xref: /freebsd/sys/dev/aac/aac.c (revision 6f63e88c0166ed3e5f2805a9e667c7d24d304cf1)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2000 Michael Smith
5  * Copyright (c) 2001 Scott Long
6  * Copyright (c) 2000 BSDi
7  * Copyright (c) 2001 Adaptec, Inc.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 /*
36  * Driver for the Adaptec 'FSA' family of PCI/SCSI RAID adapters.
37  */
38 #define AAC_DRIVERNAME			"aac"
39 
40 #include "opt_aac.h"
41 
42 /* #include <stddef.h> */
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/malloc.h>
46 #include <sys/kernel.h>
47 #include <sys/kthread.h>
48 #include <sys/proc.h>
49 #include <sys/sysctl.h>
50 #include <sys/sysent.h>
51 #include <sys/poll.h>
52 #include <sys/ioccom.h>
53 
54 #include <sys/bus.h>
55 #include <sys/conf.h>
56 #include <sys/signalvar.h>
57 #include <sys/time.h>
58 #include <sys/eventhandler.h>
59 #include <sys/rman.h>
60 
61 #include <machine/bus.h>
62 #include <machine/resource.h>
63 
64 #include <dev/pci/pcireg.h>
65 #include <dev/pci/pcivar.h>
66 
67 #include <dev/aac/aacreg.h>
68 #include <sys/aac_ioctl.h>
69 #include <dev/aac/aacvar.h>
70 #include <dev/aac/aac_tables.h>
71 
72 static void	aac_startup(void *arg);
73 static void	aac_add_container(struct aac_softc *sc,
74 				  struct aac_mntinforesp *mir, int f);
75 static void	aac_get_bus_info(struct aac_softc *sc);
76 static void	aac_daemon(void *arg);
77 
78 /* Command Processing */
79 static void	aac_timeout(struct aac_softc *sc);
80 static void	aac_complete(void *context, int pending);
81 static int	aac_bio_command(struct aac_softc *sc, struct aac_command **cmp);
82 static void	aac_bio_complete(struct aac_command *cm);
83 static int	aac_wait_command(struct aac_command *cm);
84 static void	aac_command_thread(struct aac_softc *sc);
85 
86 /* Command Buffer Management */
87 static void	aac_map_command_sg(void *arg, bus_dma_segment_t *segs,
88 				   int nseg, int error);
89 static void	aac_map_command_helper(void *arg, bus_dma_segment_t *segs,
90 				       int nseg, int error);
91 static int	aac_alloc_commands(struct aac_softc *sc);
92 static void	aac_free_commands(struct aac_softc *sc);
93 static void	aac_unmap_command(struct aac_command *cm);
94 
95 /* Hardware Interface */
96 static int	aac_alloc(struct aac_softc *sc);
97 static void	aac_common_map(void *arg, bus_dma_segment_t *segs, int nseg,
98 			       int error);
99 static int	aac_check_firmware(struct aac_softc *sc);
100 static int	aac_init(struct aac_softc *sc);
101 static int	aac_sync_command(struct aac_softc *sc, u_int32_t command,
102 				 u_int32_t arg0, u_int32_t arg1, u_int32_t arg2,
103 				 u_int32_t arg3, u_int32_t *sp);
104 static int	aac_setup_intr(struct aac_softc *sc);
105 static int	aac_enqueue_fib(struct aac_softc *sc, int queue,
106 				struct aac_command *cm);
107 static int	aac_dequeue_fib(struct aac_softc *sc, int queue,
108 				u_int32_t *fib_size, struct aac_fib **fib_addr);
109 static int	aac_enqueue_response(struct aac_softc *sc, int queue,
110 				     struct aac_fib *fib);
111 
112 /* StrongARM interface */
113 static int	aac_sa_get_fwstatus(struct aac_softc *sc);
114 static void	aac_sa_qnotify(struct aac_softc *sc, int qbit);
115 static int	aac_sa_get_istatus(struct aac_softc *sc);
116 static void	aac_sa_clear_istatus(struct aac_softc *sc, int mask);
117 static void	aac_sa_set_mailbox(struct aac_softc *sc, u_int32_t command,
118 				   u_int32_t arg0, u_int32_t arg1,
119 				   u_int32_t arg2, u_int32_t arg3);
120 static int	aac_sa_get_mailbox(struct aac_softc *sc, int mb);
121 static void	aac_sa_set_interrupts(struct aac_softc *sc, int enable);
122 
123 const struct aac_interface aac_sa_interface = {
124 	aac_sa_get_fwstatus,
125 	aac_sa_qnotify,
126 	aac_sa_get_istatus,
127 	aac_sa_clear_istatus,
128 	aac_sa_set_mailbox,
129 	aac_sa_get_mailbox,
130 	aac_sa_set_interrupts,
131 	NULL, NULL, NULL
132 };
133 
134 /* i960Rx interface */
135 static int	aac_rx_get_fwstatus(struct aac_softc *sc);
136 static void	aac_rx_qnotify(struct aac_softc *sc, int qbit);
137 static int	aac_rx_get_istatus(struct aac_softc *sc);
138 static void	aac_rx_clear_istatus(struct aac_softc *sc, int mask);
139 static void	aac_rx_set_mailbox(struct aac_softc *sc, u_int32_t command,
140 				   u_int32_t arg0, u_int32_t arg1,
141 				   u_int32_t arg2, u_int32_t arg3);
142 static int	aac_rx_get_mailbox(struct aac_softc *sc, int mb);
143 static void	aac_rx_set_interrupts(struct aac_softc *sc, int enable);
144 static int aac_rx_send_command(struct aac_softc *sc, struct aac_command *cm);
145 static int aac_rx_get_outb_queue(struct aac_softc *sc);
146 static void aac_rx_set_outb_queue(struct aac_softc *sc, int index);
147 
148 const struct aac_interface aac_rx_interface = {
149 	aac_rx_get_fwstatus,
150 	aac_rx_qnotify,
151 	aac_rx_get_istatus,
152 	aac_rx_clear_istatus,
153 	aac_rx_set_mailbox,
154 	aac_rx_get_mailbox,
155 	aac_rx_set_interrupts,
156 	aac_rx_send_command,
157 	aac_rx_get_outb_queue,
158 	aac_rx_set_outb_queue
159 };
160 
161 /* Rocket/MIPS interface */
162 static int	aac_rkt_get_fwstatus(struct aac_softc *sc);
163 static void	aac_rkt_qnotify(struct aac_softc *sc, int qbit);
164 static int	aac_rkt_get_istatus(struct aac_softc *sc);
165 static void	aac_rkt_clear_istatus(struct aac_softc *sc, int mask);
166 static void	aac_rkt_set_mailbox(struct aac_softc *sc, u_int32_t command,
167 				    u_int32_t arg0, u_int32_t arg1,
168 				    u_int32_t arg2, u_int32_t arg3);
169 static int	aac_rkt_get_mailbox(struct aac_softc *sc, int mb);
170 static void	aac_rkt_set_interrupts(struct aac_softc *sc, int enable);
171 static int aac_rkt_send_command(struct aac_softc *sc, struct aac_command *cm);
172 static int aac_rkt_get_outb_queue(struct aac_softc *sc);
173 static void aac_rkt_set_outb_queue(struct aac_softc *sc, int index);
174 
175 const struct aac_interface aac_rkt_interface = {
176 	aac_rkt_get_fwstatus,
177 	aac_rkt_qnotify,
178 	aac_rkt_get_istatus,
179 	aac_rkt_clear_istatus,
180 	aac_rkt_set_mailbox,
181 	aac_rkt_get_mailbox,
182 	aac_rkt_set_interrupts,
183 	aac_rkt_send_command,
184 	aac_rkt_get_outb_queue,
185 	aac_rkt_set_outb_queue
186 };
187 
188 /* Debugging and Diagnostics */
189 static void		aac_describe_controller(struct aac_softc *sc);
190 static const char	*aac_describe_code(const struct aac_code_lookup *table,
191 				   u_int32_t code);
192 
193 /* Management Interface */
194 static d_open_t		aac_open;
195 static d_ioctl_t	aac_ioctl;
196 static d_poll_t		aac_poll;
197 static void		aac_cdevpriv_dtor(void *arg);
198 static int		aac_ioctl_sendfib(struct aac_softc *sc, caddr_t ufib);
199 static int		aac_ioctl_send_raw_srb(struct aac_softc *sc, caddr_t arg);
200 static void		aac_handle_aif(struct aac_softc *sc,
201 					   struct aac_fib *fib);
202 static int		aac_rev_check(struct aac_softc *sc, caddr_t udata);
203 static int		aac_open_aif(struct aac_softc *sc, caddr_t arg);
204 static int		aac_close_aif(struct aac_softc *sc, caddr_t arg);
205 static int		aac_getnext_aif(struct aac_softc *sc, caddr_t arg);
206 static int		aac_return_aif(struct aac_softc *sc,
207 					struct aac_fib_context *ctx, caddr_t uptr);
208 static int		aac_query_disk(struct aac_softc *sc, caddr_t uptr);
209 static int		aac_get_pci_info(struct aac_softc *sc, caddr_t uptr);
210 static int		aac_supported_features(struct aac_softc *sc, caddr_t uptr);
211 static void		aac_ioctl_event(struct aac_softc *sc,
212 					struct aac_event *event, void *arg);
213 static struct aac_mntinforesp *
214 	aac_get_container_info(struct aac_softc *sc, struct aac_fib *fib, int cid);
215 
216 static struct cdevsw aac_cdevsw = {
217 	.d_version =	D_VERSION,
218 	.d_flags =	0,
219 	.d_open =	aac_open,
220 	.d_ioctl =	aac_ioctl,
221 	.d_poll =	aac_poll,
222 	.d_name =	"aac",
223 };
224 
225 static MALLOC_DEFINE(M_AACBUF, "aacbuf", "Buffers for the AAC driver");
226 
227 /* sysctl node */
228 SYSCTL_NODE(_hw, OID_AUTO, aac, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
229     "AAC driver parameters");
230 
231 /*
232  * Device Interface
233  */
234 
235 /*
236  * Initialize the controller and softc
237  */
238 int
239 aac_attach(struct aac_softc *sc)
240 {
241 	int error, unit;
242 
243 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
244 
245 	/*
246 	 * Initialize per-controller queues.
247 	 */
248 	aac_initq_free(sc);
249 	aac_initq_ready(sc);
250 	aac_initq_busy(sc);
251 	aac_initq_bio(sc);
252 
253 	/*
254 	 * Initialize command-completion task.
255 	 */
256 	TASK_INIT(&sc->aac_task_complete, 0, aac_complete, sc);
257 
258 	/* mark controller as suspended until we get ourselves organised */
259 	sc->aac_state |= AAC_STATE_SUSPEND;
260 
261 	/*
262 	 * Check that the firmware on the card is supported.
263 	 */
264 	if ((error = aac_check_firmware(sc)) != 0)
265 		return(error);
266 
267 	/*
268 	 * Initialize locks
269 	 */
270 	mtx_init(&sc->aac_aifq_lock, "AAC AIF lock", NULL, MTX_DEF);
271 	mtx_init(&sc->aac_io_lock, "AAC I/O lock", NULL, MTX_DEF);
272 	mtx_init(&sc->aac_container_lock, "AAC container lock", NULL, MTX_DEF);
273 	TAILQ_INIT(&sc->aac_container_tqh);
274 	TAILQ_INIT(&sc->aac_ev_cmfree);
275 
276 	/* Initialize the clock daemon callout. */
277 	callout_init_mtx(&sc->aac_daemontime, &sc->aac_io_lock, 0);
278 
279 	/*
280 	 * Initialize the adapter.
281 	 */
282 	if ((error = aac_alloc(sc)) != 0)
283 		return(error);
284 	if ((error = aac_init(sc)) != 0)
285 		return(error);
286 
287 	/*
288 	 * Allocate and connect our interrupt.
289 	 */
290 	if ((error = aac_setup_intr(sc)) != 0)
291 		return(error);
292 
293 	/*
294 	 * Print a little information about the controller.
295 	 */
296 	aac_describe_controller(sc);
297 
298 	/*
299 	 * Add sysctls.
300 	 */
301 	SYSCTL_ADD_INT(device_get_sysctl_ctx(sc->aac_dev),
302 	    SYSCTL_CHILDREN(device_get_sysctl_tree(sc->aac_dev)),
303 	    OID_AUTO, "firmware_build", CTLFLAG_RD,
304 	    &sc->aac_revision.buildNumber, 0,
305 	    "firmware build number");
306 
307 	/*
308 	 * Register to probe our containers later.
309 	 */
310 	sc->aac_ich.ich_func = aac_startup;
311 	sc->aac_ich.ich_arg = sc;
312 	if (config_intrhook_establish(&sc->aac_ich) != 0) {
313 		device_printf(sc->aac_dev,
314 			      "can't establish configuration hook\n");
315 		return(ENXIO);
316 	}
317 
318 	/*
319 	 * Make the control device.
320 	 */
321 	unit = device_get_unit(sc->aac_dev);
322 	sc->aac_dev_t = make_dev(&aac_cdevsw, unit, UID_ROOT, GID_OPERATOR,
323 				 0640, "aac%d", unit);
324 	(void)make_dev_alias(sc->aac_dev_t, "afa%d", unit);
325 	(void)make_dev_alias(sc->aac_dev_t, "hpn%d", unit);
326 	sc->aac_dev_t->si_drv1 = sc;
327 
328 	/* Create the AIF thread */
329 	if (kproc_create((void(*)(void *))aac_command_thread, sc,
330 		   &sc->aifthread, 0, 0, "aac%daif", unit))
331 		panic("Could not create AIF thread");
332 
333 	/* Register the shutdown method to only be called post-dump */
334 	if ((sc->eh = EVENTHANDLER_REGISTER(shutdown_final, aac_shutdown,
335 	    sc->aac_dev, SHUTDOWN_PRI_DEFAULT)) == NULL)
336 		device_printf(sc->aac_dev,
337 			      "shutdown event registration failed\n");
338 
339 	/* Register with CAM for the non-DASD devices */
340 	if ((sc->flags & AAC_FLAGS_ENABLE_CAM) != 0) {
341 		TAILQ_INIT(&sc->aac_sim_tqh);
342 		aac_get_bus_info(sc);
343 	}
344 
345 	mtx_lock(&sc->aac_io_lock);
346 	callout_reset(&sc->aac_daemontime, 60 * hz, aac_daemon, sc);
347 	mtx_unlock(&sc->aac_io_lock);
348 
349 	return(0);
350 }
351 
352 static void
353 aac_daemon(void *arg)
354 {
355 	struct timeval tv;
356 	struct aac_softc *sc;
357 	struct aac_fib *fib;
358 
359 	sc = arg;
360 	mtx_assert(&sc->aac_io_lock, MA_OWNED);
361 
362 	if (callout_pending(&sc->aac_daemontime) ||
363 	    callout_active(&sc->aac_daemontime) == 0)
364 		return;
365 	getmicrotime(&tv);
366 	aac_alloc_sync_fib(sc, &fib);
367 	*(uint32_t *)fib->data = tv.tv_sec;
368 	aac_sync_fib(sc, SendHostTime, 0, fib, sizeof(uint32_t));
369 	aac_release_sync_fib(sc);
370 	callout_schedule(&sc->aac_daemontime, 30 * 60 * hz);
371 }
372 
373 void
374 aac_add_event(struct aac_softc *sc, struct aac_event *event)
375 {
376 
377 	switch (event->ev_type & AAC_EVENT_MASK) {
378 	case AAC_EVENT_CMFREE:
379 		TAILQ_INSERT_TAIL(&sc->aac_ev_cmfree, event, ev_links);
380 		break;
381 	default:
382 		device_printf(sc->aac_dev, "aac_add event: unknown event %d\n",
383 		    event->ev_type);
384 		break;
385 	}
386 }
387 
388 /*
389  * Request information of container #cid
390  */
391 static struct aac_mntinforesp *
392 aac_get_container_info(struct aac_softc *sc, struct aac_fib *fib, int cid)
393 {
394 	struct aac_mntinfo *mi;
395 
396 	mi = (struct aac_mntinfo *)&fib->data[0];
397 	/* use 64-bit LBA if enabled */
398 	mi->Command = (sc->flags & AAC_FLAGS_LBA_64BIT) ?
399 	    VM_NameServe64 : VM_NameServe;
400 	mi->MntType = FT_FILESYS;
401 	mi->MntCount = cid;
402 
403 	if (aac_sync_fib(sc, ContainerCommand, 0, fib,
404 			 sizeof(struct aac_mntinfo))) {
405 		device_printf(sc->aac_dev, "Error probing container %d\n", cid);
406 		return (NULL);
407 	}
408 
409 	return ((struct aac_mntinforesp *)&fib->data[0]);
410 }
411 
412 /*
413  * Probe for containers, create disks.
414  */
415 static void
416 aac_startup(void *arg)
417 {
418 	struct aac_softc *sc;
419 	struct aac_fib *fib;
420 	struct aac_mntinforesp *mir;
421 	int count = 0, i = 0;
422 
423 	sc = (struct aac_softc *)arg;
424 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
425 
426 	mtx_lock(&sc->aac_io_lock);
427 	aac_alloc_sync_fib(sc, &fib);
428 
429 	/* loop over possible containers */
430 	do {
431 		if ((mir = aac_get_container_info(sc, fib, i)) == NULL)
432 			continue;
433 		if (i == 0)
434 			count = mir->MntRespCount;
435 		aac_add_container(sc, mir, 0);
436 		i++;
437 	} while ((i < count) && (i < AAC_MAX_CONTAINERS));
438 
439 	aac_release_sync_fib(sc);
440 	mtx_unlock(&sc->aac_io_lock);
441 
442 	/* mark the controller up */
443 	sc->aac_state &= ~AAC_STATE_SUSPEND;
444 
445 	/* poke the bus to actually attach the child devices */
446 	if (bus_generic_attach(sc->aac_dev))
447 		device_printf(sc->aac_dev, "bus_generic_attach failed\n");
448 
449 	/* disconnect ourselves from the intrhook chain */
450 	config_intrhook_disestablish(&sc->aac_ich);
451 
452 	/* enable interrupts now */
453 	AAC_UNMASK_INTERRUPTS(sc);
454 }
455 
456 /*
457  * Create a device to represent a new container
458  */
459 static void
460 aac_add_container(struct aac_softc *sc, struct aac_mntinforesp *mir, int f)
461 {
462 	struct aac_container *co;
463 	device_t child;
464 
465 	/*
466 	 * Check container volume type for validity.  Note that many of
467 	 * the possible types may never show up.
468 	 */
469 	if ((mir->Status == ST_OK) && (mir->MntTable[0].VolType != CT_NONE)) {
470 		co = (struct aac_container *)malloc(sizeof *co, M_AACBUF,
471 		       M_NOWAIT | M_ZERO);
472 		if (co == NULL)
473 			panic("Out of memory?!");
474 		fwprintf(sc, HBA_FLAGS_DBG_INIT_B, "id %x  name '%.16s'  size %u  type %d",
475 		      mir->MntTable[0].ObjectId,
476 		      mir->MntTable[0].FileSystemName,
477 		      mir->MntTable[0].Capacity, mir->MntTable[0].VolType);
478 
479 		if ((child = device_add_child(sc->aac_dev, "aacd", -1)) == NULL)
480 			device_printf(sc->aac_dev, "device_add_child failed\n");
481 		else
482 			device_set_ivars(child, co);
483 		device_set_desc(child, aac_describe_code(aac_container_types,
484 				mir->MntTable[0].VolType));
485 		co->co_disk = child;
486 		co->co_found = f;
487 		bcopy(&mir->MntTable[0], &co->co_mntobj,
488 		      sizeof(struct aac_mntobj));
489 		mtx_lock(&sc->aac_container_lock);
490 		TAILQ_INSERT_TAIL(&sc->aac_container_tqh, co, co_link);
491 		mtx_unlock(&sc->aac_container_lock);
492 	}
493 }
494 
495 /*
496  * Allocate resources associated with (sc)
497  */
498 static int
499 aac_alloc(struct aac_softc *sc)
500 {
501 
502 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
503 
504 	/*
505 	 * Create DMA tag for mapping buffers into controller-addressable space.
506 	 */
507 	if (bus_dma_tag_create(sc->aac_parent_dmat, 	/* parent */
508 			       1, 0, 			/* algnmnt, boundary */
509 			       (sc->flags & AAC_FLAGS_SG_64BIT) ?
510 			       BUS_SPACE_MAXADDR :
511 			       BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
512 			       BUS_SPACE_MAXADDR, 	/* highaddr */
513 			       NULL, NULL, 		/* filter, filterarg */
514 			       sc->aac_max_sectors << 9, /* maxsize */
515 			       sc->aac_sg_tablesize,	/* nsegments */
516 			       BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
517 			       BUS_DMA_ALLOCNOW,	/* flags */
518 			       busdma_lock_mutex,	/* lockfunc */
519 			       &sc->aac_io_lock,	/* lockfuncarg */
520 			       &sc->aac_buffer_dmat)) {
521 		device_printf(sc->aac_dev, "can't allocate buffer DMA tag\n");
522 		return (ENOMEM);
523 	}
524 
525 	/*
526 	 * Create DMA tag for mapping FIBs into controller-addressable space..
527 	 */
528 	if (bus_dma_tag_create(sc->aac_parent_dmat,	/* parent */
529 			       1, 0, 			/* algnmnt, boundary */
530 			       (sc->flags & AAC_FLAGS_4GB_WINDOW) ?
531 			       BUS_SPACE_MAXADDR_32BIT :
532 			       0x7fffffff,		/* lowaddr */
533 			       BUS_SPACE_MAXADDR, 	/* highaddr */
534 			       NULL, NULL, 		/* filter, filterarg */
535 			       sc->aac_max_fibs_alloc *
536 			       sc->aac_max_fib_size,  /* maxsize */
537 			       1,			/* nsegments */
538 			       sc->aac_max_fibs_alloc *
539 			       sc->aac_max_fib_size,	/* maxsize */
540 			       0,			/* flags */
541 			       NULL, NULL,		/* No locking needed */
542 			       &sc->aac_fib_dmat)) {
543 		device_printf(sc->aac_dev, "can't allocate FIB DMA tag\n");
544 		return (ENOMEM);
545 	}
546 
547 	/*
548 	 * Create DMA tag for the common structure and allocate it.
549 	 */
550 	if (bus_dma_tag_create(sc->aac_parent_dmat, 	/* parent */
551 			       1, 0,			/* algnmnt, boundary */
552 			       (sc->flags & AAC_FLAGS_4GB_WINDOW) ?
553 			       BUS_SPACE_MAXADDR_32BIT :
554 			       0x7fffffff,		/* lowaddr */
555 			       BUS_SPACE_MAXADDR, 	/* highaddr */
556 			       NULL, NULL, 		/* filter, filterarg */
557 			       8192 + sizeof(struct aac_common), /* maxsize */
558 			       1,			/* nsegments */
559 			       BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
560 			       0,			/* flags */
561 			       NULL, NULL,		/* No locking needed */
562 			       &sc->aac_common_dmat)) {
563 		device_printf(sc->aac_dev,
564 			      "can't allocate common structure DMA tag\n");
565 		return (ENOMEM);
566 	}
567 	if (bus_dmamem_alloc(sc->aac_common_dmat, (void **)&sc->aac_common,
568 			     BUS_DMA_NOWAIT, &sc->aac_common_dmamap)) {
569 		device_printf(sc->aac_dev, "can't allocate common structure\n");
570 		return (ENOMEM);
571 	}
572 
573 	/*
574 	 * Work around a bug in the 2120 and 2200 that cannot DMA commands
575 	 * below address 8192 in physical memory.
576 	 * XXX If the padding is not needed, can it be put to use instead
577 	 * of ignored?
578 	 */
579 	(void)bus_dmamap_load(sc->aac_common_dmat, sc->aac_common_dmamap,
580 			sc->aac_common, 8192 + sizeof(*sc->aac_common),
581 			aac_common_map, sc, 0);
582 
583 	if (sc->aac_common_busaddr < 8192) {
584 		sc->aac_common = (struct aac_common *)
585 		    ((uint8_t *)sc->aac_common + 8192);
586 		sc->aac_common_busaddr += 8192;
587 	}
588 	bzero(sc->aac_common, sizeof(*sc->aac_common));
589 
590 	/* Allocate some FIBs and associated command structs */
591 	TAILQ_INIT(&sc->aac_fibmap_tqh);
592 	sc->aac_commands = malloc(sc->aac_max_fibs * sizeof(struct aac_command),
593 				  M_AACBUF, M_WAITOK|M_ZERO);
594 	while (sc->total_fibs < sc->aac_max_fibs) {
595 		if (aac_alloc_commands(sc) != 0)
596 			break;
597 	}
598 	if (sc->total_fibs == 0)
599 		return (ENOMEM);
600 
601 	return (0);
602 }
603 
604 /*
605  * Free all of the resources associated with (sc)
606  *
607  * Should not be called if the controller is active.
608  */
609 void
610 aac_free(struct aac_softc *sc)
611 {
612 
613 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
614 
615 	/* remove the control device */
616 	if (sc->aac_dev_t != NULL)
617 		destroy_dev(sc->aac_dev_t);
618 
619 	/* throw away any FIB buffers, discard the FIB DMA tag */
620 	aac_free_commands(sc);
621 	if (sc->aac_fib_dmat)
622 		bus_dma_tag_destroy(sc->aac_fib_dmat);
623 
624 	free(sc->aac_commands, M_AACBUF);
625 
626 	/* destroy the common area */
627 	if (sc->aac_common) {
628 		bus_dmamap_unload(sc->aac_common_dmat, sc->aac_common_dmamap);
629 		bus_dmamem_free(sc->aac_common_dmat, sc->aac_common,
630 				sc->aac_common_dmamap);
631 	}
632 	if (sc->aac_common_dmat)
633 		bus_dma_tag_destroy(sc->aac_common_dmat);
634 
635 	/* disconnect the interrupt handler */
636 	if (sc->aac_intr)
637 		bus_teardown_intr(sc->aac_dev, sc->aac_irq, sc->aac_intr);
638 	if (sc->aac_irq != NULL) {
639 		bus_release_resource(sc->aac_dev, SYS_RES_IRQ,
640 		    rman_get_rid(sc->aac_irq), sc->aac_irq);
641 		pci_release_msi(sc->aac_dev);
642 	}
643 
644 	/* destroy data-transfer DMA tag */
645 	if (sc->aac_buffer_dmat)
646 		bus_dma_tag_destroy(sc->aac_buffer_dmat);
647 
648 	/* destroy the parent DMA tag */
649 	if (sc->aac_parent_dmat)
650 		bus_dma_tag_destroy(sc->aac_parent_dmat);
651 
652 	/* release the register window mapping */
653 	if (sc->aac_regs_res0 != NULL)
654 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY,
655 		    rman_get_rid(sc->aac_regs_res0), sc->aac_regs_res0);
656 	if (sc->aac_hwif == AAC_HWIF_NARK && sc->aac_regs_res1 != NULL)
657 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY,
658 		    rman_get_rid(sc->aac_regs_res1), sc->aac_regs_res1);
659 }
660 
661 /*
662  * Disconnect from the controller completely, in preparation for unload.
663  */
664 int
665 aac_detach(device_t dev)
666 {
667 	struct aac_softc *sc;
668 	struct aac_container *co;
669 	struct aac_sim	*sim;
670 	int error;
671 
672 	sc = device_get_softc(dev);
673 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
674 
675 	callout_drain(&sc->aac_daemontime);
676 
677 	mtx_lock(&sc->aac_io_lock);
678 	while (sc->aifflags & AAC_AIFFLAGS_RUNNING) {
679 		sc->aifflags |= AAC_AIFFLAGS_EXIT;
680 		wakeup(sc->aifthread);
681 		msleep(sc->aac_dev, &sc->aac_io_lock, PUSER, "aacdch", 0);
682 	}
683 	mtx_unlock(&sc->aac_io_lock);
684 	KASSERT((sc->aifflags & AAC_AIFFLAGS_RUNNING) == 0,
685 	    ("%s: invalid detach state", __func__));
686 
687 	/* Remove the child containers */
688 	while ((co = TAILQ_FIRST(&sc->aac_container_tqh)) != NULL) {
689 		error = device_delete_child(dev, co->co_disk);
690 		if (error)
691 			return (error);
692 		TAILQ_REMOVE(&sc->aac_container_tqh, co, co_link);
693 		free(co, M_AACBUF);
694 	}
695 
696 	/* Remove the CAM SIMs */
697 	while ((sim = TAILQ_FIRST(&sc->aac_sim_tqh)) != NULL) {
698 		TAILQ_REMOVE(&sc->aac_sim_tqh, sim, sim_link);
699 		error = device_delete_child(dev, sim->sim_dev);
700 		if (error)
701 			return (error);
702 		free(sim, M_AACBUF);
703 	}
704 
705 	if ((error = aac_shutdown(dev)))
706 		return(error);
707 
708 	EVENTHANDLER_DEREGISTER(shutdown_final, sc->eh);
709 
710 	aac_free(sc);
711 
712 	mtx_destroy(&sc->aac_aifq_lock);
713 	mtx_destroy(&sc->aac_io_lock);
714 	mtx_destroy(&sc->aac_container_lock);
715 
716 	return(0);
717 }
718 
719 /*
720  * Bring the controller down to a dormant state and detach all child devices.
721  *
722  * This function is called before detach or system shutdown.
723  *
724  * Note that we can assume that the bioq on the controller is empty, as we won't
725  * allow shutdown if any device is open.
726  */
727 int
728 aac_shutdown(device_t dev)
729 {
730 	struct aac_softc *sc;
731 	struct aac_fib *fib;
732 	struct aac_close_command *cc;
733 
734 	sc = device_get_softc(dev);
735 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
736 
737 	sc->aac_state |= AAC_STATE_SUSPEND;
738 
739 	/*
740 	 * Send a Container shutdown followed by a HostShutdown FIB to the
741 	 * controller to convince it that we don't want to talk to it anymore.
742 	 * We've been closed and all I/O completed already
743 	 */
744 	device_printf(sc->aac_dev, "shutting down controller...");
745 
746 	mtx_lock(&sc->aac_io_lock);
747 	aac_alloc_sync_fib(sc, &fib);
748 	cc = (struct aac_close_command *)&fib->data[0];
749 
750 	bzero(cc, sizeof(struct aac_close_command));
751 	cc->Command = VM_CloseAll;
752 	cc->ContainerId = 0xffffffff;
753 	if (aac_sync_fib(sc, ContainerCommand, 0, fib,
754 	    sizeof(struct aac_close_command)))
755 		printf("FAILED.\n");
756 	else
757 		printf("done\n");
758 #if 0
759 	else {
760 		fib->data[0] = 0;
761 		/*
762 		 * XXX Issuing this command to the controller makes it shut down
763 		 * but also keeps it from coming back up without a reset of the
764 		 * PCI bus.  This is not desirable if you are just unloading the
765 		 * driver module with the intent to reload it later.
766 		 */
767 		if (aac_sync_fib(sc, FsaHostShutdown, AAC_FIBSTATE_SHUTDOWN,
768 		    fib, 1)) {
769 			printf("FAILED.\n");
770 		} else {
771 			printf("done.\n");
772 		}
773 	}
774 #endif
775 
776 	AAC_MASK_INTERRUPTS(sc);
777 	aac_release_sync_fib(sc);
778 	mtx_unlock(&sc->aac_io_lock);
779 
780 	return(0);
781 }
782 
783 /*
784  * Bring the controller to a quiescent state, ready for system suspend.
785  */
786 int
787 aac_suspend(device_t dev)
788 {
789 	struct aac_softc *sc;
790 
791 	sc = device_get_softc(dev);
792 
793 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
794 	sc->aac_state |= AAC_STATE_SUSPEND;
795 
796 	AAC_MASK_INTERRUPTS(sc);
797 	return(0);
798 }
799 
800 /*
801  * Bring the controller back to a state ready for operation.
802  */
803 int
804 aac_resume(device_t dev)
805 {
806 	struct aac_softc *sc;
807 
808 	sc = device_get_softc(dev);
809 
810 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
811 	sc->aac_state &= ~AAC_STATE_SUSPEND;
812 	AAC_UNMASK_INTERRUPTS(sc);
813 	return(0);
814 }
815 
816 /*
817  * Interrupt handler for NEW_COMM interface.
818  */
819 void
820 aac_new_intr(void *arg)
821 {
822 	struct aac_softc *sc;
823 	u_int32_t index, fast;
824 	struct aac_command *cm;
825 	struct aac_fib *fib;
826 	int i;
827 
828 	sc = (struct aac_softc *)arg;
829 
830 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
831 	mtx_lock(&sc->aac_io_lock);
832 	while (1) {
833 		index = AAC_GET_OUTB_QUEUE(sc);
834 		if (index == 0xffffffff)
835 			index = AAC_GET_OUTB_QUEUE(sc);
836 		if (index == 0xffffffff)
837 			break;
838 		if (index & 2) {
839 			if (index == 0xfffffffe) {
840 				/* XXX This means that the controller wants
841 				 * more work.  Ignore it for now.
842 				 */
843 				continue;
844 			}
845 			/* AIF */
846 			fib = (struct aac_fib *)malloc(sizeof *fib, M_AACBUF,
847 				   M_NOWAIT | M_ZERO);
848 			if (fib == NULL) {
849 				/* If we're really this short on memory,
850 				 * hopefully breaking out of the handler will
851 				 * allow something to get freed.  This
852 				 * actually sucks a whole lot.
853 				 */
854 				break;
855 			}
856 			index &= ~2;
857 			for (i = 0; i < sizeof(struct aac_fib)/4; ++i)
858 				((u_int32_t *)fib)[i] = AAC_MEM1_GETREG4(sc, index + i*4);
859 			aac_handle_aif(sc, fib);
860 			free(fib, M_AACBUF);
861 
862 			/*
863 			 * AIF memory is owned by the adapter, so let it
864 			 * know that we are done with it.
865 			 */
866 			AAC_SET_OUTB_QUEUE(sc, index);
867 			AAC_CLEAR_ISTATUS(sc, AAC_DB_RESPONSE_READY);
868 		} else {
869 			fast = index & 1;
870 			cm = sc->aac_commands + (index >> 2);
871 			fib = cm->cm_fib;
872 			if (fast) {
873 				fib->Header.XferState |= AAC_FIBSTATE_DONEADAP;
874 				*((u_int32_t *)(fib->data)) = AAC_ERROR_NORMAL;
875 			}
876 			aac_remove_busy(cm);
877  			aac_unmap_command(cm);
878 			cm->cm_flags |= AAC_CMD_COMPLETED;
879 
880 			/* is there a completion handler? */
881 			if (cm->cm_complete != NULL) {
882 				cm->cm_complete(cm);
883 			} else {
884 				/* assume that someone is sleeping on this
885 				 * command
886 				 */
887 				wakeup(cm);
888 			}
889 			sc->flags &= ~AAC_QUEUE_FRZN;
890 		}
891 	}
892 	/* see if we can start some more I/O */
893 	if ((sc->flags & AAC_QUEUE_FRZN) == 0)
894 		aac_startio(sc);
895 
896 	mtx_unlock(&sc->aac_io_lock);
897 }
898 
899 /*
900  * Interrupt filter for !NEW_COMM interface.
901  */
902 int
903 aac_filter(void *arg)
904 {
905 	struct aac_softc *sc;
906 	u_int16_t reason;
907 
908 	sc = (struct aac_softc *)arg;
909 
910 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
911 	/*
912 	 * Read the status register directly.  This is faster than taking the
913 	 * driver lock and reading the queues directly.  It also saves having
914 	 * to turn parts of the driver lock into a spin mutex, which would be
915 	 * ugly.
916 	 */
917 	reason = AAC_GET_ISTATUS(sc);
918 	AAC_CLEAR_ISTATUS(sc, reason);
919 
920 	/* handle completion processing */
921 	if (reason & AAC_DB_RESPONSE_READY)
922 		taskqueue_enqueue(taskqueue_fast, &sc->aac_task_complete);
923 
924 	/* controller wants to talk to us */
925 	if (reason & (AAC_DB_PRINTF | AAC_DB_COMMAND_READY)) {
926 		/*
927 		 * XXX Make sure that we don't get fooled by strange messages
928 		 * that start with a NULL.
929 		 */
930 		if ((reason & AAC_DB_PRINTF) &&
931 			(sc->aac_common->ac_printf[0] == 0))
932 			sc->aac_common->ac_printf[0] = 32;
933 
934 		/*
935 		 * This might miss doing the actual wakeup.  However, the
936 		 * msleep that this is waking up has a timeout, so it will
937 		 * wake up eventually.  AIFs and printfs are low enough
938 		 * priority that they can handle hanging out for a few seconds
939 		 * if needed.
940 		 */
941 		wakeup(sc->aifthread);
942 	}
943 	return (FILTER_HANDLED);
944 }
945 
946 /*
947  * Command Processing
948  */
949 
950 /*
951  * Start as much queued I/O as possible on the controller
952  */
953 void
954 aac_startio(struct aac_softc *sc)
955 {
956 	struct aac_command *cm;
957 	int error;
958 
959 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
960 
961 	for (;;) {
962 		/*
963 		 * This flag might be set if the card is out of resources.
964 		 * Checking it here prevents an infinite loop of deferrals.
965 		 */
966 		if (sc->flags & AAC_QUEUE_FRZN)
967 			break;
968 
969 		/*
970 		 * Try to get a command that's been put off for lack of
971 		 * resources
972 		 */
973 		cm = aac_dequeue_ready(sc);
974 
975 		/*
976 		 * Try to build a command off the bio queue (ignore error
977 		 * return)
978 		 */
979 		if (cm == NULL)
980 			aac_bio_command(sc, &cm);
981 
982 		/* nothing to do? */
983 		if (cm == NULL)
984 			break;
985 
986 		/* don't map more than once */
987 		if (cm->cm_flags & AAC_CMD_MAPPED)
988 			panic("aac: command %p already mapped", cm);
989 
990 		/*
991 		 * Set up the command to go to the controller.  If there are no
992 		 * data buffers associated with the command then it can bypass
993 		 * busdma.
994 		 */
995 		if (cm->cm_datalen != 0) {
996 			if (cm->cm_flags & AAC_REQ_BIO)
997 				error = bus_dmamap_load_bio(
998 				    sc->aac_buffer_dmat, cm->cm_datamap,
999 				    (struct bio *)cm->cm_private,
1000 				    aac_map_command_sg, cm, 0);
1001 			else
1002 				error = bus_dmamap_load(sc->aac_buffer_dmat,
1003 				    cm->cm_datamap, cm->cm_data,
1004 				    cm->cm_datalen, aac_map_command_sg, cm, 0);
1005 			if (error == EINPROGRESS) {
1006 				fwprintf(sc, HBA_FLAGS_DBG_COMM_B, "freezing queue\n");
1007 				sc->flags |= AAC_QUEUE_FRZN;
1008 			} else if (error != 0)
1009 				panic("aac_startio: unexpected error %d from "
1010 				      "busdma", error);
1011 		} else
1012 			aac_map_command_sg(cm, NULL, 0, 0);
1013 	}
1014 }
1015 
1016 /*
1017  * Handle notification of one or more FIBs coming from the controller.
1018  */
1019 static void
1020 aac_command_thread(struct aac_softc *sc)
1021 {
1022 	struct aac_fib *fib;
1023 	u_int32_t fib_size;
1024 	int size, retval;
1025 
1026 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1027 
1028 	mtx_lock(&sc->aac_io_lock);
1029 	sc->aifflags = AAC_AIFFLAGS_RUNNING;
1030 
1031 	while ((sc->aifflags & AAC_AIFFLAGS_EXIT) == 0) {
1032 
1033 		retval = 0;
1034 		if ((sc->aifflags & AAC_AIFFLAGS_PENDING) == 0)
1035 			retval = msleep(sc->aifthread, &sc->aac_io_lock, PRIBIO,
1036 					"aifthd", AAC_PERIODIC_INTERVAL * hz);
1037 
1038 		/*
1039 		 * First see if any FIBs need to be allocated.  This needs
1040 		 * to be called without the driver lock because contigmalloc
1041 		 * can sleep.
1042 		 */
1043 		if ((sc->aifflags & AAC_AIFFLAGS_ALLOCFIBS) != 0) {
1044 			mtx_unlock(&sc->aac_io_lock);
1045 			aac_alloc_commands(sc);
1046 			mtx_lock(&sc->aac_io_lock);
1047 			sc->aifflags &= ~AAC_AIFFLAGS_ALLOCFIBS;
1048 			aac_startio(sc);
1049 		}
1050 
1051 		/*
1052 		 * While we're here, check to see if any commands are stuck.
1053 		 * This is pretty low-priority, so it's ok if it doesn't
1054 		 * always fire.
1055 		 */
1056 		if (retval == EWOULDBLOCK)
1057 			aac_timeout(sc);
1058 
1059 		/* Check the hardware printf message buffer */
1060 		if (sc->aac_common->ac_printf[0] != 0)
1061 			aac_print_printf(sc);
1062 
1063 		/* Also check to see if the adapter has a command for us. */
1064 		if (sc->flags & AAC_FLAGS_NEW_COMM)
1065 			continue;
1066 		for (;;) {
1067 			if (aac_dequeue_fib(sc, AAC_HOST_NORM_CMD_QUEUE,
1068 					   &fib_size, &fib))
1069 				break;
1070 
1071 			AAC_PRINT_FIB(sc, fib);
1072 
1073 			switch (fib->Header.Command) {
1074 			case AifRequest:
1075 				aac_handle_aif(sc, fib);
1076 				break;
1077 			default:
1078 				device_printf(sc->aac_dev, "unknown command "
1079 					      "from controller\n");
1080 				break;
1081 			}
1082 
1083 			if ((fib->Header.XferState == 0) ||
1084 			    (fib->Header.StructType != AAC_FIBTYPE_TFIB)) {
1085 				break;
1086 			}
1087 
1088 			/* Return the AIF to the controller. */
1089 			if (fib->Header.XferState & AAC_FIBSTATE_FROMADAP) {
1090 				fib->Header.XferState |= AAC_FIBSTATE_DONEHOST;
1091 				*(AAC_FSAStatus*)fib->data = ST_OK;
1092 
1093 				/* XXX Compute the Size field? */
1094 				size = fib->Header.Size;
1095 				if (size > sizeof(struct aac_fib)) {
1096 					size = sizeof(struct aac_fib);
1097 					fib->Header.Size = size;
1098 				}
1099 				/*
1100 				 * Since we did not generate this command, it
1101 				 * cannot go through the normal
1102 				 * enqueue->startio chain.
1103 				 */
1104 				aac_enqueue_response(sc,
1105 						 AAC_ADAP_NORM_RESP_QUEUE,
1106 						 fib);
1107 			}
1108 		}
1109 	}
1110 	sc->aifflags &= ~AAC_AIFFLAGS_RUNNING;
1111 	mtx_unlock(&sc->aac_io_lock);
1112 	wakeup(sc->aac_dev);
1113 
1114 	kproc_exit(0);
1115 }
1116 
1117 /*
1118  * Process completed commands.
1119  */
1120 static void
1121 aac_complete(void *context, int pending)
1122 {
1123 	struct aac_softc *sc;
1124 	struct aac_command *cm;
1125 	struct aac_fib *fib;
1126 	u_int32_t fib_size;
1127 
1128 	sc = (struct aac_softc *)context;
1129 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1130 
1131 	mtx_lock(&sc->aac_io_lock);
1132 
1133 	/* pull completed commands off the queue */
1134 	for (;;) {
1135 		/* look for completed FIBs on our queue */
1136 		if (aac_dequeue_fib(sc, AAC_HOST_NORM_RESP_QUEUE, &fib_size,
1137 							&fib))
1138 			break;	/* nothing to do */
1139 
1140 		/* get the command, unmap and hand off for processing */
1141 		cm = sc->aac_commands + fib->Header.SenderData;
1142 		if (cm == NULL) {
1143 			AAC_PRINT_FIB(sc, fib);
1144 			break;
1145 		}
1146 		if ((cm->cm_flags & AAC_CMD_TIMEDOUT) != 0)
1147 			device_printf(sc->aac_dev,
1148 			    "COMMAND %p COMPLETED AFTER %d SECONDS\n",
1149 			    cm, (int)(time_uptime-cm->cm_timestamp));
1150 
1151 		aac_remove_busy(cm);
1152 
1153  		aac_unmap_command(cm);
1154 		cm->cm_flags |= AAC_CMD_COMPLETED;
1155 
1156 		/* is there a completion handler? */
1157 		if (cm->cm_complete != NULL) {
1158 			cm->cm_complete(cm);
1159 		} else {
1160 			/* assume that someone is sleeping on this command */
1161 			wakeup(cm);
1162 		}
1163 	}
1164 
1165 	/* see if we can start some more I/O */
1166 	sc->flags &= ~AAC_QUEUE_FRZN;
1167 	aac_startio(sc);
1168 
1169 	mtx_unlock(&sc->aac_io_lock);
1170 }
1171 
1172 /*
1173  * Handle a bio submitted from a disk device.
1174  */
1175 void
1176 aac_submit_bio(struct bio *bp)
1177 {
1178 	struct aac_disk *ad;
1179 	struct aac_softc *sc;
1180 
1181 	ad = (struct aac_disk *)bp->bio_disk->d_drv1;
1182 	sc = ad->ad_controller;
1183 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1184 
1185 	/* queue the BIO and try to get some work done */
1186 	aac_enqueue_bio(sc, bp);
1187 	aac_startio(sc);
1188 }
1189 
1190 /*
1191  * Get a bio and build a command to go with it.
1192  */
1193 static int
1194 aac_bio_command(struct aac_softc *sc, struct aac_command **cmp)
1195 {
1196 	struct aac_command *cm;
1197 	struct aac_fib *fib;
1198 	struct aac_disk *ad;
1199 	struct bio *bp;
1200 
1201 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1202 
1203 	/* get the resources we will need */
1204 	cm = NULL;
1205 	bp = NULL;
1206 	if (aac_alloc_command(sc, &cm))	/* get a command */
1207 		goto fail;
1208 	if ((bp = aac_dequeue_bio(sc)) == NULL)
1209 		goto fail;
1210 
1211 	/* fill out the command */
1212 	cm->cm_datalen = bp->bio_bcount;
1213 	cm->cm_complete = aac_bio_complete;
1214 	cm->cm_flags = AAC_REQ_BIO;
1215 	cm->cm_private = bp;
1216 	cm->cm_timestamp = time_uptime;
1217 
1218 	/* build the FIB */
1219 	fib = cm->cm_fib;
1220 	fib->Header.Size = sizeof(struct aac_fib_header);
1221 	fib->Header.XferState =
1222 		AAC_FIBSTATE_HOSTOWNED   |
1223 		AAC_FIBSTATE_INITIALISED |
1224 		AAC_FIBSTATE_EMPTY	 |
1225 		AAC_FIBSTATE_FROMHOST	 |
1226 		AAC_FIBSTATE_REXPECTED   |
1227 		AAC_FIBSTATE_NORM	 |
1228 		AAC_FIBSTATE_ASYNC	 |
1229 		AAC_FIBSTATE_FAST_RESPONSE;
1230 
1231 	/* build the read/write request */
1232 	ad = (struct aac_disk *)bp->bio_disk->d_drv1;
1233 
1234 	if (sc->flags & AAC_FLAGS_RAW_IO) {
1235 		struct aac_raw_io *raw;
1236 		raw = (struct aac_raw_io *)&fib->data[0];
1237 		fib->Header.Command = RawIo;
1238 		raw->BlockNumber = (u_int64_t)bp->bio_pblkno;
1239 		raw->ByteCount = bp->bio_bcount;
1240 		raw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1241 		raw->BpTotal = 0;
1242 		raw->BpComplete = 0;
1243 		fib->Header.Size += sizeof(struct aac_raw_io);
1244 		cm->cm_sgtable = (struct aac_sg_table *)&raw->SgMapRaw;
1245 		if (bp->bio_cmd == BIO_READ) {
1246 			raw->Flags = 1;
1247 			cm->cm_flags |= AAC_CMD_DATAIN;
1248 		} else {
1249 			raw->Flags = 0;
1250 			cm->cm_flags |= AAC_CMD_DATAOUT;
1251 		}
1252 	} else if ((sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
1253 		fib->Header.Command = ContainerCommand;
1254 		if (bp->bio_cmd == BIO_READ) {
1255 			struct aac_blockread *br;
1256 			br = (struct aac_blockread *)&fib->data[0];
1257 			br->Command = VM_CtBlockRead;
1258 			br->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1259 			br->BlockNumber = bp->bio_pblkno;
1260 			br->ByteCount = bp->bio_bcount;
1261 			fib->Header.Size += sizeof(struct aac_blockread);
1262 			cm->cm_sgtable = &br->SgMap;
1263 			cm->cm_flags |= AAC_CMD_DATAIN;
1264 		} else {
1265 			struct aac_blockwrite *bw;
1266 			bw = (struct aac_blockwrite *)&fib->data[0];
1267 			bw->Command = VM_CtBlockWrite;
1268 			bw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1269 			bw->BlockNumber = bp->bio_pblkno;
1270 			bw->ByteCount = bp->bio_bcount;
1271 			bw->Stable = CUNSTABLE;
1272 			fib->Header.Size += sizeof(struct aac_blockwrite);
1273 			cm->cm_flags |= AAC_CMD_DATAOUT;
1274 			cm->cm_sgtable = &bw->SgMap;
1275 		}
1276 	} else {
1277 		fib->Header.Command = ContainerCommand64;
1278 		if (bp->bio_cmd == BIO_READ) {
1279 			struct aac_blockread64 *br;
1280 			br = (struct aac_blockread64 *)&fib->data[0];
1281 			br->Command = VM_CtHostRead64;
1282 			br->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1283 			br->SectorCount = bp->bio_bcount / AAC_BLOCK_SIZE;
1284 			br->BlockNumber = bp->bio_pblkno;
1285 			br->Pad = 0;
1286 			br->Flags = 0;
1287 			fib->Header.Size += sizeof(struct aac_blockread64);
1288 			cm->cm_flags |= AAC_CMD_DATAIN;
1289 			cm->cm_sgtable = (struct aac_sg_table *)&br->SgMap64;
1290 		} else {
1291 			struct aac_blockwrite64 *bw;
1292 			bw = (struct aac_blockwrite64 *)&fib->data[0];
1293 			bw->Command = VM_CtHostWrite64;
1294 			bw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1295 			bw->SectorCount = bp->bio_bcount / AAC_BLOCK_SIZE;
1296 			bw->BlockNumber = bp->bio_pblkno;
1297 			bw->Pad = 0;
1298 			bw->Flags = 0;
1299 			fib->Header.Size += sizeof(struct aac_blockwrite64);
1300 			cm->cm_flags |= AAC_CMD_DATAOUT;
1301 			cm->cm_sgtable = (struct aac_sg_table *)&bw->SgMap64;
1302 		}
1303 	}
1304 
1305 	*cmp = cm;
1306 	return(0);
1307 
1308 fail:
1309 	if (bp != NULL)
1310 		aac_enqueue_bio(sc, bp);
1311 	if (cm != NULL)
1312 		aac_release_command(cm);
1313 	return(ENOMEM);
1314 }
1315 
1316 /*
1317  * Handle a bio-instigated command that has been completed.
1318  */
1319 static void
1320 aac_bio_complete(struct aac_command *cm)
1321 {
1322 	struct aac_blockread_response *brr;
1323 	struct aac_blockwrite_response *bwr;
1324 	struct bio *bp;
1325 	AAC_FSAStatus status;
1326 
1327 	/* fetch relevant status and then release the command */
1328 	bp = (struct bio *)cm->cm_private;
1329 	if (bp->bio_cmd == BIO_READ) {
1330 		brr = (struct aac_blockread_response *)&cm->cm_fib->data[0];
1331 		status = brr->Status;
1332 	} else {
1333 		bwr = (struct aac_blockwrite_response *)&cm->cm_fib->data[0];
1334 		status = bwr->Status;
1335 	}
1336 	aac_release_command(cm);
1337 
1338 	/* fix up the bio based on status */
1339 	if (status == ST_OK) {
1340 		bp->bio_resid = 0;
1341 	} else {
1342 		bp->bio_error = EIO;
1343 		bp->bio_flags |= BIO_ERROR;
1344 	}
1345 	aac_biodone(bp);
1346 }
1347 
1348 /*
1349  * Submit a command to the controller, return when it completes.
1350  * XXX This is very dangerous!  If the card has gone out to lunch, we could
1351  *     be stuck here forever.  At the same time, signals are not caught
1352  *     because there is a risk that a signal could wakeup the sleep before
1353  *     the card has a chance to complete the command.  Since there is no way
1354  *     to cancel a command that is in progress, we can't protect against the
1355  *     card completing a command late and spamming the command and data
1356  *     memory.  So, we are held hostage until the command completes.
1357  */
1358 static int
1359 aac_wait_command(struct aac_command *cm)
1360 {
1361 	struct aac_softc *sc;
1362 	int error;
1363 
1364 	sc = cm->cm_sc;
1365 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1366 
1367 	/* Put the command on the ready queue and get things going */
1368 	aac_enqueue_ready(cm);
1369 	aac_startio(sc);
1370 	error = msleep(cm, &sc->aac_io_lock, PRIBIO, "aacwait", 0);
1371 	return(error);
1372 }
1373 
1374 /*
1375  *Command Buffer Management
1376  */
1377 
1378 /*
1379  * Allocate a command.
1380  */
1381 int
1382 aac_alloc_command(struct aac_softc *sc, struct aac_command **cmp)
1383 {
1384 	struct aac_command *cm;
1385 
1386 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1387 
1388 	if ((cm = aac_dequeue_free(sc)) == NULL) {
1389 		if (sc->total_fibs < sc->aac_max_fibs) {
1390 			mtx_lock(&sc->aac_io_lock);
1391 			sc->aifflags |= AAC_AIFFLAGS_ALLOCFIBS;
1392 			mtx_unlock(&sc->aac_io_lock);
1393 			wakeup(sc->aifthread);
1394 		}
1395 		return (EBUSY);
1396 	}
1397 
1398 	*cmp = cm;
1399 	return(0);
1400 }
1401 
1402 /*
1403  * Release a command back to the freelist.
1404  */
1405 void
1406 aac_release_command(struct aac_command *cm)
1407 {
1408 	struct aac_event *event;
1409 	struct aac_softc *sc;
1410 
1411 	sc = cm->cm_sc;
1412 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1413 
1414 	/* (re)initialize the command/FIB */
1415 	cm->cm_datalen = 0;
1416 	cm->cm_sgtable = NULL;
1417 	cm->cm_flags = 0;
1418 	cm->cm_complete = NULL;
1419 	cm->cm_private = NULL;
1420 	cm->cm_queue = AAC_ADAP_NORM_CMD_QUEUE;
1421 	cm->cm_fib->Header.XferState = AAC_FIBSTATE_EMPTY;
1422 	cm->cm_fib->Header.StructType = AAC_FIBTYPE_TFIB;
1423 	cm->cm_fib->Header.Flags = 0;
1424 	cm->cm_fib->Header.SenderSize = cm->cm_sc->aac_max_fib_size;
1425 
1426 	/*
1427 	 * These are duplicated in aac_start to cover the case where an
1428 	 * intermediate stage may have destroyed them.  They're left
1429 	 * initialized here for debugging purposes only.
1430 	 */
1431 	cm->cm_fib->Header.ReceiverFibAddress = (u_int32_t)cm->cm_fibphys;
1432 	cm->cm_fib->Header.SenderData = 0;
1433 
1434 	aac_enqueue_free(cm);
1435 
1436 	if ((event = TAILQ_FIRST(&sc->aac_ev_cmfree)) != NULL) {
1437 		TAILQ_REMOVE(&sc->aac_ev_cmfree, event, ev_links);
1438 		event->ev_callback(sc, event, event->ev_arg);
1439 	}
1440 }
1441 
1442 /*
1443  * Map helper for command/FIB allocation.
1444  */
1445 static void
1446 aac_map_command_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1447 {
1448 	uint64_t	*fibphys;
1449 
1450 	fibphys = (uint64_t *)arg;
1451 
1452 	*fibphys = segs[0].ds_addr;
1453 }
1454 
1455 /*
1456  * Allocate and initialize commands/FIBs for this adapter.
1457  */
1458 static int
1459 aac_alloc_commands(struct aac_softc *sc)
1460 {
1461 	struct aac_command *cm;
1462 	struct aac_fibmap *fm;
1463 	uint64_t fibphys;
1464 	int i, error;
1465 
1466 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1467 
1468 	if (sc->total_fibs + sc->aac_max_fibs_alloc > sc->aac_max_fibs)
1469 		return (ENOMEM);
1470 
1471 	fm = malloc(sizeof(struct aac_fibmap), M_AACBUF, M_NOWAIT|M_ZERO);
1472 	if (fm == NULL)
1473 		return (ENOMEM);
1474 
1475 	/* allocate the FIBs in DMAable memory and load them */
1476 	if (bus_dmamem_alloc(sc->aac_fib_dmat, (void **)&fm->aac_fibs,
1477 			     BUS_DMA_NOWAIT, &fm->aac_fibmap)) {
1478 		device_printf(sc->aac_dev,
1479 			      "Not enough contiguous memory available.\n");
1480 		free(fm, M_AACBUF);
1481 		return (ENOMEM);
1482 	}
1483 
1484 	/* Ignore errors since this doesn't bounce */
1485 	(void)bus_dmamap_load(sc->aac_fib_dmat, fm->aac_fibmap, fm->aac_fibs,
1486 			      sc->aac_max_fibs_alloc * sc->aac_max_fib_size,
1487 			      aac_map_command_helper, &fibphys, 0);
1488 
1489 	/* initialize constant fields in the command structure */
1490 	bzero(fm->aac_fibs, sc->aac_max_fibs_alloc * sc->aac_max_fib_size);
1491 	for (i = 0; i < sc->aac_max_fibs_alloc; i++) {
1492 		cm = sc->aac_commands + sc->total_fibs;
1493 		fm->aac_commands = cm;
1494 		cm->cm_sc = sc;
1495 		cm->cm_fib = (struct aac_fib *)
1496 			((u_int8_t *)fm->aac_fibs + i*sc->aac_max_fib_size);
1497 		cm->cm_fibphys = fibphys + i*sc->aac_max_fib_size;
1498 		cm->cm_index = sc->total_fibs;
1499 
1500 		if ((error = bus_dmamap_create(sc->aac_buffer_dmat, 0,
1501 					       &cm->cm_datamap)) != 0)
1502 			break;
1503 		mtx_lock(&sc->aac_io_lock);
1504 		aac_release_command(cm);
1505 		sc->total_fibs++;
1506 		mtx_unlock(&sc->aac_io_lock);
1507 	}
1508 
1509 	if (i > 0) {
1510 		mtx_lock(&sc->aac_io_lock);
1511 		TAILQ_INSERT_TAIL(&sc->aac_fibmap_tqh, fm, fm_link);
1512 		fwprintf(sc, HBA_FLAGS_DBG_COMM_B, "total_fibs= %d\n", sc->total_fibs);
1513 		mtx_unlock(&sc->aac_io_lock);
1514 		return (0);
1515 	}
1516 
1517 	bus_dmamap_unload(sc->aac_fib_dmat, fm->aac_fibmap);
1518 	bus_dmamem_free(sc->aac_fib_dmat, fm->aac_fibs, fm->aac_fibmap);
1519 	free(fm, M_AACBUF);
1520 	return (ENOMEM);
1521 }
1522 
1523 /*
1524  * Free FIBs owned by this adapter.
1525  */
1526 static void
1527 aac_free_commands(struct aac_softc *sc)
1528 {
1529 	struct aac_fibmap *fm;
1530 	struct aac_command *cm;
1531 	int i;
1532 
1533 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1534 
1535 	while ((fm = TAILQ_FIRST(&sc->aac_fibmap_tqh)) != NULL) {
1536 
1537 		TAILQ_REMOVE(&sc->aac_fibmap_tqh, fm, fm_link);
1538 		/*
1539 		 * We check against total_fibs to handle partially
1540 		 * allocated blocks.
1541 		 */
1542 		for (i = 0; i < sc->aac_max_fibs_alloc && sc->total_fibs--; i++) {
1543 			cm = fm->aac_commands + i;
1544 			bus_dmamap_destroy(sc->aac_buffer_dmat, cm->cm_datamap);
1545 		}
1546 		bus_dmamap_unload(sc->aac_fib_dmat, fm->aac_fibmap);
1547 		bus_dmamem_free(sc->aac_fib_dmat, fm->aac_fibs, fm->aac_fibmap);
1548 		free(fm, M_AACBUF);
1549 	}
1550 }
1551 
1552 /*
1553  * Command-mapping helper function - populate this command's s/g table.
1554  */
1555 static void
1556 aac_map_command_sg(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1557 {
1558 	struct aac_softc *sc;
1559 	struct aac_command *cm;
1560 	struct aac_fib *fib;
1561 	int i;
1562 
1563 	cm = (struct aac_command *)arg;
1564 	sc = cm->cm_sc;
1565 	fib = cm->cm_fib;
1566 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1567 
1568 	/* copy into the FIB */
1569 	if (cm->cm_sgtable != NULL) {
1570 		if (fib->Header.Command == RawIo) {
1571 			struct aac_sg_tableraw *sg;
1572 			sg = (struct aac_sg_tableraw *)cm->cm_sgtable;
1573 			sg->SgCount = nseg;
1574 			for (i = 0; i < nseg; i++) {
1575 				sg->SgEntryRaw[i].SgAddress = segs[i].ds_addr;
1576 				sg->SgEntryRaw[i].SgByteCount = segs[i].ds_len;
1577 				sg->SgEntryRaw[i].Next = 0;
1578 				sg->SgEntryRaw[i].Prev = 0;
1579 				sg->SgEntryRaw[i].Flags = 0;
1580 			}
1581 			/* update the FIB size for the s/g count */
1582 			fib->Header.Size += nseg*sizeof(struct aac_sg_entryraw);
1583 		} else if ((cm->cm_sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
1584 			struct aac_sg_table *sg;
1585 			sg = cm->cm_sgtable;
1586 			sg->SgCount = nseg;
1587 			for (i = 0; i < nseg; i++) {
1588 				sg->SgEntry[i].SgAddress = segs[i].ds_addr;
1589 				sg->SgEntry[i].SgByteCount = segs[i].ds_len;
1590 			}
1591 			/* update the FIB size for the s/g count */
1592 			fib->Header.Size += nseg*sizeof(struct aac_sg_entry);
1593 		} else {
1594 			struct aac_sg_table64 *sg;
1595 			sg = (struct aac_sg_table64 *)cm->cm_sgtable;
1596 			sg->SgCount = nseg;
1597 			for (i = 0; i < nseg; i++) {
1598 				sg->SgEntry64[i].SgAddress = segs[i].ds_addr;
1599 				sg->SgEntry64[i].SgByteCount = segs[i].ds_len;
1600 			}
1601 			/* update the FIB size for the s/g count */
1602 			fib->Header.Size += nseg*sizeof(struct aac_sg_entry64);
1603 		}
1604 	}
1605 
1606 	/* Fix up the address values in the FIB.  Use the command array index
1607 	 * instead of a pointer since these fields are only 32 bits.  Shift
1608 	 * the SenderFibAddress over to make room for the fast response bit
1609 	 * and for the AIF bit
1610 	 */
1611 	cm->cm_fib->Header.SenderFibAddress = (cm->cm_index << 2);
1612 	cm->cm_fib->Header.ReceiverFibAddress = (u_int32_t)cm->cm_fibphys;
1613 
1614 	/* save a pointer to the command for speedy reverse-lookup */
1615 	cm->cm_fib->Header.SenderData = cm->cm_index;
1616 
1617 	if (cm->cm_flags & AAC_CMD_DATAIN)
1618 		bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1619 				BUS_DMASYNC_PREREAD);
1620 	if (cm->cm_flags & AAC_CMD_DATAOUT)
1621 		bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1622 				BUS_DMASYNC_PREWRITE);
1623 	cm->cm_flags |= AAC_CMD_MAPPED;
1624 
1625 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
1626 		int count = 10000000L;
1627 		while (AAC_SEND_COMMAND(sc, cm) != 0) {
1628 			if (--count == 0) {
1629 				aac_unmap_command(cm);
1630 				sc->flags |= AAC_QUEUE_FRZN;
1631 				aac_requeue_ready(cm);
1632 			}
1633 			DELAY(5);			/* wait 5 usec. */
1634 		}
1635 	} else {
1636 		/* Put the FIB on the outbound queue */
1637 		if (aac_enqueue_fib(sc, cm->cm_queue, cm) == EBUSY) {
1638 			aac_unmap_command(cm);
1639 			sc->flags |= AAC_QUEUE_FRZN;
1640 			aac_requeue_ready(cm);
1641 		}
1642 	}
1643 }
1644 
1645 /*
1646  * Unmap a command from controller-visible space.
1647  */
1648 static void
1649 aac_unmap_command(struct aac_command *cm)
1650 {
1651 	struct aac_softc *sc;
1652 
1653 	sc = cm->cm_sc;
1654 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1655 
1656 	if (!(cm->cm_flags & AAC_CMD_MAPPED))
1657 		return;
1658 
1659 	if (cm->cm_datalen != 0) {
1660 		if (cm->cm_flags & AAC_CMD_DATAIN)
1661 			bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1662 					BUS_DMASYNC_POSTREAD);
1663 		if (cm->cm_flags & AAC_CMD_DATAOUT)
1664 			bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1665 					BUS_DMASYNC_POSTWRITE);
1666 
1667 		bus_dmamap_unload(sc->aac_buffer_dmat, cm->cm_datamap);
1668 	}
1669 	cm->cm_flags &= ~AAC_CMD_MAPPED;
1670 }
1671 
1672 /*
1673  * Hardware Interface
1674  */
1675 
1676 /*
1677  * Initialize the adapter.
1678  */
1679 static void
1680 aac_common_map(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1681 {
1682 	struct aac_softc *sc;
1683 
1684 	sc = (struct aac_softc *)arg;
1685 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1686 
1687 	sc->aac_common_busaddr = segs[0].ds_addr;
1688 }
1689 
1690 static int
1691 aac_check_firmware(struct aac_softc *sc)
1692 {
1693 	u_int32_t code, major, minor, options = 0, atu_size = 0;
1694 	int rid, status;
1695 	time_t then;
1696 
1697 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1698 	/*
1699 	 * Wait for the adapter to come ready.
1700 	 */
1701 	then = time_uptime;
1702 	do {
1703 		code = AAC_GET_FWSTATUS(sc);
1704 		if (code & AAC_SELF_TEST_FAILED) {
1705 			device_printf(sc->aac_dev, "FATAL: selftest failed\n");
1706 			return(ENXIO);
1707 		}
1708 		if (code & AAC_KERNEL_PANIC) {
1709 			device_printf(sc->aac_dev,
1710 				      "FATAL: controller kernel panic");
1711 			return(ENXIO);
1712 		}
1713 		if (time_uptime > (then + AAC_BOOT_TIMEOUT)) {
1714 			device_printf(sc->aac_dev,
1715 				      "FATAL: controller not coming ready, "
1716 					   "status %x\n", code);
1717 			return(ENXIO);
1718 		}
1719 	} while (!(code & AAC_UP_AND_RUNNING));
1720 
1721 	/*
1722 	 * Retrieve the firmware version numbers.  Dell PERC2/QC cards with
1723 	 * firmware version 1.x are not compatible with this driver.
1724 	 */
1725 	if (sc->flags & AAC_FLAGS_PERC2QC) {
1726 		if (aac_sync_command(sc, AAC_MONKER_GETKERNVER, 0, 0, 0, 0,
1727 				     NULL)) {
1728 			device_printf(sc->aac_dev,
1729 				      "Error reading firmware version\n");
1730 			return (EIO);
1731 		}
1732 
1733 		/* These numbers are stored as ASCII! */
1734 		major = (AAC_GET_MAILBOX(sc, 1) & 0xff) - 0x30;
1735 		minor = (AAC_GET_MAILBOX(sc, 2) & 0xff) - 0x30;
1736 		if (major == 1) {
1737 			device_printf(sc->aac_dev,
1738 			    "Firmware version %d.%d is not supported.\n",
1739 			    major, minor);
1740 			return (EINVAL);
1741 		}
1742 	}
1743 
1744 	/*
1745 	 * Retrieve the capabilities/supported options word so we know what
1746 	 * work-arounds to enable.  Some firmware revs don't support this
1747 	 * command.
1748 	 */
1749 	if (aac_sync_command(sc, AAC_MONKER_GETINFO, 0, 0, 0, 0, &status)) {
1750 		if (status != AAC_SRB_STS_INVALID_REQUEST) {
1751 			device_printf(sc->aac_dev,
1752 			     "RequestAdapterInfo failed\n");
1753 			return (EIO);
1754 		}
1755 	} else {
1756 		options = AAC_GET_MAILBOX(sc, 1);
1757 		atu_size = AAC_GET_MAILBOX(sc, 2);
1758 		sc->supported_options = options;
1759 
1760 		if ((options & AAC_SUPPORTED_4GB_WINDOW) != 0 &&
1761 		    (sc->flags & AAC_FLAGS_NO4GB) == 0)
1762 			sc->flags |= AAC_FLAGS_4GB_WINDOW;
1763 		if (options & AAC_SUPPORTED_NONDASD)
1764 			sc->flags |= AAC_FLAGS_ENABLE_CAM;
1765 		if ((options & AAC_SUPPORTED_SGMAP_HOST64) != 0
1766 		     && (sizeof(bus_addr_t) > 4)) {
1767 			device_printf(sc->aac_dev,
1768 			    "Enabling 64-bit address support\n");
1769 			sc->flags |= AAC_FLAGS_SG_64BIT;
1770 		}
1771 		if ((options & AAC_SUPPORTED_NEW_COMM)
1772 		 && sc->aac_if->aif_send_command)
1773 			sc->flags |= AAC_FLAGS_NEW_COMM;
1774 		if (options & AAC_SUPPORTED_64BIT_ARRAYSIZE)
1775 			sc->flags |= AAC_FLAGS_ARRAY_64BIT;
1776 	}
1777 
1778 	/* Check for broken hardware that does a lower number of commands */
1779 	sc->aac_max_fibs = (sc->flags & AAC_FLAGS_256FIBS ? 256:512);
1780 
1781 	/* Remap mem. resource, if required */
1782 	if ((sc->flags & AAC_FLAGS_NEW_COMM) &&
1783 	    atu_size > rman_get_size(sc->aac_regs_res1)) {
1784 		rid = rman_get_rid(sc->aac_regs_res1);
1785 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY, rid,
1786 		    sc->aac_regs_res1);
1787 		sc->aac_regs_res1 = bus_alloc_resource_anywhere(sc->aac_dev,
1788 		    SYS_RES_MEMORY, &rid, atu_size, RF_ACTIVE);
1789 		if (sc->aac_regs_res1 == NULL) {
1790 			sc->aac_regs_res1 = bus_alloc_resource_any(
1791 			    sc->aac_dev, SYS_RES_MEMORY, &rid, RF_ACTIVE);
1792 			if (sc->aac_regs_res1 == NULL) {
1793 				device_printf(sc->aac_dev,
1794 				    "couldn't allocate register window\n");
1795 				return (ENXIO);
1796 			}
1797 			sc->flags &= ~AAC_FLAGS_NEW_COMM;
1798 		}
1799 		sc->aac_btag1 = rman_get_bustag(sc->aac_regs_res1);
1800 		sc->aac_bhandle1 = rman_get_bushandle(sc->aac_regs_res1);
1801 
1802 		if (sc->aac_hwif == AAC_HWIF_NARK) {
1803 			sc->aac_regs_res0 = sc->aac_regs_res1;
1804 			sc->aac_btag0 = sc->aac_btag1;
1805 			sc->aac_bhandle0 = sc->aac_bhandle1;
1806 		}
1807 	}
1808 
1809 	/* Read preferred settings */
1810 	sc->aac_max_fib_size = sizeof(struct aac_fib);
1811 	sc->aac_max_sectors = 128;				/* 64KB */
1812 	if (sc->flags & AAC_FLAGS_SG_64BIT)
1813 		sc->aac_sg_tablesize = (AAC_FIB_DATASIZE
1814 		 - sizeof(struct aac_blockwrite64))
1815 		 / sizeof(struct aac_sg_entry64);
1816 	else
1817 		sc->aac_sg_tablesize = (AAC_FIB_DATASIZE
1818 		 - sizeof(struct aac_blockwrite))
1819 		 / sizeof(struct aac_sg_entry);
1820 
1821 	if (!aac_sync_command(sc, AAC_MONKER_GETCOMMPREF, 0, 0, 0, 0, NULL)) {
1822 		options = AAC_GET_MAILBOX(sc, 1);
1823 		sc->aac_max_fib_size = (options & 0xFFFF);
1824 		sc->aac_max_sectors = (options >> 16) << 1;
1825 		options = AAC_GET_MAILBOX(sc, 2);
1826 		sc->aac_sg_tablesize = (options >> 16);
1827 		options = AAC_GET_MAILBOX(sc, 3);
1828 		sc->aac_max_fibs = (options & 0xFFFF);
1829 	}
1830 	if (sc->aac_max_fib_size > PAGE_SIZE)
1831 		sc->aac_max_fib_size = PAGE_SIZE;
1832 	sc->aac_max_fibs_alloc = PAGE_SIZE / sc->aac_max_fib_size;
1833 
1834 	if (sc->aac_max_fib_size > sizeof(struct aac_fib)) {
1835 		sc->flags |= AAC_FLAGS_RAW_IO;
1836 		device_printf(sc->aac_dev, "Enable Raw I/O\n");
1837 	}
1838 	if ((sc->flags & AAC_FLAGS_RAW_IO) &&
1839 	    (sc->flags & AAC_FLAGS_ARRAY_64BIT)) {
1840 		sc->flags |= AAC_FLAGS_LBA_64BIT;
1841 		device_printf(sc->aac_dev, "Enable 64-bit array\n");
1842 	}
1843 
1844 	return (0);
1845 }
1846 
1847 static int
1848 aac_init(struct aac_softc *sc)
1849 {
1850 	struct aac_adapter_init	*ip;
1851 	u_int32_t qoffset;
1852 	int error;
1853 
1854 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1855 
1856 	/*
1857 	 * Fill in the init structure.  This tells the adapter about the
1858 	 * physical location of various important shared data structures.
1859 	 */
1860 	ip = &sc->aac_common->ac_init;
1861 	ip->InitStructRevision = AAC_INIT_STRUCT_REVISION;
1862 	if (sc->aac_max_fib_size > sizeof(struct aac_fib)) {
1863 		ip->InitStructRevision = AAC_INIT_STRUCT_REVISION_4;
1864 		sc->flags |= AAC_FLAGS_RAW_IO;
1865 	}
1866 	ip->MiniPortRevision = AAC_INIT_STRUCT_MINIPORT_REVISION;
1867 
1868 	ip->AdapterFibsPhysicalAddress = sc->aac_common_busaddr +
1869 					 offsetof(struct aac_common, ac_fibs);
1870 	ip->AdapterFibsVirtualAddress = 0;
1871 	ip->AdapterFibsSize = AAC_ADAPTER_FIBS * sizeof(struct aac_fib);
1872 	ip->AdapterFibAlign = sizeof(struct aac_fib);
1873 
1874 	ip->PrintfBufferAddress = sc->aac_common_busaddr +
1875 				  offsetof(struct aac_common, ac_printf);
1876 	ip->PrintfBufferSize = AAC_PRINTF_BUFSIZE;
1877 
1878 	/*
1879 	 * The adapter assumes that pages are 4K in size, except on some
1880  	 * broken firmware versions that do the page->byte conversion twice,
1881 	 * therefore 'assuming' that this value is in 16MB units (2^24).
1882 	 * Round up since the granularity is so high.
1883 	 */
1884 	ip->HostPhysMemPages = ctob(physmem) / AAC_PAGE_SIZE;
1885 	if (sc->flags & AAC_FLAGS_BROKEN_MEMMAP) {
1886 		ip->HostPhysMemPages =
1887 		    (ip->HostPhysMemPages + AAC_PAGE_SIZE) / AAC_PAGE_SIZE;
1888 	}
1889 	ip->HostElapsedSeconds = time_uptime;	/* reset later if invalid */
1890 
1891 	ip->InitFlags = 0;
1892 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
1893 		ip->InitFlags |= AAC_INITFLAGS_NEW_COMM_SUPPORTED;
1894 		device_printf(sc->aac_dev, "New comm. interface enabled\n");
1895 	}
1896 
1897 	ip->MaxIoCommands = sc->aac_max_fibs;
1898 	ip->MaxIoSize = sc->aac_max_sectors << 9;
1899 	ip->MaxFibSize = sc->aac_max_fib_size;
1900 
1901 	/*
1902 	 * Initialize FIB queues.  Note that it appears that the layout of the
1903 	 * indexes and the segmentation of the entries may be mandated by the
1904 	 * adapter, which is only told about the base of the queue index fields.
1905 	 *
1906 	 * The initial values of the indices are assumed to inform the adapter
1907 	 * of the sizes of the respective queues, and theoretically it could
1908 	 * work out the entire layout of the queue structures from this.  We
1909 	 * take the easy route and just lay this area out like everyone else
1910 	 * does.
1911 	 *
1912 	 * The Linux driver uses a much more complex scheme whereby several
1913 	 * header records are kept for each queue.  We use a couple of generic
1914 	 * list manipulation functions which 'know' the size of each list by
1915 	 * virtue of a table.
1916 	 */
1917 	qoffset = offsetof(struct aac_common, ac_qbuf) + AAC_QUEUE_ALIGN;
1918 	qoffset &= ~(AAC_QUEUE_ALIGN - 1);
1919 	sc->aac_queues =
1920 	    (struct aac_queue_table *)((uintptr_t)sc->aac_common + qoffset);
1921 	ip->CommHeaderAddress = sc->aac_common_busaddr + qoffset;
1922 
1923 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1924 		AAC_HOST_NORM_CMD_ENTRIES;
1925 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1926 		AAC_HOST_NORM_CMD_ENTRIES;
1927 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1928 		AAC_HOST_HIGH_CMD_ENTRIES;
1929 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1930 		AAC_HOST_HIGH_CMD_ENTRIES;
1931 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1932 		AAC_ADAP_NORM_CMD_ENTRIES;
1933 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1934 		AAC_ADAP_NORM_CMD_ENTRIES;
1935 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1936 		AAC_ADAP_HIGH_CMD_ENTRIES;
1937 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1938 		AAC_ADAP_HIGH_CMD_ENTRIES;
1939 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1940 		AAC_HOST_NORM_RESP_ENTRIES;
1941 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1942 		AAC_HOST_NORM_RESP_ENTRIES;
1943 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1944 		AAC_HOST_HIGH_RESP_ENTRIES;
1945 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1946 		AAC_HOST_HIGH_RESP_ENTRIES;
1947 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1948 		AAC_ADAP_NORM_RESP_ENTRIES;
1949 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1950 		AAC_ADAP_NORM_RESP_ENTRIES;
1951 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1952 		AAC_ADAP_HIGH_RESP_ENTRIES;
1953 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1954 		AAC_ADAP_HIGH_RESP_ENTRIES;
1955 	sc->aac_qentries[AAC_HOST_NORM_CMD_QUEUE] =
1956 		&sc->aac_queues->qt_HostNormCmdQueue[0];
1957 	sc->aac_qentries[AAC_HOST_HIGH_CMD_QUEUE] =
1958 		&sc->aac_queues->qt_HostHighCmdQueue[0];
1959 	sc->aac_qentries[AAC_ADAP_NORM_CMD_QUEUE] =
1960 		&sc->aac_queues->qt_AdapNormCmdQueue[0];
1961 	sc->aac_qentries[AAC_ADAP_HIGH_CMD_QUEUE] =
1962 		&sc->aac_queues->qt_AdapHighCmdQueue[0];
1963 	sc->aac_qentries[AAC_HOST_NORM_RESP_QUEUE] =
1964 		&sc->aac_queues->qt_HostNormRespQueue[0];
1965 	sc->aac_qentries[AAC_HOST_HIGH_RESP_QUEUE] =
1966 		&sc->aac_queues->qt_HostHighRespQueue[0];
1967 	sc->aac_qentries[AAC_ADAP_NORM_RESP_QUEUE] =
1968 		&sc->aac_queues->qt_AdapNormRespQueue[0];
1969 	sc->aac_qentries[AAC_ADAP_HIGH_RESP_QUEUE] =
1970 		&sc->aac_queues->qt_AdapHighRespQueue[0];
1971 
1972 	/*
1973 	 * Do controller-type-specific initialisation
1974 	 */
1975 	switch (sc->aac_hwif) {
1976 	case AAC_HWIF_I960RX:
1977 		AAC_MEM0_SETREG4(sc, AAC_RX_ODBR, ~0);
1978 		break;
1979 	case AAC_HWIF_RKT:
1980 		AAC_MEM0_SETREG4(sc, AAC_RKT_ODBR, ~0);
1981 		break;
1982 	default:
1983 		break;
1984 	}
1985 
1986 	/*
1987 	 * Give the init structure to the controller.
1988 	 */
1989 	if (aac_sync_command(sc, AAC_MONKER_INITSTRUCT,
1990 			     sc->aac_common_busaddr +
1991 			     offsetof(struct aac_common, ac_init), 0, 0, 0,
1992 			     NULL)) {
1993 		device_printf(sc->aac_dev,
1994 			      "error establishing init structure\n");
1995 		error = EIO;
1996 		goto out;
1997 	}
1998 
1999 	error = 0;
2000 out:
2001 	return(error);
2002 }
2003 
2004 static int
2005 aac_setup_intr(struct aac_softc *sc)
2006 {
2007 
2008 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
2009 		if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
2010 				   INTR_MPSAFE|INTR_TYPE_BIO, NULL,
2011 				   aac_new_intr, sc, &sc->aac_intr)) {
2012 			device_printf(sc->aac_dev, "can't set up interrupt\n");
2013 			return (EINVAL);
2014 		}
2015 	} else {
2016 		if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
2017 				   INTR_TYPE_BIO, aac_filter, NULL,
2018 				   sc, &sc->aac_intr)) {
2019 			device_printf(sc->aac_dev,
2020 				      "can't set up interrupt filter\n");
2021 			return (EINVAL);
2022 		}
2023 	}
2024 	return (0);
2025 }
2026 
2027 /*
2028  * Send a synchronous command to the controller and wait for a result.
2029  * Indicate if the controller completed the command with an error status.
2030  */
2031 static int
2032 aac_sync_command(struct aac_softc *sc, u_int32_t command,
2033 		 u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3,
2034 		 u_int32_t *sp)
2035 {
2036 	time_t then;
2037 	u_int32_t status;
2038 
2039 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2040 
2041 	/* populate the mailbox */
2042 	AAC_SET_MAILBOX(sc, command, arg0, arg1, arg2, arg3);
2043 
2044 	/* ensure the sync command doorbell flag is cleared */
2045 	AAC_CLEAR_ISTATUS(sc, AAC_DB_SYNC_COMMAND);
2046 
2047 	/* then set it to signal the adapter */
2048 	AAC_QNOTIFY(sc, AAC_DB_SYNC_COMMAND);
2049 
2050 	/* spin waiting for the command to complete */
2051 	then = time_uptime;
2052 	do {
2053 		if (time_uptime > (then + AAC_IMMEDIATE_TIMEOUT)) {
2054 			fwprintf(sc, HBA_FLAGS_DBG_ERROR_B, "timed out");
2055 			return(EIO);
2056 		}
2057 	} while (!(AAC_GET_ISTATUS(sc) & AAC_DB_SYNC_COMMAND));
2058 
2059 	/* clear the completion flag */
2060 	AAC_CLEAR_ISTATUS(sc, AAC_DB_SYNC_COMMAND);
2061 
2062 	/* get the command status */
2063 	status = AAC_GET_MAILBOX(sc, 0);
2064 	if (sp != NULL)
2065 		*sp = status;
2066 
2067 	if (status != AAC_SRB_STS_SUCCESS)
2068 		return (-1);
2069 	return(0);
2070 }
2071 
2072 int
2073 aac_sync_fib(struct aac_softc *sc, u_int32_t command, u_int32_t xferstate,
2074 		 struct aac_fib *fib, u_int16_t datasize)
2075 {
2076 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2077 	mtx_assert(&sc->aac_io_lock, MA_OWNED);
2078 
2079 	if (datasize > AAC_FIB_DATASIZE)
2080 		return(EINVAL);
2081 
2082 	/*
2083 	 * Set up the sync FIB
2084 	 */
2085 	fib->Header.XferState = AAC_FIBSTATE_HOSTOWNED |
2086 				AAC_FIBSTATE_INITIALISED |
2087 				AAC_FIBSTATE_EMPTY;
2088 	fib->Header.XferState |= xferstate;
2089 	fib->Header.Command = command;
2090 	fib->Header.StructType = AAC_FIBTYPE_TFIB;
2091 	fib->Header.Size = sizeof(struct aac_fib_header) + datasize;
2092 	fib->Header.SenderSize = sizeof(struct aac_fib);
2093 	fib->Header.SenderFibAddress = 0;	/* Not needed */
2094 	fib->Header.ReceiverFibAddress = sc->aac_common_busaddr +
2095 					 offsetof(struct aac_common,
2096 						  ac_sync_fib);
2097 
2098 	/*
2099 	 * Give the FIB to the controller, wait for a response.
2100 	 */
2101 	if (aac_sync_command(sc, AAC_MONKER_SYNCFIB,
2102 			     fib->Header.ReceiverFibAddress, 0, 0, 0, NULL)) {
2103 		fwprintf(sc, HBA_FLAGS_DBG_ERROR_B, "IO error");
2104 		return(EIO);
2105 	}
2106 
2107 	return (0);
2108 }
2109 
2110 /*
2111  * Adapter-space FIB queue manipulation
2112  *
2113  * Note that the queue implementation here is a little funky; neither the PI or
2114  * CI will ever be zero.  This behaviour is a controller feature.
2115  */
2116 static const struct {
2117 	int		size;
2118 	int		notify;
2119 } aac_qinfo[] = {
2120 	{AAC_HOST_NORM_CMD_ENTRIES, AAC_DB_COMMAND_NOT_FULL},
2121 	{AAC_HOST_HIGH_CMD_ENTRIES, 0},
2122 	{AAC_ADAP_NORM_CMD_ENTRIES, AAC_DB_COMMAND_READY},
2123 	{AAC_ADAP_HIGH_CMD_ENTRIES, 0},
2124 	{AAC_HOST_NORM_RESP_ENTRIES, AAC_DB_RESPONSE_NOT_FULL},
2125 	{AAC_HOST_HIGH_RESP_ENTRIES, 0},
2126 	{AAC_ADAP_NORM_RESP_ENTRIES, AAC_DB_RESPONSE_READY},
2127 	{AAC_ADAP_HIGH_RESP_ENTRIES, 0}
2128 };
2129 
2130 /*
2131  * Atomically insert an entry into the nominated queue, returns 0 on success or
2132  * EBUSY if the queue is full.
2133  *
2134  * Note: it would be more efficient to defer notifying the controller in
2135  *	 the case where we may be inserting several entries in rapid succession,
2136  *	 but implementing this usefully may be difficult (it would involve a
2137  *	 separate queue/notify interface).
2138  */
2139 static int
2140 aac_enqueue_fib(struct aac_softc *sc, int queue, struct aac_command *cm)
2141 {
2142 	u_int32_t pi, ci;
2143 	int error;
2144 	u_int32_t fib_size;
2145 	u_int32_t fib_addr;
2146 
2147 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2148 
2149 	fib_size = cm->cm_fib->Header.Size;
2150 	fib_addr = cm->cm_fib->Header.ReceiverFibAddress;
2151 
2152 	/* get the producer/consumer indices */
2153 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2154 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2155 
2156 	/* wrap the queue? */
2157 	if (pi >= aac_qinfo[queue].size)
2158 		pi = 0;
2159 
2160 	/* check for queue full */
2161 	if ((pi + 1) == ci) {
2162 		error = EBUSY;
2163 		goto out;
2164 	}
2165 
2166 	/*
2167 	 * To avoid a race with its completion interrupt, place this command on
2168 	 * the busy queue prior to advertising it to the controller.
2169 	 */
2170 	aac_enqueue_busy(cm);
2171 
2172 	/* populate queue entry */
2173 	(sc->aac_qentries[queue] + pi)->aq_fib_size = fib_size;
2174 	(sc->aac_qentries[queue] + pi)->aq_fib_addr = fib_addr;
2175 
2176 	/* update producer index */
2177 	sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX] = pi + 1;
2178 
2179 	/* notify the adapter if we know how */
2180 	if (aac_qinfo[queue].notify != 0)
2181 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2182 
2183 	error = 0;
2184 
2185 out:
2186 	return(error);
2187 }
2188 
2189 /*
2190  * Atomically remove one entry from the nominated queue, returns 0 on
2191  * success or ENOENT if the queue is empty.
2192  */
2193 static int
2194 aac_dequeue_fib(struct aac_softc *sc, int queue, u_int32_t *fib_size,
2195 		struct aac_fib **fib_addr)
2196 {
2197 	u_int32_t pi, ci;
2198 	u_int32_t fib_index;
2199 	int error;
2200 	int notify;
2201 
2202 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2203 
2204 	/* get the producer/consumer indices */
2205 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2206 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2207 
2208 	/* check for queue empty */
2209 	if (ci == pi) {
2210 		error = ENOENT;
2211 		goto out;
2212 	}
2213 
2214 	/* wrap the pi so the following test works */
2215 	if (pi >= aac_qinfo[queue].size)
2216 		pi = 0;
2217 
2218 	notify = 0;
2219 	if (ci == pi + 1)
2220 		notify++;
2221 
2222 	/* wrap the queue? */
2223 	if (ci >= aac_qinfo[queue].size)
2224 		ci = 0;
2225 
2226 	/* fetch the entry */
2227 	*fib_size = (sc->aac_qentries[queue] + ci)->aq_fib_size;
2228 
2229 	switch (queue) {
2230 	case AAC_HOST_NORM_CMD_QUEUE:
2231 	case AAC_HOST_HIGH_CMD_QUEUE:
2232 		/*
2233 		 * The aq_fib_addr is only 32 bits wide so it can't be counted
2234 		 * on to hold an address.  For AIF's, the adapter assumes
2235 		 * that it's giving us an address into the array of AIF fibs.
2236 		 * Therefore, we have to convert it to an index.
2237 		 */
2238 		fib_index = (sc->aac_qentries[queue] + ci)->aq_fib_addr /
2239 			sizeof(struct aac_fib);
2240 		*fib_addr = &sc->aac_common->ac_fibs[fib_index];
2241 		break;
2242 
2243 	case AAC_HOST_NORM_RESP_QUEUE:
2244 	case AAC_HOST_HIGH_RESP_QUEUE:
2245 	{
2246 		struct aac_command *cm;
2247 
2248 		/*
2249 		 * As above, an index is used instead of an actual address.
2250 		 * Gotta shift the index to account for the fast response
2251 		 * bit.  No other correction is needed since this value was
2252 		 * originally provided by the driver via the SenderFibAddress
2253 		 * field.
2254 		 */
2255 		fib_index = (sc->aac_qentries[queue] + ci)->aq_fib_addr;
2256 		cm = sc->aac_commands + (fib_index >> 2);
2257 		*fib_addr = cm->cm_fib;
2258 
2259 		/*
2260 		 * Is this a fast response? If it is, update the fib fields in
2261 		 * local memory since the whole fib isn't DMA'd back up.
2262 		 */
2263 		if (fib_index & 0x01) {
2264 			(*fib_addr)->Header.XferState |= AAC_FIBSTATE_DONEADAP;
2265 			*((u_int32_t*)((*fib_addr)->data)) = AAC_ERROR_NORMAL;
2266 		}
2267 		break;
2268 	}
2269 	default:
2270 		panic("Invalid queue in aac_dequeue_fib()");
2271 		break;
2272 	}
2273 
2274 	/* update consumer index */
2275 	sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX] = ci + 1;
2276 
2277 	/* if we have made the queue un-full, notify the adapter */
2278 	if (notify && (aac_qinfo[queue].notify != 0))
2279 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2280 	error = 0;
2281 
2282 out:
2283 	return(error);
2284 }
2285 
2286 /*
2287  * Put our response to an Adapter Initialed Fib on the response queue
2288  */
2289 static int
2290 aac_enqueue_response(struct aac_softc *sc, int queue, struct aac_fib *fib)
2291 {
2292 	u_int32_t pi, ci;
2293 	int error;
2294 	u_int32_t fib_size;
2295 	u_int32_t fib_addr;
2296 
2297 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2298 
2299 	/* Tell the adapter where the FIB is */
2300 	fib_size = fib->Header.Size;
2301 	fib_addr = fib->Header.SenderFibAddress;
2302 	fib->Header.ReceiverFibAddress = fib_addr;
2303 
2304 	/* get the producer/consumer indices */
2305 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2306 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2307 
2308 	/* wrap the queue? */
2309 	if (pi >= aac_qinfo[queue].size)
2310 		pi = 0;
2311 
2312 	/* check for queue full */
2313 	if ((pi + 1) == ci) {
2314 		error = EBUSY;
2315 		goto out;
2316 	}
2317 
2318 	/* populate queue entry */
2319 	(sc->aac_qentries[queue] + pi)->aq_fib_size = fib_size;
2320 	(sc->aac_qentries[queue] + pi)->aq_fib_addr = fib_addr;
2321 
2322 	/* update producer index */
2323 	sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX] = pi + 1;
2324 
2325 	/* notify the adapter if we know how */
2326 	if (aac_qinfo[queue].notify != 0)
2327 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2328 
2329 	error = 0;
2330 
2331 out:
2332 	return(error);
2333 }
2334 
2335 /*
2336  * Check for commands that have been outstanding for a suspiciously long time,
2337  * and complain about them.
2338  */
2339 static void
2340 aac_timeout(struct aac_softc *sc)
2341 {
2342 	struct aac_command *cm;
2343 	time_t deadline;
2344 	int timedout, code;
2345 
2346 	/*
2347 	 * Traverse the busy command list, bitch about late commands once
2348 	 * only.
2349 	 */
2350 	timedout = 0;
2351 	deadline = time_uptime - AAC_CMD_TIMEOUT;
2352 	TAILQ_FOREACH(cm, &sc->aac_busy, cm_link) {
2353 		if ((cm->cm_timestamp  < deadline)
2354 		    && !(cm->cm_flags & AAC_CMD_TIMEDOUT)) {
2355 			cm->cm_flags |= AAC_CMD_TIMEDOUT;
2356 			device_printf(sc->aac_dev,
2357 			    "COMMAND %p (TYPE %d) TIMEOUT AFTER %d SECONDS\n",
2358 			    cm, cm->cm_fib->Header.Command,
2359 			    (int)(time_uptime-cm->cm_timestamp));
2360 			AAC_PRINT_FIB(sc, cm->cm_fib);
2361 			timedout++;
2362 		}
2363 	}
2364 
2365 	if (timedout) {
2366 		code = AAC_GET_FWSTATUS(sc);
2367 		if (code != AAC_UP_AND_RUNNING) {
2368 			device_printf(sc->aac_dev, "WARNING! Controller is no "
2369 				      "longer running! code= 0x%x\n", code);
2370 		}
2371 	}
2372 }
2373 
2374 /*
2375  * Interface Function Vectors
2376  */
2377 
2378 /*
2379  * Read the current firmware status word.
2380  */
2381 static int
2382 aac_sa_get_fwstatus(struct aac_softc *sc)
2383 {
2384 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2385 
2386 	return(AAC_MEM0_GETREG4(sc, AAC_SA_FWSTATUS));
2387 }
2388 
2389 static int
2390 aac_rx_get_fwstatus(struct aac_softc *sc)
2391 {
2392 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2393 
2394 	return(AAC_MEM0_GETREG4(sc, sc->flags & AAC_FLAGS_NEW_COMM ?
2395 	    AAC_RX_OMR0 : AAC_RX_FWSTATUS));
2396 }
2397 
2398 static int
2399 aac_rkt_get_fwstatus(struct aac_softc *sc)
2400 {
2401 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2402 
2403 	return(AAC_MEM0_GETREG4(sc, sc->flags & AAC_FLAGS_NEW_COMM ?
2404 	    AAC_RKT_OMR0 : AAC_RKT_FWSTATUS));
2405 }
2406 
2407 /*
2408  * Notify the controller of a change in a given queue
2409  */
2410 
2411 static void
2412 aac_sa_qnotify(struct aac_softc *sc, int qbit)
2413 {
2414 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2415 
2416 	AAC_MEM0_SETREG2(sc, AAC_SA_DOORBELL1_SET, qbit);
2417 }
2418 
2419 static void
2420 aac_rx_qnotify(struct aac_softc *sc, int qbit)
2421 {
2422 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2423 
2424 	AAC_MEM0_SETREG4(sc, AAC_RX_IDBR, qbit);
2425 }
2426 
2427 static void
2428 aac_rkt_qnotify(struct aac_softc *sc, int qbit)
2429 {
2430 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2431 
2432 	AAC_MEM0_SETREG4(sc, AAC_RKT_IDBR, qbit);
2433 }
2434 
2435 /*
2436  * Get the interrupt reason bits
2437  */
2438 static int
2439 aac_sa_get_istatus(struct aac_softc *sc)
2440 {
2441 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2442 
2443 	return(AAC_MEM0_GETREG2(sc, AAC_SA_DOORBELL0));
2444 }
2445 
2446 static int
2447 aac_rx_get_istatus(struct aac_softc *sc)
2448 {
2449 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2450 
2451 	return(AAC_MEM0_GETREG4(sc, AAC_RX_ODBR));
2452 }
2453 
2454 static int
2455 aac_rkt_get_istatus(struct aac_softc *sc)
2456 {
2457 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2458 
2459 	return(AAC_MEM0_GETREG4(sc, AAC_RKT_ODBR));
2460 }
2461 
2462 /*
2463  * Clear some interrupt reason bits
2464  */
2465 static void
2466 aac_sa_clear_istatus(struct aac_softc *sc, int mask)
2467 {
2468 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2469 
2470 	AAC_MEM0_SETREG2(sc, AAC_SA_DOORBELL0_CLEAR, mask);
2471 }
2472 
2473 static void
2474 aac_rx_clear_istatus(struct aac_softc *sc, int mask)
2475 {
2476 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2477 
2478 	AAC_MEM0_SETREG4(sc, AAC_RX_ODBR, mask);
2479 }
2480 
2481 static void
2482 aac_rkt_clear_istatus(struct aac_softc *sc, int mask)
2483 {
2484 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2485 
2486 	AAC_MEM0_SETREG4(sc, AAC_RKT_ODBR, mask);
2487 }
2488 
2489 /*
2490  * Populate the mailbox and set the command word
2491  */
2492 static void
2493 aac_sa_set_mailbox(struct aac_softc *sc, u_int32_t command,
2494 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2495 {
2496 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2497 
2498 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX, command);
2499 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 4, arg0);
2500 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 8, arg1);
2501 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 12, arg2);
2502 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 16, arg3);
2503 }
2504 
2505 static void
2506 aac_rx_set_mailbox(struct aac_softc *sc, u_int32_t command,
2507 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2508 {
2509 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2510 
2511 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX, command);
2512 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 4, arg0);
2513 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 8, arg1);
2514 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 12, arg2);
2515 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 16, arg3);
2516 }
2517 
2518 static void
2519 aac_rkt_set_mailbox(struct aac_softc *sc, u_int32_t command, u_int32_t arg0,
2520 		    u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2521 {
2522 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2523 
2524 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX, command);
2525 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 4, arg0);
2526 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 8, arg1);
2527 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 12, arg2);
2528 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 16, arg3);
2529 }
2530 
2531 /*
2532  * Fetch the immediate command status word
2533  */
2534 static int
2535 aac_sa_get_mailbox(struct aac_softc *sc, int mb)
2536 {
2537 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2538 
2539 	return(AAC_MEM1_GETREG4(sc, AAC_SA_MAILBOX + (mb * 4)));
2540 }
2541 
2542 static int
2543 aac_rx_get_mailbox(struct aac_softc *sc, int mb)
2544 {
2545 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2546 
2547 	return(AAC_MEM1_GETREG4(sc, AAC_RX_MAILBOX + (mb * 4)));
2548 }
2549 
2550 static int
2551 aac_rkt_get_mailbox(struct aac_softc *sc, int mb)
2552 {
2553 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2554 
2555 	return(AAC_MEM1_GETREG4(sc, AAC_RKT_MAILBOX + (mb * 4)));
2556 }
2557 
2558 /*
2559  * Set/clear interrupt masks
2560  */
2561 static void
2562 aac_sa_set_interrupts(struct aac_softc *sc, int enable)
2563 {
2564 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "%sable interrupts", enable ? "en" : "dis");
2565 
2566 	if (enable) {
2567 		AAC_MEM0_SETREG2((sc), AAC_SA_MASK0_CLEAR, AAC_DB_INTERRUPTS);
2568 	} else {
2569 		AAC_MEM0_SETREG2((sc), AAC_SA_MASK0_SET, ~0);
2570 	}
2571 }
2572 
2573 static void
2574 aac_rx_set_interrupts(struct aac_softc *sc, int enable)
2575 {
2576 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "%sable interrupts", enable ? "en" : "dis");
2577 
2578 	if (enable) {
2579 		if (sc->flags & AAC_FLAGS_NEW_COMM)
2580 			AAC_MEM0_SETREG4(sc, AAC_RX_OIMR, ~AAC_DB_INT_NEW_COMM);
2581 		else
2582 			AAC_MEM0_SETREG4(sc, AAC_RX_OIMR, ~AAC_DB_INTERRUPTS);
2583 	} else {
2584 		AAC_MEM0_SETREG4(sc, AAC_RX_OIMR, ~0);
2585 	}
2586 }
2587 
2588 static void
2589 aac_rkt_set_interrupts(struct aac_softc *sc, int enable)
2590 {
2591 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "%sable interrupts", enable ? "en" : "dis");
2592 
2593 	if (enable) {
2594 		if (sc->flags & AAC_FLAGS_NEW_COMM)
2595 			AAC_MEM0_SETREG4(sc, AAC_RKT_OIMR, ~AAC_DB_INT_NEW_COMM);
2596 		else
2597 			AAC_MEM0_SETREG4(sc, AAC_RKT_OIMR, ~AAC_DB_INTERRUPTS);
2598 	} else {
2599 		AAC_MEM0_SETREG4(sc, AAC_RKT_OIMR, ~0);
2600 	}
2601 }
2602 
2603 /*
2604  * New comm. interface: Send command functions
2605  */
2606 static int
2607 aac_rx_send_command(struct aac_softc *sc, struct aac_command *cm)
2608 {
2609 	u_int32_t index, device;
2610 
2611 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "send command (new comm.)");
2612 
2613 	index = AAC_MEM0_GETREG4(sc, AAC_RX_IQUE);
2614 	if (index == 0xffffffffL)
2615 		index = AAC_MEM0_GETREG4(sc, AAC_RX_IQUE);
2616 	if (index == 0xffffffffL)
2617 		return index;
2618 	aac_enqueue_busy(cm);
2619 	device = index;
2620 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys & 0xffffffffUL));
2621 	device += 4;
2622 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys >> 32));
2623 	device += 4;
2624 	AAC_MEM1_SETREG4(sc, device, cm->cm_fib->Header.Size);
2625 	AAC_MEM0_SETREG4(sc, AAC_RX_IQUE, index);
2626 	return 0;
2627 }
2628 
2629 static int
2630 aac_rkt_send_command(struct aac_softc *sc, struct aac_command *cm)
2631 {
2632 	u_int32_t index, device;
2633 
2634 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "send command (new comm.)");
2635 
2636 	index = AAC_MEM0_GETREG4(sc, AAC_RKT_IQUE);
2637 	if (index == 0xffffffffL)
2638 		index = AAC_MEM0_GETREG4(sc, AAC_RKT_IQUE);
2639 	if (index == 0xffffffffL)
2640 		return index;
2641 	aac_enqueue_busy(cm);
2642 	device = index;
2643 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys & 0xffffffffUL));
2644 	device += 4;
2645 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys >> 32));
2646 	device += 4;
2647 	AAC_MEM1_SETREG4(sc, device, cm->cm_fib->Header.Size);
2648 	AAC_MEM0_SETREG4(sc, AAC_RKT_IQUE, index);
2649 	return 0;
2650 }
2651 
2652 /*
2653  * New comm. interface: get, set outbound queue index
2654  */
2655 static int
2656 aac_rx_get_outb_queue(struct aac_softc *sc)
2657 {
2658 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2659 
2660 	return(AAC_MEM0_GETREG4(sc, AAC_RX_OQUE));
2661 }
2662 
2663 static int
2664 aac_rkt_get_outb_queue(struct aac_softc *sc)
2665 {
2666 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2667 
2668 	return(AAC_MEM0_GETREG4(sc, AAC_RKT_OQUE));
2669 }
2670 
2671 static void
2672 aac_rx_set_outb_queue(struct aac_softc *sc, int index)
2673 {
2674 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2675 
2676 	AAC_MEM0_SETREG4(sc, AAC_RX_OQUE, index);
2677 }
2678 
2679 static void
2680 aac_rkt_set_outb_queue(struct aac_softc *sc, int index)
2681 {
2682 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2683 
2684 	AAC_MEM0_SETREG4(sc, AAC_RKT_OQUE, index);
2685 }
2686 
2687 /*
2688  * Debugging and Diagnostics
2689  */
2690 
2691 /*
2692  * Print some information about the controller.
2693  */
2694 static void
2695 aac_describe_controller(struct aac_softc *sc)
2696 {
2697 	struct aac_fib *fib;
2698 	struct aac_adapter_info	*info;
2699 	char *adapter_type = "Adaptec RAID controller";
2700 
2701 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2702 
2703 	mtx_lock(&sc->aac_io_lock);
2704 	aac_alloc_sync_fib(sc, &fib);
2705 
2706 	fib->data[0] = 0;
2707 	if (aac_sync_fib(sc, RequestAdapterInfo, 0, fib, 1)) {
2708 		device_printf(sc->aac_dev, "RequestAdapterInfo failed\n");
2709 		aac_release_sync_fib(sc);
2710 		mtx_unlock(&sc->aac_io_lock);
2711 		return;
2712 	}
2713 
2714 	/* save the kernel revision structure for later use */
2715 	info = (struct aac_adapter_info *)&fib->data[0];
2716 	sc->aac_revision = info->KernelRevision;
2717 
2718 	if (bootverbose) {
2719 		device_printf(sc->aac_dev, "%s %dMHz, %dMB memory "
2720 		    "(%dMB cache, %dMB execution), %s\n",
2721 		    aac_describe_code(aac_cpu_variant, info->CpuVariant),
2722 		    info->ClockSpeed, info->TotalMem / (1024 * 1024),
2723 		    info->BufferMem / (1024 * 1024),
2724 		    info->ExecutionMem / (1024 * 1024),
2725 		    aac_describe_code(aac_battery_platform,
2726 		    info->batteryPlatform));
2727 
2728 		device_printf(sc->aac_dev,
2729 		    "Kernel %d.%d-%d, Build %d, S/N %6X\n",
2730 		    info->KernelRevision.external.comp.major,
2731 		    info->KernelRevision.external.comp.minor,
2732 		    info->KernelRevision.external.comp.dash,
2733 		    info->KernelRevision.buildNumber,
2734 		    (u_int32_t)(info->SerialNumber & 0xffffff));
2735 
2736 		device_printf(sc->aac_dev, "Supported Options=%b\n",
2737 			      sc->supported_options,
2738 			      "\20"
2739 			      "\1SNAPSHOT"
2740 			      "\2CLUSTERS"
2741 			      "\3WCACHE"
2742 			      "\4DATA64"
2743 			      "\5HOSTTIME"
2744 			      "\6RAID50"
2745 			      "\7WINDOW4GB"
2746 			      "\10SCSIUPGD"
2747 			      "\11SOFTERR"
2748 			      "\12NORECOND"
2749 			      "\13SGMAP64"
2750 			      "\14ALARM"
2751 			      "\15NONDASD"
2752 			      "\16SCSIMGT"
2753 			      "\17RAIDSCSI"
2754 			      "\21ADPTINFO"
2755 			      "\22NEWCOMM"
2756 			      "\23ARRAY64BIT"
2757 			      "\24HEATSENSOR");
2758 	}
2759 
2760 	if (sc->supported_options & AAC_SUPPORTED_SUPPLEMENT_ADAPTER_INFO) {
2761 		fib->data[0] = 0;
2762 		if (aac_sync_fib(sc, RequestSupplementAdapterInfo, 0, fib, 1))
2763 			device_printf(sc->aac_dev,
2764 			    "RequestSupplementAdapterInfo failed\n");
2765 		else
2766 			adapter_type = ((struct aac_supplement_adapter_info *)
2767 			    &fib->data[0])->AdapterTypeText;
2768 	}
2769 	device_printf(sc->aac_dev, "%s, aac driver %d.%d.%d-%d\n",
2770 		adapter_type,
2771 		AAC_DRIVER_MAJOR_VERSION, AAC_DRIVER_MINOR_VERSION,
2772 		AAC_DRIVER_BUGFIX_LEVEL, AAC_DRIVER_BUILD);
2773 
2774 	aac_release_sync_fib(sc);
2775 	mtx_unlock(&sc->aac_io_lock);
2776 }
2777 
2778 /*
2779  * Look up a text description of a numeric error code and return a pointer to
2780  * same.
2781  */
2782 static const char *
2783 aac_describe_code(const struct aac_code_lookup *table, u_int32_t code)
2784 {
2785 	int i;
2786 
2787 	for (i = 0; table[i].string != NULL; i++)
2788 		if (table[i].code == code)
2789 			return(table[i].string);
2790 	return(table[i + 1].string);
2791 }
2792 
2793 /*
2794  * Management Interface
2795  */
2796 
2797 static int
2798 aac_open(struct cdev *dev, int flags, int fmt, struct thread *td)
2799 {
2800 	struct aac_softc *sc;
2801 
2802 	sc = dev->si_drv1;
2803 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2804 	device_busy(sc->aac_dev);
2805 	devfs_set_cdevpriv(sc, aac_cdevpriv_dtor);
2806 
2807 	return 0;
2808 }
2809 
2810 static int
2811 aac_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int flag, struct thread *td)
2812 {
2813 	union aac_statrequest *as;
2814 	struct aac_softc *sc;
2815 	int error = 0;
2816 
2817 	as = (union aac_statrequest *)arg;
2818 	sc = dev->si_drv1;
2819 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2820 
2821 	switch (cmd) {
2822 	case AACIO_STATS:
2823 		switch (as->as_item) {
2824 		case AACQ_FREE:
2825 		case AACQ_BIO:
2826 		case AACQ_READY:
2827 		case AACQ_BUSY:
2828 			bcopy(&sc->aac_qstat[as->as_item], &as->as_qstat,
2829 			      sizeof(struct aac_qstat));
2830 			break;
2831 		default:
2832 			error = ENOENT;
2833 			break;
2834 		}
2835 	break;
2836 
2837 	case FSACTL_SENDFIB:
2838 	case FSACTL_SEND_LARGE_FIB:
2839 		arg = *(caddr_t*)arg;
2840 	case FSACTL_LNX_SENDFIB:
2841 	case FSACTL_LNX_SEND_LARGE_FIB:
2842 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_SENDFIB");
2843 		error = aac_ioctl_sendfib(sc, arg);
2844 		break;
2845 	case FSACTL_SEND_RAW_SRB:
2846 		arg = *(caddr_t*)arg;
2847 	case FSACTL_LNX_SEND_RAW_SRB:
2848 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_SEND_RAW_SRB");
2849 		error = aac_ioctl_send_raw_srb(sc, arg);
2850 		break;
2851 	case FSACTL_AIF_THREAD:
2852 	case FSACTL_LNX_AIF_THREAD:
2853 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_AIF_THREAD");
2854 		error = EINVAL;
2855 		break;
2856 	case FSACTL_OPEN_GET_ADAPTER_FIB:
2857 		arg = *(caddr_t*)arg;
2858 	case FSACTL_LNX_OPEN_GET_ADAPTER_FIB:
2859 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_OPEN_GET_ADAPTER_FIB");
2860 		error = aac_open_aif(sc, arg);
2861 		break;
2862 	case FSACTL_GET_NEXT_ADAPTER_FIB:
2863 		arg = *(caddr_t*)arg;
2864 	case FSACTL_LNX_GET_NEXT_ADAPTER_FIB:
2865 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_GET_NEXT_ADAPTER_FIB");
2866 		error = aac_getnext_aif(sc, arg);
2867 		break;
2868 	case FSACTL_CLOSE_GET_ADAPTER_FIB:
2869 		arg = *(caddr_t*)arg;
2870 	case FSACTL_LNX_CLOSE_GET_ADAPTER_FIB:
2871 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_CLOSE_GET_ADAPTER_FIB");
2872 		error = aac_close_aif(sc, arg);
2873 		break;
2874 	case FSACTL_MINIPORT_REV_CHECK:
2875 		arg = *(caddr_t*)arg;
2876 	case FSACTL_LNX_MINIPORT_REV_CHECK:
2877 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_MINIPORT_REV_CHECK");
2878 		error = aac_rev_check(sc, arg);
2879 		break;
2880 	case FSACTL_QUERY_DISK:
2881 		arg = *(caddr_t*)arg;
2882 	case FSACTL_LNX_QUERY_DISK:
2883 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_QUERY_DISK");
2884 		error = aac_query_disk(sc, arg);
2885 		break;
2886 	case FSACTL_DELETE_DISK:
2887 	case FSACTL_LNX_DELETE_DISK:
2888 		/*
2889 		 * We don't trust the underland to tell us when to delete a
2890 		 * container, rather we rely on an AIF coming from the
2891 		 * controller
2892 		 */
2893 		error = 0;
2894 		break;
2895 	case FSACTL_GET_PCI_INFO:
2896 		arg = *(caddr_t*)arg;
2897 	case FSACTL_LNX_GET_PCI_INFO:
2898 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_GET_PCI_INFO");
2899 		error = aac_get_pci_info(sc, arg);
2900 		break;
2901 	case FSACTL_GET_FEATURES:
2902 		arg = *(caddr_t*)arg;
2903 	case FSACTL_LNX_GET_FEATURES:
2904 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_GET_FEATURES");
2905 		error = aac_supported_features(sc, arg);
2906 		break;
2907 	default:
2908 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "unsupported cmd 0x%lx\n", cmd);
2909 		error = EINVAL;
2910 		break;
2911 	}
2912 	return(error);
2913 }
2914 
2915 static int
2916 aac_poll(struct cdev *dev, int poll_events, struct thread *td)
2917 {
2918 	struct aac_softc *sc;
2919 	struct aac_fib_context *ctx;
2920 	int revents;
2921 
2922 	sc = dev->si_drv1;
2923 	revents = 0;
2924 
2925 	mtx_lock(&sc->aac_aifq_lock);
2926 	if ((poll_events & (POLLRDNORM | POLLIN)) != 0) {
2927 		for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
2928 			if (ctx->ctx_idx != sc->aifq_idx || ctx->ctx_wrap) {
2929 				revents |= poll_events & (POLLIN | POLLRDNORM);
2930 				break;
2931 			}
2932 		}
2933 	}
2934 	mtx_unlock(&sc->aac_aifq_lock);
2935 
2936 	if (revents == 0) {
2937 		if (poll_events & (POLLIN | POLLRDNORM))
2938 			selrecord(td, &sc->rcv_select);
2939 	}
2940 
2941 	return (revents);
2942 }
2943 
2944 static void
2945 aac_ioctl_event(struct aac_softc *sc, struct aac_event *event, void *arg)
2946 {
2947 
2948 	switch (event->ev_type) {
2949 	case AAC_EVENT_CMFREE:
2950 		mtx_assert(&sc->aac_io_lock, MA_OWNED);
2951 		if (aac_alloc_command(sc, (struct aac_command **)arg)) {
2952 			aac_add_event(sc, event);
2953 			return;
2954 		}
2955 		free(event, M_AACBUF);
2956 		wakeup(arg);
2957 		break;
2958 	default:
2959 		break;
2960 	}
2961 }
2962 
2963 /*
2964  * Send a FIB supplied from userspace
2965  */
2966 static int
2967 aac_ioctl_sendfib(struct aac_softc *sc, caddr_t ufib)
2968 {
2969 	struct aac_command *cm;
2970 	int size, error;
2971 
2972 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2973 
2974 	cm = NULL;
2975 
2976 	/*
2977 	 * Get a command
2978 	 */
2979 	mtx_lock(&sc->aac_io_lock);
2980 	if (aac_alloc_command(sc, &cm)) {
2981 		struct aac_event *event;
2982 
2983 		event = malloc(sizeof(struct aac_event), M_AACBUF,
2984 		    M_NOWAIT | M_ZERO);
2985 		if (event == NULL) {
2986 			error = EBUSY;
2987 			mtx_unlock(&sc->aac_io_lock);
2988 			goto out;
2989 		}
2990 		event->ev_type = AAC_EVENT_CMFREE;
2991 		event->ev_callback = aac_ioctl_event;
2992 		event->ev_arg = &cm;
2993 		aac_add_event(sc, event);
2994 		msleep(&cm, &sc->aac_io_lock, 0, "sendfib", 0);
2995 	}
2996 	mtx_unlock(&sc->aac_io_lock);
2997 
2998 	/*
2999 	 * Fetch the FIB header, then re-copy to get data as well.
3000 	 */
3001 	if ((error = copyin(ufib, cm->cm_fib,
3002 			    sizeof(struct aac_fib_header))) != 0)
3003 		goto out;
3004 	size = cm->cm_fib->Header.Size + sizeof(struct aac_fib_header);
3005 	if (size > sc->aac_max_fib_size) {
3006 		device_printf(sc->aac_dev, "incoming FIB oversized (%d > %d)\n",
3007 			      size, sc->aac_max_fib_size);
3008 		size = sc->aac_max_fib_size;
3009 	}
3010 	if ((error = copyin(ufib, cm->cm_fib, size)) != 0)
3011 		goto out;
3012 	cm->cm_fib->Header.Size = size;
3013 	cm->cm_timestamp = time_uptime;
3014 
3015 	/*
3016 	 * Pass the FIB to the controller, wait for it to complete.
3017 	 */
3018 	mtx_lock(&sc->aac_io_lock);
3019 	error = aac_wait_command(cm);
3020 	mtx_unlock(&sc->aac_io_lock);
3021 	if (error != 0) {
3022 		device_printf(sc->aac_dev,
3023 			      "aac_wait_command return %d\n", error);
3024 		goto out;
3025 	}
3026 
3027 	/*
3028 	 * Copy the FIB and data back out to the caller.
3029 	 */
3030 	size = cm->cm_fib->Header.Size;
3031 	if (size > sc->aac_max_fib_size) {
3032 		device_printf(sc->aac_dev, "outbound FIB oversized (%d > %d)\n",
3033 			      size, sc->aac_max_fib_size);
3034 		size = sc->aac_max_fib_size;
3035 	}
3036 	error = copyout(cm->cm_fib, ufib, size);
3037 
3038 out:
3039 	if (cm != NULL) {
3040 		mtx_lock(&sc->aac_io_lock);
3041 		aac_release_command(cm);
3042 		mtx_unlock(&sc->aac_io_lock);
3043 	}
3044 	return(error);
3045 }
3046 
3047 /*
3048  * Send a passthrough FIB supplied from userspace
3049  */
3050 static int
3051 aac_ioctl_send_raw_srb(struct aac_softc *sc, caddr_t arg)
3052 {
3053 	struct aac_command *cm;
3054 	struct aac_event *event;
3055 	struct aac_fib *fib;
3056 	struct aac_srb *srbcmd, *user_srb;
3057 	struct aac_sg_entry *sge;
3058 	struct aac_sg_entry64 *sge64;
3059 	void *srb_sg_address, *ureply;
3060 	uint32_t fibsize, srb_sg_bytecount;
3061 	int error, transfer_data;
3062 
3063 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3064 
3065 	cm = NULL;
3066 	transfer_data = 0;
3067 	fibsize = 0;
3068 	user_srb = (struct aac_srb *)arg;
3069 
3070 	mtx_lock(&sc->aac_io_lock);
3071 	if (aac_alloc_command(sc, &cm)) {
3072 		 event = malloc(sizeof(struct aac_event), M_AACBUF,
3073 		    M_NOWAIT | M_ZERO);
3074 		if (event == NULL) {
3075 			error = EBUSY;
3076 			mtx_unlock(&sc->aac_io_lock);
3077 			goto out;
3078 		}
3079 		event->ev_type = AAC_EVENT_CMFREE;
3080 		event->ev_callback = aac_ioctl_event;
3081 		event->ev_arg = &cm;
3082 		aac_add_event(sc, event);
3083 		msleep(cm, &sc->aac_io_lock, 0, "aacraw", 0);
3084 	}
3085 	mtx_unlock(&sc->aac_io_lock);
3086 
3087 	cm->cm_data = NULL;
3088 	fib = cm->cm_fib;
3089 	srbcmd = (struct aac_srb *)fib->data;
3090 	error = copyin(&user_srb->data_len, &fibsize, sizeof(uint32_t));
3091 	if (error != 0)
3092 		goto out;
3093 	if (fibsize > (sc->aac_max_fib_size - sizeof(struct aac_fib_header))) {
3094 		error = EINVAL;
3095 		goto out;
3096 	}
3097 	error = copyin(user_srb, srbcmd, fibsize);
3098 	if (error != 0)
3099 		goto out;
3100 	srbcmd->function = 0;
3101 	srbcmd->retry_limit = 0;
3102 	if (srbcmd->sg_map.SgCount > 1) {
3103 		error = EINVAL;
3104 		goto out;
3105 	}
3106 
3107 	/* Retrieve correct SG entries. */
3108 	if (fibsize == (sizeof(struct aac_srb) +
3109 	    srbcmd->sg_map.SgCount * sizeof(struct aac_sg_entry))) {
3110 		struct aac_sg_entry sg;
3111 
3112 		sge = srbcmd->sg_map.SgEntry;
3113 		sge64 = NULL;
3114 
3115 		if ((error = copyin(sge, &sg, sizeof(sg))) != 0)
3116 			goto out;
3117 
3118 		srb_sg_bytecount = sg.SgByteCount;
3119 		srb_sg_address = (void *)(uintptr_t)sg.SgAddress;
3120 	}
3121 #ifdef __amd64__
3122 	else if (fibsize == (sizeof(struct aac_srb) +
3123 	    srbcmd->sg_map.SgCount * sizeof(struct aac_sg_entry64))) {
3124 		struct aac_sg_entry64 sg;
3125 
3126 		sge = NULL;
3127 		sge64 = (struct aac_sg_entry64 *)srbcmd->sg_map.SgEntry;
3128 
3129 		if ((error = copyin(sge64, &sg, sizeof(sg))) != 0)
3130 			goto out;
3131 
3132 		srb_sg_bytecount = sg.SgByteCount;
3133 		srb_sg_address = (void *)sg.SgAddress;
3134 		if (sge64->SgAddress > 0xffffffffull &&
3135 		    (sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
3136 			error = EINVAL;
3137 			goto out;
3138 		}
3139 	}
3140 #endif
3141 	else {
3142 		error = EINVAL;
3143 		goto out;
3144 	}
3145 	ureply = (char *)arg + fibsize;
3146 	srbcmd->data_len = srb_sg_bytecount;
3147 	if (srbcmd->sg_map.SgCount == 1)
3148 		transfer_data = 1;
3149 
3150 	cm->cm_sgtable = (struct aac_sg_table *)&srbcmd->sg_map;
3151 	if (transfer_data) {
3152 		cm->cm_datalen = srb_sg_bytecount;
3153 		cm->cm_data = malloc(cm->cm_datalen, M_AACBUF, M_NOWAIT);
3154 		if (cm->cm_data == NULL) {
3155 			error = ENOMEM;
3156 			goto out;
3157 		}
3158 		if (srbcmd->flags & AAC_SRB_FLAGS_DATA_IN)
3159 			cm->cm_flags |= AAC_CMD_DATAIN;
3160 		if (srbcmd->flags & AAC_SRB_FLAGS_DATA_OUT) {
3161 			cm->cm_flags |= AAC_CMD_DATAOUT;
3162 			error = copyin(srb_sg_address, cm->cm_data,
3163 			    cm->cm_datalen);
3164 			if (error != 0)
3165 				goto out;
3166 		}
3167 	}
3168 
3169 	fib->Header.Size = sizeof(struct aac_fib_header) +
3170 	    sizeof(struct aac_srb);
3171 	fib->Header.XferState =
3172 	    AAC_FIBSTATE_HOSTOWNED   |
3173 	    AAC_FIBSTATE_INITIALISED |
3174 	    AAC_FIBSTATE_EMPTY       |
3175 	    AAC_FIBSTATE_FROMHOST    |
3176 	    AAC_FIBSTATE_REXPECTED   |
3177 	    AAC_FIBSTATE_NORM        |
3178 	    AAC_FIBSTATE_ASYNC       |
3179 	    AAC_FIBSTATE_FAST_RESPONSE;
3180 	fib->Header.Command = (sc->flags & AAC_FLAGS_SG_64BIT) != 0 ?
3181 	    ScsiPortCommandU64 : ScsiPortCommand;
3182 
3183 	mtx_lock(&sc->aac_io_lock);
3184 	aac_wait_command(cm);
3185 	mtx_unlock(&sc->aac_io_lock);
3186 
3187 	if (transfer_data && (srbcmd->flags & AAC_SRB_FLAGS_DATA_IN) != 0) {
3188 		error = copyout(cm->cm_data, srb_sg_address, cm->cm_datalen);
3189 		if (error != 0)
3190 			goto out;
3191 	}
3192 	error = copyout(fib->data, ureply, sizeof(struct aac_srb_response));
3193 out:
3194 	if (cm != NULL) {
3195 		if (cm->cm_data != NULL)
3196 			free(cm->cm_data, M_AACBUF);
3197 		mtx_lock(&sc->aac_io_lock);
3198 		aac_release_command(cm);
3199 		mtx_unlock(&sc->aac_io_lock);
3200 	}
3201 	return(error);
3202 }
3203 
3204 /*
3205  * cdevpriv interface private destructor.
3206  */
3207 static void
3208 aac_cdevpriv_dtor(void *arg)
3209 {
3210 	struct aac_softc *sc;
3211 
3212 	sc = arg;
3213 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3214 	device_unbusy(sc->aac_dev);
3215 }
3216 
3217 /*
3218  * Handle an AIF sent to us by the controller; queue it for later reference.
3219  * If the queue fills up, then drop the older entries.
3220  */
3221 static void
3222 aac_handle_aif(struct aac_softc *sc, struct aac_fib *fib)
3223 {
3224 	struct aac_aif_command *aif;
3225 	struct aac_container *co, *co_next;
3226 	struct aac_fib_context *ctx;
3227 	struct aac_mntinforesp *mir;
3228 	int next, current, found;
3229 	int count = 0, added = 0, i = 0;
3230 	uint32_t channel;
3231 
3232 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3233 
3234 	aif = (struct aac_aif_command*)&fib->data[0];
3235 	aac_print_aif(sc, aif);
3236 
3237 	/* Is it an event that we should care about? */
3238 	switch (aif->command) {
3239 	case AifCmdEventNotify:
3240 		switch (aif->data.EN.type) {
3241 		case AifEnAddContainer:
3242 		case AifEnDeleteContainer:
3243 			/*
3244 			 * A container was added or deleted, but the message
3245 			 * doesn't tell us anything else!  Re-enumerate the
3246 			 * containers and sort things out.
3247 			 */
3248 			aac_alloc_sync_fib(sc, &fib);
3249 			do {
3250 				/*
3251 				 * Ask the controller for its containers one at
3252 				 * a time.
3253 				 * XXX What if the controller's list changes
3254 				 * midway through this enumaration?
3255 				 * XXX This should be done async.
3256 				 */
3257 				if ((mir = aac_get_container_info(sc, fib, i)) == NULL)
3258 					continue;
3259 				if (i == 0)
3260 					count = mir->MntRespCount;
3261 				/*
3262 				 * Check the container against our list.
3263 				 * co->co_found was already set to 0 in a
3264 				 * previous run.
3265 				 */
3266 				if ((mir->Status == ST_OK) &&
3267 				    (mir->MntTable[0].VolType != CT_NONE)) {
3268 					found = 0;
3269 					TAILQ_FOREACH(co,
3270 						      &sc->aac_container_tqh,
3271 						      co_link) {
3272 						if (co->co_mntobj.ObjectId ==
3273 						    mir->MntTable[0].ObjectId) {
3274 							co->co_found = 1;
3275 							found = 1;
3276 							break;
3277 						}
3278 					}
3279 					/*
3280 					 * If the container matched, continue
3281 					 * in the list.
3282 					 */
3283 					if (found) {
3284 						i++;
3285 						continue;
3286 					}
3287 
3288 					/*
3289 					 * This is a new container.  Do all the
3290 					 * appropriate things to set it up.
3291 					 */
3292 					aac_add_container(sc, mir, 1);
3293 					added = 1;
3294 				}
3295 				i++;
3296 			} while ((i < count) && (i < AAC_MAX_CONTAINERS));
3297 			aac_release_sync_fib(sc);
3298 
3299 			/*
3300 			 * Go through our list of containers and see which ones
3301 			 * were not marked 'found'.  Since the controller didn't
3302 			 * list them they must have been deleted.  Do the
3303 			 * appropriate steps to destroy the device.  Also reset
3304 			 * the co->co_found field.
3305 			 */
3306 			co = TAILQ_FIRST(&sc->aac_container_tqh);
3307 			while (co != NULL) {
3308 				if (co->co_found == 0) {
3309 					mtx_unlock(&sc->aac_io_lock);
3310 					mtx_lock(&Giant);
3311 					device_delete_child(sc->aac_dev,
3312 							    co->co_disk);
3313 					mtx_unlock(&Giant);
3314 					mtx_lock(&sc->aac_io_lock);
3315 					co_next = TAILQ_NEXT(co, co_link);
3316 					mtx_lock(&sc->aac_container_lock);
3317 					TAILQ_REMOVE(&sc->aac_container_tqh, co,
3318 						     co_link);
3319 					mtx_unlock(&sc->aac_container_lock);
3320 					free(co, M_AACBUF);
3321 					co = co_next;
3322 				} else {
3323 					co->co_found = 0;
3324 					co = TAILQ_NEXT(co, co_link);
3325 				}
3326 			}
3327 
3328 			/* Attach the newly created containers */
3329 			if (added) {
3330 				mtx_unlock(&sc->aac_io_lock);
3331 				mtx_lock(&Giant);
3332 				bus_generic_attach(sc->aac_dev);
3333 				mtx_unlock(&Giant);
3334 				mtx_lock(&sc->aac_io_lock);
3335 			}
3336 
3337 			break;
3338 
3339 		case AifEnEnclosureManagement:
3340 			switch (aif->data.EN.data.EEE.eventType) {
3341 			case AIF_EM_DRIVE_INSERTION:
3342 			case AIF_EM_DRIVE_REMOVAL:
3343 				channel = aif->data.EN.data.EEE.unitID;
3344 				if (sc->cam_rescan_cb != NULL)
3345 					sc->cam_rescan_cb(sc,
3346 					    (channel >> 24) & 0xF,
3347 					    (channel & 0xFFFF));
3348 				break;
3349 			}
3350 			break;
3351 
3352 		case AifEnAddJBOD:
3353 		case AifEnDeleteJBOD:
3354 			channel = aif->data.EN.data.ECE.container;
3355 			if (sc->cam_rescan_cb != NULL)
3356 				sc->cam_rescan_cb(sc, (channel >> 24) & 0xF,
3357 				    AAC_CAM_TARGET_WILDCARD);
3358 			break;
3359 
3360 		default:
3361 			break;
3362 		}
3363 
3364 	default:
3365 		break;
3366 	}
3367 
3368 	/* Copy the AIF data to the AIF queue for ioctl retrieval */
3369 	mtx_lock(&sc->aac_aifq_lock);
3370 	current = sc->aifq_idx;
3371 	next = (current + 1) % AAC_AIFQ_LENGTH;
3372 	if (next == 0)
3373 		sc->aifq_filled = 1;
3374 	bcopy(fib, &sc->aac_aifq[current], sizeof(struct aac_fib));
3375 	/* modify AIF contexts */
3376 	if (sc->aifq_filled) {
3377 		for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
3378 			if (next == ctx->ctx_idx)
3379 				ctx->ctx_wrap = 1;
3380 			else if (current == ctx->ctx_idx && ctx->ctx_wrap)
3381 				ctx->ctx_idx = next;
3382 		}
3383 	}
3384 	sc->aifq_idx = next;
3385 	/* On the off chance that someone is sleeping for an aif... */
3386 	if (sc->aac_state & AAC_STATE_AIF_SLEEPER)
3387 		wakeup(sc->aac_aifq);
3388 	/* Wakeup any poll()ers */
3389 	selwakeuppri(&sc->rcv_select, PRIBIO);
3390 	mtx_unlock(&sc->aac_aifq_lock);
3391 }
3392 
3393 /*
3394  * Return the Revision of the driver to userspace and check to see if the
3395  * userspace app is possibly compatible.  This is extremely bogus since
3396  * our driver doesn't follow Adaptec's versioning system.  Cheat by just
3397  * returning what the card reported.
3398  */
3399 static int
3400 aac_rev_check(struct aac_softc *sc, caddr_t udata)
3401 {
3402 	struct aac_rev_check rev_check;
3403 	struct aac_rev_check_resp rev_check_resp;
3404 	int error = 0;
3405 
3406 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3407 
3408 	/*
3409 	 * Copyin the revision struct from userspace
3410 	 */
3411 	if ((error = copyin(udata, (caddr_t)&rev_check,
3412 			sizeof(struct aac_rev_check))) != 0) {
3413 		return error;
3414 	}
3415 
3416 	fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "Userland revision= %d\n",
3417 	      rev_check.callingRevision.buildNumber);
3418 
3419 	/*
3420 	 * Doctor up the response struct.
3421 	 */
3422 	rev_check_resp.possiblyCompatible = 1;
3423 	rev_check_resp.adapterSWRevision.external.comp.major =
3424 	    AAC_DRIVER_MAJOR_VERSION;
3425 	rev_check_resp.adapterSWRevision.external.comp.minor =
3426 	    AAC_DRIVER_MINOR_VERSION;
3427 	rev_check_resp.adapterSWRevision.external.comp.type =
3428 	    AAC_DRIVER_TYPE;
3429 	rev_check_resp.adapterSWRevision.external.comp.dash =
3430 	    AAC_DRIVER_BUGFIX_LEVEL;
3431 	rev_check_resp.adapterSWRevision.buildNumber =
3432 	    AAC_DRIVER_BUILD;
3433 
3434 	return(copyout((caddr_t)&rev_check_resp, udata,
3435 			sizeof(struct aac_rev_check_resp)));
3436 }
3437 
3438 /*
3439  * Pass the fib context to the caller
3440  */
3441 static int
3442 aac_open_aif(struct aac_softc *sc, caddr_t arg)
3443 {
3444 	struct aac_fib_context *fibctx, *ctx;
3445 	int error = 0;
3446 
3447 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3448 
3449 	fibctx = malloc(sizeof(struct aac_fib_context), M_AACBUF, M_NOWAIT|M_ZERO);
3450 	if (fibctx == NULL)
3451 		return (ENOMEM);
3452 
3453 	mtx_lock(&sc->aac_aifq_lock);
3454 	/* all elements are already 0, add to queue */
3455 	if (sc->fibctx == NULL)
3456 		sc->fibctx = fibctx;
3457 	else {
3458 		for (ctx = sc->fibctx; ctx->next; ctx = ctx->next)
3459 			;
3460 		ctx->next = fibctx;
3461 		fibctx->prev = ctx;
3462 	}
3463 
3464 	/* evaluate unique value */
3465 	fibctx->unique = (*(u_int32_t *)&fibctx & 0xffffffff);
3466 	ctx = sc->fibctx;
3467 	while (ctx != fibctx) {
3468 		if (ctx->unique == fibctx->unique) {
3469 			fibctx->unique++;
3470 			ctx = sc->fibctx;
3471 		} else {
3472 			ctx = ctx->next;
3473 		}
3474 	}
3475 	mtx_unlock(&sc->aac_aifq_lock);
3476 
3477 	error = copyout(&fibctx->unique, (void *)arg, sizeof(u_int32_t));
3478 	if (error)
3479 		aac_close_aif(sc, (caddr_t)ctx);
3480 	return error;
3481 }
3482 
3483 /*
3484  * Close the caller's fib context
3485  */
3486 static int
3487 aac_close_aif(struct aac_softc *sc, caddr_t arg)
3488 {
3489 	struct aac_fib_context *ctx;
3490 
3491 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3492 
3493 	mtx_lock(&sc->aac_aifq_lock);
3494 	for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
3495 		if (ctx->unique == *(uint32_t *)&arg) {
3496 			if (ctx == sc->fibctx)
3497 				sc->fibctx = NULL;
3498 			else {
3499 				ctx->prev->next = ctx->next;
3500 				if (ctx->next)
3501 					ctx->next->prev = ctx->prev;
3502 			}
3503 			break;
3504 		}
3505 	}
3506 	mtx_unlock(&sc->aac_aifq_lock);
3507 	if (ctx)
3508 		free(ctx, M_AACBUF);
3509 
3510 	return 0;
3511 }
3512 
3513 /*
3514  * Pass the caller the next AIF in their queue
3515  */
3516 static int
3517 aac_getnext_aif(struct aac_softc *sc, caddr_t arg)
3518 {
3519 	struct get_adapter_fib_ioctl agf;
3520 	struct aac_fib_context *ctx;
3521 	int error;
3522 
3523 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3524 
3525 #ifdef COMPAT_FREEBSD32
3526 	if (SV_CURPROC_FLAG(SV_ILP32)) {
3527 		struct get_adapter_fib_ioctl32 agf32;
3528 		error = copyin(arg, &agf32, sizeof(agf32));
3529 		if (error == 0) {
3530 			agf.AdapterFibContext = agf32.AdapterFibContext;
3531 			agf.Wait = agf32.Wait;
3532 			agf.AifFib = (caddr_t)(uintptr_t)agf32.AifFib;
3533 		}
3534 	} else
3535 #endif
3536 		error = copyin(arg, &agf, sizeof(agf));
3537 	if (error == 0) {
3538 		for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
3539 			if (agf.AdapterFibContext == ctx->unique)
3540 				break;
3541 		}
3542 		if (!ctx)
3543 			return (EFAULT);
3544 
3545 		error = aac_return_aif(sc, ctx, agf.AifFib);
3546 		if (error == EAGAIN && agf.Wait) {
3547 			fwprintf(sc, HBA_FLAGS_DBG_AIF_B, "aac_getnext_aif(): waiting for AIF");
3548 			sc->aac_state |= AAC_STATE_AIF_SLEEPER;
3549 			while (error == EAGAIN) {
3550 				error = tsleep(sc->aac_aifq, PRIBIO |
3551 					       PCATCH, "aacaif", 0);
3552 				if (error == 0)
3553 					error = aac_return_aif(sc, ctx, agf.AifFib);
3554 			}
3555 			sc->aac_state &= ~AAC_STATE_AIF_SLEEPER;
3556 		}
3557 	}
3558 	return(error);
3559 }
3560 
3561 /*
3562  * Hand the next AIF off the top of the queue out to userspace.
3563  */
3564 static int
3565 aac_return_aif(struct aac_softc *sc, struct aac_fib_context *ctx, caddr_t uptr)
3566 {
3567 	int current, error;
3568 
3569 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3570 
3571 	mtx_lock(&sc->aac_aifq_lock);
3572 	current = ctx->ctx_idx;
3573 	if (current == sc->aifq_idx && !ctx->ctx_wrap) {
3574 		/* empty */
3575 		mtx_unlock(&sc->aac_aifq_lock);
3576 		return (EAGAIN);
3577 	}
3578 	error =
3579 		copyout(&sc->aac_aifq[current], (void *)uptr, sizeof(struct aac_fib));
3580 	if (error)
3581 		device_printf(sc->aac_dev,
3582 		    "aac_return_aif: copyout returned %d\n", error);
3583 	else {
3584 		ctx->ctx_wrap = 0;
3585 		ctx->ctx_idx = (current + 1) % AAC_AIFQ_LENGTH;
3586 	}
3587 	mtx_unlock(&sc->aac_aifq_lock);
3588 	return(error);
3589 }
3590 
3591 static int
3592 aac_get_pci_info(struct aac_softc *sc, caddr_t uptr)
3593 {
3594 	struct aac_pci_info {
3595 		u_int32_t bus;
3596 		u_int32_t slot;
3597 	} pciinf;
3598 	int error;
3599 
3600 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3601 
3602 	pciinf.bus = pci_get_bus(sc->aac_dev);
3603 	pciinf.slot = pci_get_slot(sc->aac_dev);
3604 
3605 	error = copyout((caddr_t)&pciinf, uptr,
3606 			sizeof(struct aac_pci_info));
3607 
3608 	return (error);
3609 }
3610 
3611 static int
3612 aac_supported_features(struct aac_softc *sc, caddr_t uptr)
3613 {
3614 	struct aac_features f;
3615 	int error;
3616 
3617 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3618 
3619 	if ((error = copyin(uptr, &f, sizeof (f))) != 0)
3620 		return (error);
3621 
3622 	/*
3623 	 * When the management driver receives FSACTL_GET_FEATURES ioctl with
3624 	 * ALL zero in the featuresState, the driver will return the current
3625 	 * state of all the supported features, the data field will not be
3626 	 * valid.
3627 	 * When the management driver receives FSACTL_GET_FEATURES ioctl with
3628 	 * a specific bit set in the featuresState, the driver will return the
3629 	 * current state of this specific feature and whatever data that are
3630 	 * associated with the feature in the data field or perform whatever
3631 	 * action needed indicates in the data field.
3632 	 */
3633 	if (f.feat.fValue == 0) {
3634 		f.feat.fBits.largeLBA =
3635 		    (sc->flags & AAC_FLAGS_LBA_64BIT) ? 1 : 0;
3636 		/* TODO: In the future, add other features state here as well */
3637 	} else {
3638 		if (f.feat.fBits.largeLBA)
3639 			f.feat.fBits.largeLBA =
3640 			    (sc->flags & AAC_FLAGS_LBA_64BIT) ? 1 : 0;
3641 		/* TODO: Add other features state and data in the future */
3642 	}
3643 
3644 	error = copyout(&f, uptr, sizeof (f));
3645 	return (error);
3646 }
3647 
3648 /*
3649  * Give the userland some information about the container.  The AAC arch
3650  * expects the driver to be a SCSI passthrough type driver, so it expects
3651  * the containers to have b:t:l numbers.  Fake it.
3652  */
3653 static int
3654 aac_query_disk(struct aac_softc *sc, caddr_t uptr)
3655 {
3656 	struct aac_query_disk query_disk;
3657 	struct aac_container *co;
3658 	struct aac_disk	*disk;
3659 	int error, id;
3660 
3661 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3662 
3663 	disk = NULL;
3664 
3665 	error = copyin(uptr, (caddr_t)&query_disk,
3666 		       sizeof(struct aac_query_disk));
3667 	if (error)
3668 		return (error);
3669 
3670 	id = query_disk.ContainerNumber;
3671 	if (id == -1)
3672 		return (EINVAL);
3673 
3674 	mtx_lock(&sc->aac_container_lock);
3675 	TAILQ_FOREACH(co, &sc->aac_container_tqh, co_link) {
3676 		if (co->co_mntobj.ObjectId == id)
3677 			break;
3678 		}
3679 
3680 	if (co == NULL) {
3681 			query_disk.Valid = 0;
3682 			query_disk.Locked = 0;
3683 			query_disk.Deleted = 1;		/* XXX is this right? */
3684 	} else {
3685 		disk = device_get_softc(co->co_disk);
3686 		query_disk.Valid = 1;
3687 		query_disk.Locked =
3688 		    (disk->ad_flags & AAC_DISK_OPEN) ? 1 : 0;
3689 		query_disk.Deleted = 0;
3690 		query_disk.Bus = device_get_unit(sc->aac_dev);
3691 		query_disk.Target = disk->unit;
3692 		query_disk.Lun = 0;
3693 		query_disk.UnMapped = 0;
3694 		sprintf(&query_disk.diskDeviceName[0], "%s%d",
3695 			disk->ad_disk->d_name, disk->ad_disk->d_unit);
3696 	}
3697 	mtx_unlock(&sc->aac_container_lock);
3698 
3699 	error = copyout((caddr_t)&query_disk, uptr,
3700 			sizeof(struct aac_query_disk));
3701 
3702 	return (error);
3703 }
3704 
3705 static void
3706 aac_get_bus_info(struct aac_softc *sc)
3707 {
3708 	struct aac_fib *fib;
3709 	struct aac_ctcfg *c_cmd;
3710 	struct aac_ctcfg_resp *c_resp;
3711 	struct aac_vmioctl *vmi;
3712 	struct aac_vmi_businf_resp *vmi_resp;
3713 	struct aac_getbusinf businfo;
3714 	struct aac_sim *caminf;
3715 	device_t child;
3716 	int i, found, error;
3717 
3718 	mtx_lock(&sc->aac_io_lock);
3719 	aac_alloc_sync_fib(sc, &fib);
3720 	c_cmd = (struct aac_ctcfg *)&fib->data[0];
3721 	bzero(c_cmd, sizeof(struct aac_ctcfg));
3722 
3723 	c_cmd->Command = VM_ContainerConfig;
3724 	c_cmd->cmd = CT_GET_SCSI_METHOD;
3725 	c_cmd->param = 0;
3726 
3727 	error = aac_sync_fib(sc, ContainerCommand, 0, fib,
3728 	    sizeof(struct aac_ctcfg));
3729 	if (error) {
3730 		device_printf(sc->aac_dev, "Error %d sending "
3731 		    "VM_ContainerConfig command\n", error);
3732 		aac_release_sync_fib(sc);
3733 		mtx_unlock(&sc->aac_io_lock);
3734 		return;
3735 	}
3736 
3737 	c_resp = (struct aac_ctcfg_resp *)&fib->data[0];
3738 	if (c_resp->Status != ST_OK) {
3739 		device_printf(sc->aac_dev, "VM_ContainerConfig returned 0x%x\n",
3740 		    c_resp->Status);
3741 		aac_release_sync_fib(sc);
3742 		mtx_unlock(&sc->aac_io_lock);
3743 		return;
3744 	}
3745 
3746 	sc->scsi_method_id = c_resp->param;
3747 
3748 	vmi = (struct aac_vmioctl *)&fib->data[0];
3749 	bzero(vmi, sizeof(struct aac_vmioctl));
3750 
3751 	vmi->Command = VM_Ioctl;
3752 	vmi->ObjType = FT_DRIVE;
3753 	vmi->MethId = sc->scsi_method_id;
3754 	vmi->ObjId = 0;
3755 	vmi->IoctlCmd = GetBusInfo;
3756 
3757 	error = aac_sync_fib(sc, ContainerCommand, 0, fib,
3758 	    sizeof(struct aac_vmi_businf_resp));
3759 	if (error) {
3760 		device_printf(sc->aac_dev, "Error %d sending VMIoctl command\n",
3761 		    error);
3762 		aac_release_sync_fib(sc);
3763 		mtx_unlock(&sc->aac_io_lock);
3764 		return;
3765 	}
3766 
3767 	vmi_resp = (struct aac_vmi_businf_resp *)&fib->data[0];
3768 	if (vmi_resp->Status != ST_OK) {
3769 		device_printf(sc->aac_dev, "VM_Ioctl returned %d\n",
3770 		    vmi_resp->Status);
3771 		aac_release_sync_fib(sc);
3772 		mtx_unlock(&sc->aac_io_lock);
3773 		return;
3774 	}
3775 
3776 	bcopy(&vmi_resp->BusInf, &businfo, sizeof(struct aac_getbusinf));
3777 	aac_release_sync_fib(sc);
3778 	mtx_unlock(&sc->aac_io_lock);
3779 
3780 	found = 0;
3781 	for (i = 0; i < businfo.BusCount; i++) {
3782 		if (businfo.BusValid[i] != AAC_BUS_VALID)
3783 			continue;
3784 
3785 		caminf = (struct aac_sim *)malloc( sizeof(struct aac_sim),
3786 		    M_AACBUF, M_NOWAIT | M_ZERO);
3787 		if (caminf == NULL) {
3788 			device_printf(sc->aac_dev,
3789 			    "No memory to add passthrough bus %d\n", i);
3790 			break;
3791 		}
3792 
3793 		child = device_add_child(sc->aac_dev, "aacp", -1);
3794 		if (child == NULL) {
3795 			device_printf(sc->aac_dev,
3796 			    "device_add_child failed for passthrough bus %d\n",
3797 			    i);
3798 			free(caminf, M_AACBUF);
3799 			break;
3800 		}
3801 
3802 		caminf->TargetsPerBus = businfo.TargetsPerBus;
3803 		caminf->BusNumber = i;
3804 		caminf->InitiatorBusId = businfo.InitiatorBusId[i];
3805 		caminf->aac_sc = sc;
3806 		caminf->sim_dev = child;
3807 
3808 		device_set_ivars(child, caminf);
3809 		device_set_desc(child, "SCSI Passthrough Bus");
3810 		TAILQ_INSERT_TAIL(&sc->aac_sim_tqh, caminf, sim_link);
3811 
3812 		found = 1;
3813 	}
3814 
3815 	if (found)
3816 		bus_generic_attach(sc->aac_dev);
3817 }
3818