xref: /freebsd/sys/dev/aac/aac.c (revision 282a3889ebf826db9839be296ff1dd903f6d6d6e)
1 /*-
2  * Copyright (c) 2000 Michael Smith
3  * Copyright (c) 2001 Scott Long
4  * Copyright (c) 2000 BSDi
5  * Copyright (c) 2001 Adaptec, Inc.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
32 
33 /*
34  * Driver for the Adaptec 'FSA' family of PCI/SCSI RAID adapters.
35  */
36 #define AAC_DRIVER_VERSION		0x02000000
37 #define AAC_DRIVERNAME			"aac"
38 
39 #include "opt_aac.h"
40 
41 /* #include <stddef.h> */
42 #include <sys/param.h>
43 #include <sys/systm.h>
44 #include <sys/malloc.h>
45 #include <sys/kernel.h>
46 #include <sys/kthread.h>
47 #include <sys/sysctl.h>
48 #include <sys/poll.h>
49 #include <sys/ioccom.h>
50 
51 #include <sys/bus.h>
52 #include <sys/conf.h>
53 #include <sys/signalvar.h>
54 #include <sys/time.h>
55 #include <sys/eventhandler.h>
56 #include <sys/rman.h>
57 
58 #include <machine/bus.h>
59 #include <sys/bus_dma.h>
60 #include <machine/resource.h>
61 
62 #include <dev/pci/pcireg.h>
63 #include <dev/pci/pcivar.h>
64 
65 #include <dev/aac/aacreg.h>
66 #include <sys/aac_ioctl.h>
67 #include <dev/aac/aacvar.h>
68 #include <dev/aac/aac_tables.h>
69 
70 static void	aac_startup(void *arg);
71 static void	aac_add_container(struct aac_softc *sc,
72 				  struct aac_mntinforesp *mir, int f);
73 static void	aac_get_bus_info(struct aac_softc *sc);
74 
75 /* Command Processing */
76 static void	aac_timeout(struct aac_softc *sc);
77 static void	aac_complete(void *context, int pending);
78 static int	aac_bio_command(struct aac_softc *sc, struct aac_command **cmp);
79 static void	aac_bio_complete(struct aac_command *cm);
80 static int	aac_wait_command(struct aac_command *cm);
81 static void	aac_command_thread(struct aac_softc *sc);
82 
83 /* Command Buffer Management */
84 static void	aac_map_command_sg(void *arg, bus_dma_segment_t *segs,
85 				   int nseg, int error);
86 static void	aac_map_command_helper(void *arg, bus_dma_segment_t *segs,
87 				       int nseg, int error);
88 static int	aac_alloc_commands(struct aac_softc *sc);
89 static void	aac_free_commands(struct aac_softc *sc);
90 static void	aac_unmap_command(struct aac_command *cm);
91 
92 /* Hardware Interface */
93 static void	aac_common_map(void *arg, bus_dma_segment_t *segs, int nseg,
94 			       int error);
95 static int	aac_check_firmware(struct aac_softc *sc);
96 static int	aac_init(struct aac_softc *sc);
97 static int	aac_sync_command(struct aac_softc *sc, u_int32_t command,
98 				 u_int32_t arg0, u_int32_t arg1, u_int32_t arg2,
99 				 u_int32_t arg3, u_int32_t *sp);
100 static int	aac_enqueue_fib(struct aac_softc *sc, int queue,
101 				struct aac_command *cm);
102 static int	aac_dequeue_fib(struct aac_softc *sc, int queue,
103 				u_int32_t *fib_size, struct aac_fib **fib_addr);
104 static int	aac_enqueue_response(struct aac_softc *sc, int queue,
105 				     struct aac_fib *fib);
106 
107 /* Falcon/PPC interface */
108 static int	aac_fa_get_fwstatus(struct aac_softc *sc);
109 static void	aac_fa_qnotify(struct aac_softc *sc, int qbit);
110 static int	aac_fa_get_istatus(struct aac_softc *sc);
111 static void	aac_fa_clear_istatus(struct aac_softc *sc, int mask);
112 static void	aac_fa_set_mailbox(struct aac_softc *sc, u_int32_t command,
113 				   u_int32_t arg0, u_int32_t arg1,
114 				   u_int32_t arg2, u_int32_t arg3);
115 static int	aac_fa_get_mailbox(struct aac_softc *sc, int mb);
116 static void	aac_fa_set_interrupts(struct aac_softc *sc, int enable);
117 
118 struct aac_interface aac_fa_interface = {
119 	aac_fa_get_fwstatus,
120 	aac_fa_qnotify,
121 	aac_fa_get_istatus,
122 	aac_fa_clear_istatus,
123 	aac_fa_set_mailbox,
124 	aac_fa_get_mailbox,
125 	aac_fa_set_interrupts,
126 	NULL, NULL, NULL
127 };
128 
129 /* StrongARM interface */
130 static int	aac_sa_get_fwstatus(struct aac_softc *sc);
131 static void	aac_sa_qnotify(struct aac_softc *sc, int qbit);
132 static int	aac_sa_get_istatus(struct aac_softc *sc);
133 static void	aac_sa_clear_istatus(struct aac_softc *sc, int mask);
134 static void	aac_sa_set_mailbox(struct aac_softc *sc, u_int32_t command,
135 				   u_int32_t arg0, u_int32_t arg1,
136 				   u_int32_t arg2, u_int32_t arg3);
137 static int	aac_sa_get_mailbox(struct aac_softc *sc, int mb);
138 static void	aac_sa_set_interrupts(struct aac_softc *sc, int enable);
139 
140 struct aac_interface aac_sa_interface = {
141 	aac_sa_get_fwstatus,
142 	aac_sa_qnotify,
143 	aac_sa_get_istatus,
144 	aac_sa_clear_istatus,
145 	aac_sa_set_mailbox,
146 	aac_sa_get_mailbox,
147 	aac_sa_set_interrupts,
148 	NULL, NULL, NULL
149 };
150 
151 /* i960Rx interface */
152 static int	aac_rx_get_fwstatus(struct aac_softc *sc);
153 static void	aac_rx_qnotify(struct aac_softc *sc, int qbit);
154 static int	aac_rx_get_istatus(struct aac_softc *sc);
155 static void	aac_rx_clear_istatus(struct aac_softc *sc, int mask);
156 static void	aac_rx_set_mailbox(struct aac_softc *sc, u_int32_t command,
157 				   u_int32_t arg0, u_int32_t arg1,
158 				   u_int32_t arg2, u_int32_t arg3);
159 static int	aac_rx_get_mailbox(struct aac_softc *sc, int mb);
160 static void	aac_rx_set_interrupts(struct aac_softc *sc, int enable);
161 static int aac_rx_send_command(struct aac_softc *sc, struct aac_command *cm);
162 static int aac_rx_get_outb_queue(struct aac_softc *sc);
163 static void aac_rx_set_outb_queue(struct aac_softc *sc, int index);
164 
165 struct aac_interface aac_rx_interface = {
166 	aac_rx_get_fwstatus,
167 	aac_rx_qnotify,
168 	aac_rx_get_istatus,
169 	aac_rx_clear_istatus,
170 	aac_rx_set_mailbox,
171 	aac_rx_get_mailbox,
172 	aac_rx_set_interrupts,
173 	aac_rx_send_command,
174 	aac_rx_get_outb_queue,
175 	aac_rx_set_outb_queue
176 };
177 
178 /* Rocket/MIPS interface */
179 static int	aac_rkt_get_fwstatus(struct aac_softc *sc);
180 static void	aac_rkt_qnotify(struct aac_softc *sc, int qbit);
181 static int	aac_rkt_get_istatus(struct aac_softc *sc);
182 static void	aac_rkt_clear_istatus(struct aac_softc *sc, int mask);
183 static void	aac_rkt_set_mailbox(struct aac_softc *sc, u_int32_t command,
184 				    u_int32_t arg0, u_int32_t arg1,
185 				    u_int32_t arg2, u_int32_t arg3);
186 static int	aac_rkt_get_mailbox(struct aac_softc *sc, int mb);
187 static void	aac_rkt_set_interrupts(struct aac_softc *sc, int enable);
188 static int aac_rkt_send_command(struct aac_softc *sc, struct aac_command *cm);
189 static int aac_rkt_get_outb_queue(struct aac_softc *sc);
190 static void aac_rkt_set_outb_queue(struct aac_softc *sc, int index);
191 
192 struct aac_interface aac_rkt_interface = {
193 	aac_rkt_get_fwstatus,
194 	aac_rkt_qnotify,
195 	aac_rkt_get_istatus,
196 	aac_rkt_clear_istatus,
197 	aac_rkt_set_mailbox,
198 	aac_rkt_get_mailbox,
199 	aac_rkt_set_interrupts,
200 	aac_rkt_send_command,
201 	aac_rkt_get_outb_queue,
202 	aac_rkt_set_outb_queue
203 };
204 
205 /* Debugging and Diagnostics */
206 static void	aac_describe_controller(struct aac_softc *sc);
207 static char	*aac_describe_code(struct aac_code_lookup *table,
208 				   u_int32_t code);
209 
210 /* Management Interface */
211 static d_open_t		aac_open;
212 static d_close_t	aac_close;
213 static d_ioctl_t	aac_ioctl;
214 static d_poll_t		aac_poll;
215 static int		aac_ioctl_sendfib(struct aac_softc *sc, caddr_t ufib);
216 static void		aac_handle_aif(struct aac_softc *sc,
217 					   struct aac_fib *fib);
218 static int		aac_rev_check(struct aac_softc *sc, caddr_t udata);
219 static int		aac_getnext_aif(struct aac_softc *sc, caddr_t arg);
220 static int		aac_return_aif(struct aac_softc *sc, caddr_t uptr);
221 static int		aac_query_disk(struct aac_softc *sc, caddr_t uptr);
222 static int		aac_get_pci_info(struct aac_softc *sc, caddr_t uptr);
223 static void		aac_ioctl_event(struct aac_softc *sc,
224 				        struct aac_event *event, void *arg);
225 
226 static struct cdevsw aac_cdevsw = {
227 	.d_version =	D_VERSION,
228 	.d_flags =	D_NEEDGIANT,
229 	.d_open =	aac_open,
230 	.d_close =	aac_close,
231 	.d_ioctl =	aac_ioctl,
232 	.d_poll =	aac_poll,
233 	.d_name =	"aac",
234 };
235 
236 MALLOC_DEFINE(M_AACBUF, "aacbuf", "Buffers for the AAC driver");
237 
238 /* sysctl node */
239 SYSCTL_NODE(_hw, OID_AUTO, aac, CTLFLAG_RD, 0, "AAC driver parameters");
240 
241 /*
242  * Device Interface
243  */
244 
245 /*
246  * Initialise the controller and softc
247  */
248 int
249 aac_attach(struct aac_softc *sc)
250 {
251 	int error, unit;
252 
253 	debug_called(1);
254 
255 	/*
256 	 * Initialise per-controller queues.
257 	 */
258 	aac_initq_free(sc);
259 	aac_initq_ready(sc);
260 	aac_initq_busy(sc);
261 	aac_initq_bio(sc);
262 
263 	/*
264 	 * Initialise command-completion task.
265 	 */
266 	TASK_INIT(&sc->aac_task_complete, 0, aac_complete, sc);
267 
268 	/* mark controller as suspended until we get ourselves organised */
269 	sc->aac_state |= AAC_STATE_SUSPEND;
270 
271 	/*
272 	 * Check that the firmware on the card is supported.
273 	 */
274 	if ((error = aac_check_firmware(sc)) != 0)
275 		return(error);
276 
277 	/*
278 	 * Initialize locks
279 	 */
280 	mtx_init(&sc->aac_aifq_lock, "AAC AIF lock", NULL, MTX_DEF);
281 	mtx_init(&sc->aac_io_lock, "AAC I/O lock", NULL, MTX_DEF);
282 	mtx_init(&sc->aac_container_lock, "AAC container lock", NULL, MTX_DEF);
283 	TAILQ_INIT(&sc->aac_container_tqh);
284 	TAILQ_INIT(&sc->aac_ev_cmfree);
285 
286 	/* Initialize the local AIF queue pointers */
287 	sc->aac_aifq_head = sc->aac_aifq_tail = AAC_AIFQ_LENGTH;
288 
289 	/*
290 	 * Initialise the adapter.
291 	 */
292 	if ((error = aac_init(sc)) != 0)
293 		return(error);
294 
295 	/*
296 	 * Allocate and connect our interrupt.
297 	 */
298 	sc->aac_irq_rid = 0;
299 	if ((sc->aac_irq = bus_alloc_resource_any(sc->aac_dev, SYS_RES_IRQ,
300 			   			  &sc->aac_irq_rid,
301 			   			  RF_SHAREABLE |
302 						  RF_ACTIVE)) == NULL) {
303 		device_printf(sc->aac_dev, "can't allocate interrupt\n");
304 		return (EINVAL);
305 	}
306 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
307 		if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
308 				   INTR_MPSAFE|INTR_TYPE_BIO, NULL,
309 				   aac_new_intr, sc, &sc->aac_intr)) {
310 			device_printf(sc->aac_dev, "can't set up interrupt\n");
311 			return (EINVAL);
312 		}
313 	} else {
314 		if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
315 				   INTR_TYPE_BIO, aac_fast_intr, NULL,
316 				   sc, &sc->aac_intr)) {
317 			device_printf(sc->aac_dev,
318 				      "can't set up FAST interrupt\n");
319 			if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
320 					   INTR_MPSAFE|INTR_TYPE_BIO,
321 					   NULL, (driver_intr_t *)aac_fast_intr,
322 					   sc, &sc->aac_intr)) {
323 				device_printf(sc->aac_dev,
324 					     "can't set up MPSAFE interrupt\n");
325 				return (EINVAL);
326 			}
327 		}
328 	}
329 
330 	/*
331 	 * Print a little information about the controller.
332 	 */
333 	aac_describe_controller(sc);
334 
335 	/*
336 	 * Register to probe our containers later.
337 	 */
338 	sc->aac_ich.ich_func = aac_startup;
339 	sc->aac_ich.ich_arg = sc;
340 	if (config_intrhook_establish(&sc->aac_ich) != 0) {
341 		device_printf(sc->aac_dev,
342 			      "can't establish configuration hook\n");
343 		return(ENXIO);
344 	}
345 
346 	/*
347 	 * Make the control device.
348 	 */
349 	unit = device_get_unit(sc->aac_dev);
350 	sc->aac_dev_t = make_dev(&aac_cdevsw, unit, UID_ROOT, GID_OPERATOR,
351 				 0640, "aac%d", unit);
352 	(void)make_dev_alias(sc->aac_dev_t, "afa%d", unit);
353 	(void)make_dev_alias(sc->aac_dev_t, "hpn%d", unit);
354 	sc->aac_dev_t->si_drv1 = sc;
355 
356 	/* Create the AIF thread */
357 	if (kthread_create((void(*)(void *))aac_command_thread, sc,
358 		   &sc->aifthread, 0, 0, "aac%daif", unit))
359 		panic("Could not create AIF thread\n");
360 
361 	/* Register the shutdown method to only be called post-dump */
362 	if ((sc->eh = EVENTHANDLER_REGISTER(shutdown_final, aac_shutdown,
363 	    sc->aac_dev, SHUTDOWN_PRI_DEFAULT)) == NULL)
364 		device_printf(sc->aac_dev,
365 			      "shutdown event registration failed\n");
366 
367 	/* Register with CAM for the non-DASD devices */
368 	if ((sc->flags & AAC_FLAGS_ENABLE_CAM) != 0) {
369 		TAILQ_INIT(&sc->aac_sim_tqh);
370 		aac_get_bus_info(sc);
371 	}
372 
373 	return(0);
374 }
375 
376 void
377 aac_add_event(struct aac_softc *sc, struct aac_event *event)
378 {
379 
380 	switch (event->ev_type & AAC_EVENT_MASK) {
381 	case AAC_EVENT_CMFREE:
382 		TAILQ_INSERT_TAIL(&sc->aac_ev_cmfree, event, ev_links);
383 		break;
384 	default:
385 		device_printf(sc->aac_dev, "aac_add event: unknown event %d\n",
386 		    event->ev_type);
387 		break;
388 	}
389 
390 	return;
391 }
392 
393 /*
394  * Probe for containers, create disks.
395  */
396 static void
397 aac_startup(void *arg)
398 {
399 	struct aac_softc *sc;
400 	struct aac_fib *fib;
401 	struct aac_mntinfo *mi;
402 	struct aac_mntinforesp *mir = NULL;
403 	int count = 0, i = 0;
404 
405 	debug_called(1);
406 
407 	sc = (struct aac_softc *)arg;
408 
409 	/* disconnect ourselves from the intrhook chain */
410 	config_intrhook_disestablish(&sc->aac_ich);
411 
412 	mtx_lock(&sc->aac_io_lock);
413 	aac_alloc_sync_fib(sc, &fib);
414 	mi = (struct aac_mntinfo *)&fib->data[0];
415 
416 	/* loop over possible containers */
417 	do {
418 		/* request information on this container */
419 		bzero(mi, sizeof(struct aac_mntinfo));
420 		mi->Command = VM_NameServe;
421 		mi->MntType = FT_FILESYS;
422 		mi->MntCount = i;
423 		if (aac_sync_fib(sc, ContainerCommand, 0, fib,
424 				 sizeof(struct aac_mntinfo))) {
425 			printf("error probing container %d", i);
426 			continue;
427 		}
428 
429 		mir = (struct aac_mntinforesp *)&fib->data[0];
430 		/* XXX Need to check if count changed */
431 		count = mir->MntRespCount;
432 		aac_add_container(sc, mir, 0);
433 		i++;
434 	} while ((i < count) && (i < AAC_MAX_CONTAINERS));
435 
436 	aac_release_sync_fib(sc);
437 	mtx_unlock(&sc->aac_io_lock);
438 
439 	/* poke the bus to actually attach the child devices */
440 	if (bus_generic_attach(sc->aac_dev))
441 		device_printf(sc->aac_dev, "bus_generic_attach failed\n");
442 
443 	/* mark the controller up */
444 	sc->aac_state &= ~AAC_STATE_SUSPEND;
445 
446 	/* enable interrupts now */
447 	AAC_UNMASK_INTERRUPTS(sc);
448 }
449 
450 /*
451  * Create a device to respresent a new container
452  */
453 static void
454 aac_add_container(struct aac_softc *sc, struct aac_mntinforesp *mir, int f)
455 {
456 	struct aac_container *co;
457 	device_t child;
458 
459 	/*
460 	 * Check container volume type for validity.  Note that many of
461 	 * the possible types may never show up.
462 	 */
463 	if ((mir->Status == ST_OK) && (mir->MntTable[0].VolType != CT_NONE)) {
464 		co = (struct aac_container *)malloc(sizeof *co, M_AACBUF,
465 		       M_NOWAIT | M_ZERO);
466 		if (co == NULL)
467 			panic("Out of memory?!\n");
468 		debug(1, "id %x  name '%.16s'  size %u  type %d",
469 		      mir->MntTable[0].ObjectId,
470 		      mir->MntTable[0].FileSystemName,
471 		      mir->MntTable[0].Capacity, mir->MntTable[0].VolType);
472 
473 		if ((child = device_add_child(sc->aac_dev, "aacd", -1)) == NULL)
474 			device_printf(sc->aac_dev, "device_add_child failed\n");
475 		else
476 			device_set_ivars(child, co);
477 		device_set_desc(child, aac_describe_code(aac_container_types,
478 				mir->MntTable[0].VolType));
479 		co->co_disk = child;
480 		co->co_found = f;
481 		bcopy(&mir->MntTable[0], &co->co_mntobj,
482 		      sizeof(struct aac_mntobj));
483 		mtx_lock(&sc->aac_container_lock);
484 		TAILQ_INSERT_TAIL(&sc->aac_container_tqh, co, co_link);
485 		mtx_unlock(&sc->aac_container_lock);
486 	}
487 }
488 
489 /*
490  * Free all of the resources associated with (sc)
491  *
492  * Should not be called if the controller is active.
493  */
494 void
495 aac_free(struct aac_softc *sc)
496 {
497 
498 	debug_called(1);
499 
500 	/* remove the control device */
501 	if (sc->aac_dev_t != NULL)
502 		destroy_dev(sc->aac_dev_t);
503 
504 	/* throw away any FIB buffers, discard the FIB DMA tag */
505 	aac_free_commands(sc);
506 	if (sc->aac_fib_dmat)
507 		bus_dma_tag_destroy(sc->aac_fib_dmat);
508 
509 	free(sc->aac_commands, M_AACBUF);
510 
511 	/* destroy the common area */
512 	if (sc->aac_common) {
513 		bus_dmamap_unload(sc->aac_common_dmat, sc->aac_common_dmamap);
514 		bus_dmamem_free(sc->aac_common_dmat, sc->aac_common,
515 				sc->aac_common_dmamap);
516 	}
517 	if (sc->aac_common_dmat)
518 		bus_dma_tag_destroy(sc->aac_common_dmat);
519 
520 	/* disconnect the interrupt handler */
521 	if (sc->aac_intr)
522 		bus_teardown_intr(sc->aac_dev, sc->aac_irq, sc->aac_intr);
523 	if (sc->aac_irq != NULL)
524 		bus_release_resource(sc->aac_dev, SYS_RES_IRQ, sc->aac_irq_rid,
525 				     sc->aac_irq);
526 
527 	/* destroy data-transfer DMA tag */
528 	if (sc->aac_buffer_dmat)
529 		bus_dma_tag_destroy(sc->aac_buffer_dmat);
530 
531 	/* destroy the parent DMA tag */
532 	if (sc->aac_parent_dmat)
533 		bus_dma_tag_destroy(sc->aac_parent_dmat);
534 
535 	/* release the register window mapping */
536 	if (sc->aac_regs_resource != NULL)
537 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY,
538 				     sc->aac_regs_rid, sc->aac_regs_resource);
539 }
540 
541 /*
542  * Disconnect from the controller completely, in preparation for unload.
543  */
544 int
545 aac_detach(device_t dev)
546 {
547 	struct aac_softc *sc;
548 	struct aac_container *co;
549 	struct aac_sim	*sim;
550 	int error;
551 
552 	debug_called(1);
553 
554 	sc = device_get_softc(dev);
555 
556 	if (sc->aac_state & AAC_STATE_OPEN)
557 		return(EBUSY);
558 
559 	/* Remove the child containers */
560 	while ((co = TAILQ_FIRST(&sc->aac_container_tqh)) != NULL) {
561 		error = device_delete_child(dev, co->co_disk);
562 		if (error)
563 			return (error);
564 		TAILQ_REMOVE(&sc->aac_container_tqh, co, co_link);
565 		free(co, M_AACBUF);
566 	}
567 
568 	/* Remove the CAM SIMs */
569 	while ((sim = TAILQ_FIRST(&sc->aac_sim_tqh)) != NULL) {
570 		TAILQ_REMOVE(&sc->aac_sim_tqh, sim, sim_link);
571 		error = device_delete_child(dev, sim->sim_dev);
572 		if (error)
573 			return (error);
574 		free(sim, M_AACBUF);
575 	}
576 
577 	if (sc->aifflags & AAC_AIFFLAGS_RUNNING) {
578 		sc->aifflags |= AAC_AIFFLAGS_EXIT;
579 		wakeup(sc->aifthread);
580 		tsleep(sc->aac_dev, PUSER | PCATCH, "aacdch", 30 * hz);
581 	}
582 
583 	if (sc->aifflags & AAC_AIFFLAGS_RUNNING)
584 		panic("Cannot shutdown AIF thread\n");
585 
586 	if ((error = aac_shutdown(dev)))
587 		return(error);
588 
589 	EVENTHANDLER_DEREGISTER(shutdown_final, sc->eh);
590 
591 	aac_free(sc);
592 
593 	mtx_destroy(&sc->aac_aifq_lock);
594 	mtx_destroy(&sc->aac_io_lock);
595 	mtx_destroy(&sc->aac_container_lock);
596 
597 	return(0);
598 }
599 
600 /*
601  * Bring the controller down to a dormant state and detach all child devices.
602  *
603  * This function is called before detach or system shutdown.
604  *
605  * Note that we can assume that the bioq on the controller is empty, as we won't
606  * allow shutdown if any device is open.
607  */
608 int
609 aac_shutdown(device_t dev)
610 {
611 	struct aac_softc *sc;
612 	struct aac_fib *fib;
613 	struct aac_close_command *cc;
614 
615 	debug_called(1);
616 
617 	sc = device_get_softc(dev);
618 
619 	sc->aac_state |= AAC_STATE_SUSPEND;
620 
621 	/*
622 	 * Send a Container shutdown followed by a HostShutdown FIB to the
623 	 * controller to convince it that we don't want to talk to it anymore.
624 	 * We've been closed and all I/O completed already
625 	 */
626 	device_printf(sc->aac_dev, "shutting down controller...");
627 
628 	mtx_lock(&sc->aac_io_lock);
629 	aac_alloc_sync_fib(sc, &fib);
630 	cc = (struct aac_close_command *)&fib->data[0];
631 
632 	bzero(cc, sizeof(struct aac_close_command));
633 	cc->Command = VM_CloseAll;
634 	cc->ContainerId = 0xffffffff;
635 	if (aac_sync_fib(sc, ContainerCommand, 0, fib,
636 	    sizeof(struct aac_close_command)))
637 		printf("FAILED.\n");
638 	else
639 		printf("done\n");
640 #if 0
641 	else {
642 		fib->data[0] = 0;
643 		/*
644 		 * XXX Issuing this command to the controller makes it shut down
645 		 * but also keeps it from coming back up without a reset of the
646 		 * PCI bus.  This is not desirable if you are just unloading the
647 		 * driver module with the intent to reload it later.
648 		 */
649 		if (aac_sync_fib(sc, FsaHostShutdown, AAC_FIBSTATE_SHUTDOWN,
650 		    fib, 1)) {
651 			printf("FAILED.\n");
652 		} else {
653 			printf("done.\n");
654 		}
655 	}
656 #endif
657 
658 	AAC_MASK_INTERRUPTS(sc);
659 	aac_release_sync_fib(sc);
660 	mtx_unlock(&sc->aac_io_lock);
661 
662 	return(0);
663 }
664 
665 /*
666  * Bring the controller to a quiescent state, ready for system suspend.
667  */
668 int
669 aac_suspend(device_t dev)
670 {
671 	struct aac_softc *sc;
672 
673 	debug_called(1);
674 
675 	sc = device_get_softc(dev);
676 
677 	sc->aac_state |= AAC_STATE_SUSPEND;
678 
679 	AAC_MASK_INTERRUPTS(sc);
680 	return(0);
681 }
682 
683 /*
684  * Bring the controller back to a state ready for operation.
685  */
686 int
687 aac_resume(device_t dev)
688 {
689 	struct aac_softc *sc;
690 
691 	debug_called(1);
692 
693 	sc = device_get_softc(dev);
694 
695 	sc->aac_state &= ~AAC_STATE_SUSPEND;
696 	AAC_UNMASK_INTERRUPTS(sc);
697 	return(0);
698 }
699 
700 /*
701  * Interrupt handler for NEW_COMM interface.
702  */
703 void
704 aac_new_intr(void *arg)
705 {
706 	struct aac_softc *sc;
707 	u_int32_t index, fast;
708 	struct aac_command *cm;
709 	struct aac_fib *fib;
710 	int i;
711 
712 	debug_called(2);
713 
714 	sc = (struct aac_softc *)arg;
715 
716 	mtx_lock(&sc->aac_io_lock);
717 	while (1) {
718 		index = AAC_GET_OUTB_QUEUE(sc);
719 		if (index == 0xffffffff)
720 			index = AAC_GET_OUTB_QUEUE(sc);
721 		if (index == 0xffffffff)
722 			break;
723 		if (index & 2) {
724 			if (index == 0xfffffffe) {
725 				/* XXX This means that the controller wants
726 				 * more work.  Ignore it for now.
727 				 */
728 				continue;
729 			}
730 			/* AIF */
731 			fib = (struct aac_fib *)malloc(sizeof *fib, M_AACBUF,
732 				   M_NOWAIT | M_ZERO);
733 			if (fib == NULL) {
734 				/* If we're really this short on memory,
735 				 * hopefully breaking out of the handler will
736 				 * allow something to get freed.  This
737 				 * actually sucks a whole lot.
738 				 */
739 				break;
740 			}
741 			index &= ~2;
742 			for (i = 0; i < sizeof(struct aac_fib)/4; ++i)
743 				((u_int32_t *)fib)[i] = AAC_GETREG4(sc, index + i*4);
744 			aac_handle_aif(sc, fib);
745 			free(fib, M_AACBUF);
746 
747 			/*
748 			 * AIF memory is owned by the adapter, so let it
749 			 * know that we are done with it.
750 			 */
751 			AAC_SET_OUTB_QUEUE(sc, index);
752 			AAC_CLEAR_ISTATUS(sc, AAC_DB_RESPONSE_READY);
753 		} else {
754 			fast = index & 1;
755 			cm = sc->aac_commands + (index >> 2);
756 			fib = cm->cm_fib;
757 			if (fast) {
758 				fib->Header.XferState |= AAC_FIBSTATE_DONEADAP;
759 				*((u_int32_t *)(fib->data)) = AAC_ERROR_NORMAL;
760 			}
761 			aac_remove_busy(cm);
762  			aac_unmap_command(cm);
763 			cm->cm_flags |= AAC_CMD_COMPLETED;
764 
765 			/* is there a completion handler? */
766 			if (cm->cm_complete != NULL) {
767 				cm->cm_complete(cm);
768 			} else {
769 				/* assume that someone is sleeping on this
770 				 * command
771 				 */
772 				wakeup(cm);
773 			}
774 			sc->flags &= ~AAC_QUEUE_FRZN;
775 		}
776 	}
777 	/* see if we can start some more I/O */
778 	if ((sc->flags & AAC_QUEUE_FRZN) == 0)
779 		aac_startio(sc);
780 
781 	mtx_unlock(&sc->aac_io_lock);
782 }
783 
784 int
785 aac_fast_intr(void *arg)
786 {
787 	struct aac_softc *sc;
788 	u_int16_t reason;
789 
790 	debug_called(2);
791 
792 	sc = (struct aac_softc *)arg;
793 
794 	/*
795 	 * Read the status register directly.  This is faster than taking the
796 	 * driver lock and reading the queues directly.  It also saves having
797 	 * to turn parts of the driver lock into a spin mutex, which would be
798 	 * ugly.
799 	 */
800 	reason = AAC_GET_ISTATUS(sc);
801 	AAC_CLEAR_ISTATUS(sc, reason);
802 
803 	/* handle completion processing */
804 	if (reason & AAC_DB_RESPONSE_READY)
805 		taskqueue_enqueue_fast(taskqueue_fast, &sc->aac_task_complete);
806 
807 	/* controller wants to talk to us */
808 	if (reason & (AAC_DB_PRINTF | AAC_DB_COMMAND_READY)) {
809 		/*
810 		 * XXX Make sure that we don't get fooled by strange messages
811 		 * that start with a NULL.
812 		 */
813 		if ((reason & AAC_DB_PRINTF) &&
814 			(sc->aac_common->ac_printf[0] == 0))
815 			sc->aac_common->ac_printf[0] = 32;
816 
817 		/*
818 		 * This might miss doing the actual wakeup.  However, the
819 		 * msleep that this is waking up has a timeout, so it will
820 		 * wake up eventually.  AIFs and printfs are low enough
821 		 * priority that they can handle hanging out for a few seconds
822 		 * if needed.
823 		 */
824 		wakeup(sc->aifthread);
825 	}
826 	return (FILTER_HANDLED);
827 }
828 
829 /*
830  * Command Processing
831  */
832 
833 /*
834  * Start as much queued I/O as possible on the controller
835  */
836 void
837 aac_startio(struct aac_softc *sc)
838 {
839 	struct aac_command *cm;
840 	int error;
841 
842 	debug_called(2);
843 
844 	for (;;) {
845 		/*
846 		 * This flag might be set if the card is out of resources.
847 		 * Checking it here prevents an infinite loop of deferrals.
848 		 */
849 		if (sc->flags & AAC_QUEUE_FRZN)
850 			break;
851 
852 		/*
853 		 * Try to get a command that's been put off for lack of
854 		 * resources
855 		 */
856 		cm = aac_dequeue_ready(sc);
857 
858 		/*
859 		 * Try to build a command off the bio queue (ignore error
860 		 * return)
861 		 */
862 		if (cm == NULL)
863 			aac_bio_command(sc, &cm);
864 
865 		/* nothing to do? */
866 		if (cm == NULL)
867 			break;
868 
869 		/* don't map more than once */
870 		if (cm->cm_flags & AAC_CMD_MAPPED)
871 			panic("aac: command %p already mapped", cm);
872 
873 		/*
874 		 * Set up the command to go to the controller.  If there are no
875 		 * data buffers associated with the command then it can bypass
876 		 * busdma.
877 		 */
878 		if (cm->cm_datalen != 0) {
879 			error = bus_dmamap_load(sc->aac_buffer_dmat,
880 						cm->cm_datamap, cm->cm_data,
881 						cm->cm_datalen,
882 						aac_map_command_sg, cm, 0);
883 			if (error == EINPROGRESS) {
884 				debug(1, "freezing queue\n");
885 				sc->flags |= AAC_QUEUE_FRZN;
886 				error = 0;
887 			} else if (error != 0)
888 				panic("aac_startio: unexpected error %d from "
889 				      "busdma\n", error);
890 		} else
891 			aac_map_command_sg(cm, NULL, 0, 0);
892 	}
893 }
894 
895 /*
896  * Handle notification of one or more FIBs coming from the controller.
897  */
898 static void
899 aac_command_thread(struct aac_softc *sc)
900 {
901 	struct aac_fib *fib;
902 	u_int32_t fib_size;
903 	int size, retval;
904 
905 	debug_called(2);
906 
907 	mtx_lock(&sc->aac_io_lock);
908 	sc->aifflags = AAC_AIFFLAGS_RUNNING;
909 
910 	while ((sc->aifflags & AAC_AIFFLAGS_EXIT) == 0) {
911 
912 		retval = 0;
913 		if ((sc->aifflags & AAC_AIFFLAGS_PENDING) == 0)
914 			retval = msleep(sc->aifthread, &sc->aac_io_lock, PRIBIO,
915 					"aifthd", AAC_PERIODIC_INTERVAL * hz);
916 
917 		/*
918 		 * First see if any FIBs need to be allocated.  This needs
919 		 * to be called without the driver lock because contigmalloc
920 		 * will grab Giant, and would result in an LOR.
921 		 */
922 		if ((sc->aifflags & AAC_AIFFLAGS_ALLOCFIBS) != 0) {
923 			mtx_unlock(&sc->aac_io_lock);
924 			aac_alloc_commands(sc);
925 			mtx_lock(&sc->aac_io_lock);
926 			sc->aifflags &= ~AAC_AIFFLAGS_ALLOCFIBS;
927 			aac_startio(sc);
928 		}
929 
930 		/*
931 		 * While we're here, check to see if any commands are stuck.
932 		 * This is pretty low-priority, so it's ok if it doesn't
933 		 * always fire.
934 		 */
935 		if (retval == EWOULDBLOCK)
936 			aac_timeout(sc);
937 
938 		/* Check the hardware printf message buffer */
939 		if (sc->aac_common->ac_printf[0] != 0)
940 			aac_print_printf(sc);
941 
942 		/* Also check to see if the adapter has a command for us. */
943 		if (sc->flags & AAC_FLAGS_NEW_COMM)
944 			continue;
945 		for (;;) {
946 			if (aac_dequeue_fib(sc, AAC_HOST_NORM_CMD_QUEUE,
947 					   &fib_size, &fib))
948 				break;
949 
950 			AAC_PRINT_FIB(sc, fib);
951 
952 			switch (fib->Header.Command) {
953 			case AifRequest:
954 				aac_handle_aif(sc, fib);
955 				break;
956 			default:
957 				device_printf(sc->aac_dev, "unknown command "
958 					      "from controller\n");
959 				break;
960 			}
961 
962 			if ((fib->Header.XferState == 0) ||
963 			    (fib->Header.StructType != AAC_FIBTYPE_TFIB)) {
964 				break;
965 			}
966 
967 			/* Return the AIF to the controller. */
968 			if (fib->Header.XferState & AAC_FIBSTATE_FROMADAP) {
969 				fib->Header.XferState |= AAC_FIBSTATE_DONEHOST;
970 				*(AAC_FSAStatus*)fib->data = ST_OK;
971 
972 				/* XXX Compute the Size field? */
973 				size = fib->Header.Size;
974 				if (size > sizeof(struct aac_fib)) {
975 					size = sizeof(struct aac_fib);
976 					fib->Header.Size = size;
977 				}
978 				/*
979 				 * Since we did not generate this command, it
980 				 * cannot go through the normal
981 				 * enqueue->startio chain.
982 				 */
983 				aac_enqueue_response(sc,
984 						 AAC_ADAP_NORM_RESP_QUEUE,
985 						 fib);
986 			}
987 		}
988 	}
989 	sc->aifflags &= ~AAC_AIFFLAGS_RUNNING;
990 	mtx_unlock(&sc->aac_io_lock);
991 	wakeup(sc->aac_dev);
992 
993 	kthread_exit(0);
994 }
995 
996 /*
997  * Process completed commands.
998  */
999 static void
1000 aac_complete(void *context, int pending)
1001 {
1002 	struct aac_softc *sc;
1003 	struct aac_command *cm;
1004 	struct aac_fib *fib;
1005 	u_int32_t fib_size;
1006 
1007 	debug_called(2);
1008 
1009 	sc = (struct aac_softc *)context;
1010 
1011 	mtx_lock(&sc->aac_io_lock);
1012 
1013 	/* pull completed commands off the queue */
1014 	for (;;) {
1015 		/* look for completed FIBs on our queue */
1016 		if (aac_dequeue_fib(sc, AAC_HOST_NORM_RESP_QUEUE, &fib_size,
1017 							&fib))
1018 			break;	/* nothing to do */
1019 
1020 		/* get the command, unmap and hand off for processing */
1021 		cm = sc->aac_commands + fib->Header.SenderData;
1022 		if (cm == NULL) {
1023 			AAC_PRINT_FIB(sc, fib);
1024 			break;
1025 		}
1026 		aac_remove_busy(cm);
1027 
1028  		aac_unmap_command(cm);
1029 		cm->cm_flags |= AAC_CMD_COMPLETED;
1030 
1031 		/* is there a completion handler? */
1032 		if (cm->cm_complete != NULL) {
1033 			cm->cm_complete(cm);
1034 		} else {
1035 			/* assume that someone is sleeping on this command */
1036 			wakeup(cm);
1037 		}
1038 	}
1039 
1040 	/* see if we can start some more I/O */
1041 	sc->flags &= ~AAC_QUEUE_FRZN;
1042 	aac_startio(sc);
1043 
1044 	mtx_unlock(&sc->aac_io_lock);
1045 }
1046 
1047 /*
1048  * Handle a bio submitted from a disk device.
1049  */
1050 void
1051 aac_submit_bio(struct bio *bp)
1052 {
1053 	struct aac_disk *ad;
1054 	struct aac_softc *sc;
1055 
1056 	debug_called(2);
1057 
1058 	ad = (struct aac_disk *)bp->bio_disk->d_drv1;
1059 	sc = ad->ad_controller;
1060 
1061 	/* queue the BIO and try to get some work done */
1062 	aac_enqueue_bio(sc, bp);
1063 	aac_startio(sc);
1064 }
1065 
1066 /*
1067  * Get a bio and build a command to go with it.
1068  */
1069 static int
1070 aac_bio_command(struct aac_softc *sc, struct aac_command **cmp)
1071 {
1072 	struct aac_command *cm;
1073 	struct aac_fib *fib;
1074 	struct aac_disk *ad;
1075 	struct bio *bp;
1076 
1077 	debug_called(2);
1078 
1079 	/* get the resources we will need */
1080 	cm = NULL;
1081 	bp = NULL;
1082 	if (aac_alloc_command(sc, &cm))	/* get a command */
1083 		goto fail;
1084 	if ((bp = aac_dequeue_bio(sc)) == NULL)
1085 		goto fail;
1086 
1087 	/* fill out the command */
1088 	cm->cm_data = (void *)bp->bio_data;
1089 	cm->cm_datalen = bp->bio_bcount;
1090 	cm->cm_complete = aac_bio_complete;
1091 	cm->cm_private = bp;
1092 	cm->cm_timestamp = time_uptime;
1093 	cm->cm_queue = AAC_ADAP_NORM_CMD_QUEUE;
1094 
1095 	/* build the FIB */
1096 	fib = cm->cm_fib;
1097 	fib->Header.Size = sizeof(struct aac_fib_header);
1098 	fib->Header.XferState =
1099 		AAC_FIBSTATE_HOSTOWNED   |
1100 		AAC_FIBSTATE_INITIALISED |
1101 		AAC_FIBSTATE_EMPTY	 |
1102 		AAC_FIBSTATE_FROMHOST	 |
1103 		AAC_FIBSTATE_REXPECTED   |
1104 		AAC_FIBSTATE_NORM	 |
1105 		AAC_FIBSTATE_ASYNC	 |
1106 		AAC_FIBSTATE_FAST_RESPONSE;
1107 
1108 	/* build the read/write request */
1109 	ad = (struct aac_disk *)bp->bio_disk->d_drv1;
1110 
1111 	if (sc->flags & AAC_FLAGS_RAW_IO) {
1112 		struct aac_raw_io *raw;
1113 		raw = (struct aac_raw_io *)&fib->data[0];
1114 		fib->Header.Command = RawIo;
1115 		raw->BlockNumber = (u_int64_t)bp->bio_pblkno;
1116 		raw->ByteCount = bp->bio_bcount;
1117 		raw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1118 		raw->BpTotal = 0;
1119 		raw->BpComplete = 0;
1120 		fib->Header.Size += sizeof(struct aac_raw_io);
1121 		cm->cm_sgtable = (struct aac_sg_table *)&raw->SgMapRaw;
1122 		if (bp->bio_cmd == BIO_READ) {
1123 			raw->Flags = 1;
1124 			cm->cm_flags |= AAC_CMD_DATAIN;
1125 		} else {
1126 			raw->Flags = 0;
1127 			cm->cm_flags |= AAC_CMD_DATAOUT;
1128 		}
1129 	} else if ((sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
1130 		fib->Header.Command = ContainerCommand;
1131 		if (bp->bio_cmd == BIO_READ) {
1132 			struct aac_blockread *br;
1133 			br = (struct aac_blockread *)&fib->data[0];
1134 			br->Command = VM_CtBlockRead;
1135 			br->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1136 			br->BlockNumber = bp->bio_pblkno;
1137 			br->ByteCount = bp->bio_bcount;
1138 			fib->Header.Size += sizeof(struct aac_blockread);
1139 			cm->cm_sgtable = &br->SgMap;
1140 			cm->cm_flags |= AAC_CMD_DATAIN;
1141 		} else {
1142 			struct aac_blockwrite *bw;
1143 			bw = (struct aac_blockwrite *)&fib->data[0];
1144 			bw->Command = VM_CtBlockWrite;
1145 			bw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1146 			bw->BlockNumber = bp->bio_pblkno;
1147 			bw->ByteCount = bp->bio_bcount;
1148 			bw->Stable = CUNSTABLE;
1149 			fib->Header.Size += sizeof(struct aac_blockwrite);
1150 			cm->cm_flags |= AAC_CMD_DATAOUT;
1151 			cm->cm_sgtable = &bw->SgMap;
1152 		}
1153 	} else {
1154 		fib->Header.Command = ContainerCommand64;
1155 		if (bp->bio_cmd == BIO_READ) {
1156 			struct aac_blockread64 *br;
1157 			br = (struct aac_blockread64 *)&fib->data[0];
1158 			br->Command = VM_CtHostRead64;
1159 			br->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1160 			br->SectorCount = bp->bio_bcount / AAC_BLOCK_SIZE;
1161 			br->BlockNumber = bp->bio_pblkno;
1162 			br->Pad = 0;
1163 			br->Flags = 0;
1164 			fib->Header.Size += sizeof(struct aac_blockread64);
1165 			cm->cm_flags |= AAC_CMD_DATAOUT;
1166 			cm->cm_sgtable = (struct aac_sg_table *)&br->SgMap64;
1167 		} else {
1168 			struct aac_blockwrite64 *bw;
1169 			bw = (struct aac_blockwrite64 *)&fib->data[0];
1170 			bw->Command = VM_CtHostWrite64;
1171 			bw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1172 			bw->SectorCount = bp->bio_bcount / AAC_BLOCK_SIZE;
1173 			bw->BlockNumber = bp->bio_pblkno;
1174 			bw->Pad = 0;
1175 			bw->Flags = 0;
1176 			fib->Header.Size += sizeof(struct aac_blockwrite64);
1177 			cm->cm_flags |= AAC_CMD_DATAIN;
1178 			cm->cm_sgtable = (struct aac_sg_table *)&bw->SgMap64;
1179 		}
1180 	}
1181 
1182 	*cmp = cm;
1183 	return(0);
1184 
1185 fail:
1186 	if (bp != NULL)
1187 		aac_enqueue_bio(sc, bp);
1188 	if (cm != NULL)
1189 		aac_release_command(cm);
1190 	return(ENOMEM);
1191 }
1192 
1193 /*
1194  * Handle a bio-instigated command that has been completed.
1195  */
1196 static void
1197 aac_bio_complete(struct aac_command *cm)
1198 {
1199 	struct aac_blockread_response *brr;
1200 	struct aac_blockwrite_response *bwr;
1201 	struct bio *bp;
1202 	AAC_FSAStatus status;
1203 
1204 	/* fetch relevant status and then release the command */
1205 	bp = (struct bio *)cm->cm_private;
1206 	if (bp->bio_cmd == BIO_READ) {
1207 		brr = (struct aac_blockread_response *)&cm->cm_fib->data[0];
1208 		status = brr->Status;
1209 	} else {
1210 		bwr = (struct aac_blockwrite_response *)&cm->cm_fib->data[0];
1211 		status = bwr->Status;
1212 	}
1213 	aac_release_command(cm);
1214 
1215 	/* fix up the bio based on status */
1216 	if (status == ST_OK) {
1217 		bp->bio_resid = 0;
1218 	} else {
1219 		bp->bio_error = EIO;
1220 		bp->bio_flags |= BIO_ERROR;
1221 		/* pass an error string out to the disk layer */
1222 		bp->bio_driver1 = aac_describe_code(aac_command_status_table,
1223 						    status);
1224 	}
1225 	aac_biodone(bp);
1226 }
1227 
1228 /*
1229  * Submit a command to the controller, return when it completes.
1230  * XXX This is very dangerous!  If the card has gone out to lunch, we could
1231  *     be stuck here forever.  At the same time, signals are not caught
1232  *     because there is a risk that a signal could wakeup the sleep before
1233  *     the card has a chance to complete the command.  Since there is no way
1234  *     to cancel a command that is in progress, we can't protect against the
1235  *     card completing a command late and spamming the command and data
1236  *     memory.  So, we are held hostage until the command completes.
1237  */
1238 static int
1239 aac_wait_command(struct aac_command *cm)
1240 {
1241 	struct aac_softc *sc;
1242 	int error;
1243 
1244 	debug_called(2);
1245 
1246 	sc = cm->cm_sc;
1247 
1248 	/* Put the command on the ready queue and get things going */
1249 	cm->cm_queue = AAC_ADAP_NORM_CMD_QUEUE;
1250 	aac_enqueue_ready(cm);
1251 	aac_startio(sc);
1252 	error = msleep(cm, &sc->aac_io_lock, PRIBIO, "aacwait", 0);
1253 	return(error);
1254 }
1255 
1256 /*
1257  *Command Buffer Management
1258  */
1259 
1260 /*
1261  * Allocate a command.
1262  */
1263 int
1264 aac_alloc_command(struct aac_softc *sc, struct aac_command **cmp)
1265 {
1266 	struct aac_command *cm;
1267 
1268 	debug_called(3);
1269 
1270 	if ((cm = aac_dequeue_free(sc)) == NULL) {
1271 		if (sc->total_fibs < sc->aac_max_fibs) {
1272 			sc->aifflags |= AAC_AIFFLAGS_ALLOCFIBS;
1273 			wakeup(sc->aifthread);
1274 		}
1275 		return (EBUSY);
1276 	}
1277 
1278 	*cmp = cm;
1279 	return(0);
1280 }
1281 
1282 /*
1283  * Release a command back to the freelist.
1284  */
1285 void
1286 aac_release_command(struct aac_command *cm)
1287 {
1288 	struct aac_event *event;
1289 	struct aac_softc *sc;
1290 
1291 	debug_called(3);
1292 
1293 	/* (re)initialise the command/FIB */
1294 	cm->cm_sgtable = NULL;
1295 	cm->cm_flags = 0;
1296 	cm->cm_complete = NULL;
1297 	cm->cm_private = NULL;
1298 	cm->cm_fib->Header.XferState = AAC_FIBSTATE_EMPTY;
1299 	cm->cm_fib->Header.StructType = AAC_FIBTYPE_TFIB;
1300 	cm->cm_fib->Header.Flags = 0;
1301 	cm->cm_fib->Header.SenderSize = cm->cm_sc->aac_max_fib_size;
1302 
1303 	/*
1304 	 * These are duplicated in aac_start to cover the case where an
1305 	 * intermediate stage may have destroyed them.  They're left
1306 	 * initialised here for debugging purposes only.
1307 	 */
1308 	cm->cm_fib->Header.ReceiverFibAddress = (u_int32_t)cm->cm_fibphys;
1309 	cm->cm_fib->Header.SenderData = 0;
1310 
1311 	aac_enqueue_free(cm);
1312 
1313 	sc = cm->cm_sc;
1314 	event = TAILQ_FIRST(&sc->aac_ev_cmfree);
1315 	if (event != NULL) {
1316 		TAILQ_REMOVE(&sc->aac_ev_cmfree, event, ev_links);
1317 		event->ev_callback(sc, event, event->ev_arg);
1318 	}
1319 }
1320 
1321 /*
1322  * Map helper for command/FIB allocation.
1323  */
1324 static void
1325 aac_map_command_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1326 {
1327 	uint64_t	*fibphys;
1328 
1329 	fibphys = (uint64_t *)arg;
1330 
1331 	debug_called(3);
1332 
1333 	*fibphys = segs[0].ds_addr;
1334 }
1335 
1336 /*
1337  * Allocate and initialise commands/FIBs for this adapter.
1338  */
1339 static int
1340 aac_alloc_commands(struct aac_softc *sc)
1341 {
1342 	struct aac_command *cm;
1343 	struct aac_fibmap *fm;
1344 	uint64_t fibphys;
1345 	int i, error;
1346 
1347 	debug_called(2);
1348 
1349 	if (sc->total_fibs + sc->aac_max_fibs_alloc > sc->aac_max_fibs)
1350 		return (ENOMEM);
1351 
1352 	fm = malloc(sizeof(struct aac_fibmap), M_AACBUF, M_NOWAIT|M_ZERO);
1353 	if (fm == NULL)
1354 		return (ENOMEM);
1355 
1356 	/* allocate the FIBs in DMAable memory and load them */
1357 	if (bus_dmamem_alloc(sc->aac_fib_dmat, (void **)&fm->aac_fibs,
1358 			     BUS_DMA_NOWAIT, &fm->aac_fibmap)) {
1359 		device_printf(sc->aac_dev,
1360 			      "Not enough contiguous memory available.\n");
1361 		free(fm, M_AACBUF);
1362 		return (ENOMEM);
1363 	}
1364 
1365 	/* Ignore errors since this doesn't bounce */
1366 	(void)bus_dmamap_load(sc->aac_fib_dmat, fm->aac_fibmap, fm->aac_fibs,
1367 			      sc->aac_max_fibs_alloc * sc->aac_max_fib_size,
1368 			      aac_map_command_helper, &fibphys, 0);
1369 
1370 	/* initialise constant fields in the command structure */
1371 	bzero(fm->aac_fibs, sc->aac_max_fibs_alloc * sc->aac_max_fib_size);
1372 	for (i = 0; i < sc->aac_max_fibs_alloc; i++) {
1373 		cm = sc->aac_commands + sc->total_fibs;
1374 		fm->aac_commands = cm;
1375 		cm->cm_sc = sc;
1376 		cm->cm_fib = (struct aac_fib *)
1377 			((u_int8_t *)fm->aac_fibs + i*sc->aac_max_fib_size);
1378 		cm->cm_fibphys = fibphys + i*sc->aac_max_fib_size;
1379 		cm->cm_index = sc->total_fibs;
1380 
1381 		if ((error = bus_dmamap_create(sc->aac_buffer_dmat, 0,
1382 					       &cm->cm_datamap)) != 0)
1383 			break;
1384 		mtx_lock(&sc->aac_io_lock);
1385 		aac_release_command(cm);
1386 		sc->total_fibs++;
1387 		mtx_unlock(&sc->aac_io_lock);
1388 	}
1389 
1390 	if (i > 0) {
1391 		mtx_lock(&sc->aac_io_lock);
1392 		TAILQ_INSERT_TAIL(&sc->aac_fibmap_tqh, fm, fm_link);
1393 		debug(1, "total_fibs= %d\n", sc->total_fibs);
1394 		mtx_unlock(&sc->aac_io_lock);
1395 		return (0);
1396 	}
1397 
1398 	bus_dmamap_unload(sc->aac_fib_dmat, fm->aac_fibmap);
1399 	bus_dmamem_free(sc->aac_fib_dmat, fm->aac_fibs, fm->aac_fibmap);
1400 	free(fm, M_AACBUF);
1401 	return (ENOMEM);
1402 }
1403 
1404 /*
1405  * Free FIBs owned by this adapter.
1406  */
1407 static void
1408 aac_free_commands(struct aac_softc *sc)
1409 {
1410 	struct aac_fibmap *fm;
1411 	struct aac_command *cm;
1412 	int i;
1413 
1414 	debug_called(1);
1415 
1416 	while ((fm = TAILQ_FIRST(&sc->aac_fibmap_tqh)) != NULL) {
1417 
1418 		TAILQ_REMOVE(&sc->aac_fibmap_tqh, fm, fm_link);
1419 		/*
1420 		 * We check against total_fibs to handle partially
1421 		 * allocated blocks.
1422 		 */
1423 		for (i = 0; i < sc->aac_max_fibs_alloc && sc->total_fibs--; i++) {
1424 			cm = fm->aac_commands + i;
1425 			bus_dmamap_destroy(sc->aac_buffer_dmat, cm->cm_datamap);
1426 		}
1427 		bus_dmamap_unload(sc->aac_fib_dmat, fm->aac_fibmap);
1428 		bus_dmamem_free(sc->aac_fib_dmat, fm->aac_fibs, fm->aac_fibmap);
1429 		free(fm, M_AACBUF);
1430 	}
1431 }
1432 
1433 /*
1434  * Command-mapping helper function - populate this command's s/g table.
1435  */
1436 static void
1437 aac_map_command_sg(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1438 {
1439 	struct aac_softc *sc;
1440 	struct aac_command *cm;
1441 	struct aac_fib *fib;
1442 	int i;
1443 
1444 	debug_called(3);
1445 
1446 	cm = (struct aac_command *)arg;
1447 	sc = cm->cm_sc;
1448 	fib = cm->cm_fib;
1449 
1450 	/* copy into the FIB */
1451 	if (cm->cm_sgtable != NULL) {
1452 		if (fib->Header.Command == RawIo) {
1453 			struct aac_sg_tableraw *sg;
1454 			sg = (struct aac_sg_tableraw *)cm->cm_sgtable;
1455 			sg->SgCount = nseg;
1456 			for (i = 0; i < nseg; i++) {
1457 				sg->SgEntryRaw[i].SgAddress = segs[i].ds_addr;
1458 				sg->SgEntryRaw[i].SgByteCount = segs[i].ds_len;
1459 				sg->SgEntryRaw[i].Next = 0;
1460 				sg->SgEntryRaw[i].Prev = 0;
1461 				sg->SgEntryRaw[i].Flags = 0;
1462 			}
1463 			/* update the FIB size for the s/g count */
1464 			fib->Header.Size += nseg*sizeof(struct aac_sg_entryraw);
1465 		} else if ((cm->cm_sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
1466 			struct aac_sg_table *sg;
1467 			sg = cm->cm_sgtable;
1468 			sg->SgCount = nseg;
1469 			for (i = 0; i < nseg; i++) {
1470 				sg->SgEntry[i].SgAddress = segs[i].ds_addr;
1471 				sg->SgEntry[i].SgByteCount = segs[i].ds_len;
1472 			}
1473 			/* update the FIB size for the s/g count */
1474 			fib->Header.Size += nseg*sizeof(struct aac_sg_entry);
1475 		} else {
1476 			struct aac_sg_table64 *sg;
1477 			sg = (struct aac_sg_table64 *)cm->cm_sgtable;
1478 			sg->SgCount = nseg;
1479 			for (i = 0; i < nseg; i++) {
1480 				sg->SgEntry64[i].SgAddress = segs[i].ds_addr;
1481 				sg->SgEntry64[i].SgByteCount = segs[i].ds_len;
1482 			}
1483 			/* update the FIB size for the s/g count */
1484 			fib->Header.Size += nseg*sizeof(struct aac_sg_entry64);
1485 		}
1486 	}
1487 
1488 	/* Fix up the address values in the FIB.  Use the command array index
1489 	 * instead of a pointer since these fields are only 32 bits.  Shift
1490 	 * the SenderFibAddress over to make room for the fast response bit
1491 	 * and for the AIF bit
1492 	 */
1493 	cm->cm_fib->Header.SenderFibAddress = (cm->cm_index << 2);
1494 	cm->cm_fib->Header.ReceiverFibAddress = (u_int32_t)cm->cm_fibphys;
1495 
1496 	/* save a pointer to the command for speedy reverse-lookup */
1497 	cm->cm_fib->Header.SenderData = cm->cm_index;
1498 
1499 	if (cm->cm_flags & AAC_CMD_DATAIN)
1500 		bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1501 				BUS_DMASYNC_PREREAD);
1502 	if (cm->cm_flags & AAC_CMD_DATAOUT)
1503 		bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1504 				BUS_DMASYNC_PREWRITE);
1505 	cm->cm_flags |= AAC_CMD_MAPPED;
1506 
1507 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
1508 		int count = 10000000L;
1509 		while (AAC_SEND_COMMAND(sc, cm) != 0) {
1510 			if (--count == 0) {
1511 				aac_unmap_command(cm);
1512 				sc->flags |= AAC_QUEUE_FRZN;
1513 				aac_requeue_ready(cm);
1514 			}
1515 			DELAY(5);			/* wait 5 usec. */
1516 		}
1517 	} else {
1518 		/* Put the FIB on the outbound queue */
1519 		if (aac_enqueue_fib(sc, cm->cm_queue, cm) == EBUSY) {
1520 			aac_unmap_command(cm);
1521 			sc->flags |= AAC_QUEUE_FRZN;
1522 			aac_requeue_ready(cm);
1523 		}
1524 	}
1525 
1526 	return;
1527 }
1528 
1529 /*
1530  * Unmap a command from controller-visible space.
1531  */
1532 static void
1533 aac_unmap_command(struct aac_command *cm)
1534 {
1535 	struct aac_softc *sc;
1536 
1537 	debug_called(2);
1538 
1539 	sc = cm->cm_sc;
1540 
1541 	if (!(cm->cm_flags & AAC_CMD_MAPPED))
1542 		return;
1543 
1544 	if (cm->cm_datalen != 0) {
1545 		if (cm->cm_flags & AAC_CMD_DATAIN)
1546 			bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1547 					BUS_DMASYNC_POSTREAD);
1548 		if (cm->cm_flags & AAC_CMD_DATAOUT)
1549 			bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1550 					BUS_DMASYNC_POSTWRITE);
1551 
1552 		bus_dmamap_unload(sc->aac_buffer_dmat, cm->cm_datamap);
1553 	}
1554 	cm->cm_flags &= ~AAC_CMD_MAPPED;
1555 }
1556 
1557 /*
1558  * Hardware Interface
1559  */
1560 
1561 /*
1562  * Initialise the adapter.
1563  */
1564 static void
1565 aac_common_map(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1566 {
1567 	struct aac_softc *sc;
1568 
1569 	debug_called(1);
1570 
1571 	sc = (struct aac_softc *)arg;
1572 
1573 	sc->aac_common_busaddr = segs[0].ds_addr;
1574 }
1575 
1576 static int
1577 aac_check_firmware(struct aac_softc *sc)
1578 {
1579 	u_int32_t major, minor, options = 0, atu_size = 0;
1580 	int status;
1581 
1582 	debug_called(1);
1583 
1584 	/*
1585 	 * Retrieve the firmware version numbers.  Dell PERC2/QC cards with
1586 	 * firmware version 1.x are not compatible with this driver.
1587 	 */
1588 	if (sc->flags & AAC_FLAGS_PERC2QC) {
1589 		if (aac_sync_command(sc, AAC_MONKER_GETKERNVER, 0, 0, 0, 0,
1590 				     NULL)) {
1591 			device_printf(sc->aac_dev,
1592 				      "Error reading firmware version\n");
1593 			return (EIO);
1594 		}
1595 
1596 		/* These numbers are stored as ASCII! */
1597 		major = (AAC_GET_MAILBOX(sc, 1) & 0xff) - 0x30;
1598 		minor = (AAC_GET_MAILBOX(sc, 2) & 0xff) - 0x30;
1599 		if (major == 1) {
1600 			device_printf(sc->aac_dev,
1601 			    "Firmware version %d.%d is not supported.\n",
1602 			    major, minor);
1603 			return (EINVAL);
1604 		}
1605 	}
1606 
1607 	/*
1608 	 * Retrieve the capabilities/supported options word so we know what
1609 	 * work-arounds to enable.  Some firmware revs don't support this
1610 	 * command.
1611 	 */
1612 	if (aac_sync_command(sc, AAC_MONKER_GETINFO, 0, 0, 0, 0, &status)) {
1613 		if (status != AAC_SRB_STS_INVALID_REQUEST) {
1614 			device_printf(sc->aac_dev,
1615 			     "RequestAdapterInfo failed\n");
1616 			return (EIO);
1617 		}
1618 	} else {
1619 		options = AAC_GET_MAILBOX(sc, 1);
1620 		atu_size = AAC_GET_MAILBOX(sc, 2);
1621 		sc->supported_options = options;
1622 
1623 		if ((options & AAC_SUPPORTED_4GB_WINDOW) != 0 &&
1624 		    (sc->flags & AAC_FLAGS_NO4GB) == 0)
1625 			sc->flags |= AAC_FLAGS_4GB_WINDOW;
1626 		if (options & AAC_SUPPORTED_NONDASD)
1627 			sc->flags |= AAC_FLAGS_ENABLE_CAM;
1628 		if ((options & AAC_SUPPORTED_SGMAP_HOST64) != 0
1629 		     && (sizeof(bus_addr_t) > 4)) {
1630 			device_printf(sc->aac_dev,
1631 			    "Enabling 64-bit address support\n");
1632 			sc->flags |= AAC_FLAGS_SG_64BIT;
1633 		}
1634 		if ((options & AAC_SUPPORTED_NEW_COMM)
1635 		 && sc->aac_if.aif_send_command)
1636 			sc->flags |= AAC_FLAGS_NEW_COMM;
1637 		if (options & AAC_SUPPORTED_64BIT_ARRAYSIZE)
1638 			sc->flags |= AAC_FLAGS_ARRAY_64BIT;
1639 	}
1640 
1641 	/* Check for broken hardware that does a lower number of commands */
1642 	sc->aac_max_fibs = (sc->flags & AAC_FLAGS_256FIBS ? 256:512);
1643 
1644 	/* Remap mem. resource, if required */
1645 	if ((sc->flags & AAC_FLAGS_NEW_COMM) &&
1646 		atu_size > rman_get_size(sc->aac_regs_resource)) {
1647 		bus_release_resource(
1648 			sc->aac_dev, SYS_RES_MEMORY,
1649 			sc->aac_regs_rid, sc->aac_regs_resource);
1650 		sc->aac_regs_resource = bus_alloc_resource(
1651 			sc->aac_dev, SYS_RES_MEMORY, &sc->aac_regs_rid,
1652 			0ul, ~0ul, atu_size, RF_ACTIVE);
1653 		if (sc->aac_regs_resource == NULL) {
1654 			sc->aac_regs_resource = bus_alloc_resource_any(
1655 				sc->aac_dev, SYS_RES_MEMORY,
1656 				&sc->aac_regs_rid, RF_ACTIVE);
1657 			if (sc->aac_regs_resource == NULL) {
1658 				device_printf(sc->aac_dev,
1659 				    "couldn't allocate register window\n");
1660 				return (ENXIO);
1661 			}
1662 			sc->flags &= ~AAC_FLAGS_NEW_COMM;
1663 		}
1664 		sc->aac_btag = rman_get_bustag(sc->aac_regs_resource);
1665 		sc->aac_bhandle = rman_get_bushandle(sc->aac_regs_resource);
1666 	}
1667 
1668 	/* Read preferred settings */
1669 	sc->aac_max_fib_size = sizeof(struct aac_fib);
1670 	sc->aac_max_sectors = 128;				/* 64KB */
1671 	if (sc->flags & AAC_FLAGS_SG_64BIT)
1672 		sc->aac_sg_tablesize = (AAC_FIB_DATASIZE
1673 		 - sizeof(struct aac_blockwrite64)
1674 		 + sizeof(struct aac_sg_table64))
1675 		 / sizeof(struct aac_sg_table64);
1676 	else
1677 		sc->aac_sg_tablesize = (AAC_FIB_DATASIZE
1678 		 - sizeof(struct aac_blockwrite)
1679 		 + sizeof(struct aac_sg_table))
1680 		 / sizeof(struct aac_sg_table);
1681 
1682 	if (!aac_sync_command(sc, AAC_MONKER_GETCOMMPREF, 0, 0, 0, 0, NULL)) {
1683 		options = AAC_GET_MAILBOX(sc, 1);
1684 		sc->aac_max_fib_size = (options & 0xFFFF);
1685 		sc->aac_max_sectors = (options >> 16) << 1;
1686 		options = AAC_GET_MAILBOX(sc, 2);
1687 		sc->aac_sg_tablesize = (options >> 16);
1688 		options = AAC_GET_MAILBOX(sc, 3);
1689 		sc->aac_max_fibs = (options & 0xFFFF);
1690 	}
1691 	if (sc->aac_max_fib_size > PAGE_SIZE)
1692 		sc->aac_max_fib_size = PAGE_SIZE;
1693 	sc->aac_max_fibs_alloc = PAGE_SIZE / sc->aac_max_fib_size;
1694 
1695 	return (0);
1696 }
1697 
1698 static int
1699 aac_init(struct aac_softc *sc)
1700 {
1701 	struct aac_adapter_init	*ip;
1702 	time_t then;
1703 	u_int32_t code, qoffset;
1704 	int error;
1705 
1706 	debug_called(1);
1707 
1708 	/*
1709 	 * First wait for the adapter to come ready.
1710 	 */
1711 	then = time_uptime;
1712 	do {
1713 		code = AAC_GET_FWSTATUS(sc);
1714 		if (code & AAC_SELF_TEST_FAILED) {
1715 			device_printf(sc->aac_dev, "FATAL: selftest failed\n");
1716 			return(ENXIO);
1717 		}
1718 		if (code & AAC_KERNEL_PANIC) {
1719 			device_printf(sc->aac_dev,
1720 				      "FATAL: controller kernel panic\n");
1721 			return(ENXIO);
1722 		}
1723 		if (time_uptime > (then + AAC_BOOT_TIMEOUT)) {
1724 			device_printf(sc->aac_dev,
1725 				      "FATAL: controller not coming ready, "
1726 					   "status %x\n", code);
1727 			return(ENXIO);
1728 		}
1729 	} while (!(code & AAC_UP_AND_RUNNING));
1730 
1731 	error = ENOMEM;
1732 	/*
1733 	 * Create DMA tag for mapping buffers into controller-addressable space.
1734 	 */
1735 	if (bus_dma_tag_create(sc->aac_parent_dmat, 	/* parent */
1736 			       1, 0, 			/* algnmnt, boundary */
1737 			       (sc->flags & AAC_FLAGS_SG_64BIT) ?
1738 			       BUS_SPACE_MAXADDR :
1739 			       BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
1740 			       BUS_SPACE_MAXADDR, 	/* highaddr */
1741 			       NULL, NULL, 		/* filter, filterarg */
1742 			       MAXBSIZE,		/* maxsize */
1743 			       sc->aac_sg_tablesize,	/* nsegments */
1744 			       MAXBSIZE,		/* maxsegsize */
1745 			       BUS_DMA_ALLOCNOW,	/* flags */
1746 			       busdma_lock_mutex,	/* lockfunc */
1747 			       &sc->aac_io_lock,	/* lockfuncarg */
1748 			       &sc->aac_buffer_dmat)) {
1749 		device_printf(sc->aac_dev, "can't allocate buffer DMA tag\n");
1750 		goto out;
1751 	}
1752 
1753 	/*
1754 	 * Create DMA tag for mapping FIBs into controller-addressable space..
1755 	 */
1756 	if (bus_dma_tag_create(sc->aac_parent_dmat,	/* parent */
1757 			       1, 0, 			/* algnmnt, boundary */
1758 			       (sc->flags & AAC_FLAGS_4GB_WINDOW) ?
1759 			       BUS_SPACE_MAXADDR_32BIT :
1760 			       0x7fffffff,		/* lowaddr */
1761 			       BUS_SPACE_MAXADDR, 	/* highaddr */
1762 			       NULL, NULL, 		/* filter, filterarg */
1763 			       sc->aac_max_fibs_alloc *
1764 			       sc->aac_max_fib_size,  /* maxsize */
1765 			       1,			/* nsegments */
1766 			       sc->aac_max_fibs_alloc *
1767 			       sc->aac_max_fib_size,	/* maxsegsize */
1768 			       0,			/* flags */
1769 			       NULL, NULL,		/* No locking needed */
1770 			       &sc->aac_fib_dmat)) {
1771 		device_printf(sc->aac_dev, "can't allocate FIB DMA tag\n");;
1772 		goto out;
1773 	}
1774 
1775 	/*
1776 	 * Create DMA tag for the common structure and allocate it.
1777 	 */
1778 	if (bus_dma_tag_create(sc->aac_parent_dmat, 	/* parent */
1779 			       1, 0,			/* algnmnt, boundary */
1780 			       (sc->flags & AAC_FLAGS_4GB_WINDOW) ?
1781 			       BUS_SPACE_MAXADDR_32BIT :
1782 			       0x7fffffff,		/* lowaddr */
1783 			       BUS_SPACE_MAXADDR, 	/* highaddr */
1784 			       NULL, NULL, 		/* filter, filterarg */
1785 			       8192 + sizeof(struct aac_common), /* maxsize */
1786 			       1,			/* nsegments */
1787 			       BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
1788 			       0,			/* flags */
1789 			       NULL, NULL,		/* No locking needed */
1790 			       &sc->aac_common_dmat)) {
1791 		device_printf(sc->aac_dev,
1792 			      "can't allocate common structure DMA tag\n");
1793 		goto out;
1794 	}
1795 	if (bus_dmamem_alloc(sc->aac_common_dmat, (void **)&sc->aac_common,
1796 			     BUS_DMA_NOWAIT, &sc->aac_common_dmamap)) {
1797 		device_printf(sc->aac_dev, "can't allocate common structure\n");
1798 		goto out;
1799 	}
1800 
1801 	/*
1802 	 * Work around a bug in the 2120 and 2200 that cannot DMA commands
1803 	 * below address 8192 in physical memory.
1804 	 * XXX If the padding is not needed, can it be put to use instead
1805 	 * of ignored?
1806 	 */
1807 	(void)bus_dmamap_load(sc->aac_common_dmat, sc->aac_common_dmamap,
1808 			sc->aac_common, 8192 + sizeof(*sc->aac_common),
1809 			aac_common_map, sc, 0);
1810 
1811 	if (sc->aac_common_busaddr < 8192) {
1812 		sc->aac_common = (struct aac_common *)
1813 		    ((uint8_t *)sc->aac_common + 8192);
1814 		sc->aac_common_busaddr += 8192;
1815 	}
1816 	bzero(sc->aac_common, sizeof(*sc->aac_common));
1817 
1818 	/* Allocate some FIBs and associated command structs */
1819 	TAILQ_INIT(&sc->aac_fibmap_tqh);
1820 	sc->aac_commands = malloc(sc->aac_max_fibs * sizeof(struct aac_command),
1821 				  M_AACBUF, M_WAITOK|M_ZERO);
1822 	while (sc->total_fibs < AAC_PREALLOCATE_FIBS) {
1823 		if (aac_alloc_commands(sc) != 0)
1824 			break;
1825 	}
1826 	if (sc->total_fibs == 0)
1827 		goto out;
1828 
1829 	/*
1830 	 * Fill in the init structure.  This tells the adapter about the
1831 	 * physical location of various important shared data structures.
1832 	 */
1833 	ip = &sc->aac_common->ac_init;
1834 	ip->InitStructRevision = AAC_INIT_STRUCT_REVISION;
1835 	if (sc->aac_max_fib_size > sizeof(struct aac_fib)) {
1836 		ip->InitStructRevision = AAC_INIT_STRUCT_REVISION_4;
1837 		sc->flags |= AAC_FLAGS_RAW_IO;
1838 	}
1839 	ip->MiniPortRevision = AAC_INIT_STRUCT_MINIPORT_REVISION;
1840 
1841 	ip->AdapterFibsPhysicalAddress = sc->aac_common_busaddr +
1842 					 offsetof(struct aac_common, ac_fibs);
1843 	ip->AdapterFibsVirtualAddress = 0;
1844 	ip->AdapterFibsSize = AAC_ADAPTER_FIBS * sizeof(struct aac_fib);
1845 	ip->AdapterFibAlign = sizeof(struct aac_fib);
1846 
1847 	ip->PrintfBufferAddress = sc->aac_common_busaddr +
1848 				  offsetof(struct aac_common, ac_printf);
1849 	ip->PrintfBufferSize = AAC_PRINTF_BUFSIZE;
1850 
1851 	/*
1852 	 * The adapter assumes that pages are 4K in size, except on some
1853  	 * broken firmware versions that do the page->byte conversion twice,
1854 	 * therefore 'assuming' that this value is in 16MB units (2^24).
1855 	 * Round up since the granularity is so high.
1856 	 */
1857 	ip->HostPhysMemPages = ctob(physmem) / AAC_PAGE_SIZE;
1858 	if (sc->flags & AAC_FLAGS_BROKEN_MEMMAP) {
1859 		ip->HostPhysMemPages =
1860 		    (ip->HostPhysMemPages + AAC_PAGE_SIZE) / AAC_PAGE_SIZE;
1861 	}
1862 	ip->HostElapsedSeconds = time_uptime;	/* reset later if invalid */
1863 
1864 	ip->InitFlags = 0;
1865 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
1866 		ip->InitFlags = INITFLAGS_NEW_COMM_SUPPORTED;
1867 		device_printf(sc->aac_dev, "New comm. interface enabled\n");
1868 	}
1869 
1870 	ip->MaxIoCommands = sc->aac_max_fibs;
1871 	ip->MaxIoSize = sc->aac_max_sectors << 9;
1872 	ip->MaxFibSize = sc->aac_max_fib_size;
1873 
1874 	/*
1875 	 * Initialise FIB queues.  Note that it appears that the layout of the
1876 	 * indexes and the segmentation of the entries may be mandated by the
1877 	 * adapter, which is only told about the base of the queue index fields.
1878 	 *
1879 	 * The initial values of the indices are assumed to inform the adapter
1880 	 * of the sizes of the respective queues, and theoretically it could
1881 	 * work out the entire layout of the queue structures from this.  We
1882 	 * take the easy route and just lay this area out like everyone else
1883 	 * does.
1884 	 *
1885 	 * The Linux driver uses a much more complex scheme whereby several
1886 	 * header records are kept for each queue.  We use a couple of generic
1887 	 * list manipulation functions which 'know' the size of each list by
1888 	 * virtue of a table.
1889 	 */
1890 	qoffset = offsetof(struct aac_common, ac_qbuf) + AAC_QUEUE_ALIGN;
1891 	qoffset &= ~(AAC_QUEUE_ALIGN - 1);
1892 	sc->aac_queues =
1893 	    (struct aac_queue_table *)((uintptr_t)sc->aac_common + qoffset);
1894 	ip->CommHeaderAddress = sc->aac_common_busaddr + qoffset;
1895 
1896 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1897 		AAC_HOST_NORM_CMD_ENTRIES;
1898 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1899 		AAC_HOST_NORM_CMD_ENTRIES;
1900 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1901 		AAC_HOST_HIGH_CMD_ENTRIES;
1902 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1903 		AAC_HOST_HIGH_CMD_ENTRIES;
1904 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1905 		AAC_ADAP_NORM_CMD_ENTRIES;
1906 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1907 		AAC_ADAP_NORM_CMD_ENTRIES;
1908 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1909 		AAC_ADAP_HIGH_CMD_ENTRIES;
1910 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1911 		AAC_ADAP_HIGH_CMD_ENTRIES;
1912 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1913 		AAC_HOST_NORM_RESP_ENTRIES;
1914 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1915 		AAC_HOST_NORM_RESP_ENTRIES;
1916 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1917 		AAC_HOST_HIGH_RESP_ENTRIES;
1918 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1919 		AAC_HOST_HIGH_RESP_ENTRIES;
1920 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1921 		AAC_ADAP_NORM_RESP_ENTRIES;
1922 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1923 		AAC_ADAP_NORM_RESP_ENTRIES;
1924 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1925 		AAC_ADAP_HIGH_RESP_ENTRIES;
1926 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1927 		AAC_ADAP_HIGH_RESP_ENTRIES;
1928 	sc->aac_qentries[AAC_HOST_NORM_CMD_QUEUE] =
1929 		&sc->aac_queues->qt_HostNormCmdQueue[0];
1930 	sc->aac_qentries[AAC_HOST_HIGH_CMD_QUEUE] =
1931 		&sc->aac_queues->qt_HostHighCmdQueue[0];
1932 	sc->aac_qentries[AAC_ADAP_NORM_CMD_QUEUE] =
1933 		&sc->aac_queues->qt_AdapNormCmdQueue[0];
1934 	sc->aac_qentries[AAC_ADAP_HIGH_CMD_QUEUE] =
1935 		&sc->aac_queues->qt_AdapHighCmdQueue[0];
1936 	sc->aac_qentries[AAC_HOST_NORM_RESP_QUEUE] =
1937 		&sc->aac_queues->qt_HostNormRespQueue[0];
1938 	sc->aac_qentries[AAC_HOST_HIGH_RESP_QUEUE] =
1939 		&sc->aac_queues->qt_HostHighRespQueue[0];
1940 	sc->aac_qentries[AAC_ADAP_NORM_RESP_QUEUE] =
1941 		&sc->aac_queues->qt_AdapNormRespQueue[0];
1942 	sc->aac_qentries[AAC_ADAP_HIGH_RESP_QUEUE] =
1943 		&sc->aac_queues->qt_AdapHighRespQueue[0];
1944 
1945 	/*
1946 	 * Do controller-type-specific initialisation
1947 	 */
1948 	switch (sc->aac_hwif) {
1949 	case AAC_HWIF_I960RX:
1950 		AAC_SETREG4(sc, AAC_RX_ODBR, ~0);
1951 		break;
1952 	case AAC_HWIF_RKT:
1953 		AAC_SETREG4(sc, AAC_RKT_ODBR, ~0);
1954 		break;
1955 	default:
1956 		break;
1957 	}
1958 
1959 	/*
1960 	 * Give the init structure to the controller.
1961 	 */
1962 	if (aac_sync_command(sc, AAC_MONKER_INITSTRUCT,
1963 			     sc->aac_common_busaddr +
1964 			     offsetof(struct aac_common, ac_init), 0, 0, 0,
1965 			     NULL)) {
1966 		device_printf(sc->aac_dev,
1967 			      "error establishing init structure\n");
1968 		error = EIO;
1969 		goto out;
1970 	}
1971 
1972 	error = 0;
1973 out:
1974 	return(error);
1975 }
1976 
1977 /*
1978  * Send a synchronous command to the controller and wait for a result.
1979  * Indicate if the controller completed the command with an error status.
1980  */
1981 static int
1982 aac_sync_command(struct aac_softc *sc, u_int32_t command,
1983 		 u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3,
1984 		 u_int32_t *sp)
1985 {
1986 	time_t then;
1987 	u_int32_t status;
1988 
1989 	debug_called(3);
1990 
1991 	/* populate the mailbox */
1992 	AAC_SET_MAILBOX(sc, command, arg0, arg1, arg2, arg3);
1993 
1994 	/* ensure the sync command doorbell flag is cleared */
1995 	AAC_CLEAR_ISTATUS(sc, AAC_DB_SYNC_COMMAND);
1996 
1997 	/* then set it to signal the adapter */
1998 	AAC_QNOTIFY(sc, AAC_DB_SYNC_COMMAND);
1999 
2000 	/* spin waiting for the command to complete */
2001 	then = time_uptime;
2002 	do {
2003 		if (time_uptime > (then + AAC_IMMEDIATE_TIMEOUT)) {
2004 			debug(1, "timed out");
2005 			return(EIO);
2006 		}
2007 	} while (!(AAC_GET_ISTATUS(sc) & AAC_DB_SYNC_COMMAND));
2008 
2009 	/* clear the completion flag */
2010 	AAC_CLEAR_ISTATUS(sc, AAC_DB_SYNC_COMMAND);
2011 
2012 	/* get the command status */
2013 	status = AAC_GET_MAILBOX(sc, 0);
2014 	if (sp != NULL)
2015 		*sp = status;
2016 
2017 	if (status != AAC_SRB_STS_SUCCESS)
2018 		return (-1);
2019 	return(0);
2020 }
2021 
2022 int
2023 aac_sync_fib(struct aac_softc *sc, u_int32_t command, u_int32_t xferstate,
2024 		 struct aac_fib *fib, u_int16_t datasize)
2025 {
2026 	debug_called(3);
2027 	mtx_assert(&sc->aac_io_lock, MA_OWNED);
2028 
2029 	if (datasize > AAC_FIB_DATASIZE)
2030 		return(EINVAL);
2031 
2032 	/*
2033 	 * Set up the sync FIB
2034 	 */
2035 	fib->Header.XferState = AAC_FIBSTATE_HOSTOWNED |
2036 				AAC_FIBSTATE_INITIALISED |
2037 				AAC_FIBSTATE_EMPTY;
2038 	fib->Header.XferState |= xferstate;
2039 	fib->Header.Command = command;
2040 	fib->Header.StructType = AAC_FIBTYPE_TFIB;
2041 	fib->Header.Size = sizeof(struct aac_fib) + datasize;
2042 	fib->Header.SenderSize = sizeof(struct aac_fib);
2043 	fib->Header.SenderFibAddress = 0;	/* Not needed */
2044 	fib->Header.ReceiverFibAddress = sc->aac_common_busaddr +
2045 					 offsetof(struct aac_common,
2046 						  ac_sync_fib);
2047 
2048 	/*
2049 	 * Give the FIB to the controller, wait for a response.
2050 	 */
2051 	if (aac_sync_command(sc, AAC_MONKER_SYNCFIB,
2052 			     fib->Header.ReceiverFibAddress, 0, 0, 0, NULL)) {
2053 		debug(2, "IO error");
2054 		return(EIO);
2055 	}
2056 
2057 	return (0);
2058 }
2059 
2060 /*
2061  * Adapter-space FIB queue manipulation
2062  *
2063  * Note that the queue implementation here is a little funky; neither the PI or
2064  * CI will ever be zero.  This behaviour is a controller feature.
2065  */
2066 static struct {
2067 	int		size;
2068 	int		notify;
2069 } aac_qinfo[] = {
2070 	{AAC_HOST_NORM_CMD_ENTRIES, AAC_DB_COMMAND_NOT_FULL},
2071 	{AAC_HOST_HIGH_CMD_ENTRIES, 0},
2072 	{AAC_ADAP_NORM_CMD_ENTRIES, AAC_DB_COMMAND_READY},
2073 	{AAC_ADAP_HIGH_CMD_ENTRIES, 0},
2074 	{AAC_HOST_NORM_RESP_ENTRIES, AAC_DB_RESPONSE_NOT_FULL},
2075 	{AAC_HOST_HIGH_RESP_ENTRIES, 0},
2076 	{AAC_ADAP_NORM_RESP_ENTRIES, AAC_DB_RESPONSE_READY},
2077 	{AAC_ADAP_HIGH_RESP_ENTRIES, 0}
2078 };
2079 
2080 /*
2081  * Atomically insert an entry into the nominated queue, returns 0 on success or
2082  * EBUSY if the queue is full.
2083  *
2084  * Note: it would be more efficient to defer notifying the controller in
2085  *	 the case where we may be inserting several entries in rapid succession,
2086  *	 but implementing this usefully may be difficult (it would involve a
2087  *	 separate queue/notify interface).
2088  */
2089 static int
2090 aac_enqueue_fib(struct aac_softc *sc, int queue, struct aac_command *cm)
2091 {
2092 	u_int32_t pi, ci;
2093 	int error;
2094 	u_int32_t fib_size;
2095 	u_int32_t fib_addr;
2096 
2097 	debug_called(3);
2098 
2099 	fib_size = cm->cm_fib->Header.Size;
2100 	fib_addr = cm->cm_fib->Header.ReceiverFibAddress;
2101 
2102 	/* get the producer/consumer indices */
2103 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2104 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2105 
2106 	/* wrap the queue? */
2107 	if (pi >= aac_qinfo[queue].size)
2108 		pi = 0;
2109 
2110 	/* check for queue full */
2111 	if ((pi + 1) == ci) {
2112 		error = EBUSY;
2113 		goto out;
2114 	}
2115 
2116 	/*
2117 	 * To avoid a race with its completion interrupt, place this command on
2118 	 * the busy queue prior to advertising it to the controller.
2119 	 */
2120 	aac_enqueue_busy(cm);
2121 
2122 	/* populate queue entry */
2123 	(sc->aac_qentries[queue] + pi)->aq_fib_size = fib_size;
2124 	(sc->aac_qentries[queue] + pi)->aq_fib_addr = fib_addr;
2125 
2126 	/* update producer index */
2127 	sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX] = pi + 1;
2128 
2129 	/* notify the adapter if we know how */
2130 	if (aac_qinfo[queue].notify != 0)
2131 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2132 
2133 	error = 0;
2134 
2135 out:
2136 	return(error);
2137 }
2138 
2139 /*
2140  * Atomically remove one entry from the nominated queue, returns 0 on
2141  * success or ENOENT if the queue is empty.
2142  */
2143 static int
2144 aac_dequeue_fib(struct aac_softc *sc, int queue, u_int32_t *fib_size,
2145 		struct aac_fib **fib_addr)
2146 {
2147 	u_int32_t pi, ci;
2148 	u_int32_t fib_index;
2149 	int error;
2150 	int notify;
2151 
2152 	debug_called(3);
2153 
2154 	/* get the producer/consumer indices */
2155 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2156 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2157 
2158 	/* check for queue empty */
2159 	if (ci == pi) {
2160 		error = ENOENT;
2161 		goto out;
2162 	}
2163 
2164 	/* wrap the pi so the following test works */
2165 	if (pi >= aac_qinfo[queue].size)
2166 		pi = 0;
2167 
2168 	notify = 0;
2169 	if (ci == pi + 1)
2170 		notify++;
2171 
2172 	/* wrap the queue? */
2173 	if (ci >= aac_qinfo[queue].size)
2174 		ci = 0;
2175 
2176 	/* fetch the entry */
2177 	*fib_size = (sc->aac_qentries[queue] + ci)->aq_fib_size;
2178 
2179 	switch (queue) {
2180 	case AAC_HOST_NORM_CMD_QUEUE:
2181 	case AAC_HOST_HIGH_CMD_QUEUE:
2182 		/*
2183 		 * The aq_fib_addr is only 32 bits wide so it can't be counted
2184 		 * on to hold an address.  For AIF's, the adapter assumes
2185 		 * that it's giving us an address into the array of AIF fibs.
2186 		 * Therefore, we have to convert it to an index.
2187 		 */
2188 		fib_index = (sc->aac_qentries[queue] + ci)->aq_fib_addr /
2189 			sizeof(struct aac_fib);
2190 		*fib_addr = &sc->aac_common->ac_fibs[fib_index];
2191 		break;
2192 
2193 	case AAC_HOST_NORM_RESP_QUEUE:
2194 	case AAC_HOST_HIGH_RESP_QUEUE:
2195 	{
2196 		struct aac_command *cm;
2197 
2198 		/*
2199 		 * As above, an index is used instead of an actual address.
2200 		 * Gotta shift the index to account for the fast response
2201 		 * bit.  No other correction is needed since this value was
2202 		 * originally provided by the driver via the SenderFibAddress
2203 		 * field.
2204 		 */
2205 		fib_index = (sc->aac_qentries[queue] + ci)->aq_fib_addr;
2206 		cm = sc->aac_commands + (fib_index >> 2);
2207 		*fib_addr = cm->cm_fib;
2208 
2209 		/*
2210 		 * Is this a fast response? If it is, update the fib fields in
2211 		 * local memory since the whole fib isn't DMA'd back up.
2212 		 */
2213 		if (fib_index & 0x01) {
2214 			(*fib_addr)->Header.XferState |= AAC_FIBSTATE_DONEADAP;
2215 			*((u_int32_t*)((*fib_addr)->data)) = AAC_ERROR_NORMAL;
2216 		}
2217 		break;
2218 	}
2219 	default:
2220 		panic("Invalid queue in aac_dequeue_fib()");
2221 		break;
2222 	}
2223 
2224 	/* update consumer index */
2225 	sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX] = ci + 1;
2226 
2227 	/* if we have made the queue un-full, notify the adapter */
2228 	if (notify && (aac_qinfo[queue].notify != 0))
2229 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2230 	error = 0;
2231 
2232 out:
2233 	return(error);
2234 }
2235 
2236 /*
2237  * Put our response to an Adapter Initialed Fib on the response queue
2238  */
2239 static int
2240 aac_enqueue_response(struct aac_softc *sc, int queue, struct aac_fib *fib)
2241 {
2242 	u_int32_t pi, ci;
2243 	int error;
2244 	u_int32_t fib_size;
2245 	u_int32_t fib_addr;
2246 
2247 	debug_called(1);
2248 
2249 	/* Tell the adapter where the FIB is */
2250 	fib_size = fib->Header.Size;
2251 	fib_addr = fib->Header.SenderFibAddress;
2252 	fib->Header.ReceiverFibAddress = fib_addr;
2253 
2254 	/* get the producer/consumer indices */
2255 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2256 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2257 
2258 	/* wrap the queue? */
2259 	if (pi >= aac_qinfo[queue].size)
2260 		pi = 0;
2261 
2262 	/* check for queue full */
2263 	if ((pi + 1) == ci) {
2264 		error = EBUSY;
2265 		goto out;
2266 	}
2267 
2268 	/* populate queue entry */
2269 	(sc->aac_qentries[queue] + pi)->aq_fib_size = fib_size;
2270 	(sc->aac_qentries[queue] + pi)->aq_fib_addr = fib_addr;
2271 
2272 	/* update producer index */
2273 	sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX] = pi + 1;
2274 
2275 	/* notify the adapter if we know how */
2276 	if (aac_qinfo[queue].notify != 0)
2277 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2278 
2279 	error = 0;
2280 
2281 out:
2282 	return(error);
2283 }
2284 
2285 /*
2286  * Check for commands that have been outstanding for a suspiciously long time,
2287  * and complain about them.
2288  */
2289 static void
2290 aac_timeout(struct aac_softc *sc)
2291 {
2292 	struct aac_command *cm;
2293 	time_t deadline;
2294 	int timedout, code;
2295 
2296 	/*
2297 	 * Traverse the busy command list, bitch about late commands once
2298 	 * only.
2299 	 */
2300 	timedout = 0;
2301 	deadline = time_uptime - AAC_CMD_TIMEOUT;
2302 	TAILQ_FOREACH(cm, &sc->aac_busy, cm_link) {
2303 		if ((cm->cm_timestamp  < deadline)
2304 			/* && !(cm->cm_flags & AAC_CMD_TIMEDOUT) */) {
2305 			cm->cm_flags |= AAC_CMD_TIMEDOUT;
2306 			device_printf(sc->aac_dev,
2307 				      "COMMAND %p TIMEOUT AFTER %d SECONDS\n",
2308 				      cm, (int)(time_uptime-cm->cm_timestamp));
2309 			AAC_PRINT_FIB(sc, cm->cm_fib);
2310 			timedout++;
2311 		}
2312 	}
2313 
2314 	if (timedout) {
2315 		code = AAC_GET_FWSTATUS(sc);
2316 		if (code != AAC_UP_AND_RUNNING) {
2317 			device_printf(sc->aac_dev, "WARNING! Controller is no "
2318 				      "longer running! code= 0x%x\n", code);
2319 		}
2320 	}
2321 	return;
2322 }
2323 
2324 /*
2325  * Interface Function Vectors
2326  */
2327 
2328 /*
2329  * Read the current firmware status word.
2330  */
2331 static int
2332 aac_sa_get_fwstatus(struct aac_softc *sc)
2333 {
2334 	debug_called(3);
2335 
2336 	return(AAC_GETREG4(sc, AAC_SA_FWSTATUS));
2337 }
2338 
2339 static int
2340 aac_rx_get_fwstatus(struct aac_softc *sc)
2341 {
2342 	debug_called(3);
2343 
2344 	return(AAC_GETREG4(sc, AAC_RX_FWSTATUS));
2345 }
2346 
2347 static int
2348 aac_fa_get_fwstatus(struct aac_softc *sc)
2349 {
2350 	int val;
2351 
2352 	debug_called(3);
2353 
2354 	val = AAC_GETREG4(sc, AAC_FA_FWSTATUS);
2355 	return (val);
2356 }
2357 
2358 static int
2359 aac_rkt_get_fwstatus(struct aac_softc *sc)
2360 {
2361 	debug_called(3);
2362 
2363 	return(AAC_GETREG4(sc, AAC_RKT_FWSTATUS));
2364 }
2365 
2366 /*
2367  * Notify the controller of a change in a given queue
2368  */
2369 
2370 static void
2371 aac_sa_qnotify(struct aac_softc *sc, int qbit)
2372 {
2373 	debug_called(3);
2374 
2375 	AAC_SETREG2(sc, AAC_SA_DOORBELL1_SET, qbit);
2376 }
2377 
2378 static void
2379 aac_rx_qnotify(struct aac_softc *sc, int qbit)
2380 {
2381 	debug_called(3);
2382 
2383 	AAC_SETREG4(sc, AAC_RX_IDBR, qbit);
2384 }
2385 
2386 static void
2387 aac_fa_qnotify(struct aac_softc *sc, int qbit)
2388 {
2389 	debug_called(3);
2390 
2391 	AAC_SETREG2(sc, AAC_FA_DOORBELL1, qbit);
2392 	AAC_FA_HACK(sc);
2393 }
2394 
2395 static void
2396 aac_rkt_qnotify(struct aac_softc *sc, int qbit)
2397 {
2398 	debug_called(3);
2399 
2400 	AAC_SETREG4(sc, AAC_RKT_IDBR, qbit);
2401 }
2402 
2403 /*
2404  * Get the interrupt reason bits
2405  */
2406 static int
2407 aac_sa_get_istatus(struct aac_softc *sc)
2408 {
2409 	debug_called(3);
2410 
2411 	return(AAC_GETREG2(sc, AAC_SA_DOORBELL0));
2412 }
2413 
2414 static int
2415 aac_rx_get_istatus(struct aac_softc *sc)
2416 {
2417 	debug_called(3);
2418 
2419 	return(AAC_GETREG4(sc, AAC_RX_ODBR));
2420 }
2421 
2422 static int
2423 aac_fa_get_istatus(struct aac_softc *sc)
2424 {
2425 	int val;
2426 
2427 	debug_called(3);
2428 
2429 	val = AAC_GETREG2(sc, AAC_FA_DOORBELL0);
2430 	return (val);
2431 }
2432 
2433 static int
2434 aac_rkt_get_istatus(struct aac_softc *sc)
2435 {
2436 	debug_called(3);
2437 
2438 	return(AAC_GETREG4(sc, AAC_RKT_ODBR));
2439 }
2440 
2441 /*
2442  * Clear some interrupt reason bits
2443  */
2444 static void
2445 aac_sa_clear_istatus(struct aac_softc *sc, int mask)
2446 {
2447 	debug_called(3);
2448 
2449 	AAC_SETREG2(sc, AAC_SA_DOORBELL0_CLEAR, mask);
2450 }
2451 
2452 static void
2453 aac_rx_clear_istatus(struct aac_softc *sc, int mask)
2454 {
2455 	debug_called(3);
2456 
2457 	AAC_SETREG4(sc, AAC_RX_ODBR, mask);
2458 }
2459 
2460 static void
2461 aac_fa_clear_istatus(struct aac_softc *sc, int mask)
2462 {
2463 	debug_called(3);
2464 
2465 	AAC_SETREG2(sc, AAC_FA_DOORBELL0_CLEAR, mask);
2466 	AAC_FA_HACK(sc);
2467 }
2468 
2469 static void
2470 aac_rkt_clear_istatus(struct aac_softc *sc, int mask)
2471 {
2472 	debug_called(3);
2473 
2474 	AAC_SETREG4(sc, AAC_RKT_ODBR, mask);
2475 }
2476 
2477 /*
2478  * Populate the mailbox and set the command word
2479  */
2480 static void
2481 aac_sa_set_mailbox(struct aac_softc *sc, u_int32_t command,
2482 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2483 {
2484 	debug_called(4);
2485 
2486 	AAC_SETREG4(sc, AAC_SA_MAILBOX, command);
2487 	AAC_SETREG4(sc, AAC_SA_MAILBOX + 4, arg0);
2488 	AAC_SETREG4(sc, AAC_SA_MAILBOX + 8, arg1);
2489 	AAC_SETREG4(sc, AAC_SA_MAILBOX + 12, arg2);
2490 	AAC_SETREG4(sc, AAC_SA_MAILBOX + 16, arg3);
2491 }
2492 
2493 static void
2494 aac_rx_set_mailbox(struct aac_softc *sc, u_int32_t command,
2495 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2496 {
2497 	debug_called(4);
2498 
2499 	AAC_SETREG4(sc, AAC_RX_MAILBOX, command);
2500 	AAC_SETREG4(sc, AAC_RX_MAILBOX + 4, arg0);
2501 	AAC_SETREG4(sc, AAC_RX_MAILBOX + 8, arg1);
2502 	AAC_SETREG4(sc, AAC_RX_MAILBOX + 12, arg2);
2503 	AAC_SETREG4(sc, AAC_RX_MAILBOX + 16, arg3);
2504 }
2505 
2506 static void
2507 aac_fa_set_mailbox(struct aac_softc *sc, u_int32_t command,
2508 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2509 {
2510 	debug_called(4);
2511 
2512 	AAC_SETREG4(sc, AAC_FA_MAILBOX, command);
2513 	AAC_FA_HACK(sc);
2514 	AAC_SETREG4(sc, AAC_FA_MAILBOX + 4, arg0);
2515 	AAC_FA_HACK(sc);
2516 	AAC_SETREG4(sc, AAC_FA_MAILBOX + 8, arg1);
2517 	AAC_FA_HACK(sc);
2518 	AAC_SETREG4(sc, AAC_FA_MAILBOX + 12, arg2);
2519 	AAC_FA_HACK(sc);
2520 	AAC_SETREG4(sc, AAC_FA_MAILBOX + 16, arg3);
2521 	AAC_FA_HACK(sc);
2522 }
2523 
2524 static void
2525 aac_rkt_set_mailbox(struct aac_softc *sc, u_int32_t command, u_int32_t arg0,
2526 		    u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2527 {
2528 	debug_called(4);
2529 
2530 	AAC_SETREG4(sc, AAC_RKT_MAILBOX, command);
2531 	AAC_SETREG4(sc, AAC_RKT_MAILBOX + 4, arg0);
2532 	AAC_SETREG4(sc, AAC_RKT_MAILBOX + 8, arg1);
2533 	AAC_SETREG4(sc, AAC_RKT_MAILBOX + 12, arg2);
2534 	AAC_SETREG4(sc, AAC_RKT_MAILBOX + 16, arg3);
2535 }
2536 
2537 /*
2538  * Fetch the immediate command status word
2539  */
2540 static int
2541 aac_sa_get_mailbox(struct aac_softc *sc, int mb)
2542 {
2543 	debug_called(4);
2544 
2545 	return(AAC_GETREG4(sc, AAC_SA_MAILBOX + (mb * 4)));
2546 }
2547 
2548 static int
2549 aac_rx_get_mailbox(struct aac_softc *sc, int mb)
2550 {
2551 	debug_called(4);
2552 
2553 	return(AAC_GETREG4(sc, AAC_RX_MAILBOX + (mb * 4)));
2554 }
2555 
2556 static int
2557 aac_fa_get_mailbox(struct aac_softc *sc, int mb)
2558 {
2559 	int val;
2560 
2561 	debug_called(4);
2562 
2563 	val = AAC_GETREG4(sc, AAC_FA_MAILBOX + (mb * 4));
2564 	return (val);
2565 }
2566 
2567 static int
2568 aac_rkt_get_mailbox(struct aac_softc *sc, int mb)
2569 {
2570 	debug_called(4);
2571 
2572 	return(AAC_GETREG4(sc, AAC_RKT_MAILBOX + (mb * 4)));
2573 }
2574 
2575 /*
2576  * Set/clear interrupt masks
2577  */
2578 static void
2579 aac_sa_set_interrupts(struct aac_softc *sc, int enable)
2580 {
2581 	debug(2, "%sable interrupts", enable ? "en" : "dis");
2582 
2583 	if (enable) {
2584 		AAC_SETREG2((sc), AAC_SA_MASK0_CLEAR, AAC_DB_INTERRUPTS);
2585 	} else {
2586 		AAC_SETREG2((sc), AAC_SA_MASK0_SET, ~0);
2587 	}
2588 }
2589 
2590 static void
2591 aac_rx_set_interrupts(struct aac_softc *sc, int enable)
2592 {
2593 	debug(2, "%sable interrupts", enable ? "en" : "dis");
2594 
2595 	if (enable) {
2596 		if (sc->flags & AAC_FLAGS_NEW_COMM)
2597 			AAC_SETREG4(sc, AAC_RX_OIMR, ~AAC_DB_INT_NEW_COMM);
2598 		else
2599 			AAC_SETREG4(sc, AAC_RX_OIMR, ~AAC_DB_INTERRUPTS);
2600 	} else {
2601 		AAC_SETREG4(sc, AAC_RX_OIMR, ~0);
2602 	}
2603 }
2604 
2605 static void
2606 aac_fa_set_interrupts(struct aac_softc *sc, int enable)
2607 {
2608 	debug(2, "%sable interrupts", enable ? "en" : "dis");
2609 
2610 	if (enable) {
2611 		AAC_SETREG2((sc), AAC_FA_MASK0_CLEAR, AAC_DB_INTERRUPTS);
2612 		AAC_FA_HACK(sc);
2613 	} else {
2614 		AAC_SETREG2((sc), AAC_FA_MASK0, ~0);
2615 		AAC_FA_HACK(sc);
2616 	}
2617 }
2618 
2619 static void
2620 aac_rkt_set_interrupts(struct aac_softc *sc, int enable)
2621 {
2622 	debug(2, "%sable interrupts", enable ? "en" : "dis");
2623 
2624 	if (enable) {
2625 		if (sc->flags & AAC_FLAGS_NEW_COMM)
2626 			AAC_SETREG4(sc, AAC_RKT_OIMR, ~AAC_DB_INT_NEW_COMM);
2627 		else
2628 			AAC_SETREG4(sc, AAC_RKT_OIMR, ~AAC_DB_INTERRUPTS);
2629 	} else {
2630 		AAC_SETREG4(sc, AAC_RKT_OIMR, ~0);
2631 	}
2632 }
2633 
2634 /*
2635  * New comm. interface: Send command functions
2636  */
2637 static int
2638 aac_rx_send_command(struct aac_softc *sc, struct aac_command *cm)
2639 {
2640 	u_int32_t index, device;
2641 
2642 	debug(2, "send command (new comm.)");
2643 
2644 	index = AAC_GETREG4(sc, AAC_RX_IQUE);
2645 	if (index == 0xffffffffL)
2646 		index = AAC_GETREG4(sc, AAC_RX_IQUE);
2647 	if (index == 0xffffffffL)
2648 		return index;
2649 	aac_enqueue_busy(cm);
2650 	device = index;
2651 	AAC_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys & 0xffffffffUL));
2652 	device += 4;
2653 	AAC_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys >> 32));
2654 	device += 4;
2655 	AAC_SETREG4(sc, device, cm->cm_fib->Header.Size);
2656 	AAC_SETREG4(sc, AAC_RX_IQUE, index);
2657 	return 0;
2658 }
2659 
2660 static int
2661 aac_rkt_send_command(struct aac_softc *sc, struct aac_command *cm)
2662 {
2663 	u_int32_t index, device;
2664 
2665 	debug(2, "send command (new comm.)");
2666 
2667 	index = AAC_GETREG4(sc, AAC_RKT_IQUE);
2668 	if (index == 0xffffffffL)
2669 		index = AAC_GETREG4(sc, AAC_RKT_IQUE);
2670 	if (index == 0xffffffffL)
2671 		return index;
2672 	aac_enqueue_busy(cm);
2673 	device = index;
2674 	AAC_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys & 0xffffffffUL));
2675 	device += 4;
2676 	AAC_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys >> 32));
2677 	device += 4;
2678 	AAC_SETREG4(sc, device, cm->cm_fib->Header.Size);
2679 	AAC_SETREG4(sc, AAC_RKT_IQUE, index);
2680 	return 0;
2681 }
2682 
2683 /*
2684  * New comm. interface: get, set outbound queue index
2685  */
2686 static int
2687 aac_rx_get_outb_queue(struct aac_softc *sc)
2688 {
2689 	debug_called(3);
2690 
2691 	return(AAC_GETREG4(sc, AAC_RX_OQUE));
2692 }
2693 
2694 static int
2695 aac_rkt_get_outb_queue(struct aac_softc *sc)
2696 {
2697 	debug_called(3);
2698 
2699 	return(AAC_GETREG4(sc, AAC_RKT_OQUE));
2700 }
2701 
2702 static void
2703 aac_rx_set_outb_queue(struct aac_softc *sc, int index)
2704 {
2705 	debug_called(3);
2706 
2707 	AAC_SETREG4(sc, AAC_RX_OQUE, index);
2708 }
2709 
2710 static void
2711 aac_rkt_set_outb_queue(struct aac_softc *sc, int index)
2712 {
2713 	debug_called(3);
2714 
2715 	AAC_SETREG4(sc, AAC_RKT_OQUE, index);
2716 }
2717 
2718 /*
2719  * Debugging and Diagnostics
2720  */
2721 
2722 /*
2723  * Print some information about the controller.
2724  */
2725 static void
2726 aac_describe_controller(struct aac_softc *sc)
2727 {
2728 	struct aac_fib *fib;
2729 	struct aac_adapter_info	*info;
2730 
2731 	debug_called(2);
2732 
2733 	mtx_lock(&sc->aac_io_lock);
2734 	aac_alloc_sync_fib(sc, &fib);
2735 
2736 	fib->data[0] = 0;
2737 	if (aac_sync_fib(sc, RequestAdapterInfo, 0, fib, 1)) {
2738 		device_printf(sc->aac_dev, "RequestAdapterInfo failed\n");
2739 		aac_release_sync_fib(sc);
2740 		mtx_unlock(&sc->aac_io_lock);
2741 		return;
2742 	}
2743 
2744 	/* save the kernel revision structure for later use */
2745 	info = (struct aac_adapter_info *)&fib->data[0];
2746 	sc->aac_revision = info->KernelRevision;
2747 
2748 	device_printf(sc->aac_dev, "Adaptec Raid Controller %d.%d.%d-%d\n",
2749 		AAC_DRIVER_VERSION >> 24,
2750 		(AAC_DRIVER_VERSION >> 16) & 0xFF,
2751 		AAC_DRIVER_VERSION & 0xFF,
2752 		AAC_DRIVER_BUILD);
2753 
2754 	if (bootverbose) {
2755 		device_printf(sc->aac_dev, "%s %dMHz, %dMB memory "
2756 		    "(%dMB cache, %dMB execution), %s\n",
2757 		    aac_describe_code(aac_cpu_variant, info->CpuVariant),
2758 		    info->ClockSpeed, info->TotalMem / (1024 * 1024),
2759 		    info->BufferMem / (1024 * 1024),
2760 		    info->ExecutionMem / (1024 * 1024),
2761 		    aac_describe_code(aac_battery_platform,
2762 		    info->batteryPlatform));
2763 
2764 		device_printf(sc->aac_dev,
2765 		    "Kernel %d.%d-%d, Build %d, S/N %6X\n",
2766 		    info->KernelRevision.external.comp.major,
2767 		    info->KernelRevision.external.comp.minor,
2768 		    info->KernelRevision.external.comp.dash,
2769 		    info->KernelRevision.buildNumber,
2770 		    (u_int32_t)(info->SerialNumber & 0xffffff));
2771 
2772 		device_printf(sc->aac_dev, "Supported Options=%b\n",
2773 			      sc->supported_options,
2774 			      "\20"
2775 			      "\1SNAPSHOT"
2776 			      "\2CLUSTERS"
2777 			      "\3WCACHE"
2778 			      "\4DATA64"
2779 			      "\5HOSTTIME"
2780 			      "\6RAID50"
2781 			      "\7WINDOW4GB"
2782 			      "\10SCSIUPGD"
2783 			      "\11SOFTERR"
2784 			      "\12NORECOND"
2785 			      "\13SGMAP64"
2786 			      "\14ALARM"
2787 			      "\15NONDASD"
2788 			      "\16SCSIMGT"
2789 			      "\17RAIDSCSI"
2790 			      "\21ADPTINFO"
2791 			      "\22NEWCOMM"
2792 			      "\23ARRAY64BIT"
2793 			      "\24HEATSENSOR");
2794 	}
2795 	aac_release_sync_fib(sc);
2796 	mtx_unlock(&sc->aac_io_lock);
2797 }
2798 
2799 /*
2800  * Look up a text description of a numeric error code and return a pointer to
2801  * same.
2802  */
2803 static char *
2804 aac_describe_code(struct aac_code_lookup *table, u_int32_t code)
2805 {
2806 	int i;
2807 
2808 	for (i = 0; table[i].string != NULL; i++)
2809 		if (table[i].code == code)
2810 			return(table[i].string);
2811 	return(table[i + 1].string);
2812 }
2813 
2814 /*
2815  * Management Interface
2816  */
2817 
2818 static int
2819 aac_open(struct cdev *dev, int flags, int fmt, d_thread_t *td)
2820 {
2821 	struct aac_softc *sc;
2822 
2823 	debug_called(2);
2824 
2825 	sc = dev->si_drv1;
2826 
2827 	/* Check to make sure the device isn't already open */
2828 	if (sc->aac_state & AAC_STATE_OPEN) {
2829 		return EBUSY;
2830 	}
2831 	sc->aac_state |= AAC_STATE_OPEN;
2832 
2833 	return 0;
2834 }
2835 
2836 static int
2837 aac_close(struct cdev *dev, int flags, int fmt, d_thread_t *td)
2838 {
2839 	struct aac_softc *sc;
2840 
2841 	debug_called(2);
2842 
2843 	sc = dev->si_drv1;
2844 
2845 	/* Mark this unit as no longer open  */
2846 	sc->aac_state &= ~AAC_STATE_OPEN;
2847 
2848 	return 0;
2849 }
2850 
2851 static int
2852 aac_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int flag, d_thread_t *td)
2853 {
2854 	union aac_statrequest *as;
2855 	struct aac_softc *sc;
2856 	int error = 0;
2857 	uint32_t cookie;
2858 
2859 	debug_called(2);
2860 
2861 	as = (union aac_statrequest *)arg;
2862 	sc = dev->si_drv1;
2863 
2864 	switch (cmd) {
2865 	case AACIO_STATS:
2866 		switch (as->as_item) {
2867 		case AACQ_FREE:
2868 		case AACQ_BIO:
2869 		case AACQ_READY:
2870 		case AACQ_BUSY:
2871 			bcopy(&sc->aac_qstat[as->as_item], &as->as_qstat,
2872 			      sizeof(struct aac_qstat));
2873 			break;
2874 		default:
2875 			error = ENOENT;
2876 			break;
2877 		}
2878 	break;
2879 
2880 	case FSACTL_SENDFIB:
2881 		arg = *(caddr_t*)arg;
2882 	case FSACTL_LNX_SENDFIB:
2883 		debug(1, "FSACTL_SENDFIB");
2884 		error = aac_ioctl_sendfib(sc, arg);
2885 		break;
2886 	case FSACTL_AIF_THREAD:
2887 	case FSACTL_LNX_AIF_THREAD:
2888 		debug(1, "FSACTL_AIF_THREAD");
2889 		error = EINVAL;
2890 		break;
2891 	case FSACTL_OPEN_GET_ADAPTER_FIB:
2892 		arg = *(caddr_t*)arg;
2893 	case FSACTL_LNX_OPEN_GET_ADAPTER_FIB:
2894 		debug(1, "FSACTL_OPEN_GET_ADAPTER_FIB");
2895 		/*
2896 		 * Pass the caller out an AdapterFibContext.
2897 		 *
2898 		 * Note that because we only support one opener, we
2899 		 * basically ignore this.  Set the caller's context to a magic
2900 		 * number just in case.
2901 		 *
2902 		 * The Linux code hands the driver a pointer into kernel space,
2903 		 * and then trusts it when the caller hands it back.  Aiee!
2904 		 * Here, we give it the proc pointer of the per-adapter aif
2905 		 * thread. It's only used as a sanity check in other calls.
2906 		 */
2907 		cookie = (uint32_t)(uintptr_t)sc->aifthread;
2908 		error = copyout(&cookie, arg, sizeof(cookie));
2909 		break;
2910 	case FSACTL_GET_NEXT_ADAPTER_FIB:
2911 		arg = *(caddr_t*)arg;
2912 	case FSACTL_LNX_GET_NEXT_ADAPTER_FIB:
2913 		debug(1, "FSACTL_GET_NEXT_ADAPTER_FIB");
2914 		error = aac_getnext_aif(sc, arg);
2915 		break;
2916 	case FSACTL_CLOSE_GET_ADAPTER_FIB:
2917 	case FSACTL_LNX_CLOSE_GET_ADAPTER_FIB:
2918 		debug(1, "FSACTL_CLOSE_GET_ADAPTER_FIB");
2919 		/* don't do anything here */
2920 		break;
2921 	case FSACTL_MINIPORT_REV_CHECK:
2922 		arg = *(caddr_t*)arg;
2923 	case FSACTL_LNX_MINIPORT_REV_CHECK:
2924 		debug(1, "FSACTL_MINIPORT_REV_CHECK");
2925 		error = aac_rev_check(sc, arg);
2926 		break;
2927 	case FSACTL_QUERY_DISK:
2928 		arg = *(caddr_t*)arg;
2929 	case FSACTL_LNX_QUERY_DISK:
2930 		debug(1, "FSACTL_QUERY_DISK");
2931 		error = aac_query_disk(sc, arg);
2932 		break;
2933 	case FSACTL_DELETE_DISK:
2934 	case FSACTL_LNX_DELETE_DISK:
2935 		/*
2936 		 * We don't trust the underland to tell us when to delete a
2937 		 * container, rather we rely on an AIF coming from the
2938 		 * controller
2939 		 */
2940 		error = 0;
2941 		break;
2942 	case FSACTL_GET_PCI_INFO:
2943 		arg = *(caddr_t*)arg;
2944 	case FSACTL_LNX_GET_PCI_INFO:
2945 		debug(1, "FSACTL_GET_PCI_INFO");
2946 		error = aac_get_pci_info(sc, arg);
2947 		break;
2948 	default:
2949 		debug(1, "unsupported cmd 0x%lx\n", cmd);
2950 		error = EINVAL;
2951 		break;
2952 	}
2953 	return(error);
2954 }
2955 
2956 static int
2957 aac_poll(struct cdev *dev, int poll_events, d_thread_t *td)
2958 {
2959 	struct aac_softc *sc;
2960 	int revents;
2961 
2962 	sc = dev->si_drv1;
2963 	revents = 0;
2964 
2965 	mtx_lock(&sc->aac_aifq_lock);
2966 	if ((poll_events & (POLLRDNORM | POLLIN)) != 0) {
2967 		if (sc->aac_aifq_tail != sc->aac_aifq_head)
2968 			revents |= poll_events & (POLLIN | POLLRDNORM);
2969 	}
2970 	mtx_unlock(&sc->aac_aifq_lock);
2971 
2972 	if (revents == 0) {
2973 		if (poll_events & (POLLIN | POLLRDNORM))
2974 			selrecord(td, &sc->rcv_select);
2975 	}
2976 
2977 	return (revents);
2978 }
2979 
2980 static void
2981 aac_ioctl_event(struct aac_softc *sc, struct aac_event *event, void *arg)
2982 {
2983 
2984 	switch (event->ev_type) {
2985 	case AAC_EVENT_CMFREE:
2986 		mtx_lock(&sc->aac_io_lock);
2987 		if (aac_alloc_command(sc, (struct aac_command **)arg)) {
2988 			aac_add_event(sc, event);
2989 			mtx_unlock(&sc->aac_io_lock);
2990 			return;
2991 		}
2992 		free(event, M_AACBUF);
2993 		wakeup(arg);
2994 		mtx_unlock(&sc->aac_io_lock);
2995 		break;
2996 	default:
2997 		break;
2998 	}
2999 }
3000 
3001 /*
3002  * Send a FIB supplied from userspace
3003  */
3004 static int
3005 aac_ioctl_sendfib(struct aac_softc *sc, caddr_t ufib)
3006 {
3007 	struct aac_command *cm;
3008 	int size, error;
3009 
3010 	debug_called(2);
3011 
3012 	cm = NULL;
3013 
3014 	/*
3015 	 * Get a command
3016 	 */
3017 	mtx_lock(&sc->aac_io_lock);
3018 	if (aac_alloc_command(sc, &cm)) {
3019 		struct aac_event *event;
3020 
3021 		event = malloc(sizeof(struct aac_event), M_AACBUF,
3022 		    M_NOWAIT | M_ZERO);
3023 		if (event == NULL) {
3024 			error = EBUSY;
3025 			goto out;
3026 		}
3027 		event->ev_type = AAC_EVENT_CMFREE;
3028 		event->ev_callback = aac_ioctl_event;
3029 		event->ev_arg = &cm;
3030 		aac_add_event(sc, event);
3031 		msleep(&cm, &sc->aac_io_lock, 0, "sendfib", 0);
3032 	}
3033 	mtx_unlock(&sc->aac_io_lock);
3034 
3035 	/*
3036 	 * Fetch the FIB header, then re-copy to get data as well.
3037 	 */
3038 	if ((error = copyin(ufib, cm->cm_fib,
3039 			    sizeof(struct aac_fib_header))) != 0)
3040 		goto out;
3041 	size = cm->cm_fib->Header.Size + sizeof(struct aac_fib_header);
3042 	if (size > sizeof(struct aac_fib)) {
3043 		device_printf(sc->aac_dev, "incoming FIB oversized (%d > %zd)\n",
3044 			      size, sizeof(struct aac_fib));
3045 		size = sizeof(struct aac_fib);
3046 	}
3047 	if ((error = copyin(ufib, cm->cm_fib, size)) != 0)
3048 		goto out;
3049 	cm->cm_fib->Header.Size = size;
3050 	cm->cm_timestamp = time_uptime;
3051 
3052 	/*
3053 	 * Pass the FIB to the controller, wait for it to complete.
3054 	 */
3055 	mtx_lock(&sc->aac_io_lock);
3056 	if ((error = aac_wait_command(cm)) != 0) {
3057 		device_printf(sc->aac_dev,
3058 			      "aac_wait_command return %d\n", error);
3059 		goto out;
3060 	}
3061 	mtx_unlock(&sc->aac_io_lock);
3062 
3063 	/*
3064 	 * Copy the FIB and data back out to the caller.
3065 	 */
3066 	size = cm->cm_fib->Header.Size;
3067 	if (size > sizeof(struct aac_fib)) {
3068 		device_printf(sc->aac_dev, "outbound FIB oversized (%d > %zd)\n",
3069 			      size, sizeof(struct aac_fib));
3070 		size = sizeof(struct aac_fib);
3071 	}
3072 	error = copyout(cm->cm_fib, ufib, size);
3073 	mtx_lock(&sc->aac_io_lock);
3074 
3075 out:
3076 	if (cm != NULL) {
3077 		aac_release_command(cm);
3078 	}
3079 
3080 	mtx_unlock(&sc->aac_io_lock);
3081 	return(error);
3082 }
3083 
3084 /*
3085  * Handle an AIF sent to us by the controller; queue it for later reference.
3086  * If the queue fills up, then drop the older entries.
3087  */
3088 static void
3089 aac_handle_aif(struct aac_softc *sc, struct aac_fib *fib)
3090 {
3091 	struct aac_aif_command *aif;
3092 	struct aac_container *co, *co_next;
3093 	struct aac_mntinfo *mi;
3094 	struct aac_mntinforesp *mir = NULL;
3095 	u_int16_t rsize;
3096 	int next, found;
3097 	int count = 0, added = 0, i = 0;
3098 
3099 	debug_called(2);
3100 
3101 	aif = (struct aac_aif_command*)&fib->data[0];
3102 	aac_print_aif(sc, aif);
3103 
3104 	/* Is it an event that we should care about? */
3105 	switch (aif->command) {
3106 	case AifCmdEventNotify:
3107 		switch (aif->data.EN.type) {
3108 		case AifEnAddContainer:
3109 		case AifEnDeleteContainer:
3110 			/*
3111 			 * A container was added or deleted, but the message
3112 			 * doesn't tell us anything else!  Re-enumerate the
3113 			 * containers and sort things out.
3114 			 */
3115 			aac_alloc_sync_fib(sc, &fib);
3116 			mi = (struct aac_mntinfo *)&fib->data[0];
3117 			do {
3118 				/*
3119 				 * Ask the controller for its containers one at
3120 				 * a time.
3121 				 * XXX What if the controller's list changes
3122 				 * midway through this enumaration?
3123 				 * XXX This should be done async.
3124 				 */
3125 				bzero(mi, sizeof(struct aac_mntinfo));
3126 				mi->Command = VM_NameServe;
3127 				mi->MntType = FT_FILESYS;
3128 				mi->MntCount = i;
3129 				rsize = sizeof(mir);
3130 				if (aac_sync_fib(sc, ContainerCommand, 0, fib,
3131 						 sizeof(struct aac_mntinfo))) {
3132 					printf("Error probing container %d\n",
3133 					      i);
3134 					continue;
3135 				}
3136 				mir = (struct aac_mntinforesp *)&fib->data[0];
3137 				/* XXX Need to check if count changed */
3138 				count = mir->MntRespCount;
3139 				/*
3140 				 * Check the container against our list.
3141 				 * co->co_found was already set to 0 in a
3142 				 * previous run.
3143 				 */
3144 				if ((mir->Status == ST_OK) &&
3145 				    (mir->MntTable[0].VolType != CT_NONE)) {
3146 					found = 0;
3147 					TAILQ_FOREACH(co,
3148 						      &sc->aac_container_tqh,
3149 						      co_link) {
3150 						if (co->co_mntobj.ObjectId ==
3151 						    mir->MntTable[0].ObjectId) {
3152 							co->co_found = 1;
3153 							found = 1;
3154 							break;
3155 						}
3156 					}
3157 					/*
3158 					 * If the container matched, continue
3159 					 * in the list.
3160 					 */
3161 					if (found) {
3162 						i++;
3163 						continue;
3164 					}
3165 
3166 					/*
3167 					 * This is a new container.  Do all the
3168 					 * appropriate things to set it up.
3169 					 */
3170 					aac_add_container(sc, mir, 1);
3171 					added = 1;
3172 				}
3173 				i++;
3174 			} while ((i < count) && (i < AAC_MAX_CONTAINERS));
3175 			aac_release_sync_fib(sc);
3176 
3177 			/*
3178 			 * Go through our list of containers and see which ones
3179 			 * were not marked 'found'.  Since the controller didn't
3180 			 * list them they must have been deleted.  Do the
3181 			 * appropriate steps to destroy the device.  Also reset
3182 			 * the co->co_found field.
3183 			 */
3184 			co = TAILQ_FIRST(&sc->aac_container_tqh);
3185 			while (co != NULL) {
3186 				if (co->co_found == 0) {
3187 					mtx_unlock(&sc->aac_io_lock);
3188 					mtx_lock(&Giant);
3189 					device_delete_child(sc->aac_dev,
3190 							    co->co_disk);
3191 					mtx_unlock(&Giant);
3192 					mtx_lock(&sc->aac_io_lock);
3193 					co_next = TAILQ_NEXT(co, co_link);
3194 					mtx_lock(&sc->aac_container_lock);
3195 					TAILQ_REMOVE(&sc->aac_container_tqh, co,
3196 						     co_link);
3197 					mtx_unlock(&sc->aac_container_lock);
3198 					free(co, M_AACBUF);
3199 					co = co_next;
3200 				} else {
3201 					co->co_found = 0;
3202 					co = TAILQ_NEXT(co, co_link);
3203 				}
3204 			}
3205 
3206 			/* Attach the newly created containers */
3207 			if (added) {
3208 				mtx_unlock(&sc->aac_io_lock);
3209 				mtx_lock(&Giant);
3210 				bus_generic_attach(sc->aac_dev);
3211 				mtx_unlock(&Giant);
3212 				mtx_lock(&sc->aac_io_lock);
3213 			}
3214 
3215 			break;
3216 
3217 		default:
3218 			break;
3219 		}
3220 
3221 	default:
3222 		break;
3223 	}
3224 
3225 	/* Copy the AIF data to the AIF queue for ioctl retrieval */
3226 	mtx_lock(&sc->aac_aifq_lock);
3227 	next = (sc->aac_aifq_head + 1) % AAC_AIFQ_LENGTH;
3228 	if (next != sc->aac_aifq_tail) {
3229 		bcopy(aif, &sc->aac_aifq[next], sizeof(struct aac_aif_command));
3230 		sc->aac_aifq_head = next;
3231 
3232 		/* On the off chance that someone is sleeping for an aif... */
3233 		if (sc->aac_state & AAC_STATE_AIF_SLEEPER)
3234 			wakeup(sc->aac_aifq);
3235 		/* Wakeup any poll()ers */
3236 		selwakeuppri(&sc->rcv_select, PRIBIO);
3237 	}
3238 	mtx_unlock(&sc->aac_aifq_lock);
3239 
3240 	return;
3241 }
3242 
3243 /*
3244  * Return the Revision of the driver to userspace and check to see if the
3245  * userspace app is possibly compatible.  This is extremely bogus since
3246  * our driver doesn't follow Adaptec's versioning system.  Cheat by just
3247  * returning what the card reported.
3248  */
3249 static int
3250 aac_rev_check(struct aac_softc *sc, caddr_t udata)
3251 {
3252 	struct aac_rev_check rev_check;
3253 	struct aac_rev_check_resp rev_check_resp;
3254 	int error = 0;
3255 
3256 	debug_called(2);
3257 
3258 	/*
3259 	 * Copyin the revision struct from userspace
3260 	 */
3261 	if ((error = copyin(udata, (caddr_t)&rev_check,
3262 			sizeof(struct aac_rev_check))) != 0) {
3263 		return error;
3264 	}
3265 
3266 	debug(2, "Userland revision= %d\n",
3267 	      rev_check.callingRevision.buildNumber);
3268 
3269 	/*
3270 	 * Doctor up the response struct.
3271 	 */
3272 	rev_check_resp.possiblyCompatible = 1;
3273 	rev_check_resp.adapterSWRevision.external.ul =
3274 	    sc->aac_revision.external.ul;
3275 	rev_check_resp.adapterSWRevision.buildNumber =
3276 	    sc->aac_revision.buildNumber;
3277 
3278 	return(copyout((caddr_t)&rev_check_resp, udata,
3279 			sizeof(struct aac_rev_check_resp)));
3280 }
3281 
3282 /*
3283  * Pass the caller the next AIF in their queue
3284  */
3285 static int
3286 aac_getnext_aif(struct aac_softc *sc, caddr_t arg)
3287 {
3288 	struct get_adapter_fib_ioctl agf;
3289 	int error;
3290 
3291 	debug_called(2);
3292 
3293 	if ((error = copyin(arg, &agf, sizeof(agf))) == 0) {
3294 
3295 		/*
3296 		 * Check the magic number that we gave the caller.
3297 		 */
3298 		if (agf.AdapterFibContext != (int)(uintptr_t)sc->aifthread) {
3299 			error = EFAULT;
3300 		} else {
3301 			error = aac_return_aif(sc, agf.AifFib);
3302 			if ((error == EAGAIN) && (agf.Wait)) {
3303 				sc->aac_state |= AAC_STATE_AIF_SLEEPER;
3304 				while (error == EAGAIN) {
3305 					error = tsleep(sc->aac_aifq, PRIBIO |
3306 						       PCATCH, "aacaif", 0);
3307 					if (error == 0)
3308 						error = aac_return_aif(sc,
3309 						    agf.AifFib);
3310 				}
3311 				sc->aac_state &= ~AAC_STATE_AIF_SLEEPER;
3312 			}
3313 		}
3314 	}
3315 	return(error);
3316 }
3317 
3318 /*
3319  * Hand the next AIF off the top of the queue out to userspace.
3320  */
3321 static int
3322 aac_return_aif(struct aac_softc *sc, caddr_t uptr)
3323 {
3324 	int next, error;
3325 
3326 	debug_called(2);
3327 
3328 	mtx_lock(&sc->aac_aifq_lock);
3329 	if (sc->aac_aifq_tail == sc->aac_aifq_head) {
3330 		mtx_unlock(&sc->aac_aifq_lock);
3331 		return (EAGAIN);
3332 	}
3333 
3334 	next = (sc->aac_aifq_tail + 1) % AAC_AIFQ_LENGTH;
3335 	error = copyout(&sc->aac_aifq[next], uptr,
3336 			sizeof(struct aac_aif_command));
3337 	if (error)
3338 		device_printf(sc->aac_dev,
3339 		    "aac_return_aif: copyout returned %d\n", error);
3340 	else
3341 		sc->aac_aifq_tail = next;
3342 
3343 	mtx_unlock(&sc->aac_aifq_lock);
3344 	return(error);
3345 }
3346 
3347 static int
3348 aac_get_pci_info(struct aac_softc *sc, caddr_t uptr)
3349 {
3350 	struct aac_pci_info {
3351 		u_int32_t bus;
3352 		u_int32_t slot;
3353 	} pciinf;
3354 	int error;
3355 
3356 	debug_called(2);
3357 
3358 	pciinf.bus = pci_get_bus(sc->aac_dev);
3359 	pciinf.slot = pci_get_slot(sc->aac_dev);
3360 
3361 	error = copyout((caddr_t)&pciinf, uptr,
3362 			sizeof(struct aac_pci_info));
3363 
3364 	return (error);
3365 }
3366 
3367 /*
3368  * Give the userland some information about the container.  The AAC arch
3369  * expects the driver to be a SCSI passthrough type driver, so it expects
3370  * the containers to have b:t:l numbers.  Fake it.
3371  */
3372 static int
3373 aac_query_disk(struct aac_softc *sc, caddr_t uptr)
3374 {
3375 	struct aac_query_disk query_disk;
3376 	struct aac_container *co;
3377 	struct aac_disk	*disk;
3378 	int error, id;
3379 
3380 	debug_called(2);
3381 
3382 	disk = NULL;
3383 
3384 	error = copyin(uptr, (caddr_t)&query_disk,
3385 		       sizeof(struct aac_query_disk));
3386 	if (error)
3387 		return (error);
3388 
3389 	id = query_disk.ContainerNumber;
3390 	if (id == -1)
3391 		return (EINVAL);
3392 
3393 	mtx_lock(&sc->aac_container_lock);
3394 	TAILQ_FOREACH(co, &sc->aac_container_tqh, co_link) {
3395 		if (co->co_mntobj.ObjectId == id)
3396 			break;
3397 		}
3398 
3399 	if (co == NULL) {
3400 			query_disk.Valid = 0;
3401 			query_disk.Locked = 0;
3402 			query_disk.Deleted = 1;		/* XXX is this right? */
3403 	} else {
3404 		disk = device_get_softc(co->co_disk);
3405 		query_disk.Valid = 1;
3406 		query_disk.Locked =
3407 		    (disk->ad_flags & AAC_DISK_OPEN) ? 1 : 0;
3408 		query_disk.Deleted = 0;
3409 		query_disk.Bus = device_get_unit(sc->aac_dev);
3410 		query_disk.Target = disk->unit;
3411 		query_disk.Lun = 0;
3412 		query_disk.UnMapped = 0;
3413 		sprintf(&query_disk.diskDeviceName[0], "%s%d",
3414 		        disk->ad_disk->d_name, disk->ad_disk->d_unit);
3415 	}
3416 	mtx_unlock(&sc->aac_container_lock);
3417 
3418 	error = copyout((caddr_t)&query_disk, uptr,
3419 			sizeof(struct aac_query_disk));
3420 
3421 	return (error);
3422 }
3423 
3424 static void
3425 aac_get_bus_info(struct aac_softc *sc)
3426 {
3427 	struct aac_fib *fib;
3428 	struct aac_ctcfg *c_cmd;
3429 	struct aac_ctcfg_resp *c_resp;
3430 	struct aac_vmioctl *vmi;
3431 	struct aac_vmi_businf_resp *vmi_resp;
3432 	struct aac_getbusinf businfo;
3433 	struct aac_sim *caminf;
3434 	device_t child;
3435 	int i, found, error;
3436 
3437 	mtx_lock(&sc->aac_io_lock);
3438 	aac_alloc_sync_fib(sc, &fib);
3439 	c_cmd = (struct aac_ctcfg *)&fib->data[0];
3440 	bzero(c_cmd, sizeof(struct aac_ctcfg));
3441 
3442 	c_cmd->Command = VM_ContainerConfig;
3443 	c_cmd->cmd = CT_GET_SCSI_METHOD;
3444 	c_cmd->param = 0;
3445 
3446 	error = aac_sync_fib(sc, ContainerCommand, 0, fib,
3447 	    sizeof(struct aac_ctcfg));
3448 	if (error) {
3449 		device_printf(sc->aac_dev, "Error %d sending "
3450 		    "VM_ContainerConfig command\n", error);
3451 		aac_release_sync_fib(sc);
3452 		mtx_unlock(&sc->aac_io_lock);
3453 		return;
3454 	}
3455 
3456 	c_resp = (struct aac_ctcfg_resp *)&fib->data[0];
3457 	if (c_resp->Status != ST_OK) {
3458 		device_printf(sc->aac_dev, "VM_ContainerConfig returned 0x%x\n",
3459 		    c_resp->Status);
3460 		aac_release_sync_fib(sc);
3461 		mtx_unlock(&sc->aac_io_lock);
3462 		return;
3463 	}
3464 
3465 	sc->scsi_method_id = c_resp->param;
3466 
3467 	vmi = (struct aac_vmioctl *)&fib->data[0];
3468 	bzero(vmi, sizeof(struct aac_vmioctl));
3469 
3470 	vmi->Command = VM_Ioctl;
3471 	vmi->ObjType = FT_DRIVE;
3472 	vmi->MethId = sc->scsi_method_id;
3473 	vmi->ObjId = 0;
3474 	vmi->IoctlCmd = GetBusInfo;
3475 
3476 	error = aac_sync_fib(sc, ContainerCommand, 0, fib,
3477 	    sizeof(struct aac_vmioctl));
3478 	if (error) {
3479 		device_printf(sc->aac_dev, "Error %d sending VMIoctl command\n",
3480 		    error);
3481 		aac_release_sync_fib(sc);
3482 		mtx_unlock(&sc->aac_io_lock);
3483 		return;
3484 	}
3485 
3486 	vmi_resp = (struct aac_vmi_businf_resp *)&fib->data[0];
3487 	if (vmi_resp->Status != ST_OK) {
3488 		device_printf(sc->aac_dev, "VM_Ioctl returned %d\n",
3489 		    vmi_resp->Status);
3490 		aac_release_sync_fib(sc);
3491 		mtx_unlock(&sc->aac_io_lock);
3492 		return;
3493 	}
3494 
3495 	bcopy(&vmi_resp->BusInf, &businfo, sizeof(struct aac_getbusinf));
3496 	aac_release_sync_fib(sc);
3497 	mtx_unlock(&sc->aac_io_lock);
3498 
3499 	found = 0;
3500 	for (i = 0; i < businfo.BusCount; i++) {
3501 		if (businfo.BusValid[i] != AAC_BUS_VALID)
3502 			continue;
3503 
3504 		caminf = (struct aac_sim *)malloc( sizeof(struct aac_sim),
3505 		    M_AACBUF, M_NOWAIT | M_ZERO);
3506 		if (caminf == NULL) {
3507 			device_printf(sc->aac_dev,
3508 			    "No memory to add passthrough bus %d\n", i);
3509 			break;
3510 		};
3511 
3512 		child = device_add_child(sc->aac_dev, "aacp", -1);
3513 		if (child == NULL) {
3514 			device_printf(sc->aac_dev,
3515 			    "device_add_child failed for passthrough bus %d\n",
3516 			    i);
3517 			free(caminf, M_AACBUF);
3518 			break;
3519 		}
3520 
3521 		caminf->TargetsPerBus = businfo.TargetsPerBus;
3522 		caminf->BusNumber = i;
3523 		caminf->InitiatorBusId = businfo.InitiatorBusId[i];
3524 		caminf->aac_sc = sc;
3525 		caminf->sim_dev = child;
3526 
3527 		device_set_ivars(child, caminf);
3528 		device_set_desc(child, "SCSI Passthrough Bus");
3529 		TAILQ_INSERT_TAIL(&sc->aac_sim_tqh, caminf, sim_link);
3530 
3531 		found = 1;
3532 	}
3533 
3534 	if (found)
3535 		bus_generic_attach(sc->aac_dev);
3536 
3537 	return;
3538 }
3539