xref: /freebsd/sys/dev/ciss/ciss.c (revision b64c5a0ace59af62eff52bfe110a521dc73c937b)
1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
3  *
4  * Copyright (c) 2001 Michael Smith
5  * Copyright (c) 2004 Paul Saab
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 /*
31  * Common Interface for SCSI-3 Support driver.
32  *
33  * CISS claims to provide a common interface between a generic SCSI
34  * transport and an intelligent host adapter.
35  *
36  * This driver supports CISS as defined in the document "CISS Command
37  * Interface for SCSI-3 Support Open Specification", Version 1.04,
38  * Valence Number 1, dated 20001127, produced by Compaq Computer
39  * Corporation.  This document appears to be a hastily and somewhat
40  * arbitrarlily cut-down version of a larger (and probably even more
41  * chaotic and inconsistent) Compaq internal document.  Various
42  * details were also gleaned from Compaq's "cciss" driver for Linux.
43  *
44  * We provide a shim layer between the CISS interface and CAM,
45  * offloading most of the queueing and being-a-disk chores onto CAM.
46  * Entry to the driver is via the PCI bus attachment (ciss_probe,
47  * ciss_attach, etc) and via the CAM interface (ciss_cam_action,
48  * ciss_cam_poll).  The Compaq CISS adapters are, however, poor SCSI
49  * citizens and we have to fake up some responses to get reasonable
50  * behaviour out of them.  In addition, the CISS command set is by no
51  * means adequate to support the functionality of a RAID controller,
52  * and thus the supported Compaq adapters utilise portions of the
53  * control protocol from earlier Compaq adapter families.
54  *
55  * Note that we only support the "simple" transport layer over PCI.
56  * This interface (ab)uses the I2O register set (specifically the post
57  * queues) to exchange commands with the adapter.  Other interfaces
58  * are available, but we aren't supposed to know about them, and it is
59  * dubious whether they would provide major performance improvements
60  * except under extreme load.
61  *
62  * Currently the only supported CISS adapters are the Compaq Smart
63  * Array 5* series (5300, 5i, 532).  Even with only three adapters,
64  * Compaq still manage to have interface variations.
65  *
66  *
67  * Thanks must go to Fred Harris and Darryl DeVinney at Compaq, as
68  * well as Paul Saab at Yahoo! for their assistance in making this
69  * driver happen.
70  *
71  * More thanks must go to John Cagle at HP for the countless hours
72  * spent making this driver "work" with the MSA* series storage
73  * enclosures.  Without his help (and nagging), this driver could not
74  * be used with these enclosures.
75  */
76 
77 #include <sys/param.h>
78 #include <sys/systm.h>
79 #include <sys/malloc.h>
80 #include <sys/kernel.h>
81 #include <sys/bus.h>
82 #include <sys/conf.h>
83 #include <sys/stat.h>
84 #include <sys/kthread.h>
85 #include <sys/queue.h>
86 #include <sys/sysctl.h>
87 
88 #include <cam/cam.h>
89 #include <cam/cam_ccb.h>
90 #include <cam/cam_periph.h>
91 #include <cam/cam_sim.h>
92 #include <cam/cam_xpt_sim.h>
93 #include <cam/scsi/scsi_all.h>
94 #include <cam/scsi/scsi_message.h>
95 
96 #include <machine/bus.h>
97 #include <machine/endian.h>
98 #include <machine/resource.h>
99 #include <sys/rman.h>
100 
101 #include <dev/pci/pcireg.h>
102 #include <dev/pci/pcivar.h>
103 
104 #include <dev/ciss/cissreg.h>
105 #include <dev/ciss/cissio.h>
106 #include <dev/ciss/cissvar.h>
107 
108 #ifdef CISS_DEBUG
109 #include "opt_ddb.h"
110 #endif
111 
112 static MALLOC_DEFINE(CISS_MALLOC_CLASS, "ciss_data",
113     "ciss internal data buffers");
114 
115 /* pci interface */
116 static int	ciss_lookup(device_t dev);
117 static int	ciss_probe(device_t dev);
118 static int	ciss_attach(device_t dev);
119 static int	ciss_detach(device_t dev);
120 static int	ciss_shutdown(device_t dev);
121 
122 /* (de)initialisation functions, control wrappers */
123 static int	ciss_init_pci(struct ciss_softc *sc);
124 static int	ciss_setup_msix(struct ciss_softc *sc);
125 static int	ciss_init_perf(struct ciss_softc *sc);
126 static int	ciss_wait_adapter(struct ciss_softc *sc);
127 static int	ciss_flush_adapter(struct ciss_softc *sc);
128 static int	ciss_init_requests(struct ciss_softc *sc);
129 static void	ciss_command_map_helper(void *arg, bus_dma_segment_t *segs,
130 					int nseg, int error);
131 static int	ciss_identify_adapter(struct ciss_softc *sc);
132 static int	ciss_init_logical(struct ciss_softc *sc);
133 static int	ciss_init_physical(struct ciss_softc *sc);
134 static int	ciss_filter_physical(struct ciss_softc *sc, struct ciss_lun_report *cll);
135 static int	ciss_identify_logical(struct ciss_softc *sc, struct ciss_ldrive *ld);
136 static int	ciss_get_ldrive_status(struct ciss_softc *sc,  struct ciss_ldrive *ld);
137 static int	ciss_update_config(struct ciss_softc *sc);
138 static int	ciss_accept_media(struct ciss_softc *sc, struct ciss_ldrive *ld);
139 static void	ciss_init_sysctl(struct ciss_softc *sc);
140 static void	ciss_soft_reset(struct ciss_softc *sc);
141 static void	ciss_free(struct ciss_softc *sc);
142 static void	ciss_spawn_notify_thread(struct ciss_softc *sc);
143 static void	ciss_kill_notify_thread(struct ciss_softc *sc);
144 
145 /* request submission/completion */
146 static int	ciss_start(struct ciss_request *cr);
147 static void	ciss_done(struct ciss_softc *sc, cr_qhead_t *qh);
148 static void	ciss_perf_done(struct ciss_softc *sc, cr_qhead_t *qh);
149 static void	ciss_intr(void *arg);
150 static void	ciss_perf_intr(void *arg);
151 static void	ciss_perf_msi_intr(void *arg);
152 static void	ciss_complete(struct ciss_softc *sc, cr_qhead_t *qh);
153 static int	_ciss_report_request(struct ciss_request *cr, int *command_status, int *scsi_status, const char *func);
154 static int	ciss_synch_request(struct ciss_request *cr, int timeout);
155 static int	ciss_poll_request(struct ciss_request *cr, int timeout);
156 static int	ciss_wait_request(struct ciss_request *cr, int timeout);
157 #if 0
158 static int	ciss_abort_request(struct ciss_request *cr);
159 #endif
160 
161 /* request queueing */
162 static int	ciss_get_request(struct ciss_softc *sc, struct ciss_request **crp);
163 static void	ciss_preen_command(struct ciss_request *cr);
164 static void 	ciss_release_request(struct ciss_request *cr);
165 
166 /* request helpers */
167 static int	ciss_get_bmic_request(struct ciss_softc *sc, struct ciss_request **crp,
168 				      int opcode, void **bufp, size_t bufsize);
169 static int	ciss_user_command(struct ciss_softc *sc, IOCTL_Command_struct *ioc);
170 
171 /* DMA map/unmap */
172 static int	ciss_map_request(struct ciss_request *cr);
173 static void	ciss_request_map_helper(void *arg, bus_dma_segment_t *segs,
174 					int nseg, int error);
175 static void	ciss_unmap_request(struct ciss_request *cr);
176 
177 /* CAM interface */
178 static int	ciss_cam_init(struct ciss_softc *sc);
179 static void	ciss_cam_rescan_target(struct ciss_softc *sc,
180 				       int bus, int target);
181 static void	ciss_cam_action(struct cam_sim *sim, union ccb *ccb);
182 static int	ciss_cam_action_io(struct cam_sim *sim, struct ccb_scsiio *csio);
183 static int	ciss_cam_emulate(struct ciss_softc *sc, struct ccb_scsiio *csio);
184 static void	ciss_cam_poll(struct cam_sim *sim);
185 static void	ciss_cam_complete(struct ciss_request *cr);
186 static void	ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio);
187 static int	ciss_name_device(struct ciss_softc *sc, int bus, int target);
188 
189 /* periodic status monitoring */
190 static void	ciss_periodic(void *arg);
191 static void	ciss_nop_complete(struct ciss_request *cr);
192 static void	ciss_disable_adapter(struct ciss_softc *sc);
193 static void	ciss_notify_event(struct ciss_softc *sc);
194 static void	ciss_notify_complete(struct ciss_request *cr);
195 static int	ciss_notify_abort(struct ciss_softc *sc);
196 static int	ciss_notify_abort_bmic(struct ciss_softc *sc);
197 static void	ciss_notify_hotplug(struct ciss_softc *sc, struct ciss_notify *cn);
198 static void	ciss_notify_logical(struct ciss_softc *sc, struct ciss_notify *cn);
199 static void	ciss_notify_physical(struct ciss_softc *sc, struct ciss_notify *cn);
200 
201 /* debugging output */
202 #ifdef DDB
203 static void	ciss_print_request(struct ciss_request *cr);
204 #endif
205 static void	ciss_print_ldrive(struct ciss_softc *sc, struct ciss_ldrive *ld);
206 static const char *ciss_name_ldrive_status(int status);
207 static int	ciss_decode_ldrive_status(int status);
208 static const char *ciss_name_ldrive_org(int org);
209 static const char *ciss_name_command_status(int status);
210 
211 /*
212  * PCI bus interface.
213  */
214 static device_method_t ciss_methods[] = {
215     /* Device interface */
216     DEVMETHOD(device_probe,	ciss_probe),
217     DEVMETHOD(device_attach,	ciss_attach),
218     DEVMETHOD(device_detach,	ciss_detach),
219     DEVMETHOD(device_shutdown,	ciss_shutdown),
220     { 0, 0 }
221 };
222 
223 static driver_t ciss_pci_driver = {
224     "ciss",
225     ciss_methods,
226     sizeof(struct ciss_softc)
227 };
228 
229 /*
230  * Control device interface.
231  */
232 static d_open_t		ciss_open;
233 static d_close_t	ciss_close;
234 static d_ioctl_t	ciss_ioctl;
235 
236 static struct cdevsw ciss_cdevsw = {
237 	.d_version =	D_VERSION,
238 	.d_flags =	0,
239 	.d_open =	ciss_open,
240 	.d_close =	ciss_close,
241 	.d_ioctl =	ciss_ioctl,
242 	.d_name =	"ciss",
243 };
244 
245 SYSCTL_NODE(_hw, OID_AUTO, ciss, CTLFLAG_RD | CTLFLAG_MPSAFE, 0, "CISS sysctl tunables");
246 
247 /*
248  * This tunable can be used to force a specific initiator id
249  */
250 static int ciss_initiator_id = CAM_TARGET_WILDCARD;
251 SYSCTL_INT(_hw_ciss, OID_AUTO, initiator_id, CTLFLAG_RDTUN,
252 	   &ciss_initiator_id, 0,
253 	   "force a specific initiator id");
254 
255 /*
256  * This tunable can be used to force a specific initiator id
257  */
258 static int ciss_base_transfer_speed = 132 * 1024;
259 SYSCTL_INT(_hw_ciss, OID_AUTO, base_transfer_speed, CTLFLAG_RDTUN,
260 	   &ciss_base_transfer_speed, 0,
261 	   "force a specific base transfer_speed");
262 
263 /*
264  * This tunable can be set to make the driver be more verbose
265  */
266 static int ciss_verbose = 0;
267 SYSCTL_INT(_hw_ciss, OID_AUTO, verbose, CTLFLAG_RWTUN, &ciss_verbose, 0,
268 	   "enable verbose messages");
269 
270 /*
271  * This tunable can be set at boot time and controls whether physical devices
272  * that are marked hidden by the firmware should be exposed anyways.
273  */
274 static unsigned int ciss_expose_hidden_physical = 0;
275 TUNABLE_INT("hw.ciss.expose_hidden_physical", &ciss_expose_hidden_physical);
276 SYSCTL_INT(_hw_ciss, OID_AUTO, expose_hidden_physical, CTLFLAG_RWTUN,
277 	   &ciss_expose_hidden_physical, 0,
278 	   "expose hidden physical drives");
279 
280 static unsigned int ciss_nop_message_heartbeat = 0;
281 TUNABLE_INT("hw.ciss.nop_message_heartbeat", &ciss_nop_message_heartbeat);
282 SYSCTL_INT(_hw_ciss, OID_AUTO, nop_message_heartbeat, CTLFLAG_RWTUN,
283 	   &ciss_nop_message_heartbeat, 0,
284 	   "nop heartbeat messages");
285 
286 /*
287  * This tunable can force a particular transport to be used:
288  * <= 0 : use default
289  *    1 : force simple
290  *    2 : force performant
291  */
292 static int ciss_force_transport = 0;
293 TUNABLE_INT("hw.ciss.force_transport", &ciss_force_transport);
294 SYSCTL_INT(_hw_ciss, OID_AUTO, force_transport, CTLFLAG_RDTUN,
295 	   &ciss_force_transport, 0,
296 	   "use default (0), force simple (1) or force performant (2) transport");
297 
298 /*
299  * This tunable can force a particular interrupt delivery method to be used:
300  * <= 0 : use default
301  *    1 : force INTx
302  *    2 : force MSIX
303  */
304 static int ciss_force_interrupt = 0;
305 TUNABLE_INT("hw.ciss.force_interrupt", &ciss_force_interrupt);
306 SYSCTL_INT(_hw_ciss, OID_AUTO, force_interrupt, CTLFLAG_RDTUN,
307 	   &ciss_force_interrupt, 0,
308 	   "use default (0), force INTx (1) or force MSIx(2) interrupts");
309 
310 /************************************************************************
311  * CISS adapters amazingly don't have a defined programming interface
312  * value.  (One could say some very despairing things about PCI and
313  * people just not getting the general idea.)  So we are forced to
314  * stick with matching against subvendor/subdevice, and thus have to
315  * be updated for every new CISS adapter that appears.
316  */
317 #define CISS_BOARD_UNKNOWN	0
318 #define CISS_BOARD_SA5		1
319 #define CISS_BOARD_SA5B		2
320 #define CISS_BOARD_NOMSI	(1<<4)
321 #define CISS_BOARD_SIMPLE       (1<<5)
322 
323 static struct
324 {
325     u_int16_t	subvendor;
326     u_int16_t	subdevice;
327     int		flags;
328     char	*desc;
329 } ciss_vendor_data[] = {
330     { 0x0e11, 0x4070, CISS_BOARD_SA5|CISS_BOARD_NOMSI|CISS_BOARD_SIMPLE,
331                                                         "Compaq Smart Array 5300" },
332     { 0x0e11, 0x4080, CISS_BOARD_SA5B|CISS_BOARD_NOMSI,	"Compaq Smart Array 5i" },
333     { 0x0e11, 0x4082, CISS_BOARD_SA5B|CISS_BOARD_NOMSI,	"Compaq Smart Array 532" },
334     { 0x0e11, 0x4083, CISS_BOARD_SA5B|CISS_BOARD_NOMSI,	"HP Smart Array 5312" },
335     { 0x0e11, 0x4091, CISS_BOARD_SA5,	"HP Smart Array 6i" },
336     { 0x0e11, 0x409A, CISS_BOARD_SA5,	"HP Smart Array 641" },
337     { 0x0e11, 0x409B, CISS_BOARD_SA5,	"HP Smart Array 642" },
338     { 0x0e11, 0x409C, CISS_BOARD_SA5,	"HP Smart Array 6400" },
339     { 0x0e11, 0x409D, CISS_BOARD_SA5,	"HP Smart Array 6400 EM" },
340     { 0x103C, 0x3211, CISS_BOARD_SA5,	"HP Smart Array E200i" },
341     { 0x103C, 0x3212, CISS_BOARD_SA5,	"HP Smart Array E200" },
342     { 0x103C, 0x3213, CISS_BOARD_SA5,	"HP Smart Array E200i" },
343     { 0x103C, 0x3214, CISS_BOARD_SA5,	"HP Smart Array E200i" },
344     { 0x103C, 0x3215, CISS_BOARD_SA5,	"HP Smart Array E200i" },
345     { 0x103C, 0x3220, CISS_BOARD_SA5,	"HP Smart Array" },
346     { 0x103C, 0x3222, CISS_BOARD_SA5,	"HP Smart Array" },
347     { 0x103C, 0x3223, CISS_BOARD_SA5,	"HP Smart Array P800" },
348     { 0x103C, 0x3225, CISS_BOARD_SA5,	"HP Smart Array P600" },
349     { 0x103C, 0x3230, CISS_BOARD_SA5,	"HP Smart Array" },
350     { 0x103C, 0x3231, CISS_BOARD_SA5,	"HP Smart Array" },
351     { 0x103C, 0x3232, CISS_BOARD_SA5,	"HP Smart Array" },
352     { 0x103C, 0x3233, CISS_BOARD_SA5,	"HP Smart Array" },
353     { 0x103C, 0x3234, CISS_BOARD_SA5,	"HP Smart Array P400" },
354     { 0x103C, 0x3235, CISS_BOARD_SA5,	"HP Smart Array P400i" },
355     { 0x103C, 0x3236, CISS_BOARD_SA5,	"HP Smart Array" },
356     { 0x103C, 0x3237, CISS_BOARD_SA5,	"HP Smart Array E500" },
357     { 0x103C, 0x3238, CISS_BOARD_SA5,	"HP Smart Array" },
358     { 0x103C, 0x3239, CISS_BOARD_SA5,	"HP Smart Array" },
359     { 0x103C, 0x323A, CISS_BOARD_SA5,	"HP Smart Array" },
360     { 0x103C, 0x323B, CISS_BOARD_SA5,	"HP Smart Array" },
361     { 0x103C, 0x323C, CISS_BOARD_SA5,	"HP Smart Array" },
362     { 0x103C, 0x323D, CISS_BOARD_SA5,	"HP Smart Array P700m" },
363     { 0x103C, 0x3241, CISS_BOARD_SA5,	"HP Smart Array P212" },
364     { 0x103C, 0x3243, CISS_BOARD_SA5,	"HP Smart Array P410" },
365     { 0x103C, 0x3245, CISS_BOARD_SA5,	"HP Smart Array P410i" },
366     { 0x103C, 0x3247, CISS_BOARD_SA5,	"HP Smart Array P411" },
367     { 0x103C, 0x3249, CISS_BOARD_SA5,	"HP Smart Array P812" },
368     { 0x103C, 0x324A, CISS_BOARD_SA5,	"HP Smart Array P712m" },
369     { 0x103C, 0x324B, CISS_BOARD_SA5,	"HP Smart Array" },
370     { 0x103C, 0x3350, CISS_BOARD_SA5,   "HP Smart Array P222" },
371     { 0x103C, 0x3351, CISS_BOARD_SA5,   "HP Smart Array P420" },
372     { 0x103C, 0x3352, CISS_BOARD_SA5,   "HP Smart Array P421" },
373     { 0x103C, 0x3353, CISS_BOARD_SA5,   "HP Smart Array P822" },
374     { 0x103C, 0x3354, CISS_BOARD_SA5,   "HP Smart Array P420i" },
375     { 0x103C, 0x3355, CISS_BOARD_SA5,   "HP Smart Array P220i" },
376     { 0x103C, 0x3356, CISS_BOARD_SA5,   "HP Smart Array P721m" },
377     { 0x103C, 0x1920, CISS_BOARD_SA5,   "HP Smart Array P430i" },
378     { 0x103C, 0x1921, CISS_BOARD_SA5,   "HP Smart Array P830i" },
379     { 0x103C, 0x1922, CISS_BOARD_SA5,   "HP Smart Array P430" },
380     { 0x103C, 0x1923, CISS_BOARD_SA5,   "HP Smart Array P431" },
381     { 0x103C, 0x1924, CISS_BOARD_SA5,   "HP Smart Array P830" },
382     { 0x103C, 0x1926, CISS_BOARD_SA5,   "HP Smart Array P731m" },
383     { 0x103C, 0x1928, CISS_BOARD_SA5,   "HP Smart Array P230i" },
384     { 0x103C, 0x1929, CISS_BOARD_SA5,   "HP Smart Array P530" },
385     { 0x103C, 0x192A, CISS_BOARD_SA5,   "HP Smart Array P531" },
386     { 0x103C, 0x21BD, CISS_BOARD_SA5,   "HP Smart Array P244br" },
387     { 0x103C, 0x21BE, CISS_BOARD_SA5,   "HP Smart Array P741m" },
388     { 0x103C, 0x21BF, CISS_BOARD_SA5,   "HP Smart Array H240ar" },
389     { 0x103C, 0x21C0, CISS_BOARD_SA5,   "HP Smart Array P440ar" },
390     { 0x103C, 0x21C1, CISS_BOARD_SA5,   "HP Smart Array P840ar" },
391     { 0x103C, 0x21C2, CISS_BOARD_SA5,   "HP Smart Array P440" },
392     { 0x103C, 0x21C3, CISS_BOARD_SA5,   "HP Smart Array P441" },
393     { 0x103C, 0x21C5, CISS_BOARD_SA5,   "HP Smart Array P841" },
394     { 0x103C, 0x21C6, CISS_BOARD_SA5,   "HP Smart Array H244br" },
395     { 0x103C, 0x21C7, CISS_BOARD_SA5,   "HP Smart Array H240" },
396     { 0x103C, 0x21C8, CISS_BOARD_SA5,   "HP Smart Array H241" },
397     { 0x103C, 0x21CA, CISS_BOARD_SA5,   "HP Smart Array P246br" },
398     { 0x103C, 0x21CB, CISS_BOARD_SA5,   "HP Smart Array P840" },
399     { 0x103C, 0x21CC, CISS_BOARD_SA5,   "HP Smart Array P542d" },
400     { 0x103C, 0x21CD, CISS_BOARD_SA5,   "HP Smart Array P240nr" },
401     { 0x103C, 0x21CE, CISS_BOARD_SA5,   "HP Smart Array H240nr" },
402     { 0, 0, 0, NULL }
403 };
404 
405 DRIVER_MODULE(ciss, pci, ciss_pci_driver, 0, 0);
406 MODULE_PNP_INFO("U16:vendor;U16:device;", pci, ciss, ciss_vendor_data,
407     nitems(ciss_vendor_data) - 1);
408 MODULE_DEPEND(ciss, cam, 1, 1, 1);
409 MODULE_DEPEND(ciss, pci, 1, 1, 1);
410 
411 /************************************************************************
412  * Find a match for the device in our list of known adapters.
413  */
414 static int
415 ciss_lookup(device_t dev)
416 {
417     int 	i;
418 
419     for (i = 0; ciss_vendor_data[i].desc != NULL; i++)
420 	if ((pci_get_subvendor(dev) == ciss_vendor_data[i].subvendor) &&
421 	    (pci_get_subdevice(dev) == ciss_vendor_data[i].subdevice)) {
422 	    return(i);
423 	}
424     return(-1);
425 }
426 
427 /************************************************************************
428  * Match a known CISS adapter.
429  */
430 static int
431 ciss_probe(device_t dev)
432 {
433     int		i;
434 
435     i = ciss_lookup(dev);
436     if (i != -1) {
437 	device_set_desc(dev, ciss_vendor_data[i].desc);
438 	return(BUS_PROBE_DEFAULT);
439     }
440     return(ENOENT);
441 }
442 
443 /************************************************************************
444  * Attach the driver to this adapter.
445  */
446 static int
447 ciss_attach(device_t dev)
448 {
449     struct ciss_softc	*sc;
450     int			error;
451 
452     debug_called(1);
453 
454 #ifdef CISS_DEBUG
455     /* print structure/union sizes */
456     debug_struct(ciss_command);
457     debug_struct(ciss_header);
458     debug_union(ciss_device_address);
459     debug_struct(ciss_cdb);
460     debug_struct(ciss_report_cdb);
461     debug_struct(ciss_notify_cdb);
462     debug_struct(ciss_notify);
463     debug_struct(ciss_message_cdb);
464     debug_struct(ciss_error_info_pointer);
465     debug_struct(ciss_error_info);
466     debug_struct(ciss_sg_entry);
467     debug_struct(ciss_config_table);
468     debug_struct(ciss_bmic_cdb);
469     debug_struct(ciss_bmic_id_ldrive);
470     debug_struct(ciss_bmic_id_lstatus);
471     debug_struct(ciss_bmic_id_table);
472     debug_struct(ciss_bmic_id_pdrive);
473     debug_struct(ciss_bmic_blink_pdrive);
474     debug_struct(ciss_bmic_flush_cache);
475     debug_const(CISS_MAX_REQUESTS);
476     debug_const(CISS_MAX_LOGICAL);
477     debug_const(CISS_INTERRUPT_COALESCE_DELAY);
478     debug_const(CISS_INTERRUPT_COALESCE_COUNT);
479     debug_const(CISS_COMMAND_ALLOC_SIZE);
480     debug_const(CISS_COMMAND_SG_LENGTH);
481 
482     debug_type(cciss_pci_info_struct);
483     debug_type(cciss_coalint_struct);
484     debug_type(cciss_coalint_struct);
485     debug_type(NodeName_type);
486     debug_type(NodeName_type);
487     debug_type(Heartbeat_type);
488     debug_type(BusTypes_type);
489     debug_type(FirmwareVer_type);
490     debug_type(DriverVer_type);
491     debug_type(IOCTL_Command_struct);
492 #endif
493 
494     sc = device_get_softc(dev);
495     sc->ciss_dev = dev;
496     mtx_init(&sc->ciss_mtx, "cissmtx", NULL, MTX_DEF);
497     callout_init_mtx(&sc->ciss_periodic, &sc->ciss_mtx, 0);
498 
499     /*
500      * Do PCI-specific init.
501      */
502     if ((error = ciss_init_pci(sc)) != 0)
503 	goto out;
504 
505     /*
506      * Initialise driver queues.
507      */
508     ciss_initq_free(sc);
509     ciss_initq_notify(sc);
510 
511     /*
512      * Initialize device sysctls.
513      */
514     ciss_init_sysctl(sc);
515 
516     /*
517      * Initialise command/request pool.
518      */
519     if ((error = ciss_init_requests(sc)) != 0)
520 	goto out;
521 
522     /*
523      * Get adapter information.
524      */
525     if ((error = ciss_identify_adapter(sc)) != 0)
526 	goto out;
527 
528     /*
529      * Find all the physical devices.
530      */
531     if ((error = ciss_init_physical(sc)) != 0)
532 	goto out;
533 
534     /*
535      * Build our private table of logical devices.
536      */
537     if ((error = ciss_init_logical(sc)) != 0)
538 	goto out;
539 
540     /*
541      * Enable interrupts so that the CAM scan can complete.
542      */
543     CISS_TL_SIMPLE_ENABLE_INTERRUPTS(sc);
544 
545     /*
546      * Initialise the CAM interface.
547      */
548     if ((error = ciss_cam_init(sc)) != 0)
549 	goto out;
550 
551     /*
552      * Start the heartbeat routine and event chain.
553      */
554     ciss_periodic(sc);
555 
556    /*
557      * Create the control device.
558      */
559     sc->ciss_dev_t = make_dev(&ciss_cdevsw, device_get_unit(sc->ciss_dev),
560 			      UID_ROOT, GID_OPERATOR, S_IRUSR | S_IWUSR,
561 			      "ciss%d", device_get_unit(sc->ciss_dev));
562     sc->ciss_dev_t->si_drv1 = sc;
563 
564     /*
565      * The adapter is running; synchronous commands can now sleep
566      * waiting for an interrupt to signal completion.
567      */
568     sc->ciss_flags |= CISS_FLAG_RUNNING;
569 
570     ciss_spawn_notify_thread(sc);
571 
572     error = 0;
573  out:
574     if (error != 0) {
575 	/* ciss_free() expects the mutex to be held */
576 	mtx_lock(&sc->ciss_mtx);
577 	ciss_free(sc);
578     }
579     return(error);
580 }
581 
582 /************************************************************************
583  * Detach the driver from this adapter.
584  */
585 static int
586 ciss_detach(device_t dev)
587 {
588     struct ciss_softc	*sc = device_get_softc(dev);
589 
590     debug_called(1);
591 
592     mtx_lock(&sc->ciss_mtx);
593     if (sc->ciss_flags & CISS_FLAG_CONTROL_OPEN) {
594 	mtx_unlock(&sc->ciss_mtx);
595 	return (EBUSY);
596     }
597 
598     /* flush adapter cache */
599     ciss_flush_adapter(sc);
600 
601     /* release all resources.  The mutex is released and freed here too. */
602     ciss_free(sc);
603 
604     return(0);
605 }
606 
607 /************************************************************************
608  * Prepare adapter for system shutdown.
609  */
610 static int
611 ciss_shutdown(device_t dev)
612 {
613     struct ciss_softc	*sc = device_get_softc(dev);
614 
615     debug_called(1);
616 
617     mtx_lock(&sc->ciss_mtx);
618     /* flush adapter cache */
619     ciss_flush_adapter(sc);
620 
621     if (sc->ciss_soft_reset)
622 	ciss_soft_reset(sc);
623     mtx_unlock(&sc->ciss_mtx);
624 
625     return(0);
626 }
627 
628 static void
629 ciss_init_sysctl(struct ciss_softc *sc)
630 {
631 
632     SYSCTL_ADD_INT(device_get_sysctl_ctx(sc->ciss_dev),
633 	SYSCTL_CHILDREN(device_get_sysctl_tree(sc->ciss_dev)),
634 	OID_AUTO, "soft_reset", CTLFLAG_RW, &sc->ciss_soft_reset, 0, "");
635 }
636 
637 /************************************************************************
638  * Perform PCI-specific attachment actions.
639  */
640 static int
641 ciss_init_pci(struct ciss_softc *sc)
642 {
643     uintptr_t		cbase, csize, cofs;
644     uint32_t		method, supported_methods;
645     int			error, sqmask, i;
646     void		*intr;
647 
648     debug_called(1);
649 
650     /*
651      * Work out adapter type.
652      */
653     i = ciss_lookup(sc->ciss_dev);
654     if (i < 0) {
655 	ciss_printf(sc, "unknown adapter type\n");
656 	return (ENXIO);
657     }
658 
659     if (ciss_vendor_data[i].flags & CISS_BOARD_SA5) {
660 	sqmask = CISS_TL_SIMPLE_INTR_OPQ_SA5;
661     } else if (ciss_vendor_data[i].flags & CISS_BOARD_SA5B) {
662 	sqmask = CISS_TL_SIMPLE_INTR_OPQ_SA5B;
663     } else {
664 	/*
665 	 * XXX Big hammer, masks/unmasks all possible interrupts.  This should
666 	 * work on all hardware variants.  Need to add code to handle the
667 	 * "controller crashed" interrupt bit that this unmasks.
668 	 */
669 	sqmask = ~0;
670     }
671 
672     /*
673      * Allocate register window first (we need this to find the config
674      * struct).
675      */
676     error = ENXIO;
677     sc->ciss_regs_rid = CISS_TL_SIMPLE_BAR_REGS;
678     if ((sc->ciss_regs_resource =
679 	 bus_alloc_resource_any(sc->ciss_dev, SYS_RES_MEMORY,
680 				&sc->ciss_regs_rid, RF_ACTIVE)) == NULL) {
681 	ciss_printf(sc, "can't allocate register window\n");
682 	return(ENXIO);
683     }
684     sc->ciss_regs_bhandle = rman_get_bushandle(sc->ciss_regs_resource);
685     sc->ciss_regs_btag = rman_get_bustag(sc->ciss_regs_resource);
686 
687     /*
688      * Find the BAR holding the config structure.  If it's not the one
689      * we already mapped for registers, map it too.
690      */
691     sc->ciss_cfg_rid = CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_CFG_BAR) & 0xffff;
692     if (sc->ciss_cfg_rid != sc->ciss_regs_rid) {
693 	if ((sc->ciss_cfg_resource =
694 	     bus_alloc_resource_any(sc->ciss_dev, SYS_RES_MEMORY,
695 				    &sc->ciss_cfg_rid, RF_ACTIVE)) == NULL) {
696 	    ciss_printf(sc, "can't allocate config window\n");
697 	    return(ENXIO);
698 	}
699 	cbase = (uintptr_t)rman_get_virtual(sc->ciss_cfg_resource);
700 	csize = rman_get_end(sc->ciss_cfg_resource) -
701 	    rman_get_start(sc->ciss_cfg_resource) + 1;
702     } else {
703 	cbase = (uintptr_t)rman_get_virtual(sc->ciss_regs_resource);
704 	csize = rman_get_end(sc->ciss_regs_resource) -
705 	    rman_get_start(sc->ciss_regs_resource) + 1;
706     }
707     cofs = CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_CFG_OFF);
708 
709     /*
710      * Use the base/size/offset values we just calculated to
711      * sanity-check the config structure.  If it's OK, point to it.
712      */
713     if ((cofs + sizeof(struct ciss_config_table)) > csize) {
714 	ciss_printf(sc, "config table outside window\n");
715 	return(ENXIO);
716     }
717     sc->ciss_cfg = (struct ciss_config_table *)(cbase + cofs);
718     debug(1, "config struct at %p", sc->ciss_cfg);
719 
720     /*
721      * Calculate the number of request structures/commands we are
722      * going to provide for this adapter.
723      */
724     sc->ciss_max_requests = min(CISS_MAX_REQUESTS, sc->ciss_cfg->max_outstanding_commands);
725 
726     /*
727      * Validate the config structure.  If we supported other transport
728      * methods, we could select amongst them at this point in time.
729      */
730     if (strncmp(sc->ciss_cfg->signature, "CISS", 4)) {
731 	ciss_printf(sc, "config signature mismatch (got '%c%c%c%c')\n",
732 		    sc->ciss_cfg->signature[0], sc->ciss_cfg->signature[1],
733 		    sc->ciss_cfg->signature[2], sc->ciss_cfg->signature[3]);
734 	return(ENXIO);
735     }
736 
737     /*
738      * Select the mode of operation, prefer Performant.
739      */
740     if (!(sc->ciss_cfg->supported_methods &
741 	(CISS_TRANSPORT_METHOD_SIMPLE | CISS_TRANSPORT_METHOD_PERF))) {
742 	ciss_printf(sc, "No supported transport layers: 0x%x\n",
743 	    sc->ciss_cfg->supported_methods);
744     }
745 
746     switch (ciss_force_transport) {
747     case 1:
748 	supported_methods = CISS_TRANSPORT_METHOD_SIMPLE;
749 	break;
750     case 2:
751 	supported_methods = CISS_TRANSPORT_METHOD_PERF;
752 	break;
753     default:
754         /*
755          * Override the capabilities of the BOARD and specify SIMPLE
756          * MODE
757          */
758         if (ciss_vendor_data[i].flags & CISS_BOARD_SIMPLE)
759                 supported_methods = CISS_TRANSPORT_METHOD_SIMPLE;
760         else
761                 supported_methods = sc->ciss_cfg->supported_methods;
762         break;
763     }
764 
765 setup:
766     if ((supported_methods & CISS_TRANSPORT_METHOD_PERF) != 0) {
767 	method = CISS_TRANSPORT_METHOD_PERF;
768 	sc->ciss_perf = (struct ciss_perf_config *)(cbase + cofs +
769 	    sc->ciss_cfg->transport_offset);
770 	if (ciss_init_perf(sc)) {
771 	    supported_methods &= ~method;
772 	    goto setup;
773 	}
774     } else if (supported_methods & CISS_TRANSPORT_METHOD_SIMPLE) {
775 	method = CISS_TRANSPORT_METHOD_SIMPLE;
776     } else {
777 	ciss_printf(sc, "No supported transport methods: 0x%x\n",
778 	    sc->ciss_cfg->supported_methods);
779 	return(ENXIO);
780     }
781 
782     /*
783      * Tell it we're using the low 4GB of RAM.  Set the default interrupt
784      * coalescing options.
785      */
786     sc->ciss_cfg->requested_method = method;
787     sc->ciss_cfg->command_physlimit = 0;
788     sc->ciss_cfg->interrupt_coalesce_delay = CISS_INTERRUPT_COALESCE_DELAY;
789     sc->ciss_cfg->interrupt_coalesce_count = CISS_INTERRUPT_COALESCE_COUNT;
790 
791 #ifdef __i386__
792     sc->ciss_cfg->host_driver |= CISS_DRIVER_SCSI_PREFETCH;
793 #endif
794 
795     if (ciss_update_config(sc)) {
796 	ciss_printf(sc, "adapter refuses to accept config update (IDBR 0x%x)\n",
797 		    CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_IDBR));
798 	return(ENXIO);
799     }
800     if ((sc->ciss_cfg->active_method & method) == 0) {
801 	supported_methods &= ~method;
802 	if (supported_methods == 0) {
803 	    ciss_printf(sc, "adapter refuses to go into available transports "
804 		"mode (0x%x, 0x%x)\n", supported_methods,
805 		sc->ciss_cfg->active_method);
806 	    return(ENXIO);
807 	} else
808 	    goto setup;
809     }
810 
811     /*
812      * Wait for the adapter to come ready.
813      */
814     if ((error = ciss_wait_adapter(sc)) != 0)
815 	return(error);
816 
817     /* Prepare to possibly use MSIX and/or PERFORMANT interrupts.  Normal
818      * interrupts have a rid of 0, this will be overridden if MSIX is used.
819      */
820     sc->ciss_irq_rid[0] = 0;
821     if (method == CISS_TRANSPORT_METHOD_PERF) {
822 	ciss_printf(sc, "PERFORMANT Transport\n");
823 	if ((ciss_force_interrupt != 1) && (ciss_setup_msix(sc) == 0)) {
824 	    intr = ciss_perf_msi_intr;
825 	} else {
826 	    intr = ciss_perf_intr;
827 	}
828 	/* XXX The docs say that the 0x01 bit is only for SAS controllers.
829 	 * Unfortunately, there is no good way to know if this is a SAS
830 	 * controller.  Hopefully enabling this bit universally will work OK.
831 	 * It seems to work fine for SA6i controllers.
832 	 */
833 	sc->ciss_interrupt_mask = CISS_TL_PERF_INTR_OPQ | CISS_TL_PERF_INTR_MSI;
834 
835     } else {
836 	ciss_printf(sc, "SIMPLE Transport\n");
837 	/* MSIX doesn't seem to work in SIMPLE mode, only enable if it forced */
838 	if (ciss_force_interrupt == 2)
839 	    /* If this fails, we automatically revert to INTx */
840 	    ciss_setup_msix(sc);
841 	sc->ciss_perf = NULL;
842 	intr = ciss_intr;
843 	sc->ciss_interrupt_mask = sqmask;
844     }
845 
846     /*
847      * Turn off interrupts before we go routing anything.
848      */
849     CISS_TL_SIMPLE_DISABLE_INTERRUPTS(sc);
850 
851     /*
852      * Allocate and set up our interrupt.
853      */
854     if ((sc->ciss_irq_resource =
855 	 bus_alloc_resource_any(sc->ciss_dev, SYS_RES_IRQ, &sc->ciss_irq_rid[0],
856 				RF_ACTIVE | RF_SHAREABLE)) == NULL) {
857 	ciss_printf(sc, "can't allocate interrupt\n");
858 	return(ENXIO);
859     }
860 
861     if (bus_setup_intr(sc->ciss_dev, sc->ciss_irq_resource,
862 		       INTR_TYPE_CAM|INTR_MPSAFE, NULL, intr, sc,
863 		       &sc->ciss_intr)) {
864 	ciss_printf(sc, "can't set up interrupt\n");
865 	return(ENXIO);
866     }
867 
868     /*
869      * Allocate the parent bus DMA tag appropriate for our PCI
870      * interface.
871      *
872      * Note that "simple" adapters can only address within a 32-bit
873      * span.
874      */
875     if (bus_dma_tag_create(bus_get_dma_tag(sc->ciss_dev),/* PCI parent */
876 			   1, 0, 			/* alignment, boundary */
877 			   BUS_SPACE_MAXADDR,		/* lowaddr */
878 			   BUS_SPACE_MAXADDR, 		/* highaddr */
879 			   NULL, NULL, 			/* filter, filterarg */
880 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsize */
881 			   BUS_SPACE_UNRESTRICTED,	/* nsegments */
882 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
883 			   0,				/* flags */
884 			   NULL, NULL,			/* lockfunc, lockarg */
885 			   &sc->ciss_parent_dmat)) {
886 	ciss_printf(sc, "can't allocate parent DMA tag\n");
887 	return(ENOMEM);
888     }
889 
890     /*
891      * Create DMA tag for mapping buffers into adapter-addressable
892      * space.
893      */
894     if (bus_dma_tag_create(sc->ciss_parent_dmat, 	/* parent */
895 			   1, 0, 			/* alignment, boundary */
896 			   BUS_SPACE_MAXADDR,		/* lowaddr */
897 			   BUS_SPACE_MAXADDR, 		/* highaddr */
898 			   NULL, NULL, 			/* filter, filterarg */
899 			   (CISS_MAX_SG_ELEMENTS - 1) * PAGE_SIZE, /* maxsize */
900 			   CISS_MAX_SG_ELEMENTS,	/* nsegments */
901 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
902 			   BUS_DMA_ALLOCNOW,		/* flags */
903 			   busdma_lock_mutex, &sc->ciss_mtx,	/* lockfunc, lockarg */
904 			   &sc->ciss_buffer_dmat)) {
905 	ciss_printf(sc, "can't allocate buffer DMA tag\n");
906 	return(ENOMEM);
907     }
908     return(0);
909 }
910 
911 /************************************************************************
912  * Setup MSI/MSIX operation (Performant only)
913  * Four interrupts are available, but we only use 1 right now.  If MSI-X
914  * isn't avaialble, try using MSI instead.
915  */
916 static int
917 ciss_setup_msix(struct ciss_softc *sc)
918 {
919     int val, i;
920 
921     /* Weed out devices that don't actually support MSI */
922     i = ciss_lookup(sc->ciss_dev);
923     if (ciss_vendor_data[i].flags & CISS_BOARD_NOMSI)
924 	return (EINVAL);
925 
926     /*
927      * Only need to use the minimum number of MSI vectors, as the driver
928      * doesn't support directed MSIX interrupts.
929      */
930     val = pci_msix_count(sc->ciss_dev);
931     if (val < CISS_MSI_COUNT) {
932 	val = pci_msi_count(sc->ciss_dev);
933 	device_printf(sc->ciss_dev, "got %d MSI messages]\n", val);
934 	if (val < CISS_MSI_COUNT)
935 	    return (EINVAL);
936     }
937     val = MIN(val, CISS_MSI_COUNT);
938     if (pci_alloc_msix(sc->ciss_dev, &val) != 0) {
939 	if (pci_alloc_msi(sc->ciss_dev, &val) != 0)
940 	    return (EINVAL);
941     }
942 
943     sc->ciss_msi = val;
944     if (bootverbose || ciss_verbose)
945 	ciss_printf(sc, "Using %d MSIX interrupt%s\n", val,
946 	    (val != 1) ? "s" : "");
947 
948     for (i = 0; i < val; i++)
949 	sc->ciss_irq_rid[i] = i + 1;
950 
951     return (0);
952 
953 }
954 
955 /************************************************************************
956  * Setup the Performant structures.
957  */
958 static int
959 ciss_init_perf(struct ciss_softc *sc)
960 {
961     struct ciss_perf_config *pc = sc->ciss_perf;
962     int reply_size;
963 
964     /*
965      * Create the DMA tag for the reply queue.
966      */
967     reply_size = sizeof(uint64_t) * sc->ciss_max_requests;
968     if (bus_dma_tag_create(sc->ciss_parent_dmat,	/* parent */
969 			   1, 0, 			/* alignment, boundary */
970 			   BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
971 			   BUS_SPACE_MAXADDR, 		/* highaddr */
972 			   NULL, NULL, 			/* filter, filterarg */
973 			   reply_size, 1,		/* maxsize, nsegments */
974 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
975 			   0,				/* flags */
976 			   NULL, NULL,			/* lockfunc, lockarg */
977 			   &sc->ciss_reply_dmat)) {
978 	ciss_printf(sc, "can't allocate reply DMA tag\n");
979 	return(ENOMEM);
980     }
981     /*
982      * Allocate memory and make it available for DMA.
983      */
984     if (bus_dmamem_alloc(sc->ciss_reply_dmat, (void **)&sc->ciss_reply,
985 			 BUS_DMA_NOWAIT, &sc->ciss_reply_map)) {
986 	ciss_printf(sc, "can't allocate reply memory\n");
987 	return(ENOMEM);
988     }
989     bus_dmamap_load(sc->ciss_reply_dmat, sc->ciss_reply_map, sc->ciss_reply,
990 		    reply_size, ciss_command_map_helper, &sc->ciss_reply_phys, 0);
991     bzero(sc->ciss_reply, reply_size);
992 
993     sc->ciss_cycle = 0x1;
994     sc->ciss_rqidx = 0;
995 
996     /*
997      * Preload the fetch table with common command sizes.  This allows the
998      * hardware to not waste bus cycles for typical i/o commands, but also not
999      * tax the driver to be too exact in choosing sizes.  The table is optimized
1000      * for page-aligned i/o's, but since most i/o comes from the various pagers,
1001      * it's a reasonable assumption to make.
1002      */
1003     pc->fetch_count[CISS_SG_FETCH_NONE] = (sizeof(struct ciss_command) + 15) / 16;
1004     pc->fetch_count[CISS_SG_FETCH_1] =
1005 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 1 + 15) / 16;
1006     pc->fetch_count[CISS_SG_FETCH_2] =
1007 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 2 + 15) / 16;
1008     pc->fetch_count[CISS_SG_FETCH_4] =
1009 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 4 + 15) / 16;
1010     pc->fetch_count[CISS_SG_FETCH_8] =
1011 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 8 + 15) / 16;
1012     pc->fetch_count[CISS_SG_FETCH_16] =
1013 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 16 + 15) / 16;
1014     pc->fetch_count[CISS_SG_FETCH_32] =
1015 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 32 + 15) / 16;
1016     pc->fetch_count[CISS_SG_FETCH_MAX] = (CISS_COMMAND_ALLOC_SIZE + 15) / 16;
1017 
1018     pc->rq_size = sc->ciss_max_requests; /* XXX less than the card supports? */
1019     pc->rq_count = 1;	/* XXX Hardcode for a single queue */
1020     pc->rq_bank_hi = 0;
1021     pc->rq_bank_lo = 0;
1022     pc->rq[0].rq_addr_hi = 0x0;
1023     pc->rq[0].rq_addr_lo = sc->ciss_reply_phys;
1024 
1025     return(0);
1026 }
1027 
1028 /************************************************************************
1029  * Wait for the adapter to come ready.
1030  */
1031 static int
1032 ciss_wait_adapter(struct ciss_softc *sc)
1033 {
1034     int		i;
1035 
1036     debug_called(1);
1037 
1038     /*
1039      * Wait for the adapter to come ready.
1040      */
1041     if (!(sc->ciss_cfg->active_method & CISS_TRANSPORT_METHOD_READY)) {
1042 	ciss_printf(sc, "waiting for adapter to come ready...\n");
1043 	for (i = 0; !(sc->ciss_cfg->active_method & CISS_TRANSPORT_METHOD_READY); i++) {
1044 	    DELAY(1000000);	/* one second */
1045 	    if (i > 30) {
1046 		ciss_printf(sc, "timed out waiting for adapter to come ready\n");
1047 		return(EIO);
1048 	    }
1049 	}
1050     }
1051     return(0);
1052 }
1053 
1054 /************************************************************************
1055  * Flush the adapter cache.
1056  */
1057 static int
1058 ciss_flush_adapter(struct ciss_softc *sc)
1059 {
1060     struct ciss_request			*cr;
1061     struct ciss_bmic_flush_cache	*cbfc;
1062     int					error, command_status;
1063 
1064     debug_called(1);
1065 
1066     cr = NULL;
1067     cbfc = NULL;
1068 
1069     /*
1070      * Build a BMIC request to flush the cache.  We don't disable
1071      * it, as we may be going to do more I/O (eg. we are emulating
1072      * the Synchronise Cache command).
1073      */
1074     if ((cbfc = malloc(sizeof(*cbfc), CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO)) == NULL) {
1075 	error = ENOMEM;
1076 	goto out;
1077     }
1078     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_FLUSH_CACHE,
1079 				       (void **)&cbfc, sizeof(*cbfc))) != 0)
1080 	goto out;
1081 
1082     /*
1083      * Submit the request and wait for it to complete.
1084      */
1085     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1086 	ciss_printf(sc, "error sending BMIC FLUSH_CACHE command (%d)\n", error);
1087 	goto out;
1088     }
1089 
1090     /*
1091      * Check response.
1092      */
1093     ciss_report_request(cr, &command_status, NULL);
1094     switch(command_status) {
1095     case CISS_CMD_STATUS_SUCCESS:
1096 	break;
1097     default:
1098 	ciss_printf(sc, "error flushing cache (%s)\n",
1099 		    ciss_name_command_status(command_status));
1100 	error = EIO;
1101 	goto out;
1102     }
1103 
1104 out:
1105     if (cbfc != NULL)
1106 	free(cbfc, CISS_MALLOC_CLASS);
1107     if (cr != NULL)
1108 	ciss_release_request(cr);
1109     return(error);
1110 }
1111 
1112 static void
1113 ciss_soft_reset(struct ciss_softc *sc)
1114 {
1115     struct ciss_request		*cr = NULL;
1116     struct ciss_command		*cc;
1117     int				i, error = 0;
1118 
1119     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
1120 	/* only reset proxy controllers */
1121 	if (sc->ciss_controllers[i].physical.bus == 0)
1122 	    continue;
1123 
1124 	if ((error = ciss_get_request(sc, &cr)) != 0)
1125 	    break;
1126 
1127 	if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_SOFT_RESET,
1128 					   NULL, 0)) != 0)
1129 	    break;
1130 
1131 	cc = cr->cr_cc;
1132 	cc->header.address = sc->ciss_controllers[i];
1133 
1134 	if ((error = ciss_synch_request(cr, 60 * 1000)) != 0)
1135 	    break;
1136 
1137 	ciss_release_request(cr);
1138     }
1139 
1140     if (error)
1141 	ciss_printf(sc, "error resetting controller (%d)\n", error);
1142 
1143     if (cr != NULL)
1144 	ciss_release_request(cr);
1145 }
1146 
1147 /************************************************************************
1148  * Allocate memory for the adapter command structures, initialise
1149  * the request structures.
1150  *
1151  * Note that the entire set of commands are allocated in a single
1152  * contiguous slab.
1153  */
1154 static int
1155 ciss_init_requests(struct ciss_softc *sc)
1156 {
1157     struct ciss_request	*cr;
1158     int			i;
1159 
1160     debug_called(1);
1161 
1162     if (bootverbose || ciss_verbose)
1163 	ciss_printf(sc, "using %d of %d available commands\n",
1164 		    sc->ciss_max_requests, sc->ciss_cfg->max_outstanding_commands);
1165 
1166     /*
1167      * Create the DMA tag for commands.
1168      */
1169     if (bus_dma_tag_create(sc->ciss_parent_dmat,	/* parent */
1170 			   32, 0, 			/* alignment, boundary */
1171 			   BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
1172 			   BUS_SPACE_MAXADDR, 		/* highaddr */
1173 			   NULL, NULL, 			/* filter, filterarg */
1174 			   CISS_COMMAND_ALLOC_SIZE *
1175 			   sc->ciss_max_requests, 1,	/* maxsize, nsegments */
1176 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
1177 			   0,				/* flags */
1178 			   NULL, NULL,			/* lockfunc, lockarg */
1179 			   &sc->ciss_command_dmat)) {
1180 	ciss_printf(sc, "can't allocate command DMA tag\n");
1181 	return(ENOMEM);
1182     }
1183     /*
1184      * Allocate memory and make it available for DMA.
1185      */
1186     if (bus_dmamem_alloc(sc->ciss_command_dmat, (void **)&sc->ciss_command,
1187 			 BUS_DMA_NOWAIT, &sc->ciss_command_map)) {
1188 	ciss_printf(sc, "can't allocate command memory\n");
1189 	return(ENOMEM);
1190     }
1191     bus_dmamap_load(sc->ciss_command_dmat, sc->ciss_command_map,sc->ciss_command,
1192 		    CISS_COMMAND_ALLOC_SIZE * sc->ciss_max_requests,
1193 		    ciss_command_map_helper, &sc->ciss_command_phys, 0);
1194     bzero(sc->ciss_command, CISS_COMMAND_ALLOC_SIZE * sc->ciss_max_requests);
1195 
1196     /*
1197      * Set up the request and command structures, push requests onto
1198      * the free queue.
1199      */
1200     for (i = 1; i < sc->ciss_max_requests; i++) {
1201 	cr = &sc->ciss_request[i];
1202 	cr->cr_sc = sc;
1203 	cr->cr_tag = i;
1204 	cr->cr_cc = (struct ciss_command *)((uintptr_t)sc->ciss_command +
1205 	    CISS_COMMAND_ALLOC_SIZE * i);
1206 	cr->cr_ccphys = sc->ciss_command_phys + CISS_COMMAND_ALLOC_SIZE * i;
1207 	bus_dmamap_create(sc->ciss_buffer_dmat, 0, &cr->cr_datamap);
1208 	ciss_enqueue_free(cr);
1209     }
1210     return(0);
1211 }
1212 
1213 static void
1214 ciss_command_map_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1215 {
1216     uint32_t *addr;
1217 
1218     addr = arg;
1219     *addr = segs[0].ds_addr;
1220 }
1221 
1222 /************************************************************************
1223  * Identify the adapter, print some information about it.
1224  */
1225 static int
1226 ciss_identify_adapter(struct ciss_softc *sc)
1227 {
1228     struct ciss_request	*cr;
1229     int			error, command_status;
1230 
1231     debug_called(1);
1232 
1233     cr = NULL;
1234 
1235     /*
1236      * Get a request, allocate storage for the adapter data.
1237      */
1238     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ID_CTLR,
1239 				       (void **)&sc->ciss_id,
1240 				       sizeof(*sc->ciss_id))) != 0)
1241 	goto out;
1242 
1243     /*
1244      * Submit the request and wait for it to complete.
1245      */
1246     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1247 	ciss_printf(sc, "error sending BMIC ID_CTLR command (%d)\n", error);
1248 	goto out;
1249     }
1250 
1251     /*
1252      * Check response.
1253      */
1254     ciss_report_request(cr, &command_status, NULL);
1255     switch(command_status) {
1256     case CISS_CMD_STATUS_SUCCESS:		/* buffer right size */
1257 	break;
1258     case CISS_CMD_STATUS_DATA_UNDERRUN:
1259     case CISS_CMD_STATUS_DATA_OVERRUN:
1260 	ciss_printf(sc, "data over/underrun reading adapter information\n");
1261     default:
1262 	ciss_printf(sc, "error reading adapter information (%s)\n",
1263 		    ciss_name_command_status(command_status));
1264 	error = EIO;
1265 	goto out;
1266     }
1267 
1268     /* sanity-check reply */
1269     if (!(sc->ciss_id->controller_flags & CONTROLLER_FLAGS_BIG_MAP_SUPPORT)) {
1270 	ciss_printf(sc, "adapter does not support BIG_MAP\n");
1271 	error = ENXIO;
1272 	goto out;
1273     }
1274 
1275 #if 0
1276     /* XXX later revisions may not need this */
1277     sc->ciss_flags |= CISS_FLAG_FAKE_SYNCH;
1278 #endif
1279 
1280     /* XXX only really required for old 5300 adapters? */
1281     sc->ciss_flags |= CISS_FLAG_BMIC_ABORT;
1282 
1283     /*
1284      * Earlier controller specs do not contain these config
1285      * entries, so assume that a 0 means its old and assign
1286      * these values to the defaults that were established
1287      * when this driver was developed for them
1288      */
1289     if (sc->ciss_cfg->max_logical_supported == 0)
1290         sc->ciss_cfg->max_logical_supported = CISS_MAX_LOGICAL;
1291     if (sc->ciss_cfg->max_physical_supported == 0)
1292 	sc->ciss_cfg->max_physical_supported = CISS_MAX_PHYSICAL;
1293     /* print information */
1294     if (bootverbose || ciss_verbose) {
1295 	ciss_printf(sc, "  %d logical drive%s configured\n",
1296 		    sc->ciss_id->configured_logical_drives,
1297 		    (sc->ciss_id->configured_logical_drives == 1) ? "" : "s");
1298 	ciss_printf(sc, "  firmware %4.4s\n", sc->ciss_id->running_firmware_revision);
1299 	ciss_printf(sc, "  %d SCSI channels\n", sc->ciss_id->scsi_chip_count);
1300 
1301 	if (ciss_verbose > 1) {
1302 	  ciss_printf(sc, "  %d FC channels\n", sc->ciss_id->fibre_chip_count);
1303 	  ciss_printf(sc, "  %d enclosures\n", sc->ciss_id->bEnclosureCount);
1304 	  ciss_printf(sc, "  %d expanders\n", sc->ciss_id->bExpanderCount);
1305 	  ciss_printf(sc, "  maximum blocks: %d\n", sc->ciss_id->maximum_blocks);
1306 	  ciss_printf(sc, "  controller clock: %d\n", sc->ciss_id->controller_clock);
1307 	  ciss_printf(sc, "  %d MB controller memory\n", sc->ciss_id->total_controller_mem_mb);
1308 	}
1309 
1310 	ciss_printf(sc, "  signature '%.4s'\n", sc->ciss_cfg->signature);
1311 	ciss_printf(sc, "  valence %d\n", sc->ciss_cfg->valence);
1312 	ciss_printf(sc, "  supported I/O methods 0x%b\n",
1313 		    sc->ciss_cfg->supported_methods,
1314 		    "\20\1READY\2simple\3performant\4MEMQ\n");
1315 	ciss_printf(sc, "  active I/O method 0x%b\n",
1316 		    sc->ciss_cfg->active_method, "\20\2simple\3performant\4MEMQ\n");
1317 	ciss_printf(sc, "  4G page base 0x%08x\n",
1318 		    sc->ciss_cfg->command_physlimit);
1319 	ciss_printf(sc, "  interrupt coalesce delay %dus\n",
1320 		    sc->ciss_cfg->interrupt_coalesce_delay);
1321 	ciss_printf(sc, "  interrupt coalesce count %d\n",
1322 		    sc->ciss_cfg->interrupt_coalesce_count);
1323 	ciss_printf(sc, "  max outstanding commands %d\n",
1324 		    sc->ciss_cfg->max_outstanding_commands);
1325 	ciss_printf(sc, "  bus types 0x%b\n", sc->ciss_cfg->bus_types,
1326 		    "\20\1ultra2\2ultra3\10fibre1\11fibre2\n");
1327 	ciss_printf(sc, "  server name '%.16s'\n", sc->ciss_cfg->server_name);
1328 	ciss_printf(sc, "  heartbeat 0x%x\n", sc->ciss_cfg->heartbeat);
1329 	ciss_printf(sc, "  max logical volumes: %d\n", sc->ciss_cfg->max_logical_supported);
1330     	ciss_printf(sc, "  max physical disks supported: %d\n", sc->ciss_cfg->max_physical_supported);
1331     	ciss_printf(sc, "  max physical disks per logical volume: %d\n", sc->ciss_cfg->max_physical_per_logical);
1332 	ciss_printf(sc, "  JBOD Support is %s\n", (sc->ciss_id->uiYetMoreControllerFlags & YMORE_CONTROLLER_FLAGS_JBOD_SUPPORTED) ?
1333 			"Available" : "Unavailable");
1334 	ciss_printf(sc, "  JBOD Mode is %s\n", (sc->ciss_id->PowerUPNvramFlags & PWR_UP_FLAG_JBOD_ENABLED) ?
1335 			"Enabled" : "Disabled");
1336     }
1337 
1338 out:
1339     if (error) {
1340 	if (sc->ciss_id != NULL) {
1341 	    free(sc->ciss_id, CISS_MALLOC_CLASS);
1342 	    sc->ciss_id = NULL;
1343 	}
1344     }
1345     if (cr != NULL)
1346 	ciss_release_request(cr);
1347     return(error);
1348 }
1349 
1350 /************************************************************************
1351  * Helper routine for generating a list of logical and physical luns.
1352  */
1353 static struct ciss_lun_report *
1354 ciss_report_luns(struct ciss_softc *sc, int opcode, int nunits)
1355 {
1356     struct ciss_request		*cr;
1357     struct ciss_command		*cc;
1358     struct ciss_report_cdb	*crc;
1359     struct ciss_lun_report	*cll;
1360     int				command_status;
1361     int				report_size;
1362     int				error = 0;
1363 
1364     debug_called(1);
1365 
1366     cr = NULL;
1367     cll = NULL;
1368 
1369     /*
1370      * Get a request, allocate storage for the address list.
1371      */
1372     if ((error = ciss_get_request(sc, &cr)) != 0)
1373 	goto out;
1374     report_size = sizeof(*cll) + nunits * sizeof(union ciss_device_address);
1375     if ((cll = malloc(report_size, CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO)) == NULL) {
1376 	ciss_printf(sc, "can't allocate memory for lun report\n");
1377 	error = ENOMEM;
1378 	goto out;
1379     }
1380 
1381     /*
1382      * Build the Report Logical/Physical LUNs command.
1383      */
1384     cc = cr->cr_cc;
1385     cr->cr_data = cll;
1386     cr->cr_length = report_size;
1387     cr->cr_flags = CISS_REQ_DATAIN;
1388 
1389     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
1390     cc->header.address.physical.bus = 0;
1391     cc->header.address.physical.target = 0;
1392     cc->cdb.cdb_length = sizeof(*crc);
1393     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
1394     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
1395     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
1396     cc->cdb.timeout = 30;	/* XXX better suggestions? */
1397 
1398     crc = (struct ciss_report_cdb *)&(cc->cdb.cdb[0]);
1399     bzero(crc, sizeof(*crc));
1400     crc->opcode = opcode;
1401     crc->length = htonl(report_size);			/* big-endian field */
1402     cll->list_size = htonl(report_size - sizeof(*cll));	/* big-endian field */
1403 
1404     /*
1405      * Submit the request and wait for it to complete.  (timeout
1406      * here should be much greater than above)
1407      */
1408     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1409 	ciss_printf(sc, "error sending %d LUN command (%d)\n", opcode, error);
1410 	goto out;
1411     }
1412 
1413     /*
1414      * Check response.  Note that data over/underrun is OK.
1415      */
1416     ciss_report_request(cr, &command_status, NULL);
1417     switch(command_status) {
1418     case CISS_CMD_STATUS_SUCCESS:	/* buffer right size */
1419     case CISS_CMD_STATUS_DATA_UNDERRUN:	/* buffer too large, not bad */
1420 	break;
1421     case CISS_CMD_STATUS_DATA_OVERRUN:
1422 	ciss_printf(sc, "WARNING: more units than driver limit (%d)\n",
1423 		    sc->ciss_cfg->max_logical_supported);
1424 	break;
1425     default:
1426 	ciss_printf(sc, "error detecting logical drive configuration (%s)\n",
1427 		    ciss_name_command_status(command_status));
1428 	error = EIO;
1429 	goto out;
1430     }
1431     ciss_release_request(cr);
1432     cr = NULL;
1433 
1434 out:
1435     if (cr != NULL)
1436 	ciss_release_request(cr);
1437     if (error && cll != NULL) {
1438 	free(cll, CISS_MALLOC_CLASS);
1439 	cll = NULL;
1440     }
1441     return(cll);
1442 }
1443 
1444 /************************************************************************
1445  * Find logical drives on the adapter.
1446  */
1447 static int
1448 ciss_init_logical(struct ciss_softc *sc)
1449 {
1450     struct ciss_lun_report	*cll;
1451     int				error = 0, i, j;
1452     int				ndrives;
1453 
1454     debug_called(1);
1455 
1456     cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_LOGICAL_LUNS,
1457 			   sc->ciss_cfg->max_logical_supported);
1458     if (cll == NULL) {
1459 	error = ENXIO;
1460 	goto out;
1461     }
1462 
1463     /* sanity-check reply */
1464     ndrives = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
1465     if ((ndrives < 0) || (ndrives > sc->ciss_cfg->max_logical_supported)) {
1466 	ciss_printf(sc, "adapter claims to report absurd number of logical drives (%d > %d)\n",
1467 	    	ndrives, sc->ciss_cfg->max_logical_supported);
1468 	error = ENXIO;
1469 	goto out;
1470     }
1471 
1472     /*
1473      * Save logical drive information.
1474      */
1475     if (bootverbose || ciss_verbose) {
1476 	ciss_printf(sc, "%d logical drive%s\n",
1477 	    ndrives, (ndrives > 1 || ndrives == 0) ? "s" : "");
1478     }
1479 
1480     sc->ciss_logical =
1481 	malloc(sc->ciss_max_logical_bus * sizeof(struct ciss_ldrive *),
1482 	       CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1483     if (sc->ciss_logical == NULL) {
1484 	error = ENXIO;
1485 	goto out;
1486     }
1487 
1488     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
1489 	sc->ciss_logical[i] =
1490 	    malloc(sc->ciss_cfg->max_logical_supported *
1491 		   sizeof(struct ciss_ldrive),
1492 		   CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1493 	if (sc->ciss_logical[i] == NULL) {
1494 	    error = ENXIO;
1495 	    goto out;
1496 	}
1497 
1498 	for (j = 0; j < sc->ciss_cfg->max_logical_supported; j++)
1499 	    sc->ciss_logical[i][j].cl_status = CISS_LD_NONEXISTENT;
1500     }
1501 
1502     for (i = 0; i < sc->ciss_cfg->max_logical_supported; i++) {
1503 	if (i < ndrives) {
1504 	    struct ciss_ldrive	*ld;
1505 	    int			bus, target;
1506 
1507 	    bus		= CISS_LUN_TO_BUS(cll->lun[i].logical.lun);
1508 	    target	= CISS_LUN_TO_TARGET(cll->lun[i].logical.lun);
1509 	    ld		= &sc->ciss_logical[bus][target];
1510 
1511 	    ld->cl_address	= cll->lun[i];
1512 	    ld->cl_controller	= &sc->ciss_controllers[bus];
1513 	    if (ciss_identify_logical(sc, ld) != 0)
1514 		continue;
1515 	    /*
1516 	     * If the drive has had media exchanged, we should bring it online.
1517 	     */
1518 	    if (ld->cl_lstatus->media_exchanged)
1519 		ciss_accept_media(sc, ld);
1520 	}
1521     }
1522 
1523  out:
1524     if (cll != NULL)
1525 	free(cll, CISS_MALLOC_CLASS);
1526     return(error);
1527 }
1528 
1529 static int
1530 ciss_init_physical(struct ciss_softc *sc)
1531 {
1532     struct ciss_lun_report	*cll;
1533     int				error = 0, i;
1534     int				nphys;
1535     int				bus;
1536 
1537     debug_called(1);
1538 
1539     bus = 0;
1540 
1541     cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_PHYSICAL_LUNS,
1542 			   sc->ciss_cfg->max_physical_supported);
1543     if (cll == NULL) {
1544 	error = ENXIO;
1545 	goto out;
1546     }
1547 
1548     nphys = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
1549 
1550     if (bootverbose || ciss_verbose) {
1551 	ciss_printf(sc, "%d physical device%s\n",
1552 	    nphys, (nphys > 1 || nphys == 0) ? "s" : "");
1553     }
1554 
1555     /* Per-controller highest target number seen */
1556     sc->ciss_max_physical_target = 0;
1557 
1558     /*
1559      * Figure out the bus mapping.
1560      * Logical buses include both the local logical bus for local arrays and
1561      * proxy buses for remote arrays.  Physical buses are numbered by the
1562      * controller and represent physical buses that hold physical devices.
1563      * We shift these bus numbers so that everything fits into a single flat
1564      * numbering space for CAM.  Logical buses occupy the first 32 CAM bus
1565      * numbers, and the physical bus numbers are shifted to be above that.
1566      * This results in the various driver arrays being indexed as follows:
1567      *
1568      * ciss_controllers[] - indexed by logical bus
1569      * ciss_cam_sim[]     - indexed by both logical and physical, with physical
1570      *                      being shifted by 32.
1571      * ciss_logical[][]   - indexed by logical bus
1572      * ciss_physical[][]  - indexed by physical bus
1573      *
1574      * XXX This is getting more and more hackish.  CISS really doesn't play
1575      *     well with a standard SCSI model; devices are addressed via magic
1576      *     cookies, not via b/t/l addresses.  Since there is no way to store
1577      *     the cookie in the CAM device object, we have to keep these lookup
1578      *     tables handy so that the devices can be found quickly at the cost
1579      *     of wasting memory and having a convoluted lookup scheme.  This
1580      *     driver should probably be converted to block interface.
1581      */
1582     /*
1583      * If the L2 and L3 SCSI addresses are 0, this signifies a proxy
1584      * controller. A proxy controller is another physical controller
1585      * behind the primary PCI controller. We need to know about this
1586      * so that BMIC commands can be properly targeted.  There can be
1587      * proxy controllers attached to a single PCI controller, so
1588      * find the highest numbered one so the array can be properly
1589      * sized.
1590      */
1591     sc->ciss_max_logical_bus = 1;
1592     for (i = 0; i < nphys; i++) {
1593 	if (cll->lun[i].physical.extra_address == 0) {
1594 	    bus = cll->lun[i].physical.bus;
1595 	    sc->ciss_max_logical_bus = max(sc->ciss_max_logical_bus, bus) + 1;
1596 	} else {
1597 	    bus = CISS_EXTRA_BUS2(cll->lun[i].physical.extra_address);
1598 	    sc->ciss_max_physical_bus = max(sc->ciss_max_physical_bus, bus);
1599 	}
1600     }
1601 
1602     sc->ciss_controllers =
1603 	malloc(sc->ciss_max_logical_bus * sizeof (union ciss_device_address),
1604 	       CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1605 
1606     if (sc->ciss_controllers == NULL) {
1607 	ciss_printf(sc, "Could not allocate memory for controller map\n");
1608 	error = ENOMEM;
1609 	goto out;
1610     }
1611 
1612     /* setup a map of controller addresses */
1613     for (i = 0; i < nphys; i++) {
1614 	if (cll->lun[i].physical.extra_address == 0) {
1615 	    sc->ciss_controllers[cll->lun[i].physical.bus] = cll->lun[i];
1616 	}
1617     }
1618 
1619     sc->ciss_physical =
1620 	malloc(sc->ciss_max_physical_bus * sizeof(struct ciss_pdrive *),
1621 	       CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1622     if (sc->ciss_physical == NULL) {
1623 	ciss_printf(sc, "Could not allocate memory for physical device map\n");
1624 	error = ENOMEM;
1625 	goto out;
1626     }
1627 
1628     for (i = 0; i < sc->ciss_max_physical_bus; i++) {
1629 	sc->ciss_physical[i] =
1630 	    malloc(sizeof(struct ciss_pdrive) * CISS_MAX_PHYSTGT,
1631 		   CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1632 	if (sc->ciss_physical[i] == NULL) {
1633 	    ciss_printf(sc, "Could not allocate memory for target map\n");
1634 	    error = ENOMEM;
1635 	    goto out;
1636 	}
1637     }
1638 
1639     ciss_filter_physical(sc, cll);
1640     if (bootverbose || ciss_verbose)
1641 	ciss_printf(sc, "max physical target id: %d\n", sc->ciss_max_physical_target);
1642 
1643 out:
1644     if (cll != NULL)
1645 	free(cll, CISS_MALLOC_CLASS);
1646 
1647     return(error);
1648 }
1649 
1650 static int
1651 ciss_filter_physical(struct ciss_softc *sc, struct ciss_lun_report *cll)
1652 {
1653     u_int32_t ea;
1654     int i, nphys;
1655     int	bus, target;
1656 
1657     nphys = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
1658     for (i = 0; i < nphys; i++) {
1659 	if (cll->lun[i].physical.extra_address == 0)
1660 	    continue;
1661 
1662 	/*
1663 	 * Filter out devices that we don't want.  Level 3 LUNs could
1664 	 * probably be supported, but the docs don't give enough of a
1665 	 * hint to know how.
1666 	 *
1667 	 * The mode field of the physical address is likely set to have
1668 	 * hard disks masked out.  Honor it unless the user has overridden
1669 	 * us with the tunable.  We also munge the inquiry data for these
1670 	 * disks so that they only show up as passthrough devices.  Keeping
1671 	 * them visible in this fashion is useful for doing things like
1672 	 * flashing firmware.
1673 	 */
1674 	ea = cll->lun[i].physical.extra_address;
1675 	if ((CISS_EXTRA_BUS3(ea) != 0) || (CISS_EXTRA_TARGET3(ea) != 0) ||
1676 	    (CISS_EXTRA_MODE2(ea) == 0x3))
1677 	    continue;
1678 	if ((ciss_expose_hidden_physical == 0) &&
1679 	   (cll->lun[i].physical.mode == CISS_HDR_ADDRESS_MODE_MASK_PERIPHERAL))
1680 	    continue;
1681 
1682 	/*
1683 	 * Note: CISS firmware numbers physical busses starting at '1', not
1684 	 *       '0'.  This numbering is internal to the firmware and is only
1685 	 *       used as a hint here.
1686 	 */
1687 	bus = CISS_EXTRA_BUS2(ea) - 1;
1688 	target = CISS_EXTRA_TARGET2(ea);
1689 	sc->ciss_physical[bus][target].cp_address = cll->lun[i];
1690 	sc->ciss_physical[bus][target].cp_online = 1;
1691 
1692 	if ((target > sc->ciss_max_physical_target) &&
1693 	    (cll->lun[i].physical.mode != CISS_HDR_ADDRESS_MODE_MASK_PERIPHERAL))
1694 		sc->ciss_max_physical_target = target;
1695     }
1696 
1697     return (0);
1698 }
1699 
1700 static int
1701 ciss_inquiry_logical(struct ciss_softc *sc, struct ciss_ldrive *ld)
1702 {
1703     struct ciss_request			*cr;
1704     struct ciss_command			*cc;
1705     struct scsi_inquiry			*inq;
1706     int					error;
1707     int					command_status;
1708 
1709     cr = NULL;
1710 
1711     bzero(&ld->cl_geometry, sizeof(ld->cl_geometry));
1712 
1713     if ((error = ciss_get_request(sc, &cr)) != 0)
1714 	goto out;
1715 
1716     cc = cr->cr_cc;
1717     cr->cr_data = &ld->cl_geometry;
1718     cr->cr_length = sizeof(ld->cl_geometry);
1719     cr->cr_flags = CISS_REQ_DATAIN;
1720 
1721     cc->header.address = ld->cl_address;
1722     cc->cdb.cdb_length = 6;
1723     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
1724     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
1725     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
1726     cc->cdb.timeout = 30;
1727 
1728     inq = (struct scsi_inquiry *)&(cc->cdb.cdb[0]);
1729     inq->opcode = INQUIRY;
1730     inq->byte2 = SI_EVPD;
1731     inq->page_code = CISS_VPD_LOGICAL_DRIVE_GEOMETRY;
1732     scsi_ulto2b(sizeof(ld->cl_geometry), inq->length);
1733 
1734     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1735 	ciss_printf(sc, "error getting geometry (%d)\n", error);
1736 	goto out;
1737     }
1738 
1739     ciss_report_request(cr, &command_status, NULL);
1740     switch(command_status) {
1741     case CISS_CMD_STATUS_SUCCESS:
1742     case CISS_CMD_STATUS_DATA_UNDERRUN:
1743 	break;
1744     case CISS_CMD_STATUS_DATA_OVERRUN:
1745 	ciss_printf(sc, "WARNING: Data overrun\n");
1746 	break;
1747     default:
1748 	ciss_printf(sc, "Error detecting logical drive geometry (%s)\n",
1749 		    ciss_name_command_status(command_status));
1750 	break;
1751     }
1752 
1753 out:
1754     if (cr != NULL)
1755 	ciss_release_request(cr);
1756     return(error);
1757 }
1758 /************************************************************************
1759  * Identify a logical drive, initialise state related to it.
1760  */
1761 static int
1762 ciss_identify_logical(struct ciss_softc *sc, struct ciss_ldrive *ld)
1763 {
1764     struct ciss_request		*cr;
1765     struct ciss_command		*cc;
1766     struct ciss_bmic_cdb	*cbc;
1767     int				error, command_status;
1768 
1769     debug_called(1);
1770 
1771     cr = NULL;
1772 
1773     /*
1774      * Build a BMIC request to fetch the drive ID.
1775      */
1776     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ID_LDRIVE,
1777 				       (void **)&ld->cl_ldrive,
1778 				       sizeof(*ld->cl_ldrive))) != 0)
1779 	goto out;
1780     cc = cr->cr_cc;
1781     cc->header.address = *ld->cl_controller;	/* target controller */
1782     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
1783     cbc->log_drive = CISS_LUN_TO_TARGET(ld->cl_address.logical.lun);
1784 
1785     /*
1786      * Submit the request and wait for it to complete.
1787      */
1788     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1789 	ciss_printf(sc, "error sending BMIC LDRIVE command (%d)\n", error);
1790 	goto out;
1791     }
1792 
1793     /*
1794      * Check response.
1795      */
1796     ciss_report_request(cr, &command_status, NULL);
1797     switch(command_status) {
1798     case CISS_CMD_STATUS_SUCCESS:		/* buffer right size */
1799 	break;
1800     case CISS_CMD_STATUS_DATA_UNDERRUN:
1801     case CISS_CMD_STATUS_DATA_OVERRUN:
1802 	ciss_printf(sc, "data over/underrun reading logical drive ID\n");
1803     default:
1804 	ciss_printf(sc, "error reading logical drive ID (%s)\n",
1805 		    ciss_name_command_status(command_status));
1806 	error = EIO;
1807 	goto out;
1808     }
1809     ciss_release_request(cr);
1810     cr = NULL;
1811 
1812     /*
1813      * Build a CISS BMIC command to get the logical drive status.
1814      */
1815     if ((error = ciss_get_ldrive_status(sc, ld)) != 0)
1816 	goto out;
1817 
1818     /*
1819      * Get the logical drive geometry.
1820      */
1821     if ((error = ciss_inquiry_logical(sc, ld)) != 0)
1822 	goto out;
1823 
1824     /*
1825      * Print the drive's basic characteristics.
1826      */
1827     if (bootverbose || ciss_verbose) {
1828 	ciss_printf(sc, "logical drive (b%dt%d): %s, %dMB ",
1829 		    CISS_LUN_TO_BUS(ld->cl_address.logical.lun),
1830 		    CISS_LUN_TO_TARGET(ld->cl_address.logical.lun),
1831 		    ciss_name_ldrive_org(ld->cl_ldrive->fault_tolerance),
1832 		    ((ld->cl_ldrive->blocks_available / (1024 * 1024)) *
1833 		     ld->cl_ldrive->block_size));
1834 
1835 	ciss_print_ldrive(sc, ld);
1836     }
1837 out:
1838     if (error != 0) {
1839 	/* make the drive not-exist */
1840 	ld->cl_status = CISS_LD_NONEXISTENT;
1841 	if (ld->cl_ldrive != NULL) {
1842 	    free(ld->cl_ldrive, CISS_MALLOC_CLASS);
1843 	    ld->cl_ldrive = NULL;
1844 	}
1845 	if (ld->cl_lstatus != NULL) {
1846 	    free(ld->cl_lstatus, CISS_MALLOC_CLASS);
1847 	    ld->cl_lstatus = NULL;
1848 	}
1849     }
1850     if (cr != NULL)
1851 	ciss_release_request(cr);
1852 
1853     return(error);
1854 }
1855 
1856 /************************************************************************
1857  * Get status for a logical drive.
1858  *
1859  * XXX should we also do this in response to Test Unit Ready?
1860  */
1861 static int
1862 ciss_get_ldrive_status(struct ciss_softc *sc,  struct ciss_ldrive *ld)
1863 {
1864     struct ciss_request		*cr;
1865     struct ciss_command		*cc;
1866     struct ciss_bmic_cdb	*cbc;
1867     int				error, command_status;
1868 
1869     /*
1870      * Build a CISS BMIC command to get the logical drive status.
1871      */
1872     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ID_LSTATUS,
1873 				       (void **)&ld->cl_lstatus,
1874 				       sizeof(*ld->cl_lstatus))) != 0)
1875 	goto out;
1876     cc = cr->cr_cc;
1877     cc->header.address = *ld->cl_controller;	/* target controller */
1878     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
1879     cbc->log_drive = CISS_LUN_TO_TARGET(ld->cl_address.logical.lun);
1880 
1881     /*
1882      * Submit the request and wait for it to complete.
1883      */
1884     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1885 	ciss_printf(sc, "error sending BMIC LSTATUS command (%d)\n", error);
1886 	goto out;
1887     }
1888 
1889     /*
1890      * Check response.
1891      */
1892     ciss_report_request(cr, &command_status, NULL);
1893     switch(command_status) {
1894     case CISS_CMD_STATUS_SUCCESS:		/* buffer right size */
1895 	break;
1896     case CISS_CMD_STATUS_DATA_UNDERRUN:
1897     case CISS_CMD_STATUS_DATA_OVERRUN:
1898 	ciss_printf(sc, "data over/underrun reading logical drive status\n");
1899     default:
1900 	ciss_printf(sc, "error reading logical drive status (%s)\n",
1901 		    ciss_name_command_status(command_status));
1902 	error = EIO;
1903 	goto out;
1904     }
1905 
1906     /*
1907      * Set the drive's summary status based on the returned status.
1908      *
1909      * XXX testing shows that a failed JBOD drive comes back at next
1910      * boot in "queued for expansion" mode.  WTF?
1911      */
1912     ld->cl_status = ciss_decode_ldrive_status(ld->cl_lstatus->status);
1913 
1914 out:
1915     if (cr != NULL)
1916 	ciss_release_request(cr);
1917     return(error);
1918 }
1919 
1920 /************************************************************************
1921  * Notify the adapter of a config update.
1922  */
1923 static int
1924 ciss_update_config(struct ciss_softc *sc)
1925 {
1926     int		i;
1927 
1928     debug_called(1);
1929 
1930     CISS_TL_SIMPLE_WRITE(sc, CISS_TL_SIMPLE_IDBR, CISS_TL_SIMPLE_IDBR_CFG_TABLE);
1931     for (i = 0; i < 1000; i++) {
1932 	if (!(CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_IDBR) &
1933 	      CISS_TL_SIMPLE_IDBR_CFG_TABLE)) {
1934 	    return(0);
1935 	}
1936 	DELAY(1000);
1937     }
1938     return(1);
1939 }
1940 
1941 /************************************************************************
1942  * Accept new media into a logical drive.
1943  *
1944  * XXX The drive has previously been offline; it would be good if we
1945  *     could make sure it's not open right now.
1946  */
1947 static int
1948 ciss_accept_media(struct ciss_softc *sc, struct ciss_ldrive *ld)
1949 {
1950     struct ciss_request		*cr;
1951     struct ciss_command		*cc;
1952     struct ciss_bmic_cdb	*cbc;
1953     int				command_status;
1954     int				error = 0, ldrive;
1955 
1956     ldrive = CISS_LUN_TO_TARGET(ld->cl_address.logical.lun);
1957 
1958     debug(0, "bringing logical drive %d back online", ldrive);
1959 
1960     /*
1961      * Build a CISS BMIC command to bring the drive back online.
1962      */
1963     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ACCEPT_MEDIA,
1964 				       NULL, 0)) != 0)
1965 	goto out;
1966     cc = cr->cr_cc;
1967     cc->header.address = *ld->cl_controller;	/* target controller */
1968     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
1969     cbc->log_drive = ldrive;
1970 
1971     /*
1972      * Submit the request and wait for it to complete.
1973      */
1974     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1975 	ciss_printf(sc, "error sending BMIC ACCEPT MEDIA command (%d)\n", error);
1976 	goto out;
1977     }
1978 
1979     /*
1980      * Check response.
1981      */
1982     ciss_report_request(cr, &command_status, NULL);
1983     switch(command_status) {
1984     case CISS_CMD_STATUS_SUCCESS:		/* all OK */
1985 	/* we should get a logical drive status changed event here */
1986 	break;
1987     default:
1988 	ciss_printf(cr->cr_sc, "error accepting media into failed logical drive (%s)\n",
1989 		    ciss_name_command_status(command_status));
1990 	break;
1991     }
1992 
1993 out:
1994     if (cr != NULL)
1995 	ciss_release_request(cr);
1996     return(error);
1997 }
1998 
1999 /************************************************************************
2000  * Release adapter resources.
2001  */
2002 static void
2003 ciss_free(struct ciss_softc *sc)
2004 {
2005     struct ciss_request *cr;
2006     int			i, j;
2007 
2008     debug_called(1);
2009 
2010     /* we're going away */
2011     sc->ciss_flags |= CISS_FLAG_ABORTING;
2012 
2013     /* terminate the periodic heartbeat routine */
2014     callout_stop(&sc->ciss_periodic);
2015 
2016     /* cancel the Event Notify chain */
2017     ciss_notify_abort(sc);
2018 
2019     ciss_kill_notify_thread(sc);
2020 
2021     /* disconnect from CAM */
2022     if (sc->ciss_cam_sim) {
2023 	for (i = 0; i < sc->ciss_max_logical_bus; i++) {
2024 	    if (sc->ciss_cam_sim[i]) {
2025 		xpt_bus_deregister(cam_sim_path(sc->ciss_cam_sim[i]));
2026 		cam_sim_free(sc->ciss_cam_sim[i], 0);
2027 	    }
2028 	}
2029 	for (i = CISS_PHYSICAL_BASE; i < sc->ciss_max_physical_bus +
2030 	     CISS_PHYSICAL_BASE; i++) {
2031 	    if (sc->ciss_cam_sim[i]) {
2032 		xpt_bus_deregister(cam_sim_path(sc->ciss_cam_sim[i]));
2033 		cam_sim_free(sc->ciss_cam_sim[i], 0);
2034 	    }
2035 	}
2036 	free(sc->ciss_cam_sim, CISS_MALLOC_CLASS);
2037     }
2038     if (sc->ciss_cam_devq)
2039 	cam_simq_free(sc->ciss_cam_devq);
2040 
2041     /* remove the control device */
2042     mtx_unlock(&sc->ciss_mtx);
2043     if (sc->ciss_dev_t != NULL)
2044 	destroy_dev(sc->ciss_dev_t);
2045 
2046     /* Final cleanup of the callout. */
2047     callout_drain(&sc->ciss_periodic);
2048     mtx_destroy(&sc->ciss_mtx);
2049 
2050     /* free the controller data */
2051     if (sc->ciss_id != NULL)
2052 	free(sc->ciss_id, CISS_MALLOC_CLASS);
2053 
2054     /* release I/O resources */
2055     if (sc->ciss_regs_resource != NULL)
2056 	bus_release_resource(sc->ciss_dev, SYS_RES_MEMORY,
2057 			     sc->ciss_regs_rid, sc->ciss_regs_resource);
2058     if (sc->ciss_cfg_resource != NULL)
2059 	bus_release_resource(sc->ciss_dev, SYS_RES_MEMORY,
2060 			     sc->ciss_cfg_rid, sc->ciss_cfg_resource);
2061     if (sc->ciss_intr != NULL)
2062 	bus_teardown_intr(sc->ciss_dev, sc->ciss_irq_resource, sc->ciss_intr);
2063     if (sc->ciss_irq_resource != NULL)
2064 	bus_release_resource(sc->ciss_dev, SYS_RES_IRQ,
2065 			     sc->ciss_irq_rid[0], sc->ciss_irq_resource);
2066     if (sc->ciss_msi)
2067 	pci_release_msi(sc->ciss_dev);
2068 
2069     while ((cr = ciss_dequeue_free(sc)) != NULL)
2070 	bus_dmamap_destroy(sc->ciss_buffer_dmat, cr->cr_datamap);
2071     if (sc->ciss_buffer_dmat)
2072 	bus_dma_tag_destroy(sc->ciss_buffer_dmat);
2073 
2074     /* destroy command memory and DMA tag */
2075     if (sc->ciss_command != NULL) {
2076 	bus_dmamap_unload(sc->ciss_command_dmat, sc->ciss_command_map);
2077 	bus_dmamem_free(sc->ciss_command_dmat, sc->ciss_command, sc->ciss_command_map);
2078     }
2079     if (sc->ciss_command_dmat)
2080 	bus_dma_tag_destroy(sc->ciss_command_dmat);
2081 
2082     if (sc->ciss_reply) {
2083 	bus_dmamap_unload(sc->ciss_reply_dmat, sc->ciss_reply_map);
2084 	bus_dmamem_free(sc->ciss_reply_dmat, sc->ciss_reply, sc->ciss_reply_map);
2085     }
2086     if (sc->ciss_reply_dmat)
2087 	bus_dma_tag_destroy(sc->ciss_reply_dmat);
2088 
2089     /* destroy DMA tags */
2090     if (sc->ciss_parent_dmat)
2091 	bus_dma_tag_destroy(sc->ciss_parent_dmat);
2092     if (sc->ciss_logical) {
2093 	for (i = 0; i < sc->ciss_max_logical_bus; i++) {
2094 	    for (j = 0; j < sc->ciss_cfg->max_logical_supported; j++) {
2095 		if (sc->ciss_logical[i][j].cl_ldrive)
2096 		    free(sc->ciss_logical[i][j].cl_ldrive, CISS_MALLOC_CLASS);
2097 		if (sc->ciss_logical[i][j].cl_lstatus)
2098 		    free(sc->ciss_logical[i][j].cl_lstatus, CISS_MALLOC_CLASS);
2099 	    }
2100 	    free(sc->ciss_logical[i], CISS_MALLOC_CLASS);
2101 	}
2102 	free(sc->ciss_logical, CISS_MALLOC_CLASS);
2103     }
2104 
2105     if (sc->ciss_physical) {
2106 	for (i = 0; i < sc->ciss_max_physical_bus; i++)
2107 	    free(sc->ciss_physical[i], CISS_MALLOC_CLASS);
2108 	free(sc->ciss_physical, CISS_MALLOC_CLASS);
2109     }
2110 
2111     if (sc->ciss_controllers)
2112 	free(sc->ciss_controllers, CISS_MALLOC_CLASS);
2113 
2114 }
2115 
2116 /************************************************************************
2117  * Give a command to the adapter.
2118  *
2119  * Note that this uses the simple transport layer directly.  If we
2120  * want to add support for other layers, we'll need a switch of some
2121  * sort.
2122  *
2123  * Note that the simple transport layer has no way of refusing a
2124  * command; we only have as many request structures as the adapter
2125  * supports commands, so we don't have to check (this presumes that
2126  * the adapter can handle commands as fast as we throw them at it).
2127  */
2128 static int
2129 ciss_start(struct ciss_request *cr)
2130 {
2131     int			error;
2132 
2133     debug(2, "post command %d tag %d ", cr->cr_tag, cr->cr_cc->header.host_tag);
2134 
2135     /*
2136      * Map the request's data.
2137      */
2138     if ((error = ciss_map_request(cr)))
2139 	return(error);
2140 
2141 #if 0
2142     ciss_print_request(cr);
2143 #endif
2144 
2145     return(0);
2146 }
2147 
2148 /************************************************************************
2149  * Fetch completed request(s) from the adapter, queue them for
2150  * completion handling.
2151  *
2152  * Note that this uses the simple transport layer directly.  If we
2153  * want to add support for other layers, we'll need a switch of some
2154  * sort.
2155  *
2156  * Note that the simple transport mechanism does not require any
2157  * reentrancy protection; the OPQ read is atomic.  If there is a
2158  * chance of a race with something else that might move the request
2159  * off the busy list, then we will have to lock against that
2160  * (eg. timeouts, etc.)
2161  */
2162 static void
2163 ciss_done(struct ciss_softc *sc, cr_qhead_t *qh)
2164 {
2165     struct ciss_request	*cr;
2166     struct ciss_command	*cc;
2167     u_int32_t		tag, index;
2168 
2169     debug_called(3);
2170 
2171     /*
2172      * Loop quickly taking requests from the adapter and moving them
2173      * to the completed queue.
2174      */
2175     for (;;) {
2176 	tag = CISS_TL_SIMPLE_FETCH_CMD(sc);
2177 	if (tag == CISS_TL_SIMPLE_OPQ_EMPTY)
2178 	    break;
2179 	index = tag >> 2;
2180 	debug(2, "completed command %d%s", index,
2181 	      (tag & CISS_HDR_HOST_TAG_ERROR) ? " with error" : "");
2182 	if (index >= sc->ciss_max_requests) {
2183 	    ciss_printf(sc, "completed invalid request %d (0x%x)\n", index, tag);
2184 	    continue;
2185 	}
2186 	cr = &(sc->ciss_request[index]);
2187 	cc = cr->cr_cc;
2188 	cc->header.host_tag = tag;	/* not updated by adapter */
2189 	ciss_enqueue_complete(cr, qh);
2190     }
2191 
2192 }
2193 
2194 static void
2195 ciss_perf_done(struct ciss_softc *sc, cr_qhead_t *qh)
2196 {
2197     struct ciss_request	*cr;
2198     struct ciss_command	*cc;
2199     u_int32_t		tag, index;
2200 
2201     debug_called(3);
2202 
2203     /*
2204      * Loop quickly taking requests from the adapter and moving them
2205      * to the completed queue.
2206      */
2207     for (;;) {
2208 	tag = sc->ciss_reply[sc->ciss_rqidx];
2209 	if ((tag & CISS_CYCLE_MASK) != sc->ciss_cycle)
2210 	    break;
2211 	index = tag >> 2;
2212 	debug(2, "completed command %d%s\n", index,
2213 	      (tag & CISS_HDR_HOST_TAG_ERROR) ? " with error" : "");
2214 	if (index < sc->ciss_max_requests) {
2215 	    cr = &(sc->ciss_request[index]);
2216 	    cc = cr->cr_cc;
2217 	    cc->header.host_tag = tag;	/* not updated by adapter */
2218 	    ciss_enqueue_complete(cr, qh);
2219 	} else {
2220 	    ciss_printf(sc, "completed invalid request %d (0x%x)\n", index, tag);
2221 	}
2222 	if (++sc->ciss_rqidx == sc->ciss_max_requests) {
2223 	    sc->ciss_rqidx = 0;
2224 	    sc->ciss_cycle ^= 1;
2225 	}
2226     }
2227 
2228 }
2229 
2230 /************************************************************************
2231  * Take an interrupt from the adapter.
2232  */
2233 static void
2234 ciss_intr(void *arg)
2235 {
2236     cr_qhead_t qh;
2237     struct ciss_softc	*sc = (struct ciss_softc *)arg;
2238 
2239     /*
2240      * The only interrupt we recognise indicates that there are
2241      * entries in the outbound post queue.
2242      */
2243     STAILQ_INIT(&qh);
2244     ciss_done(sc, &qh);
2245     mtx_lock(&sc->ciss_mtx);
2246     ciss_complete(sc, &qh);
2247     mtx_unlock(&sc->ciss_mtx);
2248 }
2249 
2250 static void
2251 ciss_perf_intr(void *arg)
2252 {
2253     struct ciss_softc	*sc = (struct ciss_softc *)arg;
2254 
2255     /* Clear the interrupt and flush the bridges.  Docs say that the flush
2256      * needs to be done twice, which doesn't seem right.
2257      */
2258     CISS_TL_PERF_CLEAR_INT(sc);
2259     CISS_TL_PERF_FLUSH_INT(sc);
2260 
2261     ciss_perf_msi_intr(sc);
2262 }
2263 
2264 static void
2265 ciss_perf_msi_intr(void *arg)
2266 {
2267     cr_qhead_t qh;
2268     struct ciss_softc	*sc = (struct ciss_softc *)arg;
2269 
2270     STAILQ_INIT(&qh);
2271     ciss_perf_done(sc, &qh);
2272     mtx_lock(&sc->ciss_mtx);
2273     ciss_complete(sc, &qh);
2274     mtx_unlock(&sc->ciss_mtx);
2275 }
2276 
2277 /************************************************************************
2278  * Process completed requests.
2279  *
2280  * Requests can be completed in three fashions:
2281  *
2282  * - by invoking a callback function (cr_complete is non-null)
2283  * - by waking up a sleeper (cr_flags has CISS_REQ_SLEEP set)
2284  * - by clearing the CISS_REQ_POLL flag in interrupt/timeout context
2285  */
2286 static void
2287 ciss_complete(struct ciss_softc *sc, cr_qhead_t *qh)
2288 {
2289     struct ciss_request	*cr;
2290 
2291     debug_called(2);
2292 
2293     /*
2294      * Loop taking requests off the completed queue and performing
2295      * completion processing on them.
2296      */
2297     for (;;) {
2298 	if ((cr = ciss_dequeue_complete(sc, qh)) == NULL)
2299 	    break;
2300 	ciss_unmap_request(cr);
2301 
2302 	if ((cr->cr_flags & CISS_REQ_BUSY) == 0)
2303 	    ciss_printf(sc, "WARNING: completing non-busy request\n");
2304 	cr->cr_flags &= ~CISS_REQ_BUSY;
2305 
2306 	/*
2307 	 * If the request has a callback, invoke it.
2308 	 */
2309 	if (cr->cr_complete != NULL) {
2310 	    cr->cr_complete(cr);
2311 	    continue;
2312 	}
2313 
2314 	/*
2315 	 * If someone is sleeping on this request, wake them up.
2316 	 */
2317 	if (cr->cr_flags & CISS_REQ_SLEEP) {
2318 	    cr->cr_flags &= ~CISS_REQ_SLEEP;
2319 	    wakeup(cr);
2320 	    continue;
2321 	}
2322 
2323 	/*
2324 	 * If someone is polling this request for completion, signal.
2325 	 */
2326 	if (cr->cr_flags & CISS_REQ_POLL) {
2327 	    cr->cr_flags &= ~CISS_REQ_POLL;
2328 	    continue;
2329 	}
2330 
2331 	/*
2332 	 * Give up and throw the request back on the free queue.  This
2333 	 * should never happen; resources will probably be lost.
2334 	 */
2335 	ciss_printf(sc, "WARNING: completed command with no submitter\n");
2336 	ciss_enqueue_free(cr);
2337     }
2338 }
2339 
2340 /************************************************************************
2341  * Report on the completion status of a request, and pass back SCSI
2342  * and command status values.
2343  */
2344 static int
2345 _ciss_report_request(struct ciss_request *cr, int *command_status, int *scsi_status, const char *func)
2346 {
2347     struct ciss_command		*cc;
2348     struct ciss_error_info	*ce;
2349 
2350     debug_called(2);
2351 
2352     cc = cr->cr_cc;
2353     ce = (struct ciss_error_info *)&(cc->sg[0]);
2354 
2355     /*
2356      * We don't consider data under/overrun an error for the Report
2357      * Logical/Physical LUNs, INQUIRY & RECEIVE_DIAGNOSTIC commands.
2358      */
2359     if ((cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR) &&
2360 	((ce->command_status == CISS_CMD_STATUS_DATA_OVERRUN) ||
2361 	 (ce->command_status == CISS_CMD_STATUS_DATA_UNDERRUN)) &&
2362 	((cc->cdb.cdb[0] == CISS_OPCODE_REPORT_LOGICAL_LUNS) ||
2363 	 (cc->cdb.cdb[0] == CISS_OPCODE_REPORT_PHYSICAL_LUNS) ||
2364 	 (cc->cdb.cdb[0] == RECEIVE_DIAGNOSTIC) ||
2365 	 (cc->cdb.cdb[0] == INQUIRY))) {
2366 	cc->header.host_tag &= ~CISS_HDR_HOST_TAG_ERROR;
2367 	debug(2, "ignoring irrelevant under/overrun error");
2368     }
2369 
2370     /*
2371      * Check the command's error bit, if clear, there's no status and
2372      * everything is OK.
2373      */
2374     if (!(cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR)) {
2375 	if (scsi_status != NULL)
2376 	    *scsi_status = SCSI_STATUS_OK;
2377 	if (command_status != NULL)
2378 	    *command_status = CISS_CMD_STATUS_SUCCESS;
2379 	return(0);
2380     } else {
2381 	if (command_status != NULL)
2382 	    *command_status = ce->command_status;
2383 	if (scsi_status != NULL) {
2384 	    if (ce->command_status == CISS_CMD_STATUS_DATA_UNDERRUN) {
2385 		*scsi_status = SCSI_STATUS_OK;
2386 	    } else if (ce->command_status == CISS_CMD_STATUS_TARGET_STATUS) {
2387 		*scsi_status = ce->scsi_status;
2388 	    } else {
2389 		*scsi_status = -1;
2390 	    }
2391 	}
2392 	if ((bootverbose || ciss_verbose > 3 || (ciss_verbose > 2 && ce->scsi_status != 0)) &&
2393 	    (ce->command_status != CISS_CMD_STATUS_DATA_UNDERRUN)) {
2394 	    ciss_printf(cr->cr_sc, "command status 0x%x (%s) scsi status 0x%x (opcode 0x%02x)\n",
2395 			ce->command_status, ciss_name_command_status(ce->command_status),
2396 			ce->scsi_status,
2397 			cc->cdb.cdb[0]);
2398         }
2399 	if (ce->command_status == CISS_CMD_STATUS_INVALID_COMMAND) {
2400 	    ciss_printf(cr->cr_sc, "invalid command, offense size %d at %d, value 0x%x, function %s\n",
2401 			ce->additional_error_info.invalid_command.offense_size,
2402 			ce->additional_error_info.invalid_command.offense_offset,
2403 			ce->additional_error_info.invalid_command.offense_value,
2404 			func);
2405 	}
2406     }
2407 #if 0
2408     ciss_print_request(cr);
2409 #endif
2410     return(1);
2411 }
2412 
2413 /************************************************************************
2414  * Issue a request and don't return until it's completed.
2415  *
2416  * Depending on adapter status, we may poll or sleep waiting for
2417  * completion.
2418  */
2419 static int
2420 ciss_synch_request(struct ciss_request *cr, int timeout)
2421 {
2422     if (cr->cr_sc->ciss_flags & CISS_FLAG_RUNNING) {
2423 	return(ciss_wait_request(cr, timeout));
2424     } else {
2425 	return(ciss_poll_request(cr, timeout));
2426     }
2427 }
2428 
2429 /************************************************************************
2430  * Issue a request and poll for completion.
2431  *
2432  * Timeout in milliseconds.
2433  */
2434 static int
2435 ciss_poll_request(struct ciss_request *cr, int timeout)
2436 {
2437     cr_qhead_t qh;
2438     struct ciss_softc *sc;
2439     int		error;
2440 
2441     debug_called(2);
2442 
2443     STAILQ_INIT(&qh);
2444     sc = cr->cr_sc;
2445     cr->cr_flags |= CISS_REQ_POLL;
2446     if ((error = ciss_start(cr)) != 0)
2447 	return(error);
2448 
2449     do {
2450 	if (sc->ciss_perf)
2451 	    ciss_perf_done(sc, &qh);
2452 	else
2453 	    ciss_done(sc, &qh);
2454 	ciss_complete(sc, &qh);
2455 	if (!(cr->cr_flags & CISS_REQ_POLL))
2456 	    return(0);
2457 	DELAY(1000);
2458     } while (timeout-- >= 0);
2459     return(EWOULDBLOCK);
2460 }
2461 
2462 /************************************************************************
2463  * Issue a request and sleep waiting for completion.
2464  *
2465  * Timeout in milliseconds.  Note that a spurious wakeup will reset
2466  * the timeout.
2467  */
2468 static int
2469 ciss_wait_request(struct ciss_request *cr, int timeout)
2470 {
2471     int		error;
2472 
2473     debug_called(2);
2474 
2475     cr->cr_flags |= CISS_REQ_SLEEP;
2476     if ((error = ciss_start(cr)) != 0)
2477 	return(error);
2478 
2479     while ((cr->cr_flags & CISS_REQ_SLEEP) && (error != EWOULDBLOCK)) {
2480 	error = msleep_sbt(cr, &cr->cr_sc->ciss_mtx, PRIBIO, "cissREQ",
2481 	    SBT_1MS * timeout, 0, 0);
2482     }
2483     return(error);
2484 }
2485 
2486 #if 0
2487 /************************************************************************
2488  * Abort a request.  Note that a potential exists here to race the
2489  * request being completed; the caller must deal with this.
2490  */
2491 static int
2492 ciss_abort_request(struct ciss_request *ar)
2493 {
2494     struct ciss_request		*cr;
2495     struct ciss_command		*cc;
2496     struct ciss_message_cdb	*cmc;
2497     int				error;
2498 
2499     debug_called(1);
2500 
2501     /* get a request */
2502     if ((error = ciss_get_request(ar->cr_sc, &cr)) != 0)
2503 	return(error);
2504 
2505     /* build the abort command */
2506     cc = cr->cr_cc;
2507     cc->header.address.mode.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;	/* addressing? */
2508     cc->header.address.physical.target = 0;
2509     cc->header.address.physical.bus = 0;
2510     cc->cdb.cdb_length = sizeof(*cmc);
2511     cc->cdb.type = CISS_CDB_TYPE_MESSAGE;
2512     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
2513     cc->cdb.direction = CISS_CDB_DIRECTION_NONE;
2514     cc->cdb.timeout = 30;
2515 
2516     cmc = (struct ciss_message_cdb *)&(cc->cdb.cdb[0]);
2517     cmc->opcode = CISS_OPCODE_MESSAGE_ABORT;
2518     cmc->type = CISS_MESSAGE_ABORT_TASK;
2519     cmc->abort_tag = ar->cr_tag;	/* endianness?? */
2520 
2521     /*
2522      * Send the request and wait for a response.  If we believe we
2523      * aborted the request OK, clear the flag that indicates it's
2524      * running.
2525      */
2526     error = ciss_synch_request(cr, 35 * 1000);
2527     if (!error)
2528 	error = ciss_report_request(cr, NULL, NULL);
2529     ciss_release_request(cr);
2530 
2531     return(error);
2532 }
2533 #endif
2534 
2535 /************************************************************************
2536  * Fetch and initialise a request
2537  */
2538 static int
2539 ciss_get_request(struct ciss_softc *sc, struct ciss_request **crp)
2540 {
2541     struct ciss_request *cr;
2542 
2543     debug_called(2);
2544 
2545     /*
2546      * Get a request and clean it up.
2547      */
2548     if ((cr = ciss_dequeue_free(sc)) == NULL)
2549 	return(ENOMEM);
2550 
2551     cr->cr_data = NULL;
2552     cr->cr_flags = 0;
2553     cr->cr_complete = NULL;
2554     cr->cr_private = NULL;
2555     cr->cr_sg_tag = CISS_SG_MAX;	/* Backstop to prevent accidents */
2556 
2557     ciss_preen_command(cr);
2558     *crp = cr;
2559     return(0);
2560 }
2561 
2562 static void
2563 ciss_preen_command(struct ciss_request *cr)
2564 {
2565     struct ciss_command	*cc;
2566     u_int32_t		cmdphys;
2567 
2568     /*
2569      * Clean up the command structure.
2570      *
2571      * Note that we set up the error_info structure here, since the
2572      * length can be overwritten by any command.
2573      */
2574     cc = cr->cr_cc;
2575     cc->header.sg_in_list = 0;		/* kinda inefficient this way */
2576     cc->header.sg_total = 0;
2577     cc->header.host_tag = cr->cr_tag << 2;
2578     cc->header.host_tag_zeroes = 0;
2579     bzero(&(cc->sg[0]), CISS_COMMAND_ALLOC_SIZE - sizeof(struct ciss_command));
2580     cmdphys = cr->cr_ccphys;
2581     cc->error_info.error_info_address = cmdphys + sizeof(struct ciss_command);
2582     cc->error_info.error_info_length = CISS_COMMAND_ALLOC_SIZE - sizeof(struct ciss_command);
2583 }
2584 
2585 /************************************************************************
2586  * Release a request to the free list.
2587  */
2588 static void
2589 ciss_release_request(struct ciss_request *cr)
2590 {
2591 
2592     debug_called(2);
2593 
2594     /* release the request to the free queue */
2595     ciss_requeue_free(cr);
2596 }
2597 
2598 /************************************************************************
2599  * Allocate a request that will be used to send a BMIC command.  Do some
2600  * of the common setup here to avoid duplicating it everywhere else.
2601  */
2602 static int
2603 ciss_get_bmic_request(struct ciss_softc *sc, struct ciss_request **crp,
2604 		      int opcode, void **bufp, size_t bufsize)
2605 {
2606     struct ciss_request		*cr;
2607     struct ciss_command		*cc;
2608     struct ciss_bmic_cdb	*cbc;
2609     void			*buf;
2610     int				error;
2611     int				dataout;
2612 
2613     debug_called(2);
2614 
2615     cr = NULL;
2616     buf = NULL;
2617 
2618     /*
2619      * Get a request.
2620      */
2621     if ((error = ciss_get_request(sc, &cr)) != 0)
2622 	goto out;
2623 
2624     /*
2625      * Allocate data storage if requested, determine the data direction.
2626      */
2627     dataout = 0;
2628     if ((bufsize > 0) && (bufp != NULL)) {
2629 	if (*bufp == NULL) {
2630 	    if ((buf = malloc(bufsize, CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO)) == NULL) {
2631 		error = ENOMEM;
2632 		goto out;
2633 	    }
2634 	} else {
2635 	    buf = *bufp;
2636 	    dataout = 1;	/* we are given a buffer, so we are writing */
2637 	}
2638     }
2639 
2640     /*
2641      * Build a CISS BMIC command to get the logical drive ID.
2642      */
2643     cr->cr_data = buf;
2644     cr->cr_length = bufsize;
2645     if (!dataout)
2646 	cr->cr_flags = CISS_REQ_DATAIN;
2647 
2648     cc = cr->cr_cc;
2649     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
2650     cc->header.address.physical.bus = 0;
2651     cc->header.address.physical.target = 0;
2652     cc->cdb.cdb_length = sizeof(*cbc);
2653     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
2654     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
2655     cc->cdb.direction = dataout ? CISS_CDB_DIRECTION_WRITE : CISS_CDB_DIRECTION_READ;
2656     cc->cdb.timeout = 0;
2657 
2658     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
2659     bzero(cbc, sizeof(*cbc));
2660     cbc->opcode = dataout ? CISS_ARRAY_CONTROLLER_WRITE : CISS_ARRAY_CONTROLLER_READ;
2661     cbc->bmic_opcode = opcode;
2662     cbc->size = htons((u_int16_t)bufsize);
2663 
2664 out:
2665     if (error) {
2666 	if (cr != NULL)
2667 	    ciss_release_request(cr);
2668     } else {
2669 	*crp = cr;
2670 	if ((bufp != NULL) && (*bufp == NULL) && (buf != NULL))
2671 	    *bufp = buf;
2672     }
2673     return(error);
2674 }
2675 
2676 /************************************************************************
2677  * Handle a command passed in from userspace.
2678  */
2679 static int
2680 ciss_user_command(struct ciss_softc *sc, IOCTL_Command_struct *ioc)
2681 {
2682     struct ciss_request		*cr;
2683     struct ciss_command		*cc;
2684     struct ciss_error_info	*ce;
2685     int				error = 0;
2686 
2687     debug_called(1);
2688 
2689     cr = NULL;
2690 
2691     /*
2692      * Get a request.
2693      */
2694     while (ciss_get_request(sc, &cr) != 0)
2695 	msleep(sc, &sc->ciss_mtx, PPAUSE, "cissREQ", hz);
2696     cc = cr->cr_cc;
2697 
2698     /*
2699      * Allocate an in-kernel databuffer if required, copy in user data.
2700      */
2701     mtx_unlock(&sc->ciss_mtx);
2702     cr->cr_length = ioc->buf_size;
2703     if (ioc->buf_size > 0) {
2704 	if ((cr->cr_data = malloc(ioc->buf_size, CISS_MALLOC_CLASS, M_NOWAIT)) == NULL) {
2705 	    error = ENOMEM;
2706 	    goto out_unlocked;
2707 	}
2708 	if ((error = copyin(ioc->buf, cr->cr_data, ioc->buf_size))) {
2709 	    debug(0, "copyin: bad data buffer %p/%d", ioc->buf, ioc->buf_size);
2710 	    goto out_unlocked;
2711 	}
2712     }
2713 
2714     /*
2715      * Build the request based on the user command.
2716      */
2717     bcopy(&ioc->LUN_info, &cc->header.address, sizeof(cc->header.address));
2718     bcopy(&ioc->Request, &cc->cdb, sizeof(cc->cdb));
2719 
2720     /* XXX anything else to populate here? */
2721     mtx_lock(&sc->ciss_mtx);
2722 
2723     /*
2724      * Run the command.
2725      */
2726     if ((error = ciss_synch_request(cr, 60 * 1000))) {
2727 	debug(0, "request failed - %d", error);
2728 	goto out;
2729     }
2730 
2731     /*
2732      * Check to see if the command succeeded.
2733      */
2734     ce = (struct ciss_error_info *)&(cc->sg[0]);
2735     if ((cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR) == 0)
2736 	bzero(ce, sizeof(*ce));
2737 
2738     /*
2739      * Copy the results back to the user.
2740      */
2741     bcopy(ce, &ioc->error_info, sizeof(*ce));
2742     mtx_unlock(&sc->ciss_mtx);
2743     if ((ioc->buf_size > 0) &&
2744 	(error = copyout(cr->cr_data, ioc->buf, ioc->buf_size))) {
2745 	debug(0, "copyout: bad data buffer %p/%d", ioc->buf, ioc->buf_size);
2746 	goto out_unlocked;
2747     }
2748 
2749     /* done OK */
2750     error = 0;
2751 
2752 out_unlocked:
2753     mtx_lock(&sc->ciss_mtx);
2754 
2755 out:
2756     if ((cr != NULL) && (cr->cr_data != NULL))
2757 	free(cr->cr_data, CISS_MALLOC_CLASS);
2758     if (cr != NULL)
2759 	ciss_release_request(cr);
2760     return(error);
2761 }
2762 
2763 /************************************************************************
2764  * Map a request into bus-visible space, initialise the scatter/gather
2765  * list.
2766  */
2767 static int
2768 ciss_map_request(struct ciss_request *cr)
2769 {
2770     struct ciss_softc	*sc;
2771     int			error = 0;
2772 
2773     debug_called(2);
2774 
2775     sc = cr->cr_sc;
2776 
2777     /* check that mapping is necessary */
2778     if (cr->cr_flags & CISS_REQ_MAPPED)
2779 	return(0);
2780 
2781     cr->cr_flags |= CISS_REQ_MAPPED;
2782 
2783     bus_dmamap_sync(sc->ciss_command_dmat, sc->ciss_command_map,
2784 		    BUS_DMASYNC_PREWRITE);
2785 
2786     if (cr->cr_data != NULL) {
2787 	if (cr->cr_flags & CISS_REQ_CCB)
2788 		error = bus_dmamap_load_ccb(sc->ciss_buffer_dmat,
2789 					cr->cr_datamap, cr->cr_data,
2790 					ciss_request_map_helper, cr, 0);
2791 	else
2792 		error = bus_dmamap_load(sc->ciss_buffer_dmat, cr->cr_datamap,
2793 					cr->cr_data, cr->cr_length,
2794 					ciss_request_map_helper, cr, 0);
2795 	if (error != 0)
2796 	    return (error);
2797     } else {
2798 	/*
2799 	 * Post the command to the adapter.
2800 	 */
2801 	cr->cr_sg_tag = CISS_SG_NONE;
2802 	cr->cr_flags |= CISS_REQ_BUSY;
2803 	if (sc->ciss_perf)
2804 	    CISS_TL_PERF_POST_CMD(sc, cr);
2805 	else
2806 	    CISS_TL_SIMPLE_POST_CMD(sc, cr->cr_ccphys);
2807     }
2808 
2809     return(0);
2810 }
2811 
2812 static void
2813 ciss_request_map_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
2814 {
2815     struct ciss_command	*cc;
2816     struct ciss_request *cr;
2817     struct ciss_softc	*sc;
2818     int			i;
2819 
2820     debug_called(2);
2821 
2822     cr = (struct ciss_request *)arg;
2823     sc = cr->cr_sc;
2824     cc = cr->cr_cc;
2825 
2826     for (i = 0; i < nseg; i++) {
2827 	cc->sg[i].address = segs[i].ds_addr;
2828 	cc->sg[i].length = segs[i].ds_len;
2829 	cc->sg[i].extension = 0;
2830     }
2831     /* we leave the s/g table entirely within the command */
2832     cc->header.sg_in_list = nseg;
2833     cc->header.sg_total = nseg;
2834 
2835     if (cr->cr_flags & CISS_REQ_DATAIN)
2836 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_PREREAD);
2837     if (cr->cr_flags & CISS_REQ_DATAOUT)
2838 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_PREWRITE);
2839 
2840     if (nseg == 0)
2841 	cr->cr_sg_tag = CISS_SG_NONE;
2842     else if (nseg == 1)
2843 	cr->cr_sg_tag = CISS_SG_1;
2844     else if (nseg == 2)
2845 	cr->cr_sg_tag = CISS_SG_2;
2846     else if (nseg <= 4)
2847 	cr->cr_sg_tag = CISS_SG_4;
2848     else if (nseg <= 8)
2849 	cr->cr_sg_tag = CISS_SG_8;
2850     else if (nseg <= 16)
2851 	cr->cr_sg_tag = CISS_SG_16;
2852     else if (nseg <= 32)
2853 	cr->cr_sg_tag = CISS_SG_32;
2854     else
2855 	cr->cr_sg_tag = CISS_SG_MAX;
2856 
2857     /*
2858      * Post the command to the adapter.
2859      */
2860     cr->cr_flags |= CISS_REQ_BUSY;
2861     if (sc->ciss_perf)
2862 	CISS_TL_PERF_POST_CMD(sc, cr);
2863     else
2864 	CISS_TL_SIMPLE_POST_CMD(sc, cr->cr_ccphys);
2865 }
2866 
2867 /************************************************************************
2868  * Unmap a request from bus-visible space.
2869  */
2870 static void
2871 ciss_unmap_request(struct ciss_request *cr)
2872 {
2873     struct ciss_softc	*sc;
2874 
2875     debug_called(2);
2876 
2877     sc = cr->cr_sc;
2878 
2879     /* check that unmapping is necessary */
2880     if ((cr->cr_flags & CISS_REQ_MAPPED) == 0)
2881 	return;
2882 
2883     bus_dmamap_sync(sc->ciss_command_dmat, sc->ciss_command_map,
2884 		    BUS_DMASYNC_POSTWRITE);
2885 
2886     if (cr->cr_data == NULL)
2887 	goto out;
2888 
2889     if (cr->cr_flags & CISS_REQ_DATAIN)
2890 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_POSTREAD);
2891     if (cr->cr_flags & CISS_REQ_DATAOUT)
2892 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_POSTWRITE);
2893 
2894     bus_dmamap_unload(sc->ciss_buffer_dmat, cr->cr_datamap);
2895 out:
2896     cr->cr_flags &= ~CISS_REQ_MAPPED;
2897 }
2898 
2899 /************************************************************************
2900  * Attach the driver to CAM.
2901  *
2902  * We put all the logical drives on a single SCSI bus.
2903  */
2904 static int
2905 ciss_cam_init(struct ciss_softc *sc)
2906 {
2907     int			i, maxbus;
2908 
2909     debug_called(1);
2910 
2911     /*
2912      * Allocate a devq.  We can reuse this for the masked physical
2913      * devices if we decide to export these as well.
2914      */
2915     if ((sc->ciss_cam_devq = cam_simq_alloc(sc->ciss_max_requests - 2)) == NULL) {
2916 	ciss_printf(sc, "can't allocate CAM SIM queue\n");
2917 	return(ENOMEM);
2918     }
2919 
2920     /*
2921      * Create a SIM.
2922      *
2923      * This naturally wastes a bit of memory.  The alternative is to allocate
2924      * and register each bus as it is found, and then track them on a linked
2925      * list.  Unfortunately, the driver has a few places where it needs to
2926      * look up the SIM based solely on bus number, and it's unclear whether
2927      * a list traversal would work for these situations.
2928      */
2929     maxbus = max(sc->ciss_max_logical_bus, sc->ciss_max_physical_bus +
2930 		 CISS_PHYSICAL_BASE);
2931     sc->ciss_cam_sim = malloc(maxbus * sizeof(struct cam_sim*),
2932 			      CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
2933     if (sc->ciss_cam_sim == NULL) {
2934 	ciss_printf(sc, "can't allocate memory for controller SIM\n");
2935 	return(ENOMEM);
2936     }
2937 
2938     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
2939 	if ((sc->ciss_cam_sim[i] = cam_sim_alloc(ciss_cam_action, ciss_cam_poll,
2940 						 "ciss", sc,
2941 						 device_get_unit(sc->ciss_dev),
2942 						 &sc->ciss_mtx,
2943 						 2,
2944 						 sc->ciss_max_requests - 2,
2945 						 sc->ciss_cam_devq)) == NULL) {
2946 	    ciss_printf(sc, "can't allocate CAM SIM for controller %d\n", i);
2947 	    return(ENOMEM);
2948 	}
2949 
2950 	/*
2951 	 * Register bus with this SIM.
2952 	 */
2953 	mtx_lock(&sc->ciss_mtx);
2954 	if (i == 0 || sc->ciss_controllers[i].physical.bus != 0) {
2955 	    if (xpt_bus_register(sc->ciss_cam_sim[i], sc->ciss_dev, i) != 0) {
2956 		ciss_printf(sc, "can't register SCSI bus %d\n", i);
2957 		mtx_unlock(&sc->ciss_mtx);
2958 		return (ENXIO);
2959 	    }
2960 	}
2961 	mtx_unlock(&sc->ciss_mtx);
2962     }
2963 
2964     for (i = CISS_PHYSICAL_BASE; i < sc->ciss_max_physical_bus +
2965 	 CISS_PHYSICAL_BASE; i++) {
2966 	if ((sc->ciss_cam_sim[i] = cam_sim_alloc(ciss_cam_action, ciss_cam_poll,
2967 						 "ciss", sc,
2968 						 device_get_unit(sc->ciss_dev),
2969 						 &sc->ciss_mtx, 1,
2970 						 sc->ciss_max_requests - 2,
2971 						 sc->ciss_cam_devq)) == NULL) {
2972 	    ciss_printf(sc, "can't allocate CAM SIM for controller %d\n", i);
2973 	    return (ENOMEM);
2974 	}
2975 
2976 	mtx_lock(&sc->ciss_mtx);
2977 	if (xpt_bus_register(sc->ciss_cam_sim[i], sc->ciss_dev, i) != 0) {
2978 	    ciss_printf(sc, "can't register SCSI bus %d\n", i);
2979 	    mtx_unlock(&sc->ciss_mtx);
2980 	    return (ENXIO);
2981 	}
2982 	mtx_unlock(&sc->ciss_mtx);
2983     }
2984 
2985     return(0);
2986 }
2987 
2988 /************************************************************************
2989  * Initiate a rescan of the 'logical devices' SIM
2990  */
2991 static void
2992 ciss_cam_rescan_target(struct ciss_softc *sc, int bus, int target)
2993 {
2994     union ccb		*ccb;
2995 
2996     debug_called(1);
2997 
2998     if ((ccb = xpt_alloc_ccb_nowait()) == NULL) {
2999 	ciss_printf(sc, "rescan failed (can't allocate CCB)\n");
3000 	return;
3001     }
3002 
3003     if (xpt_create_path(&ccb->ccb_h.path, NULL,
3004 	    cam_sim_path(sc->ciss_cam_sim[bus]),
3005 	    target, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
3006 	ciss_printf(sc, "rescan failed (can't create path)\n");
3007 	xpt_free_ccb(ccb);
3008 	return;
3009     }
3010     xpt_rescan(ccb);
3011     /* scan is now in progress */
3012 }
3013 
3014 /************************************************************************
3015  * Handle requests coming from CAM
3016  */
3017 static void
3018 ciss_cam_action(struct cam_sim *sim, union ccb *ccb)
3019 {
3020     struct ciss_softc	*sc;
3021     struct ccb_scsiio	*csio;
3022     int			bus, target;
3023     int			physical;
3024 
3025     sc = cam_sim_softc(sim);
3026     bus = cam_sim_bus(sim);
3027     csio = (struct ccb_scsiio *)&ccb->csio;
3028     target = csio->ccb_h.target_id;
3029     physical = CISS_IS_PHYSICAL(bus);
3030 
3031     switch (ccb->ccb_h.func_code) {
3032 	/* perform SCSI I/O */
3033     case XPT_SCSI_IO:
3034 	if (!ciss_cam_action_io(sim, csio))
3035 	    return;
3036 	break;
3037 
3038 	/* perform geometry calculations */
3039     case XPT_CALC_GEOMETRY:
3040     {
3041 	struct ccb_calc_geometry	*ccg = &ccb->ccg;
3042 	struct ciss_ldrive		*ld;
3043 
3044 	debug(1, "XPT_CALC_GEOMETRY %d:%d:%d", cam_sim_bus(sim), ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
3045 
3046 	ld = NULL;
3047 	if (!physical)
3048 	    ld = &sc->ciss_logical[bus][target];
3049 
3050 	/*
3051 	 * Use the cached geometry settings unless the fault tolerance
3052 	 * is invalid.
3053 	 */
3054 	if (physical || ld->cl_geometry.fault_tolerance == 0xFF) {
3055 	    u_int32_t			secs_per_cylinder;
3056 
3057 	    ccg->heads = 255;
3058 	    ccg->secs_per_track = 32;
3059 	    secs_per_cylinder = ccg->heads * ccg->secs_per_track;
3060 	    ccg->cylinders = ccg->volume_size / secs_per_cylinder;
3061 	} else {
3062 	    ccg->heads = ld->cl_geometry.heads;
3063 	    ccg->secs_per_track = ld->cl_geometry.sectors;
3064 	    ccg->cylinders = ntohs(ld->cl_geometry.cylinders);
3065 	}
3066 	ccb->ccb_h.status = CAM_REQ_CMP;
3067         break;
3068     }
3069 
3070 	/* handle path attribute inquiry */
3071     case XPT_PATH_INQ:
3072     {
3073 	struct ccb_pathinq	*cpi = &ccb->cpi;
3074 	int			sg_length;
3075 
3076 	debug(1, "XPT_PATH_INQ %d:%d:%d", cam_sim_bus(sim), ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
3077 
3078 	cpi->version_num = 1;
3079 	cpi->hba_inquiry = PI_TAG_ABLE;	/* XXX is this correct? */
3080 	cpi->target_sprt = 0;
3081 	cpi->hba_misc = 0;
3082 	cpi->max_target = MAX(sc->ciss_max_physical_target, sc->ciss_cfg->max_logical_supported);
3083 	cpi->max_lun = 0;		/* 'logical drive' channel only */
3084 	if (ciss_initiator_id != CAM_TARGET_WILDCARD)
3085 		cpi->initiator_id = ciss_initiator_id;
3086 	else
3087 		cpi->initiator_id = sc->ciss_cfg->max_logical_supported;
3088 	strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
3089 	strlcpy(cpi->hba_vid, "CISS", HBA_IDLEN);
3090 	strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
3091 	cpi->unit_number = cam_sim_unit(sim);
3092 	cpi->bus_id = cam_sim_bus(sim);
3093 	cpi->base_transfer_speed = ciss_base_transfer_speed;
3094 	cpi->transport = XPORT_SPI;
3095 	cpi->transport_version = 2;
3096 	cpi->protocol = PROTO_SCSI;
3097 	cpi->protocol_version = SCSI_REV_2;
3098 	if (sc->ciss_cfg->max_sg_length == 0) {
3099 		sg_length = 17;
3100 	} else {
3101 	/* XXX Fix for ZMR cards that advertise max_sg_length == 32
3102 	 * Confusing bit here. max_sg_length is usually a power of 2. We always
3103 	 * need to subtract 1 to account for partial pages. Then we need to
3104 	 * align on a valid PAGE_SIZE so we round down to the nearest power of 2.
3105 	 * Add 1 so we can then subtract it out in the assignment to maxio.
3106 	 * The reason for all these shenanigans is to create a maxio value that
3107 	 * creates IO operations to volumes that yield consistent operations
3108 	 * with good performance.
3109 	 */
3110 		sg_length = sc->ciss_cfg->max_sg_length - 1;
3111 		sg_length = (1 << (fls(sg_length) - 1)) + 1;
3112 	}
3113 	cpi->maxio = (min(CISS_MAX_SG_ELEMENTS, sg_length) - 1) * PAGE_SIZE;
3114 	ccb->ccb_h.status = CAM_REQ_CMP;
3115 	break;
3116     }
3117 
3118     case XPT_GET_TRAN_SETTINGS:
3119     {
3120 	struct ccb_trans_settings	*cts = &ccb->cts;
3121 	struct ccb_trans_settings_spi *spi = &cts->xport_specific.spi;
3122 	struct ccb_trans_settings_scsi *scsi = &cts->proto_specific.scsi;
3123 
3124 	debug(1, "XPT_GET_TRAN_SETTINGS %d:%d", cam_sim_bus(sim),
3125 	    ctl->ccb_h.target_id);
3126 	/* disconnect always OK */
3127 	cts->protocol = PROTO_SCSI;
3128 	cts->protocol_version = SCSI_REV_2;
3129 	cts->transport = XPORT_SPI;
3130 	cts->transport_version = 2;
3131 
3132 	spi->valid = CTS_SPI_VALID_DISC;
3133 	spi->flags = CTS_SPI_FLAGS_DISC_ENB;
3134 
3135 	scsi->valid = CTS_SCSI_VALID_TQ;
3136 	scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
3137 
3138 	cts->ccb_h.status = CAM_REQ_CMP;
3139 	break;
3140     }
3141 
3142     default:		/* we can't do this */
3143 	debug(1, "unspported func_code = 0x%x", ccb->ccb_h.func_code);
3144 	ccb->ccb_h.status = CAM_REQ_INVALID;
3145 	break;
3146     }
3147 
3148     xpt_done(ccb);
3149 }
3150 
3151 /************************************************************************
3152  * Handle a CAM SCSI I/O request.
3153  */
3154 static int
3155 ciss_cam_action_io(struct cam_sim *sim, struct ccb_scsiio *csio)
3156 {
3157     struct ciss_softc	*sc;
3158     int			bus, target;
3159     struct ciss_request	*cr;
3160     struct ciss_command	*cc;
3161     int			error;
3162 
3163     sc = cam_sim_softc(sim);
3164     bus = cam_sim_bus(sim);
3165     target = csio->ccb_h.target_id;
3166 
3167     debug(2, "XPT_SCSI_IO %d:%d:%d", bus, target, csio->ccb_h.target_lun);
3168 
3169     /* check that the CDB pointer is not to a physical address */
3170     if ((csio->ccb_h.flags & CAM_CDB_POINTER) && (csio->ccb_h.flags & CAM_CDB_PHYS)) {
3171 	debug(3, "  CDB pointer is to physical address");
3172 	csio->ccb_h.status = CAM_REQ_CMP_ERR;
3173     }
3174 
3175     /* abandon aborted ccbs or those that have failed validation */
3176     if ((csio->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_INPROG) {
3177 	debug(3, "abandoning CCB due to abort/validation failure");
3178 	return(EINVAL);
3179     }
3180 
3181     /* handle emulation of some SCSI commands ourself */
3182     if (ciss_cam_emulate(sc, csio))
3183 	return(0);
3184 
3185     /*
3186      * Get a request to manage this command.  If we can't, return the
3187      * ccb, freeze the queue and flag so that we unfreeze it when a
3188      * request completes.
3189      */
3190     if ((error = ciss_get_request(sc, &cr)) != 0) {
3191 	xpt_freeze_simq(sim, 1);
3192 	sc->ciss_flags |= CISS_FLAG_BUSY;
3193 	csio->ccb_h.status |= CAM_REQUEUE_REQ;
3194 	return(error);
3195     }
3196 
3197     /*
3198      * Build the command.
3199      */
3200     cc = cr->cr_cc;
3201     cr->cr_data = csio;
3202     cr->cr_length = csio->dxfer_len;
3203     cr->cr_complete = ciss_cam_complete;
3204     cr->cr_private = csio;
3205 
3206     /*
3207      * Target the right logical volume.
3208      */
3209     if (CISS_IS_PHYSICAL(bus))
3210 	cc->header.address =
3211 	    sc->ciss_physical[CISS_CAM_TO_PBUS(bus)][target].cp_address;
3212     else
3213 	cc->header.address =
3214 	    sc->ciss_logical[bus][target].cl_address;
3215     cc->cdb.cdb_length = csio->cdb_len;
3216     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
3217     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;	/* XXX ordered tags? */
3218     if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT) {
3219 	cr->cr_flags = CISS_REQ_DATAOUT | CISS_REQ_CCB;
3220 	cc->cdb.direction = CISS_CDB_DIRECTION_WRITE;
3221     } else if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) {
3222 	cr->cr_flags = CISS_REQ_DATAIN | CISS_REQ_CCB;
3223 	cc->cdb.direction = CISS_CDB_DIRECTION_READ;
3224     } else {
3225 	cr->cr_data = NULL;
3226 	cr->cr_flags = 0;
3227 	cc->cdb.direction = CISS_CDB_DIRECTION_NONE;
3228     }
3229     cc->cdb.timeout = (csio->ccb_h.timeout / 1000) + 1;
3230     if (csio->ccb_h.flags & CAM_CDB_POINTER) {
3231 	bcopy(csio->cdb_io.cdb_ptr, &cc->cdb.cdb[0], csio->cdb_len);
3232     } else {
3233 	bcopy(csio->cdb_io.cdb_bytes, &cc->cdb.cdb[0], csio->cdb_len);
3234     }
3235 
3236     /*
3237      * Submit the request to the adapter.
3238      *
3239      * Note that this may fail if we're unable to map the request (and
3240      * if we ever learn a transport layer other than simple, may fail
3241      * if the adapter rejects the command).
3242      */
3243     if ((error = ciss_start(cr)) != 0) {
3244 	xpt_freeze_simq(sim, 1);
3245 	csio->ccb_h.status |= CAM_RELEASE_SIMQ;
3246 	if (error == EINPROGRESS) {
3247 	    error = 0;
3248 	} else {
3249 	    csio->ccb_h.status |= CAM_REQUEUE_REQ;
3250 	    ciss_release_request(cr);
3251 	}
3252 	return(error);
3253     }
3254 
3255     return(0);
3256 }
3257 
3258 /************************************************************************
3259  * Emulate SCSI commands the adapter doesn't handle as we might like.
3260  */
3261 static int
3262 ciss_cam_emulate(struct ciss_softc *sc, struct ccb_scsiio *csio)
3263 {
3264     int		bus, target;
3265     u_int8_t	opcode;
3266 
3267     target = csio->ccb_h.target_id;
3268     bus = cam_sim_bus(xpt_path_sim(csio->ccb_h.path));
3269     opcode = (csio->ccb_h.flags & CAM_CDB_POINTER) ?
3270 	*(u_int8_t *)csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes[0];
3271 
3272     if (CISS_IS_PHYSICAL(bus)) {
3273 	if (sc->ciss_physical[CISS_CAM_TO_PBUS(bus)][target].cp_online != 1) {
3274 	    csio->ccb_h.status |= CAM_SEL_TIMEOUT;
3275 	    xpt_done((union ccb *)csio);
3276 	    return(1);
3277 	} else
3278 	    return(0);
3279     }
3280 
3281     /*
3282      * Handle requests for volumes that don't exist or are not online.
3283      * A selection timeout is slightly better than an illegal request.
3284      * Other errors might be better.
3285      */
3286     if (sc->ciss_logical[bus][target].cl_status != CISS_LD_ONLINE) {
3287 	csio->ccb_h.status |= CAM_SEL_TIMEOUT;
3288 	xpt_done((union ccb *)csio);
3289 	return(1);
3290     }
3291 
3292     /* if we have to fake Synchronise Cache */
3293     if (sc->ciss_flags & CISS_FLAG_FAKE_SYNCH) {
3294 	/*
3295 	 * If this is a Synchronise Cache command, typically issued when
3296 	 * a device is closed, flush the adapter and complete now.
3297 	 */
3298 	if (((csio->ccb_h.flags & CAM_CDB_POINTER) ?
3299 	     *(u_int8_t *)csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes[0]) == SYNCHRONIZE_CACHE) {
3300 	    ciss_flush_adapter(sc);
3301 	    csio->ccb_h.status |= CAM_REQ_CMP;
3302 	    xpt_done((union ccb *)csio);
3303 	    return(1);
3304 	}
3305     }
3306 
3307     /*
3308      * A CISS target can only ever have one lun per target. REPORT_LUNS requires
3309      * at least one LUN field to be pre created for us, so snag it and fill in
3310      * the least significant byte indicating 1 LUN here.  Emulate the command
3311      * return to shut up warning on console of a CDB error.  swb
3312      */
3313     if (opcode == REPORT_LUNS && csio->dxfer_len > 0) {
3314        csio->data_ptr[3] = 8;
3315        csio->ccb_h.status |= CAM_REQ_CMP;
3316        xpt_done((union ccb *)csio);
3317        return(1);
3318     }
3319 
3320     return(0);
3321 }
3322 
3323 /************************************************************************
3324  * Check for possibly-completed commands.
3325  */
3326 static void
3327 ciss_cam_poll(struct cam_sim *sim)
3328 {
3329     cr_qhead_t qh;
3330     struct ciss_softc	*sc = cam_sim_softc(sim);
3331 
3332     debug_called(2);
3333 
3334     STAILQ_INIT(&qh);
3335     if (sc->ciss_perf)
3336 	ciss_perf_done(sc, &qh);
3337     else
3338 	ciss_done(sc, &qh);
3339     ciss_complete(sc, &qh);
3340 }
3341 
3342 /************************************************************************
3343  * Handle completion of a command - pass results back through the CCB
3344  */
3345 static void
3346 ciss_cam_complete(struct ciss_request *cr)
3347 {
3348     struct ciss_softc		*sc;
3349     struct ciss_command		*cc;
3350     struct ciss_error_info	*ce;
3351     struct ccb_scsiio		*csio;
3352     int				scsi_status;
3353     int				command_status;
3354 
3355     debug_called(2);
3356 
3357     sc = cr->cr_sc;
3358     cc = cr->cr_cc;
3359     ce = (struct ciss_error_info *)&(cc->sg[0]);
3360     csio = (struct ccb_scsiio *)cr->cr_private;
3361 
3362     /*
3363      * Extract status values from request.
3364      */
3365     ciss_report_request(cr, &command_status, &scsi_status);
3366     switch(command_status) {
3367     case CISS_CMD_STATUS_DATA_UNDERRUN:
3368 	csio->resid = ce->residual_count;
3369 	/* FALLTHROUGH */
3370     case CISS_CMD_STATUS_SUCCESS:
3371 	csio->scsi_status = scsi_status;
3372 	debug(2, "SCSI_STATUS_OK");
3373 	csio->ccb_h.status |= CAM_REQ_CMP;
3374 	break;
3375     case CISS_CMD_STATUS_TARGET_STATUS:
3376 	csio->scsi_status = scsi_status;
3377 	bzero(&csio->sense_data, SSD_FULL_SIZE);
3378 	bcopy(&ce->sense_info[0], &csio->sense_data, ce->sense_length);
3379 	if (csio->sense_len > ce->sense_length)
3380 		csio->sense_resid = csio->sense_len - ce->sense_length;
3381 	else
3382 		csio->sense_resid = 0;
3383 	csio->resid = ce->residual_count;
3384 	csio->ccb_h.status |= CAM_SCSI_STATUS_ERROR | CAM_AUTOSNS_VALID;
3385 	break;
3386     case CISS_CMD_STATUS_DATA_OVERRUN:
3387 	csio->ccb_h.status |= CAM_DATA_RUN_ERR;
3388 	break;
3389     default:
3390 	csio->ccb_h.status |= CAM_REQ_CMP_ERR;
3391 	break;
3392     }
3393 
3394     /* handle post-command fixup */
3395     ciss_cam_complete_fixup(sc, csio);
3396 
3397     ciss_release_request(cr);
3398     if (sc->ciss_flags & CISS_FLAG_BUSY) {
3399 	sc->ciss_flags &= ~CISS_FLAG_BUSY;
3400 	if (csio->ccb_h.status & CAM_RELEASE_SIMQ)
3401 	    xpt_release_simq(xpt_path_sim(csio->ccb_h.path), 0);
3402 	else
3403 	    csio->ccb_h.status |= CAM_RELEASE_SIMQ;
3404     }
3405     xpt_done((union ccb *)csio);
3406 }
3407 
3408 /********************************************************************************
3409  * Fix up the result of some commands here.
3410  */
3411 static void
3412 ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio)
3413 {
3414     struct scsi_inquiry_data	*inq;
3415     struct ciss_ldrive		*cl;
3416     uint8_t			*cdb;
3417     int				bus, target;
3418 
3419     cdb = (csio->ccb_h.flags & CAM_CDB_POINTER) ?
3420 	 (uint8_t *)csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes;
3421     if (cdb[0] == INQUIRY &&
3422 	(cdb[1] & SI_EVPD) == 0 &&
3423 	(csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN &&
3424 	csio->dxfer_len >= SHORT_INQUIRY_LENGTH) {
3425 	inq = (struct scsi_inquiry_data *)csio->data_ptr;
3426 	target = csio->ccb_h.target_id;
3427 	bus = cam_sim_bus(xpt_path_sim(csio->ccb_h.path));
3428 
3429 	/*
3430 	 * If the controller is in JBOD mode, there are no logical volumes.
3431 	 * Let the disks be probed and dealt with via CAM.  Else, mask off
3432 	 * the physical disks and setup the parts of the inq structure for
3433 	 * the logical volume.  swb
3434 	 */
3435 	if( !(sc->ciss_id->PowerUPNvramFlags & PWR_UP_FLAG_JBOD_ENABLED)){
3436 		if (CISS_IS_PHYSICAL(bus)) {
3437 	    		if (SID_TYPE(inq) == T_DIRECT)
3438 				inq->device = (inq->device & 0xe0) | T_NODEVICE;
3439 	    		return;
3440 		}
3441 		cl = &sc->ciss_logical[bus][target];
3442 
3443 		padstr(inq->vendor, "HP",
3444 	       		SID_VENDOR_SIZE);
3445 		padstr(inq->product,
3446 	       		ciss_name_ldrive_org(cl->cl_ldrive->fault_tolerance),
3447 	       		SID_PRODUCT_SIZE);
3448 		padstr(inq->revision,
3449 	       		ciss_name_ldrive_status(cl->cl_lstatus->status),
3450 	       		SID_REVISION_SIZE);
3451 	}
3452     }
3453 }
3454 
3455 /********************************************************************************
3456  * Name the device at (target)
3457  *
3458  * XXX is this strictly correct?
3459  */
3460 static int
3461 ciss_name_device(struct ciss_softc *sc, int bus, int target)
3462 {
3463     struct cam_periph	*periph;
3464     struct cam_path	*path;
3465     int			status;
3466 
3467     if (CISS_IS_PHYSICAL(bus))
3468 	return (0);
3469 
3470     status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]),
3471 			     target, 0);
3472 
3473     if (status == CAM_REQ_CMP) {
3474 	xpt_path_lock(path);
3475 	periph = cam_periph_find(path, NULL);
3476 	xpt_path_unlock(path);
3477 	xpt_free_path(path);
3478 	if (periph != NULL) {
3479 		sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d",
3480 			periph->periph_name, periph->unit_number);
3481 		return(0);
3482 	}
3483     }
3484     sc->ciss_logical[bus][target].cl_name[0] = 0;
3485     return(ENOENT);
3486 }
3487 
3488 /************************************************************************
3489  * Periodic status monitoring.
3490  */
3491 static void
3492 ciss_periodic(void *arg)
3493 {
3494     struct ciss_softc	*sc;
3495     struct ciss_request	*cr = NULL;
3496     struct ciss_command	*cc = NULL;
3497     int			error = 0;
3498 
3499     debug_called(1);
3500 
3501     sc = (struct ciss_softc *)arg;
3502 
3503     /*
3504      * Check the adapter heartbeat.
3505      */
3506     if (sc->ciss_cfg->heartbeat == sc->ciss_heartbeat) {
3507 	sc->ciss_heart_attack++;
3508 	debug(0, "adapter heart attack in progress 0x%x/%d",
3509 	      sc->ciss_heartbeat, sc->ciss_heart_attack);
3510 	if (sc->ciss_heart_attack == 3) {
3511 	    ciss_printf(sc, "ADAPTER HEARTBEAT FAILED\n");
3512 	    ciss_disable_adapter(sc);
3513 	    return;
3514 	}
3515     } else {
3516 	sc->ciss_heartbeat = sc->ciss_cfg->heartbeat;
3517 	sc->ciss_heart_attack = 0;
3518 	debug(3, "new heartbeat 0x%x", sc->ciss_heartbeat);
3519     }
3520 
3521     /*
3522      * Send the NOP message and wait for a response.
3523      */
3524     if (ciss_nop_message_heartbeat != 0 && (error = ciss_get_request(sc, &cr)) == 0) {
3525 	cc = cr->cr_cc;
3526 	cr->cr_complete = ciss_nop_complete;
3527 	cc->cdb.cdb_length = 1;
3528 	cc->cdb.type = CISS_CDB_TYPE_MESSAGE;
3529 	cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
3530 	cc->cdb.direction = CISS_CDB_DIRECTION_WRITE;
3531 	cc->cdb.timeout = 0;
3532 	cc->cdb.cdb[0] = CISS_OPCODE_MESSAGE_NOP;
3533 
3534 	if ((error = ciss_start(cr)) != 0) {
3535 	    ciss_printf(sc, "SENDING NOP MESSAGE FAILED\n");
3536 	}
3537     }
3538 
3539     /*
3540      * If the notify event request has died for some reason, or has
3541      * not started yet, restart it.
3542      */
3543     if (!(sc->ciss_flags & CISS_FLAG_NOTIFY_OK)) {
3544 	debug(0, "(re)starting Event Notify chain");
3545 	ciss_notify_event(sc);
3546     }
3547 
3548     /*
3549      * Reschedule.
3550      */
3551     callout_reset(&sc->ciss_periodic, CISS_HEARTBEAT_RATE * hz, ciss_periodic, sc);
3552 }
3553 
3554 static void
3555 ciss_nop_complete(struct ciss_request *cr)
3556 {
3557     struct ciss_softc		*sc;
3558     static int			first_time = 1;
3559 
3560     sc = cr->cr_sc;
3561     if (ciss_report_request(cr, NULL, NULL) != 0) {
3562 	if (first_time == 1) {
3563 	    first_time = 0;
3564 	    ciss_printf(sc, "SENDING NOP MESSAGE FAILED (not logging anymore)\n");
3565 	}
3566     }
3567 
3568     ciss_release_request(cr);
3569 }
3570 
3571 /************************************************************************
3572  * Disable the adapter.
3573  *
3574  * The all requests in completed queue is failed with hardware error.
3575  * This will cause failover in a multipath configuration.
3576  */
3577 static void
3578 ciss_disable_adapter(struct ciss_softc *sc)
3579 {
3580     cr_qhead_t			qh;
3581     struct ciss_request		*cr;
3582     struct ciss_command		*cc;
3583     struct ciss_error_info	*ce;
3584     int				i;
3585 
3586     CISS_TL_SIMPLE_DISABLE_INTERRUPTS(sc);
3587     pci_disable_busmaster(sc->ciss_dev);
3588     sc->ciss_flags &= ~CISS_FLAG_RUNNING;
3589 
3590     STAILQ_INIT(&qh);
3591     for (i = 1; i < sc->ciss_max_requests; i++) {
3592 	cr = &sc->ciss_request[i];
3593 	if ((cr->cr_flags & CISS_REQ_BUSY) == 0)
3594 	    continue;
3595 
3596 	cc = cr->cr_cc;
3597 	ce = (struct ciss_error_info *)&(cc->sg[0]);
3598 	ce->command_status = CISS_CMD_STATUS_HARDWARE_ERROR;
3599 	ciss_enqueue_complete(cr, &qh);
3600     }
3601 
3602     for (;;) {
3603 	if ((cr = ciss_dequeue_complete(sc, &qh)) == NULL)
3604 	    break;
3605 
3606 	/*
3607 	 * If the request has a callback, invoke it.
3608 	 */
3609 	if (cr->cr_complete != NULL) {
3610 	    cr->cr_complete(cr);
3611 	    continue;
3612 	}
3613 
3614 	/*
3615 	 * If someone is sleeping on this request, wake them up.
3616 	 */
3617 	if (cr->cr_flags & CISS_REQ_SLEEP) {
3618 	    cr->cr_flags &= ~CISS_REQ_SLEEP;
3619 	    wakeup(cr);
3620 	    continue;
3621 	}
3622     }
3623 }
3624 
3625 /************************************************************************
3626  * Request a notification response from the adapter.
3627  *
3628  * If (cr) is NULL, this is the first request of the adapter, so
3629  * reset the adapter's message pointer and start with the oldest
3630  * message available.
3631  */
3632 static void
3633 ciss_notify_event(struct ciss_softc *sc)
3634 {
3635     struct ciss_request		*cr;
3636     struct ciss_command		*cc;
3637     struct ciss_notify_cdb	*cnc;
3638     int				error;
3639 
3640     debug_called(1);
3641 
3642     cr = sc->ciss_periodic_notify;
3643 
3644     /* get a request if we don't already have one */
3645     if (cr == NULL) {
3646 	if ((error = ciss_get_request(sc, &cr)) != 0) {
3647 	    debug(0, "can't get notify event request");
3648 	    goto out;
3649 	}
3650 	sc->ciss_periodic_notify = cr;
3651 	cr->cr_complete = ciss_notify_complete;
3652 	debug(1, "acquired request %d", cr->cr_tag);
3653     }
3654 
3655     /*
3656      * Get a databuffer if we don't already have one, note that the
3657      * adapter command wants a larger buffer than the actual
3658      * structure.
3659      */
3660     if (cr->cr_data == NULL) {
3661 	if ((cr->cr_data = malloc(CISS_NOTIFY_DATA_SIZE, CISS_MALLOC_CLASS, M_NOWAIT)) == NULL) {
3662 	    debug(0, "can't get notify event request buffer");
3663 	    error = ENOMEM;
3664 	    goto out;
3665 	}
3666 	cr->cr_length = CISS_NOTIFY_DATA_SIZE;
3667     }
3668 
3669     /* re-setup the request's command (since we never release it) XXX overkill*/
3670     ciss_preen_command(cr);
3671 
3672     /* (re)build the notify event command */
3673     cc = cr->cr_cc;
3674     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
3675     cc->header.address.physical.bus = 0;
3676     cc->header.address.physical.target = 0;
3677 
3678     cc->cdb.cdb_length = sizeof(*cnc);
3679     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
3680     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
3681     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
3682     cc->cdb.timeout = 0;	/* no timeout, we hope */
3683 
3684     cnc = (struct ciss_notify_cdb *)&(cc->cdb.cdb[0]);
3685     bzero(cr->cr_data, CISS_NOTIFY_DATA_SIZE);
3686     cnc->opcode = CISS_OPCODE_READ;
3687     cnc->command = CISS_COMMAND_NOTIFY_ON_EVENT;
3688     cnc->timeout = 0;		/* no timeout, we hope */
3689     cnc->synchronous = 0;
3690     cnc->ordered = 0;
3691     cnc->seek_to_oldest = 0;
3692     if ((sc->ciss_flags & CISS_FLAG_RUNNING) == 0)
3693 	cnc->new_only = 1;
3694     else
3695 	cnc->new_only = 0;
3696     cnc->length = htonl(CISS_NOTIFY_DATA_SIZE);
3697 
3698     /* submit the request */
3699     error = ciss_start(cr);
3700 
3701  out:
3702     if (error) {
3703 	if (cr != NULL) {
3704 	    if (cr->cr_data != NULL)
3705 		free(cr->cr_data, CISS_MALLOC_CLASS);
3706 	    ciss_release_request(cr);
3707 	}
3708 	sc->ciss_periodic_notify = NULL;
3709 	debug(0, "can't submit notify event request");
3710 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3711     } else {
3712 	debug(1, "notify event submitted");
3713 	sc->ciss_flags |= CISS_FLAG_NOTIFY_OK;
3714     }
3715 }
3716 
3717 static void
3718 ciss_notify_complete(struct ciss_request *cr)
3719 {
3720     struct ciss_notify	*cn;
3721     struct ciss_softc	*sc;
3722     int			scsi_status;
3723     int			command_status;
3724     debug_called(1);
3725 
3726     cn = (struct ciss_notify *)cr->cr_data;
3727     sc = cr->cr_sc;
3728 
3729     /*
3730      * Report request results, decode status.
3731      */
3732     ciss_report_request(cr, &command_status, &scsi_status);
3733 
3734     /*
3735      * Abort the chain on a fatal error.
3736      *
3737      * XXX which of these are actually errors?
3738      */
3739     if ((command_status != CISS_CMD_STATUS_SUCCESS) &&
3740 	(command_status != CISS_CMD_STATUS_TARGET_STATUS) &&
3741 	(command_status != CISS_CMD_STATUS_TIMEOUT)) {	/* XXX timeout? */
3742 	ciss_printf(sc, "fatal error in Notify Event request (%s)\n",
3743 		    ciss_name_command_status(command_status));
3744 	ciss_release_request(cr);
3745 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3746 	return;
3747     }
3748 
3749     /*
3750      * If the adapter gave us a text message, print it.
3751      */
3752     if (cn->message[0] != 0)
3753 	ciss_printf(sc, "*** %.80s\n", cn->message);
3754 
3755     debug(0, "notify event class %d subclass %d detail %d",
3756 		cn->class, cn->subclass, cn->detail);
3757 
3758     /*
3759      * If the response indicates that the notifier has been aborted,
3760      * release the notifier command.
3761      */
3762     if ((cn->class == CISS_NOTIFY_NOTIFIER) &&
3763 	(cn->subclass == CISS_NOTIFY_NOTIFIER_STATUS) &&
3764 	(cn->detail == 1)) {
3765 	debug(0, "notifier exiting");
3766 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3767 	ciss_release_request(cr);
3768 	sc->ciss_periodic_notify = NULL;
3769 	wakeup(&sc->ciss_periodic_notify);
3770     } else {
3771 	/* Handle notify events in a kernel thread */
3772 	ciss_enqueue_notify(cr);
3773 	sc->ciss_periodic_notify = NULL;
3774 	wakeup(&sc->ciss_periodic_notify);
3775 	wakeup(&sc->ciss_notify);
3776     }
3777     /*
3778      * Send a new notify event command, if we're not aborting.
3779      */
3780     if (!(sc->ciss_flags & CISS_FLAG_ABORTING)) {
3781 	ciss_notify_event(sc);
3782     }
3783 }
3784 
3785 /************************************************************************
3786  * Abort the Notify Event chain.
3787  *
3788  * Note that we can't just abort the command in progress; we have to
3789  * explicitly issue an Abort Notify Event command in order for the
3790  * adapter to clean up correctly.
3791  *
3792  * If we are called with CISS_FLAG_ABORTING set in the adapter softc,
3793  * the chain will not restart itself.
3794  */
3795 static int
3796 ciss_notify_abort(struct ciss_softc *sc)
3797 {
3798     struct ciss_request		*cr;
3799     struct ciss_command		*cc;
3800     struct ciss_notify_cdb	*cnc;
3801     int				error, command_status, scsi_status;
3802 
3803     debug_called(1);
3804 
3805     cr = NULL;
3806     error = 0;
3807 
3808     /* verify that there's an outstanding command */
3809     if (!(sc->ciss_flags & CISS_FLAG_NOTIFY_OK))
3810 	goto out;
3811 
3812     /* get a command to issue the abort with */
3813     if ((error = ciss_get_request(sc, &cr)))
3814 	goto out;
3815 
3816     /* get a buffer for the result */
3817     if ((cr->cr_data = malloc(CISS_NOTIFY_DATA_SIZE, CISS_MALLOC_CLASS, M_NOWAIT)) == NULL) {
3818 	debug(0, "can't get notify event request buffer");
3819 	error = ENOMEM;
3820 	goto out;
3821     }
3822     cr->cr_length = CISS_NOTIFY_DATA_SIZE;
3823 
3824     /* build the CDB */
3825     cc = cr->cr_cc;
3826     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
3827     cc->header.address.physical.bus = 0;
3828     cc->header.address.physical.target = 0;
3829     cc->cdb.cdb_length = sizeof(*cnc);
3830     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
3831     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
3832     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
3833     cc->cdb.timeout = 0;	/* no timeout, we hope */
3834 
3835     cnc = (struct ciss_notify_cdb *)&(cc->cdb.cdb[0]);
3836     bzero(cnc, sizeof(*cnc));
3837     cnc->opcode = CISS_OPCODE_WRITE;
3838     cnc->command = CISS_COMMAND_ABORT_NOTIFY;
3839     cnc->length = htonl(CISS_NOTIFY_DATA_SIZE);
3840 #if 0
3841     ciss_print_request(cr);
3842 #endif
3843 
3844     /*
3845      * Submit the request and wait for it to complete.
3846      */
3847     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
3848 	ciss_printf(sc, "Abort Notify Event command failed (%d)\n", error);
3849 	goto out;
3850     }
3851 
3852     /*
3853      * Check response.
3854      */
3855     ciss_report_request(cr, &command_status, &scsi_status);
3856     switch(command_status) {
3857     case CISS_CMD_STATUS_SUCCESS:
3858 	break;
3859     case CISS_CMD_STATUS_INVALID_COMMAND:
3860 	/*
3861 	 * Some older adapters don't support the CISS version of this
3862 	 * command.  Fall back to using the BMIC version.
3863 	 */
3864 	error = ciss_notify_abort_bmic(sc);
3865 	if (error != 0)
3866 	    goto out;
3867 	break;
3868 
3869     case CISS_CMD_STATUS_TARGET_STATUS:
3870 	/*
3871 	 * This can happen if the adapter thinks there wasn't an outstanding
3872 	 * Notify Event command but we did.  We clean up here.
3873 	 */
3874 	if (scsi_status == CISS_SCSI_STATUS_CHECK_CONDITION) {
3875 	    if (sc->ciss_periodic_notify != NULL)
3876 		ciss_release_request(sc->ciss_periodic_notify);
3877 	    error = 0;
3878 	    goto out;
3879 	}
3880 	/* FALLTHROUGH */
3881 
3882     default:
3883 	ciss_printf(sc, "Abort Notify Event command failed (%s)\n",
3884 		    ciss_name_command_status(command_status));
3885 	error = EIO;
3886 	goto out;
3887     }
3888 
3889     /*
3890      * Sleep waiting for the notifier command to complete.  Note
3891      * that if it doesn't, we may end up in a bad situation, since
3892      * the adapter may deliver it later.  Also note that the adapter
3893      * requires the Notify Event command to be cancelled in order to
3894      * maintain internal bookkeeping.
3895      */
3896     while (sc->ciss_periodic_notify != NULL) {
3897 	error = msleep(&sc->ciss_periodic_notify, &sc->ciss_mtx, PRIBIO, "cissNEA", hz * 5);
3898 	if (error == EWOULDBLOCK) {
3899 	    ciss_printf(sc, "Notify Event command failed to abort, adapter may wedge.\n");
3900 	    break;
3901 	}
3902     }
3903 
3904  out:
3905     /* release the cancel request */
3906     if (cr != NULL) {
3907 	if (cr->cr_data != NULL)
3908 	    free(cr->cr_data, CISS_MALLOC_CLASS);
3909 	ciss_release_request(cr);
3910     }
3911     if (error == 0)
3912 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3913     return(error);
3914 }
3915 
3916 /************************************************************************
3917  * Abort the Notify Event chain using a BMIC command.
3918  */
3919 static int
3920 ciss_notify_abort_bmic(struct ciss_softc *sc)
3921 {
3922     struct ciss_request			*cr;
3923     int					error, command_status;
3924 
3925     debug_called(1);
3926 
3927     cr = NULL;
3928     error = 0;
3929 
3930     /* verify that there's an outstanding command */
3931     if (!(sc->ciss_flags & CISS_FLAG_NOTIFY_OK))
3932 	goto out;
3933 
3934     /*
3935      * Build a BMIC command to cancel the Notify on Event command.
3936      *
3937      * Note that we are sending a CISS opcode here.  Odd.
3938      */
3939     if ((error = ciss_get_bmic_request(sc, &cr, CISS_COMMAND_ABORT_NOTIFY,
3940 				       NULL, 0)) != 0)
3941 	goto out;
3942 
3943     /*
3944      * Submit the request and wait for it to complete.
3945      */
3946     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
3947 	ciss_printf(sc, "error sending BMIC Cancel Notify on Event command (%d)\n", error);
3948 	goto out;
3949     }
3950 
3951     /*
3952      * Check response.
3953      */
3954     ciss_report_request(cr, &command_status, NULL);
3955     switch(command_status) {
3956     case CISS_CMD_STATUS_SUCCESS:
3957 	break;
3958     default:
3959 	ciss_printf(sc, "error cancelling Notify on Event (%s)\n",
3960 		    ciss_name_command_status(command_status));
3961 	error = EIO;
3962 	goto out;
3963     }
3964 
3965 out:
3966     if (cr != NULL)
3967 	ciss_release_request(cr);
3968     return(error);
3969 }
3970 
3971 /************************************************************************
3972  * Handle rescanning all the logical volumes when a notify event
3973  * causes the drives to come online or offline.
3974  */
3975 static void
3976 ciss_notify_rescan_logical(struct ciss_softc *sc)
3977 {
3978     struct ciss_lun_report      *cll;
3979     struct ciss_ldrive		*ld;
3980     int                         i, j, ndrives;
3981 
3982     /*
3983      * We must rescan all logical volumes to get the right logical
3984      * drive address.
3985      */
3986     cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_LOGICAL_LUNS,
3987                            sc->ciss_cfg->max_logical_supported);
3988     if (cll == NULL)
3989         return;
3990 
3991     ndrives = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
3992 
3993     /*
3994      * Delete any of the drives which were destroyed by the
3995      * firmware.
3996      */
3997     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
3998 	for (j = 0; j < sc->ciss_cfg->max_logical_supported; j++) {
3999 	    ld = &sc->ciss_logical[i][j];
4000 
4001 	    if (ld->cl_update == 0)
4002 		continue;
4003 
4004 	    if (ld->cl_status != CISS_LD_ONLINE) {
4005 		ciss_cam_rescan_target(sc, i, j);
4006 		ld->cl_update = 0;
4007 		if (ld->cl_ldrive)
4008 		    free(ld->cl_ldrive, CISS_MALLOC_CLASS);
4009 		if (ld->cl_lstatus)
4010 		    free(ld->cl_lstatus, CISS_MALLOC_CLASS);
4011 
4012 		ld->cl_ldrive = NULL;
4013 		ld->cl_lstatus = NULL;
4014 	    }
4015 	}
4016     }
4017 
4018     /*
4019      * Scan for new drives.
4020      */
4021     for (i = 0; i < ndrives; i++) {
4022 	int	bus, target;
4023 
4024 	bus 	= CISS_LUN_TO_BUS(cll->lun[i].logical.lun);
4025 	target	= CISS_LUN_TO_TARGET(cll->lun[i].logical.lun);
4026 	ld	= &sc->ciss_logical[bus][target];
4027 
4028 	if (ld->cl_update == 0)
4029 		continue;
4030 
4031 	ld->cl_update		= 0;
4032 	ld->cl_address		= cll->lun[i];
4033 	ld->cl_controller	= &sc->ciss_controllers[bus];
4034 	if (ciss_identify_logical(sc, ld) == 0) {
4035 	    ciss_cam_rescan_target(sc, bus, target);
4036 	}
4037     }
4038     free(cll, CISS_MALLOC_CLASS);
4039 }
4040 
4041 /************************************************************************
4042  * Handle a notify event relating to the status of a logical drive.
4043  *
4044  * XXX need to be able to defer some of these to properly handle
4045  *     calling the "ID Physical drive" command, unless the 'extended'
4046  *     drive IDs are always in BIG_MAP format.
4047  */
4048 static void
4049 ciss_notify_logical(struct ciss_softc *sc, struct ciss_notify *cn)
4050 {
4051     struct ciss_ldrive	*ld;
4052     int			ostatus, bus, target;
4053 
4054     debug_called(2);
4055 
4056     bus		= cn->device.physical.bus;
4057     target	= cn->data.logical_status.logical_drive;
4058     ld		= &sc->ciss_logical[bus][target];
4059 
4060     switch (cn->subclass) {
4061     case CISS_NOTIFY_LOGICAL_STATUS:
4062 	switch (cn->detail) {
4063 	case 0:
4064 	    ciss_name_device(sc, bus, target);
4065 	    ciss_printf(sc, "logical drive %d (%s) changed status %s->%s, spare status 0x%b\n",
4066 			cn->data.logical_status.logical_drive, ld->cl_name,
4067 			ciss_name_ldrive_status(cn->data.logical_status.previous_state),
4068 			ciss_name_ldrive_status(cn->data.logical_status.new_state),
4069 			cn->data.logical_status.spare_state,
4070 			"\20\1configured\2rebuilding\3failed\4in use\5available\n");
4071 
4072 	    /*
4073 	     * Update our idea of the drive's status.
4074 	     */
4075 	    ostatus = ciss_decode_ldrive_status(cn->data.logical_status.previous_state);
4076 	    ld->cl_status = ciss_decode_ldrive_status(cn->data.logical_status.new_state);
4077 	    if (ld->cl_lstatus != NULL)
4078 		ld->cl_lstatus->status = cn->data.logical_status.new_state;
4079 
4080 	    /*
4081 	     * Have CAM rescan the drive if its status has changed.
4082 	     */
4083 	    if (ostatus != ld->cl_status) {
4084 		ld->cl_update = 1;
4085 		ciss_notify_rescan_logical(sc);
4086 	    }
4087 
4088 	    break;
4089 
4090 	case 1:	/* logical drive has recognised new media, needs Accept Media Exchange */
4091 	    ciss_name_device(sc, bus, target);
4092 	    ciss_printf(sc, "logical drive %d (%s) media exchanged, ready to go online\n",
4093 			cn->data.logical_status.logical_drive, ld->cl_name);
4094 	    ciss_accept_media(sc, ld);
4095 
4096 	    ld->cl_update = 1;
4097 	    ld->cl_status = ciss_decode_ldrive_status(cn->data.logical_status.new_state);
4098 	    ciss_notify_rescan_logical(sc);
4099 	    break;
4100 
4101 	case 2:
4102 	case 3:
4103 	    ciss_printf(sc, "rebuild of logical drive %d (%s) failed due to %s error\n",
4104 			cn->data.rebuild_aborted.logical_drive,
4105 			ld->cl_name,
4106 			(cn->detail == 2) ? "read" : "write");
4107 	    break;
4108 	}
4109 	break;
4110 
4111     case CISS_NOTIFY_LOGICAL_ERROR:
4112 	if (cn->detail == 0) {
4113 	    ciss_printf(sc, "FATAL I/O ERROR on logical drive %d (%s), SCSI port %d ID %d\n",
4114 			cn->data.io_error.logical_drive,
4115 			ld->cl_name,
4116 			cn->data.io_error.failure_bus,
4117 			cn->data.io_error.failure_drive);
4118 	    /* XXX should we take the drive down at this point, or will we be told? */
4119 	}
4120 	break;
4121 
4122     case CISS_NOTIFY_LOGICAL_SURFACE:
4123 	if (cn->detail == 0)
4124 	    ciss_printf(sc, "logical drive %d (%s) completed consistency initialisation\n",
4125 			cn->data.consistency_completed.logical_drive,
4126 			ld->cl_name);
4127 	break;
4128     }
4129 }
4130 
4131 /************************************************************************
4132  * Handle a notify event relating to the status of a physical drive.
4133  */
4134 static void
4135 ciss_notify_physical(struct ciss_softc *sc, struct ciss_notify *cn)
4136 {
4137 }
4138 
4139 /************************************************************************
4140  * Handle a notify event relating to the status of a physical drive.
4141  */
4142 static void
4143 ciss_notify_hotplug(struct ciss_softc *sc, struct ciss_notify *cn)
4144 {
4145     struct ciss_lun_report *cll = NULL;
4146     int bus, target;
4147 
4148     switch (cn->subclass) {
4149     case CISS_NOTIFY_HOTPLUG_PHYSICAL:
4150     case CISS_NOTIFY_HOTPLUG_NONDISK:
4151 	bus = CISS_BIG_MAP_BUS(sc, cn->data.drive.big_physical_drive_number);
4152 	target =
4153 	    CISS_BIG_MAP_TARGET(sc, cn->data.drive.big_physical_drive_number);
4154 
4155 	if (cn->detail == 0) {
4156 	    /*
4157 	     * Mark the device offline so that it'll start producing selection
4158 	     * timeouts to the upper layer.
4159 	     */
4160 	    if ((bus >= 0) && (target >= 0))
4161 		sc->ciss_physical[bus][target].cp_online = 0;
4162 	} else {
4163 	    /*
4164 	     * Rescan the physical lun list for new items
4165 	     */
4166 	    cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_PHYSICAL_LUNS,
4167 				   sc->ciss_cfg->max_physical_supported);
4168 	    if (cll == NULL) {
4169 		ciss_printf(sc, "Warning, cannot get physical lun list\n");
4170 		break;
4171 	    }
4172 	    ciss_filter_physical(sc, cll);
4173 	}
4174 	break;
4175 
4176     default:
4177 	ciss_printf(sc, "Unknown hotplug event %d\n", cn->subclass);
4178 	return;
4179     }
4180 
4181     if (cll != NULL)
4182 	free(cll, CISS_MALLOC_CLASS);
4183 }
4184 
4185 /************************************************************************
4186  * Handle deferred processing of notify events.  Notify events may need
4187  * sleep which is unsafe during an interrupt.
4188  */
4189 static void
4190 ciss_notify_thread(void *arg)
4191 {
4192     struct ciss_softc		*sc;
4193     struct ciss_request		*cr;
4194     struct ciss_notify		*cn;
4195 
4196     sc = (struct ciss_softc *)arg;
4197     mtx_lock(&sc->ciss_mtx);
4198 
4199     for (;;) {
4200 	if (STAILQ_EMPTY(&sc->ciss_notify) != 0 &&
4201 	    (sc->ciss_flags & CISS_FLAG_THREAD_SHUT) == 0) {
4202 	    msleep(&sc->ciss_notify, &sc->ciss_mtx, PUSER, "idle", 0);
4203 	}
4204 
4205 	if (sc->ciss_flags & CISS_FLAG_THREAD_SHUT)
4206 	    break;
4207 
4208 	cr = ciss_dequeue_notify(sc);
4209 
4210 	if (cr == NULL) {
4211 		/*
4212 		 * We get a NULL message sometimes when unplugging/replugging
4213 		 * stuff But this indicates a bug, since we only wake this thread
4214 		 * when we (a) set the THREAD_SHUT flag, or (b) we have enqueued
4215 		 * something. Since it's reported around errors, it may be a
4216 		 * locking bug related to ciss_flags being modified in multiple
4217 		 * threads some without ciss_mtx held. Or there's some other
4218 		 * way we either fail to sleep or corrupt the ciss_flags.
4219 		 */
4220 		ciss_printf(sc, "Driver bug: NULL notify event received\n");
4221 		continue;
4222 	}
4223 
4224 	cn = (struct ciss_notify *)cr->cr_data;
4225 
4226 	switch (cn->class) {
4227 	case CISS_NOTIFY_HOTPLUG:
4228 	    ciss_notify_hotplug(sc, cn);
4229 	    break;
4230 	case CISS_NOTIFY_LOGICAL:
4231 	    ciss_notify_logical(sc, cn);
4232 	    break;
4233 	case CISS_NOTIFY_PHYSICAL:
4234 	    ciss_notify_physical(sc, cn);
4235 	    break;
4236 	}
4237 
4238 	ciss_release_request(cr);
4239     }
4240     sc->ciss_notify_thread = NULL;
4241     wakeup(&sc->ciss_notify_thread);
4242 
4243     mtx_unlock(&sc->ciss_mtx);
4244     kproc_exit(0);
4245 }
4246 
4247 /************************************************************************
4248  * Start the notification kernel thread.
4249  */
4250 static void
4251 ciss_spawn_notify_thread(struct ciss_softc *sc)
4252 {
4253 
4254     if (kproc_create((void(*)(void *))ciss_notify_thread, sc,
4255 		       &sc->ciss_notify_thread, 0, 0, "ciss_notify%d",
4256 		       device_get_unit(sc->ciss_dev)))
4257 	panic("Could not create notify thread\n");
4258 }
4259 
4260 /************************************************************************
4261  * Kill the notification kernel thread.
4262  */
4263 static void
4264 ciss_kill_notify_thread(struct ciss_softc *sc)
4265 {
4266 
4267     if (sc->ciss_notify_thread == NULL)
4268 	return;
4269 
4270     sc->ciss_flags |= CISS_FLAG_THREAD_SHUT;
4271     wakeup(&sc->ciss_notify);
4272     msleep(&sc->ciss_notify_thread, &sc->ciss_mtx, PUSER, "thtrm", 0);
4273 }
4274 
4275 /************************************************************************
4276  * Print a request.
4277  */
4278 #ifdef DDB
4279 static void
4280 ciss_print_request(struct ciss_request *cr)
4281 {
4282     struct ciss_softc	*sc;
4283     struct ciss_command	*cc;
4284     int			i;
4285 
4286     sc = cr->cr_sc;
4287     cc = cr->cr_cc;
4288 
4289     ciss_printf(sc, "REQUEST @ %p\n", cr);
4290     ciss_printf(sc, "  data %p/%d  tag %d  flags %b\n",
4291 	      cr->cr_data, cr->cr_length, cr->cr_tag, cr->cr_flags,
4292 	      "\20\1mapped\2sleep\3poll\4dataout\5datain\n");
4293     ciss_printf(sc, "  sg list/total %d/%d  host tag 0x%x\n",
4294 		cc->header.sg_in_list, cc->header.sg_total, cc->header.host_tag);
4295     switch(cc->header.address.mode.mode) {
4296     case CISS_HDR_ADDRESS_MODE_PERIPHERAL:
4297     case CISS_HDR_ADDRESS_MODE_MASK_PERIPHERAL:
4298 	ciss_printf(sc, "  physical bus %d target %d\n",
4299 		    cc->header.address.physical.bus, cc->header.address.physical.target);
4300 	break;
4301     case CISS_HDR_ADDRESS_MODE_LOGICAL:
4302 	ciss_printf(sc, "  logical unit %d\n", cc->header.address.logical.lun);
4303 	break;
4304     }
4305     ciss_printf(sc, "  %s cdb length %d type %s attribute %s\n",
4306 		(cc->cdb.direction == CISS_CDB_DIRECTION_NONE) ? "no-I/O" :
4307 		(cc->cdb.direction == CISS_CDB_DIRECTION_READ) ? "READ" :
4308 		(cc->cdb.direction == CISS_CDB_DIRECTION_WRITE) ? "WRITE" : "??",
4309 		cc->cdb.cdb_length,
4310 		(cc->cdb.type == CISS_CDB_TYPE_COMMAND) ? "command" :
4311 		(cc->cdb.type == CISS_CDB_TYPE_MESSAGE) ? "message" : "??",
4312 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_UNTAGGED) ? "untagged" :
4313 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_SIMPLE) ? "simple" :
4314 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_HEAD_OF_QUEUE) ? "head-of-queue" :
4315 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_ORDERED) ? "ordered" :
4316 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_AUTO_CONTINGENT) ? "auto-contingent" : "??");
4317     ciss_printf(sc, "  %*D\n", cc->cdb.cdb_length, &cc->cdb.cdb[0], " ");
4318 
4319     if (cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR) {
4320 	/* XXX print error info */
4321     } else {
4322 	/* since we don't use chained s/g, don't support it here */
4323 	for (i = 0; i < cc->header.sg_in_list; i++) {
4324 	    if ((i % 4) == 0)
4325 		ciss_printf(sc, "   ");
4326 	    printf("0x%08x/%d ", (u_int32_t)cc->sg[i].address, cc->sg[i].length);
4327 	    if ((((i + 1) % 4) == 0) || (i == (cc->header.sg_in_list - 1)))
4328 		printf("\n");
4329 	}
4330     }
4331 }
4332 #endif
4333 
4334 /************************************************************************
4335  * Print information about the status of a logical drive.
4336  */
4337 static void
4338 ciss_print_ldrive(struct ciss_softc *sc, struct ciss_ldrive *ld)
4339 {
4340     int		bus, target, i;
4341 
4342     if (ld->cl_lstatus == NULL) {
4343 	printf("does not exist\n");
4344 	return;
4345     }
4346 
4347     /* print drive status */
4348     switch(ld->cl_lstatus->status) {
4349     case CISS_LSTATUS_OK:
4350 	printf("online\n");
4351 	break;
4352     case CISS_LSTATUS_INTERIM_RECOVERY:
4353 	printf("in interim recovery mode\n");
4354 	break;
4355     case CISS_LSTATUS_READY_RECOVERY:
4356 	printf("ready to begin recovery\n");
4357 	break;
4358     case CISS_LSTATUS_RECOVERING:
4359 	bus = CISS_BIG_MAP_BUS(sc, ld->cl_lstatus->drive_rebuilding);
4360 	target = CISS_BIG_MAP_BUS(sc, ld->cl_lstatus->drive_rebuilding);
4361 	printf("being recovered, working on physical drive %d.%d, %u blocks remaining\n",
4362 	       bus, target, ld->cl_lstatus->blocks_to_recover);
4363 	break;
4364     case CISS_LSTATUS_EXPANDING:
4365 	printf("being expanded, %u blocks remaining\n",
4366 	       ld->cl_lstatus->blocks_to_recover);
4367 	break;
4368     case CISS_LSTATUS_QUEUED_FOR_EXPANSION:
4369 	printf("queued for expansion\n");
4370 	break;
4371     case CISS_LSTATUS_FAILED:
4372 	printf("queued for expansion\n");
4373 	break;
4374     case CISS_LSTATUS_WRONG_PDRIVE:
4375 	printf("wrong physical drive inserted\n");
4376 	break;
4377     case CISS_LSTATUS_MISSING_PDRIVE:
4378 	printf("missing a needed physical drive\n");
4379 	break;
4380     case CISS_LSTATUS_BECOMING_READY:
4381 	printf("becoming ready\n");
4382 	break;
4383     }
4384 
4385     /* print failed physical drives */
4386     for (i = 0; i < CISS_BIG_MAP_ENTRIES / 8; i++) {
4387 	bus = CISS_BIG_MAP_BUS(sc, ld->cl_lstatus->drive_failure_map[i]);
4388 	target = CISS_BIG_MAP_TARGET(sc, ld->cl_lstatus->drive_failure_map[i]);
4389 	if (bus == -1)
4390 	    continue;
4391 	ciss_printf(sc, "physical drive %d:%d (%x) failed\n", bus, target,
4392 		    ld->cl_lstatus->drive_failure_map[i]);
4393     }
4394 }
4395 
4396 #ifdef DDB
4397 #include <ddb/ddb.h>
4398 /************************************************************************
4399  * Print information about the controller/driver.
4400  */
4401 static void
4402 ciss_print_adapter(struct ciss_softc *sc)
4403 {
4404     int		i, j;
4405 
4406     ciss_printf(sc, "ADAPTER:\n");
4407     for (i = 0; i < CISSQ_COUNT; i++) {
4408 	ciss_printf(sc, "%s     %d/%d\n",
4409 	    i == 0 ? "free" :
4410 	    i == 1 ? "busy" : "complete",
4411 	    sc->ciss_qstat[i].q_length,
4412 	    sc->ciss_qstat[i].q_max);
4413     }
4414     ciss_printf(sc, "max_requests %d\n", sc->ciss_max_requests);
4415     ciss_printf(sc, "flags %b\n", sc->ciss_flags,
4416 	"\20\1notify_ok\2control_open\3aborting\4running\21fake_synch\22bmic_abort\n");
4417 
4418     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
4419 	for (j = 0; j < sc->ciss_cfg->max_logical_supported; j++) {
4420 	    ciss_printf(sc, "LOGICAL DRIVE %d:  ", i);
4421 	    ciss_print_ldrive(sc, &sc->ciss_logical[i][j]);
4422 	}
4423     }
4424 
4425     /* XXX Should physical drives be printed out here? */
4426 
4427     for (i = 1; i < sc->ciss_max_requests; i++)
4428 	ciss_print_request(sc->ciss_request + i);
4429 }
4430 
4431 /* DDB hook */
4432 DB_COMMAND(ciss_prt, db_ciss_prt)
4433 {
4434     struct ciss_softc	*sc;
4435     devclass_t dc;
4436     int maxciss, i;
4437 
4438     dc = devclass_find("ciss");
4439     if ( dc == NULL ) {
4440         printf("%s: can't find devclass!\n", __func__);
4441         return;
4442     }
4443     maxciss = devclass_get_maxunit(dc);
4444     for (i = 0; i < maxciss; i++) {
4445         sc = devclass_get_softc(dc, i);
4446 	ciss_print_adapter(sc);
4447     }
4448 }
4449 #endif
4450 
4451 /************************************************************************
4452  * Return a name for a logical drive status value.
4453  */
4454 static const char *
4455 ciss_name_ldrive_status(int status)
4456 {
4457     switch (status) {
4458     case CISS_LSTATUS_OK:
4459 	return("OK");
4460     case CISS_LSTATUS_FAILED:
4461 	return("failed");
4462     case CISS_LSTATUS_NOT_CONFIGURED:
4463 	return("not configured");
4464     case CISS_LSTATUS_INTERIM_RECOVERY:
4465 	return("interim recovery");
4466     case CISS_LSTATUS_READY_RECOVERY:
4467 	return("ready for recovery");
4468     case CISS_LSTATUS_RECOVERING:
4469 	return("recovering");
4470     case CISS_LSTATUS_WRONG_PDRIVE:
4471 	return("wrong physical drive inserted");
4472     case CISS_LSTATUS_MISSING_PDRIVE:
4473 	return("missing physical drive");
4474     case CISS_LSTATUS_EXPANDING:
4475 	return("expanding");
4476     case CISS_LSTATUS_BECOMING_READY:
4477 	return("becoming ready");
4478     case CISS_LSTATUS_QUEUED_FOR_EXPANSION:
4479 	return("queued for expansion");
4480     }
4481     return("unknown status");
4482 }
4483 
4484 /************************************************************************
4485  * Return an online/offline/nonexistent value for a logical drive
4486  * status value.
4487  */
4488 static int
4489 ciss_decode_ldrive_status(int status)
4490 {
4491     switch(status) {
4492     case CISS_LSTATUS_NOT_CONFIGURED:
4493 	return(CISS_LD_NONEXISTENT);
4494 
4495     case CISS_LSTATUS_OK:
4496     case CISS_LSTATUS_INTERIM_RECOVERY:
4497     case CISS_LSTATUS_READY_RECOVERY:
4498     case CISS_LSTATUS_RECOVERING:
4499     case CISS_LSTATUS_EXPANDING:
4500     case CISS_LSTATUS_QUEUED_FOR_EXPANSION:
4501 	return(CISS_LD_ONLINE);
4502 
4503     case CISS_LSTATUS_FAILED:
4504     case CISS_LSTATUS_WRONG_PDRIVE:
4505     case CISS_LSTATUS_MISSING_PDRIVE:
4506     case CISS_LSTATUS_BECOMING_READY:
4507     default:
4508 	return(CISS_LD_OFFLINE);
4509     }
4510 }
4511 
4512 /************************************************************************
4513  * Return a name for a logical drive's organisation.
4514  */
4515 static const char *
4516 ciss_name_ldrive_org(int org)
4517 {
4518     switch(org) {
4519     case CISS_LDRIVE_RAID0:
4520 	return("RAID 0");
4521     case CISS_LDRIVE_RAID1:
4522 	return("RAID 1(1+0)");
4523     case CISS_LDRIVE_RAID4:
4524 	return("RAID 4");
4525     case CISS_LDRIVE_RAID5:
4526 	return("RAID 5");
4527     case CISS_LDRIVE_RAID51:
4528 	return("RAID 5+1");
4529     case CISS_LDRIVE_RAIDADG:
4530 	return("RAID ADG");
4531     }
4532     return("unknown");
4533 }
4534 
4535 /************************************************************************
4536  * Return a name for a command status value.
4537  */
4538 static const char *
4539 ciss_name_command_status(int status)
4540 {
4541     switch(status) {
4542     case CISS_CMD_STATUS_SUCCESS:
4543 	return("success");
4544     case CISS_CMD_STATUS_TARGET_STATUS:
4545 	return("target status");
4546     case CISS_CMD_STATUS_DATA_UNDERRUN:
4547 	return("data underrun");
4548     case CISS_CMD_STATUS_DATA_OVERRUN:
4549 	return("data overrun");
4550     case CISS_CMD_STATUS_INVALID_COMMAND:
4551 	return("invalid command");
4552     case CISS_CMD_STATUS_PROTOCOL_ERROR:
4553 	return("protocol error");
4554     case CISS_CMD_STATUS_HARDWARE_ERROR:
4555 	return("hardware error");
4556     case CISS_CMD_STATUS_CONNECTION_LOST:
4557 	return("connection lost");
4558     case CISS_CMD_STATUS_ABORTED:
4559 	return("aborted");
4560     case CISS_CMD_STATUS_ABORT_FAILED:
4561 	return("abort failed");
4562     case CISS_CMD_STATUS_UNSOLICITED_ABORT:
4563 	return("unsolicited abort");
4564     case CISS_CMD_STATUS_TIMEOUT:
4565 	return("timeout");
4566     case CISS_CMD_STATUS_UNABORTABLE:
4567 	return("unabortable");
4568     }
4569     return("unknown status");
4570 }
4571 
4572 /************************************************************************
4573  * Handle an open on the control device.
4574  */
4575 static int
4576 ciss_open(struct cdev *dev, int flags, int fmt, struct thread *p)
4577 {
4578     struct ciss_softc	*sc;
4579 
4580     debug_called(1);
4581 
4582     sc = (struct ciss_softc *)dev->si_drv1;
4583 
4584     /* we might want to veto if someone already has us open */
4585 
4586     mtx_lock(&sc->ciss_mtx);
4587     sc->ciss_flags |= CISS_FLAG_CONTROL_OPEN;
4588     mtx_unlock(&sc->ciss_mtx);
4589     return(0);
4590 }
4591 
4592 /************************************************************************
4593  * Handle the last close on the control device.
4594  */
4595 static int
4596 ciss_close(struct cdev *dev, int flags, int fmt, struct thread *p)
4597 {
4598     struct ciss_softc	*sc;
4599 
4600     debug_called(1);
4601 
4602     sc = (struct ciss_softc *)dev->si_drv1;
4603 
4604     mtx_lock(&sc->ciss_mtx);
4605     sc->ciss_flags &= ~CISS_FLAG_CONTROL_OPEN;
4606     mtx_unlock(&sc->ciss_mtx);
4607     return (0);
4608 }
4609 
4610 /********************************************************************************
4611  * Handle adapter-specific control operations.
4612  *
4613  * Note that the API here is compatible with the Linux driver, in order to
4614  * simplify the porting of Compaq's userland tools.
4615  */
4616 static int
4617 ciss_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int32_t flag, struct thread *p)
4618 {
4619     struct ciss_softc		*sc;
4620     IOCTL_Command_struct	*ioc	= (IOCTL_Command_struct *)addr;
4621 #ifdef __amd64__
4622     IOCTL_Command_struct32	*ioc32	= (IOCTL_Command_struct32 *)addr;
4623     IOCTL_Command_struct	ioc_swab;
4624 #endif
4625     int				error;
4626 
4627     debug_called(1);
4628 
4629     sc = (struct ciss_softc *)dev->si_drv1;
4630     error = 0;
4631     mtx_lock(&sc->ciss_mtx);
4632 
4633     switch(cmd) {
4634     case CCISS_GETQSTATS:
4635     {
4636 	union ciss_statrequest *cr = (union ciss_statrequest *)addr;
4637 
4638 	switch (cr->cs_item) {
4639 	case CISSQ_FREE:
4640 	case CISSQ_NOTIFY:
4641 	    bcopy(&sc->ciss_qstat[cr->cs_item], &cr->cs_qstat,
4642 		sizeof(struct ciss_qstat));
4643 	    break;
4644 	default:
4645 	    error = ENOIOCTL;
4646 	    break;
4647 	}
4648 
4649 	break;
4650     }
4651 
4652     case CCISS_GETPCIINFO:
4653     {
4654 	cciss_pci_info_struct	*pis = (cciss_pci_info_struct *)addr;
4655 
4656 	pis->bus = pci_get_bus(sc->ciss_dev);
4657 	pis->dev_fn = pci_get_slot(sc->ciss_dev);
4658         pis->board_id = (pci_get_subvendor(sc->ciss_dev) << 16) |
4659                 pci_get_subdevice(sc->ciss_dev);
4660 
4661 	break;
4662     }
4663 
4664     case CCISS_GETINTINFO:
4665     {
4666 	cciss_coalint_struct	*cis = (cciss_coalint_struct *)addr;
4667 
4668 	cis->delay = sc->ciss_cfg->interrupt_coalesce_delay;
4669 	cis->count = sc->ciss_cfg->interrupt_coalesce_count;
4670 
4671 	break;
4672     }
4673 
4674     case CCISS_SETINTINFO:
4675     {
4676 	cciss_coalint_struct	*cis = (cciss_coalint_struct *)addr;
4677 
4678 	if ((cis->delay == 0) && (cis->count == 0)) {
4679 	    error = EINVAL;
4680 	    break;
4681 	}
4682 
4683 	/*
4684 	 * XXX apparently this is only safe if the controller is idle,
4685 	 *     we should suspend it before doing this.
4686 	 */
4687 	sc->ciss_cfg->interrupt_coalesce_delay = cis->delay;
4688 	sc->ciss_cfg->interrupt_coalesce_count = cis->count;
4689 
4690 	if (ciss_update_config(sc))
4691 	    error = EIO;
4692 
4693 	/* XXX resume the controller here */
4694 	break;
4695     }
4696 
4697     case CCISS_GETNODENAME:
4698 	bcopy(sc->ciss_cfg->server_name, (NodeName_type *)addr,
4699 	      sizeof(NodeName_type));
4700 	break;
4701 
4702     case CCISS_SETNODENAME:
4703 	bcopy((NodeName_type *)addr, sc->ciss_cfg->server_name,
4704 	      sizeof(NodeName_type));
4705 	if (ciss_update_config(sc))
4706 	    error = EIO;
4707 	break;
4708 
4709     case CCISS_GETHEARTBEAT:
4710 	*(Heartbeat_type *)addr = sc->ciss_cfg->heartbeat;
4711 	break;
4712 
4713     case CCISS_GETBUSTYPES:
4714 	*(BusTypes_type *)addr = sc->ciss_cfg->bus_types;
4715 	break;
4716 
4717     case CCISS_GETFIRMVER:
4718 	bcopy(sc->ciss_id->running_firmware_revision, (FirmwareVer_type *)addr,
4719 	      sizeof(FirmwareVer_type));
4720 	break;
4721 
4722     case CCISS_GETDRIVERVER:
4723 	*(DriverVer_type *)addr = CISS_DRIVER_VERSION;
4724 	break;
4725 
4726     case CCISS_REVALIDVOLS:
4727 	/*
4728 	 * This is a bit ugly; to do it "right" we really need
4729 	 * to find any disks that have changed, kick CAM off them,
4730 	 * then rescan only these disks.  It'd be nice if they
4731 	 * a) told us which disk(s) they were going to play with,
4732 	 * and b) which ones had arrived. 8(
4733 	 */
4734 	break;
4735 
4736 #ifdef __amd64__
4737     case CCISS_PASSTHRU32:
4738 	ioc_swab.LUN_info	= ioc32->LUN_info;
4739 	ioc_swab.Request	= ioc32->Request;
4740 	ioc_swab.error_info	= ioc32->error_info;
4741 	ioc_swab.buf_size	= ioc32->buf_size;
4742 	ioc_swab.buf		= (u_int8_t *)(uintptr_t)ioc32->buf;
4743 	ioc			= &ioc_swab;
4744 	/* FALLTHROUGH */
4745 #endif
4746 
4747     case CCISS_PASSTHRU:
4748 	error = ciss_user_command(sc, ioc);
4749 	break;
4750 
4751     default:
4752 	debug(0, "unknown ioctl 0x%lx", cmd);
4753 
4754 	debug(1, "CCISS_GETPCIINFO:   0x%lx", CCISS_GETPCIINFO);
4755 	debug(1, "CCISS_GETINTINFO:   0x%lx", CCISS_GETINTINFO);
4756 	debug(1, "CCISS_SETINTINFO:   0x%lx", CCISS_SETINTINFO);
4757 	debug(1, "CCISS_GETNODENAME:  0x%lx", CCISS_GETNODENAME);
4758 	debug(1, "CCISS_SETNODENAME:  0x%lx", CCISS_SETNODENAME);
4759 	debug(1, "CCISS_GETHEARTBEAT: 0x%lx", CCISS_GETHEARTBEAT);
4760 	debug(1, "CCISS_GETBUSTYPES:  0x%lx", CCISS_GETBUSTYPES);
4761 	debug(1, "CCISS_GETFIRMVER:   0x%lx", CCISS_GETFIRMVER);
4762 	debug(1, "CCISS_GETDRIVERVER: 0x%lx", CCISS_GETDRIVERVER);
4763 	debug(1, "CCISS_REVALIDVOLS:  0x%lx", CCISS_REVALIDVOLS);
4764 	debug(1, "CCISS_PASSTHRU:     0x%lx", CCISS_PASSTHRU);
4765 
4766 	error = ENOIOCTL;
4767 	break;
4768     }
4769 
4770     mtx_unlock(&sc->ciss_mtx);
4771     return(error);
4772 }
4773