xref: /freebsd/sys/dev/firewire/sbp.c (revision a05a680469a7ac77b195021fed74e3aa58152dd7)
1 /*-
2  * SPDX-License-Identifier: BSD-4-Clause
3  *
4  * Copyright (c) 2003 Hidetoshi Shimokawa
5  * Copyright (c) 1998-2002 Katsushi Kobayashi and Hidetoshi Shimokawa
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. All advertising materials mentioning features or use of this software
17  *    must display the acknowledgement as bellow:
18  *
19  *    This product includes software developed by K. Kobayashi and H. Shimokawa
20  *
21  * 4. The name of the author may not be used to endorse or promote products
22  *    derived from this software without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
28  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
30  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
32  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
33  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34  * POSSIBILITY OF SUCH DAMAGE.
35  *
36  */
37 
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/module.h>
41 #include <sys/bus.h>
42 #include <sys/kernel.h>
43 #include <sys/sysctl.h>
44 #include <machine/bus.h>
45 #include <sys/malloc.h>
46 #include <sys/lock.h>
47 #include <sys/mutex.h>
48 
49 #include <cam/cam.h>
50 #include <cam/cam_ccb.h>
51 #include <cam/cam_sim.h>
52 #include <cam/cam_xpt_sim.h>
53 #include <cam/cam_debug.h>
54 #include <cam/cam_periph.h>
55 #include <cam/scsi/scsi_all.h>
56 
57 #include <dev/firewire/firewire.h>
58 #include <dev/firewire/firewirereg.h>
59 #include <dev/firewire/fwdma.h>
60 #include <dev/firewire/iec13213.h>
61 #include <dev/firewire/sbp.h>
62 
63 #define ccb_sdev_ptr	spriv_ptr0
64 #define ccb_sbp_ptr	spriv_ptr1
65 
66 #define SBP_NUM_TARGETS 8 /* MAX 64 */
67 /*
68  * Scan_bus doesn't work for more than 8 LUNs
69  * because of CAM_SCSI2_MAXLUN in cam_xpt.c
70  */
71 #define SBP_NUM_LUNS 64
72 #define SBP_MAXPHYS  (128 * 1024)
73 #define SBP_DMA_SIZE PAGE_SIZE
74 #define SBP_LOGIN_SIZE sizeof(struct sbp_login_res)
75 #define SBP_QUEUE_LEN ((SBP_DMA_SIZE - SBP_LOGIN_SIZE) / sizeof(struct sbp_ocb))
76 #define SBP_NUM_OCB (SBP_QUEUE_LEN * SBP_NUM_TARGETS)
77 
78 /*
79  * STATUS FIFO addressing
80  *   bit
81  *-----------------------
82  *  0- 1( 2): 0 (alignment)
83  *  2- 7( 6): target
84  *  8-15( 8): lun
85  * 16-31( 8): reserved
86  * 32-47(16): SBP_BIND_HI
87  * 48-64(16): bus_id, node_id
88  */
89 #define SBP_BIND_HI 0x1
90 #define SBP_DEV2ADDR(t, l) \
91 	(((u_int64_t)SBP_BIND_HI << 32) \
92 	| (((l) & 0xff) << 8) \
93 	| (((t) & 0x3f) << 2))
94 #define SBP_ADDR2TRG(a)	(((a) >> 2) & 0x3f)
95 #define SBP_ADDR2LUN(a)	(((a) >> 8) & 0xff)
96 #define SBP_INITIATOR 7
97 
98 static char *orb_fun_name[] = {
99 	ORB_FUN_NAMES
100 };
101 
102 static int debug = 0;
103 static int auto_login = 1;
104 static int max_speed = -1;
105 static int sbp_cold = 1;
106 static int ex_login = 1;
107 static int login_delay = 1000;	/* msec */
108 static int scan_delay = 500;	/* msec */
109 static int use_doorbell = 0;
110 static int sbp_tags = 0;
111 
112 SYSCTL_DECL(_hw_firewire);
113 static SYSCTL_NODE(_hw_firewire, OID_AUTO, sbp, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
114     "SBP-II Subsystem");
115 SYSCTL_INT(_debug, OID_AUTO, sbp_debug, CTLFLAG_RWTUN, &debug, 0,
116 	"SBP debug flag");
117 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, auto_login, CTLFLAG_RWTUN, &auto_login, 0,
118 	"SBP perform login automatically");
119 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, max_speed, CTLFLAG_RWTUN, &max_speed, 0,
120 	"SBP transfer max speed");
121 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, exclusive_login, CTLFLAG_RWTUN,
122 	&ex_login, 0, "SBP enable exclusive login");
123 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, login_delay, CTLFLAG_RWTUN,
124 	&login_delay, 0, "SBP login delay in msec");
125 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, scan_delay, CTLFLAG_RWTUN,
126 	&scan_delay, 0, "SBP scan delay in msec");
127 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, use_doorbell, CTLFLAG_RWTUN,
128 	&use_doorbell, 0, "SBP use doorbell request");
129 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, tags, CTLFLAG_RWTUN, &sbp_tags, 0,
130 	"SBP tagged queuing support");
131 
132 #define NEED_RESPONSE 0
133 
134 #define SBP_SEG_MAX rounddown(0xffff, PAGE_SIZE)
135 #define SBP_IND_MAX howmany(SBP_MAXPHYS, PAGE_SIZE)
136 struct sbp_ocb {
137 	STAILQ_ENTRY(sbp_ocb)	ocb;
138 	union ccb	*ccb;
139 	bus_addr_t	bus_addr;
140 	uint32_t	orb[8];
141 #define IND_PTR_OFFSET	(8*sizeof(uint32_t))
142 	struct ind_ptr  ind_ptr[SBP_IND_MAX];
143 	struct sbp_dev	*sdev;
144 	int		flags; /* XXX should be removed */
145 	bus_dmamap_t	dmamap;
146 	struct callout	timer;
147 };
148 
149 #define OCB_ACT_MGM 0
150 #define OCB_ACT_CMD 1
151 #define OCB_MATCH(o,s)	((o)->bus_addr == ntohl((s)->orb_lo))
152 
153 struct sbp_dev {
154 #define SBP_DEV_RESET		0	/* accept login */
155 #define SBP_DEV_LOGIN		1	/* to login */
156 #if 0
157 #define SBP_DEV_RECONN		2	/* to reconnect */
158 #endif
159 #define SBP_DEV_TOATTACH	3	/* to attach */
160 #define SBP_DEV_PROBE		4	/* scan lun */
161 #define SBP_DEV_ATTACHED	5	/* in operation */
162 #define SBP_DEV_DEAD		6	/* unavailable unit */
163 #define SBP_DEV_RETRY		7	/* unavailable unit */
164 	uint8_t status:4,
165 		 timeout:4;
166 	uint8_t type;
167 	uint16_t lun_id;
168 	uint16_t freeze;
169 #define	ORB_LINK_DEAD		(1 << 0)
170 #define	VALID_LUN		(1 << 1)
171 #define	ORB_POINTER_ACTIVE	(1 << 2)
172 #define	ORB_POINTER_NEED	(1 << 3)
173 #define	ORB_DOORBELL_ACTIVE	(1 << 4)
174 #define	ORB_DOORBELL_NEED	(1 << 5)
175 #define	ORB_SHORTAGE		(1 << 6)
176 	uint16_t flags;
177 	struct cam_path *path;
178 	struct sbp_target *target;
179 	struct fwdma_alloc dma;
180 	struct sbp_login_res *login;
181 	struct callout login_callout;
182 	struct sbp_ocb *ocb;
183 	STAILQ_HEAD(, sbp_ocb) ocbs;
184 	STAILQ_HEAD(, sbp_ocb) free_ocbs;
185 	struct sbp_ocb *last_ocb;
186 	char vendor[32];
187 	char product[32];
188 	char revision[10];
189 	char bustgtlun[32];
190 };
191 
192 struct sbp_target {
193 	int target_id;
194 	int num_lun;
195 	struct sbp_dev	**luns;
196 	struct sbp_softc *sbp;
197 	struct fw_device *fwdev;
198 	uint32_t mgm_hi, mgm_lo;
199 	struct sbp_ocb *mgm_ocb_cur;
200 	STAILQ_HEAD(, sbp_ocb) mgm_ocb_queue;
201 	struct callout mgm_ocb_timeout;
202 	struct callout scan_callout;
203 	STAILQ_HEAD(, fw_xfer) xferlist;
204 	int n_xfer;
205 };
206 
207 struct sbp_softc {
208 	struct firewire_dev_comm fd;
209 	struct cam_sim  *sim;
210 	struct cam_path  *path;
211 	struct sbp_target targets[SBP_NUM_TARGETS];
212 	struct fw_bind fwb;
213 	bus_dma_tag_t	dmat;
214 	struct timeval last_busreset;
215 #define SIMQ_FREEZED 1
216 	int flags;
217 	struct mtx mtx;
218 };
219 #define	SBP_LOCK(sbp)		mtx_lock(&(sbp)->mtx)
220 #define	SBP_UNLOCK(sbp)		mtx_unlock(&(sbp)->mtx)
221 #define	SBP_LOCK_ASSERT(sbp)	mtx_assert(&(sbp)->mtx, MA_OWNED)
222 
223 static void sbp_post_explore (void *);
224 static void sbp_recv (struct fw_xfer *);
225 static void sbp_mgm_callback (struct fw_xfer *);
226 #if 0
227 static void sbp_cmd_callback (struct fw_xfer *);
228 #endif
229 static void sbp_orb_pointer (struct sbp_dev *, struct sbp_ocb *);
230 static void sbp_doorbell(struct sbp_dev *);
231 static void sbp_execute_ocb (void *, bus_dma_segment_t *, int, int);
232 static void sbp_free_ocb (struct sbp_dev *, struct sbp_ocb *);
233 static void sbp_abort_ocb (struct sbp_ocb *, int);
234 static void sbp_abort_all_ocbs (struct sbp_dev *, int);
235 static struct fw_xfer * sbp_write_cmd (struct sbp_dev *, int, int);
236 static struct sbp_ocb * sbp_get_ocb (struct sbp_dev *);
237 static struct sbp_ocb * sbp_enqueue_ocb (struct sbp_dev *, struct sbp_ocb *);
238 static struct sbp_ocb * sbp_dequeue_ocb (struct sbp_dev *, struct sbp_status *);
239 static void sbp_cam_detach_sdev(struct sbp_dev *);
240 static void sbp_free_sdev(struct sbp_dev *);
241 static void sbp_cam_detach_target (struct sbp_target *);
242 static void sbp_free_target (struct sbp_target *);
243 static void sbp_mgm_timeout (void *arg);
244 static void sbp_timeout (void *arg);
245 static void sbp_mgm_orb (struct sbp_dev *, int, struct sbp_ocb *);
246 
247 static MALLOC_DEFINE(M_SBP, "sbp", "SBP-II/FireWire");
248 
249 /* cam related functions */
250 static void	sbp_action(struct cam_sim *sim, union ccb *ccb);
251 static void	sbp_poll(struct cam_sim *sim);
252 static void	sbp_cam_scan_lun(struct cam_periph *, union ccb *);
253 static void	sbp_cam_scan_target(void *arg);
254 
255 static char *orb_status0[] = {
256 	/* 0 */ "No additional information to report",
257 	/* 1 */ "Request type not supported",
258 	/* 2 */ "Speed not supported",
259 	/* 3 */ "Page size not supported",
260 	/* 4 */ "Access denied",
261 	/* 5 */ "Logical unit not supported",
262 	/* 6 */ "Maximum payload too small",
263 	/* 7 */ "Reserved for future standardization",
264 	/* 8 */ "Resources unavailable",
265 	/* 9 */ "Function rejected",
266 	/* A */ "Login ID not recognized",
267 	/* B */ "Dummy ORB completed",
268 	/* C */ "Request aborted",
269 	/* FF */ "Unspecified error"
270 #define MAX_ORB_STATUS0 0xd
271 };
272 
273 static char *orb_status1_object[] = {
274 	/* 0 */ "Operation request block (ORB)",
275 	/* 1 */ "Data buffer",
276 	/* 2 */ "Page table",
277 	/* 3 */ "Unable to specify"
278 };
279 
280 static char *orb_status1_serial_bus_error[] = {
281 	/* 0 */ "Missing acknowledge",
282 	/* 1 */ "Reserved; not to be used",
283 	/* 2 */ "Time-out error",
284 	/* 3 */ "Reserved; not to be used",
285 	/* 4 */ "Busy retry limit exceeded(X)",
286 	/* 5 */ "Busy retry limit exceeded(A)",
287 	/* 6 */ "Busy retry limit exceeded(B)",
288 	/* 7 */ "Reserved for future standardization",
289 	/* 8 */ "Reserved for future standardization",
290 	/* 9 */ "Reserved for future standardization",
291 	/* A */ "Reserved for future standardization",
292 	/* B */ "Tardy retry limit exceeded",
293 	/* C */ "Conflict error",
294 	/* D */ "Data error",
295 	/* E */ "Type error",
296 	/* F */ "Address error"
297 };
298 
299 static void
300 sbp_identify(driver_t *driver, device_t parent)
301 {
302 SBP_DEBUG(0)
303 	printf("sbp_identify\n");
304 END_DEBUG
305 
306 	if (device_find_child(parent, "sbp", -1) == NULL)
307 		BUS_ADD_CHILD(parent, 0, "sbp", DEVICE_UNIT_ANY);
308 }
309 
310 /*
311  * sbp_probe()
312  */
313 static int
314 sbp_probe(device_t dev)
315 {
316 
317 SBP_DEBUG(0)
318 	printf("sbp_probe\n");
319 END_DEBUG
320 
321 	device_set_desc(dev, "SBP-2/SCSI over FireWire");
322 
323 #if 0
324 	if (bootverbose)
325 		debug = bootverbose;
326 #endif
327 
328 	return (0);
329 }
330 
331 /*
332  * Display device characteristics on the console
333  */
334 static void
335 sbp_show_sdev_info(struct sbp_dev *sdev)
336 {
337 	struct fw_device *fwdev;
338 
339 	fwdev = sdev->target->fwdev;
340 	device_printf(sdev->target->sbp->fd.dev,
341 		"%s: %s: ordered:%d type:%d EUI:%08x%08x node:%d "
342 		"speed:%d maxrec:%d\n",
343 		__func__,
344 		sdev->bustgtlun,
345 		(sdev->type & 0x40) >> 6,
346 		(sdev->type & 0x1f),
347 		fwdev->eui.hi,
348 		fwdev->eui.lo,
349 		fwdev->dst,
350 		fwdev->speed,
351 		fwdev->maxrec);
352 
353 	device_printf(sdev->target->sbp->fd.dev,
354 			"%s: %s '%s' '%s' '%s'\n",
355 			__func__,
356 			sdev->bustgtlun,
357 			sdev->vendor,
358 			sdev->product,
359 			sdev->revision);
360 }
361 
362 static struct {
363 	int bus;
364 	int target;
365 	struct fw_eui64 eui;
366 } wired[] = {
367 	/* Bus	Target	EUI64 */
368 #if 0
369 	{0,	2,	{0x00018ea0, 0x01fd0154}},	/* Logitec HDD */
370 	{0,	0,	{0x00018ea6, 0x00100682}},	/* Logitec DVD */
371 	{0,	1,	{0x00d03200, 0xa412006a}},	/* Yano HDD */
372 #endif
373 	{-1,	-1,	{0,0}}
374 };
375 
376 static int
377 sbp_new_target(struct sbp_softc *sbp, struct fw_device *fwdev)
378 {
379 	int bus, i, target=-1;
380 	char w[SBP_NUM_TARGETS];
381 
382 	bzero(w, sizeof(w));
383 	bus = device_get_unit(sbp->fd.dev);
384 
385 	/* XXX wired-down configuration should be gotten from
386 					tunable or device hint */
387 	for (i = 0; wired[i].bus >= 0; i++) {
388 		if (wired[i].bus == bus) {
389 			w[wired[i].target] = 1;
390 			if (wired[i].eui.hi == fwdev->eui.hi &&
391 					wired[i].eui.lo == fwdev->eui.lo)
392 				target = wired[i].target;
393 		}
394 	}
395 	if (target >= 0) {
396 		if (target < SBP_NUM_TARGETS &&
397 				sbp->targets[target].fwdev == NULL)
398 			return (target);
399 		device_printf(sbp->fd.dev,
400 			"target %d is not free for %08x:%08x\n",
401 			target, fwdev->eui.hi, fwdev->eui.lo);
402 		target = -1;
403 	}
404 	/* non-wired target */
405 	for (i = 0; i < SBP_NUM_TARGETS; i++)
406 		if (sbp->targets[i].fwdev == NULL && w[i] == 0) {
407 			target = i;
408 			break;
409 		}
410 
411 	return target;
412 }
413 
414 static void
415 sbp_alloc_lun(struct sbp_target *target)
416 {
417 	struct crom_context cc;
418 	struct csrreg *reg;
419 	struct sbp_dev *sdev, **newluns;
420 	struct sbp_softc *sbp;
421 	int maxlun, lun, i;
422 
423 	sbp = target->sbp;
424 	crom_init_context(&cc, target->fwdev->csrrom);
425 	/* XXX shoud parse appropriate unit directories only */
426 	maxlun = -1;
427 	while (cc.depth >= 0) {
428 		reg = crom_search_key(&cc, CROM_LUN);
429 		if (reg == NULL)
430 			break;
431 		lun = reg->val & 0xffff;
432 SBP_DEBUG(0)
433 		printf("target %d lun %d found\n", target->target_id, lun);
434 END_DEBUG
435 		if (maxlun < lun)
436 			maxlun = lun;
437 		crom_next(&cc);
438 	}
439 	if (maxlun < 0)
440 		device_printf(target->sbp->fd.dev, "%d no LUN found\n",
441 		    target->target_id);
442 
443 	maxlun++;
444 	if (maxlun >= SBP_NUM_LUNS)
445 		maxlun = SBP_NUM_LUNS;
446 
447 	/* Invalidiate stale devices */
448 	for (lun = 0; lun < target->num_lun; lun++) {
449 		sdev = target->luns[lun];
450 		if (sdev == NULL)
451 			continue;
452 		sdev->flags &= ~VALID_LUN;
453 		if (lun >= maxlun) {
454 			/* lost device */
455 			sbp_cam_detach_sdev(sdev);
456 			sbp_free_sdev(sdev);
457 			target->luns[lun] = NULL;
458 		}
459 	}
460 
461 	/* Reallocate */
462 	if (maxlun != target->num_lun) {
463 		newluns = (struct sbp_dev **) realloc(target->luns,
464 		    sizeof(struct sbp_dev *) * maxlun,
465 		    M_SBP, M_NOWAIT | M_ZERO);
466 
467 		if (newluns == NULL) {
468 			printf("%s: realloc failed\n", __func__);
469 			newluns = target->luns;
470 			maxlun = target->num_lun;
471 		}
472 
473 		/*
474 		 * We must zero the extended region for the case
475 		 * realloc() doesn't allocate new buffer.
476 		 */
477 		if (maxlun > target->num_lun)
478 			bzero(&newluns[target->num_lun],
479 			    sizeof(struct sbp_dev *) *
480 			    (maxlun - target->num_lun));
481 
482 		target->luns = newluns;
483 		target->num_lun = maxlun;
484 	}
485 
486 	crom_init_context(&cc, target->fwdev->csrrom);
487 	while (cc.depth >= 0) {
488 		int new = 0;
489 
490 		reg = crom_search_key(&cc, CROM_LUN);
491 		if (reg == NULL)
492 			break;
493 		lun = reg->val & 0xffff;
494 		if (lun >= SBP_NUM_LUNS) {
495 			printf("too large lun %d\n", lun);
496 			goto next;
497 		}
498 
499 		sdev = target->luns[lun];
500 		if (sdev == NULL) {
501 			sdev = malloc(sizeof(struct sbp_dev),
502 			    M_SBP, M_NOWAIT | M_ZERO);
503 			if (sdev == NULL) {
504 				printf("%s: malloc failed\n", __func__);
505 				goto next;
506 			}
507 			target->luns[lun] = sdev;
508 			sdev->lun_id = lun;
509 			sdev->target = target;
510 			STAILQ_INIT(&sdev->ocbs);
511 			callout_init_mtx(&sdev->login_callout, &sbp->mtx, 0);
512 			sdev->status = SBP_DEV_RESET;
513 			new = 1;
514 			snprintf(sdev->bustgtlun, 32, "%s:%d:%d",
515 					device_get_nameunit(sdev->target->sbp->fd.dev),
516 					sdev->target->target_id,
517 					sdev->lun_id);
518 		}
519 		sdev->flags |= VALID_LUN;
520 		sdev->type = (reg->val & 0xff0000) >> 16;
521 
522 		if (new == 0)
523 			goto next;
524 
525 		fwdma_malloc(sbp->fd.fc,
526 			/* alignment */ sizeof(uint32_t),
527 			SBP_DMA_SIZE, &sdev->dma, BUS_DMA_NOWAIT |
528 			BUS_DMA_COHERENT);
529 		if (sdev->dma.v_addr == NULL) {
530 			printf("%s: dma space allocation failed\n",
531 							__func__);
532 			free(sdev, M_SBP);
533 			target->luns[lun] = NULL;
534 			goto next;
535 		}
536 		sdev->login = (struct sbp_login_res *) sdev->dma.v_addr;
537 		sdev->ocb = (struct sbp_ocb *)
538 				((char *)sdev->dma.v_addr + SBP_LOGIN_SIZE);
539 		bzero((char *)sdev->ocb,
540 			sizeof(struct sbp_ocb) * SBP_QUEUE_LEN);
541 
542 		STAILQ_INIT(&sdev->free_ocbs);
543 		for (i = 0; i < SBP_QUEUE_LEN; i++) {
544 			struct sbp_ocb *ocb;
545 			ocb = &sdev->ocb[i];
546 			ocb->bus_addr = sdev->dma.bus_addr
547 				+ SBP_LOGIN_SIZE
548 				+ sizeof(struct sbp_ocb) * i
549 				+ offsetof(struct sbp_ocb, orb[0]);
550 			if (bus_dmamap_create(sbp->dmat, 0, &ocb->dmamap)) {
551 				printf("sbp_attach: cannot create dmamap\n");
552 				/* XXX */
553 				goto next;
554 			}
555 			callout_init_mtx(&ocb->timer, &sbp->mtx, 0);
556 			SBP_LOCK(sbp);
557 			sbp_free_ocb(sdev, ocb);
558 			SBP_UNLOCK(sbp);
559 		}
560 next:
561 		crom_next(&cc);
562 	}
563 
564 	for (lun = 0; lun < target->num_lun; lun++) {
565 		sdev = target->luns[lun];
566 		if (sdev != NULL && (sdev->flags & VALID_LUN) == 0) {
567 			sbp_cam_detach_sdev(sdev);
568 			sbp_free_sdev(sdev);
569 			target->luns[lun] = NULL;
570 		}
571 	}
572 }
573 
574 static struct sbp_target *
575 sbp_alloc_target(struct sbp_softc *sbp, struct fw_device *fwdev)
576 {
577 	int i;
578 	struct sbp_target *target;
579 	struct crom_context cc;
580 	struct csrreg *reg;
581 
582 SBP_DEBUG(1)
583 	printf("sbp_alloc_target\n");
584 END_DEBUG
585 	i = sbp_new_target(sbp, fwdev);
586 	if (i < 0) {
587 		device_printf(sbp->fd.dev, "increase SBP_NUM_TARGETS!\n");
588 		return NULL;
589 	}
590 	/* new target */
591 	target = &sbp->targets[i];
592 	target->fwdev = fwdev;
593 	target->target_id = i;
594 	/* XXX we may want to reload mgm port after each bus reset */
595 	/* XXX there might be multiple management agents */
596 	crom_init_context(&cc, target->fwdev->csrrom);
597 	reg = crom_search_key(&cc, CROM_MGM);
598 	if (reg == NULL || reg->val == 0) {
599 		printf("NULL management address\n");
600 		target->fwdev = NULL;
601 		return NULL;
602 	}
603 	target->mgm_hi = 0xffff;
604 	target->mgm_lo = 0xf0000000 | (reg->val << 2);
605 	target->mgm_ocb_cur = NULL;
606 SBP_DEBUG(1)
607 	printf("target:%d mgm_port: %x\n", i, target->mgm_lo);
608 END_DEBUG
609 	STAILQ_INIT(&target->xferlist);
610 	target->n_xfer = 0;
611 	STAILQ_INIT(&target->mgm_ocb_queue);
612 	callout_init_mtx(&target->mgm_ocb_timeout, &sbp->mtx, 0);
613 	callout_init_mtx(&target->scan_callout, &sbp->mtx, 0);
614 
615 	target->luns = NULL;
616 	target->num_lun = 0;
617 	return target;
618 }
619 
620 static void
621 sbp_probe_lun(struct sbp_dev *sdev)
622 {
623 	struct fw_device *fwdev;
624 	struct crom_context c, *cc = &c;
625 	struct csrreg *reg;
626 
627 	bzero(sdev->vendor, sizeof(sdev->vendor));
628 	bzero(sdev->product, sizeof(sdev->product));
629 
630 	fwdev = sdev->target->fwdev;
631 	crom_init_context(cc, fwdev->csrrom);
632 	/* get vendor string */
633 	crom_search_key(cc, CSRKEY_VENDOR);
634 	crom_next(cc);
635 	crom_parse_text(cc, sdev->vendor, sizeof(sdev->vendor));
636 	/* skip to the unit directory for SBP-2 */
637 	while ((reg = crom_search_key(cc, CSRKEY_VER)) != NULL) {
638 		if (reg->val == CSRVAL_T10SBP2)
639 			break;
640 		crom_next(cc);
641 	}
642 	/* get firmware revision */
643 	reg = crom_search_key(cc, CSRKEY_FIRM_VER);
644 	if (reg != NULL)
645 		snprintf(sdev->revision, sizeof(sdev->revision),
646 						"%06x", reg->val);
647 	/* get product string */
648 	crom_search_key(cc, CSRKEY_MODEL);
649 	crom_next(cc);
650 	crom_parse_text(cc, sdev->product, sizeof(sdev->product));
651 }
652 
653 static void
654 sbp_login_callout(void *arg)
655 {
656 	struct sbp_dev *sdev = (struct sbp_dev *)arg;
657 	SBP_LOCK_ASSERT(sdev->target->sbp);
658 	sbp_mgm_orb(sdev, ORB_FUN_LGI, NULL);
659 }
660 
661 static void
662 sbp_login(struct sbp_dev *sdev)
663 {
664 	struct timeval delta;
665 	struct timeval t;
666 	int ticks = 0;
667 
668 	microtime(&delta);
669 	timevalsub(&delta, &sdev->target->sbp->last_busreset);
670 	t.tv_sec = login_delay / 1000;
671 	t.tv_usec = (login_delay % 1000) * 1000;
672 	timevalsub(&t, &delta);
673 	if (t.tv_sec >= 0 && t.tv_usec > 0)
674 		ticks = (t.tv_sec * 1000 + t.tv_usec / 1000) * hz / 1000;
675 SBP_DEBUG(0)
676 	printf("%s: sec = %jd usec = %ld ticks = %d\n", __func__,
677 	    (intmax_t)t.tv_sec, t.tv_usec, ticks);
678 END_DEBUG
679 	callout_reset(&sdev->login_callout, ticks,
680 			sbp_login_callout, (void *)(sdev));
681 }
682 
683 #define SBP_FWDEV_ALIVE(fwdev) (((fwdev)->status == FWDEVATTACHED) \
684 	&& crom_has_specver((fwdev)->csrrom, CSRVAL_ANSIT10, CSRVAL_T10SBP2))
685 
686 static void
687 sbp_probe_target(struct sbp_target *target)
688 {
689 	struct sbp_softc *sbp = target->sbp;
690 	struct sbp_dev *sdev;
691 	int i, alive;
692 
693 	alive = SBP_FWDEV_ALIVE(target->fwdev);
694 SBP_DEBUG(1)
695 	device_printf(sbp->fd.dev, "%s %d%salive\n",
696 		 __func__, target->target_id,
697 		(!alive) ? " not " : "");
698 END_DEBUG
699 
700 	sbp_alloc_lun(target);
701 
702 	/* XXX untimeout mgm_ocb and dequeue */
703 	for (i=0; i < target->num_lun; i++) {
704 		sdev = target->luns[i];
705 		if (sdev == NULL)
706 			continue;
707 		if (alive && (sdev->status != SBP_DEV_DEAD)) {
708 			if (sdev->path != NULL) {
709 				xpt_freeze_devq(sdev->path, 1);
710 				sdev->freeze++;
711 			}
712 			sbp_probe_lun(sdev);
713 			sbp_show_sdev_info(sdev);
714 
715 			SBP_LOCK(sbp);
716 			sbp_abort_all_ocbs(sdev, CAM_SCSI_BUS_RESET);
717 			SBP_UNLOCK(sbp);
718 			switch (sdev->status) {
719 			case SBP_DEV_RESET:
720 				/* new or revived target */
721 				if (auto_login)
722 					sbp_login(sdev);
723 				break;
724 			case SBP_DEV_TOATTACH:
725 			case SBP_DEV_PROBE:
726 			case SBP_DEV_ATTACHED:
727 			case SBP_DEV_RETRY:
728 			default:
729 				sbp_mgm_orb(sdev, ORB_FUN_RCN, NULL);
730 				break;
731 			}
732 		} else {
733 			switch (sdev->status) {
734 			case SBP_DEV_ATTACHED:
735 SBP_DEBUG(0)
736 				/* the device has gone */
737 				device_printf(sbp->fd.dev, "%s: lost target\n",
738 					__func__);
739 END_DEBUG
740 				if (sdev->path) {
741 					xpt_freeze_devq(sdev->path, 1);
742 					sdev->freeze++;
743 				}
744 				sdev->status = SBP_DEV_RETRY;
745 				sbp_cam_detach_sdev(sdev);
746 				sbp_free_sdev(sdev);
747 				target->luns[i] = NULL;
748 				break;
749 			case SBP_DEV_PROBE:
750 			case SBP_DEV_TOATTACH:
751 				sdev->status = SBP_DEV_RESET;
752 				break;
753 			case SBP_DEV_RETRY:
754 			case SBP_DEV_RESET:
755 			case SBP_DEV_DEAD:
756 				break;
757 			}
758 		}
759 	}
760 }
761 
762 static void
763 sbp_post_busreset(void *arg)
764 {
765 	struct sbp_softc *sbp;
766 
767 	sbp = (struct sbp_softc *)arg;
768 SBP_DEBUG(0)
769 	printf("sbp_post_busreset\n");
770 END_DEBUG
771 	SBP_LOCK(sbp);
772 	if ((sbp->flags & SIMQ_FREEZED) == 0) {
773 		xpt_freeze_simq(sbp->sim, /*count*/1);
774 		sbp->flags |= SIMQ_FREEZED;
775 	}
776 	microtime(&sbp->last_busreset);
777 	SBP_UNLOCK(sbp);
778 }
779 
780 static void
781 sbp_post_explore(void *arg)
782 {
783 	struct sbp_softc *sbp = (struct sbp_softc *)arg;
784 	struct sbp_target *target;
785 	struct fw_device *fwdev;
786 	int i, alive;
787 
788 SBP_DEBUG(0)
789 	printf("sbp_post_explore (sbp_cold=%d)\n", sbp_cold);
790 END_DEBUG
791 	/* We need physical access */
792 	if (!firewire_phydma_enable)
793 		return;
794 
795 	if (sbp_cold > 0)
796 		sbp_cold--;
797 
798 	SBP_LOCK(sbp);
799 
800 	/* Garbage Collection */
801 	for (i = 0; i < SBP_NUM_TARGETS; i++) {
802 		target = &sbp->targets[i];
803 		if (target->fwdev == NULL)
804 			continue;
805 
806 		STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link)
807 			if (target->fwdev == fwdev)
808 				break;
809 		if (fwdev == NULL) {
810 			/* device has removed in lower driver */
811 			sbp_cam_detach_target(target);
812 			sbp_free_target(target);
813 		}
814 	}
815 
816 	/* traverse device list */
817 	STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link) {
818 SBP_DEBUG(0)
819 		device_printf(sbp->fd.dev,"%s:: EUI:%08x%08x %s attached, state=%d\n",
820 				__func__, fwdev->eui.hi, fwdev->eui.lo,
821 				(fwdev->status != FWDEVATTACHED) ? "not" : "",
822 				fwdev->status);
823 END_DEBUG
824 		alive = SBP_FWDEV_ALIVE(fwdev);
825 		for (i = 0; i < SBP_NUM_TARGETS; i++) {
826 			target = &sbp->targets[i];
827 			if (target->fwdev == fwdev) {
828 				/* known target */
829 				break;
830 			}
831 		}
832 		if (i == SBP_NUM_TARGETS) {
833 			if (alive) {
834 				/* new target */
835 				target = sbp_alloc_target(sbp, fwdev);
836 				if (target == NULL)
837 					continue;
838 			} else {
839 				continue;
840 			}
841 		}
842 
843 		/*
844 		 * It is safe to drop the lock here as the target is already
845 		 * reserved, so there should be no contenders for it.
846 		 * And the target is not yet exposed, so there should not be
847 		 * any other accesses to it.
848 		 * Finally, the list being iterated is protected somewhere else.
849 		 */
850 		SBP_UNLOCK(sbp);
851 		sbp_probe_target(target);
852 		SBP_LOCK(sbp);
853 		if (target->num_lun == 0)
854 			sbp_free_target(target);
855 	}
856 	if ((sbp->flags & SIMQ_FREEZED) != 0) {
857 		xpt_release_simq(sbp->sim, /*run queue*/TRUE);
858 		sbp->flags &= ~SIMQ_FREEZED;
859 	}
860 	SBP_UNLOCK(sbp);
861 }
862 
863 #if NEED_RESPONSE
864 static void
865 sbp_loginres_callback(struct fw_xfer *xfer)
866 {
867 	struct sbp_dev *sdev;
868 	sdev = (struct sbp_dev *)xfer->sc;
869 SBP_DEBUG(1)
870 	device_printf(sdev->target->sbp->fd.dev,"%s\n", __func__);
871 END_DEBUG
872 	/* recycle */
873 	SBP_LOCK(sdev->target->sbp);
874 	STAILQ_INSERT_TAIL(&sdev->target->sbp->fwb.xferlist, xfer, link);
875 	SBP_UNLOCK(sdev->target->sbp);
876 	return;
877 }
878 #endif
879 
880 static __inline void
881 sbp_xfer_free(struct fw_xfer *xfer)
882 {
883 	struct sbp_dev *sdev;
884 
885 	sdev = (struct sbp_dev *)xfer->sc;
886 	fw_xfer_unload(xfer);
887 	SBP_LOCK_ASSERT(sdev->target->sbp);
888 	STAILQ_INSERT_TAIL(&sdev->target->xferlist, xfer, link);
889 }
890 
891 static void
892 sbp_reset_start_callback(struct fw_xfer *xfer)
893 {
894 	struct sbp_dev *tsdev, *sdev = (struct sbp_dev *)xfer->sc;
895 	struct sbp_target *target = sdev->target;
896 	int i;
897 
898 	if (xfer->resp != 0) {
899 		device_printf(sdev->target->sbp->fd.dev,
900 			"%s: %s failed: resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
901 	}
902 
903 	SBP_LOCK(target->sbp);
904 	for (i = 0; i < target->num_lun; i++) {
905 		tsdev = target->luns[i];
906 		if (tsdev != NULL && tsdev->status == SBP_DEV_LOGIN)
907 			sbp_login(tsdev);
908 	}
909 	SBP_UNLOCK(target->sbp);
910 }
911 
912 static void
913 sbp_reset_start(struct sbp_dev *sdev)
914 {
915 	struct fw_xfer *xfer;
916 	struct fw_pkt *fp;
917 
918 SBP_DEBUG(0)
919 	device_printf(sdev->target->sbp->fd.dev,
920 			"%s:%s\n", __func__,sdev->bustgtlun);
921 END_DEBUG
922 
923 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
924 	xfer->hand = sbp_reset_start_callback;
925 	fp = &xfer->send.hdr;
926 	fp->mode.wreqq.dest_hi = 0xffff;
927 	fp->mode.wreqq.dest_lo = 0xf0000000 | RESET_START;
928 	fp->mode.wreqq.data = htonl(0xf);
929 	fw_asyreq(xfer->fc, -1, xfer);
930 }
931 
932 static void
933 sbp_mgm_callback(struct fw_xfer *xfer)
934 {
935 	struct sbp_dev *sdev;
936 
937 	sdev = (struct sbp_dev *)xfer->sc;
938 
939 SBP_DEBUG(1)
940 	device_printf(sdev->target->sbp->fd.dev,
941 		"%s:%s\n", __func__, sdev->bustgtlun);
942 END_DEBUG
943 	SBP_LOCK(sdev->target->sbp);
944 	sbp_xfer_free(xfer);
945 	SBP_UNLOCK(sdev->target->sbp);
946 }
947 
948 static struct sbp_dev *
949 sbp_next_dev(struct sbp_target *target, int lun)
950 {
951 	struct sbp_dev **sdevp;
952 	int i;
953 
954 	for (i = lun, sdevp = &target->luns[lun]; i < target->num_lun;
955 	    i++, sdevp++)
956 		if (*sdevp != NULL && (*sdevp)->status == SBP_DEV_PROBE)
957 			return (*sdevp);
958 	return (NULL);
959 }
960 
961 #define SCAN_PRI 1
962 static void
963 sbp_cam_scan_lun(struct cam_periph *periph, union ccb *ccb)
964 {
965 	struct sbp_softc *sbp;
966 	struct sbp_target *target;
967 	struct sbp_dev *sdev;
968 
969 	sdev = (struct sbp_dev *) ccb->ccb_h.ccb_sdev_ptr;
970 	target = sdev->target;
971 	sbp = target->sbp;
972 	SBP_LOCK(sbp);
973 SBP_DEBUG(0)
974 	device_printf(sbp->fd.dev,
975 		"%s:%s\n", __func__, sdev->bustgtlun);
976 END_DEBUG
977 	if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP) {
978 		sdev->status = SBP_DEV_ATTACHED;
979 	} else {
980 		device_printf(sbp->fd.dev,
981 			"%s:%s failed\n", __func__, sdev->bustgtlun);
982 	}
983 	sdev = sbp_next_dev(target, sdev->lun_id + 1);
984 	if (sdev == NULL) {
985 		SBP_UNLOCK(sbp);
986 		xpt_free_ccb(ccb);
987 		return;
988 	}
989 	/* reuse ccb */
990 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
991 	ccb->ccb_h.ccb_sdev_ptr = sdev;
992 	ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
993 	SBP_UNLOCK(sbp);
994 
995 	xpt_action(ccb);
996 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
997 	sdev->freeze = 1;
998 }
999 
1000 static void
1001 sbp_cam_scan_target(void *arg)
1002 {
1003 	struct sbp_target *target = (struct sbp_target *)arg;
1004 	struct sbp_dev *sdev;
1005 	union ccb *ccb;
1006 
1007 	SBP_LOCK_ASSERT(target->sbp);
1008 	sdev = sbp_next_dev(target, 0);
1009 	if (sdev == NULL) {
1010 		printf("sbp_cam_scan_target: nothing to do for target%d\n",
1011 							target->target_id);
1012 		return;
1013 	}
1014 SBP_DEBUG(0)
1015 	device_printf(sdev->target->sbp->fd.dev,
1016 		"%s:%s\n", __func__, sdev->bustgtlun);
1017 END_DEBUG
1018 	ccb = xpt_alloc_ccb_nowait();
1019 	if (ccb == NULL) {
1020 		printf("sbp_cam_scan_target: xpt_alloc_ccb_nowait() failed\n");
1021 		return;
1022 	}
1023 	SBP_UNLOCK(target->sbp);
1024 
1025 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
1026 	ccb->ccb_h.func_code = XPT_SCAN_LUN;
1027 	ccb->ccb_h.cbfcnp = sbp_cam_scan_lun;
1028 	ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
1029 	ccb->crcn.flags = CAM_FLAG_NONE;
1030 	ccb->ccb_h.ccb_sdev_ptr = sdev;
1031 
1032 	/* The scan is in progress now. */
1033 	xpt_action(ccb);
1034 
1035 	SBP_LOCK(target->sbp);
1036 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1037 	sdev->freeze = 1;
1038 }
1039 
1040 static __inline void
1041 sbp_scan_dev(struct sbp_dev *sdev)
1042 {
1043 	sdev->status = SBP_DEV_PROBE;
1044 	callout_reset_sbt(&sdev->target->scan_callout, SBT_1MS * scan_delay, 0,
1045 	    sbp_cam_scan_target, (void *)sdev->target, 0);
1046 }
1047 
1048 static void
1049 sbp_do_attach(struct fw_xfer *xfer)
1050 {
1051 	struct sbp_dev *sdev;
1052 	struct sbp_target *target;
1053 	struct sbp_softc *sbp;
1054 
1055 	sdev = (struct sbp_dev *)xfer->sc;
1056 	target = sdev->target;
1057 	sbp = target->sbp;
1058 	SBP_LOCK(sbp);
1059 SBP_DEBUG(0)
1060 	device_printf(sdev->target->sbp->fd.dev,
1061 		"%s:%s\n", __func__, sdev->bustgtlun);
1062 END_DEBUG
1063 	sbp_xfer_free(xfer);
1064 
1065 	if (sdev->path == NULL)
1066 		xpt_create_path(&sdev->path, NULL,
1067 			cam_sim_path(target->sbp->sim),
1068 			target->target_id, sdev->lun_id);
1069 
1070 	/*
1071 	 * Let CAM scan the bus if we are in the boot process.
1072 	 * XXX xpt_scan_bus cannot detect LUN larger than 0
1073 	 * if LUN 0 doesn't exist.
1074 	 */
1075 	if (sbp_cold > 0) {
1076 		sdev->status = SBP_DEV_ATTACHED;
1077 		SBP_UNLOCK(sbp);
1078 		return;
1079 	}
1080 
1081 	sbp_scan_dev(sdev);
1082 	SBP_UNLOCK(sbp);
1083 }
1084 
1085 static void
1086 sbp_agent_reset_callback(struct fw_xfer *xfer)
1087 {
1088 	struct sbp_dev *sdev;
1089 
1090 	sdev = (struct sbp_dev *)xfer->sc;
1091 SBP_DEBUG(1)
1092 	device_printf(sdev->target->sbp->fd.dev,
1093 			"%s:%s\n", __func__, sdev->bustgtlun);
1094 END_DEBUG
1095 	if (xfer->resp != 0) {
1096 		device_printf(sdev->target->sbp->fd.dev,
1097 			"%s:%s resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
1098 	}
1099 
1100 	SBP_LOCK(sdev->target->sbp);
1101 	sbp_xfer_free(xfer);
1102 	if (sdev->path) {
1103 		xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1104 		sdev->freeze = 0;
1105 	}
1106 	SBP_UNLOCK(sdev->target->sbp);
1107 }
1108 
1109 static void
1110 sbp_agent_reset(struct sbp_dev *sdev)
1111 {
1112 	struct fw_xfer *xfer;
1113 	struct fw_pkt *fp;
1114 
1115 	SBP_LOCK_ASSERT(sdev->target->sbp);
1116 SBP_DEBUG(0)
1117 	device_printf(sdev->target->sbp->fd.dev,
1118 		"%s:%s\n", __func__, sdev->bustgtlun);
1119 END_DEBUG
1120 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0x04);
1121 	if (xfer == NULL)
1122 		return;
1123 	if (sdev->status == SBP_DEV_ATTACHED || sdev->status == SBP_DEV_PROBE)
1124 		xfer->hand = sbp_agent_reset_callback;
1125 	else
1126 		xfer->hand = sbp_do_attach;
1127 	fp = &xfer->send.hdr;
1128 	fp->mode.wreqq.data = htonl(0xf);
1129 	fw_asyreq(xfer->fc, -1, xfer);
1130 	sbp_abort_all_ocbs(sdev, CAM_BDR_SENT);
1131 }
1132 
1133 static void
1134 sbp_busy_timeout_callback(struct fw_xfer *xfer)
1135 {
1136 	struct sbp_dev *sdev;
1137 
1138 	sdev = (struct sbp_dev *)xfer->sc;
1139 SBP_DEBUG(1)
1140 	device_printf(sdev->target->sbp->fd.dev,
1141 		"%s:%s\n", __func__, sdev->bustgtlun);
1142 END_DEBUG
1143 	SBP_LOCK(sdev->target->sbp);
1144 	sbp_xfer_free(xfer);
1145 	sbp_agent_reset(sdev);
1146 	SBP_UNLOCK(sdev->target->sbp);
1147 }
1148 
1149 static void
1150 sbp_busy_timeout(struct sbp_dev *sdev)
1151 {
1152 	struct fw_pkt *fp;
1153 	struct fw_xfer *xfer;
1154 SBP_DEBUG(0)
1155 	device_printf(sdev->target->sbp->fd.dev,
1156 		"%s:%s\n", __func__, sdev->bustgtlun);
1157 END_DEBUG
1158 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
1159 
1160 	xfer->hand = sbp_busy_timeout_callback;
1161 	fp = &xfer->send.hdr;
1162 	fp->mode.wreqq.dest_hi = 0xffff;
1163 	fp->mode.wreqq.dest_lo = 0xf0000000 | BUSY_TIMEOUT;
1164 	fp->mode.wreqq.data = htonl((1 << (13 + 12)) | 0xf);
1165 	fw_asyreq(xfer->fc, -1, xfer);
1166 }
1167 
1168 static void
1169 sbp_orb_pointer_callback(struct fw_xfer *xfer)
1170 {
1171 	struct sbp_dev *sdev;
1172 	sdev = (struct sbp_dev *)xfer->sc;
1173 
1174 SBP_DEBUG(2)
1175 	device_printf(sdev->target->sbp->fd.dev,
1176 		"%s:%s\n", __func__, sdev->bustgtlun);
1177 END_DEBUG
1178 	if (xfer->resp != 0) {
1179 		/* XXX */
1180 		printf("%s: xfer->resp = %d\n", __func__, xfer->resp);
1181 	}
1182 	SBP_LOCK(sdev->target->sbp);
1183 	sbp_xfer_free(xfer);
1184 
1185 	sdev->flags &= ~ORB_POINTER_ACTIVE;
1186 
1187 	if ((sdev->flags & ORB_POINTER_NEED) != 0) {
1188 		struct sbp_ocb *ocb;
1189 
1190 		sdev->flags &= ~ORB_POINTER_NEED;
1191 		ocb = STAILQ_FIRST(&sdev->ocbs);
1192 		if (ocb != NULL)
1193 			sbp_orb_pointer(sdev, ocb);
1194 	}
1195 	SBP_UNLOCK(sdev->target->sbp);
1196 	return;
1197 }
1198 
1199 static void
1200 sbp_orb_pointer(struct sbp_dev *sdev, struct sbp_ocb *ocb)
1201 {
1202 	struct fw_xfer *xfer;
1203 	struct fw_pkt *fp;
1204 SBP_DEBUG(1)
1205 	device_printf(sdev->target->sbp->fd.dev,
1206 		"%s:%s 0x%08x\n",
1207 		__func__, sdev->bustgtlun,
1208 		(uint32_t)ocb->bus_addr);
1209 END_DEBUG
1210 
1211 	SBP_LOCK_ASSERT(sdev->target->sbp);
1212 
1213 	if ((sdev->flags & ORB_POINTER_ACTIVE) != 0) {
1214 SBP_DEBUG(0)
1215 		printf("%s: orb pointer active\n", __func__);
1216 END_DEBUG
1217 		sdev->flags |= ORB_POINTER_NEED;
1218 		return;
1219 	}
1220 
1221 	sdev->flags |= ORB_POINTER_ACTIVE;
1222 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQB, 0x08);
1223 	if (xfer == NULL)
1224 		return;
1225 	xfer->hand = sbp_orb_pointer_callback;
1226 
1227 	fp = &xfer->send.hdr;
1228 	fp->mode.wreqb.len = 8;
1229 	fp->mode.wreqb.extcode = 0;
1230 	xfer->send.payload[0] =
1231 		htonl(((sdev->target->sbp->fd.fc->nodeid | FWLOCALBUS) << 16));
1232 	xfer->send.payload[1] = htonl((uint32_t)ocb->bus_addr);
1233 
1234 	if (fw_asyreq(xfer->fc, -1, xfer) != 0) {
1235 		sbp_xfer_free(xfer);
1236 		ocb->ccb->ccb_h.status = CAM_REQ_INVALID;
1237 		xpt_done(ocb->ccb);
1238 	}
1239 }
1240 
1241 static void
1242 sbp_doorbell_callback(struct fw_xfer *xfer)
1243 {
1244 	struct sbp_dev *sdev;
1245 	sdev = (struct sbp_dev *)xfer->sc;
1246 
1247 SBP_DEBUG(1)
1248 	device_printf(sdev->target->sbp->fd.dev,
1249 		"%s:%s\n", __func__, sdev->bustgtlun);
1250 END_DEBUG
1251 	if (xfer->resp != 0) {
1252 		/* XXX */
1253 		device_printf(sdev->target->sbp->fd.dev,
1254 			"%s: xfer->resp = %d\n", __func__, xfer->resp);
1255 	}
1256 	SBP_LOCK(sdev->target->sbp);
1257 	sbp_xfer_free(xfer);
1258 	sdev->flags &= ~ORB_DOORBELL_ACTIVE;
1259 	if ((sdev->flags & ORB_DOORBELL_NEED) != 0) {
1260 		sdev->flags &= ~ORB_DOORBELL_NEED;
1261 		sbp_doorbell(sdev);
1262 	}
1263 	SBP_UNLOCK(sdev->target->sbp);
1264 }
1265 
1266 static void
1267 sbp_doorbell(struct sbp_dev *sdev)
1268 {
1269 	struct fw_xfer *xfer;
1270 	struct fw_pkt *fp;
1271 SBP_DEBUG(1)
1272 	device_printf(sdev->target->sbp->fd.dev,
1273 		"%s:%s\n", __func__, sdev->bustgtlun);
1274 END_DEBUG
1275 
1276 	if ((sdev->flags & ORB_DOORBELL_ACTIVE) != 0) {
1277 		sdev->flags |= ORB_DOORBELL_NEED;
1278 		return;
1279 	}
1280 	sdev->flags |= ORB_DOORBELL_ACTIVE;
1281 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0x10);
1282 	if (xfer == NULL)
1283 		return;
1284 	xfer->hand = sbp_doorbell_callback;
1285 	fp = &xfer->send.hdr;
1286 	fp->mode.wreqq.data = htonl(0xf);
1287 	fw_asyreq(xfer->fc, -1, xfer);
1288 }
1289 
1290 static struct fw_xfer *
1291 sbp_write_cmd(struct sbp_dev *sdev, int tcode, int offset)
1292 {
1293 	struct fw_xfer *xfer;
1294 	struct fw_pkt *fp;
1295 	struct sbp_target *target;
1296 	int new = 0;
1297 
1298 	SBP_LOCK_ASSERT(sdev->target->sbp);
1299 
1300 	target = sdev->target;
1301 	xfer = STAILQ_FIRST(&target->xferlist);
1302 	if (xfer == NULL) {
1303 		if (target->n_xfer > 5 /* XXX */) {
1304 			printf("sbp: no more xfer for this target\n");
1305 			return (NULL);
1306 		}
1307 		xfer = fw_xfer_alloc_buf(M_SBP, 8, 0);
1308 		if (xfer == NULL) {
1309 			printf("sbp: fw_xfer_alloc_buf failed\n");
1310 			return NULL;
1311 		}
1312 		target->n_xfer++;
1313 		if (debug)
1314 			printf("sbp: alloc %d xfer\n", target->n_xfer);
1315 		new = 1;
1316 	} else {
1317 		STAILQ_REMOVE_HEAD(&target->xferlist, link);
1318 	}
1319 
1320 	if (new) {
1321 		xfer->recv.pay_len = 0;
1322 		xfer->send.spd = min(sdev->target->fwdev->speed, max_speed);
1323 		xfer->fc = sdev->target->sbp->fd.fc;
1324 	}
1325 
1326 	if (tcode == FWTCODE_WREQB)
1327 		xfer->send.pay_len = 8;
1328 	else
1329 		xfer->send.pay_len = 0;
1330 
1331 	xfer->sc = (caddr_t)sdev;
1332 	fp = &xfer->send.hdr;
1333 	fp->mode.wreqq.dest_hi = sdev->login->cmd_hi;
1334 	fp->mode.wreqq.dest_lo = sdev->login->cmd_lo + offset;
1335 	fp->mode.wreqq.tlrt = 0;
1336 	fp->mode.wreqq.tcode = tcode;
1337 	fp->mode.wreqq.pri = 0;
1338 	fp->mode.wreqq.dst = FWLOCALBUS | sdev->target->fwdev->dst;
1339 
1340 	return xfer;
1341 }
1342 
1343 static void
1344 sbp_mgm_orb(struct sbp_dev *sdev, int func, struct sbp_ocb *aocb)
1345 {
1346 	struct fw_xfer *xfer;
1347 	struct fw_pkt *fp;
1348 	struct sbp_ocb *ocb;
1349 	struct sbp_target *target;
1350 	int nid;
1351 
1352 	target = sdev->target;
1353 	nid = target->sbp->fd.fc->nodeid | FWLOCALBUS;
1354 
1355 	SBP_LOCK_ASSERT(target->sbp);
1356 	if (func == ORB_FUN_RUNQUEUE) {
1357 		ocb = STAILQ_FIRST(&target->mgm_ocb_queue);
1358 		if (target->mgm_ocb_cur != NULL || ocb == NULL) {
1359 			return;
1360 		}
1361 		STAILQ_REMOVE_HEAD(&target->mgm_ocb_queue, ocb);
1362 		goto start;
1363 	}
1364 	if ((ocb = sbp_get_ocb(sdev)) == NULL) {
1365 		/* XXX */
1366 		return;
1367 	}
1368 	ocb->flags = OCB_ACT_MGM;
1369 	ocb->sdev = sdev;
1370 
1371 	bzero((void *)ocb->orb, sizeof(ocb->orb));
1372 	ocb->orb[6] = htonl((nid << 16) | SBP_BIND_HI);
1373 	ocb->orb[7] = htonl(SBP_DEV2ADDR(target->target_id, sdev->lun_id));
1374 
1375 SBP_DEBUG(0)
1376 	device_printf(sdev->target->sbp->fd.dev,
1377 		 "%s:%s %s\n",
1378 		 __func__,sdev->bustgtlun,
1379 		 orb_fun_name[(func >> 16) & 0xf]);
1380 END_DEBUG
1381 	switch (func) {
1382 	case ORB_FUN_LGI:
1383 		ocb->orb[0] = ocb->orb[1] = 0; /* password */
1384 		ocb->orb[2] = htonl(nid << 16);
1385 		ocb->orb[3] = htonl(sdev->dma.bus_addr);
1386 		ocb->orb[4] = htonl(ORB_NOTIFY | sdev->lun_id);
1387 		if (ex_login)
1388 			ocb->orb[4] |= htonl(ORB_EXV);
1389 		ocb->orb[5] = htonl(SBP_LOGIN_SIZE);
1390 		fwdma_sync(&sdev->dma, BUS_DMASYNC_PREREAD);
1391 		break;
1392 	case ORB_FUN_ATA:
1393 		ocb->orb[0] = htonl((0 << 16) | 0);
1394 		ocb->orb[1] = htonl(aocb->bus_addr & 0xffffffff);
1395 		/* fall through */
1396 	case ORB_FUN_RCN:
1397 	case ORB_FUN_LGO:
1398 	case ORB_FUN_LUR:
1399 	case ORB_FUN_RST:
1400 	case ORB_FUN_ATS:
1401 		ocb->orb[4] = htonl(ORB_NOTIFY | func | sdev->login->id);
1402 		break;
1403 	}
1404 
1405 	if (target->mgm_ocb_cur != NULL) {
1406 		/* there is a standing ORB */
1407 		STAILQ_INSERT_TAIL(&sdev->target->mgm_ocb_queue, ocb, ocb);
1408 		return;
1409 	}
1410 start:
1411 	target->mgm_ocb_cur = ocb;
1412 
1413 	callout_reset(&target->mgm_ocb_timeout, 5 * hz,
1414 				sbp_mgm_timeout, (caddr_t)ocb);
1415 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQB, 0);
1416 	if (xfer == NULL) {
1417 		return;
1418 	}
1419 	xfer->hand = sbp_mgm_callback;
1420 
1421 	fp = &xfer->send.hdr;
1422 	fp->mode.wreqb.dest_hi = sdev->target->mgm_hi;
1423 	fp->mode.wreqb.dest_lo = sdev->target->mgm_lo;
1424 	fp->mode.wreqb.len = 8;
1425 	fp->mode.wreqb.extcode = 0;
1426 	xfer->send.payload[0] = htonl(nid << 16);
1427 	xfer->send.payload[1] = htonl(ocb->bus_addr & 0xffffffff);
1428 
1429 	fw_asyreq(xfer->fc, -1, xfer);
1430 }
1431 
1432 static void
1433 sbp_print_scsi_cmd(struct sbp_ocb *ocb)
1434 {
1435 	struct ccb_scsiio *csio;
1436 
1437 	csio = &ocb->ccb->csio;
1438 	printf("%s:%d:%jx XPT_SCSI_IO: "
1439 		"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
1440 		", flags: 0x%02x, "
1441 		"%db cmd/%db data/%db sense\n",
1442 		device_get_nameunit(ocb->sdev->target->sbp->fd.dev),
1443 		ocb->ccb->ccb_h.target_id,
1444 		(uintmax_t)ocb->ccb->ccb_h.target_lun,
1445 		csio->cdb_io.cdb_bytes[0],
1446 		csio->cdb_io.cdb_bytes[1],
1447 		csio->cdb_io.cdb_bytes[2],
1448 		csio->cdb_io.cdb_bytes[3],
1449 		csio->cdb_io.cdb_bytes[4],
1450 		csio->cdb_io.cdb_bytes[5],
1451 		csio->cdb_io.cdb_bytes[6],
1452 		csio->cdb_io.cdb_bytes[7],
1453 		csio->cdb_io.cdb_bytes[8],
1454 		csio->cdb_io.cdb_bytes[9],
1455 		ocb->ccb->ccb_h.flags & CAM_DIR_MASK,
1456 		csio->cdb_len, csio->dxfer_len,
1457 		csio->sense_len);
1458 }
1459 
1460 static void
1461 sbp_scsi_status(struct sbp_status *sbp_status, struct sbp_ocb *ocb)
1462 {
1463 	struct sbp_cmd_status *sbp_cmd_status;
1464 	struct scsi_sense_data_fixed *sense;
1465 
1466 	sbp_cmd_status = (struct sbp_cmd_status *)sbp_status->data;
1467 	sense = (struct scsi_sense_data_fixed *)&ocb->ccb->csio.sense_data;
1468 
1469 SBP_DEBUG(0)
1470 	sbp_print_scsi_cmd(ocb);
1471 	/* XXX need decode status */
1472 	printf("%s: SCSI status %x sfmt %x valid %x key %x code %x qlfr %x len %d\n",
1473 		ocb->sdev->bustgtlun,
1474 		sbp_cmd_status->status,
1475 		sbp_cmd_status->sfmt,
1476 		sbp_cmd_status->valid,
1477 		sbp_cmd_status->s_key,
1478 		sbp_cmd_status->s_code,
1479 		sbp_cmd_status->s_qlfr,
1480 		sbp_status->len);
1481 END_DEBUG
1482 
1483 	switch (sbp_cmd_status->status) {
1484 	case SCSI_STATUS_CHECK_COND:
1485 	case SCSI_STATUS_BUSY:
1486 	case SCSI_STATUS_CMD_TERMINATED:
1487 		if (sbp_cmd_status->sfmt == SBP_SFMT_CURR) {
1488 			sense->error_code = SSD_CURRENT_ERROR;
1489 		} else {
1490 			sense->error_code = SSD_DEFERRED_ERROR;
1491 		}
1492 		if (sbp_cmd_status->valid)
1493 			sense->error_code |= SSD_ERRCODE_VALID;
1494 		sense->flags = sbp_cmd_status->s_key;
1495 		if (sbp_cmd_status->mark)
1496 			sense->flags |= SSD_FILEMARK;
1497 		if (sbp_cmd_status->eom)
1498 			sense->flags |= SSD_EOM;
1499 		if (sbp_cmd_status->ill_len)
1500 			sense->flags |= SSD_ILI;
1501 
1502 		bcopy(&sbp_cmd_status->info, &sense->info[0], 4);
1503 
1504 		if (sbp_status->len <= 1)
1505 			/* XXX not scsi status. shouldn't be happened */
1506 			sense->extra_len = 0;
1507 		else if (sbp_status->len <= 4)
1508 			/* add_sense_code(_qual), info, cmd_spec_info */
1509 			sense->extra_len = 6;
1510 		else
1511 			/* fru, sense_key_spec */
1512 			sense->extra_len = 10;
1513 
1514 		bcopy(&sbp_cmd_status->cdb, &sense->cmd_spec_info[0], 4);
1515 
1516 		sense->add_sense_code = sbp_cmd_status->s_code;
1517 		sense->add_sense_code_qual = sbp_cmd_status->s_qlfr;
1518 		sense->fru = sbp_cmd_status->fru;
1519 
1520 		bcopy(&sbp_cmd_status->s_keydep[0],
1521 		    &sense->sense_key_spec[0], 3);
1522 
1523 		ocb->ccb->csio.scsi_status = sbp_cmd_status->status;
1524 		ocb->ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
1525 							| CAM_AUTOSNS_VALID;
1526 /*
1527 {
1528 		uint8_t j, *tmp;
1529 		tmp = sense;
1530 		for (j = 0; j < 32; j += 8) {
1531 			printf("sense %02x%02x %02x%02x %02x%02x %02x%02x\n",
1532 				tmp[j], tmp[j + 1], tmp[j + 2], tmp[j + 3],
1533 				tmp[j + 4], tmp[j + 5], tmp[j + 6], tmp[j + 7]);
1534 		}
1535 
1536 }
1537 */
1538 		break;
1539 	default:
1540 		device_printf(ocb->sdev->target->sbp->fd.dev,
1541 				"%s:%s unknown scsi status 0x%x\n",
1542 				__func__, ocb->sdev->bustgtlun,
1543 				sbp_cmd_status->status);
1544 	}
1545 }
1546 
1547 static void
1548 sbp_fix_inq_data(struct sbp_ocb *ocb)
1549 {
1550 	union ccb *ccb;
1551 	struct sbp_dev *sdev;
1552 	struct scsi_inquiry_data *inq;
1553 
1554 	ccb = ocb->ccb;
1555 	sdev = ocb->sdev;
1556 
1557 	if (ccb->csio.cdb_io.cdb_bytes[1] & SI_EVPD)
1558 		return;
1559 SBP_DEBUG(1)
1560 	device_printf(sdev->target->sbp->fd.dev,
1561 		"%s:%s\n", __func__, sdev->bustgtlun);
1562 END_DEBUG
1563 	inq = (struct scsi_inquiry_data *) ccb->csio.data_ptr;
1564 	switch (SID_TYPE(inq)) {
1565 	case T_DIRECT:
1566 #if 0
1567 		/*
1568 		 * XXX Convert Direct Access device to RBC.
1569 		 * I've never seen FireWire DA devices which support READ_6.
1570 		 */
1571 		if (SID_TYPE(inq) == T_DIRECT)
1572 			inq->device |= T_RBC; /*  T_DIRECT == 0 */
1573 #endif
1574 		/* fall through */
1575 	case T_RBC:
1576 		/*
1577 		 * Override vendor/product/revision information.
1578 		 * Some devices sometimes return strange strings.
1579 		 */
1580 #if 1
1581 		bcopy(sdev->vendor, inq->vendor, sizeof(inq->vendor));
1582 		bcopy(sdev->product, inq->product, sizeof(inq->product));
1583 		bcopy(sdev->revision + 2, inq->revision, sizeof(inq->revision));
1584 #endif
1585 		break;
1586 	}
1587 	/*
1588 	 * Force to enable/disable tagged queuing.
1589 	 * XXX CAM also checks SCP_QUEUE_DQUE flag in the control mode page.
1590 	 */
1591 	if (sbp_tags > 0)
1592 		inq->flags |= SID_CmdQue;
1593 	else if (sbp_tags < 0)
1594 		inq->flags &= ~SID_CmdQue;
1595 
1596 }
1597 
1598 static void
1599 sbp_recv1(struct fw_xfer *xfer)
1600 {
1601 	struct fw_pkt *rfp;
1602 #if NEED_RESPONSE
1603 	struct fw_pkt *sfp;
1604 #endif
1605 	struct sbp_softc *sbp;
1606 	struct sbp_dev *sdev;
1607 	struct sbp_ocb *ocb;
1608 	struct sbp_login_res *login_res = NULL;
1609 	struct sbp_status *sbp_status;
1610 	struct sbp_target *target;
1611 	int	orb_fun, status_valid0, status_valid, t, l, reset_agent = 0;
1612 	uint32_t addr;
1613 /*
1614 	uint32_t *ld;
1615 	ld = xfer->recv.buf;
1616 printf("sbp %x %d %d %08x %08x %08x %08x\n",
1617 			xfer->resp, xfer->recv.len, xfer->recv.off, ntohl(ld[0]), ntohl(ld[1]), ntohl(ld[2]), ntohl(ld[3]));
1618 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[4]), ntohl(ld[5]), ntohl(ld[6]), ntohl(ld[7]));
1619 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[8]), ntohl(ld[9]), ntohl(ld[10]), ntohl(ld[11]));
1620 */
1621 	sbp = (struct sbp_softc *)xfer->sc;
1622 	SBP_LOCK_ASSERT(sbp);
1623 	if (xfer->resp != 0) {
1624 		printf("sbp_recv: xfer->resp = %d\n", xfer->resp);
1625 		goto done0;
1626 	}
1627 	if (xfer->recv.payload == NULL) {
1628 		printf("sbp_recv: xfer->recv.payload == NULL\n");
1629 		goto done0;
1630 	}
1631 	rfp = &xfer->recv.hdr;
1632 	if (rfp->mode.wreqb.tcode != FWTCODE_WREQB) {
1633 		printf("sbp_recv: tcode = %d\n", rfp->mode.wreqb.tcode);
1634 		goto done0;
1635 	}
1636 	sbp_status = (struct sbp_status *)xfer->recv.payload;
1637 	addr = rfp->mode.wreqb.dest_lo;
1638 SBP_DEBUG(2)
1639 	printf("received address 0x%x\n", addr);
1640 END_DEBUG
1641 	t = SBP_ADDR2TRG(addr);
1642 	if (t >= SBP_NUM_TARGETS) {
1643 		device_printf(sbp->fd.dev,
1644 			"sbp_recv1: invalid target %d\n", t);
1645 		goto done0;
1646 	}
1647 	target = &sbp->targets[t];
1648 	l = SBP_ADDR2LUN(addr);
1649 	if (l >= target->num_lun || target->luns[l] == NULL) {
1650 		device_printf(sbp->fd.dev,
1651 			"sbp_recv1: invalid lun %d (target=%d)\n", l, t);
1652 		goto done0;
1653 	}
1654 	sdev = target->luns[l];
1655 
1656 	ocb = NULL;
1657 	switch (sbp_status->src) {
1658 	case 0:
1659 	case 1:
1660 		/* check mgm_ocb_cur first */
1661 		ocb  = target->mgm_ocb_cur;
1662 		if (ocb != NULL) {
1663 			if (OCB_MATCH(ocb, sbp_status)) {
1664 				callout_stop(&target->mgm_ocb_timeout);
1665 				target->mgm_ocb_cur = NULL;
1666 				break;
1667 			}
1668 		}
1669 		ocb = sbp_dequeue_ocb(sdev, sbp_status);
1670 		if (ocb == NULL) {
1671 			device_printf(sdev->target->sbp->fd.dev,
1672 				"%s:%s No ocb(%x) on the queue\n",
1673 				__func__,sdev->bustgtlun,
1674 				ntohl(sbp_status->orb_lo));
1675 		}
1676 		break;
1677 	case 2:
1678 		/* unsolicit */
1679 		device_printf(sdev->target->sbp->fd.dev,
1680 			"%s:%s unsolicit status received\n",
1681 			__func__, sdev->bustgtlun);
1682 		break;
1683 	default:
1684 		device_printf(sdev->target->sbp->fd.dev,
1685 			"%s:%s unknown sbp_status->src\n",
1686 			__func__, sdev->bustgtlun);
1687 	}
1688 
1689 	status_valid0 = (sbp_status->src < 2
1690 			&& sbp_status->resp == ORB_RES_CMPL
1691 			&& sbp_status->dead == 0);
1692 	status_valid = (status_valid0 && sbp_status->status == 0);
1693 
1694 	if (!status_valid0 || debug > 2) {
1695 		int status;
1696 SBP_DEBUG(0)
1697 		device_printf(sdev->target->sbp->fd.dev,
1698 			"%s:%s ORB status src:%x resp:%x dead:%x"
1699 				" len:%x stat:%x orb:%x%08x\n",
1700 			__func__, sdev->bustgtlun,
1701 			sbp_status->src, sbp_status->resp, sbp_status->dead,
1702 			sbp_status->len, sbp_status->status,
1703 			ntohs(sbp_status->orb_hi), ntohl(sbp_status->orb_lo));
1704 END_DEBUG
1705 		device_printf(sdev->target->sbp->fd.dev,
1706 				"%s\n", sdev->bustgtlun);
1707 		status = sbp_status->status;
1708 		switch (sbp_status->resp) {
1709 		case 0:
1710 			if (status > MAX_ORB_STATUS0)
1711 				printf("%s\n", orb_status0[MAX_ORB_STATUS0]);
1712 			else
1713 				printf("%s\n", orb_status0[status]);
1714 			break;
1715 		case 1:
1716 			printf("Obj: %s, Error: %s\n",
1717 				orb_status1_object[(status >> 6) & 3],
1718 				orb_status1_serial_bus_error[status & 0xf]);
1719 			break;
1720 		case 2:
1721 			printf("Illegal request\n");
1722 			break;
1723 		case 3:
1724 			printf("Vendor dependent\n");
1725 			break;
1726 		default:
1727 			printf("unknown respose code %d\n", sbp_status->resp);
1728 		}
1729 	}
1730 
1731 	/* we have to reset the fetch agent if it's dead */
1732 	if (sbp_status->dead) {
1733 		if (sdev->path) {
1734 			xpt_freeze_devq(sdev->path, 1);
1735 			sdev->freeze++;
1736 		}
1737 		reset_agent = 1;
1738 	}
1739 
1740 	if (ocb == NULL)
1741 		goto done;
1742 
1743 	switch (ntohl(ocb->orb[4]) & ORB_FMT_MSK) {
1744 	case ORB_FMT_NOP:
1745 		break;
1746 	case ORB_FMT_VED:
1747 		break;
1748 	case ORB_FMT_STD:
1749 		switch (ocb->flags) {
1750 		case OCB_ACT_MGM:
1751 			orb_fun = ntohl(ocb->orb[4]) & ORB_FUN_MSK;
1752 			reset_agent = 0;
1753 			switch (orb_fun) {
1754 			case ORB_FUN_LGI:
1755 				fwdma_sync(&sdev->dma, BUS_DMASYNC_POSTREAD);
1756 				login_res = sdev->login;
1757 				login_res->len = ntohs(login_res->len);
1758 				login_res->id = ntohs(login_res->id);
1759 				login_res->cmd_hi = ntohs(login_res->cmd_hi);
1760 				login_res->cmd_lo = ntohl(login_res->cmd_lo);
1761 				if (status_valid) {
1762 SBP_DEBUG(0)
1763 					device_printf(sdev->target->sbp->fd.dev,
1764 						"%s:%s login: len %d, ID %d, cmd %08x%08x, recon_hold %d\n",
1765 						__func__, sdev->bustgtlun,
1766 						login_res->len, login_res->id,
1767 						login_res->cmd_hi, login_res->cmd_lo,
1768 						ntohs(login_res->recon_hold));
1769 END_DEBUG
1770 					sbp_busy_timeout(sdev);
1771 				} else {
1772 					/* forgot logout? */
1773 					device_printf(sdev->target->sbp->fd.dev,
1774 						"%s:%s login failed\n",
1775 						__func__, sdev->bustgtlun);
1776 					sdev->status = SBP_DEV_RESET;
1777 				}
1778 				break;
1779 			case ORB_FUN_RCN:
1780 				login_res = sdev->login;
1781 				if (status_valid) {
1782 SBP_DEBUG(0)
1783 					device_printf(sdev->target->sbp->fd.dev,
1784 						"%s:%s reconnect: len %d, ID %d, cmd %08x%08x\n",
1785 						__func__, sdev->bustgtlun,
1786 						login_res->len, login_res->id,
1787 						login_res->cmd_hi, login_res->cmd_lo);
1788 END_DEBUG
1789 					if (sdev->status == SBP_DEV_ATTACHED)
1790 						sbp_scan_dev(sdev);
1791 					else
1792 						sbp_agent_reset(sdev);
1793 				} else {
1794 					/* reconnection hold time exceed? */
1795 SBP_DEBUG(0)
1796 					device_printf(sdev->target->sbp->fd.dev,
1797 						"%s:%s reconnect failed\n",
1798 						__func__, sdev->bustgtlun);
1799 END_DEBUG
1800 					sbp_login(sdev);
1801 				}
1802 				break;
1803 			case ORB_FUN_LGO:
1804 				sdev->status = SBP_DEV_RESET;
1805 				break;
1806 			case ORB_FUN_RST:
1807 				sbp_busy_timeout(sdev);
1808 				break;
1809 			case ORB_FUN_LUR:
1810 			case ORB_FUN_ATA:
1811 			case ORB_FUN_ATS:
1812 				sbp_agent_reset(sdev);
1813 				break;
1814 			default:
1815 				device_printf(sdev->target->sbp->fd.dev,
1816 					"%s:%s unknown function %d\n",
1817 					__func__, sdev->bustgtlun, orb_fun);
1818 				break;
1819 			}
1820 			sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
1821 			break;
1822 		case OCB_ACT_CMD:
1823 			sdev->timeout = 0;
1824 			if (ocb->ccb != NULL) {
1825 				union ccb *ccb;
1826 
1827 				ccb = ocb->ccb;
1828 				if (sbp_status->len > 1) {
1829 					sbp_scsi_status(sbp_status, ocb);
1830 				} else {
1831 					if (sbp_status->resp != ORB_RES_CMPL) {
1832 						ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1833 					} else {
1834 						ccb->ccb_h.status = CAM_REQ_CMP;
1835 					}
1836 				}
1837 				/* fix up inq data */
1838 				if (ccb->csio.cdb_io.cdb_bytes[0] == INQUIRY)
1839 					sbp_fix_inq_data(ocb);
1840 				xpt_done(ccb);
1841 			}
1842 			break;
1843 		default:
1844 			break;
1845 		}
1846 	}
1847 
1848 	if (!use_doorbell)
1849 		sbp_free_ocb(sdev, ocb);
1850 done:
1851 	if (reset_agent)
1852 		sbp_agent_reset(sdev);
1853 
1854 done0:
1855 	xfer->recv.pay_len = SBP_RECV_LEN;
1856 /* The received packet is usually small enough to be stored within
1857  * the buffer. In that case, the controller return ack_complete and
1858  * no respose is necessary.
1859  *
1860  * XXX fwohci.c and firewire.c should inform event_code such as
1861  * ack_complete or ack_pending to upper driver.
1862  */
1863 #if NEED_RESPONSE
1864 	xfer->send.off = 0;
1865 	sfp = (struct fw_pkt *)xfer->send.buf;
1866 	sfp->mode.wres.dst = rfp->mode.wreqb.src;
1867 	xfer->dst = sfp->mode.wres.dst;
1868 	xfer->spd = min(sdev->target->fwdev->speed, max_speed);
1869 	xfer->hand = sbp_loginres_callback;
1870 
1871 	sfp->mode.wres.tlrt = rfp->mode.wreqb.tlrt;
1872 	sfp->mode.wres.tcode = FWTCODE_WRES;
1873 	sfp->mode.wres.rtcode = 0;
1874 	sfp->mode.wres.pri = 0;
1875 
1876 	fw_asyreq(xfer->fc, -1, xfer);
1877 #else
1878 	/* recycle */
1879 	STAILQ_INSERT_TAIL(&sbp->fwb.xferlist, xfer, link);
1880 #endif
1881 }
1882 
1883 static void
1884 sbp_recv(struct fw_xfer *xfer)
1885 {
1886 	struct sbp_softc *sbp;
1887 
1888 	sbp = (struct sbp_softc *)xfer->sc;
1889 	SBP_LOCK(sbp);
1890 	sbp_recv1(xfer);
1891 	SBP_UNLOCK(sbp);
1892 }
1893 /*
1894  * sbp_attach()
1895  */
1896 static int
1897 sbp_attach(device_t dev)
1898 {
1899 	struct sbp_softc *sbp;
1900 	struct cam_devq *devq;
1901 	struct firewire_comm *fc;
1902 	int i, error;
1903 
1904 	if (DFLTPHYS > SBP_MAXPHYS)
1905 		device_printf(dev, "Warning, DFLTPHYS(%dKB) is larger than "
1906 			"SBP_MAXPHYS(%dKB).\n", DFLTPHYS / 1024,
1907 			SBP_MAXPHYS / 1024);
1908 
1909 	if (!firewire_phydma_enable)
1910 		device_printf(dev, "Warning, hw.firewire.phydma_enable must be 1 "
1911 			"for SBP over FireWire.\n");
1912 SBP_DEBUG(0)
1913 	printf("sbp_attach (cold=%d)\n", cold);
1914 END_DEBUG
1915 
1916 	if (cold)
1917 		sbp_cold++;
1918 	sbp = device_get_softc(dev);
1919 	sbp->fd.dev = dev;
1920 	sbp->fd.fc = fc = device_get_ivars(dev);
1921 	mtx_init(&sbp->mtx, "sbp", NULL, MTX_DEF);
1922 
1923 	if (max_speed < 0)
1924 		max_speed = fc->speed;
1925 
1926 	error = bus_dma_tag_create(/*parent*/fc->dmat,
1927 				/* XXX shoud be 4 for sane backend? */
1928 				/*alignment*/1,
1929 				/*boundary*/0,
1930 				/*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
1931 				/*highaddr*/BUS_SPACE_MAXADDR,
1932 				/*filter*/NULL, /*filterarg*/NULL,
1933 				/*maxsize*/0x100000, /*nsegments*/SBP_IND_MAX,
1934 				/*maxsegsz*/SBP_SEG_MAX,
1935 				/*flags*/BUS_DMA_ALLOCNOW,
1936 				/*lockfunc*/busdma_lock_mutex,
1937 				/*lockarg*/&sbp->mtx,
1938 				&sbp->dmat);
1939 	if (error != 0) {
1940 		printf("sbp_attach: Could not allocate DMA tag "
1941 			"- error %d\n", error);
1942 			return (ENOMEM);
1943 	}
1944 
1945 	devq = cam_simq_alloc(/*maxopenings*/SBP_NUM_OCB);
1946 	if (devq == NULL)
1947 		return (ENXIO);
1948 
1949 	for (i = 0; i < SBP_NUM_TARGETS; i++) {
1950 		sbp->targets[i].fwdev = NULL;
1951 		sbp->targets[i].luns = NULL;
1952 		sbp->targets[i].sbp = sbp;
1953 	}
1954 
1955 	sbp->sim = cam_sim_alloc(sbp_action, sbp_poll, "sbp", sbp,
1956 				 device_get_unit(dev),
1957 				 &sbp->mtx,
1958 				 /*untagged*/ 1,
1959 				 /*tagged*/ SBP_QUEUE_LEN - 1,
1960 				 devq);
1961 
1962 	if (sbp->sim == NULL) {
1963 		cam_simq_free(devq);
1964 		return (ENXIO);
1965 	}
1966 
1967 	SBP_LOCK(sbp);
1968 	if (xpt_bus_register(sbp->sim, dev, /*bus*/0) != CAM_SUCCESS)
1969 		goto fail;
1970 
1971 	if (xpt_create_path(&sbp->path, NULL, cam_sim_path(sbp->sim),
1972 	    CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
1973 		xpt_bus_deregister(cam_sim_path(sbp->sim));
1974 		goto fail;
1975 	}
1976 	SBP_UNLOCK(sbp);
1977 
1978 	/* We reserve 16 bit space (4 bytes X 64 targets X 256 luns) */
1979 	sbp->fwb.start = ((u_int64_t)SBP_BIND_HI << 32) | SBP_DEV2ADDR(0, 0);
1980 	sbp->fwb.end = sbp->fwb.start + 0xffff;
1981 	/* pre-allocate xfer */
1982 	STAILQ_INIT(&sbp->fwb.xferlist);
1983 	fw_xferlist_add(&sbp->fwb.xferlist, M_SBP,
1984 	    /*send*/ 0, /*recv*/ SBP_RECV_LEN, SBP_NUM_OCB/2,
1985 	    fc, (void *)sbp, sbp_recv);
1986 
1987 	fw_bindadd(fc, &sbp->fwb);
1988 
1989 	sbp->fd.post_busreset = sbp_post_busreset;
1990 	sbp->fd.post_explore = sbp_post_explore;
1991 
1992 	if (fc->status != -1) {
1993 		sbp_post_busreset(sbp);
1994 		sbp_post_explore(sbp);
1995 	}
1996 	SBP_LOCK(sbp);
1997 	xpt_async(AC_BUS_RESET, sbp->path, /*arg*/ NULL);
1998 	SBP_UNLOCK(sbp);
1999 
2000 	return (0);
2001 fail:
2002 	SBP_UNLOCK(sbp);
2003 	cam_sim_free(sbp->sim, /*free_devq*/TRUE);
2004 	return (ENXIO);
2005 }
2006 
2007 static int
2008 sbp_logout_all(struct sbp_softc *sbp)
2009 {
2010 	struct sbp_target *target;
2011 	struct sbp_dev *sdev;
2012 	int i, j;
2013 
2014 SBP_DEBUG(0)
2015 	printf("sbp_logout_all\n");
2016 END_DEBUG
2017 	SBP_LOCK_ASSERT(sbp);
2018 	for (i = 0; i < SBP_NUM_TARGETS; i++) {
2019 		target = &sbp->targets[i];
2020 		if (target->luns == NULL)
2021 			continue;
2022 		for (j = 0; j < target->num_lun; j++) {
2023 			sdev = target->luns[j];
2024 			if (sdev == NULL)
2025 				continue;
2026 			callout_stop(&sdev->login_callout);
2027 			if (sdev->status >= SBP_DEV_TOATTACH &&
2028 					sdev->status <= SBP_DEV_ATTACHED)
2029 				sbp_mgm_orb(sdev, ORB_FUN_LGO, NULL);
2030 		}
2031 	}
2032 
2033 	return 0;
2034 }
2035 
2036 static int
2037 sbp_shutdown(device_t dev)
2038 {
2039 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2040 
2041 	SBP_LOCK(sbp);
2042 	sbp_logout_all(sbp);
2043 	SBP_UNLOCK(sbp);
2044 	return (0);
2045 }
2046 
2047 static void
2048 sbp_free_sdev(struct sbp_dev *sdev)
2049 {
2050 	struct sbp_softc *sbp;
2051 	int i;
2052 
2053 	if (sdev == NULL)
2054 		return;
2055 	sbp = sdev->target->sbp;
2056 	SBP_UNLOCK(sbp);
2057 	callout_drain(&sdev->login_callout);
2058 	for (i = 0; i < SBP_QUEUE_LEN; i++) {
2059 		callout_drain(&sdev->ocb[i].timer);
2060 		bus_dmamap_destroy(sbp->dmat, sdev->ocb[i].dmamap);
2061 	}
2062 	fwdma_free(sbp->fd.fc, &sdev->dma);
2063 	free(sdev, M_SBP);
2064 	SBP_LOCK(sbp);
2065 }
2066 
2067 static void
2068 sbp_free_target(struct sbp_target *target)
2069 {
2070 	struct sbp_softc *sbp;
2071 	struct fw_xfer *xfer, *next;
2072 	int i;
2073 
2074 	if (target->luns == NULL)
2075 		return;
2076 	sbp = target->sbp;
2077 	SBP_LOCK_ASSERT(sbp);
2078 	SBP_UNLOCK(sbp);
2079 	callout_drain(&target->mgm_ocb_timeout);
2080 	callout_drain(&target->scan_callout);
2081 	SBP_LOCK(sbp);
2082 	for (i = 0; i < target->num_lun; i++)
2083 		sbp_free_sdev(target->luns[i]);
2084 
2085 	STAILQ_FOREACH_SAFE(xfer, &target->xferlist, link, next) {
2086 		fw_xfer_free_buf(xfer);
2087 	}
2088 	STAILQ_INIT(&target->xferlist);
2089 	free(target->luns, M_SBP);
2090 	target->num_lun = 0;
2091 	target->luns = NULL;
2092 	target->fwdev = NULL;
2093 }
2094 
2095 static int
2096 sbp_detach(device_t dev)
2097 {
2098 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2099 	struct firewire_comm *fc = sbp->fd.fc;
2100 	int i;
2101 
2102 SBP_DEBUG(0)
2103 	printf("sbp_detach\n");
2104 END_DEBUG
2105 
2106 	SBP_LOCK(sbp);
2107 	for (i = 0; i < SBP_NUM_TARGETS; i++)
2108 		sbp_cam_detach_target(&sbp->targets[i]);
2109 
2110 	xpt_async(AC_LOST_DEVICE, sbp->path, NULL);
2111 	xpt_free_path(sbp->path);
2112 	xpt_bus_deregister(cam_sim_path(sbp->sim));
2113 	cam_sim_free(sbp->sim, /*free_devq*/ TRUE);
2114 
2115 	sbp_logout_all(sbp);
2116 	SBP_UNLOCK(sbp);
2117 
2118 	/* XXX wait for logout completion */
2119 	pause("sbpdtc", hz/2);
2120 
2121 	SBP_LOCK(sbp);
2122 	for (i = 0; i < SBP_NUM_TARGETS; i++)
2123 		sbp_free_target(&sbp->targets[i]);
2124 	SBP_UNLOCK(sbp);
2125 
2126 	fw_bindremove(fc, &sbp->fwb);
2127 	fw_xferlist_remove(&sbp->fwb.xferlist);
2128 
2129 	bus_dma_tag_destroy(sbp->dmat);
2130 	mtx_destroy(&sbp->mtx);
2131 
2132 	return (0);
2133 }
2134 
2135 static void
2136 sbp_cam_detach_sdev(struct sbp_dev *sdev)
2137 {
2138 	if (sdev == NULL)
2139 		return;
2140 	if (sdev->status == SBP_DEV_DEAD)
2141 		return;
2142 	if (sdev->status == SBP_DEV_RESET)
2143 		return;
2144 	SBP_LOCK_ASSERT(sdev->target->sbp);
2145 	sbp_abort_all_ocbs(sdev, CAM_DEV_NOT_THERE);
2146 	if (sdev->path) {
2147 		xpt_release_devq(sdev->path,
2148 				 sdev->freeze, TRUE);
2149 		sdev->freeze = 0;
2150 		xpt_async(AC_LOST_DEVICE, sdev->path, NULL);
2151 		xpt_free_path(sdev->path);
2152 		sdev->path = NULL;
2153 	}
2154 }
2155 
2156 static void
2157 sbp_cam_detach_target(struct sbp_target *target)
2158 {
2159 	int i;
2160 
2161 	SBP_LOCK_ASSERT(target->sbp);
2162 	if (target->luns != NULL) {
2163 SBP_DEBUG(0)
2164 		printf("sbp_detach_target %d\n", target->target_id);
2165 END_DEBUG
2166 		callout_stop(&target->scan_callout);
2167 		for (i = 0; i < target->num_lun; i++)
2168 			sbp_cam_detach_sdev(target->luns[i]);
2169 	}
2170 }
2171 
2172 static void
2173 sbp_target_reset(struct sbp_dev *sdev, int method)
2174 {
2175 	int i;
2176 	struct sbp_target *target = sdev->target;
2177 	struct sbp_dev *tsdev;
2178 
2179 	SBP_LOCK_ASSERT(target->sbp);
2180 	for (i = 0; i < target->num_lun; i++) {
2181 		tsdev = target->luns[i];
2182 		if (tsdev == NULL)
2183 			continue;
2184 		if (tsdev->status == SBP_DEV_DEAD)
2185 			continue;
2186 		if (tsdev->status == SBP_DEV_RESET)
2187 			continue;
2188 		xpt_freeze_devq(tsdev->path, 1);
2189 		tsdev->freeze++;
2190 		sbp_abort_all_ocbs(tsdev, CAM_CMD_TIMEOUT);
2191 		if (method == 2)
2192 			tsdev->status = SBP_DEV_LOGIN;
2193 	}
2194 	switch (method) {
2195 	case 1:
2196 		printf("target reset\n");
2197 		sbp_mgm_orb(sdev, ORB_FUN_RST, NULL);
2198 		break;
2199 	case 2:
2200 		printf("reset start\n");
2201 		sbp_reset_start(sdev);
2202 		break;
2203 	}
2204 
2205 }
2206 
2207 static void
2208 sbp_mgm_timeout(void *arg)
2209 {
2210 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2211 	struct sbp_dev *sdev = ocb->sdev;
2212 	struct sbp_target *target = sdev->target;
2213 
2214 	SBP_LOCK_ASSERT(target->sbp);
2215 	device_printf(sdev->target->sbp->fd.dev,
2216 		"%s:%s request timeout(mgm orb:0x%08x)\n",
2217 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2218 	target->mgm_ocb_cur = NULL;
2219 	sbp_free_ocb(sdev, ocb);
2220 #if 0
2221 	/* XXX */
2222 	printf("run next request\n");
2223 	sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
2224 #endif
2225 	device_printf(sdev->target->sbp->fd.dev,
2226 		"%s:%s reset start\n",
2227 		__func__, sdev->bustgtlun);
2228 	sbp_reset_start(sdev);
2229 }
2230 
2231 static void
2232 sbp_timeout(void *arg)
2233 {
2234 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2235 	struct sbp_dev *sdev = ocb->sdev;
2236 
2237 	device_printf(sdev->target->sbp->fd.dev,
2238 		"%s:%s request timeout(cmd orb:0x%08x) ... ",
2239 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2240 
2241 	SBP_LOCK_ASSERT(sdev->target->sbp);
2242 	sdev->timeout++;
2243 	switch (sdev->timeout) {
2244 	case 1:
2245 		printf("agent reset\n");
2246 		xpt_freeze_devq(sdev->path, 1);
2247 		sdev->freeze++;
2248 		sbp_abort_all_ocbs(sdev, CAM_CMD_TIMEOUT);
2249 		sbp_agent_reset(sdev);
2250 		break;
2251 	case 2:
2252 	case 3:
2253 		sbp_target_reset(sdev, sdev->timeout - 1);
2254 		break;
2255 #if 0
2256 	default:
2257 		/* XXX give up */
2258 		sbp_cam_detach_target(target);
2259 		if (target->luns != NULL)
2260 			free(target->luns, M_SBP);
2261 		target->num_lun = 0;
2262 		target->luns = NULL;
2263 		target->fwdev = NULL;
2264 #endif
2265 	}
2266 }
2267 
2268 static void
2269 sbp_action(struct cam_sim *sim, union ccb *ccb)
2270 {
2271 
2272 	struct sbp_softc *sbp = cam_sim_softc(sim);
2273 	struct sbp_target *target = NULL;
2274 	struct sbp_dev *sdev = NULL;
2275 
2276 	if (sbp != NULL)
2277 		SBP_LOCK_ASSERT(sbp);
2278 	/* target:lun -> sdev mapping */
2279 	if (sbp != NULL
2280 			&& ccb->ccb_h.target_id != CAM_TARGET_WILDCARD
2281 			&& ccb->ccb_h.target_id < SBP_NUM_TARGETS) {
2282 		target = &sbp->targets[ccb->ccb_h.target_id];
2283 		if (target->fwdev != NULL
2284 				&& ccb->ccb_h.target_lun != CAM_LUN_WILDCARD
2285 				&& ccb->ccb_h.target_lun < target->num_lun) {
2286 			sdev = target->luns[ccb->ccb_h.target_lun];
2287 			if (sdev != NULL && sdev->status != SBP_DEV_ATTACHED &&
2288 				sdev->status != SBP_DEV_PROBE)
2289 				sdev = NULL;
2290 		}
2291 	}
2292 
2293 SBP_DEBUG(1)
2294 	if (sdev == NULL)
2295 		printf("invalid target %d lun %jx\n",
2296 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2297 END_DEBUG
2298 
2299 	switch (ccb->ccb_h.func_code) {
2300 	case XPT_SCSI_IO:
2301 	case XPT_RESET_DEV:
2302 	case XPT_GET_TRAN_SETTINGS:
2303 	case XPT_SET_TRAN_SETTINGS:
2304 	case XPT_CALC_GEOMETRY:
2305 		if (sdev == NULL) {
2306 SBP_DEBUG(1)
2307 			printf("%s:%d:%jx:func_code 0x%04x: "
2308 				"Invalid target (target needed)\n",
2309 				device_get_nameunit(sbp->fd.dev),
2310 				ccb->ccb_h.target_id,
2311 				(uintmax_t)ccb->ccb_h.target_lun,
2312 				ccb->ccb_h.func_code);
2313 END_DEBUG
2314 
2315 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2316 			xpt_done(ccb);
2317 			return;
2318 		}
2319 		break;
2320 	case XPT_PATH_INQ:
2321 	case XPT_NOOP:
2322 		/* The opcodes sometimes aimed at a target (sc is valid),
2323 		 * sometimes aimed at the SIM (sc is invalid and target is
2324 		 * CAM_TARGET_WILDCARD)
2325 		 */
2326 		if (sbp == NULL &&
2327 			ccb->ccb_h.target_id != CAM_TARGET_WILDCARD) {
2328 SBP_DEBUG(0)
2329 			printf("%s:%d:%jx func_code 0x%04x: "
2330 				"Invalid target (no wildcard)\n",
2331 				device_get_nameunit(sbp->fd.dev),
2332 				ccb->ccb_h.target_id,
2333 				(uintmax_t)ccb->ccb_h.target_lun,
2334 				ccb->ccb_h.func_code);
2335 END_DEBUG
2336 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2337 			xpt_done(ccb);
2338 			return;
2339 		}
2340 		break;
2341 	default:
2342 		/* XXX Hm, we should check the input parameters */
2343 		break;
2344 	}
2345 
2346 	switch (ccb->ccb_h.func_code) {
2347 	case XPT_SCSI_IO:
2348 	{
2349 		struct ccb_scsiio *csio;
2350 		struct sbp_ocb *ocb;
2351 		int speed;
2352 		void *cdb;
2353 
2354 		csio = &ccb->csio;
2355 		mtx_assert(sim->mtx, MA_OWNED);
2356 
2357 SBP_DEBUG(2)
2358 		printf("%s:%d:%jx XPT_SCSI_IO: "
2359 			"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
2360 			", flags: 0x%02x, "
2361 			"%db cmd/%db data/%db sense\n",
2362 			device_get_nameunit(sbp->fd.dev),
2363 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun,
2364 			csio->cdb_io.cdb_bytes[0],
2365 			csio->cdb_io.cdb_bytes[1],
2366 			csio->cdb_io.cdb_bytes[2],
2367 			csio->cdb_io.cdb_bytes[3],
2368 			csio->cdb_io.cdb_bytes[4],
2369 			csio->cdb_io.cdb_bytes[5],
2370 			csio->cdb_io.cdb_bytes[6],
2371 			csio->cdb_io.cdb_bytes[7],
2372 			csio->cdb_io.cdb_bytes[8],
2373 			csio->cdb_io.cdb_bytes[9],
2374 			ccb->ccb_h.flags & CAM_DIR_MASK,
2375 			csio->cdb_len, csio->dxfer_len,
2376 			csio->sense_len);
2377 END_DEBUG
2378 		if (sdev == NULL) {
2379 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2380 			xpt_done(ccb);
2381 			return;
2382 		}
2383 		if (csio->cdb_len > sizeof(ocb->orb) - 5 * sizeof(uint32_t)) {
2384 			ccb->ccb_h.status = CAM_REQ_INVALID;
2385 			xpt_done(ccb);
2386 			return;
2387 		}
2388 #if 0
2389 		/* if we are in probe stage, pass only probe commands */
2390 		if (sdev->status == SBP_DEV_PROBE) {
2391 			char *name;
2392 			name = xpt_path_periph(ccb->ccb_h.path)->periph_name;
2393 			printf("probe stage, periph name: %s\n", name);
2394 			if (strcmp(name, "probe") != 0) {
2395 				ccb->ccb_h.status = CAM_REQUEUE_REQ;
2396 				xpt_done(ccb);
2397 				return;
2398 			}
2399 		}
2400 #endif
2401 		if ((ocb = sbp_get_ocb(sdev)) == NULL) {
2402 			ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2403 			if (sdev->freeze == 0) {
2404 				xpt_freeze_devq(sdev->path, 1);
2405 				sdev->freeze++;
2406 			}
2407 			xpt_done(ccb);
2408 			return;
2409 		}
2410 
2411 		ocb->flags = OCB_ACT_CMD;
2412 		ocb->sdev = sdev;
2413 		ocb->ccb = ccb;
2414 		ccb->ccb_h.ccb_sdev_ptr = sdev;
2415 		ocb->orb[0] = htonl(1U << 31);
2416 		ocb->orb[1] = 0;
2417 		ocb->orb[2] = htonl(((sbp->fd.fc->nodeid | FWLOCALBUS) << 16));
2418 		ocb->orb[3] = htonl(ocb->bus_addr + IND_PTR_OFFSET);
2419 		speed = min(target->fwdev->speed, max_speed);
2420 		ocb->orb[4] = htonl(ORB_NOTIFY | ORB_CMD_SPD(speed)
2421 						| ORB_CMD_MAXP(speed + 7));
2422 		if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) {
2423 			ocb->orb[4] |= htonl(ORB_CMD_IN);
2424 		}
2425 
2426 		if (csio->ccb_h.flags & CAM_CDB_POINTER)
2427 			cdb = (void *)csio->cdb_io.cdb_ptr;
2428 		else
2429 			cdb = (void *)&csio->cdb_io.cdb_bytes;
2430 		bcopy(cdb, (void *)&ocb->orb[5], csio->cdb_len);
2431 /*
2432 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[0]), ntohl(ocb->orb[1]), ntohl(ocb->orb[2]), ntohl(ocb->orb[3]));
2433 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[4]), ntohl(ocb->orb[5]), ntohl(ocb->orb[6]), ntohl(ocb->orb[7]));
2434 */
2435 		if (ccb->csio.dxfer_len > 0) {
2436 			int error;
2437 
2438 			error = bus_dmamap_load_ccb(/*dma tag*/sbp->dmat,
2439 					/*dma map*/ocb->dmamap,
2440 					ccb,
2441 					sbp_execute_ocb,
2442 					ocb,
2443 					/*flags*/0);
2444 			if (error)
2445 				printf("sbp: bus_dmamap_load error %d\n", error);
2446 		} else
2447 			sbp_execute_ocb(ocb, NULL, 0, 0);
2448 		break;
2449 	}
2450 	case XPT_CALC_GEOMETRY:
2451 	{
2452 		struct ccb_calc_geometry *ccg;
2453 
2454 		ccg = &ccb->ccg;
2455 		if (ccg->block_size == 0) {
2456 			printf("sbp_action: block_size is 0.\n");
2457 			ccb->ccb_h.status = CAM_REQ_INVALID;
2458 			xpt_done(ccb);
2459 			break;
2460 		}
2461 SBP_DEBUG(1)
2462 		printf("%s:%d:%d:%jx:XPT_CALC_GEOMETRY: "
2463 			"Volume size = %jd\n",
2464 			device_get_nameunit(sbp->fd.dev),
2465 			cam_sim_path(sbp->sim),
2466 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun,
2467 			(uintmax_t)ccg->volume_size);
2468 END_DEBUG
2469 
2470 		cam_calc_geometry(ccg, /*extended*/1);
2471 		xpt_done(ccb);
2472 		break;
2473 	}
2474 	case XPT_RESET_BUS:		/* Reset the specified SCSI bus */
2475 	{
2476 
2477 SBP_DEBUG(1)
2478 		printf("%s:%d:XPT_RESET_BUS: \n",
2479 			device_get_nameunit(sbp->fd.dev), cam_sim_path(sbp->sim));
2480 END_DEBUG
2481 
2482 		ccb->ccb_h.status = CAM_REQ_INVALID;
2483 		xpt_done(ccb);
2484 		break;
2485 	}
2486 	case XPT_PATH_INQ:		/* Path routing inquiry */
2487 	{
2488 		struct ccb_pathinq *cpi = &ccb->cpi;
2489 
2490 SBP_DEBUG(1)
2491 		printf("%s:%d:%jx XPT_PATH_INQ:.\n",
2492 			device_get_nameunit(sbp->fd.dev),
2493 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2494 END_DEBUG
2495 		cpi->version_num = 1; /* XXX??? */
2496 		cpi->hba_inquiry = PI_TAG_ABLE;
2497 		cpi->target_sprt = 0;
2498 		cpi->hba_misc = PIM_NOBUSRESET | PIM_NO_6_BYTE;
2499 		cpi->hba_eng_cnt = 0;
2500 		cpi->max_target = SBP_NUM_TARGETS - 1;
2501 		cpi->max_lun = SBP_NUM_LUNS - 1;
2502 		cpi->initiator_id = SBP_INITIATOR;
2503 		cpi->bus_id = sim->bus_id;
2504 		cpi->base_transfer_speed = 400 * 1000 / 8;
2505 		strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2506 		strlcpy(cpi->hba_vid, "SBP", HBA_IDLEN);
2507 		strlcpy(cpi->dev_name, sim->sim_name, DEV_IDLEN);
2508 		cpi->unit_number = sim->unit_number;
2509 		cpi->transport = XPORT_SPI;	/* XX should have a FireWire */
2510 		cpi->transport_version = 2;
2511 		cpi->protocol = PROTO_SCSI;
2512 		cpi->protocol_version = SCSI_REV_2;
2513 
2514 		cpi->ccb_h.status = CAM_REQ_CMP;
2515 		xpt_done(ccb);
2516 		break;
2517 	}
2518 	case XPT_GET_TRAN_SETTINGS:
2519 	{
2520 		struct ccb_trans_settings *cts = &ccb->cts;
2521 		struct ccb_trans_settings_scsi *scsi =
2522 		    &cts->proto_specific.scsi;
2523 		struct ccb_trans_settings_spi *spi =
2524 		    &cts->xport_specific.spi;
2525 
2526 		cts->protocol = PROTO_SCSI;
2527 		cts->protocol_version = SCSI_REV_2;
2528 		cts->transport = XPORT_SPI;	/* should have a FireWire */
2529 		cts->transport_version = 2;
2530 		spi->valid = CTS_SPI_VALID_DISC;
2531 		spi->flags = CTS_SPI_FLAGS_DISC_ENB;
2532 		scsi->valid = CTS_SCSI_VALID_TQ;
2533 		scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
2534 SBP_DEBUG(1)
2535 		printf("%s:%d:%jx XPT_GET_TRAN_SETTINGS:.\n",
2536 			device_get_nameunit(sbp->fd.dev),
2537 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2538 END_DEBUG
2539 		cts->ccb_h.status = CAM_REQ_CMP;
2540 		xpt_done(ccb);
2541 		break;
2542 	}
2543 	case XPT_ABORT:
2544 		ccb->ccb_h.status = CAM_UA_ABORT;
2545 		xpt_done(ccb);
2546 		break;
2547 	case XPT_SET_TRAN_SETTINGS:
2548 		/* XXX */
2549 	default:
2550 		ccb->ccb_h.status = CAM_REQ_INVALID;
2551 		xpt_done(ccb);
2552 		break;
2553 	}
2554 	return;
2555 }
2556 
2557 static void
2558 sbp_execute_ocb(void *arg, bus_dma_segment_t *segments, int seg, int error)
2559 {
2560 	int i;
2561 	struct sbp_ocb *ocb;
2562 	struct sbp_ocb *prev;
2563 	bus_dma_segment_t *s;
2564 
2565 	if (error)
2566 		printf("sbp_execute_ocb: error=%d\n", error);
2567 
2568 	ocb = (struct sbp_ocb *)arg;
2569 
2570 SBP_DEBUG(2)
2571 	printf("sbp_execute_ocb: seg %d", seg);
2572 	for (i = 0; i < seg; i++)
2573 		printf(", %jx:%jd", (uintmax_t)segments[i].ds_addr,
2574 					(uintmax_t)segments[i].ds_len);
2575 	printf("\n");
2576 END_DEBUG
2577 
2578 	if (seg == 1) {
2579 		/* direct pointer */
2580 		s = &segments[0];
2581 		if (s->ds_len > SBP_SEG_MAX)
2582 			panic("ds_len > SBP_SEG_MAX, fix busdma code");
2583 		ocb->orb[3] = htonl(s->ds_addr);
2584 		ocb->orb[4] |= htonl(s->ds_len);
2585 	} else if (seg > 1) {
2586 		/* page table */
2587 		for (i = 0; i < seg; i++) {
2588 			s = &segments[i];
2589 SBP_DEBUG(0)
2590 			/* XXX LSI Logic "< 16 byte" bug might be hit */
2591 			if (s->ds_len < 16)
2592 				printf("sbp_execute_ocb: warning, "
2593 					"segment length(%zd) is less than 16."
2594 					"(seg=%d/%d)\n", (size_t)s->ds_len, i + 1, seg);
2595 END_DEBUG
2596 			if (s->ds_len > SBP_SEG_MAX)
2597 				panic("ds_len > SBP_SEG_MAX, fix busdma code");
2598 			ocb->ind_ptr[i].hi = htonl(s->ds_len << 16);
2599 			ocb->ind_ptr[i].lo = htonl(s->ds_addr);
2600 		}
2601 		ocb->orb[4] |= htonl(ORB_CMD_PTBL | seg);
2602 	}
2603 
2604 	if (seg > 0)
2605 		bus_dmamap_sync(ocb->sdev->target->sbp->dmat, ocb->dmamap,
2606 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2607 			BUS_DMASYNC_PREREAD : BUS_DMASYNC_PREWRITE);
2608 	prev = sbp_enqueue_ocb(ocb->sdev, ocb);
2609 	fwdma_sync(&ocb->sdev->dma, BUS_DMASYNC_PREWRITE);
2610 	if (use_doorbell) {
2611 		if (prev == NULL) {
2612 			if (ocb->sdev->last_ocb != NULL)
2613 				sbp_doorbell(ocb->sdev);
2614 			else
2615 				sbp_orb_pointer(ocb->sdev, ocb);
2616 		}
2617 	} else {
2618 		if (prev == NULL || (ocb->sdev->flags & ORB_LINK_DEAD) != 0) {
2619 			ocb->sdev->flags &= ~ORB_LINK_DEAD;
2620 			sbp_orb_pointer(ocb->sdev, ocb);
2621 		}
2622 	}
2623 }
2624 
2625 static void
2626 sbp_poll(struct cam_sim *sim)
2627 {
2628 	struct sbp_softc *sbp;
2629 	struct firewire_comm *fc;
2630 
2631 	sbp = cam_sim_softc(sim);
2632 	fc = sbp->fd.fc;
2633 
2634 	fc->poll(fc, 0, -1);
2635 
2636 	return;
2637 }
2638 
2639 static struct sbp_ocb *
2640 sbp_dequeue_ocb(struct sbp_dev *sdev, struct sbp_status *sbp_status)
2641 {
2642 	struct sbp_ocb *ocb;
2643 	struct sbp_ocb *next;
2644 	int order = 0;
2645 
2646 SBP_DEBUG(1)
2647 	device_printf(sdev->target->sbp->fd.dev,
2648 	"%s:%s 0x%08x src %d\n",
2649 	    __func__, sdev->bustgtlun, ntohl(sbp_status->orb_lo), sbp_status->src);
2650 END_DEBUG
2651 	SBP_LOCK_ASSERT(sdev->target->sbp);
2652 	STAILQ_FOREACH_SAFE(ocb, &sdev->ocbs, ocb, next) {
2653 		if (OCB_MATCH(ocb, sbp_status)) {
2654 			/* found */
2655 			STAILQ_REMOVE(&sdev->ocbs, ocb, sbp_ocb, ocb);
2656 			if (ocb->ccb != NULL)
2657 				callout_stop(&ocb->timer);
2658 			if (ntohl(ocb->orb[4]) & 0xffff) {
2659 				bus_dmamap_sync(sdev->target->sbp->dmat,
2660 					ocb->dmamap,
2661 					(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2662 					BUS_DMASYNC_POSTREAD :
2663 					BUS_DMASYNC_POSTWRITE);
2664 				bus_dmamap_unload(sdev->target->sbp->dmat,
2665 					ocb->dmamap);
2666 			}
2667 			if (!use_doorbell) {
2668 				if (sbp_status->src == SRC_NO_NEXT) {
2669 					if (next != NULL)
2670 						sbp_orb_pointer(sdev, next);
2671 					else if (order > 0) {
2672 						/*
2673 						 * Unordered execution
2674 						 * We need to send pointer for
2675 						 * next ORB
2676 						 */
2677 						sdev->flags |= ORB_LINK_DEAD;
2678 					}
2679 				}
2680 			} else {
2681 				/*
2682 				 * XXX this is not correct for unordered
2683 				 * execution.
2684 				 */
2685 				if (sdev->last_ocb != NULL) {
2686 					sbp_free_ocb(sdev, sdev->last_ocb);
2687 				}
2688 				sdev->last_ocb = ocb;
2689 				if (next != NULL &&
2690 				    sbp_status->src == SRC_NO_NEXT)
2691 					sbp_doorbell(sdev);
2692 			}
2693 			break;
2694 		} else
2695 			order++;
2696 	}
2697 SBP_DEBUG(0)
2698 	if (ocb && order > 0) {
2699 		device_printf(sdev->target->sbp->fd.dev,
2700 			"%s:%s unordered execution order:%d\n",
2701 			__func__, sdev->bustgtlun, order);
2702 	}
2703 END_DEBUG
2704 	return (ocb);
2705 }
2706 
2707 static struct sbp_ocb *
2708 sbp_enqueue_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2709 {
2710 	struct sbp_ocb *prev, *prev2;
2711 
2712 	SBP_LOCK_ASSERT(sdev->target->sbp);
2713 SBP_DEBUG(1)
2714 	device_printf(sdev->target->sbp->fd.dev,
2715 	"%s:%s 0x%08jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2716 END_DEBUG
2717 	prev2 = prev = STAILQ_LAST(&sdev->ocbs, sbp_ocb, ocb);
2718 	STAILQ_INSERT_TAIL(&sdev->ocbs, ocb, ocb);
2719 
2720 	if (ocb->ccb != NULL) {
2721 		callout_reset_sbt(&ocb->timer,
2722 		    SBT_1MS * ocb->ccb->ccb_h.timeout, 0, sbp_timeout,
2723 		    ocb, 0);
2724 	}
2725 
2726 	if (use_doorbell && prev == NULL)
2727 		prev2 = sdev->last_ocb;
2728 
2729 	if (prev2 != NULL && (ocb->sdev->flags & ORB_LINK_DEAD) == 0) {
2730 SBP_DEBUG(1)
2731 		printf("linking chain 0x%jx -> 0x%jx\n",
2732 		    (uintmax_t)prev2->bus_addr, (uintmax_t)ocb->bus_addr);
2733 END_DEBUG
2734 		/*
2735 		 * Suppress compiler optimization so that orb[1] must be written first.
2736 		 * XXX We may need an explicit memory barrier for other architectures
2737 		 * other than i386/amd64.
2738 		 */
2739 		*(volatile uint32_t *)&prev2->orb[1] = htonl(ocb->bus_addr);
2740 		*(volatile uint32_t *)&prev2->orb[0] = 0;
2741 	}
2742 
2743 	return prev;
2744 }
2745 
2746 static struct sbp_ocb *
2747 sbp_get_ocb(struct sbp_dev *sdev)
2748 {
2749 	struct sbp_ocb *ocb;
2750 
2751 	SBP_LOCK_ASSERT(sdev->target->sbp);
2752 	ocb = STAILQ_FIRST(&sdev->free_ocbs);
2753 	if (ocb == NULL) {
2754 		sdev->flags |= ORB_SHORTAGE;
2755 		printf("ocb shortage!!!\n");
2756 		return NULL;
2757 	}
2758 	STAILQ_REMOVE_HEAD(&sdev->free_ocbs, ocb);
2759 	ocb->ccb = NULL;
2760 	return (ocb);
2761 }
2762 
2763 static void
2764 sbp_free_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2765 {
2766 	ocb->flags = 0;
2767 	ocb->ccb = NULL;
2768 
2769 	SBP_LOCK_ASSERT(sdev->target->sbp);
2770 	STAILQ_INSERT_TAIL(&sdev->free_ocbs, ocb, ocb);
2771 	if ((sdev->flags & ORB_SHORTAGE) != 0) {
2772 		int count;
2773 
2774 		sdev->flags &= ~ORB_SHORTAGE;
2775 		count = sdev->freeze;
2776 		sdev->freeze = 0;
2777 		xpt_release_devq(sdev->path, count, TRUE);
2778 	}
2779 }
2780 
2781 static void
2782 sbp_abort_ocb(struct sbp_ocb *ocb, int status)
2783 {
2784 	struct sbp_dev *sdev;
2785 
2786 	sdev = ocb->sdev;
2787 	SBP_LOCK_ASSERT(sdev->target->sbp);
2788 SBP_DEBUG(0)
2789 	device_printf(sdev->target->sbp->fd.dev,
2790 	"%s:%s 0x%jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2791 END_DEBUG
2792 SBP_DEBUG(1)
2793 	if (ocb->ccb != NULL)
2794 		sbp_print_scsi_cmd(ocb);
2795 END_DEBUG
2796 	if (ntohl(ocb->orb[4]) & 0xffff) {
2797 		bus_dmamap_sync(sdev->target->sbp->dmat, ocb->dmamap,
2798 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2799 			BUS_DMASYNC_POSTREAD : BUS_DMASYNC_POSTWRITE);
2800 		bus_dmamap_unload(sdev->target->sbp->dmat, ocb->dmamap);
2801 	}
2802 	if (ocb->ccb != NULL) {
2803 		callout_stop(&ocb->timer);
2804 		ocb->ccb->ccb_h.status = status;
2805 		xpt_done(ocb->ccb);
2806 	}
2807 	sbp_free_ocb(sdev, ocb);
2808 }
2809 
2810 static void
2811 sbp_abort_all_ocbs(struct sbp_dev *sdev, int status)
2812 {
2813 	struct sbp_ocb *ocb, *next;
2814 	STAILQ_HEAD(, sbp_ocb) temp;
2815 
2816 	STAILQ_INIT(&temp);
2817 	SBP_LOCK_ASSERT(sdev->target->sbp);
2818 	STAILQ_CONCAT(&temp, &sdev->ocbs);
2819 	STAILQ_INIT(&sdev->ocbs);
2820 
2821 	STAILQ_FOREACH_SAFE(ocb, &temp, ocb, next) {
2822 		sbp_abort_ocb(ocb, status);
2823 	}
2824 	if (sdev->last_ocb != NULL) {
2825 		sbp_free_ocb(sdev, sdev->last_ocb);
2826 		sdev->last_ocb = NULL;
2827 	}
2828 }
2829 
2830 static device_method_t sbp_methods[] = {
2831 	/* device interface */
2832 	DEVMETHOD(device_identify,	sbp_identify),
2833 	DEVMETHOD(device_probe,		sbp_probe),
2834 	DEVMETHOD(device_attach,	sbp_attach),
2835 	DEVMETHOD(device_detach,	sbp_detach),
2836 	DEVMETHOD(device_shutdown,	sbp_shutdown),
2837 
2838 	{ 0, 0 }
2839 };
2840 
2841 static driver_t sbp_driver = {
2842 	"sbp",
2843 	sbp_methods,
2844 	sizeof(struct sbp_softc),
2845 };
2846 DRIVER_MODULE(sbp, firewire, sbp_driver, 0, 0);
2847 MODULE_VERSION(sbp, 1);
2848 MODULE_DEPEND(sbp, firewire, 1, 1, 1);
2849 MODULE_DEPEND(sbp, cam, 1, 1, 1);
2850