xref: /freebsd/sys/dev/aac/aac.c (revision d8a0fe102c0cfdfcd5b818f850eff09d8536c9bc)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
3  *
4  * Copyright (c) 2000 Michael Smith
5  * Copyright (c) 2001 Scott Long
6  * Copyright (c) 2000 BSDi
7  * Copyright (c) 2001 Adaptec, Inc.
8  * All rights reserved.
9  *
10  * Redistribution and use in source and binary forms, with or without
11  * modification, are permitted provided that the following conditions
12  * are met:
13  * 1. Redistributions of source code must retain the above copyright
14  *    notice, this list of conditions and the following disclaimer.
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
23  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29  * SUCH DAMAGE.
30  */
31 
32 #include <sys/cdefs.h>
33 __FBSDID("$FreeBSD$");
34 
35 /*
36  * Driver for the Adaptec 'FSA' family of PCI/SCSI RAID adapters.
37  */
38 #define AAC_DRIVERNAME			"aac"
39 
40 #include "opt_aac.h"
41 
42 /* #include <stddef.h> */
43 #include <sys/param.h>
44 #include <sys/systm.h>
45 #include <sys/malloc.h>
46 #include <sys/kernel.h>
47 #include <sys/kthread.h>
48 #include <sys/sysctl.h>
49 #include <sys/poll.h>
50 #include <sys/ioccom.h>
51 
52 #include <sys/bus.h>
53 #include <sys/conf.h>
54 #include <sys/signalvar.h>
55 #include <sys/time.h>
56 #include <sys/eventhandler.h>
57 #include <sys/rman.h>
58 
59 #include <machine/bus.h>
60 #include <machine/resource.h>
61 
62 #include <dev/pci/pcireg.h>
63 #include <dev/pci/pcivar.h>
64 
65 #include <dev/aac/aacreg.h>
66 #include <sys/aac_ioctl.h>
67 #include <dev/aac/aacvar.h>
68 #include <dev/aac/aac_tables.h>
69 
70 static void	aac_startup(void *arg);
71 static void	aac_add_container(struct aac_softc *sc,
72 				  struct aac_mntinforesp *mir, int f);
73 static void	aac_get_bus_info(struct aac_softc *sc);
74 static void	aac_daemon(void *arg);
75 
76 /* Command Processing */
77 static void	aac_timeout(struct aac_softc *sc);
78 static void	aac_complete(void *context, int pending);
79 static int	aac_bio_command(struct aac_softc *sc, struct aac_command **cmp);
80 static void	aac_bio_complete(struct aac_command *cm);
81 static int	aac_wait_command(struct aac_command *cm);
82 static void	aac_command_thread(struct aac_softc *sc);
83 
84 /* Command Buffer Management */
85 static void	aac_map_command_sg(void *arg, bus_dma_segment_t *segs,
86 				   int nseg, int error);
87 static void	aac_map_command_helper(void *arg, bus_dma_segment_t *segs,
88 				       int nseg, int error);
89 static int	aac_alloc_commands(struct aac_softc *sc);
90 static void	aac_free_commands(struct aac_softc *sc);
91 static void	aac_unmap_command(struct aac_command *cm);
92 
93 /* Hardware Interface */
94 static int	aac_alloc(struct aac_softc *sc);
95 static void	aac_common_map(void *arg, bus_dma_segment_t *segs, int nseg,
96 			       int error);
97 static int	aac_check_firmware(struct aac_softc *sc);
98 static int	aac_init(struct aac_softc *sc);
99 static int	aac_sync_command(struct aac_softc *sc, u_int32_t command,
100 				 u_int32_t arg0, u_int32_t arg1, u_int32_t arg2,
101 				 u_int32_t arg3, u_int32_t *sp);
102 static int	aac_setup_intr(struct aac_softc *sc);
103 static int	aac_enqueue_fib(struct aac_softc *sc, int queue,
104 				struct aac_command *cm);
105 static int	aac_dequeue_fib(struct aac_softc *sc, int queue,
106 				u_int32_t *fib_size, struct aac_fib **fib_addr);
107 static int	aac_enqueue_response(struct aac_softc *sc, int queue,
108 				     struct aac_fib *fib);
109 
110 /* StrongARM interface */
111 static int	aac_sa_get_fwstatus(struct aac_softc *sc);
112 static void	aac_sa_qnotify(struct aac_softc *sc, int qbit);
113 static int	aac_sa_get_istatus(struct aac_softc *sc);
114 static void	aac_sa_clear_istatus(struct aac_softc *sc, int mask);
115 static void	aac_sa_set_mailbox(struct aac_softc *sc, u_int32_t command,
116 				   u_int32_t arg0, u_int32_t arg1,
117 				   u_int32_t arg2, u_int32_t arg3);
118 static int	aac_sa_get_mailbox(struct aac_softc *sc, int mb);
119 static void	aac_sa_set_interrupts(struct aac_softc *sc, int enable);
120 
121 const struct aac_interface aac_sa_interface = {
122 	aac_sa_get_fwstatus,
123 	aac_sa_qnotify,
124 	aac_sa_get_istatus,
125 	aac_sa_clear_istatus,
126 	aac_sa_set_mailbox,
127 	aac_sa_get_mailbox,
128 	aac_sa_set_interrupts,
129 	NULL, NULL, NULL
130 };
131 
132 /* i960Rx interface */
133 static int	aac_rx_get_fwstatus(struct aac_softc *sc);
134 static void	aac_rx_qnotify(struct aac_softc *sc, int qbit);
135 static int	aac_rx_get_istatus(struct aac_softc *sc);
136 static void	aac_rx_clear_istatus(struct aac_softc *sc, int mask);
137 static void	aac_rx_set_mailbox(struct aac_softc *sc, u_int32_t command,
138 				   u_int32_t arg0, u_int32_t arg1,
139 				   u_int32_t arg2, u_int32_t arg3);
140 static int	aac_rx_get_mailbox(struct aac_softc *sc, int mb);
141 static void	aac_rx_set_interrupts(struct aac_softc *sc, int enable);
142 static int aac_rx_send_command(struct aac_softc *sc, struct aac_command *cm);
143 static int aac_rx_get_outb_queue(struct aac_softc *sc);
144 static void aac_rx_set_outb_queue(struct aac_softc *sc, int index);
145 
146 const struct aac_interface aac_rx_interface = {
147 	aac_rx_get_fwstatus,
148 	aac_rx_qnotify,
149 	aac_rx_get_istatus,
150 	aac_rx_clear_istatus,
151 	aac_rx_set_mailbox,
152 	aac_rx_get_mailbox,
153 	aac_rx_set_interrupts,
154 	aac_rx_send_command,
155 	aac_rx_get_outb_queue,
156 	aac_rx_set_outb_queue
157 };
158 
159 /* Rocket/MIPS interface */
160 static int	aac_rkt_get_fwstatus(struct aac_softc *sc);
161 static void	aac_rkt_qnotify(struct aac_softc *sc, int qbit);
162 static int	aac_rkt_get_istatus(struct aac_softc *sc);
163 static void	aac_rkt_clear_istatus(struct aac_softc *sc, int mask);
164 static void	aac_rkt_set_mailbox(struct aac_softc *sc, u_int32_t command,
165 				    u_int32_t arg0, u_int32_t arg1,
166 				    u_int32_t arg2, u_int32_t arg3);
167 static int	aac_rkt_get_mailbox(struct aac_softc *sc, int mb);
168 static void	aac_rkt_set_interrupts(struct aac_softc *sc, int enable);
169 static int aac_rkt_send_command(struct aac_softc *sc, struct aac_command *cm);
170 static int aac_rkt_get_outb_queue(struct aac_softc *sc);
171 static void aac_rkt_set_outb_queue(struct aac_softc *sc, int index);
172 
173 const struct aac_interface aac_rkt_interface = {
174 	aac_rkt_get_fwstatus,
175 	aac_rkt_qnotify,
176 	aac_rkt_get_istatus,
177 	aac_rkt_clear_istatus,
178 	aac_rkt_set_mailbox,
179 	aac_rkt_get_mailbox,
180 	aac_rkt_set_interrupts,
181 	aac_rkt_send_command,
182 	aac_rkt_get_outb_queue,
183 	aac_rkt_set_outb_queue
184 };
185 
186 /* Debugging and Diagnostics */
187 static void		aac_describe_controller(struct aac_softc *sc);
188 static const char	*aac_describe_code(const struct aac_code_lookup *table,
189 				   u_int32_t code);
190 
191 /* Management Interface */
192 static d_open_t		aac_open;
193 static d_ioctl_t	aac_ioctl;
194 static d_poll_t		aac_poll;
195 static void		aac_cdevpriv_dtor(void *arg);
196 static int		aac_ioctl_sendfib(struct aac_softc *sc, caddr_t ufib);
197 static int		aac_ioctl_send_raw_srb(struct aac_softc *sc, caddr_t arg);
198 static void		aac_handle_aif(struct aac_softc *sc,
199 					   struct aac_fib *fib);
200 static int		aac_rev_check(struct aac_softc *sc, caddr_t udata);
201 static int		aac_open_aif(struct aac_softc *sc, caddr_t arg);
202 static int		aac_close_aif(struct aac_softc *sc, caddr_t arg);
203 static int		aac_getnext_aif(struct aac_softc *sc, caddr_t arg);
204 static int		aac_return_aif(struct aac_softc *sc,
205 					struct aac_fib_context *ctx, caddr_t uptr);
206 static int		aac_query_disk(struct aac_softc *sc, caddr_t uptr);
207 static int		aac_get_pci_info(struct aac_softc *sc, caddr_t uptr);
208 static int		aac_supported_features(struct aac_softc *sc, caddr_t uptr);
209 static void		aac_ioctl_event(struct aac_softc *sc,
210 					struct aac_event *event, void *arg);
211 static struct aac_mntinforesp *
212 	aac_get_container_info(struct aac_softc *sc, struct aac_fib *fib, int cid);
213 
214 static struct cdevsw aac_cdevsw = {
215 	.d_version =	D_VERSION,
216 	.d_flags =	D_NEEDGIANT,
217 	.d_open =	aac_open,
218 	.d_ioctl =	aac_ioctl,
219 	.d_poll =	aac_poll,
220 	.d_name =	"aac",
221 };
222 
223 static MALLOC_DEFINE(M_AACBUF, "aacbuf", "Buffers for the AAC driver");
224 
225 /* sysctl node */
226 SYSCTL_NODE(_hw, OID_AUTO, aac, CTLFLAG_RD, 0, "AAC driver parameters");
227 
228 /*
229  * Device Interface
230  */
231 
232 /*
233  * Initialize the controller and softc
234  */
235 int
236 aac_attach(struct aac_softc *sc)
237 {
238 	int error, unit;
239 
240 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
241 
242 	/*
243 	 * Initialize per-controller queues.
244 	 */
245 	aac_initq_free(sc);
246 	aac_initq_ready(sc);
247 	aac_initq_busy(sc);
248 	aac_initq_bio(sc);
249 
250 	/*
251 	 * Initialize command-completion task.
252 	 */
253 	TASK_INIT(&sc->aac_task_complete, 0, aac_complete, sc);
254 
255 	/* mark controller as suspended until we get ourselves organised */
256 	sc->aac_state |= AAC_STATE_SUSPEND;
257 
258 	/*
259 	 * Check that the firmware on the card is supported.
260 	 */
261 	if ((error = aac_check_firmware(sc)) != 0)
262 		return(error);
263 
264 	/*
265 	 * Initialize locks
266 	 */
267 	mtx_init(&sc->aac_aifq_lock, "AAC AIF lock", NULL, MTX_DEF);
268 	mtx_init(&sc->aac_io_lock, "AAC I/O lock", NULL, MTX_DEF);
269 	mtx_init(&sc->aac_container_lock, "AAC container lock", NULL, MTX_DEF);
270 	TAILQ_INIT(&sc->aac_container_tqh);
271 	TAILQ_INIT(&sc->aac_ev_cmfree);
272 
273 	/* Initialize the clock daemon callout. */
274 	callout_init_mtx(&sc->aac_daemontime, &sc->aac_io_lock, 0);
275 
276 	/*
277 	 * Initialize the adapter.
278 	 */
279 	if ((error = aac_alloc(sc)) != 0)
280 		return(error);
281 	if ((error = aac_init(sc)) != 0)
282 		return(error);
283 
284 	/*
285 	 * Allocate and connect our interrupt.
286 	 */
287 	if ((error = aac_setup_intr(sc)) != 0)
288 		return(error);
289 
290 	/*
291 	 * Print a little information about the controller.
292 	 */
293 	aac_describe_controller(sc);
294 
295 	/*
296 	 * Add sysctls.
297 	 */
298 	SYSCTL_ADD_INT(device_get_sysctl_ctx(sc->aac_dev),
299 	    SYSCTL_CHILDREN(device_get_sysctl_tree(sc->aac_dev)),
300 	    OID_AUTO, "firmware_build", CTLFLAG_RD,
301 	    &sc->aac_revision.buildNumber, 0,
302 	    "firmware build number");
303 
304 	/*
305 	 * Register to probe our containers later.
306 	 */
307 	sc->aac_ich.ich_func = aac_startup;
308 	sc->aac_ich.ich_arg = sc;
309 	if (config_intrhook_establish(&sc->aac_ich) != 0) {
310 		device_printf(sc->aac_dev,
311 			      "can't establish configuration hook\n");
312 		return(ENXIO);
313 	}
314 
315 	/*
316 	 * Make the control device.
317 	 */
318 	unit = device_get_unit(sc->aac_dev);
319 	sc->aac_dev_t = make_dev(&aac_cdevsw, unit, UID_ROOT, GID_OPERATOR,
320 				 0640, "aac%d", unit);
321 	(void)make_dev_alias(sc->aac_dev_t, "afa%d", unit);
322 	(void)make_dev_alias(sc->aac_dev_t, "hpn%d", unit);
323 	sc->aac_dev_t->si_drv1 = sc;
324 
325 	/* Create the AIF thread */
326 	if (kproc_create((void(*)(void *))aac_command_thread, sc,
327 		   &sc->aifthread, 0, 0, "aac%daif", unit))
328 		panic("Could not create AIF thread");
329 
330 	/* Register the shutdown method to only be called post-dump */
331 	if ((sc->eh = EVENTHANDLER_REGISTER(shutdown_final, aac_shutdown,
332 	    sc->aac_dev, SHUTDOWN_PRI_DEFAULT)) == NULL)
333 		device_printf(sc->aac_dev,
334 			      "shutdown event registration failed\n");
335 
336 	/* Register with CAM for the non-DASD devices */
337 	if ((sc->flags & AAC_FLAGS_ENABLE_CAM) != 0) {
338 		TAILQ_INIT(&sc->aac_sim_tqh);
339 		aac_get_bus_info(sc);
340 	}
341 
342 	mtx_lock(&sc->aac_io_lock);
343 	callout_reset(&sc->aac_daemontime, 60 * hz, aac_daemon, sc);
344 	mtx_unlock(&sc->aac_io_lock);
345 
346 	return(0);
347 }
348 
349 static void
350 aac_daemon(void *arg)
351 {
352 	struct timeval tv;
353 	struct aac_softc *sc;
354 	struct aac_fib *fib;
355 
356 	sc = arg;
357 	mtx_assert(&sc->aac_io_lock, MA_OWNED);
358 
359 	if (callout_pending(&sc->aac_daemontime) ||
360 	    callout_active(&sc->aac_daemontime) == 0)
361 		return;
362 	getmicrotime(&tv);
363 	aac_alloc_sync_fib(sc, &fib);
364 	*(uint32_t *)fib->data = tv.tv_sec;
365 	aac_sync_fib(sc, SendHostTime, 0, fib, sizeof(uint32_t));
366 	aac_release_sync_fib(sc);
367 	callout_schedule(&sc->aac_daemontime, 30 * 60 * hz);
368 }
369 
370 void
371 aac_add_event(struct aac_softc *sc, struct aac_event *event)
372 {
373 
374 	switch (event->ev_type & AAC_EVENT_MASK) {
375 	case AAC_EVENT_CMFREE:
376 		TAILQ_INSERT_TAIL(&sc->aac_ev_cmfree, event, ev_links);
377 		break;
378 	default:
379 		device_printf(sc->aac_dev, "aac_add event: unknown event %d\n",
380 		    event->ev_type);
381 		break;
382 	}
383 }
384 
385 /*
386  * Request information of container #cid
387  */
388 static struct aac_mntinforesp *
389 aac_get_container_info(struct aac_softc *sc, struct aac_fib *fib, int cid)
390 {
391 	struct aac_mntinfo *mi;
392 
393 	mi = (struct aac_mntinfo *)&fib->data[0];
394 	/* use 64-bit LBA if enabled */
395 	mi->Command = (sc->flags & AAC_FLAGS_LBA_64BIT) ?
396 	    VM_NameServe64 : VM_NameServe;
397 	mi->MntType = FT_FILESYS;
398 	mi->MntCount = cid;
399 
400 	if (aac_sync_fib(sc, ContainerCommand, 0, fib,
401 			 sizeof(struct aac_mntinfo))) {
402 		device_printf(sc->aac_dev, "Error probing container %d\n", cid);
403 		return (NULL);
404 	}
405 
406 	return ((struct aac_mntinforesp *)&fib->data[0]);
407 }
408 
409 /*
410  * Probe for containers, create disks.
411  */
412 static void
413 aac_startup(void *arg)
414 {
415 	struct aac_softc *sc;
416 	struct aac_fib *fib;
417 	struct aac_mntinforesp *mir;
418 	int count = 0, i = 0;
419 
420 	sc = (struct aac_softc *)arg;
421 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
422 
423 	mtx_lock(&sc->aac_io_lock);
424 	aac_alloc_sync_fib(sc, &fib);
425 
426 	/* loop over possible containers */
427 	do {
428 		if ((mir = aac_get_container_info(sc, fib, i)) == NULL)
429 			continue;
430 		if (i == 0)
431 			count = mir->MntRespCount;
432 		aac_add_container(sc, mir, 0);
433 		i++;
434 	} while ((i < count) && (i < AAC_MAX_CONTAINERS));
435 
436 	aac_release_sync_fib(sc);
437 	mtx_unlock(&sc->aac_io_lock);
438 
439 	/* mark the controller up */
440 	sc->aac_state &= ~AAC_STATE_SUSPEND;
441 
442 	/* poke the bus to actually attach the child devices */
443 	if (bus_generic_attach(sc->aac_dev))
444 		device_printf(sc->aac_dev, "bus_generic_attach failed\n");
445 
446 	/* disconnect ourselves from the intrhook chain */
447 	config_intrhook_disestablish(&sc->aac_ich);
448 
449 	/* enable interrupts now */
450 	AAC_UNMASK_INTERRUPTS(sc);
451 }
452 
453 /*
454  * Create a device to represent a new container
455  */
456 static void
457 aac_add_container(struct aac_softc *sc, struct aac_mntinforesp *mir, int f)
458 {
459 	struct aac_container *co;
460 	device_t child;
461 
462 	/*
463 	 * Check container volume type for validity.  Note that many of
464 	 * the possible types may never show up.
465 	 */
466 	if ((mir->Status == ST_OK) && (mir->MntTable[0].VolType != CT_NONE)) {
467 		co = (struct aac_container *)malloc(sizeof *co, M_AACBUF,
468 		       M_NOWAIT | M_ZERO);
469 		if (co == NULL)
470 			panic("Out of memory?!");
471 		fwprintf(sc, HBA_FLAGS_DBG_INIT_B, "id %x  name '%.16s'  size %u  type %d",
472 		      mir->MntTable[0].ObjectId,
473 		      mir->MntTable[0].FileSystemName,
474 		      mir->MntTable[0].Capacity, mir->MntTable[0].VolType);
475 
476 		if ((child = device_add_child(sc->aac_dev, "aacd", -1)) == NULL)
477 			device_printf(sc->aac_dev, "device_add_child failed\n");
478 		else
479 			device_set_ivars(child, co);
480 		device_set_desc(child, aac_describe_code(aac_container_types,
481 				mir->MntTable[0].VolType));
482 		co->co_disk = child;
483 		co->co_found = f;
484 		bcopy(&mir->MntTable[0], &co->co_mntobj,
485 		      sizeof(struct aac_mntobj));
486 		mtx_lock(&sc->aac_container_lock);
487 		TAILQ_INSERT_TAIL(&sc->aac_container_tqh, co, co_link);
488 		mtx_unlock(&sc->aac_container_lock);
489 	}
490 }
491 
492 /*
493  * Allocate resources associated with (sc)
494  */
495 static int
496 aac_alloc(struct aac_softc *sc)
497 {
498 
499 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
500 
501 	/*
502 	 * Create DMA tag for mapping buffers into controller-addressable space.
503 	 */
504 	if (bus_dma_tag_create(sc->aac_parent_dmat, 	/* parent */
505 			       1, 0, 			/* algnmnt, boundary */
506 			       (sc->flags & AAC_FLAGS_SG_64BIT) ?
507 			       BUS_SPACE_MAXADDR :
508 			       BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
509 			       BUS_SPACE_MAXADDR, 	/* highaddr */
510 			       NULL, NULL, 		/* filter, filterarg */
511 			       sc->aac_max_sectors << 9, /* maxsize */
512 			       sc->aac_sg_tablesize,	/* nsegments */
513 			       BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
514 			       BUS_DMA_ALLOCNOW,	/* flags */
515 			       busdma_lock_mutex,	/* lockfunc */
516 			       &sc->aac_io_lock,	/* lockfuncarg */
517 			       &sc->aac_buffer_dmat)) {
518 		device_printf(sc->aac_dev, "can't allocate buffer DMA tag\n");
519 		return (ENOMEM);
520 	}
521 
522 	/*
523 	 * Create DMA tag for mapping FIBs into controller-addressable space..
524 	 */
525 	if (bus_dma_tag_create(sc->aac_parent_dmat,	/* parent */
526 			       1, 0, 			/* algnmnt, boundary */
527 			       (sc->flags & AAC_FLAGS_4GB_WINDOW) ?
528 			       BUS_SPACE_MAXADDR_32BIT :
529 			       0x7fffffff,		/* lowaddr */
530 			       BUS_SPACE_MAXADDR, 	/* highaddr */
531 			       NULL, NULL, 		/* filter, filterarg */
532 			       sc->aac_max_fibs_alloc *
533 			       sc->aac_max_fib_size,  /* maxsize */
534 			       1,			/* nsegments */
535 			       sc->aac_max_fibs_alloc *
536 			       sc->aac_max_fib_size,	/* maxsize */
537 			       0,			/* flags */
538 			       NULL, NULL,		/* No locking needed */
539 			       &sc->aac_fib_dmat)) {
540 		device_printf(sc->aac_dev, "can't allocate FIB DMA tag\n");
541 		return (ENOMEM);
542 	}
543 
544 	/*
545 	 * Create DMA tag for the common structure and allocate it.
546 	 */
547 	if (bus_dma_tag_create(sc->aac_parent_dmat, 	/* parent */
548 			       1, 0,			/* algnmnt, boundary */
549 			       (sc->flags & AAC_FLAGS_4GB_WINDOW) ?
550 			       BUS_SPACE_MAXADDR_32BIT :
551 			       0x7fffffff,		/* lowaddr */
552 			       BUS_SPACE_MAXADDR, 	/* highaddr */
553 			       NULL, NULL, 		/* filter, filterarg */
554 			       8192 + sizeof(struct aac_common), /* maxsize */
555 			       1,			/* nsegments */
556 			       BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
557 			       0,			/* flags */
558 			       NULL, NULL,		/* No locking needed */
559 			       &sc->aac_common_dmat)) {
560 		device_printf(sc->aac_dev,
561 			      "can't allocate common structure DMA tag\n");
562 		return (ENOMEM);
563 	}
564 	if (bus_dmamem_alloc(sc->aac_common_dmat, (void **)&sc->aac_common,
565 			     BUS_DMA_NOWAIT, &sc->aac_common_dmamap)) {
566 		device_printf(sc->aac_dev, "can't allocate common structure\n");
567 		return (ENOMEM);
568 	}
569 
570 	/*
571 	 * Work around a bug in the 2120 and 2200 that cannot DMA commands
572 	 * below address 8192 in physical memory.
573 	 * XXX If the padding is not needed, can it be put to use instead
574 	 * of ignored?
575 	 */
576 	(void)bus_dmamap_load(sc->aac_common_dmat, sc->aac_common_dmamap,
577 			sc->aac_common, 8192 + sizeof(*sc->aac_common),
578 			aac_common_map, sc, 0);
579 
580 	if (sc->aac_common_busaddr < 8192) {
581 		sc->aac_common = (struct aac_common *)
582 		    ((uint8_t *)sc->aac_common + 8192);
583 		sc->aac_common_busaddr += 8192;
584 	}
585 	bzero(sc->aac_common, sizeof(*sc->aac_common));
586 
587 	/* Allocate some FIBs and associated command structs */
588 	TAILQ_INIT(&sc->aac_fibmap_tqh);
589 	sc->aac_commands = malloc(sc->aac_max_fibs * sizeof(struct aac_command),
590 				  M_AACBUF, M_WAITOK|M_ZERO);
591 	while (sc->total_fibs < sc->aac_max_fibs) {
592 		if (aac_alloc_commands(sc) != 0)
593 			break;
594 	}
595 	if (sc->total_fibs == 0)
596 		return (ENOMEM);
597 
598 	return (0);
599 }
600 
601 /*
602  * Free all of the resources associated with (sc)
603  *
604  * Should not be called if the controller is active.
605  */
606 void
607 aac_free(struct aac_softc *sc)
608 {
609 
610 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
611 
612 	/* remove the control device */
613 	if (sc->aac_dev_t != NULL)
614 		destroy_dev(sc->aac_dev_t);
615 
616 	/* throw away any FIB buffers, discard the FIB DMA tag */
617 	aac_free_commands(sc);
618 	if (sc->aac_fib_dmat)
619 		bus_dma_tag_destroy(sc->aac_fib_dmat);
620 
621 	free(sc->aac_commands, M_AACBUF);
622 
623 	/* destroy the common area */
624 	if (sc->aac_common) {
625 		bus_dmamap_unload(sc->aac_common_dmat, sc->aac_common_dmamap);
626 		bus_dmamem_free(sc->aac_common_dmat, sc->aac_common,
627 				sc->aac_common_dmamap);
628 	}
629 	if (sc->aac_common_dmat)
630 		bus_dma_tag_destroy(sc->aac_common_dmat);
631 
632 	/* disconnect the interrupt handler */
633 	if (sc->aac_intr)
634 		bus_teardown_intr(sc->aac_dev, sc->aac_irq, sc->aac_intr);
635 	if (sc->aac_irq != NULL) {
636 		bus_release_resource(sc->aac_dev, SYS_RES_IRQ,
637 		    rman_get_rid(sc->aac_irq), sc->aac_irq);
638 		pci_release_msi(sc->aac_dev);
639 	}
640 
641 	/* destroy data-transfer DMA tag */
642 	if (sc->aac_buffer_dmat)
643 		bus_dma_tag_destroy(sc->aac_buffer_dmat);
644 
645 	/* destroy the parent DMA tag */
646 	if (sc->aac_parent_dmat)
647 		bus_dma_tag_destroy(sc->aac_parent_dmat);
648 
649 	/* release the register window mapping */
650 	if (sc->aac_regs_res0 != NULL)
651 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY,
652 		    rman_get_rid(sc->aac_regs_res0), sc->aac_regs_res0);
653 	if (sc->aac_hwif == AAC_HWIF_NARK && sc->aac_regs_res1 != NULL)
654 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY,
655 		    rman_get_rid(sc->aac_regs_res1), sc->aac_regs_res1);
656 }
657 
658 /*
659  * Disconnect from the controller completely, in preparation for unload.
660  */
661 int
662 aac_detach(device_t dev)
663 {
664 	struct aac_softc *sc;
665 	struct aac_container *co;
666 	struct aac_sim	*sim;
667 	int error;
668 
669 	sc = device_get_softc(dev);
670 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
671 
672 	callout_drain(&sc->aac_daemontime);
673 
674 	mtx_lock(&sc->aac_io_lock);
675 	while (sc->aifflags & AAC_AIFFLAGS_RUNNING) {
676 		sc->aifflags |= AAC_AIFFLAGS_EXIT;
677 		wakeup(sc->aifthread);
678 		msleep(sc->aac_dev, &sc->aac_io_lock, PUSER, "aacdch", 0);
679 	}
680 	mtx_unlock(&sc->aac_io_lock);
681 	KASSERT((sc->aifflags & AAC_AIFFLAGS_RUNNING) == 0,
682 	    ("%s: invalid detach state", __func__));
683 
684 	/* Remove the child containers */
685 	while ((co = TAILQ_FIRST(&sc->aac_container_tqh)) != NULL) {
686 		error = device_delete_child(dev, co->co_disk);
687 		if (error)
688 			return (error);
689 		TAILQ_REMOVE(&sc->aac_container_tqh, co, co_link);
690 		free(co, M_AACBUF);
691 	}
692 
693 	/* Remove the CAM SIMs */
694 	while ((sim = TAILQ_FIRST(&sc->aac_sim_tqh)) != NULL) {
695 		TAILQ_REMOVE(&sc->aac_sim_tqh, sim, sim_link);
696 		error = device_delete_child(dev, sim->sim_dev);
697 		if (error)
698 			return (error);
699 		free(sim, M_AACBUF);
700 	}
701 
702 	if ((error = aac_shutdown(dev)))
703 		return(error);
704 
705 	EVENTHANDLER_DEREGISTER(shutdown_final, sc->eh);
706 
707 	aac_free(sc);
708 
709 	mtx_destroy(&sc->aac_aifq_lock);
710 	mtx_destroy(&sc->aac_io_lock);
711 	mtx_destroy(&sc->aac_container_lock);
712 
713 	return(0);
714 }
715 
716 /*
717  * Bring the controller down to a dormant state and detach all child devices.
718  *
719  * This function is called before detach or system shutdown.
720  *
721  * Note that we can assume that the bioq on the controller is empty, as we won't
722  * allow shutdown if any device is open.
723  */
724 int
725 aac_shutdown(device_t dev)
726 {
727 	struct aac_softc *sc;
728 	struct aac_fib *fib;
729 	struct aac_close_command *cc;
730 
731 	sc = device_get_softc(dev);
732 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
733 
734 	sc->aac_state |= AAC_STATE_SUSPEND;
735 
736 	/*
737 	 * Send a Container shutdown followed by a HostShutdown FIB to the
738 	 * controller to convince it that we don't want to talk to it anymore.
739 	 * We've been closed and all I/O completed already
740 	 */
741 	device_printf(sc->aac_dev, "shutting down controller...");
742 
743 	mtx_lock(&sc->aac_io_lock);
744 	aac_alloc_sync_fib(sc, &fib);
745 	cc = (struct aac_close_command *)&fib->data[0];
746 
747 	bzero(cc, sizeof(struct aac_close_command));
748 	cc->Command = VM_CloseAll;
749 	cc->ContainerId = 0xffffffff;
750 	if (aac_sync_fib(sc, ContainerCommand, 0, fib,
751 	    sizeof(struct aac_close_command)))
752 		printf("FAILED.\n");
753 	else
754 		printf("done\n");
755 #if 0
756 	else {
757 		fib->data[0] = 0;
758 		/*
759 		 * XXX Issuing this command to the controller makes it shut down
760 		 * but also keeps it from coming back up without a reset of the
761 		 * PCI bus.  This is not desirable if you are just unloading the
762 		 * driver module with the intent to reload it later.
763 		 */
764 		if (aac_sync_fib(sc, FsaHostShutdown, AAC_FIBSTATE_SHUTDOWN,
765 		    fib, 1)) {
766 			printf("FAILED.\n");
767 		} else {
768 			printf("done.\n");
769 		}
770 	}
771 #endif
772 
773 	AAC_MASK_INTERRUPTS(sc);
774 	aac_release_sync_fib(sc);
775 	mtx_unlock(&sc->aac_io_lock);
776 
777 	return(0);
778 }
779 
780 /*
781  * Bring the controller to a quiescent state, ready for system suspend.
782  */
783 int
784 aac_suspend(device_t dev)
785 {
786 	struct aac_softc *sc;
787 
788 	sc = device_get_softc(dev);
789 
790 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
791 	sc->aac_state |= AAC_STATE_SUSPEND;
792 
793 	AAC_MASK_INTERRUPTS(sc);
794 	return(0);
795 }
796 
797 /*
798  * Bring the controller back to a state ready for operation.
799  */
800 int
801 aac_resume(device_t dev)
802 {
803 	struct aac_softc *sc;
804 
805 	sc = device_get_softc(dev);
806 
807 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
808 	sc->aac_state &= ~AAC_STATE_SUSPEND;
809 	AAC_UNMASK_INTERRUPTS(sc);
810 	return(0);
811 }
812 
813 /*
814  * Interrupt handler for NEW_COMM interface.
815  */
816 void
817 aac_new_intr(void *arg)
818 {
819 	struct aac_softc *sc;
820 	u_int32_t index, fast;
821 	struct aac_command *cm;
822 	struct aac_fib *fib;
823 	int i;
824 
825 	sc = (struct aac_softc *)arg;
826 
827 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
828 	mtx_lock(&sc->aac_io_lock);
829 	while (1) {
830 		index = AAC_GET_OUTB_QUEUE(sc);
831 		if (index == 0xffffffff)
832 			index = AAC_GET_OUTB_QUEUE(sc);
833 		if (index == 0xffffffff)
834 			break;
835 		if (index & 2) {
836 			if (index == 0xfffffffe) {
837 				/* XXX This means that the controller wants
838 				 * more work.  Ignore it for now.
839 				 */
840 				continue;
841 			}
842 			/* AIF */
843 			fib = (struct aac_fib *)malloc(sizeof *fib, M_AACBUF,
844 				   M_NOWAIT | M_ZERO);
845 			if (fib == NULL) {
846 				/* If we're really this short on memory,
847 				 * hopefully breaking out of the handler will
848 				 * allow something to get freed.  This
849 				 * actually sucks a whole lot.
850 				 */
851 				break;
852 			}
853 			index &= ~2;
854 			for (i = 0; i < sizeof(struct aac_fib)/4; ++i)
855 				((u_int32_t *)fib)[i] = AAC_MEM1_GETREG4(sc, index + i*4);
856 			aac_handle_aif(sc, fib);
857 			free(fib, M_AACBUF);
858 
859 			/*
860 			 * AIF memory is owned by the adapter, so let it
861 			 * know that we are done with it.
862 			 */
863 			AAC_SET_OUTB_QUEUE(sc, index);
864 			AAC_CLEAR_ISTATUS(sc, AAC_DB_RESPONSE_READY);
865 		} else {
866 			fast = index & 1;
867 			cm = sc->aac_commands + (index >> 2);
868 			fib = cm->cm_fib;
869 			if (fast) {
870 				fib->Header.XferState |= AAC_FIBSTATE_DONEADAP;
871 				*((u_int32_t *)(fib->data)) = AAC_ERROR_NORMAL;
872 			}
873 			aac_remove_busy(cm);
874  			aac_unmap_command(cm);
875 			cm->cm_flags |= AAC_CMD_COMPLETED;
876 
877 			/* is there a completion handler? */
878 			if (cm->cm_complete != NULL) {
879 				cm->cm_complete(cm);
880 			} else {
881 				/* assume that someone is sleeping on this
882 				 * command
883 				 */
884 				wakeup(cm);
885 			}
886 			sc->flags &= ~AAC_QUEUE_FRZN;
887 		}
888 	}
889 	/* see if we can start some more I/O */
890 	if ((sc->flags & AAC_QUEUE_FRZN) == 0)
891 		aac_startio(sc);
892 
893 	mtx_unlock(&sc->aac_io_lock);
894 }
895 
896 /*
897  * Interrupt filter for !NEW_COMM interface.
898  */
899 int
900 aac_filter(void *arg)
901 {
902 	struct aac_softc *sc;
903 	u_int16_t reason;
904 
905 	sc = (struct aac_softc *)arg;
906 
907 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
908 	/*
909 	 * Read the status register directly.  This is faster than taking the
910 	 * driver lock and reading the queues directly.  It also saves having
911 	 * to turn parts of the driver lock into a spin mutex, which would be
912 	 * ugly.
913 	 */
914 	reason = AAC_GET_ISTATUS(sc);
915 	AAC_CLEAR_ISTATUS(sc, reason);
916 
917 	/* handle completion processing */
918 	if (reason & AAC_DB_RESPONSE_READY)
919 		taskqueue_enqueue(taskqueue_fast, &sc->aac_task_complete);
920 
921 	/* controller wants to talk to us */
922 	if (reason & (AAC_DB_PRINTF | AAC_DB_COMMAND_READY)) {
923 		/*
924 		 * XXX Make sure that we don't get fooled by strange messages
925 		 * that start with a NULL.
926 		 */
927 		if ((reason & AAC_DB_PRINTF) &&
928 			(sc->aac_common->ac_printf[0] == 0))
929 			sc->aac_common->ac_printf[0] = 32;
930 
931 		/*
932 		 * This might miss doing the actual wakeup.  However, the
933 		 * msleep that this is waking up has a timeout, so it will
934 		 * wake up eventually.  AIFs and printfs are low enough
935 		 * priority that they can handle hanging out for a few seconds
936 		 * if needed.
937 		 */
938 		wakeup(sc->aifthread);
939 	}
940 	return (FILTER_HANDLED);
941 }
942 
943 /*
944  * Command Processing
945  */
946 
947 /*
948  * Start as much queued I/O as possible on the controller
949  */
950 void
951 aac_startio(struct aac_softc *sc)
952 {
953 	struct aac_command *cm;
954 	int error;
955 
956 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
957 
958 	for (;;) {
959 		/*
960 		 * This flag might be set if the card is out of resources.
961 		 * Checking it here prevents an infinite loop of deferrals.
962 		 */
963 		if (sc->flags & AAC_QUEUE_FRZN)
964 			break;
965 
966 		/*
967 		 * Try to get a command that's been put off for lack of
968 		 * resources
969 		 */
970 		cm = aac_dequeue_ready(sc);
971 
972 		/*
973 		 * Try to build a command off the bio queue (ignore error
974 		 * return)
975 		 */
976 		if (cm == NULL)
977 			aac_bio_command(sc, &cm);
978 
979 		/* nothing to do? */
980 		if (cm == NULL)
981 			break;
982 
983 		/* don't map more than once */
984 		if (cm->cm_flags & AAC_CMD_MAPPED)
985 			panic("aac: command %p already mapped", cm);
986 
987 		/*
988 		 * Set up the command to go to the controller.  If there are no
989 		 * data buffers associated with the command then it can bypass
990 		 * busdma.
991 		 */
992 		if (cm->cm_datalen != 0) {
993 			if (cm->cm_flags & AAC_REQ_BIO)
994 				error = bus_dmamap_load_bio(
995 				    sc->aac_buffer_dmat, cm->cm_datamap,
996 				    (struct bio *)cm->cm_private,
997 				    aac_map_command_sg, cm, 0);
998 			else
999 				error = bus_dmamap_load(sc->aac_buffer_dmat,
1000 				    cm->cm_datamap, cm->cm_data,
1001 				    cm->cm_datalen, aac_map_command_sg, cm, 0);
1002 			if (error == EINPROGRESS) {
1003 				fwprintf(sc, HBA_FLAGS_DBG_COMM_B, "freezing queue\n");
1004 				sc->flags |= AAC_QUEUE_FRZN;
1005 			} else if (error != 0)
1006 				panic("aac_startio: unexpected error %d from "
1007 				      "busdma", error);
1008 		} else
1009 			aac_map_command_sg(cm, NULL, 0, 0);
1010 	}
1011 }
1012 
1013 /*
1014  * Handle notification of one or more FIBs coming from the controller.
1015  */
1016 static void
1017 aac_command_thread(struct aac_softc *sc)
1018 {
1019 	struct aac_fib *fib;
1020 	u_int32_t fib_size;
1021 	int size, retval;
1022 
1023 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1024 
1025 	mtx_lock(&sc->aac_io_lock);
1026 	sc->aifflags = AAC_AIFFLAGS_RUNNING;
1027 
1028 	while ((sc->aifflags & AAC_AIFFLAGS_EXIT) == 0) {
1029 
1030 		retval = 0;
1031 		if ((sc->aifflags & AAC_AIFFLAGS_PENDING) == 0)
1032 			retval = msleep(sc->aifthread, &sc->aac_io_lock, PRIBIO,
1033 					"aifthd", AAC_PERIODIC_INTERVAL * hz);
1034 
1035 		/*
1036 		 * First see if any FIBs need to be allocated.  This needs
1037 		 * to be called without the driver lock because contigmalloc
1038 		 * can sleep.
1039 		 */
1040 		if ((sc->aifflags & AAC_AIFFLAGS_ALLOCFIBS) != 0) {
1041 			mtx_unlock(&sc->aac_io_lock);
1042 			aac_alloc_commands(sc);
1043 			mtx_lock(&sc->aac_io_lock);
1044 			sc->aifflags &= ~AAC_AIFFLAGS_ALLOCFIBS;
1045 			aac_startio(sc);
1046 		}
1047 
1048 		/*
1049 		 * While we're here, check to see if any commands are stuck.
1050 		 * This is pretty low-priority, so it's ok if it doesn't
1051 		 * always fire.
1052 		 */
1053 		if (retval == EWOULDBLOCK)
1054 			aac_timeout(sc);
1055 
1056 		/* Check the hardware printf message buffer */
1057 		if (sc->aac_common->ac_printf[0] != 0)
1058 			aac_print_printf(sc);
1059 
1060 		/* Also check to see if the adapter has a command for us. */
1061 		if (sc->flags & AAC_FLAGS_NEW_COMM)
1062 			continue;
1063 		for (;;) {
1064 			if (aac_dequeue_fib(sc, AAC_HOST_NORM_CMD_QUEUE,
1065 					   &fib_size, &fib))
1066 				break;
1067 
1068 			AAC_PRINT_FIB(sc, fib);
1069 
1070 			switch (fib->Header.Command) {
1071 			case AifRequest:
1072 				aac_handle_aif(sc, fib);
1073 				break;
1074 			default:
1075 				device_printf(sc->aac_dev, "unknown command "
1076 					      "from controller\n");
1077 				break;
1078 			}
1079 
1080 			if ((fib->Header.XferState == 0) ||
1081 			    (fib->Header.StructType != AAC_FIBTYPE_TFIB)) {
1082 				break;
1083 			}
1084 
1085 			/* Return the AIF to the controller. */
1086 			if (fib->Header.XferState & AAC_FIBSTATE_FROMADAP) {
1087 				fib->Header.XferState |= AAC_FIBSTATE_DONEHOST;
1088 				*(AAC_FSAStatus*)fib->data = ST_OK;
1089 
1090 				/* XXX Compute the Size field? */
1091 				size = fib->Header.Size;
1092 				if (size > sizeof(struct aac_fib)) {
1093 					size = sizeof(struct aac_fib);
1094 					fib->Header.Size = size;
1095 				}
1096 				/*
1097 				 * Since we did not generate this command, it
1098 				 * cannot go through the normal
1099 				 * enqueue->startio chain.
1100 				 */
1101 				aac_enqueue_response(sc,
1102 						 AAC_ADAP_NORM_RESP_QUEUE,
1103 						 fib);
1104 			}
1105 		}
1106 	}
1107 	sc->aifflags &= ~AAC_AIFFLAGS_RUNNING;
1108 	mtx_unlock(&sc->aac_io_lock);
1109 	wakeup(sc->aac_dev);
1110 
1111 	kproc_exit(0);
1112 }
1113 
1114 /*
1115  * Process completed commands.
1116  */
1117 static void
1118 aac_complete(void *context, int pending)
1119 {
1120 	struct aac_softc *sc;
1121 	struct aac_command *cm;
1122 	struct aac_fib *fib;
1123 	u_int32_t fib_size;
1124 
1125 	sc = (struct aac_softc *)context;
1126 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1127 
1128 	mtx_lock(&sc->aac_io_lock);
1129 
1130 	/* pull completed commands off the queue */
1131 	for (;;) {
1132 		/* look for completed FIBs on our queue */
1133 		if (aac_dequeue_fib(sc, AAC_HOST_NORM_RESP_QUEUE, &fib_size,
1134 							&fib))
1135 			break;	/* nothing to do */
1136 
1137 		/* get the command, unmap and hand off for processing */
1138 		cm = sc->aac_commands + fib->Header.SenderData;
1139 		if (cm == NULL) {
1140 			AAC_PRINT_FIB(sc, fib);
1141 			break;
1142 		}
1143 		if ((cm->cm_flags & AAC_CMD_TIMEDOUT) != 0)
1144 			device_printf(sc->aac_dev,
1145 			    "COMMAND %p COMPLETED AFTER %d SECONDS\n",
1146 			    cm, (int)(time_uptime-cm->cm_timestamp));
1147 
1148 		aac_remove_busy(cm);
1149 
1150  		aac_unmap_command(cm);
1151 		cm->cm_flags |= AAC_CMD_COMPLETED;
1152 
1153 		/* is there a completion handler? */
1154 		if (cm->cm_complete != NULL) {
1155 			cm->cm_complete(cm);
1156 		} else {
1157 			/* assume that someone is sleeping on this command */
1158 			wakeup(cm);
1159 		}
1160 	}
1161 
1162 	/* see if we can start some more I/O */
1163 	sc->flags &= ~AAC_QUEUE_FRZN;
1164 	aac_startio(sc);
1165 
1166 	mtx_unlock(&sc->aac_io_lock);
1167 }
1168 
1169 /*
1170  * Handle a bio submitted from a disk device.
1171  */
1172 void
1173 aac_submit_bio(struct bio *bp)
1174 {
1175 	struct aac_disk *ad;
1176 	struct aac_softc *sc;
1177 
1178 	ad = (struct aac_disk *)bp->bio_disk->d_drv1;
1179 	sc = ad->ad_controller;
1180 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1181 
1182 	/* queue the BIO and try to get some work done */
1183 	aac_enqueue_bio(sc, bp);
1184 	aac_startio(sc);
1185 }
1186 
1187 /*
1188  * Get a bio and build a command to go with it.
1189  */
1190 static int
1191 aac_bio_command(struct aac_softc *sc, struct aac_command **cmp)
1192 {
1193 	struct aac_command *cm;
1194 	struct aac_fib *fib;
1195 	struct aac_disk *ad;
1196 	struct bio *bp;
1197 
1198 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1199 
1200 	/* get the resources we will need */
1201 	cm = NULL;
1202 	bp = NULL;
1203 	if (aac_alloc_command(sc, &cm))	/* get a command */
1204 		goto fail;
1205 	if ((bp = aac_dequeue_bio(sc)) == NULL)
1206 		goto fail;
1207 
1208 	/* fill out the command */
1209 	cm->cm_datalen = bp->bio_bcount;
1210 	cm->cm_complete = aac_bio_complete;
1211 	cm->cm_flags = AAC_REQ_BIO;
1212 	cm->cm_private = bp;
1213 	cm->cm_timestamp = time_uptime;
1214 
1215 	/* build the FIB */
1216 	fib = cm->cm_fib;
1217 	fib->Header.Size = sizeof(struct aac_fib_header);
1218 	fib->Header.XferState =
1219 		AAC_FIBSTATE_HOSTOWNED   |
1220 		AAC_FIBSTATE_INITIALISED |
1221 		AAC_FIBSTATE_EMPTY	 |
1222 		AAC_FIBSTATE_FROMHOST	 |
1223 		AAC_FIBSTATE_REXPECTED   |
1224 		AAC_FIBSTATE_NORM	 |
1225 		AAC_FIBSTATE_ASYNC	 |
1226 		AAC_FIBSTATE_FAST_RESPONSE;
1227 
1228 	/* build the read/write request */
1229 	ad = (struct aac_disk *)bp->bio_disk->d_drv1;
1230 
1231 	if (sc->flags & AAC_FLAGS_RAW_IO) {
1232 		struct aac_raw_io *raw;
1233 		raw = (struct aac_raw_io *)&fib->data[0];
1234 		fib->Header.Command = RawIo;
1235 		raw->BlockNumber = (u_int64_t)bp->bio_pblkno;
1236 		raw->ByteCount = bp->bio_bcount;
1237 		raw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1238 		raw->BpTotal = 0;
1239 		raw->BpComplete = 0;
1240 		fib->Header.Size += sizeof(struct aac_raw_io);
1241 		cm->cm_sgtable = (struct aac_sg_table *)&raw->SgMapRaw;
1242 		if (bp->bio_cmd == BIO_READ) {
1243 			raw->Flags = 1;
1244 			cm->cm_flags |= AAC_CMD_DATAIN;
1245 		} else {
1246 			raw->Flags = 0;
1247 			cm->cm_flags |= AAC_CMD_DATAOUT;
1248 		}
1249 	} else if ((sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
1250 		fib->Header.Command = ContainerCommand;
1251 		if (bp->bio_cmd == BIO_READ) {
1252 			struct aac_blockread *br;
1253 			br = (struct aac_blockread *)&fib->data[0];
1254 			br->Command = VM_CtBlockRead;
1255 			br->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1256 			br->BlockNumber = bp->bio_pblkno;
1257 			br->ByteCount = bp->bio_bcount;
1258 			fib->Header.Size += sizeof(struct aac_blockread);
1259 			cm->cm_sgtable = &br->SgMap;
1260 			cm->cm_flags |= AAC_CMD_DATAIN;
1261 		} else {
1262 			struct aac_blockwrite *bw;
1263 			bw = (struct aac_blockwrite *)&fib->data[0];
1264 			bw->Command = VM_CtBlockWrite;
1265 			bw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1266 			bw->BlockNumber = bp->bio_pblkno;
1267 			bw->ByteCount = bp->bio_bcount;
1268 			bw->Stable = CUNSTABLE;
1269 			fib->Header.Size += sizeof(struct aac_blockwrite);
1270 			cm->cm_flags |= AAC_CMD_DATAOUT;
1271 			cm->cm_sgtable = &bw->SgMap;
1272 		}
1273 	} else {
1274 		fib->Header.Command = ContainerCommand64;
1275 		if (bp->bio_cmd == BIO_READ) {
1276 			struct aac_blockread64 *br;
1277 			br = (struct aac_blockread64 *)&fib->data[0];
1278 			br->Command = VM_CtHostRead64;
1279 			br->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1280 			br->SectorCount = bp->bio_bcount / AAC_BLOCK_SIZE;
1281 			br->BlockNumber = bp->bio_pblkno;
1282 			br->Pad = 0;
1283 			br->Flags = 0;
1284 			fib->Header.Size += sizeof(struct aac_blockread64);
1285 			cm->cm_flags |= AAC_CMD_DATAIN;
1286 			cm->cm_sgtable = (struct aac_sg_table *)&br->SgMap64;
1287 		} else {
1288 			struct aac_blockwrite64 *bw;
1289 			bw = (struct aac_blockwrite64 *)&fib->data[0];
1290 			bw->Command = VM_CtHostWrite64;
1291 			bw->ContainerId = ad->ad_container->co_mntobj.ObjectId;
1292 			bw->SectorCount = bp->bio_bcount / AAC_BLOCK_SIZE;
1293 			bw->BlockNumber = bp->bio_pblkno;
1294 			bw->Pad = 0;
1295 			bw->Flags = 0;
1296 			fib->Header.Size += sizeof(struct aac_blockwrite64);
1297 			cm->cm_flags |= AAC_CMD_DATAOUT;
1298 			cm->cm_sgtable = (struct aac_sg_table *)&bw->SgMap64;
1299 		}
1300 	}
1301 
1302 	*cmp = cm;
1303 	return(0);
1304 
1305 fail:
1306 	if (bp != NULL)
1307 		aac_enqueue_bio(sc, bp);
1308 	if (cm != NULL)
1309 		aac_release_command(cm);
1310 	return(ENOMEM);
1311 }
1312 
1313 /*
1314  * Handle a bio-instigated command that has been completed.
1315  */
1316 static void
1317 aac_bio_complete(struct aac_command *cm)
1318 {
1319 	struct aac_blockread_response *brr;
1320 	struct aac_blockwrite_response *bwr;
1321 	struct bio *bp;
1322 	AAC_FSAStatus status;
1323 
1324 	/* fetch relevant status and then release the command */
1325 	bp = (struct bio *)cm->cm_private;
1326 	if (bp->bio_cmd == BIO_READ) {
1327 		brr = (struct aac_blockread_response *)&cm->cm_fib->data[0];
1328 		status = brr->Status;
1329 	} else {
1330 		bwr = (struct aac_blockwrite_response *)&cm->cm_fib->data[0];
1331 		status = bwr->Status;
1332 	}
1333 	aac_release_command(cm);
1334 
1335 	/* fix up the bio based on status */
1336 	if (status == ST_OK) {
1337 		bp->bio_resid = 0;
1338 	} else {
1339 		bp->bio_error = EIO;
1340 		bp->bio_flags |= BIO_ERROR;
1341 	}
1342 	aac_biodone(bp);
1343 }
1344 
1345 /*
1346  * Submit a command to the controller, return when it completes.
1347  * XXX This is very dangerous!  If the card has gone out to lunch, we could
1348  *     be stuck here forever.  At the same time, signals are not caught
1349  *     because there is a risk that a signal could wakeup the sleep before
1350  *     the card has a chance to complete the command.  Since there is no way
1351  *     to cancel a command that is in progress, we can't protect against the
1352  *     card completing a command late and spamming the command and data
1353  *     memory.  So, we are held hostage until the command completes.
1354  */
1355 static int
1356 aac_wait_command(struct aac_command *cm)
1357 {
1358 	struct aac_softc *sc;
1359 	int error;
1360 
1361 	sc = cm->cm_sc;
1362 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1363 
1364 	/* Put the command on the ready queue and get things going */
1365 	aac_enqueue_ready(cm);
1366 	aac_startio(sc);
1367 	error = msleep(cm, &sc->aac_io_lock, PRIBIO, "aacwait", 0);
1368 	return(error);
1369 }
1370 
1371 /*
1372  *Command Buffer Management
1373  */
1374 
1375 /*
1376  * Allocate a command.
1377  */
1378 int
1379 aac_alloc_command(struct aac_softc *sc, struct aac_command **cmp)
1380 {
1381 	struct aac_command *cm;
1382 
1383 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1384 
1385 	if ((cm = aac_dequeue_free(sc)) == NULL) {
1386 		if (sc->total_fibs < sc->aac_max_fibs) {
1387 			mtx_lock(&sc->aac_io_lock);
1388 			sc->aifflags |= AAC_AIFFLAGS_ALLOCFIBS;
1389 			mtx_unlock(&sc->aac_io_lock);
1390 			wakeup(sc->aifthread);
1391 		}
1392 		return (EBUSY);
1393 	}
1394 
1395 	*cmp = cm;
1396 	return(0);
1397 }
1398 
1399 /*
1400  * Release a command back to the freelist.
1401  */
1402 void
1403 aac_release_command(struct aac_command *cm)
1404 {
1405 	struct aac_event *event;
1406 	struct aac_softc *sc;
1407 
1408 	sc = cm->cm_sc;
1409 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1410 
1411 	/* (re)initialize the command/FIB */
1412 	cm->cm_datalen = 0;
1413 	cm->cm_sgtable = NULL;
1414 	cm->cm_flags = 0;
1415 	cm->cm_complete = NULL;
1416 	cm->cm_private = NULL;
1417 	cm->cm_queue = AAC_ADAP_NORM_CMD_QUEUE;
1418 	cm->cm_fib->Header.XferState = AAC_FIBSTATE_EMPTY;
1419 	cm->cm_fib->Header.StructType = AAC_FIBTYPE_TFIB;
1420 	cm->cm_fib->Header.Flags = 0;
1421 	cm->cm_fib->Header.SenderSize = cm->cm_sc->aac_max_fib_size;
1422 
1423 	/*
1424 	 * These are duplicated in aac_start to cover the case where an
1425 	 * intermediate stage may have destroyed them.  They're left
1426 	 * initialized here for debugging purposes only.
1427 	 */
1428 	cm->cm_fib->Header.ReceiverFibAddress = (u_int32_t)cm->cm_fibphys;
1429 	cm->cm_fib->Header.SenderData = 0;
1430 
1431 	aac_enqueue_free(cm);
1432 
1433 	if ((event = TAILQ_FIRST(&sc->aac_ev_cmfree)) != NULL) {
1434 		TAILQ_REMOVE(&sc->aac_ev_cmfree, event, ev_links);
1435 		event->ev_callback(sc, event, event->ev_arg);
1436 	}
1437 }
1438 
1439 /*
1440  * Map helper for command/FIB allocation.
1441  */
1442 static void
1443 aac_map_command_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1444 {
1445 	uint64_t	*fibphys;
1446 
1447 	fibphys = (uint64_t *)arg;
1448 
1449 	*fibphys = segs[0].ds_addr;
1450 }
1451 
1452 /*
1453  * Allocate and initialize commands/FIBs for this adapter.
1454  */
1455 static int
1456 aac_alloc_commands(struct aac_softc *sc)
1457 {
1458 	struct aac_command *cm;
1459 	struct aac_fibmap *fm;
1460 	uint64_t fibphys;
1461 	int i, error;
1462 
1463 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1464 
1465 	if (sc->total_fibs + sc->aac_max_fibs_alloc > sc->aac_max_fibs)
1466 		return (ENOMEM);
1467 
1468 	fm = malloc(sizeof(struct aac_fibmap), M_AACBUF, M_NOWAIT|M_ZERO);
1469 	if (fm == NULL)
1470 		return (ENOMEM);
1471 
1472 	/* allocate the FIBs in DMAable memory and load them */
1473 	if (bus_dmamem_alloc(sc->aac_fib_dmat, (void **)&fm->aac_fibs,
1474 			     BUS_DMA_NOWAIT, &fm->aac_fibmap)) {
1475 		device_printf(sc->aac_dev,
1476 			      "Not enough contiguous memory available.\n");
1477 		free(fm, M_AACBUF);
1478 		return (ENOMEM);
1479 	}
1480 
1481 	/* Ignore errors since this doesn't bounce */
1482 	(void)bus_dmamap_load(sc->aac_fib_dmat, fm->aac_fibmap, fm->aac_fibs,
1483 			      sc->aac_max_fibs_alloc * sc->aac_max_fib_size,
1484 			      aac_map_command_helper, &fibphys, 0);
1485 
1486 	/* initialize constant fields in the command structure */
1487 	bzero(fm->aac_fibs, sc->aac_max_fibs_alloc * sc->aac_max_fib_size);
1488 	for (i = 0; i < sc->aac_max_fibs_alloc; i++) {
1489 		cm = sc->aac_commands + sc->total_fibs;
1490 		fm->aac_commands = cm;
1491 		cm->cm_sc = sc;
1492 		cm->cm_fib = (struct aac_fib *)
1493 			((u_int8_t *)fm->aac_fibs + i*sc->aac_max_fib_size);
1494 		cm->cm_fibphys = fibphys + i*sc->aac_max_fib_size;
1495 		cm->cm_index = sc->total_fibs;
1496 
1497 		if ((error = bus_dmamap_create(sc->aac_buffer_dmat, 0,
1498 					       &cm->cm_datamap)) != 0)
1499 			break;
1500 		mtx_lock(&sc->aac_io_lock);
1501 		aac_release_command(cm);
1502 		sc->total_fibs++;
1503 		mtx_unlock(&sc->aac_io_lock);
1504 	}
1505 
1506 	if (i > 0) {
1507 		mtx_lock(&sc->aac_io_lock);
1508 		TAILQ_INSERT_TAIL(&sc->aac_fibmap_tqh, fm, fm_link);
1509 		fwprintf(sc, HBA_FLAGS_DBG_COMM_B, "total_fibs= %d\n", sc->total_fibs);
1510 		mtx_unlock(&sc->aac_io_lock);
1511 		return (0);
1512 	}
1513 
1514 	bus_dmamap_unload(sc->aac_fib_dmat, fm->aac_fibmap);
1515 	bus_dmamem_free(sc->aac_fib_dmat, fm->aac_fibs, fm->aac_fibmap);
1516 	free(fm, M_AACBUF);
1517 	return (ENOMEM);
1518 }
1519 
1520 /*
1521  * Free FIBs owned by this adapter.
1522  */
1523 static void
1524 aac_free_commands(struct aac_softc *sc)
1525 {
1526 	struct aac_fibmap *fm;
1527 	struct aac_command *cm;
1528 	int i;
1529 
1530 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1531 
1532 	while ((fm = TAILQ_FIRST(&sc->aac_fibmap_tqh)) != NULL) {
1533 
1534 		TAILQ_REMOVE(&sc->aac_fibmap_tqh, fm, fm_link);
1535 		/*
1536 		 * We check against total_fibs to handle partially
1537 		 * allocated blocks.
1538 		 */
1539 		for (i = 0; i < sc->aac_max_fibs_alloc && sc->total_fibs--; i++) {
1540 			cm = fm->aac_commands + i;
1541 			bus_dmamap_destroy(sc->aac_buffer_dmat, cm->cm_datamap);
1542 		}
1543 		bus_dmamap_unload(sc->aac_fib_dmat, fm->aac_fibmap);
1544 		bus_dmamem_free(sc->aac_fib_dmat, fm->aac_fibs, fm->aac_fibmap);
1545 		free(fm, M_AACBUF);
1546 	}
1547 }
1548 
1549 /*
1550  * Command-mapping helper function - populate this command's s/g table.
1551  */
1552 static void
1553 aac_map_command_sg(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1554 {
1555 	struct aac_softc *sc;
1556 	struct aac_command *cm;
1557 	struct aac_fib *fib;
1558 	int i;
1559 
1560 	cm = (struct aac_command *)arg;
1561 	sc = cm->cm_sc;
1562 	fib = cm->cm_fib;
1563 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1564 
1565 	/* copy into the FIB */
1566 	if (cm->cm_sgtable != NULL) {
1567 		if (fib->Header.Command == RawIo) {
1568 			struct aac_sg_tableraw *sg;
1569 			sg = (struct aac_sg_tableraw *)cm->cm_sgtable;
1570 			sg->SgCount = nseg;
1571 			for (i = 0; i < nseg; i++) {
1572 				sg->SgEntryRaw[i].SgAddress = segs[i].ds_addr;
1573 				sg->SgEntryRaw[i].SgByteCount = segs[i].ds_len;
1574 				sg->SgEntryRaw[i].Next = 0;
1575 				sg->SgEntryRaw[i].Prev = 0;
1576 				sg->SgEntryRaw[i].Flags = 0;
1577 			}
1578 			/* update the FIB size for the s/g count */
1579 			fib->Header.Size += nseg*sizeof(struct aac_sg_entryraw);
1580 		} else if ((cm->cm_sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
1581 			struct aac_sg_table *sg;
1582 			sg = cm->cm_sgtable;
1583 			sg->SgCount = nseg;
1584 			for (i = 0; i < nseg; i++) {
1585 				sg->SgEntry[i].SgAddress = segs[i].ds_addr;
1586 				sg->SgEntry[i].SgByteCount = segs[i].ds_len;
1587 			}
1588 			/* update the FIB size for the s/g count */
1589 			fib->Header.Size += nseg*sizeof(struct aac_sg_entry);
1590 		} else {
1591 			struct aac_sg_table64 *sg;
1592 			sg = (struct aac_sg_table64 *)cm->cm_sgtable;
1593 			sg->SgCount = nseg;
1594 			for (i = 0; i < nseg; i++) {
1595 				sg->SgEntry64[i].SgAddress = segs[i].ds_addr;
1596 				sg->SgEntry64[i].SgByteCount = segs[i].ds_len;
1597 			}
1598 			/* update the FIB size for the s/g count */
1599 			fib->Header.Size += nseg*sizeof(struct aac_sg_entry64);
1600 		}
1601 	}
1602 
1603 	/* Fix up the address values in the FIB.  Use the command array index
1604 	 * instead of a pointer since these fields are only 32 bits.  Shift
1605 	 * the SenderFibAddress over to make room for the fast response bit
1606 	 * and for the AIF bit
1607 	 */
1608 	cm->cm_fib->Header.SenderFibAddress = (cm->cm_index << 2);
1609 	cm->cm_fib->Header.ReceiverFibAddress = (u_int32_t)cm->cm_fibphys;
1610 
1611 	/* save a pointer to the command for speedy reverse-lookup */
1612 	cm->cm_fib->Header.SenderData = cm->cm_index;
1613 
1614 	if (cm->cm_flags & AAC_CMD_DATAIN)
1615 		bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1616 				BUS_DMASYNC_PREREAD);
1617 	if (cm->cm_flags & AAC_CMD_DATAOUT)
1618 		bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1619 				BUS_DMASYNC_PREWRITE);
1620 	cm->cm_flags |= AAC_CMD_MAPPED;
1621 
1622 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
1623 		int count = 10000000L;
1624 		while (AAC_SEND_COMMAND(sc, cm) != 0) {
1625 			if (--count == 0) {
1626 				aac_unmap_command(cm);
1627 				sc->flags |= AAC_QUEUE_FRZN;
1628 				aac_requeue_ready(cm);
1629 			}
1630 			DELAY(5);			/* wait 5 usec. */
1631 		}
1632 	} else {
1633 		/* Put the FIB on the outbound queue */
1634 		if (aac_enqueue_fib(sc, cm->cm_queue, cm) == EBUSY) {
1635 			aac_unmap_command(cm);
1636 			sc->flags |= AAC_QUEUE_FRZN;
1637 			aac_requeue_ready(cm);
1638 		}
1639 	}
1640 }
1641 
1642 /*
1643  * Unmap a command from controller-visible space.
1644  */
1645 static void
1646 aac_unmap_command(struct aac_command *cm)
1647 {
1648 	struct aac_softc *sc;
1649 
1650 	sc = cm->cm_sc;
1651 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1652 
1653 	if (!(cm->cm_flags & AAC_CMD_MAPPED))
1654 		return;
1655 
1656 	if (cm->cm_datalen != 0) {
1657 		if (cm->cm_flags & AAC_CMD_DATAIN)
1658 			bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1659 					BUS_DMASYNC_POSTREAD);
1660 		if (cm->cm_flags & AAC_CMD_DATAOUT)
1661 			bus_dmamap_sync(sc->aac_buffer_dmat, cm->cm_datamap,
1662 					BUS_DMASYNC_POSTWRITE);
1663 
1664 		bus_dmamap_unload(sc->aac_buffer_dmat, cm->cm_datamap);
1665 	}
1666 	cm->cm_flags &= ~AAC_CMD_MAPPED;
1667 }
1668 
1669 /*
1670  * Hardware Interface
1671  */
1672 
1673 /*
1674  * Initialize the adapter.
1675  */
1676 static void
1677 aac_common_map(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1678 {
1679 	struct aac_softc *sc;
1680 
1681 	sc = (struct aac_softc *)arg;
1682 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1683 
1684 	sc->aac_common_busaddr = segs[0].ds_addr;
1685 }
1686 
1687 static int
1688 aac_check_firmware(struct aac_softc *sc)
1689 {
1690 	u_int32_t code, major, minor, options = 0, atu_size = 0;
1691 	int rid, status;
1692 	time_t then;
1693 
1694 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1695 	/*
1696 	 * Wait for the adapter to come ready.
1697 	 */
1698 	then = time_uptime;
1699 	do {
1700 		code = AAC_GET_FWSTATUS(sc);
1701 		if (code & AAC_SELF_TEST_FAILED) {
1702 			device_printf(sc->aac_dev, "FATAL: selftest failed\n");
1703 			return(ENXIO);
1704 		}
1705 		if (code & AAC_KERNEL_PANIC) {
1706 			device_printf(sc->aac_dev,
1707 				      "FATAL: controller kernel panic");
1708 			return(ENXIO);
1709 		}
1710 		if (time_uptime > (then + AAC_BOOT_TIMEOUT)) {
1711 			device_printf(sc->aac_dev,
1712 				      "FATAL: controller not coming ready, "
1713 					   "status %x\n", code);
1714 			return(ENXIO);
1715 		}
1716 	} while (!(code & AAC_UP_AND_RUNNING));
1717 
1718 	/*
1719 	 * Retrieve the firmware version numbers.  Dell PERC2/QC cards with
1720 	 * firmware version 1.x are not compatible with this driver.
1721 	 */
1722 	if (sc->flags & AAC_FLAGS_PERC2QC) {
1723 		if (aac_sync_command(sc, AAC_MONKER_GETKERNVER, 0, 0, 0, 0,
1724 				     NULL)) {
1725 			device_printf(sc->aac_dev,
1726 				      "Error reading firmware version\n");
1727 			return (EIO);
1728 		}
1729 
1730 		/* These numbers are stored as ASCII! */
1731 		major = (AAC_GET_MAILBOX(sc, 1) & 0xff) - 0x30;
1732 		minor = (AAC_GET_MAILBOX(sc, 2) & 0xff) - 0x30;
1733 		if (major == 1) {
1734 			device_printf(sc->aac_dev,
1735 			    "Firmware version %d.%d is not supported.\n",
1736 			    major, minor);
1737 			return (EINVAL);
1738 		}
1739 	}
1740 
1741 	/*
1742 	 * Retrieve the capabilities/supported options word so we know what
1743 	 * work-arounds to enable.  Some firmware revs don't support this
1744 	 * command.
1745 	 */
1746 	if (aac_sync_command(sc, AAC_MONKER_GETINFO, 0, 0, 0, 0, &status)) {
1747 		if (status != AAC_SRB_STS_INVALID_REQUEST) {
1748 			device_printf(sc->aac_dev,
1749 			     "RequestAdapterInfo failed\n");
1750 			return (EIO);
1751 		}
1752 	} else {
1753 		options = AAC_GET_MAILBOX(sc, 1);
1754 		atu_size = AAC_GET_MAILBOX(sc, 2);
1755 		sc->supported_options = options;
1756 
1757 		if ((options & AAC_SUPPORTED_4GB_WINDOW) != 0 &&
1758 		    (sc->flags & AAC_FLAGS_NO4GB) == 0)
1759 			sc->flags |= AAC_FLAGS_4GB_WINDOW;
1760 		if (options & AAC_SUPPORTED_NONDASD)
1761 			sc->flags |= AAC_FLAGS_ENABLE_CAM;
1762 		if ((options & AAC_SUPPORTED_SGMAP_HOST64) != 0
1763 		     && (sizeof(bus_addr_t) > 4)) {
1764 			device_printf(sc->aac_dev,
1765 			    "Enabling 64-bit address support\n");
1766 			sc->flags |= AAC_FLAGS_SG_64BIT;
1767 		}
1768 		if ((options & AAC_SUPPORTED_NEW_COMM)
1769 		 && sc->aac_if->aif_send_command)
1770 			sc->flags |= AAC_FLAGS_NEW_COMM;
1771 		if (options & AAC_SUPPORTED_64BIT_ARRAYSIZE)
1772 			sc->flags |= AAC_FLAGS_ARRAY_64BIT;
1773 	}
1774 
1775 	/* Check for broken hardware that does a lower number of commands */
1776 	sc->aac_max_fibs = (sc->flags & AAC_FLAGS_256FIBS ? 256:512);
1777 
1778 	/* Remap mem. resource, if required */
1779 	if ((sc->flags & AAC_FLAGS_NEW_COMM) &&
1780 	    atu_size > rman_get_size(sc->aac_regs_res1)) {
1781 		rid = rman_get_rid(sc->aac_regs_res1);
1782 		bus_release_resource(sc->aac_dev, SYS_RES_MEMORY, rid,
1783 		    sc->aac_regs_res1);
1784 		sc->aac_regs_res1 = bus_alloc_resource_anywhere(sc->aac_dev,
1785 		    SYS_RES_MEMORY, &rid, atu_size, RF_ACTIVE);
1786 		if (sc->aac_regs_res1 == NULL) {
1787 			sc->aac_regs_res1 = bus_alloc_resource_any(
1788 			    sc->aac_dev, SYS_RES_MEMORY, &rid, RF_ACTIVE);
1789 			if (sc->aac_regs_res1 == NULL) {
1790 				device_printf(sc->aac_dev,
1791 				    "couldn't allocate register window\n");
1792 				return (ENXIO);
1793 			}
1794 			sc->flags &= ~AAC_FLAGS_NEW_COMM;
1795 		}
1796 		sc->aac_btag1 = rman_get_bustag(sc->aac_regs_res1);
1797 		sc->aac_bhandle1 = rman_get_bushandle(sc->aac_regs_res1);
1798 
1799 		if (sc->aac_hwif == AAC_HWIF_NARK) {
1800 			sc->aac_regs_res0 = sc->aac_regs_res1;
1801 			sc->aac_btag0 = sc->aac_btag1;
1802 			sc->aac_bhandle0 = sc->aac_bhandle1;
1803 		}
1804 	}
1805 
1806 	/* Read preferred settings */
1807 	sc->aac_max_fib_size = sizeof(struct aac_fib);
1808 	sc->aac_max_sectors = 128;				/* 64KB */
1809 	if (sc->flags & AAC_FLAGS_SG_64BIT)
1810 		sc->aac_sg_tablesize = (AAC_FIB_DATASIZE
1811 		 - sizeof(struct aac_blockwrite64))
1812 		 / sizeof(struct aac_sg_entry64);
1813 	else
1814 		sc->aac_sg_tablesize = (AAC_FIB_DATASIZE
1815 		 - sizeof(struct aac_blockwrite))
1816 		 / sizeof(struct aac_sg_entry);
1817 
1818 	if (!aac_sync_command(sc, AAC_MONKER_GETCOMMPREF, 0, 0, 0, 0, NULL)) {
1819 		options = AAC_GET_MAILBOX(sc, 1);
1820 		sc->aac_max_fib_size = (options & 0xFFFF);
1821 		sc->aac_max_sectors = (options >> 16) << 1;
1822 		options = AAC_GET_MAILBOX(sc, 2);
1823 		sc->aac_sg_tablesize = (options >> 16);
1824 		options = AAC_GET_MAILBOX(sc, 3);
1825 		sc->aac_max_fibs = (options & 0xFFFF);
1826 	}
1827 	if (sc->aac_max_fib_size > PAGE_SIZE)
1828 		sc->aac_max_fib_size = PAGE_SIZE;
1829 	sc->aac_max_fibs_alloc = PAGE_SIZE / sc->aac_max_fib_size;
1830 
1831 	if (sc->aac_max_fib_size > sizeof(struct aac_fib)) {
1832 		sc->flags |= AAC_FLAGS_RAW_IO;
1833 		device_printf(sc->aac_dev, "Enable Raw I/O\n");
1834 	}
1835 	if ((sc->flags & AAC_FLAGS_RAW_IO) &&
1836 	    (sc->flags & AAC_FLAGS_ARRAY_64BIT)) {
1837 		sc->flags |= AAC_FLAGS_LBA_64BIT;
1838 		device_printf(sc->aac_dev, "Enable 64-bit array\n");
1839 	}
1840 
1841 	return (0);
1842 }
1843 
1844 static int
1845 aac_init(struct aac_softc *sc)
1846 {
1847 	struct aac_adapter_init	*ip;
1848 	u_int32_t qoffset;
1849 	int error;
1850 
1851 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
1852 
1853 	/*
1854 	 * Fill in the init structure.  This tells the adapter about the
1855 	 * physical location of various important shared data structures.
1856 	 */
1857 	ip = &sc->aac_common->ac_init;
1858 	ip->InitStructRevision = AAC_INIT_STRUCT_REVISION;
1859 	if (sc->aac_max_fib_size > sizeof(struct aac_fib)) {
1860 		ip->InitStructRevision = AAC_INIT_STRUCT_REVISION_4;
1861 		sc->flags |= AAC_FLAGS_RAW_IO;
1862 	}
1863 	ip->MiniPortRevision = AAC_INIT_STRUCT_MINIPORT_REVISION;
1864 
1865 	ip->AdapterFibsPhysicalAddress = sc->aac_common_busaddr +
1866 					 offsetof(struct aac_common, ac_fibs);
1867 	ip->AdapterFibsVirtualAddress = 0;
1868 	ip->AdapterFibsSize = AAC_ADAPTER_FIBS * sizeof(struct aac_fib);
1869 	ip->AdapterFibAlign = sizeof(struct aac_fib);
1870 
1871 	ip->PrintfBufferAddress = sc->aac_common_busaddr +
1872 				  offsetof(struct aac_common, ac_printf);
1873 	ip->PrintfBufferSize = AAC_PRINTF_BUFSIZE;
1874 
1875 	/*
1876 	 * The adapter assumes that pages are 4K in size, except on some
1877  	 * broken firmware versions that do the page->byte conversion twice,
1878 	 * therefore 'assuming' that this value is in 16MB units (2^24).
1879 	 * Round up since the granularity is so high.
1880 	 */
1881 	ip->HostPhysMemPages = ctob(physmem) / AAC_PAGE_SIZE;
1882 	if (sc->flags & AAC_FLAGS_BROKEN_MEMMAP) {
1883 		ip->HostPhysMemPages =
1884 		    (ip->HostPhysMemPages + AAC_PAGE_SIZE) / AAC_PAGE_SIZE;
1885 	}
1886 	ip->HostElapsedSeconds = time_uptime;	/* reset later if invalid */
1887 
1888 	ip->InitFlags = 0;
1889 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
1890 		ip->InitFlags |= AAC_INITFLAGS_NEW_COMM_SUPPORTED;
1891 		device_printf(sc->aac_dev, "New comm. interface enabled\n");
1892 	}
1893 
1894 	ip->MaxIoCommands = sc->aac_max_fibs;
1895 	ip->MaxIoSize = sc->aac_max_sectors << 9;
1896 	ip->MaxFibSize = sc->aac_max_fib_size;
1897 
1898 	/*
1899 	 * Initialize FIB queues.  Note that it appears that the layout of the
1900 	 * indexes and the segmentation of the entries may be mandated by the
1901 	 * adapter, which is only told about the base of the queue index fields.
1902 	 *
1903 	 * The initial values of the indices are assumed to inform the adapter
1904 	 * of the sizes of the respective queues, and theoretically it could
1905 	 * work out the entire layout of the queue structures from this.  We
1906 	 * take the easy route and just lay this area out like everyone else
1907 	 * does.
1908 	 *
1909 	 * The Linux driver uses a much more complex scheme whereby several
1910 	 * header records are kept for each queue.  We use a couple of generic
1911 	 * list manipulation functions which 'know' the size of each list by
1912 	 * virtue of a table.
1913 	 */
1914 	qoffset = offsetof(struct aac_common, ac_qbuf) + AAC_QUEUE_ALIGN;
1915 	qoffset &= ~(AAC_QUEUE_ALIGN - 1);
1916 	sc->aac_queues =
1917 	    (struct aac_queue_table *)((uintptr_t)sc->aac_common + qoffset);
1918 	ip->CommHeaderAddress = sc->aac_common_busaddr + qoffset;
1919 
1920 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1921 		AAC_HOST_NORM_CMD_ENTRIES;
1922 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1923 		AAC_HOST_NORM_CMD_ENTRIES;
1924 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1925 		AAC_HOST_HIGH_CMD_ENTRIES;
1926 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1927 		AAC_HOST_HIGH_CMD_ENTRIES;
1928 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1929 		AAC_ADAP_NORM_CMD_ENTRIES;
1930 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1931 		AAC_ADAP_NORM_CMD_ENTRIES;
1932 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_CMD_QUEUE][AAC_PRODUCER_INDEX] =
1933 		AAC_ADAP_HIGH_CMD_ENTRIES;
1934 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_CMD_QUEUE][AAC_CONSUMER_INDEX] =
1935 		AAC_ADAP_HIGH_CMD_ENTRIES;
1936 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1937 		AAC_HOST_NORM_RESP_ENTRIES;
1938 	sc->aac_queues->qt_qindex[AAC_HOST_NORM_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1939 		AAC_HOST_NORM_RESP_ENTRIES;
1940 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1941 		AAC_HOST_HIGH_RESP_ENTRIES;
1942 	sc->aac_queues->qt_qindex[AAC_HOST_HIGH_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1943 		AAC_HOST_HIGH_RESP_ENTRIES;
1944 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1945 		AAC_ADAP_NORM_RESP_ENTRIES;
1946 	sc->aac_queues->qt_qindex[AAC_ADAP_NORM_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1947 		AAC_ADAP_NORM_RESP_ENTRIES;
1948 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_RESP_QUEUE][AAC_PRODUCER_INDEX]=
1949 		AAC_ADAP_HIGH_RESP_ENTRIES;
1950 	sc->aac_queues->qt_qindex[AAC_ADAP_HIGH_RESP_QUEUE][AAC_CONSUMER_INDEX]=
1951 		AAC_ADAP_HIGH_RESP_ENTRIES;
1952 	sc->aac_qentries[AAC_HOST_NORM_CMD_QUEUE] =
1953 		&sc->aac_queues->qt_HostNormCmdQueue[0];
1954 	sc->aac_qentries[AAC_HOST_HIGH_CMD_QUEUE] =
1955 		&sc->aac_queues->qt_HostHighCmdQueue[0];
1956 	sc->aac_qentries[AAC_ADAP_NORM_CMD_QUEUE] =
1957 		&sc->aac_queues->qt_AdapNormCmdQueue[0];
1958 	sc->aac_qentries[AAC_ADAP_HIGH_CMD_QUEUE] =
1959 		&sc->aac_queues->qt_AdapHighCmdQueue[0];
1960 	sc->aac_qentries[AAC_HOST_NORM_RESP_QUEUE] =
1961 		&sc->aac_queues->qt_HostNormRespQueue[0];
1962 	sc->aac_qentries[AAC_HOST_HIGH_RESP_QUEUE] =
1963 		&sc->aac_queues->qt_HostHighRespQueue[0];
1964 	sc->aac_qentries[AAC_ADAP_NORM_RESP_QUEUE] =
1965 		&sc->aac_queues->qt_AdapNormRespQueue[0];
1966 	sc->aac_qentries[AAC_ADAP_HIGH_RESP_QUEUE] =
1967 		&sc->aac_queues->qt_AdapHighRespQueue[0];
1968 
1969 	/*
1970 	 * Do controller-type-specific initialisation
1971 	 */
1972 	switch (sc->aac_hwif) {
1973 	case AAC_HWIF_I960RX:
1974 		AAC_MEM0_SETREG4(sc, AAC_RX_ODBR, ~0);
1975 		break;
1976 	case AAC_HWIF_RKT:
1977 		AAC_MEM0_SETREG4(sc, AAC_RKT_ODBR, ~0);
1978 		break;
1979 	default:
1980 		break;
1981 	}
1982 
1983 	/*
1984 	 * Give the init structure to the controller.
1985 	 */
1986 	if (aac_sync_command(sc, AAC_MONKER_INITSTRUCT,
1987 			     sc->aac_common_busaddr +
1988 			     offsetof(struct aac_common, ac_init), 0, 0, 0,
1989 			     NULL)) {
1990 		device_printf(sc->aac_dev,
1991 			      "error establishing init structure\n");
1992 		error = EIO;
1993 		goto out;
1994 	}
1995 
1996 	error = 0;
1997 out:
1998 	return(error);
1999 }
2000 
2001 static int
2002 aac_setup_intr(struct aac_softc *sc)
2003 {
2004 
2005 	if (sc->flags & AAC_FLAGS_NEW_COMM) {
2006 		if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
2007 				   INTR_MPSAFE|INTR_TYPE_BIO, NULL,
2008 				   aac_new_intr, sc, &sc->aac_intr)) {
2009 			device_printf(sc->aac_dev, "can't set up interrupt\n");
2010 			return (EINVAL);
2011 		}
2012 	} else {
2013 		if (bus_setup_intr(sc->aac_dev, sc->aac_irq,
2014 				   INTR_TYPE_BIO, aac_filter, NULL,
2015 				   sc, &sc->aac_intr)) {
2016 			device_printf(sc->aac_dev,
2017 				      "can't set up interrupt filter\n");
2018 			return (EINVAL);
2019 		}
2020 	}
2021 	return (0);
2022 }
2023 
2024 /*
2025  * Send a synchronous command to the controller and wait for a result.
2026  * Indicate if the controller completed the command with an error status.
2027  */
2028 static int
2029 aac_sync_command(struct aac_softc *sc, u_int32_t command,
2030 		 u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3,
2031 		 u_int32_t *sp)
2032 {
2033 	time_t then;
2034 	u_int32_t status;
2035 
2036 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2037 
2038 	/* populate the mailbox */
2039 	AAC_SET_MAILBOX(sc, command, arg0, arg1, arg2, arg3);
2040 
2041 	/* ensure the sync command doorbell flag is cleared */
2042 	AAC_CLEAR_ISTATUS(sc, AAC_DB_SYNC_COMMAND);
2043 
2044 	/* then set it to signal the adapter */
2045 	AAC_QNOTIFY(sc, AAC_DB_SYNC_COMMAND);
2046 
2047 	/* spin waiting for the command to complete */
2048 	then = time_uptime;
2049 	do {
2050 		if (time_uptime > (then + AAC_IMMEDIATE_TIMEOUT)) {
2051 			fwprintf(sc, HBA_FLAGS_DBG_ERROR_B, "timed out");
2052 			return(EIO);
2053 		}
2054 	} while (!(AAC_GET_ISTATUS(sc) & AAC_DB_SYNC_COMMAND));
2055 
2056 	/* clear the completion flag */
2057 	AAC_CLEAR_ISTATUS(sc, AAC_DB_SYNC_COMMAND);
2058 
2059 	/* get the command status */
2060 	status = AAC_GET_MAILBOX(sc, 0);
2061 	if (sp != NULL)
2062 		*sp = status;
2063 
2064 	if (status != AAC_SRB_STS_SUCCESS)
2065 		return (-1);
2066 	return(0);
2067 }
2068 
2069 int
2070 aac_sync_fib(struct aac_softc *sc, u_int32_t command, u_int32_t xferstate,
2071 		 struct aac_fib *fib, u_int16_t datasize)
2072 {
2073 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2074 	mtx_assert(&sc->aac_io_lock, MA_OWNED);
2075 
2076 	if (datasize > AAC_FIB_DATASIZE)
2077 		return(EINVAL);
2078 
2079 	/*
2080 	 * Set up the sync FIB
2081 	 */
2082 	fib->Header.XferState = AAC_FIBSTATE_HOSTOWNED |
2083 				AAC_FIBSTATE_INITIALISED |
2084 				AAC_FIBSTATE_EMPTY;
2085 	fib->Header.XferState |= xferstate;
2086 	fib->Header.Command = command;
2087 	fib->Header.StructType = AAC_FIBTYPE_TFIB;
2088 	fib->Header.Size = sizeof(struct aac_fib_header) + datasize;
2089 	fib->Header.SenderSize = sizeof(struct aac_fib);
2090 	fib->Header.SenderFibAddress = 0;	/* Not needed */
2091 	fib->Header.ReceiverFibAddress = sc->aac_common_busaddr +
2092 					 offsetof(struct aac_common,
2093 						  ac_sync_fib);
2094 
2095 	/*
2096 	 * Give the FIB to the controller, wait for a response.
2097 	 */
2098 	if (aac_sync_command(sc, AAC_MONKER_SYNCFIB,
2099 			     fib->Header.ReceiverFibAddress, 0, 0, 0, NULL)) {
2100 		fwprintf(sc, HBA_FLAGS_DBG_ERROR_B, "IO error");
2101 		return(EIO);
2102 	}
2103 
2104 	return (0);
2105 }
2106 
2107 /*
2108  * Adapter-space FIB queue manipulation
2109  *
2110  * Note that the queue implementation here is a little funky; neither the PI or
2111  * CI will ever be zero.  This behaviour is a controller feature.
2112  */
2113 static const struct {
2114 	int		size;
2115 	int		notify;
2116 } aac_qinfo[] = {
2117 	{AAC_HOST_NORM_CMD_ENTRIES, AAC_DB_COMMAND_NOT_FULL},
2118 	{AAC_HOST_HIGH_CMD_ENTRIES, 0},
2119 	{AAC_ADAP_NORM_CMD_ENTRIES, AAC_DB_COMMAND_READY},
2120 	{AAC_ADAP_HIGH_CMD_ENTRIES, 0},
2121 	{AAC_HOST_NORM_RESP_ENTRIES, AAC_DB_RESPONSE_NOT_FULL},
2122 	{AAC_HOST_HIGH_RESP_ENTRIES, 0},
2123 	{AAC_ADAP_NORM_RESP_ENTRIES, AAC_DB_RESPONSE_READY},
2124 	{AAC_ADAP_HIGH_RESP_ENTRIES, 0}
2125 };
2126 
2127 /*
2128  * Atomically insert an entry into the nominated queue, returns 0 on success or
2129  * EBUSY if the queue is full.
2130  *
2131  * Note: it would be more efficient to defer notifying the controller in
2132  *	 the case where we may be inserting several entries in rapid succession,
2133  *	 but implementing this usefully may be difficult (it would involve a
2134  *	 separate queue/notify interface).
2135  */
2136 static int
2137 aac_enqueue_fib(struct aac_softc *sc, int queue, struct aac_command *cm)
2138 {
2139 	u_int32_t pi, ci;
2140 	int error;
2141 	u_int32_t fib_size;
2142 	u_int32_t fib_addr;
2143 
2144 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2145 
2146 	fib_size = cm->cm_fib->Header.Size;
2147 	fib_addr = cm->cm_fib->Header.ReceiverFibAddress;
2148 
2149 	/* get the producer/consumer indices */
2150 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2151 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2152 
2153 	/* wrap the queue? */
2154 	if (pi >= aac_qinfo[queue].size)
2155 		pi = 0;
2156 
2157 	/* check for queue full */
2158 	if ((pi + 1) == ci) {
2159 		error = EBUSY;
2160 		goto out;
2161 	}
2162 
2163 	/*
2164 	 * To avoid a race with its completion interrupt, place this command on
2165 	 * the busy queue prior to advertising it to the controller.
2166 	 */
2167 	aac_enqueue_busy(cm);
2168 
2169 	/* populate queue entry */
2170 	(sc->aac_qentries[queue] + pi)->aq_fib_size = fib_size;
2171 	(sc->aac_qentries[queue] + pi)->aq_fib_addr = fib_addr;
2172 
2173 	/* update producer index */
2174 	sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX] = pi + 1;
2175 
2176 	/* notify the adapter if we know how */
2177 	if (aac_qinfo[queue].notify != 0)
2178 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2179 
2180 	error = 0;
2181 
2182 out:
2183 	return(error);
2184 }
2185 
2186 /*
2187  * Atomically remove one entry from the nominated queue, returns 0 on
2188  * success or ENOENT if the queue is empty.
2189  */
2190 static int
2191 aac_dequeue_fib(struct aac_softc *sc, int queue, u_int32_t *fib_size,
2192 		struct aac_fib **fib_addr)
2193 {
2194 	u_int32_t pi, ci;
2195 	u_int32_t fib_index;
2196 	int error;
2197 	int notify;
2198 
2199 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2200 
2201 	/* get the producer/consumer indices */
2202 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2203 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2204 
2205 	/* check for queue empty */
2206 	if (ci == pi) {
2207 		error = ENOENT;
2208 		goto out;
2209 	}
2210 
2211 	/* wrap the pi so the following test works */
2212 	if (pi >= aac_qinfo[queue].size)
2213 		pi = 0;
2214 
2215 	notify = 0;
2216 	if (ci == pi + 1)
2217 		notify++;
2218 
2219 	/* wrap the queue? */
2220 	if (ci >= aac_qinfo[queue].size)
2221 		ci = 0;
2222 
2223 	/* fetch the entry */
2224 	*fib_size = (sc->aac_qentries[queue] + ci)->aq_fib_size;
2225 
2226 	switch (queue) {
2227 	case AAC_HOST_NORM_CMD_QUEUE:
2228 	case AAC_HOST_HIGH_CMD_QUEUE:
2229 		/*
2230 		 * The aq_fib_addr is only 32 bits wide so it can't be counted
2231 		 * on to hold an address.  For AIF's, the adapter assumes
2232 		 * that it's giving us an address into the array of AIF fibs.
2233 		 * Therefore, we have to convert it to an index.
2234 		 */
2235 		fib_index = (sc->aac_qentries[queue] + ci)->aq_fib_addr /
2236 			sizeof(struct aac_fib);
2237 		*fib_addr = &sc->aac_common->ac_fibs[fib_index];
2238 		break;
2239 
2240 	case AAC_HOST_NORM_RESP_QUEUE:
2241 	case AAC_HOST_HIGH_RESP_QUEUE:
2242 	{
2243 		struct aac_command *cm;
2244 
2245 		/*
2246 		 * As above, an index is used instead of an actual address.
2247 		 * Gotta shift the index to account for the fast response
2248 		 * bit.  No other correction is needed since this value was
2249 		 * originally provided by the driver via the SenderFibAddress
2250 		 * field.
2251 		 */
2252 		fib_index = (sc->aac_qentries[queue] + ci)->aq_fib_addr;
2253 		cm = sc->aac_commands + (fib_index >> 2);
2254 		*fib_addr = cm->cm_fib;
2255 
2256 		/*
2257 		 * Is this a fast response? If it is, update the fib fields in
2258 		 * local memory since the whole fib isn't DMA'd back up.
2259 		 */
2260 		if (fib_index & 0x01) {
2261 			(*fib_addr)->Header.XferState |= AAC_FIBSTATE_DONEADAP;
2262 			*((u_int32_t*)((*fib_addr)->data)) = AAC_ERROR_NORMAL;
2263 		}
2264 		break;
2265 	}
2266 	default:
2267 		panic("Invalid queue in aac_dequeue_fib()");
2268 		break;
2269 	}
2270 
2271 	/* update consumer index */
2272 	sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX] = ci + 1;
2273 
2274 	/* if we have made the queue un-full, notify the adapter */
2275 	if (notify && (aac_qinfo[queue].notify != 0))
2276 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2277 	error = 0;
2278 
2279 out:
2280 	return(error);
2281 }
2282 
2283 /*
2284  * Put our response to an Adapter Initialed Fib on the response queue
2285  */
2286 static int
2287 aac_enqueue_response(struct aac_softc *sc, int queue, struct aac_fib *fib)
2288 {
2289 	u_int32_t pi, ci;
2290 	int error;
2291 	u_int32_t fib_size;
2292 	u_int32_t fib_addr;
2293 
2294 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2295 
2296 	/* Tell the adapter where the FIB is */
2297 	fib_size = fib->Header.Size;
2298 	fib_addr = fib->Header.SenderFibAddress;
2299 	fib->Header.ReceiverFibAddress = fib_addr;
2300 
2301 	/* get the producer/consumer indices */
2302 	pi = sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX];
2303 	ci = sc->aac_queues->qt_qindex[queue][AAC_CONSUMER_INDEX];
2304 
2305 	/* wrap the queue? */
2306 	if (pi >= aac_qinfo[queue].size)
2307 		pi = 0;
2308 
2309 	/* check for queue full */
2310 	if ((pi + 1) == ci) {
2311 		error = EBUSY;
2312 		goto out;
2313 	}
2314 
2315 	/* populate queue entry */
2316 	(sc->aac_qentries[queue] + pi)->aq_fib_size = fib_size;
2317 	(sc->aac_qentries[queue] + pi)->aq_fib_addr = fib_addr;
2318 
2319 	/* update producer index */
2320 	sc->aac_queues->qt_qindex[queue][AAC_PRODUCER_INDEX] = pi + 1;
2321 
2322 	/* notify the adapter if we know how */
2323 	if (aac_qinfo[queue].notify != 0)
2324 		AAC_QNOTIFY(sc, aac_qinfo[queue].notify);
2325 
2326 	error = 0;
2327 
2328 out:
2329 	return(error);
2330 }
2331 
2332 /*
2333  * Check for commands that have been outstanding for a suspiciously long time,
2334  * and complain about them.
2335  */
2336 static void
2337 aac_timeout(struct aac_softc *sc)
2338 {
2339 	struct aac_command *cm;
2340 	time_t deadline;
2341 	int timedout, code;
2342 
2343 	/*
2344 	 * Traverse the busy command list, bitch about late commands once
2345 	 * only.
2346 	 */
2347 	timedout = 0;
2348 	deadline = time_uptime - AAC_CMD_TIMEOUT;
2349 	TAILQ_FOREACH(cm, &sc->aac_busy, cm_link) {
2350 		if ((cm->cm_timestamp  < deadline)
2351 		    && !(cm->cm_flags & AAC_CMD_TIMEDOUT)) {
2352 			cm->cm_flags |= AAC_CMD_TIMEDOUT;
2353 			device_printf(sc->aac_dev,
2354 			    "COMMAND %p (TYPE %d) TIMEOUT AFTER %d SECONDS\n",
2355 			    cm, cm->cm_fib->Header.Command,
2356 			    (int)(time_uptime-cm->cm_timestamp));
2357 			AAC_PRINT_FIB(sc, cm->cm_fib);
2358 			timedout++;
2359 		}
2360 	}
2361 
2362 	if (timedout) {
2363 		code = AAC_GET_FWSTATUS(sc);
2364 		if (code != AAC_UP_AND_RUNNING) {
2365 			device_printf(sc->aac_dev, "WARNING! Controller is no "
2366 				      "longer running! code= 0x%x\n", code);
2367 		}
2368 	}
2369 }
2370 
2371 /*
2372  * Interface Function Vectors
2373  */
2374 
2375 /*
2376  * Read the current firmware status word.
2377  */
2378 static int
2379 aac_sa_get_fwstatus(struct aac_softc *sc)
2380 {
2381 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2382 
2383 	return(AAC_MEM0_GETREG4(sc, AAC_SA_FWSTATUS));
2384 }
2385 
2386 static int
2387 aac_rx_get_fwstatus(struct aac_softc *sc)
2388 {
2389 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2390 
2391 	return(AAC_MEM0_GETREG4(sc, sc->flags & AAC_FLAGS_NEW_COMM ?
2392 	    AAC_RX_OMR0 : AAC_RX_FWSTATUS));
2393 }
2394 
2395 static int
2396 aac_rkt_get_fwstatus(struct aac_softc *sc)
2397 {
2398 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2399 
2400 	return(AAC_MEM0_GETREG4(sc, sc->flags & AAC_FLAGS_NEW_COMM ?
2401 	    AAC_RKT_OMR0 : AAC_RKT_FWSTATUS));
2402 }
2403 
2404 /*
2405  * Notify the controller of a change in a given queue
2406  */
2407 
2408 static void
2409 aac_sa_qnotify(struct aac_softc *sc, int qbit)
2410 {
2411 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2412 
2413 	AAC_MEM0_SETREG2(sc, AAC_SA_DOORBELL1_SET, qbit);
2414 }
2415 
2416 static void
2417 aac_rx_qnotify(struct aac_softc *sc, int qbit)
2418 {
2419 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2420 
2421 	AAC_MEM0_SETREG4(sc, AAC_RX_IDBR, qbit);
2422 }
2423 
2424 static void
2425 aac_rkt_qnotify(struct aac_softc *sc, int qbit)
2426 {
2427 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2428 
2429 	AAC_MEM0_SETREG4(sc, AAC_RKT_IDBR, qbit);
2430 }
2431 
2432 /*
2433  * Get the interrupt reason bits
2434  */
2435 static int
2436 aac_sa_get_istatus(struct aac_softc *sc)
2437 {
2438 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2439 
2440 	return(AAC_MEM0_GETREG2(sc, AAC_SA_DOORBELL0));
2441 }
2442 
2443 static int
2444 aac_rx_get_istatus(struct aac_softc *sc)
2445 {
2446 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2447 
2448 	return(AAC_MEM0_GETREG4(sc, AAC_RX_ODBR));
2449 }
2450 
2451 static int
2452 aac_rkt_get_istatus(struct aac_softc *sc)
2453 {
2454 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2455 
2456 	return(AAC_MEM0_GETREG4(sc, AAC_RKT_ODBR));
2457 }
2458 
2459 /*
2460  * Clear some interrupt reason bits
2461  */
2462 static void
2463 aac_sa_clear_istatus(struct aac_softc *sc, int mask)
2464 {
2465 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2466 
2467 	AAC_MEM0_SETREG2(sc, AAC_SA_DOORBELL0_CLEAR, mask);
2468 }
2469 
2470 static void
2471 aac_rx_clear_istatus(struct aac_softc *sc, int mask)
2472 {
2473 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2474 
2475 	AAC_MEM0_SETREG4(sc, AAC_RX_ODBR, mask);
2476 }
2477 
2478 static void
2479 aac_rkt_clear_istatus(struct aac_softc *sc, int mask)
2480 {
2481 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2482 
2483 	AAC_MEM0_SETREG4(sc, AAC_RKT_ODBR, mask);
2484 }
2485 
2486 /*
2487  * Populate the mailbox and set the command word
2488  */
2489 static void
2490 aac_sa_set_mailbox(struct aac_softc *sc, u_int32_t command,
2491 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2492 {
2493 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2494 
2495 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX, command);
2496 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 4, arg0);
2497 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 8, arg1);
2498 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 12, arg2);
2499 	AAC_MEM1_SETREG4(sc, AAC_SA_MAILBOX + 16, arg3);
2500 }
2501 
2502 static void
2503 aac_rx_set_mailbox(struct aac_softc *sc, u_int32_t command,
2504 		u_int32_t arg0, u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2505 {
2506 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2507 
2508 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX, command);
2509 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 4, arg0);
2510 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 8, arg1);
2511 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 12, arg2);
2512 	AAC_MEM1_SETREG4(sc, AAC_RX_MAILBOX + 16, arg3);
2513 }
2514 
2515 static void
2516 aac_rkt_set_mailbox(struct aac_softc *sc, u_int32_t command, u_int32_t arg0,
2517 		    u_int32_t arg1, u_int32_t arg2, u_int32_t arg3)
2518 {
2519 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2520 
2521 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX, command);
2522 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 4, arg0);
2523 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 8, arg1);
2524 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 12, arg2);
2525 	AAC_MEM1_SETREG4(sc, AAC_RKT_MAILBOX + 16, arg3);
2526 }
2527 
2528 /*
2529  * Fetch the immediate command status word
2530  */
2531 static int
2532 aac_sa_get_mailbox(struct aac_softc *sc, int mb)
2533 {
2534 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2535 
2536 	return(AAC_MEM1_GETREG4(sc, AAC_SA_MAILBOX + (mb * 4)));
2537 }
2538 
2539 static int
2540 aac_rx_get_mailbox(struct aac_softc *sc, int mb)
2541 {
2542 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2543 
2544 	return(AAC_MEM1_GETREG4(sc, AAC_RX_MAILBOX + (mb * 4)));
2545 }
2546 
2547 static int
2548 aac_rkt_get_mailbox(struct aac_softc *sc, int mb)
2549 {
2550 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2551 
2552 	return(AAC_MEM1_GETREG4(sc, AAC_RKT_MAILBOX + (mb * 4)));
2553 }
2554 
2555 /*
2556  * Set/clear interrupt masks
2557  */
2558 static void
2559 aac_sa_set_interrupts(struct aac_softc *sc, int enable)
2560 {
2561 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "%sable interrupts", enable ? "en" : "dis");
2562 
2563 	if (enable) {
2564 		AAC_MEM0_SETREG2((sc), AAC_SA_MASK0_CLEAR, AAC_DB_INTERRUPTS);
2565 	} else {
2566 		AAC_MEM0_SETREG2((sc), AAC_SA_MASK0_SET, ~0);
2567 	}
2568 }
2569 
2570 static void
2571 aac_rx_set_interrupts(struct aac_softc *sc, int enable)
2572 {
2573 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "%sable interrupts", enable ? "en" : "dis");
2574 
2575 	if (enable) {
2576 		if (sc->flags & AAC_FLAGS_NEW_COMM)
2577 			AAC_MEM0_SETREG4(sc, AAC_RX_OIMR, ~AAC_DB_INT_NEW_COMM);
2578 		else
2579 			AAC_MEM0_SETREG4(sc, AAC_RX_OIMR, ~AAC_DB_INTERRUPTS);
2580 	} else {
2581 		AAC_MEM0_SETREG4(sc, AAC_RX_OIMR, ~0);
2582 	}
2583 }
2584 
2585 static void
2586 aac_rkt_set_interrupts(struct aac_softc *sc, int enable)
2587 {
2588 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "%sable interrupts", enable ? "en" : "dis");
2589 
2590 	if (enable) {
2591 		if (sc->flags & AAC_FLAGS_NEW_COMM)
2592 			AAC_MEM0_SETREG4(sc, AAC_RKT_OIMR, ~AAC_DB_INT_NEW_COMM);
2593 		else
2594 			AAC_MEM0_SETREG4(sc, AAC_RKT_OIMR, ~AAC_DB_INTERRUPTS);
2595 	} else {
2596 		AAC_MEM0_SETREG4(sc, AAC_RKT_OIMR, ~0);
2597 	}
2598 }
2599 
2600 /*
2601  * New comm. interface: Send command functions
2602  */
2603 static int
2604 aac_rx_send_command(struct aac_softc *sc, struct aac_command *cm)
2605 {
2606 	u_int32_t index, device;
2607 
2608 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "send command (new comm.)");
2609 
2610 	index = AAC_MEM0_GETREG4(sc, AAC_RX_IQUE);
2611 	if (index == 0xffffffffL)
2612 		index = AAC_MEM0_GETREG4(sc, AAC_RX_IQUE);
2613 	if (index == 0xffffffffL)
2614 		return index;
2615 	aac_enqueue_busy(cm);
2616 	device = index;
2617 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys & 0xffffffffUL));
2618 	device += 4;
2619 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys >> 32));
2620 	device += 4;
2621 	AAC_MEM1_SETREG4(sc, device, cm->cm_fib->Header.Size);
2622 	AAC_MEM0_SETREG4(sc, AAC_RX_IQUE, index);
2623 	return 0;
2624 }
2625 
2626 static int
2627 aac_rkt_send_command(struct aac_softc *sc, struct aac_command *cm)
2628 {
2629 	u_int32_t index, device;
2630 
2631 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "send command (new comm.)");
2632 
2633 	index = AAC_MEM0_GETREG4(sc, AAC_RKT_IQUE);
2634 	if (index == 0xffffffffL)
2635 		index = AAC_MEM0_GETREG4(sc, AAC_RKT_IQUE);
2636 	if (index == 0xffffffffL)
2637 		return index;
2638 	aac_enqueue_busy(cm);
2639 	device = index;
2640 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys & 0xffffffffUL));
2641 	device += 4;
2642 	AAC_MEM1_SETREG4(sc, device, (u_int32_t)(cm->cm_fibphys >> 32));
2643 	device += 4;
2644 	AAC_MEM1_SETREG4(sc, device, cm->cm_fib->Header.Size);
2645 	AAC_MEM0_SETREG4(sc, AAC_RKT_IQUE, index);
2646 	return 0;
2647 }
2648 
2649 /*
2650  * New comm. interface: get, set outbound queue index
2651  */
2652 static int
2653 aac_rx_get_outb_queue(struct aac_softc *sc)
2654 {
2655 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2656 
2657 	return(AAC_MEM0_GETREG4(sc, AAC_RX_OQUE));
2658 }
2659 
2660 static int
2661 aac_rkt_get_outb_queue(struct aac_softc *sc)
2662 {
2663 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2664 
2665 	return(AAC_MEM0_GETREG4(sc, AAC_RKT_OQUE));
2666 }
2667 
2668 static void
2669 aac_rx_set_outb_queue(struct aac_softc *sc, int index)
2670 {
2671 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2672 
2673 	AAC_MEM0_SETREG4(sc, AAC_RX_OQUE, index);
2674 }
2675 
2676 static void
2677 aac_rkt_set_outb_queue(struct aac_softc *sc, int index)
2678 {
2679 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2680 
2681 	AAC_MEM0_SETREG4(sc, AAC_RKT_OQUE, index);
2682 }
2683 
2684 /*
2685  * Debugging and Diagnostics
2686  */
2687 
2688 /*
2689  * Print some information about the controller.
2690  */
2691 static void
2692 aac_describe_controller(struct aac_softc *sc)
2693 {
2694 	struct aac_fib *fib;
2695 	struct aac_adapter_info	*info;
2696 	char *adapter_type = "Adaptec RAID controller";
2697 
2698 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2699 
2700 	mtx_lock(&sc->aac_io_lock);
2701 	aac_alloc_sync_fib(sc, &fib);
2702 
2703 	fib->data[0] = 0;
2704 	if (aac_sync_fib(sc, RequestAdapterInfo, 0, fib, 1)) {
2705 		device_printf(sc->aac_dev, "RequestAdapterInfo failed\n");
2706 		aac_release_sync_fib(sc);
2707 		mtx_unlock(&sc->aac_io_lock);
2708 		return;
2709 	}
2710 
2711 	/* save the kernel revision structure for later use */
2712 	info = (struct aac_adapter_info *)&fib->data[0];
2713 	sc->aac_revision = info->KernelRevision;
2714 
2715 	if (bootverbose) {
2716 		device_printf(sc->aac_dev, "%s %dMHz, %dMB memory "
2717 		    "(%dMB cache, %dMB execution), %s\n",
2718 		    aac_describe_code(aac_cpu_variant, info->CpuVariant),
2719 		    info->ClockSpeed, info->TotalMem / (1024 * 1024),
2720 		    info->BufferMem / (1024 * 1024),
2721 		    info->ExecutionMem / (1024 * 1024),
2722 		    aac_describe_code(aac_battery_platform,
2723 		    info->batteryPlatform));
2724 
2725 		device_printf(sc->aac_dev,
2726 		    "Kernel %d.%d-%d, Build %d, S/N %6X\n",
2727 		    info->KernelRevision.external.comp.major,
2728 		    info->KernelRevision.external.comp.minor,
2729 		    info->KernelRevision.external.comp.dash,
2730 		    info->KernelRevision.buildNumber,
2731 		    (u_int32_t)(info->SerialNumber & 0xffffff));
2732 
2733 		device_printf(sc->aac_dev, "Supported Options=%b\n",
2734 			      sc->supported_options,
2735 			      "\20"
2736 			      "\1SNAPSHOT"
2737 			      "\2CLUSTERS"
2738 			      "\3WCACHE"
2739 			      "\4DATA64"
2740 			      "\5HOSTTIME"
2741 			      "\6RAID50"
2742 			      "\7WINDOW4GB"
2743 			      "\10SCSIUPGD"
2744 			      "\11SOFTERR"
2745 			      "\12NORECOND"
2746 			      "\13SGMAP64"
2747 			      "\14ALARM"
2748 			      "\15NONDASD"
2749 			      "\16SCSIMGT"
2750 			      "\17RAIDSCSI"
2751 			      "\21ADPTINFO"
2752 			      "\22NEWCOMM"
2753 			      "\23ARRAY64BIT"
2754 			      "\24HEATSENSOR");
2755 	}
2756 
2757 	if (sc->supported_options & AAC_SUPPORTED_SUPPLEMENT_ADAPTER_INFO) {
2758 		fib->data[0] = 0;
2759 		if (aac_sync_fib(sc, RequestSupplementAdapterInfo, 0, fib, 1))
2760 			device_printf(sc->aac_dev,
2761 			    "RequestSupplementAdapterInfo failed\n");
2762 		else
2763 			adapter_type = ((struct aac_supplement_adapter_info *)
2764 			    &fib->data[0])->AdapterTypeText;
2765 	}
2766 	device_printf(sc->aac_dev, "%s, aac driver %d.%d.%d-%d\n",
2767 		adapter_type,
2768 		AAC_DRIVER_MAJOR_VERSION, AAC_DRIVER_MINOR_VERSION,
2769 		AAC_DRIVER_BUGFIX_LEVEL, AAC_DRIVER_BUILD);
2770 
2771 	aac_release_sync_fib(sc);
2772 	mtx_unlock(&sc->aac_io_lock);
2773 }
2774 
2775 /*
2776  * Look up a text description of a numeric error code and return a pointer to
2777  * same.
2778  */
2779 static const char *
2780 aac_describe_code(const struct aac_code_lookup *table, u_int32_t code)
2781 {
2782 	int i;
2783 
2784 	for (i = 0; table[i].string != NULL; i++)
2785 		if (table[i].code == code)
2786 			return(table[i].string);
2787 	return(table[i + 1].string);
2788 }
2789 
2790 /*
2791  * Management Interface
2792  */
2793 
2794 static int
2795 aac_open(struct cdev *dev, int flags, int fmt, struct thread *td)
2796 {
2797 	struct aac_softc *sc;
2798 
2799 	sc = dev->si_drv1;
2800 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2801 	device_busy(sc->aac_dev);
2802 	devfs_set_cdevpriv(sc, aac_cdevpriv_dtor);
2803 
2804 	return 0;
2805 }
2806 
2807 static int
2808 aac_ioctl(struct cdev *dev, u_long cmd, caddr_t arg, int flag, struct thread *td)
2809 {
2810 	union aac_statrequest *as;
2811 	struct aac_softc *sc;
2812 	int error = 0;
2813 
2814 	as = (union aac_statrequest *)arg;
2815 	sc = dev->si_drv1;
2816 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2817 
2818 	switch (cmd) {
2819 	case AACIO_STATS:
2820 		switch (as->as_item) {
2821 		case AACQ_FREE:
2822 		case AACQ_BIO:
2823 		case AACQ_READY:
2824 		case AACQ_BUSY:
2825 			bcopy(&sc->aac_qstat[as->as_item], &as->as_qstat,
2826 			      sizeof(struct aac_qstat));
2827 			break;
2828 		default:
2829 			error = ENOENT;
2830 			break;
2831 		}
2832 	break;
2833 
2834 	case FSACTL_SENDFIB:
2835 	case FSACTL_SEND_LARGE_FIB:
2836 		arg = *(caddr_t*)arg;
2837 	case FSACTL_LNX_SENDFIB:
2838 	case FSACTL_LNX_SEND_LARGE_FIB:
2839 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_SENDFIB");
2840 		error = aac_ioctl_sendfib(sc, arg);
2841 		break;
2842 	case FSACTL_SEND_RAW_SRB:
2843 		arg = *(caddr_t*)arg;
2844 	case FSACTL_LNX_SEND_RAW_SRB:
2845 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_SEND_RAW_SRB");
2846 		error = aac_ioctl_send_raw_srb(sc, arg);
2847 		break;
2848 	case FSACTL_AIF_THREAD:
2849 	case FSACTL_LNX_AIF_THREAD:
2850 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_AIF_THREAD");
2851 		error = EINVAL;
2852 		break;
2853 	case FSACTL_OPEN_GET_ADAPTER_FIB:
2854 		arg = *(caddr_t*)arg;
2855 	case FSACTL_LNX_OPEN_GET_ADAPTER_FIB:
2856 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_OPEN_GET_ADAPTER_FIB");
2857 		error = aac_open_aif(sc, arg);
2858 		break;
2859 	case FSACTL_GET_NEXT_ADAPTER_FIB:
2860 		arg = *(caddr_t*)arg;
2861 	case FSACTL_LNX_GET_NEXT_ADAPTER_FIB:
2862 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_GET_NEXT_ADAPTER_FIB");
2863 		error = aac_getnext_aif(sc, arg);
2864 		break;
2865 	case FSACTL_CLOSE_GET_ADAPTER_FIB:
2866 		arg = *(caddr_t*)arg;
2867 	case FSACTL_LNX_CLOSE_GET_ADAPTER_FIB:
2868 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_CLOSE_GET_ADAPTER_FIB");
2869 		error = aac_close_aif(sc, arg);
2870 		break;
2871 	case FSACTL_MINIPORT_REV_CHECK:
2872 		arg = *(caddr_t*)arg;
2873 	case FSACTL_LNX_MINIPORT_REV_CHECK:
2874 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_MINIPORT_REV_CHECK");
2875 		error = aac_rev_check(sc, arg);
2876 		break;
2877 	case FSACTL_QUERY_DISK:
2878 		arg = *(caddr_t*)arg;
2879 	case FSACTL_LNX_QUERY_DISK:
2880 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_QUERY_DISK");
2881 		error = aac_query_disk(sc, arg);
2882 		break;
2883 	case FSACTL_DELETE_DISK:
2884 	case FSACTL_LNX_DELETE_DISK:
2885 		/*
2886 		 * We don't trust the underland to tell us when to delete a
2887 		 * container, rather we rely on an AIF coming from the
2888 		 * controller
2889 		 */
2890 		error = 0;
2891 		break;
2892 	case FSACTL_GET_PCI_INFO:
2893 		arg = *(caddr_t*)arg;
2894 	case FSACTL_LNX_GET_PCI_INFO:
2895 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_GET_PCI_INFO");
2896 		error = aac_get_pci_info(sc, arg);
2897 		break;
2898 	case FSACTL_GET_FEATURES:
2899 		arg = *(caddr_t*)arg;
2900 	case FSACTL_LNX_GET_FEATURES:
2901 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "FSACTL_GET_FEATURES");
2902 		error = aac_supported_features(sc, arg);
2903 		break;
2904 	default:
2905 		fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "unsupported cmd 0x%lx\n", cmd);
2906 		error = EINVAL;
2907 		break;
2908 	}
2909 	return(error);
2910 }
2911 
2912 static int
2913 aac_poll(struct cdev *dev, int poll_events, struct thread *td)
2914 {
2915 	struct aac_softc *sc;
2916 	struct aac_fib_context *ctx;
2917 	int revents;
2918 
2919 	sc = dev->si_drv1;
2920 	revents = 0;
2921 
2922 	mtx_lock(&sc->aac_aifq_lock);
2923 	if ((poll_events & (POLLRDNORM | POLLIN)) != 0) {
2924 		for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
2925 			if (ctx->ctx_idx != sc->aifq_idx || ctx->ctx_wrap) {
2926 				revents |= poll_events & (POLLIN | POLLRDNORM);
2927 				break;
2928 			}
2929 		}
2930 	}
2931 	mtx_unlock(&sc->aac_aifq_lock);
2932 
2933 	if (revents == 0) {
2934 		if (poll_events & (POLLIN | POLLRDNORM))
2935 			selrecord(td, &sc->rcv_select);
2936 	}
2937 
2938 	return (revents);
2939 }
2940 
2941 static void
2942 aac_ioctl_event(struct aac_softc *sc, struct aac_event *event, void *arg)
2943 {
2944 
2945 	switch (event->ev_type) {
2946 	case AAC_EVENT_CMFREE:
2947 		mtx_assert(&sc->aac_io_lock, MA_OWNED);
2948 		if (aac_alloc_command(sc, (struct aac_command **)arg)) {
2949 			aac_add_event(sc, event);
2950 			return;
2951 		}
2952 		free(event, M_AACBUF);
2953 		wakeup(arg);
2954 		break;
2955 	default:
2956 		break;
2957 	}
2958 }
2959 
2960 /*
2961  * Send a FIB supplied from userspace
2962  */
2963 static int
2964 aac_ioctl_sendfib(struct aac_softc *sc, caddr_t ufib)
2965 {
2966 	struct aac_command *cm;
2967 	int size, error;
2968 
2969 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
2970 
2971 	cm = NULL;
2972 
2973 	/*
2974 	 * Get a command
2975 	 */
2976 	mtx_lock(&sc->aac_io_lock);
2977 	if (aac_alloc_command(sc, &cm)) {
2978 		struct aac_event *event;
2979 
2980 		event = malloc(sizeof(struct aac_event), M_AACBUF,
2981 		    M_NOWAIT | M_ZERO);
2982 		if (event == NULL) {
2983 			error = EBUSY;
2984 			mtx_unlock(&sc->aac_io_lock);
2985 			goto out;
2986 		}
2987 		event->ev_type = AAC_EVENT_CMFREE;
2988 		event->ev_callback = aac_ioctl_event;
2989 		event->ev_arg = &cm;
2990 		aac_add_event(sc, event);
2991 		msleep(&cm, &sc->aac_io_lock, 0, "sendfib", 0);
2992 	}
2993 	mtx_unlock(&sc->aac_io_lock);
2994 
2995 	/*
2996 	 * Fetch the FIB header, then re-copy to get data as well.
2997 	 */
2998 	if ((error = copyin(ufib, cm->cm_fib,
2999 			    sizeof(struct aac_fib_header))) != 0)
3000 		goto out;
3001 	size = cm->cm_fib->Header.Size + sizeof(struct aac_fib_header);
3002 	if (size > sc->aac_max_fib_size) {
3003 		device_printf(sc->aac_dev, "incoming FIB oversized (%d > %d)\n",
3004 			      size, sc->aac_max_fib_size);
3005 		size = sc->aac_max_fib_size;
3006 	}
3007 	if ((error = copyin(ufib, cm->cm_fib, size)) != 0)
3008 		goto out;
3009 	cm->cm_fib->Header.Size = size;
3010 	cm->cm_timestamp = time_uptime;
3011 
3012 	/*
3013 	 * Pass the FIB to the controller, wait for it to complete.
3014 	 */
3015 	mtx_lock(&sc->aac_io_lock);
3016 	error = aac_wait_command(cm);
3017 	mtx_unlock(&sc->aac_io_lock);
3018 	if (error != 0) {
3019 		device_printf(sc->aac_dev,
3020 			      "aac_wait_command return %d\n", error);
3021 		goto out;
3022 	}
3023 
3024 	/*
3025 	 * Copy the FIB and data back out to the caller.
3026 	 */
3027 	size = cm->cm_fib->Header.Size;
3028 	if (size > sc->aac_max_fib_size) {
3029 		device_printf(sc->aac_dev, "outbound FIB oversized (%d > %d)\n",
3030 			      size, sc->aac_max_fib_size);
3031 		size = sc->aac_max_fib_size;
3032 	}
3033 	error = copyout(cm->cm_fib, ufib, size);
3034 
3035 out:
3036 	if (cm != NULL) {
3037 		mtx_lock(&sc->aac_io_lock);
3038 		aac_release_command(cm);
3039 		mtx_unlock(&sc->aac_io_lock);
3040 	}
3041 	return(error);
3042 }
3043 
3044 /*
3045  * Send a passthrough FIB supplied from userspace
3046  */
3047 static int
3048 aac_ioctl_send_raw_srb(struct aac_softc *sc, caddr_t arg)
3049 {
3050 	struct aac_command *cm;
3051 	struct aac_event *event;
3052 	struct aac_fib *fib;
3053 	struct aac_srb *srbcmd, *user_srb;
3054 	struct aac_sg_entry *sge;
3055 	struct aac_sg_entry64 *sge64;
3056 	void *srb_sg_address, *ureply;
3057 	uint32_t fibsize, srb_sg_bytecount;
3058 	int error, transfer_data;
3059 
3060 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3061 
3062 	cm = NULL;
3063 	transfer_data = 0;
3064 	fibsize = 0;
3065 	user_srb = (struct aac_srb *)arg;
3066 
3067 	mtx_lock(&sc->aac_io_lock);
3068 	if (aac_alloc_command(sc, &cm)) {
3069 		 event = malloc(sizeof(struct aac_event), M_AACBUF,
3070 		    M_NOWAIT | M_ZERO);
3071 		if (event == NULL) {
3072 			error = EBUSY;
3073 			mtx_unlock(&sc->aac_io_lock);
3074 			goto out;
3075 		}
3076 		event->ev_type = AAC_EVENT_CMFREE;
3077 		event->ev_callback = aac_ioctl_event;
3078 		event->ev_arg = &cm;
3079 		aac_add_event(sc, event);
3080 		msleep(cm, &sc->aac_io_lock, 0, "aacraw", 0);
3081 	}
3082 	mtx_unlock(&sc->aac_io_lock);
3083 
3084 	cm->cm_data = NULL;
3085 	fib = cm->cm_fib;
3086 	srbcmd = (struct aac_srb *)fib->data;
3087 	error = copyin(&user_srb->data_len, &fibsize, sizeof(uint32_t));
3088 	if (error != 0)
3089 		goto out;
3090 	if (fibsize > (sc->aac_max_fib_size - sizeof(struct aac_fib_header))) {
3091 		error = EINVAL;
3092 		goto out;
3093 	}
3094 	error = copyin(user_srb, srbcmd, fibsize);
3095 	if (error != 0)
3096 		goto out;
3097 	srbcmd->function = 0;
3098 	srbcmd->retry_limit = 0;
3099 	if (srbcmd->sg_map.SgCount > 1) {
3100 		error = EINVAL;
3101 		goto out;
3102 	}
3103 
3104 	/* Retrieve correct SG entries. */
3105 	if (fibsize == (sizeof(struct aac_srb) +
3106 	    srbcmd->sg_map.SgCount * sizeof(struct aac_sg_entry))) {
3107 		struct aac_sg_entry sg;
3108 
3109 		sge = srbcmd->sg_map.SgEntry;
3110 		sge64 = NULL;
3111 
3112 		if ((error = copyin(sge, &sg, sizeof(sg))) != 0)
3113 			goto out;
3114 
3115 		srb_sg_bytecount = sg.SgByteCount;
3116 		srb_sg_address = (void *)(uintptr_t)sg.SgAddress;
3117 	}
3118 #ifdef __amd64__
3119 	else if (fibsize == (sizeof(struct aac_srb) +
3120 	    srbcmd->sg_map.SgCount * sizeof(struct aac_sg_entry64))) {
3121 		struct aac_sg_entry64 sg;
3122 
3123 		sge = NULL;
3124 		sge64 = (struct aac_sg_entry64 *)srbcmd->sg_map.SgEntry;
3125 
3126 		if ((error = copyin(sge64, &sg, sizeof(sg))) != 0)
3127 			goto out;
3128 
3129 		srb_sg_bytecount = sg.SgByteCount;
3130 		srb_sg_address = (void *)sg.SgAddress;
3131 		if (sge64->SgAddress > 0xffffffffull &&
3132 		    (sc->flags & AAC_FLAGS_SG_64BIT) == 0) {
3133 			error = EINVAL;
3134 			goto out;
3135 		}
3136 	}
3137 #endif
3138 	else {
3139 		error = EINVAL;
3140 		goto out;
3141 	}
3142 	ureply = (char *)arg + fibsize;
3143 	srbcmd->data_len = srb_sg_bytecount;
3144 	if (srbcmd->sg_map.SgCount == 1)
3145 		transfer_data = 1;
3146 
3147 	cm->cm_sgtable = (struct aac_sg_table *)&srbcmd->sg_map;
3148 	if (transfer_data) {
3149 		cm->cm_datalen = srb_sg_bytecount;
3150 		cm->cm_data = malloc(cm->cm_datalen, M_AACBUF, M_NOWAIT);
3151 		if (cm->cm_data == NULL) {
3152 			error = ENOMEM;
3153 			goto out;
3154 		}
3155 		if (srbcmd->flags & AAC_SRB_FLAGS_DATA_IN)
3156 			cm->cm_flags |= AAC_CMD_DATAIN;
3157 		if (srbcmd->flags & AAC_SRB_FLAGS_DATA_OUT) {
3158 			cm->cm_flags |= AAC_CMD_DATAOUT;
3159 			error = copyin(srb_sg_address, cm->cm_data,
3160 			    cm->cm_datalen);
3161 			if (error != 0)
3162 				goto out;
3163 		}
3164 	}
3165 
3166 	fib->Header.Size = sizeof(struct aac_fib_header) +
3167 	    sizeof(struct aac_srb);
3168 	fib->Header.XferState =
3169 	    AAC_FIBSTATE_HOSTOWNED   |
3170 	    AAC_FIBSTATE_INITIALISED |
3171 	    AAC_FIBSTATE_EMPTY       |
3172 	    AAC_FIBSTATE_FROMHOST    |
3173 	    AAC_FIBSTATE_REXPECTED   |
3174 	    AAC_FIBSTATE_NORM        |
3175 	    AAC_FIBSTATE_ASYNC       |
3176 	    AAC_FIBSTATE_FAST_RESPONSE;
3177 	fib->Header.Command = (sc->flags & AAC_FLAGS_SG_64BIT) != 0 ?
3178 	    ScsiPortCommandU64 : ScsiPortCommand;
3179 
3180 	mtx_lock(&sc->aac_io_lock);
3181 	aac_wait_command(cm);
3182 	mtx_unlock(&sc->aac_io_lock);
3183 
3184 	if (transfer_data && (srbcmd->flags & AAC_SRB_FLAGS_DATA_IN) != 0) {
3185 		error = copyout(cm->cm_data, srb_sg_address, cm->cm_datalen);
3186 		if (error != 0)
3187 			goto out;
3188 	}
3189 	error = copyout(fib->data, ureply, sizeof(struct aac_srb_response));
3190 out:
3191 	if (cm != NULL) {
3192 		if (cm->cm_data != NULL)
3193 			free(cm->cm_data, M_AACBUF);
3194 		mtx_lock(&sc->aac_io_lock);
3195 		aac_release_command(cm);
3196 		mtx_unlock(&sc->aac_io_lock);
3197 	}
3198 	return(error);
3199 }
3200 
3201 /*
3202  * cdevpriv interface private destructor.
3203  */
3204 static void
3205 aac_cdevpriv_dtor(void *arg)
3206 {
3207 	struct aac_softc *sc;
3208 
3209 	sc = arg;
3210 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3211 	mtx_lock(&Giant);
3212 	device_unbusy(sc->aac_dev);
3213 	mtx_unlock(&Giant);
3214 }
3215 
3216 /*
3217  * Handle an AIF sent to us by the controller; queue it for later reference.
3218  * If the queue fills up, then drop the older entries.
3219  */
3220 static void
3221 aac_handle_aif(struct aac_softc *sc, struct aac_fib *fib)
3222 {
3223 	struct aac_aif_command *aif;
3224 	struct aac_container *co, *co_next;
3225 	struct aac_fib_context *ctx;
3226 	struct aac_mntinforesp *mir;
3227 	int next, current, found;
3228 	int count = 0, added = 0, i = 0;
3229 	uint32_t channel;
3230 
3231 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3232 
3233 	aif = (struct aac_aif_command*)&fib->data[0];
3234 	aac_print_aif(sc, aif);
3235 
3236 	/* Is it an event that we should care about? */
3237 	switch (aif->command) {
3238 	case AifCmdEventNotify:
3239 		switch (aif->data.EN.type) {
3240 		case AifEnAddContainer:
3241 		case AifEnDeleteContainer:
3242 			/*
3243 			 * A container was added or deleted, but the message
3244 			 * doesn't tell us anything else!  Re-enumerate the
3245 			 * containers and sort things out.
3246 			 */
3247 			aac_alloc_sync_fib(sc, &fib);
3248 			do {
3249 				/*
3250 				 * Ask the controller for its containers one at
3251 				 * a time.
3252 				 * XXX What if the controller's list changes
3253 				 * midway through this enumaration?
3254 				 * XXX This should be done async.
3255 				 */
3256 				if ((mir = aac_get_container_info(sc, fib, i)) == NULL)
3257 					continue;
3258 				if (i == 0)
3259 					count = mir->MntRespCount;
3260 				/*
3261 				 * Check the container against our list.
3262 				 * co->co_found was already set to 0 in a
3263 				 * previous run.
3264 				 */
3265 				if ((mir->Status == ST_OK) &&
3266 				    (mir->MntTable[0].VolType != CT_NONE)) {
3267 					found = 0;
3268 					TAILQ_FOREACH(co,
3269 						      &sc->aac_container_tqh,
3270 						      co_link) {
3271 						if (co->co_mntobj.ObjectId ==
3272 						    mir->MntTable[0].ObjectId) {
3273 							co->co_found = 1;
3274 							found = 1;
3275 							break;
3276 						}
3277 					}
3278 					/*
3279 					 * If the container matched, continue
3280 					 * in the list.
3281 					 */
3282 					if (found) {
3283 						i++;
3284 						continue;
3285 					}
3286 
3287 					/*
3288 					 * This is a new container.  Do all the
3289 					 * appropriate things to set it up.
3290 					 */
3291 					aac_add_container(sc, mir, 1);
3292 					added = 1;
3293 				}
3294 				i++;
3295 			} while ((i < count) && (i < AAC_MAX_CONTAINERS));
3296 			aac_release_sync_fib(sc);
3297 
3298 			/*
3299 			 * Go through our list of containers and see which ones
3300 			 * were not marked 'found'.  Since the controller didn't
3301 			 * list them they must have been deleted.  Do the
3302 			 * appropriate steps to destroy the device.  Also reset
3303 			 * the co->co_found field.
3304 			 */
3305 			co = TAILQ_FIRST(&sc->aac_container_tqh);
3306 			while (co != NULL) {
3307 				if (co->co_found == 0) {
3308 					mtx_unlock(&sc->aac_io_lock);
3309 					mtx_lock(&Giant);
3310 					device_delete_child(sc->aac_dev,
3311 							    co->co_disk);
3312 					mtx_unlock(&Giant);
3313 					mtx_lock(&sc->aac_io_lock);
3314 					co_next = TAILQ_NEXT(co, co_link);
3315 					mtx_lock(&sc->aac_container_lock);
3316 					TAILQ_REMOVE(&sc->aac_container_tqh, co,
3317 						     co_link);
3318 					mtx_unlock(&sc->aac_container_lock);
3319 					free(co, M_AACBUF);
3320 					co = co_next;
3321 				} else {
3322 					co->co_found = 0;
3323 					co = TAILQ_NEXT(co, co_link);
3324 				}
3325 			}
3326 
3327 			/* Attach the newly created containers */
3328 			if (added) {
3329 				mtx_unlock(&sc->aac_io_lock);
3330 				mtx_lock(&Giant);
3331 				bus_generic_attach(sc->aac_dev);
3332 				mtx_unlock(&Giant);
3333 				mtx_lock(&sc->aac_io_lock);
3334 			}
3335 
3336 			break;
3337 
3338 		case AifEnEnclosureManagement:
3339 			switch (aif->data.EN.data.EEE.eventType) {
3340 			case AIF_EM_DRIVE_INSERTION:
3341 			case AIF_EM_DRIVE_REMOVAL:
3342 				channel = aif->data.EN.data.EEE.unitID;
3343 				if (sc->cam_rescan_cb != NULL)
3344 					sc->cam_rescan_cb(sc,
3345 					    (channel >> 24) & 0xF,
3346 					    (channel & 0xFFFF));
3347 				break;
3348 			}
3349 			break;
3350 
3351 		case AifEnAddJBOD:
3352 		case AifEnDeleteJBOD:
3353 			channel = aif->data.EN.data.ECE.container;
3354 			if (sc->cam_rescan_cb != NULL)
3355 				sc->cam_rescan_cb(sc, (channel >> 24) & 0xF,
3356 				    AAC_CAM_TARGET_WILDCARD);
3357 			break;
3358 
3359 		default:
3360 			break;
3361 		}
3362 
3363 	default:
3364 		break;
3365 	}
3366 
3367 	/* Copy the AIF data to the AIF queue for ioctl retrieval */
3368 	mtx_lock(&sc->aac_aifq_lock);
3369 	current = sc->aifq_idx;
3370 	next = (current + 1) % AAC_AIFQ_LENGTH;
3371 	if (next == 0)
3372 		sc->aifq_filled = 1;
3373 	bcopy(fib, &sc->aac_aifq[current], sizeof(struct aac_fib));
3374 	/* modify AIF contexts */
3375 	if (sc->aifq_filled) {
3376 		for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
3377 			if (next == ctx->ctx_idx)
3378 				ctx->ctx_wrap = 1;
3379 			else if (current == ctx->ctx_idx && ctx->ctx_wrap)
3380 				ctx->ctx_idx = next;
3381 		}
3382 	}
3383 	sc->aifq_idx = next;
3384 	/* On the off chance that someone is sleeping for an aif... */
3385 	if (sc->aac_state & AAC_STATE_AIF_SLEEPER)
3386 		wakeup(sc->aac_aifq);
3387 	/* Wakeup any poll()ers */
3388 	selwakeuppri(&sc->rcv_select, PRIBIO);
3389 	mtx_unlock(&sc->aac_aifq_lock);
3390 }
3391 
3392 /*
3393  * Return the Revision of the driver to userspace and check to see if the
3394  * userspace app is possibly compatible.  This is extremely bogus since
3395  * our driver doesn't follow Adaptec's versioning system.  Cheat by just
3396  * returning what the card reported.
3397  */
3398 static int
3399 aac_rev_check(struct aac_softc *sc, caddr_t udata)
3400 {
3401 	struct aac_rev_check rev_check;
3402 	struct aac_rev_check_resp rev_check_resp;
3403 	int error = 0;
3404 
3405 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3406 
3407 	/*
3408 	 * Copyin the revision struct from userspace
3409 	 */
3410 	if ((error = copyin(udata, (caddr_t)&rev_check,
3411 			sizeof(struct aac_rev_check))) != 0) {
3412 		return error;
3413 	}
3414 
3415 	fwprintf(sc, HBA_FLAGS_DBG_IOCTL_COMMANDS_B, "Userland revision= %d\n",
3416 	      rev_check.callingRevision.buildNumber);
3417 
3418 	/*
3419 	 * Doctor up the response struct.
3420 	 */
3421 	rev_check_resp.possiblyCompatible = 1;
3422 	rev_check_resp.adapterSWRevision.external.comp.major =
3423 	    AAC_DRIVER_MAJOR_VERSION;
3424 	rev_check_resp.adapterSWRevision.external.comp.minor =
3425 	    AAC_DRIVER_MINOR_VERSION;
3426 	rev_check_resp.adapterSWRevision.external.comp.type =
3427 	    AAC_DRIVER_TYPE;
3428 	rev_check_resp.adapterSWRevision.external.comp.dash =
3429 	    AAC_DRIVER_BUGFIX_LEVEL;
3430 	rev_check_resp.adapterSWRevision.buildNumber =
3431 	    AAC_DRIVER_BUILD;
3432 
3433 	return(copyout((caddr_t)&rev_check_resp, udata,
3434 			sizeof(struct aac_rev_check_resp)));
3435 }
3436 
3437 /*
3438  * Pass the fib context to the caller
3439  */
3440 static int
3441 aac_open_aif(struct aac_softc *sc, caddr_t arg)
3442 {
3443 	struct aac_fib_context *fibctx, *ctx;
3444 	int error = 0;
3445 
3446 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3447 
3448 	fibctx = malloc(sizeof(struct aac_fib_context), M_AACBUF, M_NOWAIT|M_ZERO);
3449 	if (fibctx == NULL)
3450 		return (ENOMEM);
3451 
3452 	mtx_lock(&sc->aac_aifq_lock);
3453 	/* all elements are already 0, add to queue */
3454 	if (sc->fibctx == NULL)
3455 		sc->fibctx = fibctx;
3456 	else {
3457 		for (ctx = sc->fibctx; ctx->next; ctx = ctx->next)
3458 			;
3459 		ctx->next = fibctx;
3460 		fibctx->prev = ctx;
3461 	}
3462 
3463 	/* evaluate unique value */
3464 	fibctx->unique = (*(u_int32_t *)&fibctx & 0xffffffff);
3465 	ctx = sc->fibctx;
3466 	while (ctx != fibctx) {
3467 		if (ctx->unique == fibctx->unique) {
3468 			fibctx->unique++;
3469 			ctx = sc->fibctx;
3470 		} else {
3471 			ctx = ctx->next;
3472 		}
3473 	}
3474 	mtx_unlock(&sc->aac_aifq_lock);
3475 
3476 	error = copyout(&fibctx->unique, (void *)arg, sizeof(u_int32_t));
3477 	if (error)
3478 		aac_close_aif(sc, (caddr_t)ctx);
3479 	return error;
3480 }
3481 
3482 /*
3483  * Close the caller's fib context
3484  */
3485 static int
3486 aac_close_aif(struct aac_softc *sc, caddr_t arg)
3487 {
3488 	struct aac_fib_context *ctx;
3489 
3490 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3491 
3492 	mtx_lock(&sc->aac_aifq_lock);
3493 	for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
3494 		if (ctx->unique == *(uint32_t *)&arg) {
3495 			if (ctx == sc->fibctx)
3496 				sc->fibctx = NULL;
3497 			else {
3498 				ctx->prev->next = ctx->next;
3499 				if (ctx->next)
3500 					ctx->next->prev = ctx->prev;
3501 			}
3502 			break;
3503 		}
3504 	}
3505 	mtx_unlock(&sc->aac_aifq_lock);
3506 	if (ctx)
3507 		free(ctx, M_AACBUF);
3508 
3509 	return 0;
3510 }
3511 
3512 /*
3513  * Pass the caller the next AIF in their queue
3514  */
3515 static int
3516 aac_getnext_aif(struct aac_softc *sc, caddr_t arg)
3517 {
3518 	struct get_adapter_fib_ioctl agf;
3519 	struct aac_fib_context *ctx;
3520 	int error;
3521 
3522 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3523 
3524 	if ((error = copyin(arg, &agf, sizeof(agf))) == 0) {
3525 		for (ctx = sc->fibctx; ctx; ctx = ctx->next) {
3526 			if (agf.AdapterFibContext == ctx->unique)
3527 				break;
3528 		}
3529 		if (!ctx)
3530 			return (EFAULT);
3531 
3532 		error = aac_return_aif(sc, ctx, agf.AifFib);
3533 		if (error == EAGAIN && agf.Wait) {
3534 			fwprintf(sc, HBA_FLAGS_DBG_AIF_B, "aac_getnext_aif(): waiting for AIF");
3535 			sc->aac_state |= AAC_STATE_AIF_SLEEPER;
3536 			while (error == EAGAIN) {
3537 				error = tsleep(sc->aac_aifq, PRIBIO |
3538 					       PCATCH, "aacaif", 0);
3539 				if (error == 0)
3540 					error = aac_return_aif(sc, ctx, agf.AifFib);
3541 			}
3542 			sc->aac_state &= ~AAC_STATE_AIF_SLEEPER;
3543 		}
3544 	}
3545 	return(error);
3546 }
3547 
3548 /*
3549  * Hand the next AIF off the top of the queue out to userspace.
3550  */
3551 static int
3552 aac_return_aif(struct aac_softc *sc, struct aac_fib_context *ctx, caddr_t uptr)
3553 {
3554 	int current, error;
3555 
3556 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3557 
3558 	mtx_lock(&sc->aac_aifq_lock);
3559 	current = ctx->ctx_idx;
3560 	if (current == sc->aifq_idx && !ctx->ctx_wrap) {
3561 		/* empty */
3562 		mtx_unlock(&sc->aac_aifq_lock);
3563 		return (EAGAIN);
3564 	}
3565 	error =
3566 		copyout(&sc->aac_aifq[current], (void *)uptr, sizeof(struct aac_fib));
3567 	if (error)
3568 		device_printf(sc->aac_dev,
3569 		    "aac_return_aif: copyout returned %d\n", error);
3570 	else {
3571 		ctx->ctx_wrap = 0;
3572 		ctx->ctx_idx = (current + 1) % AAC_AIFQ_LENGTH;
3573 	}
3574 	mtx_unlock(&sc->aac_aifq_lock);
3575 	return(error);
3576 }
3577 
3578 static int
3579 aac_get_pci_info(struct aac_softc *sc, caddr_t uptr)
3580 {
3581 	struct aac_pci_info {
3582 		u_int32_t bus;
3583 		u_int32_t slot;
3584 	} pciinf;
3585 	int error;
3586 
3587 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3588 
3589 	pciinf.bus = pci_get_bus(sc->aac_dev);
3590 	pciinf.slot = pci_get_slot(sc->aac_dev);
3591 
3592 	error = copyout((caddr_t)&pciinf, uptr,
3593 			sizeof(struct aac_pci_info));
3594 
3595 	return (error);
3596 }
3597 
3598 static int
3599 aac_supported_features(struct aac_softc *sc, caddr_t uptr)
3600 {
3601 	struct aac_features f;
3602 	int error;
3603 
3604 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3605 
3606 	if ((error = copyin(uptr, &f, sizeof (f))) != 0)
3607 		return (error);
3608 
3609 	/*
3610 	 * When the management driver receives FSACTL_GET_FEATURES ioctl with
3611 	 * ALL zero in the featuresState, the driver will return the current
3612 	 * state of all the supported features, the data field will not be
3613 	 * valid.
3614 	 * When the management driver receives FSACTL_GET_FEATURES ioctl with
3615 	 * a specific bit set in the featuresState, the driver will return the
3616 	 * current state of this specific feature and whatever data that are
3617 	 * associated with the feature in the data field or perform whatever
3618 	 * action needed indicates in the data field.
3619 	 */
3620 	if (f.feat.fValue == 0) {
3621 		f.feat.fBits.largeLBA =
3622 		    (sc->flags & AAC_FLAGS_LBA_64BIT) ? 1 : 0;
3623 		/* TODO: In the future, add other features state here as well */
3624 	} else {
3625 		if (f.feat.fBits.largeLBA)
3626 			f.feat.fBits.largeLBA =
3627 			    (sc->flags & AAC_FLAGS_LBA_64BIT) ? 1 : 0;
3628 		/* TODO: Add other features state and data in the future */
3629 	}
3630 
3631 	error = copyout(&f, uptr, sizeof (f));
3632 	return (error);
3633 }
3634 
3635 /*
3636  * Give the userland some information about the container.  The AAC arch
3637  * expects the driver to be a SCSI passthrough type driver, so it expects
3638  * the containers to have b:t:l numbers.  Fake it.
3639  */
3640 static int
3641 aac_query_disk(struct aac_softc *sc, caddr_t uptr)
3642 {
3643 	struct aac_query_disk query_disk;
3644 	struct aac_container *co;
3645 	struct aac_disk	*disk;
3646 	int error, id;
3647 
3648 	fwprintf(sc, HBA_FLAGS_DBG_FUNCTION_ENTRY_B, "");
3649 
3650 	disk = NULL;
3651 
3652 	error = copyin(uptr, (caddr_t)&query_disk,
3653 		       sizeof(struct aac_query_disk));
3654 	if (error)
3655 		return (error);
3656 
3657 	id = query_disk.ContainerNumber;
3658 	if (id == -1)
3659 		return (EINVAL);
3660 
3661 	mtx_lock(&sc->aac_container_lock);
3662 	TAILQ_FOREACH(co, &sc->aac_container_tqh, co_link) {
3663 		if (co->co_mntobj.ObjectId == id)
3664 			break;
3665 		}
3666 
3667 	if (co == NULL) {
3668 			query_disk.Valid = 0;
3669 			query_disk.Locked = 0;
3670 			query_disk.Deleted = 1;		/* XXX is this right? */
3671 	} else {
3672 		disk = device_get_softc(co->co_disk);
3673 		query_disk.Valid = 1;
3674 		query_disk.Locked =
3675 		    (disk->ad_flags & AAC_DISK_OPEN) ? 1 : 0;
3676 		query_disk.Deleted = 0;
3677 		query_disk.Bus = device_get_unit(sc->aac_dev);
3678 		query_disk.Target = disk->unit;
3679 		query_disk.Lun = 0;
3680 		query_disk.UnMapped = 0;
3681 		sprintf(&query_disk.diskDeviceName[0], "%s%d",
3682 			disk->ad_disk->d_name, disk->ad_disk->d_unit);
3683 	}
3684 	mtx_unlock(&sc->aac_container_lock);
3685 
3686 	error = copyout((caddr_t)&query_disk, uptr,
3687 			sizeof(struct aac_query_disk));
3688 
3689 	return (error);
3690 }
3691 
3692 static void
3693 aac_get_bus_info(struct aac_softc *sc)
3694 {
3695 	struct aac_fib *fib;
3696 	struct aac_ctcfg *c_cmd;
3697 	struct aac_ctcfg_resp *c_resp;
3698 	struct aac_vmioctl *vmi;
3699 	struct aac_vmi_businf_resp *vmi_resp;
3700 	struct aac_getbusinf businfo;
3701 	struct aac_sim *caminf;
3702 	device_t child;
3703 	int i, found, error;
3704 
3705 	mtx_lock(&sc->aac_io_lock);
3706 	aac_alloc_sync_fib(sc, &fib);
3707 	c_cmd = (struct aac_ctcfg *)&fib->data[0];
3708 	bzero(c_cmd, sizeof(struct aac_ctcfg));
3709 
3710 	c_cmd->Command = VM_ContainerConfig;
3711 	c_cmd->cmd = CT_GET_SCSI_METHOD;
3712 	c_cmd->param = 0;
3713 
3714 	error = aac_sync_fib(sc, ContainerCommand, 0, fib,
3715 	    sizeof(struct aac_ctcfg));
3716 	if (error) {
3717 		device_printf(sc->aac_dev, "Error %d sending "
3718 		    "VM_ContainerConfig command\n", error);
3719 		aac_release_sync_fib(sc);
3720 		mtx_unlock(&sc->aac_io_lock);
3721 		return;
3722 	}
3723 
3724 	c_resp = (struct aac_ctcfg_resp *)&fib->data[0];
3725 	if (c_resp->Status != ST_OK) {
3726 		device_printf(sc->aac_dev, "VM_ContainerConfig returned 0x%x\n",
3727 		    c_resp->Status);
3728 		aac_release_sync_fib(sc);
3729 		mtx_unlock(&sc->aac_io_lock);
3730 		return;
3731 	}
3732 
3733 	sc->scsi_method_id = c_resp->param;
3734 
3735 	vmi = (struct aac_vmioctl *)&fib->data[0];
3736 	bzero(vmi, sizeof(struct aac_vmioctl));
3737 
3738 	vmi->Command = VM_Ioctl;
3739 	vmi->ObjType = FT_DRIVE;
3740 	vmi->MethId = sc->scsi_method_id;
3741 	vmi->ObjId = 0;
3742 	vmi->IoctlCmd = GetBusInfo;
3743 
3744 	error = aac_sync_fib(sc, ContainerCommand, 0, fib,
3745 	    sizeof(struct aac_vmi_businf_resp));
3746 	if (error) {
3747 		device_printf(sc->aac_dev, "Error %d sending VMIoctl command\n",
3748 		    error);
3749 		aac_release_sync_fib(sc);
3750 		mtx_unlock(&sc->aac_io_lock);
3751 		return;
3752 	}
3753 
3754 	vmi_resp = (struct aac_vmi_businf_resp *)&fib->data[0];
3755 	if (vmi_resp->Status != ST_OK) {
3756 		device_printf(sc->aac_dev, "VM_Ioctl returned %d\n",
3757 		    vmi_resp->Status);
3758 		aac_release_sync_fib(sc);
3759 		mtx_unlock(&sc->aac_io_lock);
3760 		return;
3761 	}
3762 
3763 	bcopy(&vmi_resp->BusInf, &businfo, sizeof(struct aac_getbusinf));
3764 	aac_release_sync_fib(sc);
3765 	mtx_unlock(&sc->aac_io_lock);
3766 
3767 	found = 0;
3768 	for (i = 0; i < businfo.BusCount; i++) {
3769 		if (businfo.BusValid[i] != AAC_BUS_VALID)
3770 			continue;
3771 
3772 		caminf = (struct aac_sim *)malloc( sizeof(struct aac_sim),
3773 		    M_AACBUF, M_NOWAIT | M_ZERO);
3774 		if (caminf == NULL) {
3775 			device_printf(sc->aac_dev,
3776 			    "No memory to add passthrough bus %d\n", i);
3777 			break;
3778 		}
3779 
3780 		child = device_add_child(sc->aac_dev, "aacp", -1);
3781 		if (child == NULL) {
3782 			device_printf(sc->aac_dev,
3783 			    "device_add_child failed for passthrough bus %d\n",
3784 			    i);
3785 			free(caminf, M_AACBUF);
3786 			break;
3787 		}
3788 
3789 		caminf->TargetsPerBus = businfo.TargetsPerBus;
3790 		caminf->BusNumber = i;
3791 		caminf->InitiatorBusId = businfo.InitiatorBusId[i];
3792 		caminf->aac_sc = sc;
3793 		caminf->sim_dev = child;
3794 
3795 		device_set_ivars(child, caminf);
3796 		device_set_desc(child, "SCSI Passthrough Bus");
3797 		TAILQ_INSERT_TAIL(&sc->aac_sim_tqh, caminf, sim_link);
3798 
3799 		found = 1;
3800 	}
3801 
3802 	if (found)
3803 		bus_generic_attach(sc->aac_dev);
3804 }
3805