xref: /freebsd/sys/dev/firewire/sbp.c (revision 9a14aa017b21c292740c00ee098195cd46642730)
1 /*-
2  * Copyright (c) 2003 Hidetoshi Shimokawa
3  * Copyright (c) 1998-2002 Katsushi Kobayashi and Hidetoshi Shimokawa
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  *    notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  *    notice, this list of conditions and the following disclaimer in the
13  *    documentation and/or other materials provided with the distribution.
14  * 3. All advertising materials mentioning features or use of this software
15  *    must display the acknowledgement as bellow:
16  *
17  *    This product includes software developed by K. Kobayashi and H. Shimokawa
18  *
19  * 4. The name of the author may not be used to endorse or promote products
20  *    derived from this software without specific prior written permission.
21  *
22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
23  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
24  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
25  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
26  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
27  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
28  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
30  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
31  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32  * POSSIBILITY OF SUCH DAMAGE.
33  *
34  * $FreeBSD$
35  *
36  */
37 
38 #include <sys/param.h>
39 #include <sys/systm.h>
40 #include <sys/module.h>
41 #include <sys/bus.h>
42 #include <sys/kernel.h>
43 #include <sys/sysctl.h>
44 #include <machine/bus.h>
45 #include <sys/malloc.h>
46 #if defined(__FreeBSD__) && __FreeBSD_version >= 501102
47 #include <sys/lock.h>
48 #include <sys/mutex.h>
49 #endif
50 
51 #if defined(__DragonFly__) || __FreeBSD_version < 500106
52 #include <sys/devicestat.h>	/* for struct devstat */
53 #endif
54 
55 #ifdef __DragonFly__
56 #include <bus/cam/cam.h>
57 #include <bus/cam/cam_ccb.h>
58 #include <bus/cam/cam_sim.h>
59 #include <bus/cam/cam_xpt_sim.h>
60 #include <bus/cam/cam_debug.h>
61 #include <bus/cam/cam_periph.h>
62 #include <bus/cam/scsi/scsi_all.h>
63 
64 #include <bus/firewire/firewire.h>
65 #include <bus/firewire/firewirereg.h>
66 #include <bus/firewire/fwdma.h>
67 #include <bus/firewire/iec13213.h>
68 #include "sbp.h"
69 #else
70 #include <cam/cam.h>
71 #include <cam/cam_ccb.h>
72 #include <cam/cam_sim.h>
73 #include <cam/cam_xpt_sim.h>
74 #include <cam/cam_debug.h>
75 #include <cam/cam_periph.h>
76 #include <cam/scsi/scsi_all.h>
77 
78 #include <dev/firewire/firewire.h>
79 #include <dev/firewire/firewirereg.h>
80 #include <dev/firewire/fwdma.h>
81 #include <dev/firewire/iec13213.h>
82 #include <dev/firewire/sbp.h>
83 #endif
84 
85 #define ccb_sdev_ptr	spriv_ptr0
86 #define ccb_sbp_ptr	spriv_ptr1
87 
88 #define SBP_NUM_TARGETS 8 /* MAX 64 */
89 /*
90  * Scan_bus doesn't work for more than 8 LUNs
91  * because of CAM_SCSI2_MAXLUN in cam_xpt.c
92  */
93 #define SBP_NUM_LUNS 64
94 #define SBP_MAXPHYS  MIN(MAXPHYS, (512*1024) /* 512KB */)
95 #define SBP_DMA_SIZE PAGE_SIZE
96 #define SBP_LOGIN_SIZE sizeof(struct sbp_login_res)
97 #define SBP_QUEUE_LEN ((SBP_DMA_SIZE - SBP_LOGIN_SIZE) / sizeof(struct sbp_ocb))
98 #define SBP_NUM_OCB (SBP_QUEUE_LEN * SBP_NUM_TARGETS)
99 
100 /*
101  * STATUS FIFO addressing
102  *   bit
103  * -----------------------
104  *  0- 1( 2): 0 (alignment)
105  *  2- 7( 6): target
106  *  8-15( 8): lun
107  * 16-31( 8): reserved
108  * 32-47(16): SBP_BIND_HI
109  * 48-64(16): bus_id, node_id
110  */
111 #define SBP_BIND_HI 0x1
112 #define SBP_DEV2ADDR(t, l) \
113 	(((u_int64_t)SBP_BIND_HI << 32) \
114 	| (((l) & 0xff) << 8) \
115 	| (((t) & 0x3f) << 2))
116 #define SBP_ADDR2TRG(a)	(((a) >> 2) & 0x3f)
117 #define SBP_ADDR2LUN(a)	(((a) >> 8) & 0xff)
118 #define SBP_INITIATOR 7
119 
120 static char *orb_fun_name[] = {
121 	ORB_FUN_NAMES
122 };
123 
124 static int debug = 0;
125 static int auto_login = 1;
126 static int max_speed = -1;
127 static int sbp_cold = 1;
128 static int ex_login = 1;
129 static int login_delay = 1000;	/* msec */
130 static int scan_delay = 500;	/* msec */
131 static int use_doorbell = 0;
132 static int sbp_tags = 0;
133 
134 SYSCTL_DECL(_hw_firewire);
135 static SYSCTL_NODE(_hw_firewire, OID_AUTO, sbp, CTLFLAG_RD, 0,
136 	"SBP-II Subsystem");
137 SYSCTL_INT(_debug, OID_AUTO, sbp_debug, CTLFLAG_RW, &debug, 0,
138 	"SBP debug flag");
139 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, auto_login, CTLFLAG_RW, &auto_login, 0,
140 	"SBP perform login automatically");
141 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, max_speed, CTLFLAG_RW, &max_speed, 0,
142 	"SBP transfer max speed");
143 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, exclusive_login, CTLFLAG_RW,
144 	&ex_login, 0, "SBP enable exclusive login");
145 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, login_delay, CTLFLAG_RW,
146 	&login_delay, 0, "SBP login delay in msec");
147 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, scan_delay, CTLFLAG_RW,
148 	&scan_delay, 0, "SBP scan delay in msec");
149 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, use_doorbell, CTLFLAG_RW,
150 	&use_doorbell, 0, "SBP use doorbell request");
151 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, tags, CTLFLAG_RW, &sbp_tags, 0,
152 	"SBP tagged queuing support");
153 
154 TUNABLE_INT("hw.firewire.sbp.auto_login", &auto_login);
155 TUNABLE_INT("hw.firewire.sbp.max_speed", &max_speed);
156 TUNABLE_INT("hw.firewire.sbp.exclusive_login", &ex_login);
157 TUNABLE_INT("hw.firewire.sbp.login_delay", &login_delay);
158 TUNABLE_INT("hw.firewire.sbp.scan_delay", &scan_delay);
159 TUNABLE_INT("hw.firewire.sbp.use_doorbell", &use_doorbell);
160 TUNABLE_INT("hw.firewire.sbp.tags", &sbp_tags);
161 
162 #define NEED_RESPONSE 0
163 
164 #define SBP_SEG_MAX rounddown(0xffff, PAGE_SIZE)
165 #ifdef __sparc64__ /* iommu */
166 #define SBP_IND_MAX howmany(SBP_MAXPHYS, SBP_SEG_MAX)
167 #else
168 #define SBP_IND_MAX howmany(SBP_MAXPHYS, PAGE_SIZE)
169 #endif
170 struct sbp_ocb {
171 	STAILQ_ENTRY(sbp_ocb)	ocb;
172 	union ccb	*ccb;
173 	bus_addr_t	bus_addr;
174 	uint32_t	orb[8];
175 #define IND_PTR_OFFSET	(8*sizeof(uint32_t))
176 	struct ind_ptr  ind_ptr[SBP_IND_MAX];
177 	struct sbp_dev	*sdev;
178 	int		flags; /* XXX should be removed */
179 	bus_dmamap_t	dmamap;
180 };
181 
182 #define OCB_ACT_MGM 0
183 #define OCB_ACT_CMD 1
184 #define OCB_MATCH(o,s)	((o)->bus_addr == ntohl((s)->orb_lo))
185 
186 struct sbp_dev{
187 #define SBP_DEV_RESET		0	/* accept login */
188 #define SBP_DEV_LOGIN		1	/* to login */
189 #if 0
190 #define SBP_DEV_RECONN		2	/* to reconnect */
191 #endif
192 #define SBP_DEV_TOATTACH	3	/* to attach */
193 #define SBP_DEV_PROBE		4	/* scan lun */
194 #define SBP_DEV_ATTACHED	5	/* in operation */
195 #define SBP_DEV_DEAD		6	/* unavailable unit */
196 #define SBP_DEV_RETRY		7	/* unavailable unit */
197 	uint8_t status:4,
198 		 timeout:4;
199 	uint8_t type;
200 	uint16_t lun_id;
201 	uint16_t freeze;
202 #define	ORB_LINK_DEAD		(1 << 0)
203 #define	VALID_LUN		(1 << 1)
204 #define	ORB_POINTER_ACTIVE	(1 << 2)
205 #define	ORB_POINTER_NEED	(1 << 3)
206 #define	ORB_DOORBELL_ACTIVE	(1 << 4)
207 #define	ORB_DOORBELL_NEED	(1 << 5)
208 #define	ORB_SHORTAGE		(1 << 6)
209 	uint16_t flags;
210 	struct cam_path *path;
211 	struct sbp_target *target;
212 	struct fwdma_alloc dma;
213 	struct sbp_login_res *login;
214 	struct callout login_callout;
215 	struct sbp_ocb *ocb;
216 	STAILQ_HEAD(, sbp_ocb) ocbs;
217 	STAILQ_HEAD(, sbp_ocb) free_ocbs;
218 	struct sbp_ocb *last_ocb;
219 	char vendor[32];
220 	char product[32];
221 	char revision[10];
222 	char bustgtlun[32];
223 };
224 
225 struct sbp_target {
226 	int target_id;
227 	int num_lun;
228 	struct sbp_dev	**luns;
229 	struct sbp_softc *sbp;
230 	struct fw_device *fwdev;
231 	uint32_t mgm_hi, mgm_lo;
232 	struct sbp_ocb *mgm_ocb_cur;
233 	STAILQ_HEAD(, sbp_ocb) mgm_ocb_queue;
234 	struct callout mgm_ocb_timeout;
235 	struct callout scan_callout;
236 	STAILQ_HEAD(, fw_xfer) xferlist;
237 	int n_xfer;
238 };
239 
240 struct sbp_softc {
241 	struct firewire_dev_comm fd;
242 	struct cam_sim  *sim;
243 	struct cam_path  *path;
244 	struct sbp_target targets[SBP_NUM_TARGETS];
245 	struct fw_bind fwb;
246 	bus_dma_tag_t	dmat;
247 	struct timeval last_busreset;
248 #define SIMQ_FREEZED 1
249 	int flags;
250 	struct mtx mtx;
251 };
252 #define SBP_LOCK(sbp) mtx_lock(&(sbp)->mtx)
253 #define SBP_UNLOCK(sbp) mtx_unlock(&(sbp)->mtx)
254 
255 static void sbp_post_explore (void *);
256 static void sbp_recv (struct fw_xfer *);
257 static void sbp_mgm_callback (struct fw_xfer *);
258 #if 0
259 static void sbp_cmd_callback (struct fw_xfer *);
260 #endif
261 static void sbp_orb_pointer (struct sbp_dev *, struct sbp_ocb *);
262 static void sbp_doorbell(struct sbp_dev *);
263 static void sbp_execute_ocb (void *,  bus_dma_segment_t *, int, int);
264 static void sbp_free_ocb (struct sbp_dev *, struct sbp_ocb *);
265 static void sbp_abort_ocb (struct sbp_ocb *, int);
266 static void sbp_abort_all_ocbs (struct sbp_dev *, int);
267 static struct fw_xfer * sbp_write_cmd_locked (struct sbp_dev *, int, int);
268 static struct fw_xfer * sbp_write_cmd (struct sbp_dev *, int, int);
269 static struct sbp_ocb * sbp_get_ocb (struct sbp_dev *);
270 static struct sbp_ocb * sbp_enqueue_ocb (struct sbp_dev *, struct sbp_ocb *);
271 static struct sbp_ocb * sbp_dequeue_ocb (struct sbp_dev *, struct sbp_status *);
272 static void sbp_cam_detach_sdev(struct sbp_dev *);
273 static void sbp_free_sdev(struct sbp_dev *);
274 static void sbp_cam_detach_target (struct sbp_target *);
275 static void sbp_free_target (struct sbp_target *);
276 static void sbp_mgm_timeout (void *arg);
277 static void sbp_timeout (void *arg);
278 static void sbp_mgm_orb (struct sbp_dev *, int, struct sbp_ocb *);
279 
280 static MALLOC_DEFINE(M_SBP, "sbp", "SBP-II/FireWire");
281 
282 /* cam related functions */
283 static void	sbp_action(struct cam_sim *sim, union ccb *ccb);
284 static void	sbp_poll(struct cam_sim *sim);
285 static void	sbp_cam_scan_lun(struct cam_periph *, union ccb *);
286 static void	sbp_cam_scan_target(void *arg);
287 
288 static char *orb_status0[] = {
289 	/* 0 */ "No additional information to report",
290 	/* 1 */ "Request type not supported",
291 	/* 2 */ "Speed not supported",
292 	/* 3 */ "Page size not supported",
293 	/* 4 */ "Access denied",
294 	/* 5 */ "Logical unit not supported",
295 	/* 6 */ "Maximum payload too small",
296 	/* 7 */ "Reserved for future standardization",
297 	/* 8 */ "Resources unavailable",
298 	/* 9 */ "Function rejected",
299 	/* A */ "Login ID not recognized",
300 	/* B */ "Dummy ORB completed",
301 	/* C */ "Request aborted",
302 	/* FF */ "Unspecified error"
303 #define MAX_ORB_STATUS0 0xd
304 };
305 
306 static char *orb_status1_object[] = {
307 	/* 0 */ "Operation request block (ORB)",
308 	/* 1 */ "Data buffer",
309 	/* 2 */ "Page table",
310 	/* 3 */ "Unable to specify"
311 };
312 
313 static char *orb_status1_serial_bus_error[] = {
314 	/* 0 */ "Missing acknowledge",
315 	/* 1 */ "Reserved; not to be used",
316 	/* 2 */ "Time-out error",
317 	/* 3 */ "Reserved; not to be used",
318 	/* 4 */ "Busy retry limit exceeded(X)",
319 	/* 5 */ "Busy retry limit exceeded(A)",
320 	/* 6 */ "Busy retry limit exceeded(B)",
321 	/* 7 */ "Reserved for future standardization",
322 	/* 8 */ "Reserved for future standardization",
323 	/* 9 */ "Reserved for future standardization",
324 	/* A */ "Reserved for future standardization",
325 	/* B */ "Tardy retry limit exceeded",
326 	/* C */ "Conflict error",
327 	/* D */ "Data error",
328 	/* E */ "Type error",
329 	/* F */ "Address error"
330 };
331 
332 static void
333 sbp_identify(driver_t *driver, device_t parent)
334 {
335 SBP_DEBUG(0)
336 	printf("sbp_identify\n");
337 END_DEBUG
338 
339 	BUS_ADD_CHILD(parent, 0, "sbp", device_get_unit(parent));
340 }
341 
342 /*
343  * sbp_probe()
344  */
345 static int
346 sbp_probe(device_t dev)
347 {
348 	device_t pa;
349 
350 SBP_DEBUG(0)
351 	printf("sbp_probe\n");
352 END_DEBUG
353 
354 	pa = device_get_parent(dev);
355 	if(device_get_unit(dev) != device_get_unit(pa)){
356 		return(ENXIO);
357 	}
358 
359 	device_set_desc(dev, "SBP-2/SCSI over FireWire");
360 
361 #if 0
362 	if (bootverbose)
363 		debug = bootverbose;
364 #endif
365 
366 	return (0);
367 }
368 
369 /*
370  * Display device characteristics on the console
371  */
372 static void
373 sbp_show_sdev_info(struct sbp_dev *sdev)
374 {
375 	struct fw_device *fwdev;
376 
377 	fwdev = sdev->target->fwdev;
378 	device_printf(sdev->target->sbp->fd.dev,
379 		"%s: %s: ordered:%d type:%d EUI:%08x%08x node:%d "
380 		"speed:%d maxrec:%d\n",
381 		__func__,
382 		sdev->bustgtlun,
383 		(sdev->type & 0x40) >> 6,
384 		(sdev->type & 0x1f),
385 		fwdev->eui.hi,
386 		fwdev->eui.lo,
387 		fwdev->dst,
388 		fwdev->speed,
389 		fwdev->maxrec);
390 
391 	device_printf(sdev->target->sbp->fd.dev,
392 			"%s: %s '%s' '%s' '%s'\n",
393 			__func__,
394 			sdev->bustgtlun,
395 			sdev->vendor,
396 			sdev->product,
397 			sdev->revision);
398 }
399 
400 static struct {
401 	int bus;
402 	int target;
403 	struct fw_eui64 eui;
404 } wired[] = {
405 	/* Bus	Target	EUI64 */
406 #if 0
407 	{0,	2,	{0x00018ea0, 0x01fd0154}},	/* Logitec HDD */
408 	{0,	0,	{0x00018ea6, 0x00100682}},	/* Logitec DVD */
409 	{0,	1,	{0x00d03200, 0xa412006a}},	/* Yano HDD */
410 #endif
411 	{-1,	-1,	{0,0}}
412 };
413 
414 static int
415 sbp_new_target(struct sbp_softc *sbp, struct fw_device *fwdev)
416 {
417 	int bus, i, target=-1;
418 	char w[SBP_NUM_TARGETS];
419 
420 	bzero(w, sizeof(w));
421 	bus = device_get_unit(sbp->fd.dev);
422 
423 	/* XXX wired-down configuration should be gotten from
424 					tunable or device hint */
425 	for (i = 0; wired[i].bus >= 0; i ++) {
426 		if (wired[i].bus == bus) {
427 			w[wired[i].target] = 1;
428 			if (wired[i].eui.hi == fwdev->eui.hi &&
429 					wired[i].eui.lo == fwdev->eui.lo)
430 				target = wired[i].target;
431 		}
432 	}
433 	if (target >= 0) {
434 		if(target < SBP_NUM_TARGETS &&
435 				sbp->targets[target].fwdev == NULL)
436 			return(target);
437 		device_printf(sbp->fd.dev,
438 			"target %d is not free for %08x:%08x\n",
439 			target, fwdev->eui.hi, fwdev->eui.lo);
440 		target = -1;
441 	}
442 	/* non-wired target */
443 	for (i = 0; i < SBP_NUM_TARGETS; i ++)
444 		if (sbp->targets[i].fwdev == NULL && w[i] == 0) {
445 			target = i;
446 			break;
447 		}
448 
449 	return target;
450 }
451 
452 static void
453 sbp_alloc_lun(struct sbp_target *target)
454 {
455 	struct crom_context cc;
456 	struct csrreg *reg;
457 	struct sbp_dev *sdev, **newluns;
458 	struct sbp_softc *sbp;
459 	int maxlun, lun, i;
460 
461 	sbp = target->sbp;
462 	crom_init_context(&cc, target->fwdev->csrrom);
463 	/* XXX shoud parse appropriate unit directories only */
464 	maxlun = -1;
465 	while (cc.depth >= 0) {
466 		reg = crom_search_key(&cc, CROM_LUN);
467 		if (reg == NULL)
468 			break;
469 		lun = reg->val & 0xffff;
470 SBP_DEBUG(0)
471 		printf("target %d lun %d found\n", target->target_id, lun);
472 END_DEBUG
473 		if (maxlun < lun)
474 			maxlun = lun;
475 		crom_next(&cc);
476 	}
477 	if (maxlun < 0)
478 		printf("%s:%d no LUN found\n",
479 		    device_get_nameunit(target->sbp->fd.dev),
480 		    target->target_id);
481 
482 	maxlun ++;
483 	if (maxlun >= SBP_NUM_LUNS)
484 		maxlun = SBP_NUM_LUNS;
485 
486 	/* Invalidiate stale devices */
487 	for (lun = 0; lun < target->num_lun; lun ++) {
488 		sdev = target->luns[lun];
489 		if (sdev == NULL)
490 			continue;
491 		sdev->flags &= ~VALID_LUN;
492 		if (lun >= maxlun) {
493 			/* lost device */
494 			sbp_cam_detach_sdev(sdev);
495 			sbp_free_sdev(sdev);
496 			target->luns[lun] = NULL;
497 		}
498 	}
499 
500 	/* Reallocate */
501 	if (maxlun != target->num_lun) {
502 		newluns = (struct sbp_dev **) realloc(target->luns,
503 		    sizeof(struct sbp_dev *) * maxlun,
504 		    M_SBP, M_NOWAIT | M_ZERO);
505 
506 		if (newluns == NULL) {
507 			printf("%s: realloc failed\n", __func__);
508 			newluns = target->luns;
509 			maxlun = target->num_lun;
510 		}
511 
512 		/*
513 		 * We must zero the extended region for the case
514 		 * realloc() doesn't allocate new buffer.
515 		 */
516 		if (maxlun > target->num_lun)
517 			bzero(&newluns[target->num_lun],
518 			    sizeof(struct sbp_dev *) *
519 			    (maxlun - target->num_lun));
520 
521 		target->luns = newluns;
522 		target->num_lun = maxlun;
523 	}
524 
525 	crom_init_context(&cc, target->fwdev->csrrom);
526 	while (cc.depth >= 0) {
527 		int new = 0;
528 
529 		reg = crom_search_key(&cc, CROM_LUN);
530 		if (reg == NULL)
531 			break;
532 		lun = reg->val & 0xffff;
533 		if (lun >= SBP_NUM_LUNS) {
534 			printf("too large lun %d\n", lun);
535 			goto next;
536 		}
537 
538 		sdev = target->luns[lun];
539 		if (sdev == NULL) {
540 			sdev = malloc(sizeof(struct sbp_dev),
541 			    M_SBP, M_NOWAIT | M_ZERO);
542 			if (sdev == NULL) {
543 				printf("%s: malloc failed\n", __func__);
544 				goto next;
545 			}
546 			target->luns[lun] = sdev;
547 			sdev->lun_id = lun;
548 			sdev->target = target;
549 			STAILQ_INIT(&sdev->ocbs);
550 			CALLOUT_INIT(&sdev->login_callout);
551 			sdev->status = SBP_DEV_RESET;
552 			new = 1;
553 			snprintf(sdev->bustgtlun, 32, "%s:%d:%d",
554 					device_get_nameunit(sdev->target->sbp->fd.dev),
555 					sdev->target->target_id,
556 					sdev->lun_id);
557 		}
558 		sdev->flags |= VALID_LUN;
559 		sdev->type = (reg->val & 0xff0000) >> 16;
560 
561 		if (new == 0)
562 			goto next;
563 
564 		fwdma_malloc(sbp->fd.fc,
565 			/* alignment */ sizeof(uint32_t),
566 			SBP_DMA_SIZE, &sdev->dma, BUS_DMA_NOWAIT |
567 			BUS_DMA_COHERENT);
568 		if (sdev->dma.v_addr == NULL) {
569 			printf("%s: dma space allocation failed\n",
570 							__func__);
571 			free(sdev, M_SBP);
572 			target->luns[lun] = NULL;
573 			goto next;
574 		}
575 		sdev->login = (struct sbp_login_res *) sdev->dma.v_addr;
576 		sdev->ocb = (struct sbp_ocb *)
577 				((char *)sdev->dma.v_addr + SBP_LOGIN_SIZE);
578 		bzero((char *)sdev->ocb,
579 			sizeof (struct sbp_ocb) * SBP_QUEUE_LEN);
580 
581 		STAILQ_INIT(&sdev->free_ocbs);
582 		for (i = 0; i < SBP_QUEUE_LEN; i++) {
583 			struct sbp_ocb *ocb;
584 			ocb = &sdev->ocb[i];
585 			ocb->bus_addr = sdev->dma.bus_addr
586 				+ SBP_LOGIN_SIZE
587 				+ sizeof(struct sbp_ocb) * i
588 				+ offsetof(struct sbp_ocb, orb[0]);
589 			if (bus_dmamap_create(sbp->dmat, 0, &ocb->dmamap)) {
590 				printf("sbp_attach: cannot create dmamap\n");
591 				/* XXX */
592 				goto next;
593 			}
594 			sbp_free_ocb(sdev, ocb);
595 		}
596 next:
597 		crom_next(&cc);
598 	}
599 
600 	for (lun = 0; lun < target->num_lun; lun ++) {
601 		sdev = target->luns[lun];
602 		if (sdev != NULL && (sdev->flags & VALID_LUN) == 0) {
603 			sbp_cam_detach_sdev(sdev);
604 			sbp_free_sdev(sdev);
605 			target->luns[lun] = NULL;
606 		}
607 	}
608 }
609 
610 static struct sbp_target *
611 sbp_alloc_target(struct sbp_softc *sbp, struct fw_device *fwdev)
612 {
613 	int i;
614 	struct sbp_target *target;
615 	struct crom_context cc;
616 	struct csrreg *reg;
617 
618 SBP_DEBUG(1)
619 	printf("sbp_alloc_target\n");
620 END_DEBUG
621 	i = sbp_new_target(sbp, fwdev);
622 	if (i < 0) {
623 		device_printf(sbp->fd.dev, "increase SBP_NUM_TARGETS!\n");
624 		return NULL;
625 	}
626 	/* new target */
627 	target = &sbp->targets[i];
628 	target->sbp = sbp;
629 	target->fwdev = fwdev;
630 	target->target_id = i;
631 	/* XXX we may want to reload mgm port after each bus reset */
632 	/* XXX there might be multiple management agents */
633 	crom_init_context(&cc, target->fwdev->csrrom);
634 	reg = crom_search_key(&cc, CROM_MGM);
635 	if (reg == NULL || reg->val == 0) {
636 		printf("NULL management address\n");
637 		target->fwdev = NULL;
638 		return NULL;
639 	}
640 	target->mgm_hi = 0xffff;
641 	target->mgm_lo = 0xf0000000 | (reg->val << 2);
642 	target->mgm_ocb_cur = NULL;
643 SBP_DEBUG(1)
644 	printf("target:%d mgm_port: %x\n", i, target->mgm_lo);
645 END_DEBUG
646 	STAILQ_INIT(&target->xferlist);
647 	target->n_xfer = 0;
648 	STAILQ_INIT(&target->mgm_ocb_queue);
649 	CALLOUT_INIT(&target->mgm_ocb_timeout);
650 	CALLOUT_INIT(&target->scan_callout);
651 
652 	target->luns = NULL;
653 	target->num_lun = 0;
654 	return target;
655 }
656 
657 static void
658 sbp_probe_lun(struct sbp_dev *sdev)
659 {
660 	struct fw_device *fwdev;
661 	struct crom_context c, *cc = &c;
662 	struct csrreg *reg;
663 
664 	bzero(sdev->vendor, sizeof(sdev->vendor));
665 	bzero(sdev->product, sizeof(sdev->product));
666 
667 	fwdev = sdev->target->fwdev;
668 	crom_init_context(cc, fwdev->csrrom);
669 	/* get vendor string */
670 	crom_search_key(cc, CSRKEY_VENDOR);
671 	crom_next(cc);
672 	crom_parse_text(cc, sdev->vendor, sizeof(sdev->vendor));
673 	/* skip to the unit directory for SBP-2 */
674 	while ((reg = crom_search_key(cc, CSRKEY_VER)) != NULL) {
675 		if (reg->val == CSRVAL_T10SBP2)
676 			break;
677 		crom_next(cc);
678 	}
679 	/* get firmware revision */
680 	reg = crom_search_key(cc, CSRKEY_FIRM_VER);
681 	if (reg != NULL)
682 		snprintf(sdev->revision, sizeof(sdev->revision),
683 						"%06x", reg->val);
684 	/* get product string */
685 	crom_search_key(cc, CSRKEY_MODEL);
686 	crom_next(cc);
687 	crom_parse_text(cc, sdev->product, sizeof(sdev->product));
688 }
689 
690 static void
691 sbp_login_callout(void *arg)
692 {
693 	struct sbp_dev *sdev = (struct sbp_dev *)arg;
694 	sbp_mgm_orb(sdev, ORB_FUN_LGI, NULL);
695 }
696 
697 static void
698 sbp_login(struct sbp_dev *sdev)
699 {
700 	struct timeval delta;
701 	struct timeval t;
702 	int ticks = 0;
703 
704 	microtime(&delta);
705 	timevalsub(&delta, &sdev->target->sbp->last_busreset);
706 	t.tv_sec = login_delay / 1000;
707 	t.tv_usec = (login_delay % 1000) * 1000;
708 	timevalsub(&t, &delta);
709 	if (t.tv_sec >= 0 && t.tv_usec > 0)
710 		ticks = (t.tv_sec * 1000 + t.tv_usec / 1000) * hz / 1000;
711 SBP_DEBUG(0)
712 	printf("%s: sec = %jd usec = %ld ticks = %d\n", __func__,
713 	    (intmax_t)t.tv_sec, t.tv_usec, ticks);
714 END_DEBUG
715 	callout_reset(&sdev->login_callout, ticks,
716 			sbp_login_callout, (void *)(sdev));
717 }
718 
719 #define SBP_FWDEV_ALIVE(fwdev) (((fwdev)->status == FWDEVATTACHED) \
720 	&& crom_has_specver((fwdev)->csrrom, CSRVAL_ANSIT10, CSRVAL_T10SBP2))
721 
722 static void
723 sbp_probe_target(void *arg)
724 {
725 	struct sbp_target *target = (struct sbp_target *)arg;
726 	struct sbp_softc *sbp = target->sbp;
727 	struct sbp_dev *sdev;
728 	int i, alive;
729 
730 	alive = SBP_FWDEV_ALIVE(target->fwdev);
731 SBP_DEBUG(1)
732 	device_printf(sbp->fd.dev, "%s %d%salive\n",
733 		 __func__, target->target_id,
734 		(!alive) ? " not " : "");
735 END_DEBUG
736 
737 	sbp = target->sbp;
738 	sbp_alloc_lun(target);
739 
740 	/* XXX untimeout mgm_ocb and dequeue */
741 	for (i=0; i < target->num_lun; i++) {
742 		sdev = target->luns[i];
743 		if (sdev == NULL)
744 			continue;
745 		if (alive && (sdev->status != SBP_DEV_DEAD)) {
746 			if (sdev->path != NULL) {
747 				SBP_LOCK(sbp);
748 				xpt_freeze_devq(sdev->path, 1);
749 				sdev->freeze ++;
750 				SBP_UNLOCK(sbp);
751 			}
752 			sbp_probe_lun(sdev);
753 			sbp_show_sdev_info(sdev);
754 
755 			sbp_abort_all_ocbs(sdev, CAM_SCSI_BUS_RESET);
756 			switch (sdev->status) {
757 			case SBP_DEV_RESET:
758 				/* new or revived target */
759 				if (auto_login)
760 					sbp_login(sdev);
761 				break;
762 			case SBP_DEV_TOATTACH:
763 			case SBP_DEV_PROBE:
764 			case SBP_DEV_ATTACHED:
765 			case SBP_DEV_RETRY:
766 			default:
767 				sbp_mgm_orb(sdev, ORB_FUN_RCN, NULL);
768 				break;
769 			}
770 		} else {
771 			switch (sdev->status) {
772 			case SBP_DEV_ATTACHED:
773 SBP_DEBUG(0)
774 				/* the device has gone */
775 				device_printf(sbp->fd.dev, "%s: lost target\n",
776 					__func__);
777 END_DEBUG
778 				if (sdev->path) {
779 					SBP_LOCK(sbp);
780 					xpt_freeze_devq(sdev->path, 1);
781 					sdev->freeze ++;
782 					SBP_UNLOCK(sbp);
783 				}
784 				sdev->status = SBP_DEV_RETRY;
785 				sbp_cam_detach_sdev(sdev);
786 				sbp_free_sdev(sdev);
787 				target->luns[i] = NULL;
788 				break;
789 			case SBP_DEV_PROBE:
790 			case SBP_DEV_TOATTACH:
791 				sdev->status = SBP_DEV_RESET;
792 				break;
793 			case SBP_DEV_RETRY:
794 			case SBP_DEV_RESET:
795 			case SBP_DEV_DEAD:
796 				break;
797 			}
798 		}
799 	}
800 }
801 
802 static void
803 sbp_post_busreset(void *arg)
804 {
805 	struct sbp_softc *sbp;
806 
807 	sbp = (struct sbp_softc *)arg;
808 SBP_DEBUG(0)
809 	printf("sbp_post_busreset\n");
810 END_DEBUG
811 	if ((sbp->sim->flags & SIMQ_FREEZED) == 0) {
812 		SBP_LOCK(sbp);
813 		xpt_freeze_simq(sbp->sim, /*count*/1);
814 		sbp->sim->flags |= SIMQ_FREEZED;
815 		SBP_UNLOCK(sbp);
816 	}
817 	microtime(&sbp->last_busreset);
818 }
819 
820 static void
821 sbp_post_explore(void *arg)
822 {
823 	struct sbp_softc *sbp = (struct sbp_softc *)arg;
824 	struct sbp_target *target;
825 	struct fw_device *fwdev;
826 	int i, alive;
827 
828 SBP_DEBUG(0)
829 	printf("sbp_post_explore (sbp_cold=%d)\n", sbp_cold);
830 END_DEBUG
831 	/* We need physical access */
832 	if (!firewire_phydma_enable)
833 		return;
834 
835 	if (sbp_cold > 0)
836 		sbp_cold --;
837 
838 #if 0
839 	/*
840 	 * XXX don't let CAM the bus rest.
841 	 * CAM tries to do something with freezed (DEV_RETRY) devices.
842 	 */
843 	xpt_async(AC_BUS_RESET, sbp->path, /*arg*/ NULL);
844 #endif
845 
846 	/* Garbage Collection */
847 	for(i = 0 ; i < SBP_NUM_TARGETS ; i ++){
848 		target = &sbp->targets[i];
849 		STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link)
850 			if (target->fwdev == NULL || target->fwdev == fwdev)
851 				break;
852 		if (fwdev == NULL) {
853 			/* device has removed in lower driver */
854 			sbp_cam_detach_target(target);
855 			sbp_free_target(target);
856 		}
857 	}
858 	/* traverse device list */
859 	STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link) {
860 SBP_DEBUG(0)
861 		device_printf(sbp->fd.dev,"%s:: EUI:%08x%08x %s attached, state=%d\n",
862 				__func__, fwdev->eui.hi, fwdev->eui.lo,
863 				(fwdev->status != FWDEVATTACHED) ? "not" : "",
864 				fwdev->status);
865 END_DEBUG
866 		alive = SBP_FWDEV_ALIVE(fwdev);
867 		for(i = 0 ; i < SBP_NUM_TARGETS ; i ++){
868 			target = &sbp->targets[i];
869 			if(target->fwdev == fwdev ) {
870 				/* known target */
871 				break;
872 			}
873 		}
874 		if(i == SBP_NUM_TARGETS){
875 			if (alive) {
876 				/* new target */
877 				target = sbp_alloc_target(sbp, fwdev);
878 				if (target == NULL)
879 					continue;
880 			} else {
881 				continue;
882 			}
883 		}
884 		sbp_probe_target((void *)target);
885 		if (target->num_lun == 0)
886 			sbp_free_target(target);
887 	}
888 	SBP_LOCK(sbp);
889 	xpt_release_simq(sbp->sim, /*run queue*/TRUE);
890 	sbp->sim->flags &= ~SIMQ_FREEZED;
891 	SBP_UNLOCK(sbp);
892 }
893 
894 #if NEED_RESPONSE
895 static void
896 sbp_loginres_callback(struct fw_xfer *xfer){
897 	int s;
898 	struct sbp_dev *sdev;
899 	sdev = (struct sbp_dev *)xfer->sc;
900 SBP_DEBUG(1)
901 	device_printf(sdev->target->sbp->fd.dev,"%s\n", __func__);
902 END_DEBUG
903 	/* recycle */
904 	s = splfw();
905 	STAILQ_INSERT_TAIL(&sdev->target->sbp->fwb.xferlist, xfer, link);
906 	splx(s);
907 	return;
908 }
909 #endif
910 
911 static __inline void
912 sbp_xfer_free(struct fw_xfer *xfer)
913 {
914 	struct sbp_dev *sdev;
915 	int s;
916 
917 	sdev = (struct sbp_dev *)xfer->sc;
918 	fw_xfer_unload(xfer);
919 	s = splfw();
920 	SBP_LOCK(sdev->target->sbp);
921 	STAILQ_INSERT_TAIL(&sdev->target->xferlist, xfer, link);
922 	SBP_UNLOCK(sdev->target->sbp);
923 	splx(s);
924 }
925 
926 static void
927 sbp_reset_start_callback(struct fw_xfer *xfer)
928 {
929 	struct sbp_dev *tsdev, *sdev = (struct sbp_dev *)xfer->sc;
930 	struct sbp_target *target = sdev->target;
931 	int i;
932 
933 	if (xfer->resp != 0) {
934 		device_printf(sdev->target->sbp->fd.dev,
935 			"%s: %s failed: resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
936 	}
937 
938 	for (i = 0; i < target->num_lun; i++) {
939 		tsdev = target->luns[i];
940 		if (tsdev != NULL && tsdev->status == SBP_DEV_LOGIN)
941 			sbp_login(tsdev);
942 	}
943 }
944 
945 static void
946 sbp_reset_start(struct sbp_dev *sdev)
947 {
948 	struct fw_xfer *xfer;
949 	struct fw_pkt *fp;
950 
951 SBP_DEBUG(0)
952 	device_printf(sdev->target->sbp->fd.dev,
953 			"%s:%s\n", __func__,sdev->bustgtlun);
954 END_DEBUG
955 
956 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
957 	xfer->hand = sbp_reset_start_callback;
958 	fp = &xfer->send.hdr;
959 	fp->mode.wreqq.dest_hi = 0xffff;
960 	fp->mode.wreqq.dest_lo = 0xf0000000 | RESET_START;
961 	fp->mode.wreqq.data = htonl(0xf);
962 	fw_asyreq(xfer->fc, -1, xfer);
963 }
964 
965 static void
966 sbp_mgm_callback(struct fw_xfer *xfer)
967 {
968 	struct sbp_dev *sdev;
969 	int resp;
970 
971 	sdev = (struct sbp_dev *)xfer->sc;
972 
973 SBP_DEBUG(1)
974 	device_printf(sdev->target->sbp->fd.dev,
975 		"%s:%s\n", __func__, sdev->bustgtlun);
976 END_DEBUG
977 	resp = xfer->resp;
978 	sbp_xfer_free(xfer);
979 	return;
980 }
981 
982 static struct sbp_dev *
983 sbp_next_dev(struct sbp_target *target, int lun)
984 {
985 	struct sbp_dev **sdevp;
986 	int i;
987 
988 	for (i = lun, sdevp = &target->luns[lun]; i < target->num_lun;
989 	    i++, sdevp++)
990 		if (*sdevp != NULL && (*sdevp)->status == SBP_DEV_PROBE)
991 			return(*sdevp);
992 	return(NULL);
993 }
994 
995 #define SCAN_PRI 1
996 static void
997 sbp_cam_scan_lun(struct cam_periph *periph, union ccb *ccb)
998 {
999 	struct sbp_target *target;
1000 	struct sbp_dev *sdev;
1001 
1002 	sdev = (struct sbp_dev *) ccb->ccb_h.ccb_sdev_ptr;
1003 	target = sdev->target;
1004 SBP_DEBUG(0)
1005 	device_printf(sdev->target->sbp->fd.dev,
1006 		"%s:%s\n", __func__, sdev->bustgtlun);
1007 END_DEBUG
1008 	if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP) {
1009 		sdev->status = SBP_DEV_ATTACHED;
1010 	} else {
1011 		device_printf(sdev->target->sbp->fd.dev,
1012 			"%s:%s failed\n", __func__, sdev->bustgtlun);
1013 	}
1014 	sdev = sbp_next_dev(target, sdev->lun_id + 1);
1015 	if (sdev == NULL) {
1016 		free(ccb, M_SBP);
1017 		return;
1018 	}
1019 	/* reuse ccb */
1020 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
1021 	ccb->ccb_h.ccb_sdev_ptr = sdev;
1022 	xpt_action(ccb);
1023 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1024 	sdev->freeze = 1;
1025 }
1026 
1027 static void
1028 sbp_cam_scan_target(void *arg)
1029 {
1030 	struct sbp_target *target = (struct sbp_target *)arg;
1031 	struct sbp_dev *sdev;
1032 	union ccb *ccb;
1033 
1034 	sdev = sbp_next_dev(target, 0);
1035 	if (sdev == NULL) {
1036 		printf("sbp_cam_scan_target: nothing to do for target%d\n",
1037 							target->target_id);
1038 		return;
1039 	}
1040 SBP_DEBUG(0)
1041 	device_printf(sdev->target->sbp->fd.dev,
1042 		"%s:%s\n", __func__, sdev->bustgtlun);
1043 END_DEBUG
1044 	ccb = malloc(sizeof(union ccb), M_SBP, M_NOWAIT | M_ZERO);
1045 	if (ccb == NULL) {
1046 		printf("sbp_cam_scan_target: malloc failed\n");
1047 		return;
1048 	}
1049 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
1050 	ccb->ccb_h.func_code = XPT_SCAN_LUN;
1051 	ccb->ccb_h.cbfcnp = sbp_cam_scan_lun;
1052 	ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
1053 	ccb->crcn.flags = CAM_FLAG_NONE;
1054 	ccb->ccb_h.ccb_sdev_ptr = sdev;
1055 
1056 	/* The scan is in progress now. */
1057 	SBP_LOCK(target->sbp);
1058 	xpt_action(ccb);
1059 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1060 	sdev->freeze = 1;
1061 	SBP_UNLOCK(target->sbp);
1062 }
1063 
1064 static __inline void
1065 sbp_scan_dev(struct sbp_dev *sdev)
1066 {
1067 	sdev->status = SBP_DEV_PROBE;
1068 	callout_reset(&sdev->target->scan_callout, scan_delay * hz / 1000,
1069 			sbp_cam_scan_target, (void *)sdev->target);
1070 }
1071 
1072 static void
1073 sbp_do_attach(struct fw_xfer *xfer)
1074 {
1075 	struct sbp_dev *sdev;
1076 	struct sbp_target *target;
1077 	struct sbp_softc *sbp;
1078 
1079 	sdev = (struct sbp_dev *)xfer->sc;
1080 	target = sdev->target;
1081 	sbp = target->sbp;
1082 SBP_DEBUG(0)
1083 	device_printf(sdev->target->sbp->fd.dev,
1084 		"%s:%s\n", __func__, sdev->bustgtlun);
1085 END_DEBUG
1086 	sbp_xfer_free(xfer);
1087 
1088 	if (sdev->path == NULL)
1089 		xpt_create_path(&sdev->path, xpt_periph,
1090 			cam_sim_path(target->sbp->sim),
1091 			target->target_id, sdev->lun_id);
1092 
1093 	/*
1094 	 * Let CAM scan the bus if we are in the boot process.
1095 	 * XXX xpt_scan_bus cannot detect LUN larger than 0
1096 	 * if LUN 0 doesn't exists.
1097 	 */
1098 	if (sbp_cold > 0) {
1099 		sdev->status = SBP_DEV_ATTACHED;
1100 		return;
1101 	}
1102 
1103 	sbp_scan_dev(sdev);
1104 	return;
1105 }
1106 
1107 static void
1108 sbp_agent_reset_callback(struct fw_xfer *xfer)
1109 {
1110 	struct sbp_dev *sdev;
1111 
1112 	sdev = (struct sbp_dev *)xfer->sc;
1113 SBP_DEBUG(1)
1114 	device_printf(sdev->target->sbp->fd.dev,
1115 			"%s:%s\n", __func__, sdev->bustgtlun);
1116 END_DEBUG
1117 	if (xfer->resp != 0) {
1118 		device_printf(sdev->target->sbp->fd.dev,
1119 			"%s:%s resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
1120 	}
1121 
1122 	sbp_xfer_free(xfer);
1123 	if (sdev->path) {
1124 		SBP_LOCK(sdev->target->sbp);
1125 		xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1126 		sdev->freeze = 0;
1127 		SBP_UNLOCK(sdev->target->sbp);
1128 	}
1129 }
1130 
1131 static void
1132 sbp_agent_reset(struct sbp_dev *sdev)
1133 {
1134 	struct fw_xfer *xfer;
1135 	struct fw_pkt *fp;
1136 
1137 SBP_DEBUG(0)
1138 	device_printf(sdev->target->sbp->fd.dev,
1139 		"%s:%s\n", __func__, sdev->bustgtlun);
1140 END_DEBUG
1141 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0x04);
1142 	if (xfer == NULL)
1143 		return;
1144 	if (sdev->status == SBP_DEV_ATTACHED || sdev->status == SBP_DEV_PROBE)
1145 		xfer->hand = sbp_agent_reset_callback;
1146 	else
1147 		xfer->hand = sbp_do_attach;
1148 	fp = &xfer->send.hdr;
1149 	fp->mode.wreqq.data = htonl(0xf);
1150 	fw_asyreq(xfer->fc, -1, xfer);
1151 	sbp_abort_all_ocbs(sdev, CAM_BDR_SENT);
1152 }
1153 
1154 static void
1155 sbp_busy_timeout_callback(struct fw_xfer *xfer)
1156 {
1157 	struct sbp_dev *sdev;
1158 
1159 	sdev = (struct sbp_dev *)xfer->sc;
1160 SBP_DEBUG(1)
1161 	device_printf(sdev->target->sbp->fd.dev,
1162 		"%s:%s\n", __func__, sdev->bustgtlun);
1163 END_DEBUG
1164 	sbp_xfer_free(xfer);
1165 	sbp_agent_reset(sdev);
1166 }
1167 
1168 static void
1169 sbp_busy_timeout(struct sbp_dev *sdev)
1170 {
1171 	struct fw_pkt *fp;
1172 	struct fw_xfer *xfer;
1173 SBP_DEBUG(0)
1174 	device_printf(sdev->target->sbp->fd.dev,
1175 		"%s:%s\n", __func__, sdev->bustgtlun);
1176 END_DEBUG
1177 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
1178 
1179 	xfer->hand = sbp_busy_timeout_callback;
1180 	fp = &xfer->send.hdr;
1181 	fp->mode.wreqq.dest_hi = 0xffff;
1182 	fp->mode.wreqq.dest_lo = 0xf0000000 | BUSY_TIMEOUT;
1183 	fp->mode.wreqq.data = htonl((1 << (13+12)) | 0xf);
1184 	fw_asyreq(xfer->fc, -1, xfer);
1185 }
1186 
1187 static void
1188 sbp_orb_pointer_callback(struct fw_xfer *xfer)
1189 {
1190 	struct sbp_dev *sdev;
1191 	sdev = (struct sbp_dev *)xfer->sc;
1192 
1193 SBP_DEBUG(2)
1194 	device_printf(sdev->target->sbp->fd.dev,
1195 		"%s:%s\n", __func__, sdev->bustgtlun);
1196 END_DEBUG
1197 	if (xfer->resp != 0) {
1198 		/* XXX */
1199 		printf("%s: xfer->resp = %d\n", __func__, xfer->resp);
1200 	}
1201 	sbp_xfer_free(xfer);
1202 
1203 	SBP_LOCK(sdev->target->sbp);
1204 	sdev->flags &= ~ORB_POINTER_ACTIVE;
1205 
1206 	if ((sdev->flags & ORB_POINTER_NEED) != 0) {
1207 		struct sbp_ocb *ocb;
1208 
1209 		sdev->flags &= ~ORB_POINTER_NEED;
1210 		ocb = STAILQ_FIRST(&sdev->ocbs);
1211 		if (ocb != NULL)
1212 			sbp_orb_pointer(sdev, ocb);
1213 	}
1214 	SBP_UNLOCK(sdev->target->sbp);
1215 	return;
1216 }
1217 
1218 static void
1219 sbp_orb_pointer(struct sbp_dev *sdev, struct sbp_ocb *ocb)
1220 {
1221 	struct fw_xfer *xfer;
1222 	struct fw_pkt *fp;
1223 SBP_DEBUG(1)
1224 	device_printf(sdev->target->sbp->fd.dev,
1225 		"%s:%s 0x%08x\n",
1226 		__func__, sdev->bustgtlun,
1227 		(uint32_t)ocb->bus_addr);
1228 END_DEBUG
1229 
1230 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
1231 
1232 	if ((sdev->flags & ORB_POINTER_ACTIVE) != 0) {
1233 SBP_DEBUG(0)
1234 		printf("%s: orb pointer active\n", __func__);
1235 END_DEBUG
1236 		sdev->flags |= ORB_POINTER_NEED;
1237 		return;
1238 	}
1239 
1240 	sdev->flags |= ORB_POINTER_ACTIVE;
1241 	xfer = sbp_write_cmd_locked(sdev, FWTCODE_WREQB, 0x08);
1242 	if (xfer == NULL)
1243 		return;
1244 	xfer->hand = sbp_orb_pointer_callback;
1245 
1246 	fp = &xfer->send.hdr;
1247 	fp->mode.wreqb.len = 8;
1248 	fp->mode.wreqb.extcode = 0;
1249 	xfer->send.payload[0] =
1250 		htonl(((sdev->target->sbp->fd.fc->nodeid | FWLOCALBUS )<< 16));
1251 	xfer->send.payload[1] = htonl((uint32_t)ocb->bus_addr);
1252 
1253 	/*
1254 	 * sbp_xfer_free() will attempt to acquire
1255 	 * the SBP lock on entrance.  Also, this removes
1256 	 * a LOR between the firewire layer and sbp
1257 	 */
1258 	SBP_UNLOCK(sdev->target->sbp);
1259 	if(fw_asyreq(xfer->fc, -1, xfer) != 0){
1260 			sbp_xfer_free(xfer);
1261 			ocb->ccb->ccb_h.status = CAM_REQ_INVALID;
1262 			xpt_done(ocb->ccb);
1263 	}
1264 	SBP_LOCK(sdev->target->sbp);
1265 }
1266 
1267 static void
1268 sbp_doorbell_callback(struct fw_xfer *xfer)
1269 {
1270 	struct sbp_dev *sdev;
1271 	sdev = (struct sbp_dev *)xfer->sc;
1272 
1273 SBP_DEBUG(1)
1274 	device_printf(sdev->target->sbp->fd.dev,
1275 		"%s:%s\n", __func__, sdev->bustgtlun);
1276 END_DEBUG
1277 	if (xfer->resp != 0) {
1278 		/* XXX */
1279 		device_printf(sdev->target->sbp->fd.dev,
1280 			"%s: xfer->resp = %d\n", __func__, xfer->resp);
1281 	}
1282 	sbp_xfer_free(xfer);
1283 	sdev->flags &= ~ORB_DOORBELL_ACTIVE;
1284 	if ((sdev->flags & ORB_DOORBELL_NEED) != 0) {
1285 		sdev->flags &= ~ORB_DOORBELL_NEED;
1286 		SBP_LOCK(sdev->target->sbp);
1287 		sbp_doorbell(sdev);
1288 		SBP_UNLOCK(sdev->target->sbp);
1289 	}
1290 	return;
1291 }
1292 
1293 static void
1294 sbp_doorbell(struct sbp_dev *sdev)
1295 {
1296 	struct fw_xfer *xfer;
1297 	struct fw_pkt *fp;
1298 SBP_DEBUG(1)
1299 	device_printf(sdev->target->sbp->fd.dev,
1300 		"%s:%s\n", __func__, sdev->bustgtlun);
1301 END_DEBUG
1302 
1303 	if ((sdev->flags & ORB_DOORBELL_ACTIVE) != 0) {
1304 		sdev->flags |= ORB_DOORBELL_NEED;
1305 		return;
1306 	}
1307 	sdev->flags |= ORB_DOORBELL_ACTIVE;
1308 	xfer = sbp_write_cmd_locked(sdev, FWTCODE_WREQQ, 0x10);
1309 	if (xfer == NULL)
1310 		return;
1311 	xfer->hand = sbp_doorbell_callback;
1312 	fp = &xfer->send.hdr;
1313 	fp->mode.wreqq.data = htonl(0xf);
1314 	fw_asyreq(xfer->fc, -1, xfer);
1315 }
1316 
1317 static struct fw_xfer *
1318 sbp_write_cmd_locked(struct sbp_dev *sdev, int tcode, int offset)
1319 {
1320 	struct fw_xfer *xfer;
1321 	struct fw_pkt *fp;
1322 	struct sbp_target *target;
1323 	int s, new = 0;
1324 
1325 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
1326 
1327 	target = sdev->target;
1328 	s = splfw();
1329 	xfer = STAILQ_FIRST(&target->xferlist);
1330 	if (xfer == NULL) {
1331 		if (target->n_xfer > 5 /* XXX */) {
1332 			printf("sbp: no more xfer for this target\n");
1333 			splx(s);
1334 			return(NULL);
1335 		}
1336 		xfer = fw_xfer_alloc_buf(M_SBP, 8, 0);
1337 		if(xfer == NULL){
1338 			printf("sbp: fw_xfer_alloc_buf failed\n");
1339 			splx(s);
1340 			return NULL;
1341 		}
1342 		target->n_xfer ++;
1343 		if (debug)
1344 			printf("sbp: alloc %d xfer\n", target->n_xfer);
1345 		new = 1;
1346 	} else {
1347 		STAILQ_REMOVE_HEAD(&target->xferlist, link);
1348 	}
1349 	splx(s);
1350 
1351 	if (new) {
1352 		xfer->recv.pay_len = 0;
1353 		xfer->send.spd = min(sdev->target->fwdev->speed, max_speed);
1354 		xfer->fc = sdev->target->sbp->fd.fc;
1355 	}
1356 
1357 	if (tcode == FWTCODE_WREQB)
1358 		xfer->send.pay_len = 8;
1359 	else
1360 		xfer->send.pay_len = 0;
1361 
1362 	xfer->sc = (caddr_t)sdev;
1363 	fp = &xfer->send.hdr;
1364 	fp->mode.wreqq.dest_hi = sdev->login->cmd_hi;
1365 	fp->mode.wreqq.dest_lo = sdev->login->cmd_lo + offset;
1366 	fp->mode.wreqq.tlrt = 0;
1367 	fp->mode.wreqq.tcode = tcode;
1368 	fp->mode.wreqq.pri = 0;
1369 	fp->mode.wreqq.dst = FWLOCALBUS | sdev->target->fwdev->dst;
1370 
1371 	return xfer;
1372 
1373 }
1374 
1375 static struct fw_xfer *
1376 sbp_write_cmd(struct sbp_dev *sdev, int tcode, int offset)
1377 {
1378 	struct sbp_softc *sbp = sdev->target->sbp;
1379 	struct fw_xfer *xfer;
1380 
1381 	SBP_LOCK(sbp);
1382 	xfer = sbp_write_cmd_locked(sdev, tcode, offset);
1383 	SBP_UNLOCK(sbp);
1384 
1385 	return (xfer);
1386 }
1387 
1388 static void
1389 sbp_mgm_orb(struct sbp_dev *sdev, int func, struct sbp_ocb *aocb)
1390 {
1391 	struct fw_xfer *xfer;
1392 	struct fw_pkt *fp;
1393 	struct sbp_ocb *ocb;
1394 	struct sbp_target *target;
1395 	int s, nid;
1396 
1397 	target = sdev->target;
1398 	nid = target->sbp->fd.fc->nodeid | FWLOCALBUS;
1399 
1400 	s = splfw();
1401 	SBP_LOCK(target->sbp);
1402 	if (func == ORB_FUN_RUNQUEUE) {
1403 		ocb = STAILQ_FIRST(&target->mgm_ocb_queue);
1404 		if (target->mgm_ocb_cur != NULL || ocb == NULL) {
1405 			SBP_UNLOCK(target->sbp);
1406 			splx(s);
1407 			return;
1408 		}
1409 		STAILQ_REMOVE_HEAD(&target->mgm_ocb_queue, ocb);
1410 		SBP_UNLOCK(target->sbp);
1411 		goto start;
1412 	}
1413 	if ((ocb = sbp_get_ocb(sdev)) == NULL) {
1414 		SBP_UNLOCK(target->sbp);
1415 		splx(s);
1416 		/* XXX */
1417 		return;
1418 	}
1419 	SBP_UNLOCK(target->sbp);
1420 	ocb->flags = OCB_ACT_MGM;
1421 	ocb->sdev = sdev;
1422 
1423 	bzero((void *)ocb->orb, sizeof(ocb->orb));
1424 	ocb->orb[6] = htonl((nid << 16) | SBP_BIND_HI);
1425 	ocb->orb[7] = htonl(SBP_DEV2ADDR(target->target_id, sdev->lun_id));
1426 
1427 SBP_DEBUG(0)
1428 	device_printf(sdev->target->sbp->fd.dev,
1429 		 "%s:%s %s\n",
1430 		 __func__,sdev->bustgtlun,
1431 		 orb_fun_name[(func>>16)&0xf]);
1432 END_DEBUG
1433 	switch (func) {
1434 	case ORB_FUN_LGI:
1435 		ocb->orb[0] = ocb->orb[1] = 0; /* password */
1436 		ocb->orb[2] = htonl(nid << 16);
1437 		ocb->orb[3] = htonl(sdev->dma.bus_addr);
1438 		ocb->orb[4] = htonl(ORB_NOTIFY | sdev->lun_id);
1439 		if (ex_login)
1440 			ocb->orb[4] |= htonl(ORB_EXV);
1441 		ocb->orb[5] = htonl(SBP_LOGIN_SIZE);
1442 		fwdma_sync(&sdev->dma, BUS_DMASYNC_PREREAD);
1443 		break;
1444 	case ORB_FUN_ATA:
1445 		ocb->orb[0] = htonl((0 << 16) | 0);
1446 		ocb->orb[1] = htonl(aocb->bus_addr & 0xffffffff);
1447 		/* fall through */
1448 	case ORB_FUN_RCN:
1449 	case ORB_FUN_LGO:
1450 	case ORB_FUN_LUR:
1451 	case ORB_FUN_RST:
1452 	case ORB_FUN_ATS:
1453 		ocb->orb[4] = htonl(ORB_NOTIFY | func | sdev->login->id);
1454 		break;
1455 	}
1456 
1457 	if (target->mgm_ocb_cur != NULL) {
1458 		/* there is a standing ORB */
1459 		SBP_LOCK(target->sbp);
1460 		STAILQ_INSERT_TAIL(&sdev->target->mgm_ocb_queue, ocb, ocb);
1461 		SBP_UNLOCK(target->sbp);
1462 		splx(s);
1463 		return;
1464 	}
1465 start:
1466 	target->mgm_ocb_cur = ocb;
1467 	splx(s);
1468 
1469 	callout_reset(&target->mgm_ocb_timeout, 5*hz,
1470 				sbp_mgm_timeout, (caddr_t)ocb);
1471 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQB, 0);
1472 	if(xfer == NULL){
1473 		return;
1474 	}
1475 	xfer->hand = sbp_mgm_callback;
1476 
1477 	fp = &xfer->send.hdr;
1478 	fp->mode.wreqb.dest_hi = sdev->target->mgm_hi;
1479 	fp->mode.wreqb.dest_lo = sdev->target->mgm_lo;
1480 	fp->mode.wreqb.len = 8;
1481 	fp->mode.wreqb.extcode = 0;
1482 	xfer->send.payload[0] = htonl(nid << 16);
1483 	xfer->send.payload[1] = htonl(ocb->bus_addr & 0xffffffff);
1484 
1485 	fw_asyreq(xfer->fc, -1, xfer);
1486 }
1487 
1488 static void
1489 sbp_print_scsi_cmd(struct sbp_ocb *ocb)
1490 {
1491 	struct ccb_scsiio *csio;
1492 
1493 	csio = &ocb->ccb->csio;
1494 	printf("%s:%d:%d XPT_SCSI_IO: "
1495 		"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
1496 		", flags: 0x%02x, "
1497 		"%db cmd/%db data/%db sense\n",
1498 		device_get_nameunit(ocb->sdev->target->sbp->fd.dev),
1499 		ocb->ccb->ccb_h.target_id, ocb->ccb->ccb_h.target_lun,
1500 		csio->cdb_io.cdb_bytes[0],
1501 		csio->cdb_io.cdb_bytes[1],
1502 		csio->cdb_io.cdb_bytes[2],
1503 		csio->cdb_io.cdb_bytes[3],
1504 		csio->cdb_io.cdb_bytes[4],
1505 		csio->cdb_io.cdb_bytes[5],
1506 		csio->cdb_io.cdb_bytes[6],
1507 		csio->cdb_io.cdb_bytes[7],
1508 		csio->cdb_io.cdb_bytes[8],
1509 		csio->cdb_io.cdb_bytes[9],
1510 		ocb->ccb->ccb_h.flags & CAM_DIR_MASK,
1511 		csio->cdb_len, csio->dxfer_len,
1512 		csio->sense_len);
1513 }
1514 
1515 static void
1516 sbp_scsi_status(struct sbp_status *sbp_status, struct sbp_ocb *ocb)
1517 {
1518 	struct sbp_cmd_status *sbp_cmd_status;
1519 	struct scsi_sense_data_fixed *sense;
1520 
1521 	sbp_cmd_status = (struct sbp_cmd_status *)sbp_status->data;
1522 	sense = (struct scsi_sense_data_fixed *)&ocb->ccb->csio.sense_data;
1523 
1524 SBP_DEBUG(0)
1525 	sbp_print_scsi_cmd(ocb);
1526 	/* XXX need decode status */
1527 	printf("%s: SCSI status %x sfmt %x valid %x key %x code %x qlfr %x len %d\n",
1528 		ocb->sdev->bustgtlun,
1529 		sbp_cmd_status->status,
1530 		sbp_cmd_status->sfmt,
1531 		sbp_cmd_status->valid,
1532 		sbp_cmd_status->s_key,
1533 		sbp_cmd_status->s_code,
1534 		sbp_cmd_status->s_qlfr,
1535 		sbp_status->len);
1536 END_DEBUG
1537 
1538 	switch (sbp_cmd_status->status) {
1539 	case SCSI_STATUS_CHECK_COND:
1540 	case SCSI_STATUS_BUSY:
1541 	case SCSI_STATUS_CMD_TERMINATED:
1542 		if(sbp_cmd_status->sfmt == SBP_SFMT_CURR){
1543 			sense->error_code = SSD_CURRENT_ERROR;
1544 		}else{
1545 			sense->error_code = SSD_DEFERRED_ERROR;
1546 		}
1547 		if(sbp_cmd_status->valid)
1548 			sense->error_code |= SSD_ERRCODE_VALID;
1549 		sense->flags = sbp_cmd_status->s_key;
1550 		if(sbp_cmd_status->mark)
1551 			sense->flags |= SSD_FILEMARK;
1552 		if(sbp_cmd_status->eom)
1553 			sense->flags |= SSD_EOM;
1554 		if(sbp_cmd_status->ill_len)
1555 			sense->flags |= SSD_ILI;
1556 
1557 		bcopy(&sbp_cmd_status->info, &sense->info[0], 4);
1558 
1559 		if (sbp_status->len <= 1)
1560 			/* XXX not scsi status. shouldn't be happened */
1561 			sense->extra_len = 0;
1562 		else if (sbp_status->len <= 4)
1563 			/* add_sense_code(_qual), info, cmd_spec_info */
1564 			sense->extra_len = 6;
1565 		else
1566 			/* fru, sense_key_spec */
1567 			sense->extra_len = 10;
1568 
1569 		bcopy(&sbp_cmd_status->cdb, &sense->cmd_spec_info[0], 4);
1570 
1571 		sense->add_sense_code = sbp_cmd_status->s_code;
1572 		sense->add_sense_code_qual = sbp_cmd_status->s_qlfr;
1573 		sense->fru = sbp_cmd_status->fru;
1574 
1575 		bcopy(&sbp_cmd_status->s_keydep[0],
1576 		    &sense->sense_key_spec[0], 3);
1577 
1578 		ocb->ccb->csio.scsi_status = sbp_cmd_status->status;
1579 		ocb->ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
1580 							| CAM_AUTOSNS_VALID;
1581 /*
1582 {
1583 		uint8_t j, *tmp;
1584 		tmp = sense;
1585 		for( j = 0 ; j < 32 ; j+=8){
1586 			printf("sense %02x%02x %02x%02x %02x%02x %02x%02x\n",
1587 				tmp[j], tmp[j+1], tmp[j+2], tmp[j+3],
1588 				tmp[j+4], tmp[j+5], tmp[j+6], tmp[j+7]);
1589 		}
1590 
1591 }
1592 */
1593 		break;
1594 	default:
1595 		device_printf(ocb->sdev->target->sbp->fd.dev,
1596 				"%s:%s unknown scsi status 0x%x\n",
1597 				__func__, ocb->sdev->bustgtlun,
1598 				sbp_cmd_status->status);
1599 	}
1600 }
1601 
1602 static void
1603 sbp_fix_inq_data(struct sbp_ocb *ocb)
1604 {
1605 	union ccb *ccb;
1606 	struct sbp_dev *sdev;
1607 	struct scsi_inquiry_data *inq;
1608 
1609 	ccb = ocb->ccb;
1610 	sdev = ocb->sdev;
1611 
1612 	if (ccb->csio.cdb_io.cdb_bytes[1] & SI_EVPD)
1613 		return;
1614 SBP_DEBUG(1)
1615 	device_printf(sdev->target->sbp->fd.dev,
1616 		"%s:%s\n", __func__, sdev->bustgtlun);
1617 END_DEBUG
1618 	inq = (struct scsi_inquiry_data *) ccb->csio.data_ptr;
1619 	switch (SID_TYPE(inq)) {
1620 	case T_DIRECT:
1621 #if 0
1622 		/*
1623 		 * XXX Convert Direct Access device to RBC.
1624 		 * I've never seen FireWire DA devices which support READ_6.
1625 		 */
1626 		if (SID_TYPE(inq) == T_DIRECT)
1627 			inq->device |= T_RBC; /*  T_DIRECT == 0 */
1628 #endif
1629 		/* fall through */
1630 	case T_RBC:
1631 		/*
1632 		 * Override vendor/product/revision information.
1633 		 * Some devices sometimes return strange strings.
1634 		 */
1635 #if 1
1636 		bcopy(sdev->vendor, inq->vendor, sizeof(inq->vendor));
1637 		bcopy(sdev->product, inq->product, sizeof(inq->product));
1638 		bcopy(sdev->revision+2, inq->revision, sizeof(inq->revision));
1639 #endif
1640 		break;
1641 	}
1642 	/*
1643 	 * Force to enable/disable tagged queuing.
1644 	 * XXX CAM also checks SCP_QUEUE_DQUE flag in the control mode page.
1645 	 */
1646 	if (sbp_tags > 0)
1647 		inq->flags |= SID_CmdQue;
1648 	else if (sbp_tags < 0)
1649 		inq->flags &= ~SID_CmdQue;
1650 
1651 }
1652 
1653 static void
1654 sbp_recv1(struct fw_xfer *xfer)
1655 {
1656 	struct fw_pkt *rfp;
1657 #if NEED_RESPONSE
1658 	struct fw_pkt *sfp;
1659 #endif
1660 	struct sbp_softc *sbp;
1661 	struct sbp_dev *sdev;
1662 	struct sbp_ocb *ocb;
1663 	struct sbp_login_res *login_res = NULL;
1664 	struct sbp_status *sbp_status;
1665 	struct sbp_target *target;
1666 	int	orb_fun, status_valid0, status_valid, t, l, reset_agent = 0;
1667 	uint32_t addr;
1668 /*
1669 	uint32_t *ld;
1670 	ld = xfer->recv.buf;
1671 printf("sbp %x %d %d %08x %08x %08x %08x\n",
1672 			xfer->resp, xfer->recv.len, xfer->recv.off, ntohl(ld[0]), ntohl(ld[1]), ntohl(ld[2]), ntohl(ld[3]));
1673 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[4]), ntohl(ld[5]), ntohl(ld[6]), ntohl(ld[7]));
1674 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[8]), ntohl(ld[9]), ntohl(ld[10]), ntohl(ld[11]));
1675 */
1676 	sbp = (struct sbp_softc *)xfer->sc;
1677 	if (xfer->resp != 0){
1678 		printf("sbp_recv: xfer->resp = %d\n", xfer->resp);
1679 		goto done0;
1680 	}
1681 	if (xfer->recv.payload == NULL){
1682 		printf("sbp_recv: xfer->recv.payload == NULL\n");
1683 		goto done0;
1684 	}
1685 	rfp = &xfer->recv.hdr;
1686 	if(rfp->mode.wreqb.tcode != FWTCODE_WREQB){
1687 		printf("sbp_recv: tcode = %d\n", rfp->mode.wreqb.tcode);
1688 		goto done0;
1689 	}
1690 	sbp_status = (struct sbp_status *)xfer->recv.payload;
1691 	addr = rfp->mode.wreqb.dest_lo;
1692 SBP_DEBUG(2)
1693 	printf("received address 0x%x\n", addr);
1694 END_DEBUG
1695 	t = SBP_ADDR2TRG(addr);
1696 	if (t >= SBP_NUM_TARGETS) {
1697 		device_printf(sbp->fd.dev,
1698 			"sbp_recv1: invalid target %d\n", t);
1699 		goto done0;
1700 	}
1701 	target = &sbp->targets[t];
1702 	l = SBP_ADDR2LUN(addr);
1703 	if (l >= target->num_lun || target->luns[l] == NULL) {
1704 		device_printf(sbp->fd.dev,
1705 			"sbp_recv1: invalid lun %d (target=%d)\n", l, t);
1706 		goto done0;
1707 	}
1708 	sdev = target->luns[l];
1709 
1710 	ocb = NULL;
1711 	switch (sbp_status->src) {
1712 	case 0:
1713 	case 1:
1714 		/* check mgm_ocb_cur first */
1715 		ocb  = target->mgm_ocb_cur;
1716 		if (ocb != NULL) {
1717 			if (OCB_MATCH(ocb, sbp_status)) {
1718 				callout_stop(&target->mgm_ocb_timeout);
1719 				target->mgm_ocb_cur = NULL;
1720 				break;
1721 			}
1722 		}
1723 		ocb = sbp_dequeue_ocb(sdev, sbp_status);
1724 		if (ocb == NULL) {
1725 			device_printf(sdev->target->sbp->fd.dev,
1726 #if defined(__DragonFly__) || __FreeBSD_version < 500000
1727 				"%s:%s No ocb(%lx) on the queue\n",
1728 #else
1729 				"%s:%s No ocb(%x) on the queue\n",
1730 #endif
1731 				__func__,sdev->bustgtlun,
1732 				ntohl(sbp_status->orb_lo));
1733 		}
1734 		break;
1735 	case 2:
1736 		/* unsolicit */
1737 		device_printf(sdev->target->sbp->fd.dev,
1738 			"%s:%s unsolicit status received\n",
1739 			__func__, sdev->bustgtlun);
1740 		break;
1741 	default:
1742 		device_printf(sdev->target->sbp->fd.dev,
1743 			"%s:%s unknown sbp_status->src\n",
1744 			__func__, sdev->bustgtlun);
1745 	}
1746 
1747 	status_valid0 = (sbp_status->src < 2
1748 			&& sbp_status->resp == ORB_RES_CMPL
1749 			&& sbp_status->dead == 0);
1750 	status_valid = (status_valid0 && sbp_status->status == 0);
1751 
1752 	if (!status_valid0 || debug > 2){
1753 		int status;
1754 SBP_DEBUG(0)
1755 		device_printf(sdev->target->sbp->fd.dev,
1756 			"%s:%s ORB status src:%x resp:%x dead:%x"
1757 #if defined(__DragonFly__) || __FreeBSD_version < 500000
1758 				" len:%x stat:%x orb:%x%08lx\n",
1759 #else
1760 				" len:%x stat:%x orb:%x%08x\n",
1761 #endif
1762 			__func__, sdev->bustgtlun,
1763 			sbp_status->src, sbp_status->resp, sbp_status->dead,
1764 			sbp_status->len, sbp_status->status,
1765 			ntohs(sbp_status->orb_hi), ntohl(sbp_status->orb_lo));
1766 END_DEBUG
1767 		device_printf(sdev->target->sbp->fd.dev,
1768 				"%s\n", sdev->bustgtlun);
1769 		status = sbp_status->status;
1770 		switch(sbp_status->resp) {
1771 		case 0:
1772 			if (status > MAX_ORB_STATUS0)
1773 				printf("%s\n", orb_status0[MAX_ORB_STATUS0]);
1774 			else
1775 				printf("%s\n", orb_status0[status]);
1776 			break;
1777 		case 1:
1778 			printf("Obj: %s, Error: %s\n",
1779 				orb_status1_object[(status>>6) & 3],
1780 				orb_status1_serial_bus_error[status & 0xf]);
1781 			break;
1782 		case 2:
1783 			printf("Illegal request\n");
1784 			break;
1785 		case 3:
1786 			printf("Vendor dependent\n");
1787 			break;
1788 		default:
1789 			printf("unknown respose code %d\n", sbp_status->resp);
1790 		}
1791 	}
1792 
1793 	/* we have to reset the fetch agent if it's dead */
1794 	if (sbp_status->dead) {
1795 		if (sdev->path) {
1796 			SBP_LOCK(sbp);
1797 			xpt_freeze_devq(sdev->path, 1);
1798 			sdev->freeze ++;
1799 			SBP_UNLOCK(sbp);
1800 		}
1801 		reset_agent = 1;
1802 	}
1803 
1804 	if (ocb == NULL)
1805 		goto done;
1806 
1807 	switch(ntohl(ocb->orb[4]) & ORB_FMT_MSK){
1808 	case ORB_FMT_NOP:
1809 		break;
1810 	case ORB_FMT_VED:
1811 		break;
1812 	case ORB_FMT_STD:
1813 		switch(ocb->flags) {
1814 		case OCB_ACT_MGM:
1815 			orb_fun = ntohl(ocb->orb[4]) & ORB_FUN_MSK;
1816 			reset_agent = 0;
1817 			switch(orb_fun) {
1818 			case ORB_FUN_LGI:
1819 				fwdma_sync(&sdev->dma, BUS_DMASYNC_POSTREAD);
1820 				login_res = sdev->login;
1821 				login_res->len = ntohs(login_res->len);
1822 				login_res->id = ntohs(login_res->id);
1823 				login_res->cmd_hi = ntohs(login_res->cmd_hi);
1824 				login_res->cmd_lo = ntohl(login_res->cmd_lo);
1825 				if (status_valid) {
1826 SBP_DEBUG(0)
1827 					device_printf(sdev->target->sbp->fd.dev,
1828 						"%s:%s login: len %d, ID %d, cmd %08x%08x, recon_hold %d\n",
1829 						__func__, sdev->bustgtlun,
1830 						login_res->len, login_res->id,
1831 						login_res->cmd_hi, login_res->cmd_lo,
1832 						ntohs(login_res->recon_hold));
1833 END_DEBUG
1834 					sbp_busy_timeout(sdev);
1835 				} else {
1836 					/* forgot logout? */
1837 					device_printf(sdev->target->sbp->fd.dev,
1838 						"%s:%s login failed\n",
1839 						__func__, sdev->bustgtlun);
1840 					sdev->status = SBP_DEV_RESET;
1841 				}
1842 				break;
1843 			case ORB_FUN_RCN:
1844 				login_res = sdev->login;
1845 				if (status_valid) {
1846 SBP_DEBUG(0)
1847 					device_printf(sdev->target->sbp->fd.dev,
1848 						"%s:%s reconnect: len %d, ID %d, cmd %08x%08x\n",
1849 						__func__, sdev->bustgtlun,
1850 						login_res->len, login_res->id,
1851 						login_res->cmd_hi, login_res->cmd_lo);
1852 END_DEBUG
1853 					if (sdev->status == SBP_DEV_ATTACHED)
1854 						sbp_scan_dev(sdev);
1855 					else
1856 						sbp_agent_reset(sdev);
1857 				} else {
1858 					/* reconnection hold time exceed? */
1859 SBP_DEBUG(0)
1860 					device_printf(sdev->target->sbp->fd.dev,
1861 						"%s:%s reconnect failed\n",
1862 						__func__, sdev->bustgtlun);
1863 END_DEBUG
1864 					sbp_login(sdev);
1865 				}
1866 				break;
1867 			case ORB_FUN_LGO:
1868 				sdev->status = SBP_DEV_RESET;
1869 				break;
1870 			case ORB_FUN_RST:
1871 				sbp_busy_timeout(sdev);
1872 				break;
1873 			case ORB_FUN_LUR:
1874 			case ORB_FUN_ATA:
1875 			case ORB_FUN_ATS:
1876 				sbp_agent_reset(sdev);
1877 				break;
1878 			default:
1879 				device_printf(sdev->target->sbp->fd.dev,
1880 					"%s:%s unknown function %d\n",
1881 					__func__, sdev->bustgtlun, orb_fun);
1882 				break;
1883 			}
1884 			sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
1885 			break;
1886 		case OCB_ACT_CMD:
1887 			sdev->timeout = 0;
1888 			if(ocb->ccb != NULL){
1889 				union ccb *ccb;
1890 
1891 				ccb = ocb->ccb;
1892 				if(sbp_status->len > 1){
1893 					sbp_scsi_status(sbp_status, ocb);
1894 				}else{
1895 					if(sbp_status->resp != ORB_RES_CMPL){
1896 						ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1897 					}else{
1898 						ccb->ccb_h.status = CAM_REQ_CMP;
1899 					}
1900 				}
1901 				/* fix up inq data */
1902 				if (ccb->csio.cdb_io.cdb_bytes[0] == INQUIRY)
1903 					sbp_fix_inq_data(ocb);
1904 				SBP_LOCK(sbp);
1905 				xpt_done(ccb);
1906 				SBP_UNLOCK(sbp);
1907 			}
1908 			break;
1909 		default:
1910 			break;
1911 		}
1912 	}
1913 
1914 	if (!use_doorbell)
1915 		sbp_free_ocb(sdev, ocb);
1916 done:
1917 	if (reset_agent)
1918 		sbp_agent_reset(sdev);
1919 
1920 done0:
1921 	xfer->recv.pay_len = SBP_RECV_LEN;
1922 /* The received packet is usually small enough to be stored within
1923  * the buffer. In that case, the controller return ack_complete and
1924  * no respose is necessary.
1925  *
1926  * XXX fwohci.c and firewire.c should inform event_code such as
1927  * ack_complete or ack_pending to upper driver.
1928  */
1929 #if NEED_RESPONSE
1930 	xfer->send.off = 0;
1931 	sfp = (struct fw_pkt *)xfer->send.buf;
1932 	sfp->mode.wres.dst = rfp->mode.wreqb.src;
1933 	xfer->dst = sfp->mode.wres.dst;
1934 	xfer->spd = min(sdev->target->fwdev->speed, max_speed);
1935 	xfer->hand = sbp_loginres_callback;
1936 
1937 	sfp->mode.wres.tlrt = rfp->mode.wreqb.tlrt;
1938 	sfp->mode.wres.tcode = FWTCODE_WRES;
1939 	sfp->mode.wres.rtcode = 0;
1940 	sfp->mode.wres.pri = 0;
1941 
1942 	fw_asyreq(xfer->fc, -1, xfer);
1943 #else
1944 	/* recycle */
1945 	/* we don't need a lock here because bottom half is serialized */
1946 	STAILQ_INSERT_TAIL(&sbp->fwb.xferlist, xfer, link);
1947 #endif
1948 
1949 	return;
1950 
1951 }
1952 
1953 static void
1954 sbp_recv(struct fw_xfer *xfer)
1955 {
1956 	int s;
1957 
1958 	s = splcam();
1959 	sbp_recv1(xfer);
1960 	splx(s);
1961 }
1962 /*
1963  * sbp_attach()
1964  */
1965 static int
1966 sbp_attach(device_t dev)
1967 {
1968 	struct sbp_softc *sbp;
1969 	struct cam_devq *devq;
1970 	struct firewire_comm *fc;
1971 	int i, s, error;
1972 
1973 	if (DFLTPHYS > SBP_MAXPHYS)
1974 		device_printf(dev, "Warning, DFLTPHYS(%dKB) is larger than "
1975 			"SBP_MAXPHYS(%dKB).\n", DFLTPHYS / 1024,
1976 			SBP_MAXPHYS / 1024);
1977 
1978 	if (!firewire_phydma_enable)
1979 		device_printf(dev, "Warning, hw.firewire.phydma_enable must be 1 "
1980 			"for SBP over FireWire.\n");
1981 SBP_DEBUG(0)
1982 	printf("sbp_attach (cold=%d)\n", cold);
1983 END_DEBUG
1984 
1985 	if (cold)
1986 		sbp_cold ++;
1987 	sbp = ((struct sbp_softc *)device_get_softc(dev));
1988 	bzero(sbp, sizeof(struct sbp_softc));
1989 	sbp->fd.dev = dev;
1990 	sbp->fd.fc = fc = device_get_ivars(dev);
1991 	mtx_init(&sbp->mtx, "sbp", NULL, MTX_DEF);
1992 
1993 	if (max_speed < 0)
1994 		max_speed = fc->speed;
1995 
1996 	error = bus_dma_tag_create(/*parent*/fc->dmat,
1997 				/* XXX shoud be 4 for sane backend? */
1998 				/*alignment*/1,
1999 				/*boundary*/0,
2000 				/*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
2001 				/*highaddr*/BUS_SPACE_MAXADDR,
2002 				/*filter*/NULL, /*filterarg*/NULL,
2003 				/*maxsize*/0x100000, /*nsegments*/SBP_IND_MAX,
2004 				/*maxsegsz*/SBP_SEG_MAX,
2005 				/*flags*/BUS_DMA_ALLOCNOW,
2006 #if defined(__FreeBSD__) && __FreeBSD_version >= 501102
2007 				/*lockfunc*/busdma_lock_mutex,
2008 				/*lockarg*/&sbp->mtx,
2009 #endif
2010 				&sbp->dmat);
2011 	if (error != 0) {
2012 		printf("sbp_attach: Could not allocate DMA tag "
2013 			"- error %d\n", error);
2014 			return (ENOMEM);
2015 	}
2016 
2017 	devq = cam_simq_alloc(/*maxopenings*/SBP_NUM_OCB);
2018 	if (devq == NULL)
2019 		return (ENXIO);
2020 
2021 	for( i = 0 ; i < SBP_NUM_TARGETS ; i++){
2022 		sbp->targets[i].fwdev = NULL;
2023 		sbp->targets[i].luns = NULL;
2024 	}
2025 
2026 	sbp->sim = cam_sim_alloc(sbp_action, sbp_poll, "sbp", sbp,
2027 				 device_get_unit(dev),
2028 				 &sbp->mtx,
2029 				 /*untagged*/ 1,
2030 				 /*tagged*/ SBP_QUEUE_LEN - 1,
2031 				 devq);
2032 
2033 	if (sbp->sim == NULL) {
2034 		cam_simq_free(devq);
2035 		return (ENXIO);
2036 	}
2037 
2038 	SBP_LOCK(sbp);
2039 	if (xpt_bus_register(sbp->sim, dev, /*bus*/0) != CAM_SUCCESS)
2040 		goto fail;
2041 
2042 	if (xpt_create_path(&sbp->path, xpt_periph, cam_sim_path(sbp->sim),
2043 	    CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
2044 		xpt_bus_deregister(cam_sim_path(sbp->sim));
2045 		goto fail;
2046 	}
2047 	SBP_UNLOCK(sbp);
2048 
2049 	/* We reserve 16 bit space (4 bytes X 64 targets X 256 luns) */
2050 	sbp->fwb.start = ((u_int64_t)SBP_BIND_HI << 32) | SBP_DEV2ADDR(0, 0);
2051 	sbp->fwb.end = sbp->fwb.start + 0xffff;
2052 	/* pre-allocate xfer */
2053 	STAILQ_INIT(&sbp->fwb.xferlist);
2054 	fw_xferlist_add(&sbp->fwb.xferlist, M_SBP,
2055 	    /*send*/ 0, /*recv*/ SBP_RECV_LEN, SBP_NUM_OCB/2,
2056 	    fc, (void *)sbp, sbp_recv);
2057 
2058 	fw_bindadd(fc, &sbp->fwb);
2059 
2060 	sbp->fd.post_busreset = sbp_post_busreset;
2061 	sbp->fd.post_explore = sbp_post_explore;
2062 
2063 	if (fc->status != -1) {
2064 		s = splfw();
2065 		sbp_post_busreset((void *)sbp);
2066 		sbp_post_explore((void *)sbp);
2067 		splx(s);
2068 	}
2069 	SBP_LOCK(sbp);
2070 	xpt_async(AC_BUS_RESET, sbp->path, /*arg*/ NULL);
2071 	SBP_UNLOCK(sbp);
2072 
2073 	return (0);
2074 fail:
2075 	SBP_UNLOCK(sbp);
2076 	cam_sim_free(sbp->sim, /*free_devq*/TRUE);
2077 	return (ENXIO);
2078 }
2079 
2080 static int
2081 sbp_logout_all(struct sbp_softc *sbp)
2082 {
2083 	struct sbp_target *target;
2084 	struct sbp_dev *sdev;
2085 	int i, j;
2086 
2087 SBP_DEBUG(0)
2088 	printf("sbp_logout_all\n");
2089 END_DEBUG
2090 	for (i = 0 ; i < SBP_NUM_TARGETS ; i ++) {
2091 		target = &sbp->targets[i];
2092 		if (target->luns == NULL)
2093 			continue;
2094 		for (j = 0; j < target->num_lun; j++) {
2095 			sdev = target->luns[j];
2096 			if (sdev == NULL)
2097 				continue;
2098 			callout_stop(&sdev->login_callout);
2099 			if (sdev->status >= SBP_DEV_TOATTACH &&
2100 					sdev->status <= SBP_DEV_ATTACHED)
2101 				sbp_mgm_orb(sdev, ORB_FUN_LGO, NULL);
2102 		}
2103 	}
2104 
2105 	return 0;
2106 }
2107 
2108 static int
2109 sbp_shutdown(device_t dev)
2110 {
2111 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2112 
2113 	sbp_logout_all(sbp);
2114 	return (0);
2115 }
2116 
2117 static void
2118 sbp_free_sdev(struct sbp_dev *sdev)
2119 {
2120 	int i;
2121 
2122 	if (sdev == NULL)
2123 		return;
2124 	for (i = 0; i < SBP_QUEUE_LEN; i++)
2125 		bus_dmamap_destroy(sdev->target->sbp->dmat,
2126 		    sdev->ocb[i].dmamap);
2127 	fwdma_free(sdev->target->sbp->fd.fc, &sdev->dma);
2128 	free(sdev, M_SBP);
2129 	sdev = NULL;
2130 }
2131 
2132 static void
2133 sbp_free_target(struct sbp_target *target)
2134 {
2135 	struct sbp_softc *sbp;
2136 	struct fw_xfer *xfer, *next;
2137 	int i;
2138 
2139 	if (target->luns == NULL)
2140 		return;
2141 	callout_stop(&target->mgm_ocb_timeout);
2142 	sbp = target->sbp;
2143 	for (i = 0; i < target->num_lun; i++)
2144 		sbp_free_sdev(target->luns[i]);
2145 
2146 	for (xfer = STAILQ_FIRST(&target->xferlist);
2147 			xfer != NULL; xfer = next) {
2148 		next = STAILQ_NEXT(xfer, link);
2149 		fw_xfer_free_buf(xfer);
2150 	}
2151 	STAILQ_INIT(&target->xferlist);
2152 	free(target->luns, M_SBP);
2153 	target->num_lun = 0;
2154 	target->luns = NULL;
2155 	target->fwdev = NULL;
2156 }
2157 
2158 static int
2159 sbp_detach(device_t dev)
2160 {
2161 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2162 	struct firewire_comm *fc = sbp->fd.fc;
2163 	int i;
2164 
2165 SBP_DEBUG(0)
2166 	printf("sbp_detach\n");
2167 END_DEBUG
2168 
2169 	for (i = 0; i < SBP_NUM_TARGETS; i ++)
2170 		sbp_cam_detach_target(&sbp->targets[i]);
2171 
2172 	SBP_LOCK(sbp);
2173 	xpt_async(AC_LOST_DEVICE, sbp->path, NULL);
2174 	xpt_free_path(sbp->path);
2175 	xpt_bus_deregister(cam_sim_path(sbp->sim));
2176 	cam_sim_free(sbp->sim, /*free_devq*/ TRUE);
2177 	SBP_UNLOCK(sbp);
2178 
2179 	sbp_logout_all(sbp);
2180 
2181 	/* XXX wait for logout completion */
2182 	pause("sbpdtc", hz/2);
2183 
2184 	for (i = 0 ; i < SBP_NUM_TARGETS ; i ++)
2185 		sbp_free_target(&sbp->targets[i]);
2186 
2187 	fw_bindremove(fc, &sbp->fwb);
2188 	fw_xferlist_remove(&sbp->fwb.xferlist);
2189 
2190 	bus_dma_tag_destroy(sbp->dmat);
2191 	mtx_destroy(&sbp->mtx);
2192 
2193 	return (0);
2194 }
2195 
2196 static void
2197 sbp_cam_detach_sdev(struct sbp_dev *sdev)
2198 {
2199 	if (sdev == NULL)
2200 		return;
2201 	if (sdev->status == SBP_DEV_DEAD)
2202 		return;
2203 	if (sdev->status == SBP_DEV_RESET)
2204 		return;
2205 	sbp_abort_all_ocbs(sdev, CAM_DEV_NOT_THERE);
2206 	if (sdev->path) {
2207 		SBP_LOCK(sdev->target->sbp);
2208 		xpt_release_devq(sdev->path,
2209 				 sdev->freeze, TRUE);
2210 		sdev->freeze = 0;
2211 		xpt_async(AC_LOST_DEVICE, sdev->path, NULL);
2212 		xpt_free_path(sdev->path);
2213 		sdev->path = NULL;
2214 		SBP_UNLOCK(sdev->target->sbp);
2215 	}
2216 }
2217 
2218 static void
2219 sbp_cam_detach_target(struct sbp_target *target)
2220 {
2221 	int i;
2222 
2223 	if (target->luns != NULL) {
2224 SBP_DEBUG(0)
2225 		printf("sbp_detach_target %d\n", target->target_id);
2226 END_DEBUG
2227 		callout_stop(&target->scan_callout);
2228 		for (i = 0; i < target->num_lun; i++)
2229 			sbp_cam_detach_sdev(target->luns[i]);
2230 	}
2231 }
2232 
2233 static void
2234 sbp_target_reset(struct sbp_dev *sdev, int method)
2235 {
2236 	int i;
2237 	struct sbp_target *target = sdev->target;
2238 	struct sbp_dev *tsdev;
2239 
2240 	for (i = 0; i < target->num_lun; i++) {
2241 		tsdev = target->luns[i];
2242 		if (tsdev == NULL)
2243 			continue;
2244 		if (tsdev->status == SBP_DEV_DEAD)
2245 			continue;
2246 		if (tsdev->status == SBP_DEV_RESET)
2247 			continue;
2248 		SBP_LOCK(target->sbp);
2249 		xpt_freeze_devq(tsdev->path, 1);
2250 		tsdev->freeze ++;
2251 		SBP_UNLOCK(target->sbp);
2252 		sbp_abort_all_ocbs(tsdev, CAM_CMD_TIMEOUT);
2253 		if (method == 2)
2254 			tsdev->status = SBP_DEV_LOGIN;
2255 	}
2256 	switch(method) {
2257 	case 1:
2258 		printf("target reset\n");
2259 		sbp_mgm_orb(sdev, ORB_FUN_RST, NULL);
2260 		break;
2261 	case 2:
2262 		printf("reset start\n");
2263 		sbp_reset_start(sdev);
2264 		break;
2265 	}
2266 
2267 }
2268 
2269 static void
2270 sbp_mgm_timeout(void *arg)
2271 {
2272 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2273 	struct sbp_dev *sdev = ocb->sdev;
2274 	struct sbp_target *target = sdev->target;
2275 
2276 	device_printf(sdev->target->sbp->fd.dev,
2277 		"%s:%s request timeout(mgm orb:0x%08x)\n",
2278 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2279 	target->mgm_ocb_cur = NULL;
2280 	sbp_free_ocb(sdev, ocb);
2281 #if 0
2282 	/* XXX */
2283 	printf("run next request\n");
2284 	sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
2285 #endif
2286 	device_printf(sdev->target->sbp->fd.dev,
2287 		"%s:%s reset start\n",
2288 		__func__, sdev->bustgtlun);
2289 	sbp_reset_start(sdev);
2290 }
2291 
2292 static void
2293 sbp_timeout(void *arg)
2294 {
2295 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2296 	struct sbp_dev *sdev = ocb->sdev;
2297 
2298 	device_printf(sdev->target->sbp->fd.dev,
2299 		"%s:%s request timeout(cmd orb:0x%08x) ... ",
2300 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2301 
2302 	sdev->timeout ++;
2303 	switch(sdev->timeout) {
2304 	case 1:
2305 		printf("agent reset\n");
2306 		SBP_LOCK(sdev->target->sbp);
2307 		xpt_freeze_devq(sdev->path, 1);
2308 		sdev->freeze ++;
2309 		SBP_UNLOCK(sdev->target->sbp);
2310 		sbp_abort_all_ocbs(sdev, CAM_CMD_TIMEOUT);
2311 		sbp_agent_reset(sdev);
2312 		break;
2313 	case 2:
2314 	case 3:
2315 		sbp_target_reset(sdev, sdev->timeout - 1);
2316 		break;
2317 #if 0
2318 	default:
2319 		/* XXX give up */
2320 		sbp_cam_detach_target(target);
2321 		if (target->luns != NULL)
2322 			free(target->luns, M_SBP);
2323 		target->num_lun = 0;
2324 		target->luns = NULL;
2325 		target->fwdev = NULL;
2326 #endif
2327 	}
2328 }
2329 
2330 static void
2331 sbp_action1(struct cam_sim *sim, union ccb *ccb)
2332 {
2333 
2334 	struct sbp_softc *sbp = (struct sbp_softc *)sim->softc;
2335 	struct sbp_target *target = NULL;
2336 	struct sbp_dev *sdev = NULL;
2337 
2338 	/* target:lun -> sdev mapping */
2339 	if (sbp != NULL
2340 			&& ccb->ccb_h.target_id != CAM_TARGET_WILDCARD
2341 			&& ccb->ccb_h.target_id < SBP_NUM_TARGETS) {
2342 		target = &sbp->targets[ccb->ccb_h.target_id];
2343 		if (target->fwdev != NULL
2344 				&& ccb->ccb_h.target_lun != CAM_LUN_WILDCARD
2345 				&& ccb->ccb_h.target_lun < target->num_lun) {
2346 			sdev = target->luns[ccb->ccb_h.target_lun];
2347 			if (sdev != NULL && sdev->status != SBP_DEV_ATTACHED &&
2348 				sdev->status != SBP_DEV_PROBE)
2349 				sdev = NULL;
2350 		}
2351 	}
2352 
2353 SBP_DEBUG(1)
2354 	if (sdev == NULL)
2355 		printf("invalid target %d lun %d\n",
2356 			ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
2357 END_DEBUG
2358 
2359 	switch (ccb->ccb_h.func_code) {
2360 	case XPT_SCSI_IO:
2361 	case XPT_RESET_DEV:
2362 	case XPT_GET_TRAN_SETTINGS:
2363 	case XPT_SET_TRAN_SETTINGS:
2364 	case XPT_CALC_GEOMETRY:
2365 		if (sdev == NULL) {
2366 SBP_DEBUG(1)
2367 			printf("%s:%d:%d:func_code 0x%04x: "
2368 				"Invalid target (target needed)\n",
2369 				device_get_nameunit(sbp->fd.dev),
2370 				ccb->ccb_h.target_id, ccb->ccb_h.target_lun,
2371 				ccb->ccb_h.func_code);
2372 END_DEBUG
2373 
2374 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2375 			xpt_done(ccb);
2376 			return;
2377 		}
2378 		break;
2379 	case XPT_PATH_INQ:
2380 	case XPT_NOOP:
2381 		/* The opcodes sometimes aimed at a target (sc is valid),
2382 		 * sometimes aimed at the SIM (sc is invalid and target is
2383 		 * CAM_TARGET_WILDCARD)
2384 		 */
2385 		if (sbp == NULL &&
2386 			ccb->ccb_h.target_id != CAM_TARGET_WILDCARD) {
2387 SBP_DEBUG(0)
2388 			printf("%s:%d:%d func_code 0x%04x: "
2389 				"Invalid target (no wildcard)\n",
2390 				device_get_nameunit(sbp->fd.dev),
2391 				ccb->ccb_h.target_id, ccb->ccb_h.target_lun,
2392 				ccb->ccb_h.func_code);
2393 END_DEBUG
2394 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2395 			xpt_done(ccb);
2396 			return;
2397 		}
2398 		break;
2399 	default:
2400 		/* XXX Hm, we should check the input parameters */
2401 		break;
2402 	}
2403 
2404 	switch (ccb->ccb_h.func_code) {
2405 	case XPT_SCSI_IO:
2406 	{
2407 		struct ccb_scsiio *csio;
2408 		struct sbp_ocb *ocb;
2409 		int speed;
2410 		void *cdb;
2411 
2412 		csio = &ccb->csio;
2413 		mtx_assert(sim->mtx, MA_OWNED);
2414 
2415 SBP_DEBUG(2)
2416 		printf("%s:%d:%d XPT_SCSI_IO: "
2417 			"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
2418 			", flags: 0x%02x, "
2419 			"%db cmd/%db data/%db sense\n",
2420 			device_get_nameunit(sbp->fd.dev),
2421 			ccb->ccb_h.target_id, ccb->ccb_h.target_lun,
2422 			csio->cdb_io.cdb_bytes[0],
2423 			csio->cdb_io.cdb_bytes[1],
2424 			csio->cdb_io.cdb_bytes[2],
2425 			csio->cdb_io.cdb_bytes[3],
2426 			csio->cdb_io.cdb_bytes[4],
2427 			csio->cdb_io.cdb_bytes[5],
2428 			csio->cdb_io.cdb_bytes[6],
2429 			csio->cdb_io.cdb_bytes[7],
2430 			csio->cdb_io.cdb_bytes[8],
2431 			csio->cdb_io.cdb_bytes[9],
2432 			ccb->ccb_h.flags & CAM_DIR_MASK,
2433 			csio->cdb_len, csio->dxfer_len,
2434 			csio->sense_len);
2435 END_DEBUG
2436 		if(sdev == NULL){
2437 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2438 			xpt_done(ccb);
2439 			return;
2440 		}
2441 #if 0
2442 		/* if we are in probe stage, pass only probe commands */
2443 		if (sdev->status == SBP_DEV_PROBE) {
2444 			char *name;
2445 			name = xpt_path_periph(ccb->ccb_h.path)->periph_name;
2446 			printf("probe stage, periph name: %s\n", name);
2447 			if (strcmp(name, "probe") != 0) {
2448 				ccb->ccb_h.status = CAM_REQUEUE_REQ;
2449 				xpt_done(ccb);
2450 				return;
2451 			}
2452 		}
2453 #endif
2454 		if ((ocb = sbp_get_ocb(sdev)) == NULL) {
2455 			ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2456 			if (sdev->freeze == 0) {
2457 				SBP_LOCK(sdev->target->sbp);
2458 				xpt_freeze_devq(sdev->path, 1);
2459 				sdev->freeze ++;
2460 				SBP_UNLOCK(sdev->target->sbp);
2461 			}
2462 			xpt_done(ccb);
2463 			return;
2464 		}
2465 
2466 		ocb->flags = OCB_ACT_CMD;
2467 		ocb->sdev = sdev;
2468 		ocb->ccb = ccb;
2469 		ccb->ccb_h.ccb_sdev_ptr = sdev;
2470 		ocb->orb[0] = htonl(1 << 31);
2471 		ocb->orb[1] = 0;
2472 		ocb->orb[2] = htonl(((sbp->fd.fc->nodeid | FWLOCALBUS )<< 16) );
2473 		ocb->orb[3] = htonl(ocb->bus_addr + IND_PTR_OFFSET);
2474 		speed = min(target->fwdev->speed, max_speed);
2475 		ocb->orb[4] = htonl(ORB_NOTIFY | ORB_CMD_SPD(speed)
2476 						| ORB_CMD_MAXP(speed + 7));
2477 		if((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN){
2478 			ocb->orb[4] |= htonl(ORB_CMD_IN);
2479 		}
2480 
2481 		if (csio->ccb_h.flags & CAM_SCATTER_VALID)
2482 			printf("sbp: CAM_SCATTER_VALID\n");
2483 		if (csio->ccb_h.flags & CAM_DATA_PHYS)
2484 			printf("sbp: CAM_DATA_PHYS\n");
2485 
2486 		if (csio->ccb_h.flags & CAM_CDB_POINTER)
2487 			cdb = (void *)csio->cdb_io.cdb_ptr;
2488 		else
2489 			cdb = (void *)&csio->cdb_io.cdb_bytes;
2490 		bcopy(cdb, (void *)&ocb->orb[5], csio->cdb_len);
2491 /*
2492 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[0]), ntohl(ocb->orb[1]), ntohl(ocb->orb[2]), ntohl(ocb->orb[3]));
2493 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[4]), ntohl(ocb->orb[5]), ntohl(ocb->orb[6]), ntohl(ocb->orb[7]));
2494 */
2495 		if (ccb->csio.dxfer_len > 0) {
2496 			int s, error;
2497 
2498 			s = splsoftvm();
2499 			error = bus_dmamap_load(/*dma tag*/sbp->dmat,
2500 					/*dma map*/ocb->dmamap,
2501 					ccb->csio.data_ptr,
2502 					ccb->csio.dxfer_len,
2503 					sbp_execute_ocb,
2504 					ocb,
2505 					/*flags*/0);
2506 			splx(s);
2507 			if (error)
2508 				printf("sbp: bus_dmamap_load error %d\n", error);
2509 		} else
2510 			sbp_execute_ocb(ocb, NULL, 0, 0);
2511 		break;
2512 	}
2513 	case XPT_CALC_GEOMETRY:
2514 	{
2515 		struct ccb_calc_geometry *ccg;
2516 #if defined(__DragonFly__) || __FreeBSD_version < 501100
2517 		uint32_t size_mb;
2518 		uint32_t secs_per_cylinder;
2519 		int extended = 1;
2520 #endif
2521 
2522 		ccg = &ccb->ccg;
2523 		if (ccg->block_size == 0) {
2524 			printf("sbp_action1: block_size is 0.\n");
2525 			ccb->ccb_h.status = CAM_REQ_INVALID;
2526 			xpt_done(ccb);
2527 			break;
2528 		}
2529 SBP_DEBUG(1)
2530 		printf("%s:%d:%d:%d:XPT_CALC_GEOMETRY: "
2531 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2532 			"Volume size = %d\n",
2533 #else
2534 			"Volume size = %jd\n",
2535 #endif
2536 			device_get_nameunit(sbp->fd.dev),
2537 			cam_sim_path(sbp->sim),
2538 			ccb->ccb_h.target_id, ccb->ccb_h.target_lun,
2539 #if defined(__FreeBSD__) && __FreeBSD_version >= 500000
2540 			(uintmax_t)
2541 #endif
2542 				ccg->volume_size);
2543 END_DEBUG
2544 
2545 #if defined(__DragonFly__) || __FreeBSD_version < 501100
2546 		size_mb = ccg->volume_size
2547 			/ ((1024L * 1024L) / ccg->block_size);
2548 
2549 		if (size_mb > 1024 && extended) {
2550 			ccg->heads = 255;
2551 			ccg->secs_per_track = 63;
2552 		} else {
2553 			ccg->heads = 64;
2554 			ccg->secs_per_track = 32;
2555 		}
2556 		secs_per_cylinder = ccg->heads * ccg->secs_per_track;
2557 		ccg->cylinders = ccg->volume_size / secs_per_cylinder;
2558 		ccb->ccb_h.status = CAM_REQ_CMP;
2559 #else
2560 		cam_calc_geometry(ccg, /*extended*/1);
2561 #endif
2562 		xpt_done(ccb);
2563 		break;
2564 	}
2565 	case XPT_RESET_BUS:		/* Reset the specified SCSI bus */
2566 	{
2567 
2568 SBP_DEBUG(1)
2569 		printf("%s:%d:XPT_RESET_BUS: \n",
2570 			device_get_nameunit(sbp->fd.dev), cam_sim_path(sbp->sim));
2571 END_DEBUG
2572 
2573 		ccb->ccb_h.status = CAM_REQ_INVALID;
2574 		xpt_done(ccb);
2575 		break;
2576 	}
2577 	case XPT_PATH_INQ:		/* Path routing inquiry */
2578 	{
2579 		struct ccb_pathinq *cpi = &ccb->cpi;
2580 
2581 SBP_DEBUG(1)
2582 		printf("%s:%d:%d XPT_PATH_INQ:.\n",
2583 			device_get_nameunit(sbp->fd.dev),
2584 			ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
2585 END_DEBUG
2586 		cpi->version_num = 1; /* XXX??? */
2587 		cpi->hba_inquiry = PI_TAG_ABLE;
2588 		cpi->target_sprt = 0;
2589 		cpi->hba_misc = PIM_NOBUSRESET | PIM_NO_6_BYTE;
2590 		cpi->hba_eng_cnt = 0;
2591 		cpi->max_target = SBP_NUM_TARGETS - 1;
2592 		cpi->max_lun = SBP_NUM_LUNS - 1;
2593 		cpi->initiator_id = SBP_INITIATOR;
2594 		cpi->bus_id = sim->bus_id;
2595 		cpi->base_transfer_speed = 400 * 1000 / 8;
2596 		strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2597 		strncpy(cpi->hba_vid, "SBP", HBA_IDLEN);
2598 		strncpy(cpi->dev_name, sim->sim_name, DEV_IDLEN);
2599 		cpi->unit_number = sim->unit_number;
2600                 cpi->transport = XPORT_SPI;	/* XX should have a FireWire */
2601                 cpi->transport_version = 2;
2602                 cpi->protocol = PROTO_SCSI;
2603                 cpi->protocol_version = SCSI_REV_2;
2604 
2605 		cpi->ccb_h.status = CAM_REQ_CMP;
2606 		xpt_done(ccb);
2607 		break;
2608 	}
2609 	case XPT_GET_TRAN_SETTINGS:
2610 	{
2611 		struct ccb_trans_settings *cts = &ccb->cts;
2612 		struct ccb_trans_settings_scsi *scsi =
2613 		    &cts->proto_specific.scsi;
2614 		struct ccb_trans_settings_spi *spi =
2615 		    &cts->xport_specific.spi;
2616 
2617 		cts->protocol = PROTO_SCSI;
2618 		cts->protocol_version = SCSI_REV_2;
2619 		cts->transport = XPORT_SPI;	/* should have a FireWire */
2620 		cts->transport_version = 2;
2621 		spi->valid = CTS_SPI_VALID_DISC;
2622 		spi->flags = CTS_SPI_FLAGS_DISC_ENB;
2623 		scsi->valid = CTS_SCSI_VALID_TQ;
2624 		scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
2625 SBP_DEBUG(1)
2626 		printf("%s:%d:%d XPT_GET_TRAN_SETTINGS:.\n",
2627 			device_get_nameunit(sbp->fd.dev),
2628 			ccb->ccb_h.target_id, ccb->ccb_h.target_lun);
2629 END_DEBUG
2630 		cts->ccb_h.status = CAM_REQ_CMP;
2631 		xpt_done(ccb);
2632 		break;
2633 	}
2634 	case XPT_ABORT:
2635 		ccb->ccb_h.status = CAM_UA_ABORT;
2636 		xpt_done(ccb);
2637 		break;
2638 	case XPT_SET_TRAN_SETTINGS:
2639 		/* XXX */
2640 	default:
2641 		ccb->ccb_h.status = CAM_REQ_INVALID;
2642 		xpt_done(ccb);
2643 		break;
2644 	}
2645 	return;
2646 }
2647 
2648 static void
2649 sbp_action(struct cam_sim *sim, union ccb *ccb)
2650 {
2651 	int s;
2652 
2653 	s = splfw();
2654 	sbp_action1(sim, ccb);
2655 	splx(s);
2656 }
2657 
2658 static void
2659 sbp_execute_ocb(void *arg,  bus_dma_segment_t *segments, int seg, int error)
2660 {
2661 	int i;
2662 	struct sbp_ocb *ocb;
2663 	struct sbp_ocb *prev;
2664 	bus_dma_segment_t *s;
2665 
2666 	if (error)
2667 		printf("sbp_execute_ocb: error=%d\n", error);
2668 
2669 	ocb = (struct sbp_ocb *)arg;
2670 
2671 SBP_DEBUG(2)
2672 	printf("sbp_execute_ocb: seg %d", seg);
2673 	for (i = 0; i < seg; i++)
2674 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2675 		printf(", %x:%d", segments[i].ds_addr, segments[i].ds_len);
2676 #else
2677 		printf(", %jx:%jd", (uintmax_t)segments[i].ds_addr,
2678 					(uintmax_t)segments[i].ds_len);
2679 #endif
2680 	printf("\n");
2681 END_DEBUG
2682 
2683 	if (seg == 1) {
2684 		/* direct pointer */
2685 		s = &segments[0];
2686 		if (s->ds_len > SBP_SEG_MAX)
2687 			panic("ds_len > SBP_SEG_MAX, fix busdma code");
2688 		ocb->orb[3] = htonl(s->ds_addr);
2689 		ocb->orb[4] |= htonl(s->ds_len);
2690 	} else if(seg > 1) {
2691 		/* page table */
2692 		for (i = 0; i < seg; i++) {
2693 			s = &segments[i];
2694 SBP_DEBUG(0)
2695 			/* XXX LSI Logic "< 16 byte" bug might be hit */
2696 			if (s->ds_len < 16)
2697 				printf("sbp_execute_ocb: warning, "
2698 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2699 					"segment length(%d) is less than 16."
2700 #else
2701 					"segment length(%zd) is less than 16."
2702 #endif
2703 					"(seg=%d/%d)\n", (size_t)s->ds_len, i+1, seg);
2704 END_DEBUG
2705 			if (s->ds_len > SBP_SEG_MAX)
2706 				panic("ds_len > SBP_SEG_MAX, fix busdma code");
2707 			ocb->ind_ptr[i].hi = htonl(s->ds_len << 16);
2708 			ocb->ind_ptr[i].lo = htonl(s->ds_addr);
2709 		}
2710 		ocb->orb[4] |= htonl(ORB_CMD_PTBL | seg);
2711 	}
2712 
2713 	if (seg > 0)
2714 		bus_dmamap_sync(ocb->sdev->target->sbp->dmat, ocb->dmamap,
2715 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2716 			BUS_DMASYNC_PREREAD : BUS_DMASYNC_PREWRITE);
2717 	prev = sbp_enqueue_ocb(ocb->sdev, ocb);
2718 	fwdma_sync(&ocb->sdev->dma, BUS_DMASYNC_PREWRITE);
2719 	if (use_doorbell) {
2720 		if (prev == NULL) {
2721 			if (ocb->sdev->last_ocb != NULL)
2722 				sbp_doorbell(ocb->sdev);
2723 			else
2724 				sbp_orb_pointer(ocb->sdev, ocb);
2725 		}
2726 	} else {
2727 		if (prev == NULL || (ocb->sdev->flags & ORB_LINK_DEAD) != 0) {
2728 			ocb->sdev->flags &= ~ORB_LINK_DEAD;
2729 			sbp_orb_pointer(ocb->sdev, ocb);
2730 		}
2731 	}
2732 }
2733 
2734 static void
2735 sbp_poll(struct cam_sim *sim)
2736 {
2737 	struct sbp_softc *sbp;
2738 	struct firewire_comm *fc;
2739 
2740 	sbp = (struct sbp_softc *)sim->softc;
2741 	fc = sbp->fd.fc;
2742 
2743 	fc->poll(fc, 0, -1);
2744 
2745 	return;
2746 }
2747 
2748 static struct sbp_ocb *
2749 sbp_dequeue_ocb(struct sbp_dev *sdev, struct sbp_status *sbp_status)
2750 {
2751 	struct sbp_ocb *ocb;
2752 	struct sbp_ocb *next;
2753 	int s = splfw(), order = 0;
2754 	int flags;
2755 
2756 SBP_DEBUG(1)
2757 	device_printf(sdev->target->sbp->fd.dev,
2758 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2759 	"%s:%s 0x%08lx src %d\n",
2760 #else
2761 	"%s:%s 0x%08x src %d\n",
2762 #endif
2763 	    __func__, sdev->bustgtlun, ntohl(sbp_status->orb_lo), sbp_status->src);
2764 END_DEBUG
2765 	SBP_LOCK(sdev->target->sbp);
2766 	for (ocb = STAILQ_FIRST(&sdev->ocbs); ocb != NULL; ocb = next) {
2767 		next = STAILQ_NEXT(ocb, ocb);
2768 		flags = ocb->flags;
2769 		if (OCB_MATCH(ocb, sbp_status)) {
2770 			/* found */
2771 			STAILQ_REMOVE(&sdev->ocbs, ocb, sbp_ocb, ocb);
2772 			if (ocb->ccb != NULL)
2773 				untimeout(sbp_timeout, (caddr_t)ocb,
2774 						ocb->ccb->ccb_h.timeout_ch);
2775 			if (ntohl(ocb->orb[4]) & 0xffff) {
2776 				bus_dmamap_sync(sdev->target->sbp->dmat,
2777 					ocb->dmamap,
2778 					(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2779 					BUS_DMASYNC_POSTREAD :
2780 					BUS_DMASYNC_POSTWRITE);
2781 				bus_dmamap_unload(sdev->target->sbp->dmat,
2782 					ocb->dmamap);
2783 			}
2784 			if (!use_doorbell) {
2785 				if (sbp_status->src == SRC_NO_NEXT) {
2786 					if (next != NULL)
2787 						sbp_orb_pointer(sdev, next);
2788 					else if (order > 0) {
2789 						/*
2790 						 * Unordered execution
2791 						 * We need to send pointer for
2792 						 * next ORB
2793 						 */
2794 						sdev->flags |= ORB_LINK_DEAD;
2795 					}
2796 				}
2797 			} else {
2798 				/*
2799 				 * XXX this is not correct for unordered
2800 				 * execution.
2801 				 */
2802 				if (sdev->last_ocb != NULL) {
2803 					SBP_UNLOCK(sdev->target->sbp);
2804 					sbp_free_ocb(sdev, sdev->last_ocb);
2805 					SBP_LOCK(sdev->target->sbp);
2806 				}
2807 				sdev->last_ocb = ocb;
2808 				if (next != NULL &&
2809 				    sbp_status->src == SRC_NO_NEXT)
2810 					sbp_doorbell(sdev);
2811 			}
2812 			break;
2813 		} else
2814 			order ++;
2815 	}
2816 	SBP_UNLOCK(sdev->target->sbp);
2817 	splx(s);
2818 SBP_DEBUG(0)
2819 	if (ocb && order > 0) {
2820 		device_printf(sdev->target->sbp->fd.dev,
2821 			"%s:%s unordered execution order:%d\n",
2822 			__func__, sdev->bustgtlun, order);
2823 	}
2824 END_DEBUG
2825 	return (ocb);
2826 }
2827 
2828 static struct sbp_ocb *
2829 sbp_enqueue_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2830 {
2831 	int s = splfw();
2832 	struct sbp_ocb *prev, *prev2;
2833 
2834 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
2835 SBP_DEBUG(1)
2836 	device_printf(sdev->target->sbp->fd.dev,
2837 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2838 	"%s:%s 0x%08x\n", __func__, sdev->bustgtlun, ocb->bus_addr);
2839 #else
2840 	"%s:%s 0x%08jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2841 #endif
2842 END_DEBUG
2843 	prev2 = prev = STAILQ_LAST(&sdev->ocbs, sbp_ocb, ocb);
2844 	STAILQ_INSERT_TAIL(&sdev->ocbs, ocb, ocb);
2845 
2846 	if (ocb->ccb != NULL)
2847 		ocb->ccb->ccb_h.timeout_ch = timeout(sbp_timeout, (caddr_t)ocb,
2848 					(ocb->ccb->ccb_h.timeout * hz) / 1000);
2849 
2850 	if (use_doorbell && prev == NULL)
2851 		prev2 = sdev->last_ocb;
2852 
2853 	if (prev2 != NULL && (ocb->sdev->flags & ORB_LINK_DEAD) == 0) {
2854 SBP_DEBUG(1)
2855 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2856 		printf("linking chain 0x%x -> 0x%x\n",
2857 		    prev2->bus_addr, ocb->bus_addr);
2858 #else
2859 		printf("linking chain 0x%jx -> 0x%jx\n",
2860 		    (uintmax_t)prev2->bus_addr, (uintmax_t)ocb->bus_addr);
2861 #endif
2862 END_DEBUG
2863 		/*
2864 		 * Suppress compiler optimization so that orb[1] must be written first.
2865 		 * XXX We may need an explicit memory barrier for other architectures
2866 		 * other than i386/amd64.
2867 		 */
2868 		*(volatile uint32_t *)&prev2->orb[1] = htonl(ocb->bus_addr);
2869 		*(volatile uint32_t *)&prev2->orb[0] = 0;
2870 	}
2871 	splx(s);
2872 
2873 	return prev;
2874 }
2875 
2876 static struct sbp_ocb *
2877 sbp_get_ocb(struct sbp_dev *sdev)
2878 {
2879 	struct sbp_ocb *ocb;
2880 	int s = splfw();
2881 
2882 	mtx_assert(&sdev->target->sbp->mtx, MA_OWNED);
2883 	ocb = STAILQ_FIRST(&sdev->free_ocbs);
2884 	if (ocb == NULL) {
2885 		sdev->flags |= ORB_SHORTAGE;
2886 		printf("ocb shortage!!!\n");
2887 		splx(s);
2888 		return NULL;
2889 	}
2890 	STAILQ_REMOVE_HEAD(&sdev->free_ocbs, ocb);
2891 	splx(s);
2892 	ocb->ccb = NULL;
2893 	return (ocb);
2894 }
2895 
2896 static void
2897 sbp_free_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2898 {
2899 	ocb->flags = 0;
2900 	ocb->ccb = NULL;
2901 
2902 	SBP_LOCK(sdev->target->sbp);
2903 	STAILQ_INSERT_TAIL(&sdev->free_ocbs, ocb, ocb);
2904 	if ((sdev->flags & ORB_SHORTAGE) != 0) {
2905 		int count;
2906 
2907 		sdev->flags &= ~ORB_SHORTAGE;
2908 		count = sdev->freeze;
2909 		sdev->freeze = 0;
2910 		xpt_release_devq(sdev->path, count, TRUE);
2911 	}
2912 	SBP_UNLOCK(sdev->target->sbp);
2913 }
2914 
2915 static void
2916 sbp_abort_ocb(struct sbp_ocb *ocb, int status)
2917 {
2918 	struct sbp_dev *sdev;
2919 
2920 	sdev = ocb->sdev;
2921 SBP_DEBUG(0)
2922 	device_printf(sdev->target->sbp->fd.dev,
2923 #if defined(__DragonFly__) || __FreeBSD_version < 500000
2924 	"%s:%s 0x%x\n", __func__, sdev->bustgtlun, ocb->bus_addr);
2925 #else
2926 	"%s:%s 0x%jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2927 #endif
2928 END_DEBUG
2929 SBP_DEBUG(1)
2930 	if (ocb->ccb != NULL)
2931 		sbp_print_scsi_cmd(ocb);
2932 END_DEBUG
2933 	if (ntohl(ocb->orb[4]) & 0xffff) {
2934 		bus_dmamap_sync(sdev->target->sbp->dmat, ocb->dmamap,
2935 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2936 			BUS_DMASYNC_POSTREAD : BUS_DMASYNC_POSTWRITE);
2937 		bus_dmamap_unload(sdev->target->sbp->dmat, ocb->dmamap);
2938 	}
2939 	if (ocb->ccb != NULL) {
2940 		untimeout(sbp_timeout, (caddr_t)ocb,
2941 					ocb->ccb->ccb_h.timeout_ch);
2942 		ocb->ccb->ccb_h.status = status;
2943 		SBP_LOCK(sdev->target->sbp);
2944 		xpt_done(ocb->ccb);
2945 		SBP_UNLOCK(sdev->target->sbp);
2946 	}
2947 	sbp_free_ocb(sdev, ocb);
2948 }
2949 
2950 static void
2951 sbp_abort_all_ocbs(struct sbp_dev *sdev, int status)
2952 {
2953 	int s;
2954 	struct sbp_ocb *ocb, *next;
2955 	STAILQ_HEAD(, sbp_ocb) temp;
2956 
2957 	s = splfw();
2958 
2959 	STAILQ_INIT(&temp);
2960 	SBP_LOCK(sdev->target->sbp);
2961 	STAILQ_CONCAT(&temp, &sdev->ocbs);
2962 	STAILQ_INIT(&sdev->ocbs);
2963 	SBP_UNLOCK(sdev->target->sbp);
2964 
2965 	for (ocb = STAILQ_FIRST(&temp); ocb != NULL; ocb = next) {
2966 		next = STAILQ_NEXT(ocb, ocb);
2967 		sbp_abort_ocb(ocb, status);
2968 	}
2969 	if (sdev->last_ocb != NULL) {
2970 		sbp_free_ocb(sdev, sdev->last_ocb);
2971 		sdev->last_ocb = NULL;
2972 	}
2973 
2974 	splx(s);
2975 }
2976 
2977 static devclass_t sbp_devclass;
2978 
2979 static device_method_t sbp_methods[] = {
2980 	/* device interface */
2981 	DEVMETHOD(device_identify,	sbp_identify),
2982 	DEVMETHOD(device_probe,		sbp_probe),
2983 	DEVMETHOD(device_attach,	sbp_attach),
2984 	DEVMETHOD(device_detach,	sbp_detach),
2985 	DEVMETHOD(device_shutdown,	sbp_shutdown),
2986 
2987 	{ 0, 0 }
2988 };
2989 
2990 static driver_t sbp_driver = {
2991 	"sbp",
2992 	sbp_methods,
2993 	sizeof(struct sbp_softc),
2994 };
2995 #ifdef __DragonFly__
2996 DECLARE_DUMMY_MODULE(sbp);
2997 #endif
2998 DRIVER_MODULE(sbp, firewire, sbp_driver, sbp_devclass, 0, 0);
2999 MODULE_VERSION(sbp, 1);
3000 MODULE_DEPEND(sbp, firewire, 1, 1, 1);
3001 MODULE_DEPEND(sbp, cam, 1, 1, 1);
3002