1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright (c) 2016 The MathWorks, Inc. All rights reserved. 14 * Copyright 2020 Joyent, Inc. 15 * Copyright 2020 Racktop Systems. 16 * Copyright 2022 Oxide Computer Company. 17 * Copyright 2022 OmniOS Community Edition (OmniOSce) Association. 18 * Copyright 2022 Tintri by DDN, Inc. All rights reserved. 19 */ 20 21 /* 22 * blkdev driver for NVMe compliant storage devices 23 * 24 * This driver targets and is designed to support all NVMe 1.x devices. 25 * Features are added to the driver as we encounter devices that require them 26 * and our needs, so some commands or log pages may not take advantage of newer 27 * features that devices support at this time. When you encounter such a case, 28 * it is generally fine to add that support to the driver as long as you take 29 * care to ensure that the requisite device version is met before using it. 30 * 31 * The driver has only been tested on x86 systems and will not work on big- 32 * endian systems without changes to the code accessing registers and data 33 * structures used by the hardware. 34 * 35 * 36 * Interrupt Usage: 37 * 38 * The driver will use a single interrupt while configuring the device as the 39 * specification requires, but contrary to the specification it will try to use 40 * a single-message MSI(-X) or FIXED interrupt. Later in the attach process it 41 * will switch to multiple-message MSI(-X) if supported. The driver wants to 42 * have one interrupt vector per CPU, but it will work correctly if less are 43 * available. Interrupts can be shared by queues, the interrupt handler will 44 * iterate through the I/O queue array by steps of n_intr_cnt. Usually only 45 * the admin queue will share an interrupt with one I/O queue. The interrupt 46 * handler will retrieve completed commands from all queues sharing an interrupt 47 * vector and will post them to a taskq for completion processing. 48 * 49 * 50 * Command Processing: 51 * 52 * NVMe devices can have up to 65535 I/O queue pairs, with each queue holding up 53 * to 65536 I/O commands. The driver will configure one I/O queue pair per 54 * available interrupt vector, with the queue length usually much smaller than 55 * the maximum of 65536. If the hardware doesn't provide enough queues, fewer 56 * interrupt vectors will be used. 57 * 58 * Additionally the hardware provides a single special admin queue pair that can 59 * hold up to 4096 admin commands. 60 * 61 * From the hardware perspective both queues of a queue pair are independent, 62 * but they share some driver state: the command array (holding pointers to 63 * commands currently being processed by the hardware) and the active command 64 * counter. Access to a submission queue and the shared state is protected by 65 * nq_mutex; completion queue is protected by ncq_mutex. 66 * 67 * When a command is submitted to a queue pair the active command counter is 68 * incremented and a pointer to the command is stored in the command array. The 69 * array index is used as command identifier (CID) in the submission queue 70 * entry. Some commands may take a very long time to complete, and if the queue 71 * wraps around in that time a submission may find the next array slot to still 72 * be used by a long-running command. In this case the array is sequentially 73 * searched for the next free slot. The length of the command array is the same 74 * as the configured queue length. Queue overrun is prevented by the semaphore, 75 * so a command submission may block if the queue is full. 76 * 77 * 78 * Polled I/O Support: 79 * 80 * For kernel core dump support the driver can do polled I/O. As interrupts are 81 * turned off while dumping the driver will just submit a command in the regular 82 * way, and then repeatedly attempt a command retrieval until it gets the 83 * command back. 84 * 85 * 86 * Namespace Support: 87 * 88 * NVMe devices can have multiple namespaces, each being a independent data 89 * store. The driver supports multiple namespaces and creates a blkdev interface 90 * for each namespace found. Namespaces can have various attributes to support 91 * protection information. This driver does not support any of this and ignores 92 * namespaces that have these attributes. 93 * 94 * As of NVMe 1.1 namespaces can have an 64bit Extended Unique Identifier 95 * (EUI64). This driver uses the EUI64 if present to generate the devid and 96 * passes it to blkdev to use it in the device node names. As this is currently 97 * untested namespaces with EUI64 are ignored by default. 98 * 99 * We currently support only (2 << NVME_MINOR_INST_SHIFT) - 2 namespaces in a 100 * single controller. This is an artificial limit imposed by the driver to be 101 * able to address a reasonable number of controllers and namespaces using a 102 * 32bit minor node number. 103 * 104 * 105 * Minor nodes: 106 * 107 * For each NVMe device the driver exposes one minor node for the controller and 108 * one minor node for each namespace. The only operations supported by those 109 * minor nodes are open(9E), close(9E), and ioctl(9E). This serves as the 110 * interface for the nvmeadm(8) utility. 111 * 112 * Exclusive opens are required for certain ioctl(9E) operations that alter 113 * controller and/or namespace state. While different namespaces may be opened 114 * exclusively in parallel, an exclusive open of the controller minor node 115 * requires that no namespaces are currently open (exclusive or otherwise). 116 * Opening any namespace minor node (exclusive or otherwise) will fail while 117 * the controller minor node is opened exclusively by any other thread. Thus it 118 * is possible for one thread at a time to open the controller minor node 119 * exclusively, and keep it open while opening any namespace minor node of the 120 * same controller, exclusively or otherwise. 121 * 122 * 123 * 124 * Blkdev Interface: 125 * 126 * This driver uses blkdev to do all the heavy lifting involved with presenting 127 * a disk device to the system. As a result, the processing of I/O requests is 128 * relatively simple as blkdev takes care of partitioning, boundary checks, DMA 129 * setup, and splitting of transfers into manageable chunks. 130 * 131 * I/O requests coming in from blkdev are turned into NVM commands and posted to 132 * an I/O queue. The queue is selected by taking the CPU id modulo the number of 133 * queues. There is currently no timeout handling of I/O commands. 134 * 135 * Blkdev also supports querying device/media information and generating a 136 * devid. The driver reports the best block size as determined by the namespace 137 * format back to blkdev as physical block size to support partition and block 138 * alignment. The devid is either based on the namespace EUI64, if present, or 139 * composed using the device vendor ID, model number, serial number, and the 140 * namespace ID. 141 * 142 * 143 * Error Handling: 144 * 145 * Error handling is currently limited to detecting fatal hardware errors, 146 * either by asynchronous events, or synchronously through command status or 147 * admin command timeouts. In case of severe errors the device is fenced off, 148 * all further requests will return EIO. FMA is then called to fault the device. 149 * 150 * The hardware has a limit for outstanding asynchronous event requests. Before 151 * this limit is known the driver assumes it is at least 1 and posts a single 152 * asynchronous request. Later when the limit is known more asynchronous event 153 * requests are posted to allow quicker reception of error information. When an 154 * asynchronous event is posted by the hardware the driver will parse the error 155 * status fields and log information or fault the device, depending on the 156 * severity of the asynchronous event. The asynchronous event request is then 157 * reused and posted to the admin queue again. 158 * 159 * On command completion the command status is checked for errors. In case of 160 * errors indicating a driver bug the driver panics. Almost all other error 161 * status values just cause EIO to be returned. 162 * 163 * Command timeouts are currently detected for all admin commands except 164 * asynchronous event requests. If a command times out and the hardware appears 165 * to be healthy the driver attempts to abort the command. The original command 166 * timeout is also applied to the abort command. If the abort times out too the 167 * driver assumes the device to be dead, fences it off, and calls FMA to retire 168 * it. In all other cases the aborted command should return immediately with a 169 * status indicating it was aborted, and the driver will wait indefinitely for 170 * that to happen. No timeout handling of normal I/O commands is presently done. 171 * 172 * Any command that times out due to the controller dropping dead will be put on 173 * nvme_lost_cmds list if it references DMA memory. This will prevent the DMA 174 * memory being reused by the system and later be written to by a "dead" NVMe 175 * controller. 176 * 177 * 178 * Locking: 179 * 180 * Each queue pair has a nq_mutex and ncq_mutex. The nq_mutex must be held 181 * when accessing shared state and submission queue registers, ncq_mutex 182 * is held when accessing completion queue state and registers. 183 * Callers of nvme_unqueue_cmd() must make sure that nq_mutex is held, while 184 * nvme_submit_{admin,io}_cmd() and nvme_retrieve_cmd() take care of both 185 * mutexes themselves. 186 * 187 * Each command also has its own nc_mutex, which is associated with the 188 * condition variable nc_cv. It is only used on admin commands which are run 189 * synchronously. In that case it must be held across calls to 190 * nvme_submit_{admin,io}_cmd() and nvme_wait_cmd(), which is taken care of by 191 * nvme_admin_cmd(). It must also be held whenever the completion state of the 192 * command is changed or while a admin command timeout is handled. 193 * 194 * If both nc_mutex and nq_mutex must be held, nc_mutex must be acquired first. 195 * More than one nc_mutex may only be held when aborting commands. In this case, 196 * the nc_mutex of the command to be aborted must be held across the call to 197 * nvme_abort_cmd() to prevent the command from completing while the abort is in 198 * progress. 199 * 200 * If both nq_mutex and ncq_mutex need to be held, ncq_mutex must be 201 * acquired first. More than one nq_mutex is never held by a single thread. 202 * The ncq_mutex is only held by nvme_retrieve_cmd() and 203 * nvme_process_iocq(). nvme_process_iocq() is only called from the 204 * interrupt thread and nvme_retrieve_cmd() during polled I/O, so the 205 * mutex is non-contentious but is required for implementation completeness 206 * and safety. 207 * 208 * There is one mutex n_minor_mutex which protects all open flags nm_open and 209 * exclusive-open thread pointers nm_oexcl of each minor node associated with a 210 * controller and its namespaces. 211 * 212 * 213 * Quiesce / Fast Reboot: 214 * 215 * The driver currently does not support fast reboot. A quiesce(9E) entry point 216 * is still provided which is used to send a shutdown notification to the 217 * device. 218 * 219 * 220 * NVMe Hotplug: 221 * 222 * The driver supports hot removal. The driver uses the NDI event framework 223 * to register a callback, nvme_remove_callback, to clean up when a disk is 224 * removed. In particular, the driver will unqueue outstanding I/O commands and 225 * set n_dead on the softstate to true so that other operations, such as ioctls 226 * and command submissions, fail as well. 227 * 228 * While the callback registration relies on the NDI event framework, the 229 * removal event itself is kicked off in the PCIe hotplug framework, when the 230 * PCIe bridge driver ("pcieb") gets a hotplug interrupt indicating that a 231 * device was removed from the slot. 232 * 233 * The NVMe driver instance itself will remain until the final close of the 234 * device. 235 * 236 * 237 * DDI UFM Support 238 * 239 * The driver supports the DDI UFM framework for reporting information about 240 * the device's firmware image and slot configuration. This data can be 241 * queried by userland software via ioctls to the ufm driver. For more 242 * information, see ddi_ufm(9E). 243 * 244 * 245 * Driver Configuration: 246 * 247 * The following driver properties can be changed to control some aspects of the 248 * drivers operation: 249 * - strict-version: can be set to 0 to allow devices conforming to newer 250 * major versions to be used 251 * - ignore-unknown-vendor-status: can be set to 1 to not handle any vendor 252 * specific command status as a fatal error leading device faulting 253 * - admin-queue-len: the maximum length of the admin queue (16-4096) 254 * - io-squeue-len: the maximum length of the I/O submission queues (16-65536) 255 * - io-cqueue-len: the maximum length of the I/O completion queues (16-65536) 256 * - async-event-limit: the maximum number of asynchronous event requests to be 257 * posted by the driver 258 * - volatile-write-cache-enable: can be set to 0 to disable the volatile write 259 * cache 260 * - min-phys-block-size: the minimum physical block size to report to blkdev, 261 * which is among other things the basis for ZFS vdev ashift 262 * - max-submission-queues: the maximum number of I/O submission queues. 263 * - max-completion-queues: the maximum number of I/O completion queues, 264 * can be less than max-submission-queues, in which case the completion 265 * queues are shared. 266 * 267 * 268 * TODO: 269 * - figure out sane default for I/O queue depth reported to blkdev 270 * - FMA handling of media errors 271 * - support for devices supporting very large I/O requests using chained PRPs 272 * - support for configuring hardware parameters like interrupt coalescing 273 * - support for media formatting and hard partitioning into namespaces 274 * - support for big-endian systems 275 * - support for fast reboot 276 * - support for NVMe Subsystem Reset (1.1) 277 * - support for Scatter/Gather lists (1.1) 278 * - support for Reservations (1.1) 279 * - support for power management 280 */ 281 282 #include <sys/byteorder.h> 283 #ifdef _BIG_ENDIAN 284 #error nvme driver needs porting for big-endian platforms 285 #endif 286 287 #include <sys/modctl.h> 288 #include <sys/conf.h> 289 #include <sys/devops.h> 290 #include <sys/ddi.h> 291 #include <sys/ddi_ufm.h> 292 #include <sys/sunddi.h> 293 #include <sys/sunndi.h> 294 #include <sys/bitmap.h> 295 #include <sys/sysmacros.h> 296 #include <sys/param.h> 297 #include <sys/varargs.h> 298 #include <sys/cpuvar.h> 299 #include <sys/disp.h> 300 #include <sys/blkdev.h> 301 #include <sys/atomic.h> 302 #include <sys/archsystm.h> 303 #include <sys/sata/sata_hba.h> 304 #include <sys/stat.h> 305 #include <sys/policy.h> 306 #include <sys/list.h> 307 #include <sys/dkio.h> 308 309 #include <sys/nvme.h> 310 311 #ifdef __x86 312 #include <sys/x86_archext.h> 313 #endif 314 315 #include "nvme_reg.h" 316 #include "nvme_var.h" 317 318 /* 319 * Assertions to make sure that we've properly captured various aspects of the 320 * packed structures and haven't broken them during updates. 321 */ 322 CTASSERT(sizeof (nvme_identify_ctrl_t) == 0x1000); 323 CTASSERT(offsetof(nvme_identify_ctrl_t, id_oacs) == 256); 324 CTASSERT(offsetof(nvme_identify_ctrl_t, id_sqes) == 512); 325 CTASSERT(offsetof(nvme_identify_ctrl_t, id_oncs) == 520); 326 CTASSERT(offsetof(nvme_identify_ctrl_t, id_subnqn) == 768); 327 CTASSERT(offsetof(nvme_identify_ctrl_t, id_nvmof) == 1792); 328 CTASSERT(offsetof(nvme_identify_ctrl_t, id_psd) == 2048); 329 CTASSERT(offsetof(nvme_identify_ctrl_t, id_vs) == 3072); 330 331 CTASSERT(sizeof (nvme_identify_nsid_t) == 0x1000); 332 CTASSERT(offsetof(nvme_identify_nsid_t, id_fpi) == 32); 333 CTASSERT(offsetof(nvme_identify_nsid_t, id_anagrpid) == 92); 334 CTASSERT(offsetof(nvme_identify_nsid_t, id_nguid) == 104); 335 CTASSERT(offsetof(nvme_identify_nsid_t, id_lbaf) == 128); 336 CTASSERT(offsetof(nvme_identify_nsid_t, id_vs) == 384); 337 338 CTASSERT(sizeof (nvme_identify_primary_caps_t) == 0x1000); 339 CTASSERT(offsetof(nvme_identify_primary_caps_t, nipc_vqfrt) == 32); 340 CTASSERT(offsetof(nvme_identify_primary_caps_t, nipc_vifrt) == 64); 341 342 343 /* NVMe spec version supported */ 344 static const int nvme_version_major = 1; 345 346 /* tunable for admin command timeout in seconds, default is 1s */ 347 int nvme_admin_cmd_timeout = 1; 348 349 /* tunable for FORMAT NVM command timeout in seconds, default is 600s */ 350 int nvme_format_cmd_timeout = 600; 351 352 /* tunable for firmware commit with NVME_FWC_SAVE, default is 15s */ 353 int nvme_commit_save_cmd_timeout = 15; 354 355 /* 356 * tunable for the size of arbitrary vendor specific admin commands, 357 * default is 16MiB. 358 */ 359 uint32_t nvme_vendor_specific_admin_cmd_size = 1 << 24; 360 361 /* 362 * tunable for the max timeout of arbitary vendor specific admin commands, 363 * default is 60s. 364 */ 365 uint_t nvme_vendor_specific_admin_cmd_max_timeout = 60; 366 367 static int nvme_attach(dev_info_t *, ddi_attach_cmd_t); 368 static int nvme_detach(dev_info_t *, ddi_detach_cmd_t); 369 static int nvme_quiesce(dev_info_t *); 370 static int nvme_fm_errcb(dev_info_t *, ddi_fm_error_t *, const void *); 371 static int nvme_setup_interrupts(nvme_t *, int, int); 372 static void nvme_release_interrupts(nvme_t *); 373 static uint_t nvme_intr(caddr_t, caddr_t); 374 375 static void nvme_shutdown(nvme_t *, int, boolean_t); 376 static boolean_t nvme_reset(nvme_t *, boolean_t); 377 static int nvme_init(nvme_t *); 378 static nvme_cmd_t *nvme_alloc_cmd(nvme_t *, int); 379 static void nvme_free_cmd(nvme_cmd_t *); 380 static nvme_cmd_t *nvme_create_nvm_cmd(nvme_namespace_t *, uint8_t, 381 bd_xfer_t *); 382 static void nvme_admin_cmd(nvme_cmd_t *, int); 383 static void nvme_submit_admin_cmd(nvme_qpair_t *, nvme_cmd_t *); 384 static int nvme_submit_io_cmd(nvme_qpair_t *, nvme_cmd_t *); 385 static void nvme_submit_cmd_common(nvme_qpair_t *, nvme_cmd_t *); 386 static nvme_cmd_t *nvme_unqueue_cmd(nvme_t *, nvme_qpair_t *, int); 387 static nvme_cmd_t *nvme_retrieve_cmd(nvme_t *, nvme_qpair_t *); 388 static void nvme_wait_cmd(nvme_cmd_t *, uint_t); 389 static void nvme_wakeup_cmd(void *); 390 static void nvme_async_event_task(void *); 391 392 static int nvme_check_unknown_cmd_status(nvme_cmd_t *); 393 static int nvme_check_vendor_cmd_status(nvme_cmd_t *); 394 static int nvme_check_integrity_cmd_status(nvme_cmd_t *); 395 static int nvme_check_specific_cmd_status(nvme_cmd_t *); 396 static int nvme_check_generic_cmd_status(nvme_cmd_t *); 397 static inline int nvme_check_cmd_status(nvme_cmd_t *); 398 399 static int nvme_abort_cmd(nvme_cmd_t *, uint_t); 400 static void nvme_async_event(nvme_t *); 401 static int nvme_format_nvm(nvme_t *, boolean_t, uint32_t, uint8_t, boolean_t, 402 uint8_t, boolean_t, uint8_t); 403 static int nvme_get_logpage(nvme_t *, boolean_t, void **, size_t *, uint8_t, 404 ...); 405 static int nvme_identify(nvme_t *, boolean_t, uint32_t, void **); 406 static int nvme_set_features(nvme_t *, boolean_t, uint32_t, uint8_t, uint32_t, 407 uint32_t *); 408 static int nvme_get_features(nvme_t *, boolean_t, uint32_t, uint8_t, uint32_t *, 409 void **, size_t *); 410 static int nvme_write_cache_set(nvme_t *, boolean_t); 411 static int nvme_set_nqueues(nvme_t *); 412 413 static void nvme_free_dma(nvme_dma_t *); 414 static int nvme_zalloc_dma(nvme_t *, size_t, uint_t, ddi_dma_attr_t *, 415 nvme_dma_t **); 416 static int nvme_zalloc_queue_dma(nvme_t *, uint32_t, uint16_t, uint_t, 417 nvme_dma_t **); 418 static void nvme_free_qpair(nvme_qpair_t *); 419 static int nvme_alloc_qpair(nvme_t *, uint32_t, nvme_qpair_t **, uint_t); 420 static int nvme_create_io_qpair(nvme_t *, nvme_qpair_t *, uint16_t); 421 422 static inline void nvme_put64(nvme_t *, uintptr_t, uint64_t); 423 static inline void nvme_put32(nvme_t *, uintptr_t, uint32_t); 424 static inline uint64_t nvme_get64(nvme_t *, uintptr_t); 425 static inline uint32_t nvme_get32(nvme_t *, uintptr_t); 426 427 static boolean_t nvme_check_regs_hdl(nvme_t *); 428 static boolean_t nvme_check_dma_hdl(nvme_dma_t *); 429 430 static int nvme_fill_prp(nvme_cmd_t *, ddi_dma_handle_t); 431 432 static void nvme_bd_xfer_done(void *); 433 static void nvme_bd_driveinfo(void *, bd_drive_t *); 434 static int nvme_bd_mediainfo(void *, bd_media_t *); 435 static int nvme_bd_cmd(nvme_namespace_t *, bd_xfer_t *, uint8_t); 436 static int nvme_bd_read(void *, bd_xfer_t *); 437 static int nvme_bd_write(void *, bd_xfer_t *); 438 static int nvme_bd_sync(void *, bd_xfer_t *); 439 static int nvme_bd_devid(void *, dev_info_t *, ddi_devid_t *); 440 static int nvme_bd_free_space(void *, bd_xfer_t *); 441 442 static int nvme_prp_dma_constructor(void *, void *, int); 443 static void nvme_prp_dma_destructor(void *, void *); 444 445 static void nvme_prepare_devid(nvme_t *, uint32_t); 446 447 /* DDI UFM callbacks */ 448 static int nvme_ufm_fill_image(ddi_ufm_handle_t *, void *, uint_t, 449 ddi_ufm_image_t *); 450 static int nvme_ufm_fill_slot(ddi_ufm_handle_t *, void *, uint_t, uint_t, 451 ddi_ufm_slot_t *); 452 static int nvme_ufm_getcaps(ddi_ufm_handle_t *, void *, ddi_ufm_cap_t *); 453 454 static int nvme_open(dev_t *, int, int, cred_t *); 455 static int nvme_close(dev_t, int, int, cred_t *); 456 static int nvme_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); 457 458 static void nvme_changed_ns(nvme_t *, int); 459 460 static ddi_ufm_ops_t nvme_ufm_ops = { 461 NULL, 462 nvme_ufm_fill_image, 463 nvme_ufm_fill_slot, 464 nvme_ufm_getcaps 465 }; 466 467 #define NVME_MINOR_INST_SHIFT 9 468 #define NVME_MINOR(inst, nsid) (((inst) << NVME_MINOR_INST_SHIFT) | (nsid)) 469 #define NVME_MINOR_INST(minor) ((minor) >> NVME_MINOR_INST_SHIFT) 470 #define NVME_MINOR_NSID(minor) ((minor) & ((1 << NVME_MINOR_INST_SHIFT) - 1)) 471 #define NVME_MINOR_MAX (NVME_MINOR(1, 0) - 2) 472 #define NVME_IS_VENDOR_SPECIFIC_CMD(x) (((x) >= 0xC0) && ((x) <= 0xFF)) 473 #define NVME_VENDOR_SPECIFIC_LOGPAGE_MIN 0xC0 474 #define NVME_VENDOR_SPECIFIC_LOGPAGE_MAX 0xFF 475 #define NVME_IS_VENDOR_SPECIFIC_LOGPAGE(x) \ 476 (((x) >= NVME_VENDOR_SPECIFIC_LOGPAGE_MIN) && \ 477 ((x) <= NVME_VENDOR_SPECIFIC_LOGPAGE_MAX)) 478 479 /* 480 * NVMe versions 1.3 and later actually support log pages up to UINT32_MAX 481 * DWords in size. However, revision 1.3 also modified the layout of the Get Log 482 * Page command significantly relative to version 1.2, including changing 483 * reserved bits, adding new bitfields, and requiring the use of command DWord 484 * 11 to fully specify the size of the log page (the lower and upper 16 bits of 485 * the number of DWords in the page are split between DWord 10 and DWord 11, 486 * respectively). 487 * 488 * All of these impose significantly different layout requirements on the 489 * `nvme_getlogpage_t` type. This could be solved with two different types, or a 490 * complicated/nested union with the two versions as the overlying members. Both 491 * of these are reasonable, if a bit convoluted. However, these is no current 492 * need for such large pages, or a way to test them, as most log pages actually 493 * fit within the current size limit. So for simplicity, we retain the size cap 494 * from version 1.2. 495 * 496 * Note that the number of DWords is zero-based, so we add 1. It is subtracted 497 * to form a zero-based value in `nvme_get_logpage`. 498 */ 499 #define NVME_VENDOR_SPECIFIC_LOGPAGE_MAX_SIZE \ 500 (((1 << 12) + 1) * sizeof (uint32_t)) 501 502 static void *nvme_state; 503 static kmem_cache_t *nvme_cmd_cache; 504 505 /* 506 * DMA attributes for queue DMA memory 507 * 508 * Queue DMA memory must be page aligned. The maximum length of a queue is 509 * 65536 entries, and an entry can be 64 bytes long. 510 */ 511 static ddi_dma_attr_t nvme_queue_dma_attr = { 512 .dma_attr_version = DMA_ATTR_V0, 513 .dma_attr_addr_lo = 0, 514 .dma_attr_addr_hi = 0xffffffffffffffffULL, 515 .dma_attr_count_max = (UINT16_MAX + 1) * sizeof (nvme_sqe_t) - 1, 516 .dma_attr_align = 0x1000, 517 .dma_attr_burstsizes = 0x7ff, 518 .dma_attr_minxfer = 0x1000, 519 .dma_attr_maxxfer = (UINT16_MAX + 1) * sizeof (nvme_sqe_t), 520 .dma_attr_seg = 0xffffffffffffffffULL, 521 .dma_attr_sgllen = 1, 522 .dma_attr_granular = 1, 523 .dma_attr_flags = 0, 524 }; 525 526 /* 527 * DMA attributes for transfers using Physical Region Page (PRP) entries 528 * 529 * A PRP entry describes one page of DMA memory using the page size specified 530 * in the controller configuration's memory page size register (CC.MPS). It uses 531 * a 64bit base address aligned to this page size. There is no limitation on 532 * chaining PRPs together for arbitrarily large DMA transfers. 533 */ 534 static ddi_dma_attr_t nvme_prp_dma_attr = { 535 .dma_attr_version = DMA_ATTR_V0, 536 .dma_attr_addr_lo = 0, 537 .dma_attr_addr_hi = 0xffffffffffffffffULL, 538 .dma_attr_count_max = 0xfff, 539 .dma_attr_align = 0x1000, 540 .dma_attr_burstsizes = 0x7ff, 541 .dma_attr_minxfer = 0x1000, 542 .dma_attr_maxxfer = 0x1000, 543 .dma_attr_seg = 0xfff, 544 .dma_attr_sgllen = -1, 545 .dma_attr_granular = 1, 546 .dma_attr_flags = 0, 547 }; 548 549 /* 550 * DMA attributes for transfers using scatter/gather lists 551 * 552 * A SGL entry describes a chunk of DMA memory using a 64bit base address and a 553 * 32bit length field. SGL Segment and SGL Last Segment entries require the 554 * length to be a multiple of 16 bytes. 555 */ 556 static ddi_dma_attr_t nvme_sgl_dma_attr = { 557 .dma_attr_version = DMA_ATTR_V0, 558 .dma_attr_addr_lo = 0, 559 .dma_attr_addr_hi = 0xffffffffffffffffULL, 560 .dma_attr_count_max = 0xffffffffUL, 561 .dma_attr_align = 1, 562 .dma_attr_burstsizes = 0x7ff, 563 .dma_attr_minxfer = 0x10, 564 .dma_attr_maxxfer = 0xfffffffffULL, 565 .dma_attr_seg = 0xffffffffffffffffULL, 566 .dma_attr_sgllen = -1, 567 .dma_attr_granular = 0x10, 568 .dma_attr_flags = 0 569 }; 570 571 static ddi_device_acc_attr_t nvme_reg_acc_attr = { 572 .devacc_attr_version = DDI_DEVICE_ATTR_V0, 573 .devacc_attr_endian_flags = DDI_STRUCTURE_LE_ACC, 574 .devacc_attr_dataorder = DDI_STRICTORDER_ACC 575 }; 576 577 static struct cb_ops nvme_cb_ops = { 578 .cb_open = nvme_open, 579 .cb_close = nvme_close, 580 .cb_strategy = nodev, 581 .cb_print = nodev, 582 .cb_dump = nodev, 583 .cb_read = nodev, 584 .cb_write = nodev, 585 .cb_ioctl = nvme_ioctl, 586 .cb_devmap = nodev, 587 .cb_mmap = nodev, 588 .cb_segmap = nodev, 589 .cb_chpoll = nochpoll, 590 .cb_prop_op = ddi_prop_op, 591 .cb_str = 0, 592 .cb_flag = D_NEW | D_MP, 593 .cb_rev = CB_REV, 594 .cb_aread = nodev, 595 .cb_awrite = nodev 596 }; 597 598 static struct dev_ops nvme_dev_ops = { 599 .devo_rev = DEVO_REV, 600 .devo_refcnt = 0, 601 .devo_getinfo = ddi_no_info, 602 .devo_identify = nulldev, 603 .devo_probe = nulldev, 604 .devo_attach = nvme_attach, 605 .devo_detach = nvme_detach, 606 .devo_reset = nodev, 607 .devo_cb_ops = &nvme_cb_ops, 608 .devo_bus_ops = NULL, 609 .devo_power = NULL, 610 .devo_quiesce = nvme_quiesce, 611 }; 612 613 static struct modldrv nvme_modldrv = { 614 .drv_modops = &mod_driverops, 615 .drv_linkinfo = "NVMe v1.1b", 616 .drv_dev_ops = &nvme_dev_ops 617 }; 618 619 static struct modlinkage nvme_modlinkage = { 620 .ml_rev = MODREV_1, 621 .ml_linkage = { &nvme_modldrv, NULL } 622 }; 623 624 static bd_ops_t nvme_bd_ops = { 625 .o_version = BD_OPS_CURRENT_VERSION, 626 .o_drive_info = nvme_bd_driveinfo, 627 .o_media_info = nvme_bd_mediainfo, 628 .o_devid_init = nvme_bd_devid, 629 .o_sync_cache = nvme_bd_sync, 630 .o_read = nvme_bd_read, 631 .o_write = nvme_bd_write, 632 .o_free_space = nvme_bd_free_space, 633 }; 634 635 /* 636 * This list will hold commands that have timed out and couldn't be aborted. 637 * As we don't know what the hardware may still do with the DMA memory we can't 638 * free them, so we'll keep them forever on this list where we can easily look 639 * at them with mdb. 640 */ 641 static struct list nvme_lost_cmds; 642 static kmutex_t nvme_lc_mutex; 643 644 int 645 _init(void) 646 { 647 int error; 648 649 error = ddi_soft_state_init(&nvme_state, sizeof (nvme_t), 1); 650 if (error != DDI_SUCCESS) 651 return (error); 652 653 nvme_cmd_cache = kmem_cache_create("nvme_cmd_cache", 654 sizeof (nvme_cmd_t), 64, NULL, NULL, NULL, NULL, NULL, 0); 655 656 mutex_init(&nvme_lc_mutex, NULL, MUTEX_DRIVER, NULL); 657 list_create(&nvme_lost_cmds, sizeof (nvme_cmd_t), 658 offsetof(nvme_cmd_t, nc_list)); 659 660 bd_mod_init(&nvme_dev_ops); 661 662 error = mod_install(&nvme_modlinkage); 663 if (error != DDI_SUCCESS) { 664 ddi_soft_state_fini(&nvme_state); 665 mutex_destroy(&nvme_lc_mutex); 666 list_destroy(&nvme_lost_cmds); 667 bd_mod_fini(&nvme_dev_ops); 668 } 669 670 return (error); 671 } 672 673 int 674 _fini(void) 675 { 676 int error; 677 678 if (!list_is_empty(&nvme_lost_cmds)) 679 return (DDI_FAILURE); 680 681 error = mod_remove(&nvme_modlinkage); 682 if (error == DDI_SUCCESS) { 683 ddi_soft_state_fini(&nvme_state); 684 kmem_cache_destroy(nvme_cmd_cache); 685 mutex_destroy(&nvme_lc_mutex); 686 list_destroy(&nvme_lost_cmds); 687 bd_mod_fini(&nvme_dev_ops); 688 } 689 690 return (error); 691 } 692 693 int 694 _info(struct modinfo *modinfop) 695 { 696 return (mod_info(&nvme_modlinkage, modinfop)); 697 } 698 699 static inline void 700 nvme_put64(nvme_t *nvme, uintptr_t reg, uint64_t val) 701 { 702 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x7) == 0); 703 704 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 705 ddi_put64(nvme->n_regh, (uint64_t *)(nvme->n_regs + reg), val); 706 } 707 708 static inline void 709 nvme_put32(nvme_t *nvme, uintptr_t reg, uint32_t val) 710 { 711 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x3) == 0); 712 713 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 714 ddi_put32(nvme->n_regh, (uint32_t *)(nvme->n_regs + reg), val); 715 } 716 717 static inline uint64_t 718 nvme_get64(nvme_t *nvme, uintptr_t reg) 719 { 720 uint64_t val; 721 722 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x7) == 0); 723 724 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 725 val = ddi_get64(nvme->n_regh, (uint64_t *)(nvme->n_regs + reg)); 726 727 return (val); 728 } 729 730 static inline uint32_t 731 nvme_get32(nvme_t *nvme, uintptr_t reg) 732 { 733 uint32_t val; 734 735 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x3) == 0); 736 737 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 738 val = ddi_get32(nvme->n_regh, (uint32_t *)(nvme->n_regs + reg)); 739 740 return (val); 741 } 742 743 static boolean_t 744 nvme_check_regs_hdl(nvme_t *nvme) 745 { 746 ddi_fm_error_t error; 747 748 ddi_fm_acc_err_get(nvme->n_regh, &error, DDI_FME_VERSION); 749 750 if (error.fme_status != DDI_FM_OK) 751 return (B_TRUE); 752 753 return (B_FALSE); 754 } 755 756 static boolean_t 757 nvme_check_dma_hdl(nvme_dma_t *dma) 758 { 759 ddi_fm_error_t error; 760 761 if (dma == NULL) 762 return (B_FALSE); 763 764 ddi_fm_dma_err_get(dma->nd_dmah, &error, DDI_FME_VERSION); 765 766 if (error.fme_status != DDI_FM_OK) 767 return (B_TRUE); 768 769 return (B_FALSE); 770 } 771 772 static void 773 nvme_free_dma_common(nvme_dma_t *dma) 774 { 775 if (dma->nd_dmah != NULL) 776 (void) ddi_dma_unbind_handle(dma->nd_dmah); 777 if (dma->nd_acch != NULL) 778 ddi_dma_mem_free(&dma->nd_acch); 779 if (dma->nd_dmah != NULL) 780 ddi_dma_free_handle(&dma->nd_dmah); 781 } 782 783 static void 784 nvme_free_dma(nvme_dma_t *dma) 785 { 786 nvme_free_dma_common(dma); 787 kmem_free(dma, sizeof (*dma)); 788 } 789 790 /* ARGSUSED */ 791 static void 792 nvme_prp_dma_destructor(void *buf, void *private) 793 { 794 nvme_dma_t *dma = (nvme_dma_t *)buf; 795 796 nvme_free_dma_common(dma); 797 } 798 799 static int 800 nvme_alloc_dma_common(nvme_t *nvme, nvme_dma_t *dma, 801 size_t len, uint_t flags, ddi_dma_attr_t *dma_attr) 802 { 803 if (ddi_dma_alloc_handle(nvme->n_dip, dma_attr, DDI_DMA_SLEEP, NULL, 804 &dma->nd_dmah) != DDI_SUCCESS) { 805 /* 806 * Due to DDI_DMA_SLEEP this can't be DDI_DMA_NORESOURCES, and 807 * the only other possible error is DDI_DMA_BADATTR which 808 * indicates a driver bug which should cause a panic. 809 */ 810 dev_err(nvme->n_dip, CE_PANIC, 811 "!failed to get DMA handle, check DMA attributes"); 812 return (DDI_FAILURE); 813 } 814 815 /* 816 * ddi_dma_mem_alloc() can only fail when DDI_DMA_NOSLEEP is specified 817 * or the flags are conflicting, which isn't the case here. 818 */ 819 (void) ddi_dma_mem_alloc(dma->nd_dmah, len, &nvme->n_reg_acc_attr, 820 DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, &dma->nd_memp, 821 &dma->nd_len, &dma->nd_acch); 822 823 if (ddi_dma_addr_bind_handle(dma->nd_dmah, NULL, dma->nd_memp, 824 dma->nd_len, flags | DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, 825 &dma->nd_cookie, &dma->nd_ncookie) != DDI_DMA_MAPPED) { 826 dev_err(nvme->n_dip, CE_WARN, 827 "!failed to bind DMA memory"); 828 atomic_inc_32(&nvme->n_dma_bind_err); 829 nvme_free_dma_common(dma); 830 return (DDI_FAILURE); 831 } 832 833 return (DDI_SUCCESS); 834 } 835 836 static int 837 nvme_zalloc_dma(nvme_t *nvme, size_t len, uint_t flags, 838 ddi_dma_attr_t *dma_attr, nvme_dma_t **ret) 839 { 840 nvme_dma_t *dma = kmem_zalloc(sizeof (nvme_dma_t), KM_SLEEP); 841 842 if (nvme_alloc_dma_common(nvme, dma, len, flags, dma_attr) != 843 DDI_SUCCESS) { 844 *ret = NULL; 845 kmem_free(dma, sizeof (nvme_dma_t)); 846 return (DDI_FAILURE); 847 } 848 849 bzero(dma->nd_memp, dma->nd_len); 850 851 *ret = dma; 852 return (DDI_SUCCESS); 853 } 854 855 /* ARGSUSED */ 856 static int 857 nvme_prp_dma_constructor(void *buf, void *private, int flags) 858 { 859 nvme_dma_t *dma = (nvme_dma_t *)buf; 860 nvme_t *nvme = (nvme_t *)private; 861 862 dma->nd_dmah = NULL; 863 dma->nd_acch = NULL; 864 865 if (nvme_alloc_dma_common(nvme, dma, nvme->n_pagesize, 866 DDI_DMA_READ, &nvme->n_prp_dma_attr) != DDI_SUCCESS) { 867 return (-1); 868 } 869 870 ASSERT(dma->nd_ncookie == 1); 871 872 dma->nd_cached = B_TRUE; 873 874 return (0); 875 } 876 877 static int 878 nvme_zalloc_queue_dma(nvme_t *nvme, uint32_t nentry, uint16_t qe_len, 879 uint_t flags, nvme_dma_t **dma) 880 { 881 uint32_t len = nentry * qe_len; 882 ddi_dma_attr_t q_dma_attr = nvme->n_queue_dma_attr; 883 884 len = roundup(len, nvme->n_pagesize); 885 886 if (nvme_zalloc_dma(nvme, len, flags, &q_dma_attr, dma) 887 != DDI_SUCCESS) { 888 dev_err(nvme->n_dip, CE_WARN, 889 "!failed to get DMA memory for queue"); 890 goto fail; 891 } 892 893 if ((*dma)->nd_ncookie != 1) { 894 dev_err(nvme->n_dip, CE_WARN, 895 "!got too many cookies for queue DMA"); 896 goto fail; 897 } 898 899 return (DDI_SUCCESS); 900 901 fail: 902 if (*dma) { 903 nvme_free_dma(*dma); 904 *dma = NULL; 905 } 906 907 return (DDI_FAILURE); 908 } 909 910 static void 911 nvme_free_cq(nvme_cq_t *cq) 912 { 913 mutex_destroy(&cq->ncq_mutex); 914 915 if (cq->ncq_cmd_taskq != NULL) 916 taskq_destroy(cq->ncq_cmd_taskq); 917 918 if (cq->ncq_dma != NULL) 919 nvme_free_dma(cq->ncq_dma); 920 921 kmem_free(cq, sizeof (*cq)); 922 } 923 924 static void 925 nvme_free_qpair(nvme_qpair_t *qp) 926 { 927 int i; 928 929 mutex_destroy(&qp->nq_mutex); 930 sema_destroy(&qp->nq_sema); 931 932 if (qp->nq_sqdma != NULL) 933 nvme_free_dma(qp->nq_sqdma); 934 935 if (qp->nq_active_cmds > 0) 936 for (i = 0; i != qp->nq_nentry; i++) 937 if (qp->nq_cmd[i] != NULL) 938 nvme_free_cmd(qp->nq_cmd[i]); 939 940 if (qp->nq_cmd != NULL) 941 kmem_free(qp->nq_cmd, sizeof (nvme_cmd_t *) * qp->nq_nentry); 942 943 kmem_free(qp, sizeof (nvme_qpair_t)); 944 } 945 946 /* 947 * Destroy the pre-allocated cq array, but only free individual completion 948 * queues from the given starting index. 949 */ 950 static void 951 nvme_destroy_cq_array(nvme_t *nvme, uint_t start) 952 { 953 uint_t i; 954 955 for (i = start; i < nvme->n_cq_count; i++) 956 if (nvme->n_cq[i] != NULL) 957 nvme_free_cq(nvme->n_cq[i]); 958 959 kmem_free(nvme->n_cq, sizeof (*nvme->n_cq) * nvme->n_cq_count); 960 } 961 962 static int 963 nvme_alloc_cq(nvme_t *nvme, uint32_t nentry, nvme_cq_t **cqp, uint16_t idx, 964 uint_t nthr) 965 { 966 nvme_cq_t *cq = kmem_zalloc(sizeof (*cq), KM_SLEEP); 967 char name[64]; /* large enough for the taskq name */ 968 969 mutex_init(&cq->ncq_mutex, NULL, MUTEX_DRIVER, 970 DDI_INTR_PRI(nvme->n_intr_pri)); 971 972 if (nvme_zalloc_queue_dma(nvme, nentry, sizeof (nvme_cqe_t), 973 DDI_DMA_READ, &cq->ncq_dma) != DDI_SUCCESS) 974 goto fail; 975 976 cq->ncq_cq = (nvme_cqe_t *)cq->ncq_dma->nd_memp; 977 cq->ncq_nentry = nentry; 978 cq->ncq_id = idx; 979 cq->ncq_hdbl = NVME_REG_CQHDBL(nvme, idx); 980 981 /* 982 * Each completion queue has its own command taskq. 983 */ 984 (void) snprintf(name, sizeof (name), "%s%d_cmd_taskq%u", 985 ddi_driver_name(nvme->n_dip), ddi_get_instance(nvme->n_dip), idx); 986 987 cq->ncq_cmd_taskq = taskq_create(name, nthr, minclsyspri, 64, INT_MAX, 988 TASKQ_PREPOPULATE); 989 990 if (cq->ncq_cmd_taskq == NULL) { 991 dev_err(nvme->n_dip, CE_WARN, "!failed to create cmd " 992 "taskq for cq %u", idx); 993 goto fail; 994 } 995 996 *cqp = cq; 997 return (DDI_SUCCESS); 998 999 fail: 1000 nvme_free_cq(cq); 1001 *cqp = NULL; 1002 1003 return (DDI_FAILURE); 1004 } 1005 1006 /* 1007 * Create the n_cq array big enough to hold "ncq" completion queues. 1008 * If the array already exists it will be re-sized (but only larger). 1009 * The admin queue is included in this array, which boosts the 1010 * max number of entries to UINT16_MAX + 1. 1011 */ 1012 static int 1013 nvme_create_cq_array(nvme_t *nvme, uint_t ncq, uint32_t nentry, uint_t nthr) 1014 { 1015 nvme_cq_t **cq; 1016 uint_t i, cq_count; 1017 1018 ASSERT3U(ncq, >, nvme->n_cq_count); 1019 1020 cq = nvme->n_cq; 1021 cq_count = nvme->n_cq_count; 1022 1023 nvme->n_cq = kmem_zalloc(sizeof (*nvme->n_cq) * ncq, KM_SLEEP); 1024 nvme->n_cq_count = ncq; 1025 1026 for (i = 0; i < cq_count; i++) 1027 nvme->n_cq[i] = cq[i]; 1028 1029 for (; i < nvme->n_cq_count; i++) 1030 if (nvme_alloc_cq(nvme, nentry, &nvme->n_cq[i], i, nthr) != 1031 DDI_SUCCESS) 1032 goto fail; 1033 1034 if (cq != NULL) 1035 kmem_free(cq, sizeof (*cq) * cq_count); 1036 1037 return (DDI_SUCCESS); 1038 1039 fail: 1040 nvme_destroy_cq_array(nvme, cq_count); 1041 /* 1042 * Restore the original array 1043 */ 1044 nvme->n_cq_count = cq_count; 1045 nvme->n_cq = cq; 1046 1047 return (DDI_FAILURE); 1048 } 1049 1050 static int 1051 nvme_alloc_qpair(nvme_t *nvme, uint32_t nentry, nvme_qpair_t **nqp, 1052 uint_t idx) 1053 { 1054 nvme_qpair_t *qp = kmem_zalloc(sizeof (*qp), KM_SLEEP); 1055 uint_t cq_idx; 1056 1057 mutex_init(&qp->nq_mutex, NULL, MUTEX_DRIVER, 1058 DDI_INTR_PRI(nvme->n_intr_pri)); 1059 1060 /* 1061 * The NVMe spec defines that a full queue has one empty (unused) slot; 1062 * initialize the semaphore accordingly. 1063 */ 1064 sema_init(&qp->nq_sema, nentry - 1, NULL, SEMA_DRIVER, NULL); 1065 1066 if (nvme_zalloc_queue_dma(nvme, nentry, sizeof (nvme_sqe_t), 1067 DDI_DMA_WRITE, &qp->nq_sqdma) != DDI_SUCCESS) 1068 goto fail; 1069 1070 /* 1071 * idx == 0 is adminq, those above 0 are shared io completion queues. 1072 */ 1073 cq_idx = idx == 0 ? 0 : 1 + (idx - 1) % (nvme->n_cq_count - 1); 1074 qp->nq_cq = nvme->n_cq[cq_idx]; 1075 qp->nq_sq = (nvme_sqe_t *)qp->nq_sqdma->nd_memp; 1076 qp->nq_nentry = nentry; 1077 1078 qp->nq_sqtdbl = NVME_REG_SQTDBL(nvme, idx); 1079 1080 qp->nq_cmd = kmem_zalloc(sizeof (nvme_cmd_t *) * nentry, KM_SLEEP); 1081 qp->nq_next_cmd = 0; 1082 1083 *nqp = qp; 1084 return (DDI_SUCCESS); 1085 1086 fail: 1087 nvme_free_qpair(qp); 1088 *nqp = NULL; 1089 1090 return (DDI_FAILURE); 1091 } 1092 1093 static nvme_cmd_t * 1094 nvme_alloc_cmd(nvme_t *nvme, int kmflag) 1095 { 1096 nvme_cmd_t *cmd = kmem_cache_alloc(nvme_cmd_cache, kmflag); 1097 1098 if (cmd == NULL) 1099 return (cmd); 1100 1101 bzero(cmd, sizeof (nvme_cmd_t)); 1102 1103 cmd->nc_nvme = nvme; 1104 1105 mutex_init(&cmd->nc_mutex, NULL, MUTEX_DRIVER, 1106 DDI_INTR_PRI(nvme->n_intr_pri)); 1107 cv_init(&cmd->nc_cv, NULL, CV_DRIVER, NULL); 1108 1109 return (cmd); 1110 } 1111 1112 static void 1113 nvme_free_cmd(nvme_cmd_t *cmd) 1114 { 1115 /* Don't free commands on the lost commands list. */ 1116 if (list_link_active(&cmd->nc_list)) 1117 return; 1118 1119 if (cmd->nc_dma) { 1120 nvme_free_dma(cmd->nc_dma); 1121 cmd->nc_dma = NULL; 1122 } 1123 1124 if (cmd->nc_prp) { 1125 kmem_cache_free(cmd->nc_nvme->n_prp_cache, cmd->nc_prp); 1126 cmd->nc_prp = NULL; 1127 } 1128 1129 cv_destroy(&cmd->nc_cv); 1130 mutex_destroy(&cmd->nc_mutex); 1131 1132 kmem_cache_free(nvme_cmd_cache, cmd); 1133 } 1134 1135 static void 1136 nvme_submit_admin_cmd(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1137 { 1138 sema_p(&qp->nq_sema); 1139 nvme_submit_cmd_common(qp, cmd); 1140 } 1141 1142 static int 1143 nvme_submit_io_cmd(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1144 { 1145 if (cmd->nc_nvme->n_dead) { 1146 return (EIO); 1147 } 1148 1149 if (sema_tryp(&qp->nq_sema) == 0) 1150 return (EAGAIN); 1151 1152 nvme_submit_cmd_common(qp, cmd); 1153 return (0); 1154 } 1155 1156 static void 1157 nvme_submit_cmd_common(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1158 { 1159 nvme_reg_sqtdbl_t tail = { 0 }; 1160 1161 mutex_enter(&qp->nq_mutex); 1162 cmd->nc_completed = B_FALSE; 1163 1164 /* 1165 * Now that we hold the queue pair lock, we must check whether or not 1166 * the controller has been listed as dead (e.g. was removed due to 1167 * hotplug). This is necessary as otherwise we could race with 1168 * nvme_remove_callback(). Because this has not been enqueued, we don't 1169 * call nvme_unqueue_cmd(), which is why we must manually decrement the 1170 * semaphore. 1171 */ 1172 if (cmd->nc_nvme->n_dead) { 1173 taskq_dispatch_ent(qp->nq_cq->ncq_cmd_taskq, cmd->nc_callback, 1174 cmd, TQ_NOSLEEP, &cmd->nc_tqent); 1175 sema_v(&qp->nq_sema); 1176 mutex_exit(&qp->nq_mutex); 1177 return; 1178 } 1179 1180 /* 1181 * Try to insert the cmd into the active cmd array at the nq_next_cmd 1182 * slot. If the slot is already occupied advance to the next slot and 1183 * try again. This can happen for long running commands like async event 1184 * requests. 1185 */ 1186 while (qp->nq_cmd[qp->nq_next_cmd] != NULL) 1187 qp->nq_next_cmd = (qp->nq_next_cmd + 1) % qp->nq_nentry; 1188 qp->nq_cmd[qp->nq_next_cmd] = cmd; 1189 1190 qp->nq_active_cmds++; 1191 1192 cmd->nc_sqe.sqe_cid = qp->nq_next_cmd; 1193 bcopy(&cmd->nc_sqe, &qp->nq_sq[qp->nq_sqtail], sizeof (nvme_sqe_t)); 1194 (void) ddi_dma_sync(qp->nq_sqdma->nd_dmah, 1195 sizeof (nvme_sqe_t) * qp->nq_sqtail, 1196 sizeof (nvme_sqe_t), DDI_DMA_SYNC_FORDEV); 1197 qp->nq_next_cmd = (qp->nq_next_cmd + 1) % qp->nq_nentry; 1198 1199 tail.b.sqtdbl_sqt = qp->nq_sqtail = (qp->nq_sqtail + 1) % qp->nq_nentry; 1200 nvme_put32(cmd->nc_nvme, qp->nq_sqtdbl, tail.r); 1201 1202 mutex_exit(&qp->nq_mutex); 1203 } 1204 1205 static nvme_cmd_t * 1206 nvme_unqueue_cmd(nvme_t *nvme, nvme_qpair_t *qp, int cid) 1207 { 1208 nvme_cmd_t *cmd; 1209 1210 ASSERT(mutex_owned(&qp->nq_mutex)); 1211 ASSERT3S(cid, <, qp->nq_nentry); 1212 1213 cmd = qp->nq_cmd[cid]; 1214 qp->nq_cmd[cid] = NULL; 1215 ASSERT3U(qp->nq_active_cmds, >, 0); 1216 qp->nq_active_cmds--; 1217 sema_v(&qp->nq_sema); 1218 1219 ASSERT3P(cmd, !=, NULL); 1220 ASSERT3P(cmd->nc_nvme, ==, nvme); 1221 ASSERT3S(cmd->nc_sqe.sqe_cid, ==, cid); 1222 1223 return (cmd); 1224 } 1225 1226 /* 1227 * Get the command tied to the next completed cqe and bump along completion 1228 * queue head counter. 1229 */ 1230 static nvme_cmd_t * 1231 nvme_get_completed(nvme_t *nvme, nvme_cq_t *cq) 1232 { 1233 nvme_qpair_t *qp; 1234 nvme_cqe_t *cqe; 1235 nvme_cmd_t *cmd; 1236 1237 ASSERT(mutex_owned(&cq->ncq_mutex)); 1238 1239 cqe = &cq->ncq_cq[cq->ncq_head]; 1240 1241 /* Check phase tag of CQE. Hardware inverts it for new entries. */ 1242 if (cqe->cqe_sf.sf_p == cq->ncq_phase) 1243 return (NULL); 1244 1245 qp = nvme->n_ioq[cqe->cqe_sqid]; 1246 1247 mutex_enter(&qp->nq_mutex); 1248 cmd = nvme_unqueue_cmd(nvme, qp, cqe->cqe_cid); 1249 mutex_exit(&qp->nq_mutex); 1250 1251 ASSERT(cmd->nc_sqid == cqe->cqe_sqid); 1252 bcopy(cqe, &cmd->nc_cqe, sizeof (nvme_cqe_t)); 1253 1254 qp->nq_sqhead = cqe->cqe_sqhd; 1255 1256 cq->ncq_head = (cq->ncq_head + 1) % cq->ncq_nentry; 1257 1258 /* Toggle phase on wrap-around. */ 1259 if (cq->ncq_head == 0) 1260 cq->ncq_phase = cq->ncq_phase ? 0 : 1; 1261 1262 return (cmd); 1263 } 1264 1265 /* 1266 * Process all completed commands on the io completion queue. 1267 */ 1268 static uint_t 1269 nvme_process_iocq(nvme_t *nvme, nvme_cq_t *cq) 1270 { 1271 nvme_reg_cqhdbl_t head = { 0 }; 1272 nvme_cmd_t *cmd; 1273 uint_t completed = 0; 1274 1275 if (ddi_dma_sync(cq->ncq_dma->nd_dmah, 0, 0, DDI_DMA_SYNC_FORKERNEL) != 1276 DDI_SUCCESS) 1277 dev_err(nvme->n_dip, CE_WARN, "!ddi_dma_sync() failed in %s", 1278 __func__); 1279 1280 mutex_enter(&cq->ncq_mutex); 1281 1282 while ((cmd = nvme_get_completed(nvme, cq)) != NULL) { 1283 taskq_dispatch_ent(cq->ncq_cmd_taskq, cmd->nc_callback, cmd, 1284 TQ_NOSLEEP, &cmd->nc_tqent); 1285 1286 completed++; 1287 } 1288 1289 if (completed > 0) { 1290 /* 1291 * Update the completion queue head doorbell. 1292 */ 1293 head.b.cqhdbl_cqh = cq->ncq_head; 1294 nvme_put32(nvme, cq->ncq_hdbl, head.r); 1295 } 1296 1297 mutex_exit(&cq->ncq_mutex); 1298 1299 return (completed); 1300 } 1301 1302 static nvme_cmd_t * 1303 nvme_retrieve_cmd(nvme_t *nvme, nvme_qpair_t *qp) 1304 { 1305 nvme_cq_t *cq = qp->nq_cq; 1306 nvme_reg_cqhdbl_t head = { 0 }; 1307 nvme_cmd_t *cmd; 1308 1309 if (ddi_dma_sync(cq->ncq_dma->nd_dmah, 0, 0, DDI_DMA_SYNC_FORKERNEL) != 1310 DDI_SUCCESS) 1311 dev_err(nvme->n_dip, CE_WARN, "!ddi_dma_sync() failed in %s", 1312 __func__); 1313 1314 mutex_enter(&cq->ncq_mutex); 1315 1316 if ((cmd = nvme_get_completed(nvme, cq)) != NULL) { 1317 head.b.cqhdbl_cqh = cq->ncq_head; 1318 nvme_put32(nvme, cq->ncq_hdbl, head.r); 1319 } 1320 1321 mutex_exit(&cq->ncq_mutex); 1322 1323 return (cmd); 1324 } 1325 1326 static int 1327 nvme_check_unknown_cmd_status(nvme_cmd_t *cmd) 1328 { 1329 nvme_cqe_t *cqe = &cmd->nc_cqe; 1330 1331 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1332 "!unknown command status received: opc = %x, sqid = %d, cid = %d, " 1333 "sc = %x, sct = %x, dnr = %d, m = %d", cmd->nc_sqe.sqe_opc, 1334 cqe->cqe_sqid, cqe->cqe_cid, cqe->cqe_sf.sf_sc, cqe->cqe_sf.sf_sct, 1335 cqe->cqe_sf.sf_dnr, cqe->cqe_sf.sf_m); 1336 1337 if (cmd->nc_xfer != NULL) 1338 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1339 1340 if (cmd->nc_nvme->n_strict_version) { 1341 cmd->nc_nvme->n_dead = B_TRUE; 1342 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1343 } 1344 1345 return (EIO); 1346 } 1347 1348 static int 1349 nvme_check_vendor_cmd_status(nvme_cmd_t *cmd) 1350 { 1351 nvme_cqe_t *cqe = &cmd->nc_cqe; 1352 1353 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1354 "!unknown command status received: opc = %x, sqid = %d, cid = %d, " 1355 "sc = %x, sct = %x, dnr = %d, m = %d", cmd->nc_sqe.sqe_opc, 1356 cqe->cqe_sqid, cqe->cqe_cid, cqe->cqe_sf.sf_sc, cqe->cqe_sf.sf_sct, 1357 cqe->cqe_sf.sf_dnr, cqe->cqe_sf.sf_m); 1358 if (!cmd->nc_nvme->n_ignore_unknown_vendor_status) { 1359 cmd->nc_nvme->n_dead = B_TRUE; 1360 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1361 } 1362 1363 return (EIO); 1364 } 1365 1366 static int 1367 nvme_check_integrity_cmd_status(nvme_cmd_t *cmd) 1368 { 1369 nvme_cqe_t *cqe = &cmd->nc_cqe; 1370 1371 switch (cqe->cqe_sf.sf_sc) { 1372 case NVME_CQE_SC_INT_NVM_WRITE: 1373 /* write fail */ 1374 /* TODO: post ereport */ 1375 if (cmd->nc_xfer != NULL) 1376 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1377 return (EIO); 1378 1379 case NVME_CQE_SC_INT_NVM_READ: 1380 /* read fail */ 1381 /* TODO: post ereport */ 1382 if (cmd->nc_xfer != NULL) 1383 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1384 return (EIO); 1385 1386 default: 1387 return (nvme_check_unknown_cmd_status(cmd)); 1388 } 1389 } 1390 1391 static int 1392 nvme_check_generic_cmd_status(nvme_cmd_t *cmd) 1393 { 1394 nvme_cqe_t *cqe = &cmd->nc_cqe; 1395 1396 switch (cqe->cqe_sf.sf_sc) { 1397 case NVME_CQE_SC_GEN_SUCCESS: 1398 return (0); 1399 1400 /* 1401 * Errors indicating a bug in the driver should cause a panic. 1402 */ 1403 case NVME_CQE_SC_GEN_INV_OPC: 1404 /* Invalid Command Opcode */ 1405 if (!cmd->nc_dontpanic) 1406 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1407 "programming error: invalid opcode in cmd %p", 1408 (void *)cmd); 1409 return (EINVAL); 1410 1411 case NVME_CQE_SC_GEN_INV_FLD: 1412 /* Invalid Field in Command */ 1413 if (!cmd->nc_dontpanic) 1414 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1415 "programming error: invalid field in cmd %p", 1416 (void *)cmd); 1417 return (EIO); 1418 1419 case NVME_CQE_SC_GEN_ID_CNFL: 1420 /* Command ID Conflict */ 1421 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1422 "cmd ID conflict in cmd %p", (void *)cmd); 1423 return (0); 1424 1425 case NVME_CQE_SC_GEN_INV_NS: 1426 /* Invalid Namespace or Format */ 1427 if (!cmd->nc_dontpanic) 1428 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1429 "programming error: invalid NS/format in cmd %p", 1430 (void *)cmd); 1431 return (EINVAL); 1432 1433 case NVME_CQE_SC_GEN_NVM_LBA_RANGE: 1434 /* LBA Out Of Range */ 1435 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1436 "LBA out of range in cmd %p", (void *)cmd); 1437 return (0); 1438 1439 /* 1440 * Non-fatal errors, handle gracefully. 1441 */ 1442 case NVME_CQE_SC_GEN_DATA_XFR_ERR: 1443 /* Data Transfer Error (DMA) */ 1444 /* TODO: post ereport */ 1445 atomic_inc_32(&cmd->nc_nvme->n_data_xfr_err); 1446 if (cmd->nc_xfer != NULL) 1447 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1448 return (EIO); 1449 1450 case NVME_CQE_SC_GEN_INTERNAL_ERR: 1451 /* 1452 * Internal Error. The spec (v1.0, section 4.5.1.2) says 1453 * detailed error information is returned as async event, 1454 * so we pretty much ignore the error here and handle it 1455 * in the async event handler. 1456 */ 1457 atomic_inc_32(&cmd->nc_nvme->n_internal_err); 1458 if (cmd->nc_xfer != NULL) 1459 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1460 return (EIO); 1461 1462 case NVME_CQE_SC_GEN_ABORT_REQUEST: 1463 /* 1464 * Command Abort Requested. This normally happens only when a 1465 * command times out. 1466 */ 1467 /* TODO: post ereport or change blkdev to handle this? */ 1468 atomic_inc_32(&cmd->nc_nvme->n_abort_rq_err); 1469 return (ECANCELED); 1470 1471 case NVME_CQE_SC_GEN_ABORT_PWRLOSS: 1472 /* Command Aborted due to Power Loss Notification */ 1473 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1474 cmd->nc_nvme->n_dead = B_TRUE; 1475 return (EIO); 1476 1477 case NVME_CQE_SC_GEN_ABORT_SQ_DEL: 1478 /* Command Aborted due to SQ Deletion */ 1479 atomic_inc_32(&cmd->nc_nvme->n_abort_sq_del); 1480 return (EIO); 1481 1482 case NVME_CQE_SC_GEN_NVM_CAP_EXC: 1483 /* Capacity Exceeded */ 1484 atomic_inc_32(&cmd->nc_nvme->n_nvm_cap_exc); 1485 if (cmd->nc_xfer != NULL) 1486 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1487 return (EIO); 1488 1489 case NVME_CQE_SC_GEN_NVM_NS_NOTRDY: 1490 /* Namespace Not Ready */ 1491 atomic_inc_32(&cmd->nc_nvme->n_nvm_ns_notrdy); 1492 if (cmd->nc_xfer != NULL) 1493 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1494 return (EIO); 1495 1496 default: 1497 return (nvme_check_unknown_cmd_status(cmd)); 1498 } 1499 } 1500 1501 static int 1502 nvme_check_specific_cmd_status(nvme_cmd_t *cmd) 1503 { 1504 nvme_cqe_t *cqe = &cmd->nc_cqe; 1505 1506 switch (cqe->cqe_sf.sf_sc) { 1507 case NVME_CQE_SC_SPC_INV_CQ: 1508 /* Completion Queue Invalid */ 1509 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE); 1510 atomic_inc_32(&cmd->nc_nvme->n_inv_cq_err); 1511 return (EINVAL); 1512 1513 case NVME_CQE_SC_SPC_INV_QID: 1514 /* Invalid Queue Identifier */ 1515 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE || 1516 cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_SQUEUE || 1517 cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE || 1518 cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_CQUEUE); 1519 atomic_inc_32(&cmd->nc_nvme->n_inv_qid_err); 1520 return (EINVAL); 1521 1522 case NVME_CQE_SC_SPC_MAX_QSZ_EXC: 1523 /* Max Queue Size Exceeded */ 1524 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE || 1525 cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE); 1526 atomic_inc_32(&cmd->nc_nvme->n_max_qsz_exc); 1527 return (EINVAL); 1528 1529 case NVME_CQE_SC_SPC_ABRT_CMD_EXC: 1530 /* Abort Command Limit Exceeded */ 1531 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_ABORT); 1532 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1533 "abort command limit exceeded in cmd %p", (void *)cmd); 1534 return (0); 1535 1536 case NVME_CQE_SC_SPC_ASYNC_EVREQ_EXC: 1537 /* Async Event Request Limit Exceeded */ 1538 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_ASYNC_EVENT); 1539 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1540 "async event request limit exceeded in cmd %p", 1541 (void *)cmd); 1542 return (0); 1543 1544 case NVME_CQE_SC_SPC_INV_INT_VECT: 1545 /* Invalid Interrupt Vector */ 1546 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE); 1547 atomic_inc_32(&cmd->nc_nvme->n_inv_int_vect); 1548 return (EINVAL); 1549 1550 case NVME_CQE_SC_SPC_INV_LOG_PAGE: 1551 /* Invalid Log Page */ 1552 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_GET_LOG_PAGE); 1553 atomic_inc_32(&cmd->nc_nvme->n_inv_log_page); 1554 return (EINVAL); 1555 1556 case NVME_CQE_SC_SPC_INV_FORMAT: 1557 /* Invalid Format */ 1558 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_FORMAT); 1559 atomic_inc_32(&cmd->nc_nvme->n_inv_format); 1560 if (cmd->nc_xfer != NULL) 1561 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1562 return (EINVAL); 1563 1564 case NVME_CQE_SC_SPC_INV_Q_DEL: 1565 /* Invalid Queue Deletion */ 1566 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_CQUEUE); 1567 atomic_inc_32(&cmd->nc_nvme->n_inv_q_del); 1568 return (EINVAL); 1569 1570 case NVME_CQE_SC_SPC_NVM_CNFL_ATTR: 1571 /* Conflicting Attributes */ 1572 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_DSET_MGMT || 1573 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_READ || 1574 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1575 atomic_inc_32(&cmd->nc_nvme->n_cnfl_attr); 1576 if (cmd->nc_xfer != NULL) 1577 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1578 return (EINVAL); 1579 1580 case NVME_CQE_SC_SPC_NVM_INV_PROT: 1581 /* Invalid Protection Information */ 1582 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_COMPARE || 1583 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_READ || 1584 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1585 atomic_inc_32(&cmd->nc_nvme->n_inv_prot); 1586 if (cmd->nc_xfer != NULL) 1587 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1588 return (EINVAL); 1589 1590 case NVME_CQE_SC_SPC_NVM_READONLY: 1591 /* Write to Read Only Range */ 1592 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1593 atomic_inc_32(&cmd->nc_nvme->n_readonly); 1594 if (cmd->nc_xfer != NULL) 1595 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1596 return (EROFS); 1597 1598 case NVME_CQE_SC_SPC_INV_FW_SLOT: 1599 /* Invalid Firmware Slot */ 1600 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1601 return (EINVAL); 1602 1603 case NVME_CQE_SC_SPC_INV_FW_IMG: 1604 /* Invalid Firmware Image */ 1605 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1606 return (EINVAL); 1607 1608 case NVME_CQE_SC_SPC_FW_RESET: 1609 /* Conventional Reset Required */ 1610 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1611 return (0); 1612 1613 case NVME_CQE_SC_SPC_FW_NSSR: 1614 /* NVMe Subsystem Reset Required */ 1615 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1616 return (0); 1617 1618 case NVME_CQE_SC_SPC_FW_NEXT_RESET: 1619 /* Activation Requires Reset */ 1620 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1621 return (0); 1622 1623 case NVME_CQE_SC_SPC_FW_MTFA: 1624 /* Activation Requires Maximum Time Violation */ 1625 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1626 return (EAGAIN); 1627 1628 case NVME_CQE_SC_SPC_FW_PROHIBITED: 1629 /* Activation Prohibited */ 1630 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1631 return (EINVAL); 1632 1633 case NVME_CQE_SC_SPC_FW_OVERLAP: 1634 /* Overlapping Firmware Ranges */ 1635 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_IMAGE_LOAD); 1636 return (EINVAL); 1637 1638 default: 1639 return (nvme_check_unknown_cmd_status(cmd)); 1640 } 1641 } 1642 1643 static inline int 1644 nvme_check_cmd_status(nvme_cmd_t *cmd) 1645 { 1646 nvme_cqe_t *cqe = &cmd->nc_cqe; 1647 1648 /* 1649 * Take a shortcut if the controller is dead, or if 1650 * command status indicates no error. 1651 */ 1652 if (cmd->nc_nvme->n_dead) 1653 return (EIO); 1654 1655 if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1656 cqe->cqe_sf.sf_sc == NVME_CQE_SC_GEN_SUCCESS) 1657 return (0); 1658 1659 if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC) 1660 return (nvme_check_generic_cmd_status(cmd)); 1661 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_SPECIFIC) 1662 return (nvme_check_specific_cmd_status(cmd)); 1663 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_INTEGRITY) 1664 return (nvme_check_integrity_cmd_status(cmd)); 1665 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_VENDOR) 1666 return (nvme_check_vendor_cmd_status(cmd)); 1667 1668 return (nvme_check_unknown_cmd_status(cmd)); 1669 } 1670 1671 static int 1672 nvme_abort_cmd(nvme_cmd_t *abort_cmd, uint_t sec) 1673 { 1674 nvme_t *nvme = abort_cmd->nc_nvme; 1675 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1676 nvme_abort_cmd_t ac = { 0 }; 1677 int ret = 0; 1678 1679 sema_p(&nvme->n_abort_sema); 1680 1681 ac.b.ac_cid = abort_cmd->nc_sqe.sqe_cid; 1682 ac.b.ac_sqid = abort_cmd->nc_sqid; 1683 1684 cmd->nc_sqid = 0; 1685 cmd->nc_sqe.sqe_opc = NVME_OPC_ABORT; 1686 cmd->nc_callback = nvme_wakeup_cmd; 1687 cmd->nc_sqe.sqe_cdw10 = ac.r; 1688 1689 /* 1690 * Send the ABORT to the hardware. The ABORT command will return _after_ 1691 * the aborted command has completed (aborted or otherwise), but since 1692 * we still hold the aborted command's mutex its callback hasn't been 1693 * processed yet. 1694 */ 1695 nvme_admin_cmd(cmd, sec); 1696 sema_v(&nvme->n_abort_sema); 1697 1698 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 1699 dev_err(nvme->n_dip, CE_WARN, 1700 "!ABORT failed with sct = %x, sc = %x", 1701 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 1702 atomic_inc_32(&nvme->n_abort_failed); 1703 } else { 1704 dev_err(nvme->n_dip, CE_WARN, 1705 "!ABORT of command %d/%d %ssuccessful", 1706 abort_cmd->nc_sqe.sqe_cid, abort_cmd->nc_sqid, 1707 cmd->nc_cqe.cqe_dw0 & 1 ? "un" : ""); 1708 if ((cmd->nc_cqe.cqe_dw0 & 1) == 0) 1709 atomic_inc_32(&nvme->n_cmd_aborted); 1710 } 1711 1712 nvme_free_cmd(cmd); 1713 return (ret); 1714 } 1715 1716 /* 1717 * nvme_wait_cmd -- wait for command completion or timeout 1718 * 1719 * In case of a serious error or a timeout of the abort command the hardware 1720 * will be declared dead and FMA will be notified. 1721 */ 1722 static void 1723 nvme_wait_cmd(nvme_cmd_t *cmd, uint_t sec) 1724 { 1725 clock_t timeout = ddi_get_lbolt() + drv_usectohz(sec * MICROSEC); 1726 nvme_t *nvme = cmd->nc_nvme; 1727 nvme_reg_csts_t csts; 1728 nvme_qpair_t *qp; 1729 1730 ASSERT(mutex_owned(&cmd->nc_mutex)); 1731 1732 while (!cmd->nc_completed) { 1733 if (cv_timedwait(&cmd->nc_cv, &cmd->nc_mutex, timeout) == -1) 1734 break; 1735 } 1736 1737 if (cmd->nc_completed) 1738 return; 1739 1740 /* 1741 * The command timed out. 1742 * 1743 * Check controller for fatal status, any errors associated with the 1744 * register or DMA handle, or for a double timeout (abort command timed 1745 * out). If necessary log a warning and call FMA. 1746 */ 1747 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 1748 dev_err(nvme->n_dip, CE_WARN, "!command %d/%d timeout, " 1749 "OPC = %x, CFS = %d", cmd->nc_sqe.sqe_cid, cmd->nc_sqid, 1750 cmd->nc_sqe.sqe_opc, csts.b.csts_cfs); 1751 atomic_inc_32(&nvme->n_cmd_timeout); 1752 1753 if (csts.b.csts_cfs || 1754 nvme_check_regs_hdl(nvme) || 1755 nvme_check_dma_hdl(cmd->nc_dma) || 1756 cmd->nc_sqe.sqe_opc == NVME_OPC_ABORT) { 1757 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1758 nvme->n_dead = B_TRUE; 1759 } else if (nvme_abort_cmd(cmd, sec) == 0) { 1760 /* 1761 * If the abort succeeded the command should complete 1762 * immediately with an appropriate status. 1763 */ 1764 while (!cmd->nc_completed) 1765 cv_wait(&cmd->nc_cv, &cmd->nc_mutex); 1766 1767 return; 1768 } 1769 1770 qp = nvme->n_ioq[cmd->nc_sqid]; 1771 1772 mutex_enter(&qp->nq_mutex); 1773 (void) nvme_unqueue_cmd(nvme, qp, cmd->nc_sqe.sqe_cid); 1774 mutex_exit(&qp->nq_mutex); 1775 1776 /* 1777 * As we don't know what the presumed dead hardware might still do with 1778 * the DMA memory, we'll put the command on the lost commands list if it 1779 * has any DMA memory. 1780 */ 1781 if (cmd->nc_dma != NULL) { 1782 mutex_enter(&nvme_lc_mutex); 1783 list_insert_head(&nvme_lost_cmds, cmd); 1784 mutex_exit(&nvme_lc_mutex); 1785 } 1786 } 1787 1788 static void 1789 nvme_wakeup_cmd(void *arg) 1790 { 1791 nvme_cmd_t *cmd = arg; 1792 1793 mutex_enter(&cmd->nc_mutex); 1794 cmd->nc_completed = B_TRUE; 1795 cv_signal(&cmd->nc_cv); 1796 mutex_exit(&cmd->nc_mutex); 1797 } 1798 1799 static void 1800 nvme_async_event_task(void *arg) 1801 { 1802 nvme_cmd_t *cmd = arg; 1803 nvme_t *nvme = cmd->nc_nvme; 1804 nvme_error_log_entry_t *error_log = NULL; 1805 nvme_health_log_t *health_log = NULL; 1806 nvme_nschange_list_t *nslist = NULL; 1807 size_t logsize = 0; 1808 nvme_async_event_t event; 1809 1810 /* 1811 * Check for errors associated with the async request itself. The only 1812 * command-specific error is "async event limit exceeded", which 1813 * indicates a programming error in the driver and causes a panic in 1814 * nvme_check_cmd_status(). 1815 * 1816 * Other possible errors are various scenarios where the async request 1817 * was aborted, or internal errors in the device. Internal errors are 1818 * reported to FMA, the command aborts need no special handling here. 1819 * 1820 * And finally, at least qemu nvme does not support async events, 1821 * and will return NVME_CQE_SC_GEN_INV_OPC | DNR. If so, we 1822 * will avoid posting async events. 1823 */ 1824 1825 if (nvme_check_cmd_status(cmd) != 0) { 1826 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1827 "!async event request returned failure, sct = %x, " 1828 "sc = %x, dnr = %d, m = %d", cmd->nc_cqe.cqe_sf.sf_sct, 1829 cmd->nc_cqe.cqe_sf.sf_sc, cmd->nc_cqe.cqe_sf.sf_dnr, 1830 cmd->nc_cqe.cqe_sf.sf_m); 1831 1832 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1833 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INTERNAL_ERR) { 1834 cmd->nc_nvme->n_dead = B_TRUE; 1835 ddi_fm_service_impact(cmd->nc_nvme->n_dip, 1836 DDI_SERVICE_LOST); 1837 } 1838 1839 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1840 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INV_OPC && 1841 cmd->nc_cqe.cqe_sf.sf_dnr == 1) { 1842 nvme->n_async_event_supported = B_FALSE; 1843 } 1844 1845 nvme_free_cmd(cmd); 1846 return; 1847 } 1848 1849 event.r = cmd->nc_cqe.cqe_dw0; 1850 1851 /* Clear CQE and re-submit the async request. */ 1852 bzero(&cmd->nc_cqe, sizeof (nvme_cqe_t)); 1853 nvme_submit_admin_cmd(nvme->n_adminq, cmd); 1854 1855 switch (event.b.ae_type) { 1856 case NVME_ASYNC_TYPE_ERROR: 1857 if (event.b.ae_logpage == NVME_LOGPAGE_ERROR) { 1858 (void) nvme_get_logpage(nvme, B_FALSE, 1859 (void **)&error_log, &logsize, event.b.ae_logpage); 1860 } else { 1861 dev_err(nvme->n_dip, CE_WARN, "!wrong logpage in " 1862 "async event reply: %d", event.b.ae_logpage); 1863 atomic_inc_32(&nvme->n_wrong_logpage); 1864 } 1865 1866 switch (event.b.ae_info) { 1867 case NVME_ASYNC_ERROR_INV_SQ: 1868 dev_err(nvme->n_dip, CE_PANIC, "programming error: " 1869 "invalid submission queue"); 1870 return; 1871 1872 case NVME_ASYNC_ERROR_INV_DBL: 1873 dev_err(nvme->n_dip, CE_PANIC, "programming error: " 1874 "invalid doorbell write value"); 1875 return; 1876 1877 case NVME_ASYNC_ERROR_DIAGFAIL: 1878 dev_err(nvme->n_dip, CE_WARN, "!diagnostic failure"); 1879 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1880 nvme->n_dead = B_TRUE; 1881 atomic_inc_32(&nvme->n_diagfail_event); 1882 break; 1883 1884 case NVME_ASYNC_ERROR_PERSISTENT: 1885 dev_err(nvme->n_dip, CE_WARN, "!persistent internal " 1886 "device error"); 1887 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1888 nvme->n_dead = B_TRUE; 1889 atomic_inc_32(&nvme->n_persistent_event); 1890 break; 1891 1892 case NVME_ASYNC_ERROR_TRANSIENT: 1893 dev_err(nvme->n_dip, CE_WARN, "!transient internal " 1894 "device error"); 1895 /* TODO: send ereport */ 1896 atomic_inc_32(&nvme->n_transient_event); 1897 break; 1898 1899 case NVME_ASYNC_ERROR_FW_LOAD: 1900 dev_err(nvme->n_dip, CE_WARN, 1901 "!firmware image load error"); 1902 atomic_inc_32(&nvme->n_fw_load_event); 1903 break; 1904 } 1905 break; 1906 1907 case NVME_ASYNC_TYPE_HEALTH: 1908 if (event.b.ae_logpage == NVME_LOGPAGE_HEALTH) { 1909 (void) nvme_get_logpage(nvme, B_FALSE, 1910 (void **)&health_log, &logsize, event.b.ae_logpage, 1911 -1); 1912 } else { 1913 dev_err(nvme->n_dip, CE_WARN, "!wrong logpage in " 1914 "async event reply: %d", event.b.ae_logpage); 1915 atomic_inc_32(&nvme->n_wrong_logpage); 1916 } 1917 1918 switch (event.b.ae_info) { 1919 case NVME_ASYNC_HEALTH_RELIABILITY: 1920 dev_err(nvme->n_dip, CE_WARN, 1921 "!device reliability compromised"); 1922 /* TODO: send ereport */ 1923 atomic_inc_32(&nvme->n_reliability_event); 1924 break; 1925 1926 case NVME_ASYNC_HEALTH_TEMPERATURE: 1927 dev_err(nvme->n_dip, CE_WARN, 1928 "!temperature above threshold"); 1929 /* TODO: send ereport */ 1930 atomic_inc_32(&nvme->n_temperature_event); 1931 break; 1932 1933 case NVME_ASYNC_HEALTH_SPARE: 1934 dev_err(nvme->n_dip, CE_WARN, 1935 "!spare space below threshold"); 1936 /* TODO: send ereport */ 1937 atomic_inc_32(&nvme->n_spare_event); 1938 break; 1939 } 1940 break; 1941 1942 case NVME_ASYNC_TYPE_NOTICE: 1943 switch (event.b.ae_info) { 1944 case NVME_ASYNC_NOTICE_NS_CHANGE: 1945 dev_err(nvme->n_dip, CE_NOTE, 1946 "namespace attribute change event, " 1947 "logpage = %x", event.b.ae_logpage); 1948 atomic_inc_32(&nvme->n_notice_event); 1949 1950 if (event.b.ae_logpage != NVME_LOGPAGE_NSCHANGE) 1951 break; 1952 1953 if (nvme_get_logpage(nvme, B_FALSE, (void **)&nslist, 1954 &logsize, event.b.ae_logpage, -1) != 0) { 1955 break; 1956 } 1957 1958 if (nslist->nscl_ns[0] == UINT32_MAX) { 1959 dev_err(nvme->n_dip, CE_CONT, 1960 "more than %u namespaces have changed.\n", 1961 NVME_NSCHANGE_LIST_SIZE); 1962 break; 1963 } 1964 1965 for (uint_t i = 0; i < NVME_NSCHANGE_LIST_SIZE; i++) { 1966 uint32_t nsid = nslist->nscl_ns[i]; 1967 1968 if (nsid == 0) /* end of list */ 1969 break; 1970 nvme_changed_ns(nvme, nsid); 1971 } 1972 1973 break; 1974 1975 case NVME_ASYNC_NOTICE_FW_ACTIVATE: 1976 dev_err(nvme->n_dip, CE_NOTE, 1977 "firmware activation starting, " 1978 "logpage = %x", event.b.ae_logpage); 1979 atomic_inc_32(&nvme->n_notice_event); 1980 break; 1981 1982 case NVME_ASYNC_NOTICE_TELEMETRY: 1983 dev_err(nvme->n_dip, CE_NOTE, 1984 "telemetry log changed, " 1985 "logpage = %x", event.b.ae_logpage); 1986 atomic_inc_32(&nvme->n_notice_event); 1987 break; 1988 1989 case NVME_ASYNC_NOTICE_NS_ASYMM: 1990 dev_err(nvme->n_dip, CE_NOTE, 1991 "asymmetric namespace access change, " 1992 "logpage = %x", event.b.ae_logpage); 1993 atomic_inc_32(&nvme->n_notice_event); 1994 break; 1995 1996 case NVME_ASYNC_NOTICE_LATENCYLOG: 1997 dev_err(nvme->n_dip, CE_NOTE, 1998 "predictable latency event aggregate log change, " 1999 "logpage = %x", event.b.ae_logpage); 2000 atomic_inc_32(&nvme->n_notice_event); 2001 break; 2002 2003 case NVME_ASYNC_NOTICE_LBASTATUS: 2004 dev_err(nvme->n_dip, CE_NOTE, 2005 "LBA status information alert, " 2006 "logpage = %x", event.b.ae_logpage); 2007 atomic_inc_32(&nvme->n_notice_event); 2008 break; 2009 2010 case NVME_ASYNC_NOTICE_ENDURANCELOG: 2011 dev_err(nvme->n_dip, CE_NOTE, 2012 "endurance group event aggregate log page change, " 2013 "logpage = %x", event.b.ae_logpage); 2014 atomic_inc_32(&nvme->n_notice_event); 2015 break; 2016 2017 default: 2018 dev_err(nvme->n_dip, CE_WARN, 2019 "!unknown notice async event received, " 2020 "info = %x, logpage = %x", event.b.ae_info, 2021 event.b.ae_logpage); 2022 atomic_inc_32(&nvme->n_unknown_event); 2023 break; 2024 } 2025 break; 2026 2027 case NVME_ASYNC_TYPE_VENDOR: 2028 dev_err(nvme->n_dip, CE_WARN, "!vendor specific async event " 2029 "received, info = %x, logpage = %x", event.b.ae_info, 2030 event.b.ae_logpage); 2031 atomic_inc_32(&nvme->n_vendor_event); 2032 break; 2033 2034 default: 2035 dev_err(nvme->n_dip, CE_WARN, "!unknown async event received, " 2036 "type = %x, info = %x, logpage = %x", event.b.ae_type, 2037 event.b.ae_info, event.b.ae_logpage); 2038 atomic_inc_32(&nvme->n_unknown_event); 2039 break; 2040 } 2041 2042 if (error_log != NULL) 2043 kmem_free(error_log, logsize); 2044 2045 if (health_log != NULL) 2046 kmem_free(health_log, logsize); 2047 2048 if (nslist != NULL) 2049 kmem_free(nslist, logsize); 2050 } 2051 2052 static void 2053 nvme_admin_cmd(nvme_cmd_t *cmd, int sec) 2054 { 2055 mutex_enter(&cmd->nc_mutex); 2056 nvme_submit_admin_cmd(cmd->nc_nvme->n_adminq, cmd); 2057 nvme_wait_cmd(cmd, sec); 2058 mutex_exit(&cmd->nc_mutex); 2059 } 2060 2061 static void 2062 nvme_async_event(nvme_t *nvme) 2063 { 2064 nvme_cmd_t *cmd; 2065 2066 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2067 cmd->nc_sqid = 0; 2068 cmd->nc_sqe.sqe_opc = NVME_OPC_ASYNC_EVENT; 2069 cmd->nc_callback = nvme_async_event_task; 2070 cmd->nc_dontpanic = B_TRUE; 2071 2072 nvme_submit_admin_cmd(nvme->n_adminq, cmd); 2073 } 2074 2075 static int 2076 nvme_format_nvm(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t lbaf, 2077 boolean_t ms, uint8_t pi, boolean_t pil, uint8_t ses) 2078 { 2079 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2080 nvme_format_nvm_t format_nvm = { 0 }; 2081 int ret; 2082 2083 format_nvm.b.fm_lbaf = lbaf & 0xf; 2084 format_nvm.b.fm_ms = ms ? 1 : 0; 2085 format_nvm.b.fm_pi = pi & 0x7; 2086 format_nvm.b.fm_pil = pil ? 1 : 0; 2087 format_nvm.b.fm_ses = ses & 0x7; 2088 2089 cmd->nc_sqid = 0; 2090 cmd->nc_callback = nvme_wakeup_cmd; 2091 cmd->nc_sqe.sqe_nsid = nsid; 2092 cmd->nc_sqe.sqe_opc = NVME_OPC_NVM_FORMAT; 2093 cmd->nc_sqe.sqe_cdw10 = format_nvm.r; 2094 2095 /* 2096 * Some devices like Samsung SM951 don't allow formatting of all 2097 * namespaces in one command. Handle that gracefully. 2098 */ 2099 if (nsid == (uint32_t)-1) 2100 cmd->nc_dontpanic = B_TRUE; 2101 /* 2102 * If this format request was initiated by the user, then don't allow a 2103 * programmer error to panic the system. 2104 */ 2105 if (user) 2106 cmd->nc_dontpanic = B_TRUE; 2107 2108 nvme_admin_cmd(cmd, nvme_format_cmd_timeout); 2109 2110 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2111 dev_err(nvme->n_dip, CE_WARN, 2112 "!FORMAT failed with sct = %x, sc = %x", 2113 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2114 } 2115 2116 nvme_free_cmd(cmd); 2117 return (ret); 2118 } 2119 2120 /* 2121 * The `bufsize` parameter is usually an output parameter, set by this routine 2122 * when filling in the supported types of logpages from the device. However, for 2123 * vendor-specific pages, it is an input parameter, and must be set 2124 * appropriately by callers. 2125 */ 2126 static int 2127 nvme_get_logpage(nvme_t *nvme, boolean_t user, void **buf, size_t *bufsize, 2128 uint8_t logpage, ...) 2129 { 2130 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2131 nvme_getlogpage_t getlogpage = { 0 }; 2132 va_list ap; 2133 int ret; 2134 2135 va_start(ap, logpage); 2136 2137 cmd->nc_sqid = 0; 2138 cmd->nc_callback = nvme_wakeup_cmd; 2139 cmd->nc_sqe.sqe_opc = NVME_OPC_GET_LOG_PAGE; 2140 2141 if (user) 2142 cmd->nc_dontpanic = B_TRUE; 2143 2144 getlogpage.b.lp_lid = logpage; 2145 2146 switch (logpage) { 2147 case NVME_LOGPAGE_ERROR: 2148 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 2149 *bufsize = MIN(NVME_VENDOR_SPECIFIC_LOGPAGE_MAX_SIZE, 2150 nvme->n_error_log_len * sizeof (nvme_error_log_entry_t)); 2151 break; 2152 2153 case NVME_LOGPAGE_HEALTH: 2154 cmd->nc_sqe.sqe_nsid = va_arg(ap, uint32_t); 2155 *bufsize = sizeof (nvme_health_log_t); 2156 break; 2157 2158 case NVME_LOGPAGE_FWSLOT: 2159 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 2160 *bufsize = sizeof (nvme_fwslot_log_t); 2161 break; 2162 2163 case NVME_LOGPAGE_NSCHANGE: 2164 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 2165 *bufsize = sizeof (nvme_nschange_list_t); 2166 break; 2167 2168 default: 2169 /* 2170 * This intentionally only checks against the minimum valid 2171 * log page ID. `logpage` is a uint8_t, and `0xFF` is a valid 2172 * page ID, so this one-sided check avoids a compiler error 2173 * about a check that's always true. 2174 */ 2175 if (logpage < NVME_VENDOR_SPECIFIC_LOGPAGE_MIN) { 2176 dev_err(nvme->n_dip, CE_WARN, 2177 "!unknown log page requested: %d", logpage); 2178 atomic_inc_32(&nvme->n_unknown_logpage); 2179 ret = EINVAL; 2180 goto fail; 2181 } 2182 cmd->nc_sqe.sqe_nsid = va_arg(ap, uint32_t); 2183 } 2184 2185 va_end(ap); 2186 2187 getlogpage.b.lp_numd = *bufsize / sizeof (uint32_t) - 1; 2188 2189 cmd->nc_sqe.sqe_cdw10 = getlogpage.r; 2190 2191 if (nvme_zalloc_dma(nvme, *bufsize, 2192 DDI_DMA_READ, &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2193 dev_err(nvme->n_dip, CE_WARN, 2194 "!nvme_zalloc_dma failed for GET LOG PAGE"); 2195 ret = ENOMEM; 2196 goto fail; 2197 } 2198 2199 if ((ret = nvme_fill_prp(cmd, cmd->nc_dma->nd_dmah)) != 0) 2200 goto fail; 2201 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2202 2203 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2204 dev_err(nvme->n_dip, CE_WARN, 2205 "!GET LOG PAGE failed with sct = %x, sc = %x", 2206 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2207 goto fail; 2208 } 2209 2210 *buf = kmem_alloc(*bufsize, KM_SLEEP); 2211 bcopy(cmd->nc_dma->nd_memp, *buf, *bufsize); 2212 2213 fail: 2214 nvme_free_cmd(cmd); 2215 2216 return (ret); 2217 } 2218 2219 static int 2220 nvme_identify(nvme_t *nvme, boolean_t user, uint32_t nsid, void **buf) 2221 { 2222 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2223 int ret; 2224 2225 if (buf == NULL) 2226 return (EINVAL); 2227 2228 cmd->nc_sqid = 0; 2229 cmd->nc_callback = nvme_wakeup_cmd; 2230 cmd->nc_sqe.sqe_opc = NVME_OPC_IDENTIFY; 2231 cmd->nc_sqe.sqe_nsid = nsid; 2232 cmd->nc_sqe.sqe_cdw10 = nsid ? NVME_IDENTIFY_NSID : NVME_IDENTIFY_CTRL; 2233 2234 if (nvme_zalloc_dma(nvme, NVME_IDENTIFY_BUFSIZE, DDI_DMA_READ, 2235 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2236 dev_err(nvme->n_dip, CE_WARN, 2237 "!nvme_zalloc_dma failed for IDENTIFY"); 2238 ret = ENOMEM; 2239 goto fail; 2240 } 2241 2242 if (cmd->nc_dma->nd_ncookie > 2) { 2243 dev_err(nvme->n_dip, CE_WARN, 2244 "!too many DMA cookies for IDENTIFY"); 2245 atomic_inc_32(&nvme->n_too_many_cookies); 2246 ret = ENOMEM; 2247 goto fail; 2248 } 2249 2250 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 2251 if (cmd->nc_dma->nd_ncookie > 1) { 2252 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2253 &cmd->nc_dma->nd_cookie); 2254 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2255 cmd->nc_dma->nd_cookie.dmac_laddress; 2256 } 2257 2258 if (user) 2259 cmd->nc_dontpanic = B_TRUE; 2260 2261 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2262 2263 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2264 dev_err(nvme->n_dip, CE_WARN, 2265 "!IDENTIFY failed with sct = %x, sc = %x", 2266 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2267 goto fail; 2268 } 2269 2270 *buf = kmem_alloc(NVME_IDENTIFY_BUFSIZE, KM_SLEEP); 2271 bcopy(cmd->nc_dma->nd_memp, *buf, NVME_IDENTIFY_BUFSIZE); 2272 2273 fail: 2274 nvme_free_cmd(cmd); 2275 2276 return (ret); 2277 } 2278 2279 static int 2280 nvme_set_features(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t feature, 2281 uint32_t val, uint32_t *res) 2282 { 2283 _NOTE(ARGUNUSED(nsid)); 2284 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2285 int ret = EINVAL; 2286 2287 ASSERT(res != NULL); 2288 2289 cmd->nc_sqid = 0; 2290 cmd->nc_callback = nvme_wakeup_cmd; 2291 cmd->nc_sqe.sqe_opc = NVME_OPC_SET_FEATURES; 2292 cmd->nc_sqe.sqe_cdw10 = feature; 2293 cmd->nc_sqe.sqe_cdw11 = val; 2294 2295 if (user) 2296 cmd->nc_dontpanic = B_TRUE; 2297 2298 switch (feature) { 2299 case NVME_FEAT_WRITE_CACHE: 2300 if (!nvme->n_write_cache_present) 2301 goto fail; 2302 break; 2303 2304 case NVME_FEAT_NQUEUES: 2305 break; 2306 2307 default: 2308 goto fail; 2309 } 2310 2311 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2312 2313 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2314 dev_err(nvme->n_dip, CE_WARN, 2315 "!SET FEATURES %d failed with sct = %x, sc = %x", 2316 feature, cmd->nc_cqe.cqe_sf.sf_sct, 2317 cmd->nc_cqe.cqe_sf.sf_sc); 2318 goto fail; 2319 } 2320 2321 *res = cmd->nc_cqe.cqe_dw0; 2322 2323 fail: 2324 nvme_free_cmd(cmd); 2325 return (ret); 2326 } 2327 2328 static int 2329 nvme_get_features(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t feature, 2330 uint32_t *res, void **buf, size_t *bufsize) 2331 { 2332 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2333 int ret = EINVAL; 2334 2335 ASSERT(res != NULL); 2336 2337 if (bufsize != NULL) 2338 *bufsize = 0; 2339 2340 cmd->nc_sqid = 0; 2341 cmd->nc_callback = nvme_wakeup_cmd; 2342 cmd->nc_sqe.sqe_opc = NVME_OPC_GET_FEATURES; 2343 cmd->nc_sqe.sqe_cdw10 = feature; 2344 cmd->nc_sqe.sqe_cdw11 = *res; 2345 2346 /* 2347 * For some of the optional features there doesn't seem to be a method 2348 * of detecting whether it is supported other than using it. This will 2349 * cause "Invalid Field in Command" error, which is normally considered 2350 * a programming error. Set the nc_dontpanic flag to override the panic 2351 * in nvme_check_generic_cmd_status(). 2352 */ 2353 switch (feature) { 2354 case NVME_FEAT_ARBITRATION: 2355 case NVME_FEAT_POWER_MGMT: 2356 case NVME_FEAT_TEMPERATURE: 2357 case NVME_FEAT_ERROR: 2358 case NVME_FEAT_NQUEUES: 2359 case NVME_FEAT_INTR_COAL: 2360 case NVME_FEAT_INTR_VECT: 2361 case NVME_FEAT_WRITE_ATOM: 2362 case NVME_FEAT_ASYNC_EVENT: 2363 break; 2364 2365 case NVME_FEAT_WRITE_CACHE: 2366 if (!nvme->n_write_cache_present) 2367 goto fail; 2368 break; 2369 2370 case NVME_FEAT_LBA_RANGE: 2371 if (!nvme->n_lba_range_supported) 2372 goto fail; 2373 2374 cmd->nc_dontpanic = B_TRUE; 2375 cmd->nc_sqe.sqe_nsid = nsid; 2376 ASSERT(bufsize != NULL); 2377 *bufsize = NVME_LBA_RANGE_BUFSIZE; 2378 break; 2379 2380 case NVME_FEAT_AUTO_PST: 2381 if (!nvme->n_auto_pst_supported) 2382 goto fail; 2383 2384 ASSERT(bufsize != NULL); 2385 *bufsize = NVME_AUTO_PST_BUFSIZE; 2386 break; 2387 2388 case NVME_FEAT_PROGRESS: 2389 if (!nvme->n_progress_supported) 2390 goto fail; 2391 2392 cmd->nc_dontpanic = B_TRUE; 2393 break; 2394 2395 default: 2396 goto fail; 2397 } 2398 2399 if (user) 2400 cmd->nc_dontpanic = B_TRUE; 2401 2402 if (bufsize != NULL && *bufsize != 0) { 2403 if (nvme_zalloc_dma(nvme, *bufsize, DDI_DMA_READ, 2404 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2405 dev_err(nvme->n_dip, CE_WARN, 2406 "!nvme_zalloc_dma failed for GET FEATURES"); 2407 ret = ENOMEM; 2408 goto fail; 2409 } 2410 2411 if (cmd->nc_dma->nd_ncookie > 2) { 2412 dev_err(nvme->n_dip, CE_WARN, 2413 "!too many DMA cookies for GET FEATURES"); 2414 atomic_inc_32(&nvme->n_too_many_cookies); 2415 ret = ENOMEM; 2416 goto fail; 2417 } 2418 2419 cmd->nc_sqe.sqe_dptr.d_prp[0] = 2420 cmd->nc_dma->nd_cookie.dmac_laddress; 2421 if (cmd->nc_dma->nd_ncookie > 1) { 2422 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2423 &cmd->nc_dma->nd_cookie); 2424 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2425 cmd->nc_dma->nd_cookie.dmac_laddress; 2426 } 2427 } 2428 2429 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2430 2431 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2432 boolean_t known = B_TRUE; 2433 2434 /* Check if this is unsupported optional feature */ 2435 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 2436 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INV_FLD) { 2437 switch (feature) { 2438 case NVME_FEAT_LBA_RANGE: 2439 nvme->n_lba_range_supported = B_FALSE; 2440 break; 2441 case NVME_FEAT_PROGRESS: 2442 nvme->n_progress_supported = B_FALSE; 2443 break; 2444 default: 2445 known = B_FALSE; 2446 break; 2447 } 2448 } else { 2449 known = B_FALSE; 2450 } 2451 2452 /* Report the error otherwise */ 2453 if (!known) { 2454 dev_err(nvme->n_dip, CE_WARN, 2455 "!GET FEATURES %d failed with sct = %x, sc = %x", 2456 feature, cmd->nc_cqe.cqe_sf.sf_sct, 2457 cmd->nc_cqe.cqe_sf.sf_sc); 2458 } 2459 2460 goto fail; 2461 } 2462 2463 if (bufsize != NULL && *bufsize != 0) { 2464 ASSERT(buf != NULL); 2465 *buf = kmem_alloc(*bufsize, KM_SLEEP); 2466 bcopy(cmd->nc_dma->nd_memp, *buf, *bufsize); 2467 } 2468 2469 *res = cmd->nc_cqe.cqe_dw0; 2470 2471 fail: 2472 nvme_free_cmd(cmd); 2473 return (ret); 2474 } 2475 2476 static int 2477 nvme_write_cache_set(nvme_t *nvme, boolean_t enable) 2478 { 2479 nvme_write_cache_t nwc = { 0 }; 2480 2481 if (enable) 2482 nwc.b.wc_wce = 1; 2483 2484 return (nvme_set_features(nvme, B_FALSE, 0, NVME_FEAT_WRITE_CACHE, 2485 nwc.r, &nwc.r)); 2486 } 2487 2488 static int 2489 nvme_set_nqueues(nvme_t *nvme) 2490 { 2491 nvme_nqueues_t nq = { 0 }; 2492 int ret; 2493 2494 /* 2495 * The default is to allocate one completion queue per vector. 2496 */ 2497 if (nvme->n_completion_queues == -1) 2498 nvme->n_completion_queues = nvme->n_intr_cnt; 2499 2500 /* 2501 * There is no point in having more completion queues than 2502 * interrupt vectors. 2503 */ 2504 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2505 nvme->n_intr_cnt); 2506 2507 /* 2508 * The default is to use one submission queue per completion queue. 2509 */ 2510 if (nvme->n_submission_queues == -1) 2511 nvme->n_submission_queues = nvme->n_completion_queues; 2512 2513 /* 2514 * There is no point in having more compeletion queues than 2515 * submission queues. 2516 */ 2517 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2518 nvme->n_submission_queues); 2519 2520 ASSERT(nvme->n_submission_queues > 0); 2521 ASSERT(nvme->n_completion_queues > 0); 2522 2523 nq.b.nq_nsq = nvme->n_submission_queues - 1; 2524 nq.b.nq_ncq = nvme->n_completion_queues - 1; 2525 2526 ret = nvme_set_features(nvme, B_FALSE, 0, NVME_FEAT_NQUEUES, nq.r, 2527 &nq.r); 2528 2529 if (ret == 0) { 2530 /* 2531 * Never use more than the requested number of queues. 2532 */ 2533 nvme->n_submission_queues = MIN(nvme->n_submission_queues, 2534 nq.b.nq_nsq + 1); 2535 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2536 nq.b.nq_ncq + 1); 2537 } 2538 2539 return (ret); 2540 } 2541 2542 static int 2543 nvme_create_completion_queue(nvme_t *nvme, nvme_cq_t *cq) 2544 { 2545 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2546 nvme_create_queue_dw10_t dw10 = { 0 }; 2547 nvme_create_cq_dw11_t c_dw11 = { 0 }; 2548 int ret; 2549 2550 dw10.b.q_qid = cq->ncq_id; 2551 dw10.b.q_qsize = cq->ncq_nentry - 1; 2552 2553 c_dw11.b.cq_pc = 1; 2554 c_dw11.b.cq_ien = 1; 2555 c_dw11.b.cq_iv = cq->ncq_id % nvme->n_intr_cnt; 2556 2557 cmd->nc_sqid = 0; 2558 cmd->nc_callback = nvme_wakeup_cmd; 2559 cmd->nc_sqe.sqe_opc = NVME_OPC_CREATE_CQUEUE; 2560 cmd->nc_sqe.sqe_cdw10 = dw10.r; 2561 cmd->nc_sqe.sqe_cdw11 = c_dw11.r; 2562 cmd->nc_sqe.sqe_dptr.d_prp[0] = cq->ncq_dma->nd_cookie.dmac_laddress; 2563 2564 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2565 2566 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2567 dev_err(nvme->n_dip, CE_WARN, 2568 "!CREATE CQUEUE failed with sct = %x, sc = %x", 2569 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2570 } 2571 2572 nvme_free_cmd(cmd); 2573 2574 return (ret); 2575 } 2576 2577 static int 2578 nvme_create_io_qpair(nvme_t *nvme, nvme_qpair_t *qp, uint16_t idx) 2579 { 2580 nvme_cq_t *cq = qp->nq_cq; 2581 nvme_cmd_t *cmd; 2582 nvme_create_queue_dw10_t dw10 = { 0 }; 2583 nvme_create_sq_dw11_t s_dw11 = { 0 }; 2584 int ret; 2585 2586 /* 2587 * It is possible to have more qpairs than completion queues, 2588 * and when the idx > ncq_id, that completion queue is shared 2589 * and has already been created. 2590 */ 2591 if (idx <= cq->ncq_id && 2592 nvme_create_completion_queue(nvme, cq) != DDI_SUCCESS) 2593 return (DDI_FAILURE); 2594 2595 dw10.b.q_qid = idx; 2596 dw10.b.q_qsize = qp->nq_nentry - 1; 2597 2598 s_dw11.b.sq_pc = 1; 2599 s_dw11.b.sq_cqid = cq->ncq_id; 2600 2601 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2602 cmd->nc_sqid = 0; 2603 cmd->nc_callback = nvme_wakeup_cmd; 2604 cmd->nc_sqe.sqe_opc = NVME_OPC_CREATE_SQUEUE; 2605 cmd->nc_sqe.sqe_cdw10 = dw10.r; 2606 cmd->nc_sqe.sqe_cdw11 = s_dw11.r; 2607 cmd->nc_sqe.sqe_dptr.d_prp[0] = qp->nq_sqdma->nd_cookie.dmac_laddress; 2608 2609 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2610 2611 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2612 dev_err(nvme->n_dip, CE_WARN, 2613 "!CREATE SQUEUE failed with sct = %x, sc = %x", 2614 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2615 } 2616 2617 nvme_free_cmd(cmd); 2618 2619 return (ret); 2620 } 2621 2622 static boolean_t 2623 nvme_reset(nvme_t *nvme, boolean_t quiesce) 2624 { 2625 nvme_reg_csts_t csts; 2626 int i; 2627 2628 nvme_put32(nvme, NVME_REG_CC, 0); 2629 2630 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2631 if (csts.b.csts_rdy == 1) { 2632 nvme_put32(nvme, NVME_REG_CC, 0); 2633 for (i = 0; i != nvme->n_timeout * 10; i++) { 2634 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2635 if (csts.b.csts_rdy == 0) 2636 break; 2637 2638 if (quiesce) 2639 drv_usecwait(50000); 2640 else 2641 delay(drv_usectohz(50000)); 2642 } 2643 } 2644 2645 nvme_put32(nvme, NVME_REG_AQA, 0); 2646 nvme_put32(nvme, NVME_REG_ASQ, 0); 2647 nvme_put32(nvme, NVME_REG_ACQ, 0); 2648 2649 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2650 return (csts.b.csts_rdy == 0 ? B_TRUE : B_FALSE); 2651 } 2652 2653 static void 2654 nvme_shutdown(nvme_t *nvme, int mode, boolean_t quiesce) 2655 { 2656 nvme_reg_cc_t cc; 2657 nvme_reg_csts_t csts; 2658 int i; 2659 2660 ASSERT(mode == NVME_CC_SHN_NORMAL || mode == NVME_CC_SHN_ABRUPT); 2661 2662 cc.r = nvme_get32(nvme, NVME_REG_CC); 2663 cc.b.cc_shn = mode & 0x3; 2664 nvme_put32(nvme, NVME_REG_CC, cc.r); 2665 2666 for (i = 0; i != 10; i++) { 2667 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2668 if (csts.b.csts_shst == NVME_CSTS_SHN_COMPLETE) 2669 break; 2670 2671 if (quiesce) 2672 drv_usecwait(100000); 2673 else 2674 delay(drv_usectohz(100000)); 2675 } 2676 } 2677 2678 2679 static void 2680 nvme_prepare_devid(nvme_t *nvme, uint32_t nsid) 2681 { 2682 /* 2683 * Section 7.7 of the spec describes how to get a unique ID for 2684 * the controller: the vendor ID, the model name and the serial 2685 * number shall be unique when combined. 2686 * 2687 * If a namespace has no EUI64 we use the above and add the hex 2688 * namespace ID to get a unique ID for the namespace. 2689 */ 2690 char model[sizeof (nvme->n_idctl->id_model) + 1]; 2691 char serial[sizeof (nvme->n_idctl->id_serial) + 1]; 2692 2693 bcopy(nvme->n_idctl->id_model, model, sizeof (nvme->n_idctl->id_model)); 2694 bcopy(nvme->n_idctl->id_serial, serial, 2695 sizeof (nvme->n_idctl->id_serial)); 2696 2697 model[sizeof (nvme->n_idctl->id_model)] = '\0'; 2698 serial[sizeof (nvme->n_idctl->id_serial)] = '\0'; 2699 2700 nvme->n_ns[nsid - 1].ns_devid = kmem_asprintf("%4X-%s-%s-%X", 2701 nvme->n_idctl->id_vid, model, serial, nsid); 2702 } 2703 2704 static void 2705 nvme_changed_ns(nvme_t *nvme, int nsid) 2706 { 2707 nvme_namespace_t *ns = &nvme->n_ns[nsid - 1]; 2708 nvme_identify_nsid_t *idns, *oidns; 2709 2710 dev_err(nvme->n_dip, CE_NOTE, "!namespace %u (%s) has changed.", 2711 nsid, ns->ns_name); 2712 2713 if (ns->ns_ignore) 2714 return; 2715 2716 /* 2717 * The namespace has changed in some way. At present, we only update 2718 * the device capacity and trigger blkdev to check the device state. 2719 */ 2720 2721 if (nvme_identify(nvme, B_FALSE, nsid, (void **)&idns) != 0) { 2722 dev_err(nvme->n_dip, CE_WARN, 2723 "!failed to identify namespace %d", nsid); 2724 return; 2725 } 2726 2727 oidns = ns->ns_idns; 2728 ns->ns_idns = idns; 2729 kmem_free(oidns, sizeof (nvme_identify_nsid_t)); 2730 2731 ns->ns_block_count = idns->id_nsize; 2732 ns->ns_block_size = 2733 1 << idns->id_lbaf[idns->id_flbas.lba_format].lbaf_lbads; 2734 ns->ns_best_block_size = ns->ns_block_size; 2735 2736 bd_state_change(ns->ns_bd_hdl); 2737 } 2738 2739 static int 2740 nvme_init_ns(nvme_t *nvme, int nsid) 2741 { 2742 nvme_namespace_t *ns = &nvme->n_ns[nsid - 1]; 2743 nvme_identify_nsid_t *idns; 2744 boolean_t was_ignored; 2745 int last_rp; 2746 2747 ns->ns_nvme = nvme; 2748 2749 if (nvme_identify(nvme, B_FALSE, nsid, (void **)&idns) != 0) { 2750 dev_err(nvme->n_dip, CE_WARN, 2751 "!failed to identify namespace %d", nsid); 2752 return (DDI_FAILURE); 2753 } 2754 2755 ns->ns_idns = idns; 2756 ns->ns_id = nsid; 2757 ns->ns_block_count = idns->id_nsize; 2758 ns->ns_block_size = 2759 1 << idns->id_lbaf[idns->id_flbas.lba_format].lbaf_lbads; 2760 ns->ns_best_block_size = ns->ns_block_size; 2761 2762 /* 2763 * Get the EUI64 if present. Use it for devid and device node names. 2764 */ 2765 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 1)) 2766 bcopy(idns->id_eui64, ns->ns_eui64, sizeof (ns->ns_eui64)); 2767 2768 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 2769 if (*(uint64_t *)ns->ns_eui64 != 0) { 2770 uint8_t *eui64 = ns->ns_eui64; 2771 2772 (void) snprintf(ns->ns_name, sizeof (ns->ns_name), 2773 "%02x%02x%02x%02x%02x%02x%02x%02x", 2774 eui64[0], eui64[1], eui64[2], eui64[3], 2775 eui64[4], eui64[5], eui64[6], eui64[7]); 2776 } else { 2777 (void) snprintf(ns->ns_name, sizeof (ns->ns_name), "%d", 2778 ns->ns_id); 2779 2780 nvme_prepare_devid(nvme, ns->ns_id); 2781 } 2782 2783 /* 2784 * Find the LBA format with no metadata and the best relative 2785 * performance. A value of 3 means "degraded", 0 is best. 2786 */ 2787 last_rp = 3; 2788 for (int j = 0; j <= idns->id_nlbaf; j++) { 2789 if (idns->id_lbaf[j].lbaf_lbads == 0) 2790 break; 2791 if (idns->id_lbaf[j].lbaf_ms != 0) 2792 continue; 2793 if (idns->id_lbaf[j].lbaf_rp >= last_rp) 2794 continue; 2795 last_rp = idns->id_lbaf[j].lbaf_rp; 2796 ns->ns_best_block_size = 2797 1 << idns->id_lbaf[j].lbaf_lbads; 2798 } 2799 2800 if (ns->ns_best_block_size < nvme->n_min_block_size) 2801 ns->ns_best_block_size = nvme->n_min_block_size; 2802 2803 was_ignored = ns->ns_ignore; 2804 2805 /* 2806 * We currently don't support namespaces that use either: 2807 * - protection information 2808 * - illegal block size (< 512) 2809 */ 2810 if (idns->id_dps.dp_pinfo) { 2811 dev_err(nvme->n_dip, CE_WARN, 2812 "!ignoring namespace %d, unsupported feature: " 2813 "pinfo = %d", nsid, idns->id_dps.dp_pinfo); 2814 ns->ns_ignore = B_TRUE; 2815 } else if (ns->ns_block_size < 512) { 2816 dev_err(nvme->n_dip, CE_WARN, 2817 "!ignoring namespace %d, unsupported block size %"PRIu64, 2818 nsid, (uint64_t)ns->ns_block_size); 2819 ns->ns_ignore = B_TRUE; 2820 } else { 2821 ns->ns_ignore = B_FALSE; 2822 } 2823 2824 /* 2825 * Keep a count of namespaces which are attachable. 2826 * See comments in nvme_bd_driveinfo() to understand its effect. 2827 */ 2828 if (was_ignored) { 2829 /* 2830 * Previously ignored, but now not. Count it. 2831 */ 2832 if (!ns->ns_ignore) 2833 nvme->n_namespaces_attachable++; 2834 } else { 2835 /* 2836 * Wasn't ignored previously, but now needs to be. 2837 * Discount it. 2838 */ 2839 if (ns->ns_ignore) 2840 nvme->n_namespaces_attachable--; 2841 } 2842 2843 return (DDI_SUCCESS); 2844 } 2845 2846 static int 2847 nvme_init(nvme_t *nvme) 2848 { 2849 nvme_reg_cc_t cc = { 0 }; 2850 nvme_reg_aqa_t aqa = { 0 }; 2851 nvme_reg_asq_t asq = { 0 }; 2852 nvme_reg_acq_t acq = { 0 }; 2853 nvme_reg_cap_t cap; 2854 nvme_reg_vs_t vs; 2855 nvme_reg_csts_t csts; 2856 int i = 0; 2857 uint16_t nqueues; 2858 uint_t tq_threads; 2859 char model[sizeof (nvme->n_idctl->id_model) + 1]; 2860 char *vendor, *product; 2861 2862 /* Check controller version */ 2863 vs.r = nvme_get32(nvme, NVME_REG_VS); 2864 nvme->n_version.v_major = vs.b.vs_mjr; 2865 nvme->n_version.v_minor = vs.b.vs_mnr; 2866 dev_err(nvme->n_dip, CE_CONT, "?NVMe spec version %d.%d", 2867 nvme->n_version.v_major, nvme->n_version.v_minor); 2868 2869 if (nvme->n_version.v_major > nvme_version_major) { 2870 dev_err(nvme->n_dip, CE_WARN, "!no support for version > %d.x", 2871 nvme_version_major); 2872 if (nvme->n_strict_version) 2873 goto fail; 2874 } 2875 2876 /* retrieve controller configuration */ 2877 cap.r = nvme_get64(nvme, NVME_REG_CAP); 2878 2879 if ((cap.b.cap_css & NVME_CAP_CSS_NVM) == 0) { 2880 dev_err(nvme->n_dip, CE_WARN, 2881 "!NVM command set not supported by hardware"); 2882 goto fail; 2883 } 2884 2885 nvme->n_nssr_supported = cap.b.cap_nssrs; 2886 nvme->n_doorbell_stride = 4 << cap.b.cap_dstrd; 2887 nvme->n_timeout = cap.b.cap_to; 2888 nvme->n_arbitration_mechanisms = cap.b.cap_ams; 2889 nvme->n_cont_queues_reqd = cap.b.cap_cqr; 2890 nvme->n_max_queue_entries = cap.b.cap_mqes + 1; 2891 2892 /* 2893 * The MPSMIN and MPSMAX fields in the CAP register use 0 to specify 2894 * the base page size of 4k (1<<12), so add 12 here to get the real 2895 * page size value. 2896 */ 2897 nvme->n_pageshift = MIN(MAX(cap.b.cap_mpsmin + 12, PAGESHIFT), 2898 cap.b.cap_mpsmax + 12); 2899 nvme->n_pagesize = 1UL << (nvme->n_pageshift); 2900 2901 /* 2902 * Set up Queue DMA to transfer at least 1 page-aligned page at a time. 2903 */ 2904 nvme->n_queue_dma_attr.dma_attr_align = nvme->n_pagesize; 2905 nvme->n_queue_dma_attr.dma_attr_minxfer = nvme->n_pagesize; 2906 2907 /* 2908 * Set up PRP DMA to transfer 1 page-aligned page at a time. 2909 * Maxxfer may be increased after we identified the controller limits. 2910 */ 2911 nvme->n_prp_dma_attr.dma_attr_maxxfer = nvme->n_pagesize; 2912 nvme->n_prp_dma_attr.dma_attr_minxfer = nvme->n_pagesize; 2913 nvme->n_prp_dma_attr.dma_attr_align = nvme->n_pagesize; 2914 nvme->n_prp_dma_attr.dma_attr_seg = nvme->n_pagesize - 1; 2915 2916 /* 2917 * Reset controller if it's still in ready state. 2918 */ 2919 if (nvme_reset(nvme, B_FALSE) == B_FALSE) { 2920 dev_err(nvme->n_dip, CE_WARN, "!unable to reset controller"); 2921 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 2922 nvme->n_dead = B_TRUE; 2923 goto fail; 2924 } 2925 2926 /* 2927 * Create the cq array with one completion queue to be assigned 2928 * to the admin queue pair and a limited number of taskqs (4). 2929 */ 2930 if (nvme_create_cq_array(nvme, 1, nvme->n_admin_queue_len, 4) != 2931 DDI_SUCCESS) { 2932 dev_err(nvme->n_dip, CE_WARN, 2933 "!failed to pre-allocate admin completion queue"); 2934 goto fail; 2935 } 2936 /* 2937 * Create the admin queue pair. 2938 */ 2939 if (nvme_alloc_qpair(nvme, nvme->n_admin_queue_len, &nvme->n_adminq, 0) 2940 != DDI_SUCCESS) { 2941 dev_err(nvme->n_dip, CE_WARN, 2942 "!unable to allocate admin qpair"); 2943 goto fail; 2944 } 2945 nvme->n_ioq = kmem_alloc(sizeof (nvme_qpair_t *), KM_SLEEP); 2946 nvme->n_ioq[0] = nvme->n_adminq; 2947 2948 nvme->n_progress |= NVME_ADMIN_QUEUE; 2949 2950 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2951 "admin-queue-len", nvme->n_admin_queue_len); 2952 2953 aqa.b.aqa_asqs = aqa.b.aqa_acqs = nvme->n_admin_queue_len - 1; 2954 asq = nvme->n_adminq->nq_sqdma->nd_cookie.dmac_laddress; 2955 acq = nvme->n_adminq->nq_cq->ncq_dma->nd_cookie.dmac_laddress; 2956 2957 ASSERT((asq & (nvme->n_pagesize - 1)) == 0); 2958 ASSERT((acq & (nvme->n_pagesize - 1)) == 0); 2959 2960 nvme_put32(nvme, NVME_REG_AQA, aqa.r); 2961 nvme_put64(nvme, NVME_REG_ASQ, asq); 2962 nvme_put64(nvme, NVME_REG_ACQ, acq); 2963 2964 cc.b.cc_ams = 0; /* use Round-Robin arbitration */ 2965 cc.b.cc_css = 0; /* use NVM command set */ 2966 cc.b.cc_mps = nvme->n_pageshift - 12; 2967 cc.b.cc_shn = 0; /* no shutdown in progress */ 2968 cc.b.cc_en = 1; /* enable controller */ 2969 cc.b.cc_iosqes = 6; /* submission queue entry is 2^6 bytes long */ 2970 cc.b.cc_iocqes = 4; /* completion queue entry is 2^4 bytes long */ 2971 2972 nvme_put32(nvme, NVME_REG_CC, cc.r); 2973 2974 /* 2975 * Wait for the controller to become ready. 2976 */ 2977 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2978 if (csts.b.csts_rdy == 0) { 2979 for (i = 0; i != nvme->n_timeout * 10; i++) { 2980 delay(drv_usectohz(50000)); 2981 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2982 2983 if (csts.b.csts_cfs == 1) { 2984 dev_err(nvme->n_dip, CE_WARN, 2985 "!controller fatal status at init"); 2986 ddi_fm_service_impact(nvme->n_dip, 2987 DDI_SERVICE_LOST); 2988 nvme->n_dead = B_TRUE; 2989 goto fail; 2990 } 2991 2992 if (csts.b.csts_rdy == 1) 2993 break; 2994 } 2995 } 2996 2997 if (csts.b.csts_rdy == 0) { 2998 dev_err(nvme->n_dip, CE_WARN, "!controller not ready"); 2999 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 3000 nvme->n_dead = B_TRUE; 3001 goto fail; 3002 } 3003 3004 /* 3005 * Assume an abort command limit of 1. We'll destroy and re-init 3006 * that later when we know the true abort command limit. 3007 */ 3008 sema_init(&nvme->n_abort_sema, 1, NULL, SEMA_DRIVER, NULL); 3009 3010 /* 3011 * Set up initial interrupt for admin queue. 3012 */ 3013 if ((nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSIX, 1) 3014 != DDI_SUCCESS) && 3015 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSI, 1) 3016 != DDI_SUCCESS) && 3017 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_FIXED, 1) 3018 != DDI_SUCCESS)) { 3019 dev_err(nvme->n_dip, CE_WARN, 3020 "!failed to setup initial interrupt"); 3021 goto fail; 3022 } 3023 3024 /* 3025 * Post an asynchronous event command to catch errors. 3026 * We assume the asynchronous events are supported as required by 3027 * specification (Figure 40 in section 5 of NVMe 1.2). 3028 * However, since at least qemu does not follow the specification, 3029 * we need a mechanism to protect ourselves. 3030 */ 3031 nvme->n_async_event_supported = B_TRUE; 3032 nvme_async_event(nvme); 3033 3034 /* 3035 * Identify Controller 3036 */ 3037 if (nvme_identify(nvme, B_FALSE, 0, (void **)&nvme->n_idctl) != 0) { 3038 dev_err(nvme->n_dip, CE_WARN, 3039 "!failed to identify controller"); 3040 goto fail; 3041 } 3042 3043 /* 3044 * Get Vendor & Product ID 3045 */ 3046 bcopy(nvme->n_idctl->id_model, model, sizeof (nvme->n_idctl->id_model)); 3047 model[sizeof (nvme->n_idctl->id_model)] = '\0'; 3048 sata_split_model(model, &vendor, &product); 3049 3050 if (vendor == NULL) 3051 nvme->n_vendor = strdup("NVMe"); 3052 else 3053 nvme->n_vendor = strdup(vendor); 3054 3055 nvme->n_product = strdup(product); 3056 3057 /* 3058 * Get controller limits. 3059 */ 3060 nvme->n_async_event_limit = MAX(NVME_MIN_ASYNC_EVENT_LIMIT, 3061 MIN(nvme->n_admin_queue_len / 10, 3062 MIN(nvme->n_idctl->id_aerl + 1, nvme->n_async_event_limit))); 3063 3064 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 3065 "async-event-limit", nvme->n_async_event_limit); 3066 3067 nvme->n_abort_command_limit = nvme->n_idctl->id_acl + 1; 3068 3069 /* 3070 * Reinitialize the semaphore with the true abort command limit 3071 * supported by the hardware. It's not necessary to disable interrupts 3072 * as only command aborts use the semaphore, and no commands are 3073 * executed or aborted while we're here. 3074 */ 3075 sema_destroy(&nvme->n_abort_sema); 3076 sema_init(&nvme->n_abort_sema, nvme->n_abort_command_limit - 1, NULL, 3077 SEMA_DRIVER, NULL); 3078 3079 nvme->n_progress |= NVME_CTRL_LIMITS; 3080 3081 if (nvme->n_idctl->id_mdts == 0) 3082 nvme->n_max_data_transfer_size = nvme->n_pagesize * 65536; 3083 else 3084 nvme->n_max_data_transfer_size = 3085 1ull << (nvme->n_pageshift + nvme->n_idctl->id_mdts); 3086 3087 nvme->n_error_log_len = nvme->n_idctl->id_elpe + 1; 3088 3089 /* 3090 * Limit n_max_data_transfer_size to what we can handle in one PRP. 3091 * Chained PRPs are currently unsupported. 3092 * 3093 * This is a no-op on hardware which doesn't support a transfer size 3094 * big enough to require chained PRPs. 3095 */ 3096 nvme->n_max_data_transfer_size = MIN(nvme->n_max_data_transfer_size, 3097 (nvme->n_pagesize / sizeof (uint64_t) * nvme->n_pagesize)); 3098 3099 nvme->n_prp_dma_attr.dma_attr_maxxfer = nvme->n_max_data_transfer_size; 3100 3101 /* 3102 * Make sure the minimum/maximum queue entry sizes are not 3103 * larger/smaller than the default. 3104 */ 3105 3106 if (((1 << nvme->n_idctl->id_sqes.qes_min) > sizeof (nvme_sqe_t)) || 3107 ((1 << nvme->n_idctl->id_sqes.qes_max) < sizeof (nvme_sqe_t)) || 3108 ((1 << nvme->n_idctl->id_cqes.qes_min) > sizeof (nvme_cqe_t)) || 3109 ((1 << nvme->n_idctl->id_cqes.qes_max) < sizeof (nvme_cqe_t))) 3110 goto fail; 3111 3112 /* 3113 * Check for the presence of a Volatile Write Cache. If present, 3114 * enable or disable based on the value of the property 3115 * volatile-write-cache-enable (default is enabled). 3116 */ 3117 nvme->n_write_cache_present = 3118 nvme->n_idctl->id_vwc.vwc_present == 0 ? B_FALSE : B_TRUE; 3119 3120 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 3121 "volatile-write-cache-present", 3122 nvme->n_write_cache_present ? 1 : 0); 3123 3124 if (!nvme->n_write_cache_present) { 3125 nvme->n_write_cache_enabled = B_FALSE; 3126 } else if (nvme_write_cache_set(nvme, nvme->n_write_cache_enabled) 3127 != 0) { 3128 dev_err(nvme->n_dip, CE_WARN, 3129 "!failed to %sable volatile write cache", 3130 nvme->n_write_cache_enabled ? "en" : "dis"); 3131 /* 3132 * Assume the cache is (still) enabled. 3133 */ 3134 nvme->n_write_cache_enabled = B_TRUE; 3135 } 3136 3137 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 3138 "volatile-write-cache-enable", 3139 nvme->n_write_cache_enabled ? 1 : 0); 3140 3141 /* 3142 * Assume LBA Range Type feature is supported. If it isn't this 3143 * will be set to B_FALSE by nvme_get_features(). 3144 */ 3145 nvme->n_lba_range_supported = B_TRUE; 3146 3147 /* 3148 * Check support for Autonomous Power State Transition. 3149 */ 3150 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 1)) 3151 nvme->n_auto_pst_supported = 3152 nvme->n_idctl->id_apsta.ap_sup == 0 ? B_FALSE : B_TRUE; 3153 3154 /* 3155 * Assume Software Progress Marker feature is supported. If it isn't 3156 * this will be set to B_FALSE by nvme_get_features(). 3157 */ 3158 nvme->n_progress_supported = B_TRUE; 3159 3160 /* 3161 * Identify Namespaces 3162 */ 3163 nvme->n_namespace_count = nvme->n_idctl->id_nn; 3164 3165 if (nvme->n_namespace_count == 0) { 3166 dev_err(nvme->n_dip, CE_WARN, 3167 "!controllers without namespaces are not supported"); 3168 goto fail; 3169 } 3170 3171 if (nvme->n_namespace_count > NVME_MINOR_MAX) { 3172 dev_err(nvme->n_dip, CE_WARN, 3173 "!too many namespaces: %d, limiting to %d\n", 3174 nvme->n_namespace_count, NVME_MINOR_MAX); 3175 nvme->n_namespace_count = NVME_MINOR_MAX; 3176 } 3177 3178 nvme->n_ns = kmem_zalloc(sizeof (nvme_namespace_t) * 3179 nvme->n_namespace_count, KM_SLEEP); 3180 3181 for (i = 0; i != nvme->n_namespace_count; i++) { 3182 nvme->n_ns[i].ns_ignore = B_TRUE; 3183 if (nvme_init_ns(nvme, i + 1) != DDI_SUCCESS) 3184 goto fail; 3185 } 3186 3187 /* 3188 * Try to set up MSI/MSI-X interrupts. 3189 */ 3190 if ((nvme->n_intr_types & (DDI_INTR_TYPE_MSI | DDI_INTR_TYPE_MSIX)) 3191 != 0) { 3192 nvme_release_interrupts(nvme); 3193 3194 nqueues = MIN(UINT16_MAX, ncpus); 3195 3196 if ((nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSIX, 3197 nqueues) != DDI_SUCCESS) && 3198 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSI, 3199 nqueues) != DDI_SUCCESS)) { 3200 dev_err(nvme->n_dip, CE_WARN, 3201 "!failed to setup MSI/MSI-X interrupts"); 3202 goto fail; 3203 } 3204 } 3205 3206 /* 3207 * Create I/O queue pairs. 3208 */ 3209 3210 if (nvme_set_nqueues(nvme) != 0) { 3211 dev_err(nvme->n_dip, CE_WARN, 3212 "!failed to set number of I/O queues to %d", 3213 nvme->n_intr_cnt); 3214 goto fail; 3215 } 3216 3217 /* 3218 * Reallocate I/O queue array 3219 */ 3220 kmem_free(nvme->n_ioq, sizeof (nvme_qpair_t *)); 3221 nvme->n_ioq = kmem_zalloc(sizeof (nvme_qpair_t *) * 3222 (nvme->n_submission_queues + 1), KM_SLEEP); 3223 nvme->n_ioq[0] = nvme->n_adminq; 3224 3225 /* 3226 * There should always be at least as many submission queues 3227 * as completion queues. 3228 */ 3229 ASSERT(nvme->n_submission_queues >= nvme->n_completion_queues); 3230 3231 nvme->n_ioq_count = nvme->n_submission_queues; 3232 3233 nvme->n_io_squeue_len = 3234 MIN(nvme->n_io_squeue_len, nvme->n_max_queue_entries); 3235 3236 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, "io-squeue-len", 3237 nvme->n_io_squeue_len); 3238 3239 /* 3240 * Pre-allocate completion queues. 3241 * When there are the same number of submission and completion 3242 * queues there is no value in having a larger completion 3243 * queue length. 3244 */ 3245 if (nvme->n_submission_queues == nvme->n_completion_queues) 3246 nvme->n_io_cqueue_len = MIN(nvme->n_io_cqueue_len, 3247 nvme->n_io_squeue_len); 3248 3249 nvme->n_io_cqueue_len = MIN(nvme->n_io_cqueue_len, 3250 nvme->n_max_queue_entries); 3251 3252 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, "io-cqueue-len", 3253 nvme->n_io_cqueue_len); 3254 3255 /* 3256 * Assign the equal quantity of taskq threads to each completion 3257 * queue, capping the total number of threads to the number 3258 * of CPUs. 3259 */ 3260 tq_threads = MIN(UINT16_MAX, ncpus) / nvme->n_completion_queues; 3261 3262 /* 3263 * In case the calculation above is zero, we need at least one 3264 * thread per completion queue. 3265 */ 3266 tq_threads = MAX(1, tq_threads); 3267 3268 if (nvme_create_cq_array(nvme, nvme->n_completion_queues + 1, 3269 nvme->n_io_cqueue_len, tq_threads) != DDI_SUCCESS) { 3270 dev_err(nvme->n_dip, CE_WARN, 3271 "!failed to pre-allocate completion queues"); 3272 goto fail; 3273 } 3274 3275 /* 3276 * If we use less completion queues than interrupt vectors return 3277 * some of the interrupt vectors back to the system. 3278 */ 3279 if (nvme->n_completion_queues + 1 < nvme->n_intr_cnt) { 3280 nvme_release_interrupts(nvme); 3281 3282 if (nvme_setup_interrupts(nvme, nvme->n_intr_type, 3283 nvme->n_completion_queues + 1) != DDI_SUCCESS) { 3284 dev_err(nvme->n_dip, CE_WARN, 3285 "!failed to reduce number of interrupts"); 3286 goto fail; 3287 } 3288 } 3289 3290 /* 3291 * Alloc & register I/O queue pairs 3292 */ 3293 3294 for (i = 1; i != nvme->n_ioq_count + 1; i++) { 3295 if (nvme_alloc_qpair(nvme, nvme->n_io_squeue_len, 3296 &nvme->n_ioq[i], i) != DDI_SUCCESS) { 3297 dev_err(nvme->n_dip, CE_WARN, 3298 "!unable to allocate I/O qpair %d", i); 3299 goto fail; 3300 } 3301 3302 if (nvme_create_io_qpair(nvme, nvme->n_ioq[i], i) != 0) { 3303 dev_err(nvme->n_dip, CE_WARN, 3304 "!unable to create I/O qpair %d", i); 3305 goto fail; 3306 } 3307 } 3308 3309 /* 3310 * Post more asynchronous events commands to reduce event reporting 3311 * latency as suggested by the spec. 3312 */ 3313 if (nvme->n_async_event_supported) { 3314 for (i = 1; i != nvme->n_async_event_limit; i++) 3315 nvme_async_event(nvme); 3316 } 3317 3318 return (DDI_SUCCESS); 3319 3320 fail: 3321 (void) nvme_reset(nvme, B_FALSE); 3322 return (DDI_FAILURE); 3323 } 3324 3325 static uint_t 3326 nvme_intr(caddr_t arg1, caddr_t arg2) 3327 { 3328 /*LINTED: E_PTR_BAD_CAST_ALIGN*/ 3329 nvme_t *nvme = (nvme_t *)arg1; 3330 int inum = (int)(uintptr_t)arg2; 3331 int ccnt = 0; 3332 int qnum; 3333 3334 if (inum >= nvme->n_intr_cnt) 3335 return (DDI_INTR_UNCLAIMED); 3336 3337 if (nvme->n_dead) 3338 return (nvme->n_intr_type == DDI_INTR_TYPE_FIXED ? 3339 DDI_INTR_UNCLAIMED : DDI_INTR_CLAIMED); 3340 3341 /* 3342 * The interrupt vector a queue uses is calculated as queue_idx % 3343 * intr_cnt in nvme_create_io_qpair(). Iterate through the queue array 3344 * in steps of n_intr_cnt to process all queues using this vector. 3345 */ 3346 for (qnum = inum; 3347 qnum < nvme->n_cq_count && nvme->n_cq[qnum] != NULL; 3348 qnum += nvme->n_intr_cnt) { 3349 ccnt += nvme_process_iocq(nvme, nvme->n_cq[qnum]); 3350 } 3351 3352 return (ccnt > 0 ? DDI_INTR_CLAIMED : DDI_INTR_UNCLAIMED); 3353 } 3354 3355 static void 3356 nvme_release_interrupts(nvme_t *nvme) 3357 { 3358 int i; 3359 3360 for (i = 0; i < nvme->n_intr_cnt; i++) { 3361 if (nvme->n_inth[i] == NULL) 3362 break; 3363 3364 if (nvme->n_intr_cap & DDI_INTR_FLAG_BLOCK) 3365 (void) ddi_intr_block_disable(&nvme->n_inth[i], 1); 3366 else 3367 (void) ddi_intr_disable(nvme->n_inth[i]); 3368 3369 (void) ddi_intr_remove_handler(nvme->n_inth[i]); 3370 (void) ddi_intr_free(nvme->n_inth[i]); 3371 } 3372 3373 kmem_free(nvme->n_inth, nvme->n_inth_sz); 3374 nvme->n_inth = NULL; 3375 nvme->n_inth_sz = 0; 3376 3377 nvme->n_progress &= ~NVME_INTERRUPTS; 3378 } 3379 3380 static int 3381 nvme_setup_interrupts(nvme_t *nvme, int intr_type, int nqpairs) 3382 { 3383 int nintrs, navail, count; 3384 int ret; 3385 int i; 3386 3387 if (nvme->n_intr_types == 0) { 3388 ret = ddi_intr_get_supported_types(nvme->n_dip, 3389 &nvme->n_intr_types); 3390 if (ret != DDI_SUCCESS) { 3391 dev_err(nvme->n_dip, CE_WARN, 3392 "!%s: ddi_intr_get_supported types failed", 3393 __func__); 3394 return (ret); 3395 } 3396 #ifdef __x86 3397 if (get_hwenv() == HW_VMWARE) 3398 nvme->n_intr_types &= ~DDI_INTR_TYPE_MSIX; 3399 #endif 3400 } 3401 3402 if ((nvme->n_intr_types & intr_type) == 0) 3403 return (DDI_FAILURE); 3404 3405 ret = ddi_intr_get_nintrs(nvme->n_dip, intr_type, &nintrs); 3406 if (ret != DDI_SUCCESS) { 3407 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_nintrs failed", 3408 __func__); 3409 return (ret); 3410 } 3411 3412 ret = ddi_intr_get_navail(nvme->n_dip, intr_type, &navail); 3413 if (ret != DDI_SUCCESS) { 3414 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_navail failed", 3415 __func__); 3416 return (ret); 3417 } 3418 3419 /* We want at most one interrupt per queue pair. */ 3420 if (navail > nqpairs) 3421 navail = nqpairs; 3422 3423 nvme->n_inth_sz = sizeof (ddi_intr_handle_t) * navail; 3424 nvme->n_inth = kmem_zalloc(nvme->n_inth_sz, KM_SLEEP); 3425 3426 ret = ddi_intr_alloc(nvme->n_dip, nvme->n_inth, intr_type, 0, navail, 3427 &count, 0); 3428 if (ret != DDI_SUCCESS) { 3429 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_alloc failed", 3430 __func__); 3431 goto fail; 3432 } 3433 3434 nvme->n_intr_cnt = count; 3435 3436 ret = ddi_intr_get_pri(nvme->n_inth[0], &nvme->n_intr_pri); 3437 if (ret != DDI_SUCCESS) { 3438 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_pri failed", 3439 __func__); 3440 goto fail; 3441 } 3442 3443 for (i = 0; i < count; i++) { 3444 ret = ddi_intr_add_handler(nvme->n_inth[i], nvme_intr, 3445 (void *)nvme, (void *)(uintptr_t)i); 3446 if (ret != DDI_SUCCESS) { 3447 dev_err(nvme->n_dip, CE_WARN, 3448 "!%s: ddi_intr_add_handler failed", __func__); 3449 goto fail; 3450 } 3451 } 3452 3453 (void) ddi_intr_get_cap(nvme->n_inth[0], &nvme->n_intr_cap); 3454 3455 for (i = 0; i < count; i++) { 3456 if (nvme->n_intr_cap & DDI_INTR_FLAG_BLOCK) 3457 ret = ddi_intr_block_enable(&nvme->n_inth[i], 1); 3458 else 3459 ret = ddi_intr_enable(nvme->n_inth[i]); 3460 3461 if (ret != DDI_SUCCESS) { 3462 dev_err(nvme->n_dip, CE_WARN, 3463 "!%s: enabling interrupt %d failed", __func__, i); 3464 goto fail; 3465 } 3466 } 3467 3468 nvme->n_intr_type = intr_type; 3469 3470 nvme->n_progress |= NVME_INTERRUPTS; 3471 3472 return (DDI_SUCCESS); 3473 3474 fail: 3475 nvme_release_interrupts(nvme); 3476 3477 return (ret); 3478 } 3479 3480 static int 3481 nvme_fm_errcb(dev_info_t *dip, ddi_fm_error_t *fm_error, const void *arg) 3482 { 3483 _NOTE(ARGUNUSED(arg)); 3484 3485 pci_ereport_post(dip, fm_error, NULL); 3486 return (fm_error->fme_status); 3487 } 3488 3489 static void 3490 nvme_remove_callback(dev_info_t *dip, ddi_eventcookie_t cookie, void *a, 3491 void *b) 3492 { 3493 nvme_t *nvme = a; 3494 3495 nvme->n_dead = B_TRUE; 3496 3497 /* 3498 * Fail all outstanding commands, including those in the admin queue 3499 * (queue 0). 3500 */ 3501 for (uint_t i = 0; i < nvme->n_ioq_count + 1; i++) { 3502 nvme_qpair_t *qp = nvme->n_ioq[i]; 3503 3504 mutex_enter(&qp->nq_mutex); 3505 for (size_t j = 0; j < qp->nq_nentry; j++) { 3506 nvme_cmd_t *cmd = qp->nq_cmd[j]; 3507 nvme_cmd_t *u_cmd; 3508 3509 if (cmd == NULL) { 3510 continue; 3511 } 3512 3513 /* 3514 * Since we have the queue lock held the entire time we 3515 * iterate over it, it's not possible for the queue to 3516 * change underneath us. Thus, we don't need to check 3517 * that the return value of nvme_unqueue_cmd matches the 3518 * requested cmd to unqueue. 3519 */ 3520 u_cmd = nvme_unqueue_cmd(nvme, qp, cmd->nc_sqe.sqe_cid); 3521 taskq_dispatch_ent(qp->nq_cq->ncq_cmd_taskq, 3522 cmd->nc_callback, cmd, TQ_NOSLEEP, &cmd->nc_tqent); 3523 3524 ASSERT3P(u_cmd, ==, cmd); 3525 } 3526 mutex_exit(&qp->nq_mutex); 3527 } 3528 } 3529 3530 static int 3531 nvme_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 3532 { 3533 nvme_t *nvme; 3534 int instance; 3535 int nregs; 3536 off_t regsize; 3537 int i; 3538 char name[32]; 3539 bd_ops_t ops = nvme_bd_ops; 3540 3541 if (cmd != DDI_ATTACH) 3542 return (DDI_FAILURE); 3543 3544 instance = ddi_get_instance(dip); 3545 3546 if (ddi_soft_state_zalloc(nvme_state, instance) != DDI_SUCCESS) 3547 return (DDI_FAILURE); 3548 3549 nvme = ddi_get_soft_state(nvme_state, instance); 3550 ddi_set_driver_private(dip, nvme); 3551 nvme->n_dip = dip; 3552 3553 /* Set up event handlers for hot removal. */ 3554 if (ddi_get_eventcookie(nvme->n_dip, DDI_DEVI_REMOVE_EVENT, 3555 &nvme->n_rm_cookie) != DDI_SUCCESS) { 3556 goto fail; 3557 } 3558 if (ddi_add_event_handler(nvme->n_dip, nvme->n_rm_cookie, 3559 nvme_remove_callback, nvme, &nvme->n_ev_rm_cb_id) != 3560 DDI_SUCCESS) { 3561 goto fail; 3562 } 3563 3564 mutex_init(&nvme->n_minor_mutex, NULL, MUTEX_DRIVER, NULL); 3565 nvme->n_progress |= NVME_MUTEX_INIT; 3566 3567 nvme->n_strict_version = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3568 DDI_PROP_DONTPASS, "strict-version", 1) == 1 ? B_TRUE : B_FALSE; 3569 nvme->n_ignore_unknown_vendor_status = ddi_prop_get_int(DDI_DEV_T_ANY, 3570 dip, DDI_PROP_DONTPASS, "ignore-unknown-vendor-status", 0) == 1 ? 3571 B_TRUE : B_FALSE; 3572 nvme->n_admin_queue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3573 DDI_PROP_DONTPASS, "admin-queue-len", NVME_DEFAULT_ADMIN_QUEUE_LEN); 3574 nvme->n_io_squeue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3575 DDI_PROP_DONTPASS, "io-squeue-len", NVME_DEFAULT_IO_QUEUE_LEN); 3576 /* 3577 * Double up the default for completion queues in case of 3578 * queue sharing. 3579 */ 3580 nvme->n_io_cqueue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3581 DDI_PROP_DONTPASS, "io-cqueue-len", 2 * NVME_DEFAULT_IO_QUEUE_LEN); 3582 nvme->n_async_event_limit = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3583 DDI_PROP_DONTPASS, "async-event-limit", 3584 NVME_DEFAULT_ASYNC_EVENT_LIMIT); 3585 nvme->n_write_cache_enabled = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3586 DDI_PROP_DONTPASS, "volatile-write-cache-enable", 1) != 0 ? 3587 B_TRUE : B_FALSE; 3588 nvme->n_min_block_size = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3589 DDI_PROP_DONTPASS, "min-phys-block-size", 3590 NVME_DEFAULT_MIN_BLOCK_SIZE); 3591 nvme->n_submission_queues = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3592 DDI_PROP_DONTPASS, "max-submission-queues", -1); 3593 nvme->n_completion_queues = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3594 DDI_PROP_DONTPASS, "max-completion-queues", -1); 3595 3596 if (!ISP2(nvme->n_min_block_size) || 3597 (nvme->n_min_block_size < NVME_DEFAULT_MIN_BLOCK_SIZE)) { 3598 dev_err(dip, CE_WARN, "!min-phys-block-size %s, " 3599 "using default %d", ISP2(nvme->n_min_block_size) ? 3600 "too low" : "not a power of 2", 3601 NVME_DEFAULT_MIN_BLOCK_SIZE); 3602 nvme->n_min_block_size = NVME_DEFAULT_MIN_BLOCK_SIZE; 3603 } 3604 3605 if (nvme->n_submission_queues != -1 && 3606 (nvme->n_submission_queues < 1 || 3607 nvme->n_submission_queues > UINT16_MAX)) { 3608 dev_err(dip, CE_WARN, "!\"submission-queues\"=%d is not " 3609 "valid. Must be [1..%d]", nvme->n_submission_queues, 3610 UINT16_MAX); 3611 nvme->n_submission_queues = -1; 3612 } 3613 3614 if (nvme->n_completion_queues != -1 && 3615 (nvme->n_completion_queues < 1 || 3616 nvme->n_completion_queues > UINT16_MAX)) { 3617 dev_err(dip, CE_WARN, "!\"completion-queues\"=%d is not " 3618 "valid. Must be [1..%d]", nvme->n_completion_queues, 3619 UINT16_MAX); 3620 nvme->n_completion_queues = -1; 3621 } 3622 3623 if (nvme->n_admin_queue_len < NVME_MIN_ADMIN_QUEUE_LEN) 3624 nvme->n_admin_queue_len = NVME_MIN_ADMIN_QUEUE_LEN; 3625 else if (nvme->n_admin_queue_len > NVME_MAX_ADMIN_QUEUE_LEN) 3626 nvme->n_admin_queue_len = NVME_MAX_ADMIN_QUEUE_LEN; 3627 3628 if (nvme->n_io_squeue_len < NVME_MIN_IO_QUEUE_LEN) 3629 nvme->n_io_squeue_len = NVME_MIN_IO_QUEUE_LEN; 3630 if (nvme->n_io_cqueue_len < NVME_MIN_IO_QUEUE_LEN) 3631 nvme->n_io_cqueue_len = NVME_MIN_IO_QUEUE_LEN; 3632 3633 if (nvme->n_async_event_limit < 1) 3634 nvme->n_async_event_limit = NVME_DEFAULT_ASYNC_EVENT_LIMIT; 3635 3636 nvme->n_reg_acc_attr = nvme_reg_acc_attr; 3637 nvme->n_queue_dma_attr = nvme_queue_dma_attr; 3638 nvme->n_prp_dma_attr = nvme_prp_dma_attr; 3639 nvme->n_sgl_dma_attr = nvme_sgl_dma_attr; 3640 3641 /* 3642 * Set up FMA support. 3643 */ 3644 nvme->n_fm_cap = ddi_getprop(DDI_DEV_T_ANY, dip, 3645 DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "fm-capable", 3646 DDI_FM_EREPORT_CAPABLE | DDI_FM_ACCCHK_CAPABLE | 3647 DDI_FM_DMACHK_CAPABLE | DDI_FM_ERRCB_CAPABLE); 3648 3649 ddi_fm_init(dip, &nvme->n_fm_cap, &nvme->n_fm_ibc); 3650 3651 if (nvme->n_fm_cap) { 3652 if (nvme->n_fm_cap & DDI_FM_ACCCHK_CAPABLE) 3653 nvme->n_reg_acc_attr.devacc_attr_access = 3654 DDI_FLAGERR_ACC; 3655 3656 if (nvme->n_fm_cap & DDI_FM_DMACHK_CAPABLE) { 3657 nvme->n_prp_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR; 3658 nvme->n_sgl_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR; 3659 } 3660 3661 if (DDI_FM_EREPORT_CAP(nvme->n_fm_cap) || 3662 DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3663 pci_ereport_setup(dip); 3664 3665 if (DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3666 ddi_fm_handler_register(dip, nvme_fm_errcb, 3667 (void *)nvme); 3668 } 3669 3670 nvme->n_progress |= NVME_FMA_INIT; 3671 3672 /* 3673 * The spec defines several register sets. Only the controller 3674 * registers (set 1) are currently used. 3675 */ 3676 if (ddi_dev_nregs(dip, &nregs) == DDI_FAILURE || 3677 nregs < 2 || 3678 ddi_dev_regsize(dip, 1, ®size) == DDI_FAILURE) 3679 goto fail; 3680 3681 if (ddi_regs_map_setup(dip, 1, &nvme->n_regs, 0, regsize, 3682 &nvme->n_reg_acc_attr, &nvme->n_regh) != DDI_SUCCESS) { 3683 dev_err(dip, CE_WARN, "!failed to map regset 1"); 3684 goto fail; 3685 } 3686 3687 nvme->n_progress |= NVME_REGS_MAPPED; 3688 3689 /* 3690 * Create PRP DMA cache 3691 */ 3692 (void) snprintf(name, sizeof (name), "%s%d_prp_cache", 3693 ddi_driver_name(dip), ddi_get_instance(dip)); 3694 nvme->n_prp_cache = kmem_cache_create(name, sizeof (nvme_dma_t), 3695 0, nvme_prp_dma_constructor, nvme_prp_dma_destructor, 3696 NULL, (void *)nvme, NULL, 0); 3697 3698 if (nvme_init(nvme) != DDI_SUCCESS) 3699 goto fail; 3700 3701 if (!nvme->n_idctl->id_oncs.on_dset_mgmt) 3702 ops.o_free_space = NULL; 3703 3704 /* 3705 * Initialize the driver with the UFM subsystem 3706 */ 3707 if (ddi_ufm_init(dip, DDI_UFM_CURRENT_VERSION, &nvme_ufm_ops, 3708 &nvme->n_ufmh, nvme) != 0) { 3709 dev_err(dip, CE_WARN, "!failed to initialize UFM subsystem"); 3710 goto fail; 3711 } 3712 mutex_init(&nvme->n_fwslot_mutex, NULL, MUTEX_DRIVER, NULL); 3713 ddi_ufm_update(nvme->n_ufmh); 3714 nvme->n_progress |= NVME_UFM_INIT; 3715 3716 /* 3717 * Attach the blkdev driver for each namespace. 3718 */ 3719 for (i = 0; i != nvme->n_namespace_count; i++) { 3720 if (ddi_create_minor_node(nvme->n_dip, nvme->n_ns[i].ns_name, 3721 S_IFCHR, NVME_MINOR(ddi_get_instance(nvme->n_dip), i + 1), 3722 DDI_NT_NVME_ATTACHMENT_POINT, 0) != DDI_SUCCESS) { 3723 dev_err(dip, CE_WARN, 3724 "!failed to create minor node for namespace %d", i); 3725 goto fail; 3726 } 3727 3728 if (nvme->n_ns[i].ns_ignore) 3729 continue; 3730 3731 nvme->n_ns[i].ns_bd_hdl = bd_alloc_handle(&nvme->n_ns[i], 3732 &ops, &nvme->n_prp_dma_attr, KM_SLEEP); 3733 3734 if (nvme->n_ns[i].ns_bd_hdl == NULL) { 3735 dev_err(dip, CE_WARN, 3736 "!failed to get blkdev handle for namespace %d", i); 3737 goto fail; 3738 } 3739 3740 if (bd_attach_handle(dip, nvme->n_ns[i].ns_bd_hdl) 3741 != DDI_SUCCESS) { 3742 dev_err(dip, CE_WARN, 3743 "!failed to attach blkdev handle for namespace %d", 3744 i); 3745 goto fail; 3746 } 3747 } 3748 3749 if (ddi_create_minor_node(dip, "devctl", S_IFCHR, 3750 NVME_MINOR(ddi_get_instance(dip), 0), DDI_NT_NVME_NEXUS, 0) 3751 != DDI_SUCCESS) { 3752 dev_err(dip, CE_WARN, "nvme_attach: " 3753 "cannot create devctl minor node"); 3754 goto fail; 3755 } 3756 3757 return (DDI_SUCCESS); 3758 3759 fail: 3760 /* attach successful anyway so that FMA can retire the device */ 3761 if (nvme->n_dead) 3762 return (DDI_SUCCESS); 3763 3764 (void) nvme_detach(dip, DDI_DETACH); 3765 3766 return (DDI_FAILURE); 3767 } 3768 3769 static int 3770 nvme_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 3771 { 3772 int instance, i; 3773 nvme_t *nvme; 3774 3775 if (cmd != DDI_DETACH) 3776 return (DDI_FAILURE); 3777 3778 instance = ddi_get_instance(dip); 3779 3780 nvme = ddi_get_soft_state(nvme_state, instance); 3781 3782 if (nvme == NULL) 3783 return (DDI_FAILURE); 3784 3785 ddi_remove_minor_node(dip, "devctl"); 3786 3787 if (nvme->n_ns) { 3788 for (i = 0; i != nvme->n_namespace_count; i++) { 3789 ddi_remove_minor_node(dip, nvme->n_ns[i].ns_name); 3790 3791 if (nvme->n_ns[i].ns_bd_hdl) { 3792 (void) bd_detach_handle( 3793 nvme->n_ns[i].ns_bd_hdl); 3794 bd_free_handle(nvme->n_ns[i].ns_bd_hdl); 3795 } 3796 3797 if (nvme->n_ns[i].ns_idns) 3798 kmem_free(nvme->n_ns[i].ns_idns, 3799 sizeof (nvme_identify_nsid_t)); 3800 if (nvme->n_ns[i].ns_devid) 3801 strfree(nvme->n_ns[i].ns_devid); 3802 } 3803 3804 kmem_free(nvme->n_ns, sizeof (nvme_namespace_t) * 3805 nvme->n_namespace_count); 3806 } 3807 if (nvme->n_progress & NVME_UFM_INIT) { 3808 ddi_ufm_fini(nvme->n_ufmh); 3809 mutex_destroy(&nvme->n_fwslot_mutex); 3810 } 3811 3812 if (nvme->n_progress & NVME_INTERRUPTS) 3813 nvme_release_interrupts(nvme); 3814 3815 for (i = 0; i < nvme->n_cq_count; i++) { 3816 if (nvme->n_cq[i]->ncq_cmd_taskq != NULL) 3817 taskq_wait(nvme->n_cq[i]->ncq_cmd_taskq); 3818 } 3819 3820 if (nvme->n_progress & NVME_MUTEX_INIT) { 3821 mutex_destroy(&nvme->n_minor_mutex); 3822 } 3823 3824 if (nvme->n_ioq_count > 0) { 3825 for (i = 1; i != nvme->n_ioq_count + 1; i++) { 3826 if (nvme->n_ioq[i] != NULL) { 3827 /* TODO: send destroy queue commands */ 3828 nvme_free_qpair(nvme->n_ioq[i]); 3829 } 3830 } 3831 3832 kmem_free(nvme->n_ioq, sizeof (nvme_qpair_t *) * 3833 (nvme->n_ioq_count + 1)); 3834 } 3835 3836 if (nvme->n_prp_cache != NULL) { 3837 kmem_cache_destroy(nvme->n_prp_cache); 3838 } 3839 3840 if (nvme->n_progress & NVME_REGS_MAPPED) { 3841 nvme_shutdown(nvme, NVME_CC_SHN_NORMAL, B_FALSE); 3842 (void) nvme_reset(nvme, B_FALSE); 3843 } 3844 3845 if (nvme->n_progress & NVME_CTRL_LIMITS) 3846 sema_destroy(&nvme->n_abort_sema); 3847 3848 if (nvme->n_progress & NVME_ADMIN_QUEUE) 3849 nvme_free_qpair(nvme->n_adminq); 3850 3851 if (nvme->n_cq_count > 0) { 3852 nvme_destroy_cq_array(nvme, 0); 3853 nvme->n_cq = NULL; 3854 nvme->n_cq_count = 0; 3855 } 3856 3857 if (nvme->n_idctl) 3858 kmem_free(nvme->n_idctl, NVME_IDENTIFY_BUFSIZE); 3859 3860 if (nvme->n_progress & NVME_REGS_MAPPED) 3861 ddi_regs_map_free(&nvme->n_regh); 3862 3863 if (nvme->n_progress & NVME_FMA_INIT) { 3864 if (DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3865 ddi_fm_handler_unregister(nvme->n_dip); 3866 3867 if (DDI_FM_EREPORT_CAP(nvme->n_fm_cap) || 3868 DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3869 pci_ereport_teardown(nvme->n_dip); 3870 3871 ddi_fm_fini(nvme->n_dip); 3872 } 3873 3874 if (nvme->n_vendor != NULL) 3875 strfree(nvme->n_vendor); 3876 3877 if (nvme->n_product != NULL) 3878 strfree(nvme->n_product); 3879 3880 /* Clean up hot removal event handler. */ 3881 if (nvme->n_ev_rm_cb_id != NULL) { 3882 (void) ddi_remove_event_handler(nvme->n_ev_rm_cb_id); 3883 } 3884 nvme->n_ev_rm_cb_id = NULL; 3885 3886 ddi_soft_state_free(nvme_state, instance); 3887 3888 return (DDI_SUCCESS); 3889 } 3890 3891 static int 3892 nvme_quiesce(dev_info_t *dip) 3893 { 3894 int instance; 3895 nvme_t *nvme; 3896 3897 instance = ddi_get_instance(dip); 3898 3899 nvme = ddi_get_soft_state(nvme_state, instance); 3900 3901 if (nvme == NULL) 3902 return (DDI_FAILURE); 3903 3904 nvme_shutdown(nvme, NVME_CC_SHN_ABRUPT, B_TRUE); 3905 3906 (void) nvme_reset(nvme, B_TRUE); 3907 3908 return (DDI_FAILURE); 3909 } 3910 3911 static int 3912 nvme_fill_prp(nvme_cmd_t *cmd, ddi_dma_handle_t dma) 3913 { 3914 nvme_t *nvme = cmd->nc_nvme; 3915 uint_t nprp_per_page, nprp; 3916 uint64_t *prp; 3917 const ddi_dma_cookie_t *cookie; 3918 uint_t idx; 3919 uint_t ncookies = ddi_dma_ncookies(dma); 3920 3921 if (ncookies == 0) 3922 return (DDI_FAILURE); 3923 3924 if ((cookie = ddi_dma_cookie_get(dma, 0)) == NULL) 3925 return (DDI_FAILURE); 3926 cmd->nc_sqe.sqe_dptr.d_prp[0] = cookie->dmac_laddress; 3927 3928 if (ncookies == 1) { 3929 cmd->nc_sqe.sqe_dptr.d_prp[1] = 0; 3930 return (DDI_SUCCESS); 3931 } else if (ncookies == 2) { 3932 if ((cookie = ddi_dma_cookie_get(dma, 1)) == NULL) 3933 return (DDI_FAILURE); 3934 cmd->nc_sqe.sqe_dptr.d_prp[1] = cookie->dmac_laddress; 3935 return (DDI_SUCCESS); 3936 } 3937 3938 /* 3939 * At this point, we're always operating on cookies at 3940 * index >= 1 and writing the addresses of those cookies 3941 * into a new page. The address of that page is stored 3942 * as the second PRP entry. 3943 */ 3944 nprp_per_page = nvme->n_pagesize / sizeof (uint64_t); 3945 ASSERT(nprp_per_page > 0); 3946 3947 /* 3948 * We currently don't support chained PRPs and set up our DMA 3949 * attributes to reflect that. If we still get an I/O request 3950 * that needs a chained PRP something is very wrong. Account 3951 * for the first cookie here, which we've placed in d_prp[0]. 3952 */ 3953 nprp = howmany(ncookies - 1, nprp_per_page); 3954 VERIFY(nprp == 1); 3955 3956 /* 3957 * Allocate a page of pointers, in which we'll write the 3958 * addresses of cookies 1 to `ncookies`. 3959 */ 3960 cmd->nc_prp = kmem_cache_alloc(nvme->n_prp_cache, KM_SLEEP); 3961 bzero(cmd->nc_prp->nd_memp, cmd->nc_prp->nd_len); 3962 cmd->nc_sqe.sqe_dptr.d_prp[1] = cmd->nc_prp->nd_cookie.dmac_laddress; 3963 3964 prp = (uint64_t *)cmd->nc_prp->nd_memp; 3965 for (idx = 1; idx < ncookies; idx++) { 3966 if ((cookie = ddi_dma_cookie_get(dma, idx)) == NULL) 3967 return (DDI_FAILURE); 3968 *prp++ = cookie->dmac_laddress; 3969 } 3970 3971 (void) ddi_dma_sync(cmd->nc_prp->nd_dmah, 0, cmd->nc_prp->nd_len, 3972 DDI_DMA_SYNC_FORDEV); 3973 return (DDI_SUCCESS); 3974 } 3975 3976 /* 3977 * The maximum number of requests supported for a deallocate request is 3978 * NVME_DSET_MGMT_MAX_RANGES (256) -- this is from the NVMe 1.1 spec (and 3979 * unchanged through at least 1.4a). The definition of nvme_range_t is also 3980 * from the NVMe 1.1 spec. Together, the result is that all of the ranges for 3981 * a deallocate request will fit into the smallest supported namespace page 3982 * (4k). 3983 */ 3984 CTASSERT(sizeof (nvme_range_t) * NVME_DSET_MGMT_MAX_RANGES == 4096); 3985 3986 static int 3987 nvme_fill_ranges(nvme_cmd_t *cmd, bd_xfer_t *xfer, uint64_t blocksize, 3988 int allocflag) 3989 { 3990 const dkioc_free_list_t *dfl = xfer->x_dfl; 3991 const dkioc_free_list_ext_t *exts = dfl->dfl_exts; 3992 nvme_t *nvme = cmd->nc_nvme; 3993 nvme_range_t *ranges = NULL; 3994 uint_t i; 3995 3996 /* 3997 * The number of ranges in the request is 0s based (that is 3998 * word10 == 0 -> 1 range, word10 == 1 -> 2 ranges, ..., 3999 * word10 == 255 -> 256 ranges). Therefore the allowed values are 4000 * [1..NVME_DSET_MGMT_MAX_RANGES]. If blkdev gives us a bad request, 4001 * we either provided bad info in nvme_bd_driveinfo() or there is a bug 4002 * in blkdev. 4003 */ 4004 VERIFY3U(dfl->dfl_num_exts, >, 0); 4005 VERIFY3U(dfl->dfl_num_exts, <=, NVME_DSET_MGMT_MAX_RANGES); 4006 cmd->nc_sqe.sqe_cdw10 = (dfl->dfl_num_exts - 1) & 0xff; 4007 4008 cmd->nc_sqe.sqe_cdw11 = NVME_DSET_MGMT_ATTR_DEALLOCATE; 4009 4010 cmd->nc_prp = kmem_cache_alloc(nvme->n_prp_cache, allocflag); 4011 if (cmd->nc_prp == NULL) 4012 return (DDI_FAILURE); 4013 4014 bzero(cmd->nc_prp->nd_memp, cmd->nc_prp->nd_len); 4015 ranges = (nvme_range_t *)cmd->nc_prp->nd_memp; 4016 4017 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_prp->nd_cookie.dmac_laddress; 4018 cmd->nc_sqe.sqe_dptr.d_prp[1] = 0; 4019 4020 for (i = 0; i < dfl->dfl_num_exts; i++) { 4021 uint64_t lba, len; 4022 4023 lba = (dfl->dfl_offset + exts[i].dfle_start) / blocksize; 4024 len = exts[i].dfle_length / blocksize; 4025 4026 VERIFY3U(len, <=, UINT32_MAX); 4027 4028 /* No context attributes for a deallocate request */ 4029 ranges[i].nr_ctxattr = 0; 4030 ranges[i].nr_len = len; 4031 ranges[i].nr_lba = lba; 4032 } 4033 4034 (void) ddi_dma_sync(cmd->nc_prp->nd_dmah, 0, cmd->nc_prp->nd_len, 4035 DDI_DMA_SYNC_FORDEV); 4036 4037 return (DDI_SUCCESS); 4038 } 4039 4040 static nvme_cmd_t * 4041 nvme_create_nvm_cmd(nvme_namespace_t *ns, uint8_t opc, bd_xfer_t *xfer) 4042 { 4043 nvme_t *nvme = ns->ns_nvme; 4044 nvme_cmd_t *cmd; 4045 int allocflag; 4046 4047 /* 4048 * Blkdev only sets BD_XFER_POLL when dumping, so don't sleep. 4049 */ 4050 allocflag = (xfer->x_flags & BD_XFER_POLL) ? KM_NOSLEEP : KM_SLEEP; 4051 cmd = nvme_alloc_cmd(nvme, allocflag); 4052 4053 if (cmd == NULL) 4054 return (NULL); 4055 4056 cmd->nc_sqe.sqe_opc = opc; 4057 cmd->nc_callback = nvme_bd_xfer_done; 4058 cmd->nc_xfer = xfer; 4059 4060 switch (opc) { 4061 case NVME_OPC_NVM_WRITE: 4062 case NVME_OPC_NVM_READ: 4063 VERIFY(xfer->x_nblks <= 0x10000); 4064 4065 cmd->nc_sqe.sqe_nsid = ns->ns_id; 4066 4067 cmd->nc_sqe.sqe_cdw10 = xfer->x_blkno & 0xffffffffu; 4068 cmd->nc_sqe.sqe_cdw11 = (xfer->x_blkno >> 32); 4069 cmd->nc_sqe.sqe_cdw12 = (uint16_t)(xfer->x_nblks - 1); 4070 4071 if (nvme_fill_prp(cmd, xfer->x_dmah) != DDI_SUCCESS) 4072 goto fail; 4073 break; 4074 4075 case NVME_OPC_NVM_FLUSH: 4076 cmd->nc_sqe.sqe_nsid = ns->ns_id; 4077 break; 4078 4079 case NVME_OPC_NVM_DSET_MGMT: 4080 cmd->nc_sqe.sqe_nsid = ns->ns_id; 4081 4082 if (nvme_fill_ranges(cmd, xfer, 4083 (uint64_t)ns->ns_block_size, allocflag) != DDI_SUCCESS) 4084 goto fail; 4085 break; 4086 4087 default: 4088 goto fail; 4089 } 4090 4091 return (cmd); 4092 4093 fail: 4094 nvme_free_cmd(cmd); 4095 return (NULL); 4096 } 4097 4098 static void 4099 nvme_bd_xfer_done(void *arg) 4100 { 4101 nvme_cmd_t *cmd = arg; 4102 bd_xfer_t *xfer = cmd->nc_xfer; 4103 int error = 0; 4104 4105 error = nvme_check_cmd_status(cmd); 4106 nvme_free_cmd(cmd); 4107 4108 bd_xfer_done(xfer, error); 4109 } 4110 4111 static void 4112 nvme_bd_driveinfo(void *arg, bd_drive_t *drive) 4113 { 4114 nvme_namespace_t *ns = arg; 4115 nvme_t *nvme = ns->ns_nvme; 4116 uint_t ns_count = MAX(1, nvme->n_namespaces_attachable); 4117 4118 /* 4119 * Set the blkdev qcount to the number of submission queues. 4120 * It will then create one waitq/runq pair for each submission 4121 * queue and spread I/O requests across the queues. 4122 */ 4123 drive->d_qcount = nvme->n_ioq_count; 4124 4125 /* 4126 * I/O activity to individual namespaces is distributed across 4127 * each of the d_qcount blkdev queues (which has been set to 4128 * the number of nvme submission queues). d_qsize is the number 4129 * of submitted and not completed I/Os within each queue that blkdev 4130 * will allow before it starts holding them in the waitq. 4131 * 4132 * Each namespace will create a child blkdev instance, for each one 4133 * we try and set the d_qsize so that each namespace gets an 4134 * equal portion of the submission queue. 4135 * 4136 * If post instantiation of the nvme drive, n_namespaces_attachable 4137 * changes and a namespace is attached it could calculate a 4138 * different d_qsize. It may even be that the sum of the d_qsizes is 4139 * now beyond the submission queue size. Should that be the case 4140 * and the I/O rate is such that blkdev attempts to submit more 4141 * I/Os than the size of the submission queue, the excess I/Os 4142 * will be held behind the semaphore nq_sema. 4143 */ 4144 drive->d_qsize = nvme->n_io_squeue_len / ns_count; 4145 4146 /* 4147 * Don't let the queue size drop below the minimum, though. 4148 */ 4149 drive->d_qsize = MAX(drive->d_qsize, NVME_MIN_IO_QUEUE_LEN); 4150 4151 /* 4152 * d_maxxfer is not set, which means the value is taken from the DMA 4153 * attributes specified to bd_alloc_handle. 4154 */ 4155 4156 drive->d_removable = B_FALSE; 4157 drive->d_hotpluggable = B_FALSE; 4158 4159 bcopy(ns->ns_eui64, drive->d_eui64, sizeof (drive->d_eui64)); 4160 drive->d_target = ns->ns_id; 4161 drive->d_lun = 0; 4162 4163 drive->d_model = nvme->n_idctl->id_model; 4164 drive->d_model_len = sizeof (nvme->n_idctl->id_model); 4165 drive->d_vendor = nvme->n_vendor; 4166 drive->d_vendor_len = strlen(nvme->n_vendor); 4167 drive->d_product = nvme->n_product; 4168 drive->d_product_len = strlen(nvme->n_product); 4169 drive->d_serial = nvme->n_idctl->id_serial; 4170 drive->d_serial_len = sizeof (nvme->n_idctl->id_serial); 4171 drive->d_revision = nvme->n_idctl->id_fwrev; 4172 drive->d_revision_len = sizeof (nvme->n_idctl->id_fwrev); 4173 4174 /* 4175 * If we support the dataset management command, the only restrictions 4176 * on a discard request are the maximum number of ranges (segments) 4177 * per single request. 4178 */ 4179 if (nvme->n_idctl->id_oncs.on_dset_mgmt) 4180 drive->d_max_free_seg = NVME_DSET_MGMT_MAX_RANGES; 4181 } 4182 4183 static int 4184 nvme_bd_mediainfo(void *arg, bd_media_t *media) 4185 { 4186 nvme_namespace_t *ns = arg; 4187 nvme_t *nvme = ns->ns_nvme; 4188 4189 if (nvme->n_dead) { 4190 return (EIO); 4191 } 4192 4193 media->m_nblks = ns->ns_block_count; 4194 media->m_blksize = ns->ns_block_size; 4195 media->m_readonly = B_FALSE; 4196 media->m_solidstate = B_TRUE; 4197 4198 media->m_pblksize = ns->ns_best_block_size; 4199 4200 return (0); 4201 } 4202 4203 static int 4204 nvme_bd_cmd(nvme_namespace_t *ns, bd_xfer_t *xfer, uint8_t opc) 4205 { 4206 nvme_t *nvme = ns->ns_nvme; 4207 nvme_cmd_t *cmd; 4208 nvme_qpair_t *ioq; 4209 boolean_t poll; 4210 int ret; 4211 4212 if (nvme->n_dead) { 4213 return (EIO); 4214 } 4215 4216 cmd = nvme_create_nvm_cmd(ns, opc, xfer); 4217 if (cmd == NULL) 4218 return (ENOMEM); 4219 4220 cmd->nc_sqid = xfer->x_qnum + 1; 4221 ASSERT(cmd->nc_sqid <= nvme->n_ioq_count); 4222 ioq = nvme->n_ioq[cmd->nc_sqid]; 4223 4224 /* 4225 * Get the polling flag before submitting the command. The command may 4226 * complete immediately after it was submitted, which means we must 4227 * treat both cmd and xfer as if they have been freed already. 4228 */ 4229 poll = (xfer->x_flags & BD_XFER_POLL) != 0; 4230 4231 ret = nvme_submit_io_cmd(ioq, cmd); 4232 4233 if (ret != 0) 4234 return (ret); 4235 4236 if (!poll) 4237 return (0); 4238 4239 do { 4240 cmd = nvme_retrieve_cmd(nvme, ioq); 4241 if (cmd != NULL) 4242 cmd->nc_callback(cmd); 4243 else 4244 drv_usecwait(10); 4245 } while (ioq->nq_active_cmds != 0); 4246 4247 return (0); 4248 } 4249 4250 static int 4251 nvme_bd_read(void *arg, bd_xfer_t *xfer) 4252 { 4253 nvme_namespace_t *ns = arg; 4254 4255 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_READ)); 4256 } 4257 4258 static int 4259 nvme_bd_write(void *arg, bd_xfer_t *xfer) 4260 { 4261 nvme_namespace_t *ns = arg; 4262 4263 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_WRITE)); 4264 } 4265 4266 static int 4267 nvme_bd_sync(void *arg, bd_xfer_t *xfer) 4268 { 4269 nvme_namespace_t *ns = arg; 4270 4271 if (ns->ns_nvme->n_dead) 4272 return (EIO); 4273 4274 /* 4275 * If the volatile write cache is not present or not enabled the FLUSH 4276 * command is a no-op, so we can take a shortcut here. 4277 */ 4278 if (!ns->ns_nvme->n_write_cache_present) { 4279 bd_xfer_done(xfer, ENOTSUP); 4280 return (0); 4281 } 4282 4283 if (!ns->ns_nvme->n_write_cache_enabled) { 4284 bd_xfer_done(xfer, 0); 4285 return (0); 4286 } 4287 4288 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_FLUSH)); 4289 } 4290 4291 static int 4292 nvme_bd_devid(void *arg, dev_info_t *devinfo, ddi_devid_t *devid) 4293 { 4294 nvme_namespace_t *ns = arg; 4295 nvme_t *nvme = ns->ns_nvme; 4296 4297 if (nvme->n_dead) { 4298 return (EIO); 4299 } 4300 4301 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 4302 if (*(uint64_t *)ns->ns_eui64 != 0) { 4303 return (ddi_devid_init(devinfo, DEVID_SCSI3_WWN, 4304 sizeof (ns->ns_eui64), ns->ns_eui64, devid)); 4305 } else { 4306 return (ddi_devid_init(devinfo, DEVID_ENCAP, 4307 strlen(ns->ns_devid), ns->ns_devid, devid)); 4308 } 4309 } 4310 4311 static int 4312 nvme_bd_free_space(void *arg, bd_xfer_t *xfer) 4313 { 4314 nvme_namespace_t *ns = arg; 4315 4316 if (xfer->x_dfl == NULL) 4317 return (EINVAL); 4318 4319 if (!ns->ns_nvme->n_idctl->id_oncs.on_dset_mgmt) 4320 return (ENOTSUP); 4321 4322 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_DSET_MGMT)); 4323 } 4324 4325 static int 4326 nvme_open(dev_t *devp, int flag, int otyp, cred_t *cred_p) 4327 { 4328 #ifndef __lock_lint 4329 _NOTE(ARGUNUSED(cred_p)); 4330 #endif 4331 minor_t minor = getminor(*devp); 4332 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4333 int nsid = NVME_MINOR_NSID(minor); 4334 nvme_minor_state_t *nm; 4335 int rv = 0; 4336 4337 if (otyp != OTYP_CHR) 4338 return (EINVAL); 4339 4340 if (nvme == NULL) 4341 return (ENXIO); 4342 4343 if (nsid > nvme->n_namespace_count) 4344 return (ENXIO); 4345 4346 if (nvme->n_dead) 4347 return (EIO); 4348 4349 mutex_enter(&nvme->n_minor_mutex); 4350 4351 /* 4352 * First check the devctl node and error out if it's been opened 4353 * exclusively already by any other thread. 4354 */ 4355 if (nvme->n_minor.nm_oexcl != NULL && 4356 nvme->n_minor.nm_oexcl != curthread) { 4357 rv = EBUSY; 4358 goto out; 4359 } 4360 4361 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[nsid - 1].ns_minor; 4362 4363 if (flag & FEXCL) { 4364 if (nm->nm_oexcl != NULL || nm->nm_open) { 4365 rv = EBUSY; 4366 goto out; 4367 } 4368 4369 /* 4370 * If at least one namespace is already open, fail the 4371 * exclusive open of the devctl node. 4372 */ 4373 if (nsid == 0) { 4374 for (int i = 0; i != nvme->n_namespace_count; i++) { 4375 if (nvme->n_ns[i].ns_minor.nm_open) { 4376 rv = EBUSY; 4377 goto out; 4378 } 4379 } 4380 } 4381 4382 nm->nm_oexcl = curthread; 4383 } 4384 4385 nm->nm_open = B_TRUE; 4386 4387 out: 4388 mutex_exit(&nvme->n_minor_mutex); 4389 return (rv); 4390 4391 } 4392 4393 static int 4394 nvme_close(dev_t dev, int flag, int otyp, cred_t *cred_p) 4395 { 4396 #ifndef __lock_lint 4397 _NOTE(ARGUNUSED(cred_p)); 4398 _NOTE(ARGUNUSED(flag)); 4399 #endif 4400 minor_t minor = getminor(dev); 4401 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4402 int nsid = NVME_MINOR_NSID(minor); 4403 nvme_minor_state_t *nm; 4404 4405 if (otyp != OTYP_CHR) 4406 return (ENXIO); 4407 4408 if (nvme == NULL) 4409 return (ENXIO); 4410 4411 if (nsid > nvme->n_namespace_count) 4412 return (ENXIO); 4413 4414 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[nsid - 1].ns_minor; 4415 4416 mutex_enter(&nvme->n_minor_mutex); 4417 if (nm->nm_oexcl != NULL) { 4418 ASSERT(nm->nm_oexcl == curthread); 4419 nm->nm_oexcl = NULL; 4420 } 4421 4422 ASSERT(nm->nm_open); 4423 nm->nm_open = B_FALSE; 4424 mutex_exit(&nvme->n_minor_mutex); 4425 4426 return (0); 4427 } 4428 4429 static int 4430 nvme_ioctl_identify(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4431 cred_t *cred_p) 4432 { 4433 _NOTE(ARGUNUSED(cred_p)); 4434 int rv = 0; 4435 void *idctl; 4436 4437 if ((mode & FREAD) == 0) 4438 return (EPERM); 4439 4440 if (nioc->n_len < NVME_IDENTIFY_BUFSIZE) 4441 return (EINVAL); 4442 4443 if ((rv = nvme_identify(nvme, B_TRUE, nsid, (void **)&idctl)) != 0) 4444 return (rv); 4445 4446 if (ddi_copyout(idctl, (void *)nioc->n_buf, NVME_IDENTIFY_BUFSIZE, mode) 4447 != 0) 4448 rv = EFAULT; 4449 4450 kmem_free(idctl, NVME_IDENTIFY_BUFSIZE); 4451 4452 return (rv); 4453 } 4454 4455 /* 4456 * Execute commands on behalf of the various ioctls. 4457 */ 4458 static int 4459 nvme_ioc_cmd(nvme_t *nvme, nvme_sqe_t *sqe, boolean_t is_admin, void *data_addr, 4460 uint32_t data_len, int rwk, nvme_cqe_t *cqe, uint_t timeout) 4461 { 4462 nvme_cmd_t *cmd; 4463 nvme_qpair_t *ioq; 4464 int rv = 0; 4465 4466 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 4467 if (is_admin) { 4468 cmd->nc_sqid = 0; 4469 ioq = nvme->n_adminq; 4470 } else { 4471 cmd->nc_sqid = (CPU->cpu_id % nvme->n_ioq_count) + 1; 4472 ASSERT(cmd->nc_sqid <= nvme->n_ioq_count); 4473 ioq = nvme->n_ioq[cmd->nc_sqid]; 4474 } 4475 4476 /* 4477 * This function is used to facilitate requests from 4478 * userspace, so don't panic if the command fails. This 4479 * is especially true for admin passthru commands, where 4480 * the actual command data structure is entirely defined 4481 * by userspace. 4482 */ 4483 cmd->nc_dontpanic = B_TRUE; 4484 4485 cmd->nc_callback = nvme_wakeup_cmd; 4486 cmd->nc_sqe = *sqe; 4487 4488 if ((rwk & (FREAD | FWRITE)) != 0) { 4489 if (data_addr == NULL) { 4490 rv = EINVAL; 4491 goto free_cmd; 4492 } 4493 4494 if (nvme_zalloc_dma(nvme, data_len, DDI_DMA_READ, 4495 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 4496 dev_err(nvme->n_dip, CE_WARN, 4497 "!nvme_zalloc_dma failed for nvme_ioc_cmd()"); 4498 4499 rv = ENOMEM; 4500 goto free_cmd; 4501 } 4502 4503 if ((rv = nvme_fill_prp(cmd, cmd->nc_dma->nd_dmah)) != 0) 4504 goto free_cmd; 4505 4506 if ((rwk & FWRITE) != 0) { 4507 if (ddi_copyin(data_addr, cmd->nc_dma->nd_memp, 4508 data_len, rwk & FKIOCTL) != 0) { 4509 rv = EFAULT; 4510 goto free_cmd; 4511 } 4512 } 4513 } 4514 4515 if (is_admin) { 4516 nvme_admin_cmd(cmd, timeout); 4517 } else { 4518 mutex_enter(&cmd->nc_mutex); 4519 4520 rv = nvme_submit_io_cmd(ioq, cmd); 4521 4522 if (rv == EAGAIN) { 4523 mutex_exit(&cmd->nc_mutex); 4524 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 4525 "!nvme_ioc_cmd() failed, I/O Q full"); 4526 goto free_cmd; 4527 } 4528 4529 nvme_wait_cmd(cmd, timeout); 4530 4531 mutex_exit(&cmd->nc_mutex); 4532 } 4533 4534 if (cqe != NULL) 4535 *cqe = cmd->nc_cqe; 4536 4537 if ((rv = nvme_check_cmd_status(cmd)) != 0) { 4538 dev_err(nvme->n_dip, CE_WARN, 4539 "!nvme_ioc_cmd() failed with sct = %x, sc = %x", 4540 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 4541 4542 goto free_cmd; 4543 } 4544 4545 if ((rwk & FREAD) != 0) { 4546 if (ddi_copyout(cmd->nc_dma->nd_memp, 4547 data_addr, data_len, rwk & FKIOCTL) != 0) 4548 rv = EFAULT; 4549 } 4550 4551 free_cmd: 4552 nvme_free_cmd(cmd); 4553 4554 return (rv); 4555 } 4556 4557 static int 4558 nvme_ioctl_capabilities(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4559 int mode, cred_t *cred_p) 4560 { 4561 _NOTE(ARGUNUSED(nsid, cred_p)); 4562 int rv = 0; 4563 nvme_reg_cap_t cap = { 0 }; 4564 nvme_capabilities_t nc; 4565 4566 if ((mode & FREAD) == 0) 4567 return (EPERM); 4568 4569 if (nioc->n_len < sizeof (nc)) 4570 return (EINVAL); 4571 4572 cap.r = nvme_get64(nvme, NVME_REG_CAP); 4573 4574 /* 4575 * The MPSMIN and MPSMAX fields in the CAP register use 0 to 4576 * specify the base page size of 4k (1<<12), so add 12 here to 4577 * get the real page size value. 4578 */ 4579 nc.mpsmax = 1 << (12 + cap.b.cap_mpsmax); 4580 nc.mpsmin = 1 << (12 + cap.b.cap_mpsmin); 4581 4582 if (ddi_copyout(&nc, (void *)nioc->n_buf, sizeof (nc), mode) != 0) 4583 rv = EFAULT; 4584 4585 return (rv); 4586 } 4587 4588 static int 4589 nvme_ioctl_get_logpage(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4590 int mode, cred_t *cred_p) 4591 { 4592 _NOTE(ARGUNUSED(cred_p)); 4593 void *log = NULL; 4594 size_t bufsize = 0; 4595 int rv = 0; 4596 4597 if ((mode & FREAD) == 0) 4598 return (EPERM); 4599 4600 switch (nioc->n_arg) { 4601 case NVME_LOGPAGE_ERROR: 4602 if (nsid != 0) 4603 return (EINVAL); 4604 break; 4605 case NVME_LOGPAGE_HEALTH: 4606 if (nsid != 0 && nvme->n_idctl->id_lpa.lp_smart == 0) 4607 return (EINVAL); 4608 4609 if (nsid == 0) 4610 nsid = (uint32_t)-1; 4611 4612 break; 4613 case NVME_LOGPAGE_FWSLOT: 4614 if (nsid != 0) 4615 return (EINVAL); 4616 break; 4617 default: 4618 if (!NVME_IS_VENDOR_SPECIFIC_LOGPAGE(nioc->n_arg)) 4619 return (EINVAL); 4620 if (nioc->n_len > NVME_VENDOR_SPECIFIC_LOGPAGE_MAX_SIZE) { 4621 dev_err(nvme->n_dip, CE_NOTE, "!Vendor-specific log " 4622 "page size exceeds device maximum supported size: " 4623 "%lu", NVME_VENDOR_SPECIFIC_LOGPAGE_MAX_SIZE); 4624 return (EINVAL); 4625 } 4626 if (nioc->n_len == 0) 4627 return (EINVAL); 4628 bufsize = nioc->n_len; 4629 if (nsid == 0) 4630 nsid = (uint32_t)-1; 4631 } 4632 4633 if (nvme_get_logpage(nvme, B_TRUE, &log, &bufsize, nioc->n_arg, nsid) 4634 != DDI_SUCCESS) 4635 return (EIO); 4636 4637 if (nioc->n_len < bufsize) { 4638 kmem_free(log, bufsize); 4639 return (EINVAL); 4640 } 4641 4642 if (ddi_copyout(log, (void *)nioc->n_buf, bufsize, mode) != 0) 4643 rv = EFAULT; 4644 4645 nioc->n_len = bufsize; 4646 kmem_free(log, bufsize); 4647 4648 return (rv); 4649 } 4650 4651 static int 4652 nvme_ioctl_get_features(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4653 int mode, cred_t *cred_p) 4654 { 4655 _NOTE(ARGUNUSED(cred_p)); 4656 void *buf = NULL; 4657 size_t bufsize = 0; 4658 uint32_t res = 0; 4659 uint8_t feature; 4660 int rv = 0; 4661 4662 if ((mode & FREAD) == 0) 4663 return (EPERM); 4664 4665 if ((nioc->n_arg >> 32) > 0xff) 4666 return (EINVAL); 4667 4668 feature = (uint8_t)(nioc->n_arg >> 32); 4669 4670 switch (feature) { 4671 case NVME_FEAT_ARBITRATION: 4672 case NVME_FEAT_POWER_MGMT: 4673 case NVME_FEAT_ERROR: 4674 case NVME_FEAT_NQUEUES: 4675 case NVME_FEAT_INTR_COAL: 4676 case NVME_FEAT_WRITE_ATOM: 4677 case NVME_FEAT_ASYNC_EVENT: 4678 case NVME_FEAT_PROGRESS: 4679 if (nsid != 0) 4680 return (EINVAL); 4681 break; 4682 4683 case NVME_FEAT_TEMPERATURE: 4684 if (nsid != 0) 4685 return (EINVAL); 4686 res = nioc->n_arg & 0xffffffffUL; 4687 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 2)) { 4688 nvme_temp_threshold_t tt; 4689 4690 tt.r = res; 4691 if (tt.b.tt_thsel != NVME_TEMP_THRESH_OVER && 4692 tt.b.tt_thsel != NVME_TEMP_THRESH_UNDER) { 4693 return (EINVAL); 4694 } 4695 4696 if (tt.b.tt_tmpsel > NVME_TEMP_THRESH_MAX_SENSOR) { 4697 return (EINVAL); 4698 } 4699 } else if (res != 0) { 4700 return (ENOTSUP); 4701 } 4702 break; 4703 4704 case NVME_FEAT_INTR_VECT: 4705 if (nsid != 0) 4706 return (EINVAL); 4707 4708 res = nioc->n_arg & 0xffffffffUL; 4709 if (res >= nvme->n_intr_cnt) 4710 return (EINVAL); 4711 break; 4712 4713 case NVME_FEAT_LBA_RANGE: 4714 if (nvme->n_lba_range_supported == B_FALSE) 4715 return (EINVAL); 4716 4717 if (nsid == 0 || 4718 nsid > nvme->n_namespace_count) 4719 return (EINVAL); 4720 4721 break; 4722 4723 case NVME_FEAT_WRITE_CACHE: 4724 if (nsid != 0) 4725 return (EINVAL); 4726 4727 if (!nvme->n_write_cache_present) 4728 return (EINVAL); 4729 4730 break; 4731 4732 case NVME_FEAT_AUTO_PST: 4733 if (nsid != 0) 4734 return (EINVAL); 4735 4736 if (!nvme->n_auto_pst_supported) 4737 return (EINVAL); 4738 4739 break; 4740 4741 default: 4742 return (EINVAL); 4743 } 4744 4745 rv = nvme_get_features(nvme, B_TRUE, nsid, feature, &res, &buf, 4746 &bufsize); 4747 if (rv != 0) 4748 return (rv); 4749 4750 if (nioc->n_len < bufsize) { 4751 kmem_free(buf, bufsize); 4752 return (EINVAL); 4753 } 4754 4755 if (buf && ddi_copyout(buf, (void*)nioc->n_buf, bufsize, mode) != 0) 4756 rv = EFAULT; 4757 4758 kmem_free(buf, bufsize); 4759 nioc->n_arg = res; 4760 nioc->n_len = bufsize; 4761 4762 return (rv); 4763 } 4764 4765 static int 4766 nvme_ioctl_intr_cnt(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4767 cred_t *cred_p) 4768 { 4769 _NOTE(ARGUNUSED(nsid, mode, cred_p)); 4770 4771 if ((mode & FREAD) == 0) 4772 return (EPERM); 4773 4774 nioc->n_arg = nvme->n_intr_cnt; 4775 return (0); 4776 } 4777 4778 static int 4779 nvme_ioctl_version(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4780 cred_t *cred_p) 4781 { 4782 _NOTE(ARGUNUSED(nsid, cred_p)); 4783 int rv = 0; 4784 4785 if ((mode & FREAD) == 0) 4786 return (EPERM); 4787 4788 if (nioc->n_len < sizeof (nvme->n_version)) 4789 return (ENOMEM); 4790 4791 if (ddi_copyout(&nvme->n_version, (void *)nioc->n_buf, 4792 sizeof (nvme->n_version), mode) != 0) 4793 rv = EFAULT; 4794 4795 return (rv); 4796 } 4797 4798 static int 4799 nvme_ioctl_format(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4800 cred_t *cred_p) 4801 { 4802 _NOTE(ARGUNUSED(mode)); 4803 nvme_format_nvm_t frmt = { 0 }; 4804 int c_nsid = nsid != 0 ? nsid - 1 : 0; 4805 nvme_minor_state_t *nm; 4806 4807 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4808 return (EPERM); 4809 4810 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[c_nsid].ns_minor; 4811 if (nm->nm_oexcl != curthread) 4812 return (EACCES); 4813 4814 frmt.r = nioc->n_arg & 0xffffffff; 4815 4816 /* 4817 * Check whether the FORMAT NVM command is supported. 4818 */ 4819 if (nvme->n_idctl->id_oacs.oa_format == 0) 4820 return (ENOTSUP); 4821 4822 /* 4823 * Don't allow format or secure erase of individual namespace if that 4824 * would cause a format or secure erase of all namespaces. 4825 */ 4826 if (nsid != 0 && nvme->n_idctl->id_fna.fn_format != 0) 4827 return (EINVAL); 4828 4829 if (nsid != 0 && frmt.b.fm_ses != NVME_FRMT_SES_NONE && 4830 nvme->n_idctl->id_fna.fn_sec_erase != 0) 4831 return (EINVAL); 4832 4833 /* 4834 * Don't allow formatting with Protection Information. 4835 */ 4836 if (frmt.b.fm_pi != 0 || frmt.b.fm_pil != 0 || frmt.b.fm_ms != 0) 4837 return (EINVAL); 4838 4839 /* 4840 * Don't allow formatting using an illegal LBA format, or any LBA format 4841 * that uses metadata. 4842 */ 4843 if (frmt.b.fm_lbaf > nvme->n_ns[c_nsid].ns_idns->id_nlbaf || 4844 nvme->n_ns[c_nsid].ns_idns->id_lbaf[frmt.b.fm_lbaf].lbaf_ms != 0) 4845 return (EINVAL); 4846 4847 /* 4848 * Don't allow formatting using an illegal Secure Erase setting. 4849 */ 4850 if (frmt.b.fm_ses > NVME_FRMT_MAX_SES || 4851 (frmt.b.fm_ses == NVME_FRMT_SES_CRYPTO && 4852 nvme->n_idctl->id_fna.fn_crypt_erase == 0)) 4853 return (EINVAL); 4854 4855 if (nsid == 0) 4856 nsid = (uint32_t)-1; 4857 4858 return (nvme_format_nvm(nvme, B_TRUE, nsid, frmt.b.fm_lbaf, B_FALSE, 0, 4859 B_FALSE, frmt.b.fm_ses)); 4860 } 4861 4862 static int 4863 nvme_ioctl_detach(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4864 cred_t *cred_p) 4865 { 4866 _NOTE(ARGUNUSED(nioc, mode)); 4867 int rv = 0; 4868 4869 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4870 return (EPERM); 4871 4872 if (nsid == 0) 4873 return (EINVAL); 4874 4875 if (nvme->n_ns[nsid - 1].ns_minor.nm_oexcl != curthread) 4876 return (EACCES); 4877 4878 if (nvme->n_ns[nsid - 1].ns_ignore) 4879 return (0); 4880 4881 rv = bd_detach_handle(nvme->n_ns[nsid - 1].ns_bd_hdl); 4882 if (rv != DDI_SUCCESS) 4883 rv = EBUSY; 4884 4885 return (rv); 4886 } 4887 4888 static int 4889 nvme_ioctl_attach(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4890 cred_t *cred_p) 4891 { 4892 _NOTE(ARGUNUSED(nioc, mode)); 4893 nvme_identify_nsid_t *idns; 4894 int rv = 0; 4895 4896 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4897 return (EPERM); 4898 4899 if (nsid == 0) 4900 return (EINVAL); 4901 4902 if (nvme->n_ns[nsid - 1].ns_minor.nm_oexcl != curthread) 4903 return (EACCES); 4904 4905 /* 4906 * Identify namespace again, free old identify data. 4907 */ 4908 idns = nvme->n_ns[nsid - 1].ns_idns; 4909 if (nvme_init_ns(nvme, nsid) != DDI_SUCCESS) 4910 return (EIO); 4911 4912 kmem_free(idns, sizeof (nvme_identify_nsid_t)); 4913 4914 if (nvme->n_ns[nsid - 1].ns_ignore) 4915 return (ENOTSUP); 4916 4917 if (nvme->n_ns[nsid - 1].ns_bd_hdl == NULL) 4918 nvme->n_ns[nsid - 1].ns_bd_hdl = bd_alloc_handle( 4919 &nvme->n_ns[nsid - 1], &nvme_bd_ops, &nvme->n_prp_dma_attr, 4920 KM_SLEEP); 4921 4922 rv = bd_attach_handle(nvme->n_dip, nvme->n_ns[nsid - 1].ns_bd_hdl); 4923 if (rv != DDI_SUCCESS) 4924 rv = EBUSY; 4925 4926 return (rv); 4927 } 4928 4929 static void 4930 nvme_ufm_update(nvme_t *nvme) 4931 { 4932 mutex_enter(&nvme->n_fwslot_mutex); 4933 ddi_ufm_update(nvme->n_ufmh); 4934 if (nvme->n_fwslot != NULL) { 4935 kmem_free(nvme->n_fwslot, sizeof (nvme_fwslot_log_t)); 4936 nvme->n_fwslot = NULL; 4937 } 4938 mutex_exit(&nvme->n_fwslot_mutex); 4939 } 4940 4941 static int 4942 nvme_ioctl_firmware_download(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4943 int mode, cred_t *cred_p) 4944 { 4945 int rv = 0; 4946 size_t len, copylen; 4947 offset_t offset; 4948 uintptr_t buf; 4949 nvme_cqe_t cqe = { 0 }; 4950 nvme_sqe_t sqe = { 4951 .sqe_opc = NVME_OPC_FW_IMAGE_LOAD 4952 }; 4953 4954 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4955 return (EPERM); 4956 4957 if (nvme->n_idctl->id_oacs.oa_firmware == 0) 4958 return (ENOTSUP); 4959 4960 if (nsid != 0) 4961 return (EINVAL); 4962 4963 /* 4964 * The offset (in n_len) is restricted to the number of DWORDs in 4965 * 32 bits. 4966 */ 4967 if (nioc->n_len > NVME_FW_OFFSETB_MAX) 4968 return (EINVAL); 4969 4970 /* Confirm that both offset and length are a multiple of DWORD bytes */ 4971 if ((nioc->n_len & NVME_DWORD_MASK) != 0 || 4972 (nioc->n_arg & NVME_DWORD_MASK) != 0) 4973 return (EINVAL); 4974 4975 len = nioc->n_len; 4976 offset = nioc->n_arg; 4977 buf = (uintptr_t)nioc->n_buf; 4978 4979 nioc->n_arg = 0; 4980 4981 while (len > 0 && rv == 0) { 4982 /* 4983 * nvme_ioc_cmd() does not use SGLs or PRP lists. 4984 * It is limited to 2 PRPs per NVM command, so limit 4985 * the size of the data to 2 pages. 4986 */ 4987 copylen = MIN(2 * nvme->n_pagesize, len); 4988 4989 sqe.sqe_cdw10 = (uint32_t)(copylen >> NVME_DWORD_SHIFT) - 1; 4990 sqe.sqe_cdw11 = (uint32_t)(offset >> NVME_DWORD_SHIFT); 4991 4992 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, (void *)buf, copylen, 4993 FWRITE, &cqe, nvme_admin_cmd_timeout); 4994 4995 /* 4996 * Regardless of whether the command succeeded or not, whether 4997 * there's an errno in rv to be returned, we'll return any 4998 * command-specific status code in n_arg. 4999 * 5000 * As n_arg isn't cleared in all other possible code paths 5001 * returning an error, we return the status code as a negative 5002 * value so it can be distinguished easily from whatever value 5003 * was passed in n_arg originally. This of course only works as 5004 * long as arguments passed in n_arg are less than INT64_MAX, 5005 * which they currently are. 5006 */ 5007 if (cqe.cqe_sf.sf_sct == NVME_CQE_SCT_SPECIFIC) 5008 nioc->n_arg = (uint64_t)-cqe.cqe_sf.sf_sc; 5009 5010 buf += copylen; 5011 offset += copylen; 5012 len -= copylen; 5013 } 5014 5015 /* 5016 * Let the DDI UFM subsystem know that the firmware information for 5017 * this device has changed. 5018 */ 5019 nvme_ufm_update(nvme); 5020 5021 return (rv); 5022 } 5023 5024 static int 5025 nvme_ioctl_firmware_commit(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 5026 int mode, cred_t *cred_p) 5027 { 5028 nvme_firmware_commit_dw10_t fc_dw10 = { 0 }; 5029 uint32_t slot = nioc->n_arg & 0xffffffff; 5030 uint32_t action = nioc->n_arg >> 32; 5031 nvme_cqe_t cqe = { 0 }; 5032 nvme_sqe_t sqe = { 5033 .sqe_opc = NVME_OPC_FW_ACTIVATE 5034 }; 5035 int timeout; 5036 int rv; 5037 5038 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 5039 return (EPERM); 5040 5041 if (nvme->n_idctl->id_oacs.oa_firmware == 0) 5042 return (ENOTSUP); 5043 5044 if (nsid != 0) 5045 return (EINVAL); 5046 5047 /* Validate slot is in range. */ 5048 if (slot < NVME_FW_SLOT_MIN || slot > NVME_FW_SLOT_MAX) 5049 return (EINVAL); 5050 5051 switch (action) { 5052 case NVME_FWC_SAVE: 5053 case NVME_FWC_SAVE_ACTIVATE: 5054 timeout = nvme_commit_save_cmd_timeout; 5055 if (slot == 1 && nvme->n_idctl->id_frmw.fw_readonly) 5056 return (EROFS); 5057 break; 5058 case NVME_FWC_ACTIVATE: 5059 case NVME_FWC_ACTIVATE_IMMED: 5060 timeout = nvme_admin_cmd_timeout; 5061 break; 5062 default: 5063 return (EINVAL); 5064 } 5065 5066 fc_dw10.b.fc_slot = slot; 5067 fc_dw10.b.fc_action = action; 5068 sqe.sqe_cdw10 = fc_dw10.r; 5069 5070 nioc->n_arg = 0; 5071 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, NULL, 0, 0, &cqe, timeout); 5072 5073 /* 5074 * Regardless of whether the command succeeded or not, whether 5075 * there's an errno in rv to be returned, we'll return any 5076 * command-specific status code in n_arg. 5077 * 5078 * As n_arg isn't cleared in all other possible code paths 5079 * returning an error, we return the status code as a negative 5080 * value so it can be distinguished easily from whatever value 5081 * was passed in n_arg originally. This of course only works as 5082 * long as arguments passed in n_arg are less than INT64_MAX, 5083 * which they currently are. 5084 */ 5085 if (cqe.cqe_sf.sf_sct == NVME_CQE_SCT_SPECIFIC) 5086 nioc->n_arg = (uint64_t)-cqe.cqe_sf.sf_sc; 5087 5088 /* 5089 * Let the DDI UFM subsystem know that the firmware information for 5090 * this device has changed. 5091 */ 5092 nvme_ufm_update(nvme); 5093 5094 return (rv); 5095 } 5096 5097 /* 5098 * Helper to copy in a passthru command from userspace, handling 5099 * different data models. 5100 */ 5101 static int 5102 nvme_passthru_copy_cmd_in(const void *buf, nvme_passthru_cmd_t *cmd, int mode) 5103 { 5104 #ifdef _MULTI_DATAMODEL 5105 switch (ddi_model_convert_from(mode & FMODELS)) { 5106 case DDI_MODEL_ILP32: { 5107 nvme_passthru_cmd32_t cmd32; 5108 if (ddi_copyin(buf, (void*)&cmd32, sizeof (cmd32), mode) != 0) 5109 return (-1); 5110 cmd->npc_opcode = cmd32.npc_opcode; 5111 cmd->npc_timeout = cmd32.npc_timeout; 5112 cmd->npc_flags = cmd32.npc_flags; 5113 cmd->npc_cdw12 = cmd32.npc_cdw12; 5114 cmd->npc_cdw13 = cmd32.npc_cdw13; 5115 cmd->npc_cdw14 = cmd32.npc_cdw14; 5116 cmd->npc_cdw15 = cmd32.npc_cdw15; 5117 cmd->npc_buflen = cmd32.npc_buflen; 5118 cmd->npc_buf = cmd32.npc_buf; 5119 break; 5120 } 5121 case DDI_MODEL_NONE: 5122 #endif 5123 if (ddi_copyin(buf, (void*)cmd, sizeof (nvme_passthru_cmd_t), 5124 mode) != 0) 5125 return (-1); 5126 #ifdef _MULTI_DATAMODEL 5127 break; 5128 } 5129 #endif 5130 return (0); 5131 } 5132 5133 /* 5134 * Helper to copy out a passthru command result to userspace, handling 5135 * different data models. 5136 */ 5137 static int 5138 nvme_passthru_copy_cmd_out(const nvme_passthru_cmd_t *cmd, void *buf, int mode) 5139 { 5140 #ifdef _MULTI_DATAMODEL 5141 switch (ddi_model_convert_from(mode & FMODELS)) { 5142 case DDI_MODEL_ILP32: { 5143 nvme_passthru_cmd32_t cmd32; 5144 bzero(&cmd32, sizeof (cmd32)); 5145 cmd32.npc_opcode = cmd->npc_opcode; 5146 cmd32.npc_status = cmd->npc_status; 5147 cmd32.npc_err = cmd->npc_err; 5148 cmd32.npc_timeout = cmd->npc_timeout; 5149 cmd32.npc_flags = cmd->npc_flags; 5150 cmd32.npc_cdw0 = cmd->npc_cdw0; 5151 cmd32.npc_cdw12 = cmd->npc_cdw12; 5152 cmd32.npc_cdw13 = cmd->npc_cdw13; 5153 cmd32.npc_cdw14 = cmd->npc_cdw14; 5154 cmd32.npc_cdw15 = cmd->npc_cdw15; 5155 cmd32.npc_buflen = (size32_t)cmd->npc_buflen; 5156 cmd32.npc_buf = (uintptr32_t)cmd->npc_buf; 5157 if (ddi_copyout(&cmd32, buf, sizeof (cmd32), mode) != 0) 5158 return (-1); 5159 break; 5160 } 5161 case DDI_MODEL_NONE: 5162 #endif 5163 if (ddi_copyout(cmd, buf, sizeof (nvme_passthru_cmd_t), 5164 mode) != 0) 5165 return (-1); 5166 #ifdef _MULTI_DATAMODEL 5167 break; 5168 } 5169 #endif 5170 return (0); 5171 } 5172 5173 /* 5174 * Run an arbitrary vendor-specific admin command on the device. 5175 */ 5176 static int 5177 nvme_ioctl_passthru(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 5178 cred_t *cred_p) 5179 { 5180 int rv = 0; 5181 uint_t timeout = 0; 5182 int rwk = 0; 5183 nvme_passthru_cmd_t cmd; 5184 size_t expected_passthru_size = 0; 5185 nvme_sqe_t sqe; 5186 nvme_cqe_t cqe; 5187 5188 bzero(&cmd, sizeof (cmd)); 5189 bzero(&sqe, sizeof (sqe)); 5190 bzero(&cqe, sizeof (cqe)); 5191 5192 /* 5193 * Basic checks: permissions, data model, argument size. 5194 */ 5195 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 5196 return (EPERM); 5197 5198 /* 5199 * Compute the expected size of the argument buffer 5200 */ 5201 #ifdef _MULTI_DATAMODEL 5202 switch (ddi_model_convert_from(mode & FMODELS)) { 5203 case DDI_MODEL_ILP32: 5204 expected_passthru_size = sizeof (nvme_passthru_cmd32_t); 5205 break; 5206 case DDI_MODEL_NONE: 5207 #endif 5208 expected_passthru_size = sizeof (nvme_passthru_cmd_t); 5209 #ifdef _MULTI_DATAMODEL 5210 break; 5211 } 5212 #endif 5213 5214 if (nioc->n_len != expected_passthru_size) { 5215 cmd.npc_err = NVME_PASSTHRU_ERR_CMD_SIZE; 5216 rv = EINVAL; 5217 goto out; 5218 } 5219 5220 /* 5221 * Ensure the device supports the standard vendor specific 5222 * admin command format. 5223 */ 5224 if (!nvme->n_idctl->id_nvscc.nv_spec) { 5225 cmd.npc_err = NVME_PASSTHRU_ERR_NOT_SUPPORTED; 5226 rv = ENOTSUP; 5227 goto out; 5228 } 5229 5230 if (nvme_passthru_copy_cmd_in((const void*)nioc->n_buf, &cmd, mode)) 5231 return (EFAULT); 5232 5233 if (!NVME_IS_VENDOR_SPECIFIC_CMD(cmd.npc_opcode)) { 5234 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_OPCODE; 5235 rv = EINVAL; 5236 goto out; 5237 } 5238 5239 /* 5240 * This restriction is not mandated by the spec, so future work 5241 * could relax this if it's necessary to support commands that both 5242 * read and write. 5243 */ 5244 if ((cmd.npc_flags & NVME_PASSTHRU_READ) != 0 && 5245 (cmd.npc_flags & NVME_PASSTHRU_WRITE) != 0) { 5246 cmd.npc_err = NVME_PASSTHRU_ERR_READ_AND_WRITE; 5247 rv = EINVAL; 5248 goto out; 5249 } 5250 if (cmd.npc_timeout > nvme_vendor_specific_admin_cmd_max_timeout) { 5251 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_TIMEOUT; 5252 rv = EINVAL; 5253 goto out; 5254 } 5255 timeout = cmd.npc_timeout; 5256 5257 /* 5258 * Passed-thru command buffer verification: 5259 * - Size is multiple of DWords 5260 * - Non-null iff the length is non-zero 5261 * - Null if neither reading nor writing data. 5262 * - Non-null if reading or writing. 5263 * - Maximum buffer size. 5264 */ 5265 if ((cmd.npc_buflen % sizeof (uint32_t)) != 0) { 5266 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_BUFFER; 5267 rv = EINVAL; 5268 goto out; 5269 } 5270 if (((void*)cmd.npc_buf != NULL && cmd.npc_buflen == 0) || 5271 ((void*)cmd.npc_buf == NULL && cmd.npc_buflen != 0)) { 5272 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_BUFFER; 5273 rv = EINVAL; 5274 goto out; 5275 } 5276 if (cmd.npc_flags == 0 && (void*)cmd.npc_buf != NULL) { 5277 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_BUFFER; 5278 rv = EINVAL; 5279 goto out; 5280 } 5281 if ((cmd.npc_flags != 0) && ((void*)cmd.npc_buf == NULL)) { 5282 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_BUFFER; 5283 rv = EINVAL; 5284 goto out; 5285 } 5286 if (cmd.npc_buflen > nvme_vendor_specific_admin_cmd_size) { 5287 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_BUFFER; 5288 rv = EINVAL; 5289 goto out; 5290 } 5291 if ((cmd.npc_buflen >> NVME_DWORD_SHIFT) > UINT32_MAX) { 5292 cmd.npc_err = NVME_PASSTHRU_ERR_INVALID_BUFFER; 5293 rv = EINVAL; 5294 goto out; 5295 } 5296 5297 sqe.sqe_opc = cmd.npc_opcode; 5298 sqe.sqe_nsid = nsid; 5299 sqe.sqe_cdw10 = (uint32_t)(cmd.npc_buflen >> NVME_DWORD_SHIFT); 5300 sqe.sqe_cdw12 = cmd.npc_cdw12; 5301 sqe.sqe_cdw13 = cmd.npc_cdw13; 5302 sqe.sqe_cdw14 = cmd.npc_cdw14; 5303 sqe.sqe_cdw15 = cmd.npc_cdw15; 5304 if ((cmd.npc_flags & NVME_PASSTHRU_READ) != 0) 5305 rwk = FREAD; 5306 else if ((cmd.npc_flags & NVME_PASSTHRU_WRITE) != 0) 5307 rwk = FWRITE; 5308 5309 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, (void*)cmd.npc_buf, 5310 cmd.npc_buflen, rwk, &cqe, timeout); 5311 cmd.npc_status = cqe.cqe_sf.sf_sc; 5312 cmd.npc_cdw0 = cqe.cqe_dw0; 5313 5314 out: 5315 if (nvme_passthru_copy_cmd_out(&cmd, (void*)nioc->n_buf, mode)) 5316 rv = EFAULT; 5317 return (rv); 5318 } 5319 5320 static int 5321 nvme_ioctl_is_ignored_ns(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 5322 cred_t *cred_p) 5323 { 5324 _NOTE(ARGUNUSED(cred_p)); 5325 5326 if ((mode & FREAD) == 0) 5327 return (EPERM); 5328 5329 if (nsid == 0) 5330 return (EINVAL); 5331 5332 if (nvme->n_ns[nsid - 1].ns_ignore) 5333 nioc->n_arg = 1; 5334 else 5335 nioc->n_arg = 0; 5336 5337 return (0); 5338 } 5339 5340 static int 5341 nvme_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *cred_p, 5342 int *rval_p) 5343 { 5344 #ifndef __lock_lint 5345 _NOTE(ARGUNUSED(rval_p)); 5346 #endif 5347 minor_t minor = getminor(dev); 5348 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 5349 int nsid = NVME_MINOR_NSID(minor); 5350 int rv = 0; 5351 nvme_ioctl_t nioc; 5352 5353 int (*nvme_ioctl[])(nvme_t *, int, nvme_ioctl_t *, int, cred_t *) = { 5354 NULL, 5355 nvme_ioctl_identify, 5356 nvme_ioctl_identify, 5357 nvme_ioctl_capabilities, 5358 nvme_ioctl_get_logpage, 5359 nvme_ioctl_get_features, 5360 nvme_ioctl_intr_cnt, 5361 nvme_ioctl_version, 5362 nvme_ioctl_format, 5363 nvme_ioctl_detach, 5364 nvme_ioctl_attach, 5365 nvme_ioctl_firmware_download, 5366 nvme_ioctl_firmware_commit, 5367 nvme_ioctl_passthru, 5368 nvme_ioctl_is_ignored_ns 5369 }; 5370 5371 if (nvme == NULL) 5372 return (ENXIO); 5373 5374 if (nsid > nvme->n_namespace_count) 5375 return (ENXIO); 5376 5377 if (IS_DEVCTL(cmd)) 5378 return (ndi_devctl_ioctl(nvme->n_dip, cmd, arg, mode, 0)); 5379 5380 #ifdef _MULTI_DATAMODEL 5381 switch (ddi_model_convert_from(mode & FMODELS)) { 5382 case DDI_MODEL_ILP32: { 5383 nvme_ioctl32_t nioc32; 5384 if (ddi_copyin((void*)arg, &nioc32, sizeof (nvme_ioctl32_t), 5385 mode) != 0) 5386 return (EFAULT); 5387 nioc.n_len = nioc32.n_len; 5388 nioc.n_buf = nioc32.n_buf; 5389 nioc.n_arg = nioc32.n_arg; 5390 break; 5391 } 5392 case DDI_MODEL_NONE: 5393 #endif 5394 if (ddi_copyin((void*)arg, &nioc, sizeof (nvme_ioctl_t), mode) 5395 != 0) 5396 return (EFAULT); 5397 #ifdef _MULTI_DATAMODEL 5398 break; 5399 } 5400 #endif 5401 5402 if (nvme->n_dead && cmd != NVME_IOC_DETACH) 5403 return (EIO); 5404 5405 5406 if (cmd == NVME_IOC_IDENTIFY_CTRL) { 5407 /* 5408 * This makes NVME_IOC_IDENTIFY_CTRL work the same on devctl and 5409 * attachment point nodes. 5410 */ 5411 nsid = 0; 5412 } else if (cmd == NVME_IOC_IDENTIFY_NSID && nsid == 0) { 5413 /* 5414 * This makes NVME_IOC_IDENTIFY_NSID work on a devctl node, it 5415 * will always return identify data for namespace 1. 5416 */ 5417 nsid = 1; 5418 } 5419 5420 if (IS_NVME_IOC(cmd) && nvme_ioctl[NVME_IOC_CMD(cmd)] != NULL) 5421 rv = nvme_ioctl[NVME_IOC_CMD(cmd)](nvme, nsid, &nioc, mode, 5422 cred_p); 5423 else 5424 rv = EINVAL; 5425 5426 #ifdef _MULTI_DATAMODEL 5427 switch (ddi_model_convert_from(mode & FMODELS)) { 5428 case DDI_MODEL_ILP32: { 5429 nvme_ioctl32_t nioc32; 5430 5431 nioc32.n_len = (size32_t)nioc.n_len; 5432 nioc32.n_buf = (uintptr32_t)nioc.n_buf; 5433 nioc32.n_arg = nioc.n_arg; 5434 5435 if (ddi_copyout(&nioc32, (void *)arg, sizeof (nvme_ioctl32_t), 5436 mode) != 0) 5437 return (EFAULT); 5438 break; 5439 } 5440 case DDI_MODEL_NONE: 5441 #endif 5442 if (ddi_copyout(&nioc, (void *)arg, sizeof (nvme_ioctl_t), mode) 5443 != 0) 5444 return (EFAULT); 5445 #ifdef _MULTI_DATAMODEL 5446 break; 5447 } 5448 #endif 5449 5450 return (rv); 5451 } 5452 5453 /* 5454 * DDI UFM Callbacks 5455 */ 5456 static int 5457 nvme_ufm_fill_image(ddi_ufm_handle_t *ufmh, void *arg, uint_t imgno, 5458 ddi_ufm_image_t *img) 5459 { 5460 nvme_t *nvme = arg; 5461 5462 if (imgno != 0) 5463 return (EINVAL); 5464 5465 ddi_ufm_image_set_desc(img, "Firmware"); 5466 ddi_ufm_image_set_nslots(img, nvme->n_idctl->id_frmw.fw_nslot); 5467 5468 return (0); 5469 } 5470 5471 /* 5472 * Fill out firmware slot information for the requested slot. The firmware 5473 * slot information is gathered by requesting the Firmware Slot Information log 5474 * page. The format of the page is described in section 5.10.1.3. 5475 * 5476 * We lazily cache the log page on the first call and then invalidate the cache 5477 * data after a successful firmware download or firmware commit command. 5478 * The cached data is protected by a mutex as the state can change 5479 * asynchronous to this callback. 5480 */ 5481 static int 5482 nvme_ufm_fill_slot(ddi_ufm_handle_t *ufmh, void *arg, uint_t imgno, 5483 uint_t slotno, ddi_ufm_slot_t *slot) 5484 { 5485 nvme_t *nvme = arg; 5486 void *log = NULL; 5487 size_t bufsize; 5488 ddi_ufm_attr_t attr = 0; 5489 char fw_ver[NVME_FWVER_SZ + 1]; 5490 int ret; 5491 5492 if (imgno > 0 || slotno > (nvme->n_idctl->id_frmw.fw_nslot - 1)) 5493 return (EINVAL); 5494 5495 mutex_enter(&nvme->n_fwslot_mutex); 5496 if (nvme->n_fwslot == NULL) { 5497 ret = nvme_get_logpage(nvme, B_TRUE, &log, &bufsize, 5498 NVME_LOGPAGE_FWSLOT, 0); 5499 if (ret != DDI_SUCCESS || 5500 bufsize != sizeof (nvme_fwslot_log_t)) { 5501 if (log != NULL) 5502 kmem_free(log, bufsize); 5503 mutex_exit(&nvme->n_fwslot_mutex); 5504 return (EIO); 5505 } 5506 nvme->n_fwslot = (nvme_fwslot_log_t *)log; 5507 } 5508 5509 /* 5510 * NVMe numbers firmware slots starting at 1 5511 */ 5512 if (slotno == (nvme->n_fwslot->fw_afi - 1)) 5513 attr |= DDI_UFM_ATTR_ACTIVE; 5514 5515 if (slotno != 0 || nvme->n_idctl->id_frmw.fw_readonly == 0) 5516 attr |= DDI_UFM_ATTR_WRITEABLE; 5517 5518 if (nvme->n_fwslot->fw_frs[slotno][0] == '\0') { 5519 attr |= DDI_UFM_ATTR_EMPTY; 5520 } else { 5521 (void) strncpy(fw_ver, nvme->n_fwslot->fw_frs[slotno], 5522 NVME_FWVER_SZ); 5523 fw_ver[NVME_FWVER_SZ] = '\0'; 5524 ddi_ufm_slot_set_version(slot, fw_ver); 5525 } 5526 mutex_exit(&nvme->n_fwslot_mutex); 5527 5528 ddi_ufm_slot_set_attrs(slot, attr); 5529 5530 return (0); 5531 } 5532 5533 static int 5534 nvme_ufm_getcaps(ddi_ufm_handle_t *ufmh, void *arg, ddi_ufm_cap_t *caps) 5535 { 5536 *caps = DDI_UFM_CAP_REPORT; 5537 return (0); 5538 } 5539