1 /*- 2 * Copyright (c) 2009 Yahoo! Inc. 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 * SUCH DAMAGE. 25 */ 26 27 #include <sys/cdefs.h> 28 __FBSDID("$FreeBSD$"); 29 30 /* Communications core for LSI MPT2 */ 31 32 #include <sys/types.h> 33 #include <sys/param.h> 34 #include <sys/systm.h> 35 #include <sys/kernel.h> 36 #include <sys/selinfo.h> 37 #include <sys/module.h> 38 #include <sys/bus.h> 39 #include <sys/conf.h> 40 #include <sys/bio.h> 41 #include <sys/malloc.h> 42 #include <sys/uio.h> 43 #include <sys/sysctl.h> 44 #include <sys/sglist.h> 45 #include <sys/endian.h> 46 47 #include <machine/bus.h> 48 #include <machine/resource.h> 49 #include <sys/rman.h> 50 51 #include <cam/cam.h> 52 #include <cam/cam_ccb.h> 53 #include <cam/cam_debug.h> 54 #include <cam/cam_sim.h> 55 #include <cam/cam_xpt_sim.h> 56 #include <cam/cam_xpt_periph.h> 57 #include <cam/cam_periph.h> 58 #include <cam/scsi/scsi_all.h> 59 #include <cam/scsi/scsi_message.h> 60 #if __FreeBSD_version >= 900026 61 #include <cam/scsi/smp_all.h> 62 #endif 63 64 #include <dev/mps/mpi/mpi2_type.h> 65 #include <dev/mps/mpi/mpi2.h> 66 #include <dev/mps/mpi/mpi2_ioc.h> 67 #include <dev/mps/mpi/mpi2_sas.h> 68 #include <dev/mps/mpi/mpi2_cnfg.h> 69 #include <dev/mps/mpi/mpi2_init.h> 70 #include <dev/mps/mpsvar.h> 71 #include <dev/mps/mps_table.h> 72 73 struct mpssas_target { 74 uint16_t handle; 75 uint8_t linkrate; 76 uint64_t devname; 77 uint64_t sasaddr; 78 uint32_t devinfo; 79 uint16_t encl_handle; 80 uint16_t encl_slot; 81 uint16_t parent_handle; 82 int flags; 83 #define MPSSAS_TARGET_INABORT (1 << 0) 84 #define MPSSAS_TARGET_INRESET (1 << 1) 85 #define MPSSAS_TARGET_INCHIPRESET (1 << 2) 86 #define MPSSAS_TARGET_INRECOVERY 0x7 87 uint16_t tid; 88 }; 89 90 struct mpssas_softc { 91 struct mps_softc *sc; 92 u_int flags; 93 #define MPSSAS_IN_DISCOVERY (1 << 0) 94 #define MPSSAS_IN_STARTUP (1 << 1) 95 #define MPSSAS_DISCOVERY_TIMEOUT_PENDING (1 << 2) 96 #define MPSSAS_QUEUE_FROZEN (1 << 3) 97 struct mpssas_target *targets; 98 struct cam_devq *devq; 99 struct cam_sim *sim; 100 struct cam_path *path; 101 struct intr_config_hook sas_ich; 102 struct callout discovery_callout; 103 u_int discovery_timeouts; 104 struct mps_event_handle *mpssas_eh; 105 }; 106 107 struct mpssas_devprobe { 108 struct mps_config_params params; 109 u_int state; 110 #define MPSSAS_PROBE_DEV1 0x01 111 #define MPSSAS_PROBE_DEV2 0x02 112 #define MPSSAS_PROBE_PHY 0x03 113 #define MPSSAS_PROBE_EXP 0x04 114 #define MPSSAS_PROBE_PHY2 0x05 115 #define MPSSAS_PROBE_EXP2 0x06 116 struct mpssas_target target; 117 }; 118 119 #define MPSSAS_DISCOVERY_TIMEOUT 20 120 #define MPSSAS_MAX_DISCOVERY_TIMEOUTS 10 /* 200 seconds */ 121 122 static MALLOC_DEFINE(M_MPSSAS, "MPSSAS", "MPS SAS memory"); 123 124 static __inline int mpssas_set_lun(uint8_t *lun, u_int ccblun); 125 static struct mpssas_target * mpssas_alloc_target(struct mpssas_softc *, 126 struct mpssas_target *); 127 static struct mpssas_target * mpssas_find_target(struct mpssas_softc *, int, 128 uint16_t); 129 static void mpssas_announce_device(struct mpssas_softc *, 130 struct mpssas_target *); 131 static void mpssas_startup(void *data); 132 static void mpssas_discovery_end(struct mpssas_softc *sassc); 133 static void mpssas_discovery_timeout(void *data); 134 static void mpssas_prepare_remove(struct mpssas_softc *, 135 MPI2_EVENT_SAS_TOPO_PHY_ENTRY *); 136 static void mpssas_remove_device(struct mps_softc *, struct mps_command *); 137 static void mpssas_remove_complete(struct mps_softc *, struct mps_command *); 138 static void mpssas_action(struct cam_sim *sim, union ccb *ccb); 139 static void mpssas_poll(struct cam_sim *sim); 140 static void mpssas_probe_device(struct mps_softc *sc, uint16_t handle); 141 static void mpssas_probe_device_complete(struct mps_softc *sc, 142 struct mps_config_params *params); 143 static void mpssas_scsiio_timeout(void *data); 144 static void mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm); 145 static void mpssas_recovery(struct mps_softc *, struct mps_command *); 146 static int mpssas_map_tm_request(struct mps_softc *sc, struct mps_command *cm); 147 static void mpssas_issue_tm_request(struct mps_softc *sc, 148 struct mps_command *cm); 149 static void mpssas_tm_complete(struct mps_softc *sc, struct mps_command *cm, 150 int error); 151 static int mpssas_complete_tm_request(struct mps_softc *sc, 152 struct mps_command *cm, int free_cm); 153 static void mpssas_action_scsiio(struct mpssas_softc *, union ccb *); 154 static void mpssas_scsiio_complete(struct mps_softc *, struct mps_command *); 155 #if __FreeBSD_version >= 900026 156 static void mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm); 157 static void mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, 158 uint64_t sasaddr); 159 static void mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb); 160 #endif /* __FreeBSD_version >= 900026 */ 161 static void mpssas_resetdev(struct mpssas_softc *, struct mps_command *); 162 static void mpssas_action_resetdev(struct mpssas_softc *, union ccb *); 163 static void mpssas_resetdev_complete(struct mps_softc *, struct mps_command *); 164 static void mpssas_freeze_device(struct mpssas_softc *, struct mpssas_target *); 165 static void mpssas_unfreeze_device(struct mpssas_softc *, struct mpssas_target *) __unused; 166 167 /* 168 * Abstracted so that the driver can be backwards and forwards compatible 169 * with future versions of CAM that will provide this functionality. 170 */ 171 #define MPS_SET_LUN(lun, ccblun) \ 172 mpssas_set_lun(lun, ccblun) 173 174 static __inline int 175 mpssas_set_lun(uint8_t *lun, u_int ccblun) 176 { 177 uint64_t *newlun; 178 179 newlun = (uint64_t *)lun; 180 *newlun = 0; 181 if (ccblun <= 0xff) { 182 /* Peripheral device address method, LUN is 0 to 255 */ 183 lun[1] = ccblun; 184 } else if (ccblun <= 0x3fff) { 185 /* Flat space address method, LUN is <= 16383 */ 186 scsi_ulto2b(ccblun, lun); 187 lun[0] |= 0x40; 188 } else if (ccblun <= 0xffffff) { 189 /* Extended flat space address method, LUN is <= 16777215 */ 190 scsi_ulto3b(ccblun, &lun[1]); 191 /* Extended Flat space address method */ 192 lun[0] = 0xc0; 193 /* Length = 1, i.e. LUN is 3 bytes long */ 194 lun[0] |= 0x10; 195 /* Extended Address Method */ 196 lun[0] |= 0x02; 197 } else { 198 return (EINVAL); 199 } 200 201 return (0); 202 } 203 204 static struct mpssas_target * 205 mpssas_alloc_target(struct mpssas_softc *sassc, struct mpssas_target *probe) 206 { 207 struct mpssas_target *target; 208 int start; 209 210 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__); 211 212 /* 213 * If it's not a sata or sas target, CAM won't be able to see it. Put 214 * it into a high-numbered slot so that it's accessible but not 215 * interrupting the target numbering sequence of real drives. 216 */ 217 if ((probe->devinfo & (MPI2_SAS_DEVICE_INFO_SSP_TARGET | 218 MPI2_SAS_DEVICE_INFO_STP_TARGET | MPI2_SAS_DEVICE_INFO_SATA_DEVICE)) 219 == 0) { 220 start = 200; 221 } else { 222 /* 223 * Use the enclosure number and slot number as a hint for target 224 * numbering. If that doesn't produce a sane result, search the 225 * entire space. 226 */ 227 #if 0 228 start = probe->encl_handle * 16 + probe->encl_slot; 229 #else 230 start = probe->encl_slot; 231 #endif 232 if (start >= sassc->sc->facts->MaxTargets) 233 start = 0; 234 } 235 236 target = mpssas_find_target(sassc, start, 0); 237 238 /* 239 * Nothing found on the first pass, try a second pass that searches the 240 * entire space. 241 */ 242 if (target == NULL) 243 target = mpssas_find_target(sassc, 0, 0); 244 245 return (target); 246 } 247 248 static struct mpssas_target * 249 mpssas_find_target(struct mpssas_softc *sassc, int start, uint16_t handle) 250 { 251 struct mpssas_target *target; 252 int i; 253 254 for (i = start; i < sassc->sc->facts->MaxTargets; i++) { 255 target = &sassc->targets[i]; 256 if (target->handle == handle) 257 return (target); 258 } 259 260 return (NULL); 261 } 262 263 /* 264 * Start the probe sequence for a given device handle. This will not 265 * block. 266 */ 267 static void 268 mpssas_probe_device(struct mps_softc *sc, uint16_t handle) 269 { 270 struct mpssas_devprobe *probe; 271 struct mps_config_params *params; 272 MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr; 273 int error; 274 275 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 276 277 probe = malloc(sizeof(*probe), M_MPSSAS, M_NOWAIT | M_ZERO); 278 if (probe == NULL) { 279 mps_dprint(sc, MPS_FAULT, "Out of memory starting probe\n"); 280 return; 281 } 282 params = &probe->params; 283 hdr = ¶ms->hdr.Ext; 284 285 params->action = MPI2_CONFIG_ACTION_PAGE_HEADER; 286 params->page_address = MPI2_SAS_DEVICE_PGAD_FORM_HANDLE | handle; 287 hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_DEVICE; 288 hdr->ExtPageLength = 0; 289 hdr->PageNumber = 0; 290 hdr->PageVersion = 0; 291 params->buffer = NULL; 292 params->length = 0; 293 params->callback = mpssas_probe_device_complete; 294 params->cbdata = probe; 295 probe->target.handle = handle; 296 probe->state = MPSSAS_PROBE_DEV1; 297 298 if ((error = mps_read_config_page(sc, params)) != 0) { 299 free(probe, M_MPSSAS); 300 mps_dprint(sc, MPS_FAULT, "Failure starting device probe\n"); 301 return; 302 } 303 } 304 305 static void 306 mpssas_probe_device_complete(struct mps_softc *sc, 307 struct mps_config_params *params) 308 { 309 MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr; 310 struct mpssas_devprobe *probe; 311 int error; 312 313 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 314 315 hdr = ¶ms->hdr.Ext; 316 probe = params->cbdata; 317 318 switch (probe->state) { 319 case MPSSAS_PROBE_DEV1: 320 case MPSSAS_PROBE_PHY: 321 case MPSSAS_PROBE_EXP: 322 if (params->status != MPI2_IOCSTATUS_SUCCESS) { 323 mps_dprint(sc, MPS_FAULT, 324 "Probe Failure 0x%x state %d\n", params->status, 325 probe->state); 326 free(probe, M_MPSSAS); 327 return; 328 } 329 params->action = MPI2_CONFIG_ACTION_PAGE_READ_CURRENT; 330 params->length = hdr->ExtPageLength * 4; 331 params->buffer = malloc(params->length, M_MPSSAS, 332 M_ZERO|M_NOWAIT); 333 if (params->buffer == NULL) { 334 mps_dprint(sc, MPS_FAULT, "Out of memory at state " 335 "0x%x, size 0x%x\n", probe->state, params->length); 336 free(probe, M_MPSSAS); 337 return; 338 } 339 if (probe->state == MPSSAS_PROBE_DEV1) 340 probe->state = MPSSAS_PROBE_DEV2; 341 else if (probe->state == MPSSAS_PROBE_PHY) 342 probe->state = MPSSAS_PROBE_PHY2; 343 else if (probe->state == MPSSAS_PROBE_EXP) 344 probe->state = MPSSAS_PROBE_EXP2; 345 error = mps_read_config_page(sc, params); 346 break; 347 case MPSSAS_PROBE_DEV2: 348 { 349 MPI2_CONFIG_PAGE_SAS_DEV_0 *buf; 350 351 if (params->status != MPI2_IOCSTATUS_SUCCESS) { 352 mps_dprint(sc, MPS_FAULT, 353 "Probe Failure 0x%x state %d\n", params->status, 354 probe->state); 355 free(params->buffer, M_MPSSAS); 356 free(probe, M_MPSSAS); 357 return; 358 } 359 buf = params->buffer; 360 mps_print_sasdev0(sc, buf); 361 362 probe->target.devname = mps_to_u64(&buf->DeviceName); 363 probe->target.devinfo = buf->DeviceInfo; 364 probe->target.encl_handle = buf->EnclosureHandle; 365 probe->target.encl_slot = buf->Slot; 366 probe->target.sasaddr = mps_to_u64(&buf->SASAddress); 367 probe->target.parent_handle = buf->ParentDevHandle; 368 369 if (buf->DeviceInfo & MPI2_SAS_DEVICE_INFO_DIRECT_ATTACH) { 370 params->page_address = 371 MPI2_SAS_PHY_PGAD_FORM_PHY_NUMBER | buf->PhyNum; 372 hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_PHY; 373 hdr->PageNumber = 0; 374 probe->state = MPSSAS_PROBE_PHY; 375 } else { 376 params->page_address = 377 MPI2_SAS_EXPAND_PGAD_FORM_HNDL_PHY_NUM | 378 buf->ParentDevHandle | (buf->PhyNum << 16); 379 hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_EXPANDER; 380 hdr->PageNumber = 1; 381 probe->state = MPSSAS_PROBE_EXP; 382 } 383 params->action = MPI2_CONFIG_ACTION_PAGE_HEADER; 384 hdr->ExtPageLength = 0; 385 hdr->PageVersion = 0; 386 params->buffer = NULL; 387 params->length = 0; 388 free(buf, M_MPSSAS); 389 error = mps_read_config_page(sc, params); 390 break; 391 } 392 case MPSSAS_PROBE_PHY2: 393 case MPSSAS_PROBE_EXP2: 394 { 395 MPI2_CONFIG_PAGE_SAS_PHY_0 *phy; 396 MPI2_CONFIG_PAGE_EXPANDER_1 *exp; 397 struct mpssas_softc *sassc; 398 struct mpssas_target *targ; 399 char devstring[80]; 400 uint16_t handle; 401 402 if (params->status != MPI2_IOCSTATUS_SUCCESS) { 403 mps_dprint(sc, MPS_FAULT, 404 "Probe Failure 0x%x state %d\n", params->status, 405 probe->state); 406 free(params->buffer, M_MPSSAS); 407 free(probe, M_MPSSAS); 408 return; 409 } 410 411 if (probe->state == MPSSAS_PROBE_PHY2) { 412 phy = params->buffer; 413 mps_print_sasphy0(sc, phy); 414 probe->target.linkrate = phy->NegotiatedLinkRate & 0xf; 415 } else { 416 exp = params->buffer; 417 mps_print_expander1(sc, exp); 418 probe->target.linkrate = exp->NegotiatedLinkRate & 0xf; 419 } 420 free(params->buffer, M_MPSSAS); 421 422 sassc = sc->sassc; 423 handle = probe->target.handle; 424 if ((targ = mpssas_find_target(sassc, 0, handle)) != NULL) { 425 mps_printf(sc, "Ignoring dup device handle 0x%04x\n", 426 handle); 427 free(probe, M_MPSSAS); 428 return; 429 } 430 if ((targ = mpssas_alloc_target(sassc, &probe->target)) == NULL) { 431 mps_printf(sc, "Target table overflow, handle 0x%04x\n", 432 handle); 433 free(probe, M_MPSSAS); 434 return; 435 } 436 437 *targ = probe->target; /* Copy the attributes */ 438 targ->tid = targ - sassc->targets; 439 mps_describe_devinfo(targ->devinfo, devstring, 80); 440 if (bootverbose) 441 mps_printf(sc, "Found device <%s> <%s> <0x%04x> " 442 "<%d/%d>\n", devstring, 443 mps_describe_table(mps_linkrate_names, 444 targ->linkrate), targ->handle, targ->encl_handle, 445 targ->encl_slot); 446 447 free(probe, M_MPSSAS); 448 mpssas_announce_device(sassc, targ); 449 break; 450 } 451 default: 452 printf("what?\n"); 453 } 454 } 455 456 /* 457 * The MPT2 firmware performs debounce on the link to avoid transient link errors 458 * and false removals. When it does decide that link has been lost and a device 459 * need to go away, it expects that the host will perform a target reset and then 460 * an op remove. The reset has the side-effect of aborting any outstanding 461 * requests for the device, which is required for the op-remove to succeed. It's 462 * not clear if the host should check for the device coming back alive after the 463 * reset. 464 */ 465 static void 466 mpssas_prepare_remove(struct mpssas_softc *sassc, MPI2_EVENT_SAS_TOPO_PHY_ENTRY *phy) 467 { 468 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 469 struct mps_softc *sc; 470 struct mps_command *cm; 471 struct mpssas_target *targ = NULL; 472 uint16_t handle; 473 474 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__); 475 476 handle = phy->AttachedDevHandle; 477 targ = mpssas_find_target(sassc, 0, handle); 478 if (targ == NULL) 479 /* We don't know about this device? */ 480 return; 481 482 sc = sassc->sc; 483 cm = mps_alloc_command(sc); 484 if (cm == NULL) { 485 mps_printf(sc, "comand alloc failure in mpssas_prepare_remove\n"); 486 return; 487 } 488 489 mps_dprint(sc, MPS_INFO, "Preparing to remove target %d\n", targ->tid); 490 491 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 492 memset(req, 0, sizeof(*req)); 493 req->DevHandle = targ->handle; 494 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 495 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET; 496 497 /* SAS Hard Link Reset / SATA Link Reset */ 498 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET; 499 500 cm->cm_data = NULL; 501 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 502 cm->cm_complete = mpssas_remove_device; 503 cm->cm_targ = targ; 504 mpssas_issue_tm_request(sc, cm); 505 } 506 507 static void 508 mpssas_remove_device(struct mps_softc *sc, struct mps_command *cm) 509 { 510 MPI2_SCSI_TASK_MANAGE_REPLY *reply; 511 MPI2_SAS_IOUNIT_CONTROL_REQUEST *req; 512 struct mpssas_target *targ; 513 struct mps_command *next_cm; 514 uint16_t handle; 515 516 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 517 518 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply; 519 handle = cm->cm_targ->handle; 520 521 mpssas_complete_tm_request(sc, cm, /*free_cm*/ 0); 522 523 /* 524 * Currently there should be no way we can hit this case. It only 525 * happens when we have a failure to allocate chain frames, and 526 * task management commands don't have S/G lists. 527 */ 528 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 529 mps_printf(sc, "%s: cm_flags = %#x for remove of handle %#04x! " 530 "This should not happen!\n", __func__, cm->cm_flags, 531 handle); 532 return; 533 } 534 535 if (reply->IOCStatus != MPI2_IOCSTATUS_SUCCESS) { 536 mps_printf(sc, "Failure 0x%x reseting device 0x%04x\n", 537 reply->IOCStatus, handle); 538 mps_free_command(sc, cm); 539 return; 540 } 541 542 mps_dprint(sc, MPS_INFO, "Reset aborted %u commands\n", 543 reply->TerminationCount); 544 mps_free_reply(sc, cm->cm_reply_data); 545 546 /* Reuse the existing command */ 547 req = (MPI2_SAS_IOUNIT_CONTROL_REQUEST *)cm->cm_req; 548 memset(req, 0, sizeof(*req)); 549 req->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL; 550 req->Operation = MPI2_SAS_OP_REMOVE_DEVICE; 551 req->DevHandle = handle; 552 cm->cm_data = NULL; 553 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 554 cm->cm_flags &= ~MPS_CM_FLAGS_COMPLETE; 555 cm->cm_complete = mpssas_remove_complete; 556 557 mps_map_command(sc, cm); 558 559 mps_dprint(sc, MPS_INFO, "clearing target handle 0x%04x\n", handle); 560 TAILQ_FOREACH_SAFE(cm, &sc->io_list, cm_link, next_cm) { 561 union ccb *ccb; 562 563 if (cm->cm_targ->handle != handle) 564 continue; 565 566 mps_dprint(sc, MPS_INFO, "Completing missed command %p\n", cm); 567 ccb = cm->cm_complete_data; 568 ccb->ccb_h.status = CAM_DEV_NOT_THERE; 569 mpssas_scsiio_complete(sc, cm); 570 } 571 targ = mpssas_find_target(sc->sassc, 0, handle); 572 if (targ != NULL) { 573 targ->handle = 0x0; 574 mpssas_announce_device(sc->sassc, targ); 575 } 576 } 577 578 static void 579 mpssas_remove_complete(struct mps_softc *sc, struct mps_command *cm) 580 { 581 MPI2_SAS_IOUNIT_CONTROL_REPLY *reply; 582 583 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 584 585 reply = (MPI2_SAS_IOUNIT_CONTROL_REPLY *)cm->cm_reply; 586 587 mps_printf(sc, "mpssas_remove_complete on target 0x%04x," 588 " IOCStatus= 0x%x\n", cm->cm_targ->tid, reply->IOCStatus); 589 590 mps_free_command(sc, cm); 591 } 592 593 static void 594 mpssas_evt_handler(struct mps_softc *sc, uintptr_t data, 595 MPI2_EVENT_NOTIFICATION_REPLY *event) 596 { 597 struct mpssas_softc *sassc; 598 599 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 600 601 sassc = sc->sassc; 602 mps_print_evt_sas(sc, event); 603 604 switch (event->Event) { 605 case MPI2_EVENT_SAS_DISCOVERY: 606 { 607 MPI2_EVENT_DATA_SAS_DISCOVERY *data; 608 609 data = (MPI2_EVENT_DATA_SAS_DISCOVERY *)&event->EventData; 610 611 if (data->ReasonCode & MPI2_EVENT_SAS_DISC_RC_STARTED) 612 mps_dprint(sc, MPS_TRACE,"SAS discovery start event\n"); 613 if (data->ReasonCode & MPI2_EVENT_SAS_DISC_RC_COMPLETED) { 614 mps_dprint(sc, MPS_TRACE, "SAS discovery end event\n"); 615 sassc->flags &= ~MPSSAS_IN_DISCOVERY; 616 mpssas_discovery_end(sassc); 617 } 618 break; 619 } 620 case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST: 621 { 622 MPI2_EVENT_DATA_SAS_TOPOLOGY_CHANGE_LIST *data; 623 MPI2_EVENT_SAS_TOPO_PHY_ENTRY *phy; 624 int i; 625 626 data = (MPI2_EVENT_DATA_SAS_TOPOLOGY_CHANGE_LIST *) 627 &event->EventData; 628 629 if (data->ExpStatus == MPI2_EVENT_SAS_TOPO_ES_ADDED) { 630 if (bootverbose) 631 printf("Expander found at enclosure %d\n", 632 data->EnclosureHandle); 633 mpssas_probe_device(sc, data->ExpanderDevHandle); 634 } 635 636 for (i = 0; i < data->NumEntries; i++) { 637 phy = &data->PHY[i]; 638 switch (phy->PhyStatus & MPI2_EVENT_SAS_TOPO_RC_MASK) { 639 case MPI2_EVENT_SAS_TOPO_RC_TARG_ADDED: 640 mpssas_probe_device(sc, phy->AttachedDevHandle); 641 break; 642 case MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING: 643 mpssas_prepare_remove(sassc, phy); 644 break; 645 case MPI2_EVENT_SAS_TOPO_RC_PHY_CHANGED: 646 case MPI2_EVENT_SAS_TOPO_RC_NO_CHANGE: 647 case MPI2_EVENT_SAS_TOPO_RC_DELAY_NOT_RESPONDING: 648 default: 649 break; 650 } 651 } 652 653 break; 654 } 655 case MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE: 656 break; 657 default: 658 break; 659 } 660 661 mps_free_reply(sc, data); 662 } 663 664 static int 665 mpssas_register_events(struct mps_softc *sc) 666 { 667 uint8_t events[16]; 668 669 bzero(events, 16); 670 setbit(events, MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE); 671 setbit(events, MPI2_EVENT_SAS_DISCOVERY); 672 setbit(events, MPI2_EVENT_SAS_BROADCAST_PRIMITIVE); 673 setbit(events, MPI2_EVENT_SAS_INIT_DEVICE_STATUS_CHANGE); 674 setbit(events, MPI2_EVENT_SAS_INIT_TABLE_OVERFLOW); 675 setbit(events, MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST); 676 setbit(events, MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE); 677 678 mps_register_events(sc, events, mpssas_evt_handler, NULL, 679 &sc->sassc->mpssas_eh); 680 681 return (0); 682 } 683 684 int 685 mps_attach_sas(struct mps_softc *sc) 686 { 687 struct mpssas_softc *sassc; 688 int error = 0; 689 int num_sim_reqs; 690 691 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 692 693 sassc = malloc(sizeof(struct mpssas_softc), M_MPT2, M_WAITOK|M_ZERO); 694 sassc->targets = malloc(sizeof(struct mpssas_target) * 695 sc->facts->MaxTargets, M_MPT2, M_WAITOK|M_ZERO); 696 sc->sassc = sassc; 697 sassc->sc = sc; 698 699 /* 700 * Tell CAM that we can handle 5 fewer requests than we have 701 * allocated. If we allow the full number of requests, all I/O 702 * will halt when we run out of resources. Things work fine with 703 * just 1 less request slot given to CAM than we have allocated. 704 * We also need a couple of extra commands so that we can send down 705 * abort, reset, etc. requests when commands time out. Otherwise 706 * we could wind up in a situation with sc->num_reqs requests down 707 * on the card and no way to send an abort. 708 * 709 * XXX KDM need to figure out why I/O locks up if all commands are 710 * used. 711 */ 712 num_sim_reqs = sc->num_reqs - 5; 713 714 if ((sassc->devq = cam_simq_alloc(num_sim_reqs)) == NULL) { 715 mps_dprint(sc, MPS_FAULT, "Cannot allocate SIMQ\n"); 716 error = ENOMEM; 717 goto out; 718 } 719 720 sassc->sim = cam_sim_alloc(mpssas_action, mpssas_poll, "mps", sassc, 721 device_get_unit(sc->mps_dev), &sc->mps_mtx, num_sim_reqs, 722 num_sim_reqs, sassc->devq); 723 if (sassc->sim == NULL) { 724 mps_dprint(sc, MPS_FAULT, "Cannot allocate SIM\n"); 725 error = EINVAL; 726 goto out; 727 } 728 729 /* 730 * XXX There should be a bus for every port on the adapter, but since 731 * we're just going to fake the topology for now, we'll pretend that 732 * everything is just a target on a single bus. 733 */ 734 mps_lock(sc); 735 if ((error = xpt_bus_register(sassc->sim, sc->mps_dev, 0)) != 0) { 736 mps_dprint(sc, MPS_FAULT, "Error %d registering SCSI bus\n", 737 error); 738 mps_unlock(sc); 739 goto out; 740 } 741 742 /* 743 * Assume that discovery events will start right away. Freezing 744 * the simq will prevent the CAM boottime scanner from running 745 * before discovery is complete. 746 */ 747 sassc->flags = MPSSAS_IN_STARTUP | MPSSAS_IN_DISCOVERY; 748 xpt_freeze_simq(sassc->sim, 1); 749 750 mps_unlock(sc); 751 752 callout_init(&sassc->discovery_callout, 1 /*mpsafe*/); 753 sassc->discovery_timeouts = 0; 754 755 mpssas_register_events(sc); 756 out: 757 if (error) 758 mps_detach_sas(sc); 759 return (error); 760 } 761 762 int 763 mps_detach_sas(struct mps_softc *sc) 764 { 765 struct mpssas_softc *sassc; 766 767 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 768 769 if (sc->sassc == NULL) 770 return (0); 771 772 sassc = sc->sassc; 773 774 /* Make sure CAM doesn't wedge if we had to bail out early. */ 775 mps_lock(sc); 776 if (sassc->flags & MPSSAS_IN_STARTUP) 777 xpt_release_simq(sassc->sim, 1); 778 mps_unlock(sc); 779 780 if (sassc->mpssas_eh != NULL) 781 mps_deregister_events(sc, sassc->mpssas_eh); 782 783 mps_lock(sc); 784 785 if (sassc->sim != NULL) { 786 xpt_bus_deregister(cam_sim_path(sassc->sim)); 787 cam_sim_free(sassc->sim, FALSE); 788 } 789 mps_unlock(sc); 790 791 if (sassc->devq != NULL) 792 cam_simq_free(sassc->devq); 793 794 free(sassc->targets, M_MPT2); 795 free(sassc, M_MPT2); 796 sc->sassc = NULL; 797 798 return (0); 799 } 800 801 static void 802 mpssas_discovery_end(struct mpssas_softc *sassc) 803 { 804 struct mps_softc *sc = sassc->sc; 805 806 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 807 808 if (sassc->flags & MPSSAS_DISCOVERY_TIMEOUT_PENDING) 809 callout_stop(&sassc->discovery_callout); 810 811 if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) { 812 mps_dprint(sc, MPS_INFO, 813 "mpssas_discovery_end: removing confighook\n"); 814 sassc->flags &= ~MPSSAS_IN_STARTUP; 815 xpt_release_simq(sassc->sim, 1); 816 } 817 #if 0 818 mpssas_announce_device(sassc, NULL); 819 #endif 820 821 } 822 823 static void 824 mpssas_announce_device(struct mpssas_softc *sassc, struct mpssas_target *targ) 825 { 826 union ccb *ccb; 827 int bus, tid, lun; 828 829 /* 830 * Force a rescan, a hackish way to announce devices. 831 * XXX Doing a scan on an individual device is hackish in that it 832 * won't scan the LUNs. 833 * XXX Does it matter if any of this fails? 834 */ 835 bus = cam_sim_path(sassc->sim); 836 if (targ != NULL) { 837 tid = targ->tid; 838 lun = 0; 839 } else { 840 tid = CAM_TARGET_WILDCARD; 841 lun = CAM_LUN_WILDCARD; 842 } 843 ccb = xpt_alloc_ccb_nowait(); 844 if (ccb == NULL) 845 return; 846 if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, bus, tid, 847 CAM_LUN_WILDCARD) != CAM_REQ_CMP) { 848 xpt_free_ccb(ccb); 849 return; 850 } 851 mps_dprint(sassc->sc, MPS_INFO, "Triggering rescan of %d:%d:-1\n", 852 bus, tid); 853 xpt_rescan(ccb); 854 } 855 856 static void 857 mpssas_startup(void *data) 858 { 859 struct mpssas_softc *sassc = data; 860 861 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__); 862 863 mps_lock(sassc->sc); 864 if ((sassc->flags & MPSSAS_IN_DISCOVERY) == 0) { 865 mpssas_discovery_end(sassc); 866 } else { 867 if (sassc->discovery_timeouts < MPSSAS_MAX_DISCOVERY_TIMEOUTS) { 868 sassc->flags |= MPSSAS_DISCOVERY_TIMEOUT_PENDING; 869 callout_reset(&sassc->discovery_callout, 870 MPSSAS_DISCOVERY_TIMEOUT * hz, 871 mpssas_discovery_timeout, sassc); 872 sassc->discovery_timeouts++; 873 } else { 874 mps_dprint(sassc->sc, MPS_FAULT, 875 "Discovery timed out, continuing.\n"); 876 sassc->flags &= ~MPSSAS_IN_DISCOVERY; 877 mpssas_discovery_end(sassc); 878 } 879 } 880 mps_unlock(sassc->sc); 881 882 return; 883 } 884 885 static void 886 mpssas_discovery_timeout(void *data) 887 { 888 struct mpssas_softc *sassc = data; 889 struct mps_softc *sc; 890 891 sc = sassc->sc; 892 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 893 894 mps_lock(sc); 895 mps_printf(sc, 896 "Timeout waiting for discovery, interrupts may not be working!\n"); 897 sassc->flags &= ~MPSSAS_DISCOVERY_TIMEOUT_PENDING; 898 899 /* Poll the hardware for events in case interrupts aren't working */ 900 mps_intr_locked(sc); 901 mps_unlock(sc); 902 903 /* Check the status of discovery and re-arm the timeout if needed */ 904 mpssas_startup(sassc); 905 } 906 907 static void 908 mpssas_action(struct cam_sim *sim, union ccb *ccb) 909 { 910 struct mpssas_softc *sassc; 911 912 sassc = cam_sim_softc(sim); 913 914 mps_dprint(sassc->sc, MPS_TRACE, "%s func 0x%x\n", __func__, 915 ccb->ccb_h.func_code); 916 917 switch (ccb->ccb_h.func_code) { 918 case XPT_PATH_INQ: 919 { 920 struct ccb_pathinq *cpi = &ccb->cpi; 921 922 cpi->version_num = 1; 923 cpi->hba_inquiry = PI_SDTR_ABLE|PI_TAG_ABLE|PI_WIDE_16; 924 cpi->target_sprt = 0; 925 cpi->hba_misc = PIM_NOBUSRESET; 926 cpi->hba_eng_cnt = 0; 927 cpi->max_target = sassc->sc->facts->MaxTargets - 1; 928 cpi->max_lun = 8; 929 cpi->initiator_id = 255; 930 strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN); 931 strncpy(cpi->hba_vid, "LSILogic", HBA_IDLEN); 932 strncpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN); 933 cpi->unit_number = cam_sim_unit(sim); 934 cpi->bus_id = cam_sim_bus(sim); 935 cpi->base_transfer_speed = 150000; 936 cpi->transport = XPORT_SAS; 937 cpi->transport_version = 0; 938 cpi->protocol = PROTO_SCSI; 939 cpi->protocol_version = SCSI_REV_SPC; 940 cpi->maxio = MAXPHYS; 941 cpi->ccb_h.status = CAM_REQ_CMP; 942 break; 943 } 944 case XPT_GET_TRAN_SETTINGS: 945 { 946 struct ccb_trans_settings *cts; 947 struct ccb_trans_settings_sas *sas; 948 struct ccb_trans_settings_scsi *scsi; 949 struct mpssas_target *targ; 950 951 cts = &ccb->cts; 952 sas = &cts->xport_specific.sas; 953 scsi = &cts->proto_specific.scsi; 954 955 targ = &sassc->targets[cts->ccb_h.target_id]; 956 if (targ->handle == 0x0) { 957 cts->ccb_h.status = CAM_TID_INVALID; 958 break; 959 } 960 961 cts->protocol_version = SCSI_REV_SPC2; 962 cts->transport = XPORT_SAS; 963 cts->transport_version = 0; 964 965 sas->valid = CTS_SAS_VALID_SPEED; 966 switch (targ->linkrate) { 967 case 0x08: 968 sas->bitrate = 150000; 969 break; 970 case 0x09: 971 sas->bitrate = 300000; 972 break; 973 case 0x0a: 974 sas->bitrate = 600000; 975 break; 976 default: 977 sas->valid = 0; 978 } 979 980 cts->protocol = PROTO_SCSI; 981 scsi->valid = CTS_SCSI_VALID_TQ; 982 scsi->flags = CTS_SCSI_FLAGS_TAG_ENB; 983 984 cts->ccb_h.status = CAM_REQ_CMP; 985 break; 986 } 987 case XPT_CALC_GEOMETRY: 988 cam_calc_geometry(&ccb->ccg, /*extended*/1); 989 ccb->ccb_h.status = CAM_REQ_CMP; 990 break; 991 case XPT_RESET_DEV: 992 mpssas_action_resetdev(sassc, ccb); 993 return; 994 case XPT_RESET_BUS: 995 case XPT_ABORT: 996 case XPT_TERM_IO: 997 ccb->ccb_h.status = CAM_REQ_CMP; 998 break; 999 case XPT_SCSI_IO: 1000 mpssas_action_scsiio(sassc, ccb); 1001 return; 1002 #if __FreeBSD_version >= 900026 1003 case XPT_SMP_IO: 1004 mpssas_action_smpio(sassc, ccb); 1005 return; 1006 #endif /* __FreeBSD_version >= 900026 */ 1007 default: 1008 ccb->ccb_h.status = CAM_FUNC_NOTAVAIL; 1009 break; 1010 } 1011 xpt_done(ccb); 1012 1013 } 1014 1015 #if 0 1016 static void 1017 mpssas_resettimeout_complete(struct mps_softc *sc, struct mps_command *cm) 1018 { 1019 MPI2_SCSI_TASK_MANAGE_REPLY *resp; 1020 uint16_t code; 1021 1022 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 1023 1024 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply; 1025 code = resp->ResponseCode; 1026 1027 mps_free_command(sc, cm); 1028 mpssas_unfreeze_device(sassc, targ); 1029 1030 if (code != MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) { 1031 mps_reset_controller(sc); 1032 } 1033 1034 return; 1035 } 1036 #endif 1037 1038 static void 1039 mpssas_scsiio_timeout(void *data) 1040 { 1041 union ccb *ccb; 1042 struct mps_softc *sc; 1043 struct mps_command *cm; 1044 struct mpssas_target *targ; 1045 #if 0 1046 char cdb_str[(SCSI_MAX_CDBLEN * 3) + 1]; 1047 #endif 1048 1049 cm = (struct mps_command *)data; 1050 sc = cm->cm_sc; 1051 1052 /* 1053 * Run the interrupt handler to make sure it's not pending. This 1054 * isn't perfect because the command could have already completed 1055 * and been re-used, though this is unlikely. 1056 */ 1057 mps_lock(sc); 1058 mps_intr_locked(sc); 1059 if (cm->cm_state == MPS_CM_STATE_FREE) { 1060 mps_unlock(sc); 1061 return; 1062 } 1063 1064 ccb = cm->cm_complete_data; 1065 targ = cm->cm_targ; 1066 if (targ == 0x00) 1067 /* Driver bug */ 1068 targ = &sc->sassc->targets[ccb->ccb_h.target_id]; 1069 1070 xpt_print(ccb->ccb_h.path, "SCSI command timeout on device handle " 1071 "0x%04x SMID %d\n", targ->handle, cm->cm_desc.Default.SMID); 1072 /* 1073 * XXX KDM this is useful for debugging purposes, but the existing 1074 * scsi_op_desc() implementation can't handle a NULL value for 1075 * inq_data. So this will remain commented out until I bring in 1076 * those changes as well. 1077 */ 1078 #if 0 1079 xpt_print(ccb->ccb_h.path, "Timed out command: %s. CDB %s\n", 1080 scsi_op_desc((ccb->ccb_h.flags & CAM_CDB_POINTER) ? 1081 ccb->csio.cdb_io.cdb_ptr[0] : 1082 ccb->csio.cdb_io.cdb_bytes[0], NULL), 1083 scsi_cdb_string((ccb->ccb_h.flags & CAM_CDB_POINTER) ? 1084 ccb->csio.cdb_io.cdb_ptr : 1085 ccb->csio.cdb_io.cdb_bytes, cdb_str, 1086 sizeof(cdb_str))); 1087 #endif 1088 1089 /* Inform CAM about the timeout and that recovery is starting. */ 1090 #if 0 1091 if ((targ->flags & MPSSAS_TARGET_INRECOVERY) == 0) { 1092 mpssas_freeze_device(sc->sassc, targ); 1093 ccb->ccb_h.status = CAM_CMD_TIMEOUT; 1094 xpt_done(ccb); 1095 } 1096 #endif 1097 mpssas_freeze_device(sc->sassc, targ); 1098 ccb->ccb_h.status = CAM_CMD_TIMEOUT; 1099 1100 /* 1101 * recycle the command into recovery so that there's no risk of 1102 * command allocation failure. 1103 */ 1104 cm->cm_state = MPS_CM_STATE_TIMEDOUT; 1105 mpssas_recovery(sc, cm); 1106 mps_unlock(sc); 1107 } 1108 1109 static void 1110 mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm) 1111 { 1112 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1113 1114 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 1115 1116 /* 1117 * Currently there should be no way we can hit this case. It only 1118 * happens when we have a failure to allocate chain frames, and 1119 * task management commands don't have S/G lists. 1120 */ 1121 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 1122 mps_printf(sc, "%s: cm_flags = %#x for abort on handle %#04x! " 1123 "This should not happen!\n", __func__, cm->cm_flags, 1124 req->DevHandle); 1125 } 1126 1127 mps_printf(sc, "%s: abort request on handle %#04x SMID %d " 1128 "complete\n", __func__, req->DevHandle, req->TaskMID); 1129 1130 mpssas_complete_tm_request(sc, cm, /*free_cm*/ 1); 1131 } 1132 1133 static void 1134 mpssas_recovery(struct mps_softc *sc, struct mps_command *abort_cm) 1135 { 1136 struct mps_command *cm; 1137 MPI2_SCSI_TASK_MANAGE_REQUEST *req, *orig_req; 1138 1139 cm = mps_alloc_command(sc); 1140 if (cm == NULL) { 1141 mps_printf(sc, "%s: command allocation failure\n", __func__); 1142 return; 1143 } 1144 1145 cm->cm_targ = abort_cm->cm_targ; 1146 cm->cm_complete = mpssas_abort_complete; 1147 1148 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 1149 orig_req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)abort_cm->cm_req; 1150 req->DevHandle = abort_cm->cm_targ->handle; 1151 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 1152 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK; 1153 memcpy(req->LUN, orig_req->LUN, sizeof(req->LUN)); 1154 req->TaskMID = abort_cm->cm_desc.Default.SMID; 1155 1156 cm->cm_data = NULL; 1157 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 1158 1159 mpssas_issue_tm_request(sc, cm); 1160 1161 } 1162 1163 /* 1164 * Can return 0 or EINPROGRESS on success. Any other value means failure. 1165 */ 1166 static int 1167 mpssas_map_tm_request(struct mps_softc *sc, struct mps_command *cm) 1168 { 1169 int error; 1170 1171 error = 0; 1172 1173 cm->cm_flags |= MPS_CM_FLAGS_ACTIVE; 1174 error = mps_map_command(sc, cm); 1175 if ((error == 0) 1176 || (error == EINPROGRESS)) 1177 sc->tm_cmds_active++; 1178 1179 return (error); 1180 } 1181 1182 static void 1183 mpssas_issue_tm_request(struct mps_softc *sc, struct mps_command *cm) 1184 { 1185 int freeze_queue, send_command, error; 1186 1187 freeze_queue = 0; 1188 send_command = 0; 1189 error = 0; 1190 1191 mtx_assert(&sc->mps_mtx, MA_OWNED); 1192 1193 /* 1194 * If there are no other pending task management commands, go 1195 * ahead and send this one. There is a small amount of anecdotal 1196 * evidence that sending lots of task management commands at once 1197 * may cause the controller to lock up. Or, if the user has 1198 * configured the driver (via the allow_multiple_tm_cmds variable) to 1199 * not serialize task management commands, go ahead and send the 1200 * command if even other task management commands are pending. 1201 */ 1202 if (TAILQ_FIRST(&sc->tm_list) == NULL) { 1203 send_command = 1; 1204 freeze_queue = 1; 1205 } else if (sc->allow_multiple_tm_cmds != 0) 1206 send_command = 1; 1207 1208 TAILQ_INSERT_TAIL(&sc->tm_list, cm, cm_link); 1209 if (send_command != 0) { 1210 /* 1211 * Freeze the SIM queue while we issue the task management 1212 * command. According to the Fusion-MPT 2.0 spec, task 1213 * management requests are serialized, and so the host 1214 * should not send any I/O requests while task management 1215 * requests are pending. 1216 */ 1217 if (freeze_queue != 0) 1218 xpt_freeze_simq(sc->sassc->sim, 1); 1219 1220 error = mpssas_map_tm_request(sc, cm); 1221 1222 /* 1223 * At present, there is no error path back from 1224 * mpssas_map_tm_request() (which calls mps_map_command()) 1225 * when cm->cm_data == NULL. But since there is a return 1226 * value, we check it just in case the implementation 1227 * changes later. 1228 */ 1229 if ((error != 0) 1230 && (error != EINPROGRESS)) 1231 mpssas_tm_complete(sc, cm, 1232 MPI2_SCSITASKMGMT_RSP_TM_FAILED); 1233 } 1234 } 1235 1236 static void 1237 mpssas_tm_complete(struct mps_softc *sc, struct mps_command *cm, int error) 1238 { 1239 MPI2_SCSI_TASK_MANAGE_REPLY *resp; 1240 1241 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply; 1242 1243 if (resp != NULL) 1244 resp->ResponseCode = error; 1245 1246 /* 1247 * Call the callback for this command, it will be 1248 * removed from the list and freed via the callback. 1249 */ 1250 cm->cm_complete(sc, cm); 1251 } 1252 1253 /* 1254 * Complete a task management request. The basic completion operation will 1255 * always succeed. Returns status for sending any further task management 1256 * commands that were queued. 1257 */ 1258 static int 1259 mpssas_complete_tm_request(struct mps_softc *sc, struct mps_command *cm, 1260 int free_cm) 1261 { 1262 int error; 1263 1264 error = 0; 1265 1266 mtx_assert(&sc->mps_mtx, MA_OWNED); 1267 1268 TAILQ_REMOVE(&sc->tm_list, cm, cm_link); 1269 cm->cm_flags &= ~MPS_CM_FLAGS_ACTIVE; 1270 sc->tm_cmds_active--; 1271 1272 if (free_cm != 0) 1273 mps_free_command(sc, cm); 1274 1275 if (TAILQ_FIRST(&sc->tm_list) == NULL) { 1276 /* 1277 * Release the SIM queue, we froze it when we sent the first 1278 * task management request. 1279 */ 1280 xpt_release_simq(sc->sassc->sim, 1); 1281 } else if ((sc->tm_cmds_active == 0) 1282 || (sc->allow_multiple_tm_cmds != 0)) { 1283 int error; 1284 struct mps_command *cm2; 1285 1286 restart_traversal: 1287 1288 /* 1289 * We don't bother using TAILQ_FOREACH_SAFE here, but 1290 * rather use the standard version and just restart the 1291 * list traversal if we run into the error case. 1292 * TAILQ_FOREACH_SAFE allows safe removal of the current 1293 * list element, but if you have a queue of task management 1294 * commands, all of which have mapping errors, you'll end 1295 * up with recursive calls to this routine and so you could 1296 * wind up removing more than just the current list element. 1297 */ 1298 TAILQ_FOREACH(cm2, &sc->tm_list, cm_link) { 1299 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 1300 1301 /* This command is active, no need to send it again */ 1302 if (cm2->cm_flags & MPS_CM_FLAGS_ACTIVE) 1303 continue; 1304 1305 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm2->cm_req; 1306 1307 mps_printf(sc, "%s: sending deferred task management " 1308 "request for handle %#04x SMID %d\n", __func__, 1309 req->DevHandle, req->TaskMID); 1310 1311 error = mpssas_map_tm_request(sc, cm2); 1312 1313 /* 1314 * Check for errors. If we had an error, complete 1315 * this command with an error, and keep going through 1316 * the list until we are able to send at least one 1317 * command or all of them are completed with errors. 1318 * 1319 * We don't want to wind up in a situation where 1320 * we're stalled out with no way for queued task 1321 * management commands to complete. 1322 * 1323 * Note that there is not currently an error path 1324 * back from mpssas_map_tm_request() (which calls 1325 * mps_map_command()) when cm->cm_data == NULL. 1326 * But we still want to check for errors here in 1327 * case the implementation changes, or in case 1328 * there is some reason for a data payload here. 1329 */ 1330 if ((error != 0) 1331 && (error != EINPROGRESS)) { 1332 mpssas_tm_complete(sc, cm, 1333 MPI2_SCSITASKMGMT_RSP_TM_FAILED); 1334 1335 /* 1336 * If we don't currently have any commands 1337 * active, go back to the beginning and see 1338 * if there are any more that can be started. 1339 * Otherwise, we're done here. 1340 */ 1341 if (sc->tm_cmds_active == 0) 1342 goto restart_traversal; 1343 else 1344 break; 1345 } 1346 1347 /* 1348 * If the user only wants one task management command 1349 * active at a time, we're done, since we've 1350 * already successfully sent a command at this point. 1351 */ 1352 if (sc->allow_multiple_tm_cmds == 0) 1353 break; 1354 } 1355 } 1356 1357 return (error); 1358 } 1359 1360 static void 1361 mpssas_action_scsiio(struct mpssas_softc *sassc, union ccb *ccb) 1362 { 1363 MPI2_SCSI_IO_REQUEST *req; 1364 struct ccb_scsiio *csio; 1365 struct mps_softc *sc; 1366 struct mpssas_target *targ; 1367 struct mps_command *cm; 1368 1369 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__); 1370 1371 sc = sassc->sc; 1372 1373 csio = &ccb->csio; 1374 targ = &sassc->targets[csio->ccb_h.target_id]; 1375 if (targ->handle == 0x0) { 1376 csio->ccb_h.status = CAM_SEL_TIMEOUT; 1377 xpt_done(ccb); 1378 return; 1379 } 1380 1381 cm = mps_alloc_command(sc); 1382 if (cm == NULL) { 1383 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) { 1384 xpt_freeze_simq(sassc->sim, 1); 1385 sassc->flags |= MPSSAS_QUEUE_FROZEN; 1386 } 1387 ccb->ccb_h.status &= ~CAM_SIM_QUEUED; 1388 ccb->ccb_h.status |= CAM_REQUEUE_REQ; 1389 xpt_done(ccb); 1390 return; 1391 } 1392 1393 req = (MPI2_SCSI_IO_REQUEST *)cm->cm_req; 1394 bzero(req, sizeof(*req)); 1395 req->DevHandle = targ->handle; 1396 req->Function = MPI2_FUNCTION_SCSI_IO_REQUEST; 1397 req->MsgFlags = 0; 1398 req->SenseBufferLowAddress = cm->cm_sense_busaddr; 1399 req->SenseBufferLength = MPS_SENSE_LEN; 1400 req->SGLFlags = 0; 1401 req->ChainOffset = 0; 1402 req->SGLOffset0 = 24; /* 32bit word offset to the SGL */ 1403 req->SGLOffset1= 0; 1404 req->SGLOffset2= 0; 1405 req->SGLOffset3= 0; 1406 req->SkipCount = 0; 1407 req->DataLength = csio->dxfer_len; 1408 req->BidirectionalDataLength = 0; 1409 req->IoFlags = csio->cdb_len; 1410 req->EEDPFlags = 0; 1411 1412 /* Note: BiDirectional transfers are not supported */ 1413 switch (csio->ccb_h.flags & CAM_DIR_MASK) { 1414 case CAM_DIR_IN: 1415 req->Control = MPI2_SCSIIO_CONTROL_READ; 1416 cm->cm_flags |= MPS_CM_FLAGS_DATAIN; 1417 break; 1418 case CAM_DIR_OUT: 1419 req->Control = MPI2_SCSIIO_CONTROL_WRITE; 1420 cm->cm_flags |= MPS_CM_FLAGS_DATAOUT; 1421 break; 1422 case CAM_DIR_NONE: 1423 default: 1424 req->Control = MPI2_SCSIIO_CONTROL_NODATATRANSFER; 1425 break; 1426 } 1427 1428 /* 1429 * It looks like the hardware doesn't require an explicit tag 1430 * number for each transaction. SAM Task Management not supported 1431 * at the moment. 1432 */ 1433 switch (csio->tag_action) { 1434 case MSG_HEAD_OF_Q_TAG: 1435 req->Control |= MPI2_SCSIIO_CONTROL_HEADOFQ; 1436 break; 1437 case MSG_ORDERED_Q_TAG: 1438 req->Control |= MPI2_SCSIIO_CONTROL_ORDEREDQ; 1439 break; 1440 case MSG_ACA_TASK: 1441 req->Control |= MPI2_SCSIIO_CONTROL_ACAQ; 1442 break; 1443 case CAM_TAG_ACTION_NONE: 1444 case MSG_SIMPLE_Q_TAG: 1445 default: 1446 req->Control |= MPI2_SCSIIO_CONTROL_SIMPLEQ; 1447 break; 1448 } 1449 1450 if (MPS_SET_LUN(req->LUN, csio->ccb_h.target_lun) != 0) { 1451 mps_free_command(sc, cm); 1452 ccb->ccb_h.status = CAM_LUN_INVALID; 1453 xpt_done(ccb); 1454 return; 1455 } 1456 1457 if (csio->ccb_h.flags & CAM_CDB_POINTER) 1458 bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len); 1459 else 1460 bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len); 1461 req->IoFlags = csio->cdb_len; 1462 1463 /* 1464 * XXX need to handle S/G lists and physical addresses here. 1465 */ 1466 cm->cm_data = csio->data_ptr; 1467 cm->cm_length = csio->dxfer_len; 1468 cm->cm_sge = &req->SGL; 1469 cm->cm_sglsize = (32 - 24) * 4; 1470 cm->cm_desc.SCSIIO.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO; 1471 cm->cm_desc.SCSIIO.DevHandle = targ->handle; 1472 cm->cm_complete = mpssas_scsiio_complete; 1473 cm->cm_complete_data = ccb; 1474 cm->cm_targ = targ; 1475 1476 sc->io_cmds_active++; 1477 if (sc->io_cmds_active > sc->io_cmds_highwater) 1478 sc->io_cmds_highwater = sc->io_cmds_active; 1479 1480 TAILQ_INSERT_TAIL(&sc->io_list, cm, cm_link); 1481 callout_reset(&cm->cm_callout, (ccb->ccb_h.timeout * hz) / 1000, 1482 mpssas_scsiio_timeout, cm); 1483 1484 mps_map_command(sc, cm); 1485 return; 1486 } 1487 1488 static void 1489 mpssas_scsiio_complete(struct mps_softc *sc, struct mps_command *cm) 1490 { 1491 MPI2_SCSI_IO_REPLY *rep; 1492 union ccb *ccb; 1493 struct mpssas_softc *sassc; 1494 int dir = 0; 1495 1496 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 1497 1498 callout_stop(&cm->cm_callout); 1499 TAILQ_REMOVE(&sc->io_list, cm, cm_link); 1500 sc->io_cmds_active--; 1501 1502 sassc = sc->sassc; 1503 ccb = cm->cm_complete_data; 1504 rep = (MPI2_SCSI_IO_REPLY *)cm->cm_reply; 1505 1506 /* 1507 * XXX KDM if the chain allocation fails, does it matter if we do 1508 * the sync and unload here? It is simpler to do it in every case, 1509 * assuming it doesn't cause problems. 1510 */ 1511 if (cm->cm_data != NULL) { 1512 if (cm->cm_flags & MPS_CM_FLAGS_DATAIN) 1513 dir = BUS_DMASYNC_POSTREAD; 1514 else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT) 1515 dir = BUS_DMASYNC_POSTWRITE;; 1516 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir); 1517 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap); 1518 } 1519 1520 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 1521 /* 1522 * We ran into an error after we tried to map the command, 1523 * so we're getting a callback without queueing the command 1524 * to the hardware. So we set the status here, and it will 1525 * be retained below. We'll go through the "fast path", 1526 * because there can be no reply when we haven't actually 1527 * gone out to the hardware. 1528 */ 1529 ccb->ccb_h.status |= CAM_REQUEUE_REQ; 1530 1531 /* 1532 * Currently the only error included in the mask is 1533 * MPS_CM_FLAGS_CHAIN_FAILED, which means we're out of 1534 * chain frames. We need to freeze the queue until we get 1535 * a command that completed without this error, which will 1536 * hopefully have some chain frames attached that we can 1537 * use. If we wanted to get smarter about it, we would 1538 * only unfreeze the queue in this condition when we're 1539 * sure that we're getting some chain frames back. That's 1540 * probably unnecessary. 1541 */ 1542 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) { 1543 xpt_freeze_simq(sassc->sim, 1); 1544 sassc->flags |= MPSSAS_QUEUE_FROZEN; 1545 mps_dprint(sc, MPS_INFO, "Error sending command, " 1546 "freezing SIM queue\n"); 1547 } 1548 } 1549 1550 /* Take the fast path to completion */ 1551 if (cm->cm_reply == NULL) { 1552 if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_INPROG) { 1553 ccb->ccb_h.status = CAM_REQ_CMP; 1554 ccb->csio.scsi_status = SCSI_STATUS_OK; 1555 1556 if (sassc->flags & MPSSAS_QUEUE_FROZEN) { 1557 ccb->ccb_h.status |= CAM_RELEASE_SIMQ; 1558 sassc->flags &= ~MPSSAS_QUEUE_FROZEN; 1559 mps_dprint(sc, MPS_INFO, 1560 "Unfreezing SIM queue\n"); 1561 } 1562 } else { 1563 ccb->ccb_h.status |= CAM_DEV_QFRZN; 1564 xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1); 1565 } 1566 mps_free_command(sc, cm); 1567 xpt_done(ccb); 1568 return; 1569 } 1570 1571 mps_dprint(sc, MPS_INFO, "(%d:%d:%d) IOCStatus= 0x%x, " 1572 "ScsiStatus= 0x%x, SCSIState= 0x%x TransferCount= 0x%x\n", 1573 xpt_path_path_id(ccb->ccb_h.path), 1574 xpt_path_target_id(ccb->ccb_h.path), 1575 xpt_path_lun_id(ccb->ccb_h.path), rep->IOCStatus, 1576 rep->SCSIStatus, rep->SCSIState, rep->TransferCount); 1577 1578 switch (rep->IOCStatus & MPI2_IOCSTATUS_MASK) { 1579 case MPI2_IOCSTATUS_BUSY: 1580 case MPI2_IOCSTATUS_INSUFFICIENT_RESOURCES: 1581 /* 1582 * The controller is overloaded, try waiting a bit for it 1583 * to free up. 1584 */ 1585 ccb->ccb_h.status = CAM_BUSY; 1586 break; 1587 case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN: 1588 ccb->csio.resid = cm->cm_length - rep->TransferCount; 1589 /* FALLTHROUGH */ 1590 case MPI2_IOCSTATUS_SUCCESS: 1591 case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR: 1592 ccb->ccb_h.status = CAM_REQ_CMP; 1593 break; 1594 case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN: 1595 /* resid is ignored for this condition */ 1596 ccb->csio.resid = 0; 1597 ccb->ccb_h.status = CAM_DATA_RUN_ERR; 1598 break; 1599 case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE: 1600 case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE: 1601 ccb->ccb_h.status = CAM_DEV_NOT_THERE; 1602 break; 1603 case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED: 1604 /* 1605 * This is one of the responses that comes back when an I/O 1606 * has been aborted. If it is because of a timeout that we 1607 * initiated, just set the status to CAM_CMD_TIMEOUT. 1608 * Otherwise set it to CAM_REQ_ABORTED. The effect on the 1609 * command is the same (it gets retried, subject to the 1610 * retry counter), the only difference is what gets printed 1611 * on the console. 1612 */ 1613 if (cm->cm_state == MPS_CM_STATE_TIMEDOUT) 1614 ccb->ccb_h.status = CAM_CMD_TIMEOUT; 1615 else 1616 ccb->ccb_h.status = CAM_REQ_ABORTED; 1617 break; 1618 case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED: 1619 case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED: 1620 #if 0 1621 ccb->ccb_h.status = CAM_REQ_ABORTED; 1622 #endif 1623 mps_printf(sc, "(%d:%d:%d) terminated ioc %x scsi %x state %x " 1624 "xfer %u\n", xpt_path_path_id(ccb->ccb_h.path), 1625 xpt_path_target_id(ccb->ccb_h.path), 1626 xpt_path_lun_id(ccb->ccb_h.path), 1627 rep->IOCStatus, rep->SCSIStatus, rep->SCSIState, 1628 rep->TransferCount); 1629 ccb->ccb_h.status = CAM_REQUEUE_REQ; 1630 break; 1631 case MPI2_IOCSTATUS_INVALID_SGL: 1632 mps_print_scsiio_cmd(sc, cm); 1633 ccb->ccb_h.status = CAM_UNREC_HBA_ERROR; 1634 break; 1635 case MPI2_IOCSTATUS_INVALID_FUNCTION: 1636 case MPI2_IOCSTATUS_INTERNAL_ERROR: 1637 case MPI2_IOCSTATUS_INVALID_VPID: 1638 case MPI2_IOCSTATUS_INVALID_FIELD: 1639 case MPI2_IOCSTATUS_INVALID_STATE: 1640 case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED: 1641 case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR: 1642 case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR: 1643 case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH: 1644 case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED: 1645 default: 1646 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 1647 } 1648 1649 1650 if ((rep->SCSIState & MPI2_SCSI_STATE_NO_SCSI_STATUS) == 0) { 1651 ccb->csio.scsi_status = rep->SCSIStatus; 1652 1653 switch (rep->SCSIStatus) { 1654 case MPI2_SCSI_STATUS_TASK_SET_FULL: 1655 case MPI2_SCSI_STATUS_CHECK_CONDITION: 1656 ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR; 1657 break; 1658 case MPI2_SCSI_STATUS_COMMAND_TERMINATED: 1659 case MPI2_SCSI_STATUS_TASK_ABORTED: 1660 ccb->ccb_h.status = CAM_REQ_ABORTED; 1661 break; 1662 case MPI2_SCSI_STATUS_GOOD: 1663 default: 1664 break; 1665 } 1666 } 1667 1668 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) { 1669 int sense_len; 1670 1671 if (rep->SenseCount < ccb->csio.sense_len) 1672 ccb->csio.sense_resid = ccb->csio.sense_len - 1673 rep->SenseCount; 1674 else 1675 ccb->csio.sense_resid = 0; 1676 1677 sense_len = min(rep->SenseCount, ccb->csio.sense_len - 1678 ccb->csio.sense_resid); 1679 bzero(&ccb->csio.sense_data, sizeof(&ccb->csio.sense_data)); 1680 bcopy(cm->cm_sense, &ccb->csio.sense_data, sense_len); 1681 ccb->ccb_h.status |= CAM_AUTOSNS_VALID; 1682 } 1683 1684 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_FAILED) 1685 ccb->ccb_h.status = CAM_AUTOSENSE_FAIL; 1686 1687 if (rep->SCSIState & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) 1688 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 1689 1690 if (sassc->flags & MPSSAS_QUEUE_FROZEN) { 1691 ccb->ccb_h.status |= CAM_RELEASE_SIMQ; 1692 sassc->flags &= ~MPSSAS_QUEUE_FROZEN; 1693 mps_printf(sc, "Command completed, unfreezing SIM queue\n"); 1694 } 1695 if ((ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP) { 1696 ccb->ccb_h.status |= CAM_DEV_QFRZN; 1697 xpt_freeze_devq(ccb->ccb_h.path, /*count*/ 1); 1698 } 1699 mps_free_command(sc, cm); 1700 xpt_done(ccb); 1701 } 1702 1703 #if __FreeBSD_version >= 900026 1704 static void 1705 mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm) 1706 { 1707 MPI2_SMP_PASSTHROUGH_REPLY *rpl; 1708 MPI2_SMP_PASSTHROUGH_REQUEST *req; 1709 uint64_t sasaddr; 1710 union ccb *ccb; 1711 1712 ccb = cm->cm_complete_data; 1713 1714 /* 1715 * Currently there should be no way we can hit this case. It only 1716 * happens when we have a failure to allocate chain frames, and SMP 1717 * commands require two S/G elements only. That should be handled 1718 * in the standard request size. 1719 */ 1720 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 1721 mps_printf(sc, "%s: cm_flags = %#x on SMP request!\n", 1722 __func__, cm->cm_flags); 1723 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 1724 goto bailout; 1725 } 1726 1727 rpl = (MPI2_SMP_PASSTHROUGH_REPLY *)cm->cm_reply; 1728 if (rpl == NULL) { 1729 mps_dprint(sc, MPS_INFO, "%s: NULL cm_reply!\n", __func__); 1730 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 1731 goto bailout; 1732 } 1733 1734 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req; 1735 sasaddr = le32toh(req->SASAddress.Low); 1736 sasaddr |= ((uint64_t)(le32toh(req->SASAddress.High))) << 32; 1737 1738 if ((rpl->IOCStatus & MPI2_IOCSTATUS_MASK) != MPI2_IOCSTATUS_SUCCESS || 1739 rpl->SASStatus != MPI2_SASSTATUS_SUCCESS) { 1740 mps_dprint(sc, MPS_INFO, "%s: IOCStatus %04x SASStatus %02x\n", 1741 __func__, rpl->IOCStatus, rpl->SASStatus); 1742 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 1743 goto bailout; 1744 } 1745 1746 mps_dprint(sc, MPS_INFO, "%s: SMP request to SAS address " 1747 "%#jx completed successfully\n", __func__, 1748 (uintmax_t)sasaddr); 1749 1750 if (ccb->smpio.smp_response[2] == SMP_FR_ACCEPTED) 1751 ccb->ccb_h.status = CAM_REQ_CMP; 1752 else 1753 ccb->ccb_h.status = CAM_SMP_STATUS_ERROR; 1754 1755 bailout: 1756 /* 1757 * We sync in both directions because we had DMAs in the S/G list 1758 * in both directions. 1759 */ 1760 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, 1761 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE); 1762 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap); 1763 mps_free_command(sc, cm); 1764 xpt_done(ccb); 1765 } 1766 1767 static void 1768 mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, uint64_t sasaddr) 1769 { 1770 struct mps_command *cm; 1771 uint8_t *request, *response; 1772 MPI2_SMP_PASSTHROUGH_REQUEST *req; 1773 struct mps_softc *sc; 1774 struct sglist *sg; 1775 int error; 1776 1777 sc = sassc->sc; 1778 sg = NULL; 1779 error = 0; 1780 1781 /* 1782 * XXX We don't yet support physical addresses here. 1783 */ 1784 if (ccb->ccb_h.flags & (CAM_DATA_PHYS|CAM_SG_LIST_PHYS)) { 1785 mps_printf(sc, "%s: physical addresses not supported\n", 1786 __func__); 1787 ccb->ccb_h.status = CAM_REQ_INVALID; 1788 xpt_done(ccb); 1789 return; 1790 } 1791 1792 /* 1793 * If the user wants to send an S/G list, check to make sure they 1794 * have single buffers. 1795 */ 1796 if (ccb->ccb_h.flags & CAM_SCATTER_VALID) { 1797 /* 1798 * The chip does not support more than one buffer for the 1799 * request or response. 1800 */ 1801 if ((ccb->smpio.smp_request_sglist_cnt > 1) 1802 || (ccb->smpio.smp_response_sglist_cnt > 1)) { 1803 mps_printf(sc, "%s: multiple request or response " 1804 "buffer segments not supported for SMP\n", 1805 __func__); 1806 ccb->ccb_h.status = CAM_REQ_INVALID; 1807 xpt_done(ccb); 1808 return; 1809 } 1810 1811 /* 1812 * The CAM_SCATTER_VALID flag was originally implemented 1813 * for the XPT_SCSI_IO CCB, which only has one data pointer. 1814 * We have two. So, just take that flag to mean that we 1815 * might have S/G lists, and look at the S/G segment count 1816 * to figure out whether that is the case for each individual 1817 * buffer. 1818 */ 1819 if (ccb->smpio.smp_request_sglist_cnt != 0) { 1820 bus_dma_segment_t *req_sg; 1821 1822 req_sg = (bus_dma_segment_t *)ccb->smpio.smp_request; 1823 request = (uint8_t *)req_sg[0].ds_addr; 1824 } else 1825 request = ccb->smpio.smp_request; 1826 1827 if (ccb->smpio.smp_response_sglist_cnt != 0) { 1828 bus_dma_segment_t *rsp_sg; 1829 1830 rsp_sg = (bus_dma_segment_t *)ccb->smpio.smp_response; 1831 response = (uint8_t *)rsp_sg[0].ds_addr; 1832 } else 1833 response = ccb->smpio.smp_response; 1834 } else { 1835 request = ccb->smpio.smp_request; 1836 response = ccb->smpio.smp_response; 1837 } 1838 1839 cm = mps_alloc_command(sc); 1840 if (cm == NULL) { 1841 mps_printf(sc, "%s: cannot allocate command\n", __func__); 1842 ccb->ccb_h.status = CAM_RESRC_UNAVAIL; 1843 xpt_done(ccb); 1844 return; 1845 } 1846 1847 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req; 1848 bzero(req, sizeof(*req)); 1849 req->Function = MPI2_FUNCTION_SMP_PASSTHROUGH; 1850 1851 /* Allow the chip to use any route to this SAS address. */ 1852 req->PhysicalPort = 0xff; 1853 1854 req->RequestDataLength = ccb->smpio.smp_request_len; 1855 req->SGLFlags = 1856 MPI2_SGLFLAGS_SYSTEM_ADDRESS_SPACE | MPI2_SGLFLAGS_SGL_TYPE_MPI; 1857 1858 mps_dprint(sc, MPS_INFO, "%s: sending SMP request to SAS " 1859 "address %#jx\n", __func__, (uintmax_t)sasaddr); 1860 1861 mpi_init_sge(cm, req, &req->SGL); 1862 1863 /* 1864 * Set up a uio to pass into mps_map_command(). This allows us to 1865 * do one map command, and one busdma call in there. 1866 */ 1867 cm->cm_uio.uio_iov = cm->cm_iovec; 1868 cm->cm_uio.uio_iovcnt = 2; 1869 cm->cm_uio.uio_segflg = UIO_SYSSPACE; 1870 1871 /* 1872 * The read/write flag isn't used by busdma, but set it just in 1873 * case. This isn't exactly accurate, either, since we're going in 1874 * both directions. 1875 */ 1876 cm->cm_uio.uio_rw = UIO_WRITE; 1877 1878 cm->cm_iovec[0].iov_base = request; 1879 cm->cm_iovec[0].iov_len = req->RequestDataLength; 1880 cm->cm_iovec[1].iov_base = response; 1881 cm->cm_iovec[1].iov_len = ccb->smpio.smp_response_len; 1882 1883 cm->cm_uio.uio_resid = cm->cm_iovec[0].iov_len + 1884 cm->cm_iovec[1].iov_len; 1885 1886 /* 1887 * Trigger a warning message in mps_data_cb() for the user if we 1888 * wind up exceeding two S/G segments. The chip expects one 1889 * segment for the request and another for the response. 1890 */ 1891 cm->cm_max_segs = 2; 1892 1893 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 1894 cm->cm_complete = mpssas_smpio_complete; 1895 cm->cm_complete_data = ccb; 1896 1897 /* 1898 * Tell the mapping code that we're using a uio, and that this is 1899 * an SMP passthrough request. There is a little special-case 1900 * logic there (in mps_data_cb()) to handle the bidirectional 1901 * transfer. 1902 */ 1903 cm->cm_flags |= MPS_CM_FLAGS_USE_UIO | MPS_CM_FLAGS_SMP_PASS | 1904 MPS_CM_FLAGS_DATAIN | MPS_CM_FLAGS_DATAOUT; 1905 1906 /* The chip data format is little endian. */ 1907 req->SASAddress.High = htole32(sasaddr >> 32); 1908 req->SASAddress.Low = htole32(sasaddr); 1909 1910 /* 1911 * XXX Note that we don't have a timeout/abort mechanism here. 1912 * From the manual, it looks like task management requests only 1913 * work for SCSI IO and SATA passthrough requests. We may need to 1914 * have a mechanism to retry requests in the event of a chip reset 1915 * at least. Hopefully the chip will insure that any errors short 1916 * of that are relayed back to the driver. 1917 */ 1918 error = mps_map_command(sc, cm); 1919 if ((error != 0) && (error != EINPROGRESS)) { 1920 mps_printf(sc, "%s: error %d returned from mps_map_command()\n", 1921 __func__, error); 1922 goto bailout_error; 1923 } 1924 1925 return; 1926 1927 bailout_error: 1928 mps_free_command(sc, cm); 1929 ccb->ccb_h.status = CAM_RESRC_UNAVAIL; 1930 xpt_done(ccb); 1931 return; 1932 1933 } 1934 1935 static void 1936 mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb) 1937 { 1938 struct mps_softc *sc; 1939 struct mpssas_target *targ; 1940 uint64_t sasaddr = 0; 1941 1942 sc = sassc->sc; 1943 1944 /* 1945 * Make sure the target exists. 1946 */ 1947 targ = &sassc->targets[ccb->ccb_h.target_id]; 1948 if (targ->handle == 0x0) { 1949 mps_printf(sc, "%s: target %d does not exist!\n", __func__, 1950 ccb->ccb_h.target_id); 1951 ccb->ccb_h.status = CAM_SEL_TIMEOUT; 1952 xpt_done(ccb); 1953 return; 1954 } 1955 1956 /* 1957 * If this device has an embedded SMP target, we'll talk to it 1958 * directly. 1959 * figure out what the expander's address is. 1960 */ 1961 if ((targ->devinfo & MPI2_SAS_DEVICE_INFO_SMP_TARGET) != 0) 1962 sasaddr = targ->sasaddr; 1963 1964 /* 1965 * If we don't have a SAS address for the expander yet, try 1966 * grabbing it from the page 0x83 information cached in the 1967 * transport layer for this target. LSI expanders report the 1968 * expander SAS address as the port-associated SAS address in 1969 * Inquiry VPD page 0x83. Maxim expanders don't report it in page 1970 * 0x83. 1971 * 1972 * XXX KDM disable this for now, but leave it commented out so that 1973 * it is obvious that this is another possible way to get the SAS 1974 * address. 1975 * 1976 * The parent handle method below is a little more reliable, and 1977 * the other benefit is that it works for devices other than SES 1978 * devices. So you can send a SMP request to a da(4) device and it 1979 * will get routed to the expander that device is attached to. 1980 * (Assuming the da(4) device doesn't contain an SMP target...) 1981 */ 1982 #if 0 1983 if (sasaddr == 0) 1984 sasaddr = xpt_path_sas_addr(ccb->ccb_h.path); 1985 #endif 1986 1987 /* 1988 * If we still don't have a SAS address for the expander, look for 1989 * the parent device of this device, which is probably the expander. 1990 */ 1991 if (sasaddr == 0) { 1992 struct mpssas_target *parent_target; 1993 1994 if (targ->parent_handle == 0x0) { 1995 mps_printf(sc, "%s: handle %d does not have a valid " 1996 "parent handle!\n", __func__, targ->handle); 1997 ccb->ccb_h.status = CAM_REQ_INVALID; 1998 goto bailout; 1999 } 2000 parent_target = mpssas_find_target(sassc, 0, 2001 targ->parent_handle); 2002 2003 if (parent_target == NULL) { 2004 mps_printf(sc, "%s: handle %d does not have a valid " 2005 "parent target!\n", __func__, targ->handle); 2006 ccb->ccb_h.status = CAM_REQ_INVALID; 2007 goto bailout; 2008 } 2009 2010 if ((parent_target->devinfo & 2011 MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) { 2012 mps_printf(sc, "%s: handle %d parent %d does not " 2013 "have an SMP target!\n", __func__, 2014 targ->handle, parent_target->handle); 2015 ccb->ccb_h.status = CAM_REQ_INVALID; 2016 goto bailout; 2017 2018 } 2019 2020 sasaddr = parent_target->sasaddr; 2021 } 2022 2023 if (sasaddr == 0) { 2024 mps_printf(sc, "%s: unable to find SAS address for handle %d\n", 2025 __func__, targ->handle); 2026 ccb->ccb_h.status = CAM_REQ_INVALID; 2027 goto bailout; 2028 } 2029 mpssas_send_smpcmd(sassc, ccb, sasaddr); 2030 2031 return; 2032 2033 bailout: 2034 xpt_done(ccb); 2035 2036 } 2037 2038 #endif /* __FreeBSD_version >= 900026 */ 2039 2040 static void 2041 mpssas_action_resetdev(struct mpssas_softc *sassc, union ccb *ccb) 2042 { 2043 struct mps_softc *sc; 2044 struct mps_command *cm; 2045 struct mpssas_target *targ; 2046 2047 sc = sassc->sc; 2048 targ = &sassc->targets[ccb->ccb_h.target_id]; 2049 2050 if (targ->flags & MPSSAS_TARGET_INRECOVERY) { 2051 ccb->ccb_h.status = CAM_RESRC_UNAVAIL; 2052 xpt_done(ccb); 2053 return; 2054 } 2055 2056 cm = mps_alloc_command(sc); 2057 if (cm == NULL) { 2058 mps_printf(sc, "%s: cannot alloc command\n", __func__); 2059 ccb->ccb_h.status = CAM_RESRC_UNAVAIL; 2060 xpt_done(ccb); 2061 return; 2062 } 2063 2064 cm->cm_targ = targ; 2065 cm->cm_complete = mpssas_resetdev_complete; 2066 cm->cm_complete_data = ccb; 2067 2068 mpssas_resetdev(sassc, cm); 2069 } 2070 2071 static void 2072 mpssas_resetdev(struct mpssas_softc *sassc, struct mps_command *cm) 2073 { 2074 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 2075 struct mps_softc *sc; 2076 2077 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__); 2078 2079 sc = sassc->sc; 2080 2081 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 2082 req->DevHandle = cm->cm_targ->handle; 2083 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT; 2084 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET; 2085 2086 /* SAS Hard Link Reset / SATA Link Reset */ 2087 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET; 2088 2089 cm->cm_data = NULL; 2090 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 2091 2092 mpssas_issue_tm_request(sc, cm); 2093 } 2094 2095 static void 2096 mpssas_resetdev_complete(struct mps_softc *sc, struct mps_command *cm) 2097 { 2098 MPI2_SCSI_TASK_MANAGE_REPLY *resp; 2099 union ccb *ccb; 2100 2101 mps_dprint(sc, MPS_TRACE, "%s\n", __func__); 2102 2103 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply; 2104 ccb = cm->cm_complete_data; 2105 2106 if ((cm->cm_flags & MPS_CM_FLAGS_ERROR_MASK) != 0) { 2107 MPI2_SCSI_TASK_MANAGE_REQUEST *req; 2108 2109 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 2110 2111 mps_printf(sc, "%s: cm_flags = %#x for reset of handle %#04x! " 2112 "This should not happen!\n", __func__, cm->cm_flags, 2113 req->DevHandle); 2114 2115 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 2116 goto bailout; 2117 } 2118 2119 printf("resetdev complete IOCStatus= 0x%x ResponseCode= 0x%x\n", 2120 resp->IOCStatus, resp->ResponseCode); 2121 2122 if (resp->ResponseCode == MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) 2123 ccb->ccb_h.status = CAM_REQ_CMP; 2124 else 2125 ccb->ccb_h.status = CAM_REQ_CMP_ERR; 2126 2127 bailout: 2128 mpssas_complete_tm_request(sc, cm, /*free_cm*/ 1); 2129 2130 xpt_done(ccb); 2131 } 2132 2133 static void 2134 mpssas_poll(struct cam_sim *sim) 2135 { 2136 struct mpssas_softc *sassc; 2137 2138 sassc = cam_sim_softc(sim); 2139 mps_intr_locked(sassc->sc); 2140 } 2141 2142 static void 2143 mpssas_freeze_device(struct mpssas_softc *sassc, struct mpssas_target *targ) 2144 { 2145 } 2146 2147 static void 2148 mpssas_unfreeze_device(struct mpssas_softc *sassc, struct mpssas_target *targ) 2149 { 2150 } 2151 2152