1 /*- 2 * Copyright (c) 2009 Yahoo! Inc. 3 * Copyright (c) 2011-2015 LSI Corp. 4 * Copyright (c) 2013-2015 Avago Technologies 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 * 28 * Avago Technologies (LSI) MPT-Fusion Host Adapter FreeBSD 29 * 30 * $FreeBSD$ 31 */ 32 33 #include <sys/cdefs.h> 34 __FBSDID("$FreeBSD$"); 35 36 /* Communications core for Avago Technologies (LSI) MPT2 */ 37 38 /* TODO Move headers to mpsvar */ 39 #include <sys/types.h> 40 #include <sys/param.h> 41 #include <sys/systm.h> 42 #include <sys/kernel.h> 43 #include <sys/selinfo.h> 44 #include <sys/module.h> 45 #include <sys/bus.h> 46 #include <sys/conf.h> 47 #include <sys/bio.h> 48 #include <sys/malloc.h> 49 #include <sys/uio.h> 50 #include <sys/sysctl.h> 51 #include <sys/endian.h> 52 #include <sys/queue.h> 53 #include <sys/kthread.h> 54 #include <sys/taskqueue.h> 55 #include <sys/sbuf.h> 56 57 #include <machine/bus.h> 58 #include <machine/resource.h> 59 #include <sys/rman.h> 60 61 #include <machine/stdarg.h> 62 63 #include <cam/cam.h> 64 #include <cam/cam_ccb.h> 65 #include <cam/cam_xpt.h> 66 #include <cam/cam_debug.h> 67 #include <cam/cam_sim.h> 68 #include <cam/cam_xpt_sim.h> 69 #include <cam/cam_xpt_periph.h> 70 #include <cam/cam_periph.h> 71 #include <cam/scsi/scsi_all.h> 72 #include <cam/scsi/scsi_message.h> 73 #if __FreeBSD_version >= 900026 74 #include <cam/scsi/smp_all.h> 75 #endif 76 77 #include <dev/mps/mpi/mpi2_type.h> 78 #include <dev/mps/mpi/mpi2.h> 79 #include <dev/mps/mpi/mpi2_ioc.h> 80 #include <dev/mps/mpi/mpi2_sas.h> 81 #include <dev/mps/mpi/mpi2_cnfg.h> 82 #include <dev/mps/mpi/mpi2_init.h> 83 #include <dev/mps/mpi/mpi2_tool.h> 84 #include <dev/mps/mps_ioctl.h> 85 #include <dev/mps/mpsvar.h> 86 #include <dev/mps/mps_table.h> 87 #include <dev/mps/mps_sas.h> 88 89 #define MPSSAS_DISCOVERY_TIMEOUT 20 90 #define MPSSAS_MAX_DISCOVERY_TIMEOUTS 10 /* 200 seconds */ 91 92 /* 93 * static array to check SCSI OpCode for EEDP protection bits 94 */ 95 #define PRO_R MPI2_SCSIIO_EEDPFLAGS_CHECK_REMOVE_OP 96 #define PRO_W MPI2_SCSIIO_EEDPFLAGS_INSERT_OP 97 #define PRO_V MPI2_SCSIIO_EEDPFLAGS_INSERT_OP 98 static uint8_t op_code_prot[256] = { 99 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 100 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 101 0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V, 102 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 103 0, PRO_W, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 104 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 105 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 106 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 107 0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V, 108 0, 0, 0, PRO_W, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 109 0, 0, 0, 0, 0, 0, 0, 0, PRO_R, 0, PRO_W, 0, 0, 0, PRO_W, PRO_V, 110 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 111 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 112 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 113 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 114 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 115 }; 116 117 MALLOC_DEFINE(M_MPSSAS, "MPSSAS", "MPS SAS memory"); 118 119 static void mpssas_remove_device(struct mps_softc *, struct mps_command *); 120 static void mpssas_remove_complete(struct mps_softc *, struct mps_command *); 121 static void mpssas_action(struct cam_sim *sim, union ccb *ccb); 122 static void mpssas_poll(struct cam_sim *sim); 123 static int mpssas_send_abort(struct mps_softc *sc, struct mps_command *tm, 124 struct mps_command *cm); 125 static void mpssas_scsiio_timeout(void *data); 126 static void mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm); 127 static void mpssas_direct_drive_io(struct mpssas_softc *sassc, 128 struct mps_command *cm, union ccb *ccb); 129 static void mpssas_action_scsiio(struct mpssas_softc *, union ccb *); 130 static void mpssas_scsiio_complete(struct mps_softc *, struct mps_command *); 131 static void mpssas_action_resetdev(struct mpssas_softc *, union ccb *); 132 #if __FreeBSD_version >= 900026 133 static void mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm); 134 static void mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, 135 uint64_t sasaddr); 136 static void mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb); 137 #endif //FreeBSD_version >= 900026 138 static void mpssas_resetdev_complete(struct mps_softc *, struct mps_command *); 139 static void mpssas_async(void *callback_arg, uint32_t code, 140 struct cam_path *path, void *arg); 141 #if (__FreeBSD_version < 901503) || \ 142 ((__FreeBSD_version >= 1000000) && (__FreeBSD_version < 1000006)) 143 static void mpssas_check_eedp(struct mps_softc *sc, struct cam_path *path, 144 struct ccb_getdev *cgd); 145 static void mpssas_read_cap_done(struct cam_periph *periph, union ccb *done_ccb); 146 #endif 147 static int mpssas_send_portenable(struct mps_softc *sc); 148 static void mpssas_portenable_complete(struct mps_softc *sc, 149 struct mps_command *cm); 150 151 struct mpssas_target * 152 mpssas_find_target_by_handle(struct mpssas_softc *sassc, int start, uint16_t handle) 153 { 154 struct mpssas_target *target; 155 int i; 156 157 for (i = start; i < sassc->maxtargets; i++) { 158 target = &sassc->targets[i]; 159 if (target->handle == handle) 160 return (target); 161 } 162 163 return (NULL); 164 } 165 166 /* we need to freeze the simq during attach and diag reset, to avoid failing 167 * commands before device handles have been found by discovery. Since 168 * discovery involves reading config pages and possibly sending commands, 169 * discovery actions may continue even after we receive the end of discovery 170 * event, so refcount discovery actions instead of assuming we can unfreeze 171 * the simq when we get the event. 172 */ 173 void 174 mpssas_startup_increment(struct mpssas_softc *sassc) 175 { 176 MPS_FUNCTRACE(sassc->sc); 177 178 if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) { 179 if (sassc->startup_refcount++ == 0) { 180 /* just starting, freeze the simq */ 181 mps_dprint(sassc->sc, MPS_INIT, 182 "%s freezing simq\n", __func__); 183 #if __FreeBSD_version >= 1000039 184 xpt_hold_boot(); 185 #endif 186 xpt_freeze_simq(sassc->sim, 1); 187 } 188 mps_dprint(sassc->sc, MPS_INIT, "%s refcount %u\n", __func__, 189 sassc->startup_refcount); 190 } 191 } 192 193 void 194 mpssas_release_simq_reinit(struct mpssas_softc *sassc) 195 { 196 if (sassc->flags & MPSSAS_QUEUE_FROZEN) { 197 sassc->flags &= ~MPSSAS_QUEUE_FROZEN; 198 xpt_release_simq(sassc->sim, 1); 199 mps_dprint(sassc->sc, MPS_INFO, "Unfreezing SIM queue\n"); 200 } 201 } 202 203 void 204 mpssas_startup_decrement(struct mpssas_softc *sassc) 205 { 206 MPS_FUNCTRACE(sassc->sc); 207 208 if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) { 209 if (--sassc->startup_refcount == 0) { 210 /* finished all discovery-related actions, release 211 * the simq and rescan for the latest topology. 212 */ 213 mps_dprint(sassc->sc, MPS_INIT, 214 "%s releasing simq\n", __func__); 215 sassc->flags &= ~MPSSAS_IN_STARTUP; 216 xpt_release_simq(sassc->sim, 1); 217 #if __FreeBSD_version >= 1000039 218 xpt_release_boot(); 219 #else 220 mpssas_rescan_target(sassc->sc, NULL); 221 #endif 222 } 223 mps_dprint(sassc->sc, MPS_INIT, "%s refcount %u\n", __func__, 224 sassc->startup_refcount); 225 } 226 } 227 228 /* The firmware requires us to stop sending commands when we're doing task 229 * management, so refcount the TMs and keep the simq frozen when any are in 230 * use. 231 */ 232 struct mps_command * 233 mpssas_alloc_tm(struct mps_softc *sc) 234 { 235 struct mps_command *tm; 236 237 tm = mps_alloc_high_priority_command(sc); 238 return tm; 239 } 240 241 void 242 mpssas_free_tm(struct mps_softc *sc, struct mps_command *tm) 243 { 244 int target_id = 0xFFFFFFFF; 245 246 if (tm == NULL) 247 return; 248 249 /* 250 * For TM's the devq is frozen for the device. Unfreeze it here and 251 * free the resources used for freezing the devq. Must clear the 252 * INRESET flag as well or scsi I/O will not work. 253 */ 254 if (tm->cm_targ != NULL) { 255 tm->cm_targ->flags &= ~MPSSAS_TARGET_INRESET; 256 target_id = tm->cm_targ->tid; 257 } 258 if (tm->cm_ccb) { 259 mps_dprint(sc, MPS_INFO, "Unfreezing devq for target ID %d\n", 260 target_id); 261 xpt_release_devq(tm->cm_ccb->ccb_h.path, 1, TRUE); 262 xpt_free_path(tm->cm_ccb->ccb_h.path); 263 xpt_free_ccb(tm->cm_ccb); 264 } 265 266 mps_free_high_priority_command(sc, tm); 267 } 268 269 void 270 mpssas_rescan_target(struct mps_softc *sc, struct mpssas_target *targ) 271 { 272 struct mpssas_softc *sassc = sc->sassc; 273 path_id_t pathid; 274 target_id_t targetid; 275 union ccb *ccb; 276 277 MPS_FUNCTRACE(sc); 278 pathid = cam_sim_path(sassc->sim); 279 if (targ == NULL) 280 targetid = CAM_TARGET_WILDCARD; 281 else 282 targetid = targ - sassc->targets; 283 284 /* 285 * Allocate a CCB and schedule a rescan. 286 */ 287 ccb = xpt_alloc_ccb_nowait(); 288 if (ccb == NULL) { 289 mps_dprint(sc, MPS_ERROR, "unable to alloc CCB for rescan\n"); 290 return; 291 } 292 293 if (xpt_create_path(&ccb->ccb_h.path, NULL, pathid, 294 targetid, CAM_LUN_WILDCARD) != CAM_REQ_CMP) { 295 mps_dprint(sc, MPS_ERROR, "unable to create path for rescan\n"); 296 xpt_free_ccb(ccb); 297 return; 298 } 299 300 if (targetid == CAM_TARGET_WILDCARD) 301 ccb->ccb_h.func_code = XPT_SCAN_BUS; 302 else 303 ccb->ccb_h.func_code = XPT_SCAN_TGT; 304 305 mps_dprint(sc, MPS_TRACE, "%s targetid %u\n", __func__, targetid); 306 xpt_rescan(ccb); 307 } 308 309 static void 310 mpssas_log_command(struct mps_command *cm, u_int level, const char *fmt, ...) 311 { 312 struct sbuf sb; 313 va_list ap; 314 char str[192]; 315 char path_str[64]; 316 317 if (cm == NULL) 318 return; 319 320 /* No need to be in here if debugging isn't enabled */ 321 if ((cm->cm_sc->mps_debug & level) == 0) 322 return; 323 324 sbuf_new(&sb, str, sizeof(str), 0); 325 326 va_start(ap, fmt); 327 328 if (cm->cm_ccb != NULL) { 329 xpt_path_string(cm->cm_ccb->csio.ccb_h.path, path_str, 330 sizeof(path_str)); 331 sbuf_cat(&sb, path_str); 332 if (cm->cm_ccb->ccb_h.func_code == XPT_SCSI_IO) { 333 scsi_command_string(&cm->cm_ccb->csio, &sb); 334 sbuf_printf(&sb, "length %d ", 335 cm->cm_ccb->csio.dxfer_len); 336 } 337 } 338 else { 339 sbuf_printf(&sb, "(noperiph:%s%d:%u:%u:%u): ", 340 cam_sim_name(cm->cm_sc->sassc->sim), 341 cam_sim_unit(cm->cm_sc->sassc->sim), 342 cam_sim_bus(cm->cm_sc->sassc->sim), 343 cm->cm_targ ? cm->cm_targ->tid : 0xFFFFFFFF, 344 cm->cm_lun); 345 } 346 347 sbuf_printf(&sb, "SMID %u ", cm->cm_desc.Default.SMID); 348 sbuf_vprintf(&sb, fmt, ap); 349 sbuf_finish(&sb); 350 mps_print_field(cm->cm_sc, "%s", sbuf_data(&sb)); 351 352 va_end(ap); 353 } 354 355 356 static void 357 mpssas_remove_volume(struct mps_softc *sc, struct mps_command *tm) 358 { 359 MPI2_SCSI_TASK_MANAGE_REPLY *reply; 360 struct mpssas_target *targ; 361 uint16_t handle; 362 363 MPS_FUNCTRACE(sc); 364 365 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply; 366 handle = (uint16_t)(uintptr_t)tm->cm_complete_data; 367 targ = tm->cm_targ; 368 369 if (reply == NULL) { 370 /* XXX retry the remove after the diag reset completes? */ 371 mps_dprint(sc, MPS_FAULT, 372 "%s NULL reply resetting device 0x%04x\n", __func__, 373 handle); 374 mpssas_free_tm(sc, tm); 375 return; 376 } 377 378 if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) != 379 MPI2_IOCSTATUS_SUCCESS) { 380 mps_dprint(sc, MPS_ERROR, 381 "IOCStatus = 0x%x while resetting device 0x%x\n", 382 le16toh(reply->IOCStatus), handle); 383 } 384 385 mps_dprint(sc, MPS_XINFO, 386 "Reset aborted %u commands\n", reply->TerminationCount); 387 mps_free_reply(sc, tm->cm_reply_data); 388 tm->cm_reply = NULL; /* Ensures the reply won't get re-freed */ 389 390 mps_dprint(sc, MPS_XINFO, 391 "clearing target %u handle 0x%04x\n", targ->tid, handle); 392 393 /* 394 * Don't clear target if remove fails because things will get confusing. 395 * Leave the devname and sasaddr intact so that we know to avoid reusing 396 * this target id if possible, and so we can assign the same target id 397 * to this device if it comes back in the future. 398 */ 399 if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) == 400 MPI2_IOCSTATUS_SUCCESS) { 401 targ = tm->cm_targ; 402 targ->handle = 0x0; 403 targ->encl_handle = 0x0; 404 targ->encl_slot = 0x0; 405 targ->exp_dev_handle = 0x0; 406 targ->phy_num = 0x0; 407 targ->linkrate = 0x0; 408 targ->devinfo = 0x0; 409 targ->flags = 0x0; 410 } 411 412 mpssas_free_tm(sc, tm); 413 } 414 415 416 /* 417 * No Need to call "MPI2_SAS_OP_REMOVE_DEVICE" For Volume removal. 418 * Otherwise Volume Delete is same as Bare Drive Removal. 419 */ 420 void 421 mpssas_prepare_volume_remove(struct mpssas_softc *sassc, uint16_t handle) 422 { 423 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 424 struct mps_softc *sc; 425 struct mps_command *cm; 426 struct mpssas_target *targ = NULL; 427 428 MPS_FUNCTRACE(sassc->sc); 429 sc = sassc->sc; 430 431 #ifdef WD_SUPPORT 432 /* 433 * If this is a WD controller, determine if the disk should be exposed 434 * to the OS or not. If disk should be exposed, return from this 435 * function without doing anything. 436 */ 437 if (sc->WD_available && (sc->WD_hide_expose == 438 MPS_WD_EXPOSE_ALWAYS)) { 439 return; 440 } 441 #endif //WD_SUPPORT 442 443 targ = mpssas_find_target_by_handle(sassc, 0, handle); 444 if (targ == NULL) { 445 /* FIXME: what is the action? */ 446 /* We don't know about this device? */ 447 mps_dprint(sc, MPS_ERROR, 448 "%s %d : invalid handle 0x%x \n", __func__,__LINE__, handle); 449 return; 450 } 451 452 targ->flags |= MPSSAS_TARGET_INREMOVAL; 453 454 cm = mpssas_alloc_tm(sc); 455 if (cm == NULL) { 456 mps_dprint(sc, MPS_ERROR, 457 "%s: command alloc failure\n", __func__); 458 return; 459 } 460 461 mpssas_rescan_target(sc, targ); 462 463 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 464 req->DevHandle = targ->handle; 465 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 466 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET; 467 468 /* SAS Hard Link Reset / SATA Link Reset */ 469 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET; 470 471 cm->cm_targ = targ; 472 cm->cm_data = NULL; 473 cm->cm_desc.HighPriority.RequestFlags = 474 MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY; 475 cm->cm_complete = mpssas_remove_volume; 476 cm->cm_complete_data = (void *)(uintptr_t)handle; 477 478 mps_dprint(sc, MPS_INFO, "%s: Sending reset for target ID %d\n", 479 __func__, targ->tid); 480 mpssas_prepare_for_tm(sc, cm, targ, CAM_LUN_WILDCARD); 481 482 mps_map_command(sc, cm); 483 } 484 485 /* 486 * The MPT2 firmware performs debounce on the link to avoid transient link 487 * errors and false removals. When it does decide that link has been lost 488 * and a device need to go away, it expects that the host will perform a 489 * target reset and then an op remove. The reset has the side-effect of 490 * aborting any outstanding requests for the device, which is required for 491 * the op-remove to succeed. It's not clear if the host should check for 492 * the device coming back alive after the reset. 493 */ 494 void 495 mpssas_prepare_remove(struct mpssas_softc *sassc, uint16_t handle) 496 { 497 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 498 struct mps_softc *sc; 499 struct mps_command *cm; 500 struct mpssas_target *targ = NULL; 501 502 MPS_FUNCTRACE(sassc->sc); 503 504 sc = sassc->sc; 505 506 targ = mpssas_find_target_by_handle(sassc, 0, handle); 507 if (targ == NULL) { 508 /* FIXME: what is the action? */ 509 /* We don't know about this device? */ 510 mps_dprint(sc, MPS_ERROR, 511 "%s : invalid handle 0x%x \n", __func__, handle); 512 return; 513 } 514 515 targ->flags |= MPSSAS_TARGET_INREMOVAL; 516 517 cm = mpssas_alloc_tm(sc); 518 if (cm == NULL) { 519 mps_dprint(sc, MPS_ERROR, 520 "%s: command alloc failure\n", __func__); 521 return; 522 } 523 524 mpssas_rescan_target(sc, targ); 525 526 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 527 memset(req, 0, sizeof(*req)); 528 req->DevHandle = htole16(targ->handle); 529 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 530 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET; 531 532 /* SAS Hard Link Reset / SATA Link Reset */ 533 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET; 534 535 cm->cm_targ = targ; 536 cm->cm_data = NULL; 537 cm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY; 538 cm->cm_complete = mpssas_remove_device; 539 cm->cm_complete_data = (void *)(uintptr_t)handle; 540 541 mps_dprint(sc, MPS_INFO, "%s: Sending reset for target ID %d\n", 542 __func__, targ->tid); 543 mpssas_prepare_for_tm(sc, cm, targ, CAM_LUN_WILDCARD); 544 545 mps_map_command(sc, cm); 546 } 547 548 static void 549 mpssas_remove_device(struct mps_softc *sc, struct mps_command *tm) 550 { 551 MPI2_SCSI_TASK_MANAGE_REPLY *reply; 552 MPI2_SAS_IOUNIT_CONTROL_REQUEST *req; 553 struct mpssas_target *targ; 554 struct mps_command *next_cm; 555 uint16_t handle; 556 557 MPS_FUNCTRACE(sc); 558 559 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply; 560 handle = (uint16_t)(uintptr_t)tm->cm_complete_data; 561 targ = tm->cm_targ; 562 563 /* 564 * Currently there should be no way we can hit this case. It only 565 * happens when we have a failure to allocate chain frames, and 566 * task management commands don't have S/G lists. 567 */ 568 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 569 mps_dprint(sc, MPS_ERROR, 570 "%s: cm_flags = %#x for remove of handle %#04x! " 571 "This should not happen!\n", __func__, tm->cm_flags, 572 handle); 573 } 574 575 if (reply == NULL) { 576 /* XXX retry the remove after the diag reset completes? */ 577 mps_dprint(sc, MPS_FAULT, 578 "%s NULL reply resetting device 0x%04x\n", __func__, 579 handle); 580 mpssas_free_tm(sc, tm); 581 return; 582 } 583 584 if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) != 585 MPI2_IOCSTATUS_SUCCESS) { 586 mps_dprint(sc, MPS_ERROR, 587 "IOCStatus = 0x%x while resetting device 0x%x\n", 588 le16toh(reply->IOCStatus), handle); 589 } 590 591 mps_dprint(sc, MPS_XINFO, "Reset aborted %u commands\n", 592 le32toh(reply->TerminationCount)); 593 mps_free_reply(sc, tm->cm_reply_data); 594 tm->cm_reply = NULL; /* Ensures the reply won't get re-freed */ 595 596 /* Reuse the existing command */ 597 req = (MPI2_SAS_IOUNIT_CONTROL_REQUEST *)tm->cm_req; 598 memset(req, 0, sizeof(*req)); 599 req->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL; 600 req->Operation = MPI2_SAS_OP_REMOVE_DEVICE; 601 req->DevHandle = htole16(handle); 602 tm->cm_data = NULL; 603 tm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 604 tm->cm_complete = mpssas_remove_complete; 605 tm->cm_complete_data = (void *)(uintptr_t)handle; 606 607 mps_map_command(sc, tm); 608 609 mps_dprint(sc, MPS_XINFO, "clearing target %u handle 0x%04x\n", 610 targ->tid, handle); 611 TAILQ_FOREACH_SAFE(tm, &targ->commands, cm_link, next_cm) { 612 union ccb *ccb; 613 614 mps_dprint(sc, MPS_XINFO, "Completing missed command %p\n", tm); 615 ccb = tm->cm_complete_data; 616 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 617 mpssas_scsiio_complete(sc, tm); 618 } 619 } 620 621 static void 622 mpssas_remove_complete(struct mps_softc *sc, struct mps_command *tm) 623 { 624 MPI2_SAS_IOUNIT_CONTROL_REPLY *reply; 625 uint16_t handle; 626 struct mpssas_target *targ; 627 struct mpssas_lun *lun; 628 629 MPS_FUNCTRACE(sc); 630 631 reply = (MPI2_SAS_IOUNIT_CONTROL_REPLY *)tm->cm_reply; 632 handle = (uint16_t)(uintptr_t)tm->cm_complete_data; 633 634 /* 635 * Currently there should be no way we can hit this case. It only 636 * happens when we have a failure to allocate chain frames, and 637 * task management commands don't have S/G lists. 638 */ 639 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 640 mps_dprint(sc, MPS_XINFO, 641 "%s: cm_flags = %#x for remove of handle %#04x! " 642 "This should not happen!\n", __func__, tm->cm_flags, 643 handle); 644 mpssas_free_tm(sc, tm); 645 return; 646 } 647 648 if (reply == NULL) { 649 /* most likely a chip reset */ 650 mps_dprint(sc, MPS_FAULT, 651 "%s NULL reply removing device 0x%04x\n", __func__, handle); 652 mpssas_free_tm(sc, tm); 653 return; 654 } 655 656 mps_dprint(sc, MPS_XINFO, 657 "%s on handle 0x%04x, IOCStatus= 0x%x\n", __func__, 658 handle, le16toh(reply->IOCStatus)); 659 660 /* 661 * Don't clear target if remove fails because things will get confusing. 662 * Leave the devname and sasaddr intact so that we know to avoid reusing 663 * this target id if possible, and so we can assign the same target id 664 * to this device if it comes back in the future. 665 */ 666 if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) == 667 MPI2_IOCSTATUS_SUCCESS) { 668 targ = tm->cm_targ; 669 targ->handle = 0x0; 670 targ->encl_handle = 0x0; 671 targ->encl_slot = 0x0; 672 targ->exp_dev_handle = 0x0; 673 targ->phy_num = 0x0; 674 targ->linkrate = 0x0; 675 targ->devinfo = 0x0; 676 targ->flags = 0x0; 677 678 while(!SLIST_EMPTY(&targ->luns)) { 679 lun = SLIST_FIRST(&targ->luns); 680 SLIST_REMOVE_HEAD(&targ->luns, lun_link); 681 free(lun, M_MPT2); 682 } 683 } 684 685 686 mpssas_free_tm(sc, tm); 687 } 688 689 static int 690 mpssas_register_events(struct mps_softc *sc) 691 { 692 u32 events[MPI2_EVENT_NOTIFY_EVENTMASK_WORDS]; 693 694 bzero(events, 16); 695 setbit(events, MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE); 696 setbit(events, MPI2_EVENT_SAS_DISCOVERY); 697 setbit(events, MPI2_EVENT_SAS_BROADCAST_PRIMITIVE); 698 setbit(events, MPI2_EVENT_SAS_INIT_DEVICE_STATUS_CHANGE); 699 setbit(events, MPI2_EVENT_SAS_INIT_TABLE_OVERFLOW); 700 setbit(events, MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST); 701 setbit(events, MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE); 702 setbit(events, MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST); 703 setbit(events, MPI2_EVENT_IR_VOLUME); 704 setbit(events, MPI2_EVENT_IR_PHYSICAL_DISK); 705 setbit(events, MPI2_EVENT_IR_OPERATION_STATUS); 706 setbit(events, MPI2_EVENT_LOG_ENTRY_ADDED); 707 708 mps_register_events(sc, events, mpssas_evt_handler, NULL, 709 &sc->sassc->mpssas_eh); 710 711 return (0); 712 } 713 714 int 715 mps_attach_sas(struct mps_softc *sc) 716 { 717 struct mpssas_softc *sassc; 718 cam_status status; 719 int unit, error = 0; 720 721 MPS_FUNCTRACE(sc); 722 mps_dprint(sc, MPS_INIT, "%s entered\n", __func__); 723 724 sassc = malloc(sizeof(struct mpssas_softc), M_MPT2, M_WAITOK|M_ZERO); 725 if(!sassc) { 726 mps_dprint(sc, MPS_INIT|MPS_ERROR, 727 "Cannot allocate SAS controller memory\n"); 728 return (ENOMEM); 729 } 730 731 /* 732 * XXX MaxTargets could change during a reinit. Since we don't 733 * resize the targets[] array during such an event, cache the value 734 * of MaxTargets here so that we don't get into trouble later. This 735 * should move into the reinit logic. 736 */ 737 sassc->maxtargets = sc->facts->MaxTargets + sc->facts->MaxVolumes; 738 sassc->targets = malloc(sizeof(struct mpssas_target) * 739 sassc->maxtargets, M_MPT2, M_WAITOK|M_ZERO); 740 if(!sassc->targets) { 741 mps_dprint(sc, MPS_INIT|MPS_ERROR, 742 "Cannot allocate SAS target memory\n"); 743 free(sassc, M_MPT2); 744 return (ENOMEM); 745 } 746 sc->sassc = sassc; 747 sassc->sc = sc; 748 749 if ((sassc->devq = cam_simq_alloc(sc->num_reqs)) == NULL) { 750 mps_dprint(sc, MPS_ERROR, "Cannot allocate SIMQ\n"); 751 error = ENOMEM; 752 goto out; 753 } 754 755 unit = device_get_unit(sc->mps_dev); 756 sassc->sim = cam_sim_alloc(mpssas_action, mpssas_poll, "mps", sassc, 757 unit, &sc->mps_mtx, sc->num_reqs, sc->num_reqs, sassc->devq); 758 if (sassc->sim == NULL) { 759 mps_dprint(sc, MPS_INIT|MPS_ERROR, "Cannot allocate SIM\n"); 760 error = EINVAL; 761 goto out; 762 } 763 764 TAILQ_INIT(&sassc->ev_queue); 765 766 /* Initialize taskqueue for Event Handling */ 767 TASK_INIT(&sassc->ev_task, 0, mpssas_firmware_event_work, sc); 768 sassc->ev_tq = taskqueue_create("mps_taskq", M_NOWAIT | M_ZERO, 769 taskqueue_thread_enqueue, &sassc->ev_tq); 770 taskqueue_start_threads(&sassc->ev_tq, 1, PRIBIO, "%s taskq", 771 device_get_nameunit(sc->mps_dev)); 772 773 mps_lock(sc); 774 775 /* 776 * XXX There should be a bus for every port on the adapter, but since 777 * we're just going to fake the topology for now, we'll pretend that 778 * everything is just a target on a single bus. 779 */ 780 if ((error = xpt_bus_register(sassc->sim, sc->mps_dev, 0)) != 0) { 781 mps_dprint(sc, MPS_INIT|MPS_ERROR, 782 "Error %d registering SCSI bus\n", error); 783 mps_unlock(sc); 784 goto out; 785 } 786 787 /* 788 * Assume that discovery events will start right away. 789 * 790 * Hold off boot until discovery is complete. 791 */ 792 sassc->flags |= MPSSAS_IN_STARTUP | MPSSAS_IN_DISCOVERY; 793 sc->sassc->startup_refcount = 0; 794 mpssas_startup_increment(sassc); 795 796 callout_init(&sassc->discovery_callout, 1 /*mpsafe*/); 797 798 /* 799 * Register for async events so we can determine the EEDP 800 * capabilities of devices. 801 */ 802 status = xpt_create_path(&sassc->path, /*periph*/NULL, 803 cam_sim_path(sc->sassc->sim), CAM_TARGET_WILDCARD, 804 CAM_LUN_WILDCARD); 805 if (status != CAM_REQ_CMP) { 806 mps_dprint(sc, MPS_ERROR|MPS_INIT, 807 "Error %#x creating sim path\n", status); 808 sassc->path = NULL; 809 } else { 810 int event; 811 812 #if (__FreeBSD_version >= 1000006) || \ 813 ((__FreeBSD_version >= 901503) && (__FreeBSD_version < 1000000)) 814 event = AC_ADVINFO_CHANGED; 815 #else 816 event = AC_FOUND_DEVICE; 817 #endif 818 status = xpt_register_async(event, mpssas_async, sc, 819 sassc->path); 820 if (status != CAM_REQ_CMP) { 821 mps_dprint(sc, MPS_ERROR, 822 "Error %#x registering async handler for " 823 "AC_ADVINFO_CHANGED events\n", status); 824 xpt_free_path(sassc->path); 825 sassc->path = NULL; 826 } 827 } 828 if (status != CAM_REQ_CMP) { 829 /* 830 * EEDP use is the exception, not the rule. 831 * Warn the user, but do not fail to attach. 832 */ 833 mps_printf(sc, "EEDP capabilities disabled.\n"); 834 } 835 836 mps_unlock(sc); 837 838 mpssas_register_events(sc); 839 out: 840 if (error) 841 mps_detach_sas(sc); 842 843 mps_dprint(sc, MPS_INIT, "%s exit error= %d\n", __func__, error); 844 return (error); 845 } 846 847 int 848 mps_detach_sas(struct mps_softc *sc) 849 { 850 struct mpssas_softc *sassc; 851 struct mpssas_lun *lun, *lun_tmp; 852 struct mpssas_target *targ; 853 int i; 854 855 MPS_FUNCTRACE(sc); 856 857 if (sc->sassc == NULL) 858 return (0); 859 860 sassc = sc->sassc; 861 mps_deregister_events(sc, sassc->mpssas_eh); 862 863 /* 864 * Drain and free the event handling taskqueue with the lock 865 * unheld so that any parallel processing tasks drain properly 866 * without deadlocking. 867 */ 868 if (sassc->ev_tq != NULL) 869 taskqueue_free(sassc->ev_tq); 870 871 /* Make sure CAM doesn't wedge if we had to bail out early. */ 872 mps_lock(sc); 873 874 /* Deregister our async handler */ 875 if (sassc->path != NULL) { 876 xpt_register_async(0, mpssas_async, sc, sassc->path); 877 xpt_free_path(sassc->path); 878 sassc->path = NULL; 879 } 880 881 if (sassc->flags & MPSSAS_IN_STARTUP) 882 xpt_release_simq(sassc->sim, 1); 883 884 if (sassc->sim != NULL) { 885 xpt_bus_deregister(cam_sim_path(sassc->sim)); 886 cam_sim_free(sassc->sim, FALSE); 887 } 888 889 mps_unlock(sc); 890 891 if (sassc->devq != NULL) 892 cam_simq_free(sassc->devq); 893 894 for(i=0; i< sassc->maxtargets ;i++) { 895 targ = &sassc->targets[i]; 896 SLIST_FOREACH_SAFE(lun, &targ->luns, lun_link, lun_tmp) { 897 free(lun, M_MPT2); 898 } 899 } 900 free(sassc->targets, M_MPT2); 901 free(sassc, M_MPT2); 902 sc->sassc = NULL; 903 904 return (0); 905 } 906 907 void 908 mpssas_discovery_end(struct mpssas_softc *sassc) 909 { 910 struct mps_softc *sc = sassc->sc; 911 912 MPS_FUNCTRACE(sc); 913 914 if (sassc->flags & MPSSAS_DISCOVERY_TIMEOUT_PENDING) 915 callout_stop(&sassc->discovery_callout); 916 917 /* 918 * After discovery has completed, check the mapping table for any 919 * missing devices and update their missing counts. Only do this once 920 * whenever the driver is initialized so that missing counts aren't 921 * updated unnecessarily. Note that just because discovery has 922 * completed doesn't mean that events have been processed yet. The 923 * check_devices function is a callout timer that checks if ALL devices 924 * are missing. If so, it will wait a little longer for events to 925 * complete and keep resetting itself until some device in the mapping 926 * table is not missing, meaning that event processing has started. 927 */ 928 if (sc->track_mapping_events) { 929 mps_dprint(sc, MPS_XINFO | MPS_MAPPING, "Discovery has " 930 "completed. Check for missing devices in the mapping " 931 "table.\n"); 932 callout_reset(&sc->device_check_callout, 933 MPS_MISSING_CHECK_DELAY * hz, mps_mapping_check_devices, 934 sc); 935 } 936 } 937 938 static void 939 mpssas_action(struct cam_sim *sim, union ccb *ccb) 940 { 941 struct mpssas_softc *sassc; 942 943 sassc = cam_sim_softc(sim); 944 945 MPS_FUNCTRACE(sassc->sc); 946 mps_dprint(sassc->sc, MPS_TRACE, "ccb func_code 0x%x\n", 947 ccb->ccb_h.func_code); 948 mtx_assert(&sassc->sc->mps_mtx, MA_OWNED); 949 950 switch (ccb->ccb_h.func_code) { 951 case XPT_PATH_INQ: 952 { 953 struct ccb_pathinq *cpi = &ccb->cpi; 954 struct mps_softc *sc = sassc->sc; 955 uint8_t sges_per_frame; 956 957 cpi->version_num = 1; 958 cpi->hba_inquiry = PI_SDTR_ABLE|PI_TAG_ABLE|PI_WIDE_16; 959 cpi->target_sprt = 0; 960 #if __FreeBSD_version >= 1000039 961 cpi->hba_misc = PIM_NOBUSRESET | PIM_UNMAPPED | PIM_NOSCAN; 962 #else 963 cpi->hba_misc = PIM_NOBUSRESET | PIM_UNMAPPED; 964 #endif 965 cpi->hba_eng_cnt = 0; 966 cpi->max_target = sassc->maxtargets - 1; 967 cpi->max_lun = 255; 968 969 /* 970 * initiator_id is set here to an ID outside the set of valid 971 * target IDs (including volumes). 972 */ 973 cpi->initiator_id = sassc->maxtargets; 974 strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN); 975 strlcpy(cpi->hba_vid, "Avago Tech", HBA_IDLEN); 976 strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN); 977 cpi->unit_number = cam_sim_unit(sim); 978 cpi->bus_id = cam_sim_bus(sim); 979 cpi->base_transfer_speed = 150000; 980 cpi->transport = XPORT_SAS; 981 cpi->transport_version = 0; 982 cpi->protocol = PROTO_SCSI; 983 cpi->protocol_version = SCSI_REV_SPC; 984 985 /* 986 * Max IO Size is Page Size * the following: 987 * ((SGEs per frame - 1 for chain element) * 988 * Max Chain Depth) + 1 for no chain needed in last frame 989 * 990 * If user suggests a Max IO size to use, use the smaller of the 991 * user's value and the calculated value as long as the user's 992 * value is larger than 0. The user's value is in pages. 993 */ 994 sges_per_frame = ((sc->facts->IOCRequestFrameSize * 4) / 995 sizeof(MPI2_SGE_SIMPLE64)) - 1; 996 cpi->maxio = (sges_per_frame * sc->facts->MaxChainDepth) + 1; 997 cpi->maxio *= PAGE_SIZE; 998 if ((sc->max_io_pages > 0) && (sc->max_io_pages * PAGE_SIZE < 999 cpi->maxio)) 1000 cpi->maxio = sc->max_io_pages * PAGE_SIZE; 1001 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 1002 break; 1003 } 1004 case XPT_GET_TRAN_SETTINGS: 1005 { 1006 struct ccb_trans_settings *cts; 1007 struct ccb_trans_settings_sas *sas; 1008 struct ccb_trans_settings_scsi *scsi; 1009 struct mpssas_target *targ; 1010 1011 cts = &ccb->cts; 1012 sas = &cts->xport_specific.sas; 1013 scsi = &cts->proto_specific.scsi; 1014 1015 KASSERT(cts->ccb_h.target_id < sassc->maxtargets, 1016 ("Target %d out of bounds in XPT_GET_TRANS_SETTINGS\n", 1017 cts->ccb_h.target_id)); 1018 targ = &sassc->targets[cts->ccb_h.target_id]; 1019 if (targ->handle == 0x0) { 1020 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 1021 break; 1022 } 1023 1024 cts->protocol_version = SCSI_REV_SPC2; 1025 cts->transport = XPORT_SAS; 1026 cts->transport_version = 0; 1027 1028 sas->valid = CTS_SAS_VALID_SPEED; 1029 switch (targ->linkrate) { 1030 case 0x08: 1031 sas->bitrate = 150000; 1032 break; 1033 case 0x09: 1034 sas->bitrate = 300000; 1035 break; 1036 case 0x0a: 1037 sas->bitrate = 600000; 1038 break; 1039 default: 1040 sas->valid = 0; 1041 } 1042 1043 cts->protocol = PROTO_SCSI; 1044 scsi->valid = CTS_SCSI_VALID_TQ; 1045 scsi->flags = CTS_SCSI_FLAGS_TAG_ENB; 1046 1047 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 1048 break; 1049 } 1050 case XPT_CALC_GEOMETRY: 1051 cam_calc_geometry(&ccb->ccg, /*extended*/1); 1052 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 1053 break; 1054 case XPT_RESET_DEV: 1055 mps_dprint(sassc->sc, MPS_XINFO, "mpssas_action XPT_RESET_DEV\n"); 1056 mpssas_action_resetdev(sassc, ccb); 1057 return; 1058 case XPT_RESET_BUS: 1059 case XPT_ABORT: 1060 case XPT_TERM_IO: 1061 mps_dprint(sassc->sc, MPS_XINFO, 1062 "mpssas_action faking success for abort or reset\n"); 1063 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 1064 break; 1065 case XPT_SCSI_IO: 1066 mpssas_action_scsiio(sassc, ccb); 1067 return; 1068 #if __FreeBSD_version >= 900026 1069 case XPT_SMP_IO: 1070 mpssas_action_smpio(sassc, ccb); 1071 return; 1072 #endif 1073 default: 1074 mpssas_set_ccbstatus(ccb, CAM_FUNC_NOTAVAIL); 1075 break; 1076 } 1077 xpt_done(ccb); 1078 1079 } 1080 1081 static void 1082 mpssas_announce_reset(struct mps_softc *sc, uint32_t ac_code, 1083 target_id_t target_id, lun_id_t lun_id) 1084 { 1085 path_id_t path_id = cam_sim_path(sc->sassc->sim); 1086 struct cam_path *path; 1087 1088 mps_dprint(sc, MPS_XINFO, "%s code %x target %d lun %jx\n", __func__, 1089 ac_code, target_id, (uintmax_t)lun_id); 1090 1091 if (xpt_create_path(&path, NULL, 1092 path_id, target_id, lun_id) != CAM_REQ_CMP) { 1093 mps_dprint(sc, MPS_ERROR, "unable to create path for reset " 1094 "notification\n"); 1095 return; 1096 } 1097 1098 xpt_async(ac_code, path, NULL); 1099 xpt_free_path(path); 1100 } 1101 1102 static void 1103 mpssas_complete_all_commands(struct mps_softc *sc) 1104 { 1105 struct mps_command *cm; 1106 int i; 1107 int completed; 1108 1109 MPS_FUNCTRACE(sc); 1110 mtx_assert(&sc->mps_mtx, MA_OWNED); 1111 1112 /* complete all commands with a NULL reply */ 1113 for (i = 1; i < sc->num_reqs; i++) { 1114 cm = &sc->commands[i]; 1115 cm->cm_reply = NULL; 1116 completed = 0; 1117 1118 if (cm->cm_flags & MPS_CM_FLAGS_POLLED) 1119 cm->cm_flags |= MPS_CM_FLAGS_COMPLETE; 1120 1121 if (cm->cm_complete != NULL) { 1122 mpssas_log_command(cm, MPS_RECOVERY, 1123 "completing cm %p state %x ccb %p for diag reset\n", 1124 cm, cm->cm_state, cm->cm_ccb); 1125 1126 cm->cm_complete(sc, cm); 1127 completed = 1; 1128 } 1129 1130 if (cm->cm_flags & MPS_CM_FLAGS_WAKEUP) { 1131 mpssas_log_command(cm, MPS_RECOVERY, 1132 "waking up cm %p state %x ccb %p for diag reset\n", 1133 cm, cm->cm_state, cm->cm_ccb); 1134 wakeup(cm); 1135 completed = 1; 1136 } 1137 1138 if (cm->cm_sc->io_cmds_active != 0) 1139 cm->cm_sc->io_cmds_active--; 1140 1141 if ((completed == 0) && (cm->cm_state != MPS_CM_STATE_FREE)) { 1142 /* this should never happen, but if it does, log */ 1143 mpssas_log_command(cm, MPS_RECOVERY, 1144 "cm %p state %x flags 0x%x ccb %p during diag " 1145 "reset\n", cm, cm->cm_state, cm->cm_flags, 1146 cm->cm_ccb); 1147 } 1148 } 1149 } 1150 1151 void 1152 mpssas_handle_reinit(struct mps_softc *sc) 1153 { 1154 int i; 1155 1156 /* Go back into startup mode and freeze the simq, so that CAM 1157 * doesn't send any commands until after we've rediscovered all 1158 * targets and found the proper device handles for them. 1159 * 1160 * After the reset, portenable will trigger discovery, and after all 1161 * discovery-related activities have finished, the simq will be 1162 * released. 1163 */ 1164 mps_dprint(sc, MPS_INIT, "%s startup\n", __func__); 1165 sc->sassc->flags |= MPSSAS_IN_STARTUP; 1166 sc->sassc->flags |= MPSSAS_IN_DISCOVERY; 1167 mpssas_startup_increment(sc->sassc); 1168 1169 /* notify CAM of a bus reset */ 1170 mpssas_announce_reset(sc, AC_BUS_RESET, CAM_TARGET_WILDCARD, 1171 CAM_LUN_WILDCARD); 1172 1173 /* complete and cleanup after all outstanding commands */ 1174 mpssas_complete_all_commands(sc); 1175 1176 mps_dprint(sc, MPS_INIT, 1177 "%s startup %u after command completion\n", __func__, 1178 sc->sassc->startup_refcount); 1179 1180 /* zero all the target handles, since they may change after the 1181 * reset, and we have to rediscover all the targets and use the new 1182 * handles. 1183 */ 1184 for (i = 0; i < sc->sassc->maxtargets; i++) { 1185 if (sc->sassc->targets[i].outstanding != 0) 1186 mps_dprint(sc, MPS_INIT, "target %u outstanding %u\n", 1187 i, sc->sassc->targets[i].outstanding); 1188 sc->sassc->targets[i].handle = 0x0; 1189 sc->sassc->targets[i].exp_dev_handle = 0x0; 1190 sc->sassc->targets[i].outstanding = 0; 1191 sc->sassc->targets[i].flags = MPSSAS_TARGET_INDIAGRESET; 1192 } 1193 } 1194 1195 static void 1196 mpssas_tm_timeout(void *data) 1197 { 1198 struct mps_command *tm = data; 1199 struct mps_softc *sc = tm->cm_sc; 1200 1201 mtx_assert(&sc->mps_mtx, MA_OWNED); 1202 1203 mpssas_log_command(tm, MPS_INFO|MPS_RECOVERY, 1204 "task mgmt %p timed out\n", tm); 1205 mps_reinit(sc); 1206 } 1207 1208 static void 1209 mpssas_logical_unit_reset_complete(struct mps_softc *sc, struct mps_command *tm) 1210 { 1211 MPI2_SCSI_TASK_MANAGE_REPLY *reply; 1212 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1213 unsigned int cm_count = 0; 1214 struct mps_command *cm; 1215 struct mpssas_target *targ; 1216 1217 callout_stop(&tm->cm_callout); 1218 1219 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 1220 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply; 1221 targ = tm->cm_targ; 1222 1223 /* 1224 * Currently there should be no way we can hit this case. It only 1225 * happens when we have a failure to allocate chain frames, and 1226 * task management commands don't have S/G lists. 1227 * XXXSL So should it be an assertion? 1228 */ 1229 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 1230 mps_dprint(sc, MPS_ERROR, "%s: cm_flags = %#x for LUN reset! " 1231 "This should not happen!\n", __func__, tm->cm_flags); 1232 mpssas_free_tm(sc, tm); 1233 return; 1234 } 1235 1236 if (reply == NULL) { 1237 mpssas_log_command(tm, MPS_RECOVERY, 1238 "NULL reset reply for tm %p\n", tm); 1239 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) { 1240 /* this completion was due to a reset, just cleanup */ 1241 targ->tm = NULL; 1242 mpssas_free_tm(sc, tm); 1243 } 1244 else { 1245 /* we should have gotten a reply. */ 1246 mps_reinit(sc); 1247 } 1248 return; 1249 } 1250 1251 mpssas_log_command(tm, MPS_RECOVERY, 1252 "logical unit reset status 0x%x code 0x%x count %u\n", 1253 le16toh(reply->IOCStatus), le32toh(reply->ResponseCode), 1254 le32toh(reply->TerminationCount)); 1255 1256 /* See if there are any outstanding commands for this LUN. 1257 * This could be made more efficient by using a per-LU data 1258 * structure of some sort. 1259 */ 1260 TAILQ_FOREACH(cm, &targ->commands, cm_link) { 1261 if (cm->cm_lun == tm->cm_lun) 1262 cm_count++; 1263 } 1264 1265 if (cm_count == 0) { 1266 mpssas_log_command(tm, MPS_RECOVERY|MPS_INFO, 1267 "logical unit %u finished recovery after reset\n", 1268 tm->cm_lun, tm); 1269 1270 mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid, 1271 tm->cm_lun); 1272 1273 /* we've finished recovery for this logical unit. check and 1274 * see if some other logical unit has a timedout command 1275 * that needs to be processed. 1276 */ 1277 cm = TAILQ_FIRST(&targ->timedout_commands); 1278 if (cm) { 1279 mpssas_send_abort(sc, tm, cm); 1280 } 1281 else { 1282 targ->tm = NULL; 1283 mpssas_free_tm(sc, tm); 1284 } 1285 } 1286 else { 1287 /* if we still have commands for this LUN, the reset 1288 * effectively failed, regardless of the status reported. 1289 * Escalate to a target reset. 1290 */ 1291 mpssas_log_command(tm, MPS_RECOVERY, 1292 "logical unit reset complete for tm %p, but still have %u command(s)\n", 1293 tm, cm_count); 1294 mpssas_send_reset(sc, tm, 1295 MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET); 1296 } 1297 } 1298 1299 static void 1300 mpssas_target_reset_complete(struct mps_softc *sc, struct mps_command *tm) 1301 { 1302 MPI2_SCSI_TASK_MANAGE_REPLY *reply; 1303 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1304 struct mpssas_target *targ; 1305 1306 callout_stop(&tm->cm_callout); 1307 1308 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 1309 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply; 1310 targ = tm->cm_targ; 1311 1312 /* 1313 * Currently there should be no way we can hit this case. It only 1314 * happens when we have a failure to allocate chain frames, and 1315 * task management commands don't have S/G lists. 1316 */ 1317 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 1318 mps_dprint(sc, MPS_ERROR,"%s: cm_flags = %#x for target reset! " 1319 "This should not happen!\n", __func__, tm->cm_flags); 1320 mpssas_free_tm(sc, tm); 1321 return; 1322 } 1323 1324 if (reply == NULL) { 1325 mpssas_log_command(tm, MPS_RECOVERY, 1326 "NULL reset reply for tm %p\n", tm); 1327 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) { 1328 /* this completion was due to a reset, just cleanup */ 1329 targ->tm = NULL; 1330 mpssas_free_tm(sc, tm); 1331 } 1332 else { 1333 /* we should have gotten a reply. */ 1334 mps_reinit(sc); 1335 } 1336 return; 1337 } 1338 1339 mpssas_log_command(tm, MPS_RECOVERY, 1340 "target reset status 0x%x code 0x%x count %u\n", 1341 le16toh(reply->IOCStatus), le32toh(reply->ResponseCode), 1342 le32toh(reply->TerminationCount)); 1343 1344 if (targ->outstanding == 0) { 1345 /* we've finished recovery for this target and all 1346 * of its logical units. 1347 */ 1348 mpssas_log_command(tm, MPS_RECOVERY|MPS_INFO, 1349 "recovery finished after target reset\n"); 1350 1351 mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid, 1352 CAM_LUN_WILDCARD); 1353 1354 targ->tm = NULL; 1355 mpssas_free_tm(sc, tm); 1356 } 1357 else { 1358 /* after a target reset, if this target still has 1359 * outstanding commands, the reset effectively failed, 1360 * regardless of the status reported. escalate. 1361 */ 1362 mpssas_log_command(tm, MPS_RECOVERY, 1363 "target reset complete for tm %p, but still have %u command(s)\n", 1364 tm, targ->outstanding); 1365 mps_reinit(sc); 1366 } 1367 } 1368 1369 #define MPS_RESET_TIMEOUT 30 1370 1371 int 1372 mpssas_send_reset(struct mps_softc *sc, struct mps_command *tm, uint8_t type) 1373 { 1374 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1375 struct mpssas_target *target; 1376 int err; 1377 1378 target = tm->cm_targ; 1379 if (target->handle == 0) { 1380 mps_dprint(sc, MPS_ERROR,"%s null devhandle for target_id %d\n", 1381 __func__, target->tid); 1382 return -1; 1383 } 1384 1385 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 1386 req->DevHandle = htole16(target->handle); 1387 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 1388 req->TaskType = type; 1389 1390 if (type == MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET) { 1391 /* XXX Need to handle invalid LUNs */ 1392 MPS_SET_LUN(req->LUN, tm->cm_lun); 1393 tm->cm_targ->logical_unit_resets++; 1394 mpssas_log_command(tm, MPS_RECOVERY|MPS_INFO, 1395 "sending logical unit reset\n"); 1396 tm->cm_complete = mpssas_logical_unit_reset_complete; 1397 mpssas_prepare_for_tm(sc, tm, target, tm->cm_lun); 1398 } 1399 else if (type == MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET) { 1400 /* 1401 * Target reset method = 1402 * SAS Hard Link Reset / SATA Link Reset 1403 */ 1404 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET; 1405 tm->cm_targ->target_resets++; 1406 mpssas_log_command(tm, MPS_RECOVERY|MPS_INFO, 1407 "sending target reset\n"); 1408 tm->cm_complete = mpssas_target_reset_complete; 1409 mpssas_prepare_for_tm(sc, tm, target, CAM_LUN_WILDCARD); 1410 } 1411 else { 1412 mps_dprint(sc, MPS_ERROR, "unexpected reset type 0x%x\n", type); 1413 return -1; 1414 } 1415 1416 tm->cm_data = NULL; 1417 tm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY; 1418 tm->cm_complete_data = (void *)tm; 1419 1420 callout_reset(&tm->cm_callout, MPS_RESET_TIMEOUT * hz, 1421 mpssas_tm_timeout, tm); 1422 1423 err = mps_map_command(sc, tm); 1424 if (err) 1425 mpssas_log_command(tm, MPS_RECOVERY, 1426 "error %d sending reset type %u\n", 1427 err, type); 1428 1429 return err; 1430 } 1431 1432 1433 static void 1434 mpssas_abort_complete(struct mps_softc *sc, struct mps_command *tm) 1435 { 1436 struct mps_command *cm; 1437 MPI2_SCSI_TASK_MANAGE_REPLY *reply; 1438 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1439 struct mpssas_target *targ; 1440 1441 callout_stop(&tm->cm_callout); 1442 1443 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 1444 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply; 1445 targ = tm->cm_targ; 1446 1447 /* 1448 * Currently there should be no way we can hit this case. It only 1449 * happens when we have a failure to allocate chain frames, and 1450 * task management commands don't have S/G lists. 1451 */ 1452 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 1453 mpssas_log_command(tm, MPS_RECOVERY, 1454 "cm_flags = %#x for abort %p TaskMID %u!\n", 1455 tm->cm_flags, tm, le16toh(req->TaskMID)); 1456 mpssas_free_tm(sc, tm); 1457 return; 1458 } 1459 1460 if (reply == NULL) { 1461 mpssas_log_command(tm, MPS_RECOVERY, 1462 "NULL abort reply for tm %p TaskMID %u\n", 1463 tm, le16toh(req->TaskMID)); 1464 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) { 1465 /* this completion was due to a reset, just cleanup */ 1466 targ->tm = NULL; 1467 mpssas_free_tm(sc, tm); 1468 } 1469 else { 1470 /* we should have gotten a reply. */ 1471 mps_reinit(sc); 1472 } 1473 return; 1474 } 1475 1476 mpssas_log_command(tm, MPS_RECOVERY, 1477 "abort TaskMID %u status 0x%x code 0x%x count %u\n", 1478 le16toh(req->TaskMID), 1479 le16toh(reply->IOCStatus), le32toh(reply->ResponseCode), 1480 le32toh(reply->TerminationCount)); 1481 1482 cm = TAILQ_FIRST(&tm->cm_targ->timedout_commands); 1483 if (cm == NULL) { 1484 /* if there are no more timedout commands, we're done with 1485 * error recovery for this target. 1486 */ 1487 mpssas_log_command(tm, MPS_RECOVERY, 1488 "finished recovery after aborting TaskMID %u\n", 1489 le16toh(req->TaskMID)); 1490 1491 targ->tm = NULL; 1492 mpssas_free_tm(sc, tm); 1493 } 1494 else if (le16toh(req->TaskMID) != cm->cm_desc.Default.SMID) { 1495 /* abort success, but we have more timedout commands to abort */ 1496 mpssas_log_command(tm, MPS_RECOVERY, 1497 "continuing recovery after aborting TaskMID %u\n", 1498 le16toh(req->TaskMID)); 1499 1500 mpssas_send_abort(sc, tm, cm); 1501 } 1502 else { 1503 /* we didn't get a command completion, so the abort 1504 * failed as far as we're concerned. escalate. 1505 */ 1506 mpssas_log_command(tm, MPS_RECOVERY, 1507 "abort failed for TaskMID %u tm %p\n", 1508 le16toh(req->TaskMID), tm); 1509 1510 mpssas_send_reset(sc, tm, 1511 MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET); 1512 } 1513 } 1514 1515 #define MPS_ABORT_TIMEOUT 5 1516 1517 static int 1518 mpssas_send_abort(struct mps_softc *sc, struct mps_command *tm, struct mps_command *cm) 1519 { 1520 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1521 struct mpssas_target *targ; 1522 int err; 1523 1524 targ = cm->cm_targ; 1525 if (targ->handle == 0) { 1526 mps_dprint(sc, MPS_ERROR,"%s null devhandle for target_id %d\n", 1527 __func__, cm->cm_ccb->ccb_h.target_id); 1528 return -1; 1529 } 1530 1531 mpssas_log_command(cm, MPS_RECOVERY|MPS_INFO, 1532 "Aborting command %p\n", cm); 1533 1534 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 1535 req->DevHandle = htole16(targ->handle); 1536 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 1537 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK; 1538 1539 /* XXX Need to handle invalid LUNs */ 1540 MPS_SET_LUN(req->LUN, cm->cm_ccb->ccb_h.target_lun); 1541 1542 req->TaskMID = htole16(cm->cm_desc.Default.SMID); 1543 1544 tm->cm_data = NULL; 1545 tm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY; 1546 tm->cm_complete = mpssas_abort_complete; 1547 tm->cm_complete_data = (void *)tm; 1548 tm->cm_targ = cm->cm_targ; 1549 tm->cm_lun = cm->cm_lun; 1550 1551 callout_reset(&tm->cm_callout, MPS_ABORT_TIMEOUT * hz, 1552 mpssas_tm_timeout, tm); 1553 1554 targ->aborts++; 1555 1556 mps_dprint(sc, MPS_INFO, "Sending reset from %s for target ID %d\n", 1557 __func__, targ->tid); 1558 mpssas_prepare_for_tm(sc, tm, targ, tm->cm_lun); 1559 1560 err = mps_map_command(sc, tm); 1561 if (err) 1562 mps_dprint(sc, MPS_RECOVERY, 1563 "error %d sending abort for cm %p SMID %u\n", 1564 err, cm, req->TaskMID); 1565 return err; 1566 } 1567 1568 static void 1569 mpssas_scsiio_timeout(void *data) 1570 { 1571 struct mps_softc *sc; 1572 struct mps_command *cm; 1573 struct mpssas_target *targ; 1574 1575 cm = (struct mps_command *)data; 1576 sc = cm->cm_sc; 1577 1578 MPS_FUNCTRACE(sc); 1579 mtx_assert(&sc->mps_mtx, MA_OWNED); 1580 1581 mps_dprint(sc, MPS_XINFO, "Timeout checking cm %p\n", sc); 1582 1583 /* 1584 * Run the interrupt handler to make sure it's not pending. This 1585 * isn't perfect because the command could have already completed 1586 * and been re-used, though this is unlikely. 1587 */ 1588 mps_intr_locked(sc); 1589 if (cm->cm_state == MPS_CM_STATE_FREE) { 1590 mpssas_log_command(cm, MPS_XINFO, 1591 "SCSI command %p almost timed out\n", cm); 1592 return; 1593 } 1594 1595 if (cm->cm_ccb == NULL) { 1596 mps_dprint(sc, MPS_ERROR, "command timeout with NULL ccb\n"); 1597 return; 1598 } 1599 1600 targ = cm->cm_targ; 1601 targ->timeouts++; 1602 1603 mpssas_log_command(cm, MPS_ERROR, "command timeout %d cm %p target " 1604 "%u, handle(0x%04x)\n", cm->cm_ccb->ccb_h.timeout, cm, targ->tid, 1605 targ->handle); 1606 1607 /* XXX first, check the firmware state, to see if it's still 1608 * operational. if not, do a diag reset. 1609 */ 1610 mpssas_set_ccbstatus(cm->cm_ccb, CAM_CMD_TIMEOUT); 1611 cm->cm_state = MPS_CM_STATE_TIMEDOUT; 1612 TAILQ_INSERT_TAIL(&targ->timedout_commands, cm, cm_recovery); 1613 1614 if (targ->tm != NULL) { 1615 /* target already in recovery, just queue up another 1616 * timedout command to be processed later. 1617 */ 1618 mps_dprint(sc, MPS_RECOVERY, 1619 "queued timedout cm %p for processing by tm %p\n", 1620 cm, targ->tm); 1621 } 1622 else if ((targ->tm = mpssas_alloc_tm(sc)) != NULL) { 1623 mps_dprint(sc, MPS_RECOVERY, "timedout cm %p allocated tm %p\n", 1624 cm, targ->tm); 1625 1626 /* start recovery by aborting the first timedout command */ 1627 mpssas_send_abort(sc, targ->tm, cm); 1628 } 1629 else { 1630 /* XXX queue this target up for recovery once a TM becomes 1631 * available. The firmware only has a limited number of 1632 * HighPriority credits for the high priority requests used 1633 * for task management, and we ran out. 1634 * 1635 * Isilon: don't worry about this for now, since we have 1636 * more credits than disks in an enclosure, and limit 1637 * ourselves to one TM per target for recovery. 1638 */ 1639 mps_dprint(sc, MPS_RECOVERY, 1640 "timedout cm %p failed to allocate a tm\n", cm); 1641 } 1642 1643 } 1644 1645 static void 1646 mpssas_action_scsiio(struct mpssas_softc *sassc, union ccb *ccb) 1647 { 1648 MPI2_SCSI_IO_REQUEST *req; 1649 struct ccb_scsiio *csio; 1650 struct mps_softc *sc; 1651 struct mpssas_target *targ; 1652 struct mpssas_lun *lun; 1653 struct mps_command *cm; 1654 uint8_t i, lba_byte, *ref_tag_addr; 1655 uint16_t eedp_flags; 1656 uint32_t mpi_control; 1657 1658 sc = sassc->sc; 1659 MPS_FUNCTRACE(sc); 1660 mtx_assert(&sc->mps_mtx, MA_OWNED); 1661 1662 csio = &ccb->csio; 1663 KASSERT(csio->ccb_h.target_id < sassc->maxtargets, 1664 ("Target %d out of bounds in XPT_SCSI_IO\n", 1665 csio->ccb_h.target_id)); 1666 targ = &sassc->targets[csio->ccb_h.target_id]; 1667 mps_dprint(sc, MPS_TRACE, "ccb %p target flag %x\n", ccb, targ->flags); 1668 if (targ->handle == 0x0) { 1669 mps_dprint(sc, MPS_ERROR, "%s NULL handle for target %u\n", 1670 __func__, csio->ccb_h.target_id); 1671 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 1672 xpt_done(ccb); 1673 return; 1674 } 1675 if (targ->flags & MPS_TARGET_FLAGS_RAID_COMPONENT) { 1676 mps_dprint(sc, MPS_ERROR, "%s Raid component no SCSI IO " 1677 "supported %u\n", __func__, csio->ccb_h.target_id); 1678 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 1679 xpt_done(ccb); 1680 return; 1681 } 1682 /* 1683 * Sometimes, it is possible to get a command that is not "In 1684 * Progress" and was actually aborted by the upper layer. Check for 1685 * this here and complete the command without error. 1686 */ 1687 if (mpssas_get_ccbstatus(ccb) != CAM_REQ_INPROG) { 1688 mps_dprint(sc, MPS_TRACE, "%s Command is not in progress for " 1689 "target %u\n", __func__, csio->ccb_h.target_id); 1690 xpt_done(ccb); 1691 return; 1692 } 1693 /* 1694 * If devinfo is 0 this will be a volume. In that case don't tell CAM 1695 * that the volume has timed out. We want volumes to be enumerated 1696 * until they are deleted/removed, not just failed. 1697 */ 1698 if (targ->flags & MPSSAS_TARGET_INREMOVAL) { 1699 if (targ->devinfo == 0) 1700 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 1701 else 1702 mpssas_set_ccbstatus(ccb, CAM_SEL_TIMEOUT); 1703 xpt_done(ccb); 1704 return; 1705 } 1706 1707 if ((sc->mps_flags & MPS_FLAGS_SHUTDOWN) != 0) { 1708 mps_dprint(sc, MPS_INFO, "%s shutting down\n", __func__); 1709 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 1710 xpt_done(ccb); 1711 return; 1712 } 1713 1714 /* 1715 * If target has a reset in progress, freeze the devq and return. The 1716 * devq will be released when the TM reset is finished. 1717 */ 1718 if (targ->flags & MPSSAS_TARGET_INRESET) { 1719 ccb->ccb_h.status = CAM_BUSY | CAM_DEV_QFRZN; 1720 mps_dprint(sc, MPS_INFO, "%s: Freezing devq for target ID %d\n", 1721 __func__, targ->tid); 1722 xpt_freeze_devq(ccb->ccb_h.path, 1); 1723 xpt_done(ccb); 1724 return; 1725 } 1726 1727 cm = mps_alloc_command(sc); 1728 if (cm == NULL || (sc->mps_flags & MPS_FLAGS_DIAGRESET)) { 1729 if (cm != NULL) { 1730 mps_free_command(sc, cm); 1731 } 1732 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) { 1733 xpt_freeze_simq(sassc->sim, 1); 1734 sassc->flags |= MPSSAS_QUEUE_FROZEN; 1735 } 1736 ccb->ccb_h.status &= ~CAM_SIM_QUEUED; 1737 ccb->ccb_h.status |= CAM_REQUEUE_REQ; 1738 xpt_done(ccb); 1739 return; 1740 } 1741 1742 req = (MPI2_SCSI_IO_REQUEST *)cm->cm_req; 1743 bzero(req, sizeof(*req)); 1744 req->DevHandle = htole16(targ->handle); 1745 req->Function = MPI2_FUNCTION_SCSI_IO_REQUEST; 1746 req->MsgFlags = 0; 1747 req->SenseBufferLowAddress = htole32(cm->cm_sense_busaddr); 1748 req->SenseBufferLength = MPS_SENSE_LEN; 1749 req->SGLFlags = 0; 1750 req->ChainOffset = 0; 1751 req->SGLOffset0 = 24; /* 32bit word offset to the SGL */ 1752 req->SGLOffset1= 0; 1753 req->SGLOffset2= 0; 1754 req->SGLOffset3= 0; 1755 req->SkipCount = 0; 1756 req->DataLength = htole32(csio->dxfer_len); 1757 req->BidirectionalDataLength = 0; 1758 req->IoFlags = htole16(csio->cdb_len); 1759 req->EEDPFlags = 0; 1760 1761 /* Note: BiDirectional transfers are not supported */ 1762 switch (csio->ccb_h.flags & CAM_DIR_MASK) { 1763 case CAM_DIR_IN: 1764 mpi_control = MPI2_SCSIIO_CONTROL_READ; 1765 cm->cm_flags |= MPS_CM_FLAGS_DATAIN; 1766 break; 1767 case CAM_DIR_OUT: 1768 mpi_control = MPI2_SCSIIO_CONTROL_WRITE; 1769 cm->cm_flags |= MPS_CM_FLAGS_DATAOUT; 1770 break; 1771 case CAM_DIR_NONE: 1772 default: 1773 mpi_control = MPI2_SCSIIO_CONTROL_NODATATRANSFER; 1774 break; 1775 } 1776 1777 if (csio->cdb_len == 32) 1778 mpi_control |= 4 << MPI2_SCSIIO_CONTROL_ADDCDBLEN_SHIFT; 1779 /* 1780 * It looks like the hardware doesn't require an explicit tag 1781 * number for each transaction. SAM Task Management not supported 1782 * at the moment. 1783 */ 1784 switch (csio->tag_action) { 1785 case MSG_HEAD_OF_Q_TAG: 1786 mpi_control |= MPI2_SCSIIO_CONTROL_HEADOFQ; 1787 break; 1788 case MSG_ORDERED_Q_TAG: 1789 mpi_control |= MPI2_SCSIIO_CONTROL_ORDEREDQ; 1790 break; 1791 case MSG_ACA_TASK: 1792 mpi_control |= MPI2_SCSIIO_CONTROL_ACAQ; 1793 break; 1794 case CAM_TAG_ACTION_NONE: 1795 case MSG_SIMPLE_Q_TAG: 1796 default: 1797 mpi_control |= MPI2_SCSIIO_CONTROL_SIMPLEQ; 1798 break; 1799 } 1800 mpi_control |= sc->mapping_table[csio->ccb_h.target_id].TLR_bits; 1801 req->Control = htole32(mpi_control); 1802 if (MPS_SET_LUN(req->LUN, csio->ccb_h.target_lun) != 0) { 1803 mps_free_command(sc, cm); 1804 mpssas_set_ccbstatus(ccb, CAM_LUN_INVALID); 1805 xpt_done(ccb); 1806 return; 1807 } 1808 1809 if (csio->ccb_h.flags & CAM_CDB_POINTER) 1810 bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len); 1811 else 1812 bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len); 1813 req->IoFlags = htole16(csio->cdb_len); 1814 1815 /* 1816 * Check if EEDP is supported and enabled. If it is then check if the 1817 * SCSI opcode could be using EEDP. If so, make sure the LUN exists and 1818 * is formatted for EEDP support. If all of this is true, set CDB up 1819 * for EEDP transfer. 1820 */ 1821 eedp_flags = op_code_prot[req->CDB.CDB32[0]]; 1822 if (sc->eedp_enabled && eedp_flags) { 1823 SLIST_FOREACH(lun, &targ->luns, lun_link) { 1824 if (lun->lun_id == csio->ccb_h.target_lun) { 1825 break; 1826 } 1827 } 1828 1829 if ((lun != NULL) && (lun->eedp_formatted)) { 1830 req->EEDPBlockSize = htole16(lun->eedp_block_size); 1831 eedp_flags |= (MPI2_SCSIIO_EEDPFLAGS_INC_PRI_REFTAG | 1832 MPI2_SCSIIO_EEDPFLAGS_CHECK_REFTAG | 1833 MPI2_SCSIIO_EEDPFLAGS_CHECK_GUARD); 1834 req->EEDPFlags = htole16(eedp_flags); 1835 1836 /* 1837 * If CDB less than 32, fill in Primary Ref Tag with 1838 * low 4 bytes of LBA. If CDB is 32, tag stuff is 1839 * already there. Also, set protection bit. FreeBSD 1840 * currently does not support CDBs bigger than 16, but 1841 * the code doesn't hurt, and will be here for the 1842 * future. 1843 */ 1844 if (csio->cdb_len != 32) { 1845 lba_byte = (csio->cdb_len == 16) ? 6 : 2; 1846 ref_tag_addr = (uint8_t *)&req->CDB.EEDP32. 1847 PrimaryReferenceTag; 1848 for (i = 0; i < 4; i++) { 1849 *ref_tag_addr = 1850 req->CDB.CDB32[lba_byte + i]; 1851 ref_tag_addr++; 1852 } 1853 req->CDB.EEDP32.PrimaryReferenceTag = 1854 htole32(req->CDB.EEDP32.PrimaryReferenceTag); 1855 req->CDB.EEDP32.PrimaryApplicationTagMask = 1856 0xFFFF; 1857 req->CDB.CDB32[1] = (req->CDB.CDB32[1] & 0x1F) | 1858 0x20; 1859 } else { 1860 eedp_flags |= 1861 MPI2_SCSIIO_EEDPFLAGS_INC_PRI_APPTAG; 1862 req->EEDPFlags = htole16(eedp_flags); 1863 req->CDB.CDB32[10] = (req->CDB.CDB32[10] & 1864 0x1F) | 0x20; 1865 } 1866 } 1867 } 1868 1869 cm->cm_length = csio->dxfer_len; 1870 if (cm->cm_length != 0) { 1871 cm->cm_data = ccb; 1872 cm->cm_flags |= MPS_CM_FLAGS_USE_CCB; 1873 } else { 1874 cm->cm_data = NULL; 1875 } 1876 cm->cm_sge = &req->SGL; 1877 cm->cm_sglsize = (32 - 24) * 4; 1878 cm->cm_desc.SCSIIO.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO; 1879 cm->cm_desc.SCSIIO.DevHandle = htole16(targ->handle); 1880 cm->cm_complete = mpssas_scsiio_complete; 1881 cm->cm_complete_data = ccb; 1882 cm->cm_targ = targ; 1883 cm->cm_lun = csio->ccb_h.target_lun; 1884 cm->cm_ccb = ccb; 1885 1886 /* 1887 * If HBA is a WD and the command is not for a retry, try to build a 1888 * direct I/O message. If failed, or the command is for a retry, send 1889 * the I/O to the IR volume itself. 1890 */ 1891 if (sc->WD_valid_config) { 1892 if (ccb->ccb_h.sim_priv.entries[0].field == MPS_WD_RETRY) { 1893 mpssas_direct_drive_io(sassc, cm, ccb); 1894 } else { 1895 mpssas_set_ccbstatus(ccb, CAM_REQ_INPROG); 1896 } 1897 } 1898 1899 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING) 1900 if (csio->bio != NULL) 1901 biotrack(csio->bio, __func__); 1902 #endif 1903 callout_reset_sbt(&cm->cm_callout, SBT_1MS * ccb->ccb_h.timeout, 0, 1904 mpssas_scsiio_timeout, cm, 0); 1905 1906 targ->issued++; 1907 targ->outstanding++; 1908 TAILQ_INSERT_TAIL(&targ->commands, cm, cm_link); 1909 ccb->ccb_h.status |= CAM_SIM_QUEUED; 1910 1911 mpssas_log_command(cm, MPS_XINFO, "%s cm %p ccb %p outstanding %u\n", 1912 __func__, cm, ccb, targ->outstanding); 1913 1914 mps_map_command(sc, cm); 1915 return; 1916 } 1917 1918 static void 1919 mps_response_code(struct mps_softc *sc, u8 response_code) 1920 { 1921 char *desc; 1922 1923 switch (response_code) { 1924 case MPI2_SCSITASKMGMT_RSP_TM_COMPLETE: 1925 desc = "task management request completed"; 1926 break; 1927 case MPI2_SCSITASKMGMT_RSP_INVALID_FRAME: 1928 desc = "invalid frame"; 1929 break; 1930 case MPI2_SCSITASKMGMT_RSP_TM_NOT_SUPPORTED: 1931 desc = "task management request not supported"; 1932 break; 1933 case MPI2_SCSITASKMGMT_RSP_TM_FAILED: 1934 desc = "task management request failed"; 1935 break; 1936 case MPI2_SCSITASKMGMT_RSP_TM_SUCCEEDED: 1937 desc = "task management request succeeded"; 1938 break; 1939 case MPI2_SCSITASKMGMT_RSP_TM_INVALID_LUN: 1940 desc = "invalid lun"; 1941 break; 1942 case 0xA: 1943 desc = "overlapped tag attempted"; 1944 break; 1945 case MPI2_SCSITASKMGMT_RSP_IO_QUEUED_ON_IOC: 1946 desc = "task queued, however not sent to target"; 1947 break; 1948 default: 1949 desc = "unknown"; 1950 break; 1951 } 1952 mps_dprint(sc, MPS_XINFO, "response_code(0x%01x): %s\n", 1953 response_code, desc); 1954 } 1955 /** 1956 * mps_sc_failed_io_info - translated non-succesfull SCSI_IO request 1957 */ 1958 static void 1959 mps_sc_failed_io_info(struct mps_softc *sc, struct ccb_scsiio *csio, 1960 Mpi2SCSIIOReply_t *mpi_reply) 1961 { 1962 u32 response_info; 1963 u8 *response_bytes; 1964 u16 ioc_status = le16toh(mpi_reply->IOCStatus) & 1965 MPI2_IOCSTATUS_MASK; 1966 u8 scsi_state = mpi_reply->SCSIState; 1967 u8 scsi_status = mpi_reply->SCSIStatus; 1968 char *desc_ioc_state = NULL; 1969 char *desc_scsi_status = NULL; 1970 char *desc_scsi_state = sc->tmp_string; 1971 u32 log_info = le32toh(mpi_reply->IOCLogInfo); 1972 1973 if (log_info == 0x31170000) 1974 return; 1975 1976 switch (ioc_status) { 1977 case MPI2_IOCSTATUS_SUCCESS: 1978 desc_ioc_state = "success"; 1979 break; 1980 case MPI2_IOCSTATUS_INVALID_FUNCTION: 1981 desc_ioc_state = "invalid function"; 1982 break; 1983 case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR: 1984 desc_ioc_state = "scsi recovered error"; 1985 break; 1986 case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE: 1987 desc_ioc_state = "scsi invalid dev handle"; 1988 break; 1989 case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE: 1990 desc_ioc_state = "scsi device not there"; 1991 break; 1992 case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN: 1993 desc_ioc_state = "scsi data overrun"; 1994 break; 1995 case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN: 1996 desc_ioc_state = "scsi data underrun"; 1997 break; 1998 case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR: 1999 desc_ioc_state = "scsi io data error"; 2000 break; 2001 case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR: 2002 desc_ioc_state = "scsi protocol error"; 2003 break; 2004 case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED: 2005 desc_ioc_state = "scsi task terminated"; 2006 break; 2007 case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH: 2008 desc_ioc_state = "scsi residual mismatch"; 2009 break; 2010 case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED: 2011 desc_ioc_state = "scsi task mgmt failed"; 2012 break; 2013 case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED: 2014 desc_ioc_state = "scsi ioc terminated"; 2015 break; 2016 case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED: 2017 desc_ioc_state = "scsi ext terminated"; 2018 break; 2019 case MPI2_IOCSTATUS_EEDP_GUARD_ERROR: 2020 desc_ioc_state = "eedp guard error"; 2021 break; 2022 case MPI2_IOCSTATUS_EEDP_REF_TAG_ERROR: 2023 desc_ioc_state = "eedp ref tag error"; 2024 break; 2025 case MPI2_IOCSTATUS_EEDP_APP_TAG_ERROR: 2026 desc_ioc_state = "eedp app tag error"; 2027 break; 2028 default: 2029 desc_ioc_state = "unknown"; 2030 break; 2031 } 2032 2033 switch (scsi_status) { 2034 case MPI2_SCSI_STATUS_GOOD: 2035 desc_scsi_status = "good"; 2036 break; 2037 case MPI2_SCSI_STATUS_CHECK_CONDITION: 2038 desc_scsi_status = "check condition"; 2039 break; 2040 case MPI2_SCSI_STATUS_CONDITION_MET: 2041 desc_scsi_status = "condition met"; 2042 break; 2043 case MPI2_SCSI_STATUS_BUSY: 2044 desc_scsi_status = "busy"; 2045 break; 2046 case MPI2_SCSI_STATUS_INTERMEDIATE: 2047 desc_scsi_status = "intermediate"; 2048 break; 2049 case MPI2_SCSI_STATUS_INTERMEDIATE_CONDMET: 2050 desc_scsi_status = "intermediate condmet"; 2051 break; 2052 case MPI2_SCSI_STATUS_RESERVATION_CONFLICT: 2053 desc_scsi_status = "reservation conflict"; 2054 break; 2055 case MPI2_SCSI_STATUS_COMMAND_TERMINATED: 2056 desc_scsi_status = "command terminated"; 2057 break; 2058 case MPI2_SCSI_STATUS_TASK_SET_FULL: 2059 desc_scsi_status = "task set full"; 2060 break; 2061 case MPI2_SCSI_STATUS_ACA_ACTIVE: 2062 desc_scsi_status = "aca active"; 2063 break; 2064 case MPI2_SCSI_STATUS_TASK_ABORTED: 2065 desc_scsi_status = "task aborted"; 2066 break; 2067 default: 2068 desc_scsi_status = "unknown"; 2069 break; 2070 } 2071 2072 desc_scsi_state[0] = '\0'; 2073 if (!scsi_state) 2074 desc_scsi_state = " "; 2075 if (scsi_state & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) 2076 strcat(desc_scsi_state, "response info "); 2077 if (scsi_state & MPI2_SCSI_STATE_TERMINATED) 2078 strcat(desc_scsi_state, "state terminated "); 2079 if (scsi_state & MPI2_SCSI_STATE_NO_SCSI_STATUS) 2080 strcat(desc_scsi_state, "no status "); 2081 if (scsi_state & MPI2_SCSI_STATE_AUTOSENSE_FAILED) 2082 strcat(desc_scsi_state, "autosense failed "); 2083 if (scsi_state & MPI2_SCSI_STATE_AUTOSENSE_VALID) 2084 strcat(desc_scsi_state, "autosense valid "); 2085 2086 mps_dprint(sc, MPS_XINFO, "\thandle(0x%04x), ioc_status(%s)(0x%04x)\n", 2087 le16toh(mpi_reply->DevHandle), desc_ioc_state, ioc_status); 2088 /* We can add more detail about underflow data here 2089 * TO-DO 2090 * */ 2091 mps_dprint(sc, MPS_XINFO, "\tscsi_status(%s)(0x%02x), " 2092 "scsi_state(%s)(0x%02x)\n", desc_scsi_status, scsi_status, 2093 desc_scsi_state, scsi_state); 2094 2095 if (sc->mps_debug & MPS_XINFO && 2096 scsi_state & MPI2_SCSI_STATE_AUTOSENSE_VALID) { 2097 mps_dprint(sc, MPS_XINFO, "-> Sense Buffer Data : Start :\n"); 2098 scsi_sense_print(csio); 2099 mps_dprint(sc, MPS_XINFO, "-> Sense Buffer Data : End :\n"); 2100 } 2101 2102 if (scsi_state & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) { 2103 response_info = le32toh(mpi_reply->ResponseInfo); 2104 response_bytes = (u8 *)&response_info; 2105 mps_response_code(sc,response_bytes[0]); 2106 } 2107 } 2108 2109 static void 2110 mpssas_scsiio_complete(struct mps_softc *sc, struct mps_command *cm) 2111 { 2112 MPI2_SCSI_IO_REPLY *rep; 2113 union ccb *ccb; 2114 struct ccb_scsiio *csio; 2115 struct mpssas_softc *sassc; 2116 struct scsi_vpd_supported_page_list *vpd_list = NULL; 2117 u8 *TLR_bits, TLR_on; 2118 int dir = 0, i; 2119 u16 alloc_len; 2120 struct mpssas_target *target; 2121 target_id_t target_id; 2122 2123 MPS_FUNCTRACE(sc); 2124 mps_dprint(sc, MPS_TRACE, 2125 "cm %p SMID %u ccb %p reply %p outstanding %u\n", cm, 2126 cm->cm_desc.Default.SMID, cm->cm_ccb, cm->cm_reply, 2127 cm->cm_targ->outstanding); 2128 2129 callout_stop(&cm->cm_callout); 2130 mtx_assert(&sc->mps_mtx, MA_OWNED); 2131 2132 sassc = sc->sassc; 2133 ccb = cm->cm_complete_data; 2134 csio = &ccb->csio; 2135 target_id = csio->ccb_h.target_id; 2136 rep = (MPI2_SCSI_IO_REPLY *)cm->cm_reply; 2137 /* 2138 * XXX KDM if the chain allocation fails, does it matter if we do 2139 * the sync and unload here? It is simpler to do it in every case, 2140 * assuming it doesn't cause problems. 2141 */ 2142 if (cm->cm_data != NULL) { 2143 if (cm->cm_flags & MPS_CM_FLAGS_DATAIN) 2144 dir = BUS_DMASYNC_POSTREAD; 2145 else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT) 2146 dir = BUS_DMASYNC_POSTWRITE; 2147 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir); 2148 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap); 2149 } 2150 2151 cm->cm_targ->completed++; 2152 cm->cm_targ->outstanding--; 2153 TAILQ_REMOVE(&cm->cm_targ->commands, cm, cm_link); 2154 ccb->ccb_h.status &= ~(CAM_STATUS_MASK | CAM_SIM_QUEUED); 2155 2156 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING) 2157 if (ccb->csio.bio != NULL) 2158 biotrack(ccb->csio.bio, __func__); 2159 #endif 2160 2161 if (cm->cm_state == MPS_CM_STATE_TIMEDOUT) { 2162 TAILQ_REMOVE(&cm->cm_targ->timedout_commands, cm, cm_recovery); 2163 if (cm->cm_reply != NULL) 2164 mpssas_log_command(cm, MPS_RECOVERY, 2165 "completed timedout cm %p ccb %p during recovery " 2166 "ioc %x scsi %x state %x xfer %u\n", 2167 cm, cm->cm_ccb, 2168 le16toh(rep->IOCStatus), rep->SCSIStatus, rep->SCSIState, 2169 le32toh(rep->TransferCount)); 2170 else 2171 mpssas_log_command(cm, MPS_RECOVERY, 2172 "completed timedout cm %p ccb %p during recovery\n", 2173 cm, cm->cm_ccb); 2174 } else if (cm->cm_targ->tm != NULL) { 2175 if (cm->cm_reply != NULL) 2176 mpssas_log_command(cm, MPS_RECOVERY, 2177 "completed cm %p ccb %p during recovery " 2178 "ioc %x scsi %x state %x xfer %u\n", 2179 cm, cm->cm_ccb, 2180 le16toh(rep->IOCStatus), rep->SCSIStatus, rep->SCSIState, 2181 le32toh(rep->TransferCount)); 2182 else 2183 mpssas_log_command(cm, MPS_RECOVERY, 2184 "completed cm %p ccb %p during recovery\n", 2185 cm, cm->cm_ccb); 2186 } else if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) { 2187 mpssas_log_command(cm, MPS_RECOVERY, 2188 "reset completed cm %p ccb %p\n", 2189 cm, cm->cm_ccb); 2190 } 2191 2192 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 2193 /* 2194 * We ran into an error after we tried to map the command, 2195 * so we're getting a callback without queueing the command 2196 * to the hardware. So we set the status here, and it will 2197 * be retained below. We'll go through the "fast path", 2198 * because there can be no reply when we haven't actually 2199 * gone out to the hardware. 2200 */ 2201 mpssas_set_ccbstatus(ccb, CAM_REQUEUE_REQ); 2202 2203 /* 2204 * Currently the only error included in the mask is 2205 * MPS_CM_FLAGS_CHAIN_FAILED, which means we're out of 2206 * chain frames. We need to freeze the queue until we get 2207 * a command that completed without this error, which will 2208 * hopefully have some chain frames attached that we can 2209 * use. If we wanted to get smarter about it, we would 2210 * only unfreeze the queue in this condition when we're 2211 * sure that we're getting some chain frames back. That's 2212 * probably unnecessary. 2213 */ 2214 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) { 2215 xpt_freeze_simq(sassc->sim, 1); 2216 sassc->flags |= MPSSAS_QUEUE_FROZEN; 2217 mps_dprint(sc, MPS_XINFO, "Error sending command, " 2218 "freezing SIM queue\n"); 2219 } 2220 } 2221 2222 /* 2223 * If this is a Start Stop Unit command and it was issued by the driver 2224 * during shutdown, decrement the refcount to account for all of the 2225 * commands that were sent. All SSU commands should be completed before 2226 * shutdown completes, meaning SSU_refcount will be 0 after SSU_started 2227 * is TRUE. 2228 */ 2229 if (sc->SSU_started && (csio->cdb_io.cdb_bytes[0] == START_STOP_UNIT)) { 2230 mps_dprint(sc, MPS_INFO, "Decrementing SSU count.\n"); 2231 sc->SSU_refcount--; 2232 } 2233 2234 /* Take the fast path to completion */ 2235 if (cm->cm_reply == NULL) { 2236 if (mpssas_get_ccbstatus(ccb) == CAM_REQ_INPROG) { 2237 if ((sc->mps_flags & MPS_FLAGS_DIAGRESET) != 0) 2238 mpssas_set_ccbstatus(ccb, CAM_SCSI_BUS_RESET); 2239 else { 2240 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 2241 ccb->csio.scsi_status = SCSI_STATUS_OK; 2242 } 2243 if (sassc->flags & MPSSAS_QUEUE_FROZEN) { 2244 ccb->ccb_h.status |= CAM_RELEASE_SIMQ; 2245 sassc->flags &= ~MPSSAS_QUEUE_FROZEN; 2246 mps_dprint(sc, MPS_XINFO, 2247 "Unfreezing SIM queue\n"); 2248 } 2249 } 2250 2251 /* 2252 * There are two scenarios where the status won't be 2253 * CAM_REQ_CMP. The first is if MPS_CM_FLAGS_ERROR_MASK is 2254 * set, the second is in the MPS_FLAGS_DIAGRESET above. 2255 */ 2256 if (mpssas_get_ccbstatus(ccb) != CAM_REQ_CMP) { 2257 /* 2258 * Freeze the dev queue so that commands are 2259 * executed in the correct order after error 2260 * recovery. 2261 */ 2262 ccb->ccb_h.status |= CAM_DEV_QFRZN; 2263 xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1); 2264 } 2265 mps_free_command(sc, cm); 2266 xpt_done(ccb); 2267 return; 2268 } 2269 2270 mpssas_log_command(cm, MPS_XINFO, 2271 "ioc %x scsi %x state %x xfer %u\n", 2272 le16toh(rep->IOCStatus), rep->SCSIStatus, rep->SCSIState, 2273 le32toh(rep->TransferCount)); 2274 2275 /* 2276 * If this is a Direct Drive I/O, reissue the I/O to the original IR 2277 * Volume if an error occurred (normal I/O retry). Use the original 2278 * CCB, but set a flag that this will be a retry so that it's sent to 2279 * the original volume. Free the command but reuse the CCB. 2280 */ 2281 if (cm->cm_flags & MPS_CM_FLAGS_DD_IO) { 2282 mps_free_command(sc, cm); 2283 ccb->ccb_h.sim_priv.entries[0].field = MPS_WD_RETRY; 2284 mpssas_action_scsiio(sassc, ccb); 2285 return; 2286 } else 2287 ccb->ccb_h.sim_priv.entries[0].field = 0; 2288 2289 switch (le16toh(rep->IOCStatus) & MPI2_IOCSTATUS_MASK) { 2290 case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN: 2291 csio->resid = cm->cm_length - le32toh(rep->TransferCount); 2292 /* FALLTHROUGH */ 2293 case MPI2_IOCSTATUS_SUCCESS: 2294 case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR: 2295 2296 if ((le16toh(rep->IOCStatus) & MPI2_IOCSTATUS_MASK) == 2297 MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR) 2298 mpssas_log_command(cm, MPS_XINFO, "recovered error\n"); 2299 2300 /* Completion failed at the transport level. */ 2301 if (rep->SCSIState & (MPI2_SCSI_STATE_NO_SCSI_STATUS | 2302 MPI2_SCSI_STATE_TERMINATED)) { 2303 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 2304 break; 2305 } 2306 2307 /* In a modern packetized environment, an autosense failure 2308 * implies that there's not much else that can be done to 2309 * recover the command. 2310 */ 2311 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_FAILED) { 2312 mpssas_set_ccbstatus(ccb, CAM_AUTOSENSE_FAIL); 2313 break; 2314 } 2315 2316 /* 2317 * CAM doesn't care about SAS Response Info data, but if this is 2318 * the state check if TLR should be done. If not, clear the 2319 * TLR_bits for the target. 2320 */ 2321 if ((rep->SCSIState & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) && 2322 ((le32toh(rep->ResponseInfo) & 2323 MPI2_SCSI_RI_MASK_REASONCODE) == 2324 MPS_SCSI_RI_INVALID_FRAME)) { 2325 sc->mapping_table[target_id].TLR_bits = 2326 (u8)MPI2_SCSIIO_CONTROL_NO_TLR; 2327 } 2328 2329 /* 2330 * Intentionally override the normal SCSI status reporting 2331 * for these two cases. These are likely to happen in a 2332 * multi-initiator environment, and we want to make sure that 2333 * CAM retries these commands rather than fail them. 2334 */ 2335 if ((rep->SCSIStatus == MPI2_SCSI_STATUS_COMMAND_TERMINATED) || 2336 (rep->SCSIStatus == MPI2_SCSI_STATUS_TASK_ABORTED)) { 2337 mpssas_set_ccbstatus(ccb, CAM_REQ_ABORTED); 2338 break; 2339 } 2340 2341 /* Handle normal status and sense */ 2342 csio->scsi_status = rep->SCSIStatus; 2343 if (rep->SCSIStatus == MPI2_SCSI_STATUS_GOOD) 2344 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 2345 else 2346 mpssas_set_ccbstatus(ccb, CAM_SCSI_STATUS_ERROR); 2347 2348 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) { 2349 int sense_len, returned_sense_len; 2350 2351 returned_sense_len = min(le32toh(rep->SenseCount), 2352 sizeof(struct scsi_sense_data)); 2353 if (returned_sense_len < ccb->csio.sense_len) 2354 ccb->csio.sense_resid = ccb->csio.sense_len - 2355 returned_sense_len; 2356 else 2357 ccb->csio.sense_resid = 0; 2358 2359 sense_len = min(returned_sense_len, 2360 ccb->csio.sense_len - ccb->csio.sense_resid); 2361 bzero(&ccb->csio.sense_data, 2362 sizeof(ccb->csio.sense_data)); 2363 bcopy(cm->cm_sense, &ccb->csio.sense_data, sense_len); 2364 ccb->ccb_h.status |= CAM_AUTOSNS_VALID; 2365 } 2366 2367 /* 2368 * Check if this is an INQUIRY command. If it's a VPD inquiry, 2369 * and it's page code 0 (Supported Page List), and there is 2370 * inquiry data, and this is for a sequential access device, and 2371 * the device is an SSP target, and TLR is supported by the 2372 * controller, turn the TLR_bits value ON if page 0x90 is 2373 * supported. 2374 */ 2375 if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) && 2376 (csio->cdb_io.cdb_bytes[1] & SI_EVPD) && 2377 (csio->cdb_io.cdb_bytes[2] == SVPD_SUPPORTED_PAGE_LIST) && 2378 ((csio->ccb_h.flags & CAM_DATA_MASK) == CAM_DATA_VADDR) && 2379 (csio->data_ptr != NULL) && 2380 ((csio->data_ptr[0] & 0x1f) == T_SEQUENTIAL) && 2381 (sc->control_TLR) && 2382 (sc->mapping_table[target_id].device_info & 2383 MPI2_SAS_DEVICE_INFO_SSP_TARGET)) { 2384 vpd_list = (struct scsi_vpd_supported_page_list *) 2385 csio->data_ptr; 2386 TLR_bits = &sc->mapping_table[target_id].TLR_bits; 2387 *TLR_bits = (u8)MPI2_SCSIIO_CONTROL_NO_TLR; 2388 TLR_on = (u8)MPI2_SCSIIO_CONTROL_TLR_ON; 2389 alloc_len = ((u16)csio->cdb_io.cdb_bytes[3] << 8) + 2390 csio->cdb_io.cdb_bytes[4]; 2391 alloc_len -= csio->resid; 2392 for (i = 0; i < MIN(vpd_list->length, alloc_len); i++) { 2393 if (vpd_list->list[i] == 0x90) { 2394 *TLR_bits = TLR_on; 2395 break; 2396 } 2397 } 2398 } 2399 2400 /* 2401 * If this is a SATA direct-access end device, mark it so that 2402 * a SCSI StartStopUnit command will be sent to it when the 2403 * driver is being shutdown. 2404 */ 2405 if ((csio->cdb_io.cdb_bytes[0] == INQUIRY) && 2406 ((csio->data_ptr[0] & 0x1f) == T_DIRECT) && 2407 (sc->mapping_table[target_id].device_info & 2408 MPI2_SAS_DEVICE_INFO_SATA_DEVICE) && 2409 ((sc->mapping_table[target_id].device_info & 2410 MPI2_SAS_DEVICE_INFO_MASK_DEVICE_TYPE) == 2411 MPI2_SAS_DEVICE_INFO_END_DEVICE)) { 2412 target = &sassc->targets[target_id]; 2413 target->supports_SSU = TRUE; 2414 mps_dprint(sc, MPS_XINFO, "Target %d supports SSU\n", 2415 target_id); 2416 } 2417 break; 2418 case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE: 2419 case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE: 2420 /* 2421 * If devinfo is 0 this will be a volume. In that case don't 2422 * tell CAM that the volume is not there. We want volumes to 2423 * be enumerated until they are deleted/removed, not just 2424 * failed. 2425 */ 2426 if (cm->cm_targ->devinfo == 0) 2427 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 2428 else 2429 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 2430 break; 2431 case MPI2_IOCSTATUS_INVALID_SGL: 2432 mps_print_scsiio_cmd(sc, cm); 2433 mpssas_set_ccbstatus(ccb, CAM_UNREC_HBA_ERROR); 2434 break; 2435 case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED: 2436 /* 2437 * This is one of the responses that comes back when an I/O 2438 * has been aborted. If it is because of a timeout that we 2439 * initiated, just set the status to CAM_CMD_TIMEOUT. 2440 * Otherwise set it to CAM_REQ_ABORTED. The effect on the 2441 * command is the same (it gets retried, subject to the 2442 * retry counter), the only difference is what gets printed 2443 * on the console. 2444 */ 2445 if (cm->cm_state == MPS_CM_STATE_TIMEDOUT) 2446 mpssas_set_ccbstatus(ccb, CAM_CMD_TIMEOUT); 2447 else 2448 mpssas_set_ccbstatus(ccb, CAM_REQ_ABORTED); 2449 break; 2450 case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN: 2451 /* resid is ignored for this condition */ 2452 csio->resid = 0; 2453 mpssas_set_ccbstatus(ccb, CAM_DATA_RUN_ERR); 2454 break; 2455 case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED: 2456 case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED: 2457 /* 2458 * These can sometimes be transient transport-related 2459 * errors, and sometimes persistent drive-related errors. 2460 * We used to retry these without decrementing the retry 2461 * count by returning CAM_REQUEUE_REQ. Unfortunately, if 2462 * we hit a persistent drive problem that returns one of 2463 * these error codes, we would retry indefinitely. So, 2464 * return CAM_REQ_CMP_ERROR so that we decrement the retry 2465 * count and avoid infinite retries. We're taking the 2466 * potential risk of flagging false failures in the event 2467 * of a topology-related error (e.g. a SAS expander problem 2468 * causes a command addressed to a drive to fail), but 2469 * avoiding getting into an infinite retry loop. 2470 */ 2471 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 2472 mpssas_log_command(cm, MPS_INFO, 2473 "terminated ioc %x loginfo %x scsi %x state %x xfer %u\n", 2474 le16toh(rep->IOCStatus), le32toh(rep->IOCLogInfo), 2475 rep->SCSIStatus, rep->SCSIState, 2476 le32toh(rep->TransferCount)); 2477 break; 2478 case MPI2_IOCSTATUS_INVALID_FUNCTION: 2479 case MPI2_IOCSTATUS_INTERNAL_ERROR: 2480 case MPI2_IOCSTATUS_INVALID_VPID: 2481 case MPI2_IOCSTATUS_INVALID_FIELD: 2482 case MPI2_IOCSTATUS_INVALID_STATE: 2483 case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED: 2484 case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR: 2485 case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR: 2486 case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH: 2487 case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED: 2488 default: 2489 mpssas_log_command(cm, MPS_XINFO, 2490 "completed ioc %x loginfo %x scsi %x state %x xfer %u\n", 2491 le16toh(rep->IOCStatus), le32toh(rep->IOCLogInfo), 2492 rep->SCSIStatus, rep->SCSIState, 2493 le32toh(rep->TransferCount)); 2494 csio->resid = cm->cm_length; 2495 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 2496 break; 2497 } 2498 2499 mps_sc_failed_io_info(sc,csio,rep); 2500 2501 if (sassc->flags & MPSSAS_QUEUE_FROZEN) { 2502 ccb->ccb_h.status |= CAM_RELEASE_SIMQ; 2503 sassc->flags &= ~MPSSAS_QUEUE_FROZEN; 2504 mps_dprint(sc, MPS_XINFO, "Command completed, " 2505 "unfreezing SIM queue\n"); 2506 } 2507 2508 if (mpssas_get_ccbstatus(ccb) != CAM_REQ_CMP) { 2509 ccb->ccb_h.status |= CAM_DEV_QFRZN; 2510 xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1); 2511 } 2512 2513 mps_free_command(sc, cm); 2514 xpt_done(ccb); 2515 } 2516 2517 /* All Request reached here are Endian safe */ 2518 static void 2519 mpssas_direct_drive_io(struct mpssas_softc *sassc, struct mps_command *cm, 2520 union ccb *ccb) { 2521 pMpi2SCSIIORequest_t pIO_req; 2522 struct mps_softc *sc = sassc->sc; 2523 uint64_t virtLBA; 2524 uint32_t physLBA, stripe_offset, stripe_unit; 2525 uint32_t io_size, column; 2526 uint8_t *ptrLBA, lba_idx, physLBA_byte, *CDB; 2527 2528 /* 2529 * If this is a valid SCSI command (Read6, Read10, Read16, Write6, 2530 * Write10, or Write16), build a direct I/O message. Otherwise, the I/O 2531 * will be sent to the IR volume itself. Since Read6 and Write6 are a 2532 * bit different than the 10/16 CDBs, handle them separately. 2533 */ 2534 pIO_req = (pMpi2SCSIIORequest_t)cm->cm_req; 2535 CDB = pIO_req->CDB.CDB32; 2536 2537 /* 2538 * Handle 6 byte CDBs. 2539 */ 2540 if ((pIO_req->DevHandle == sc->DD_dev_handle) && ((CDB[0] == READ_6) || 2541 (CDB[0] == WRITE_6))) { 2542 /* 2543 * Get the transfer size in blocks. 2544 */ 2545 io_size = (cm->cm_length >> sc->DD_block_exponent); 2546 2547 /* 2548 * Get virtual LBA given in the CDB. 2549 */ 2550 virtLBA = ((uint64_t)(CDB[1] & 0x1F) << 16) | 2551 ((uint64_t)CDB[2] << 8) | (uint64_t)CDB[3]; 2552 2553 /* 2554 * Check that LBA range for I/O does not exceed volume's 2555 * MaxLBA. 2556 */ 2557 if ((virtLBA + (uint64_t)io_size - 1) <= 2558 sc->DD_max_lba) { 2559 /* 2560 * Check if the I/O crosses a stripe boundary. If not, 2561 * translate the virtual LBA to a physical LBA and set 2562 * the DevHandle for the PhysDisk to be used. If it 2563 * does cross a boundary, do normal I/O. To get the 2564 * right DevHandle to use, get the map number for the 2565 * column, then use that map number to look up the 2566 * DevHandle of the PhysDisk. 2567 */ 2568 stripe_offset = (uint32_t)virtLBA & 2569 (sc->DD_stripe_size - 1); 2570 if ((stripe_offset + io_size) <= sc->DD_stripe_size) { 2571 physLBA = (uint32_t)virtLBA >> 2572 sc->DD_stripe_exponent; 2573 stripe_unit = physLBA / sc->DD_num_phys_disks; 2574 column = physLBA % sc->DD_num_phys_disks; 2575 pIO_req->DevHandle = 2576 htole16(sc->DD_column_map[column].dev_handle); 2577 /* ???? Is this endian safe*/ 2578 cm->cm_desc.SCSIIO.DevHandle = 2579 pIO_req->DevHandle; 2580 2581 physLBA = (stripe_unit << 2582 sc->DD_stripe_exponent) + stripe_offset; 2583 ptrLBA = &pIO_req->CDB.CDB32[1]; 2584 physLBA_byte = (uint8_t)(physLBA >> 16); 2585 *ptrLBA = physLBA_byte; 2586 ptrLBA = &pIO_req->CDB.CDB32[2]; 2587 physLBA_byte = (uint8_t)(physLBA >> 8); 2588 *ptrLBA = physLBA_byte; 2589 ptrLBA = &pIO_req->CDB.CDB32[3]; 2590 physLBA_byte = (uint8_t)physLBA; 2591 *ptrLBA = physLBA_byte; 2592 2593 /* 2594 * Set flag that Direct Drive I/O is 2595 * being done. 2596 */ 2597 cm->cm_flags |= MPS_CM_FLAGS_DD_IO; 2598 } 2599 } 2600 return; 2601 } 2602 2603 /* 2604 * Handle 10, 12 or 16 byte CDBs. 2605 */ 2606 if ((pIO_req->DevHandle == sc->DD_dev_handle) && ((CDB[0] == READ_10) || 2607 (CDB[0] == WRITE_10) || (CDB[0] == READ_16) || 2608 (CDB[0] == WRITE_16) || (CDB[0] == READ_12) || 2609 (CDB[0] == WRITE_12))) { 2610 /* 2611 * For 16-byte CDB's, verify that the upper 4 bytes of the CDB 2612 * are 0. If not, this is accessing beyond 2TB so handle it in 2613 * the else section. 10-byte and 12-byte CDB's are OK. 2614 * FreeBSD sends very rare 12 byte READ/WRITE, but driver is 2615 * ready to accept 12byte CDB for Direct IOs. 2616 */ 2617 if ((CDB[0] == READ_10 || CDB[0] == WRITE_10) || 2618 (CDB[0] == READ_12 || CDB[0] == WRITE_12) || 2619 !(CDB[2] | CDB[3] | CDB[4] | CDB[5])) { 2620 /* 2621 * Get the transfer size in blocks. 2622 */ 2623 io_size = (cm->cm_length >> sc->DD_block_exponent); 2624 2625 /* 2626 * Get virtual LBA. Point to correct lower 4 bytes of 2627 * LBA in the CDB depending on command. 2628 */ 2629 lba_idx = ((CDB[0] == READ_12) || 2630 (CDB[0] == WRITE_12) || 2631 (CDB[0] == READ_10) || 2632 (CDB[0] == WRITE_10))? 2 : 6; 2633 virtLBA = ((uint64_t)CDB[lba_idx] << 24) | 2634 ((uint64_t)CDB[lba_idx + 1] << 16) | 2635 ((uint64_t)CDB[lba_idx + 2] << 8) | 2636 (uint64_t)CDB[lba_idx + 3]; 2637 2638 /* 2639 * Check that LBA range for I/O does not exceed volume's 2640 * MaxLBA. 2641 */ 2642 if ((virtLBA + (uint64_t)io_size - 1) <= 2643 sc->DD_max_lba) { 2644 /* 2645 * Check if the I/O crosses a stripe boundary. 2646 * If not, translate the virtual LBA to a 2647 * physical LBA and set the DevHandle for the 2648 * PhysDisk to be used. If it does cross a 2649 * boundary, do normal I/O. To get the right 2650 * DevHandle to use, get the map number for the 2651 * column, then use that map number to look up 2652 * the DevHandle of the PhysDisk. 2653 */ 2654 stripe_offset = (uint32_t)virtLBA & 2655 (sc->DD_stripe_size - 1); 2656 if ((stripe_offset + io_size) <= 2657 sc->DD_stripe_size) { 2658 physLBA = (uint32_t)virtLBA >> 2659 sc->DD_stripe_exponent; 2660 stripe_unit = physLBA / 2661 sc->DD_num_phys_disks; 2662 column = physLBA % 2663 sc->DD_num_phys_disks; 2664 pIO_req->DevHandle = 2665 htole16(sc->DD_column_map[column]. 2666 dev_handle); 2667 cm->cm_desc.SCSIIO.DevHandle = 2668 pIO_req->DevHandle; 2669 2670 physLBA = (stripe_unit << 2671 sc->DD_stripe_exponent) + 2672 stripe_offset; 2673 ptrLBA = 2674 &pIO_req->CDB.CDB32[lba_idx]; 2675 physLBA_byte = (uint8_t)(physLBA >> 24); 2676 *ptrLBA = physLBA_byte; 2677 ptrLBA = 2678 &pIO_req->CDB.CDB32[lba_idx + 1]; 2679 physLBA_byte = (uint8_t)(physLBA >> 16); 2680 *ptrLBA = physLBA_byte; 2681 ptrLBA = 2682 &pIO_req->CDB.CDB32[lba_idx + 2]; 2683 physLBA_byte = (uint8_t)(physLBA >> 8); 2684 *ptrLBA = physLBA_byte; 2685 ptrLBA = 2686 &pIO_req->CDB.CDB32[lba_idx + 3]; 2687 physLBA_byte = (uint8_t)physLBA; 2688 *ptrLBA = physLBA_byte; 2689 2690 /* 2691 * Set flag that Direct Drive I/O is 2692 * being done. 2693 */ 2694 cm->cm_flags |= MPS_CM_FLAGS_DD_IO; 2695 } 2696 } 2697 } else { 2698 /* 2699 * 16-byte CDB and the upper 4 bytes of the CDB are not 2700 * 0. Get the transfer size in blocks. 2701 */ 2702 io_size = (cm->cm_length >> sc->DD_block_exponent); 2703 2704 /* 2705 * Get virtual LBA. 2706 */ 2707 virtLBA = ((uint64_t)CDB[2] << 54) | 2708 ((uint64_t)CDB[3] << 48) | 2709 ((uint64_t)CDB[4] << 40) | 2710 ((uint64_t)CDB[5] << 32) | 2711 ((uint64_t)CDB[6] << 24) | 2712 ((uint64_t)CDB[7] << 16) | 2713 ((uint64_t)CDB[8] << 8) | 2714 (uint64_t)CDB[9]; 2715 2716 /* 2717 * Check that LBA range for I/O does not exceed volume's 2718 * MaxLBA. 2719 */ 2720 if ((virtLBA + (uint64_t)io_size - 1) <= 2721 sc->DD_max_lba) { 2722 /* 2723 * Check if the I/O crosses a stripe boundary. 2724 * If not, translate the virtual LBA to a 2725 * physical LBA and set the DevHandle for the 2726 * PhysDisk to be used. If it does cross a 2727 * boundary, do normal I/O. To get the right 2728 * DevHandle to use, get the map number for the 2729 * column, then use that map number to look up 2730 * the DevHandle of the PhysDisk. 2731 */ 2732 stripe_offset = (uint32_t)virtLBA & 2733 (sc->DD_stripe_size - 1); 2734 if ((stripe_offset + io_size) <= 2735 sc->DD_stripe_size) { 2736 physLBA = (uint32_t)(virtLBA >> 2737 sc->DD_stripe_exponent); 2738 stripe_unit = physLBA / 2739 sc->DD_num_phys_disks; 2740 column = physLBA % 2741 sc->DD_num_phys_disks; 2742 pIO_req->DevHandle = 2743 htole16(sc->DD_column_map[column]. 2744 dev_handle); 2745 cm->cm_desc.SCSIIO.DevHandle = 2746 pIO_req->DevHandle; 2747 2748 physLBA = (stripe_unit << 2749 sc->DD_stripe_exponent) + 2750 stripe_offset; 2751 2752 /* 2753 * Set upper 4 bytes of LBA to 0. We 2754 * assume that the phys disks are less 2755 * than 2 TB's in size. Then, set the 2756 * lower 4 bytes. 2757 */ 2758 pIO_req->CDB.CDB32[2] = 0; 2759 pIO_req->CDB.CDB32[3] = 0; 2760 pIO_req->CDB.CDB32[4] = 0; 2761 pIO_req->CDB.CDB32[5] = 0; 2762 ptrLBA = &pIO_req->CDB.CDB32[6]; 2763 physLBA_byte = (uint8_t)(physLBA >> 24); 2764 *ptrLBA = physLBA_byte; 2765 ptrLBA = &pIO_req->CDB.CDB32[7]; 2766 physLBA_byte = (uint8_t)(physLBA >> 16); 2767 *ptrLBA = physLBA_byte; 2768 ptrLBA = &pIO_req->CDB.CDB32[8]; 2769 physLBA_byte = (uint8_t)(physLBA >> 8); 2770 *ptrLBA = physLBA_byte; 2771 ptrLBA = &pIO_req->CDB.CDB32[9]; 2772 physLBA_byte = (uint8_t)physLBA; 2773 *ptrLBA = physLBA_byte; 2774 2775 /* 2776 * Set flag that Direct Drive I/O is 2777 * being done. 2778 */ 2779 cm->cm_flags |= MPS_CM_FLAGS_DD_IO; 2780 } 2781 } 2782 } 2783 } 2784 } 2785 2786 #if __FreeBSD_version >= 900026 2787 static void 2788 mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm) 2789 { 2790 MPI2_SMP_PASSTHROUGH_REPLY *rpl; 2791 MPI2_SMP_PASSTHROUGH_REQUEST *req; 2792 uint64_t sasaddr; 2793 union ccb *ccb; 2794 2795 ccb = cm->cm_complete_data; 2796 2797 /* 2798 * Currently there should be no way we can hit this case. It only 2799 * happens when we have a failure to allocate chain frames, and SMP 2800 * commands require two S/G elements only. That should be handled 2801 * in the standard request size. 2802 */ 2803 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 2804 mps_dprint(sc, MPS_ERROR,"%s: cm_flags = %#x on SMP request!\n", 2805 __func__, cm->cm_flags); 2806 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 2807 goto bailout; 2808 } 2809 2810 rpl = (MPI2_SMP_PASSTHROUGH_REPLY *)cm->cm_reply; 2811 if (rpl == NULL) { 2812 mps_dprint(sc, MPS_ERROR, "%s: NULL cm_reply!\n", __func__); 2813 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 2814 goto bailout; 2815 } 2816 2817 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req; 2818 sasaddr = le32toh(req->SASAddress.Low); 2819 sasaddr |= ((uint64_t)(le32toh(req->SASAddress.High))) << 32; 2820 2821 if ((le16toh(rpl->IOCStatus) & MPI2_IOCSTATUS_MASK) != 2822 MPI2_IOCSTATUS_SUCCESS || 2823 rpl->SASStatus != MPI2_SASSTATUS_SUCCESS) { 2824 mps_dprint(sc, MPS_XINFO, "%s: IOCStatus %04x SASStatus %02x\n", 2825 __func__, le16toh(rpl->IOCStatus), rpl->SASStatus); 2826 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 2827 goto bailout; 2828 } 2829 2830 mps_dprint(sc, MPS_XINFO, "%s: SMP request to SAS address " 2831 "%#jx completed successfully\n", __func__, 2832 (uintmax_t)sasaddr); 2833 2834 if (ccb->smpio.smp_response[2] == SMP_FR_ACCEPTED) 2835 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 2836 else 2837 mpssas_set_ccbstatus(ccb, CAM_SMP_STATUS_ERROR); 2838 2839 bailout: 2840 /* 2841 * We sync in both directions because we had DMAs in the S/G list 2842 * in both directions. 2843 */ 2844 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, 2845 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 2846 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap); 2847 mps_free_command(sc, cm); 2848 xpt_done(ccb); 2849 } 2850 2851 static void 2852 mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, uint64_t sasaddr) 2853 { 2854 struct mps_command *cm; 2855 uint8_t *request, *response; 2856 MPI2_SMP_PASSTHROUGH_REQUEST *req; 2857 struct mps_softc *sc; 2858 int error; 2859 2860 sc = sassc->sc; 2861 error = 0; 2862 2863 /* 2864 * XXX We don't yet support physical addresses here. 2865 */ 2866 switch ((ccb->ccb_h.flags & CAM_DATA_MASK)) { 2867 case CAM_DATA_PADDR: 2868 case CAM_DATA_SG_PADDR: 2869 mps_dprint(sc, MPS_ERROR, 2870 "%s: physical addresses not supported\n", __func__); 2871 mpssas_set_ccbstatus(ccb, CAM_REQ_INVALID); 2872 xpt_done(ccb); 2873 return; 2874 case CAM_DATA_SG: 2875 /* 2876 * The chip does not support more than one buffer for the 2877 * request or response. 2878 */ 2879 if ((ccb->smpio.smp_request_sglist_cnt > 1) 2880 || (ccb->smpio.smp_response_sglist_cnt > 1)) { 2881 mps_dprint(sc, MPS_ERROR, 2882 "%s: multiple request or response " 2883 "buffer segments not supported for SMP\n", 2884 __func__); 2885 mpssas_set_ccbstatus(ccb, CAM_REQ_INVALID); 2886 xpt_done(ccb); 2887 return; 2888 } 2889 2890 /* 2891 * The CAM_SCATTER_VALID flag was originally implemented 2892 * for the XPT_SCSI_IO CCB, which only has one data pointer. 2893 * We have two. So, just take that flag to mean that we 2894 * might have S/G lists, and look at the S/G segment count 2895 * to figure out whether that is the case for each individual 2896 * buffer. 2897 */ 2898 if (ccb->smpio.smp_request_sglist_cnt != 0) { 2899 bus_dma_segment_t *req_sg; 2900 2901 req_sg = (bus_dma_segment_t *)ccb->smpio.smp_request; 2902 request = (uint8_t *)(uintptr_t)req_sg[0].ds_addr; 2903 } else 2904 request = ccb->smpio.smp_request; 2905 2906 if (ccb->smpio.smp_response_sglist_cnt != 0) { 2907 bus_dma_segment_t *rsp_sg; 2908 2909 rsp_sg = (bus_dma_segment_t *)ccb->smpio.smp_response; 2910 response = (uint8_t *)(uintptr_t)rsp_sg[0].ds_addr; 2911 } else 2912 response = ccb->smpio.smp_response; 2913 break; 2914 case CAM_DATA_VADDR: 2915 request = ccb->smpio.smp_request; 2916 response = ccb->smpio.smp_response; 2917 break; 2918 default: 2919 mpssas_set_ccbstatus(ccb, CAM_REQ_INVALID); 2920 xpt_done(ccb); 2921 return; 2922 } 2923 2924 cm = mps_alloc_command(sc); 2925 if (cm == NULL) { 2926 mps_dprint(sc, MPS_ERROR, 2927 "%s: cannot allocate command\n", __func__); 2928 mpssas_set_ccbstatus(ccb, CAM_RESRC_UNAVAIL); 2929 xpt_done(ccb); 2930 return; 2931 } 2932 2933 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req; 2934 bzero(req, sizeof(*req)); 2935 req->Function = MPI2_FUNCTION_SMP_PASSTHROUGH; 2936 2937 /* Allow the chip to use any route to this SAS address. */ 2938 req->PhysicalPort = 0xff; 2939 2940 req->RequestDataLength = htole16(ccb->smpio.smp_request_len); 2941 req->SGLFlags = 2942 MPI2_SGLFLAGS_SYSTEM_ADDRESS_SPACE | MPI2_SGLFLAGS_SGL_TYPE_MPI; 2943 2944 mps_dprint(sc, MPS_XINFO, "%s: sending SMP request to SAS " 2945 "address %#jx\n", __func__, (uintmax_t)sasaddr); 2946 2947 mpi_init_sge(cm, req, &req->SGL); 2948 2949 /* 2950 * Set up a uio to pass into mps_map_command(). This allows us to 2951 * do one map command, and one busdma call in there. 2952 */ 2953 cm->cm_uio.uio_iov = cm->cm_iovec; 2954 cm->cm_uio.uio_iovcnt = 2; 2955 cm->cm_uio.uio_segflg = UIO_SYSSPACE; 2956 2957 /* 2958 * The read/write flag isn't used by busdma, but set it just in 2959 * case. This isn't exactly accurate, either, since we're going in 2960 * both directions. 2961 */ 2962 cm->cm_uio.uio_rw = UIO_WRITE; 2963 2964 cm->cm_iovec[0].iov_base = request; 2965 cm->cm_iovec[0].iov_len = le16toh(req->RequestDataLength); 2966 cm->cm_iovec[1].iov_base = response; 2967 cm->cm_iovec[1].iov_len = ccb->smpio.smp_response_len; 2968 2969 cm->cm_uio.uio_resid = cm->cm_iovec[0].iov_len + 2970 cm->cm_iovec[1].iov_len; 2971 2972 /* 2973 * Trigger a warning message in mps_data_cb() for the user if we 2974 * wind up exceeding two S/G segments. The chip expects one 2975 * segment for the request and another for the response. 2976 */ 2977 cm->cm_max_segs = 2; 2978 2979 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 2980 cm->cm_complete = mpssas_smpio_complete; 2981 cm->cm_complete_data = ccb; 2982 2983 /* 2984 * Tell the mapping code that we're using a uio, and that this is 2985 * an SMP passthrough request. There is a little special-case 2986 * logic there (in mps_data_cb()) to handle the bidirectional 2987 * transfer. 2988 */ 2989 cm->cm_flags |= MPS_CM_FLAGS_USE_UIO | MPS_CM_FLAGS_SMP_PASS | 2990 MPS_CM_FLAGS_DATAIN | MPS_CM_FLAGS_DATAOUT; 2991 2992 /* The chip data format is little endian. */ 2993 req->SASAddress.High = htole32(sasaddr >> 32); 2994 req->SASAddress.Low = htole32(sasaddr); 2995 2996 /* 2997 * XXX Note that we don't have a timeout/abort mechanism here. 2998 * From the manual, it looks like task management requests only 2999 * work for SCSI IO and SATA passthrough requests. We may need to 3000 * have a mechanism to retry requests in the event of a chip reset 3001 * at least. Hopefully the chip will insure that any errors short 3002 * of that are relayed back to the driver. 3003 */ 3004 error = mps_map_command(sc, cm); 3005 if ((error != 0) && (error != EINPROGRESS)) { 3006 mps_dprint(sc, MPS_ERROR, 3007 "%s: error %d returned from mps_map_command()\n", 3008 __func__, error); 3009 goto bailout_error; 3010 } 3011 3012 return; 3013 3014 bailout_error: 3015 mps_free_command(sc, cm); 3016 mpssas_set_ccbstatus(ccb, CAM_RESRC_UNAVAIL); 3017 xpt_done(ccb); 3018 return; 3019 3020 } 3021 3022 static void 3023 mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb) 3024 { 3025 struct mps_softc *sc; 3026 struct mpssas_target *targ; 3027 uint64_t sasaddr = 0; 3028 3029 sc = sassc->sc; 3030 3031 /* 3032 * Make sure the target exists. 3033 */ 3034 KASSERT(ccb->ccb_h.target_id < sassc->maxtargets, 3035 ("Target %d out of bounds in XPT_SMP_IO\n", ccb->ccb_h.target_id)); 3036 targ = &sassc->targets[ccb->ccb_h.target_id]; 3037 if (targ->handle == 0x0) { 3038 mps_dprint(sc, MPS_ERROR, 3039 "%s: target %d does not exist!\n", __func__, 3040 ccb->ccb_h.target_id); 3041 mpssas_set_ccbstatus(ccb, CAM_SEL_TIMEOUT); 3042 xpt_done(ccb); 3043 return; 3044 } 3045 3046 /* 3047 * If this device has an embedded SMP target, we'll talk to it 3048 * directly. 3049 * figure out what the expander's address is. 3050 */ 3051 if ((targ->devinfo & MPI2_SAS_DEVICE_INFO_SMP_TARGET) != 0) 3052 sasaddr = targ->sasaddr; 3053 3054 /* 3055 * If we don't have a SAS address for the expander yet, try 3056 * grabbing it from the page 0x83 information cached in the 3057 * transport layer for this target. LSI expanders report the 3058 * expander SAS address as the port-associated SAS address in 3059 * Inquiry VPD page 0x83. Maxim expanders don't report it in page 3060 * 0x83. 3061 * 3062 * XXX KDM disable this for now, but leave it commented out so that 3063 * it is obvious that this is another possible way to get the SAS 3064 * address. 3065 * 3066 * The parent handle method below is a little more reliable, and 3067 * the other benefit is that it works for devices other than SES 3068 * devices. So you can send a SMP request to a da(4) device and it 3069 * will get routed to the expander that device is attached to. 3070 * (Assuming the da(4) device doesn't contain an SMP target...) 3071 */ 3072 #if 0 3073 if (sasaddr == 0) 3074 sasaddr = xpt_path_sas_addr(ccb->ccb_h.path); 3075 #endif 3076 3077 /* 3078 * If we still don't have a SAS address for the expander, look for 3079 * the parent device of this device, which is probably the expander. 3080 */ 3081 if (sasaddr == 0) { 3082 #ifdef OLD_MPS_PROBE 3083 struct mpssas_target *parent_target; 3084 #endif 3085 3086 if (targ->parent_handle == 0x0) { 3087 mps_dprint(sc, MPS_ERROR, 3088 "%s: handle %d does not have a valid " 3089 "parent handle!\n", __func__, targ->handle); 3090 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 3091 goto bailout; 3092 } 3093 #ifdef OLD_MPS_PROBE 3094 parent_target = mpssas_find_target_by_handle(sassc, 0, 3095 targ->parent_handle); 3096 3097 if (parent_target == NULL) { 3098 mps_dprint(sc, MPS_ERROR, 3099 "%s: handle %d does not have a valid " 3100 "parent target!\n", __func__, targ->handle); 3101 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 3102 goto bailout; 3103 } 3104 3105 if ((parent_target->devinfo & 3106 MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) { 3107 mps_dprint(sc, MPS_ERROR, 3108 "%s: handle %d parent %d does not " 3109 "have an SMP target!\n", __func__, 3110 targ->handle, parent_target->handle); 3111 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 3112 goto bailout; 3113 3114 } 3115 3116 sasaddr = parent_target->sasaddr; 3117 #else /* OLD_MPS_PROBE */ 3118 if ((targ->parent_devinfo & 3119 MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) { 3120 mps_dprint(sc, MPS_ERROR, 3121 "%s: handle %d parent %d does not " 3122 "have an SMP target!\n", __func__, 3123 targ->handle, targ->parent_handle); 3124 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 3125 goto bailout; 3126 3127 } 3128 if (targ->parent_sasaddr == 0x0) { 3129 mps_dprint(sc, MPS_ERROR, 3130 "%s: handle %d parent handle %d does " 3131 "not have a valid SAS address!\n", 3132 __func__, targ->handle, targ->parent_handle); 3133 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 3134 goto bailout; 3135 } 3136 3137 sasaddr = targ->parent_sasaddr; 3138 #endif /* OLD_MPS_PROBE */ 3139 3140 } 3141 3142 if (sasaddr == 0) { 3143 mps_dprint(sc, MPS_INFO, 3144 "%s: unable to find SAS address for handle %d\n", 3145 __func__, targ->handle); 3146 mpssas_set_ccbstatus(ccb, CAM_DEV_NOT_THERE); 3147 goto bailout; 3148 } 3149 mpssas_send_smpcmd(sassc, ccb, sasaddr); 3150 3151 return; 3152 3153 bailout: 3154 xpt_done(ccb); 3155 3156 } 3157 #endif //__FreeBSD_version >= 900026 3158 3159 static void 3160 mpssas_action_resetdev(struct mpssas_softc *sassc, union ccb *ccb) 3161 { 3162 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 3163 struct mps_softc *sc; 3164 struct mps_command *tm; 3165 struct mpssas_target *targ; 3166 3167 MPS_FUNCTRACE(sassc->sc); 3168 mtx_assert(&sassc->sc->mps_mtx, MA_OWNED); 3169 3170 KASSERT(ccb->ccb_h.target_id < sassc->maxtargets, 3171 ("Target %d out of bounds in XPT_RESET_DEV\n", 3172 ccb->ccb_h.target_id)); 3173 sc = sassc->sc; 3174 tm = mps_alloc_command(sc); 3175 if (tm == NULL) { 3176 mps_dprint(sc, MPS_ERROR, 3177 "command alloc failure in mpssas_action_resetdev\n"); 3178 mpssas_set_ccbstatus(ccb, CAM_RESRC_UNAVAIL); 3179 xpt_done(ccb); 3180 return; 3181 } 3182 3183 targ = &sassc->targets[ccb->ccb_h.target_id]; 3184 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 3185 req->DevHandle = htole16(targ->handle); 3186 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 3187 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET; 3188 3189 /* SAS Hard Link Reset / SATA Link Reset */ 3190 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET; 3191 3192 tm->cm_data = NULL; 3193 tm->cm_desc.HighPriority.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY; 3194 tm->cm_complete = mpssas_resetdev_complete; 3195 tm->cm_complete_data = ccb; 3196 tm->cm_targ = targ; 3197 targ->flags |= MPSSAS_TARGET_INRESET; 3198 3199 mps_map_command(sc, tm); 3200 } 3201 3202 static void 3203 mpssas_resetdev_complete(struct mps_softc *sc, struct mps_command *tm) 3204 { 3205 MPI2_SCSI_TASK_MANAGE_REPLY *resp; 3206 union ccb *ccb; 3207 3208 MPS_FUNCTRACE(sc); 3209 mtx_assert(&sc->mps_mtx, MA_OWNED); 3210 3211 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)tm->cm_reply; 3212 ccb = tm->cm_complete_data; 3213 3214 /* 3215 * Currently there should be no way we can hit this case. It only 3216 * happens when we have a failure to allocate chain frames, and 3217 * task management commands don't have S/G lists. 3218 */ 3219 if ((tm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 3220 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 3221 3222 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)tm->cm_req; 3223 3224 mps_dprint(sc, MPS_ERROR, 3225 "%s: cm_flags = %#x for reset of handle %#04x! " 3226 "This should not happen!\n", __func__, tm->cm_flags, 3227 req->DevHandle); 3228 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 3229 goto bailout; 3230 } 3231 3232 mps_dprint(sc, MPS_XINFO, 3233 "%s: IOCStatus = 0x%x ResponseCode = 0x%x\n", __func__, 3234 le16toh(resp->IOCStatus), le32toh(resp->ResponseCode)); 3235 3236 if (le32toh(resp->ResponseCode) == MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) { 3237 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP); 3238 mpssas_announce_reset(sc, AC_SENT_BDR, tm->cm_targ->tid, 3239 CAM_LUN_WILDCARD); 3240 } 3241 else 3242 mpssas_set_ccbstatus(ccb, CAM_REQ_CMP_ERR); 3243 3244 bailout: 3245 3246 mpssas_free_tm(sc, tm); 3247 xpt_done(ccb); 3248 } 3249 3250 static void 3251 mpssas_poll(struct cam_sim *sim) 3252 { 3253 struct mpssas_softc *sassc; 3254 3255 sassc = cam_sim_softc(sim); 3256 3257 if (sassc->sc->mps_debug & MPS_TRACE) { 3258 /* frequent debug messages during a panic just slow 3259 * everything down too much. 3260 */ 3261 mps_printf(sassc->sc, "%s clearing MPS_TRACE\n", __func__); 3262 sassc->sc->mps_debug &= ~MPS_TRACE; 3263 } 3264 3265 mps_intr_locked(sassc->sc); 3266 } 3267 3268 static void 3269 mpssas_async(void *callback_arg, uint32_t code, struct cam_path *path, 3270 void *arg) 3271 { 3272 struct mps_softc *sc; 3273 3274 sc = (struct mps_softc *)callback_arg; 3275 3276 switch (code) { 3277 #if (__FreeBSD_version >= 1000006) || \ 3278 ((__FreeBSD_version >= 901503) && (__FreeBSD_version < 1000000)) 3279 case AC_ADVINFO_CHANGED: { 3280 struct mpssas_target *target; 3281 struct mpssas_softc *sassc; 3282 struct scsi_read_capacity_data_long rcap_buf; 3283 struct ccb_dev_advinfo cdai; 3284 struct mpssas_lun *lun; 3285 lun_id_t lunid; 3286 int found_lun; 3287 uintptr_t buftype; 3288 3289 buftype = (uintptr_t)arg; 3290 3291 found_lun = 0; 3292 sassc = sc->sassc; 3293 3294 /* 3295 * We're only interested in read capacity data changes. 3296 */ 3297 if (buftype != CDAI_TYPE_RCAPLONG) 3298 break; 3299 3300 /* 3301 * We should have a handle for this, but check to make sure. 3302 */ 3303 KASSERT(xpt_path_target_id(path) < sassc->maxtargets, 3304 ("Target %d out of bounds in mpssas_async\n", 3305 xpt_path_target_id(path))); 3306 target = &sassc->targets[xpt_path_target_id(path)]; 3307 if (target->handle == 0) 3308 break; 3309 3310 lunid = xpt_path_lun_id(path); 3311 3312 SLIST_FOREACH(lun, &target->luns, lun_link) { 3313 if (lun->lun_id == lunid) { 3314 found_lun = 1; 3315 break; 3316 } 3317 } 3318 3319 if (found_lun == 0) { 3320 lun = malloc(sizeof(struct mpssas_lun), M_MPT2, 3321 M_NOWAIT | M_ZERO); 3322 if (lun == NULL) { 3323 mps_dprint(sc, MPS_ERROR, "Unable to alloc " 3324 "LUN for EEDP support.\n"); 3325 break; 3326 } 3327 lun->lun_id = lunid; 3328 SLIST_INSERT_HEAD(&target->luns, lun, lun_link); 3329 } 3330 3331 bzero(&rcap_buf, sizeof(rcap_buf)); 3332 xpt_setup_ccb(&cdai.ccb_h, path, CAM_PRIORITY_NORMAL); 3333 cdai.ccb_h.func_code = XPT_DEV_ADVINFO; 3334 cdai.ccb_h.flags = CAM_DIR_IN; 3335 cdai.buftype = CDAI_TYPE_RCAPLONG; 3336 #if (__FreeBSD_version >= 1100061) || \ 3337 ((__FreeBSD_version >= 1001510) && (__FreeBSD_version < 1100000)) 3338 cdai.flags = CDAI_FLAG_NONE; 3339 #else 3340 cdai.flags = 0; 3341 #endif 3342 cdai.bufsiz = sizeof(rcap_buf); 3343 cdai.buf = (uint8_t *)&rcap_buf; 3344 xpt_action((union ccb *)&cdai); 3345 if ((cdai.ccb_h.status & CAM_DEV_QFRZN) != 0) 3346 cam_release_devq(cdai.ccb_h.path, 3347 0, 0, 0, FALSE); 3348 3349 if ((mpssas_get_ccbstatus((union ccb *)&cdai) == CAM_REQ_CMP) 3350 && (rcap_buf.prot & SRC16_PROT_EN)) { 3351 lun->eedp_formatted = TRUE; 3352 lun->eedp_block_size = scsi_4btoul(rcap_buf.length); 3353 } else { 3354 lun->eedp_formatted = FALSE; 3355 lun->eedp_block_size = 0; 3356 } 3357 break; 3358 } 3359 #else 3360 case AC_FOUND_DEVICE: { 3361 struct ccb_getdev *cgd; 3362 3363 cgd = arg; 3364 mpssas_check_eedp(sc, path, cgd); 3365 break; 3366 } 3367 #endif 3368 default: 3369 break; 3370 } 3371 } 3372 3373 #if (__FreeBSD_version < 901503) || \ 3374 ((__FreeBSD_version >= 1000000) && (__FreeBSD_version < 1000006)) 3375 static void 3376 mpssas_check_eedp(struct mps_softc *sc, struct cam_path *path, 3377 struct ccb_getdev *cgd) 3378 { 3379 struct mpssas_softc *sassc = sc->sassc; 3380 struct ccb_scsiio *csio; 3381 struct scsi_read_capacity_16 *scsi_cmd; 3382 struct scsi_read_capacity_eedp *rcap_buf; 3383 path_id_t pathid; 3384 target_id_t targetid; 3385 lun_id_t lunid; 3386 union ccb *ccb; 3387 struct cam_path *local_path; 3388 struct mpssas_target *target; 3389 struct mpssas_lun *lun; 3390 uint8_t found_lun; 3391 char path_str[64]; 3392 3393 sassc = sc->sassc; 3394 pathid = cam_sim_path(sassc->sim); 3395 targetid = xpt_path_target_id(path); 3396 lunid = xpt_path_lun_id(path); 3397 3398 KASSERT(targetid < sassc->maxtargets, 3399 ("Target %d out of bounds in mpssas_check_eedp\n", 3400 targetid)); 3401 target = &sassc->targets[targetid]; 3402 if (target->handle == 0x0) 3403 return; 3404 3405 /* 3406 * Determine if the device is EEDP capable. 3407 * 3408 * If this flag is set in the inquiry data, 3409 * the device supports protection information, 3410 * and must support the 16 byte read 3411 * capacity command, otherwise continue without 3412 * sending read cap 16 3413 */ 3414 if ((cgd->inq_data.spc3_flags & SPC3_SID_PROTECT) == 0) 3415 return; 3416 3417 /* 3418 * Issue a READ CAPACITY 16 command. This info 3419 * is used to determine if the LUN is formatted 3420 * for EEDP support. 3421 */ 3422 ccb = xpt_alloc_ccb_nowait(); 3423 if (ccb == NULL) { 3424 mps_dprint(sc, MPS_ERROR, "Unable to alloc CCB " 3425 "for EEDP support.\n"); 3426 return; 3427 } 3428 3429 if (xpt_create_path(&local_path, xpt_periph, 3430 pathid, targetid, lunid) != CAM_REQ_CMP) { 3431 mps_dprint(sc, MPS_ERROR, "Unable to create " 3432 "path for EEDP support\n"); 3433 xpt_free_ccb(ccb); 3434 return; 3435 } 3436 3437 /* 3438 * If LUN is already in list, don't create a new 3439 * one. 3440 */ 3441 found_lun = FALSE; 3442 SLIST_FOREACH(lun, &target->luns, lun_link) { 3443 if (lun->lun_id == lunid) { 3444 found_lun = TRUE; 3445 break; 3446 } 3447 } 3448 if (!found_lun) { 3449 lun = malloc(sizeof(struct mpssas_lun), M_MPT2, 3450 M_NOWAIT | M_ZERO); 3451 if (lun == NULL) { 3452 mps_dprint(sc, MPS_ERROR, 3453 "Unable to alloc LUN for EEDP support.\n"); 3454 xpt_free_path(local_path); 3455 xpt_free_ccb(ccb); 3456 return; 3457 } 3458 lun->lun_id = lunid; 3459 SLIST_INSERT_HEAD(&target->luns, lun, 3460 lun_link); 3461 } 3462 3463 xpt_path_string(local_path, path_str, sizeof(path_str)); 3464 3465 mps_dprint(sc, MPS_INFO, "Sending read cap: path %s handle %d\n", 3466 path_str, target->handle); 3467 3468 /* 3469 * Issue a READ CAPACITY 16 command for the LUN. 3470 * The mpssas_read_cap_done function will load 3471 * the read cap info into the LUN struct. 3472 */ 3473 rcap_buf = malloc(sizeof(struct scsi_read_capacity_eedp), 3474 M_MPT2, M_NOWAIT | M_ZERO); 3475 if (rcap_buf == NULL) { 3476 mps_dprint(sc, MPS_FAULT, 3477 "Unable to alloc read capacity buffer for EEDP support.\n"); 3478 xpt_free_path(ccb->ccb_h.path); 3479 xpt_free_ccb(ccb); 3480 return; 3481 } 3482 xpt_setup_ccb(&ccb->ccb_h, local_path, CAM_PRIORITY_XPT); 3483 csio = &ccb->csio; 3484 csio->ccb_h.func_code = XPT_SCSI_IO; 3485 csio->ccb_h.flags = CAM_DIR_IN; 3486 csio->ccb_h.retry_count = 4; 3487 csio->ccb_h.cbfcnp = mpssas_read_cap_done; 3488 csio->ccb_h.timeout = 60000; 3489 csio->data_ptr = (uint8_t *)rcap_buf; 3490 csio->dxfer_len = sizeof(struct scsi_read_capacity_eedp); 3491 csio->sense_len = MPS_SENSE_LEN; 3492 csio->cdb_len = sizeof(*scsi_cmd); 3493 csio->tag_action = MSG_SIMPLE_Q_TAG; 3494 3495 scsi_cmd = (struct scsi_read_capacity_16 *)&csio->cdb_io.cdb_bytes; 3496 bzero(scsi_cmd, sizeof(*scsi_cmd)); 3497 scsi_cmd->opcode = 0x9E; 3498 scsi_cmd->service_action = SRC16_SERVICE_ACTION; 3499 ((uint8_t *)scsi_cmd)[13] = sizeof(struct scsi_read_capacity_eedp); 3500 3501 ccb->ccb_h.ppriv_ptr1 = sassc; 3502 xpt_action(ccb); 3503 } 3504 3505 static void 3506 mpssas_read_cap_done(struct cam_periph *periph, union ccb *done_ccb) 3507 { 3508 struct mpssas_softc *sassc; 3509 struct mpssas_target *target; 3510 struct mpssas_lun *lun; 3511 struct scsi_read_capacity_eedp *rcap_buf; 3512 3513 if (done_ccb == NULL) 3514 return; 3515 3516 /* Driver need to release devq, it Scsi command is 3517 * generated by driver internally. 3518 * Currently there is a single place where driver 3519 * calls scsi command internally. In future if driver 3520 * calls more scsi command internally, it needs to release 3521 * devq internally, since those command will not go back to 3522 * cam_periph. 3523 */ 3524 if ((done_ccb->ccb_h.status & CAM_DEV_QFRZN) ) { 3525 done_ccb->ccb_h.status &= ~CAM_DEV_QFRZN; 3526 xpt_release_devq(done_ccb->ccb_h.path, 3527 /*count*/ 1, /*run_queue*/TRUE); 3528 } 3529 3530 rcap_buf = (struct scsi_read_capacity_eedp *)done_ccb->csio.data_ptr; 3531 3532 /* 3533 * Get the LUN ID for the path and look it up in the LUN list for the 3534 * target. 3535 */ 3536 sassc = (struct mpssas_softc *)done_ccb->ccb_h.ppriv_ptr1; 3537 KASSERT(done_ccb->ccb_h.target_id < sassc->maxtargets, 3538 ("Target %d out of bounds in mpssas_read_cap_done\n", 3539 done_ccb->ccb_h.target_id)); 3540 target = &sassc->targets[done_ccb->ccb_h.target_id]; 3541 SLIST_FOREACH(lun, &target->luns, lun_link) { 3542 if (lun->lun_id != done_ccb->ccb_h.target_lun) 3543 continue; 3544 3545 /* 3546 * Got the LUN in the target's LUN list. Fill it in 3547 * with EEDP info. If the READ CAP 16 command had some 3548 * SCSI error (common if command is not supported), mark 3549 * the lun as not supporting EEDP and set the block size 3550 * to 0. 3551 */ 3552 if ((mpssas_get_ccbstatus(done_ccb) != CAM_REQ_CMP) 3553 || (done_ccb->csio.scsi_status != SCSI_STATUS_OK)) { 3554 lun->eedp_formatted = FALSE; 3555 lun->eedp_block_size = 0; 3556 break; 3557 } 3558 3559 if (rcap_buf->protect & 0x01) { 3560 mps_dprint(sassc->sc, MPS_INFO, "LUN %d for " 3561 "target ID %d is formatted for EEDP " 3562 "support.\n", done_ccb->ccb_h.target_lun, 3563 done_ccb->ccb_h.target_id); 3564 lun->eedp_formatted = TRUE; 3565 lun->eedp_block_size = scsi_4btoul(rcap_buf->length); 3566 } 3567 break; 3568 } 3569 3570 // Finished with this CCB and path. 3571 free(rcap_buf, M_MPT2); 3572 xpt_free_path(done_ccb->ccb_h.path); 3573 xpt_free_ccb(done_ccb); 3574 } 3575 #endif /* (__FreeBSD_version < 901503) || \ 3576 ((__FreeBSD_version >= 1000000) && (__FreeBSD_version < 1000006)) */ 3577 3578 void 3579 mpssas_prepare_for_tm(struct mps_softc *sc, struct mps_command *tm, 3580 struct mpssas_target *target, lun_id_t lun_id) 3581 { 3582 union ccb *ccb; 3583 path_id_t path_id; 3584 3585 /* 3586 * Set the INRESET flag for this target so that no I/O will be sent to 3587 * the target until the reset has completed. If an I/O request does 3588 * happen, the devq will be frozen. The CCB holds the path which is 3589 * used to release the devq. The devq is released and the CCB is freed 3590 * when the TM completes. 3591 */ 3592 ccb = xpt_alloc_ccb_nowait(); 3593 if (ccb) { 3594 path_id = cam_sim_path(sc->sassc->sim); 3595 if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, path_id, 3596 target->tid, lun_id) != CAM_REQ_CMP) { 3597 xpt_free_ccb(ccb); 3598 } else { 3599 tm->cm_ccb = ccb; 3600 tm->cm_targ = target; 3601 target->flags |= MPSSAS_TARGET_INRESET; 3602 } 3603 } 3604 } 3605 3606 int 3607 mpssas_startup(struct mps_softc *sc) 3608 { 3609 3610 /* 3611 * Send the port enable message and set the wait_for_port_enable flag. 3612 * This flag helps to keep the simq frozen until all discovery events 3613 * are processed. 3614 */ 3615 sc->wait_for_port_enable = 1; 3616 mpssas_send_portenable(sc); 3617 return (0); 3618 } 3619 3620 static int 3621 mpssas_send_portenable(struct mps_softc *sc) 3622 { 3623 MPI2_PORT_ENABLE_REQUEST *request; 3624 struct mps_command *cm; 3625 3626 MPS_FUNCTRACE(sc); 3627 3628 if ((cm = mps_alloc_command(sc)) == NULL) 3629 return (EBUSY); 3630 request = (MPI2_PORT_ENABLE_REQUEST *)cm->cm_req; 3631 request->Function = MPI2_FUNCTION_PORT_ENABLE; 3632 request->MsgFlags = 0; 3633 request->VP_ID = 0; 3634 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 3635 cm->cm_complete = mpssas_portenable_complete; 3636 cm->cm_data = NULL; 3637 cm->cm_sge = NULL; 3638 3639 mps_map_command(sc, cm); 3640 mps_dprint(sc, MPS_XINFO, 3641 "mps_send_portenable finished cm %p req %p complete %p\n", 3642 cm, cm->cm_req, cm->cm_complete); 3643 return (0); 3644 } 3645 3646 static void 3647 mpssas_portenable_complete(struct mps_softc *sc, struct mps_command *cm) 3648 { 3649 MPI2_PORT_ENABLE_REPLY *reply; 3650 struct mpssas_softc *sassc; 3651 3652 MPS_FUNCTRACE(sc); 3653 sassc = sc->sassc; 3654 3655 /* 3656 * Currently there should be no way we can hit this case. It only 3657 * happens when we have a failure to allocate chain frames, and 3658 * port enable commands don't have S/G lists. 3659 */ 3660 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 3661 mps_dprint(sc, MPS_ERROR, "%s: cm_flags = %#x for port enable! " 3662 "This should not happen!\n", __func__, cm->cm_flags); 3663 } 3664 3665 reply = (MPI2_PORT_ENABLE_REPLY *)cm->cm_reply; 3666 if (reply == NULL) 3667 mps_dprint(sc, MPS_FAULT, "Portenable NULL reply\n"); 3668 else if (le16toh(reply->IOCStatus & MPI2_IOCSTATUS_MASK) != 3669 MPI2_IOCSTATUS_SUCCESS) 3670 mps_dprint(sc, MPS_FAULT, "Portenable failed\n"); 3671 3672 mps_free_command(sc, cm); 3673 if (sc->mps_ich.ich_arg != NULL) { 3674 mps_dprint(sc, MPS_XINFO, "disestablish config intrhook\n"); 3675 config_intrhook_disestablish(&sc->mps_ich); 3676 sc->mps_ich.ich_arg = NULL; 3677 } 3678 3679 /* 3680 * Get WarpDrive info after discovery is complete but before the scan 3681 * starts. At this point, all devices are ready to be exposed to the 3682 * OS. If devices should be hidden instead, take them out of the 3683 * 'targets' array before the scan. The devinfo for a disk will have 3684 * some info and a volume's will be 0. Use that to remove disks. 3685 */ 3686 mps_wd_config_pages(sc); 3687 3688 /* 3689 * Done waiting for port enable to complete. Decrement the refcount. 3690 * If refcount is 0, discovery is complete and a rescan of the bus can 3691 * take place. Since the simq was explicitly frozen before port 3692 * enable, it must be explicitly released here to keep the 3693 * freeze/release count in sync. 3694 */ 3695 sc->wait_for_port_enable = 0; 3696 sc->port_enable_complete = 1; 3697 wakeup(&sc->port_enable_complete); 3698 mpssas_startup_decrement(sassc); 3699 } 3700 3701 int 3702 mpssas_check_id(struct mpssas_softc *sassc, int id) 3703 { 3704 struct mps_softc *sc = sassc->sc; 3705 char *ids; 3706 char *name; 3707 3708 ids = &sc->exclude_ids[0]; 3709 while((name = strsep(&ids, ",")) != NULL) { 3710 if (name[0] == '\0') 3711 continue; 3712 if (strtol(name, NULL, 0) == (long)id) 3713 return (1); 3714 } 3715 3716 return (0); 3717 } 3718 3719 void 3720 mpssas_realloc_targets(struct mps_softc *sc, int maxtargets) 3721 { 3722 struct mpssas_softc *sassc; 3723 struct mpssas_lun *lun, *lun_tmp; 3724 struct mpssas_target *targ; 3725 int i; 3726 3727 sassc = sc->sassc; 3728 /* 3729 * The number of targets is based on IOC Facts, so free all of 3730 * the allocated LUNs for each target and then the target buffer 3731 * itself. 3732 */ 3733 for (i=0; i< maxtargets; i++) { 3734 targ = &sassc->targets[i]; 3735 SLIST_FOREACH_SAFE(lun, &targ->luns, lun_link, lun_tmp) { 3736 free(lun, M_MPT2); 3737 } 3738 } 3739 free(sassc->targets, M_MPT2); 3740 3741 sassc->targets = malloc(sizeof(struct mpssas_target) * maxtargets, 3742 M_MPT2, M_WAITOK|M_ZERO); 3743 if (!sassc->targets) { 3744 panic("%s failed to alloc targets with error %d\n", 3745 __func__, ENOMEM); 3746 } 3747 } 3748