xref: /freebsd/sys/dev/firewire/sbp.c (revision bc5304a006238115291e7568583632889dffbab9)
1 /*-
2  * SPDX-License-Identifier: BSD-4-Clause
3  *
4  * Copyright (c) 2003 Hidetoshi Shimokawa
5  * Copyright (c) 1998-2002 Katsushi Kobayashi and Hidetoshi Shimokawa
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. All advertising materials mentioning features or use of this software
17  *    must display the acknowledgement as bellow:
18  *
19  *    This product includes software developed by K. Kobayashi and H. Shimokawa
20  *
21  * 4. The name of the author may not be used to endorse or promote products
22  *    derived from this software without specific prior written permission.
23  *
24  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
25  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
26  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
27  * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
28  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
29  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
30  * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
31  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
32  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
33  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
34  * POSSIBILITY OF SUCH DAMAGE.
35  *
36  * $FreeBSD$
37  *
38  */
39 
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/module.h>
43 #include <sys/bus.h>
44 #include <sys/kernel.h>
45 #include <sys/sysctl.h>
46 #include <machine/bus.h>
47 #include <sys/malloc.h>
48 #include <sys/lock.h>
49 #include <sys/mutex.h>
50 
51 #include <cam/cam.h>
52 #include <cam/cam_ccb.h>
53 #include <cam/cam_sim.h>
54 #include <cam/cam_xpt_sim.h>
55 #include <cam/cam_debug.h>
56 #include <cam/cam_periph.h>
57 #include <cam/scsi/scsi_all.h>
58 
59 #include <dev/firewire/firewire.h>
60 #include <dev/firewire/firewirereg.h>
61 #include <dev/firewire/fwdma.h>
62 #include <dev/firewire/iec13213.h>
63 #include <dev/firewire/sbp.h>
64 
65 #define ccb_sdev_ptr	spriv_ptr0
66 #define ccb_sbp_ptr	spriv_ptr1
67 
68 #define SBP_NUM_TARGETS 8 /* MAX 64 */
69 /*
70  * Scan_bus doesn't work for more than 8 LUNs
71  * because of CAM_SCSI2_MAXLUN in cam_xpt.c
72  */
73 #define SBP_NUM_LUNS 64
74 #define SBP_MAXPHYS  (128 * 1024)
75 #define SBP_DMA_SIZE PAGE_SIZE
76 #define SBP_LOGIN_SIZE sizeof(struct sbp_login_res)
77 #define SBP_QUEUE_LEN ((SBP_DMA_SIZE - SBP_LOGIN_SIZE) / sizeof(struct sbp_ocb))
78 #define SBP_NUM_OCB (SBP_QUEUE_LEN * SBP_NUM_TARGETS)
79 
80 /*
81  * STATUS FIFO addressing
82  *   bit
83  *-----------------------
84  *  0- 1( 2): 0 (alignment)
85  *  2- 7( 6): target
86  *  8-15( 8): lun
87  * 16-31( 8): reserved
88  * 32-47(16): SBP_BIND_HI
89  * 48-64(16): bus_id, node_id
90  */
91 #define SBP_BIND_HI 0x1
92 #define SBP_DEV2ADDR(t, l) \
93 	(((u_int64_t)SBP_BIND_HI << 32) \
94 	| (((l) & 0xff) << 8) \
95 	| (((t) & 0x3f) << 2))
96 #define SBP_ADDR2TRG(a)	(((a) >> 2) & 0x3f)
97 #define SBP_ADDR2LUN(a)	(((a) >> 8) & 0xff)
98 #define SBP_INITIATOR 7
99 
100 static char *orb_fun_name[] = {
101 	ORB_FUN_NAMES
102 };
103 
104 static int debug = 0;
105 static int auto_login = 1;
106 static int max_speed = -1;
107 static int sbp_cold = 1;
108 static int ex_login = 1;
109 static int login_delay = 1000;	/* msec */
110 static int scan_delay = 500;	/* msec */
111 static int use_doorbell = 0;
112 static int sbp_tags = 0;
113 
114 SYSCTL_DECL(_hw_firewire);
115 static SYSCTL_NODE(_hw_firewire, OID_AUTO, sbp, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
116     "SBP-II Subsystem");
117 SYSCTL_INT(_debug, OID_AUTO, sbp_debug, CTLFLAG_RWTUN, &debug, 0,
118 	"SBP debug flag");
119 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, auto_login, CTLFLAG_RWTUN, &auto_login, 0,
120 	"SBP perform login automatically");
121 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, max_speed, CTLFLAG_RWTUN, &max_speed, 0,
122 	"SBP transfer max speed");
123 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, exclusive_login, CTLFLAG_RWTUN,
124 	&ex_login, 0, "SBP enable exclusive login");
125 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, login_delay, CTLFLAG_RWTUN,
126 	&login_delay, 0, "SBP login delay in msec");
127 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, scan_delay, CTLFLAG_RWTUN,
128 	&scan_delay, 0, "SBP scan delay in msec");
129 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, use_doorbell, CTLFLAG_RWTUN,
130 	&use_doorbell, 0, "SBP use doorbell request");
131 SYSCTL_INT(_hw_firewire_sbp, OID_AUTO, tags, CTLFLAG_RWTUN, &sbp_tags, 0,
132 	"SBP tagged queuing support");
133 
134 #define NEED_RESPONSE 0
135 
136 #define SBP_SEG_MAX rounddown(0xffff, PAGE_SIZE)
137 #define SBP_IND_MAX howmany(SBP_MAXPHYS, PAGE_SIZE)
138 struct sbp_ocb {
139 	STAILQ_ENTRY(sbp_ocb)	ocb;
140 	union ccb	*ccb;
141 	bus_addr_t	bus_addr;
142 	uint32_t	orb[8];
143 #define IND_PTR_OFFSET	(8*sizeof(uint32_t))
144 	struct ind_ptr  ind_ptr[SBP_IND_MAX];
145 	struct sbp_dev	*sdev;
146 	int		flags; /* XXX should be removed */
147 	bus_dmamap_t	dmamap;
148 	struct callout	timer;
149 };
150 
151 #define OCB_ACT_MGM 0
152 #define OCB_ACT_CMD 1
153 #define OCB_MATCH(o,s)	((o)->bus_addr == ntohl((s)->orb_lo))
154 
155 struct sbp_dev {
156 #define SBP_DEV_RESET		0	/* accept login */
157 #define SBP_DEV_LOGIN		1	/* to login */
158 #if 0
159 #define SBP_DEV_RECONN		2	/* to reconnect */
160 #endif
161 #define SBP_DEV_TOATTACH	3	/* to attach */
162 #define SBP_DEV_PROBE		4	/* scan lun */
163 #define SBP_DEV_ATTACHED	5	/* in operation */
164 #define SBP_DEV_DEAD		6	/* unavailable unit */
165 #define SBP_DEV_RETRY		7	/* unavailable unit */
166 	uint8_t status:4,
167 		 timeout:4;
168 	uint8_t type;
169 	uint16_t lun_id;
170 	uint16_t freeze;
171 #define	ORB_LINK_DEAD		(1 << 0)
172 #define	VALID_LUN		(1 << 1)
173 #define	ORB_POINTER_ACTIVE	(1 << 2)
174 #define	ORB_POINTER_NEED	(1 << 3)
175 #define	ORB_DOORBELL_ACTIVE	(1 << 4)
176 #define	ORB_DOORBELL_NEED	(1 << 5)
177 #define	ORB_SHORTAGE		(1 << 6)
178 	uint16_t flags;
179 	struct cam_path *path;
180 	struct sbp_target *target;
181 	struct fwdma_alloc dma;
182 	struct sbp_login_res *login;
183 	struct callout login_callout;
184 	struct sbp_ocb *ocb;
185 	STAILQ_HEAD(, sbp_ocb) ocbs;
186 	STAILQ_HEAD(, sbp_ocb) free_ocbs;
187 	struct sbp_ocb *last_ocb;
188 	char vendor[32];
189 	char product[32];
190 	char revision[10];
191 	char bustgtlun[32];
192 };
193 
194 struct sbp_target {
195 	int target_id;
196 	int num_lun;
197 	struct sbp_dev	**luns;
198 	struct sbp_softc *sbp;
199 	struct fw_device *fwdev;
200 	uint32_t mgm_hi, mgm_lo;
201 	struct sbp_ocb *mgm_ocb_cur;
202 	STAILQ_HEAD(, sbp_ocb) mgm_ocb_queue;
203 	struct callout mgm_ocb_timeout;
204 	struct callout scan_callout;
205 	STAILQ_HEAD(, fw_xfer) xferlist;
206 	int n_xfer;
207 };
208 
209 struct sbp_softc {
210 	struct firewire_dev_comm fd;
211 	struct cam_sim  *sim;
212 	struct cam_path  *path;
213 	struct sbp_target targets[SBP_NUM_TARGETS];
214 	struct fw_bind fwb;
215 	bus_dma_tag_t	dmat;
216 	struct timeval last_busreset;
217 #define SIMQ_FREEZED 1
218 	int flags;
219 	struct mtx mtx;
220 };
221 #define	SBP_LOCK(sbp)		mtx_lock(&(sbp)->mtx)
222 #define	SBP_UNLOCK(sbp)		mtx_unlock(&(sbp)->mtx)
223 #define	SBP_LOCK_ASSERT(sbp)	mtx_assert(&(sbp)->mtx, MA_OWNED)
224 
225 static void sbp_post_explore (void *);
226 static void sbp_recv (struct fw_xfer *);
227 static void sbp_mgm_callback (struct fw_xfer *);
228 #if 0
229 static void sbp_cmd_callback (struct fw_xfer *);
230 #endif
231 static void sbp_orb_pointer (struct sbp_dev *, struct sbp_ocb *);
232 static void sbp_doorbell(struct sbp_dev *);
233 static void sbp_execute_ocb (void *, bus_dma_segment_t *, int, int);
234 static void sbp_free_ocb (struct sbp_dev *, struct sbp_ocb *);
235 static void sbp_abort_ocb (struct sbp_ocb *, int);
236 static void sbp_abort_all_ocbs (struct sbp_dev *, int);
237 static struct fw_xfer * sbp_write_cmd (struct sbp_dev *, int, int);
238 static struct sbp_ocb * sbp_get_ocb (struct sbp_dev *);
239 static struct sbp_ocb * sbp_enqueue_ocb (struct sbp_dev *, struct sbp_ocb *);
240 static struct sbp_ocb * sbp_dequeue_ocb (struct sbp_dev *, struct sbp_status *);
241 static void sbp_cam_detach_sdev(struct sbp_dev *);
242 static void sbp_free_sdev(struct sbp_dev *);
243 static void sbp_cam_detach_target (struct sbp_target *);
244 static void sbp_free_target (struct sbp_target *);
245 static void sbp_mgm_timeout (void *arg);
246 static void sbp_timeout (void *arg);
247 static void sbp_mgm_orb (struct sbp_dev *, int, struct sbp_ocb *);
248 
249 static MALLOC_DEFINE(M_SBP, "sbp", "SBP-II/FireWire");
250 
251 /* cam related functions */
252 static void	sbp_action(struct cam_sim *sim, union ccb *ccb);
253 static void	sbp_poll(struct cam_sim *sim);
254 static void	sbp_cam_scan_lun(struct cam_periph *, union ccb *);
255 static void	sbp_cam_scan_target(void *arg);
256 
257 static char *orb_status0[] = {
258 	/* 0 */ "No additional information to report",
259 	/* 1 */ "Request type not supported",
260 	/* 2 */ "Speed not supported",
261 	/* 3 */ "Page size not supported",
262 	/* 4 */ "Access denied",
263 	/* 5 */ "Logical unit not supported",
264 	/* 6 */ "Maximum payload too small",
265 	/* 7 */ "Reserved for future standardization",
266 	/* 8 */ "Resources unavailable",
267 	/* 9 */ "Function rejected",
268 	/* A */ "Login ID not recognized",
269 	/* B */ "Dummy ORB completed",
270 	/* C */ "Request aborted",
271 	/* FF */ "Unspecified error"
272 #define MAX_ORB_STATUS0 0xd
273 };
274 
275 static char *orb_status1_object[] = {
276 	/* 0 */ "Operation request block (ORB)",
277 	/* 1 */ "Data buffer",
278 	/* 2 */ "Page table",
279 	/* 3 */ "Unable to specify"
280 };
281 
282 static char *orb_status1_serial_bus_error[] = {
283 	/* 0 */ "Missing acknowledge",
284 	/* 1 */ "Reserved; not to be used",
285 	/* 2 */ "Time-out error",
286 	/* 3 */ "Reserved; not to be used",
287 	/* 4 */ "Busy retry limit exceeded(X)",
288 	/* 5 */ "Busy retry limit exceeded(A)",
289 	/* 6 */ "Busy retry limit exceeded(B)",
290 	/* 7 */ "Reserved for future standardization",
291 	/* 8 */ "Reserved for future standardization",
292 	/* 9 */ "Reserved for future standardization",
293 	/* A */ "Reserved for future standardization",
294 	/* B */ "Tardy retry limit exceeded",
295 	/* C */ "Conflict error",
296 	/* D */ "Data error",
297 	/* E */ "Type error",
298 	/* F */ "Address error"
299 };
300 
301 static void
302 sbp_identify(driver_t *driver, device_t parent)
303 {
304 SBP_DEBUG(0)
305 	printf("sbp_identify\n");
306 END_DEBUG
307 
308 	if (device_find_child(parent, "sbp", -1) == NULL)
309 		BUS_ADD_CHILD(parent, 0, "sbp", -1);
310 }
311 
312 /*
313  * sbp_probe()
314  */
315 static int
316 sbp_probe(device_t dev)
317 {
318 
319 SBP_DEBUG(0)
320 	printf("sbp_probe\n");
321 END_DEBUG
322 
323 	device_set_desc(dev, "SBP-2/SCSI over FireWire");
324 
325 #if 0
326 	if (bootverbose)
327 		debug = bootverbose;
328 #endif
329 
330 	return (0);
331 }
332 
333 /*
334  * Display device characteristics on the console
335  */
336 static void
337 sbp_show_sdev_info(struct sbp_dev *sdev)
338 {
339 	struct fw_device *fwdev;
340 
341 	fwdev = sdev->target->fwdev;
342 	device_printf(sdev->target->sbp->fd.dev,
343 		"%s: %s: ordered:%d type:%d EUI:%08x%08x node:%d "
344 		"speed:%d maxrec:%d\n",
345 		__func__,
346 		sdev->bustgtlun,
347 		(sdev->type & 0x40) >> 6,
348 		(sdev->type & 0x1f),
349 		fwdev->eui.hi,
350 		fwdev->eui.lo,
351 		fwdev->dst,
352 		fwdev->speed,
353 		fwdev->maxrec);
354 
355 	device_printf(sdev->target->sbp->fd.dev,
356 			"%s: %s '%s' '%s' '%s'\n",
357 			__func__,
358 			sdev->bustgtlun,
359 			sdev->vendor,
360 			sdev->product,
361 			sdev->revision);
362 }
363 
364 static struct {
365 	int bus;
366 	int target;
367 	struct fw_eui64 eui;
368 } wired[] = {
369 	/* Bus	Target	EUI64 */
370 #if 0
371 	{0,	2,	{0x00018ea0, 0x01fd0154}},	/* Logitec HDD */
372 	{0,	0,	{0x00018ea6, 0x00100682}},	/* Logitec DVD */
373 	{0,	1,	{0x00d03200, 0xa412006a}},	/* Yano HDD */
374 #endif
375 	{-1,	-1,	{0,0}}
376 };
377 
378 static int
379 sbp_new_target(struct sbp_softc *sbp, struct fw_device *fwdev)
380 {
381 	int bus, i, target=-1;
382 	char w[SBP_NUM_TARGETS];
383 
384 	bzero(w, sizeof(w));
385 	bus = device_get_unit(sbp->fd.dev);
386 
387 	/* XXX wired-down configuration should be gotten from
388 					tunable or device hint */
389 	for (i = 0; wired[i].bus >= 0; i++) {
390 		if (wired[i].bus == bus) {
391 			w[wired[i].target] = 1;
392 			if (wired[i].eui.hi == fwdev->eui.hi &&
393 					wired[i].eui.lo == fwdev->eui.lo)
394 				target = wired[i].target;
395 		}
396 	}
397 	if (target >= 0) {
398 		if (target < SBP_NUM_TARGETS &&
399 				sbp->targets[target].fwdev == NULL)
400 			return (target);
401 		device_printf(sbp->fd.dev,
402 			"target %d is not free for %08x:%08x\n",
403 			target, fwdev->eui.hi, fwdev->eui.lo);
404 		target = -1;
405 	}
406 	/* non-wired target */
407 	for (i = 0; i < SBP_NUM_TARGETS; i++)
408 		if (sbp->targets[i].fwdev == NULL && w[i] == 0) {
409 			target = i;
410 			break;
411 		}
412 
413 	return target;
414 }
415 
416 static void
417 sbp_alloc_lun(struct sbp_target *target)
418 {
419 	struct crom_context cc;
420 	struct csrreg *reg;
421 	struct sbp_dev *sdev, **newluns;
422 	struct sbp_softc *sbp;
423 	int maxlun, lun, i;
424 
425 	sbp = target->sbp;
426 	crom_init_context(&cc, target->fwdev->csrrom);
427 	/* XXX shoud parse appropriate unit directories only */
428 	maxlun = -1;
429 	while (cc.depth >= 0) {
430 		reg = crom_search_key(&cc, CROM_LUN);
431 		if (reg == NULL)
432 			break;
433 		lun = reg->val & 0xffff;
434 SBP_DEBUG(0)
435 		printf("target %d lun %d found\n", target->target_id, lun);
436 END_DEBUG
437 		if (maxlun < lun)
438 			maxlun = lun;
439 		crom_next(&cc);
440 	}
441 	if (maxlun < 0)
442 		device_printf(target->sbp->fd.dev, "%d no LUN found\n",
443 		    target->target_id);
444 
445 	maxlun++;
446 	if (maxlun >= SBP_NUM_LUNS)
447 		maxlun = SBP_NUM_LUNS;
448 
449 	/* Invalidiate stale devices */
450 	for (lun = 0; lun < target->num_lun; lun++) {
451 		sdev = target->luns[lun];
452 		if (sdev == NULL)
453 			continue;
454 		sdev->flags &= ~VALID_LUN;
455 		if (lun >= maxlun) {
456 			/* lost device */
457 			sbp_cam_detach_sdev(sdev);
458 			sbp_free_sdev(sdev);
459 			target->luns[lun] = NULL;
460 		}
461 	}
462 
463 	/* Reallocate */
464 	if (maxlun != target->num_lun) {
465 		newluns = (struct sbp_dev **) realloc(target->luns,
466 		    sizeof(struct sbp_dev *) * maxlun,
467 		    M_SBP, M_NOWAIT | M_ZERO);
468 
469 		if (newluns == NULL) {
470 			printf("%s: realloc failed\n", __func__);
471 			newluns = target->luns;
472 			maxlun = target->num_lun;
473 		}
474 
475 		/*
476 		 * We must zero the extended region for the case
477 		 * realloc() doesn't allocate new buffer.
478 		 */
479 		if (maxlun > target->num_lun)
480 			bzero(&newluns[target->num_lun],
481 			    sizeof(struct sbp_dev *) *
482 			    (maxlun - target->num_lun));
483 
484 		target->luns = newluns;
485 		target->num_lun = maxlun;
486 	}
487 
488 	crom_init_context(&cc, target->fwdev->csrrom);
489 	while (cc.depth >= 0) {
490 		int new = 0;
491 
492 		reg = crom_search_key(&cc, CROM_LUN);
493 		if (reg == NULL)
494 			break;
495 		lun = reg->val & 0xffff;
496 		if (lun >= SBP_NUM_LUNS) {
497 			printf("too large lun %d\n", lun);
498 			goto next;
499 		}
500 
501 		sdev = target->luns[lun];
502 		if (sdev == NULL) {
503 			sdev = malloc(sizeof(struct sbp_dev),
504 			    M_SBP, M_NOWAIT | M_ZERO);
505 			if (sdev == NULL) {
506 				printf("%s: malloc failed\n", __func__);
507 				goto next;
508 			}
509 			target->luns[lun] = sdev;
510 			sdev->lun_id = lun;
511 			sdev->target = target;
512 			STAILQ_INIT(&sdev->ocbs);
513 			callout_init_mtx(&sdev->login_callout, &sbp->mtx, 0);
514 			sdev->status = SBP_DEV_RESET;
515 			new = 1;
516 			snprintf(sdev->bustgtlun, 32, "%s:%d:%d",
517 					device_get_nameunit(sdev->target->sbp->fd.dev),
518 					sdev->target->target_id,
519 					sdev->lun_id);
520 		}
521 		sdev->flags |= VALID_LUN;
522 		sdev->type = (reg->val & 0xff0000) >> 16;
523 
524 		if (new == 0)
525 			goto next;
526 
527 		fwdma_malloc(sbp->fd.fc,
528 			/* alignment */ sizeof(uint32_t),
529 			SBP_DMA_SIZE, &sdev->dma, BUS_DMA_NOWAIT |
530 			BUS_DMA_COHERENT);
531 		if (sdev->dma.v_addr == NULL) {
532 			printf("%s: dma space allocation failed\n",
533 							__func__);
534 			free(sdev, M_SBP);
535 			target->luns[lun] = NULL;
536 			goto next;
537 		}
538 		sdev->login = (struct sbp_login_res *) sdev->dma.v_addr;
539 		sdev->ocb = (struct sbp_ocb *)
540 				((char *)sdev->dma.v_addr + SBP_LOGIN_SIZE);
541 		bzero((char *)sdev->ocb,
542 			sizeof(struct sbp_ocb) * SBP_QUEUE_LEN);
543 
544 		STAILQ_INIT(&sdev->free_ocbs);
545 		for (i = 0; i < SBP_QUEUE_LEN; i++) {
546 			struct sbp_ocb *ocb;
547 			ocb = &sdev->ocb[i];
548 			ocb->bus_addr = sdev->dma.bus_addr
549 				+ SBP_LOGIN_SIZE
550 				+ sizeof(struct sbp_ocb) * i
551 				+ offsetof(struct sbp_ocb, orb[0]);
552 			if (bus_dmamap_create(sbp->dmat, 0, &ocb->dmamap)) {
553 				printf("sbp_attach: cannot create dmamap\n");
554 				/* XXX */
555 				goto next;
556 			}
557 			callout_init_mtx(&ocb->timer, &sbp->mtx, 0);
558 			SBP_LOCK(sbp);
559 			sbp_free_ocb(sdev, ocb);
560 			SBP_UNLOCK(sbp);
561 		}
562 next:
563 		crom_next(&cc);
564 	}
565 
566 	for (lun = 0; lun < target->num_lun; lun++) {
567 		sdev = target->luns[lun];
568 		if (sdev != NULL && (sdev->flags & VALID_LUN) == 0) {
569 			sbp_cam_detach_sdev(sdev);
570 			sbp_free_sdev(sdev);
571 			target->luns[lun] = NULL;
572 		}
573 	}
574 }
575 
576 static struct sbp_target *
577 sbp_alloc_target(struct sbp_softc *sbp, struct fw_device *fwdev)
578 {
579 	int i;
580 	struct sbp_target *target;
581 	struct crom_context cc;
582 	struct csrreg *reg;
583 
584 SBP_DEBUG(1)
585 	printf("sbp_alloc_target\n");
586 END_DEBUG
587 	i = sbp_new_target(sbp, fwdev);
588 	if (i < 0) {
589 		device_printf(sbp->fd.dev, "increase SBP_NUM_TARGETS!\n");
590 		return NULL;
591 	}
592 	/* new target */
593 	target = &sbp->targets[i];
594 	target->fwdev = fwdev;
595 	target->target_id = i;
596 	/* XXX we may want to reload mgm port after each bus reset */
597 	/* XXX there might be multiple management agents */
598 	crom_init_context(&cc, target->fwdev->csrrom);
599 	reg = crom_search_key(&cc, CROM_MGM);
600 	if (reg == NULL || reg->val == 0) {
601 		printf("NULL management address\n");
602 		target->fwdev = NULL;
603 		return NULL;
604 	}
605 	target->mgm_hi = 0xffff;
606 	target->mgm_lo = 0xf0000000 | (reg->val << 2);
607 	target->mgm_ocb_cur = NULL;
608 SBP_DEBUG(1)
609 	printf("target:%d mgm_port: %x\n", i, target->mgm_lo);
610 END_DEBUG
611 	STAILQ_INIT(&target->xferlist);
612 	target->n_xfer = 0;
613 	STAILQ_INIT(&target->mgm_ocb_queue);
614 	callout_init_mtx(&target->mgm_ocb_timeout, &sbp->mtx, 0);
615 	callout_init_mtx(&target->scan_callout, &sbp->mtx, 0);
616 
617 	target->luns = NULL;
618 	target->num_lun = 0;
619 	return target;
620 }
621 
622 static void
623 sbp_probe_lun(struct sbp_dev *sdev)
624 {
625 	struct fw_device *fwdev;
626 	struct crom_context c, *cc = &c;
627 	struct csrreg *reg;
628 
629 	bzero(sdev->vendor, sizeof(sdev->vendor));
630 	bzero(sdev->product, sizeof(sdev->product));
631 
632 	fwdev = sdev->target->fwdev;
633 	crom_init_context(cc, fwdev->csrrom);
634 	/* get vendor string */
635 	crom_search_key(cc, CSRKEY_VENDOR);
636 	crom_next(cc);
637 	crom_parse_text(cc, sdev->vendor, sizeof(sdev->vendor));
638 	/* skip to the unit directory for SBP-2 */
639 	while ((reg = crom_search_key(cc, CSRKEY_VER)) != NULL) {
640 		if (reg->val == CSRVAL_T10SBP2)
641 			break;
642 		crom_next(cc);
643 	}
644 	/* get firmware revision */
645 	reg = crom_search_key(cc, CSRKEY_FIRM_VER);
646 	if (reg != NULL)
647 		snprintf(sdev->revision, sizeof(sdev->revision),
648 						"%06x", reg->val);
649 	/* get product string */
650 	crom_search_key(cc, CSRKEY_MODEL);
651 	crom_next(cc);
652 	crom_parse_text(cc, sdev->product, sizeof(sdev->product));
653 }
654 
655 static void
656 sbp_login_callout(void *arg)
657 {
658 	struct sbp_dev *sdev = (struct sbp_dev *)arg;
659 	SBP_LOCK_ASSERT(sdev->target->sbp);
660 	sbp_mgm_orb(sdev, ORB_FUN_LGI, NULL);
661 }
662 
663 static void
664 sbp_login(struct sbp_dev *sdev)
665 {
666 	struct timeval delta;
667 	struct timeval t;
668 	int ticks = 0;
669 
670 	microtime(&delta);
671 	timevalsub(&delta, &sdev->target->sbp->last_busreset);
672 	t.tv_sec = login_delay / 1000;
673 	t.tv_usec = (login_delay % 1000) * 1000;
674 	timevalsub(&t, &delta);
675 	if (t.tv_sec >= 0 && t.tv_usec > 0)
676 		ticks = (t.tv_sec * 1000 + t.tv_usec / 1000) * hz / 1000;
677 SBP_DEBUG(0)
678 	printf("%s: sec = %jd usec = %ld ticks = %d\n", __func__,
679 	    (intmax_t)t.tv_sec, t.tv_usec, ticks);
680 END_DEBUG
681 	callout_reset(&sdev->login_callout, ticks,
682 			sbp_login_callout, (void *)(sdev));
683 }
684 
685 #define SBP_FWDEV_ALIVE(fwdev) (((fwdev)->status == FWDEVATTACHED) \
686 	&& crom_has_specver((fwdev)->csrrom, CSRVAL_ANSIT10, CSRVAL_T10SBP2))
687 
688 static void
689 sbp_probe_target(struct sbp_target *target)
690 {
691 	struct sbp_softc *sbp = target->sbp;
692 	struct sbp_dev *sdev;
693 	int i, alive;
694 
695 	alive = SBP_FWDEV_ALIVE(target->fwdev);
696 SBP_DEBUG(1)
697 	device_printf(sbp->fd.dev, "%s %d%salive\n",
698 		 __func__, target->target_id,
699 		(!alive) ? " not " : "");
700 END_DEBUG
701 
702 	sbp_alloc_lun(target);
703 
704 	/* XXX untimeout mgm_ocb and dequeue */
705 	for (i=0; i < target->num_lun; i++) {
706 		sdev = target->luns[i];
707 		if (sdev == NULL)
708 			continue;
709 		if (alive && (sdev->status != SBP_DEV_DEAD)) {
710 			if (sdev->path != NULL) {
711 				xpt_freeze_devq(sdev->path, 1);
712 				sdev->freeze++;
713 			}
714 			sbp_probe_lun(sdev);
715 			sbp_show_sdev_info(sdev);
716 
717 			SBP_LOCK(sbp);
718 			sbp_abort_all_ocbs(sdev, CAM_SCSI_BUS_RESET);
719 			SBP_UNLOCK(sbp);
720 			switch (sdev->status) {
721 			case SBP_DEV_RESET:
722 				/* new or revived target */
723 				if (auto_login)
724 					sbp_login(sdev);
725 				break;
726 			case SBP_DEV_TOATTACH:
727 			case SBP_DEV_PROBE:
728 			case SBP_DEV_ATTACHED:
729 			case SBP_DEV_RETRY:
730 			default:
731 				sbp_mgm_orb(sdev, ORB_FUN_RCN, NULL);
732 				break;
733 			}
734 		} else {
735 			switch (sdev->status) {
736 			case SBP_DEV_ATTACHED:
737 SBP_DEBUG(0)
738 				/* the device has gone */
739 				device_printf(sbp->fd.dev, "%s: lost target\n",
740 					__func__);
741 END_DEBUG
742 				if (sdev->path) {
743 					xpt_freeze_devq(sdev->path, 1);
744 					sdev->freeze++;
745 				}
746 				sdev->status = SBP_DEV_RETRY;
747 				sbp_cam_detach_sdev(sdev);
748 				sbp_free_sdev(sdev);
749 				target->luns[i] = NULL;
750 				break;
751 			case SBP_DEV_PROBE:
752 			case SBP_DEV_TOATTACH:
753 				sdev->status = SBP_DEV_RESET;
754 				break;
755 			case SBP_DEV_RETRY:
756 			case SBP_DEV_RESET:
757 			case SBP_DEV_DEAD:
758 				break;
759 			}
760 		}
761 	}
762 }
763 
764 static void
765 sbp_post_busreset(void *arg)
766 {
767 	struct sbp_softc *sbp;
768 
769 	sbp = (struct sbp_softc *)arg;
770 SBP_DEBUG(0)
771 	printf("sbp_post_busreset\n");
772 END_DEBUG
773 	SBP_LOCK(sbp);
774 	if ((sbp->flags & SIMQ_FREEZED) == 0) {
775 		xpt_freeze_simq(sbp->sim, /*count*/1);
776 		sbp->flags |= SIMQ_FREEZED;
777 	}
778 	microtime(&sbp->last_busreset);
779 	SBP_UNLOCK(sbp);
780 }
781 
782 static void
783 sbp_post_explore(void *arg)
784 {
785 	struct sbp_softc *sbp = (struct sbp_softc *)arg;
786 	struct sbp_target *target;
787 	struct fw_device *fwdev;
788 	int i, alive;
789 
790 SBP_DEBUG(0)
791 	printf("sbp_post_explore (sbp_cold=%d)\n", sbp_cold);
792 END_DEBUG
793 	/* We need physical access */
794 	if (!firewire_phydma_enable)
795 		return;
796 
797 	if (sbp_cold > 0)
798 		sbp_cold--;
799 
800 	SBP_LOCK(sbp);
801 
802 	/* Garbage Collection */
803 	for (i = 0; i < SBP_NUM_TARGETS; i++) {
804 		target = &sbp->targets[i];
805 		if (target->fwdev == NULL)
806 			continue;
807 
808 		STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link)
809 			if (target->fwdev == fwdev)
810 				break;
811 		if (fwdev == NULL) {
812 			/* device has removed in lower driver */
813 			sbp_cam_detach_target(target);
814 			sbp_free_target(target);
815 		}
816 	}
817 
818 	/* traverse device list */
819 	STAILQ_FOREACH(fwdev, &sbp->fd.fc->devices, link) {
820 SBP_DEBUG(0)
821 		device_printf(sbp->fd.dev,"%s:: EUI:%08x%08x %s attached, state=%d\n",
822 				__func__, fwdev->eui.hi, fwdev->eui.lo,
823 				(fwdev->status != FWDEVATTACHED) ? "not" : "",
824 				fwdev->status);
825 END_DEBUG
826 		alive = SBP_FWDEV_ALIVE(fwdev);
827 		for (i = 0; i < SBP_NUM_TARGETS; i++) {
828 			target = &sbp->targets[i];
829 			if (target->fwdev == fwdev) {
830 				/* known target */
831 				break;
832 			}
833 		}
834 		if (i == SBP_NUM_TARGETS) {
835 			if (alive) {
836 				/* new target */
837 				target = sbp_alloc_target(sbp, fwdev);
838 				if (target == NULL)
839 					continue;
840 			} else {
841 				continue;
842 			}
843 		}
844 
845 		/*
846 		 * It is safe to drop the lock here as the target is already
847 		 * reserved, so there should be no contenders for it.
848 		 * And the target is not yet exposed, so there should not be
849 		 * any other accesses to it.
850 		 * Finally, the list being iterated is protected somewhere else.
851 		 */
852 		SBP_UNLOCK(sbp);
853 		sbp_probe_target(target);
854 		SBP_LOCK(sbp);
855 		if (target->num_lun == 0)
856 			sbp_free_target(target);
857 	}
858 	if ((sbp->flags & SIMQ_FREEZED) != 0) {
859 		xpt_release_simq(sbp->sim, /*run queue*/TRUE);
860 		sbp->flags &= ~SIMQ_FREEZED;
861 	}
862 	SBP_UNLOCK(sbp);
863 }
864 
865 #if NEED_RESPONSE
866 static void
867 sbp_loginres_callback(struct fw_xfer *xfer)
868 {
869 	struct sbp_dev *sdev;
870 	sdev = (struct sbp_dev *)xfer->sc;
871 SBP_DEBUG(1)
872 	device_printf(sdev->target->sbp->fd.dev,"%s\n", __func__);
873 END_DEBUG
874 	/* recycle */
875 	SBP_LOCK(sdev->target->sbp);
876 	STAILQ_INSERT_TAIL(&sdev->target->sbp->fwb.xferlist, xfer, link);
877 	SBP_UNLOCK(sdev->target->sbp);
878 	return;
879 }
880 #endif
881 
882 static __inline void
883 sbp_xfer_free(struct fw_xfer *xfer)
884 {
885 	struct sbp_dev *sdev;
886 
887 	sdev = (struct sbp_dev *)xfer->sc;
888 	fw_xfer_unload(xfer);
889 	SBP_LOCK_ASSERT(sdev->target->sbp);
890 	STAILQ_INSERT_TAIL(&sdev->target->xferlist, xfer, link);
891 }
892 
893 static void
894 sbp_reset_start_callback(struct fw_xfer *xfer)
895 {
896 	struct sbp_dev *tsdev, *sdev = (struct sbp_dev *)xfer->sc;
897 	struct sbp_target *target = sdev->target;
898 	int i;
899 
900 	if (xfer->resp != 0) {
901 		device_printf(sdev->target->sbp->fd.dev,
902 			"%s: %s failed: resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
903 	}
904 
905 	SBP_LOCK(target->sbp);
906 	for (i = 0; i < target->num_lun; i++) {
907 		tsdev = target->luns[i];
908 		if (tsdev != NULL && tsdev->status == SBP_DEV_LOGIN)
909 			sbp_login(tsdev);
910 	}
911 	SBP_UNLOCK(target->sbp);
912 }
913 
914 static void
915 sbp_reset_start(struct sbp_dev *sdev)
916 {
917 	struct fw_xfer *xfer;
918 	struct fw_pkt *fp;
919 
920 SBP_DEBUG(0)
921 	device_printf(sdev->target->sbp->fd.dev,
922 			"%s:%s\n", __func__,sdev->bustgtlun);
923 END_DEBUG
924 
925 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
926 	xfer->hand = sbp_reset_start_callback;
927 	fp = &xfer->send.hdr;
928 	fp->mode.wreqq.dest_hi = 0xffff;
929 	fp->mode.wreqq.dest_lo = 0xf0000000 | RESET_START;
930 	fp->mode.wreqq.data = htonl(0xf);
931 	fw_asyreq(xfer->fc, -1, xfer);
932 }
933 
934 static void
935 sbp_mgm_callback(struct fw_xfer *xfer)
936 {
937 	struct sbp_dev *sdev;
938 	int resp;
939 
940 	sdev = (struct sbp_dev *)xfer->sc;
941 
942 SBP_DEBUG(1)
943 	device_printf(sdev->target->sbp->fd.dev,
944 		"%s:%s\n", __func__, sdev->bustgtlun);
945 END_DEBUG
946 	resp = xfer->resp;
947 	SBP_LOCK(sdev->target->sbp);
948 	sbp_xfer_free(xfer);
949 	SBP_UNLOCK(sdev->target->sbp);
950 }
951 
952 static struct sbp_dev *
953 sbp_next_dev(struct sbp_target *target, int lun)
954 {
955 	struct sbp_dev **sdevp;
956 	int i;
957 
958 	for (i = lun, sdevp = &target->luns[lun]; i < target->num_lun;
959 	    i++, sdevp++)
960 		if (*sdevp != NULL && (*sdevp)->status == SBP_DEV_PROBE)
961 			return (*sdevp);
962 	return (NULL);
963 }
964 
965 #define SCAN_PRI 1
966 static void
967 sbp_cam_scan_lun(struct cam_periph *periph, union ccb *ccb)
968 {
969 	struct sbp_softc *sbp;
970 	struct sbp_target *target;
971 	struct sbp_dev *sdev;
972 
973 	sdev = (struct sbp_dev *) ccb->ccb_h.ccb_sdev_ptr;
974 	target = sdev->target;
975 	sbp = target->sbp;
976 	SBP_LOCK(sbp);
977 SBP_DEBUG(0)
978 	device_printf(sbp->fd.dev,
979 		"%s:%s\n", __func__, sdev->bustgtlun);
980 END_DEBUG
981 	if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP) {
982 		sdev->status = SBP_DEV_ATTACHED;
983 	} else {
984 		device_printf(sbp->fd.dev,
985 			"%s:%s failed\n", __func__, sdev->bustgtlun);
986 	}
987 	sdev = sbp_next_dev(target, sdev->lun_id + 1);
988 	if (sdev == NULL) {
989 		SBP_UNLOCK(sbp);
990 		xpt_free_ccb(ccb);
991 		return;
992 	}
993 	/* reuse ccb */
994 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
995 	ccb->ccb_h.ccb_sdev_ptr = sdev;
996 	ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
997 	SBP_UNLOCK(sbp);
998 
999 	xpt_action(ccb);
1000 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1001 	sdev->freeze = 1;
1002 }
1003 
1004 static void
1005 sbp_cam_scan_target(void *arg)
1006 {
1007 	struct sbp_target *target = (struct sbp_target *)arg;
1008 	struct sbp_dev *sdev;
1009 	union ccb *ccb;
1010 
1011 	SBP_LOCK_ASSERT(target->sbp);
1012 	sdev = sbp_next_dev(target, 0);
1013 	if (sdev == NULL) {
1014 		printf("sbp_cam_scan_target: nothing to do for target%d\n",
1015 							target->target_id);
1016 		return;
1017 	}
1018 SBP_DEBUG(0)
1019 	device_printf(sdev->target->sbp->fd.dev,
1020 		"%s:%s\n", __func__, sdev->bustgtlun);
1021 END_DEBUG
1022 	ccb = xpt_alloc_ccb_nowait();
1023 	if (ccb == NULL) {
1024 		printf("sbp_cam_scan_target: xpt_alloc_ccb_nowait() failed\n");
1025 		return;
1026 	}
1027 	SBP_UNLOCK(target->sbp);
1028 
1029 	xpt_setup_ccb(&ccb->ccb_h, sdev->path, SCAN_PRI);
1030 	ccb->ccb_h.func_code = XPT_SCAN_LUN;
1031 	ccb->ccb_h.cbfcnp = sbp_cam_scan_lun;
1032 	ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
1033 	ccb->crcn.flags = CAM_FLAG_NONE;
1034 	ccb->ccb_h.ccb_sdev_ptr = sdev;
1035 
1036 	/* The scan is in progress now. */
1037 	xpt_action(ccb);
1038 
1039 	SBP_LOCK(target->sbp);
1040 	xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1041 	sdev->freeze = 1;
1042 }
1043 
1044 static __inline void
1045 sbp_scan_dev(struct sbp_dev *sdev)
1046 {
1047 	sdev->status = SBP_DEV_PROBE;
1048 	callout_reset_sbt(&sdev->target->scan_callout, SBT_1MS * scan_delay, 0,
1049 	    sbp_cam_scan_target, (void *)sdev->target, 0);
1050 }
1051 
1052 static void
1053 sbp_do_attach(struct fw_xfer *xfer)
1054 {
1055 	struct sbp_dev *sdev;
1056 	struct sbp_target *target;
1057 	struct sbp_softc *sbp;
1058 
1059 	sdev = (struct sbp_dev *)xfer->sc;
1060 	target = sdev->target;
1061 	sbp = target->sbp;
1062 	SBP_LOCK(sbp);
1063 SBP_DEBUG(0)
1064 	device_printf(sdev->target->sbp->fd.dev,
1065 		"%s:%s\n", __func__, sdev->bustgtlun);
1066 END_DEBUG
1067 	sbp_xfer_free(xfer);
1068 
1069 	if (sdev->path == NULL)
1070 		xpt_create_path(&sdev->path, NULL,
1071 			cam_sim_path(target->sbp->sim),
1072 			target->target_id, sdev->lun_id);
1073 
1074 	/*
1075 	 * Let CAM scan the bus if we are in the boot process.
1076 	 * XXX xpt_scan_bus cannot detect LUN larger than 0
1077 	 * if LUN 0 doesn't exist.
1078 	 */
1079 	if (sbp_cold > 0) {
1080 		sdev->status = SBP_DEV_ATTACHED;
1081 		SBP_UNLOCK(sbp);
1082 		return;
1083 	}
1084 
1085 	sbp_scan_dev(sdev);
1086 	SBP_UNLOCK(sbp);
1087 }
1088 
1089 static void
1090 sbp_agent_reset_callback(struct fw_xfer *xfer)
1091 {
1092 	struct sbp_dev *sdev;
1093 
1094 	sdev = (struct sbp_dev *)xfer->sc;
1095 SBP_DEBUG(1)
1096 	device_printf(sdev->target->sbp->fd.dev,
1097 			"%s:%s\n", __func__, sdev->bustgtlun);
1098 END_DEBUG
1099 	if (xfer->resp != 0) {
1100 		device_printf(sdev->target->sbp->fd.dev,
1101 			"%s:%s resp=%d\n", __func__, sdev->bustgtlun, xfer->resp);
1102 	}
1103 
1104 	SBP_LOCK(sdev->target->sbp);
1105 	sbp_xfer_free(xfer);
1106 	if (sdev->path) {
1107 		xpt_release_devq(sdev->path, sdev->freeze, TRUE);
1108 		sdev->freeze = 0;
1109 	}
1110 	SBP_UNLOCK(sdev->target->sbp);
1111 }
1112 
1113 static void
1114 sbp_agent_reset(struct sbp_dev *sdev)
1115 {
1116 	struct fw_xfer *xfer;
1117 	struct fw_pkt *fp;
1118 
1119 	SBP_LOCK_ASSERT(sdev->target->sbp);
1120 SBP_DEBUG(0)
1121 	device_printf(sdev->target->sbp->fd.dev,
1122 		"%s:%s\n", __func__, sdev->bustgtlun);
1123 END_DEBUG
1124 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0x04);
1125 	if (xfer == NULL)
1126 		return;
1127 	if (sdev->status == SBP_DEV_ATTACHED || sdev->status == SBP_DEV_PROBE)
1128 		xfer->hand = sbp_agent_reset_callback;
1129 	else
1130 		xfer->hand = sbp_do_attach;
1131 	fp = &xfer->send.hdr;
1132 	fp->mode.wreqq.data = htonl(0xf);
1133 	fw_asyreq(xfer->fc, -1, xfer);
1134 	sbp_abort_all_ocbs(sdev, CAM_BDR_SENT);
1135 }
1136 
1137 static void
1138 sbp_busy_timeout_callback(struct fw_xfer *xfer)
1139 {
1140 	struct sbp_dev *sdev;
1141 
1142 	sdev = (struct sbp_dev *)xfer->sc;
1143 SBP_DEBUG(1)
1144 	device_printf(sdev->target->sbp->fd.dev,
1145 		"%s:%s\n", __func__, sdev->bustgtlun);
1146 END_DEBUG
1147 	SBP_LOCK(sdev->target->sbp);
1148 	sbp_xfer_free(xfer);
1149 	sbp_agent_reset(sdev);
1150 	SBP_UNLOCK(sdev->target->sbp);
1151 }
1152 
1153 static void
1154 sbp_busy_timeout(struct sbp_dev *sdev)
1155 {
1156 	struct fw_pkt *fp;
1157 	struct fw_xfer *xfer;
1158 SBP_DEBUG(0)
1159 	device_printf(sdev->target->sbp->fd.dev,
1160 		"%s:%s\n", __func__, sdev->bustgtlun);
1161 END_DEBUG
1162 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0);
1163 
1164 	xfer->hand = sbp_busy_timeout_callback;
1165 	fp = &xfer->send.hdr;
1166 	fp->mode.wreqq.dest_hi = 0xffff;
1167 	fp->mode.wreqq.dest_lo = 0xf0000000 | BUSY_TIMEOUT;
1168 	fp->mode.wreqq.data = htonl((1 << (13 + 12)) | 0xf);
1169 	fw_asyreq(xfer->fc, -1, xfer);
1170 }
1171 
1172 static void
1173 sbp_orb_pointer_callback(struct fw_xfer *xfer)
1174 {
1175 	struct sbp_dev *sdev;
1176 	sdev = (struct sbp_dev *)xfer->sc;
1177 
1178 SBP_DEBUG(2)
1179 	device_printf(sdev->target->sbp->fd.dev,
1180 		"%s:%s\n", __func__, sdev->bustgtlun);
1181 END_DEBUG
1182 	if (xfer->resp != 0) {
1183 		/* XXX */
1184 		printf("%s: xfer->resp = %d\n", __func__, xfer->resp);
1185 	}
1186 	SBP_LOCK(sdev->target->sbp);
1187 	sbp_xfer_free(xfer);
1188 
1189 	sdev->flags &= ~ORB_POINTER_ACTIVE;
1190 
1191 	if ((sdev->flags & ORB_POINTER_NEED) != 0) {
1192 		struct sbp_ocb *ocb;
1193 
1194 		sdev->flags &= ~ORB_POINTER_NEED;
1195 		ocb = STAILQ_FIRST(&sdev->ocbs);
1196 		if (ocb != NULL)
1197 			sbp_orb_pointer(sdev, ocb);
1198 	}
1199 	SBP_UNLOCK(sdev->target->sbp);
1200 	return;
1201 }
1202 
1203 static void
1204 sbp_orb_pointer(struct sbp_dev *sdev, struct sbp_ocb *ocb)
1205 {
1206 	struct fw_xfer *xfer;
1207 	struct fw_pkt *fp;
1208 SBP_DEBUG(1)
1209 	device_printf(sdev->target->sbp->fd.dev,
1210 		"%s:%s 0x%08x\n",
1211 		__func__, sdev->bustgtlun,
1212 		(uint32_t)ocb->bus_addr);
1213 END_DEBUG
1214 
1215 	SBP_LOCK_ASSERT(sdev->target->sbp);
1216 
1217 	if ((sdev->flags & ORB_POINTER_ACTIVE) != 0) {
1218 SBP_DEBUG(0)
1219 		printf("%s: orb pointer active\n", __func__);
1220 END_DEBUG
1221 		sdev->flags |= ORB_POINTER_NEED;
1222 		return;
1223 	}
1224 
1225 	sdev->flags |= ORB_POINTER_ACTIVE;
1226 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQB, 0x08);
1227 	if (xfer == NULL)
1228 		return;
1229 	xfer->hand = sbp_orb_pointer_callback;
1230 
1231 	fp = &xfer->send.hdr;
1232 	fp->mode.wreqb.len = 8;
1233 	fp->mode.wreqb.extcode = 0;
1234 	xfer->send.payload[0] =
1235 		htonl(((sdev->target->sbp->fd.fc->nodeid | FWLOCALBUS) << 16));
1236 	xfer->send.payload[1] = htonl((uint32_t)ocb->bus_addr);
1237 
1238 	if (fw_asyreq(xfer->fc, -1, xfer) != 0) {
1239 		sbp_xfer_free(xfer);
1240 		ocb->ccb->ccb_h.status = CAM_REQ_INVALID;
1241 		xpt_done(ocb->ccb);
1242 	}
1243 }
1244 
1245 static void
1246 sbp_doorbell_callback(struct fw_xfer *xfer)
1247 {
1248 	struct sbp_dev *sdev;
1249 	sdev = (struct sbp_dev *)xfer->sc;
1250 
1251 SBP_DEBUG(1)
1252 	device_printf(sdev->target->sbp->fd.dev,
1253 		"%s:%s\n", __func__, sdev->bustgtlun);
1254 END_DEBUG
1255 	if (xfer->resp != 0) {
1256 		/* XXX */
1257 		device_printf(sdev->target->sbp->fd.dev,
1258 			"%s: xfer->resp = %d\n", __func__, xfer->resp);
1259 	}
1260 	SBP_LOCK(sdev->target->sbp);
1261 	sbp_xfer_free(xfer);
1262 	sdev->flags &= ~ORB_DOORBELL_ACTIVE;
1263 	if ((sdev->flags & ORB_DOORBELL_NEED) != 0) {
1264 		sdev->flags &= ~ORB_DOORBELL_NEED;
1265 		sbp_doorbell(sdev);
1266 	}
1267 	SBP_UNLOCK(sdev->target->sbp);
1268 }
1269 
1270 static void
1271 sbp_doorbell(struct sbp_dev *sdev)
1272 {
1273 	struct fw_xfer *xfer;
1274 	struct fw_pkt *fp;
1275 SBP_DEBUG(1)
1276 	device_printf(sdev->target->sbp->fd.dev,
1277 		"%s:%s\n", __func__, sdev->bustgtlun);
1278 END_DEBUG
1279 
1280 	if ((sdev->flags & ORB_DOORBELL_ACTIVE) != 0) {
1281 		sdev->flags |= ORB_DOORBELL_NEED;
1282 		return;
1283 	}
1284 	sdev->flags |= ORB_DOORBELL_ACTIVE;
1285 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQQ, 0x10);
1286 	if (xfer == NULL)
1287 		return;
1288 	xfer->hand = sbp_doorbell_callback;
1289 	fp = &xfer->send.hdr;
1290 	fp->mode.wreqq.data = htonl(0xf);
1291 	fw_asyreq(xfer->fc, -1, xfer);
1292 }
1293 
1294 static struct fw_xfer *
1295 sbp_write_cmd(struct sbp_dev *sdev, int tcode, int offset)
1296 {
1297 	struct fw_xfer *xfer;
1298 	struct fw_pkt *fp;
1299 	struct sbp_target *target;
1300 	int new = 0;
1301 
1302 	SBP_LOCK_ASSERT(sdev->target->sbp);
1303 
1304 	target = sdev->target;
1305 	xfer = STAILQ_FIRST(&target->xferlist);
1306 	if (xfer == NULL) {
1307 		if (target->n_xfer > 5 /* XXX */) {
1308 			printf("sbp: no more xfer for this target\n");
1309 			return (NULL);
1310 		}
1311 		xfer = fw_xfer_alloc_buf(M_SBP, 8, 0);
1312 		if (xfer == NULL) {
1313 			printf("sbp: fw_xfer_alloc_buf failed\n");
1314 			return NULL;
1315 		}
1316 		target->n_xfer++;
1317 		if (debug)
1318 			printf("sbp: alloc %d xfer\n", target->n_xfer);
1319 		new = 1;
1320 	} else {
1321 		STAILQ_REMOVE_HEAD(&target->xferlist, link);
1322 	}
1323 
1324 	if (new) {
1325 		xfer->recv.pay_len = 0;
1326 		xfer->send.spd = min(sdev->target->fwdev->speed, max_speed);
1327 		xfer->fc = sdev->target->sbp->fd.fc;
1328 	}
1329 
1330 	if (tcode == FWTCODE_WREQB)
1331 		xfer->send.pay_len = 8;
1332 	else
1333 		xfer->send.pay_len = 0;
1334 
1335 	xfer->sc = (caddr_t)sdev;
1336 	fp = &xfer->send.hdr;
1337 	fp->mode.wreqq.dest_hi = sdev->login->cmd_hi;
1338 	fp->mode.wreqq.dest_lo = sdev->login->cmd_lo + offset;
1339 	fp->mode.wreqq.tlrt = 0;
1340 	fp->mode.wreqq.tcode = tcode;
1341 	fp->mode.wreqq.pri = 0;
1342 	fp->mode.wreqq.dst = FWLOCALBUS | sdev->target->fwdev->dst;
1343 
1344 	return xfer;
1345 }
1346 
1347 static void
1348 sbp_mgm_orb(struct sbp_dev *sdev, int func, struct sbp_ocb *aocb)
1349 {
1350 	struct fw_xfer *xfer;
1351 	struct fw_pkt *fp;
1352 	struct sbp_ocb *ocb;
1353 	struct sbp_target *target;
1354 	int nid;
1355 
1356 	target = sdev->target;
1357 	nid = target->sbp->fd.fc->nodeid | FWLOCALBUS;
1358 
1359 	SBP_LOCK_ASSERT(target->sbp);
1360 	if (func == ORB_FUN_RUNQUEUE) {
1361 		ocb = STAILQ_FIRST(&target->mgm_ocb_queue);
1362 		if (target->mgm_ocb_cur != NULL || ocb == NULL) {
1363 			return;
1364 		}
1365 		STAILQ_REMOVE_HEAD(&target->mgm_ocb_queue, ocb);
1366 		goto start;
1367 	}
1368 	if ((ocb = sbp_get_ocb(sdev)) == NULL) {
1369 		/* XXX */
1370 		return;
1371 	}
1372 	ocb->flags = OCB_ACT_MGM;
1373 	ocb->sdev = sdev;
1374 
1375 	bzero((void *)ocb->orb, sizeof(ocb->orb));
1376 	ocb->orb[6] = htonl((nid << 16) | SBP_BIND_HI);
1377 	ocb->orb[7] = htonl(SBP_DEV2ADDR(target->target_id, sdev->lun_id));
1378 
1379 SBP_DEBUG(0)
1380 	device_printf(sdev->target->sbp->fd.dev,
1381 		 "%s:%s %s\n",
1382 		 __func__,sdev->bustgtlun,
1383 		 orb_fun_name[(func >> 16) & 0xf]);
1384 END_DEBUG
1385 	switch (func) {
1386 	case ORB_FUN_LGI:
1387 		ocb->orb[0] = ocb->orb[1] = 0; /* password */
1388 		ocb->orb[2] = htonl(nid << 16);
1389 		ocb->orb[3] = htonl(sdev->dma.bus_addr);
1390 		ocb->orb[4] = htonl(ORB_NOTIFY | sdev->lun_id);
1391 		if (ex_login)
1392 			ocb->orb[4] |= htonl(ORB_EXV);
1393 		ocb->orb[5] = htonl(SBP_LOGIN_SIZE);
1394 		fwdma_sync(&sdev->dma, BUS_DMASYNC_PREREAD);
1395 		break;
1396 	case ORB_FUN_ATA:
1397 		ocb->orb[0] = htonl((0 << 16) | 0);
1398 		ocb->orb[1] = htonl(aocb->bus_addr & 0xffffffff);
1399 		/* fall through */
1400 	case ORB_FUN_RCN:
1401 	case ORB_FUN_LGO:
1402 	case ORB_FUN_LUR:
1403 	case ORB_FUN_RST:
1404 	case ORB_FUN_ATS:
1405 		ocb->orb[4] = htonl(ORB_NOTIFY | func | sdev->login->id);
1406 		break;
1407 	}
1408 
1409 	if (target->mgm_ocb_cur != NULL) {
1410 		/* there is a standing ORB */
1411 		STAILQ_INSERT_TAIL(&sdev->target->mgm_ocb_queue, ocb, ocb);
1412 		return;
1413 	}
1414 start:
1415 	target->mgm_ocb_cur = ocb;
1416 
1417 	callout_reset(&target->mgm_ocb_timeout, 5 * hz,
1418 				sbp_mgm_timeout, (caddr_t)ocb);
1419 	xfer = sbp_write_cmd(sdev, FWTCODE_WREQB, 0);
1420 	if (xfer == NULL) {
1421 		return;
1422 	}
1423 	xfer->hand = sbp_mgm_callback;
1424 
1425 	fp = &xfer->send.hdr;
1426 	fp->mode.wreqb.dest_hi = sdev->target->mgm_hi;
1427 	fp->mode.wreqb.dest_lo = sdev->target->mgm_lo;
1428 	fp->mode.wreqb.len = 8;
1429 	fp->mode.wreqb.extcode = 0;
1430 	xfer->send.payload[0] = htonl(nid << 16);
1431 	xfer->send.payload[1] = htonl(ocb->bus_addr & 0xffffffff);
1432 
1433 	fw_asyreq(xfer->fc, -1, xfer);
1434 }
1435 
1436 static void
1437 sbp_print_scsi_cmd(struct sbp_ocb *ocb)
1438 {
1439 	struct ccb_scsiio *csio;
1440 
1441 	csio = &ocb->ccb->csio;
1442 	printf("%s:%d:%jx XPT_SCSI_IO: "
1443 		"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
1444 		", flags: 0x%02x, "
1445 		"%db cmd/%db data/%db sense\n",
1446 		device_get_nameunit(ocb->sdev->target->sbp->fd.dev),
1447 		ocb->ccb->ccb_h.target_id,
1448 		(uintmax_t)ocb->ccb->ccb_h.target_lun,
1449 		csio->cdb_io.cdb_bytes[0],
1450 		csio->cdb_io.cdb_bytes[1],
1451 		csio->cdb_io.cdb_bytes[2],
1452 		csio->cdb_io.cdb_bytes[3],
1453 		csio->cdb_io.cdb_bytes[4],
1454 		csio->cdb_io.cdb_bytes[5],
1455 		csio->cdb_io.cdb_bytes[6],
1456 		csio->cdb_io.cdb_bytes[7],
1457 		csio->cdb_io.cdb_bytes[8],
1458 		csio->cdb_io.cdb_bytes[9],
1459 		ocb->ccb->ccb_h.flags & CAM_DIR_MASK,
1460 		csio->cdb_len, csio->dxfer_len,
1461 		csio->sense_len);
1462 }
1463 
1464 static void
1465 sbp_scsi_status(struct sbp_status *sbp_status, struct sbp_ocb *ocb)
1466 {
1467 	struct sbp_cmd_status *sbp_cmd_status;
1468 	struct scsi_sense_data_fixed *sense;
1469 
1470 	sbp_cmd_status = (struct sbp_cmd_status *)sbp_status->data;
1471 	sense = (struct scsi_sense_data_fixed *)&ocb->ccb->csio.sense_data;
1472 
1473 SBP_DEBUG(0)
1474 	sbp_print_scsi_cmd(ocb);
1475 	/* XXX need decode status */
1476 	printf("%s: SCSI status %x sfmt %x valid %x key %x code %x qlfr %x len %d\n",
1477 		ocb->sdev->bustgtlun,
1478 		sbp_cmd_status->status,
1479 		sbp_cmd_status->sfmt,
1480 		sbp_cmd_status->valid,
1481 		sbp_cmd_status->s_key,
1482 		sbp_cmd_status->s_code,
1483 		sbp_cmd_status->s_qlfr,
1484 		sbp_status->len);
1485 END_DEBUG
1486 
1487 	switch (sbp_cmd_status->status) {
1488 	case SCSI_STATUS_CHECK_COND:
1489 	case SCSI_STATUS_BUSY:
1490 	case SCSI_STATUS_CMD_TERMINATED:
1491 		if (sbp_cmd_status->sfmt == SBP_SFMT_CURR) {
1492 			sense->error_code = SSD_CURRENT_ERROR;
1493 		} else {
1494 			sense->error_code = SSD_DEFERRED_ERROR;
1495 		}
1496 		if (sbp_cmd_status->valid)
1497 			sense->error_code |= SSD_ERRCODE_VALID;
1498 		sense->flags = sbp_cmd_status->s_key;
1499 		if (sbp_cmd_status->mark)
1500 			sense->flags |= SSD_FILEMARK;
1501 		if (sbp_cmd_status->eom)
1502 			sense->flags |= SSD_EOM;
1503 		if (sbp_cmd_status->ill_len)
1504 			sense->flags |= SSD_ILI;
1505 
1506 		bcopy(&sbp_cmd_status->info, &sense->info[0], 4);
1507 
1508 		if (sbp_status->len <= 1)
1509 			/* XXX not scsi status. shouldn't be happened */
1510 			sense->extra_len = 0;
1511 		else if (sbp_status->len <= 4)
1512 			/* add_sense_code(_qual), info, cmd_spec_info */
1513 			sense->extra_len = 6;
1514 		else
1515 			/* fru, sense_key_spec */
1516 			sense->extra_len = 10;
1517 
1518 		bcopy(&sbp_cmd_status->cdb, &sense->cmd_spec_info[0], 4);
1519 
1520 		sense->add_sense_code = sbp_cmd_status->s_code;
1521 		sense->add_sense_code_qual = sbp_cmd_status->s_qlfr;
1522 		sense->fru = sbp_cmd_status->fru;
1523 
1524 		bcopy(&sbp_cmd_status->s_keydep[0],
1525 		    &sense->sense_key_spec[0], 3);
1526 
1527 		ocb->ccb->csio.scsi_status = sbp_cmd_status->status;
1528 		ocb->ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR
1529 							| CAM_AUTOSNS_VALID;
1530 /*
1531 {
1532 		uint8_t j, *tmp;
1533 		tmp = sense;
1534 		for (j = 0; j < 32; j += 8) {
1535 			printf("sense %02x%02x %02x%02x %02x%02x %02x%02x\n",
1536 				tmp[j], tmp[j + 1], tmp[j + 2], tmp[j + 3],
1537 				tmp[j + 4], tmp[j + 5], tmp[j + 6], tmp[j + 7]);
1538 		}
1539 
1540 }
1541 */
1542 		break;
1543 	default:
1544 		device_printf(ocb->sdev->target->sbp->fd.dev,
1545 				"%s:%s unknown scsi status 0x%x\n",
1546 				__func__, ocb->sdev->bustgtlun,
1547 				sbp_cmd_status->status);
1548 	}
1549 }
1550 
1551 static void
1552 sbp_fix_inq_data(struct sbp_ocb *ocb)
1553 {
1554 	union ccb *ccb;
1555 	struct sbp_dev *sdev;
1556 	struct scsi_inquiry_data *inq;
1557 
1558 	ccb = ocb->ccb;
1559 	sdev = ocb->sdev;
1560 
1561 	if (ccb->csio.cdb_io.cdb_bytes[1] & SI_EVPD)
1562 		return;
1563 SBP_DEBUG(1)
1564 	device_printf(sdev->target->sbp->fd.dev,
1565 		"%s:%s\n", __func__, sdev->bustgtlun);
1566 END_DEBUG
1567 	inq = (struct scsi_inquiry_data *) ccb->csio.data_ptr;
1568 	switch (SID_TYPE(inq)) {
1569 	case T_DIRECT:
1570 #if 0
1571 		/*
1572 		 * XXX Convert Direct Access device to RBC.
1573 		 * I've never seen FireWire DA devices which support READ_6.
1574 		 */
1575 		if (SID_TYPE(inq) == T_DIRECT)
1576 			inq->device |= T_RBC; /*  T_DIRECT == 0 */
1577 #endif
1578 		/* fall through */
1579 	case T_RBC:
1580 		/*
1581 		 * Override vendor/product/revision information.
1582 		 * Some devices sometimes return strange strings.
1583 		 */
1584 #if 1
1585 		bcopy(sdev->vendor, inq->vendor, sizeof(inq->vendor));
1586 		bcopy(sdev->product, inq->product, sizeof(inq->product));
1587 		bcopy(sdev->revision + 2, inq->revision, sizeof(inq->revision));
1588 #endif
1589 		break;
1590 	}
1591 	/*
1592 	 * Force to enable/disable tagged queuing.
1593 	 * XXX CAM also checks SCP_QUEUE_DQUE flag in the control mode page.
1594 	 */
1595 	if (sbp_tags > 0)
1596 		inq->flags |= SID_CmdQue;
1597 	else if (sbp_tags < 0)
1598 		inq->flags &= ~SID_CmdQue;
1599 
1600 }
1601 
1602 static void
1603 sbp_recv1(struct fw_xfer *xfer)
1604 {
1605 	struct fw_pkt *rfp;
1606 #if NEED_RESPONSE
1607 	struct fw_pkt *sfp;
1608 #endif
1609 	struct sbp_softc *sbp;
1610 	struct sbp_dev *sdev;
1611 	struct sbp_ocb *ocb;
1612 	struct sbp_login_res *login_res = NULL;
1613 	struct sbp_status *sbp_status;
1614 	struct sbp_target *target;
1615 	int	orb_fun, status_valid0, status_valid, t, l, reset_agent = 0;
1616 	uint32_t addr;
1617 /*
1618 	uint32_t *ld;
1619 	ld = xfer->recv.buf;
1620 printf("sbp %x %d %d %08x %08x %08x %08x\n",
1621 			xfer->resp, xfer->recv.len, xfer->recv.off, ntohl(ld[0]), ntohl(ld[1]), ntohl(ld[2]), ntohl(ld[3]));
1622 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[4]), ntohl(ld[5]), ntohl(ld[6]), ntohl(ld[7]));
1623 printf("sbp %08x %08x %08x %08x\n", ntohl(ld[8]), ntohl(ld[9]), ntohl(ld[10]), ntohl(ld[11]));
1624 */
1625 	sbp = (struct sbp_softc *)xfer->sc;
1626 	SBP_LOCK_ASSERT(sbp);
1627 	if (xfer->resp != 0) {
1628 		printf("sbp_recv: xfer->resp = %d\n", xfer->resp);
1629 		goto done0;
1630 	}
1631 	if (xfer->recv.payload == NULL) {
1632 		printf("sbp_recv: xfer->recv.payload == NULL\n");
1633 		goto done0;
1634 	}
1635 	rfp = &xfer->recv.hdr;
1636 	if (rfp->mode.wreqb.tcode != FWTCODE_WREQB) {
1637 		printf("sbp_recv: tcode = %d\n", rfp->mode.wreqb.tcode);
1638 		goto done0;
1639 	}
1640 	sbp_status = (struct sbp_status *)xfer->recv.payload;
1641 	addr = rfp->mode.wreqb.dest_lo;
1642 SBP_DEBUG(2)
1643 	printf("received address 0x%x\n", addr);
1644 END_DEBUG
1645 	t = SBP_ADDR2TRG(addr);
1646 	if (t >= SBP_NUM_TARGETS) {
1647 		device_printf(sbp->fd.dev,
1648 			"sbp_recv1: invalid target %d\n", t);
1649 		goto done0;
1650 	}
1651 	target = &sbp->targets[t];
1652 	l = SBP_ADDR2LUN(addr);
1653 	if (l >= target->num_lun || target->luns[l] == NULL) {
1654 		device_printf(sbp->fd.dev,
1655 			"sbp_recv1: invalid lun %d (target=%d)\n", l, t);
1656 		goto done0;
1657 	}
1658 	sdev = target->luns[l];
1659 
1660 	ocb = NULL;
1661 	switch (sbp_status->src) {
1662 	case 0:
1663 	case 1:
1664 		/* check mgm_ocb_cur first */
1665 		ocb  = target->mgm_ocb_cur;
1666 		if (ocb != NULL) {
1667 			if (OCB_MATCH(ocb, sbp_status)) {
1668 				callout_stop(&target->mgm_ocb_timeout);
1669 				target->mgm_ocb_cur = NULL;
1670 				break;
1671 			}
1672 		}
1673 		ocb = sbp_dequeue_ocb(sdev, sbp_status);
1674 		if (ocb == NULL) {
1675 			device_printf(sdev->target->sbp->fd.dev,
1676 				"%s:%s No ocb(%x) on the queue\n",
1677 				__func__,sdev->bustgtlun,
1678 				ntohl(sbp_status->orb_lo));
1679 		}
1680 		break;
1681 	case 2:
1682 		/* unsolicit */
1683 		device_printf(sdev->target->sbp->fd.dev,
1684 			"%s:%s unsolicit status received\n",
1685 			__func__, sdev->bustgtlun);
1686 		break;
1687 	default:
1688 		device_printf(sdev->target->sbp->fd.dev,
1689 			"%s:%s unknown sbp_status->src\n",
1690 			__func__, sdev->bustgtlun);
1691 	}
1692 
1693 	status_valid0 = (sbp_status->src < 2
1694 			&& sbp_status->resp == ORB_RES_CMPL
1695 			&& sbp_status->dead == 0);
1696 	status_valid = (status_valid0 && sbp_status->status == 0);
1697 
1698 	if (!status_valid0 || debug > 2) {
1699 		int status;
1700 SBP_DEBUG(0)
1701 		device_printf(sdev->target->sbp->fd.dev,
1702 			"%s:%s ORB status src:%x resp:%x dead:%x"
1703 				" len:%x stat:%x orb:%x%08x\n",
1704 			__func__, sdev->bustgtlun,
1705 			sbp_status->src, sbp_status->resp, sbp_status->dead,
1706 			sbp_status->len, sbp_status->status,
1707 			ntohs(sbp_status->orb_hi), ntohl(sbp_status->orb_lo));
1708 END_DEBUG
1709 		device_printf(sdev->target->sbp->fd.dev,
1710 				"%s\n", sdev->bustgtlun);
1711 		status = sbp_status->status;
1712 		switch (sbp_status->resp) {
1713 		case 0:
1714 			if (status > MAX_ORB_STATUS0)
1715 				printf("%s\n", orb_status0[MAX_ORB_STATUS0]);
1716 			else
1717 				printf("%s\n", orb_status0[status]);
1718 			break;
1719 		case 1:
1720 			printf("Obj: %s, Error: %s\n",
1721 				orb_status1_object[(status >> 6) & 3],
1722 				orb_status1_serial_bus_error[status & 0xf]);
1723 			break;
1724 		case 2:
1725 			printf("Illegal request\n");
1726 			break;
1727 		case 3:
1728 			printf("Vendor dependent\n");
1729 			break;
1730 		default:
1731 			printf("unknown respose code %d\n", sbp_status->resp);
1732 		}
1733 	}
1734 
1735 	/* we have to reset the fetch agent if it's dead */
1736 	if (sbp_status->dead) {
1737 		if (sdev->path) {
1738 			xpt_freeze_devq(sdev->path, 1);
1739 			sdev->freeze++;
1740 		}
1741 		reset_agent = 1;
1742 	}
1743 
1744 	if (ocb == NULL)
1745 		goto done;
1746 
1747 	switch (ntohl(ocb->orb[4]) & ORB_FMT_MSK) {
1748 	case ORB_FMT_NOP:
1749 		break;
1750 	case ORB_FMT_VED:
1751 		break;
1752 	case ORB_FMT_STD:
1753 		switch (ocb->flags) {
1754 		case OCB_ACT_MGM:
1755 			orb_fun = ntohl(ocb->orb[4]) & ORB_FUN_MSK;
1756 			reset_agent = 0;
1757 			switch (orb_fun) {
1758 			case ORB_FUN_LGI:
1759 				fwdma_sync(&sdev->dma, BUS_DMASYNC_POSTREAD);
1760 				login_res = sdev->login;
1761 				login_res->len = ntohs(login_res->len);
1762 				login_res->id = ntohs(login_res->id);
1763 				login_res->cmd_hi = ntohs(login_res->cmd_hi);
1764 				login_res->cmd_lo = ntohl(login_res->cmd_lo);
1765 				if (status_valid) {
1766 SBP_DEBUG(0)
1767 					device_printf(sdev->target->sbp->fd.dev,
1768 						"%s:%s login: len %d, ID %d, cmd %08x%08x, recon_hold %d\n",
1769 						__func__, sdev->bustgtlun,
1770 						login_res->len, login_res->id,
1771 						login_res->cmd_hi, login_res->cmd_lo,
1772 						ntohs(login_res->recon_hold));
1773 END_DEBUG
1774 					sbp_busy_timeout(sdev);
1775 				} else {
1776 					/* forgot logout? */
1777 					device_printf(sdev->target->sbp->fd.dev,
1778 						"%s:%s login failed\n",
1779 						__func__, sdev->bustgtlun);
1780 					sdev->status = SBP_DEV_RESET;
1781 				}
1782 				break;
1783 			case ORB_FUN_RCN:
1784 				login_res = sdev->login;
1785 				if (status_valid) {
1786 SBP_DEBUG(0)
1787 					device_printf(sdev->target->sbp->fd.dev,
1788 						"%s:%s reconnect: len %d, ID %d, cmd %08x%08x\n",
1789 						__func__, sdev->bustgtlun,
1790 						login_res->len, login_res->id,
1791 						login_res->cmd_hi, login_res->cmd_lo);
1792 END_DEBUG
1793 					if (sdev->status == SBP_DEV_ATTACHED)
1794 						sbp_scan_dev(sdev);
1795 					else
1796 						sbp_agent_reset(sdev);
1797 				} else {
1798 					/* reconnection hold time exceed? */
1799 SBP_DEBUG(0)
1800 					device_printf(sdev->target->sbp->fd.dev,
1801 						"%s:%s reconnect failed\n",
1802 						__func__, sdev->bustgtlun);
1803 END_DEBUG
1804 					sbp_login(sdev);
1805 				}
1806 				break;
1807 			case ORB_FUN_LGO:
1808 				sdev->status = SBP_DEV_RESET;
1809 				break;
1810 			case ORB_FUN_RST:
1811 				sbp_busy_timeout(sdev);
1812 				break;
1813 			case ORB_FUN_LUR:
1814 			case ORB_FUN_ATA:
1815 			case ORB_FUN_ATS:
1816 				sbp_agent_reset(sdev);
1817 				break;
1818 			default:
1819 				device_printf(sdev->target->sbp->fd.dev,
1820 					"%s:%s unknown function %d\n",
1821 					__func__, sdev->bustgtlun, orb_fun);
1822 				break;
1823 			}
1824 			sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
1825 			break;
1826 		case OCB_ACT_CMD:
1827 			sdev->timeout = 0;
1828 			if (ocb->ccb != NULL) {
1829 				union ccb *ccb;
1830 
1831 				ccb = ocb->ccb;
1832 				if (sbp_status->len > 1) {
1833 					sbp_scsi_status(sbp_status, ocb);
1834 				} else {
1835 					if (sbp_status->resp != ORB_RES_CMPL) {
1836 						ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1837 					} else {
1838 						ccb->ccb_h.status = CAM_REQ_CMP;
1839 					}
1840 				}
1841 				/* fix up inq data */
1842 				if (ccb->csio.cdb_io.cdb_bytes[0] == INQUIRY)
1843 					sbp_fix_inq_data(ocb);
1844 				xpt_done(ccb);
1845 			}
1846 			break;
1847 		default:
1848 			break;
1849 		}
1850 	}
1851 
1852 	if (!use_doorbell)
1853 		sbp_free_ocb(sdev, ocb);
1854 done:
1855 	if (reset_agent)
1856 		sbp_agent_reset(sdev);
1857 
1858 done0:
1859 	xfer->recv.pay_len = SBP_RECV_LEN;
1860 /* The received packet is usually small enough to be stored within
1861  * the buffer. In that case, the controller return ack_complete and
1862  * no respose is necessary.
1863  *
1864  * XXX fwohci.c and firewire.c should inform event_code such as
1865  * ack_complete or ack_pending to upper driver.
1866  */
1867 #if NEED_RESPONSE
1868 	xfer->send.off = 0;
1869 	sfp = (struct fw_pkt *)xfer->send.buf;
1870 	sfp->mode.wres.dst = rfp->mode.wreqb.src;
1871 	xfer->dst = sfp->mode.wres.dst;
1872 	xfer->spd = min(sdev->target->fwdev->speed, max_speed);
1873 	xfer->hand = sbp_loginres_callback;
1874 
1875 	sfp->mode.wres.tlrt = rfp->mode.wreqb.tlrt;
1876 	sfp->mode.wres.tcode = FWTCODE_WRES;
1877 	sfp->mode.wres.rtcode = 0;
1878 	sfp->mode.wres.pri = 0;
1879 
1880 	fw_asyreq(xfer->fc, -1, xfer);
1881 #else
1882 	/* recycle */
1883 	STAILQ_INSERT_TAIL(&sbp->fwb.xferlist, xfer, link);
1884 #endif
1885 }
1886 
1887 static void
1888 sbp_recv(struct fw_xfer *xfer)
1889 {
1890 	struct sbp_softc *sbp;
1891 
1892 	sbp = (struct sbp_softc *)xfer->sc;
1893 	SBP_LOCK(sbp);
1894 	sbp_recv1(xfer);
1895 	SBP_UNLOCK(sbp);
1896 }
1897 /*
1898  * sbp_attach()
1899  */
1900 static int
1901 sbp_attach(device_t dev)
1902 {
1903 	struct sbp_softc *sbp;
1904 	struct cam_devq *devq;
1905 	struct firewire_comm *fc;
1906 	int i, error;
1907 
1908 	if (DFLTPHYS > SBP_MAXPHYS)
1909 		device_printf(dev, "Warning, DFLTPHYS(%dKB) is larger than "
1910 			"SBP_MAXPHYS(%dKB).\n", DFLTPHYS / 1024,
1911 			SBP_MAXPHYS / 1024);
1912 
1913 	if (!firewire_phydma_enable)
1914 		device_printf(dev, "Warning, hw.firewire.phydma_enable must be 1 "
1915 			"for SBP over FireWire.\n");
1916 SBP_DEBUG(0)
1917 	printf("sbp_attach (cold=%d)\n", cold);
1918 END_DEBUG
1919 
1920 	if (cold)
1921 		sbp_cold++;
1922 	sbp = device_get_softc(dev);
1923 	sbp->fd.dev = dev;
1924 	sbp->fd.fc = fc = device_get_ivars(dev);
1925 	mtx_init(&sbp->mtx, "sbp", NULL, MTX_DEF);
1926 
1927 	if (max_speed < 0)
1928 		max_speed = fc->speed;
1929 
1930 	error = bus_dma_tag_create(/*parent*/fc->dmat,
1931 				/* XXX shoud be 4 for sane backend? */
1932 				/*alignment*/1,
1933 				/*boundary*/0,
1934 				/*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
1935 				/*highaddr*/BUS_SPACE_MAXADDR,
1936 				/*filter*/NULL, /*filterarg*/NULL,
1937 				/*maxsize*/0x100000, /*nsegments*/SBP_IND_MAX,
1938 				/*maxsegsz*/SBP_SEG_MAX,
1939 				/*flags*/BUS_DMA_ALLOCNOW,
1940 				/*lockfunc*/busdma_lock_mutex,
1941 				/*lockarg*/&sbp->mtx,
1942 				&sbp->dmat);
1943 	if (error != 0) {
1944 		printf("sbp_attach: Could not allocate DMA tag "
1945 			"- error %d\n", error);
1946 			return (ENOMEM);
1947 	}
1948 
1949 	devq = cam_simq_alloc(/*maxopenings*/SBP_NUM_OCB);
1950 	if (devq == NULL)
1951 		return (ENXIO);
1952 
1953 	for (i = 0; i < SBP_NUM_TARGETS; i++) {
1954 		sbp->targets[i].fwdev = NULL;
1955 		sbp->targets[i].luns = NULL;
1956 		sbp->targets[i].sbp = sbp;
1957 	}
1958 
1959 	sbp->sim = cam_sim_alloc(sbp_action, sbp_poll, "sbp", sbp,
1960 				 device_get_unit(dev),
1961 				 &sbp->mtx,
1962 				 /*untagged*/ 1,
1963 				 /*tagged*/ SBP_QUEUE_LEN - 1,
1964 				 devq);
1965 
1966 	if (sbp->sim == NULL) {
1967 		cam_simq_free(devq);
1968 		return (ENXIO);
1969 	}
1970 
1971 	SBP_LOCK(sbp);
1972 	if (xpt_bus_register(sbp->sim, dev, /*bus*/0) != CAM_SUCCESS)
1973 		goto fail;
1974 
1975 	if (xpt_create_path(&sbp->path, NULL, cam_sim_path(sbp->sim),
1976 	    CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
1977 		xpt_bus_deregister(cam_sim_path(sbp->sim));
1978 		goto fail;
1979 	}
1980 	SBP_UNLOCK(sbp);
1981 
1982 	/* We reserve 16 bit space (4 bytes X 64 targets X 256 luns) */
1983 	sbp->fwb.start = ((u_int64_t)SBP_BIND_HI << 32) | SBP_DEV2ADDR(0, 0);
1984 	sbp->fwb.end = sbp->fwb.start + 0xffff;
1985 	/* pre-allocate xfer */
1986 	STAILQ_INIT(&sbp->fwb.xferlist);
1987 	fw_xferlist_add(&sbp->fwb.xferlist, M_SBP,
1988 	    /*send*/ 0, /*recv*/ SBP_RECV_LEN, SBP_NUM_OCB/2,
1989 	    fc, (void *)sbp, sbp_recv);
1990 
1991 	fw_bindadd(fc, &sbp->fwb);
1992 
1993 	sbp->fd.post_busreset = sbp_post_busreset;
1994 	sbp->fd.post_explore = sbp_post_explore;
1995 
1996 	if (fc->status != -1) {
1997 		sbp_post_busreset(sbp);
1998 		sbp_post_explore(sbp);
1999 	}
2000 	SBP_LOCK(sbp);
2001 	xpt_async(AC_BUS_RESET, sbp->path, /*arg*/ NULL);
2002 	SBP_UNLOCK(sbp);
2003 
2004 	return (0);
2005 fail:
2006 	SBP_UNLOCK(sbp);
2007 	cam_sim_free(sbp->sim, /*free_devq*/TRUE);
2008 	return (ENXIO);
2009 }
2010 
2011 static int
2012 sbp_logout_all(struct sbp_softc *sbp)
2013 {
2014 	struct sbp_target *target;
2015 	struct sbp_dev *sdev;
2016 	int i, j;
2017 
2018 SBP_DEBUG(0)
2019 	printf("sbp_logout_all\n");
2020 END_DEBUG
2021 	SBP_LOCK_ASSERT(sbp);
2022 	for (i = 0; i < SBP_NUM_TARGETS; i++) {
2023 		target = &sbp->targets[i];
2024 		if (target->luns == NULL)
2025 			continue;
2026 		for (j = 0; j < target->num_lun; j++) {
2027 			sdev = target->luns[j];
2028 			if (sdev == NULL)
2029 				continue;
2030 			callout_stop(&sdev->login_callout);
2031 			if (sdev->status >= SBP_DEV_TOATTACH &&
2032 					sdev->status <= SBP_DEV_ATTACHED)
2033 				sbp_mgm_orb(sdev, ORB_FUN_LGO, NULL);
2034 		}
2035 	}
2036 
2037 	return 0;
2038 }
2039 
2040 static int
2041 sbp_shutdown(device_t dev)
2042 {
2043 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2044 
2045 	SBP_LOCK(sbp);
2046 	sbp_logout_all(sbp);
2047 	SBP_UNLOCK(sbp);
2048 	return (0);
2049 }
2050 
2051 static void
2052 sbp_free_sdev(struct sbp_dev *sdev)
2053 {
2054 	struct sbp_softc *sbp;
2055 	int i;
2056 
2057 	if (sdev == NULL)
2058 		return;
2059 	sbp = sdev->target->sbp;
2060 	SBP_UNLOCK(sbp);
2061 	callout_drain(&sdev->login_callout);
2062 	for (i = 0; i < SBP_QUEUE_LEN; i++) {
2063 		callout_drain(&sdev->ocb[i].timer);
2064 		bus_dmamap_destroy(sbp->dmat, sdev->ocb[i].dmamap);
2065 	}
2066 	fwdma_free(sbp->fd.fc, &sdev->dma);
2067 	free(sdev, M_SBP);
2068 	SBP_LOCK(sbp);
2069 }
2070 
2071 static void
2072 sbp_free_target(struct sbp_target *target)
2073 {
2074 	struct sbp_softc *sbp;
2075 	struct fw_xfer *xfer, *next;
2076 	int i;
2077 
2078 	if (target->luns == NULL)
2079 		return;
2080 	sbp = target->sbp;
2081 	SBP_LOCK_ASSERT(sbp);
2082 	SBP_UNLOCK(sbp);
2083 	callout_drain(&target->mgm_ocb_timeout);
2084 	callout_drain(&target->scan_callout);
2085 	SBP_LOCK(sbp);
2086 	for (i = 0; i < target->num_lun; i++)
2087 		sbp_free_sdev(target->luns[i]);
2088 
2089 	STAILQ_FOREACH_SAFE(xfer, &target->xferlist, link, next) {
2090 		fw_xfer_free_buf(xfer);
2091 	}
2092 	STAILQ_INIT(&target->xferlist);
2093 	free(target->luns, M_SBP);
2094 	target->num_lun = 0;
2095 	target->luns = NULL;
2096 	target->fwdev = NULL;
2097 }
2098 
2099 static int
2100 sbp_detach(device_t dev)
2101 {
2102 	struct sbp_softc *sbp = ((struct sbp_softc *)device_get_softc(dev));
2103 	struct firewire_comm *fc = sbp->fd.fc;
2104 	int i;
2105 
2106 SBP_DEBUG(0)
2107 	printf("sbp_detach\n");
2108 END_DEBUG
2109 
2110 	SBP_LOCK(sbp);
2111 	for (i = 0; i < SBP_NUM_TARGETS; i++)
2112 		sbp_cam_detach_target(&sbp->targets[i]);
2113 
2114 	xpt_async(AC_LOST_DEVICE, sbp->path, NULL);
2115 	xpt_free_path(sbp->path);
2116 	xpt_bus_deregister(cam_sim_path(sbp->sim));
2117 	cam_sim_free(sbp->sim, /*free_devq*/ TRUE);
2118 
2119 	sbp_logout_all(sbp);
2120 	SBP_UNLOCK(sbp);
2121 
2122 	/* XXX wait for logout completion */
2123 	pause("sbpdtc", hz/2);
2124 
2125 	SBP_LOCK(sbp);
2126 	for (i = 0; i < SBP_NUM_TARGETS; i++)
2127 		sbp_free_target(&sbp->targets[i]);
2128 	SBP_UNLOCK(sbp);
2129 
2130 	fw_bindremove(fc, &sbp->fwb);
2131 	fw_xferlist_remove(&sbp->fwb.xferlist);
2132 
2133 	bus_dma_tag_destroy(sbp->dmat);
2134 	mtx_destroy(&sbp->mtx);
2135 
2136 	return (0);
2137 }
2138 
2139 static void
2140 sbp_cam_detach_sdev(struct sbp_dev *sdev)
2141 {
2142 	if (sdev == NULL)
2143 		return;
2144 	if (sdev->status == SBP_DEV_DEAD)
2145 		return;
2146 	if (sdev->status == SBP_DEV_RESET)
2147 		return;
2148 	SBP_LOCK_ASSERT(sdev->target->sbp);
2149 	sbp_abort_all_ocbs(sdev, CAM_DEV_NOT_THERE);
2150 	if (sdev->path) {
2151 		xpt_release_devq(sdev->path,
2152 				 sdev->freeze, TRUE);
2153 		sdev->freeze = 0;
2154 		xpt_async(AC_LOST_DEVICE, sdev->path, NULL);
2155 		xpt_free_path(sdev->path);
2156 		sdev->path = NULL;
2157 	}
2158 }
2159 
2160 static void
2161 sbp_cam_detach_target(struct sbp_target *target)
2162 {
2163 	int i;
2164 
2165 	SBP_LOCK_ASSERT(target->sbp);
2166 	if (target->luns != NULL) {
2167 SBP_DEBUG(0)
2168 		printf("sbp_detach_target %d\n", target->target_id);
2169 END_DEBUG
2170 		callout_stop(&target->scan_callout);
2171 		for (i = 0; i < target->num_lun; i++)
2172 			sbp_cam_detach_sdev(target->luns[i]);
2173 	}
2174 }
2175 
2176 static void
2177 sbp_target_reset(struct sbp_dev *sdev, int method)
2178 {
2179 	int i;
2180 	struct sbp_target *target = sdev->target;
2181 	struct sbp_dev *tsdev;
2182 
2183 	SBP_LOCK_ASSERT(target->sbp);
2184 	for (i = 0; i < target->num_lun; i++) {
2185 		tsdev = target->luns[i];
2186 		if (tsdev == NULL)
2187 			continue;
2188 		if (tsdev->status == SBP_DEV_DEAD)
2189 			continue;
2190 		if (tsdev->status == SBP_DEV_RESET)
2191 			continue;
2192 		xpt_freeze_devq(tsdev->path, 1);
2193 		tsdev->freeze++;
2194 		sbp_abort_all_ocbs(tsdev, CAM_CMD_TIMEOUT);
2195 		if (method == 2)
2196 			tsdev->status = SBP_DEV_LOGIN;
2197 	}
2198 	switch (method) {
2199 	case 1:
2200 		printf("target reset\n");
2201 		sbp_mgm_orb(sdev, ORB_FUN_RST, NULL);
2202 		break;
2203 	case 2:
2204 		printf("reset start\n");
2205 		sbp_reset_start(sdev);
2206 		break;
2207 	}
2208 
2209 }
2210 
2211 static void
2212 sbp_mgm_timeout(void *arg)
2213 {
2214 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2215 	struct sbp_dev *sdev = ocb->sdev;
2216 	struct sbp_target *target = sdev->target;
2217 
2218 	SBP_LOCK_ASSERT(target->sbp);
2219 	device_printf(sdev->target->sbp->fd.dev,
2220 		"%s:%s request timeout(mgm orb:0x%08x)\n",
2221 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2222 	target->mgm_ocb_cur = NULL;
2223 	sbp_free_ocb(sdev, ocb);
2224 #if 0
2225 	/* XXX */
2226 	printf("run next request\n");
2227 	sbp_mgm_orb(sdev, ORB_FUN_RUNQUEUE, NULL);
2228 #endif
2229 	device_printf(sdev->target->sbp->fd.dev,
2230 		"%s:%s reset start\n",
2231 		__func__, sdev->bustgtlun);
2232 	sbp_reset_start(sdev);
2233 }
2234 
2235 static void
2236 sbp_timeout(void *arg)
2237 {
2238 	struct sbp_ocb *ocb = (struct sbp_ocb *)arg;
2239 	struct sbp_dev *sdev = ocb->sdev;
2240 
2241 	device_printf(sdev->target->sbp->fd.dev,
2242 		"%s:%s request timeout(cmd orb:0x%08x) ... ",
2243 		__func__, sdev->bustgtlun, (uint32_t)ocb->bus_addr);
2244 
2245 	SBP_LOCK_ASSERT(sdev->target->sbp);
2246 	sdev->timeout++;
2247 	switch (sdev->timeout) {
2248 	case 1:
2249 		printf("agent reset\n");
2250 		xpt_freeze_devq(sdev->path, 1);
2251 		sdev->freeze++;
2252 		sbp_abort_all_ocbs(sdev, CAM_CMD_TIMEOUT);
2253 		sbp_agent_reset(sdev);
2254 		break;
2255 	case 2:
2256 	case 3:
2257 		sbp_target_reset(sdev, sdev->timeout - 1);
2258 		break;
2259 #if 0
2260 	default:
2261 		/* XXX give up */
2262 		sbp_cam_detach_target(target);
2263 		if (target->luns != NULL)
2264 			free(target->luns, M_SBP);
2265 		target->num_lun = 0;
2266 		target->luns = NULL;
2267 		target->fwdev = NULL;
2268 #endif
2269 	}
2270 }
2271 
2272 static void
2273 sbp_action(struct cam_sim *sim, union ccb *ccb)
2274 {
2275 
2276 	struct sbp_softc *sbp = cam_sim_softc(sim);
2277 	struct sbp_target *target = NULL;
2278 	struct sbp_dev *sdev = NULL;
2279 
2280 	if (sbp != NULL)
2281 		SBP_LOCK_ASSERT(sbp);
2282 	/* target:lun -> sdev mapping */
2283 	if (sbp != NULL
2284 			&& ccb->ccb_h.target_id != CAM_TARGET_WILDCARD
2285 			&& ccb->ccb_h.target_id < SBP_NUM_TARGETS) {
2286 		target = &sbp->targets[ccb->ccb_h.target_id];
2287 		if (target->fwdev != NULL
2288 				&& ccb->ccb_h.target_lun != CAM_LUN_WILDCARD
2289 				&& ccb->ccb_h.target_lun < target->num_lun) {
2290 			sdev = target->luns[ccb->ccb_h.target_lun];
2291 			if (sdev != NULL && sdev->status != SBP_DEV_ATTACHED &&
2292 				sdev->status != SBP_DEV_PROBE)
2293 				sdev = NULL;
2294 		}
2295 	}
2296 
2297 SBP_DEBUG(1)
2298 	if (sdev == NULL)
2299 		printf("invalid target %d lun %jx\n",
2300 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2301 END_DEBUG
2302 
2303 	switch (ccb->ccb_h.func_code) {
2304 	case XPT_SCSI_IO:
2305 	case XPT_RESET_DEV:
2306 	case XPT_GET_TRAN_SETTINGS:
2307 	case XPT_SET_TRAN_SETTINGS:
2308 	case XPT_CALC_GEOMETRY:
2309 		if (sdev == NULL) {
2310 SBP_DEBUG(1)
2311 			printf("%s:%d:%jx:func_code 0x%04x: "
2312 				"Invalid target (target needed)\n",
2313 				device_get_nameunit(sbp->fd.dev),
2314 				ccb->ccb_h.target_id,
2315 				(uintmax_t)ccb->ccb_h.target_lun,
2316 				ccb->ccb_h.func_code);
2317 END_DEBUG
2318 
2319 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2320 			xpt_done(ccb);
2321 			return;
2322 		}
2323 		break;
2324 	case XPT_PATH_INQ:
2325 	case XPT_NOOP:
2326 		/* The opcodes sometimes aimed at a target (sc is valid),
2327 		 * sometimes aimed at the SIM (sc is invalid and target is
2328 		 * CAM_TARGET_WILDCARD)
2329 		 */
2330 		if (sbp == NULL &&
2331 			ccb->ccb_h.target_id != CAM_TARGET_WILDCARD) {
2332 SBP_DEBUG(0)
2333 			printf("%s:%d:%jx func_code 0x%04x: "
2334 				"Invalid target (no wildcard)\n",
2335 				device_get_nameunit(sbp->fd.dev),
2336 				ccb->ccb_h.target_id,
2337 				(uintmax_t)ccb->ccb_h.target_lun,
2338 				ccb->ccb_h.func_code);
2339 END_DEBUG
2340 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2341 			xpt_done(ccb);
2342 			return;
2343 		}
2344 		break;
2345 	default:
2346 		/* XXX Hm, we should check the input parameters */
2347 		break;
2348 	}
2349 
2350 	switch (ccb->ccb_h.func_code) {
2351 	case XPT_SCSI_IO:
2352 	{
2353 		struct ccb_scsiio *csio;
2354 		struct sbp_ocb *ocb;
2355 		int speed;
2356 		void *cdb;
2357 
2358 		csio = &ccb->csio;
2359 		mtx_assert(sim->mtx, MA_OWNED);
2360 
2361 SBP_DEBUG(2)
2362 		printf("%s:%d:%jx XPT_SCSI_IO: "
2363 			"cmd: %02x %02x %02x %02x %02x %02x %02x %02x %02x %02x"
2364 			", flags: 0x%02x, "
2365 			"%db cmd/%db data/%db sense\n",
2366 			device_get_nameunit(sbp->fd.dev),
2367 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun,
2368 			csio->cdb_io.cdb_bytes[0],
2369 			csio->cdb_io.cdb_bytes[1],
2370 			csio->cdb_io.cdb_bytes[2],
2371 			csio->cdb_io.cdb_bytes[3],
2372 			csio->cdb_io.cdb_bytes[4],
2373 			csio->cdb_io.cdb_bytes[5],
2374 			csio->cdb_io.cdb_bytes[6],
2375 			csio->cdb_io.cdb_bytes[7],
2376 			csio->cdb_io.cdb_bytes[8],
2377 			csio->cdb_io.cdb_bytes[9],
2378 			ccb->ccb_h.flags & CAM_DIR_MASK,
2379 			csio->cdb_len, csio->dxfer_len,
2380 			csio->sense_len);
2381 END_DEBUG
2382 		if (sdev == NULL) {
2383 			ccb->ccb_h.status = CAM_DEV_NOT_THERE;
2384 			xpt_done(ccb);
2385 			return;
2386 		}
2387 		if (csio->cdb_len > sizeof(ocb->orb) - 5 * sizeof(uint32_t)) {
2388 			ccb->ccb_h.status = CAM_REQ_INVALID;
2389 			xpt_done(ccb);
2390 			return;
2391 		}
2392 #if 0
2393 		/* if we are in probe stage, pass only probe commands */
2394 		if (sdev->status == SBP_DEV_PROBE) {
2395 			char *name;
2396 			name = xpt_path_periph(ccb->ccb_h.path)->periph_name;
2397 			printf("probe stage, periph name: %s\n", name);
2398 			if (strcmp(name, "probe") != 0) {
2399 				ccb->ccb_h.status = CAM_REQUEUE_REQ;
2400 				xpt_done(ccb);
2401 				return;
2402 			}
2403 		}
2404 #endif
2405 		if ((ocb = sbp_get_ocb(sdev)) == NULL) {
2406 			ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
2407 			if (sdev->freeze == 0) {
2408 				xpt_freeze_devq(sdev->path, 1);
2409 				sdev->freeze++;
2410 			}
2411 			xpt_done(ccb);
2412 			return;
2413 		}
2414 
2415 		ocb->flags = OCB_ACT_CMD;
2416 		ocb->sdev = sdev;
2417 		ocb->ccb = ccb;
2418 		ccb->ccb_h.ccb_sdev_ptr = sdev;
2419 		ocb->orb[0] = htonl(1U << 31);
2420 		ocb->orb[1] = 0;
2421 		ocb->orb[2] = htonl(((sbp->fd.fc->nodeid | FWLOCALBUS) << 16));
2422 		ocb->orb[3] = htonl(ocb->bus_addr + IND_PTR_OFFSET);
2423 		speed = min(target->fwdev->speed, max_speed);
2424 		ocb->orb[4] = htonl(ORB_NOTIFY | ORB_CMD_SPD(speed)
2425 						| ORB_CMD_MAXP(speed + 7));
2426 		if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_IN) {
2427 			ocb->orb[4] |= htonl(ORB_CMD_IN);
2428 		}
2429 
2430 		if (csio->ccb_h.flags & CAM_CDB_POINTER)
2431 			cdb = (void *)csio->cdb_io.cdb_ptr;
2432 		else
2433 			cdb = (void *)&csio->cdb_io.cdb_bytes;
2434 		bcopy(cdb, (void *)&ocb->orb[5], csio->cdb_len);
2435 /*
2436 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[0]), ntohl(ocb->orb[1]), ntohl(ocb->orb[2]), ntohl(ocb->orb[3]));
2437 printf("ORB %08x %08x %08x %08x\n", ntohl(ocb->orb[4]), ntohl(ocb->orb[5]), ntohl(ocb->orb[6]), ntohl(ocb->orb[7]));
2438 */
2439 		if (ccb->csio.dxfer_len > 0) {
2440 			int error;
2441 
2442 			error = bus_dmamap_load_ccb(/*dma tag*/sbp->dmat,
2443 					/*dma map*/ocb->dmamap,
2444 					ccb,
2445 					sbp_execute_ocb,
2446 					ocb,
2447 					/*flags*/0);
2448 			if (error)
2449 				printf("sbp: bus_dmamap_load error %d\n", error);
2450 		} else
2451 			sbp_execute_ocb(ocb, NULL, 0, 0);
2452 		break;
2453 	}
2454 	case XPT_CALC_GEOMETRY:
2455 	{
2456 		struct ccb_calc_geometry *ccg;
2457 
2458 		ccg = &ccb->ccg;
2459 		if (ccg->block_size == 0) {
2460 			printf("sbp_action: block_size is 0.\n");
2461 			ccb->ccb_h.status = CAM_REQ_INVALID;
2462 			xpt_done(ccb);
2463 			break;
2464 		}
2465 SBP_DEBUG(1)
2466 		printf("%s:%d:%d:%jx:XPT_CALC_GEOMETRY: "
2467 			"Volume size = %jd\n",
2468 			device_get_nameunit(sbp->fd.dev),
2469 			cam_sim_path(sbp->sim),
2470 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun,
2471 			(uintmax_t)ccg->volume_size);
2472 END_DEBUG
2473 
2474 		cam_calc_geometry(ccg, /*extended*/1);
2475 		xpt_done(ccb);
2476 		break;
2477 	}
2478 	case XPT_RESET_BUS:		/* Reset the specified SCSI bus */
2479 	{
2480 
2481 SBP_DEBUG(1)
2482 		printf("%s:%d:XPT_RESET_BUS: \n",
2483 			device_get_nameunit(sbp->fd.dev), cam_sim_path(sbp->sim));
2484 END_DEBUG
2485 
2486 		ccb->ccb_h.status = CAM_REQ_INVALID;
2487 		xpt_done(ccb);
2488 		break;
2489 	}
2490 	case XPT_PATH_INQ:		/* Path routing inquiry */
2491 	{
2492 		struct ccb_pathinq *cpi = &ccb->cpi;
2493 
2494 SBP_DEBUG(1)
2495 		printf("%s:%d:%jx XPT_PATH_INQ:.\n",
2496 			device_get_nameunit(sbp->fd.dev),
2497 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2498 END_DEBUG
2499 		cpi->version_num = 1; /* XXX??? */
2500 		cpi->hba_inquiry = PI_TAG_ABLE;
2501 		cpi->target_sprt = 0;
2502 		cpi->hba_misc = PIM_NOBUSRESET | PIM_NO_6_BYTE;
2503 		cpi->hba_eng_cnt = 0;
2504 		cpi->max_target = SBP_NUM_TARGETS - 1;
2505 		cpi->max_lun = SBP_NUM_LUNS - 1;
2506 		cpi->initiator_id = SBP_INITIATOR;
2507 		cpi->bus_id = sim->bus_id;
2508 		cpi->base_transfer_speed = 400 * 1000 / 8;
2509 		strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
2510 		strlcpy(cpi->hba_vid, "SBP", HBA_IDLEN);
2511 		strlcpy(cpi->dev_name, sim->sim_name, DEV_IDLEN);
2512 		cpi->unit_number = sim->unit_number;
2513 		cpi->transport = XPORT_SPI;	/* XX should have a FireWire */
2514 		cpi->transport_version = 2;
2515 		cpi->protocol = PROTO_SCSI;
2516 		cpi->protocol_version = SCSI_REV_2;
2517 
2518 		cpi->ccb_h.status = CAM_REQ_CMP;
2519 		xpt_done(ccb);
2520 		break;
2521 	}
2522 	case XPT_GET_TRAN_SETTINGS:
2523 	{
2524 		struct ccb_trans_settings *cts = &ccb->cts;
2525 		struct ccb_trans_settings_scsi *scsi =
2526 		    &cts->proto_specific.scsi;
2527 		struct ccb_trans_settings_spi *spi =
2528 		    &cts->xport_specific.spi;
2529 
2530 		cts->protocol = PROTO_SCSI;
2531 		cts->protocol_version = SCSI_REV_2;
2532 		cts->transport = XPORT_SPI;	/* should have a FireWire */
2533 		cts->transport_version = 2;
2534 		spi->valid = CTS_SPI_VALID_DISC;
2535 		spi->flags = CTS_SPI_FLAGS_DISC_ENB;
2536 		scsi->valid = CTS_SCSI_VALID_TQ;
2537 		scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
2538 SBP_DEBUG(1)
2539 		printf("%s:%d:%jx XPT_GET_TRAN_SETTINGS:.\n",
2540 			device_get_nameunit(sbp->fd.dev),
2541 			ccb->ccb_h.target_id, (uintmax_t)ccb->ccb_h.target_lun);
2542 END_DEBUG
2543 		cts->ccb_h.status = CAM_REQ_CMP;
2544 		xpt_done(ccb);
2545 		break;
2546 	}
2547 	case XPT_ABORT:
2548 		ccb->ccb_h.status = CAM_UA_ABORT;
2549 		xpt_done(ccb);
2550 		break;
2551 	case XPT_SET_TRAN_SETTINGS:
2552 		/* XXX */
2553 	default:
2554 		ccb->ccb_h.status = CAM_REQ_INVALID;
2555 		xpt_done(ccb);
2556 		break;
2557 	}
2558 	return;
2559 }
2560 
2561 static void
2562 sbp_execute_ocb(void *arg, bus_dma_segment_t *segments, int seg, int error)
2563 {
2564 	int i;
2565 	struct sbp_ocb *ocb;
2566 	struct sbp_ocb *prev;
2567 	bus_dma_segment_t *s;
2568 
2569 	if (error)
2570 		printf("sbp_execute_ocb: error=%d\n", error);
2571 
2572 	ocb = (struct sbp_ocb *)arg;
2573 
2574 SBP_DEBUG(2)
2575 	printf("sbp_execute_ocb: seg %d", seg);
2576 	for (i = 0; i < seg; i++)
2577 		printf(", %jx:%jd", (uintmax_t)segments[i].ds_addr,
2578 					(uintmax_t)segments[i].ds_len);
2579 	printf("\n");
2580 END_DEBUG
2581 
2582 	if (seg == 1) {
2583 		/* direct pointer */
2584 		s = &segments[0];
2585 		if (s->ds_len > SBP_SEG_MAX)
2586 			panic("ds_len > SBP_SEG_MAX, fix busdma code");
2587 		ocb->orb[3] = htonl(s->ds_addr);
2588 		ocb->orb[4] |= htonl(s->ds_len);
2589 	} else if (seg > 1) {
2590 		/* page table */
2591 		for (i = 0; i < seg; i++) {
2592 			s = &segments[i];
2593 SBP_DEBUG(0)
2594 			/* XXX LSI Logic "< 16 byte" bug might be hit */
2595 			if (s->ds_len < 16)
2596 				printf("sbp_execute_ocb: warning, "
2597 					"segment length(%zd) is less than 16."
2598 					"(seg=%d/%d)\n", (size_t)s->ds_len, i + 1, seg);
2599 END_DEBUG
2600 			if (s->ds_len > SBP_SEG_MAX)
2601 				panic("ds_len > SBP_SEG_MAX, fix busdma code");
2602 			ocb->ind_ptr[i].hi = htonl(s->ds_len << 16);
2603 			ocb->ind_ptr[i].lo = htonl(s->ds_addr);
2604 		}
2605 		ocb->orb[4] |= htonl(ORB_CMD_PTBL | seg);
2606 	}
2607 
2608 	if (seg > 0)
2609 		bus_dmamap_sync(ocb->sdev->target->sbp->dmat, ocb->dmamap,
2610 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2611 			BUS_DMASYNC_PREREAD : BUS_DMASYNC_PREWRITE);
2612 	prev = sbp_enqueue_ocb(ocb->sdev, ocb);
2613 	fwdma_sync(&ocb->sdev->dma, BUS_DMASYNC_PREWRITE);
2614 	if (use_doorbell) {
2615 		if (prev == NULL) {
2616 			if (ocb->sdev->last_ocb != NULL)
2617 				sbp_doorbell(ocb->sdev);
2618 			else
2619 				sbp_orb_pointer(ocb->sdev, ocb);
2620 		}
2621 	} else {
2622 		if (prev == NULL || (ocb->sdev->flags & ORB_LINK_DEAD) != 0) {
2623 			ocb->sdev->flags &= ~ORB_LINK_DEAD;
2624 			sbp_orb_pointer(ocb->sdev, ocb);
2625 		}
2626 	}
2627 }
2628 
2629 static void
2630 sbp_poll(struct cam_sim *sim)
2631 {
2632 	struct sbp_softc *sbp;
2633 	struct firewire_comm *fc;
2634 
2635 	sbp = cam_sim_softc(sim);
2636 	fc = sbp->fd.fc;
2637 
2638 	fc->poll(fc, 0, -1);
2639 
2640 	return;
2641 }
2642 
2643 static struct sbp_ocb *
2644 sbp_dequeue_ocb(struct sbp_dev *sdev, struct sbp_status *sbp_status)
2645 {
2646 	struct sbp_ocb *ocb;
2647 	struct sbp_ocb *next;
2648 	int order = 0;
2649 
2650 SBP_DEBUG(1)
2651 	device_printf(sdev->target->sbp->fd.dev,
2652 	"%s:%s 0x%08x src %d\n",
2653 	    __func__, sdev->bustgtlun, ntohl(sbp_status->orb_lo), sbp_status->src);
2654 END_DEBUG
2655 	SBP_LOCK_ASSERT(sdev->target->sbp);
2656 	STAILQ_FOREACH_SAFE(ocb, &sdev->ocbs, ocb, next) {
2657 		if (OCB_MATCH(ocb, sbp_status)) {
2658 			/* found */
2659 			STAILQ_REMOVE(&sdev->ocbs, ocb, sbp_ocb, ocb);
2660 			if (ocb->ccb != NULL)
2661 				callout_stop(&ocb->timer);
2662 			if (ntohl(ocb->orb[4]) & 0xffff) {
2663 				bus_dmamap_sync(sdev->target->sbp->dmat,
2664 					ocb->dmamap,
2665 					(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2666 					BUS_DMASYNC_POSTREAD :
2667 					BUS_DMASYNC_POSTWRITE);
2668 				bus_dmamap_unload(sdev->target->sbp->dmat,
2669 					ocb->dmamap);
2670 			}
2671 			if (!use_doorbell) {
2672 				if (sbp_status->src == SRC_NO_NEXT) {
2673 					if (next != NULL)
2674 						sbp_orb_pointer(sdev, next);
2675 					else if (order > 0) {
2676 						/*
2677 						 * Unordered execution
2678 						 * We need to send pointer for
2679 						 * next ORB
2680 						 */
2681 						sdev->flags |= ORB_LINK_DEAD;
2682 					}
2683 				}
2684 			} else {
2685 				/*
2686 				 * XXX this is not correct for unordered
2687 				 * execution.
2688 				 */
2689 				if (sdev->last_ocb != NULL) {
2690 					sbp_free_ocb(sdev, sdev->last_ocb);
2691 				}
2692 				sdev->last_ocb = ocb;
2693 				if (next != NULL &&
2694 				    sbp_status->src == SRC_NO_NEXT)
2695 					sbp_doorbell(sdev);
2696 			}
2697 			break;
2698 		} else
2699 			order++;
2700 	}
2701 SBP_DEBUG(0)
2702 	if (ocb && order > 0) {
2703 		device_printf(sdev->target->sbp->fd.dev,
2704 			"%s:%s unordered execution order:%d\n",
2705 			__func__, sdev->bustgtlun, order);
2706 	}
2707 END_DEBUG
2708 	return (ocb);
2709 }
2710 
2711 static struct sbp_ocb *
2712 sbp_enqueue_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2713 {
2714 	struct sbp_ocb *prev, *prev2;
2715 
2716 	SBP_LOCK_ASSERT(sdev->target->sbp);
2717 SBP_DEBUG(1)
2718 	device_printf(sdev->target->sbp->fd.dev,
2719 	"%s:%s 0x%08jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2720 END_DEBUG
2721 	prev2 = prev = STAILQ_LAST(&sdev->ocbs, sbp_ocb, ocb);
2722 	STAILQ_INSERT_TAIL(&sdev->ocbs, ocb, ocb);
2723 
2724 	if (ocb->ccb != NULL) {
2725 		callout_reset_sbt(&ocb->timer,
2726 		    SBT_1MS * ocb->ccb->ccb_h.timeout, 0, sbp_timeout,
2727 		    ocb, 0);
2728 	}
2729 
2730 	if (use_doorbell && prev == NULL)
2731 		prev2 = sdev->last_ocb;
2732 
2733 	if (prev2 != NULL && (ocb->sdev->flags & ORB_LINK_DEAD) == 0) {
2734 SBP_DEBUG(1)
2735 		printf("linking chain 0x%jx -> 0x%jx\n",
2736 		    (uintmax_t)prev2->bus_addr, (uintmax_t)ocb->bus_addr);
2737 END_DEBUG
2738 		/*
2739 		 * Suppress compiler optimization so that orb[1] must be written first.
2740 		 * XXX We may need an explicit memory barrier for other architectures
2741 		 * other than i386/amd64.
2742 		 */
2743 		*(volatile uint32_t *)&prev2->orb[1] = htonl(ocb->bus_addr);
2744 		*(volatile uint32_t *)&prev2->orb[0] = 0;
2745 	}
2746 
2747 	return prev;
2748 }
2749 
2750 static struct sbp_ocb *
2751 sbp_get_ocb(struct sbp_dev *sdev)
2752 {
2753 	struct sbp_ocb *ocb;
2754 
2755 	SBP_LOCK_ASSERT(sdev->target->sbp);
2756 	ocb = STAILQ_FIRST(&sdev->free_ocbs);
2757 	if (ocb == NULL) {
2758 		sdev->flags |= ORB_SHORTAGE;
2759 		printf("ocb shortage!!!\n");
2760 		return NULL;
2761 	}
2762 	STAILQ_REMOVE_HEAD(&sdev->free_ocbs, ocb);
2763 	ocb->ccb = NULL;
2764 	return (ocb);
2765 }
2766 
2767 static void
2768 sbp_free_ocb(struct sbp_dev *sdev, struct sbp_ocb *ocb)
2769 {
2770 	ocb->flags = 0;
2771 	ocb->ccb = NULL;
2772 
2773 	SBP_LOCK_ASSERT(sdev->target->sbp);
2774 	STAILQ_INSERT_TAIL(&sdev->free_ocbs, ocb, ocb);
2775 	if ((sdev->flags & ORB_SHORTAGE) != 0) {
2776 		int count;
2777 
2778 		sdev->flags &= ~ORB_SHORTAGE;
2779 		count = sdev->freeze;
2780 		sdev->freeze = 0;
2781 		xpt_release_devq(sdev->path, count, TRUE);
2782 	}
2783 }
2784 
2785 static void
2786 sbp_abort_ocb(struct sbp_ocb *ocb, int status)
2787 {
2788 	struct sbp_dev *sdev;
2789 
2790 	sdev = ocb->sdev;
2791 	SBP_LOCK_ASSERT(sdev->target->sbp);
2792 SBP_DEBUG(0)
2793 	device_printf(sdev->target->sbp->fd.dev,
2794 	"%s:%s 0x%jx\n", __func__, sdev->bustgtlun, (uintmax_t)ocb->bus_addr);
2795 END_DEBUG
2796 SBP_DEBUG(1)
2797 	if (ocb->ccb != NULL)
2798 		sbp_print_scsi_cmd(ocb);
2799 END_DEBUG
2800 	if (ntohl(ocb->orb[4]) & 0xffff) {
2801 		bus_dmamap_sync(sdev->target->sbp->dmat, ocb->dmamap,
2802 			(ntohl(ocb->orb[4]) & ORB_CMD_IN) ?
2803 			BUS_DMASYNC_POSTREAD : BUS_DMASYNC_POSTWRITE);
2804 		bus_dmamap_unload(sdev->target->sbp->dmat, ocb->dmamap);
2805 	}
2806 	if (ocb->ccb != NULL) {
2807 		callout_stop(&ocb->timer);
2808 		ocb->ccb->ccb_h.status = status;
2809 		xpt_done(ocb->ccb);
2810 	}
2811 	sbp_free_ocb(sdev, ocb);
2812 }
2813 
2814 static void
2815 sbp_abort_all_ocbs(struct sbp_dev *sdev, int status)
2816 {
2817 	struct sbp_ocb *ocb, *next;
2818 	STAILQ_HEAD(, sbp_ocb) temp;
2819 
2820 	STAILQ_INIT(&temp);
2821 	SBP_LOCK_ASSERT(sdev->target->sbp);
2822 	STAILQ_CONCAT(&temp, &sdev->ocbs);
2823 	STAILQ_INIT(&sdev->ocbs);
2824 
2825 	STAILQ_FOREACH_SAFE(ocb, &temp, ocb, next) {
2826 		sbp_abort_ocb(ocb, status);
2827 	}
2828 	if (sdev->last_ocb != NULL) {
2829 		sbp_free_ocb(sdev, sdev->last_ocb);
2830 		sdev->last_ocb = NULL;
2831 	}
2832 }
2833 
2834 static devclass_t sbp_devclass;
2835 
2836 static device_method_t sbp_methods[] = {
2837 	/* device interface */
2838 	DEVMETHOD(device_identify,	sbp_identify),
2839 	DEVMETHOD(device_probe,		sbp_probe),
2840 	DEVMETHOD(device_attach,	sbp_attach),
2841 	DEVMETHOD(device_detach,	sbp_detach),
2842 	DEVMETHOD(device_shutdown,	sbp_shutdown),
2843 
2844 	{ 0, 0 }
2845 };
2846 
2847 static driver_t sbp_driver = {
2848 	"sbp",
2849 	sbp_methods,
2850 	sizeof(struct sbp_softc),
2851 };
2852 DRIVER_MODULE(sbp, firewire, sbp_driver, sbp_devclass, 0, 0);
2853 MODULE_VERSION(sbp, 1);
2854 MODULE_DEPEND(sbp, firewire, 1, 1, 1);
2855 MODULE_DEPEND(sbp, cam, 1, 1, 1);
2856