NULL; hp->type = BOFI_INT_HDL; /* * save whether hilevel or not */ if (hdlp->ih_pri >= ddi_intr_get_hilevel_pri()) hp->hilevel = 1; else hp->hilevel = 0; /* * call nexus to do real work, but specifying our handler, and * our shadow handle as argument */ retval = save_bus_ops.bus_intr_op(dip, rdip, intr_op, hdlp, result); if (retval != DDI_SUCCESS) { kmem_free(hp, sizeof (struct bofi_shadow)); return (retval); } /* * add to dhash, hhash and inuse lists */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hp->next = shadow_list.next; shadow_list.next->prev = hp; hp->prev = &shadow_list; shadow_list.next = hp; hhashp = HDL_HHASH(hdlp->ih_inum); hp->hnext = hhashp->hnext; hhashp->hnext->hprev = hp; hp->hprev = hhashp; hhashp->hnext = hp; dhashp = HDL_DHASH(hp->dip); hp->dnext = dhashp->dnext; dhashp->dnext->dprev = hp; hp->dprev = dhashp; dhashp->dnext = hp; /* * chain on any pre-existing errdefs that apply to this * acc_handle */ for (ep = errent_listp; ep != NULL; ep = ep->next) { if (ddi_name_to_major(hp->name) == ddi_name_to_major(ep->name) && hp->instance == ep->errdef.instance && (ep->errdef.access_type & BOFI_INTR)) { lp = bofi_link_freelist; if (lp != NULL) { bofi_link_freelist = lp->link; lp->errentp = ep; lp->link = hp->link; hp->link = lp; } } } mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); case DDI_INTROP_REMISR: /* * call nexus routine first */ retval = save_bus_ops.bus_intr_op(dip, rdip, intr_op, hdlp, result); /* * find shadow handle */ mutex_enter(&bofi_low_mutex); mutex_enter(&bofi_mutex); hhashp = HDL_HHASH(hdlp->ih_inum); for (hp = hhashp->hnext; hp != hhashp; hp = hp->hnext) { if (hp->dip == rdip && hp->type == BOFI_INT_HDL && hp->bofi_inum == hdlp->ih_inum) { break; } } if (hp == hhashp) { mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); return (retval); } /* * found one - remove from dhash, hhash and inuse lists */ hp->hnext->hprev = hp->hprev; hp->hprev->hnext = hp->hnext; hp->dnext->dprev = hp->dprev; hp->dprev->dnext = hp->dnext; hp->next->prev = hp->prev; hp->prev->next = hp->next; /* * free any errdef link structures * tagged on to this shadow handle */ for (lp = hp->link; lp != NULL; ) { next_lp = lp->link; lp->link = bofi_link_freelist; bofi_link_freelist = lp; lp = next_lp; } hp->link = NULL; mutex_exit(&bofi_mutex); mutex_exit(&bofi_low_mutex); kmem_free(hp, sizeof (struct bofi_shadow)); return (retval); default: return (save_bus_ops.bus_intr_op(dip, rdip, intr_op, hdlp, result)); } }