xref: /freebsd/sys/dev/firewire/sbp.c (revision 0572ccaa4543b0abef8ef81e384c1d04de9f3da1)
1 /*-
2  * Copyright (c) 2003 Hidetoshi Shimokawa
3  * Copyright (c) 1998-2002 Katsushi Kobayashi and Hidetoshi Shimokawa
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. All advertising materials mentioning features or use of this software
15  *    must display the acknowledgement as bellow:
16  *
17  *    This product includes software developed by K. Kobayashi and H. Shimokawa
18  *
19  * 4. The name of the author may not be used to endorse or promote products
20  *    derived from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
26  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
28  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
31  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  *
34  * $FreeBSD$
35  *
36  */
37 
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/module.h>
41 #include <sys/bus.h>
42 #include <sys/kernel.h>
43 #include <sys/sysctl.h>
44 #include <machine/bus.h>
45 #include <sys/malloc.h>
46 #if defined(__FreeBSD__) && __FreeBSD_version >= 501102
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #endif
50 
51 #if defined(__DragonFly__) || __FreeBSD_version < 500106
52 #include <sys/devicestat.h>	/* for struct devstat */
53 #endif
54 
55 #ifdef __DragonFly__
56 #include <bus/cam/cam.h>
57 #include <bus/cam/cam_ccb.h>
58 #include <bus/cam/cam_sim.h>
59 #include <bus/cam/cam_xpt_sim.h>
60 #include <bus/cam/cam_debug.h>
61 #include <bus/cam/cam_periph.h>
62 #include <bus/cam/scsi/scsi_all.h>
63 
64 #include <bus/firewire/firewire.h>
65 #include <bus/firewire/firewirereg.h>
66 #include <bus/firewire/fwdma.h>
67 #include <bus/firewire/iec13213.h>
68 #include "sbp.h"
69 #else
70 #include <cam/cam.h>
71 #include <cam/cam_ccb.h>
72 #include <cam/cam_sim.h>
73 #include <cam/cam_xpt_sim.h>
74 #include <cam/cam_debug.h>
75 #include <cam/cam_periph.h>
76 #include <cam/scsi/scsi_all.h>
77 
78 #include <dev/firewire/firewire.h>
79 #include <dev/firewire/firewirereg.h>
80 #include <dev/firewire/fwdma.h>
81 #include <dev/firewire/iec13213.h>
82 #include <dev/firewire/sbp.h>
83 #endif
84 
85 #define ccb_sdev_ptr	spriv_ptr0
86 #define ccb_sbp_ptr	spriv_ptr1
87 
88 #define SBP_NUM_TARGETS 8 /* MAX 64 */
89 /*
90  * Scan_bus doesn't work for more than 8 LUNs
91  * because of CAM_SCSI2_MAXLUN in cam_xpt.c
92  */
93 #define SBP_NUM_LUNS 64
94 #define SBP_MAXPHYS  MIN(MAXPHYS, (512*1024) /* 512KB */)
95 #define SBP_DMA_SIZE PAGE_SIZE
96 #define SBP_LOGIN_SIZE sizeof(struct sbp_login_res)
97 #define SBP_QUEUE_LEN ((SBP_DMA_SIZE - SBP_LOGIN_SIZE) / sizeof(struct sbp_ocb))
98 #define SBP_NUM_OCB (SBP_QUEUE_LEN * SBP_NUM_TARGETS)
99 
100 /*
101  * STATUS FIFO addressing
102  *   bit
103  * -----------------------
104  *  0- 1( 2): 0 (alignment)
105  *  2- 7( 6): target
106  *  8-15( 8): lun
107  * 16-31( 8): reserved
108  * 32-47(16): SBP_BIND_HI
109  * 48-64(16): bus_id, node_id
110  */
111 #define SBP_BIND_HI 0x1
112 #define SBP_DEV2ADDR(t, l) \
113 	(((u_int64_t)SBP_BIND_HI << 32) \
114 	| (((l) & 0xff) << 8) \
115 	| (((t) & 0x3f) << 2))
116 #define SBP_ADDR2TRG(a)	(((a) >> 2) & 0x3f)
117 #define SBP_ADDR2LUN(a)	(((a) >> 8) & 0xff)
118 #define SBP_INITIATOR 7
119 
120 static char *orb_fun_name[] = {
121 	ORB_FUN_NAMES
122 };
123 
124 static int debug = 0;
125 static int auto_login = 1;
126 static int max_speed = -1;
127 static int sbp_cold = 1;
128 static int ex_login = 1;
129 static int login_delay = 1000;	/* msec */
130 static int scan_delay = 500;	/* msec */
131 static int use_doorbell = 0;
132 static int sbp_tags = 0;
133 
134 SYSCTL_DECL(_hw_firewire);
135 static SYSCTL_NODE(_hw_firewire, OID_AUTO, sbp, CTLFLAG_RD, 0,
136 	"SBP-II Subsystem");
137 SYSCTL_INT(_debug, OID_AUTO, sbp_debug, CTLFLAG_RW, &debug, 0,
138 	"SBP debug flag");
139 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, auto_login, CTLFLAG_RW, &auto_login, 0,
140 	"SBP perform login automatically");
141 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, max_speed, CTLFLAG_RW, &max_speed, 0,
142 	"SBP transfer max speed");
143 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, exclusive_login, CTLFLAG_RW,
144 	&ex_login, 0, "SBP enable exclusive login");
145 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, login_delay, CTLFLAG_RW,
146 	&login_delay, 0, "SBP login delay in msec");
147 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, scan_delay, CTLFLAG_RW,
148 	&scan_delay, 0, "SBP scan delay in msec");
149 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, use_doorbell, CTLFLAG_RW,
150 	&use_doorbell, 0, "SBP use doorbell request");
151 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, tags, CTLFLAG_RW, &sbp_tags, 0,
152 	"SBP tagged queuing support");
153 
154 TUNABLE_INT("hw.firewire.sbp.auto_login", &auto_login);
155 TUNABLE_INT("hw.firewire.sbp.max_speed", &max_speed);
156 TUNABLE_INT("hw.firewire.sbp.exclusive_login", &ex_login);
157 TUNABLE_INT("hw.firewire.sbp.login_delay", &login_delay);
158 TUNABLE_INT("hw.firewire.sbp.scan_delay", &scan_delay);
159 TUNABLE_INT("hw.firewire.sbp.use_doorbell", &use_doorbell);
160 TUNABLE_INT("hw.firewire.sbp.tags", &sbp_tags);
161 
162 #define NEED_RESPONSE 0
163 
164 #define SBP_SEG_MAX rounddown(0xffff, PAGE_SIZE)
165 #ifdef __sparc64__ /* iommu */
166 #define SBP_IND_MAX howmany(SBP_MAXPHYS, SBP_SEG_MAX)
167 #else
168 #define SBP_IND_MAX howmany(SBP_MAXPHYS, PAGE_SIZE)
169 #endif
170 struct sbp_ocb {
171 	STAILQ_ENTRY(sbp_ocb)	ocb;
172 	union ccb	*ccb;
173 	bus_addr_t	bus_addr;
174 	uint32_t	orb[8];
175 #define IND_PTR_OFFSET	(8*sizeof(uint32_t))
176 	struct ind_ptr  ind_ptr[SBP_IND_MAX];
177 	struct sbp_dev	*sdev;
178 	int		flags; /* XXX should be removed */
179 	bus_dmamap_t	dmamap;
180 	struct callout_handle timeout_ch;
181 };
182 
183 #define OCB_ACT_MGM 0
184 #define OCB_ACT_CMD 1
185 #define OCB_MATCH(o,s)	((o)->bus_addr == ntohl((s)->orb_lo))
186 
187 struct sbp_dev{
188 #define SBP_DEV_RESET		0	/* accept login */
189 #define SBP_DEV_LOGIN		1	/* to login */
190 #if 0
191 #define SBP_DEV_RECONN		2	/* to reconnect */
192 #endif
193 #define SBP_DEV_TOATTACH	3	/* to attach */
194 #define SBP_DEV_PROBE		4	/* scan lun */
195 #define SBP_DEV_ATTACHED	5	/* in operation */
196 #define SBP_DEV_DEAD		6	/* unavailable unit */
197 #define SBP_DEV_RETRY		7	/* unavailable unit */
198 	uint8_t status:4,
199 		 timeout:4;
200 	uint8_t type;
201 	uint16_t lun_id;
202 	uint16_t freeze;
203 #define	ORB_LINK_DEAD		(1 << 0)
204 #define	VALID_LUN		(1 << 1)
205 #define	ORB_POINTER_ACTIVE	(1 << 2)
206 #define	ORB_POINTER_NEED	(1 << 3)
207 #define	ORB_DOORBELL_ACTIVE	(1 << 4)
208 #define	ORB_DOORBELL_NEED	(1 << 5)
209 #define	ORB_SHORTAGE		(1 << 6)
210 	uint16_t flags;
211 	struct cam_path *path;
212 	struct sbp_target *target;
213 	struct fwdma_alloc dma;
214 	struct sbp_login_res *login;
215 	struct callout login_callout;
216 	struct sbp_ocb *ocb;
217 	STAILQ_HEAD(, sbp_ocb) ocbs;
218 	STAILQ_HEAD(, sbp_ocb) free_ocbs;
219 	struct sbp_ocb *last_ocb;
220 	char vendor[32];
221 	char product[32];
222 	char revision[10];
223 	char bustgtlun[32];
224 };
225 
226 struct sbp_target {
227 	int target_id;
228 	int num_lun;
229 	struct sbp_dev	**luns;
230 	struct sbp_softc *sbp;
231 	struct fw_device *fwdev;
232 	uint32_t mgm_hi, mgm_lo;
233 	struct sbp_ocb *mgm_ocb_cur;
234 	STAILQ_HEAD(, sbp_ocb) mgm_ocb_queue;
235 	struct callout mgm_ocb_timeout;
236 	struct callout scan_callout;
237 	STAILQ_HEAD(, fw_xfer) xferlist;
238 	int n_xfer;
239 };
240 
241 struct sbp_softc {
242 	struct firewire_dev_comm fd;
243 	struct cam_sim  *sim;
244 	struct cam_path  *path;
245 	struct sbp_target targets[SBP_NUM_TARGETS];
246 	struct fw_bind fwb;
247 	bus_dma_tag_t	dmat;
248 	struct timeval last_busreset;
249 #define SIMQ_FREEZED 1
250 	int flags;
251 	struct mtx mtx;
252 };
253 #define SBP_LOCK(sbp) mtx_lock(&(sbp)->mtx)
254 #define SBP_UNLOCK(sbp) mtx_unlock(&(sbp)->mtx)
255 
256 static void sbp_post_explore (void *);
257 static void sbp_recv (struct fw_xfer *);
258 static void sbp_mgm_callback (struct fw_xfer *);
259 #if 0
260 static void sbp_cmd_callback (struct fw_xfer *);
261 #endif
262 static void sbp_orb_pointer (struct sbp_dev *, struct sbp_ocb *);
263 static void sbp_doorbell(struct sbp_dev *);
264 static void sbp_execute_ocb (void *,  bus_dma_segment_t *, int, int);
265 static void sbp_free_ocb (struct sbp_dev *, struct sbp_ocb *);
266 static void sbp_abort_ocb (struct sbp_ocb *, int);
267 static void sbp_abort_all_ocbs (struct sbp_dev *, int);
268 static struct fw_xfer * sbp_write_cmd_locked (struct sbp_dev *, int, int);
269 static struct fw_xfer * sbp_write_cmd (struct sbp_dev *, int, int);
270 static struct sbp_ocb * sbp_get_ocb (struct sbp_dev *);
271 static struct sbp_ocb * sbp_enqueue_ocb (struct sbp_dev *, struct sbp_ocb *);
272 static struct sbp_ocb * sbp_dequeue_ocb (struct sbp_dev *, struct sbp_status *);
273 static void sbp_cam_detach_sdev(struct sbp_dev *);
274 static void sbp_free_sdev(struct sbp_dev *);
275 static void sbp_cam_detach_target (struct sbp_target *);
276 static void sbp_free_target (struct sbp_target *);
277 static void sbp_mgm_timeout (void *arg);
278 static void sbp_timeout (void *arg);
279 static void sbp_mgm_orb (struct sbp_dev *, int, struct sbp_ocb *);
280 
281 static MALLOC_DEFINE(M_SBP, "sbp", "SBP-II/FireWire");
282 
283 /* cam related functions */
284 static void	sbp_action(struct cam_sim *sim, union ccb *ccb);
285 static void	sbp_poll(struct cam_sim *sim);
286 static void	sbp_cam_scan_lun(struct cam_periph *, union ccb *);
287 static void	sbp_cam_scan_target(void *arg);
288 
289 static char *orb_status0[] = {
290 	/* 0 */ "No additional information to report",
291 	/* 1 */ "Request type not supported",
292 	/* 2 */ "Speed not supported",
293 	/* 3 */ "Page size not supported",
294 	/* 4 */ "Access denied",
295 	/* 5 */ "Logical unit not supported",
296 	/* 6 */ "Maximum payload too small",
297 	/* 7 */ "Reserved for future standardization",
298 	/* 8 */ "Resources unavailable",
299 	/* 9 */ "Function rejected",
300 	/* A */ "Login ID not recognized",
301 	/* B */ "Dummy ORB completed",
302 	/* C */ "Request aborted",
303 	/* FF */ "Unspecified error"
304 #define MAX_ORB_STATUS0 0xd
305 };
306 
307 static char *orb_status1_object[] = {
308 	/* 0 */ "Operation request block (ORB)",
309 	/* 1 */ "Data buffer",
310 	/* 2 */ "Page table",
311 	/* 3 */ "Unable to specify"
312 };
313 
314 static char *orb_status1_serial_bus_error[] = {
315 	/* 0 */ "Missing acknowledge",
316 	/* 1 */ "Reserved; not to be used",
317 	/* 2 */ "Time-out error",
318 	/* 3 */ "Reserved; not to be used",
319 	/* 4 */ "Busy retry limit exceeded(X)",
320 	/* 5 */ "Busy retry limit exceeded(A)",
321 	/* 6 */ "Busy retry limit exceeded(B)",
322 	/* 7 */ "Reserved for future standardization",
323 	/* 8 */ "Reserved for future standardization",
324 	/* 9 */ "Reserved for future standardization",
325 	/* A */ "Reserved for future standardization",
326 	/* B */ "Tardy retry limit exceeded",
327 	/* C */ "Conflict error",
328 	/* D */ "Data error",
329 	/* E */ "Type error",
330 	/* F */ "Address error"
331 };
332 
333 static void
334 sbp_identify(driver_t *driver, device_t parent)
335 {
336 SBP_DEBUG(0)
337 	printf("sbp_identify\n");
338 END_DEBUG
339 
340 	BUS_ADD_CHILD(parent, 0, "sbp", device_get_unit(parent));
341 }
342 
343 /*
344  * sbp_probe()
345  */
346 static int
347 sbp_probe(device_t dev)
348 {
349 	device_t pa;
350 
351 SBP_DEBUG(0)
352 	printf("sbp_probe\n");
353 END_DEBUG
354 
355 	pa = device_get_parent(dev);
356 	if(device_get_unit(dev) != device_get_unit(pa)){
357 		return(ENXIO);
358 	}
359 
360 	device_set_desc(dev, "SBP-2/SCSI over FireWire");
361 
362 #if 0
363 	if (bootverbose)
364 		debug = bootverbose;
365 #endif
366 
367 	return (0);
368 }
369 
370 /*
371  * Display device characteristics on the console
372  */
373 static void
374 sbp_show_sdev_info(struct sbp_dev *sdev)
375 {
376 	struct fw_device *fwdev;
377 
378 	fwdev = sdev->target->fwdev;
379 	device_printf(sdev->target->sbp->fd.dev,
380 		"%s: %s: ordered:%d type:%d EUI:%08x%08x node:%d "
381 		"speed:%d maxrec:%d\n",
382 		__func__,
383 		sdev->bustgtlun,
384 		(sdev->type & 0x40) >> 6,
385 		(sdev->type & 0x1f),
386 		fwdev->eui.hi,
387 		fwdev->eui.lo,
388 		fwdev->dst,
389 		fwdev->speed,
390 		fwdev->maxrec);
391 
392 	device_printf(sdev->target->sbp->fd.dev,
393 			"%s: %s '%s' '%s' '%s'\n",
394 			__func__,
395 			sdev->bustgtlun,
396 			sdev->vendor,
397 			sdev->product,
398 			sdev->revision);
399 }
400 
401 static struct {
402 	int bus;
403 	int target;
404 	struct fw_eui64 eui;
405 } wired[] = {
406 	/* Bus	Target	EUI64 */
407 #if 0
408 	{0,	2,	{0x00018ea0, 0x01fd0154}},	/* Logitec HDD */
409 	{0,	0,	{0x00018ea6, 0x00100682}},	/* Logitec DVD */
410 	{0,	1,	{0x00d03200, 0xa412006a}},	/* Yano HDD */
411 #endif
412 	{-1,	-1,	{0,0}}
413 };
414 
415 static int
416 sbp_new_target(struct sbp_softc *sbp, struct fw_device *fwdev)
417 {
418 	int bus, i, target=-1;
419 	char w[SBP_NUM_TARGETS];
420 
421 	bzero(w, sizeof(w));
422 	bus = device_get_unit(sbp->fd.dev);
423 
424 	/* XXX wired-down configuration should be gotten from
425 					tunable or device hint */
426 	for (i = 0; wired[i].bus >= 0; i ++) {
427 		if (wired[i].bus == bus) {
428 			w[wired[i].target] = 1;
429 			if (wired[i].eui.hi == fwdev->eui.hi &&
430 					wired[i].eui.lo == fwdev->eui.lo)
431 				target = wired[i].target;
432 		}
433 	}
434 	if (target >= 0) {
435 		if(target < SBP_NUM_TARGETS &&
436 				sbp->targets[target].fwdev == NULL)
437 			return(target);
438 		device_printf(sbp->fd.dev,
439 			"target %d is not free for %08x:%08x\n",
440 			target, fwdev->eui.hi, fwdev->eui.lo);
441 		target = -1;
442 	}
443 	/* non-wired target */
444 	for (i = 0; i < SBP_NUM_TARGETS; i ++)
445 		if (sbp->targets[i].fwdev == NULL && w[i] == 0) {
446 			target = i;
447 			break;
448 		}
449 
450 	return target;
451 }
452 
453 static void
454 sbp_alloc_lun(struct sbp_target *target)
455 {
456 	struct crom_context cc;
457 	struct csrreg *reg;
458 	struct sbp_dev *sdev, **newluns;
459 	struct sbp_softc *sbp;
460 	int maxlun, lun, i;
461 
462 	sbp = target->sbp;
463 	crom_init_context(&cc, target->fwdev->csrrom);
464 	/* XXX shoud parse appropriate unit directories only */
465 	maxlun = -1;
466 	while (cc.depth >= 0) {
467 		reg = crom_search_key(&cc, CROM_LUN);
468 		if (reg == NULL)
469 			break;
470 		lun = reg->val & 0xffff;
471 SBP_DEBUG(0)
472 		printf("target %d lun %d found\n", target->target_id, lun);
473 END_DEBUG
474 		if (maxlun < lun)
475 			maxlun = lun;
476 		crom_next(&cc);
477 	}
478 	if (maxlun < 0)
479 		printf("%s:%d no LUN found\n",
480 		    device_get_nameunit(target->sbp->fd.dev),
481 		    target->target_id);
482 
483 	maxlun ++;
484 	if (maxlun >= SBP_NUM_LUNS)
485 		maxlun = SBP_NUM_LUNS;
486 
487 	/* Invalidiate stale devices */
488 	for (lun = 0; lun < target->num_lun; lun ++) {
489 		sdev = target->luns[lun];
490 		if (sdev == NULL)
491 			continue;
492 		sdev->flags &= ~VALID_LUN;
493 		if (lun >= maxlun) {
494 			/* lost device */
495 			sbp_cam_detach_sdev(sdev);
496 			sbp_free_sdev(sdev);
497 			target->luns[lun] = NULL;
498 		}
499 	}
500 
501 	/* Reallocate */
502 	if (maxlun != target->num_lun) {
503 		newluns = (struct sbp_dev **) realloc(target->luns,
504 		    sizeof(struct sbp_dev *) * maxlun,
505 		    M_SBP, M_NOWAIT | M_ZERO);
506 
507 		if (newluns == NULL) {
508 			printf("%s: realloc failed\n", __func__);
509 			newluns = target->luns;
510 			maxlun = target->num_lun;
511 		}
512 
513 		/*
514 		 * We must zero the extended region for the case
515 		 * realloc() doesn't allocate new buffer.
516 		 */
517 		if (maxlun > target->num_lun)
518 			bzero(&newluns[target->num_lun],
519 			    sizeof(struct sbp_dev *) *
520 			    (maxlun - target->num_lun));
521 
522 		target->luns = newluns;
523 		target->num_lun = maxlun;
524 	}
525 
526 	crom_init_context(&cc, target->fwdev->csrrom);
527 	while (cc.depth >= 0) {
528 		int new = 0;
529 
530 		reg = crom_search_key(&cc, CROM_LUN);
531 		if (reg == NULL)
532 			break;
533 		lun = reg->val & 0xffff;
534 		if (lun >= SBP_NUM_LUNS) {
535 			printf("too large lun %d\n", lun);
536 			goto next;
537 		}
538 
539 		sdev = target->luns[lun];
540 		if (sdev == NULL) {
541 			sdev = malloc(sizeof(struct sbp_dev),
542 			    M_SBP, M_NOWAIT | M_ZERO);
543 			if (sdev == NULL) {
544 				printf("%s: malloc failed\n", __func__);
545 				goto next;
546 			}
547 			target->luns[lun] = sdev;
548 			sdev->lun_id = lun;
549 			sdev->target = target;
550 			STAILQ_INIT(&sdev->ocbs);
551 			CALLOUT_INIT(&sdev->login_callout);
552 			sdev->status = SBP_DEV_RESET;
553 			new = 1;
554 			snprintf(sdev->bustgtlun, 32, "%s:%d:%d",
555 					device_get_nameunit(sdev->target->sbp->fd.dev),
556 					sdev->target->target_id,
557 					sdev->lun_id);
558 		}
559 		sdev->flags |= VALID_LUN;
560 		sdev->type = (reg->val & 0xff0000) >> 16;
561 
562 		if (new == 0)
563 			goto next;
564 
565 		fwdma_malloc(sbp->fd.fc,
566 			/* alignment */ sizeof(uint32_t),
567 			SBP_DMA_SIZE, &sdev->dma, BUS_DMA_NOWAIT |
568 			BUS_DMA_COHERENT);
569 		if (sdev->dma.v_addr == NULL) {
570 			printf("%s: dma space allocation failed\n",
571 							__func__);
572 			free(sdev, M_SBP);
573 			target->luns[lun] = NULL;
574 			goto next;
575 		}
576 		sdev->login = (struct sbp_login_res *) sdev->dma.v_addr;
577 		sdev->ocb = (struct sbp_ocb *)
578 				((char *)sdev->dma.v_addr + SBP_LOGIN_SIZE);
579 		bzero((char *)sdev->ocb,
580 			sizeof (struct sbp_ocb) * SBP_QUEUE_LEN);
581 
582 		STAILQ_INIT(&sdev->free_ocbs);
583 		for (i = 0; i < SBP_QUEUE_LEN; i++) {
584 			struct sbp_ocb *ocb;
585 			ocb = &sdev->ocb[i];
586 			ocb->bus_addr = sdev->dma.bus_addr
587 				+ SBP_LOGIN_SIZE
588 				+ sizeof(struct sbp_ocb) * i
589 				+ offsetof(struct sbp_ocb, orb[0]);
590 			if (bus_dmamap_create(sbp->dmat, 0, &ocb->dmamap)) {
591 				printf("sbp_attach: cannot create dmamap\n");
592 				/* XXX */
593 				goto next;
594 			}
595 			callout_handle_init(&ocb->timeout_ch);
596 			sbp_free_ocb(sdev, ocb);
597 		}
598 next:
599 		crom_next(&cc);
600 	}
601 
602 	for (lun = 0; lun < target->num_lun; lun ++) {
603 		sdev = target->luns[lun];
604 		if (sdev != NULL && (sdev->flags & VALID_LUN) == 0) {
605 			sbp_cam_detach_sdev(sdev);
606 			sbp_free_sdev(sdev);
607 			target->luns[lun] = NULL;
608 		}
609 	}
610 }
611 
612 static struct sbp_target *
613 sbp_alloc_target(struct sbp_softc *sbp, struct fw_device *fwdev)
614 {
615 	int i;
616 	struct sbp_target *target;
617 	struct crom_context cc;
618 	struct csrreg *reg;
619 
620 SBP_DEBUG(1)
621 	printf("sbp_alloc_target\n");
622 END_DEBUG
623 	i = sbp_new_target(sbp, fwdev);
624 	if (i < 0) {
625 		device_printf(sbp->fd.dev, "increase SBP_NUM_TARGETS!\n");
626 		return NULL;
627 	}
628 	/* new target */
629 	target = &sbp->targets[i];
630 	target->sbp = sbp;
631 	target->fwdev = fwdev;
632 	target->target_id = i;
633 	/* XXX we may want to reload mgm port after each bus reset */
634 	/* XXX there might be multiple management agents */
635 	crom_init_context(&cc, target->fwdev->csrrom);
636 	reg = crom_search_key(&cc, CROM_MGM);
637 	if (reg == NULL || reg->val == 0) {
638 		printf("NULL management address\n");
639 		target->fwdev = NULL;
640 		return NULL;
641 	}
642 	target->mgm_hi = 0xffff;
643 	target->mgm_lo = 0xf0000000 | (reg->val << 2);
644 	target->mgm_ocb_cur = NULL;
645 SBP_DEBUG(1)
646 	printf("target:%d mgm_port: %x\n", i, target->mgm_lo);
647 END_DEBUG
648 	STAILQ_INIT(&target->xferlist);
649 	target->n_xfer = 0;
650 	STAILQ_INIT(&target->mgm_ocb_queue);
651 	CALLOUT_INIT(&target->mgm_ocb_timeout);
652 	CALLOUT_INIT(&target->scan_callout);
653 
654 	target->luns = NULL;
655 	target->num_lun = 0;
656 	return target;
657 }
658 
659 static void
660 sbp_probe_lun(struct sbp_dev *sdev)
661 {
662 	struct fw_device *fwdev;
663 	struct crom_context c, *cc = &c;
664 	struct csrreg *reg;
665 
666 	bzero(sdev->vendor, sizeof(sdev->vendor));
667 	bzero(sdev->product, sizeof(sdev->product));
668 
669 	fwdev = sdev->target->fwdev;
670 	crom_init_context(cc, fwdev->csrrom);
671 	/* get vendor string */
672 	crom_search_key(cc, CSRKEY_VENDOR);
673 	crom_next(cc);
674 	crom_parse_text(cc, sdev->vendor, sizeof(sdev->vendor));
675 	/* skip to the unit directory for SBP-2 */
676 	while ((reg = crom_search_key(cc, CSRKEY_VER)) != NULL) {
677 		if (reg->val == CSRVAL_T10SBP2)
678 			break;
679 		crom_next(cc);
680 	}
681 	/* get firmware revision */
682 	reg = crom_search_key(cc, CSRKEY_FIRM_VER);
683 	if (reg != NULL)
684 		snprintf(sdev->revision, sizeof(sdev->revision),
685 						"%06x", reg->val);
686 	/* get product string */
687 	crom_search_key(cc, CSRKEY_MODEL);
688 	crom_next(cc);
689 	crom_parse_text(cc, sdev->product, sizeof(sdev->product));
690 }
691 
692 static void
693 sbp_login_callout(void *arg)
694 {
695 	struct sbp_dev *sdev = (struct sbp_dev *)arg;
696 	sbp_mgm_orb(sdev, ORB_FUN_LGI, NULL);
697 }
698 
699 static void
700 sbp_login(struct sbp_dev *sdev)
701 {
702 	struct timeval delta;
703 	struct timeval t;
704 	int ticks = 0;
705 
706 	microtime(&delta);
707 	timevalsub(&delta, &sdev->target->sbp->last_busreset);
708 	t.tv_sec = login_delay / 1000;
709 	t.tv_usec = (login_delay % 1000) * 1000;
710 	timevalsub(&t, &delta);
711 	if (t.tv_sec >= 0 && t.tv_usec > 0)
712 		ticks = (t.tv_sec * 1000 + t.tv_usec / 1000) * hz / 1000;
713 SBP_DEBUG(0)
714 	printf("%s: sec = %jd usec = %ld ticks = %d\n", __func__,
715 	    (intmax_t)t.tv_sec, t.tv_usec, ticks);
716 END_DEBUG
717 	callout_reset(&sdev->login_callout, ticks,
718 			sbp_login_callout, (void *)(sdev));
719 }
720 
721 #define SBP_FWDEV_ALIVE(fwdev) (((fwdev)->status == FWDEVATTACHED) \
722 	&& crom_has_specver((fwdev)->csrrom, CSRVAL_ANSIT10, CSRVAL_T10SBP2))
723 
724 static void
725 sbp_probe_target(void *arg)
726 {
727 	struct sbp_target *target = (struct sbp_target *)arg;
728 	struct sbp_softc *sbp = target->sbp;
729 	struct sbp_dev *sdev;
730 	int i, alive;
731 
732 	alive = SBP_FWDEV_ALIVE(target->fwdev);
733 SBP_DEBUG(1)
734 	device_printf(sbp->fd.dev, "%s %d%salive\n",
735 		 __func__, target->target_id,
736 		(!alive) ? " not " : "");
737 END_DEBUG
738 
739 	sbp = target->sbp;
740 	sbp_alloc_lun(target);
741 
742 	/* XXX untimeout mgm_ocb and dequeue */
743 	for (i=0; i < target->num_lun; i++) {
744 		sdev = target->luns[i];
745 		if (sdev == NULL)
746 			continue;
747 		if (alive && (sdev->status != SBP_DEV_DEAD)) {
748 			if (sdev->path != NULL) {
749 				SBP_LOCK(sbp);
750 				xpt_freeze_devq(sdev->path, 1);
751 				sdev->freeze ++;
752 				SBP_UNLOCK(sbp);
753 			}
754 			sbp_probe_lun(sdev);
755 			sbp_show_sdev_info(sdev);
756 
757 			sbp_abort_all_ocbs(sdev, CAM_SCSI_BUS_RESET);
758 			switch (sdev->status) {
759 			case SBP_DEV_RESET:
760 				/* new or revived target */
761 				if (auto_login)
762 					sbp_login(sdev);
763 				break;
764 			case SBP_DEV_TOATTACH:
765 			case SBP_DEV_PROBE:
766 			case SBP_DEV_ATTACHED:
767 			case SBP_DEV_RETRY:
768 			default:
769 				sbp_mgm_orb(sdev, ORB_FUN_RCN, NULL);
770 				break;
771 			}
772 		} else {
773 			switch (sdev->status) {
774 			case SBP_DEV_ATTACHED:
775 SBP_DEBUG(0)
776 				/* the device has gone */
777 				device_printf(sbp->fd.dev, "%s: lost target\n",
778 					__func__);
779 END_DEBUG
780 				if (sdev->path) {
781 					SBP_LOCK(sbp);
782 					xpt_freeze_devq(sdev->path, 1);
783 					sdev->freeze ++;
784 					SBP_UNLOCK(sbp);
785 				}
786 				sdev->status = SBP_DEV_RETRY;
787 				sbp_cam_detach_sdev(sdev);
788 				sbp_free_sdev(sdev);
789 				target->luns[i] = NULL;
790 				break;
791 			case SBP_DEV_PROBE:
792 			case SBP_DEV_TOATTACH:
793 				sdev->status = SBP_DEV_RESET;
794 				break;
795 			case SBP_DEV_RETRY:
796 			case SBP_DEV_RESET:
797 			case SBP_DEV_DEAD:
798 				break;
799 			}
800 		}
801 	}
802 }
803 
804 static void
805 sbp_post_busreset(void *arg)
806 {
807 	struct sbp_softc *sbp;
808 
809 	sbp = (struct sbp_softc *)arg;
810 SBP_DEBUG(0)
811 	printf("sbp_post_busreset\n");
812 END_DEBUG
813 	if ((sbp->sim->flags & SIMQ_FREEZED) == 0) {
814 		SBP_LOCK(sbp);
815 		xpt_freeze_simq(sbp->sim, /*count*/1);
816 		sbp->sim->flags |= SIMQ_FREEZED;
817 		SBP_UNLOCK(sbp);
818 	}
819 	microtime(&sbp->last_busreset);
820 }
821 
822 static void
823 sbp_post_explore(void *arg)
824 {
825 	struct sbp_softc *sbp = (struct sbp_softc *)arg;
826 	struct sbp_target *target;
827 	struct fw_device *fwdev;
828 	int i, alive;
829 
830 SBP_DEBUG(0)
831 	printf("sbp_post_explore (sbp_cold=%d)\n", sbp_cold);
832 END_DEBUG
833 	/* We need physical access */
834 	if (!firewire_phydma_enable)
835 		return;
836 
837 	if (sbp_cold > 0)
838 		sbp_cold --;
839 
840 #if 0
841 	/*
842 	 * XXX don't let CAM the bus rest.
843 	 * CAM tries to do something with freezed (DEV_RETRY) devices.
844 	 */
845 	xpt_async(AC_BUS_RESET, sbp->path, /*arg*/ NULL);
846 #endif
847 
848 	/* Garbage Collection */
849 	for(i = 0 ; i < SBP_NUM_TARGETS ; i ++){
850 		target = &sbp->targets[i];
851 		STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link)
852 			if (target->fwdev == NULL || target->fwdev == fwdev)
853 				break;
854 		if (fwdev == NULL) {
855 			/* device has removed in lower driver */
856 			sbp_cam_detach_target(target);
857 			sbp_free_target(target);
858 		}
859 	}
860 	/* traverse device list */
861 	STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link) {
862 SBP_DEBUG(0)
863 		device_printf(sbp->fd.dev,"%s:: EUI:%08x%08x %s attached, state=%d\n",
864 				__func__, fwdev->eui.hi, fwdev->eui.lo,
865 				(fwdev->status != FWDEVATTACHED) ? "not" : "",
866 				fwdev->status);
867 END_DEBUG
868 		alive = SBP_FWDEV_ALIVE(fwdev);
869 		for(i = 0 ; i < SBP_NUM_TARGETS ; i ++){
870 			target = &sbp->targets[i];
871 			if(target->fwdev == fwdev ) {
872 				/* known target */
873 				break;
874 			}
875 		}
876 		if(i == SBP_NUM_TARGETS){
877 			if (alive) {
878 				/* new target */
879 				target = sbp_alloc_target(sbp, fwdev);
880 				if (target == NULL)
881 					continue;
882 			} else {
883 				continue;
884 			}
885 		}
886 		sbp_probe_target((void *)target);
887 		if (target->num_lun == 0)
888 			sbp_free_target(target);
889 	}
890 	SBP_LOCK(sbp);
891 	xpt_release_simq(sbp->sim, /*run queue*/TRUE);
892 	sbp->sim->flags &= ~SIMQ_FREEZED;
893 	SBP_UNLOCK(sbp);
894 }
895 
896 #if NEED_RESPONSE
897 static void
898 sbp_loginres_callback(struct fw_xfer *xfer){
899 	int s;
900 	struct sbp_dev *sdev;
901 	sdev = (struct sbp_dev *)xfer->sc;
902 SBP_DEBUG(1)
903 	device_printf(sdev->target->sbp->fd.dev,"%s\n", __func__);
904 END_DEBUG
905 	/* recycle */
906 	s = splfw();
907 	STAILQ_INSERT_TAIL(&sdev->target->sbp->fwb.xferlist, xfer, link);
908 	splx(s);
909 	return;
910 }
911 #endif
912 
913 static __inline void
914 sbp_xfer_free(struct fw_xfer *xfer)
915 {
916 	struct sbp_dev *sdev;
917 	int s;
918 
919 	sdev = (struct sbp_dev *)xfer->sc;
920 	fw_xfer_unload(xfer);
921 	s = splfw();
922 	SBP_LOCK(sdev->target->sbp);
923 	STAILQ_INSERT_TAIL(&sdev->target->xferlist, xfer, link);
924 	SBP_UNLOCK(sdev->target->sbp);
925 	splx(s);
926 }
927 
928 static void
929 sbp_reset_start_callback(struct fw_xfer *xfer)
930 {
931 	struct sbp_dev *tsdev, *sdev = (struct sbp_dev *)xfer->sc;
932 	struct sbp_target *target = sdev->target;
933 	int i;
934 
935 	if (xfer->resp != 0) {
936 		device_printf(sdev->target->sbp->fd.dev,
937 			"%s: %s failed: resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
938 	}
939 
940 	for (i = 0; i < target->num_lun; i++) {
941 		tsdev = target->luns[i];
942 		if (tsdev != NULL && tsdev->status == SBP_DEV_LOGIN)
943 			sbp_login(tsdev);
944 	}
945 }
946 
947 static void
948 sbp_reset_start(struct sbp_dev *sdev)
949 {
950 	struct fw_xfer *xfer;
951 	struct fw_pkt *fp;
952 
953 SBP_DEBUG(0)
954 	device_printf(sdev->target->sbp->fd.dev,
955 			"%s:%s\n", __func__,sdev->bustgtlun);
956 END_DEBUG
957 
958 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
959 	xfer->hand = sbp_reset_start_callback;
960 	fp = &xfer->send.hdr;
961 	fp->mode.wreqq.dest_hi = 0xffff;
962 	fp->mode.wreqq.dest_lo = 0xf0000000 | RESET_START;
963 	fp->mode.wreqq.data = htonl(0xf);
964 	fw_asyreq(xfer->fc, -1, xfer);
965 }
966 
967 static void
968 sbp_mgm_callback(struct fw_xfer *xfer)
969 {
970 	struct sbp_dev *sdev;
971 	int resp;
972 
973 	sdev = (struct sbp_dev *)xfer->sc;
974 
975 SBP_DEBUG(1)
976 	device_printf(sdev->target->sbp->fd.dev,
977 		"%s:%s\n", __func__, sdev->bustgtlun);
978 END_DEBUG
979 	resp = xfer->resp;
980 	sbp_xfer_free(xfer);
981 	return;
982 }
983 
984 static struct sbp_dev *
985 sbp_next_dev(struct sbp_target *target, int lun)
986 {
987 	struct sbp_dev **sdevp;
988 	int i;
989 
990 	for (i = lun, sdevp = &target->luns[lun]; i < target->num_lun;
991 	    i++, sdevp++)
992 		if (*sdevp != NULL && (*sdevp)->status == SBP_DEV_PROBE)
993 			return(*sdevp);
994 	return(NULL);
995 }
996 
997 #define SCAN_PRI 1
998 static void
999 sbp_cam_scan_lun(struct cam_periph *periph, union ccb *ccb)
1000 {
1001 	struct sbp_target *target;
1002 	struct sbp_dev *sdev;
1003 
1004 	sdev = (struct sbp_dev *) ccb->ccb_h.ccb_sdev_ptr;
1005 	target = sdev->target;
1006 SBP_DEBUG(0)
1007 	device_printf(sdev->target->sbp->fd.dev,
1008 		"%s:%s\n", __func__, sdev->bustgtlun);
1009 END_DEBUG
1010 	if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP) {
1011 		sdev->status = SBP_DEV_ATTACHED;
1012 	} else {
1013 		device_printf(sdev->target->sbp->fd.dev,
1014 			"%s:%s failed\n", __func__, sdev->bustgtlun);
1015 	}
1016 	sdev = sbp_next_dev(target, sdev->lun_id + 1);
1017 	if (sdev == NULL) {
1018 		free(ccb, M_SBP);
1019 		return;
1020 	}
1021 	/* reuse ccb */
1022 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
1023 	ccb->ccb_h.ccb_sdev_ptr = sdev;
1024 	xpt_action(ccb);
1025 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1026 	sdev->freeze = 1;
1027 }
1028 
1029 static void
1030 sbp_cam_scan_target(void *arg)
1031 {
1032 	struct sbp_target *target = (struct sbp_target *)arg;
1033 	struct sbp_dev *sdev;
1034 	union ccb *ccb;
1035 
1036 	sdev = sbp_next_dev(target, 0);
1037 	if (sdev == NULL) {
1038 		printf("sbp_cam_scan_target: nothing to do for target%d\n",
1039 							target->target_id);
1040 		return;
1041 	}
1042 SBP_DEBUG(0)
1043 	device_printf(sdev->target->sbp->fd.dev,
1044 		"%s:%s\n", __func__, sdev->bustgtlun);
1045 END_DEBUG
1046 	ccb = malloc(sizeof(union ccb), M_SBP, M_NOWAIT | M_ZERO);
1047 	if (ccb == NULL) {
1048 		printf("sbp_cam_scan_target: malloc failed\n");
1049 		return;
1050 	}
1051 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
1052 	ccb->ccb_h.func_code = XPT_SCAN_LUN;
1053 	ccb->ccb_h.cbfcnp = sbp_cam_scan_lun;
1054 	ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
1055 	ccb->crcn.flags = CAM_FLAG_NONE;
1056 	ccb->ccb_h.ccb_sdev_ptr = sdev;
1057 
1058 	/* The scan is in progress now. */
1059 	SBP_LOCK(target->sbp);
1060 	xpt_action(ccb);
1061 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1062 	sdev->freeze = 1;
1063 	SBP_UNLOCK(target->sbp);
1064 }
1065 
1066 static __inline void
1067 sbp_scan_dev(struct sbp_dev *sdev)
1068 {
1069 	sdev->status = SBP_DEV_PROBE;
1070 	callout_reset(&sdev->target->scan_callout, scan_delay * hz / 1000,
1071 			sbp_cam_scan_target, (void *)sdev->target);
1072 }
1073 
1074 static void
1075 sbp_do_attach(struct fw_xfer *xfer)
1076 {
1077 	struct sbp_dev *sdev;
1078 	struct sbp_target *target;
1079 	struct sbp_softc *sbp;
1080 
1081 	sdev = (struct sbp_dev *)xfer->sc;
1082 	target = sdev->target;
1083 	sbp = target->sbp;
1084 SBP_DEBUG(0)
1085 	device_printf(sdev->target->sbp->fd.dev,
1086 		"%s:%s\n", __func__, sdev->bustgtlun);
1087 END_DEBUG
1088 	sbp_xfer_free(xfer);
1089 
1090 	if (sdev->path == NULL)
1091 		xpt_create_path(&sdev->path, NULL,
1092 			cam_sim_path(target->sbp->sim),
1093 			target->target_id, sdev->lun_id);
1094 
1095 	/*
1096 	 * Let CAM scan the bus if we are in the boot process.
1097 	 * XXX xpt_scan_bus cannot detect LUN larger than 0
1098 	 * if LUN 0 doesn't exists.
1099 	 */
1100 	if (sbp_cold > 0) {
1101 		sdev->status = SBP_DEV_ATTACHED;
1102 		return;
1103 	}
1104 
1105 	sbp_scan_dev(sdev);
1106 	return;
1107 }
1108 
1109 static void
1110 sbp_agent_reset_callback(struct fw_xfer *xfer)
1111 {
1112 	struct sbp_dev *sdev;
1113 
1114 	sdev = (struct sbp_dev *)xfer->sc;
1115 SBP_DEBUG(1)
1116 	device_printf(sdev->target->sbp->fd.dev,
1117 			"%s:%s\n", __func__, sdev->bustgtlun);
1118 END_DEBUG
1119 	if (xfer->resp != 0) {
1120 		device_printf(sdev->target->sbp->fd.dev,
1121 			"%s:%s resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
1122 	}
1123 
1124 	sbp_xfer_free(xfer);
1125 	if (sdev->path) {
1126 		SBP_LOCK(sdev->target->sbp);
1127 		xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1128 		sdev->freeze = 0;
1129 		SBP_UNLOCK(sdev->target->sbp);
1130 	}
1131 }
1132 
1133 static void
1134 sbp_agent_reset(struct sbp_dev *sdev)
1135 {
1136 	struct fw_xfer *xfer;
1137 	struct fw_pkt *fp;
1138 
1139 SBP_DEBUG(0)
1140 	device_printf(sdev->target->sbp->fd.dev,
1141 		"%s:%s\n", __func__, sdev->bustgtlun);
1142 END_DEBUG
1143 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0x04);
1144 	if (xfer == NULL)
1145 		return;
1146 	if (sdev->status == SBP_DEV_ATTACHED || sdev->status == SBP_DEV_PROBE)
1147 		xfer->hand = sbp_agent_reset_callback;
1148 	else
1149 		xfer->hand = sbp_do_attach;
1150 	fp = &xfer->send.hdr;
1151 	fp->mode.wreqq.data = htonl(0xf);
1152 	fw_asyreq(xfer->fc, -1, xfer);
1153 	sbp_abort_all_ocbs(sdev, CAM_BDR_SENT);
1154 }
1155 
1156 static void
1157 sbp_busy_timeout_callback(struct fw_xfer *xfer)
1158 {
1159 	struct sbp_dev *sdev;
1160 
1161 	sdev = (struct sbp_dev *)xfer->sc;
1162 SBP_DEBUG(1)
1163 	device_printf(sdev->target->sbp->fd.dev,
1164 		"%s:%s\n", __func__, sdev->bustgtlun);
1165 END_DEBUG
1166 	sbp_xfer_free(xfer);
1167 	sbp_agent_reset(sdev);
1168 }
1169 
1170 static void
1171 sbp_busy_timeout(struct sbp_dev *sdev)
1172 {
1173 	struct fw_pkt *fp;
1174 	struct fw_xfer *xfer;
1175 SBP_DEBUG(0)
1176 	device_printf(sdev->target->sbp->fd.dev,
1177 		"%s:%s\n", __func__, sdev->bustgtlun);
1178 END_DEBUG
1179 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
1180 
1181 	xfer->hand = sbp_busy_timeout_callback;
1182 	fp = &xfer->send.hdr;
1183 	fp->mode.wreqq.dest_hi = 0xffff;
1184 	fp->mode.wreqq.dest_lo = 0xf0000000 | BUSY_TIMEOUT;
1185 	fp->mode.wreqq.data = htonl((1 << (13+12)) | 0xf);
1186 	fw_asyreq(xfer->fc, -1, xfer);
1187 }
1188 
1189 static void
1190 sbp_orb_pointer_callback(struct fw_xfer *xfer)
1191 {
1192 	struct sbp_dev *sdev;
1193 	sdev = (struct sbp_dev *)xfer->sc;
1194 
1195 SBP_DEBUG(2)
1196 	device_printf(sdev->target->sbp->fd.dev,
1197 		"%s:%s\n", __func__, sdev->bustgtlun);
1198 END_DEBUG
1199 	if (xfer->resp != 0) {
1200 		/* XXX */
1201 		printf("%s: xfer->resp = %d\n", __func__, xfer->resp);
1202 	}
1203 	sbp_xfer_free(xfer);
1204 
1205 	SBP_LOCK(sdev->target->sbp);
1206 	sdev->flags &= ~ORB_POINTER_ACTIVE;
1207 
1208 	if ((sdev->flags & ORB_POINTER_NEED) != 0) {
1209 		struct sbp_ocb *ocb;
1210 
1211 		sdev->flags &= ~ORB_POINTER_NEED;
1212 		ocb = STAILQ_FIRST(&sdev->ocbs);
1213 		if (ocb != NULL)
1214 			sbp_orb_pointer(sdev, ocb);
1215 	}
1216 	SBP_UNLOCK(sdev->target->sbp);
1217 	return;
1218 }
1219 
1220 static void
1221 sbp_orb_pointer(struct sbp_dev *sdev, struct sbp_ocb *ocb)
1222 {
1223 	struct fw_xfer *xfer;
1224 	struct fw_pkt *fp;
1225 SBP_DEBUG(1)
1226 	device_printf(sdev->target->sbp->fd.dev,
1227 		"%s:%s 0x%08x\n",
1228 		__func__, sdev->bustgtlun,
1229 		(uint32_t)ocb->bus_addr);
1230 END_DEBUG
1231 
1232 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
1233 
1234 	if ((sdev->flags & ORB_POINTER_ACTIVE) != 0) {
1235 SBP_DEBUG(0)
1236 		printf("%s: orb pointer active\n", __func__);
1237 END_DEBUG
1238 		sdev->flags |= ORB_POINTER_NEED;
1239 		return;
1240 	}
1241 
1242 	sdev->flags |= ORB_POINTER_ACTIVE;
1243 	xfer = sbp_write_cmd_locked(sdev, FWTCODE_WREQB, 0x08);
1244 	if (xfer == NULL)
1245 		return;
1246 	xfer->hand = sbp_orb_pointer_callback;
1247 
1248 	fp = &xfer->send.hdr;
1249 	fp->mode.wreqb.len = 8;
1250 	fp->mode.wreqb.extcode = 0;
1251 	xfer->send.payload[0] =
1252 		htonl(((sdev->target->sbp->fd.fc->nodeid | FWLOCALBUS )<< 16));
1253 	xfer->send.payload[1] = htonl((uint32_t)ocb->bus_addr);
1254 
1255 	/*
1256 	 * sbp_xfer_free() will attempt to acquire
1257 	 * the SBP lock on entrance.  Also, this removes
1258 	 * a LOR between the firewire layer and sbp
1259 	 */
1260 	SBP_UNLOCK(sdev->target->sbp);
1261 	if(fw_asyreq(xfer->fc, -1, xfer) != 0){
1262 			sbp_xfer_free(xfer);
1263 			ocb->ccb->ccb_h.status = CAM_REQ_INVALID;
1264 			xpt_done(ocb->ccb);
1265 	}
1266 	SBP_LOCK(sdev->target->sbp);
1267 }
1268 
1269 static void
1270 sbp_doorbell_callback(struct fw_xfer *xfer)
1271 {
1272 	struct sbp_dev *sdev;
1273 	sdev = (struct sbp_dev *)xfer->sc;
1274 
1275 SBP_DEBUG(1)
1276 	device_printf(sdev->target->sbp->fd.dev,
1277 		"%s:%s\n", __func__, sdev->bustgtlun);
1278 END_DEBUG
1279 	if (xfer->resp != 0) {
1280 		/* XXX */
1281 		device_printf(sdev->target->sbp->fd.dev,
1282 			"%s: xfer->resp = %d\n", __func__, xfer->resp);
1283 	}
1284 	sbp_xfer_free(xfer);
1285 	sdev->flags &= ~ORB_DOORBELL_ACTIVE;
1286 	if ((sdev->flags & ORB_DOORBELL_NEED) != 0) {
1287 		sdev->flags &= ~ORB_DOORBELL_NEED;
1288 		SBP_LOCK(sdev->target->sbp);
1289 		sbp_doorbell(sdev);
1290 		SBP_UNLOCK(sdev->target->sbp);
1291 	}
1292 	return;
1293 }
1294 
1295 static void
1296 sbp_doorbell(struct sbp_dev *sdev)
1297 {
1298 	struct fw_xfer *xfer;
1299 	struct fw_pkt *fp;
1300 SBP_DEBUG(1)
1301 	device_printf(sdev->target->sbp->fd.dev,
1302 		"%s:%s\n", __func__, sdev->bustgtlun);
1303 END_DEBUG
1304 
1305 	if ((sdev->flags & ORB_DOORBELL_ACTIVE) != 0) {
1306 		sdev->flags |= ORB_DOORBELL_NEED;
1307 		return;
1308 	}
1309 	sdev->flags |= ORB_DOORBELL_ACTIVE;
1310 	xfer = sbp_write_cmd_locked(sdev, FWTCODE_WREQQ, 0x10);
1311 	if (xfer == NULL)
1312 		return;
1313 	xfer->hand = sbp_doorbell_callback;
1314 	fp = &xfer->send.hdr;
1315 	fp->mode.wreqq.data = htonl(0xf);
1316 	fw_asyreq(xfer->fc, -1, xfer);
1317 }
1318 
1319 static struct fw_xfer *
1320 sbp_write_cmd_locked(struct sbp_dev *sdev, int tcode, int offset)
1321 {
1322 	struct fw_xfer *xfer;
1323 	struct fw_pkt *fp;
1324 	struct sbp_target *target;
1325 	int s, new = 0;
1326 
1327 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
1328 
1329 	target = sdev->target;
1330 	s = splfw();
1331 	xfer = STAILQ_FIRST(&target->xferlist);
1332 	if (xfer == NULL) {
1333 		if (target->n_xfer > 5 /* XXX */) {
1334 			printf("sbp: no more xfer for this target\n");
1335 			splx(s);
1336 			return(NULL);
1337 		}
1338 		xfer = fw_xfer_alloc_buf(M_SBP, 8, 0);
1339 		if(xfer == NULL){
1340 			printf("sbp: fw_xfer_alloc_buf failed\n");
1341 			splx(s);
1342 			return NULL;
1343 		}
1344 		target->n_xfer ++;
1345 		if (debug)
1346 			printf("sbp: alloc %d xfer\n", target->n_xfer);
1347 		new = 1;
1348 	} else {
1349 		STAILQ_REMOVE_HEAD(&target->xferlist, link);
1350 	}
1351 	splx(s);
1352 
1353 	if (new) {
1354 		xfer->recv.pay_len = 0;
1355 		xfer->send.spd = min(sdev->target->fwdev->speed, max_speed);
1356 		xfer->fc = sdev->target->sbp->fd.fc;
1357 	}
1358 
1359 	if (tcode == FWTCODE_WREQB)
1360 		xfer->send.pay_len = 8;
1361 	else
1362 		xfer->send.pay_len = 0;
1363 
1364 	xfer->sc = (caddr_t)sdev;
1365 	fp = &xfer->send.hdr;
1366 	fp->mode.wreqq.dest_hi = sdev->login->cmd_hi;
1367 	fp->mode.wreqq.dest_lo = sdev->login->cmd_lo + offset;
1368 	fp->mode.wreqq.tlrt = 0;
1369 	fp->mode.wreqq.tcode = tcode;
1370 	fp->mode.wreqq.pri = 0;
1371 	fp->mode.wreqq.dst = FWLOCALBUS | sdev->target->fwdev->dst;
1372 
1373 	return xfer;
1374 
1375 }
1376 
1377 static struct fw_xfer *
1378 sbp_write_cmd(struct sbp_dev *sdev, int tcode, int offset)
1379 {
1380 	struct sbp_softc *sbp = sdev->target->sbp;
1381 	struct fw_xfer *xfer;
1382 
1383 	SBP_LOCK(sbp);
1384 	xfer = sbp_write_cmd_locked(sdev, tcode, offset);
1385 	SBP_UNLOCK(sbp);
1386 
1387 	return (xfer);
1388 }
1389 
1390 static void
1391 sbp_mgm_orb(struct sbp_dev *sdev, int func, struct sbp_ocb *aocb)
1392 {
1393 	struct fw_xfer *xfer;
1394 	struct fw_pkt *fp;
1395 	struct sbp_ocb *ocb;
1396 	struct sbp_target *target;
1397 	int s, nid;
1398 
1399 	target = sdev->target;
1400 	nid = target->sbp->fd.fc->nodeid | FWLOCALBUS;
1401 
1402 	s = splfw();
1403 	SBP_LOCK(target->sbp);
1404 	if (func == ORB_FUN_RUNQUEUE) {
1405 		ocb = STAILQ_FIRST(&target->mgm_ocb_queue);
1406 		if (target->mgm_ocb_cur != NULL || ocb == NULL) {
1407 			SBP_UNLOCK(target->sbp);
1408 			splx(s);
1409 			return;
1410 		}
1411 		STAILQ_REMOVE_HEAD(&target->mgm_ocb_queue, ocb);
1412 		SBP_UNLOCK(target->sbp);
1413 		goto start;
1414 	}
1415 	if ((ocb = sbp_get_ocb(sdev)) == NULL) {
1416 		SBP_UNLOCK(target->sbp);
1417 		splx(s);
1418 		/* XXX */
1419 		return;
1420 	}
1421 	SBP_UNLOCK(target->sbp);
1422 	ocb->flags = OCB_ACT_MGM;
1423 	ocb->sdev = sdev;
1424 
1425 	bzero((void *)ocb->orb, sizeof(ocb->orb));
1426 	ocb->orb[6] = htonl((nid << 16) | SBP_BIND_HI);
1427 	ocb->orb[7] = htonl(SBP_DEV2ADDR(target->target_id, sdev->lun_id));
1428 
1429 SBP_DEBUG(0)
1430 	device_printf(sdev->target->sbp->fd.dev,
1431 		 "%s:%s %s\n",
1432 		 __func__,sdev->bustgtlun,
1433 		 orb_fun_name[(func>>16)&0xf]);
1434 END_DEBUG
1435 	switch (func) {
1436 	case ORB_FUN_LGI:
1437 		ocb->orb[0] = ocb->orb[1] = 0; /* password */
1438 		ocb->orb[2] = htonl(nid << 16);
1439 		ocb->orb[3] = htonl(sdev->dma.bus_addr);
1440 		ocb->orb[4] = htonl(ORB_NOTIFY | sdev->lun_id);
1441 		if (ex_login)
1442 			ocb->orb[4] |= htonl(ORB_EXV);
1443 		ocb->orb[5] = htonl(SBP_LOGIN_SIZE);
1444 		fwdma_sync(&sdev->dma, BUS_DMASYNC_PREREAD);
1445 		break;
1446 	case ORB_FUN_ATA:
1447 		ocb->orb[0] = htonl((0 << 16) | 0);
1448 		ocb->orb[1] = htonl(aocb->bus_addr & 0xffffffff);
1449 		/* fall through */
1450 	case ORB_FUN_RCN:
1451 	case ORB_FUN_LGO:
1452 	case ORB_FUN_LUR:
1453 	case ORB_FUN_RST:
1454 	case ORB_FUN_ATS:
1455 		ocb->orb[4] = htonl(ORB_NOTIFY | func | sdev->login->id);
1456 		break;
1457 	}
1458 
1459 	if (target->mgm_ocb_cur != NULL) {
1460 		/* there is a standing ORB */
1461 		SBP_LOCK(target->sbp);
1462 		STAILQ_INSERT_TAIL(&sdev->target->mgm_ocb_queue, ocb, ocb);
1463 		SBP_UNLOCK(target->sbp);
1464 		splx(s);
1465 		return;
1466 	}
1467 start:
1468 	target->mgm_ocb_cur = ocb;
1469 	splx(s);
1470 
1471 	callout_reset(&target->mgm_ocb_timeout, 5*hz,
1472 				sbp_mgm_timeout, (caddr_t)ocb);
1473 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQB, 0);
1474 	if(xfer == NULL){
1475 		return;
1476 	}
1477 	xfer->hand = sbp_mgm_callback;
1478 
1479 	fp = &xfer->send.hdr;
1480 	fp->mode.wreqb.dest_hi = sdev->target->mgm_hi;
1481 	fp->mode.wreqb.dest_lo = sdev->target->mgm_lo;
1482 	fp->mode.wreqb.len = 8;
1483 	fp->mode.wreqb.extcode = 0;
1484 	xfer->send.payload[0] = htonl(nid << 16);
1485 	xfer->send.payload[1] = htonl(ocb->bus_addr & 0xffffffff);
1486 
1487 	fw_asyreq(xfer->fc, -1, xfer);
1488 }
1489 
1490 static void
1491 sbp_print_scsi_cmd(struct sbp_ocb *ocb)
1492 {
1493 	struct ccb_scsiio *csio;
1494 
1495 	csio = &ocb->ccb->csio;
1496 	printf("%s:%d:%jx XPT_SCSI_IO: "
1497 		"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
1498 		", flags: 0x%02x, "
1499 		"%db cmd/%db data/%db sense\n",
1500 		device_get_nameunit(ocb->sdev->target->sbp->fd.dev),
1501 		ocb->ccb->ccb_h.target_id,
1502 		(uintmax_t)ocb->ccb->ccb_h.target_lun,
1503 		csio->cdb_io.cdb_bytes[0],
1504 		csio->cdb_io.cdb_bytes[1],
1505 		csio->cdb_io.cdb_bytes[2],
1506 		csio->cdb_io.cdb_bytes[3],
1507 		csio->cdb_io.cdb_bytes[4],
1508 		csio->cdb_io.cdb_bytes[5],
1509 		csio->cdb_io.cdb_bytes[6],
1510 		csio->cdb_io.cdb_bytes[7],
1511 		csio->cdb_io.cdb_bytes[8],
1512 		csio->cdb_io.cdb_bytes[9],
1513 		ocb->ccb->ccb_h.flags & CAM_DIR_MASK,
1514 		csio->cdb_len, csio->dxfer_len,
1515 		csio->sense_len);
1516 }
1517 
1518 static void
1519 sbp_scsi_status(struct sbp_status *sbp_status, struct sbp_ocb *ocb)
1520 {
1521 	struct sbp_cmd_status *sbp_cmd_status;
1522 	struct scsi_sense_data_fixed *sense;
1523 
1524 	sbp_cmd_status = (struct sbp_cmd_status *)sbp_status->data;
1525 	sense = (struct scsi_sense_data_fixed *)&ocb->ccb->csio.sense_data;
1526 
1527 SBP_DEBUG(0)
1528 	sbp_print_scsi_cmd(ocb);
1529 	/* XXX need decode status */
1530 	printf("%s: SCSI status %x sfmt %x valid %x key %x code %x qlfr %x len %d\n",
1531 		ocb->sdev->bustgtlun,
1532 		sbp_cmd_status->status,
1533 		sbp_cmd_status->sfmt,
1534 		sbp_cmd_status->valid,
1535 		sbp_cmd_status->s_key,
1536 		sbp_cmd_status->s_code,
1537 		sbp_cmd_status->s_qlfr,
1538 		sbp_status->len);
1539 END_DEBUG
1540 
1541 	switch (sbp_cmd_status->status) {
1542 	case SCSI_STATUS_CHECK_COND:
1543 	case SCSI_STATUS_BUSY:
1544 	case SCSI_STATUS_CMD_TERMINATED:
1545 		if(sbp_cmd_status->sfmt == SBP_SFMT_CURR){
1546 			sense->error_code = SSD_CURRENT_ERROR;
1547 		}else{
1548 			sense->error_code = SSD_DEFERRED_ERROR;
1549 		}
1550 		if(sbp_cmd_status->valid)
1551 			sense->error_code |= SSD_ERRCODE_VALID;
1552 		sense->flags = sbp_cmd_status->s_key;
1553 		if(sbp_cmd_status->mark)
1554 			sense->flags |= SSD_FILEMARK;
1555 		if(sbp_cmd_status->eom)
1556 			sense->flags |= SSD_EOM;
1557 		if(sbp_cmd_status->ill_len)
1558 			sense->flags |= SSD_ILI;
1559 
1560 		bcopy(&sbp_cmd_status->info, &sense->info[0], 4);
1561 
1562 		if (sbp_status->len <= 1)
1563 			/* XXX not scsi status. shouldn't be happened */
1564 			sense->extra_len = 0;
1565 		else if (sbp_status->len <= 4)
1566 			/* add_sense_code(_qual), info, cmd_spec_info */
1567 			sense->extra_len = 6;
1568 		else
1569 			/* fru, sense_key_spec */
1570 			sense->extra_len = 10;
1571 
1572 		bcopy(&sbp_cmd_status->cdb, &sense->cmd_spec_info[0], 4);
1573 
1574 		sense->add_sense_code = sbp_cmd_status->s_code;
1575 		sense->add_sense_code_qual = sbp_cmd_status->s_qlfr;
1576 		sense->fru = sbp_cmd_status->fru;
1577 
1578 		bcopy(&sbp_cmd_status->s_keydep[0],
1579 		    &sense->sense_key_spec[0], 3);
1580 
1581 		ocb->ccb->csio.scsi_status = sbp_cmd_status->status;
1582 		ocb->ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
1583 							| CAM_AUTOSNS_VALID;
1584 /*
1585 {
1586 		uint8_t j, *tmp;
1587 		tmp = sense;
1588 		for( j = 0 ; j < 32 ; j+=8){
1589 			printf("sense %02x%02x %02x%02x %02x%02x %02x%02x\n",
1590 				tmp[j], tmp[j+1], tmp[j+2], tmp[j+3],
1591 				tmp[j+4], tmp[j+5], tmp[j+6], tmp[j+7]);
1592 		}
1593 
1594 }
1595 */
1596 		break;
1597 	default:
1598 		device_printf(ocb->sdev->target->sbp->fd.dev,
1599 				"%s:%s unknown scsi status 0x%x\n",
1600 				__func__, ocb->sdev->bustgtlun,
1601 				sbp_cmd_status->status);
1602 	}
1603 }
1604 
1605 static void
1606 sbp_fix_inq_data(struct sbp_ocb *ocb)
1607 {
1608 	union ccb *ccb;
1609 	struct sbp_dev *sdev;
1610 	struct scsi_inquiry_data *inq;
1611 
1612 	ccb = ocb->ccb;
1613 	sdev = ocb->sdev;
1614 
1615 	if (ccb->csio.cdb_io.cdb_bytes[1] & SI_EVPD)
1616 		return;
1617 SBP_DEBUG(1)
1618 	device_printf(sdev->target->sbp->fd.dev,
1619 		"%s:%s\n", __func__, sdev->bustgtlun);
1620 END_DEBUG
1621 	inq = (struct scsi_inquiry_data *) ccb->csio.data_ptr;
1622 	switch (SID_TYPE(inq)) {
1623 	case T_DIRECT:
1624 #if 0
1625 		/*
1626 		 * XXX Convert Direct Access device to RBC.
1627 		 * I've never seen FireWire DA devices which support READ_6.
1628 		 */
1629 		if (SID_TYPE(inq) == T_DIRECT)
1630 			inq->device |= T_RBC; /*  T_DIRECT == 0 */
1631 #endif
1632 		/* fall through */
1633 	case T_RBC:
1634 		/*
1635 		 * Override vendor/product/revision information.
1636 		 * Some devices sometimes return strange strings.
1637 		 */
1638 #if 1
1639 		bcopy(sdev->vendor, inq->vendor, sizeof(inq->vendor));
1640 		bcopy(sdev->product, inq->product, sizeof(inq->product));
1641 		bcopy(sdev->revision+2, inq->revision, sizeof(inq->revision));
1642 #endif
1643 		break;
1644 	}
1645 	/*
1646 	 * Force to enable/disable tagged queuing.
1647 	 * XXX CAM also checks SCP_QUEUE_DQUE flag in the control mode page.
1648 	 */
1649 	if (sbp_tags > 0)
1650 		inq->flags |= SID_CmdQue;
1651 	else if (sbp_tags < 0)
1652 		inq->flags &= ~SID_CmdQue;
1653 
1654 }
1655 
1656 static void
1657 sbp_recv1(struct fw_xfer *xfer)
1658 {
1659 	struct fw_pkt *rfp;
1660 #if NEED_RESPONSE
1661 	struct fw_pkt *sfp;
1662 #endif
1663 	struct sbp_softc *sbp;
1664 	struct sbp_dev *sdev;
1665 	struct sbp_ocb *ocb;
1666 	struct sbp_login_res *login_res = NULL;
1667 	struct sbp_status *sbp_status;
1668 	struct sbp_target *target;
1669 	int	orb_fun, status_valid0, status_valid, t, l, reset_agent = 0;
1670 	uint32_t addr;
1671 /*
1672 	uint32_t *ld;
1673 	ld = xfer->recv.buf;
1674 printf("sbp %x %d %d %08x %08x %08x %08x\n",
1675 			xfer->resp, xfer->recv.len, xfer->recv.off, ntohl(ld[0]), ntohl(ld[1]), ntohl(ld[2]), ntohl(ld[3]));
1676 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[4]), ntohl(ld[5]), ntohl(ld[6]), ntohl(ld[7]));
1677 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[8]), ntohl(ld[9]), ntohl(ld[10]), ntohl(ld[11]));
1678 */
1679 	sbp = (struct sbp_softc *)xfer->sc;
1680 	if (xfer->resp != 0){
1681 		printf("sbp_recv: xfer->resp = %d\n", xfer->resp);
1682 		goto done0;
1683 	}
1684 	if (xfer->recv.payload == NULL){
1685 		printf("sbp_recv: xfer->recv.payload == NULL\n");
1686 		goto done0;
1687 	}
1688 	rfp = &xfer->recv.hdr;
1689 	if(rfp->mode.wreqb.tcode != FWTCODE_WREQB){
1690 		printf("sbp_recv: tcode = %d\n", rfp->mode.wreqb.tcode);
1691 		goto done0;
1692 	}
1693 	sbp_status = (struct sbp_status *)xfer->recv.payload;
1694 	addr = rfp->mode.wreqb.dest_lo;
1695 SBP_DEBUG(2)
1696 	printf("received address 0x%x\n", addr);
1697 END_DEBUG
1698 	t = SBP_ADDR2TRG(addr);
1699 	if (t >= SBP_NUM_TARGETS) {
1700 		device_printf(sbp->fd.dev,
1701 			"sbp_recv1: invalid target %d\n", t);
1702 		goto done0;
1703 	}
1704 	target = &sbp->targets[t];
1705 	l = SBP_ADDR2LUN(addr);
1706 	if (l >= target->num_lun || target->luns[l] == NULL) {
1707 		device_printf(sbp->fd.dev,
1708 			"sbp_recv1: invalid lun %d (target=%d)\n", l, t);
1709 		goto done0;
1710 	}
1711 	sdev = target->luns[l];
1712 
1713 	ocb = NULL;
1714 	switch (sbp_status->src) {
1715 	case 0:
1716 	case 1:
1717 		/* check mgm_ocb_cur first */
1718 		ocb  = target->mgm_ocb_cur;
1719 		if (ocb != NULL) {
1720 			if (OCB_MATCH(ocb, sbp_status)) {
1721 				callout_stop(&target->mgm_ocb_timeout);
1722 				target->mgm_ocb_cur = NULL;
1723 				break;
1724 			}
1725 		}
1726 		ocb = sbp_dequeue_ocb(sdev, sbp_status);
1727 		if (ocb == NULL) {
1728 			device_printf(sdev->target->sbp->fd.dev,
1729 #if defined(__DragonFly__) || __FreeBSD_version < 500000
1730 				"%s:%s No ocb(%lx) on the queue\n",
1731 #else
1732 				"%s:%s No ocb(%x) on the queue\n",
1733 #endif
1734 				__func__,sdev->bustgtlun,
1735 				ntohl(sbp_status->orb_lo));
1736 		}
1737 		break;
1738 	case 2:
1739 		/* unsolicit */
1740 		device_printf(sdev->target->sbp->fd.dev,
1741 			"%s:%s unsolicit status received\n",
1742 			__func__, sdev->bustgtlun);
1743 		break;
1744 	default:
1745 		device_printf(sdev->target->sbp->fd.dev,
1746 			"%s:%s unknown sbp_status->src\n",
1747 			__func__, sdev->bustgtlun);
1748 	}
1749 
1750 	status_valid0 = (sbp_status->src < 2
1751 			&& sbp_status->resp == ORB_RES_CMPL
1752 			&& sbp_status->dead == 0);
1753 	status_valid = (status_valid0 && sbp_status->status == 0);
1754 
1755 	if (!status_valid0 || debug > 2){
1756 		int status;
1757 SBP_DEBUG(0)
1758 		device_printf(sdev->target->sbp->fd.dev,
1759 			"%s:%s ORB status src:%x resp:%x dead:%x"
1760 #if defined(__DragonFly__) || __FreeBSD_version < 500000
1761 				" len:%x stat:%x orb:%x%08lx\n",
1762 #else
1763 				" len:%x stat:%x orb:%x%08x\n",
1764 #endif
1765 			__func__, sdev->bustgtlun,
1766 			sbp_status->src, sbp_status->resp, sbp_status->dead,
1767 			sbp_status->len, sbp_status->status,
1768 			ntohs(sbp_status->orb_hi), ntohl(sbp_status->orb_lo));
1769 END_DEBUG
1770 		device_printf(sdev->target->sbp->fd.dev,
1771 				"%s\n", sdev->bustgtlun);
1772 		status = sbp_status->status;
1773 		switch(sbp_status->resp) {
1774 		case 0:
1775 			if (status > MAX_ORB_STATUS0)
1776 				printf("%s\n", orb_status0[MAX_ORB_STATUS0]);
1777 			else
1778 				printf("%s\n", orb_status0[status]);
1779 			break;
1780 		case 1:
1781 			printf("Obj: %s, Error: %s\n",
1782 				orb_status1_object[(status>>6) & 3],
1783 				orb_status1_serial_bus_error[status & 0xf]);
1784 			break;
1785 		case 2:
1786 			printf("Illegal request\n");
1787 			break;
1788 		case 3:
1789 			printf("Vendor dependent\n");
1790 			break;
1791 		default:
1792 			printf("unknown respose code %d\n", sbp_status->resp);
1793 		}
1794 	}
1795 
1796 	/* we have to reset the fetch agent if it's dead */
1797 	if (sbp_status->dead) {
1798 		if (sdev->path) {
1799 			SBP_LOCK(sbp);
1800 			xpt_freeze_devq(sdev->path, 1);
1801 			sdev->freeze ++;
1802 			SBP_UNLOCK(sbp);
1803 		}
1804 		reset_agent = 1;
1805 	}
1806 
1807 	if (ocb == NULL)
1808 		goto done;
1809 
1810 	switch(ntohl(ocb->orb[4]) & ORB_FMT_MSK){
1811 	case ORB_FMT_NOP:
1812 		break;
1813 	case ORB_FMT_VED:
1814 		break;
1815 	case ORB_FMT_STD:
1816 		switch(ocb->flags) {
1817 		case OCB_ACT_MGM:
1818 			orb_fun = ntohl(ocb->orb[4]) & ORB_FUN_MSK;
1819 			reset_agent = 0;
1820 			switch(orb_fun) {
1821 			case ORB_FUN_LGI:
1822 				fwdma_sync(&sdev->dma, BUS_DMASYNC_POSTREAD);
1823 				login_res = sdev->login;
1824 				login_res->len = ntohs(login_res->len);
1825 				login_res->id = ntohs(login_res->id);
1826 				login_res->cmd_hi = ntohs(login_res->cmd_hi);
1827 				login_res->cmd_lo = ntohl(login_res->cmd_lo);
1828 				if (status_valid) {
1829 SBP_DEBUG(0)
1830 					device_printf(sdev->target->sbp->fd.dev,
1831 						"%s:%s login: len %d, ID %d, cmd %08x%08x, recon_hold %d\n",
1832 						__func__, sdev->bustgtlun,
1833 						login_res->len, login_res->id,
1834 						login_res->cmd_hi, login_res->cmd_lo,
1835 						ntohs(login_res->recon_hold));
1836 END_DEBUG
1837 					sbp_busy_timeout(sdev);
1838 				} else {
1839 					/* forgot logout? */
1840 					device_printf(sdev->target->sbp->fd.dev,
1841 						"%s:%s login failed\n",
1842 						__func__, sdev->bustgtlun);
1843 					sdev->status = SBP_DEV_RESET;
1844 				}
1845 				break;
1846 			case ORB_FUN_RCN:
1847 				login_res = sdev->login;
1848 				if (status_valid) {
1849 SBP_DEBUG(0)
1850 					device_printf(sdev->target->sbp->fd.dev,
1851 						"%s:%s reconnect: len %d, ID %d, cmd %08x%08x\n",
1852 						__func__, sdev->bustgtlun,
1853 						login_res->len, login_res->id,
1854 						login_res->cmd_hi, login_res->cmd_lo);
1855 END_DEBUG
1856 					if (sdev->status == SBP_DEV_ATTACHED)
1857 						sbp_scan_dev(sdev);
1858 					else
1859 						sbp_agent_reset(sdev);
1860 				} else {
1861 					/* reconnection hold time exceed? */
1862 SBP_DEBUG(0)
1863 					device_printf(sdev->target->sbp->fd.dev,
1864 						"%s:%s reconnect failed\n",
1865 						__func__, sdev->bustgtlun);
1866 END_DEBUG
1867 					sbp_login(sdev);
1868 				}
1869 				break;
1870 			case ORB_FUN_LGO:
1871 				sdev->status = SBP_DEV_RESET;
1872 				break;
1873 			case ORB_FUN_RST:
1874 				sbp_busy_timeout(sdev);
1875 				break;
1876 			case ORB_FUN_LUR:
1877 			case ORB_FUN_ATA:
1878 			case ORB_FUN_ATS:
1879 				sbp_agent_reset(sdev);
1880 				break;
1881 			default:
1882 				device_printf(sdev->target->sbp->fd.dev,
1883 					"%s:%s unknown function %d\n",
1884 					__func__, sdev->bustgtlun, orb_fun);
1885 				break;
1886 			}
1887 			sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
1888 			break;
1889 		case OCB_ACT_CMD:
1890 			sdev->timeout = 0;
1891 			if(ocb->ccb != NULL){
1892 				union ccb *ccb;
1893 
1894 				ccb = ocb->ccb;
1895 				if(sbp_status->len > 1){
1896 					sbp_scsi_status(sbp_status, ocb);
1897 				}else{
1898 					if(sbp_status->resp != ORB_RES_CMPL){
1899 						ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1900 					}else{
1901 						ccb->ccb_h.status = CAM_REQ_CMP;
1902 					}
1903 				}
1904 				/* fix up inq data */
1905 				if (ccb->csio.cdb_io.cdb_bytes[0] == INQUIRY)
1906 					sbp_fix_inq_data(ocb);
1907 				SBP_LOCK(sbp);
1908 				xpt_done(ccb);
1909 				SBP_UNLOCK(sbp);
1910 			}
1911 			break;
1912 		default:
1913 			break;
1914 		}
1915 	}
1916 
1917 	if (!use_doorbell)
1918 		sbp_free_ocb(sdev, ocb);
1919 done:
1920 	if (reset_agent)
1921 		sbp_agent_reset(sdev);
1922 
1923 done0:
1924 	xfer->recv.pay_len = SBP_RECV_LEN;
1925 /* The received packet is usually small enough to be stored within
1926  * the buffer. In that case, the controller return ack_complete and
1927  * no respose is necessary.
1928  *
1929  * XXX fwohci.c and firewire.c should inform event_code such as
1930  * ack_complete or ack_pending to upper driver.
1931  */
1932 #if NEED_RESPONSE
1933 	xfer->send.off = 0;
1934 	sfp = (struct fw_pkt *)xfer->send.buf;
1935 	sfp->mode.wres.dst = rfp->mode.wreqb.src;
1936 	xfer->dst = sfp->mode.wres.dst;
1937 	xfer->spd = min(sdev->target->fwdev->speed, max_speed);
1938 	xfer->hand = sbp_loginres_callback;
1939 
1940 	sfp->mode.wres.tlrt = rfp->mode.wreqb.tlrt;
1941 	sfp->mode.wres.tcode = FWTCODE_WRES;
1942 	sfp->mode.wres.rtcode = 0;
1943 	sfp->mode.wres.pri = 0;
1944 
1945 	fw_asyreq(xfer->fc, -1, xfer);
1946 #else
1947 	/* recycle */
1948 	/* we don't need a lock here because bottom half is serialized */
1949 	STAILQ_INSERT_TAIL(&sbp->fwb.xferlist, xfer, link);
1950 #endif
1951 
1952 	return;
1953 
1954 }
1955 
1956 static void
1957 sbp_recv(struct fw_xfer *xfer)
1958 {
1959 	int s;
1960 
1961 	s = splcam();
1962 	sbp_recv1(xfer);
1963 	splx(s);
1964 }
1965 /*
1966  * sbp_attach()
1967  */
1968 static int
1969 sbp_attach(device_t dev)
1970 {
1971 	struct sbp_softc *sbp;
1972 	struct cam_devq *devq;
1973 	struct firewire_comm *fc;
1974 	int i, s, error;
1975 
1976 	if (DFLTPHYS > SBP_MAXPHYS)
1977 		device_printf(dev, "Warning, DFLTPHYS(%dKB) is larger than "
1978 			"SBP_MAXPHYS(%dKB).\n", DFLTPHYS / 1024,
1979 			SBP_MAXPHYS / 1024);
1980 
1981 	if (!firewire_phydma_enable)
1982 		device_printf(dev, "Warning, hw.firewire.phydma_enable must be 1 "
1983 			"for SBP over FireWire.\n");
1984 SBP_DEBUG(0)
1985 	printf("sbp_attach (cold=%d)\n", cold);
1986 END_DEBUG
1987 
1988 	if (cold)
1989 		sbp_cold ++;
1990 	sbp = ((struct sbp_softc *)device_get_softc(dev));
1991 	bzero(sbp, sizeof(struct sbp_softc));
1992 	sbp->fd.dev = dev;
1993 	sbp->fd.fc = fc = device_get_ivars(dev);
1994 	mtx_init(&sbp->mtx, "sbp", NULL, MTX_DEF);
1995 
1996 	if (max_speed < 0)
1997 		max_speed = fc->speed;
1998 
1999 	error = bus_dma_tag_create(/*parent*/fc->dmat,
2000 				/* XXX shoud be 4 for sane backend? */
2001 				/*alignment*/1,
2002 				/*boundary*/0,
2003 				/*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
2004 				/*highaddr*/BUS_SPACE_MAXADDR,
2005 				/*filter*/NULL, /*filterarg*/NULL,
2006 				/*maxsize*/0x100000, /*nsegments*/SBP_IND_MAX,
2007 				/*maxsegsz*/SBP_SEG_MAX,
2008 				/*flags*/BUS_DMA_ALLOCNOW,
2009 #if defined(__FreeBSD__) && __FreeBSD_version >= 501102
2010 				/*lockfunc*/busdma_lock_mutex,
2011 				/*lockarg*/&sbp->mtx,
2012 #endif
2013 				&sbp->dmat);
2014 	if (error != 0) {
2015 		printf("sbp_attach: Could not allocate DMA tag "
2016 			"- error %d\n", error);
2017 			return (ENOMEM);
2018 	}
2019 
2020 	devq = cam_simq_alloc(/*maxopenings*/SBP_NUM_OCB);
2021 	if (devq == NULL)
2022 		return (ENXIO);
2023 
2024 	for( i = 0 ; i < SBP_NUM_TARGETS ; i++){
2025 		sbp->targets[i].fwdev = NULL;
2026 		sbp->targets[i].luns = NULL;
2027 	}
2028 
2029 	sbp->sim = cam_sim_alloc(sbp_action, sbp_poll, "sbp", sbp,
2030 				 device_get_unit(dev),
2031 				 &sbp->mtx,
2032 				 /*untagged*/ 1,
2033 				 /*tagged*/ SBP_QUEUE_LEN - 1,
2034 				 devq);
2035 
2036 	if (sbp->sim == NULL) {
2037 		cam_simq_free(devq);
2038 		return (ENXIO);
2039 	}
2040 
2041 	SBP_LOCK(sbp);
2042 	if (xpt_bus_register(sbp->sim, dev, /*bus*/0) != CAM_SUCCESS)
2043 		goto fail;
2044 
2045 	if (xpt_create_path(&sbp->path, NULL, cam_sim_path(sbp->sim),
2046 	    CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
2047 		xpt_bus_deregister(cam_sim_path(sbp->sim));
2048 		goto fail;
2049 	}
2050 	SBP_UNLOCK(sbp);
2051 
2052 	/* We reserve 16 bit space (4 bytes X 64 targets X 256 luns) */
2053 	sbp->fwb.start = ((u_int64_t)SBP_BIND_HI << 32) | SBP_DEV2ADDR(0, 0);
2054 	sbp->fwb.end = sbp->fwb.start + 0xffff;
2055 	/* pre-allocate xfer */
2056 	STAILQ_INIT(&sbp->fwb.xferlist);
2057 	fw_xferlist_add(&sbp->fwb.xferlist, M_SBP,
2058 	    /*send*/ 0, /*recv*/ SBP_RECV_LEN, SBP_NUM_OCB/2,
2059 	    fc, (void *)sbp, sbp_recv);
2060 
2061 	fw_bindadd(fc, &sbp->fwb);
2062 
2063 	sbp->fd.post_busreset = sbp_post_busreset;
2064 	sbp->fd.post_explore = sbp_post_explore;
2065 
2066 	if (fc->status != -1) {
2067 		s = splfw();
2068 		sbp_post_busreset((void *)sbp);
2069 		sbp_post_explore((void *)sbp);
2070 		splx(s);
2071 	}
2072 	SBP_LOCK(sbp);
2073 	xpt_async(AC_BUS_RESET, sbp->path, /*arg*/ NULL);
2074 	SBP_UNLOCK(sbp);
2075 
2076 	return (0);
2077 fail:
2078 	SBP_UNLOCK(sbp);
2079 	cam_sim_free(sbp->sim, /*free_devq*/TRUE);
2080 	return (ENXIO);
2081 }
2082 
2083 static int
2084 sbp_logout_all(struct sbp_softc *sbp)
2085 {
2086 	struct sbp_target *target;
2087 	struct sbp_dev *sdev;
2088 	int i, j;
2089 
2090 SBP_DEBUG(0)
2091 	printf("sbp_logout_all\n");
2092 END_DEBUG
2093 	for (i = 0 ; i < SBP_NUM_TARGETS ; i ++) {
2094 		target = &sbp->targets[i];
2095 		if (target->luns == NULL)
2096 			continue;
2097 		for (j = 0; j < target->num_lun; j++) {
2098 			sdev = target->luns[j];
2099 			if (sdev == NULL)
2100 				continue;
2101 			callout_stop(&sdev->login_callout);
2102 			if (sdev->status >= SBP_DEV_TOATTACH &&
2103 					sdev->status <= SBP_DEV_ATTACHED)
2104 				sbp_mgm_orb(sdev, ORB_FUN_LGO, NULL);
2105 		}
2106 	}
2107 
2108 	return 0;
2109 }
2110 
2111 static int
2112 sbp_shutdown(device_t dev)
2113 {
2114 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2115 
2116 	sbp_logout_all(sbp);
2117 	return (0);
2118 }
2119 
2120 static void
2121 sbp_free_sdev(struct sbp_dev *sdev)
2122 {
2123 	int i;
2124 
2125 	if (sdev == NULL)
2126 		return;
2127 	for (i = 0; i < SBP_QUEUE_LEN; i++)
2128 		bus_dmamap_destroy(sdev->target->sbp->dmat,
2129 		    sdev->ocb[i].dmamap);
2130 	fwdma_free(sdev->target->sbp->fd.fc, &sdev->dma);
2131 	free(sdev, M_SBP);
2132 	sdev = NULL;
2133 }
2134 
2135 static void
2136 sbp_free_target(struct sbp_target *target)
2137 {
2138 	struct sbp_softc *sbp;
2139 	struct fw_xfer *xfer, *next;
2140 	int i;
2141 
2142 	if (target->luns == NULL)
2143 		return;
2144 	callout_stop(&target->mgm_ocb_timeout);
2145 	sbp = target->sbp;
2146 	for (i = 0; i < target->num_lun; i++)
2147 		sbp_free_sdev(target->luns[i]);
2148 
2149 	for (xfer = STAILQ_FIRST(&target->xferlist);
2150 			xfer != NULL; xfer = next) {
2151 		next = STAILQ_NEXT(xfer, link);
2152 		fw_xfer_free_buf(xfer);
2153 	}
2154 	STAILQ_INIT(&target->xferlist);
2155 	free(target->luns, M_SBP);
2156 	target->num_lun = 0;
2157 	target->luns = NULL;
2158 	target->fwdev = NULL;
2159 }
2160 
2161 static int
2162 sbp_detach(device_t dev)
2163 {
2164 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2165 	struct firewire_comm *fc = sbp->fd.fc;
2166 	int i;
2167 
2168 SBP_DEBUG(0)
2169 	printf("sbp_detach\n");
2170 END_DEBUG
2171 
2172 	for (i = 0; i < SBP_NUM_TARGETS; i ++)
2173 		sbp_cam_detach_target(&sbp->targets[i]);
2174 
2175 	SBP_LOCK(sbp);
2176 	xpt_async(AC_LOST_DEVICE, sbp->path, NULL);
2177 	xpt_free_path(sbp->path);
2178 	xpt_bus_deregister(cam_sim_path(sbp->sim));
2179 	cam_sim_free(sbp->sim, /*free_devq*/ TRUE);
2180 	SBP_UNLOCK(sbp);
2181 
2182 	sbp_logout_all(sbp);
2183 
2184 	/* XXX wait for logout completion */
2185 	pause("sbpdtc", hz/2);
2186 
2187 	for (i = 0 ; i < SBP_NUM_TARGETS ; i ++)
2188 		sbp_free_target(&sbp->targets[i]);
2189 
2190 	fw_bindremove(fc, &sbp->fwb);
2191 	fw_xferlist_remove(&sbp->fwb.xferlist);
2192 
2193 	bus_dma_tag_destroy(sbp->dmat);
2194 	mtx_destroy(&sbp->mtx);
2195 
2196 	return (0);
2197 }
2198 
2199 static void
2200 sbp_cam_detach_sdev(struct sbp_dev *sdev)
2201 {
2202 	if (sdev == NULL)
2203 		return;
2204 	if (sdev->status == SBP_DEV_DEAD)
2205 		return;
2206 	if (sdev->status == SBP_DEV_RESET)
2207 		return;
2208 	sbp_abort_all_ocbs(sdev, CAM_DEV_NOT_THERE);
2209 	if (sdev->path) {
2210 		SBP_LOCK(sdev->target->sbp);
2211 		xpt_release_devq(sdev->path,
2212 				 sdev->freeze, TRUE);
2213 		sdev->freeze = 0;
2214 		xpt_async(AC_LOST_DEVICE, sdev->path, NULL);
2215 		xpt_free_path(sdev->path);
2216 		sdev->path = NULL;
2217 		SBP_UNLOCK(sdev->target->sbp);
2218 	}
2219 }
2220 
2221 static void
2222 sbp_cam_detach_target(struct sbp_target *target)
2223 {
2224 	int i;
2225 
2226 	if (target->luns != NULL) {
2227 SBP_DEBUG(0)
2228 		printf("sbp_detach_target %d\n", target->target_id);
2229 END_DEBUG
2230 		callout_stop(&target->scan_callout);
2231 		for (i = 0; i < target->num_lun; i++)
2232 			sbp_cam_detach_sdev(target->luns[i]);
2233 	}
2234 }
2235 
2236 static void
2237 sbp_target_reset(struct sbp_dev *sdev, int method)
2238 {
2239 	int i;
2240 	struct sbp_target *target = sdev->target;
2241 	struct sbp_dev *tsdev;
2242 
2243 	for (i = 0; i < target->num_lun; i++) {
2244 		tsdev = target->luns[i];
2245 		if (tsdev == NULL)
2246 			continue;
2247 		if (tsdev->status == SBP_DEV_DEAD)
2248 			continue;
2249 		if (tsdev->status == SBP_DEV_RESET)
2250 			continue;
2251 		SBP_LOCK(target->sbp);
2252 		xpt_freeze_devq(tsdev->path, 1);
2253 		tsdev->freeze ++;
2254 		SBP_UNLOCK(target->sbp);
2255 		sbp_abort_all_ocbs(tsdev, CAM_CMD_TIMEOUT);
2256 		if (method == 2)
2257 			tsdev->status = SBP_DEV_LOGIN;
2258 	}
2259 	switch(method) {
2260 	case 1:
2261 		printf("target reset\n");
2262 		sbp_mgm_orb(sdev, ORB_FUN_RST, NULL);
2263 		break;
2264 	case 2:
2265 		printf("reset start\n");
2266 		sbp_reset_start(sdev);
2267 		break;
2268 	}
2269 
2270 }
2271 
2272 static void
2273 sbp_mgm_timeout(void *arg)
2274 {
2275 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2276 	struct sbp_dev *sdev = ocb->sdev;
2277 	struct sbp_target *target = sdev->target;
2278 
2279 	device_printf(sdev->target->sbp->fd.dev,
2280 		"%s:%s request timeout(mgm orb:0x%08x)\n",
2281 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2282 	target->mgm_ocb_cur = NULL;
2283 	sbp_free_ocb(sdev, ocb);
2284 #if 0
2285 	/* XXX */
2286 	printf("run next request\n");
2287 	sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
2288 #endif
2289 	device_printf(sdev->target->sbp->fd.dev,
2290 		"%s:%s reset start\n",
2291 		__func__, sdev->bustgtlun);
2292 	sbp_reset_start(sdev);
2293 }
2294 
2295 static void
2296 sbp_timeout(void *arg)
2297 {
2298 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2299 	struct sbp_dev *sdev = ocb->sdev;
2300 
2301 	device_printf(sdev->target->sbp->fd.dev,
2302 		"%s:%s request timeout(cmd orb:0x%08x) ... ",
2303 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2304 
2305 	sdev->timeout ++;
2306 	switch(sdev->timeout) {
2307 	case 1:
2308 		printf("agent reset\n");
2309 		SBP_LOCK(sdev->target->sbp);
2310 		xpt_freeze_devq(sdev->path, 1);
2311 		sdev->freeze ++;
2312 		SBP_UNLOCK(sdev->target->sbp);
2313 		sbp_abort_all_ocbs(sdev, CAM_CMD_TIMEOUT);
2314 		sbp_agent_reset(sdev);
2315 		break;
2316 	case 2:
2317 	case 3:
2318 		sbp_target_reset(sdev, sdev->timeout - 1);
2319 		break;
2320 #if 0
2321 	default:
2322 		/* XXX give up */
2323 		sbp_cam_detach_target(target);
2324 		if (target->luns != NULL)
2325 			free(target->luns, M_SBP);
2326 		target->num_lun = 0;
2327 		target->luns = NULL;
2328 		target->fwdev = NULL;
2329 #endif
2330 	}
2331 }
2332 
2333 static void
2334 sbp_action1(struct cam_sim *sim, union ccb *ccb)
2335 {
2336 
2337 	struct sbp_softc *sbp = (struct sbp_softc *)sim->softc;
2338 	struct sbp_target *target = NULL;
2339 	struct sbp_dev *sdev = NULL;
2340 
2341 	/* target:lun -> sdev mapping */
2342 	if (sbp != NULL
2343 			&& ccb->ccb_h.target_id != CAM_TARGET_WILDCARD
2344 			&& ccb->ccb_h.target_id < SBP_NUM_TARGETS) {
2345 		target = &sbp->targets[ccb->ccb_h.target_id];
2346 		if (target->fwdev != NULL
2347 				&& ccb->ccb_h.target_lun != CAM_LUN_WILDCARD
2348 				&& ccb->ccb_h.target_lun < target->num_lun) {
2349 			sdev = target->luns[ccb->ccb_h.target_lun];
2350 			if (sdev != NULL && sdev->status != SBP_DEV_ATTACHED &&
2351 				sdev->status != SBP_DEV_PROBE)
2352 				sdev = NULL;
2353 		}
2354 	}
2355 
2356 SBP_DEBUG(1)
2357 	if (sdev == NULL)
2358 		printf("invalid target %d lun %jx\n",
2359 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2360 END_DEBUG
2361 
2362 	switch (ccb->ccb_h.func_code) {
2363 	case XPT_SCSI_IO:
2364 	case XPT_RESET_DEV:
2365 	case XPT_GET_TRAN_SETTINGS:
2366 	case XPT_SET_TRAN_SETTINGS:
2367 	case XPT_CALC_GEOMETRY:
2368 		if (sdev == NULL) {
2369 SBP_DEBUG(1)
2370 			printf("%s:%d:%jx:func_code 0x%04x: "
2371 				"Invalid target (target needed)\n",
2372 				device_get_nameunit(sbp->fd.dev),
2373 				ccb->ccb_h.target_id,
2374 				(uintmax_t)ccb->ccb_h.target_lun,
2375 				ccb->ccb_h.func_code);
2376 END_DEBUG
2377 
2378 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2379 			xpt_done(ccb);
2380 			return;
2381 		}
2382 		break;
2383 	case XPT_PATH_INQ:
2384 	case XPT_NOOP:
2385 		/* The opcodes sometimes aimed at a target (sc is valid),
2386 		 * sometimes aimed at the SIM (sc is invalid and target is
2387 		 * CAM_TARGET_WILDCARD)
2388 		 */
2389 		if (sbp == NULL &&
2390 			ccb->ccb_h.target_id != CAM_TARGET_WILDCARD) {
2391 SBP_DEBUG(0)
2392 			printf("%s:%d:%jx func_code 0x%04x: "
2393 				"Invalid target (no wildcard)\n",
2394 				device_get_nameunit(sbp->fd.dev),
2395 				ccb->ccb_h.target_id,
2396 				(uintmax_t)ccb->ccb_h.target_lun,
2397 				ccb->ccb_h.func_code);
2398 END_DEBUG
2399 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2400 			xpt_done(ccb);
2401 			return;
2402 		}
2403 		break;
2404 	default:
2405 		/* XXX Hm, we should check the input parameters */
2406 		break;
2407 	}
2408 
2409 	switch (ccb->ccb_h.func_code) {
2410 	case XPT_SCSI_IO:
2411 	{
2412 		struct ccb_scsiio *csio;
2413 		struct sbp_ocb *ocb;
2414 		int speed;
2415 		void *cdb;
2416 
2417 		csio = &ccb->csio;
2418 		mtx_assert(sim->mtx, MA_OWNED);
2419 
2420 SBP_DEBUG(2)
2421 		printf("%s:%d:%jx XPT_SCSI_IO: "
2422 			"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
2423 			", flags: 0x%02x, "
2424 			"%db cmd/%db data/%db sense\n",
2425 			device_get_nameunit(sbp->fd.dev),
2426 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun,
2427 			csio->cdb_io.cdb_bytes[0],
2428 			csio->cdb_io.cdb_bytes[1],
2429 			csio->cdb_io.cdb_bytes[2],
2430 			csio->cdb_io.cdb_bytes[3],
2431 			csio->cdb_io.cdb_bytes[4],
2432 			csio->cdb_io.cdb_bytes[5],
2433 			csio->cdb_io.cdb_bytes[6],
2434 			csio->cdb_io.cdb_bytes[7],
2435 			csio->cdb_io.cdb_bytes[8],
2436 			csio->cdb_io.cdb_bytes[9],
2437 			ccb->ccb_h.flags & CAM_DIR_MASK,
2438 			csio->cdb_len, csio->dxfer_len,
2439 			csio->sense_len);
2440 END_DEBUG
2441 		if(sdev == NULL){
2442 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2443 			xpt_done(ccb);
2444 			return;
2445 		}
2446 #if 0
2447 		/* if we are in probe stage, pass only probe commands */
2448 		if (sdev->status == SBP_DEV_PROBE) {
2449 			char *name;
2450 			name = xpt_path_periph(ccb->ccb_h.path)->periph_name;
2451 			printf("probe stage, periph name: %s\n", name);
2452 			if (strcmp(name, "probe") != 0) {
2453 				ccb->ccb_h.status = CAM_REQUEUE_REQ;
2454 				xpt_done(ccb);
2455 				return;
2456 			}
2457 		}
2458 #endif
2459 		if ((ocb = sbp_get_ocb(sdev)) == NULL) {
2460 			ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2461 			if (sdev->freeze == 0) {
2462 				SBP_LOCK(sdev->target->sbp);
2463 				xpt_freeze_devq(sdev->path, 1);
2464 				sdev->freeze ++;
2465 				SBP_UNLOCK(sdev->target->sbp);
2466 			}
2467 			xpt_done(ccb);
2468 			return;
2469 		}
2470 
2471 		ocb->flags = OCB_ACT_CMD;
2472 		ocb->sdev = sdev;
2473 		ocb->ccb = ccb;
2474 		ccb->ccb_h.ccb_sdev_ptr = sdev;
2475 		ocb->orb[0] = htonl(1U << 31);
2476 		ocb->orb[1] = 0;
2477 		ocb->orb[2] = htonl(((sbp->fd.fc->nodeid | FWLOCALBUS )<< 16) );
2478 		ocb->orb[3] = htonl(ocb->bus_addr + IND_PTR_OFFSET);
2479 		speed = min(target->fwdev->speed, max_speed);
2480 		ocb->orb[4] = htonl(ORB_NOTIFY | ORB_CMD_SPD(speed)
2481 						| ORB_CMD_MAXP(speed + 7));
2482 		if((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN){
2483 			ocb->orb[4] |= htonl(ORB_CMD_IN);
2484 		}
2485 
2486 		if (csio->ccb_h.flags & CAM_CDB_POINTER)
2487 			cdb = (void *)csio->cdb_io.cdb_ptr;
2488 		else
2489 			cdb = (void *)&csio->cdb_io.cdb_bytes;
2490 		bcopy(cdb, (void *)&ocb->orb[5], csio->cdb_len);
2491 /*
2492 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[0]), ntohl(ocb->orb[1]), ntohl(ocb->orb[2]), ntohl(ocb->orb[3]));
2493 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[4]), ntohl(ocb->orb[5]), ntohl(ocb->orb[6]), ntohl(ocb->orb[7]));
2494 */
2495 		if (ccb->csio.dxfer_len > 0) {
2496 			int error;
2497 
2498 			error = bus_dmamap_load_ccb(/*dma tag*/sbp->dmat,
2499 					/*dma map*/ocb->dmamap,
2500 					ccb,
2501 					sbp_execute_ocb,
2502 					ocb,
2503 					/*flags*/0);
2504 			if (error)
2505 				printf("sbp: bus_dmamap_load error %d\n", error);
2506 		} else
2507 			sbp_execute_ocb(ocb, NULL, 0, 0);
2508 		break;
2509 	}
2510 	case XPT_CALC_GEOMETRY:
2511 	{
2512 		struct ccb_calc_geometry *ccg;
2513 #if defined(__DragonFly__) || __FreeBSD_version < 501100
2514 		uint32_t size_mb;
2515 		uint32_t secs_per_cylinder;
2516 		int extended = 1;
2517 #endif
2518 
2519 		ccg = &ccb->ccg;
2520 		if (ccg->block_size == 0) {
2521 			printf("sbp_action1: block_size is 0.\n");
2522 			ccb->ccb_h.status = CAM_REQ_INVALID;
2523 			xpt_done(ccb);
2524 			break;
2525 		}
2526 SBP_DEBUG(1)
2527 		printf("%s:%d:%d:%jx:XPT_CALC_GEOMETRY: "
2528 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2529 			"Volume size = %d\n",
2530 #else
2531 			"Volume size = %jd\n",
2532 #endif
2533 			device_get_nameunit(sbp->fd.dev),
2534 			cam_sim_path(sbp->sim),
2535 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun,
2536 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
2537 			(uintmax_t)
2538 #endif
2539 				ccg->volume_size);
2540 END_DEBUG
2541 
2542 #if defined(__DragonFly__) || __FreeBSD_version < 501100
2543 		size_mb = ccg->volume_size
2544 			/ ((1024L * 1024L) / ccg->block_size);
2545 
2546 		if (size_mb > 1024 && extended) {
2547 			ccg->heads = 255;
2548 			ccg->secs_per_track = 63;
2549 		} else {
2550 			ccg->heads = 64;
2551 			ccg->secs_per_track = 32;
2552 		}
2553 		secs_per_cylinder = ccg->heads * ccg->secs_per_track;
2554 		ccg->cylinders = ccg->volume_size / secs_per_cylinder;
2555 		ccb->ccb_h.status = CAM_REQ_CMP;
2556 #else
2557 		cam_calc_geometry(ccg, /*extended*/1);
2558 #endif
2559 		xpt_done(ccb);
2560 		break;
2561 	}
2562 	case XPT_RESET_BUS:		/* Reset the specified SCSI bus */
2563 	{
2564 
2565 SBP_DEBUG(1)
2566 		printf("%s:%d:XPT_RESET_BUS: \n",
2567 			device_get_nameunit(sbp->fd.dev), cam_sim_path(sbp->sim));
2568 END_DEBUG
2569 
2570 		ccb->ccb_h.status = CAM_REQ_INVALID;
2571 		xpt_done(ccb);
2572 		break;
2573 	}
2574 	case XPT_PATH_INQ:		/* Path routing inquiry */
2575 	{
2576 		struct ccb_pathinq *cpi = &ccb->cpi;
2577 
2578 SBP_DEBUG(1)
2579 		printf("%s:%d:%jx XPT_PATH_INQ:.\n",
2580 			device_get_nameunit(sbp->fd.dev),
2581 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2582 END_DEBUG
2583 		cpi->version_num = 1; /* XXX??? */
2584 		cpi->hba_inquiry = PI_TAG_ABLE;
2585 		cpi->target_sprt = 0;
2586 		cpi->hba_misc = PIM_NOBUSRESET | PIM_NO_6_BYTE;
2587 		cpi->hba_eng_cnt = 0;
2588 		cpi->max_target = SBP_NUM_TARGETS - 1;
2589 		cpi->max_lun = SBP_NUM_LUNS - 1;
2590 		cpi->initiator_id = SBP_INITIATOR;
2591 		cpi->bus_id = sim->bus_id;
2592 		cpi->base_transfer_speed = 400 * 1000 / 8;
2593 		strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2594 		strncpy(cpi->hba_vid, "SBP", HBA_IDLEN);
2595 		strncpy(cpi->dev_name, sim->sim_name, DEV_IDLEN);
2596 		cpi->unit_number = sim->unit_number;
2597                 cpi->transport = XPORT_SPI;	/* XX should have a FireWire */
2598                 cpi->transport_version = 2;
2599                 cpi->protocol = PROTO_SCSI;
2600                 cpi->protocol_version = SCSI_REV_2;
2601 
2602 		cpi->ccb_h.status = CAM_REQ_CMP;
2603 		xpt_done(ccb);
2604 		break;
2605 	}
2606 	case XPT_GET_TRAN_SETTINGS:
2607 	{
2608 		struct ccb_trans_settings *cts = &ccb->cts;
2609 		struct ccb_trans_settings_scsi *scsi =
2610 		    &cts->proto_specific.scsi;
2611 		struct ccb_trans_settings_spi *spi =
2612 		    &cts->xport_specific.spi;
2613 
2614 		cts->protocol = PROTO_SCSI;
2615 		cts->protocol_version = SCSI_REV_2;
2616 		cts->transport = XPORT_SPI;	/* should have a FireWire */
2617 		cts->transport_version = 2;
2618 		spi->valid = CTS_SPI_VALID_DISC;
2619 		spi->flags = CTS_SPI_FLAGS_DISC_ENB;
2620 		scsi->valid = CTS_SCSI_VALID_TQ;
2621 		scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
2622 SBP_DEBUG(1)
2623 		printf("%s:%d:%jx XPT_GET_TRAN_SETTINGS:.\n",
2624 			device_get_nameunit(sbp->fd.dev),
2625 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2626 END_DEBUG
2627 		cts->ccb_h.status = CAM_REQ_CMP;
2628 		xpt_done(ccb);
2629 		break;
2630 	}
2631 	case XPT_ABORT:
2632 		ccb->ccb_h.status = CAM_UA_ABORT;
2633 		xpt_done(ccb);
2634 		break;
2635 	case XPT_SET_TRAN_SETTINGS:
2636 		/* XXX */
2637 	default:
2638 		ccb->ccb_h.status = CAM_REQ_INVALID;
2639 		xpt_done(ccb);
2640 		break;
2641 	}
2642 	return;
2643 }
2644 
2645 static void
2646 sbp_action(struct cam_sim *sim, union ccb *ccb)
2647 {
2648 	int s;
2649 
2650 	s = splfw();
2651 	sbp_action1(sim, ccb);
2652 	splx(s);
2653 }
2654 
2655 static void
2656 sbp_execute_ocb(void *arg,  bus_dma_segment_t *segments, int seg, int error)
2657 {
2658 	int i;
2659 	struct sbp_ocb *ocb;
2660 	struct sbp_ocb *prev;
2661 	bus_dma_segment_t *s;
2662 
2663 	if (error)
2664 		printf("sbp_execute_ocb: error=%d\n", error);
2665 
2666 	ocb = (struct sbp_ocb *)arg;
2667 
2668 SBP_DEBUG(2)
2669 	printf("sbp_execute_ocb: seg %d", seg);
2670 	for (i = 0; i < seg; i++)
2671 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2672 		printf(", %x:%d", segments[i].ds_addr, segments[i].ds_len);
2673 #else
2674 		printf(", %jx:%jd", (uintmax_t)segments[i].ds_addr,
2675 					(uintmax_t)segments[i].ds_len);
2676 #endif
2677 	printf("\n");
2678 END_DEBUG
2679 
2680 	if (seg == 1) {
2681 		/* direct pointer */
2682 		s = &segments[0];
2683 		if (s->ds_len > SBP_SEG_MAX)
2684 			panic("ds_len > SBP_SEG_MAX, fix busdma code");
2685 		ocb->orb[3] = htonl(s->ds_addr);
2686 		ocb->orb[4] |= htonl(s->ds_len);
2687 	} else if(seg > 1) {
2688 		/* page table */
2689 		for (i = 0; i < seg; i++) {
2690 			s = &segments[i];
2691 SBP_DEBUG(0)
2692 			/* XXX LSI Logic "< 16 byte" bug might be hit */
2693 			if (s->ds_len < 16)
2694 				printf("sbp_execute_ocb: warning, "
2695 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2696 					"segment length(%d) is less than 16."
2697 #else
2698 					"segment length(%zd) is less than 16."
2699 #endif
2700 					"(seg=%d/%d)\n", (size_t)s->ds_len, i+1, seg);
2701 END_DEBUG
2702 			if (s->ds_len > SBP_SEG_MAX)
2703 				panic("ds_len > SBP_SEG_MAX, fix busdma code");
2704 			ocb->ind_ptr[i].hi = htonl(s->ds_len << 16);
2705 			ocb->ind_ptr[i].lo = htonl(s->ds_addr);
2706 		}
2707 		ocb->orb[4] |= htonl(ORB_CMD_PTBL | seg);
2708 	}
2709 
2710 	if (seg > 0)
2711 		bus_dmamap_sync(ocb->sdev->target->sbp->dmat, ocb->dmamap,
2712 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2713 			BUS_DMASYNC_PREREAD : BUS_DMASYNC_PREWRITE);
2714 	prev = sbp_enqueue_ocb(ocb->sdev, ocb);
2715 	fwdma_sync(&ocb->sdev->dma, BUS_DMASYNC_PREWRITE);
2716 	if (use_doorbell) {
2717 		if (prev == NULL) {
2718 			if (ocb->sdev->last_ocb != NULL)
2719 				sbp_doorbell(ocb->sdev);
2720 			else
2721 				sbp_orb_pointer(ocb->sdev, ocb);
2722 		}
2723 	} else {
2724 		if (prev == NULL || (ocb->sdev->flags & ORB_LINK_DEAD) != 0) {
2725 			ocb->sdev->flags &= ~ORB_LINK_DEAD;
2726 			sbp_orb_pointer(ocb->sdev, ocb);
2727 		}
2728 	}
2729 }
2730 
2731 static void
2732 sbp_poll(struct cam_sim *sim)
2733 {
2734 	struct sbp_softc *sbp;
2735 	struct firewire_comm *fc;
2736 
2737 	sbp = (struct sbp_softc *)sim->softc;
2738 	fc = sbp->fd.fc;
2739 
2740 	fc->poll(fc, 0, -1);
2741 
2742 	return;
2743 }
2744 
2745 static struct sbp_ocb *
2746 sbp_dequeue_ocb(struct sbp_dev *sdev, struct sbp_status *sbp_status)
2747 {
2748 	struct sbp_ocb *ocb;
2749 	struct sbp_ocb *next;
2750 	int s = splfw(), order = 0;
2751 
2752 SBP_DEBUG(1)
2753 	device_printf(sdev->target->sbp->fd.dev,
2754 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2755 	"%s:%s 0x%08lx src %d\n",
2756 #else
2757 	"%s:%s 0x%08x src %d\n",
2758 #endif
2759 	    __func__, sdev->bustgtlun, ntohl(sbp_status->orb_lo), sbp_status->src);
2760 END_DEBUG
2761 	SBP_LOCK(sdev->target->sbp);
2762 	for (ocb = STAILQ_FIRST(&sdev->ocbs); ocb != NULL; ocb = next) {
2763 		next = STAILQ_NEXT(ocb, ocb);
2764 		if (OCB_MATCH(ocb, sbp_status)) {
2765 			/* found */
2766 			STAILQ_REMOVE(&sdev->ocbs, ocb, sbp_ocb, ocb);
2767 			if (ocb->ccb != NULL)
2768 				untimeout(sbp_timeout, (caddr_t)ocb,
2769 						ocb->timeout_ch);
2770 			if (ntohl(ocb->orb[4]) & 0xffff) {
2771 				bus_dmamap_sync(sdev->target->sbp->dmat,
2772 					ocb->dmamap,
2773 					(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2774 					BUS_DMASYNC_POSTREAD :
2775 					BUS_DMASYNC_POSTWRITE);
2776 				bus_dmamap_unload(sdev->target->sbp->dmat,
2777 					ocb->dmamap);
2778 			}
2779 			if (!use_doorbell) {
2780 				if (sbp_status->src == SRC_NO_NEXT) {
2781 					if (next != NULL)
2782 						sbp_orb_pointer(sdev, next);
2783 					else if (order > 0) {
2784 						/*
2785 						 * Unordered execution
2786 						 * We need to send pointer for
2787 						 * next ORB
2788 						 */
2789 						sdev->flags |= ORB_LINK_DEAD;
2790 					}
2791 				}
2792 			} else {
2793 				/*
2794 				 * XXX this is not correct for unordered
2795 				 * execution.
2796 				 */
2797 				if (sdev->last_ocb != NULL) {
2798 					SBP_UNLOCK(sdev->target->sbp);
2799 					sbp_free_ocb(sdev, sdev->last_ocb);
2800 					SBP_LOCK(sdev->target->sbp);
2801 				}
2802 				sdev->last_ocb = ocb;
2803 				if (next != NULL &&
2804 				    sbp_status->src == SRC_NO_NEXT)
2805 					sbp_doorbell(sdev);
2806 			}
2807 			break;
2808 		} else
2809 			order ++;
2810 	}
2811 	SBP_UNLOCK(sdev->target->sbp);
2812 	splx(s);
2813 SBP_DEBUG(0)
2814 	if (ocb && order > 0) {
2815 		device_printf(sdev->target->sbp->fd.dev,
2816 			"%s:%s unordered execution order:%d\n",
2817 			__func__, sdev->bustgtlun, order);
2818 	}
2819 END_DEBUG
2820 	return (ocb);
2821 }
2822 
2823 static struct sbp_ocb *
2824 sbp_enqueue_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2825 {
2826 	int s = splfw();
2827 	struct sbp_ocb *prev, *prev2;
2828 
2829 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
2830 SBP_DEBUG(1)
2831 	device_printf(sdev->target->sbp->fd.dev,
2832 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2833 	"%s:%s 0x%08x\n", __func__, sdev->bustgtlun, ocb->bus_addr);
2834 #else
2835 	"%s:%s 0x%08jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2836 #endif
2837 END_DEBUG
2838 	prev2 = prev = STAILQ_LAST(&sdev->ocbs, sbp_ocb, ocb);
2839 	STAILQ_INSERT_TAIL(&sdev->ocbs, ocb, ocb);
2840 
2841 	if (ocb->ccb != NULL)
2842 		ocb->timeout_ch = timeout(sbp_timeout, (caddr_t)ocb,
2843 					(ocb->ccb->ccb_h.timeout * hz) / 1000);
2844 
2845 	if (use_doorbell && prev == NULL)
2846 		prev2 = sdev->last_ocb;
2847 
2848 	if (prev2 != NULL && (ocb->sdev->flags & ORB_LINK_DEAD) == 0) {
2849 SBP_DEBUG(1)
2850 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2851 		printf("linking chain 0x%x -> 0x%x\n",
2852 		    prev2->bus_addr, ocb->bus_addr);
2853 #else
2854 		printf("linking chain 0x%jx -> 0x%jx\n",
2855 		    (uintmax_t)prev2->bus_addr, (uintmax_t)ocb->bus_addr);
2856 #endif
2857 END_DEBUG
2858 		/*
2859 		 * Suppress compiler optimization so that orb[1] must be written first.
2860 		 * XXX We may need an explicit memory barrier for other architectures
2861 		 * other than i386/amd64.
2862 		 */
2863 		*(volatile uint32_t *)&prev2->orb[1] = htonl(ocb->bus_addr);
2864 		*(volatile uint32_t *)&prev2->orb[0] = 0;
2865 	}
2866 	splx(s);
2867 
2868 	return prev;
2869 }
2870 
2871 static struct sbp_ocb *
2872 sbp_get_ocb(struct sbp_dev *sdev)
2873 {
2874 	struct sbp_ocb *ocb;
2875 	int s = splfw();
2876 
2877 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
2878 	ocb = STAILQ_FIRST(&sdev->free_ocbs);
2879 	if (ocb == NULL) {
2880 		sdev->flags |= ORB_SHORTAGE;
2881 		printf("ocb shortage!!!\n");
2882 		splx(s);
2883 		return NULL;
2884 	}
2885 	STAILQ_REMOVE_HEAD(&sdev->free_ocbs, ocb);
2886 	splx(s);
2887 	ocb->ccb = NULL;
2888 	return (ocb);
2889 }
2890 
2891 static void
2892 sbp_free_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2893 {
2894 	ocb->flags = 0;
2895 	ocb->ccb = NULL;
2896 
2897 	SBP_LOCK(sdev->target->sbp);
2898 	STAILQ_INSERT_TAIL(&sdev->free_ocbs, ocb, ocb);
2899 	if ((sdev->flags & ORB_SHORTAGE) != 0) {
2900 		int count;
2901 
2902 		sdev->flags &= ~ORB_SHORTAGE;
2903 		count = sdev->freeze;
2904 		sdev->freeze = 0;
2905 		xpt_release_devq(sdev->path, count, TRUE);
2906 	}
2907 	SBP_UNLOCK(sdev->target->sbp);
2908 }
2909 
2910 static void
2911 sbp_abort_ocb(struct sbp_ocb *ocb, int status)
2912 {
2913 	struct sbp_dev *sdev;
2914 
2915 	sdev = ocb->sdev;
2916 SBP_DEBUG(0)
2917 	device_printf(sdev->target->sbp->fd.dev,
2918 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2919 	"%s:%s 0x%x\n", __func__, sdev->bustgtlun, ocb->bus_addr);
2920 #else
2921 	"%s:%s 0x%jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2922 #endif
2923 END_DEBUG
2924 SBP_DEBUG(1)
2925 	if (ocb->ccb != NULL)
2926 		sbp_print_scsi_cmd(ocb);
2927 END_DEBUG
2928 	if (ntohl(ocb->orb[4]) & 0xffff) {
2929 		bus_dmamap_sync(sdev->target->sbp->dmat, ocb->dmamap,
2930 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2931 			BUS_DMASYNC_POSTREAD : BUS_DMASYNC_POSTWRITE);
2932 		bus_dmamap_unload(sdev->target->sbp->dmat, ocb->dmamap);
2933 	}
2934 	if (ocb->ccb != NULL) {
2935 		untimeout(sbp_timeout, (caddr_t)ocb,
2936 					ocb->timeout_ch);
2937 		ocb->ccb->ccb_h.status = status;
2938 		SBP_LOCK(sdev->target->sbp);
2939 		xpt_done(ocb->ccb);
2940 		SBP_UNLOCK(sdev->target->sbp);
2941 	}
2942 	sbp_free_ocb(sdev, ocb);
2943 }
2944 
2945 static void
2946 sbp_abort_all_ocbs(struct sbp_dev *sdev, int status)
2947 {
2948 	int s;
2949 	struct sbp_ocb *ocb, *next;
2950 	STAILQ_HEAD(, sbp_ocb) temp;
2951 
2952 	s = splfw();
2953 
2954 	STAILQ_INIT(&temp);
2955 	SBP_LOCK(sdev->target->sbp);
2956 	STAILQ_CONCAT(&temp, &sdev->ocbs);
2957 	STAILQ_INIT(&sdev->ocbs);
2958 	SBP_UNLOCK(sdev->target->sbp);
2959 
2960 	for (ocb = STAILQ_FIRST(&temp); ocb != NULL; ocb = next) {
2961 		next = STAILQ_NEXT(ocb, ocb);
2962 		sbp_abort_ocb(ocb, status);
2963 	}
2964 	if (sdev->last_ocb != NULL) {
2965 		sbp_free_ocb(sdev, sdev->last_ocb);
2966 		sdev->last_ocb = NULL;
2967 	}
2968 
2969 	splx(s);
2970 }
2971 
2972 static devclass_t sbp_devclass;
2973 
2974 static device_method_t sbp_methods[] = {
2975 	/* device interface */
2976 	DEVMETHOD(device_identify,	sbp_identify),
2977 	DEVMETHOD(device_probe,		sbp_probe),
2978 	DEVMETHOD(device_attach,	sbp_attach),
2979 	DEVMETHOD(device_detach,	sbp_detach),
2980 	DEVMETHOD(device_shutdown,	sbp_shutdown),
2981 
2982 	{ 0, 0 }
2983 };
2984 
2985 static driver_t sbp_driver = {
2986 	"sbp",
2987 	sbp_methods,
2988 	sizeof(struct sbp_softc),
2989 };
2990 #ifdef __DragonFly__
2991 DECLARE_DUMMY_MODULE(sbp);
2992 #endif
2993 DRIVER_MODULE(sbp, firewire, sbp_driver, sbp_devclass, 0, 0);
2994 MODULE_VERSION(sbp, 1);
2995 MODULE_DEPEND(sbp, firewire, 1, 1, 1);
2996 MODULE_DEPEND(sbp, cam, 1, 1, 1);
2997