xref: /freebsd/sys/dev/ciss/ciss.c (revision e17ef005281d89e506d628542530ffb964a93ead)
1 /*-
2  * Copyright (c) 2001 Michael Smith
3  * Copyright (c) 2004 Paul Saab
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
19  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25  * SUCH DAMAGE.
26  *
27  *	$FreeBSD$
28  */
29 
30 /*
31  * Common Interface for SCSI-3 Support driver.
32  *
33  * CISS claims to provide a common interface between a generic SCSI
34  * transport and an intelligent host adapter.
35  *
36  * This driver supports CISS as defined in the document "CISS Command
37  * Interface for SCSI-3 Support Open Specification", Version 1.04,
38  * Valence Number 1, dated 20001127, produced by Compaq Computer
39  * Corporation.  This document appears to be a hastily and somewhat
40  * arbitrarlily cut-down version of a larger (and probably even more
41  * chaotic and inconsistent) Compaq internal document.  Various
42  * details were also gleaned from Compaq's "cciss" driver for Linux.
43  *
44  * We provide a shim layer between the CISS interface and CAM,
45  * offloading most of the queueing and being-a-disk chores onto CAM.
46  * Entry to the driver is via the PCI bus attachment (ciss_probe,
47  * ciss_attach, etc) and via the CAM interface (ciss_cam_action,
48  * ciss_cam_poll).  The Compaq CISS adapters are, however, poor SCSI
49  * citizens and we have to fake up some responses to get reasonable
50  * behaviour out of them.  In addition, the CISS command set is by no
51  * means adequate to support the functionality of a RAID controller,
52  * and thus the supported Compaq adapters utilise portions of the
53  * control protocol from earlier Compaq adapter families.
54  *
55  * Note that we only support the "simple" transport layer over PCI.
56  * This interface (ab)uses the I2O register set (specifically the post
57  * queues) to exchange commands with the adapter.  Other interfaces
58  * are available, but we aren't supposed to know about them, and it is
59  * dubious whether they would provide major performance improvements
60  * except under extreme load.
61  *
62  * Currently the only supported CISS adapters are the Compaq Smart
63  * Array 5* series (5300, 5i, 532).  Even with only three adapters,
64  * Compaq still manage to have interface variations.
65  *
66  *
67  * Thanks must go to Fred Harris and Darryl DeVinney at Compaq, as
68  * well as Paul Saab at Yahoo! for their assistance in making this
69  * driver happen.
70  *
71  * More thanks must go to John Cagle at HP for the countless hours
72  * spent making this driver "work" with the MSA* series storage
73  * enclosures.  Without his help (and nagging), this driver could not
74  * be used with these enclosures.
75  */
76 
77 #include <sys/param.h>
78 #include <sys/systm.h>
79 #include <sys/malloc.h>
80 #include <sys/kernel.h>
81 #include <sys/bus.h>
82 #include <sys/conf.h>
83 #include <sys/stat.h>
84 #include <sys/kthread.h>
85 #include <sys/queue.h>
86 #include <sys/sysctl.h>
87 
88 #include <cam/cam.h>
89 #include <cam/cam_ccb.h>
90 #include <cam/cam_periph.h>
91 #include <cam/cam_sim.h>
92 #include <cam/cam_xpt_sim.h>
93 #include <cam/scsi/scsi_all.h>
94 #include <cam/scsi/scsi_message.h>
95 
96 #include <machine/bus.h>
97 #include <machine/endian.h>
98 #include <machine/resource.h>
99 #include <sys/rman.h>
100 
101 #include <dev/pci/pcireg.h>
102 #include <dev/pci/pcivar.h>
103 
104 #include <dev/ciss/cissreg.h>
105 #include <dev/ciss/cissio.h>
106 #include <dev/ciss/cissvar.h>
107 
108 static MALLOC_DEFINE(CISS_MALLOC_CLASS, "ciss_data",
109     "ciss internal data buffers");
110 
111 /* pci interface */
112 static int	ciss_lookup(device_t dev);
113 static int	ciss_probe(device_t dev);
114 static int	ciss_attach(device_t dev);
115 static int	ciss_detach(device_t dev);
116 static int	ciss_shutdown(device_t dev);
117 
118 /* (de)initialisation functions, control wrappers */
119 static int	ciss_init_pci(struct ciss_softc *sc);
120 static int	ciss_setup_msix(struct ciss_softc *sc);
121 static int	ciss_init_perf(struct ciss_softc *sc);
122 static int	ciss_wait_adapter(struct ciss_softc *sc);
123 static int	ciss_flush_adapter(struct ciss_softc *sc);
124 static int	ciss_init_requests(struct ciss_softc *sc);
125 static void	ciss_command_map_helper(void *arg, bus_dma_segment_t *segs,
126 					int nseg, int error);
127 static int	ciss_identify_adapter(struct ciss_softc *sc);
128 static int	ciss_init_logical(struct ciss_softc *sc);
129 static int	ciss_init_physical(struct ciss_softc *sc);
130 static int	ciss_filter_physical(struct ciss_softc *sc, struct ciss_lun_report *cll);
131 static int	ciss_identify_logical(struct ciss_softc *sc, struct ciss_ldrive *ld);
132 static int	ciss_get_ldrive_status(struct ciss_softc *sc,  struct ciss_ldrive *ld);
133 static int	ciss_update_config(struct ciss_softc *sc);
134 static int	ciss_accept_media(struct ciss_softc *sc, struct ciss_ldrive *ld);
135 static void	ciss_init_sysctl(struct ciss_softc *sc);
136 static void	ciss_soft_reset(struct ciss_softc *sc);
137 static void	ciss_free(struct ciss_softc *sc);
138 static void	ciss_spawn_notify_thread(struct ciss_softc *sc);
139 static void	ciss_kill_notify_thread(struct ciss_softc *sc);
140 
141 /* request submission/completion */
142 static int	ciss_start(struct ciss_request *cr);
143 static void	ciss_done(struct ciss_softc *sc, cr_qhead_t *qh);
144 static void	ciss_perf_done(struct ciss_softc *sc, cr_qhead_t *qh);
145 static void	ciss_intr(void *arg);
146 static void	ciss_perf_intr(void *arg);
147 static void	ciss_perf_msi_intr(void *arg);
148 static void	ciss_complete(struct ciss_softc *sc, cr_qhead_t *qh);
149 static int	_ciss_report_request(struct ciss_request *cr, int *command_status, int *scsi_status, const char *func);
150 static int	ciss_synch_request(struct ciss_request *cr, int timeout);
151 static int	ciss_poll_request(struct ciss_request *cr, int timeout);
152 static int	ciss_wait_request(struct ciss_request *cr, int timeout);
153 #if 0
154 static int	ciss_abort_request(struct ciss_request *cr);
155 #endif
156 
157 /* request queueing */
158 static int	ciss_get_request(struct ciss_softc *sc, struct ciss_request **crp);
159 static void	ciss_preen_command(struct ciss_request *cr);
160 static void 	ciss_release_request(struct ciss_request *cr);
161 
162 /* request helpers */
163 static int	ciss_get_bmic_request(struct ciss_softc *sc, struct ciss_request **crp,
164 				      int opcode, void **bufp, size_t bufsize);
165 static int	ciss_user_command(struct ciss_softc *sc, IOCTL_Command_struct *ioc);
166 
167 /* DMA map/unmap */
168 static int	ciss_map_request(struct ciss_request *cr);
169 static void	ciss_request_map_helper(void *arg, bus_dma_segment_t *segs,
170 					int nseg, int error);
171 static void	ciss_unmap_request(struct ciss_request *cr);
172 
173 /* CAM interface */
174 static int	ciss_cam_init(struct ciss_softc *sc);
175 static void	ciss_cam_rescan_target(struct ciss_softc *sc,
176 				       int bus, int target);
177 static void	ciss_cam_action(struct cam_sim *sim, union ccb *ccb);
178 static int	ciss_cam_action_io(struct cam_sim *sim, struct ccb_scsiio *csio);
179 static int	ciss_cam_emulate(struct ciss_softc *sc, struct ccb_scsiio *csio);
180 static void	ciss_cam_poll(struct cam_sim *sim);
181 static void	ciss_cam_complete(struct ciss_request *cr);
182 static void	ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio);
183 static struct cam_periph *ciss_find_periph(struct ciss_softc *sc,
184 					   int bus, int target);
185 static int	ciss_name_device(struct ciss_softc *sc, int bus, int target);
186 
187 /* periodic status monitoring */
188 static void	ciss_periodic(void *arg);
189 static void	ciss_nop_complete(struct ciss_request *cr);
190 static void	ciss_disable_adapter(struct ciss_softc *sc);
191 static void	ciss_notify_event(struct ciss_softc *sc);
192 static void	ciss_notify_complete(struct ciss_request *cr);
193 static int	ciss_notify_abort(struct ciss_softc *sc);
194 static int	ciss_notify_abort_bmic(struct ciss_softc *sc);
195 static void	ciss_notify_hotplug(struct ciss_softc *sc, struct ciss_notify *cn);
196 static void	ciss_notify_logical(struct ciss_softc *sc, struct ciss_notify *cn);
197 static void	ciss_notify_physical(struct ciss_softc *sc, struct ciss_notify *cn);
198 
199 /* debugging output */
200 static void	ciss_print_request(struct ciss_request *cr);
201 static void	ciss_print_ldrive(struct ciss_softc *sc, struct ciss_ldrive *ld);
202 static const char *ciss_name_ldrive_status(int status);
203 static int	ciss_decode_ldrive_status(int status);
204 static const char *ciss_name_ldrive_org(int org);
205 static const char *ciss_name_command_status(int status);
206 
207 /*
208  * PCI bus interface.
209  */
210 static device_method_t ciss_methods[] = {
211     /* Device interface */
212     DEVMETHOD(device_probe,	ciss_probe),
213     DEVMETHOD(device_attach,	ciss_attach),
214     DEVMETHOD(device_detach,	ciss_detach),
215     DEVMETHOD(device_shutdown,	ciss_shutdown),
216     { 0, 0 }
217 };
218 
219 static driver_t ciss_pci_driver = {
220     "ciss",
221     ciss_methods,
222     sizeof(struct ciss_softc)
223 };
224 
225 static devclass_t	ciss_devclass;
226 DRIVER_MODULE(ciss, pci, ciss_pci_driver, ciss_devclass, 0, 0);
227 MODULE_DEPEND(ciss, cam, 1, 1, 1);
228 MODULE_DEPEND(ciss, pci, 1, 1, 1);
229 
230 /*
231  * Control device interface.
232  */
233 static d_open_t		ciss_open;
234 static d_close_t	ciss_close;
235 static d_ioctl_t	ciss_ioctl;
236 
237 static struct cdevsw ciss_cdevsw = {
238 	.d_version =	D_VERSION,
239 	.d_flags =	0,
240 	.d_open =	ciss_open,
241 	.d_close =	ciss_close,
242 	.d_ioctl =	ciss_ioctl,
243 	.d_name =	"ciss",
244 };
245 
246 /*
247  * This tunable can be set at boot time and controls whether physical devices
248  * that are marked hidden by the firmware should be exposed anyways.
249  */
250 static unsigned int ciss_expose_hidden_physical = 0;
251 TUNABLE_INT("hw.ciss.expose_hidden_physical", &ciss_expose_hidden_physical);
252 
253 static unsigned int ciss_nop_message_heartbeat = 0;
254 TUNABLE_INT("hw.ciss.nop_message_heartbeat", &ciss_nop_message_heartbeat);
255 
256 /*
257  * This tunable can force a particular transport to be used:
258  * <= 0 : use default
259  *    1 : force simple
260  *    2 : force performant
261  */
262 static int ciss_force_transport = 0;
263 TUNABLE_INT("hw.ciss.force_transport", &ciss_force_transport);
264 
265 /*
266  * This tunable can force a particular interrupt delivery method to be used:
267  * <= 0 : use default
268  *    1 : force INTx
269  *    2 : force MSIX
270  */
271 static int ciss_force_interrupt = 0;
272 TUNABLE_INT("hw.ciss.force_interrupt", &ciss_force_interrupt);
273 
274 /************************************************************************
275  * CISS adapters amazingly don't have a defined programming interface
276  * value.  (One could say some very despairing things about PCI and
277  * people just not getting the general idea.)  So we are forced to
278  * stick with matching against subvendor/subdevice, and thus have to
279  * be updated for every new CISS adapter that appears.
280  */
281 #define CISS_BOARD_UNKNWON	0
282 #define CISS_BOARD_SA5		1
283 #define CISS_BOARD_SA5B		2
284 #define CISS_BOARD_NOMSI	(1<<4)
285 
286 static struct
287 {
288     u_int16_t	subvendor;
289     u_int16_t	subdevice;
290     int		flags;
291     char	*desc;
292 } ciss_vendor_data[] = {
293     { 0x0e11, 0x4070, CISS_BOARD_SA5|CISS_BOARD_NOMSI,	"Compaq Smart Array 5300" },
294     { 0x0e11, 0x4080, CISS_BOARD_SA5B|CISS_BOARD_NOMSI,	"Compaq Smart Array 5i" },
295     { 0x0e11, 0x4082, CISS_BOARD_SA5B|CISS_BOARD_NOMSI,	"Compaq Smart Array 532" },
296     { 0x0e11, 0x4083, CISS_BOARD_SA5B|CISS_BOARD_NOMSI,	"HP Smart Array 5312" },
297     { 0x0e11, 0x4091, CISS_BOARD_SA5,	"HP Smart Array 6i" },
298     { 0x0e11, 0x409A, CISS_BOARD_SA5,	"HP Smart Array 641" },
299     { 0x0e11, 0x409B, CISS_BOARD_SA5,	"HP Smart Array 642" },
300     { 0x0e11, 0x409C, CISS_BOARD_SA5,	"HP Smart Array 6400" },
301     { 0x0e11, 0x409D, CISS_BOARD_SA5,	"HP Smart Array 6400 EM" },
302     { 0x103C, 0x3211, CISS_BOARD_SA5,	"HP Smart Array E200i" },
303     { 0x103C, 0x3212, CISS_BOARD_SA5,	"HP Smart Array E200" },
304     { 0x103C, 0x3213, CISS_BOARD_SA5,	"HP Smart Array E200i" },
305     { 0x103C, 0x3214, CISS_BOARD_SA5,	"HP Smart Array E200i" },
306     { 0x103C, 0x3215, CISS_BOARD_SA5,	"HP Smart Array E200i" },
307     { 0x103C, 0x3220, CISS_BOARD_SA5,	"HP Smart Array" },
308     { 0x103C, 0x3222, CISS_BOARD_SA5,	"HP Smart Array" },
309     { 0x103C, 0x3223, CISS_BOARD_SA5,	"HP Smart Array P800" },
310     { 0x103C, 0x3225, CISS_BOARD_SA5,	"HP Smart Array P600" },
311     { 0x103C, 0x3230, CISS_BOARD_SA5,	"HP Smart Array" },
312     { 0x103C, 0x3231, CISS_BOARD_SA5,	"HP Smart Array" },
313     { 0x103C, 0x3232, CISS_BOARD_SA5,	"HP Smart Array" },
314     { 0x103C, 0x3233, CISS_BOARD_SA5,	"HP Smart Array" },
315     { 0x103C, 0x3234, CISS_BOARD_SA5,	"HP Smart Array P400" },
316     { 0x103C, 0x3235, CISS_BOARD_SA5,	"HP Smart Array P400i" },
317     { 0x103C, 0x3236, CISS_BOARD_SA5,	"HP Smart Array" },
318     { 0x103C, 0x3237, CISS_BOARD_SA5,	"HP Smart Array E500" },
319     { 0x103C, 0x3238, CISS_BOARD_SA5,	"HP Smart Array" },
320     { 0x103C, 0x3239, CISS_BOARD_SA5,	"HP Smart Array" },
321     { 0x103C, 0x323A, CISS_BOARD_SA5,	"HP Smart Array" },
322     { 0x103C, 0x323B, CISS_BOARD_SA5,	"HP Smart Array" },
323     { 0x103C, 0x323C, CISS_BOARD_SA5,	"HP Smart Array" },
324     { 0x103C, 0x323D, CISS_BOARD_SA5,	"HP Smart Array P700m" },
325     { 0x103C, 0x3241, CISS_BOARD_SA5,	"HP Smart Array P212" },
326     { 0x103C, 0x3243, CISS_BOARD_SA5,	"HP Smart Array P410" },
327     { 0x103C, 0x3245, CISS_BOARD_SA5,	"HP Smart Array P410i" },
328     { 0x103C, 0x3247, CISS_BOARD_SA5,	"HP Smart Array P411" },
329     { 0x103C, 0x3249, CISS_BOARD_SA5,	"HP Smart Array P812" },
330     { 0x103C, 0x324A, CISS_BOARD_SA5,	"HP Smart Array P712m" },
331     { 0x103C, 0x324B, CISS_BOARD_SA5,	"HP Smart Array" },
332     { 0x103C, 0x3350, CISS_BOARD_SA5,   "HP Smart Array P222" },
333     { 0x103C, 0x3351, CISS_BOARD_SA5,   "HP Smart Array P420" },
334     { 0x103C, 0x3352, CISS_BOARD_SA5,   "HP Smart Array P421" },
335     { 0x103C, 0x3353, CISS_BOARD_SA5,   "HP Smart Array P822" },
336     { 0x103C, 0x3354, CISS_BOARD_SA5,   "HP Smart Array P420i" },
337     { 0x103C, 0x3355, CISS_BOARD_SA5,   "HP Smart Array P220i" },
338     { 0x103C, 0x3356, CISS_BOARD_SA5,   "HP Smart Array P721m" },
339     { 0, 0, 0, NULL }
340 };
341 
342 /************************************************************************
343  * Find a match for the device in our list of known adapters.
344  */
345 static int
346 ciss_lookup(device_t dev)
347 {
348     int 	i;
349 
350     for (i = 0; ciss_vendor_data[i].desc != NULL; i++)
351 	if ((pci_get_subvendor(dev) == ciss_vendor_data[i].subvendor) &&
352 	    (pci_get_subdevice(dev) == ciss_vendor_data[i].subdevice)) {
353 	    return(i);
354 	}
355     return(-1);
356 }
357 
358 /************************************************************************
359  * Match a known CISS adapter.
360  */
361 static int
362 ciss_probe(device_t dev)
363 {
364     int		i;
365 
366     i = ciss_lookup(dev);
367     if (i != -1) {
368 	device_set_desc(dev, ciss_vendor_data[i].desc);
369 	return(BUS_PROBE_DEFAULT);
370     }
371     return(ENOENT);
372 }
373 
374 /************************************************************************
375  * Attach the driver to this adapter.
376  */
377 static int
378 ciss_attach(device_t dev)
379 {
380     struct ciss_softc	*sc;
381     int			error;
382 
383     debug_called(1);
384 
385 #ifdef CISS_DEBUG
386     /* print structure/union sizes */
387     debug_struct(ciss_command);
388     debug_struct(ciss_header);
389     debug_union(ciss_device_address);
390     debug_struct(ciss_cdb);
391     debug_struct(ciss_report_cdb);
392     debug_struct(ciss_notify_cdb);
393     debug_struct(ciss_notify);
394     debug_struct(ciss_message_cdb);
395     debug_struct(ciss_error_info_pointer);
396     debug_struct(ciss_error_info);
397     debug_struct(ciss_sg_entry);
398     debug_struct(ciss_config_table);
399     debug_struct(ciss_bmic_cdb);
400     debug_struct(ciss_bmic_id_ldrive);
401     debug_struct(ciss_bmic_id_lstatus);
402     debug_struct(ciss_bmic_id_table);
403     debug_struct(ciss_bmic_id_pdrive);
404     debug_struct(ciss_bmic_blink_pdrive);
405     debug_struct(ciss_bmic_flush_cache);
406     debug_const(CISS_MAX_REQUESTS);
407     debug_const(CISS_MAX_LOGICAL);
408     debug_const(CISS_INTERRUPT_COALESCE_DELAY);
409     debug_const(CISS_INTERRUPT_COALESCE_COUNT);
410     debug_const(CISS_COMMAND_ALLOC_SIZE);
411     debug_const(CISS_COMMAND_SG_LENGTH);
412 
413     debug_type(cciss_pci_info_struct);
414     debug_type(cciss_coalint_struct);
415     debug_type(cciss_coalint_struct);
416     debug_type(NodeName_type);
417     debug_type(NodeName_type);
418     debug_type(Heartbeat_type);
419     debug_type(BusTypes_type);
420     debug_type(FirmwareVer_type);
421     debug_type(DriverVer_type);
422     debug_type(IOCTL_Command_struct);
423 #endif
424 
425     sc = device_get_softc(dev);
426     sc->ciss_dev = dev;
427     mtx_init(&sc->ciss_mtx, "cissmtx", NULL, MTX_DEF);
428     callout_init_mtx(&sc->ciss_periodic, &sc->ciss_mtx, 0);
429 
430     /*
431      * Do PCI-specific init.
432      */
433     if ((error = ciss_init_pci(sc)) != 0)
434 	goto out;
435 
436     /*
437      * Initialise driver queues.
438      */
439     ciss_initq_free(sc);
440     ciss_initq_notify(sc);
441 
442     /*
443      * Initalize device sysctls.
444      */
445     ciss_init_sysctl(sc);
446 
447     /*
448      * Initialise command/request pool.
449      */
450     if ((error = ciss_init_requests(sc)) != 0)
451 	goto out;
452 
453     /*
454      * Get adapter information.
455      */
456     if ((error = ciss_identify_adapter(sc)) != 0)
457 	goto out;
458 
459     /*
460      * Find all the physical devices.
461      */
462     if ((error = ciss_init_physical(sc)) != 0)
463 	goto out;
464 
465     /*
466      * Build our private table of logical devices.
467      */
468     if ((error = ciss_init_logical(sc)) != 0)
469 	goto out;
470 
471     /*
472      * Enable interrupts so that the CAM scan can complete.
473      */
474     CISS_TL_SIMPLE_ENABLE_INTERRUPTS(sc);
475 
476     /*
477      * Initialise the CAM interface.
478      */
479     if ((error = ciss_cam_init(sc)) != 0)
480 	goto out;
481 
482     /*
483      * Start the heartbeat routine and event chain.
484      */
485     ciss_periodic(sc);
486 
487    /*
488      * Create the control device.
489      */
490     sc->ciss_dev_t = make_dev(&ciss_cdevsw, device_get_unit(sc->ciss_dev),
491 			      UID_ROOT, GID_OPERATOR, S_IRUSR | S_IWUSR,
492 			      "ciss%d", device_get_unit(sc->ciss_dev));
493     sc->ciss_dev_t->si_drv1 = sc;
494 
495     /*
496      * The adapter is running; synchronous commands can now sleep
497      * waiting for an interrupt to signal completion.
498      */
499     sc->ciss_flags |= CISS_FLAG_RUNNING;
500 
501     ciss_spawn_notify_thread(sc);
502 
503     error = 0;
504  out:
505     if (error != 0) {
506 	/* ciss_free() expects the mutex to be held */
507 	mtx_lock(&sc->ciss_mtx);
508 	ciss_free(sc);
509     }
510     return(error);
511 }
512 
513 /************************************************************************
514  * Detach the driver from this adapter.
515  */
516 static int
517 ciss_detach(device_t dev)
518 {
519     struct ciss_softc	*sc = device_get_softc(dev);
520 
521     debug_called(1);
522 
523     mtx_lock(&sc->ciss_mtx);
524     if (sc->ciss_flags & CISS_FLAG_CONTROL_OPEN) {
525 	mtx_unlock(&sc->ciss_mtx);
526 	return (EBUSY);
527     }
528 
529     /* flush adapter cache */
530     ciss_flush_adapter(sc);
531 
532     /* release all resources.  The mutex is released and freed here too. */
533     ciss_free(sc);
534 
535     return(0);
536 }
537 
538 /************************************************************************
539  * Prepare adapter for system shutdown.
540  */
541 static int
542 ciss_shutdown(device_t dev)
543 {
544     struct ciss_softc	*sc = device_get_softc(dev);
545 
546     debug_called(1);
547 
548     mtx_lock(&sc->ciss_mtx);
549     /* flush adapter cache */
550     ciss_flush_adapter(sc);
551 
552     if (sc->ciss_soft_reset)
553 	ciss_soft_reset(sc);
554     mtx_unlock(&sc->ciss_mtx);
555 
556     return(0);
557 }
558 
559 static void
560 ciss_init_sysctl(struct ciss_softc *sc)
561 {
562 
563     SYSCTL_ADD_INT(device_get_sysctl_ctx(sc->ciss_dev),
564 	SYSCTL_CHILDREN(device_get_sysctl_tree(sc->ciss_dev)),
565 	OID_AUTO, "soft_reset", CTLFLAG_RW, &sc->ciss_soft_reset, 0, "");
566 }
567 
568 /************************************************************************
569  * Perform PCI-specific attachment actions.
570  */
571 static int
572 ciss_init_pci(struct ciss_softc *sc)
573 {
574     uintptr_t		cbase, csize, cofs;
575     uint32_t		method, supported_methods;
576     int			error, sqmask, i;
577     void		*intr;
578 
579     debug_called(1);
580 
581     /*
582      * Work out adapter type.
583      */
584     i = ciss_lookup(sc->ciss_dev);
585     if (i < 0) {
586 	ciss_printf(sc, "unknown adapter type\n");
587 	return (ENXIO);
588     }
589 
590     if (ciss_vendor_data[i].flags & CISS_BOARD_SA5) {
591 	sqmask = CISS_TL_SIMPLE_INTR_OPQ_SA5;
592     } else if (ciss_vendor_data[i].flags & CISS_BOARD_SA5B) {
593 	sqmask = CISS_TL_SIMPLE_INTR_OPQ_SA5B;
594     } else {
595 	/*
596 	 * XXX Big hammer, masks/unmasks all possible interrupts.  This should
597 	 * work on all hardware variants.  Need to add code to handle the
598 	 * "controller crashed" interupt bit that this unmasks.
599 	 */
600 	sqmask = ~0;
601     }
602 
603     /*
604      * Allocate register window first (we need this to find the config
605      * struct).
606      */
607     error = ENXIO;
608     sc->ciss_regs_rid = CISS_TL_SIMPLE_BAR_REGS;
609     if ((sc->ciss_regs_resource =
610 	 bus_alloc_resource_any(sc->ciss_dev, SYS_RES_MEMORY,
611 				&sc->ciss_regs_rid, RF_ACTIVE)) == NULL) {
612 	ciss_printf(sc, "can't allocate register window\n");
613 	return(ENXIO);
614     }
615     sc->ciss_regs_bhandle = rman_get_bushandle(sc->ciss_regs_resource);
616     sc->ciss_regs_btag = rman_get_bustag(sc->ciss_regs_resource);
617 
618     /*
619      * Find the BAR holding the config structure.  If it's not the one
620      * we already mapped for registers, map it too.
621      */
622     sc->ciss_cfg_rid = CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_CFG_BAR) & 0xffff;
623     if (sc->ciss_cfg_rid != sc->ciss_regs_rid) {
624 	if ((sc->ciss_cfg_resource =
625 	     bus_alloc_resource_any(sc->ciss_dev, SYS_RES_MEMORY,
626 				    &sc->ciss_cfg_rid, RF_ACTIVE)) == NULL) {
627 	    ciss_printf(sc, "can't allocate config window\n");
628 	    return(ENXIO);
629 	}
630 	cbase = (uintptr_t)rman_get_virtual(sc->ciss_cfg_resource);
631 	csize = rman_get_end(sc->ciss_cfg_resource) -
632 	    rman_get_start(sc->ciss_cfg_resource) + 1;
633     } else {
634 	cbase = (uintptr_t)rman_get_virtual(sc->ciss_regs_resource);
635 	csize = rman_get_end(sc->ciss_regs_resource) -
636 	    rman_get_start(sc->ciss_regs_resource) + 1;
637     }
638     cofs = CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_CFG_OFF);
639 
640     /*
641      * Use the base/size/offset values we just calculated to
642      * sanity-check the config structure.  If it's OK, point to it.
643      */
644     if ((cofs + sizeof(struct ciss_config_table)) > csize) {
645 	ciss_printf(sc, "config table outside window\n");
646 	return(ENXIO);
647     }
648     sc->ciss_cfg = (struct ciss_config_table *)(cbase + cofs);
649     debug(1, "config struct at %p", sc->ciss_cfg);
650 
651     /*
652      * Calculate the number of request structures/commands we are
653      * going to provide for this adapter.
654      */
655     sc->ciss_max_requests = min(CISS_MAX_REQUESTS, sc->ciss_cfg->max_outstanding_commands);
656 
657     /*
658      * Validate the config structure.  If we supported other transport
659      * methods, we could select amongst them at this point in time.
660      */
661     if (strncmp(sc->ciss_cfg->signature, "CISS", 4)) {
662 	ciss_printf(sc, "config signature mismatch (got '%c%c%c%c')\n",
663 		    sc->ciss_cfg->signature[0], sc->ciss_cfg->signature[1],
664 		    sc->ciss_cfg->signature[2], sc->ciss_cfg->signature[3]);
665 	return(ENXIO);
666     }
667 
668     /*
669      * Select the mode of operation, prefer Performant.
670      */
671     if (!(sc->ciss_cfg->supported_methods &
672 	(CISS_TRANSPORT_METHOD_SIMPLE | CISS_TRANSPORT_METHOD_PERF))) {
673 	ciss_printf(sc, "No supported transport layers: 0x%x\n",
674 	    sc->ciss_cfg->supported_methods);
675     }
676 
677     switch (ciss_force_transport) {
678     case 1:
679 	supported_methods = CISS_TRANSPORT_METHOD_SIMPLE;
680 	break;
681     case 2:
682 	supported_methods = CISS_TRANSPORT_METHOD_PERF;
683 	break;
684     default:
685 	supported_methods = sc->ciss_cfg->supported_methods;
686 	break;
687     }
688 
689 setup:
690     if ((supported_methods & CISS_TRANSPORT_METHOD_PERF) != 0) {
691 	method = CISS_TRANSPORT_METHOD_PERF;
692 	sc->ciss_perf = (struct ciss_perf_config *)(cbase + cofs +
693 	    sc->ciss_cfg->transport_offset);
694 	if (ciss_init_perf(sc)) {
695 	    supported_methods &= ~method;
696 	    goto setup;
697 	}
698     } else if (supported_methods & CISS_TRANSPORT_METHOD_SIMPLE) {
699 	method = CISS_TRANSPORT_METHOD_SIMPLE;
700     } else {
701 	ciss_printf(sc, "No supported transport methods: 0x%x\n",
702 	    sc->ciss_cfg->supported_methods);
703 	return(ENXIO);
704     }
705 
706     /*
707      * Tell it we're using the low 4GB of RAM.  Set the default interrupt
708      * coalescing options.
709      */
710     sc->ciss_cfg->requested_method = method;
711     sc->ciss_cfg->command_physlimit = 0;
712     sc->ciss_cfg->interrupt_coalesce_delay = CISS_INTERRUPT_COALESCE_DELAY;
713     sc->ciss_cfg->interrupt_coalesce_count = CISS_INTERRUPT_COALESCE_COUNT;
714 
715 #ifdef __i386__
716     sc->ciss_cfg->host_driver |= CISS_DRIVER_SCSI_PREFETCH;
717 #endif
718 
719     if (ciss_update_config(sc)) {
720 	ciss_printf(sc, "adapter refuses to accept config update (IDBR 0x%x)\n",
721 		    CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_IDBR));
722 	return(ENXIO);
723     }
724     if ((sc->ciss_cfg->active_method & method) == 0) {
725 	supported_methods &= ~method;
726 	if (supported_methods == 0) {
727 	    ciss_printf(sc, "adapter refuses to go into available transports "
728 		"mode (0x%x, 0x%x)\n", supported_methods,
729 		sc->ciss_cfg->active_method);
730 	    return(ENXIO);
731 	} else
732 	    goto setup;
733     }
734 
735     /*
736      * Wait for the adapter to come ready.
737      */
738     if ((error = ciss_wait_adapter(sc)) != 0)
739 	return(error);
740 
741     /* Prepare to possibly use MSIX and/or PERFORMANT interrupts.  Normal
742      * interrupts have a rid of 0, this will be overridden if MSIX is used.
743      */
744     sc->ciss_irq_rid[0] = 0;
745     if (method == CISS_TRANSPORT_METHOD_PERF) {
746 	ciss_printf(sc, "PERFORMANT Transport\n");
747 	if ((ciss_force_interrupt != 1) && (ciss_setup_msix(sc) == 0)) {
748 	    intr = ciss_perf_msi_intr;
749 	} else {
750 	    intr = ciss_perf_intr;
751 	}
752 	/* XXX The docs say that the 0x01 bit is only for SAS controllers.
753 	 * Unfortunately, there is no good way to know if this is a SAS
754 	 * controller.  Hopefully enabling this bit universally will work OK.
755 	 * It seems to work fine for SA6i controllers.
756 	 */
757 	sc->ciss_interrupt_mask = CISS_TL_PERF_INTR_OPQ | CISS_TL_PERF_INTR_MSI;
758 
759     } else {
760 	ciss_printf(sc, "SIMPLE Transport\n");
761 	/* MSIX doesn't seem to work in SIMPLE mode, only enable if it forced */
762 	if (ciss_force_interrupt == 2)
763 	    /* If this fails, we automatically revert to INTx */
764 	    ciss_setup_msix(sc);
765 	sc->ciss_perf = NULL;
766 	intr = ciss_intr;
767 	sc->ciss_interrupt_mask = sqmask;
768     }
769 
770     /*
771      * Turn off interrupts before we go routing anything.
772      */
773     CISS_TL_SIMPLE_DISABLE_INTERRUPTS(sc);
774 
775     /*
776      * Allocate and set up our interrupt.
777      */
778     if ((sc->ciss_irq_resource =
779 	 bus_alloc_resource_any(sc->ciss_dev, SYS_RES_IRQ, &sc->ciss_irq_rid[0],
780 				RF_ACTIVE | RF_SHAREABLE)) == NULL) {
781 	ciss_printf(sc, "can't allocate interrupt\n");
782 	return(ENXIO);
783     }
784 
785     if (bus_setup_intr(sc->ciss_dev, sc->ciss_irq_resource,
786 		       INTR_TYPE_CAM|INTR_MPSAFE, NULL, intr, sc,
787 		       &sc->ciss_intr)) {
788 	ciss_printf(sc, "can't set up interrupt\n");
789 	return(ENXIO);
790     }
791 
792     /*
793      * Allocate the parent bus DMA tag appropriate for our PCI
794      * interface.
795      *
796      * Note that "simple" adapters can only address within a 32-bit
797      * span.
798      */
799     if (bus_dma_tag_create(NULL, 			/* parent */
800 			   1, 0, 			/* alignment, boundary */
801 			   BUS_SPACE_MAXADDR,		/* lowaddr */
802 			   BUS_SPACE_MAXADDR, 		/* highaddr */
803 			   NULL, NULL, 			/* filter, filterarg */
804 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsize */
805 			   CISS_MAX_SG_ELEMENTS,	/* nsegments */
806 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
807 			   0,				/* flags */
808 			   NULL, NULL,			/* lockfunc, lockarg */
809 			   &sc->ciss_parent_dmat)) {
810 	ciss_printf(sc, "can't allocate parent DMA tag\n");
811 	return(ENOMEM);
812     }
813 
814     /*
815      * Create DMA tag for mapping buffers into adapter-addressable
816      * space.
817      */
818     if (bus_dma_tag_create(sc->ciss_parent_dmat, 	/* parent */
819 			   1, 0, 			/* alignment, boundary */
820 			   BUS_SPACE_MAXADDR,		/* lowaddr */
821 			   BUS_SPACE_MAXADDR, 		/* highaddr */
822 			   NULL, NULL, 			/* filter, filterarg */
823 			   MAXBSIZE, CISS_MAX_SG_ELEMENTS,	/* maxsize, nsegments */
824 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
825 			   BUS_DMA_ALLOCNOW,		/* flags */
826 			   busdma_lock_mutex, &sc->ciss_mtx,	/* lockfunc, lockarg */
827 			   &sc->ciss_buffer_dmat)) {
828 	ciss_printf(sc, "can't allocate buffer DMA tag\n");
829 	return(ENOMEM);
830     }
831     return(0);
832 }
833 
834 /************************************************************************
835  * Setup MSI/MSIX operation (Performant only)
836  * Four interrupts are available, but we only use 1 right now.  If MSI-X
837  * isn't avaialble, try using MSI instead.
838  */
839 static int
840 ciss_setup_msix(struct ciss_softc *sc)
841 {
842     int val, i;
843 
844     /* Weed out devices that don't actually support MSI */
845     i = ciss_lookup(sc->ciss_dev);
846     if (ciss_vendor_data[i].flags & CISS_BOARD_NOMSI)
847 	return (EINVAL);
848 
849     /*
850      * Only need to use the minimum number of MSI vectors, as the driver
851      * doesn't support directed MSIX interrupts.
852      */
853     val = pci_msix_count(sc->ciss_dev);
854     if (val < CISS_MSI_COUNT) {
855 	val = pci_msi_count(sc->ciss_dev);
856 	device_printf(sc->ciss_dev, "got %d MSI messages]\n", val);
857 	if (val < CISS_MSI_COUNT)
858 	    return (EINVAL);
859     }
860     val = MIN(val, CISS_MSI_COUNT);
861     if (pci_alloc_msix(sc->ciss_dev, &val) != 0) {
862 	if (pci_alloc_msi(sc->ciss_dev, &val) != 0)
863 	    return (EINVAL);
864     }
865 
866     sc->ciss_msi = val;
867     if (bootverbose)
868 	ciss_printf(sc, "Using %d MSIX interrupt%s\n", val,
869 	    (val != 1) ? "s" : "");
870 
871     for (i = 0; i < val; i++)
872 	sc->ciss_irq_rid[i] = i + 1;
873 
874     return (0);
875 
876 }
877 
878 /************************************************************************
879  * Setup the Performant structures.
880  */
881 static int
882 ciss_init_perf(struct ciss_softc *sc)
883 {
884     struct ciss_perf_config *pc = sc->ciss_perf;
885     int reply_size;
886 
887     /*
888      * Create the DMA tag for the reply queue.
889      */
890     reply_size = sizeof(uint64_t) * sc->ciss_max_requests;
891     if (bus_dma_tag_create(sc->ciss_parent_dmat,	/* parent */
892 			   1, 0, 			/* alignment, boundary */
893 			   BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
894 			   BUS_SPACE_MAXADDR, 		/* highaddr */
895 			   NULL, NULL, 			/* filter, filterarg */
896 			   reply_size, 1,		/* maxsize, nsegments */
897 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
898 			   0,				/* flags */
899 			   NULL, NULL,			/* lockfunc, lockarg */
900 			   &sc->ciss_reply_dmat)) {
901 	ciss_printf(sc, "can't allocate reply DMA tag\n");
902 	return(ENOMEM);
903     }
904     /*
905      * Allocate memory and make it available for DMA.
906      */
907     if (bus_dmamem_alloc(sc->ciss_reply_dmat, (void **)&sc->ciss_reply,
908 			 BUS_DMA_NOWAIT, &sc->ciss_reply_map)) {
909 	ciss_printf(sc, "can't allocate reply memory\n");
910 	return(ENOMEM);
911     }
912     bus_dmamap_load(sc->ciss_reply_dmat, sc->ciss_reply_map, sc->ciss_reply,
913 		    reply_size, ciss_command_map_helper, &sc->ciss_reply_phys, 0);
914     bzero(sc->ciss_reply, reply_size);
915 
916     sc->ciss_cycle = 0x1;
917     sc->ciss_rqidx = 0;
918 
919     /*
920      * Preload the fetch table with common command sizes.  This allows the
921      * hardware to not waste bus cycles for typical i/o commands, but also not
922      * tax the driver to be too exact in choosing sizes.  The table is optimized
923      * for page-aligned i/o's, but since most i/o comes from the various pagers,
924      * it's a reasonable assumption to make.
925      */
926     pc->fetch_count[CISS_SG_FETCH_NONE] = (sizeof(struct ciss_command) + 15) / 16;
927     pc->fetch_count[CISS_SG_FETCH_1] =
928 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 1 + 15) / 16;
929     pc->fetch_count[CISS_SG_FETCH_2] =
930 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 2 + 15) / 16;
931     pc->fetch_count[CISS_SG_FETCH_4] =
932 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 4 + 15) / 16;
933     pc->fetch_count[CISS_SG_FETCH_8] =
934 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 8 + 15) / 16;
935     pc->fetch_count[CISS_SG_FETCH_16] =
936 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 16 + 15) / 16;
937     pc->fetch_count[CISS_SG_FETCH_32] =
938 	(sizeof(struct ciss_command) + sizeof(struct ciss_sg_entry) * 32 + 15) / 16;
939     pc->fetch_count[CISS_SG_FETCH_MAX] = (CISS_COMMAND_ALLOC_SIZE + 15) / 16;
940 
941     pc->rq_size = sc->ciss_max_requests; /* XXX less than the card supports? */
942     pc->rq_count = 1;	/* XXX Hardcode for a single queue */
943     pc->rq_bank_hi = 0;
944     pc->rq_bank_lo = 0;
945     pc->rq[0].rq_addr_hi = 0x0;
946     pc->rq[0].rq_addr_lo = sc->ciss_reply_phys;
947 
948     return(0);
949 }
950 
951 /************************************************************************
952  * Wait for the adapter to come ready.
953  */
954 static int
955 ciss_wait_adapter(struct ciss_softc *sc)
956 {
957     int		i;
958 
959     debug_called(1);
960 
961     /*
962      * Wait for the adapter to come ready.
963      */
964     if (!(sc->ciss_cfg->active_method & CISS_TRANSPORT_METHOD_READY)) {
965 	ciss_printf(sc, "waiting for adapter to come ready...\n");
966 	for (i = 0; !(sc->ciss_cfg->active_method & CISS_TRANSPORT_METHOD_READY); i++) {
967 	    DELAY(1000000);	/* one second */
968 	    if (i > 30) {
969 		ciss_printf(sc, "timed out waiting for adapter to come ready\n");
970 		return(EIO);
971 	    }
972 	}
973     }
974     return(0);
975 }
976 
977 /************************************************************************
978  * Flush the adapter cache.
979  */
980 static int
981 ciss_flush_adapter(struct ciss_softc *sc)
982 {
983     struct ciss_request			*cr;
984     struct ciss_bmic_flush_cache	*cbfc;
985     int					error, command_status;
986 
987     debug_called(1);
988 
989     cr = NULL;
990     cbfc = NULL;
991 
992     /*
993      * Build a BMIC request to flush the cache.  We don't disable
994      * it, as we may be going to do more I/O (eg. we are emulating
995      * the Synchronise Cache command).
996      */
997     if ((cbfc = malloc(sizeof(*cbfc), CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO)) == NULL) {
998 	error = ENOMEM;
999 	goto out;
1000     }
1001     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_FLUSH_CACHE,
1002 				       (void **)&cbfc, sizeof(*cbfc))) != 0)
1003 	goto out;
1004 
1005     /*
1006      * Submit the request and wait for it to complete.
1007      */
1008     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1009 	ciss_printf(sc, "error sending BMIC FLUSH_CACHE command (%d)\n", error);
1010 	goto out;
1011     }
1012 
1013     /*
1014      * Check response.
1015      */
1016     ciss_report_request(cr, &command_status, NULL);
1017     switch(command_status) {
1018     case CISS_CMD_STATUS_SUCCESS:
1019 	break;
1020     default:
1021 	ciss_printf(sc, "error flushing cache (%s)\n",
1022 		    ciss_name_command_status(command_status));
1023 	error = EIO;
1024 	goto out;
1025     }
1026 
1027 out:
1028     if (cbfc != NULL)
1029 	free(cbfc, CISS_MALLOC_CLASS);
1030     if (cr != NULL)
1031 	ciss_release_request(cr);
1032     return(error);
1033 }
1034 
1035 static void
1036 ciss_soft_reset(struct ciss_softc *sc)
1037 {
1038     struct ciss_request		*cr = NULL;
1039     struct ciss_command		*cc;
1040     int				i, error = 0;
1041 
1042     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
1043 	/* only reset proxy controllers */
1044 	if (sc->ciss_controllers[i].physical.bus == 0)
1045 	    continue;
1046 
1047 	if ((error = ciss_get_request(sc, &cr)) != 0)
1048 	    break;
1049 
1050 	if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_SOFT_RESET,
1051 					   NULL, 0)) != 0)
1052 	    break;
1053 
1054 	cc = cr->cr_cc;
1055 	cc->header.address = sc->ciss_controllers[i];
1056 
1057 	if ((error = ciss_synch_request(cr, 60 * 1000)) != 0)
1058 	    break;
1059 
1060 	ciss_release_request(cr);
1061     }
1062 
1063     if (error)
1064 	ciss_printf(sc, "error resetting controller (%d)\n", error);
1065 
1066     if (cr != NULL)
1067 	ciss_release_request(cr);
1068 }
1069 
1070 /************************************************************************
1071  * Allocate memory for the adapter command structures, initialise
1072  * the request structures.
1073  *
1074  * Note that the entire set of commands are allocated in a single
1075  * contiguous slab.
1076  */
1077 static int
1078 ciss_init_requests(struct ciss_softc *sc)
1079 {
1080     struct ciss_request	*cr;
1081     int			i;
1082 
1083     debug_called(1);
1084 
1085     if (bootverbose)
1086 	ciss_printf(sc, "using %d of %d available commands\n",
1087 		    sc->ciss_max_requests, sc->ciss_cfg->max_outstanding_commands);
1088 
1089     /*
1090      * Create the DMA tag for commands.
1091      */
1092     if (bus_dma_tag_create(sc->ciss_parent_dmat,	/* parent */
1093 			   32, 0, 			/* alignment, boundary */
1094 			   BUS_SPACE_MAXADDR_32BIT,	/* lowaddr */
1095 			   BUS_SPACE_MAXADDR, 		/* highaddr */
1096 			   NULL, NULL, 			/* filter, filterarg */
1097 			   CISS_COMMAND_ALLOC_SIZE *
1098 			   sc->ciss_max_requests, 1,	/* maxsize, nsegments */
1099 			   BUS_SPACE_MAXSIZE_32BIT,	/* maxsegsize */
1100 			   0,				/* flags */
1101 			   NULL, NULL,			/* lockfunc, lockarg */
1102 			   &sc->ciss_command_dmat)) {
1103 	ciss_printf(sc, "can't allocate command DMA tag\n");
1104 	return(ENOMEM);
1105     }
1106     /*
1107      * Allocate memory and make it available for DMA.
1108      */
1109     if (bus_dmamem_alloc(sc->ciss_command_dmat, (void **)&sc->ciss_command,
1110 			 BUS_DMA_NOWAIT, &sc->ciss_command_map)) {
1111 	ciss_printf(sc, "can't allocate command memory\n");
1112 	return(ENOMEM);
1113     }
1114     bus_dmamap_load(sc->ciss_command_dmat, sc->ciss_command_map,sc->ciss_command,
1115 		    CISS_COMMAND_ALLOC_SIZE * sc->ciss_max_requests,
1116 		    ciss_command_map_helper, &sc->ciss_command_phys, 0);
1117     bzero(sc->ciss_command, CISS_COMMAND_ALLOC_SIZE * sc->ciss_max_requests);
1118 
1119     /*
1120      * Set up the request and command structures, push requests onto
1121      * the free queue.
1122      */
1123     for (i = 1; i < sc->ciss_max_requests; i++) {
1124 	cr = &sc->ciss_request[i];
1125 	cr->cr_sc = sc;
1126 	cr->cr_tag = i;
1127 	cr->cr_cc = (struct ciss_command *)((uintptr_t)sc->ciss_command +
1128 	    CISS_COMMAND_ALLOC_SIZE * i);
1129 	cr->cr_ccphys = sc->ciss_command_phys + CISS_COMMAND_ALLOC_SIZE * i;
1130 	bus_dmamap_create(sc->ciss_buffer_dmat, 0, &cr->cr_datamap);
1131 	ciss_enqueue_free(cr);
1132     }
1133     return(0);
1134 }
1135 
1136 static void
1137 ciss_command_map_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
1138 {
1139     uint32_t *addr;
1140 
1141     addr = arg;
1142     *addr = segs[0].ds_addr;
1143 }
1144 
1145 /************************************************************************
1146  * Identify the adapter, print some information about it.
1147  */
1148 static int
1149 ciss_identify_adapter(struct ciss_softc *sc)
1150 {
1151     struct ciss_request	*cr;
1152     int			error, command_status;
1153 
1154     debug_called(1);
1155 
1156     cr = NULL;
1157 
1158     /*
1159      * Get a request, allocate storage for the adapter data.
1160      */
1161     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ID_CTLR,
1162 				       (void **)&sc->ciss_id,
1163 				       sizeof(*sc->ciss_id))) != 0)
1164 	goto out;
1165 
1166     /*
1167      * Submit the request and wait for it to complete.
1168      */
1169     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1170 	ciss_printf(sc, "error sending BMIC ID_CTLR command (%d)\n", error);
1171 	goto out;
1172     }
1173 
1174     /*
1175      * Check response.
1176      */
1177     ciss_report_request(cr, &command_status, NULL);
1178     switch(command_status) {
1179     case CISS_CMD_STATUS_SUCCESS:		/* buffer right size */
1180 	break;
1181     case CISS_CMD_STATUS_DATA_UNDERRUN:
1182     case CISS_CMD_STATUS_DATA_OVERRUN:
1183 	ciss_printf(sc, "data over/underrun reading adapter information\n");
1184     default:
1185 	ciss_printf(sc, "error reading adapter information (%s)\n",
1186 		    ciss_name_command_status(command_status));
1187 	error = EIO;
1188 	goto out;
1189     }
1190 
1191     /* sanity-check reply */
1192     if (!sc->ciss_id->big_map_supported) {
1193 	ciss_printf(sc, "adapter does not support BIG_MAP\n");
1194 	error = ENXIO;
1195 	goto out;
1196     }
1197 
1198 #if 0
1199     /* XXX later revisions may not need this */
1200     sc->ciss_flags |= CISS_FLAG_FAKE_SYNCH;
1201 #endif
1202 
1203     /* XXX only really required for old 5300 adapters? */
1204     sc->ciss_flags |= CISS_FLAG_BMIC_ABORT;
1205 
1206     /* print information */
1207     if (bootverbose) {
1208 #if 0	/* XXX proxy volumes??? */
1209 	ciss_printf(sc, "  %d logical drive%s configured\n",
1210 		    sc->ciss_id->configured_logical_drives,
1211 		    (sc->ciss_id->configured_logical_drives == 1) ? "" : "s");
1212 #endif
1213 	ciss_printf(sc, "  firmware %4.4s\n", sc->ciss_id->running_firmware_revision);
1214 	ciss_printf(sc, "  %d SCSI channels\n", sc->ciss_id->scsi_bus_count);
1215 
1216 	ciss_printf(sc, "  signature '%.4s'\n", sc->ciss_cfg->signature);
1217 	ciss_printf(sc, "  valence %d\n", sc->ciss_cfg->valence);
1218 	ciss_printf(sc, "  supported I/O methods 0x%b\n",
1219 		    sc->ciss_cfg->supported_methods,
1220 		    "\20\1READY\2simple\3performant\4MEMQ\n");
1221 	ciss_printf(sc, "  active I/O method 0x%b\n",
1222 		    sc->ciss_cfg->active_method, "\20\2simple\3performant\4MEMQ\n");
1223 	ciss_printf(sc, "  4G page base 0x%08x\n",
1224 		    sc->ciss_cfg->command_physlimit);
1225 	ciss_printf(sc, "  interrupt coalesce delay %dus\n",
1226 		    sc->ciss_cfg->interrupt_coalesce_delay);
1227 	ciss_printf(sc, "  interrupt coalesce count %d\n",
1228 		    sc->ciss_cfg->interrupt_coalesce_count);
1229 	ciss_printf(sc, "  max outstanding commands %d\n",
1230 		    sc->ciss_cfg->max_outstanding_commands);
1231 	ciss_printf(sc, "  bus types 0x%b\n", sc->ciss_cfg->bus_types,
1232 		    "\20\1ultra2\2ultra3\10fibre1\11fibre2\n");
1233 	ciss_printf(sc, "  server name '%.16s'\n", sc->ciss_cfg->server_name);
1234 	ciss_printf(sc, "  heartbeat 0x%x\n", sc->ciss_cfg->heartbeat);
1235     }
1236 
1237 out:
1238     if (error) {
1239 	if (sc->ciss_id != NULL) {
1240 	    free(sc->ciss_id, CISS_MALLOC_CLASS);
1241 	    sc->ciss_id = NULL;
1242 	}
1243     }
1244     if (cr != NULL)
1245 	ciss_release_request(cr);
1246     return(error);
1247 }
1248 
1249 /************************************************************************
1250  * Helper routine for generating a list of logical and physical luns.
1251  */
1252 static struct ciss_lun_report *
1253 ciss_report_luns(struct ciss_softc *sc, int opcode, int nunits)
1254 {
1255     struct ciss_request		*cr;
1256     struct ciss_command		*cc;
1257     struct ciss_report_cdb	*crc;
1258     struct ciss_lun_report	*cll;
1259     int				command_status;
1260     int				report_size;
1261     int				error = 0;
1262 
1263     debug_called(1);
1264 
1265     cr = NULL;
1266     cll = NULL;
1267 
1268     /*
1269      * Get a request, allocate storage for the address list.
1270      */
1271     if ((error = ciss_get_request(sc, &cr)) != 0)
1272 	goto out;
1273     report_size = sizeof(*cll) + nunits * sizeof(union ciss_device_address);
1274     if ((cll = malloc(report_size, CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO)) == NULL) {
1275 	ciss_printf(sc, "can't allocate memory for lun report\n");
1276 	error = ENOMEM;
1277 	goto out;
1278     }
1279 
1280     /*
1281      * Build the Report Logical/Physical LUNs command.
1282      */
1283     cc = cr->cr_cc;
1284     cr->cr_data = cll;
1285     cr->cr_length = report_size;
1286     cr->cr_flags = CISS_REQ_DATAIN;
1287 
1288     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
1289     cc->header.address.physical.bus = 0;
1290     cc->header.address.physical.target = 0;
1291     cc->cdb.cdb_length = sizeof(*crc);
1292     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
1293     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
1294     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
1295     cc->cdb.timeout = 30;	/* XXX better suggestions? */
1296 
1297     crc = (struct ciss_report_cdb *)&(cc->cdb.cdb[0]);
1298     bzero(crc, sizeof(*crc));
1299     crc->opcode = opcode;
1300     crc->length = htonl(report_size);			/* big-endian field */
1301     cll->list_size = htonl(report_size - sizeof(*cll));	/* big-endian field */
1302 
1303     /*
1304      * Submit the request and wait for it to complete.  (timeout
1305      * here should be much greater than above)
1306      */
1307     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1308 	ciss_printf(sc, "error sending %d LUN command (%d)\n", opcode, error);
1309 	goto out;
1310     }
1311 
1312     /*
1313      * Check response.  Note that data over/underrun is OK.
1314      */
1315     ciss_report_request(cr, &command_status, NULL);
1316     switch(command_status) {
1317     case CISS_CMD_STATUS_SUCCESS:	/* buffer right size */
1318     case CISS_CMD_STATUS_DATA_UNDERRUN:	/* buffer too large, not bad */
1319 	break;
1320     case CISS_CMD_STATUS_DATA_OVERRUN:
1321 	ciss_printf(sc, "WARNING: more units than driver limit (%d)\n",
1322 		    CISS_MAX_LOGICAL);
1323 	break;
1324     default:
1325 	ciss_printf(sc, "error detecting logical drive configuration (%s)\n",
1326 		    ciss_name_command_status(command_status));
1327 	error = EIO;
1328 	goto out;
1329     }
1330     ciss_release_request(cr);
1331     cr = NULL;
1332 
1333 out:
1334     if (cr != NULL)
1335 	ciss_release_request(cr);
1336     if (error && cll != NULL) {
1337 	free(cll, CISS_MALLOC_CLASS);
1338 	cll = NULL;
1339     }
1340     return(cll);
1341 }
1342 
1343 /************************************************************************
1344  * Find logical drives on the adapter.
1345  */
1346 static int
1347 ciss_init_logical(struct ciss_softc *sc)
1348 {
1349     struct ciss_lun_report	*cll;
1350     int				error = 0, i, j;
1351     int				ndrives;
1352 
1353     debug_called(1);
1354 
1355     cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_LOGICAL_LUNS,
1356 			   CISS_MAX_LOGICAL);
1357     if (cll == NULL) {
1358 	error = ENXIO;
1359 	goto out;
1360     }
1361 
1362     /* sanity-check reply */
1363     ndrives = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
1364     if ((ndrives < 0) || (ndrives > CISS_MAX_LOGICAL)) {
1365 	ciss_printf(sc, "adapter claims to report absurd number of logical drives (%d > %d)\n",
1366 		    ndrives, CISS_MAX_LOGICAL);
1367 	error = ENXIO;
1368 	goto out;
1369     }
1370 
1371     /*
1372      * Save logical drive information.
1373      */
1374     if (bootverbose) {
1375 	ciss_printf(sc, "%d logical drive%s\n",
1376 	    ndrives, (ndrives > 1 || ndrives == 0) ? "s" : "");
1377     }
1378 
1379     sc->ciss_logical =
1380 	malloc(sc->ciss_max_logical_bus * sizeof(struct ciss_ldrive *),
1381 	       CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1382     if (sc->ciss_logical == NULL) {
1383 	error = ENXIO;
1384 	goto out;
1385     }
1386 
1387     for (i = 0; i <= sc->ciss_max_logical_bus; i++) {
1388 	sc->ciss_logical[i] =
1389 	    malloc(CISS_MAX_LOGICAL * sizeof(struct ciss_ldrive),
1390 		   CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1391 	if (sc->ciss_logical[i] == NULL) {
1392 	    error = ENXIO;
1393 	    goto out;
1394 	}
1395 
1396 	for (j = 0; j < CISS_MAX_LOGICAL; j++)
1397 	    sc->ciss_logical[i][j].cl_status = CISS_LD_NONEXISTENT;
1398     }
1399 
1400 
1401     for (i = 0; i < CISS_MAX_LOGICAL; i++) {
1402 	if (i < ndrives) {
1403 	    struct ciss_ldrive	*ld;
1404 	    int			bus, target;
1405 
1406 	    bus		= CISS_LUN_TO_BUS(cll->lun[i].logical.lun);
1407 	    target	= CISS_LUN_TO_TARGET(cll->lun[i].logical.lun);
1408 	    ld		= &sc->ciss_logical[bus][target];
1409 
1410 	    ld->cl_address	= cll->lun[i];
1411 	    ld->cl_controller	= &sc->ciss_controllers[bus];
1412 	    if (ciss_identify_logical(sc, ld) != 0)
1413 		continue;
1414 	    /*
1415 	     * If the drive has had media exchanged, we should bring it online.
1416 	     */
1417 	    if (ld->cl_lstatus->media_exchanged)
1418 		ciss_accept_media(sc, ld);
1419 
1420 	}
1421     }
1422 
1423  out:
1424     if (cll != NULL)
1425 	free(cll, CISS_MALLOC_CLASS);
1426     return(error);
1427 }
1428 
1429 static int
1430 ciss_init_physical(struct ciss_softc *sc)
1431 {
1432     struct ciss_lun_report	*cll;
1433     int				error = 0, i;
1434     int				nphys;
1435     int				bus, target;
1436 
1437     debug_called(1);
1438 
1439     bus = 0;
1440     target = 0;
1441 
1442     cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_PHYSICAL_LUNS,
1443 			   CISS_MAX_PHYSICAL);
1444     if (cll == NULL) {
1445 	error = ENXIO;
1446 	goto out;
1447     }
1448 
1449     nphys = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
1450 
1451     if (bootverbose) {
1452 	ciss_printf(sc, "%d physical device%s\n",
1453 	    nphys, (nphys > 1 || nphys == 0) ? "s" : "");
1454     }
1455 
1456     /*
1457      * Figure out the bus mapping.
1458      * Logical buses include both the local logical bus for local arrays and
1459      * proxy buses for remote arrays.  Physical buses are numbered by the
1460      * controller and represent physical buses that hold physical devices.
1461      * We shift these bus numbers so that everything fits into a single flat
1462      * numbering space for CAM.  Logical buses occupy the first 32 CAM bus
1463      * numbers, and the physical bus numbers are shifted to be above that.
1464      * This results in the various driver arrays being indexed as follows:
1465      *
1466      * ciss_controllers[] - indexed by logical bus
1467      * ciss_cam_sim[]     - indexed by both logical and physical, with physical
1468      *                      being shifted by 32.
1469      * ciss_logical[][]   - indexed by logical bus
1470      * ciss_physical[][]  - indexed by physical bus
1471      *
1472      * XXX This is getting more and more hackish.  CISS really doesn't play
1473      *     well with a standard SCSI model; devices are addressed via magic
1474      *     cookies, not via b/t/l addresses.  Since there is no way to store
1475      *     the cookie in the CAM device object, we have to keep these lookup
1476      *     tables handy so that the devices can be found quickly at the cost
1477      *     of wasting memory and having a convoluted lookup scheme.  This
1478      *     driver should probably be converted to block interface.
1479      */
1480     /*
1481      * If the L2 and L3 SCSI addresses are 0, this signifies a proxy
1482      * controller. A proxy controller is another physical controller
1483      * behind the primary PCI controller. We need to know about this
1484      * so that BMIC commands can be properly targeted.  There can be
1485      * proxy controllers attached to a single PCI controller, so
1486      * find the highest numbered one so the array can be properly
1487      * sized.
1488      */
1489     sc->ciss_max_logical_bus = 1;
1490     for (i = 0; i < nphys; i++) {
1491 	if (cll->lun[i].physical.extra_address == 0) {
1492 	    bus = cll->lun[i].physical.bus;
1493 	    sc->ciss_max_logical_bus = max(sc->ciss_max_logical_bus, bus) + 1;
1494 	} else {
1495 	    bus = CISS_EXTRA_BUS2(cll->lun[i].physical.extra_address);
1496 	    sc->ciss_max_physical_bus = max(sc->ciss_max_physical_bus, bus);
1497 	}
1498     }
1499 
1500     sc->ciss_controllers =
1501 	malloc(sc->ciss_max_logical_bus * sizeof (union ciss_device_address),
1502 	       CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1503 
1504     if (sc->ciss_controllers == NULL) {
1505 	ciss_printf(sc, "Could not allocate memory for controller map\n");
1506 	error = ENOMEM;
1507 	goto out;
1508     }
1509 
1510     /* setup a map of controller addresses */
1511     for (i = 0; i < nphys; i++) {
1512 	if (cll->lun[i].physical.extra_address == 0) {
1513 	    sc->ciss_controllers[cll->lun[i].physical.bus] = cll->lun[i];
1514 	}
1515     }
1516 
1517     sc->ciss_physical =
1518 	malloc(sc->ciss_max_physical_bus * sizeof(struct ciss_pdrive *),
1519 	       CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1520     if (sc->ciss_physical == NULL) {
1521 	ciss_printf(sc, "Could not allocate memory for physical device map\n");
1522 	error = ENOMEM;
1523 	goto out;
1524     }
1525 
1526     for (i = 0; i < sc->ciss_max_physical_bus; i++) {
1527 	sc->ciss_physical[i] =
1528 	    malloc(sizeof(struct ciss_pdrive) * CISS_MAX_PHYSTGT,
1529 		   CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
1530 	if (sc->ciss_physical[i] == NULL) {
1531 	    ciss_printf(sc, "Could not allocate memory for target map\n");
1532 	    error = ENOMEM;
1533 	    goto out;
1534 	}
1535     }
1536 
1537     ciss_filter_physical(sc, cll);
1538 
1539 out:
1540     if (cll != NULL)
1541 	free(cll, CISS_MALLOC_CLASS);
1542 
1543     return(error);
1544 }
1545 
1546 static int
1547 ciss_filter_physical(struct ciss_softc *sc, struct ciss_lun_report *cll)
1548 {
1549     u_int32_t ea;
1550     int i, nphys;
1551     int	bus, target;
1552 
1553     nphys = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
1554     for (i = 0; i < nphys; i++) {
1555 	if (cll->lun[i].physical.extra_address == 0)
1556 	    continue;
1557 
1558 	/*
1559 	 * Filter out devices that we don't want.  Level 3 LUNs could
1560 	 * probably be supported, but the docs don't give enough of a
1561 	 * hint to know how.
1562 	 *
1563 	 * The mode field of the physical address is likely set to have
1564 	 * hard disks masked out.  Honor it unless the user has overridden
1565 	 * us with the tunable.  We also munge the inquiry data for these
1566 	 * disks so that they only show up as passthrough devices.  Keeping
1567 	 * them visible in this fashion is useful for doing things like
1568 	 * flashing firmware.
1569 	 */
1570 	ea = cll->lun[i].physical.extra_address;
1571 	if ((CISS_EXTRA_BUS3(ea) != 0) || (CISS_EXTRA_TARGET3(ea) != 0) ||
1572 	    (CISS_EXTRA_MODE2(ea) == 0x3))
1573 	    continue;
1574 	if ((ciss_expose_hidden_physical == 0) &&
1575 	   (cll->lun[i].physical.mode == CISS_HDR_ADDRESS_MODE_MASK_PERIPHERAL))
1576 	    continue;
1577 
1578 	/*
1579 	 * Note: CISS firmware numbers physical busses starting at '1', not
1580 	 *       '0'.  This numbering is internal to the firmware and is only
1581 	 *       used as a hint here.
1582 	 */
1583 	bus = CISS_EXTRA_BUS2(ea) - 1;
1584 	target = CISS_EXTRA_TARGET2(ea);
1585 	sc->ciss_physical[bus][target].cp_address = cll->lun[i];
1586 	sc->ciss_physical[bus][target].cp_online = 1;
1587     }
1588 
1589     return (0);
1590 }
1591 
1592 static int
1593 ciss_inquiry_logical(struct ciss_softc *sc, struct ciss_ldrive *ld)
1594 {
1595     struct ciss_request			*cr;
1596     struct ciss_command			*cc;
1597     struct scsi_inquiry			*inq;
1598     int					error;
1599     int					command_status;
1600 
1601     cr = NULL;
1602 
1603     bzero(&ld->cl_geometry, sizeof(ld->cl_geometry));
1604 
1605     if ((error = ciss_get_request(sc, &cr)) != 0)
1606 	goto out;
1607 
1608     cc = cr->cr_cc;
1609     cr->cr_data = &ld->cl_geometry;
1610     cr->cr_length = sizeof(ld->cl_geometry);
1611     cr->cr_flags = CISS_REQ_DATAIN;
1612 
1613     cc->header.address = ld->cl_address;
1614     cc->cdb.cdb_length = 6;
1615     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
1616     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
1617     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
1618     cc->cdb.timeout = 30;
1619 
1620     inq = (struct scsi_inquiry *)&(cc->cdb.cdb[0]);
1621     inq->opcode = INQUIRY;
1622     inq->byte2 = SI_EVPD;
1623     inq->page_code = CISS_VPD_LOGICAL_DRIVE_GEOMETRY;
1624     scsi_ulto2b(sizeof(ld->cl_geometry), inq->length);
1625 
1626     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1627 	ciss_printf(sc, "error getting geometry (%d)\n", error);
1628 	goto out;
1629     }
1630 
1631     ciss_report_request(cr, &command_status, NULL);
1632     switch(command_status) {
1633     case CISS_CMD_STATUS_SUCCESS:
1634     case CISS_CMD_STATUS_DATA_UNDERRUN:
1635 	break;
1636     case CISS_CMD_STATUS_DATA_OVERRUN:
1637 	ciss_printf(sc, "WARNING: Data overrun\n");
1638 	break;
1639     default:
1640 	ciss_printf(sc, "Error detecting logical drive geometry (%s)\n",
1641 		    ciss_name_command_status(command_status));
1642 	break;
1643     }
1644 
1645 out:
1646     if (cr != NULL)
1647 	ciss_release_request(cr);
1648     return(error);
1649 }
1650 /************************************************************************
1651  * Identify a logical drive, initialise state related to it.
1652  */
1653 static int
1654 ciss_identify_logical(struct ciss_softc *sc, struct ciss_ldrive *ld)
1655 {
1656     struct ciss_request		*cr;
1657     struct ciss_command		*cc;
1658     struct ciss_bmic_cdb	*cbc;
1659     int				error, command_status;
1660 
1661     debug_called(1);
1662 
1663     cr = NULL;
1664 
1665     /*
1666      * Build a BMIC request to fetch the drive ID.
1667      */
1668     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ID_LDRIVE,
1669 				       (void **)&ld->cl_ldrive,
1670 				       sizeof(*ld->cl_ldrive))) != 0)
1671 	goto out;
1672     cc = cr->cr_cc;
1673     cc->header.address = *ld->cl_controller;	/* target controller */
1674     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
1675     cbc->log_drive = CISS_LUN_TO_TARGET(ld->cl_address.logical.lun);
1676 
1677     /*
1678      * Submit the request and wait for it to complete.
1679      */
1680     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1681 	ciss_printf(sc, "error sending BMIC LDRIVE command (%d)\n", error);
1682 	goto out;
1683     }
1684 
1685     /*
1686      * Check response.
1687      */
1688     ciss_report_request(cr, &command_status, NULL);
1689     switch(command_status) {
1690     case CISS_CMD_STATUS_SUCCESS:		/* buffer right size */
1691 	break;
1692     case CISS_CMD_STATUS_DATA_UNDERRUN:
1693     case CISS_CMD_STATUS_DATA_OVERRUN:
1694 	ciss_printf(sc, "data over/underrun reading logical drive ID\n");
1695     default:
1696 	ciss_printf(sc, "error reading logical drive ID (%s)\n",
1697 		    ciss_name_command_status(command_status));
1698 	error = EIO;
1699 	goto out;
1700     }
1701     ciss_release_request(cr);
1702     cr = NULL;
1703 
1704     /*
1705      * Build a CISS BMIC command to get the logical drive status.
1706      */
1707     if ((error = ciss_get_ldrive_status(sc, ld)) != 0)
1708 	goto out;
1709 
1710     /*
1711      * Get the logical drive geometry.
1712      */
1713     if ((error = ciss_inquiry_logical(sc, ld)) != 0)
1714 	goto out;
1715 
1716     /*
1717      * Print the drive's basic characteristics.
1718      */
1719     if (bootverbose) {
1720 	ciss_printf(sc, "logical drive (b%dt%d): %s, %dMB ",
1721 		    CISS_LUN_TO_BUS(ld->cl_address.logical.lun),
1722 		    CISS_LUN_TO_TARGET(ld->cl_address.logical.lun),
1723 		    ciss_name_ldrive_org(ld->cl_ldrive->fault_tolerance),
1724 		    ((ld->cl_ldrive->blocks_available / (1024 * 1024)) *
1725 		     ld->cl_ldrive->block_size));
1726 
1727 	ciss_print_ldrive(sc, ld);
1728     }
1729 out:
1730     if (error != 0) {
1731 	/* make the drive not-exist */
1732 	ld->cl_status = CISS_LD_NONEXISTENT;
1733 	if (ld->cl_ldrive != NULL) {
1734 	    free(ld->cl_ldrive, CISS_MALLOC_CLASS);
1735 	    ld->cl_ldrive = NULL;
1736 	}
1737 	if (ld->cl_lstatus != NULL) {
1738 	    free(ld->cl_lstatus, CISS_MALLOC_CLASS);
1739 	    ld->cl_lstatus = NULL;
1740 	}
1741     }
1742     if (cr != NULL)
1743 	ciss_release_request(cr);
1744 
1745     return(error);
1746 }
1747 
1748 /************************************************************************
1749  * Get status for a logical drive.
1750  *
1751  * XXX should we also do this in response to Test Unit Ready?
1752  */
1753 static int
1754 ciss_get_ldrive_status(struct ciss_softc *sc,  struct ciss_ldrive *ld)
1755 {
1756     struct ciss_request		*cr;
1757     struct ciss_command		*cc;
1758     struct ciss_bmic_cdb	*cbc;
1759     int				error, command_status;
1760 
1761     /*
1762      * Build a CISS BMIC command to get the logical drive status.
1763      */
1764     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ID_LSTATUS,
1765 				       (void **)&ld->cl_lstatus,
1766 				       sizeof(*ld->cl_lstatus))) != 0)
1767 	goto out;
1768     cc = cr->cr_cc;
1769     cc->header.address = *ld->cl_controller;	/* target controller */
1770     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
1771     cbc->log_drive = CISS_LUN_TO_TARGET(ld->cl_address.logical.lun);
1772 
1773     /*
1774      * Submit the request and wait for it to complete.
1775      */
1776     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1777 	ciss_printf(sc, "error sending BMIC LSTATUS command (%d)\n", error);
1778 	goto out;
1779     }
1780 
1781     /*
1782      * Check response.
1783      */
1784     ciss_report_request(cr, &command_status, NULL);
1785     switch(command_status) {
1786     case CISS_CMD_STATUS_SUCCESS:		/* buffer right size */
1787 	break;
1788     case CISS_CMD_STATUS_DATA_UNDERRUN:
1789     case CISS_CMD_STATUS_DATA_OVERRUN:
1790 	ciss_printf(sc, "data over/underrun reading logical drive status\n");
1791     default:
1792 	ciss_printf(sc, "error reading logical drive status (%s)\n",
1793 		    ciss_name_command_status(command_status));
1794 	error = EIO;
1795 	goto out;
1796     }
1797 
1798     /*
1799      * Set the drive's summary status based on the returned status.
1800      *
1801      * XXX testing shows that a failed JBOD drive comes back at next
1802      * boot in "queued for expansion" mode.  WTF?
1803      */
1804     ld->cl_status = ciss_decode_ldrive_status(ld->cl_lstatus->status);
1805 
1806 out:
1807     if (cr != NULL)
1808 	ciss_release_request(cr);
1809     return(error);
1810 }
1811 
1812 /************************************************************************
1813  * Notify the adapter of a config update.
1814  */
1815 static int
1816 ciss_update_config(struct ciss_softc *sc)
1817 {
1818     int		i;
1819 
1820     debug_called(1);
1821 
1822     CISS_TL_SIMPLE_WRITE(sc, CISS_TL_SIMPLE_IDBR, CISS_TL_SIMPLE_IDBR_CFG_TABLE);
1823     for (i = 0; i < 1000; i++) {
1824 	if (!(CISS_TL_SIMPLE_READ(sc, CISS_TL_SIMPLE_IDBR) &
1825 	      CISS_TL_SIMPLE_IDBR_CFG_TABLE)) {
1826 	    return(0);
1827 	}
1828 	DELAY(1000);
1829     }
1830     return(1);
1831 }
1832 
1833 /************************************************************************
1834  * Accept new media into a logical drive.
1835  *
1836  * XXX The drive has previously been offline; it would be good if we
1837  *     could make sure it's not open right now.
1838  */
1839 static int
1840 ciss_accept_media(struct ciss_softc *sc, struct ciss_ldrive *ld)
1841 {
1842     struct ciss_request		*cr;
1843     struct ciss_command		*cc;
1844     struct ciss_bmic_cdb	*cbc;
1845     int				command_status;
1846     int				error = 0, ldrive;
1847 
1848     ldrive = CISS_LUN_TO_TARGET(ld->cl_address.logical.lun);
1849 
1850     debug(0, "bringing logical drive %d back online");
1851 
1852     /*
1853      * Build a CISS BMIC command to bring the drive back online.
1854      */
1855     if ((error = ciss_get_bmic_request(sc, &cr, CISS_BMIC_ACCEPT_MEDIA,
1856 				       NULL, 0)) != 0)
1857 	goto out;
1858     cc = cr->cr_cc;
1859     cc->header.address = *ld->cl_controller;	/* target controller */
1860     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
1861     cbc->log_drive = ldrive;
1862 
1863     /*
1864      * Submit the request and wait for it to complete.
1865      */
1866     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
1867 	ciss_printf(sc, "error sending BMIC ACCEPT MEDIA command (%d)\n", error);
1868 	goto out;
1869     }
1870 
1871     /*
1872      * Check response.
1873      */
1874     ciss_report_request(cr, &command_status, NULL);
1875     switch(command_status) {
1876     case CISS_CMD_STATUS_SUCCESS:		/* all OK */
1877 	/* we should get a logical drive status changed event here */
1878 	break;
1879     default:
1880 	ciss_printf(cr->cr_sc, "error accepting media into failed logical drive (%s)\n",
1881 		    ciss_name_command_status(command_status));
1882 	break;
1883     }
1884 
1885 out:
1886     if (cr != NULL)
1887 	ciss_release_request(cr);
1888     return(error);
1889 }
1890 
1891 /************************************************************************
1892  * Release adapter resources.
1893  */
1894 static void
1895 ciss_free(struct ciss_softc *sc)
1896 {
1897     struct ciss_request *cr;
1898     int			i, j;
1899 
1900     debug_called(1);
1901 
1902     /* we're going away */
1903     sc->ciss_flags |= CISS_FLAG_ABORTING;
1904 
1905     /* terminate the periodic heartbeat routine */
1906     callout_stop(&sc->ciss_periodic);
1907 
1908     /* cancel the Event Notify chain */
1909     ciss_notify_abort(sc);
1910 
1911     ciss_kill_notify_thread(sc);
1912 
1913     /* disconnect from CAM */
1914     if (sc->ciss_cam_sim) {
1915 	for (i = 0; i < sc->ciss_max_logical_bus; i++) {
1916 	    if (sc->ciss_cam_sim[i]) {
1917 		xpt_bus_deregister(cam_sim_path(sc->ciss_cam_sim[i]));
1918 		cam_sim_free(sc->ciss_cam_sim[i], 0);
1919 	    }
1920 	}
1921 	for (i = CISS_PHYSICAL_BASE; i < sc->ciss_max_physical_bus +
1922 	     CISS_PHYSICAL_BASE; i++) {
1923 	    if (sc->ciss_cam_sim[i]) {
1924 		xpt_bus_deregister(cam_sim_path(sc->ciss_cam_sim[i]));
1925 		cam_sim_free(sc->ciss_cam_sim[i], 0);
1926 	    }
1927 	}
1928 	free(sc->ciss_cam_sim, CISS_MALLOC_CLASS);
1929     }
1930     if (sc->ciss_cam_devq)
1931 	cam_simq_free(sc->ciss_cam_devq);
1932 
1933     /* remove the control device */
1934     mtx_unlock(&sc->ciss_mtx);
1935     if (sc->ciss_dev_t != NULL)
1936 	destroy_dev(sc->ciss_dev_t);
1937 
1938     /* Final cleanup of the callout. */
1939     callout_drain(&sc->ciss_periodic);
1940     mtx_destroy(&sc->ciss_mtx);
1941 
1942     /* free the controller data */
1943     if (sc->ciss_id != NULL)
1944 	free(sc->ciss_id, CISS_MALLOC_CLASS);
1945 
1946     /* release I/O resources */
1947     if (sc->ciss_regs_resource != NULL)
1948 	bus_release_resource(sc->ciss_dev, SYS_RES_MEMORY,
1949 			     sc->ciss_regs_rid, sc->ciss_regs_resource);
1950     if (sc->ciss_cfg_resource != NULL)
1951 	bus_release_resource(sc->ciss_dev, SYS_RES_MEMORY,
1952 			     sc->ciss_cfg_rid, sc->ciss_cfg_resource);
1953     if (sc->ciss_intr != NULL)
1954 	bus_teardown_intr(sc->ciss_dev, sc->ciss_irq_resource, sc->ciss_intr);
1955     if (sc->ciss_irq_resource != NULL)
1956 	bus_release_resource(sc->ciss_dev, SYS_RES_IRQ,
1957 			     sc->ciss_irq_rid[0], sc->ciss_irq_resource);
1958     if (sc->ciss_msi)
1959 	pci_release_msi(sc->ciss_dev);
1960 
1961     while ((cr = ciss_dequeue_free(sc)) != NULL)
1962 	bus_dmamap_destroy(sc->ciss_buffer_dmat, cr->cr_datamap);
1963     if (sc->ciss_buffer_dmat)
1964 	bus_dma_tag_destroy(sc->ciss_buffer_dmat);
1965 
1966     /* destroy command memory and DMA tag */
1967     if (sc->ciss_command != NULL) {
1968 	bus_dmamap_unload(sc->ciss_command_dmat, sc->ciss_command_map);
1969 	bus_dmamem_free(sc->ciss_command_dmat, sc->ciss_command, sc->ciss_command_map);
1970     }
1971     if (sc->ciss_command_dmat)
1972 	bus_dma_tag_destroy(sc->ciss_command_dmat);
1973 
1974     if (sc->ciss_reply) {
1975 	bus_dmamap_unload(sc->ciss_reply_dmat, sc->ciss_reply_map);
1976 	bus_dmamem_free(sc->ciss_reply_dmat, sc->ciss_reply, sc->ciss_reply_map);
1977     }
1978     if (sc->ciss_reply_dmat)
1979 	bus_dma_tag_destroy(sc->ciss_reply_dmat);
1980 
1981     /* destroy DMA tags */
1982     if (sc->ciss_parent_dmat)
1983 	bus_dma_tag_destroy(sc->ciss_parent_dmat);
1984     if (sc->ciss_logical) {
1985 	for (i = 0; i <= sc->ciss_max_logical_bus; i++) {
1986 	    for (j = 0; j < CISS_MAX_LOGICAL; j++) {
1987 		if (sc->ciss_logical[i][j].cl_ldrive)
1988 		    free(sc->ciss_logical[i][j].cl_ldrive, CISS_MALLOC_CLASS);
1989 		if (sc->ciss_logical[i][j].cl_lstatus)
1990 		    free(sc->ciss_logical[i][j].cl_lstatus, CISS_MALLOC_CLASS);
1991 	    }
1992 	    free(sc->ciss_logical[i], CISS_MALLOC_CLASS);
1993 	}
1994 	free(sc->ciss_logical, CISS_MALLOC_CLASS);
1995     }
1996 
1997     if (sc->ciss_physical) {
1998 	for (i = 0; i < sc->ciss_max_physical_bus; i++)
1999 	    free(sc->ciss_physical[i], CISS_MALLOC_CLASS);
2000 	free(sc->ciss_physical, CISS_MALLOC_CLASS);
2001     }
2002 
2003     if (sc->ciss_controllers)
2004 	free(sc->ciss_controllers, CISS_MALLOC_CLASS);
2005 
2006 }
2007 
2008 /************************************************************************
2009  * Give a command to the adapter.
2010  *
2011  * Note that this uses the simple transport layer directly.  If we
2012  * want to add support for other layers, we'll need a switch of some
2013  * sort.
2014  *
2015  * Note that the simple transport layer has no way of refusing a
2016  * command; we only have as many request structures as the adapter
2017  * supports commands, so we don't have to check (this presumes that
2018  * the adapter can handle commands as fast as we throw them at it).
2019  */
2020 static int
2021 ciss_start(struct ciss_request *cr)
2022 {
2023     struct ciss_command	*cc;	/* XXX debugging only */
2024     int			error;
2025 
2026     cc = cr->cr_cc;
2027     debug(2, "post command %d tag %d ", cr->cr_tag, cc->header.host_tag);
2028 
2029     /*
2030      * Map the request's data.
2031      */
2032     if ((error = ciss_map_request(cr)))
2033 	return(error);
2034 
2035 #if 0
2036     ciss_print_request(cr);
2037 #endif
2038 
2039     return(0);
2040 }
2041 
2042 /************************************************************************
2043  * Fetch completed request(s) from the adapter, queue them for
2044  * completion handling.
2045  *
2046  * Note that this uses the simple transport layer directly.  If we
2047  * want to add support for other layers, we'll need a switch of some
2048  * sort.
2049  *
2050  * Note that the simple transport mechanism does not require any
2051  * reentrancy protection; the OPQ read is atomic.  If there is a
2052  * chance of a race with something else that might move the request
2053  * off the busy list, then we will have to lock against that
2054  * (eg. timeouts, etc.)
2055  */
2056 static void
2057 ciss_done(struct ciss_softc *sc, cr_qhead_t *qh)
2058 {
2059     struct ciss_request	*cr;
2060     struct ciss_command	*cc;
2061     u_int32_t		tag, index;
2062 
2063     debug_called(3);
2064 
2065     /*
2066      * Loop quickly taking requests from the adapter and moving them
2067      * to the completed queue.
2068      */
2069     for (;;) {
2070 
2071 	tag = CISS_TL_SIMPLE_FETCH_CMD(sc);
2072 	if (tag == CISS_TL_SIMPLE_OPQ_EMPTY)
2073 	    break;
2074 	index = tag >> 2;
2075 	debug(2, "completed command %d%s", index,
2076 	      (tag & CISS_HDR_HOST_TAG_ERROR) ? " with error" : "");
2077 	if (index >= sc->ciss_max_requests) {
2078 	    ciss_printf(sc, "completed invalid request %d (0x%x)\n", index, tag);
2079 	    continue;
2080 	}
2081 	cr = &(sc->ciss_request[index]);
2082 	cc = cr->cr_cc;
2083 	cc->header.host_tag = tag;	/* not updated by adapter */
2084 	ciss_enqueue_complete(cr, qh);
2085     }
2086 
2087 }
2088 
2089 static void
2090 ciss_perf_done(struct ciss_softc *sc, cr_qhead_t *qh)
2091 {
2092     struct ciss_request	*cr;
2093     struct ciss_command	*cc;
2094     u_int32_t		tag, index;
2095 
2096     debug_called(3);
2097 
2098     /*
2099      * Loop quickly taking requests from the adapter and moving them
2100      * to the completed queue.
2101      */
2102     for (;;) {
2103 	tag = sc->ciss_reply[sc->ciss_rqidx];
2104 	if ((tag & CISS_CYCLE_MASK) != sc->ciss_cycle)
2105 	    break;
2106 	index = tag >> 2;
2107 	debug(2, "completed command %d%s\n", index,
2108 	      (tag & CISS_HDR_HOST_TAG_ERROR) ? " with error" : "");
2109 	if (index < sc->ciss_max_requests) {
2110 	    cr = &(sc->ciss_request[index]);
2111 	    cc = cr->cr_cc;
2112 	    cc->header.host_tag = tag;	/* not updated by adapter */
2113 	    ciss_enqueue_complete(cr, qh);
2114 	} else {
2115 	    ciss_printf(sc, "completed invalid request %d (0x%x)\n", index, tag);
2116 	}
2117 	if (++sc->ciss_rqidx == sc->ciss_max_requests) {
2118 	    sc->ciss_rqidx = 0;
2119 	    sc->ciss_cycle ^= 1;
2120 	}
2121     }
2122 
2123 }
2124 
2125 /************************************************************************
2126  * Take an interrupt from the adapter.
2127  */
2128 static void
2129 ciss_intr(void *arg)
2130 {
2131     cr_qhead_t qh;
2132     struct ciss_softc	*sc = (struct ciss_softc *)arg;
2133 
2134     /*
2135      * The only interrupt we recognise indicates that there are
2136      * entries in the outbound post queue.
2137      */
2138     STAILQ_INIT(&qh);
2139     ciss_done(sc, &qh);
2140     mtx_lock(&sc->ciss_mtx);
2141     ciss_complete(sc, &qh);
2142     mtx_unlock(&sc->ciss_mtx);
2143 }
2144 
2145 static void
2146 ciss_perf_intr(void *arg)
2147 {
2148     struct ciss_softc	*sc = (struct ciss_softc *)arg;
2149 
2150     /* Clear the interrupt and flush the bridges.  Docs say that the flush
2151      * needs to be done twice, which doesn't seem right.
2152      */
2153     CISS_TL_PERF_CLEAR_INT(sc);
2154     CISS_TL_PERF_FLUSH_INT(sc);
2155 
2156     ciss_perf_msi_intr(sc);
2157 }
2158 
2159 static void
2160 ciss_perf_msi_intr(void *arg)
2161 {
2162     cr_qhead_t qh;
2163     struct ciss_softc	*sc = (struct ciss_softc *)arg;
2164 
2165     STAILQ_INIT(&qh);
2166     ciss_perf_done(sc, &qh);
2167     mtx_lock(&sc->ciss_mtx);
2168     ciss_complete(sc, &qh);
2169     mtx_unlock(&sc->ciss_mtx);
2170 }
2171 
2172 
2173 /************************************************************************
2174  * Process completed requests.
2175  *
2176  * Requests can be completed in three fashions:
2177  *
2178  * - by invoking a callback function (cr_complete is non-null)
2179  * - by waking up a sleeper (cr_flags has CISS_REQ_SLEEP set)
2180  * - by clearing the CISS_REQ_POLL flag in interrupt/timeout context
2181  */
2182 static void
2183 ciss_complete(struct ciss_softc *sc, cr_qhead_t *qh)
2184 {
2185     struct ciss_request	*cr;
2186 
2187     debug_called(2);
2188 
2189     /*
2190      * Loop taking requests off the completed queue and performing
2191      * completion processing on them.
2192      */
2193     for (;;) {
2194 	if ((cr = ciss_dequeue_complete(sc, qh)) == NULL)
2195 	    break;
2196 	ciss_unmap_request(cr);
2197 
2198 	if ((cr->cr_flags & CISS_REQ_BUSY) == 0)
2199 	    ciss_printf(sc, "WARNING: completing non-busy request\n");
2200 	cr->cr_flags &= ~CISS_REQ_BUSY;
2201 
2202 	/*
2203 	 * If the request has a callback, invoke it.
2204 	 */
2205 	if (cr->cr_complete != NULL) {
2206 	    cr->cr_complete(cr);
2207 	    continue;
2208 	}
2209 
2210 	/*
2211 	 * If someone is sleeping on this request, wake them up.
2212 	 */
2213 	if (cr->cr_flags & CISS_REQ_SLEEP) {
2214 	    cr->cr_flags &= ~CISS_REQ_SLEEP;
2215 	    wakeup(cr);
2216 	    continue;
2217 	}
2218 
2219 	/*
2220 	 * If someone is polling this request for completion, signal.
2221 	 */
2222 	if (cr->cr_flags & CISS_REQ_POLL) {
2223 	    cr->cr_flags &= ~CISS_REQ_POLL;
2224 	    continue;
2225 	}
2226 
2227 	/*
2228 	 * Give up and throw the request back on the free queue.  This
2229 	 * should never happen; resources will probably be lost.
2230 	 */
2231 	ciss_printf(sc, "WARNING: completed command with no submitter\n");
2232 	ciss_enqueue_free(cr);
2233     }
2234 }
2235 
2236 /************************************************************************
2237  * Report on the completion status of a request, and pass back SCSI
2238  * and command status values.
2239  */
2240 static int
2241 _ciss_report_request(struct ciss_request *cr, int *command_status, int *scsi_status, const char *func)
2242 {
2243     struct ciss_command		*cc;
2244     struct ciss_error_info	*ce;
2245 
2246     debug_called(2);
2247 
2248     cc = cr->cr_cc;
2249     ce = (struct ciss_error_info *)&(cc->sg[0]);
2250 
2251     /*
2252      * We don't consider data under/overrun an error for the Report
2253      * Logical/Physical LUNs commands.
2254      */
2255     if ((cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR) &&
2256 	((ce->command_status == CISS_CMD_STATUS_DATA_OVERRUN) ||
2257 	 (ce->command_status == CISS_CMD_STATUS_DATA_UNDERRUN)) &&
2258 	((cc->cdb.cdb[0] == CISS_OPCODE_REPORT_LOGICAL_LUNS) ||
2259 	 (cc->cdb.cdb[0] == CISS_OPCODE_REPORT_PHYSICAL_LUNS) ||
2260 	 (cc->cdb.cdb[0] == INQUIRY))) {
2261 	cc->header.host_tag &= ~CISS_HDR_HOST_TAG_ERROR;
2262 	debug(2, "ignoring irrelevant under/overrun error");
2263     }
2264 
2265     /*
2266      * Check the command's error bit, if clear, there's no status and
2267      * everything is OK.
2268      */
2269     if (!(cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR)) {
2270 	if (scsi_status != NULL)
2271 	    *scsi_status = SCSI_STATUS_OK;
2272 	if (command_status != NULL)
2273 	    *command_status = CISS_CMD_STATUS_SUCCESS;
2274 	return(0);
2275     } else {
2276 	if (command_status != NULL)
2277 	    *command_status = ce->command_status;
2278 	if (scsi_status != NULL) {
2279 	    if (ce->command_status == CISS_CMD_STATUS_TARGET_STATUS) {
2280 		*scsi_status = ce->scsi_status;
2281 	    } else {
2282 		*scsi_status = -1;
2283 	    }
2284 	}
2285 	if (bootverbose)
2286 	    ciss_printf(cr->cr_sc, "command status 0x%x (%s) scsi status 0x%x\n",
2287 			ce->command_status, ciss_name_command_status(ce->command_status),
2288 			ce->scsi_status);
2289 	if (ce->command_status == CISS_CMD_STATUS_INVALID_COMMAND) {
2290 	    ciss_printf(cr->cr_sc, "invalid command, offense size %d at %d, value 0x%x, function %s\n",
2291 			ce->additional_error_info.invalid_command.offense_size,
2292 			ce->additional_error_info.invalid_command.offense_offset,
2293 			ce->additional_error_info.invalid_command.offense_value,
2294 			func);
2295 	}
2296     }
2297 #if 0
2298     ciss_print_request(cr);
2299 #endif
2300     return(1);
2301 }
2302 
2303 /************************************************************************
2304  * Issue a request and don't return until it's completed.
2305  *
2306  * Depending on adapter status, we may poll or sleep waiting for
2307  * completion.
2308  */
2309 static int
2310 ciss_synch_request(struct ciss_request *cr, int timeout)
2311 {
2312     if (cr->cr_sc->ciss_flags & CISS_FLAG_RUNNING) {
2313 	return(ciss_wait_request(cr, timeout));
2314     } else {
2315 	return(ciss_poll_request(cr, timeout));
2316     }
2317 }
2318 
2319 /************************************************************************
2320  * Issue a request and poll for completion.
2321  *
2322  * Timeout in milliseconds.
2323  */
2324 static int
2325 ciss_poll_request(struct ciss_request *cr, int timeout)
2326 {
2327     cr_qhead_t qh;
2328     struct ciss_softc *sc;
2329     int		error;
2330 
2331     debug_called(2);
2332 
2333     STAILQ_INIT(&qh);
2334     sc = cr->cr_sc;
2335     cr->cr_flags |= CISS_REQ_POLL;
2336     if ((error = ciss_start(cr)) != 0)
2337 	return(error);
2338 
2339     do {
2340 	if (sc->ciss_perf)
2341 	    ciss_perf_done(sc, &qh);
2342 	else
2343 	    ciss_done(sc, &qh);
2344 	ciss_complete(sc, &qh);
2345 	if (!(cr->cr_flags & CISS_REQ_POLL))
2346 	    return(0);
2347 	DELAY(1000);
2348     } while (timeout-- >= 0);
2349     return(EWOULDBLOCK);
2350 }
2351 
2352 /************************************************************************
2353  * Issue a request and sleep waiting for completion.
2354  *
2355  * Timeout in milliseconds.  Note that a spurious wakeup will reset
2356  * the timeout.
2357  */
2358 static int
2359 ciss_wait_request(struct ciss_request *cr, int timeout)
2360 {
2361     int		error;
2362 
2363     debug_called(2);
2364 
2365     cr->cr_flags |= CISS_REQ_SLEEP;
2366     if ((error = ciss_start(cr)) != 0)
2367 	return(error);
2368 
2369     while ((cr->cr_flags & CISS_REQ_SLEEP) && (error != EWOULDBLOCK)) {
2370 	error = msleep(cr, &cr->cr_sc->ciss_mtx, PRIBIO, "cissREQ", (timeout * hz) / 1000);
2371     }
2372     return(error);
2373 }
2374 
2375 #if 0
2376 /************************************************************************
2377  * Abort a request.  Note that a potential exists here to race the
2378  * request being completed; the caller must deal with this.
2379  */
2380 static int
2381 ciss_abort_request(struct ciss_request *ar)
2382 {
2383     struct ciss_request		*cr;
2384     struct ciss_command		*cc;
2385     struct ciss_message_cdb	*cmc;
2386     int				error;
2387 
2388     debug_called(1);
2389 
2390     /* get a request */
2391     if ((error = ciss_get_request(ar->cr_sc, &cr)) != 0)
2392 	return(error);
2393 
2394     /* build the abort command */
2395     cc = cr->cr_cc;
2396     cc->header.address.mode.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;	/* addressing? */
2397     cc->header.address.physical.target = 0;
2398     cc->header.address.physical.bus = 0;
2399     cc->cdb.cdb_length = sizeof(*cmc);
2400     cc->cdb.type = CISS_CDB_TYPE_MESSAGE;
2401     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
2402     cc->cdb.direction = CISS_CDB_DIRECTION_NONE;
2403     cc->cdb.timeout = 30;
2404 
2405     cmc = (struct ciss_message_cdb *)&(cc->cdb.cdb[0]);
2406     cmc->opcode = CISS_OPCODE_MESSAGE_ABORT;
2407     cmc->type = CISS_MESSAGE_ABORT_TASK;
2408     cmc->abort_tag = ar->cr_tag;	/* endianness?? */
2409 
2410     /*
2411      * Send the request and wait for a response.  If we believe we
2412      * aborted the request OK, clear the flag that indicates it's
2413      * running.
2414      */
2415     error = ciss_synch_request(cr, 35 * 1000);
2416     if (!error)
2417 	error = ciss_report_request(cr, NULL, NULL);
2418     ciss_release_request(cr);
2419 
2420     return(error);
2421 }
2422 #endif
2423 
2424 
2425 /************************************************************************
2426  * Fetch and initialise a request
2427  */
2428 static int
2429 ciss_get_request(struct ciss_softc *sc, struct ciss_request **crp)
2430 {
2431     struct ciss_request *cr;
2432 
2433     debug_called(2);
2434 
2435     /*
2436      * Get a request and clean it up.
2437      */
2438     if ((cr = ciss_dequeue_free(sc)) == NULL)
2439 	return(ENOMEM);
2440 
2441     cr->cr_data = NULL;
2442     cr->cr_flags = 0;
2443     cr->cr_complete = NULL;
2444     cr->cr_private = NULL;
2445     cr->cr_sg_tag = CISS_SG_MAX;	/* Backstop to prevent accidents */
2446 
2447     ciss_preen_command(cr);
2448     *crp = cr;
2449     return(0);
2450 }
2451 
2452 static void
2453 ciss_preen_command(struct ciss_request *cr)
2454 {
2455     struct ciss_command	*cc;
2456     u_int32_t		cmdphys;
2457 
2458     /*
2459      * Clean up the command structure.
2460      *
2461      * Note that we set up the error_info structure here, since the
2462      * length can be overwritten by any command.
2463      */
2464     cc = cr->cr_cc;
2465     cc->header.sg_in_list = 0;		/* kinda inefficient this way */
2466     cc->header.sg_total = 0;
2467     cc->header.host_tag = cr->cr_tag << 2;
2468     cc->header.host_tag_zeroes = 0;
2469     cmdphys = cr->cr_ccphys;
2470     cc->error_info.error_info_address = cmdphys + sizeof(struct ciss_command);
2471     cc->error_info.error_info_length = CISS_COMMAND_ALLOC_SIZE - sizeof(struct ciss_command);
2472 }
2473 
2474 /************************************************************************
2475  * Release a request to the free list.
2476  */
2477 static void
2478 ciss_release_request(struct ciss_request *cr)
2479 {
2480     struct ciss_softc	*sc;
2481 
2482     debug_called(2);
2483 
2484     sc = cr->cr_sc;
2485 
2486     /* release the request to the free queue */
2487     ciss_requeue_free(cr);
2488 }
2489 
2490 /************************************************************************
2491  * Allocate a request that will be used to send a BMIC command.  Do some
2492  * of the common setup here to avoid duplicating it everywhere else.
2493  */
2494 static int
2495 ciss_get_bmic_request(struct ciss_softc *sc, struct ciss_request **crp,
2496 		      int opcode, void **bufp, size_t bufsize)
2497 {
2498     struct ciss_request		*cr;
2499     struct ciss_command		*cc;
2500     struct ciss_bmic_cdb	*cbc;
2501     void			*buf;
2502     int				error;
2503     int				dataout;
2504 
2505     debug_called(2);
2506 
2507     cr = NULL;
2508     buf = NULL;
2509 
2510     /*
2511      * Get a request.
2512      */
2513     if ((error = ciss_get_request(sc, &cr)) != 0)
2514 	goto out;
2515 
2516     /*
2517      * Allocate data storage if requested, determine the data direction.
2518      */
2519     dataout = 0;
2520     if ((bufsize > 0) && (bufp != NULL)) {
2521 	if (*bufp == NULL) {
2522 	    if ((buf = malloc(bufsize, CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO)) == NULL) {
2523 		error = ENOMEM;
2524 		goto out;
2525 	    }
2526 	} else {
2527 	    buf = *bufp;
2528 	    dataout = 1;	/* we are given a buffer, so we are writing */
2529 	}
2530     }
2531 
2532     /*
2533      * Build a CISS BMIC command to get the logical drive ID.
2534      */
2535     cr->cr_data = buf;
2536     cr->cr_length = bufsize;
2537     if (!dataout)
2538 	cr->cr_flags = CISS_REQ_DATAIN;
2539 
2540     cc = cr->cr_cc;
2541     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
2542     cc->header.address.physical.bus = 0;
2543     cc->header.address.physical.target = 0;
2544     cc->cdb.cdb_length = sizeof(*cbc);
2545     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
2546     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
2547     cc->cdb.direction = dataout ? CISS_CDB_DIRECTION_WRITE : CISS_CDB_DIRECTION_READ;
2548     cc->cdb.timeout = 0;
2549 
2550     cbc = (struct ciss_bmic_cdb *)&(cc->cdb.cdb[0]);
2551     bzero(cbc, sizeof(*cbc));
2552     cbc->opcode = dataout ? CISS_ARRAY_CONTROLLER_WRITE : CISS_ARRAY_CONTROLLER_READ;
2553     cbc->bmic_opcode = opcode;
2554     cbc->size = htons((u_int16_t)bufsize);
2555 
2556 out:
2557     if (error) {
2558 	if (cr != NULL)
2559 	    ciss_release_request(cr);
2560     } else {
2561 	*crp = cr;
2562 	if ((bufp != NULL) && (*bufp == NULL) && (buf != NULL))
2563 	    *bufp = buf;
2564     }
2565     return(error);
2566 }
2567 
2568 /************************************************************************
2569  * Handle a command passed in from userspace.
2570  */
2571 static int
2572 ciss_user_command(struct ciss_softc *sc, IOCTL_Command_struct *ioc)
2573 {
2574     struct ciss_request		*cr;
2575     struct ciss_command		*cc;
2576     struct ciss_error_info	*ce;
2577     int				error = 0;
2578 
2579     debug_called(1);
2580 
2581     cr = NULL;
2582 
2583     /*
2584      * Get a request.
2585      */
2586     while (ciss_get_request(sc, &cr) != 0)
2587 	msleep(sc, &sc->ciss_mtx, PPAUSE, "cissREQ", hz);
2588     cc = cr->cr_cc;
2589 
2590     /*
2591      * Allocate an in-kernel databuffer if required, copy in user data.
2592      */
2593     mtx_unlock(&sc->ciss_mtx);
2594     cr->cr_length = ioc->buf_size;
2595     if (ioc->buf_size > 0) {
2596 	if ((cr->cr_data = malloc(ioc->buf_size, CISS_MALLOC_CLASS, M_NOWAIT)) == NULL) {
2597 	    error = ENOMEM;
2598 	    goto out_unlocked;
2599 	}
2600 	if ((error = copyin(ioc->buf, cr->cr_data, ioc->buf_size))) {
2601 	    debug(0, "copyin: bad data buffer %p/%d", ioc->buf, ioc->buf_size);
2602 	    goto out_unlocked;
2603 	}
2604     }
2605 
2606     /*
2607      * Build the request based on the user command.
2608      */
2609     bcopy(&ioc->LUN_info, &cc->header.address, sizeof(cc->header.address));
2610     bcopy(&ioc->Request, &cc->cdb, sizeof(cc->cdb));
2611 
2612     /* XXX anything else to populate here? */
2613     mtx_lock(&sc->ciss_mtx);
2614 
2615     /*
2616      * Run the command.
2617      */
2618     if ((error = ciss_synch_request(cr, 60 * 1000))) {
2619 	debug(0, "request failed - %d", error);
2620 	goto out;
2621     }
2622 
2623     /*
2624      * Check to see if the command succeeded.
2625      */
2626     ce = (struct ciss_error_info *)&(cc->sg[0]);
2627     if ((cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR) == 0)
2628 	bzero(ce, sizeof(*ce));
2629 
2630     /*
2631      * Copy the results back to the user.
2632      */
2633     bcopy(ce, &ioc->error_info, sizeof(*ce));
2634     mtx_unlock(&sc->ciss_mtx);
2635     if ((ioc->buf_size > 0) &&
2636 	(error = copyout(cr->cr_data, ioc->buf, ioc->buf_size))) {
2637 	debug(0, "copyout: bad data buffer %p/%d", ioc->buf, ioc->buf_size);
2638 	goto out_unlocked;
2639     }
2640 
2641     /* done OK */
2642     error = 0;
2643 
2644 out_unlocked:
2645     mtx_lock(&sc->ciss_mtx);
2646 
2647 out:
2648     if ((cr != NULL) && (cr->cr_data != NULL))
2649 	free(cr->cr_data, CISS_MALLOC_CLASS);
2650     if (cr != NULL)
2651 	ciss_release_request(cr);
2652     return(error);
2653 }
2654 
2655 /************************************************************************
2656  * Map a request into bus-visible space, initialise the scatter/gather
2657  * list.
2658  */
2659 static int
2660 ciss_map_request(struct ciss_request *cr)
2661 {
2662     struct ciss_softc	*sc;
2663     int			error = 0;
2664 
2665     debug_called(2);
2666 
2667     sc = cr->cr_sc;
2668 
2669     /* check that mapping is necessary */
2670     if (cr->cr_flags & CISS_REQ_MAPPED)
2671 	return(0);
2672 
2673     cr->cr_flags |= CISS_REQ_MAPPED;
2674 
2675     bus_dmamap_sync(sc->ciss_command_dmat, sc->ciss_command_map,
2676 		    BUS_DMASYNC_PREWRITE);
2677 
2678     if (cr->cr_data != NULL) {
2679 	error = bus_dmamap_load(sc->ciss_buffer_dmat, cr->cr_datamap,
2680 				cr->cr_data, cr->cr_length,
2681 				ciss_request_map_helper, cr, 0);
2682 	if (error != 0)
2683 	    return (error);
2684     } else {
2685 	/*
2686 	 * Post the command to the adapter.
2687 	 */
2688 	cr->cr_sg_tag = CISS_SG_NONE;
2689 	cr->cr_flags |= CISS_REQ_BUSY;
2690 	if (sc->ciss_perf)
2691 	    CISS_TL_PERF_POST_CMD(sc, cr);
2692 	else
2693 	    CISS_TL_SIMPLE_POST_CMD(sc, cr->cr_ccphys);
2694     }
2695 
2696     return(0);
2697 }
2698 
2699 static void
2700 ciss_request_map_helper(void *arg, bus_dma_segment_t *segs, int nseg, int error)
2701 {
2702     struct ciss_command	*cc;
2703     struct ciss_request *cr;
2704     struct ciss_softc	*sc;
2705     int			i;
2706 
2707     debug_called(2);
2708 
2709     cr = (struct ciss_request *)arg;
2710     sc = cr->cr_sc;
2711     cc = cr->cr_cc;
2712 
2713     for (i = 0; i < nseg; i++) {
2714 	cc->sg[i].address = segs[i].ds_addr;
2715 	cc->sg[i].length = segs[i].ds_len;
2716 	cc->sg[i].extension = 0;
2717     }
2718     /* we leave the s/g table entirely within the command */
2719     cc->header.sg_in_list = nseg;
2720     cc->header.sg_total = nseg;
2721 
2722     if (cr->cr_flags & CISS_REQ_DATAIN)
2723 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_PREREAD);
2724     if (cr->cr_flags & CISS_REQ_DATAOUT)
2725 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_PREWRITE);
2726 
2727     if (nseg == 0)
2728 	cr->cr_sg_tag = CISS_SG_NONE;
2729     else if (nseg == 1)
2730 	cr->cr_sg_tag = CISS_SG_1;
2731     else if (nseg == 2)
2732 	cr->cr_sg_tag = CISS_SG_2;
2733     else if (nseg <= 4)
2734 	cr->cr_sg_tag = CISS_SG_4;
2735     else if (nseg <= 8)
2736 	cr->cr_sg_tag = CISS_SG_8;
2737     else if (nseg <= 16)
2738 	cr->cr_sg_tag = CISS_SG_16;
2739     else if (nseg <= 32)
2740 	cr->cr_sg_tag = CISS_SG_32;
2741     else
2742 	cr->cr_sg_tag = CISS_SG_MAX;
2743 
2744     /*
2745      * Post the command to the adapter.
2746      */
2747     cr->cr_flags |= CISS_REQ_BUSY;
2748     if (sc->ciss_perf)
2749 	CISS_TL_PERF_POST_CMD(sc, cr);
2750     else
2751 	CISS_TL_SIMPLE_POST_CMD(sc, cr->cr_ccphys);
2752 }
2753 
2754 /************************************************************************
2755  * Unmap a request from bus-visible space.
2756  */
2757 static void
2758 ciss_unmap_request(struct ciss_request *cr)
2759 {
2760     struct ciss_softc	*sc;
2761 
2762     debug_called(2);
2763 
2764     sc = cr->cr_sc;
2765 
2766     /* check that unmapping is necessary */
2767     if ((cr->cr_flags & CISS_REQ_MAPPED) == 0)
2768 	return;
2769 
2770     bus_dmamap_sync(sc->ciss_command_dmat, sc->ciss_command_map,
2771 		    BUS_DMASYNC_POSTWRITE);
2772 
2773     if (cr->cr_data == NULL)
2774 	goto out;
2775 
2776     if (cr->cr_flags & CISS_REQ_DATAIN)
2777 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_POSTREAD);
2778     if (cr->cr_flags & CISS_REQ_DATAOUT)
2779 	bus_dmamap_sync(sc->ciss_buffer_dmat, cr->cr_datamap, BUS_DMASYNC_POSTWRITE);
2780 
2781     bus_dmamap_unload(sc->ciss_buffer_dmat, cr->cr_datamap);
2782 out:
2783     cr->cr_flags &= ~CISS_REQ_MAPPED;
2784 }
2785 
2786 /************************************************************************
2787  * Attach the driver to CAM.
2788  *
2789  * We put all the logical drives on a single SCSI bus.
2790  */
2791 static int
2792 ciss_cam_init(struct ciss_softc *sc)
2793 {
2794     int			i, maxbus;
2795 
2796     debug_called(1);
2797 
2798     /*
2799      * Allocate a devq.  We can reuse this for the masked physical
2800      * devices if we decide to export these as well.
2801      */
2802     if ((sc->ciss_cam_devq = cam_simq_alloc(sc->ciss_max_requests - 2)) == NULL) {
2803 	ciss_printf(sc, "can't allocate CAM SIM queue\n");
2804 	return(ENOMEM);
2805     }
2806 
2807     /*
2808      * Create a SIM.
2809      *
2810      * This naturally wastes a bit of memory.  The alternative is to allocate
2811      * and register each bus as it is found, and then track them on a linked
2812      * list.  Unfortunately, the driver has a few places where it needs to
2813      * look up the SIM based solely on bus number, and it's unclear whether
2814      * a list traversal would work for these situations.
2815      */
2816     maxbus = max(sc->ciss_max_logical_bus, sc->ciss_max_physical_bus +
2817 		 CISS_PHYSICAL_BASE);
2818     sc->ciss_cam_sim = malloc(maxbus * sizeof(struct cam_sim*),
2819 			      CISS_MALLOC_CLASS, M_NOWAIT | M_ZERO);
2820     if (sc->ciss_cam_sim == NULL) {
2821 	ciss_printf(sc, "can't allocate memory for controller SIM\n");
2822 	return(ENOMEM);
2823     }
2824 
2825     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
2826 	if ((sc->ciss_cam_sim[i] = cam_sim_alloc(ciss_cam_action, ciss_cam_poll,
2827 						 "ciss", sc,
2828 						 device_get_unit(sc->ciss_dev),
2829 						 &sc->ciss_mtx,
2830 						 2,
2831 						 sc->ciss_max_requests - 2,
2832 						 sc->ciss_cam_devq)) == NULL) {
2833 	    ciss_printf(sc, "can't allocate CAM SIM for controller %d\n", i);
2834 	    return(ENOMEM);
2835 	}
2836 
2837 	/*
2838 	 * Register bus with this SIM.
2839 	 */
2840 	mtx_lock(&sc->ciss_mtx);
2841 	if (i == 0 || sc->ciss_controllers[i].physical.bus != 0) {
2842 	    if (xpt_bus_register(sc->ciss_cam_sim[i], sc->ciss_dev, i) != 0) {
2843 		ciss_printf(sc, "can't register SCSI bus %d\n", i);
2844 		mtx_unlock(&sc->ciss_mtx);
2845 		return (ENXIO);
2846 	    }
2847 	}
2848 	mtx_unlock(&sc->ciss_mtx);
2849     }
2850 
2851     for (i = CISS_PHYSICAL_BASE; i < sc->ciss_max_physical_bus +
2852 	 CISS_PHYSICAL_BASE; i++) {
2853 	if ((sc->ciss_cam_sim[i] = cam_sim_alloc(ciss_cam_action, ciss_cam_poll,
2854 						 "ciss", sc,
2855 						 device_get_unit(sc->ciss_dev),
2856 						 &sc->ciss_mtx, 1,
2857 						 sc->ciss_max_requests - 2,
2858 						 sc->ciss_cam_devq)) == NULL) {
2859 	    ciss_printf(sc, "can't allocate CAM SIM for controller %d\n", i);
2860 	    return (ENOMEM);
2861 	}
2862 
2863 	mtx_lock(&sc->ciss_mtx);
2864 	if (xpt_bus_register(sc->ciss_cam_sim[i], sc->ciss_dev, i) != 0) {
2865 	    ciss_printf(sc, "can't register SCSI bus %d\n", i);
2866 	    mtx_unlock(&sc->ciss_mtx);
2867 	    return (ENXIO);
2868 	}
2869 	mtx_unlock(&sc->ciss_mtx);
2870     }
2871 
2872     return(0);
2873 }
2874 
2875 /************************************************************************
2876  * Initiate a rescan of the 'logical devices' SIM
2877  */
2878 static void
2879 ciss_cam_rescan_target(struct ciss_softc *sc, int bus, int target)
2880 {
2881     union ccb		*ccb;
2882 
2883     debug_called(1);
2884 
2885     if ((ccb = xpt_alloc_ccb_nowait()) == NULL) {
2886 	ciss_printf(sc, "rescan failed (can't allocate CCB)\n");
2887 	return;
2888     }
2889 
2890     if (xpt_create_path(&ccb->ccb_h.path, xpt_periph,
2891 	    cam_sim_path(sc->ciss_cam_sim[bus]),
2892 	    target, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
2893 	ciss_printf(sc, "rescan failed (can't create path)\n");
2894 	xpt_free_ccb(ccb);
2895 	return;
2896     }
2897     xpt_rescan(ccb);
2898     /* scan is now in progress */
2899 }
2900 
2901 /************************************************************************
2902  * Handle requests coming from CAM
2903  */
2904 static void
2905 ciss_cam_action(struct cam_sim *sim, union ccb *ccb)
2906 {
2907     struct ciss_softc	*sc;
2908     struct ccb_scsiio	*csio;
2909     int			bus, target;
2910     int			physical;
2911 
2912     sc = cam_sim_softc(sim);
2913     bus = cam_sim_bus(sim);
2914     csio = (struct ccb_scsiio *)&ccb->csio;
2915     target = csio->ccb_h.target_id;
2916     physical = CISS_IS_PHYSICAL(bus);
2917 
2918     switch (ccb->ccb_h.func_code) {
2919 
2920 	/* perform SCSI I/O */
2921     case XPT_SCSI_IO:
2922 	if (!ciss_cam_action_io(sim, csio))
2923 	    return;
2924 	break;
2925 
2926 	/* perform geometry calculations */
2927     case XPT_CALC_GEOMETRY:
2928     {
2929 	struct ccb_calc_geometry	*ccg = &ccb->ccg;
2930 	struct ciss_ldrive		*ld;
2931 
2932 	debug(1, "XPT_CALC_GEOMETRY %d:%d:%d", cam_sim_bus(sim), ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
2933 
2934 	ld = NULL;
2935 	if (!physical)
2936 	    ld = &sc->ciss_logical[bus][target];
2937 
2938 	/*
2939 	 * Use the cached geometry settings unless the fault tolerance
2940 	 * is invalid.
2941 	 */
2942 	if (physical || ld->cl_geometry.fault_tolerance == 0xFF) {
2943 	    u_int32_t			secs_per_cylinder;
2944 
2945 	    ccg->heads = 255;
2946 	    ccg->secs_per_track = 32;
2947 	    secs_per_cylinder = ccg->heads * ccg->secs_per_track;
2948 	    ccg->cylinders = ccg->volume_size / secs_per_cylinder;
2949 	} else {
2950 	    ccg->heads = ld->cl_geometry.heads;
2951 	    ccg->secs_per_track = ld->cl_geometry.sectors;
2952 	    ccg->cylinders = ntohs(ld->cl_geometry.cylinders);
2953 	}
2954 	ccb->ccb_h.status = CAM_REQ_CMP;
2955         break;
2956     }
2957 
2958 	/* handle path attribute inquiry */
2959     case XPT_PATH_INQ:
2960     {
2961 	struct ccb_pathinq	*cpi = &ccb->cpi;
2962 
2963 	debug(1, "XPT_PATH_INQ %d:%d:%d", cam_sim_bus(sim), ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
2964 
2965 	cpi->version_num = 1;
2966 	cpi->hba_inquiry = PI_TAG_ABLE;	/* XXX is this correct? */
2967 	cpi->target_sprt = 0;
2968 	cpi->hba_misc = 0;
2969 	cpi->max_target = CISS_MAX_LOGICAL;
2970 	cpi->max_lun = 0;		/* 'logical drive' channel only */
2971 	cpi->initiator_id = CISS_MAX_LOGICAL;
2972 	strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2973         strncpy(cpi->hba_vid, "msmith@freebsd.org", HBA_IDLEN);
2974         strncpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
2975         cpi->unit_number = cam_sim_unit(sim);
2976         cpi->bus_id = cam_sim_bus(sim);
2977 	cpi->base_transfer_speed = 132 * 1024;	/* XXX what to set this to? */
2978 	cpi->transport = XPORT_SPI;
2979 	cpi->transport_version = 2;
2980 	cpi->protocol = PROTO_SCSI;
2981 	cpi->protocol_version = SCSI_REV_2;
2982 	cpi->maxio = (CISS_MAX_SG_ELEMENTS - 1) * PAGE_SIZE;
2983 	ccb->ccb_h.status = CAM_REQ_CMP;
2984 	break;
2985     }
2986 
2987     case XPT_GET_TRAN_SETTINGS:
2988     {
2989 	struct ccb_trans_settings	*cts = &ccb->cts;
2990 	int				bus, target;
2991 	struct ccb_trans_settings_spi *spi = &cts->xport_specific.spi;
2992 	struct ccb_trans_settings_scsi *scsi = &cts->proto_specific.scsi;
2993 
2994 	bus = cam_sim_bus(sim);
2995 	target = cts->ccb_h.target_id;
2996 
2997 	debug(1, "XPT_GET_TRAN_SETTINGS %d:%d", bus, target);
2998 	/* disconnect always OK */
2999 	cts->protocol = PROTO_SCSI;
3000 	cts->protocol_version = SCSI_REV_2;
3001 	cts->transport = XPORT_SPI;
3002 	cts->transport_version = 2;
3003 
3004 	spi->valid = CTS_SPI_VALID_DISC;
3005 	spi->flags = CTS_SPI_FLAGS_DISC_ENB;
3006 
3007 	scsi->valid = CTS_SCSI_VALID_TQ;
3008 	scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
3009 
3010 	cts->ccb_h.status = CAM_REQ_CMP;
3011 	break;
3012     }
3013 
3014     default:		/* we can't do this */
3015 	debug(1, "unspported func_code = 0x%x", ccb->ccb_h.func_code);
3016 	ccb->ccb_h.status = CAM_REQ_INVALID;
3017 	break;
3018     }
3019 
3020     xpt_done(ccb);
3021 }
3022 
3023 /************************************************************************
3024  * Handle a CAM SCSI I/O request.
3025  */
3026 static int
3027 ciss_cam_action_io(struct cam_sim *sim, struct ccb_scsiio *csio)
3028 {
3029     struct ciss_softc	*sc;
3030     int			bus, target;
3031     struct ciss_request	*cr;
3032     struct ciss_command	*cc;
3033     int			error;
3034 
3035     sc = cam_sim_softc(sim);
3036     bus = cam_sim_bus(sim);
3037     target = csio->ccb_h.target_id;
3038 
3039     debug(2, "XPT_SCSI_IO %d:%d:%d", bus, target, csio->ccb_h.target_lun);
3040 
3041     /* check that the CDB pointer is not to a physical address */
3042     if ((csio->ccb_h.flags & CAM_CDB_POINTER) && (csio->ccb_h.flags & CAM_CDB_PHYS)) {
3043 	debug(3, "  CDB pointer is to physical address");
3044 	csio->ccb_h.status = CAM_REQ_CMP_ERR;
3045     }
3046 
3047     /* if there is data transfer, it must be to/from a virtual address */
3048     if ((csio->ccb_h.flags & CAM_DIR_MASK) != CAM_DIR_NONE) {
3049 	if (csio->ccb_h.flags & CAM_DATA_PHYS) {		/* we can't map it */
3050 	    debug(3, "  data pointer is to physical address");
3051 	    csio->ccb_h.status = CAM_REQ_CMP_ERR;
3052 	}
3053 	if (csio->ccb_h.flags & CAM_SCATTER_VALID) {	/* we want to do the s/g setup */
3054 	    debug(3, "  data has premature s/g setup");
3055 	    csio->ccb_h.status = CAM_REQ_CMP_ERR;
3056 	}
3057     }
3058 
3059     /* abandon aborted ccbs or those that have failed validation */
3060     if ((csio->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_INPROG) {
3061 	debug(3, "abandoning CCB due to abort/validation failure");
3062 	return(EINVAL);
3063     }
3064 
3065     /* handle emulation of some SCSI commands ourself */
3066     if (ciss_cam_emulate(sc, csio))
3067 	return(0);
3068 
3069     /*
3070      * Get a request to manage this command.  If we can't, return the
3071      * ccb, freeze the queue and flag so that we unfreeze it when a
3072      * request completes.
3073      */
3074     if ((error = ciss_get_request(sc, &cr)) != 0) {
3075 	xpt_freeze_simq(sim, 1);
3076 	sc->ciss_flags |= CISS_FLAG_BUSY;
3077 	csio->ccb_h.status |= CAM_REQUEUE_REQ;
3078 	return(error);
3079     }
3080 
3081     /*
3082      * Build the command.
3083      */
3084     cc = cr->cr_cc;
3085     cr->cr_data = csio->data_ptr;
3086     cr->cr_length = csio->dxfer_len;
3087     cr->cr_complete = ciss_cam_complete;
3088     cr->cr_private = csio;
3089 
3090     /*
3091      * Target the right logical volume.
3092      */
3093     if (CISS_IS_PHYSICAL(bus))
3094 	cc->header.address =
3095 	    sc->ciss_physical[CISS_CAM_TO_PBUS(bus)][target].cp_address;
3096     else
3097 	cc->header.address =
3098 	    sc->ciss_logical[bus][target].cl_address;
3099     cc->cdb.cdb_length = csio->cdb_len;
3100     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
3101     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;	/* XXX ordered tags? */
3102     if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_OUT) {
3103 	cr->cr_flags = CISS_REQ_DATAOUT;
3104 	cc->cdb.direction = CISS_CDB_DIRECTION_WRITE;
3105     } else if ((csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) {
3106 	cr->cr_flags = CISS_REQ_DATAIN;
3107 	cc->cdb.direction = CISS_CDB_DIRECTION_READ;
3108     } else {
3109 	cr->cr_flags = 0;
3110 	cc->cdb.direction = CISS_CDB_DIRECTION_NONE;
3111     }
3112     cc->cdb.timeout = (csio->ccb_h.timeout / 1000) + 1;
3113     if (csio->ccb_h.flags & CAM_CDB_POINTER) {
3114 	bcopy(csio->cdb_io.cdb_ptr, &cc->cdb.cdb[0], csio->cdb_len);
3115     } else {
3116 	bcopy(csio->cdb_io.cdb_bytes, &cc->cdb.cdb[0], csio->cdb_len);
3117     }
3118 
3119     /*
3120      * Submit the request to the adapter.
3121      *
3122      * Note that this may fail if we're unable to map the request (and
3123      * if we ever learn a transport layer other than simple, may fail
3124      * if the adapter rejects the command).
3125      */
3126     if ((error = ciss_start(cr)) != 0) {
3127 	xpt_freeze_simq(sim, 1);
3128 	csio->ccb_h.status |= CAM_RELEASE_SIMQ;
3129 	if (error == EINPROGRESS) {
3130 	    error = 0;
3131 	} else {
3132 	    csio->ccb_h.status |= CAM_REQUEUE_REQ;
3133 	    ciss_release_request(cr);
3134 	}
3135 	return(error);
3136     }
3137 
3138     return(0);
3139 }
3140 
3141 /************************************************************************
3142  * Emulate SCSI commands the adapter doesn't handle as we might like.
3143  */
3144 static int
3145 ciss_cam_emulate(struct ciss_softc *sc, struct ccb_scsiio *csio)
3146 {
3147     int		bus, target;
3148     u_int8_t	opcode;
3149 
3150     target = csio->ccb_h.target_id;
3151     bus = cam_sim_bus(xpt_path_sim(csio->ccb_h.path));
3152     opcode = (csio->ccb_h.flags & CAM_CDB_POINTER) ?
3153 	*(u_int8_t *)csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes[0];
3154 
3155     if (CISS_IS_PHYSICAL(bus)) {
3156 	if (sc->ciss_physical[CISS_CAM_TO_PBUS(bus)][target].cp_online != 1) {
3157 	    csio->ccb_h.status |= CAM_SEL_TIMEOUT;
3158 	    xpt_done((union ccb *)csio);
3159 	    return(1);
3160 	} else
3161 	    return(0);
3162     }
3163 
3164     /*
3165      * Handle requests for volumes that don't exist or are not online.
3166      * A selection timeout is slightly better than an illegal request.
3167      * Other errors might be better.
3168      */
3169     if (sc->ciss_logical[bus][target].cl_status != CISS_LD_ONLINE) {
3170 	csio->ccb_h.status |= CAM_SEL_TIMEOUT;
3171 	xpt_done((union ccb *)csio);
3172 	return(1);
3173     }
3174 
3175     /* if we have to fake Synchronise Cache */
3176     if (sc->ciss_flags & CISS_FLAG_FAKE_SYNCH) {
3177 	/*
3178 	 * If this is a Synchronise Cache command, typically issued when
3179 	 * a device is closed, flush the adapter and complete now.
3180 	 */
3181 	if (((csio->ccb_h.flags & CAM_CDB_POINTER) ?
3182 	     *(u_int8_t *)csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes[0]) == SYNCHRONIZE_CACHE) {
3183 	    ciss_flush_adapter(sc);
3184 	    csio->ccb_h.status |= CAM_REQ_CMP;
3185 	    xpt_done((union ccb *)csio);
3186 	    return(1);
3187 	}
3188     }
3189 
3190     return(0);
3191 }
3192 
3193 /************************************************************************
3194  * Check for possibly-completed commands.
3195  */
3196 static void
3197 ciss_cam_poll(struct cam_sim *sim)
3198 {
3199     cr_qhead_t qh;
3200     struct ciss_softc	*sc = cam_sim_softc(sim);
3201 
3202     debug_called(2);
3203 
3204     STAILQ_INIT(&qh);
3205     if (sc->ciss_perf)
3206 	ciss_perf_done(sc, &qh);
3207     else
3208 	ciss_done(sc, &qh);
3209     ciss_complete(sc, &qh);
3210 }
3211 
3212 /************************************************************************
3213  * Handle completion of a command - pass results back through the CCB
3214  */
3215 static void
3216 ciss_cam_complete(struct ciss_request *cr)
3217 {
3218     struct ciss_softc		*sc;
3219     struct ciss_command		*cc;
3220     struct ciss_error_info	*ce;
3221     struct ccb_scsiio		*csio;
3222     int				scsi_status;
3223     int				command_status;
3224 
3225     debug_called(2);
3226 
3227     sc = cr->cr_sc;
3228     cc = cr->cr_cc;
3229     ce = (struct ciss_error_info *)&(cc->sg[0]);
3230     csio = (struct ccb_scsiio *)cr->cr_private;
3231 
3232     /*
3233      * Extract status values from request.
3234      */
3235     ciss_report_request(cr, &command_status, &scsi_status);
3236     csio->scsi_status = scsi_status;
3237 
3238     /*
3239      * Handle specific SCSI status values.
3240      */
3241     switch(scsi_status) {
3242 	/* no status due to adapter error */
3243     case -1:
3244 	debug(0, "adapter error");
3245 	csio->ccb_h.status |= CAM_REQ_CMP_ERR;
3246 	break;
3247 
3248 	/* no status due to command completed OK */
3249     case SCSI_STATUS_OK:		/* CISS_SCSI_STATUS_GOOD */
3250 	debug(2, "SCSI_STATUS_OK");
3251 	csio->ccb_h.status |= CAM_REQ_CMP;
3252 	break;
3253 
3254 	/* check condition, sense data included */
3255     case SCSI_STATUS_CHECK_COND:	/* CISS_SCSI_STATUS_CHECK_CONDITION */
3256 	debug(0, "SCSI_STATUS_CHECK_COND  sense size %d  resid %d\n",
3257 	      ce->sense_length, ce->residual_count);
3258 	bzero(&csio->sense_data, SSD_FULL_SIZE);
3259 	bcopy(&ce->sense_info[0], &csio->sense_data, ce->sense_length);
3260 	if (csio->sense_len > ce->sense_length)
3261 		csio->sense_resid = csio->sense_len - ce->sense_length;
3262 	else
3263 		csio->sense_resid = 0;
3264 	csio->resid = ce->residual_count;
3265 	csio->ccb_h.status |= CAM_SCSI_STATUS_ERROR | CAM_AUTOSNS_VALID;
3266 #ifdef CISS_DEBUG
3267 	{
3268 	    struct scsi_sense_data	*sns = (struct scsi_sense_data *)&ce->sense_info[0];
3269 	    debug(0, "sense key %x", scsi_get_sense_key(sns, csio->sense_len -
3270 		  csio->sense_resid, /*show_errors*/ 1));
3271 	}
3272 #endif
3273 	break;
3274 
3275     case SCSI_STATUS_BUSY:		/* CISS_SCSI_STATUS_BUSY */
3276 	debug(0, "SCSI_STATUS_BUSY");
3277 	csio->ccb_h.status |= CAM_SCSI_BUSY;
3278 	break;
3279 
3280     default:
3281 	debug(0, "unknown status 0x%x", csio->scsi_status);
3282 	csio->ccb_h.status |= CAM_REQ_CMP_ERR;
3283 	break;
3284     }
3285 
3286     /* handle post-command fixup */
3287     ciss_cam_complete_fixup(sc, csio);
3288 
3289     ciss_release_request(cr);
3290     if (sc->ciss_flags & CISS_FLAG_BUSY) {
3291 	sc->ciss_flags &= ~CISS_FLAG_BUSY;
3292 	if (csio->ccb_h.status & CAM_RELEASE_SIMQ)
3293 	    xpt_release_simq(xpt_path_sim(csio->ccb_h.path), 0);
3294 	else
3295 	    csio->ccb_h.status |= CAM_RELEASE_SIMQ;
3296     }
3297     xpt_done((union ccb *)csio);
3298 }
3299 
3300 /********************************************************************************
3301  * Fix up the result of some commands here.
3302  */
3303 static void
3304 ciss_cam_complete_fixup(struct ciss_softc *sc, struct ccb_scsiio *csio)
3305 {
3306     struct scsi_inquiry_data	*inq;
3307     struct ciss_ldrive		*cl;
3308     uint8_t			*cdb;
3309     int				bus, target;
3310 
3311     cdb = (csio->ccb_h.flags & CAM_CDB_POINTER) ?
3312 	 (uint8_t *)csio->cdb_io.cdb_ptr : csio->cdb_io.cdb_bytes;
3313     if (cdb[0] == INQUIRY &&
3314 	(cdb[1] & SI_EVPD) == 0 &&
3315 	(csio->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN &&
3316 	csio->dxfer_len >= SHORT_INQUIRY_LENGTH) {
3317 
3318 	inq = (struct scsi_inquiry_data *)csio->data_ptr;
3319 	target = csio->ccb_h.target_id;
3320 	bus = cam_sim_bus(xpt_path_sim(csio->ccb_h.path));
3321 
3322 	/*
3323 	 * Don't let hard drives be seen by the DA driver.  They will still be
3324 	 * attached by the PASS driver.
3325 	 */
3326 	if (CISS_IS_PHYSICAL(bus)) {
3327 	    if (SID_TYPE(inq) == T_DIRECT)
3328 		inq->device = (inq->device & 0xe0) | T_NODEVICE;
3329 	    return;
3330 	}
3331 
3332 	cl = &sc->ciss_logical[bus][target];
3333 
3334 	padstr(inq->vendor, "COMPAQ", 8);
3335 	padstr(inq->product, ciss_name_ldrive_org(cl->cl_ldrive->fault_tolerance), 8);
3336 	padstr(inq->revision, ciss_name_ldrive_status(cl->cl_lstatus->status), 16);
3337     }
3338 }
3339 
3340 
3341 /********************************************************************************
3342  * Find a peripheral attached at (target)
3343  */
3344 static struct cam_periph *
3345 ciss_find_periph(struct ciss_softc *sc, int bus, int target)
3346 {
3347     struct cam_periph	*periph;
3348     struct cam_path	*path;
3349     int			status;
3350 
3351     status = xpt_create_path(&path, NULL, cam_sim_path(sc->ciss_cam_sim[bus]),
3352 			     target, 0);
3353     if (status == CAM_REQ_CMP) {
3354 	periph = cam_periph_find(path, NULL);
3355 	xpt_free_path(path);
3356     } else {
3357 	periph = NULL;
3358     }
3359     return(periph);
3360 }
3361 
3362 /********************************************************************************
3363  * Name the device at (target)
3364  *
3365  * XXX is this strictly correct?
3366  */
3367 static int
3368 ciss_name_device(struct ciss_softc *sc, int bus, int target)
3369 {
3370     struct cam_periph	*periph;
3371 
3372     if (CISS_IS_PHYSICAL(bus))
3373 	return (0);
3374     if ((periph = ciss_find_periph(sc, bus, target)) != NULL) {
3375 	sprintf(sc->ciss_logical[bus][target].cl_name, "%s%d",
3376 		periph->periph_name, periph->unit_number);
3377 	return(0);
3378     }
3379     sc->ciss_logical[bus][target].cl_name[0] = 0;
3380     return(ENOENT);
3381 }
3382 
3383 /************************************************************************
3384  * Periodic status monitoring.
3385  */
3386 static void
3387 ciss_periodic(void *arg)
3388 {
3389     struct ciss_softc	*sc;
3390     struct ciss_request	*cr = NULL;
3391     struct ciss_command	*cc = NULL;
3392     int			error = 0;
3393 
3394     debug_called(1);
3395 
3396     sc = (struct ciss_softc *)arg;
3397 
3398     /*
3399      * Check the adapter heartbeat.
3400      */
3401     if (sc->ciss_cfg->heartbeat == sc->ciss_heartbeat) {
3402 	sc->ciss_heart_attack++;
3403 	debug(0, "adapter heart attack in progress 0x%x/%d",
3404 	      sc->ciss_heartbeat, sc->ciss_heart_attack);
3405 	if (sc->ciss_heart_attack == 3) {
3406 	    ciss_printf(sc, "ADAPTER HEARTBEAT FAILED\n");
3407 	    ciss_disable_adapter(sc);
3408 	    return;
3409 	}
3410     } else {
3411 	sc->ciss_heartbeat = sc->ciss_cfg->heartbeat;
3412 	sc->ciss_heart_attack = 0;
3413 	debug(3, "new heartbeat 0x%x", sc->ciss_heartbeat);
3414     }
3415 
3416     /*
3417      * Send the NOP message and wait for a response.
3418      */
3419     if (ciss_nop_message_heartbeat != 0 && (error = ciss_get_request(sc, &cr)) == 0) {
3420 	cc = cr->cr_cc;
3421 	cr->cr_complete = ciss_nop_complete;
3422 	cc->cdb.cdb_length = 1;
3423 	cc->cdb.type = CISS_CDB_TYPE_MESSAGE;
3424 	cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
3425 	cc->cdb.direction = CISS_CDB_DIRECTION_WRITE;
3426 	cc->cdb.timeout = 0;
3427 	cc->cdb.cdb[0] = CISS_OPCODE_MESSAGE_NOP;
3428 
3429 	if ((error = ciss_start(cr)) != 0) {
3430 	    ciss_printf(sc, "SENDING NOP MESSAGE FAILED\n");
3431 	}
3432     }
3433 
3434     /*
3435      * If the notify event request has died for some reason, or has
3436      * not started yet, restart it.
3437      */
3438     if (!(sc->ciss_flags & CISS_FLAG_NOTIFY_OK)) {
3439 	debug(0, "(re)starting Event Notify chain");
3440 	ciss_notify_event(sc);
3441     }
3442 
3443     /*
3444      * Reschedule.
3445      */
3446     callout_reset(&sc->ciss_periodic, CISS_HEARTBEAT_RATE * hz, ciss_periodic, sc);
3447 }
3448 
3449 static void
3450 ciss_nop_complete(struct ciss_request *cr)
3451 {
3452     struct ciss_softc		*sc;
3453     static int			first_time = 1;
3454 
3455     sc = cr->cr_sc;
3456     if (ciss_report_request(cr, NULL, NULL) != 0) {
3457 	if (first_time == 1) {
3458 	    first_time = 0;
3459 	    ciss_printf(sc, "SENDING NOP MESSAGE FAILED (not logging anymore)\n");
3460 	}
3461     }
3462 
3463     ciss_release_request(cr);
3464 }
3465 
3466 /************************************************************************
3467  * Disable the adapter.
3468  *
3469  * The all requests in completed queue is failed with hardware error.
3470  * This will cause failover in a multipath configuration.
3471  */
3472 static void
3473 ciss_disable_adapter(struct ciss_softc *sc)
3474 {
3475     cr_qhead_t			qh;
3476     struct ciss_request		*cr;
3477     struct ciss_command		*cc;
3478     struct ciss_error_info	*ce;
3479     int				i;
3480 
3481     CISS_TL_SIMPLE_DISABLE_INTERRUPTS(sc);
3482     pci_disable_busmaster(sc->ciss_dev);
3483     sc->ciss_flags &= ~CISS_FLAG_RUNNING;
3484 
3485     for (i = 1; i < sc->ciss_max_requests; i++) {
3486 	cr = &sc->ciss_request[i];
3487 	if ((cr->cr_flags & CISS_REQ_BUSY) == 0)
3488 	    continue;
3489 
3490 	cc = cr->cr_cc;
3491 	ce = (struct ciss_error_info *)&(cc->sg[0]);
3492 	ce->command_status = CISS_CMD_STATUS_HARDWARE_ERROR;
3493 	ciss_enqueue_complete(cr, &qh);
3494     }
3495 
3496     for (;;) {
3497 	if ((cr = ciss_dequeue_complete(sc, &qh)) == NULL)
3498 	    break;
3499 
3500 	/*
3501 	 * If the request has a callback, invoke it.
3502 	 */
3503 	if (cr->cr_complete != NULL) {
3504 	    cr->cr_complete(cr);
3505 	    continue;
3506 	}
3507 
3508 	/*
3509 	 * If someone is sleeping on this request, wake them up.
3510 	 */
3511 	if (cr->cr_flags & CISS_REQ_SLEEP) {
3512 	    cr->cr_flags &= ~CISS_REQ_SLEEP;
3513 	    wakeup(cr);
3514 	    continue;
3515 	}
3516     }
3517 }
3518 
3519 /************************************************************************
3520  * Request a notification response from the adapter.
3521  *
3522  * If (cr) is NULL, this is the first request of the adapter, so
3523  * reset the adapter's message pointer and start with the oldest
3524  * message available.
3525  */
3526 static void
3527 ciss_notify_event(struct ciss_softc *sc)
3528 {
3529     struct ciss_request		*cr;
3530     struct ciss_command		*cc;
3531     struct ciss_notify_cdb	*cnc;
3532     int				error;
3533 
3534     debug_called(1);
3535 
3536     cr = sc->ciss_periodic_notify;
3537 
3538     /* get a request if we don't already have one */
3539     if (cr == NULL) {
3540 	if ((error = ciss_get_request(sc, &cr)) != 0) {
3541 	    debug(0, "can't get notify event request");
3542 	    goto out;
3543 	}
3544 	sc->ciss_periodic_notify = cr;
3545 	cr->cr_complete = ciss_notify_complete;
3546 	debug(1, "acquired request %d", cr->cr_tag);
3547     }
3548 
3549     /*
3550      * Get a databuffer if we don't already have one, note that the
3551      * adapter command wants a larger buffer than the actual
3552      * structure.
3553      */
3554     if (cr->cr_data == NULL) {
3555 	if ((cr->cr_data = malloc(CISS_NOTIFY_DATA_SIZE, CISS_MALLOC_CLASS, M_NOWAIT)) == NULL) {
3556 	    debug(0, "can't get notify event request buffer");
3557 	    error = ENOMEM;
3558 	    goto out;
3559 	}
3560 	cr->cr_length = CISS_NOTIFY_DATA_SIZE;
3561     }
3562 
3563     /* re-setup the request's command (since we never release it) XXX overkill*/
3564     ciss_preen_command(cr);
3565 
3566     /* (re)build the notify event command */
3567     cc = cr->cr_cc;
3568     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
3569     cc->header.address.physical.bus = 0;
3570     cc->header.address.physical.target = 0;
3571 
3572     cc->cdb.cdb_length = sizeof(*cnc);
3573     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
3574     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
3575     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
3576     cc->cdb.timeout = 0;	/* no timeout, we hope */
3577 
3578     cnc = (struct ciss_notify_cdb *)&(cc->cdb.cdb[0]);
3579     bzero(cr->cr_data, CISS_NOTIFY_DATA_SIZE);
3580     cnc->opcode = CISS_OPCODE_READ;
3581     cnc->command = CISS_COMMAND_NOTIFY_ON_EVENT;
3582     cnc->timeout = 0;		/* no timeout, we hope */
3583     cnc->synchronous = 0;
3584     cnc->ordered = 0;
3585     cnc->seek_to_oldest = 0;
3586     if ((sc->ciss_flags & CISS_FLAG_RUNNING) == 0)
3587 	cnc->new_only = 1;
3588     else
3589 	cnc->new_only = 0;
3590     cnc->length = htonl(CISS_NOTIFY_DATA_SIZE);
3591 
3592     /* submit the request */
3593     error = ciss_start(cr);
3594 
3595  out:
3596     if (error) {
3597 	if (cr != NULL) {
3598 	    if (cr->cr_data != NULL)
3599 		free(cr->cr_data, CISS_MALLOC_CLASS);
3600 	    ciss_release_request(cr);
3601 	}
3602 	sc->ciss_periodic_notify = NULL;
3603 	debug(0, "can't submit notify event request");
3604 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3605     } else {
3606 	debug(1, "notify event submitted");
3607 	sc->ciss_flags |= CISS_FLAG_NOTIFY_OK;
3608     }
3609 }
3610 
3611 static void
3612 ciss_notify_complete(struct ciss_request *cr)
3613 {
3614     struct ciss_command	*cc;
3615     struct ciss_notify	*cn;
3616     struct ciss_softc	*sc;
3617     int			scsi_status;
3618     int			command_status;
3619     debug_called(1);
3620 
3621     cc = cr->cr_cc;
3622     cn = (struct ciss_notify *)cr->cr_data;
3623     sc = cr->cr_sc;
3624 
3625     /*
3626      * Report request results, decode status.
3627      */
3628     ciss_report_request(cr, &command_status, &scsi_status);
3629 
3630     /*
3631      * Abort the chain on a fatal error.
3632      *
3633      * XXX which of these are actually errors?
3634      */
3635     if ((command_status != CISS_CMD_STATUS_SUCCESS) &&
3636 	(command_status != CISS_CMD_STATUS_TARGET_STATUS) &&
3637 	(command_status != CISS_CMD_STATUS_TIMEOUT)) {	/* XXX timeout? */
3638 	ciss_printf(sc, "fatal error in Notify Event request (%s)\n",
3639 		    ciss_name_command_status(command_status));
3640 	ciss_release_request(cr);
3641 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3642 	return;
3643     }
3644 
3645     /*
3646      * If the adapter gave us a text message, print it.
3647      */
3648     if (cn->message[0] != 0)
3649 	ciss_printf(sc, "*** %.80s\n", cn->message);
3650 
3651     debug(0, "notify event class %d subclass %d detail %d",
3652 		cn->class, cn->subclass, cn->detail);
3653 
3654     /*
3655      * If the response indicates that the notifier has been aborted,
3656      * release the notifier command.
3657      */
3658     if ((cn->class == CISS_NOTIFY_NOTIFIER) &&
3659 	(cn->subclass == CISS_NOTIFY_NOTIFIER_STATUS) &&
3660 	(cn->detail == 1)) {
3661 	debug(0, "notifier exiting");
3662 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3663 	ciss_release_request(cr);
3664 	sc->ciss_periodic_notify = NULL;
3665 	wakeup(&sc->ciss_periodic_notify);
3666     } else {
3667 	/* Handle notify events in a kernel thread */
3668 	ciss_enqueue_notify(cr);
3669 	sc->ciss_periodic_notify = NULL;
3670 	wakeup(&sc->ciss_periodic_notify);
3671 	wakeup(&sc->ciss_notify);
3672     }
3673     /*
3674      * Send a new notify event command, if we're not aborting.
3675      */
3676     if (!(sc->ciss_flags & CISS_FLAG_ABORTING)) {
3677 	ciss_notify_event(sc);
3678     }
3679 }
3680 
3681 /************************************************************************
3682  * Abort the Notify Event chain.
3683  *
3684  * Note that we can't just abort the command in progress; we have to
3685  * explicitly issue an Abort Notify Event command in order for the
3686  * adapter to clean up correctly.
3687  *
3688  * If we are called with CISS_FLAG_ABORTING set in the adapter softc,
3689  * the chain will not restart itself.
3690  */
3691 static int
3692 ciss_notify_abort(struct ciss_softc *sc)
3693 {
3694     struct ciss_request		*cr;
3695     struct ciss_command		*cc;
3696     struct ciss_notify_cdb	*cnc;
3697     int				error, command_status, scsi_status;
3698 
3699     debug_called(1);
3700 
3701     cr = NULL;
3702     error = 0;
3703 
3704     /* verify that there's an outstanding command */
3705     if (!(sc->ciss_flags & CISS_FLAG_NOTIFY_OK))
3706 	goto out;
3707 
3708     /* get a command to issue the abort with */
3709     if ((error = ciss_get_request(sc, &cr)))
3710 	goto out;
3711 
3712     /* get a buffer for the result */
3713     if ((cr->cr_data = malloc(CISS_NOTIFY_DATA_SIZE, CISS_MALLOC_CLASS, M_NOWAIT)) == NULL) {
3714 	debug(0, "can't get notify event request buffer");
3715 	error = ENOMEM;
3716 	goto out;
3717     }
3718     cr->cr_length = CISS_NOTIFY_DATA_SIZE;
3719 
3720     /* build the CDB */
3721     cc = cr->cr_cc;
3722     cc->header.address.physical.mode = CISS_HDR_ADDRESS_MODE_PERIPHERAL;
3723     cc->header.address.physical.bus = 0;
3724     cc->header.address.physical.target = 0;
3725     cc->cdb.cdb_length = sizeof(*cnc);
3726     cc->cdb.type = CISS_CDB_TYPE_COMMAND;
3727     cc->cdb.attribute = CISS_CDB_ATTRIBUTE_SIMPLE;
3728     cc->cdb.direction = CISS_CDB_DIRECTION_READ;
3729     cc->cdb.timeout = 0;	/* no timeout, we hope */
3730 
3731     cnc = (struct ciss_notify_cdb *)&(cc->cdb.cdb[0]);
3732     bzero(cnc, sizeof(*cnc));
3733     cnc->opcode = CISS_OPCODE_WRITE;
3734     cnc->command = CISS_COMMAND_ABORT_NOTIFY;
3735     cnc->length = htonl(CISS_NOTIFY_DATA_SIZE);
3736 
3737     ciss_print_request(cr);
3738 
3739     /*
3740      * Submit the request and wait for it to complete.
3741      */
3742     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
3743 	ciss_printf(sc, "Abort Notify Event command failed (%d)\n", error);
3744 	goto out;
3745     }
3746 
3747     /*
3748      * Check response.
3749      */
3750     ciss_report_request(cr, &command_status, &scsi_status);
3751     switch(command_status) {
3752     case CISS_CMD_STATUS_SUCCESS:
3753 	break;
3754     case CISS_CMD_STATUS_INVALID_COMMAND:
3755 	/*
3756 	 * Some older adapters don't support the CISS version of this
3757 	 * command.  Fall back to using the BMIC version.
3758 	 */
3759 	error = ciss_notify_abort_bmic(sc);
3760 	if (error != 0)
3761 	    goto out;
3762 	break;
3763 
3764     case CISS_CMD_STATUS_TARGET_STATUS:
3765 	/*
3766 	 * This can happen if the adapter thinks there wasn't an outstanding
3767 	 * Notify Event command but we did.  We clean up here.
3768 	 */
3769 	if (scsi_status == CISS_SCSI_STATUS_CHECK_CONDITION) {
3770 	    if (sc->ciss_periodic_notify != NULL)
3771 		ciss_release_request(sc->ciss_periodic_notify);
3772 	    error = 0;
3773 	    goto out;
3774 	}
3775 	/* FALLTHROUGH */
3776 
3777     default:
3778 	ciss_printf(sc, "Abort Notify Event command failed (%s)\n",
3779 		    ciss_name_command_status(command_status));
3780 	error = EIO;
3781 	goto out;
3782     }
3783 
3784     /*
3785      * Sleep waiting for the notifier command to complete.  Note
3786      * that if it doesn't, we may end up in a bad situation, since
3787      * the adapter may deliver it later.  Also note that the adapter
3788      * requires the Notify Event command to be cancelled in order to
3789      * maintain internal bookkeeping.
3790      */
3791     while (sc->ciss_periodic_notify != NULL) {
3792 	error = msleep(&sc->ciss_periodic_notify, &sc->ciss_mtx, PRIBIO, "cissNEA", hz * 5);
3793 	if (error == EWOULDBLOCK) {
3794 	    ciss_printf(sc, "Notify Event command failed to abort, adapter may wedge.\n");
3795 	    break;
3796 	}
3797     }
3798 
3799  out:
3800     /* release the cancel request */
3801     if (cr != NULL) {
3802 	if (cr->cr_data != NULL)
3803 	    free(cr->cr_data, CISS_MALLOC_CLASS);
3804 	ciss_release_request(cr);
3805     }
3806     if (error == 0)
3807 	sc->ciss_flags &= ~CISS_FLAG_NOTIFY_OK;
3808     return(error);
3809 }
3810 
3811 /************************************************************************
3812  * Abort the Notify Event chain using a BMIC command.
3813  */
3814 static int
3815 ciss_notify_abort_bmic(struct ciss_softc *sc)
3816 {
3817     struct ciss_request			*cr;
3818     int					error, command_status;
3819 
3820     debug_called(1);
3821 
3822     cr = NULL;
3823     error = 0;
3824 
3825     /* verify that there's an outstanding command */
3826     if (!(sc->ciss_flags & CISS_FLAG_NOTIFY_OK))
3827 	goto out;
3828 
3829     /*
3830      * Build a BMIC command to cancel the Notify on Event command.
3831      *
3832      * Note that we are sending a CISS opcode here.  Odd.
3833      */
3834     if ((error = ciss_get_bmic_request(sc, &cr, CISS_COMMAND_ABORT_NOTIFY,
3835 				       NULL, 0)) != 0)
3836 	goto out;
3837 
3838     /*
3839      * Submit the request and wait for it to complete.
3840      */
3841     if ((error = ciss_synch_request(cr, 60 * 1000)) != 0) {
3842 	ciss_printf(sc, "error sending BMIC Cancel Notify on Event command (%d)\n", error);
3843 	goto out;
3844     }
3845 
3846     /*
3847      * Check response.
3848      */
3849     ciss_report_request(cr, &command_status, NULL);
3850     switch(command_status) {
3851     case CISS_CMD_STATUS_SUCCESS:
3852 	break;
3853     default:
3854 	ciss_printf(sc, "error cancelling Notify on Event (%s)\n",
3855 		    ciss_name_command_status(command_status));
3856 	error = EIO;
3857 	goto out;
3858     }
3859 
3860 out:
3861     if (cr != NULL)
3862 	ciss_release_request(cr);
3863     return(error);
3864 }
3865 
3866 /************************************************************************
3867  * Handle rescanning all the logical volumes when a notify event
3868  * causes the drives to come online or offline.
3869  */
3870 static void
3871 ciss_notify_rescan_logical(struct ciss_softc *sc)
3872 {
3873     struct ciss_lun_report      *cll;
3874     struct ciss_ldrive		*ld;
3875     int                         i, j, ndrives;
3876 
3877     /*
3878      * We must rescan all logical volumes to get the right logical
3879      * drive address.
3880      */
3881     cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_LOGICAL_LUNS,
3882                            CISS_MAX_LOGICAL);
3883     if (cll == NULL)
3884         return;
3885 
3886     ndrives = (ntohl(cll->list_size) / sizeof(union ciss_device_address));
3887 
3888     /*
3889      * Delete any of the drives which were destroyed by the
3890      * firmware.
3891      */
3892     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
3893 	for (j = 0; j < CISS_MAX_LOGICAL; j++) {
3894 	    ld = &sc->ciss_logical[i][j];
3895 
3896 	    if (ld->cl_update == 0)
3897 		continue;
3898 
3899 	    if (ld->cl_status != CISS_LD_ONLINE) {
3900 		ciss_cam_rescan_target(sc, i, j);
3901 		ld->cl_update = 0;
3902 		if (ld->cl_ldrive)
3903 		    free(ld->cl_ldrive, CISS_MALLOC_CLASS);
3904 		if (ld->cl_lstatus)
3905 		    free(ld->cl_lstatus, CISS_MALLOC_CLASS);
3906 
3907 		ld->cl_ldrive = NULL;
3908 		ld->cl_lstatus = NULL;
3909 	    }
3910 	}
3911     }
3912 
3913     /*
3914      * Scan for new drives.
3915      */
3916     for (i = 0; i < ndrives; i++) {
3917 	int	bus, target;
3918 
3919 	bus 	= CISS_LUN_TO_BUS(cll->lun[i].logical.lun);
3920 	target	= CISS_LUN_TO_TARGET(cll->lun[i].logical.lun);
3921 	ld	= &sc->ciss_logical[bus][target];
3922 
3923 	if (ld->cl_update == 0)
3924 		continue;
3925 
3926 	ld->cl_update		= 0;
3927 	ld->cl_address		= cll->lun[i];
3928 	ld->cl_controller	= &sc->ciss_controllers[bus];
3929 	if (ciss_identify_logical(sc, ld) == 0) {
3930 	    ciss_cam_rescan_target(sc, bus, target);
3931 	}
3932     }
3933     free(cll, CISS_MALLOC_CLASS);
3934 }
3935 
3936 /************************************************************************
3937  * Handle a notify event relating to the status of a logical drive.
3938  *
3939  * XXX need to be able to defer some of these to properly handle
3940  *     calling the "ID Physical drive" command, unless the 'extended'
3941  *     drive IDs are always in BIG_MAP format.
3942  */
3943 static void
3944 ciss_notify_logical(struct ciss_softc *sc, struct ciss_notify *cn)
3945 {
3946     struct ciss_ldrive	*ld;
3947     int			ostatus, bus, target;
3948 
3949     debug_called(2);
3950 
3951     bus		= cn->device.physical.bus;
3952     target	= cn->data.logical_status.logical_drive;
3953     ld		= &sc->ciss_logical[bus][target];
3954 
3955     switch (cn->subclass) {
3956     case CISS_NOTIFY_LOGICAL_STATUS:
3957 	switch (cn->detail) {
3958 	case 0:
3959 	    ciss_name_device(sc, bus, target);
3960 	    ciss_printf(sc, "logical drive %d (%s) changed status %s->%s, spare status 0x%b\n",
3961 			cn->data.logical_status.logical_drive, ld->cl_name,
3962 			ciss_name_ldrive_status(cn->data.logical_status.previous_state),
3963 			ciss_name_ldrive_status(cn->data.logical_status.new_state),
3964 			cn->data.logical_status.spare_state,
3965 			"\20\1configured\2rebuilding\3failed\4in use\5available\n");
3966 
3967 	    /*
3968 	     * Update our idea of the drive's status.
3969 	     */
3970 	    ostatus = ciss_decode_ldrive_status(cn->data.logical_status.previous_state);
3971 	    ld->cl_status = ciss_decode_ldrive_status(cn->data.logical_status.new_state);
3972 	    if (ld->cl_lstatus != NULL)
3973 		ld->cl_lstatus->status = cn->data.logical_status.new_state;
3974 
3975 	    /*
3976 	     * Have CAM rescan the drive if its status has changed.
3977 	     */
3978 	    if (ostatus != ld->cl_status) {
3979 		ld->cl_update = 1;
3980 		ciss_notify_rescan_logical(sc);
3981 	    }
3982 
3983 	    break;
3984 
3985 	case 1:	/* logical drive has recognised new media, needs Accept Media Exchange */
3986 	    ciss_name_device(sc, bus, target);
3987 	    ciss_printf(sc, "logical drive %d (%s) media exchanged, ready to go online\n",
3988 			cn->data.logical_status.logical_drive, ld->cl_name);
3989 	    ciss_accept_media(sc, ld);
3990 
3991 	    ld->cl_update = 1;
3992 	    ld->cl_status = ciss_decode_ldrive_status(cn->data.logical_status.new_state);
3993 	    ciss_notify_rescan_logical(sc);
3994 	    break;
3995 
3996 	case 2:
3997 	case 3:
3998 	    ciss_printf(sc, "rebuild of logical drive %d (%s) failed due to %s error\n",
3999 			cn->data.rebuild_aborted.logical_drive,
4000 			ld->cl_name,
4001 			(cn->detail == 2) ? "read" : "write");
4002 	    break;
4003 	}
4004 	break;
4005 
4006     case CISS_NOTIFY_LOGICAL_ERROR:
4007 	if (cn->detail == 0) {
4008 	    ciss_printf(sc, "FATAL I/O ERROR on logical drive %d (%s), SCSI port %d ID %d\n",
4009 			cn->data.io_error.logical_drive,
4010 			ld->cl_name,
4011 			cn->data.io_error.failure_bus,
4012 			cn->data.io_error.failure_drive);
4013 	    /* XXX should we take the drive down at this point, or will we be told? */
4014 	}
4015 	break;
4016 
4017     case CISS_NOTIFY_LOGICAL_SURFACE:
4018 	if (cn->detail == 0)
4019 	    ciss_printf(sc, "logical drive %d (%s) completed consistency initialisation\n",
4020 			cn->data.consistency_completed.logical_drive,
4021 			ld->cl_name);
4022 	break;
4023     }
4024 }
4025 
4026 /************************************************************************
4027  * Handle a notify event relating to the status of a physical drive.
4028  */
4029 static void
4030 ciss_notify_physical(struct ciss_softc *sc, struct ciss_notify *cn)
4031 {
4032 }
4033 
4034 /************************************************************************
4035  * Handle a notify event relating to the status of a physical drive.
4036  */
4037 static void
4038 ciss_notify_hotplug(struct ciss_softc *sc, struct ciss_notify *cn)
4039 {
4040     struct ciss_lun_report *cll = NULL;
4041     int bus, target;
4042 
4043     switch (cn->subclass) {
4044     case CISS_NOTIFY_HOTPLUG_PHYSICAL:
4045     case CISS_NOTIFY_HOTPLUG_NONDISK:
4046 	bus = CISS_BIG_MAP_BUS(sc, cn->data.drive.big_physical_drive_number);
4047 	target =
4048 	    CISS_BIG_MAP_TARGET(sc, cn->data.drive.big_physical_drive_number);
4049 
4050 	if (cn->detail == 0) {
4051 	    /*
4052 	     * Mark the device offline so that it'll start producing selection
4053 	     * timeouts to the upper layer.
4054 	     */
4055 	    if ((bus >= 0) && (target >= 0))
4056 		sc->ciss_physical[bus][target].cp_online = 0;
4057 	} else {
4058 	    /*
4059 	     * Rescan the physical lun list for new items
4060 	     */
4061 	    cll = ciss_report_luns(sc, CISS_OPCODE_REPORT_PHYSICAL_LUNS,
4062 				   CISS_MAX_PHYSICAL);
4063 	    if (cll == NULL) {
4064 		ciss_printf(sc, "Warning, cannot get physical lun list\n");
4065 		break;
4066 	    }
4067 	    ciss_filter_physical(sc, cll);
4068 	}
4069 	break;
4070 
4071     default:
4072 	ciss_printf(sc, "Unknown hotplug event %d\n", cn->subclass);
4073 	return;
4074     }
4075 
4076     if (cll != NULL)
4077 	free(cll, CISS_MALLOC_CLASS);
4078 }
4079 
4080 /************************************************************************
4081  * Handle deferred processing of notify events.  Notify events may need
4082  * sleep which is unsafe during an interrupt.
4083  */
4084 static void
4085 ciss_notify_thread(void *arg)
4086 {
4087     struct ciss_softc		*sc;
4088     struct ciss_request		*cr;
4089     struct ciss_notify		*cn;
4090 
4091     sc = (struct ciss_softc *)arg;
4092 #if __FreeBSD_version >= 500000
4093     mtx_lock(&sc->ciss_mtx);
4094 #endif
4095 
4096     for (;;) {
4097 	if (STAILQ_EMPTY(&sc->ciss_notify) != 0 &&
4098 	    (sc->ciss_flags & CISS_FLAG_THREAD_SHUT) == 0) {
4099 	    msleep(&sc->ciss_notify, &sc->ciss_mtx, PUSER, "idle", 0);
4100 	}
4101 
4102 	if (sc->ciss_flags & CISS_FLAG_THREAD_SHUT)
4103 	    break;
4104 
4105 	cr = ciss_dequeue_notify(sc);
4106 
4107 	if (cr == NULL)
4108 		panic("cr null");
4109 	cn = (struct ciss_notify *)cr->cr_data;
4110 
4111 	switch (cn->class) {
4112 	case CISS_NOTIFY_HOTPLUG:
4113 	    ciss_notify_hotplug(sc, cn);
4114 	    break;
4115 	case CISS_NOTIFY_LOGICAL:
4116 	    ciss_notify_logical(sc, cn);
4117 	    break;
4118 	case CISS_NOTIFY_PHYSICAL:
4119 	    ciss_notify_physical(sc, cn);
4120 	    break;
4121 	}
4122 
4123 	ciss_release_request(cr);
4124 
4125     }
4126     sc->ciss_notify_thread = NULL;
4127     wakeup(&sc->ciss_notify_thread);
4128 
4129 #if __FreeBSD_version >= 500000
4130     mtx_unlock(&sc->ciss_mtx);
4131 #endif
4132     kproc_exit(0);
4133 }
4134 
4135 /************************************************************************
4136  * Start the notification kernel thread.
4137  */
4138 static void
4139 ciss_spawn_notify_thread(struct ciss_softc *sc)
4140 {
4141 
4142 #if __FreeBSD_version > 500005
4143     if (kproc_create((void(*)(void *))ciss_notify_thread, sc,
4144 		       &sc->ciss_notify_thread, 0, 0, "ciss_notify%d",
4145 		       device_get_unit(sc->ciss_dev)))
4146 #else
4147     if (kproc_create((void(*)(void *))ciss_notify_thread, sc,
4148 		       &sc->ciss_notify_thread, "ciss_notify%d",
4149 		       device_get_unit(sc->ciss_dev)))
4150 #endif
4151 	panic("Could not create notify thread\n");
4152 }
4153 
4154 /************************************************************************
4155  * Kill the notification kernel thread.
4156  */
4157 static void
4158 ciss_kill_notify_thread(struct ciss_softc *sc)
4159 {
4160 
4161     if (sc->ciss_notify_thread == NULL)
4162 	return;
4163 
4164     sc->ciss_flags |= CISS_FLAG_THREAD_SHUT;
4165     wakeup(&sc->ciss_notify);
4166     msleep(&sc->ciss_notify_thread, &sc->ciss_mtx, PUSER, "thtrm", 0);
4167 }
4168 
4169 /************************************************************************
4170  * Print a request.
4171  */
4172 static void
4173 ciss_print_request(struct ciss_request *cr)
4174 {
4175     struct ciss_softc	*sc;
4176     struct ciss_command	*cc;
4177     int			i;
4178 
4179     sc = cr->cr_sc;
4180     cc = cr->cr_cc;
4181 
4182     ciss_printf(sc, "REQUEST @ %p\n", cr);
4183     ciss_printf(sc, "  data %p/%d  tag %d  flags %b\n",
4184 	      cr->cr_data, cr->cr_length, cr->cr_tag, cr->cr_flags,
4185 	      "\20\1mapped\2sleep\3poll\4dataout\5datain\n");
4186     ciss_printf(sc, "  sg list/total %d/%d  host tag 0x%x\n",
4187 		cc->header.sg_in_list, cc->header.sg_total, cc->header.host_tag);
4188     switch(cc->header.address.mode.mode) {
4189     case CISS_HDR_ADDRESS_MODE_PERIPHERAL:
4190     case CISS_HDR_ADDRESS_MODE_MASK_PERIPHERAL:
4191 	ciss_printf(sc, "  physical bus %d target %d\n",
4192 		    cc->header.address.physical.bus, cc->header.address.physical.target);
4193 	break;
4194     case CISS_HDR_ADDRESS_MODE_LOGICAL:
4195 	ciss_printf(sc, "  logical unit %d\n", cc->header.address.logical.lun);
4196 	break;
4197     }
4198     ciss_printf(sc, "  %s cdb length %d type %s attribute %s\n",
4199 		(cc->cdb.direction == CISS_CDB_DIRECTION_NONE) ? "no-I/O" :
4200 		(cc->cdb.direction == CISS_CDB_DIRECTION_READ) ? "READ" :
4201 		(cc->cdb.direction == CISS_CDB_DIRECTION_WRITE) ? "WRITE" : "??",
4202 		cc->cdb.cdb_length,
4203 		(cc->cdb.type == CISS_CDB_TYPE_COMMAND) ? "command" :
4204 		(cc->cdb.type == CISS_CDB_TYPE_MESSAGE) ? "message" : "??",
4205 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_UNTAGGED) ? "untagged" :
4206 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_SIMPLE) ? "simple" :
4207 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_HEAD_OF_QUEUE) ? "head-of-queue" :
4208 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_ORDERED) ? "ordered" :
4209 		(cc->cdb.attribute == CISS_CDB_ATTRIBUTE_AUTO_CONTINGENT) ? "auto-contingent" : "??");
4210     ciss_printf(sc, "  %*D\n", cc->cdb.cdb_length, &cc->cdb.cdb[0], " ");
4211 
4212     if (cc->header.host_tag & CISS_HDR_HOST_TAG_ERROR) {
4213 	/* XXX print error info */
4214     } else {
4215 	/* since we don't use chained s/g, don't support it here */
4216 	for (i = 0; i < cc->header.sg_in_list; i++) {
4217 	    if ((i % 4) == 0)
4218 		ciss_printf(sc, "   ");
4219 	    printf("0x%08x/%d ", (u_int32_t)cc->sg[i].address, cc->sg[i].length);
4220 	    if ((((i + 1) % 4) == 0) || (i == (cc->header.sg_in_list - 1)))
4221 		printf("\n");
4222 	}
4223     }
4224 }
4225 
4226 /************************************************************************
4227  * Print information about the status of a logical drive.
4228  */
4229 static void
4230 ciss_print_ldrive(struct ciss_softc *sc, struct ciss_ldrive *ld)
4231 {
4232     int		bus, target, i;
4233 
4234     if (ld->cl_lstatus == NULL) {
4235 	printf("does not exist\n");
4236 	return;
4237     }
4238 
4239     /* print drive status */
4240     switch(ld->cl_lstatus->status) {
4241     case CISS_LSTATUS_OK:
4242 	printf("online\n");
4243 	break;
4244     case CISS_LSTATUS_INTERIM_RECOVERY:
4245 	printf("in interim recovery mode\n");
4246 	break;
4247     case CISS_LSTATUS_READY_RECOVERY:
4248 	printf("ready to begin recovery\n");
4249 	break;
4250     case CISS_LSTATUS_RECOVERING:
4251 	bus = CISS_BIG_MAP_BUS(sc, ld->cl_lstatus->drive_rebuilding);
4252 	target = CISS_BIG_MAP_BUS(sc, ld->cl_lstatus->drive_rebuilding);
4253 	printf("being recovered, working on physical drive %d.%d, %u blocks remaining\n",
4254 	       bus, target, ld->cl_lstatus->blocks_to_recover);
4255 	break;
4256     case CISS_LSTATUS_EXPANDING:
4257 	printf("being expanded, %u blocks remaining\n",
4258 	       ld->cl_lstatus->blocks_to_recover);
4259 	break;
4260     case CISS_LSTATUS_QUEUED_FOR_EXPANSION:
4261 	printf("queued for expansion\n");
4262 	break;
4263     case CISS_LSTATUS_FAILED:
4264 	printf("queued for expansion\n");
4265 	break;
4266     case CISS_LSTATUS_WRONG_PDRIVE:
4267 	printf("wrong physical drive inserted\n");
4268 	break;
4269     case CISS_LSTATUS_MISSING_PDRIVE:
4270 	printf("missing a needed physical drive\n");
4271 	break;
4272     case CISS_LSTATUS_BECOMING_READY:
4273 	printf("becoming ready\n");
4274 	break;
4275     }
4276 
4277     /* print failed physical drives */
4278     for (i = 0; i < CISS_BIG_MAP_ENTRIES / 8; i++) {
4279 	bus = CISS_BIG_MAP_BUS(sc, ld->cl_lstatus->drive_failure_map[i]);
4280 	target = CISS_BIG_MAP_TARGET(sc, ld->cl_lstatus->drive_failure_map[i]);
4281 	if (bus == -1)
4282 	    continue;
4283 	ciss_printf(sc, "physical drive %d:%d (%x) failed\n", bus, target,
4284 		    ld->cl_lstatus->drive_failure_map[i]);
4285     }
4286 }
4287 
4288 #ifdef CISS_DEBUG
4289 /************************************************************************
4290  * Print information about the controller/driver.
4291  */
4292 static void
4293 ciss_print_adapter(struct ciss_softc *sc)
4294 {
4295     int		i, j;
4296 
4297     ciss_printf(sc, "ADAPTER:\n");
4298     for (i = 0; i < CISSQ_COUNT; i++) {
4299 	ciss_printf(sc, "%s     %d/%d\n",
4300 	    i == 0 ? "free" :
4301 	    i == 1 ? "busy" : "complete",
4302 	    sc->ciss_qstat[i].q_length,
4303 	    sc->ciss_qstat[i].q_max);
4304     }
4305     ciss_printf(sc, "max_requests %d\n", sc->ciss_max_requests);
4306     ciss_printf(sc, "flags %b\n", sc->ciss_flags,
4307 	"\20\1notify_ok\2control_open\3aborting\4running\21fake_synch\22bmic_abort\n");
4308 
4309     for (i = 0; i < sc->ciss_max_logical_bus; i++) {
4310 	for (j = 0; j < CISS_MAX_LOGICAL; j++) {
4311 	    ciss_printf(sc, "LOGICAL DRIVE %d:  ", i);
4312 	    ciss_print_ldrive(sc, &sc->ciss_logical[i][j]);
4313 	}
4314     }
4315 
4316     /* XXX Should physical drives be printed out here? */
4317 
4318     for (i = 1; i < sc->ciss_max_requests; i++)
4319 	ciss_print_request(sc->ciss_request + i);
4320 }
4321 
4322 /* DDB hook */
4323 static void
4324 ciss_print0(void)
4325 {
4326     struct ciss_softc	*sc;
4327 
4328     sc = devclass_get_softc(devclass_find("ciss"), 0);
4329     if (sc == NULL) {
4330 	printf("no ciss controllers\n");
4331     } else {
4332 	ciss_print_adapter(sc);
4333     }
4334 }
4335 #endif
4336 
4337 /************************************************************************
4338  * Return a name for a logical drive status value.
4339  */
4340 static const char *
4341 ciss_name_ldrive_status(int status)
4342 {
4343     switch (status) {
4344     case CISS_LSTATUS_OK:
4345 	return("OK");
4346     case CISS_LSTATUS_FAILED:
4347 	return("failed");
4348     case CISS_LSTATUS_NOT_CONFIGURED:
4349 	return("not configured");
4350     case CISS_LSTATUS_INTERIM_RECOVERY:
4351 	return("interim recovery");
4352     case CISS_LSTATUS_READY_RECOVERY:
4353 	return("ready for recovery");
4354     case CISS_LSTATUS_RECOVERING:
4355 	return("recovering");
4356     case CISS_LSTATUS_WRONG_PDRIVE:
4357 	return("wrong physical drive inserted");
4358     case CISS_LSTATUS_MISSING_PDRIVE:
4359 	return("missing physical drive");
4360     case CISS_LSTATUS_EXPANDING:
4361 	return("expanding");
4362     case CISS_LSTATUS_BECOMING_READY:
4363 	return("becoming ready");
4364     case CISS_LSTATUS_QUEUED_FOR_EXPANSION:
4365 	return("queued for expansion");
4366     }
4367     return("unknown status");
4368 }
4369 
4370 /************************************************************************
4371  * Return an online/offline/nonexistent value for a logical drive
4372  * status value.
4373  */
4374 static int
4375 ciss_decode_ldrive_status(int status)
4376 {
4377     switch(status) {
4378     case CISS_LSTATUS_NOT_CONFIGURED:
4379 	return(CISS_LD_NONEXISTENT);
4380 
4381     case CISS_LSTATUS_OK:
4382     case CISS_LSTATUS_INTERIM_RECOVERY:
4383     case CISS_LSTATUS_READY_RECOVERY:
4384     case CISS_LSTATUS_RECOVERING:
4385     case CISS_LSTATUS_EXPANDING:
4386     case CISS_LSTATUS_QUEUED_FOR_EXPANSION:
4387 	return(CISS_LD_ONLINE);
4388 
4389     case CISS_LSTATUS_FAILED:
4390     case CISS_LSTATUS_WRONG_PDRIVE:
4391     case CISS_LSTATUS_MISSING_PDRIVE:
4392     case CISS_LSTATUS_BECOMING_READY:
4393     default:
4394 	return(CISS_LD_OFFLINE);
4395     }
4396 }
4397 
4398 
4399 /************************************************************************
4400  * Return a name for a logical drive's organisation.
4401  */
4402 static const char *
4403 ciss_name_ldrive_org(int org)
4404 {
4405     switch(org) {
4406     case CISS_LDRIVE_RAID0:
4407 	return("RAID 0");
4408     case CISS_LDRIVE_RAID1:
4409 	return("RAID 1(1+0)");
4410     case CISS_LDRIVE_RAID4:
4411 	return("RAID 4");
4412     case CISS_LDRIVE_RAID5:
4413 	return("RAID 5");
4414     case CISS_LDRIVE_RAID51:
4415 	return("RAID 5+1");
4416     case CISS_LDRIVE_RAIDADG:
4417 	return("RAID ADG");
4418     }
4419     return("unkown");
4420 }
4421 
4422 /************************************************************************
4423  * Return a name for a command status value.
4424  */
4425 static const char *
4426 ciss_name_command_status(int status)
4427 {
4428     switch(status) {
4429     case CISS_CMD_STATUS_SUCCESS:
4430 	return("success");
4431     case CISS_CMD_STATUS_TARGET_STATUS:
4432 	return("target status");
4433     case CISS_CMD_STATUS_DATA_UNDERRUN:
4434 	return("data underrun");
4435     case CISS_CMD_STATUS_DATA_OVERRUN:
4436 	return("data overrun");
4437     case CISS_CMD_STATUS_INVALID_COMMAND:
4438 	return("invalid command");
4439     case CISS_CMD_STATUS_PROTOCOL_ERROR:
4440 	return("protocol error");
4441     case CISS_CMD_STATUS_HARDWARE_ERROR:
4442 	return("hardware error");
4443     case CISS_CMD_STATUS_CONNECTION_LOST:
4444 	return("connection lost");
4445     case CISS_CMD_STATUS_ABORTED:
4446 	return("aborted");
4447     case CISS_CMD_STATUS_ABORT_FAILED:
4448 	return("abort failed");
4449     case CISS_CMD_STATUS_UNSOLICITED_ABORT:
4450 	return("unsolicited abort");
4451     case CISS_CMD_STATUS_TIMEOUT:
4452 	return("timeout");
4453     case CISS_CMD_STATUS_UNABORTABLE:
4454 	return("unabortable");
4455     }
4456     return("unknown status");
4457 }
4458 
4459 /************************************************************************
4460  * Handle an open on the control device.
4461  */
4462 static int
4463 ciss_open(struct cdev *dev, int flags, int fmt, struct thread *p)
4464 {
4465     struct ciss_softc	*sc;
4466 
4467     debug_called(1);
4468 
4469     sc = (struct ciss_softc *)dev->si_drv1;
4470 
4471     /* we might want to veto if someone already has us open */
4472 
4473     mtx_lock(&sc->ciss_mtx);
4474     sc->ciss_flags |= CISS_FLAG_CONTROL_OPEN;
4475     mtx_unlock(&sc->ciss_mtx);
4476     return(0);
4477 }
4478 
4479 /************************************************************************
4480  * Handle the last close on the control device.
4481  */
4482 static int
4483 ciss_close(struct cdev *dev, int flags, int fmt, struct thread *p)
4484 {
4485     struct ciss_softc	*sc;
4486 
4487     debug_called(1);
4488 
4489     sc = (struct ciss_softc *)dev->si_drv1;
4490 
4491     mtx_lock(&sc->ciss_mtx);
4492     sc->ciss_flags &= ~CISS_FLAG_CONTROL_OPEN;
4493     mtx_unlock(&sc->ciss_mtx);
4494     return (0);
4495 }
4496 
4497 /********************************************************************************
4498  * Handle adapter-specific control operations.
4499  *
4500  * Note that the API here is compatible with the Linux driver, in order to
4501  * simplify the porting of Compaq's userland tools.
4502  */
4503 static int
4504 ciss_ioctl(struct cdev *dev, u_long cmd, caddr_t addr, int32_t flag, struct thread *p)
4505 {
4506     struct ciss_softc		*sc;
4507     IOCTL_Command_struct	*ioc	= (IOCTL_Command_struct *)addr;
4508 #ifdef __amd64__
4509     IOCTL_Command_struct32	*ioc32	= (IOCTL_Command_struct32 *)addr;
4510     IOCTL_Command_struct	ioc_swab;
4511 #endif
4512     int				error;
4513 
4514     debug_called(1);
4515 
4516     sc = (struct ciss_softc *)dev->si_drv1;
4517     error = 0;
4518     mtx_lock(&sc->ciss_mtx);
4519 
4520     switch(cmd) {
4521     case CCISS_GETQSTATS:
4522     {
4523 	union ciss_statrequest *cr = (union ciss_statrequest *)addr;
4524 
4525 	switch (cr->cs_item) {
4526 	case CISSQ_FREE:
4527 	case CISSQ_NOTIFY:
4528 	    bcopy(&sc->ciss_qstat[cr->cs_item], &cr->cs_qstat,
4529 		sizeof(struct ciss_qstat));
4530 	    break;
4531 	default:
4532 	    error = ENOIOCTL;
4533 	    break;
4534 	}
4535 
4536 	break;
4537     }
4538 
4539     case CCISS_GETPCIINFO:
4540     {
4541 	cciss_pci_info_struct	*pis = (cciss_pci_info_struct *)addr;
4542 
4543 	pis->bus = pci_get_bus(sc->ciss_dev);
4544 	pis->dev_fn = pci_get_slot(sc->ciss_dev);
4545         pis->board_id = (pci_get_subvendor(sc->ciss_dev) << 16) |
4546                 pci_get_subdevice(sc->ciss_dev);
4547 
4548 	break;
4549     }
4550 
4551     case CCISS_GETINTINFO:
4552     {
4553 	cciss_coalint_struct	*cis = (cciss_coalint_struct *)addr;
4554 
4555 	cis->delay = sc->ciss_cfg->interrupt_coalesce_delay;
4556 	cis->count = sc->ciss_cfg->interrupt_coalesce_count;
4557 
4558 	break;
4559     }
4560 
4561     case CCISS_SETINTINFO:
4562     {
4563 	cciss_coalint_struct	*cis = (cciss_coalint_struct *)addr;
4564 
4565 	if ((cis->delay == 0) && (cis->count == 0)) {
4566 	    error = EINVAL;
4567 	    break;
4568 	}
4569 
4570 	/*
4571 	 * XXX apparently this is only safe if the controller is idle,
4572 	 *     we should suspend it before doing this.
4573 	 */
4574 	sc->ciss_cfg->interrupt_coalesce_delay = cis->delay;
4575 	sc->ciss_cfg->interrupt_coalesce_count = cis->count;
4576 
4577 	if (ciss_update_config(sc))
4578 	    error = EIO;
4579 
4580 	/* XXX resume the controller here */
4581 	break;
4582     }
4583 
4584     case CCISS_GETNODENAME:
4585 	bcopy(sc->ciss_cfg->server_name, (NodeName_type *)addr,
4586 	      sizeof(NodeName_type));
4587 	break;
4588 
4589     case CCISS_SETNODENAME:
4590 	bcopy((NodeName_type *)addr, sc->ciss_cfg->server_name,
4591 	      sizeof(NodeName_type));
4592 	if (ciss_update_config(sc))
4593 	    error = EIO;
4594 	break;
4595 
4596     case CCISS_GETHEARTBEAT:
4597 	*(Heartbeat_type *)addr = sc->ciss_cfg->heartbeat;
4598 	break;
4599 
4600     case CCISS_GETBUSTYPES:
4601 	*(BusTypes_type *)addr = sc->ciss_cfg->bus_types;
4602 	break;
4603 
4604     case CCISS_GETFIRMVER:
4605 	bcopy(sc->ciss_id->running_firmware_revision, (FirmwareVer_type *)addr,
4606 	      sizeof(FirmwareVer_type));
4607 	break;
4608 
4609     case CCISS_GETDRIVERVER:
4610 	*(DriverVer_type *)addr = CISS_DRIVER_VERSION;
4611 	break;
4612 
4613     case CCISS_REVALIDVOLS:
4614 	/*
4615 	 * This is a bit ugly; to do it "right" we really need
4616 	 * to find any disks that have changed, kick CAM off them,
4617 	 * then rescan only these disks.  It'd be nice if they
4618 	 * a) told us which disk(s) they were going to play with,
4619 	 * and b) which ones had arrived. 8(
4620 	 */
4621 	break;
4622 
4623 #ifdef __amd64__
4624     case CCISS_PASSTHRU32:
4625 	ioc_swab.LUN_info	= ioc32->LUN_info;
4626 	ioc_swab.Request	= ioc32->Request;
4627 	ioc_swab.error_info	= ioc32->error_info;
4628 	ioc_swab.buf_size	= ioc32->buf_size;
4629 	ioc_swab.buf		= (u_int8_t *)(uintptr_t)ioc32->buf;
4630 	ioc			= &ioc_swab;
4631 	/* FALLTHROUGH */
4632 #endif
4633 
4634     case CCISS_PASSTHRU:
4635 	error = ciss_user_command(sc, ioc);
4636 	break;
4637 
4638     default:
4639 	debug(0, "unknown ioctl 0x%lx", cmd);
4640 
4641 	debug(1, "CCISS_GETPCIINFO:   0x%lx", CCISS_GETPCIINFO);
4642 	debug(1, "CCISS_GETINTINFO:   0x%lx", CCISS_GETINTINFO);
4643 	debug(1, "CCISS_SETINTINFO:   0x%lx", CCISS_SETINTINFO);
4644 	debug(1, "CCISS_GETNODENAME:  0x%lx", CCISS_GETNODENAME);
4645 	debug(1, "CCISS_SETNODENAME:  0x%lx", CCISS_SETNODENAME);
4646 	debug(1, "CCISS_GETHEARTBEAT: 0x%lx", CCISS_GETHEARTBEAT);
4647 	debug(1, "CCISS_GETBUSTYPES:  0x%lx", CCISS_GETBUSTYPES);
4648 	debug(1, "CCISS_GETFIRMVER:   0x%lx", CCISS_GETFIRMVER);
4649 	debug(1, "CCISS_GETDRIVERVER: 0x%lx", CCISS_GETDRIVERVER);
4650 	debug(1, "CCISS_REVALIDVOLS:  0x%lx", CCISS_REVALIDVOLS);
4651 	debug(1, "CCISS_PASSTHRU:     0x%lx", CCISS_PASSTHRU);
4652 
4653 	error = ENOIOCTL;
4654 	break;
4655     }
4656 
4657     mtx_unlock(&sc->ciss_mtx);
4658     return(error);
4659 }
4660