1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2018 Nexenta Systems, Inc. 14 * Copyright 2016 Tegile Systems, Inc. All rights reserved. 15 * Copyright (c) 2016 The MathWorks, Inc. All rights reserved. 16 * Copyright 2020 Joyent, Inc. 17 * Copyright 2019 Western Digital Corporation. 18 * Copyright 2020 Racktop Systems. 19 */ 20 21 /* 22 * blkdev driver for NVMe compliant storage devices 23 * 24 * This driver was written to conform to version 1.2.1 of the NVMe 25 * specification. It may work with newer versions, but that is completely 26 * untested and disabled by default. 27 * 28 * The driver has only been tested on x86 systems and will not work on big- 29 * endian systems without changes to the code accessing registers and data 30 * structures used by the hardware. 31 * 32 * 33 * Interrupt Usage: 34 * 35 * The driver will use a single interrupt while configuring the device as the 36 * specification requires, but contrary to the specification it will try to use 37 * a single-message MSI(-X) or FIXED interrupt. Later in the attach process it 38 * will switch to multiple-message MSI(-X) if supported. The driver wants to 39 * have one interrupt vector per CPU, but it will work correctly if less are 40 * available. Interrupts can be shared by queues, the interrupt handler will 41 * iterate through the I/O queue array by steps of n_intr_cnt. Usually only 42 * the admin queue will share an interrupt with one I/O queue. The interrupt 43 * handler will retrieve completed commands from all queues sharing an interrupt 44 * vector and will post them to a taskq for completion processing. 45 * 46 * 47 * Command Processing: 48 * 49 * NVMe devices can have up to 65535 I/O queue pairs, with each queue holding up 50 * to 65536 I/O commands. The driver will configure one I/O queue pair per 51 * available interrupt vector, with the queue length usually much smaller than 52 * the maximum of 65536. If the hardware doesn't provide enough queues, fewer 53 * interrupt vectors will be used. 54 * 55 * Additionally the hardware provides a single special admin queue pair that can 56 * hold up to 4096 admin commands. 57 * 58 * From the hardware perspective both queues of a queue pair are independent, 59 * but they share some driver state: the command array (holding pointers to 60 * commands currently being processed by the hardware) and the active command 61 * counter. Access to a submission queue and the shared state is protected by 62 * nq_mutex, completion queue is protected by ncq_mutex. 63 * 64 * When a command is submitted to a queue pair the active command counter is 65 * incremented and a pointer to the command is stored in the command array. The 66 * array index is used as command identifier (CID) in the submission queue 67 * entry. Some commands may take a very long time to complete, and if the queue 68 * wraps around in that time a submission may find the next array slot to still 69 * be used by a long-running command. In this case the array is sequentially 70 * searched for the next free slot. The length of the command array is the same 71 * as the configured queue length. Queue overrun is prevented by the semaphore, 72 * so a command submission may block if the queue is full. 73 * 74 * 75 * Polled I/O Support: 76 * 77 * For kernel core dump support the driver can do polled I/O. As interrupts are 78 * turned off while dumping the driver will just submit a command in the regular 79 * way, and then repeatedly attempt a command retrieval until it gets the 80 * command back. 81 * 82 * 83 * Namespace Support: 84 * 85 * NVMe devices can have multiple namespaces, each being a independent data 86 * store. The driver supports multiple namespaces and creates a blkdev interface 87 * for each namespace found. Namespaces can have various attributes to support 88 * protection information. This driver does not support any of this and ignores 89 * namespaces that have these attributes. 90 * 91 * As of NVMe 1.1 namespaces can have an 64bit Extended Unique Identifier 92 * (EUI64). This driver uses the EUI64 if present to generate the devid and 93 * passes it to blkdev to use it in the device node names. As this is currently 94 * untested namespaces with EUI64 are ignored by default. 95 * 96 * We currently support only (2 << NVME_MINOR_INST_SHIFT) - 2 namespaces in a 97 * single controller. This is an artificial limit imposed by the driver to be 98 * able to address a reasonable number of controllers and namespaces using a 99 * 32bit minor node number. 100 * 101 * 102 * Minor nodes: 103 * 104 * For each NVMe device the driver exposes one minor node for the controller and 105 * one minor node for each namespace. The only operations supported by those 106 * minor nodes are open(9E), close(9E), and ioctl(9E). This serves as the 107 * interface for the nvmeadm(1M) utility. 108 * 109 * 110 * Blkdev Interface: 111 * 112 * This driver uses blkdev to do all the heavy lifting involved with presenting 113 * a disk device to the system. As a result, the processing of I/O requests is 114 * relatively simple as blkdev takes care of partitioning, boundary checks, DMA 115 * setup, and splitting of transfers into manageable chunks. 116 * 117 * I/O requests coming in from blkdev are turned into NVM commands and posted to 118 * an I/O queue. The queue is selected by taking the CPU id modulo the number of 119 * queues. There is currently no timeout handling of I/O commands. 120 * 121 * Blkdev also supports querying device/media information and generating a 122 * devid. The driver reports the best block size as determined by the namespace 123 * format back to blkdev as physical block size to support partition and block 124 * alignment. The devid is either based on the namespace EUI64, if present, or 125 * composed using the device vendor ID, model number, serial number, and the 126 * namespace ID. 127 * 128 * 129 * Error Handling: 130 * 131 * Error handling is currently limited to detecting fatal hardware errors, 132 * either by asynchronous events, or synchronously through command status or 133 * admin command timeouts. In case of severe errors the device is fenced off, 134 * all further requests will return EIO. FMA is then called to fault the device. 135 * 136 * The hardware has a limit for outstanding asynchronous event requests. Before 137 * this limit is known the driver assumes it is at least 1 and posts a single 138 * asynchronous request. Later when the limit is known more asynchronous event 139 * requests are posted to allow quicker reception of error information. When an 140 * asynchronous event is posted by the hardware the driver will parse the error 141 * status fields and log information or fault the device, depending on the 142 * severity of the asynchronous event. The asynchronous event request is then 143 * reused and posted to the admin queue again. 144 * 145 * On command completion the command status is checked for errors. In case of 146 * errors indicating a driver bug the driver panics. Almost all other error 147 * status values just cause EIO to be returned. 148 * 149 * Command timeouts are currently detected for all admin commands except 150 * asynchronous event requests. If a command times out and the hardware appears 151 * to be healthy the driver attempts to abort the command. The original command 152 * timeout is also applied to the abort command. If the abort times out too the 153 * driver assumes the device to be dead, fences it off, and calls FMA to retire 154 * it. In all other cases the aborted command should return immediately with a 155 * status indicating it was aborted, and the driver will wait indefinitely for 156 * that to happen. No timeout handling of normal I/O commands is presently done. 157 * 158 * Any command that times out due to the controller dropping dead will be put on 159 * nvme_lost_cmds list if it references DMA memory. This will prevent the DMA 160 * memory being reused by the system and later be written to by a "dead" NVMe 161 * controller. 162 * 163 * 164 * Locking: 165 * 166 * Each queue pair has a nq_mutex and ncq_mutex. The nq_mutex must be held 167 * when accessing shared state and submission queue registers, ncq_mutex 168 * is held when accessing completion queue state and registers. 169 * Callers of nvme_unqueue_cmd() must make sure that nq_mutex is held, while 170 * nvme_submit_{admin,io}_cmd() and nvme_retrieve_cmd() take care of both 171 * mutexes themselves. 172 * 173 * Each command also has its own nc_mutex, which is associated with the 174 * condition variable nc_cv. It is only used on admin commands which are run 175 * synchronously. In that case it must be held across calls to 176 * nvme_submit_{admin,io}_cmd() and nvme_wait_cmd(), which is taken care of by 177 * nvme_admin_cmd(). It must also be held whenever the completion state of the 178 * command is changed or while a admin command timeout is handled. 179 * 180 * If both nc_mutex and nq_mutex must be held, nc_mutex must be acquired first. 181 * More than one nc_mutex may only be held when aborting commands. In this case, 182 * the nc_mutex of the command to be aborted must be held across the call to 183 * nvme_abort_cmd() to prevent the command from completing while the abort is in 184 * progress. 185 * 186 * If both nq_mutex and ncq_mutex need to be held, ncq_mutex must be 187 * acquired first. More than one nq_mutex is never held by a single thread. 188 * The ncq_mutex is only held by nvme_retrieve_cmd() and 189 * nvme_process_iocq(). nvme_process_iocq() is only called from the 190 * interrupt thread and nvme_retrieve_cmd() during polled I/O, so the 191 * mutex is non-contentious but is required for implementation completeness 192 * and safety. 193 * 194 * Each minor node has its own nm_mutex, which protects the open count nm_ocnt 195 * and exclusive-open flag nm_oexcl. 196 * 197 * 198 * Quiesce / Fast Reboot: 199 * 200 * The driver currently does not support fast reboot. A quiesce(9E) entry point 201 * is still provided which is used to send a shutdown notification to the 202 * device. 203 * 204 * 205 * DDI UFM Support 206 * 207 * The driver supports the DDI UFM framework for reporting information about 208 * the device's firmware image and slot configuration. This data can be 209 * queried by userland software via ioctls to the ufm driver. For more 210 * information, see ddi_ufm(9E). 211 * 212 * 213 * Driver Configuration: 214 * 215 * The following driver properties can be changed to control some aspects of the 216 * drivers operation: 217 * - strict-version: can be set to 0 to allow devices conforming to newer 218 * major versions to be used 219 * - ignore-unknown-vendor-status: can be set to 1 to not handle any vendor 220 * specific command status as a fatal error leading device faulting 221 * - admin-queue-len: the maximum length of the admin queue (16-4096) 222 * - io-squeue-len: the maximum length of the I/O submission queues (16-65536) 223 * - io-cqueue-len: the maximum length of the I/O completion queues (16-65536) 224 * - async-event-limit: the maximum number of asynchronous event requests to be 225 * posted by the driver 226 * - volatile-write-cache-enable: can be set to 0 to disable the volatile write 227 * cache 228 * - min-phys-block-size: the minimum physical block size to report to blkdev, 229 * which is among other things the basis for ZFS vdev ashift 230 * - max-submission-queues: the maximum number of I/O submission queues. 231 * - max-completion-queues: the maximum number of I/O completion queues, 232 * can be less than max-submission-queues, in which case the completion 233 * queues are shared. 234 * 235 * 236 * TODO: 237 * - figure out sane default for I/O queue depth reported to blkdev 238 * - FMA handling of media errors 239 * - support for devices supporting very large I/O requests using chained PRPs 240 * - support for configuring hardware parameters like interrupt coalescing 241 * - support for media formatting and hard partitioning into namespaces 242 * - support for big-endian systems 243 * - support for fast reboot 244 * - support for NVMe Subsystem Reset (1.1) 245 * - support for Scatter/Gather lists (1.1) 246 * - support for Reservations (1.1) 247 * - support for power management 248 */ 249 250 #include <sys/byteorder.h> 251 #ifdef _BIG_ENDIAN 252 #error nvme driver needs porting for big-endian platforms 253 #endif 254 255 #include <sys/modctl.h> 256 #include <sys/conf.h> 257 #include <sys/devops.h> 258 #include <sys/ddi.h> 259 #include <sys/ddi_ufm.h> 260 #include <sys/sunddi.h> 261 #include <sys/sunndi.h> 262 #include <sys/bitmap.h> 263 #include <sys/sysmacros.h> 264 #include <sys/param.h> 265 #include <sys/varargs.h> 266 #include <sys/cpuvar.h> 267 #include <sys/disp.h> 268 #include <sys/blkdev.h> 269 #include <sys/atomic.h> 270 #include <sys/archsystm.h> 271 #include <sys/sata/sata_hba.h> 272 #include <sys/stat.h> 273 #include <sys/policy.h> 274 #include <sys/list.h> 275 #include <sys/dkio.h> 276 277 #include <sys/nvme.h> 278 279 #ifdef __x86 280 #include <sys/x86_archext.h> 281 #endif 282 283 #include "nvme_reg.h" 284 #include "nvme_var.h" 285 286 /* 287 * Assertions to make sure that we've properly captured various aspects of the 288 * packed structures and haven't broken them during updates. 289 */ 290 CTASSERT(sizeof (nvme_identify_ctrl_t) == 0x1000); 291 CTASSERT(offsetof(nvme_identify_ctrl_t, id_oacs) == 256); 292 CTASSERT(offsetof(nvme_identify_ctrl_t, id_sqes) == 512); 293 CTASSERT(offsetof(nvme_identify_ctrl_t, id_oncs) == 520); 294 CTASSERT(offsetof(nvme_identify_ctrl_t, id_subnqn) == 768); 295 CTASSERT(offsetof(nvme_identify_ctrl_t, id_nvmof) == 1792); 296 CTASSERT(offsetof(nvme_identify_ctrl_t, id_psd) == 2048); 297 CTASSERT(offsetof(nvme_identify_ctrl_t, id_vs) == 3072); 298 299 CTASSERT(sizeof (nvme_identify_nsid_t) == 0x1000); 300 CTASSERT(offsetof(nvme_identify_nsid_t, id_fpi) == 32); 301 CTASSERT(offsetof(nvme_identify_nsid_t, id_anagrpid) == 92); 302 CTASSERT(offsetof(nvme_identify_nsid_t, id_nguid) == 104); 303 CTASSERT(offsetof(nvme_identify_nsid_t, id_lbaf) == 128); 304 CTASSERT(offsetof(nvme_identify_nsid_t, id_vs) == 384); 305 306 CTASSERT(sizeof (nvme_identify_primary_caps_t) == 0x1000); 307 CTASSERT(offsetof(nvme_identify_primary_caps_t, nipc_vqfrt) == 32); 308 CTASSERT(offsetof(nvme_identify_primary_caps_t, nipc_vifrt) == 64); 309 310 311 /* NVMe spec version supported */ 312 static const int nvme_version_major = 1; 313 314 /* tunable for admin command timeout in seconds, default is 1s */ 315 int nvme_admin_cmd_timeout = 1; 316 317 /* tunable for FORMAT NVM command timeout in seconds, default is 600s */ 318 int nvme_format_cmd_timeout = 600; 319 320 /* tunable for firmware commit with NVME_FWC_SAVE, default is 15s */ 321 int nvme_commit_save_cmd_timeout = 15; 322 323 static int nvme_attach(dev_info_t *, ddi_attach_cmd_t); 324 static int nvme_detach(dev_info_t *, ddi_detach_cmd_t); 325 static int nvme_quiesce(dev_info_t *); 326 static int nvme_fm_errcb(dev_info_t *, ddi_fm_error_t *, const void *); 327 static int nvme_setup_interrupts(nvme_t *, int, int); 328 static void nvme_release_interrupts(nvme_t *); 329 static uint_t nvme_intr(caddr_t, caddr_t); 330 331 static void nvme_shutdown(nvme_t *, int, boolean_t); 332 static boolean_t nvme_reset(nvme_t *, boolean_t); 333 static int nvme_init(nvme_t *); 334 static nvme_cmd_t *nvme_alloc_cmd(nvme_t *, int); 335 static void nvme_free_cmd(nvme_cmd_t *); 336 static nvme_cmd_t *nvme_create_nvm_cmd(nvme_namespace_t *, uint8_t, 337 bd_xfer_t *); 338 static void nvme_admin_cmd(nvme_cmd_t *, int); 339 static void nvme_submit_admin_cmd(nvme_qpair_t *, nvme_cmd_t *); 340 static int nvme_submit_io_cmd(nvme_qpair_t *, nvme_cmd_t *); 341 static void nvme_submit_cmd_common(nvme_qpair_t *, nvme_cmd_t *); 342 static nvme_cmd_t *nvme_unqueue_cmd(nvme_t *, nvme_qpair_t *, int); 343 static nvme_cmd_t *nvme_retrieve_cmd(nvme_t *, nvme_qpair_t *); 344 static void nvme_wait_cmd(nvme_cmd_t *, uint_t); 345 static void nvme_wakeup_cmd(void *); 346 static void nvme_async_event_task(void *); 347 348 static int nvme_check_unknown_cmd_status(nvme_cmd_t *); 349 static int nvme_check_vendor_cmd_status(nvme_cmd_t *); 350 static int nvme_check_integrity_cmd_status(nvme_cmd_t *); 351 static int nvme_check_specific_cmd_status(nvme_cmd_t *); 352 static int nvme_check_generic_cmd_status(nvme_cmd_t *); 353 static inline int nvme_check_cmd_status(nvme_cmd_t *); 354 355 static int nvme_abort_cmd(nvme_cmd_t *, uint_t); 356 static void nvme_async_event(nvme_t *); 357 static int nvme_format_nvm(nvme_t *, boolean_t, uint32_t, uint8_t, boolean_t, 358 uint8_t, boolean_t, uint8_t); 359 static int nvme_get_logpage(nvme_t *, boolean_t, void **, size_t *, uint8_t, 360 ...); 361 static int nvme_identify(nvme_t *, boolean_t, uint32_t, void **); 362 static int nvme_set_features(nvme_t *, boolean_t, uint32_t, uint8_t, uint32_t, 363 uint32_t *); 364 static int nvme_get_features(nvme_t *, boolean_t, uint32_t, uint8_t, uint32_t *, 365 void **, size_t *); 366 static int nvme_write_cache_set(nvme_t *, boolean_t); 367 static int nvme_set_nqueues(nvme_t *); 368 369 static void nvme_free_dma(nvme_dma_t *); 370 static int nvme_zalloc_dma(nvme_t *, size_t, uint_t, ddi_dma_attr_t *, 371 nvme_dma_t **); 372 static int nvme_zalloc_queue_dma(nvme_t *, uint32_t, uint16_t, uint_t, 373 nvme_dma_t **); 374 static void nvme_free_qpair(nvme_qpair_t *); 375 static int nvme_alloc_qpair(nvme_t *, uint32_t, nvme_qpair_t **, uint_t); 376 static int nvme_create_io_qpair(nvme_t *, nvme_qpair_t *, uint16_t); 377 378 static inline void nvme_put64(nvme_t *, uintptr_t, uint64_t); 379 static inline void nvme_put32(nvme_t *, uintptr_t, uint32_t); 380 static inline uint64_t nvme_get64(nvme_t *, uintptr_t); 381 static inline uint32_t nvme_get32(nvme_t *, uintptr_t); 382 383 static boolean_t nvme_check_regs_hdl(nvme_t *); 384 static boolean_t nvme_check_dma_hdl(nvme_dma_t *); 385 386 static int nvme_fill_prp(nvme_cmd_t *, bd_xfer_t *); 387 388 static void nvme_bd_xfer_done(void *); 389 static void nvme_bd_driveinfo(void *, bd_drive_t *); 390 static int nvme_bd_mediainfo(void *, bd_media_t *); 391 static int nvme_bd_cmd(nvme_namespace_t *, bd_xfer_t *, uint8_t); 392 static int nvme_bd_read(void *, bd_xfer_t *); 393 static int nvme_bd_write(void *, bd_xfer_t *); 394 static int nvme_bd_sync(void *, bd_xfer_t *); 395 static int nvme_bd_devid(void *, dev_info_t *, ddi_devid_t *); 396 static int nvme_bd_free_space(void *, bd_xfer_t *); 397 398 static int nvme_prp_dma_constructor(void *, void *, int); 399 static void nvme_prp_dma_destructor(void *, void *); 400 401 static void nvme_prepare_devid(nvme_t *, uint32_t); 402 403 /* DDI UFM callbacks */ 404 static int nvme_ufm_fill_image(ddi_ufm_handle_t *, void *, uint_t, 405 ddi_ufm_image_t *); 406 static int nvme_ufm_fill_slot(ddi_ufm_handle_t *, void *, uint_t, uint_t, 407 ddi_ufm_slot_t *); 408 static int nvme_ufm_getcaps(ddi_ufm_handle_t *, void *, ddi_ufm_cap_t *); 409 410 static int nvme_open(dev_t *, int, int, cred_t *); 411 static int nvme_close(dev_t, int, int, cred_t *); 412 static int nvme_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); 413 414 static ddi_ufm_ops_t nvme_ufm_ops = { 415 NULL, 416 nvme_ufm_fill_image, 417 nvme_ufm_fill_slot, 418 nvme_ufm_getcaps 419 }; 420 421 #define NVME_MINOR_INST_SHIFT 9 422 #define NVME_MINOR(inst, nsid) (((inst) << NVME_MINOR_INST_SHIFT) | (nsid)) 423 #define NVME_MINOR_INST(minor) ((minor) >> NVME_MINOR_INST_SHIFT) 424 #define NVME_MINOR_NSID(minor) ((minor) & ((1 << NVME_MINOR_INST_SHIFT) - 1)) 425 #define NVME_MINOR_MAX (NVME_MINOR(1, 0) - 2) 426 427 static void *nvme_state; 428 static kmem_cache_t *nvme_cmd_cache; 429 430 /* 431 * DMA attributes for queue DMA memory 432 * 433 * Queue DMA memory must be page aligned. The maximum length of a queue is 434 * 65536 entries, and an entry can be 64 bytes long. 435 */ 436 static ddi_dma_attr_t nvme_queue_dma_attr = { 437 .dma_attr_version = DMA_ATTR_V0, 438 .dma_attr_addr_lo = 0, 439 .dma_attr_addr_hi = 0xffffffffffffffffULL, 440 .dma_attr_count_max = (UINT16_MAX + 1) * sizeof (nvme_sqe_t) - 1, 441 .dma_attr_align = 0x1000, 442 .dma_attr_burstsizes = 0x7ff, 443 .dma_attr_minxfer = 0x1000, 444 .dma_attr_maxxfer = (UINT16_MAX + 1) * sizeof (nvme_sqe_t), 445 .dma_attr_seg = 0xffffffffffffffffULL, 446 .dma_attr_sgllen = 1, 447 .dma_attr_granular = 1, 448 .dma_attr_flags = 0, 449 }; 450 451 /* 452 * DMA attributes for transfers using Physical Region Page (PRP) entries 453 * 454 * A PRP entry describes one page of DMA memory using the page size specified 455 * in the controller configuration's memory page size register (CC.MPS). It uses 456 * a 64bit base address aligned to this page size. There is no limitation on 457 * chaining PRPs together for arbitrarily large DMA transfers. 458 */ 459 static ddi_dma_attr_t nvme_prp_dma_attr = { 460 .dma_attr_version = DMA_ATTR_V0, 461 .dma_attr_addr_lo = 0, 462 .dma_attr_addr_hi = 0xffffffffffffffffULL, 463 .dma_attr_count_max = 0xfff, 464 .dma_attr_align = 0x1000, 465 .dma_attr_burstsizes = 0x7ff, 466 .dma_attr_minxfer = 0x1000, 467 .dma_attr_maxxfer = 0x1000, 468 .dma_attr_seg = 0xfff, 469 .dma_attr_sgllen = -1, 470 .dma_attr_granular = 1, 471 .dma_attr_flags = 0, 472 }; 473 474 /* 475 * DMA attributes for transfers using scatter/gather lists 476 * 477 * A SGL entry describes a chunk of DMA memory using a 64bit base address and a 478 * 32bit length field. SGL Segment and SGL Last Segment entries require the 479 * length to be a multiple of 16 bytes. 480 */ 481 static ddi_dma_attr_t nvme_sgl_dma_attr = { 482 .dma_attr_version = DMA_ATTR_V0, 483 .dma_attr_addr_lo = 0, 484 .dma_attr_addr_hi = 0xffffffffffffffffULL, 485 .dma_attr_count_max = 0xffffffffUL, 486 .dma_attr_align = 1, 487 .dma_attr_burstsizes = 0x7ff, 488 .dma_attr_minxfer = 0x10, 489 .dma_attr_maxxfer = 0xfffffffffULL, 490 .dma_attr_seg = 0xffffffffffffffffULL, 491 .dma_attr_sgllen = -1, 492 .dma_attr_granular = 0x10, 493 .dma_attr_flags = 0 494 }; 495 496 static ddi_device_acc_attr_t nvme_reg_acc_attr = { 497 .devacc_attr_version = DDI_DEVICE_ATTR_V0, 498 .devacc_attr_endian_flags = DDI_STRUCTURE_LE_ACC, 499 .devacc_attr_dataorder = DDI_STRICTORDER_ACC 500 }; 501 502 static struct cb_ops nvme_cb_ops = { 503 .cb_open = nvme_open, 504 .cb_close = nvme_close, 505 .cb_strategy = nodev, 506 .cb_print = nodev, 507 .cb_dump = nodev, 508 .cb_read = nodev, 509 .cb_write = nodev, 510 .cb_ioctl = nvme_ioctl, 511 .cb_devmap = nodev, 512 .cb_mmap = nodev, 513 .cb_segmap = nodev, 514 .cb_chpoll = nochpoll, 515 .cb_prop_op = ddi_prop_op, 516 .cb_str = 0, 517 .cb_flag = D_NEW | D_MP, 518 .cb_rev = CB_REV, 519 .cb_aread = nodev, 520 .cb_awrite = nodev 521 }; 522 523 static struct dev_ops nvme_dev_ops = { 524 .devo_rev = DEVO_REV, 525 .devo_refcnt = 0, 526 .devo_getinfo = ddi_no_info, 527 .devo_identify = nulldev, 528 .devo_probe = nulldev, 529 .devo_attach = nvme_attach, 530 .devo_detach = nvme_detach, 531 .devo_reset = nodev, 532 .devo_cb_ops = &nvme_cb_ops, 533 .devo_bus_ops = NULL, 534 .devo_power = NULL, 535 .devo_quiesce = nvme_quiesce, 536 }; 537 538 static struct modldrv nvme_modldrv = { 539 .drv_modops = &mod_driverops, 540 .drv_linkinfo = "NVMe v1.1b", 541 .drv_dev_ops = &nvme_dev_ops 542 }; 543 544 static struct modlinkage nvme_modlinkage = { 545 .ml_rev = MODREV_1, 546 .ml_linkage = { &nvme_modldrv, NULL } 547 }; 548 549 static bd_ops_t nvme_bd_ops = { 550 .o_version = BD_OPS_CURRENT_VERSION, 551 .o_drive_info = nvme_bd_driveinfo, 552 .o_media_info = nvme_bd_mediainfo, 553 .o_devid_init = nvme_bd_devid, 554 .o_sync_cache = nvme_bd_sync, 555 .o_read = nvme_bd_read, 556 .o_write = nvme_bd_write, 557 .o_free_space = nvme_bd_free_space, 558 }; 559 560 /* 561 * This list will hold commands that have timed out and couldn't be aborted. 562 * As we don't know what the hardware may still do with the DMA memory we can't 563 * free them, so we'll keep them forever on this list where we can easily look 564 * at them with mdb. 565 */ 566 static struct list nvme_lost_cmds; 567 static kmutex_t nvme_lc_mutex; 568 569 int 570 _init(void) 571 { 572 int error; 573 574 error = ddi_soft_state_init(&nvme_state, sizeof (nvme_t), 1); 575 if (error != DDI_SUCCESS) 576 return (error); 577 578 nvme_cmd_cache = kmem_cache_create("nvme_cmd_cache", 579 sizeof (nvme_cmd_t), 64, NULL, NULL, NULL, NULL, NULL, 0); 580 581 mutex_init(&nvme_lc_mutex, NULL, MUTEX_DRIVER, NULL); 582 list_create(&nvme_lost_cmds, sizeof (nvme_cmd_t), 583 offsetof(nvme_cmd_t, nc_list)); 584 585 bd_mod_init(&nvme_dev_ops); 586 587 error = mod_install(&nvme_modlinkage); 588 if (error != DDI_SUCCESS) { 589 ddi_soft_state_fini(&nvme_state); 590 mutex_destroy(&nvme_lc_mutex); 591 list_destroy(&nvme_lost_cmds); 592 bd_mod_fini(&nvme_dev_ops); 593 } 594 595 return (error); 596 } 597 598 int 599 _fini(void) 600 { 601 int error; 602 603 if (!list_is_empty(&nvme_lost_cmds)) 604 return (DDI_FAILURE); 605 606 error = mod_remove(&nvme_modlinkage); 607 if (error == DDI_SUCCESS) { 608 ddi_soft_state_fini(&nvme_state); 609 kmem_cache_destroy(nvme_cmd_cache); 610 mutex_destroy(&nvme_lc_mutex); 611 list_destroy(&nvme_lost_cmds); 612 bd_mod_fini(&nvme_dev_ops); 613 } 614 615 return (error); 616 } 617 618 int 619 _info(struct modinfo *modinfop) 620 { 621 return (mod_info(&nvme_modlinkage, modinfop)); 622 } 623 624 static inline void 625 nvme_put64(nvme_t *nvme, uintptr_t reg, uint64_t val) 626 { 627 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x7) == 0); 628 629 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 630 ddi_put64(nvme->n_regh, (uint64_t *)(nvme->n_regs + reg), val); 631 } 632 633 static inline void 634 nvme_put32(nvme_t *nvme, uintptr_t reg, uint32_t val) 635 { 636 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x3) == 0); 637 638 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 639 ddi_put32(nvme->n_regh, (uint32_t *)(nvme->n_regs + reg), val); 640 } 641 642 static inline uint64_t 643 nvme_get64(nvme_t *nvme, uintptr_t reg) 644 { 645 uint64_t val; 646 647 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x7) == 0); 648 649 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 650 val = ddi_get64(nvme->n_regh, (uint64_t *)(nvme->n_regs + reg)); 651 652 return (val); 653 } 654 655 static inline uint32_t 656 nvme_get32(nvme_t *nvme, uintptr_t reg) 657 { 658 uint32_t val; 659 660 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x3) == 0); 661 662 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 663 val = ddi_get32(nvme->n_regh, (uint32_t *)(nvme->n_regs + reg)); 664 665 return (val); 666 } 667 668 static boolean_t 669 nvme_check_regs_hdl(nvme_t *nvme) 670 { 671 ddi_fm_error_t error; 672 673 ddi_fm_acc_err_get(nvme->n_regh, &error, DDI_FME_VERSION); 674 675 if (error.fme_status != DDI_FM_OK) 676 return (B_TRUE); 677 678 return (B_FALSE); 679 } 680 681 static boolean_t 682 nvme_check_dma_hdl(nvme_dma_t *dma) 683 { 684 ddi_fm_error_t error; 685 686 if (dma == NULL) 687 return (B_FALSE); 688 689 ddi_fm_dma_err_get(dma->nd_dmah, &error, DDI_FME_VERSION); 690 691 if (error.fme_status != DDI_FM_OK) 692 return (B_TRUE); 693 694 return (B_FALSE); 695 } 696 697 static void 698 nvme_free_dma_common(nvme_dma_t *dma) 699 { 700 if (dma->nd_dmah != NULL) 701 (void) ddi_dma_unbind_handle(dma->nd_dmah); 702 if (dma->nd_acch != NULL) 703 ddi_dma_mem_free(&dma->nd_acch); 704 if (dma->nd_dmah != NULL) 705 ddi_dma_free_handle(&dma->nd_dmah); 706 } 707 708 static void 709 nvme_free_dma(nvme_dma_t *dma) 710 { 711 nvme_free_dma_common(dma); 712 kmem_free(dma, sizeof (*dma)); 713 } 714 715 /* ARGSUSED */ 716 static void 717 nvme_prp_dma_destructor(void *buf, void *private) 718 { 719 nvme_dma_t *dma = (nvme_dma_t *)buf; 720 721 nvme_free_dma_common(dma); 722 } 723 724 static int 725 nvme_alloc_dma_common(nvme_t *nvme, nvme_dma_t *dma, 726 size_t len, uint_t flags, ddi_dma_attr_t *dma_attr) 727 { 728 if (ddi_dma_alloc_handle(nvme->n_dip, dma_attr, DDI_DMA_SLEEP, NULL, 729 &dma->nd_dmah) != DDI_SUCCESS) { 730 /* 731 * Due to DDI_DMA_SLEEP this can't be DDI_DMA_NORESOURCES, and 732 * the only other possible error is DDI_DMA_BADATTR which 733 * indicates a driver bug which should cause a panic. 734 */ 735 dev_err(nvme->n_dip, CE_PANIC, 736 "!failed to get DMA handle, check DMA attributes"); 737 return (DDI_FAILURE); 738 } 739 740 /* 741 * ddi_dma_mem_alloc() can only fail when DDI_DMA_NOSLEEP is specified 742 * or the flags are conflicting, which isn't the case here. 743 */ 744 (void) ddi_dma_mem_alloc(dma->nd_dmah, len, &nvme->n_reg_acc_attr, 745 DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, &dma->nd_memp, 746 &dma->nd_len, &dma->nd_acch); 747 748 if (ddi_dma_addr_bind_handle(dma->nd_dmah, NULL, dma->nd_memp, 749 dma->nd_len, flags | DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, 750 &dma->nd_cookie, &dma->nd_ncookie) != DDI_DMA_MAPPED) { 751 dev_err(nvme->n_dip, CE_WARN, 752 "!failed to bind DMA memory"); 753 atomic_inc_32(&nvme->n_dma_bind_err); 754 nvme_free_dma_common(dma); 755 return (DDI_FAILURE); 756 } 757 758 return (DDI_SUCCESS); 759 } 760 761 static int 762 nvme_zalloc_dma(nvme_t *nvme, size_t len, uint_t flags, 763 ddi_dma_attr_t *dma_attr, nvme_dma_t **ret) 764 { 765 nvme_dma_t *dma = kmem_zalloc(sizeof (nvme_dma_t), KM_SLEEP); 766 767 if (nvme_alloc_dma_common(nvme, dma, len, flags, dma_attr) != 768 DDI_SUCCESS) { 769 *ret = NULL; 770 kmem_free(dma, sizeof (nvme_dma_t)); 771 return (DDI_FAILURE); 772 } 773 774 bzero(dma->nd_memp, dma->nd_len); 775 776 *ret = dma; 777 return (DDI_SUCCESS); 778 } 779 780 /* ARGSUSED */ 781 static int 782 nvme_prp_dma_constructor(void *buf, void *private, int flags) 783 { 784 nvme_dma_t *dma = (nvme_dma_t *)buf; 785 nvme_t *nvme = (nvme_t *)private; 786 787 dma->nd_dmah = NULL; 788 dma->nd_acch = NULL; 789 790 if (nvme_alloc_dma_common(nvme, dma, nvme->n_pagesize, 791 DDI_DMA_READ, &nvme->n_prp_dma_attr) != DDI_SUCCESS) { 792 return (-1); 793 } 794 795 ASSERT(dma->nd_ncookie == 1); 796 797 dma->nd_cached = B_TRUE; 798 799 return (0); 800 } 801 802 static int 803 nvme_zalloc_queue_dma(nvme_t *nvme, uint32_t nentry, uint16_t qe_len, 804 uint_t flags, nvme_dma_t **dma) 805 { 806 uint32_t len = nentry * qe_len; 807 ddi_dma_attr_t q_dma_attr = nvme->n_queue_dma_attr; 808 809 len = roundup(len, nvme->n_pagesize); 810 811 if (nvme_zalloc_dma(nvme, len, flags, &q_dma_attr, dma) 812 != DDI_SUCCESS) { 813 dev_err(nvme->n_dip, CE_WARN, 814 "!failed to get DMA memory for queue"); 815 goto fail; 816 } 817 818 if ((*dma)->nd_ncookie != 1) { 819 dev_err(nvme->n_dip, CE_WARN, 820 "!got too many cookies for queue DMA"); 821 goto fail; 822 } 823 824 return (DDI_SUCCESS); 825 826 fail: 827 if (*dma) { 828 nvme_free_dma(*dma); 829 *dma = NULL; 830 } 831 832 return (DDI_FAILURE); 833 } 834 835 static void 836 nvme_free_cq(nvme_cq_t *cq) 837 { 838 mutex_destroy(&cq->ncq_mutex); 839 840 if (cq->ncq_cmd_taskq != NULL) 841 taskq_destroy(cq->ncq_cmd_taskq); 842 843 if (cq->ncq_dma != NULL) 844 nvme_free_dma(cq->ncq_dma); 845 846 kmem_free(cq, sizeof (*cq)); 847 } 848 849 static void 850 nvme_free_qpair(nvme_qpair_t *qp) 851 { 852 int i; 853 854 mutex_destroy(&qp->nq_mutex); 855 sema_destroy(&qp->nq_sema); 856 857 if (qp->nq_sqdma != NULL) 858 nvme_free_dma(qp->nq_sqdma); 859 860 if (qp->nq_active_cmds > 0) 861 for (i = 0; i != qp->nq_nentry; i++) 862 if (qp->nq_cmd[i] != NULL) 863 nvme_free_cmd(qp->nq_cmd[i]); 864 865 if (qp->nq_cmd != NULL) 866 kmem_free(qp->nq_cmd, sizeof (nvme_cmd_t *) * qp->nq_nentry); 867 868 kmem_free(qp, sizeof (nvme_qpair_t)); 869 } 870 871 /* 872 * Destroy the pre-allocated cq array, but only free individual completion 873 * queues from the given starting index. 874 */ 875 static void 876 nvme_destroy_cq_array(nvme_t *nvme, uint_t start) 877 { 878 uint_t i; 879 880 for (i = start; i < nvme->n_cq_count; i++) 881 if (nvme->n_cq[i] != NULL) 882 nvme_free_cq(nvme->n_cq[i]); 883 884 kmem_free(nvme->n_cq, sizeof (*nvme->n_cq) * nvme->n_cq_count); 885 } 886 887 static int 888 nvme_alloc_cq(nvme_t *nvme, uint32_t nentry, nvme_cq_t **cqp, uint16_t idx, 889 uint_t nthr) 890 { 891 nvme_cq_t *cq = kmem_zalloc(sizeof (*cq), KM_SLEEP); 892 char name[64]; /* large enough for the taskq name */ 893 894 mutex_init(&cq->ncq_mutex, NULL, MUTEX_DRIVER, 895 DDI_INTR_PRI(nvme->n_intr_pri)); 896 897 if (nvme_zalloc_queue_dma(nvme, nentry, sizeof (nvme_cqe_t), 898 DDI_DMA_READ, &cq->ncq_dma) != DDI_SUCCESS) 899 goto fail; 900 901 cq->ncq_cq = (nvme_cqe_t *)cq->ncq_dma->nd_memp; 902 cq->ncq_nentry = nentry; 903 cq->ncq_id = idx; 904 cq->ncq_hdbl = NVME_REG_CQHDBL(nvme, idx); 905 906 /* 907 * Each completion queue has its own command taskq. 908 */ 909 (void) snprintf(name, sizeof (name), "%s%d_cmd_taskq%u", 910 ddi_driver_name(nvme->n_dip), ddi_get_instance(nvme->n_dip), idx); 911 912 cq->ncq_cmd_taskq = taskq_create(name, nthr, minclsyspri, 64, INT_MAX, 913 TASKQ_PREPOPULATE); 914 915 if (cq->ncq_cmd_taskq == NULL) { 916 dev_err(nvme->n_dip, CE_WARN, "!failed to create cmd " 917 "taskq for cq %u", idx); 918 goto fail; 919 } 920 921 *cqp = cq; 922 return (DDI_SUCCESS); 923 924 fail: 925 nvme_free_cq(cq); 926 *cqp = NULL; 927 928 return (DDI_FAILURE); 929 } 930 931 /* 932 * Create the n_cq array big enough to hold "ncq" completion queues. 933 * If the array already exists it will be re-sized (but only larger). 934 * The admin queue is included in this array, which boosts the 935 * max number of entries to UINT16_MAX + 1. 936 */ 937 static int 938 nvme_create_cq_array(nvme_t *nvme, uint_t ncq, uint32_t nentry, uint_t nthr) 939 { 940 nvme_cq_t **cq; 941 uint_t i, cq_count; 942 943 ASSERT3U(ncq, >, nvme->n_cq_count); 944 945 cq = nvme->n_cq; 946 cq_count = nvme->n_cq_count; 947 948 nvme->n_cq = kmem_zalloc(sizeof (*nvme->n_cq) * ncq, KM_SLEEP); 949 nvme->n_cq_count = ncq; 950 951 for (i = 0; i < cq_count; i++) 952 nvme->n_cq[i] = cq[i]; 953 954 for (; i < nvme->n_cq_count; i++) 955 if (nvme_alloc_cq(nvme, nentry, &nvme->n_cq[i], i, nthr) != 956 DDI_SUCCESS) 957 goto fail; 958 959 if (cq != NULL) 960 kmem_free(cq, sizeof (*cq) * cq_count); 961 962 return (DDI_SUCCESS); 963 964 fail: 965 nvme_destroy_cq_array(nvme, cq_count); 966 /* 967 * Restore the original array 968 */ 969 nvme->n_cq_count = cq_count; 970 nvme->n_cq = cq; 971 972 return (DDI_FAILURE); 973 } 974 975 static int 976 nvme_alloc_qpair(nvme_t *nvme, uint32_t nentry, nvme_qpair_t **nqp, 977 uint_t idx) 978 { 979 nvme_qpair_t *qp = kmem_zalloc(sizeof (*qp), KM_SLEEP); 980 uint_t cq_idx; 981 982 mutex_init(&qp->nq_mutex, NULL, MUTEX_DRIVER, 983 DDI_INTR_PRI(nvme->n_intr_pri)); 984 985 /* 986 * The NVMe spec defines that a full queue has one empty (unused) slot; 987 * initialize the semaphore accordingly. 988 */ 989 sema_init(&qp->nq_sema, nentry - 1, NULL, SEMA_DRIVER, NULL); 990 991 if (nvme_zalloc_queue_dma(nvme, nentry, sizeof (nvme_sqe_t), 992 DDI_DMA_WRITE, &qp->nq_sqdma) != DDI_SUCCESS) 993 goto fail; 994 995 /* 996 * idx == 0 is adminq, those above 0 are shared io completion queues. 997 */ 998 cq_idx = idx == 0 ? 0 : 1 + (idx - 1) % (nvme->n_cq_count - 1); 999 qp->nq_cq = nvme->n_cq[cq_idx]; 1000 qp->nq_sq = (nvme_sqe_t *)qp->nq_sqdma->nd_memp; 1001 qp->nq_nentry = nentry; 1002 1003 qp->nq_sqtdbl = NVME_REG_SQTDBL(nvme, idx); 1004 1005 qp->nq_cmd = kmem_zalloc(sizeof (nvme_cmd_t *) * nentry, KM_SLEEP); 1006 qp->nq_next_cmd = 0; 1007 1008 *nqp = qp; 1009 return (DDI_SUCCESS); 1010 1011 fail: 1012 nvme_free_qpair(qp); 1013 *nqp = NULL; 1014 1015 return (DDI_FAILURE); 1016 } 1017 1018 static nvme_cmd_t * 1019 nvme_alloc_cmd(nvme_t *nvme, int kmflag) 1020 { 1021 nvme_cmd_t *cmd = kmem_cache_alloc(nvme_cmd_cache, kmflag); 1022 1023 if (cmd == NULL) 1024 return (cmd); 1025 1026 bzero(cmd, sizeof (nvme_cmd_t)); 1027 1028 cmd->nc_nvme = nvme; 1029 1030 mutex_init(&cmd->nc_mutex, NULL, MUTEX_DRIVER, 1031 DDI_INTR_PRI(nvme->n_intr_pri)); 1032 cv_init(&cmd->nc_cv, NULL, CV_DRIVER, NULL); 1033 1034 return (cmd); 1035 } 1036 1037 static void 1038 nvme_free_cmd(nvme_cmd_t *cmd) 1039 { 1040 /* Don't free commands on the lost commands list. */ 1041 if (list_link_active(&cmd->nc_list)) 1042 return; 1043 1044 if (cmd->nc_dma) { 1045 if (cmd->nc_dma->nd_cached) 1046 kmem_cache_free(cmd->nc_nvme->n_prp_cache, 1047 cmd->nc_dma); 1048 else 1049 nvme_free_dma(cmd->nc_dma); 1050 cmd->nc_dma = NULL; 1051 } 1052 1053 cv_destroy(&cmd->nc_cv); 1054 mutex_destroy(&cmd->nc_mutex); 1055 1056 kmem_cache_free(nvme_cmd_cache, cmd); 1057 } 1058 1059 static void 1060 nvme_submit_admin_cmd(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1061 { 1062 sema_p(&qp->nq_sema); 1063 nvme_submit_cmd_common(qp, cmd); 1064 } 1065 1066 static int 1067 nvme_submit_io_cmd(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1068 { 1069 if (sema_tryp(&qp->nq_sema) == 0) 1070 return (EAGAIN); 1071 1072 nvme_submit_cmd_common(qp, cmd); 1073 return (0); 1074 } 1075 1076 static void 1077 nvme_submit_cmd_common(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1078 { 1079 nvme_reg_sqtdbl_t tail = { 0 }; 1080 1081 mutex_enter(&qp->nq_mutex); 1082 cmd->nc_completed = B_FALSE; 1083 1084 /* 1085 * Try to insert the cmd into the active cmd array at the nq_next_cmd 1086 * slot. If the slot is already occupied advance to the next slot and 1087 * try again. This can happen for long running commands like async event 1088 * requests. 1089 */ 1090 while (qp->nq_cmd[qp->nq_next_cmd] != NULL) 1091 qp->nq_next_cmd = (qp->nq_next_cmd + 1) % qp->nq_nentry; 1092 qp->nq_cmd[qp->nq_next_cmd] = cmd; 1093 1094 qp->nq_active_cmds++; 1095 1096 cmd->nc_sqe.sqe_cid = qp->nq_next_cmd; 1097 bcopy(&cmd->nc_sqe, &qp->nq_sq[qp->nq_sqtail], sizeof (nvme_sqe_t)); 1098 (void) ddi_dma_sync(qp->nq_sqdma->nd_dmah, 1099 sizeof (nvme_sqe_t) * qp->nq_sqtail, 1100 sizeof (nvme_sqe_t), DDI_DMA_SYNC_FORDEV); 1101 qp->nq_next_cmd = (qp->nq_next_cmd + 1) % qp->nq_nentry; 1102 1103 tail.b.sqtdbl_sqt = qp->nq_sqtail = (qp->nq_sqtail + 1) % qp->nq_nentry; 1104 nvme_put32(cmd->nc_nvme, qp->nq_sqtdbl, tail.r); 1105 1106 mutex_exit(&qp->nq_mutex); 1107 } 1108 1109 static nvme_cmd_t * 1110 nvme_unqueue_cmd(nvme_t *nvme, nvme_qpair_t *qp, int cid) 1111 { 1112 nvme_cmd_t *cmd; 1113 1114 ASSERT(mutex_owned(&qp->nq_mutex)); 1115 ASSERT3S(cid, <, qp->nq_nentry); 1116 1117 cmd = qp->nq_cmd[cid]; 1118 qp->nq_cmd[cid] = NULL; 1119 ASSERT3U(qp->nq_active_cmds, >, 0); 1120 qp->nq_active_cmds--; 1121 sema_v(&qp->nq_sema); 1122 1123 ASSERT3P(cmd, !=, NULL); 1124 ASSERT3P(cmd->nc_nvme, ==, nvme); 1125 ASSERT3S(cmd->nc_sqe.sqe_cid, ==, cid); 1126 1127 return (cmd); 1128 } 1129 1130 /* 1131 * Get the command tied to the next completed cqe and bump along completion 1132 * queue head counter. 1133 */ 1134 static nvme_cmd_t * 1135 nvme_get_completed(nvme_t *nvme, nvme_cq_t *cq) 1136 { 1137 nvme_qpair_t *qp; 1138 nvme_cqe_t *cqe; 1139 nvme_cmd_t *cmd; 1140 1141 ASSERT(mutex_owned(&cq->ncq_mutex)); 1142 1143 cqe = &cq->ncq_cq[cq->ncq_head]; 1144 1145 /* Check phase tag of CQE. Hardware inverts it for new entries. */ 1146 if (cqe->cqe_sf.sf_p == cq->ncq_phase) 1147 return (NULL); 1148 1149 qp = nvme->n_ioq[cqe->cqe_sqid]; 1150 1151 mutex_enter(&qp->nq_mutex); 1152 cmd = nvme_unqueue_cmd(nvme, qp, cqe->cqe_cid); 1153 mutex_exit(&qp->nq_mutex); 1154 1155 ASSERT(cmd->nc_sqid == cqe->cqe_sqid); 1156 bcopy(cqe, &cmd->nc_cqe, sizeof (nvme_cqe_t)); 1157 1158 qp->nq_sqhead = cqe->cqe_sqhd; 1159 1160 cq->ncq_head = (cq->ncq_head + 1) % cq->ncq_nentry; 1161 1162 /* Toggle phase on wrap-around. */ 1163 if (cq->ncq_head == 0) 1164 cq->ncq_phase = cq->ncq_phase ? 0 : 1; 1165 1166 return (cmd); 1167 } 1168 1169 /* 1170 * Process all completed commands on the io completion queue. 1171 */ 1172 static uint_t 1173 nvme_process_iocq(nvme_t *nvme, nvme_cq_t *cq) 1174 { 1175 nvme_reg_cqhdbl_t head = { 0 }; 1176 nvme_cmd_t *cmd; 1177 uint_t completed = 0; 1178 1179 if (ddi_dma_sync(cq->ncq_dma->nd_dmah, 0, 0, DDI_DMA_SYNC_FORKERNEL) != 1180 DDI_SUCCESS) 1181 dev_err(nvme->n_dip, CE_WARN, "!ddi_dma_sync() failed in %s", 1182 __func__); 1183 1184 mutex_enter(&cq->ncq_mutex); 1185 1186 while ((cmd = nvme_get_completed(nvme, cq)) != NULL) { 1187 taskq_dispatch_ent(cq->ncq_cmd_taskq, cmd->nc_callback, cmd, 1188 TQ_NOSLEEP, &cmd->nc_tqent); 1189 1190 completed++; 1191 } 1192 1193 if (completed > 0) { 1194 /* 1195 * Update the completion queue head doorbell. 1196 */ 1197 head.b.cqhdbl_cqh = cq->ncq_head; 1198 nvme_put32(nvme, cq->ncq_hdbl, head.r); 1199 } 1200 1201 mutex_exit(&cq->ncq_mutex); 1202 1203 return (completed); 1204 } 1205 1206 static nvme_cmd_t * 1207 nvme_retrieve_cmd(nvme_t *nvme, nvme_qpair_t *qp) 1208 { 1209 nvme_cq_t *cq = qp->nq_cq; 1210 nvme_reg_cqhdbl_t head = { 0 }; 1211 nvme_cmd_t *cmd; 1212 1213 if (ddi_dma_sync(cq->ncq_dma->nd_dmah, 0, 0, DDI_DMA_SYNC_FORKERNEL) != 1214 DDI_SUCCESS) 1215 dev_err(nvme->n_dip, CE_WARN, "!ddi_dma_sync() failed in %s", 1216 __func__); 1217 1218 mutex_enter(&cq->ncq_mutex); 1219 1220 if ((cmd = nvme_get_completed(nvme, cq)) != NULL) { 1221 head.b.cqhdbl_cqh = cq->ncq_head; 1222 nvme_put32(nvme, cq->ncq_hdbl, head.r); 1223 } 1224 1225 mutex_exit(&cq->ncq_mutex); 1226 1227 return (cmd); 1228 } 1229 1230 static int 1231 nvme_check_unknown_cmd_status(nvme_cmd_t *cmd) 1232 { 1233 nvme_cqe_t *cqe = &cmd->nc_cqe; 1234 1235 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1236 "!unknown command status received: opc = %x, sqid = %d, cid = %d, " 1237 "sc = %x, sct = %x, dnr = %d, m = %d", cmd->nc_sqe.sqe_opc, 1238 cqe->cqe_sqid, cqe->cqe_cid, cqe->cqe_sf.sf_sc, cqe->cqe_sf.sf_sct, 1239 cqe->cqe_sf.sf_dnr, cqe->cqe_sf.sf_m); 1240 1241 if (cmd->nc_xfer != NULL) 1242 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1243 1244 if (cmd->nc_nvme->n_strict_version) { 1245 cmd->nc_nvme->n_dead = B_TRUE; 1246 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1247 } 1248 1249 return (EIO); 1250 } 1251 1252 static int 1253 nvme_check_vendor_cmd_status(nvme_cmd_t *cmd) 1254 { 1255 nvme_cqe_t *cqe = &cmd->nc_cqe; 1256 1257 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1258 "!unknown command status received: opc = %x, sqid = %d, cid = %d, " 1259 "sc = %x, sct = %x, dnr = %d, m = %d", cmd->nc_sqe.sqe_opc, 1260 cqe->cqe_sqid, cqe->cqe_cid, cqe->cqe_sf.sf_sc, cqe->cqe_sf.sf_sct, 1261 cqe->cqe_sf.sf_dnr, cqe->cqe_sf.sf_m); 1262 if (!cmd->nc_nvme->n_ignore_unknown_vendor_status) { 1263 cmd->nc_nvme->n_dead = B_TRUE; 1264 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1265 } 1266 1267 return (EIO); 1268 } 1269 1270 static int 1271 nvme_check_integrity_cmd_status(nvme_cmd_t *cmd) 1272 { 1273 nvme_cqe_t *cqe = &cmd->nc_cqe; 1274 1275 switch (cqe->cqe_sf.sf_sc) { 1276 case NVME_CQE_SC_INT_NVM_WRITE: 1277 /* write fail */ 1278 /* TODO: post ereport */ 1279 if (cmd->nc_xfer != NULL) 1280 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1281 return (EIO); 1282 1283 case NVME_CQE_SC_INT_NVM_READ: 1284 /* read fail */ 1285 /* TODO: post ereport */ 1286 if (cmd->nc_xfer != NULL) 1287 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1288 return (EIO); 1289 1290 default: 1291 return (nvme_check_unknown_cmd_status(cmd)); 1292 } 1293 } 1294 1295 static int 1296 nvme_check_generic_cmd_status(nvme_cmd_t *cmd) 1297 { 1298 nvme_cqe_t *cqe = &cmd->nc_cqe; 1299 1300 switch (cqe->cqe_sf.sf_sc) { 1301 case NVME_CQE_SC_GEN_SUCCESS: 1302 return (0); 1303 1304 /* 1305 * Errors indicating a bug in the driver should cause a panic. 1306 */ 1307 case NVME_CQE_SC_GEN_INV_OPC: 1308 /* Invalid Command Opcode */ 1309 if (!cmd->nc_dontpanic) 1310 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1311 "programming error: invalid opcode in cmd %p", 1312 (void *)cmd); 1313 return (EINVAL); 1314 1315 case NVME_CQE_SC_GEN_INV_FLD: 1316 /* Invalid Field in Command */ 1317 if (!cmd->nc_dontpanic) 1318 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1319 "programming error: invalid field in cmd %p", 1320 (void *)cmd); 1321 return (EIO); 1322 1323 case NVME_CQE_SC_GEN_ID_CNFL: 1324 /* Command ID Conflict */ 1325 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1326 "cmd ID conflict in cmd %p", (void *)cmd); 1327 return (0); 1328 1329 case NVME_CQE_SC_GEN_INV_NS: 1330 /* Invalid Namespace or Format */ 1331 if (!cmd->nc_dontpanic) 1332 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1333 "programming error: invalid NS/format in cmd %p", 1334 (void *)cmd); 1335 return (EINVAL); 1336 1337 case NVME_CQE_SC_GEN_NVM_LBA_RANGE: 1338 /* LBA Out Of Range */ 1339 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1340 "LBA out of range in cmd %p", (void *)cmd); 1341 return (0); 1342 1343 /* 1344 * Non-fatal errors, handle gracefully. 1345 */ 1346 case NVME_CQE_SC_GEN_DATA_XFR_ERR: 1347 /* Data Transfer Error (DMA) */ 1348 /* TODO: post ereport */ 1349 atomic_inc_32(&cmd->nc_nvme->n_data_xfr_err); 1350 if (cmd->nc_xfer != NULL) 1351 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1352 return (EIO); 1353 1354 case NVME_CQE_SC_GEN_INTERNAL_ERR: 1355 /* 1356 * Internal Error. The spec (v1.0, section 4.5.1.2) says 1357 * detailed error information is returned as async event, 1358 * so we pretty much ignore the error here and handle it 1359 * in the async event handler. 1360 */ 1361 atomic_inc_32(&cmd->nc_nvme->n_internal_err); 1362 if (cmd->nc_xfer != NULL) 1363 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1364 return (EIO); 1365 1366 case NVME_CQE_SC_GEN_ABORT_REQUEST: 1367 /* 1368 * Command Abort Requested. This normally happens only when a 1369 * command times out. 1370 */ 1371 /* TODO: post ereport or change blkdev to handle this? */ 1372 atomic_inc_32(&cmd->nc_nvme->n_abort_rq_err); 1373 return (ECANCELED); 1374 1375 case NVME_CQE_SC_GEN_ABORT_PWRLOSS: 1376 /* Command Aborted due to Power Loss Notification */ 1377 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1378 cmd->nc_nvme->n_dead = B_TRUE; 1379 return (EIO); 1380 1381 case NVME_CQE_SC_GEN_ABORT_SQ_DEL: 1382 /* Command Aborted due to SQ Deletion */ 1383 atomic_inc_32(&cmd->nc_nvme->n_abort_sq_del); 1384 return (EIO); 1385 1386 case NVME_CQE_SC_GEN_NVM_CAP_EXC: 1387 /* Capacity Exceeded */ 1388 atomic_inc_32(&cmd->nc_nvme->n_nvm_cap_exc); 1389 if (cmd->nc_xfer != NULL) 1390 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1391 return (EIO); 1392 1393 case NVME_CQE_SC_GEN_NVM_NS_NOTRDY: 1394 /* Namespace Not Ready */ 1395 atomic_inc_32(&cmd->nc_nvme->n_nvm_ns_notrdy); 1396 if (cmd->nc_xfer != NULL) 1397 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1398 return (EIO); 1399 1400 default: 1401 return (nvme_check_unknown_cmd_status(cmd)); 1402 } 1403 } 1404 1405 static int 1406 nvme_check_specific_cmd_status(nvme_cmd_t *cmd) 1407 { 1408 nvme_cqe_t *cqe = &cmd->nc_cqe; 1409 1410 switch (cqe->cqe_sf.sf_sc) { 1411 case NVME_CQE_SC_SPC_INV_CQ: 1412 /* Completion Queue Invalid */ 1413 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE); 1414 atomic_inc_32(&cmd->nc_nvme->n_inv_cq_err); 1415 return (EINVAL); 1416 1417 case NVME_CQE_SC_SPC_INV_QID: 1418 /* Invalid Queue Identifier */ 1419 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE || 1420 cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_SQUEUE || 1421 cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE || 1422 cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_CQUEUE); 1423 atomic_inc_32(&cmd->nc_nvme->n_inv_qid_err); 1424 return (EINVAL); 1425 1426 case NVME_CQE_SC_SPC_MAX_QSZ_EXC: 1427 /* Max Queue Size Exceeded */ 1428 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE || 1429 cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE); 1430 atomic_inc_32(&cmd->nc_nvme->n_max_qsz_exc); 1431 return (EINVAL); 1432 1433 case NVME_CQE_SC_SPC_ABRT_CMD_EXC: 1434 /* Abort Command Limit Exceeded */ 1435 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_ABORT); 1436 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1437 "abort command limit exceeded in cmd %p", (void *)cmd); 1438 return (0); 1439 1440 case NVME_CQE_SC_SPC_ASYNC_EVREQ_EXC: 1441 /* Async Event Request Limit Exceeded */ 1442 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_ASYNC_EVENT); 1443 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1444 "async event request limit exceeded in cmd %p", 1445 (void *)cmd); 1446 return (0); 1447 1448 case NVME_CQE_SC_SPC_INV_INT_VECT: 1449 /* Invalid Interrupt Vector */ 1450 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE); 1451 atomic_inc_32(&cmd->nc_nvme->n_inv_int_vect); 1452 return (EINVAL); 1453 1454 case NVME_CQE_SC_SPC_INV_LOG_PAGE: 1455 /* Invalid Log Page */ 1456 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_GET_LOG_PAGE); 1457 atomic_inc_32(&cmd->nc_nvme->n_inv_log_page); 1458 return (EINVAL); 1459 1460 case NVME_CQE_SC_SPC_INV_FORMAT: 1461 /* Invalid Format */ 1462 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_FORMAT); 1463 atomic_inc_32(&cmd->nc_nvme->n_inv_format); 1464 if (cmd->nc_xfer != NULL) 1465 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1466 return (EINVAL); 1467 1468 case NVME_CQE_SC_SPC_INV_Q_DEL: 1469 /* Invalid Queue Deletion */ 1470 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_CQUEUE); 1471 atomic_inc_32(&cmd->nc_nvme->n_inv_q_del); 1472 return (EINVAL); 1473 1474 case NVME_CQE_SC_SPC_NVM_CNFL_ATTR: 1475 /* Conflicting Attributes */ 1476 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_DSET_MGMT || 1477 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_READ || 1478 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1479 atomic_inc_32(&cmd->nc_nvme->n_cnfl_attr); 1480 if (cmd->nc_xfer != NULL) 1481 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1482 return (EINVAL); 1483 1484 case NVME_CQE_SC_SPC_NVM_INV_PROT: 1485 /* Invalid Protection Information */ 1486 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_COMPARE || 1487 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_READ || 1488 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1489 atomic_inc_32(&cmd->nc_nvme->n_inv_prot); 1490 if (cmd->nc_xfer != NULL) 1491 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1492 return (EINVAL); 1493 1494 case NVME_CQE_SC_SPC_NVM_READONLY: 1495 /* Write to Read Only Range */ 1496 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1497 atomic_inc_32(&cmd->nc_nvme->n_readonly); 1498 if (cmd->nc_xfer != NULL) 1499 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1500 return (EROFS); 1501 1502 case NVME_CQE_SC_SPC_INV_FW_SLOT: 1503 /* Invalid Firmware Slot */ 1504 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1505 return (EINVAL); 1506 1507 case NVME_CQE_SC_SPC_INV_FW_IMG: 1508 /* Invalid Firmware Image */ 1509 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1510 return (EINVAL); 1511 1512 case NVME_CQE_SC_SPC_FW_RESET: 1513 /* Conventional Reset Required */ 1514 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1515 return (0); 1516 1517 case NVME_CQE_SC_SPC_FW_NSSR: 1518 /* NVMe Subsystem Reset Required */ 1519 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1520 return (0); 1521 1522 case NVME_CQE_SC_SPC_FW_NEXT_RESET: 1523 /* Activation Requires Reset */ 1524 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1525 return (0); 1526 1527 case NVME_CQE_SC_SPC_FW_MTFA: 1528 /* Activation Requires Maximum Time Violation */ 1529 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1530 return (EAGAIN); 1531 1532 case NVME_CQE_SC_SPC_FW_PROHIBITED: 1533 /* Activation Prohibited */ 1534 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1535 return (EINVAL); 1536 1537 case NVME_CQE_SC_SPC_FW_OVERLAP: 1538 /* Overlapping Firmware Ranges */ 1539 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_IMAGE_LOAD); 1540 return (EINVAL); 1541 1542 default: 1543 return (nvme_check_unknown_cmd_status(cmd)); 1544 } 1545 } 1546 1547 static inline int 1548 nvme_check_cmd_status(nvme_cmd_t *cmd) 1549 { 1550 nvme_cqe_t *cqe = &cmd->nc_cqe; 1551 1552 /* 1553 * Take a shortcut if the controller is dead, or if 1554 * command status indicates no error. 1555 */ 1556 if (cmd->nc_nvme->n_dead) 1557 return (EIO); 1558 1559 if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1560 cqe->cqe_sf.sf_sc == NVME_CQE_SC_GEN_SUCCESS) 1561 return (0); 1562 1563 if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC) 1564 return (nvme_check_generic_cmd_status(cmd)); 1565 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_SPECIFIC) 1566 return (nvme_check_specific_cmd_status(cmd)); 1567 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_INTEGRITY) 1568 return (nvme_check_integrity_cmd_status(cmd)); 1569 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_VENDOR) 1570 return (nvme_check_vendor_cmd_status(cmd)); 1571 1572 return (nvme_check_unknown_cmd_status(cmd)); 1573 } 1574 1575 static int 1576 nvme_abort_cmd(nvme_cmd_t *abort_cmd, uint_t sec) 1577 { 1578 nvme_t *nvme = abort_cmd->nc_nvme; 1579 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1580 nvme_abort_cmd_t ac = { 0 }; 1581 int ret = 0; 1582 1583 sema_p(&nvme->n_abort_sema); 1584 1585 ac.b.ac_cid = abort_cmd->nc_sqe.sqe_cid; 1586 ac.b.ac_sqid = abort_cmd->nc_sqid; 1587 1588 cmd->nc_sqid = 0; 1589 cmd->nc_sqe.sqe_opc = NVME_OPC_ABORT; 1590 cmd->nc_callback = nvme_wakeup_cmd; 1591 cmd->nc_sqe.sqe_cdw10 = ac.r; 1592 1593 /* 1594 * Send the ABORT to the hardware. The ABORT command will return _after_ 1595 * the aborted command has completed (aborted or otherwise), but since 1596 * we still hold the aborted command's mutex its callback hasn't been 1597 * processed yet. 1598 */ 1599 nvme_admin_cmd(cmd, sec); 1600 sema_v(&nvme->n_abort_sema); 1601 1602 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 1603 dev_err(nvme->n_dip, CE_WARN, 1604 "!ABORT failed with sct = %x, sc = %x", 1605 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 1606 atomic_inc_32(&nvme->n_abort_failed); 1607 } else { 1608 dev_err(nvme->n_dip, CE_WARN, 1609 "!ABORT of command %d/%d %ssuccessful", 1610 abort_cmd->nc_sqe.sqe_cid, abort_cmd->nc_sqid, 1611 cmd->nc_cqe.cqe_dw0 & 1 ? "un" : ""); 1612 if ((cmd->nc_cqe.cqe_dw0 & 1) == 0) 1613 atomic_inc_32(&nvme->n_cmd_aborted); 1614 } 1615 1616 nvme_free_cmd(cmd); 1617 return (ret); 1618 } 1619 1620 /* 1621 * nvme_wait_cmd -- wait for command completion or timeout 1622 * 1623 * In case of a serious error or a timeout of the abort command the hardware 1624 * will be declared dead and FMA will be notified. 1625 */ 1626 static void 1627 nvme_wait_cmd(nvme_cmd_t *cmd, uint_t sec) 1628 { 1629 clock_t timeout = ddi_get_lbolt() + drv_usectohz(sec * MICROSEC); 1630 nvme_t *nvme = cmd->nc_nvme; 1631 nvme_reg_csts_t csts; 1632 nvme_qpair_t *qp; 1633 1634 ASSERT(mutex_owned(&cmd->nc_mutex)); 1635 1636 while (!cmd->nc_completed) { 1637 if (cv_timedwait(&cmd->nc_cv, &cmd->nc_mutex, timeout) == -1) 1638 break; 1639 } 1640 1641 if (cmd->nc_completed) 1642 return; 1643 1644 /* 1645 * The command timed out. 1646 * 1647 * Check controller for fatal status, any errors associated with the 1648 * register or DMA handle, or for a double timeout (abort command timed 1649 * out). If necessary log a warning and call FMA. 1650 */ 1651 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 1652 dev_err(nvme->n_dip, CE_WARN, "!command %d/%d timeout, " 1653 "OPC = %x, CFS = %d", cmd->nc_sqe.sqe_cid, cmd->nc_sqid, 1654 cmd->nc_sqe.sqe_opc, csts.b.csts_cfs); 1655 atomic_inc_32(&nvme->n_cmd_timeout); 1656 1657 if (csts.b.csts_cfs || 1658 nvme_check_regs_hdl(nvme) || 1659 nvme_check_dma_hdl(cmd->nc_dma) || 1660 cmd->nc_sqe.sqe_opc == NVME_OPC_ABORT) { 1661 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1662 nvme->n_dead = B_TRUE; 1663 } else if (nvme_abort_cmd(cmd, sec) == 0) { 1664 /* 1665 * If the abort succeeded the command should complete 1666 * immediately with an appropriate status. 1667 */ 1668 while (!cmd->nc_completed) 1669 cv_wait(&cmd->nc_cv, &cmd->nc_mutex); 1670 1671 return; 1672 } 1673 1674 qp = nvme->n_ioq[cmd->nc_sqid]; 1675 1676 mutex_enter(&qp->nq_mutex); 1677 (void) nvme_unqueue_cmd(nvme, qp, cmd->nc_sqe.sqe_cid); 1678 mutex_exit(&qp->nq_mutex); 1679 1680 /* 1681 * As we don't know what the presumed dead hardware might still do with 1682 * the DMA memory, we'll put the command on the lost commands list if it 1683 * has any DMA memory. 1684 */ 1685 if (cmd->nc_dma != NULL) { 1686 mutex_enter(&nvme_lc_mutex); 1687 list_insert_head(&nvme_lost_cmds, cmd); 1688 mutex_exit(&nvme_lc_mutex); 1689 } 1690 } 1691 1692 static void 1693 nvme_wakeup_cmd(void *arg) 1694 { 1695 nvme_cmd_t *cmd = arg; 1696 1697 mutex_enter(&cmd->nc_mutex); 1698 cmd->nc_completed = B_TRUE; 1699 cv_signal(&cmd->nc_cv); 1700 mutex_exit(&cmd->nc_mutex); 1701 } 1702 1703 static void 1704 nvme_async_event_task(void *arg) 1705 { 1706 nvme_cmd_t *cmd = arg; 1707 nvme_t *nvme = cmd->nc_nvme; 1708 nvme_error_log_entry_t *error_log = NULL; 1709 nvme_health_log_t *health_log = NULL; 1710 size_t logsize = 0; 1711 nvme_async_event_t event; 1712 1713 /* 1714 * Check for errors associated with the async request itself. The only 1715 * command-specific error is "async event limit exceeded", which 1716 * indicates a programming error in the driver and causes a panic in 1717 * nvme_check_cmd_status(). 1718 * 1719 * Other possible errors are various scenarios where the async request 1720 * was aborted, or internal errors in the device. Internal errors are 1721 * reported to FMA, the command aborts need no special handling here. 1722 * 1723 * And finally, at least qemu nvme does not support async events, 1724 * and will return NVME_CQE_SC_GEN_INV_OPC | DNR. If so, we 1725 * will avoid posting async events. 1726 */ 1727 1728 if (nvme_check_cmd_status(cmd) != 0) { 1729 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1730 "!async event request returned failure, sct = %x, " 1731 "sc = %x, dnr = %d, m = %d", cmd->nc_cqe.cqe_sf.sf_sct, 1732 cmd->nc_cqe.cqe_sf.sf_sc, cmd->nc_cqe.cqe_sf.sf_dnr, 1733 cmd->nc_cqe.cqe_sf.sf_m); 1734 1735 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1736 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INTERNAL_ERR) { 1737 cmd->nc_nvme->n_dead = B_TRUE; 1738 ddi_fm_service_impact(cmd->nc_nvme->n_dip, 1739 DDI_SERVICE_LOST); 1740 } 1741 1742 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1743 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INV_OPC && 1744 cmd->nc_cqe.cqe_sf.sf_dnr == 1) { 1745 nvme->n_async_event_supported = B_FALSE; 1746 } 1747 1748 nvme_free_cmd(cmd); 1749 return; 1750 } 1751 1752 1753 event.r = cmd->nc_cqe.cqe_dw0; 1754 1755 /* Clear CQE and re-submit the async request. */ 1756 bzero(&cmd->nc_cqe, sizeof (nvme_cqe_t)); 1757 nvme_submit_admin_cmd(nvme->n_adminq, cmd); 1758 1759 switch (event.b.ae_type) { 1760 case NVME_ASYNC_TYPE_ERROR: 1761 if (event.b.ae_logpage == NVME_LOGPAGE_ERROR) { 1762 (void) nvme_get_logpage(nvme, B_FALSE, 1763 (void **)&error_log, &logsize, event.b.ae_logpage); 1764 } else { 1765 dev_err(nvme->n_dip, CE_WARN, "!wrong logpage in " 1766 "async event reply: %d", event.b.ae_logpage); 1767 atomic_inc_32(&nvme->n_wrong_logpage); 1768 } 1769 1770 switch (event.b.ae_info) { 1771 case NVME_ASYNC_ERROR_INV_SQ: 1772 dev_err(nvme->n_dip, CE_PANIC, "programming error: " 1773 "invalid submission queue"); 1774 return; 1775 1776 case NVME_ASYNC_ERROR_INV_DBL: 1777 dev_err(nvme->n_dip, CE_PANIC, "programming error: " 1778 "invalid doorbell write value"); 1779 return; 1780 1781 case NVME_ASYNC_ERROR_DIAGFAIL: 1782 dev_err(nvme->n_dip, CE_WARN, "!diagnostic failure"); 1783 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1784 nvme->n_dead = B_TRUE; 1785 atomic_inc_32(&nvme->n_diagfail_event); 1786 break; 1787 1788 case NVME_ASYNC_ERROR_PERSISTENT: 1789 dev_err(nvme->n_dip, CE_WARN, "!persistent internal " 1790 "device error"); 1791 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1792 nvme->n_dead = B_TRUE; 1793 atomic_inc_32(&nvme->n_persistent_event); 1794 break; 1795 1796 case NVME_ASYNC_ERROR_TRANSIENT: 1797 dev_err(nvme->n_dip, CE_WARN, "!transient internal " 1798 "device error"); 1799 /* TODO: send ereport */ 1800 atomic_inc_32(&nvme->n_transient_event); 1801 break; 1802 1803 case NVME_ASYNC_ERROR_FW_LOAD: 1804 dev_err(nvme->n_dip, CE_WARN, 1805 "!firmware image load error"); 1806 atomic_inc_32(&nvme->n_fw_load_event); 1807 break; 1808 } 1809 break; 1810 1811 case NVME_ASYNC_TYPE_HEALTH: 1812 if (event.b.ae_logpage == NVME_LOGPAGE_HEALTH) { 1813 (void) nvme_get_logpage(nvme, B_FALSE, 1814 (void **)&health_log, &logsize, event.b.ae_logpage, 1815 -1); 1816 } else { 1817 dev_err(nvme->n_dip, CE_WARN, "!wrong logpage in " 1818 "async event reply: %d", event.b.ae_logpage); 1819 atomic_inc_32(&nvme->n_wrong_logpage); 1820 } 1821 1822 switch (event.b.ae_info) { 1823 case NVME_ASYNC_HEALTH_RELIABILITY: 1824 dev_err(nvme->n_dip, CE_WARN, 1825 "!device reliability compromised"); 1826 /* TODO: send ereport */ 1827 atomic_inc_32(&nvme->n_reliability_event); 1828 break; 1829 1830 case NVME_ASYNC_HEALTH_TEMPERATURE: 1831 dev_err(nvme->n_dip, CE_WARN, 1832 "!temperature above threshold"); 1833 /* TODO: send ereport */ 1834 atomic_inc_32(&nvme->n_temperature_event); 1835 break; 1836 1837 case NVME_ASYNC_HEALTH_SPARE: 1838 dev_err(nvme->n_dip, CE_WARN, 1839 "!spare space below threshold"); 1840 /* TODO: send ereport */ 1841 atomic_inc_32(&nvme->n_spare_event); 1842 break; 1843 } 1844 break; 1845 1846 case NVME_ASYNC_TYPE_VENDOR: 1847 dev_err(nvme->n_dip, CE_WARN, "!vendor specific async event " 1848 "received, info = %x, logpage = %x", event.b.ae_info, 1849 event.b.ae_logpage); 1850 atomic_inc_32(&nvme->n_vendor_event); 1851 break; 1852 1853 default: 1854 dev_err(nvme->n_dip, CE_WARN, "!unknown async event received, " 1855 "type = %x, info = %x, logpage = %x", event.b.ae_type, 1856 event.b.ae_info, event.b.ae_logpage); 1857 atomic_inc_32(&nvme->n_unknown_event); 1858 break; 1859 } 1860 1861 if (error_log) 1862 kmem_free(error_log, logsize); 1863 1864 if (health_log) 1865 kmem_free(health_log, logsize); 1866 } 1867 1868 static void 1869 nvme_admin_cmd(nvme_cmd_t *cmd, int sec) 1870 { 1871 mutex_enter(&cmd->nc_mutex); 1872 nvme_submit_admin_cmd(cmd->nc_nvme->n_adminq, cmd); 1873 nvme_wait_cmd(cmd, sec); 1874 mutex_exit(&cmd->nc_mutex); 1875 } 1876 1877 static void 1878 nvme_async_event(nvme_t *nvme) 1879 { 1880 nvme_cmd_t *cmd; 1881 1882 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1883 cmd->nc_sqid = 0; 1884 cmd->nc_sqe.sqe_opc = NVME_OPC_ASYNC_EVENT; 1885 cmd->nc_callback = nvme_async_event_task; 1886 cmd->nc_dontpanic = B_TRUE; 1887 1888 nvme_submit_admin_cmd(nvme->n_adminq, cmd); 1889 } 1890 1891 static int 1892 nvme_format_nvm(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t lbaf, 1893 boolean_t ms, uint8_t pi, boolean_t pil, uint8_t ses) 1894 { 1895 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1896 nvme_format_nvm_t format_nvm = { 0 }; 1897 int ret; 1898 1899 format_nvm.b.fm_lbaf = lbaf & 0xf; 1900 format_nvm.b.fm_ms = ms ? 1 : 0; 1901 format_nvm.b.fm_pi = pi & 0x7; 1902 format_nvm.b.fm_pil = pil ? 1 : 0; 1903 format_nvm.b.fm_ses = ses & 0x7; 1904 1905 cmd->nc_sqid = 0; 1906 cmd->nc_callback = nvme_wakeup_cmd; 1907 cmd->nc_sqe.sqe_nsid = nsid; 1908 cmd->nc_sqe.sqe_opc = NVME_OPC_NVM_FORMAT; 1909 cmd->nc_sqe.sqe_cdw10 = format_nvm.r; 1910 1911 /* 1912 * Some devices like Samsung SM951 don't allow formatting of all 1913 * namespaces in one command. Handle that gracefully. 1914 */ 1915 if (nsid == (uint32_t)-1) 1916 cmd->nc_dontpanic = B_TRUE; 1917 /* 1918 * If this format request was initiated by the user, then don't allow a 1919 * programmer error to panic the system. 1920 */ 1921 if (user) 1922 cmd->nc_dontpanic = B_TRUE; 1923 1924 nvme_admin_cmd(cmd, nvme_format_cmd_timeout); 1925 1926 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 1927 dev_err(nvme->n_dip, CE_WARN, 1928 "!FORMAT failed with sct = %x, sc = %x", 1929 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 1930 } 1931 1932 nvme_free_cmd(cmd); 1933 return (ret); 1934 } 1935 1936 static int 1937 nvme_get_logpage(nvme_t *nvme, boolean_t user, void **buf, size_t *bufsize, 1938 uint8_t logpage, ...) 1939 { 1940 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1941 nvme_getlogpage_t getlogpage = { 0 }; 1942 va_list ap; 1943 int ret; 1944 1945 va_start(ap, logpage); 1946 1947 cmd->nc_sqid = 0; 1948 cmd->nc_callback = nvme_wakeup_cmd; 1949 cmd->nc_sqe.sqe_opc = NVME_OPC_GET_LOG_PAGE; 1950 1951 if (user) 1952 cmd->nc_dontpanic = B_TRUE; 1953 1954 getlogpage.b.lp_lid = logpage; 1955 1956 switch (logpage) { 1957 case NVME_LOGPAGE_ERROR: 1958 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 1959 /* 1960 * The GET LOG PAGE command can use at most 2 pages to return 1961 * data, PRP lists are not supported. 1962 */ 1963 *bufsize = MIN(2 * nvme->n_pagesize, 1964 nvme->n_error_log_len * sizeof (nvme_error_log_entry_t)); 1965 break; 1966 1967 case NVME_LOGPAGE_HEALTH: 1968 cmd->nc_sqe.sqe_nsid = va_arg(ap, uint32_t); 1969 *bufsize = sizeof (nvme_health_log_t); 1970 break; 1971 1972 case NVME_LOGPAGE_FWSLOT: 1973 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 1974 *bufsize = sizeof (nvme_fwslot_log_t); 1975 break; 1976 1977 default: 1978 dev_err(nvme->n_dip, CE_WARN, "!unknown log page requested: %d", 1979 logpage); 1980 atomic_inc_32(&nvme->n_unknown_logpage); 1981 ret = EINVAL; 1982 goto fail; 1983 } 1984 1985 va_end(ap); 1986 1987 getlogpage.b.lp_numd = *bufsize / sizeof (uint32_t) - 1; 1988 1989 cmd->nc_sqe.sqe_cdw10 = getlogpage.r; 1990 1991 if (nvme_zalloc_dma(nvme, *bufsize, 1992 DDI_DMA_READ, &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 1993 dev_err(nvme->n_dip, CE_WARN, 1994 "!nvme_zalloc_dma failed for GET LOG PAGE"); 1995 ret = ENOMEM; 1996 goto fail; 1997 } 1998 1999 if (cmd->nc_dma->nd_ncookie > 2) { 2000 dev_err(nvme->n_dip, CE_WARN, 2001 "!too many DMA cookies for GET LOG PAGE"); 2002 atomic_inc_32(&nvme->n_too_many_cookies); 2003 ret = ENOMEM; 2004 goto fail; 2005 } 2006 2007 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 2008 if (cmd->nc_dma->nd_ncookie > 1) { 2009 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2010 &cmd->nc_dma->nd_cookie); 2011 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2012 cmd->nc_dma->nd_cookie.dmac_laddress; 2013 } 2014 2015 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2016 2017 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2018 dev_err(nvme->n_dip, CE_WARN, 2019 "!GET LOG PAGE failed with sct = %x, sc = %x", 2020 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2021 goto fail; 2022 } 2023 2024 *buf = kmem_alloc(*bufsize, KM_SLEEP); 2025 bcopy(cmd->nc_dma->nd_memp, *buf, *bufsize); 2026 2027 fail: 2028 nvme_free_cmd(cmd); 2029 2030 return (ret); 2031 } 2032 2033 static int 2034 nvme_identify(nvme_t *nvme, boolean_t user, uint32_t nsid, void **buf) 2035 { 2036 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2037 int ret; 2038 2039 if (buf == NULL) 2040 return (EINVAL); 2041 2042 cmd->nc_sqid = 0; 2043 cmd->nc_callback = nvme_wakeup_cmd; 2044 cmd->nc_sqe.sqe_opc = NVME_OPC_IDENTIFY; 2045 cmd->nc_sqe.sqe_nsid = nsid; 2046 cmd->nc_sqe.sqe_cdw10 = nsid ? NVME_IDENTIFY_NSID : NVME_IDENTIFY_CTRL; 2047 2048 if (nvme_zalloc_dma(nvme, NVME_IDENTIFY_BUFSIZE, DDI_DMA_READ, 2049 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2050 dev_err(nvme->n_dip, CE_WARN, 2051 "!nvme_zalloc_dma failed for IDENTIFY"); 2052 ret = ENOMEM; 2053 goto fail; 2054 } 2055 2056 if (cmd->nc_dma->nd_ncookie > 2) { 2057 dev_err(nvme->n_dip, CE_WARN, 2058 "!too many DMA cookies for IDENTIFY"); 2059 atomic_inc_32(&nvme->n_too_many_cookies); 2060 ret = ENOMEM; 2061 goto fail; 2062 } 2063 2064 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 2065 if (cmd->nc_dma->nd_ncookie > 1) { 2066 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2067 &cmd->nc_dma->nd_cookie); 2068 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2069 cmd->nc_dma->nd_cookie.dmac_laddress; 2070 } 2071 2072 if (user) 2073 cmd->nc_dontpanic = B_TRUE; 2074 2075 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2076 2077 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2078 dev_err(nvme->n_dip, CE_WARN, 2079 "!IDENTIFY failed with sct = %x, sc = %x", 2080 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2081 goto fail; 2082 } 2083 2084 *buf = kmem_alloc(NVME_IDENTIFY_BUFSIZE, KM_SLEEP); 2085 bcopy(cmd->nc_dma->nd_memp, *buf, NVME_IDENTIFY_BUFSIZE); 2086 2087 fail: 2088 nvme_free_cmd(cmd); 2089 2090 return (ret); 2091 } 2092 2093 static int 2094 nvme_set_features(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t feature, 2095 uint32_t val, uint32_t *res) 2096 { 2097 _NOTE(ARGUNUSED(nsid)); 2098 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2099 int ret = EINVAL; 2100 2101 ASSERT(res != NULL); 2102 2103 cmd->nc_sqid = 0; 2104 cmd->nc_callback = nvme_wakeup_cmd; 2105 cmd->nc_sqe.sqe_opc = NVME_OPC_SET_FEATURES; 2106 cmd->nc_sqe.sqe_cdw10 = feature; 2107 cmd->nc_sqe.sqe_cdw11 = val; 2108 2109 if (user) 2110 cmd->nc_dontpanic = B_TRUE; 2111 2112 switch (feature) { 2113 case NVME_FEAT_WRITE_CACHE: 2114 if (!nvme->n_write_cache_present) 2115 goto fail; 2116 break; 2117 2118 case NVME_FEAT_NQUEUES: 2119 break; 2120 2121 default: 2122 goto fail; 2123 } 2124 2125 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2126 2127 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2128 dev_err(nvme->n_dip, CE_WARN, 2129 "!SET FEATURES %d failed with sct = %x, sc = %x", 2130 feature, cmd->nc_cqe.cqe_sf.sf_sct, 2131 cmd->nc_cqe.cqe_sf.sf_sc); 2132 goto fail; 2133 } 2134 2135 *res = cmd->nc_cqe.cqe_dw0; 2136 2137 fail: 2138 nvme_free_cmd(cmd); 2139 return (ret); 2140 } 2141 2142 static int 2143 nvme_get_features(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t feature, 2144 uint32_t *res, void **buf, size_t *bufsize) 2145 { 2146 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2147 int ret = EINVAL; 2148 2149 ASSERT(res != NULL); 2150 2151 if (bufsize != NULL) 2152 *bufsize = 0; 2153 2154 cmd->nc_sqid = 0; 2155 cmd->nc_callback = nvme_wakeup_cmd; 2156 cmd->nc_sqe.sqe_opc = NVME_OPC_GET_FEATURES; 2157 cmd->nc_sqe.sqe_cdw10 = feature; 2158 cmd->nc_sqe.sqe_cdw11 = *res; 2159 2160 /* 2161 * For some of the optional features there doesn't seem to be a method 2162 * of detecting whether it is supported other than using it. This will 2163 * cause "Invalid Field in Command" error, which is normally considered 2164 * a programming error. Set the nc_dontpanic flag to override the panic 2165 * in nvme_check_generic_cmd_status(). 2166 */ 2167 switch (feature) { 2168 case NVME_FEAT_ARBITRATION: 2169 case NVME_FEAT_POWER_MGMT: 2170 case NVME_FEAT_TEMPERATURE: 2171 case NVME_FEAT_ERROR: 2172 case NVME_FEAT_NQUEUES: 2173 case NVME_FEAT_INTR_COAL: 2174 case NVME_FEAT_INTR_VECT: 2175 case NVME_FEAT_WRITE_ATOM: 2176 case NVME_FEAT_ASYNC_EVENT: 2177 break; 2178 2179 case NVME_FEAT_WRITE_CACHE: 2180 if (!nvme->n_write_cache_present) 2181 goto fail; 2182 break; 2183 2184 case NVME_FEAT_LBA_RANGE: 2185 if (!nvme->n_lba_range_supported) 2186 goto fail; 2187 2188 cmd->nc_dontpanic = B_TRUE; 2189 cmd->nc_sqe.sqe_nsid = nsid; 2190 ASSERT(bufsize != NULL); 2191 *bufsize = NVME_LBA_RANGE_BUFSIZE; 2192 break; 2193 2194 case NVME_FEAT_AUTO_PST: 2195 if (!nvme->n_auto_pst_supported) 2196 goto fail; 2197 2198 ASSERT(bufsize != NULL); 2199 *bufsize = NVME_AUTO_PST_BUFSIZE; 2200 break; 2201 2202 case NVME_FEAT_PROGRESS: 2203 if (!nvme->n_progress_supported) 2204 goto fail; 2205 2206 cmd->nc_dontpanic = B_TRUE; 2207 break; 2208 2209 default: 2210 goto fail; 2211 } 2212 2213 if (user) 2214 cmd->nc_dontpanic = B_TRUE; 2215 2216 if (bufsize != NULL && *bufsize != 0) { 2217 if (nvme_zalloc_dma(nvme, *bufsize, DDI_DMA_READ, 2218 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2219 dev_err(nvme->n_dip, CE_WARN, 2220 "!nvme_zalloc_dma failed for GET FEATURES"); 2221 ret = ENOMEM; 2222 goto fail; 2223 } 2224 2225 if (cmd->nc_dma->nd_ncookie > 2) { 2226 dev_err(nvme->n_dip, CE_WARN, 2227 "!too many DMA cookies for GET FEATURES"); 2228 atomic_inc_32(&nvme->n_too_many_cookies); 2229 ret = ENOMEM; 2230 goto fail; 2231 } 2232 2233 cmd->nc_sqe.sqe_dptr.d_prp[0] = 2234 cmd->nc_dma->nd_cookie.dmac_laddress; 2235 if (cmd->nc_dma->nd_ncookie > 1) { 2236 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2237 &cmd->nc_dma->nd_cookie); 2238 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2239 cmd->nc_dma->nd_cookie.dmac_laddress; 2240 } 2241 } 2242 2243 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2244 2245 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2246 boolean_t known = B_TRUE; 2247 2248 /* Check if this is unsupported optional feature */ 2249 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 2250 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INV_FLD) { 2251 switch (feature) { 2252 case NVME_FEAT_LBA_RANGE: 2253 nvme->n_lba_range_supported = B_FALSE; 2254 break; 2255 case NVME_FEAT_PROGRESS: 2256 nvme->n_progress_supported = B_FALSE; 2257 break; 2258 default: 2259 known = B_FALSE; 2260 break; 2261 } 2262 } else { 2263 known = B_FALSE; 2264 } 2265 2266 /* Report the error otherwise */ 2267 if (!known) { 2268 dev_err(nvme->n_dip, CE_WARN, 2269 "!GET FEATURES %d failed with sct = %x, sc = %x", 2270 feature, cmd->nc_cqe.cqe_sf.sf_sct, 2271 cmd->nc_cqe.cqe_sf.sf_sc); 2272 } 2273 2274 goto fail; 2275 } 2276 2277 if (bufsize != NULL && *bufsize != 0) { 2278 ASSERT(buf != NULL); 2279 *buf = kmem_alloc(*bufsize, KM_SLEEP); 2280 bcopy(cmd->nc_dma->nd_memp, *buf, *bufsize); 2281 } 2282 2283 *res = cmd->nc_cqe.cqe_dw0; 2284 2285 fail: 2286 nvme_free_cmd(cmd); 2287 return (ret); 2288 } 2289 2290 static int 2291 nvme_write_cache_set(nvme_t *nvme, boolean_t enable) 2292 { 2293 nvme_write_cache_t nwc = { 0 }; 2294 2295 if (enable) 2296 nwc.b.wc_wce = 1; 2297 2298 return (nvme_set_features(nvme, B_FALSE, 0, NVME_FEAT_WRITE_CACHE, 2299 nwc.r, &nwc.r)); 2300 } 2301 2302 static int 2303 nvme_set_nqueues(nvme_t *nvme) 2304 { 2305 nvme_nqueues_t nq = { 0 }; 2306 int ret; 2307 2308 /* 2309 * The default is to allocate one completion queue per vector. 2310 */ 2311 if (nvme->n_completion_queues == -1) 2312 nvme->n_completion_queues = nvme->n_intr_cnt; 2313 2314 /* 2315 * There is no point in having more compeletion queues than 2316 * interrupt vectors. 2317 */ 2318 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2319 nvme->n_intr_cnt); 2320 2321 /* 2322 * The default is to use one submission queue per completion queue. 2323 */ 2324 if (nvme->n_submission_queues == -1) 2325 nvme->n_submission_queues = nvme->n_completion_queues; 2326 2327 /* 2328 * There is no point in having more compeletion queues than 2329 * submission queues. 2330 */ 2331 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2332 nvme->n_submission_queues); 2333 2334 ASSERT(nvme->n_submission_queues > 0); 2335 ASSERT(nvme->n_completion_queues > 0); 2336 2337 nq.b.nq_nsq = nvme->n_submission_queues - 1; 2338 nq.b.nq_ncq = nvme->n_completion_queues - 1; 2339 2340 ret = nvme_set_features(nvme, B_FALSE, 0, NVME_FEAT_NQUEUES, nq.r, 2341 &nq.r); 2342 2343 if (ret == 0) { 2344 /* 2345 * Never use more than the requested number of queues. 2346 */ 2347 nvme->n_submission_queues = MIN(nvme->n_submission_queues, 2348 nq.b.nq_nsq + 1); 2349 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2350 nq.b.nq_ncq + 1); 2351 } 2352 2353 return (ret); 2354 } 2355 2356 static int 2357 nvme_create_completion_queue(nvme_t *nvme, nvme_cq_t *cq) 2358 { 2359 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2360 nvme_create_queue_dw10_t dw10 = { 0 }; 2361 nvme_create_cq_dw11_t c_dw11 = { 0 }; 2362 int ret; 2363 2364 dw10.b.q_qid = cq->ncq_id; 2365 dw10.b.q_qsize = cq->ncq_nentry - 1; 2366 2367 c_dw11.b.cq_pc = 1; 2368 c_dw11.b.cq_ien = 1; 2369 c_dw11.b.cq_iv = cq->ncq_id % nvme->n_intr_cnt; 2370 2371 cmd->nc_sqid = 0; 2372 cmd->nc_callback = nvme_wakeup_cmd; 2373 cmd->nc_sqe.sqe_opc = NVME_OPC_CREATE_CQUEUE; 2374 cmd->nc_sqe.sqe_cdw10 = dw10.r; 2375 cmd->nc_sqe.sqe_cdw11 = c_dw11.r; 2376 cmd->nc_sqe.sqe_dptr.d_prp[0] = cq->ncq_dma->nd_cookie.dmac_laddress; 2377 2378 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2379 2380 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2381 dev_err(nvme->n_dip, CE_WARN, 2382 "!CREATE CQUEUE failed with sct = %x, sc = %x", 2383 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2384 } 2385 2386 nvme_free_cmd(cmd); 2387 2388 return (ret); 2389 } 2390 2391 static int 2392 nvme_create_io_qpair(nvme_t *nvme, nvme_qpair_t *qp, uint16_t idx) 2393 { 2394 nvme_cq_t *cq = qp->nq_cq; 2395 nvme_cmd_t *cmd; 2396 nvme_create_queue_dw10_t dw10 = { 0 }; 2397 nvme_create_sq_dw11_t s_dw11 = { 0 }; 2398 int ret; 2399 2400 /* 2401 * It is possible to have more qpairs than completion queues, 2402 * and when the idx > ncq_id, that completion queue is shared 2403 * and has already been created. 2404 */ 2405 if (idx <= cq->ncq_id && 2406 nvme_create_completion_queue(nvme, cq) != DDI_SUCCESS) 2407 return (DDI_FAILURE); 2408 2409 dw10.b.q_qid = idx; 2410 dw10.b.q_qsize = qp->nq_nentry - 1; 2411 2412 s_dw11.b.sq_pc = 1; 2413 s_dw11.b.sq_cqid = cq->ncq_id; 2414 2415 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2416 cmd->nc_sqid = 0; 2417 cmd->nc_callback = nvme_wakeup_cmd; 2418 cmd->nc_sqe.sqe_opc = NVME_OPC_CREATE_SQUEUE; 2419 cmd->nc_sqe.sqe_cdw10 = dw10.r; 2420 cmd->nc_sqe.sqe_cdw11 = s_dw11.r; 2421 cmd->nc_sqe.sqe_dptr.d_prp[0] = qp->nq_sqdma->nd_cookie.dmac_laddress; 2422 2423 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2424 2425 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2426 dev_err(nvme->n_dip, CE_WARN, 2427 "!CREATE SQUEUE failed with sct = %x, sc = %x", 2428 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2429 } 2430 2431 nvme_free_cmd(cmd); 2432 2433 return (ret); 2434 } 2435 2436 static boolean_t 2437 nvme_reset(nvme_t *nvme, boolean_t quiesce) 2438 { 2439 nvme_reg_csts_t csts; 2440 int i; 2441 2442 nvme_put32(nvme, NVME_REG_CC, 0); 2443 2444 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2445 if (csts.b.csts_rdy == 1) { 2446 nvme_put32(nvme, NVME_REG_CC, 0); 2447 for (i = 0; i != nvme->n_timeout * 10; i++) { 2448 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2449 if (csts.b.csts_rdy == 0) 2450 break; 2451 2452 if (quiesce) 2453 drv_usecwait(50000); 2454 else 2455 delay(drv_usectohz(50000)); 2456 } 2457 } 2458 2459 nvme_put32(nvme, NVME_REG_AQA, 0); 2460 nvme_put32(nvme, NVME_REG_ASQ, 0); 2461 nvme_put32(nvme, NVME_REG_ACQ, 0); 2462 2463 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2464 return (csts.b.csts_rdy == 0 ? B_TRUE : B_FALSE); 2465 } 2466 2467 static void 2468 nvme_shutdown(nvme_t *nvme, int mode, boolean_t quiesce) 2469 { 2470 nvme_reg_cc_t cc; 2471 nvme_reg_csts_t csts; 2472 int i; 2473 2474 ASSERT(mode == NVME_CC_SHN_NORMAL || mode == NVME_CC_SHN_ABRUPT); 2475 2476 cc.r = nvme_get32(nvme, NVME_REG_CC); 2477 cc.b.cc_shn = mode & 0x3; 2478 nvme_put32(nvme, NVME_REG_CC, cc.r); 2479 2480 for (i = 0; i != 10; i++) { 2481 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2482 if (csts.b.csts_shst == NVME_CSTS_SHN_COMPLETE) 2483 break; 2484 2485 if (quiesce) 2486 drv_usecwait(100000); 2487 else 2488 delay(drv_usectohz(100000)); 2489 } 2490 } 2491 2492 2493 static void 2494 nvme_prepare_devid(nvme_t *nvme, uint32_t nsid) 2495 { 2496 /* 2497 * Section 7.7 of the spec describes how to get a unique ID for 2498 * the controller: the vendor ID, the model name and the serial 2499 * number shall be unique when combined. 2500 * 2501 * If a namespace has no EUI64 we use the above and add the hex 2502 * namespace ID to get a unique ID for the namespace. 2503 */ 2504 char model[sizeof (nvme->n_idctl->id_model) + 1]; 2505 char serial[sizeof (nvme->n_idctl->id_serial) + 1]; 2506 2507 bcopy(nvme->n_idctl->id_model, model, sizeof (nvme->n_idctl->id_model)); 2508 bcopy(nvme->n_idctl->id_serial, serial, 2509 sizeof (nvme->n_idctl->id_serial)); 2510 2511 model[sizeof (nvme->n_idctl->id_model)] = '\0'; 2512 serial[sizeof (nvme->n_idctl->id_serial)] = '\0'; 2513 2514 nvme->n_ns[nsid - 1].ns_devid = kmem_asprintf("%4X-%s-%s-%X", 2515 nvme->n_idctl->id_vid, model, serial, nsid); 2516 } 2517 2518 static int 2519 nvme_init_ns(nvme_t *nvme, int nsid) 2520 { 2521 nvme_namespace_t *ns = &nvme->n_ns[nsid - 1]; 2522 nvme_identify_nsid_t *idns; 2523 boolean_t was_ignored; 2524 int last_rp; 2525 2526 ns->ns_nvme = nvme; 2527 2528 if (nvme_identify(nvme, B_FALSE, nsid, (void **)&idns) != 0) { 2529 dev_err(nvme->n_dip, CE_WARN, 2530 "!failed to identify namespace %d", nsid); 2531 return (DDI_FAILURE); 2532 } 2533 2534 ns->ns_idns = idns; 2535 ns->ns_id = nsid; 2536 ns->ns_block_count = idns->id_nsize; 2537 ns->ns_block_size = 2538 1 << idns->id_lbaf[idns->id_flbas.lba_format].lbaf_lbads; 2539 ns->ns_best_block_size = ns->ns_block_size; 2540 2541 /* 2542 * Get the EUI64 if present. Use it for devid and device node names. 2543 */ 2544 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 1)) 2545 bcopy(idns->id_eui64, ns->ns_eui64, sizeof (ns->ns_eui64)); 2546 2547 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 2548 if (*(uint64_t *)ns->ns_eui64 != 0) { 2549 uint8_t *eui64 = ns->ns_eui64; 2550 2551 (void) snprintf(ns->ns_name, sizeof (ns->ns_name), 2552 "%02x%02x%02x%02x%02x%02x%02x%02x", 2553 eui64[0], eui64[1], eui64[2], eui64[3], 2554 eui64[4], eui64[5], eui64[6], eui64[7]); 2555 } else { 2556 (void) snprintf(ns->ns_name, sizeof (ns->ns_name), "%d", 2557 ns->ns_id); 2558 2559 nvme_prepare_devid(nvme, ns->ns_id); 2560 } 2561 2562 /* 2563 * Find the LBA format with no metadata and the best relative 2564 * performance. A value of 3 means "degraded", 0 is best. 2565 */ 2566 last_rp = 3; 2567 for (int j = 0; j <= idns->id_nlbaf; j++) { 2568 if (idns->id_lbaf[j].lbaf_lbads == 0) 2569 break; 2570 if (idns->id_lbaf[j].lbaf_ms != 0) 2571 continue; 2572 if (idns->id_lbaf[j].lbaf_rp >= last_rp) 2573 continue; 2574 last_rp = idns->id_lbaf[j].lbaf_rp; 2575 ns->ns_best_block_size = 2576 1 << idns->id_lbaf[j].lbaf_lbads; 2577 } 2578 2579 if (ns->ns_best_block_size < nvme->n_min_block_size) 2580 ns->ns_best_block_size = nvme->n_min_block_size; 2581 2582 was_ignored = ns->ns_ignore; 2583 2584 /* 2585 * We currently don't support namespaces that use either: 2586 * - protection information 2587 * - illegal block size (< 512) 2588 */ 2589 if (idns->id_dps.dp_pinfo) { 2590 dev_err(nvme->n_dip, CE_WARN, 2591 "!ignoring namespace %d, unsupported feature: " 2592 "pinfo = %d", nsid, idns->id_dps.dp_pinfo); 2593 ns->ns_ignore = B_TRUE; 2594 } else if (ns->ns_block_size < 512) { 2595 dev_err(nvme->n_dip, CE_WARN, 2596 "!ignoring namespace %d, unsupported block size %"PRIu64, 2597 nsid, (uint64_t)ns->ns_block_size); 2598 ns->ns_ignore = B_TRUE; 2599 } else { 2600 ns->ns_ignore = B_FALSE; 2601 } 2602 2603 /* 2604 * Keep a count of namespaces which are attachable. 2605 * See comments in nvme_bd_driveinfo() to understand its effect. 2606 */ 2607 if (was_ignored) { 2608 /* 2609 * Previously ignored, but now not. Count it. 2610 */ 2611 if (!ns->ns_ignore) 2612 nvme->n_namespaces_attachable++; 2613 } else { 2614 /* 2615 * Wasn't ignored previously, but now needs to be. 2616 * Discount it. 2617 */ 2618 if (ns->ns_ignore) 2619 nvme->n_namespaces_attachable--; 2620 } 2621 2622 return (DDI_SUCCESS); 2623 } 2624 2625 static int 2626 nvme_init(nvme_t *nvme) 2627 { 2628 nvme_reg_cc_t cc = { 0 }; 2629 nvme_reg_aqa_t aqa = { 0 }; 2630 nvme_reg_asq_t asq = { 0 }; 2631 nvme_reg_acq_t acq = { 0 }; 2632 nvme_reg_cap_t cap; 2633 nvme_reg_vs_t vs; 2634 nvme_reg_csts_t csts; 2635 int i = 0; 2636 uint16_t nqueues; 2637 uint_t tq_threads; 2638 char model[sizeof (nvme->n_idctl->id_model) + 1]; 2639 char *vendor, *product; 2640 2641 /* Check controller version */ 2642 vs.r = nvme_get32(nvme, NVME_REG_VS); 2643 nvme->n_version.v_major = vs.b.vs_mjr; 2644 nvme->n_version.v_minor = vs.b.vs_mnr; 2645 dev_err(nvme->n_dip, CE_CONT, "?NVMe spec version %d.%d", 2646 nvme->n_version.v_major, nvme->n_version.v_minor); 2647 2648 if (nvme->n_version.v_major > nvme_version_major) { 2649 dev_err(nvme->n_dip, CE_WARN, "!no support for version > %d.x", 2650 nvme_version_major); 2651 if (nvme->n_strict_version) 2652 goto fail; 2653 } 2654 2655 /* retrieve controller configuration */ 2656 cap.r = nvme_get64(nvme, NVME_REG_CAP); 2657 2658 if ((cap.b.cap_css & NVME_CAP_CSS_NVM) == 0) { 2659 dev_err(nvme->n_dip, CE_WARN, 2660 "!NVM command set not supported by hardware"); 2661 goto fail; 2662 } 2663 2664 nvme->n_nssr_supported = cap.b.cap_nssrs; 2665 nvme->n_doorbell_stride = 4 << cap.b.cap_dstrd; 2666 nvme->n_timeout = cap.b.cap_to; 2667 nvme->n_arbitration_mechanisms = cap.b.cap_ams; 2668 nvme->n_cont_queues_reqd = cap.b.cap_cqr; 2669 nvme->n_max_queue_entries = cap.b.cap_mqes + 1; 2670 2671 /* 2672 * The MPSMIN and MPSMAX fields in the CAP register use 0 to specify 2673 * the base page size of 4k (1<<12), so add 12 here to get the real 2674 * page size value. 2675 */ 2676 nvme->n_pageshift = MIN(MAX(cap.b.cap_mpsmin + 12, PAGESHIFT), 2677 cap.b.cap_mpsmax + 12); 2678 nvme->n_pagesize = 1UL << (nvme->n_pageshift); 2679 2680 /* 2681 * Set up Queue DMA to transfer at least 1 page-aligned page at a time. 2682 */ 2683 nvme->n_queue_dma_attr.dma_attr_align = nvme->n_pagesize; 2684 nvme->n_queue_dma_attr.dma_attr_minxfer = nvme->n_pagesize; 2685 2686 /* 2687 * Set up PRP DMA to transfer 1 page-aligned page at a time. 2688 * Maxxfer may be increased after we identified the controller limits. 2689 */ 2690 nvme->n_prp_dma_attr.dma_attr_maxxfer = nvme->n_pagesize; 2691 nvme->n_prp_dma_attr.dma_attr_minxfer = nvme->n_pagesize; 2692 nvme->n_prp_dma_attr.dma_attr_align = nvme->n_pagesize; 2693 nvme->n_prp_dma_attr.dma_attr_seg = nvme->n_pagesize - 1; 2694 2695 /* 2696 * Reset controller if it's still in ready state. 2697 */ 2698 if (nvme_reset(nvme, B_FALSE) == B_FALSE) { 2699 dev_err(nvme->n_dip, CE_WARN, "!unable to reset controller"); 2700 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 2701 nvme->n_dead = B_TRUE; 2702 goto fail; 2703 } 2704 2705 /* 2706 * Create the cq array with one completion queue to be assigned 2707 * to the admin queue pair and a limited number of taskqs (4). 2708 */ 2709 if (nvme_create_cq_array(nvme, 1, nvme->n_admin_queue_len, 4) != 2710 DDI_SUCCESS) { 2711 dev_err(nvme->n_dip, CE_WARN, 2712 "!failed to pre-allocate admin completion queue"); 2713 goto fail; 2714 } 2715 /* 2716 * Create the admin queue pair. 2717 */ 2718 if (nvme_alloc_qpair(nvme, nvme->n_admin_queue_len, &nvme->n_adminq, 0) 2719 != DDI_SUCCESS) { 2720 dev_err(nvme->n_dip, CE_WARN, 2721 "!unable to allocate admin qpair"); 2722 goto fail; 2723 } 2724 nvme->n_ioq = kmem_alloc(sizeof (nvme_qpair_t *), KM_SLEEP); 2725 nvme->n_ioq[0] = nvme->n_adminq; 2726 2727 nvme->n_progress |= NVME_ADMIN_QUEUE; 2728 2729 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2730 "admin-queue-len", nvme->n_admin_queue_len); 2731 2732 aqa.b.aqa_asqs = aqa.b.aqa_acqs = nvme->n_admin_queue_len - 1; 2733 asq = nvme->n_adminq->nq_sqdma->nd_cookie.dmac_laddress; 2734 acq = nvme->n_adminq->nq_cq->ncq_dma->nd_cookie.dmac_laddress; 2735 2736 ASSERT((asq & (nvme->n_pagesize - 1)) == 0); 2737 ASSERT((acq & (nvme->n_pagesize - 1)) == 0); 2738 2739 nvme_put32(nvme, NVME_REG_AQA, aqa.r); 2740 nvme_put64(nvme, NVME_REG_ASQ, asq); 2741 nvme_put64(nvme, NVME_REG_ACQ, acq); 2742 2743 cc.b.cc_ams = 0; /* use Round-Robin arbitration */ 2744 cc.b.cc_css = 0; /* use NVM command set */ 2745 cc.b.cc_mps = nvme->n_pageshift - 12; 2746 cc.b.cc_shn = 0; /* no shutdown in progress */ 2747 cc.b.cc_en = 1; /* enable controller */ 2748 cc.b.cc_iosqes = 6; /* submission queue entry is 2^6 bytes long */ 2749 cc.b.cc_iocqes = 4; /* completion queue entry is 2^4 bytes long */ 2750 2751 nvme_put32(nvme, NVME_REG_CC, cc.r); 2752 2753 /* 2754 * Wait for the controller to become ready. 2755 */ 2756 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2757 if (csts.b.csts_rdy == 0) { 2758 for (i = 0; i != nvme->n_timeout * 10; i++) { 2759 delay(drv_usectohz(50000)); 2760 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2761 2762 if (csts.b.csts_cfs == 1) { 2763 dev_err(nvme->n_dip, CE_WARN, 2764 "!controller fatal status at init"); 2765 ddi_fm_service_impact(nvme->n_dip, 2766 DDI_SERVICE_LOST); 2767 nvme->n_dead = B_TRUE; 2768 goto fail; 2769 } 2770 2771 if (csts.b.csts_rdy == 1) 2772 break; 2773 } 2774 } 2775 2776 if (csts.b.csts_rdy == 0) { 2777 dev_err(nvme->n_dip, CE_WARN, "!controller not ready"); 2778 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 2779 nvme->n_dead = B_TRUE; 2780 goto fail; 2781 } 2782 2783 /* 2784 * Assume an abort command limit of 1. We'll destroy and re-init 2785 * that later when we know the true abort command limit. 2786 */ 2787 sema_init(&nvme->n_abort_sema, 1, NULL, SEMA_DRIVER, NULL); 2788 2789 /* 2790 * Setup initial interrupt for admin queue. 2791 */ 2792 if ((nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSIX, 1) 2793 != DDI_SUCCESS) && 2794 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSI, 1) 2795 != DDI_SUCCESS) && 2796 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_FIXED, 1) 2797 != DDI_SUCCESS)) { 2798 dev_err(nvme->n_dip, CE_WARN, 2799 "!failed to setup initial interrupt"); 2800 goto fail; 2801 } 2802 2803 /* 2804 * Post an asynchronous event command to catch errors. 2805 * We assume the asynchronous events are supported as required by 2806 * specification (Figure 40 in section 5 of NVMe 1.2). 2807 * However, since at least qemu does not follow the specification, 2808 * we need a mechanism to protect ourselves. 2809 */ 2810 nvme->n_async_event_supported = B_TRUE; 2811 nvme_async_event(nvme); 2812 2813 /* 2814 * Identify Controller 2815 */ 2816 if (nvme_identify(nvme, B_FALSE, 0, (void **)&nvme->n_idctl) != 0) { 2817 dev_err(nvme->n_dip, CE_WARN, 2818 "!failed to identify controller"); 2819 goto fail; 2820 } 2821 2822 /* 2823 * Get Vendor & Product ID 2824 */ 2825 bcopy(nvme->n_idctl->id_model, model, sizeof (nvme->n_idctl->id_model)); 2826 model[sizeof (nvme->n_idctl->id_model)] = '\0'; 2827 sata_split_model(model, &vendor, &product); 2828 2829 if (vendor == NULL) 2830 nvme->n_vendor = strdup("NVMe"); 2831 else 2832 nvme->n_vendor = strdup(vendor); 2833 2834 nvme->n_product = strdup(product); 2835 2836 /* 2837 * Get controller limits. 2838 */ 2839 nvme->n_async_event_limit = MAX(NVME_MIN_ASYNC_EVENT_LIMIT, 2840 MIN(nvme->n_admin_queue_len / 10, 2841 MIN(nvme->n_idctl->id_aerl + 1, nvme->n_async_event_limit))); 2842 2843 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2844 "async-event-limit", nvme->n_async_event_limit); 2845 2846 nvme->n_abort_command_limit = nvme->n_idctl->id_acl + 1; 2847 2848 /* 2849 * Reinitialize the semaphore with the true abort command limit 2850 * supported by the hardware. It's not necessary to disable interrupts 2851 * as only command aborts use the semaphore, and no commands are 2852 * executed or aborted while we're here. 2853 */ 2854 sema_destroy(&nvme->n_abort_sema); 2855 sema_init(&nvme->n_abort_sema, nvme->n_abort_command_limit - 1, NULL, 2856 SEMA_DRIVER, NULL); 2857 2858 nvme->n_progress |= NVME_CTRL_LIMITS; 2859 2860 if (nvme->n_idctl->id_mdts == 0) 2861 nvme->n_max_data_transfer_size = nvme->n_pagesize * 65536; 2862 else 2863 nvme->n_max_data_transfer_size = 2864 1ull << (nvme->n_pageshift + nvme->n_idctl->id_mdts); 2865 2866 nvme->n_error_log_len = nvme->n_idctl->id_elpe + 1; 2867 2868 /* 2869 * Limit n_max_data_transfer_size to what we can handle in one PRP. 2870 * Chained PRPs are currently unsupported. 2871 * 2872 * This is a no-op on hardware which doesn't support a transfer size 2873 * big enough to require chained PRPs. 2874 */ 2875 nvme->n_max_data_transfer_size = MIN(nvme->n_max_data_transfer_size, 2876 (nvme->n_pagesize / sizeof (uint64_t) * nvme->n_pagesize)); 2877 2878 nvme->n_prp_dma_attr.dma_attr_maxxfer = nvme->n_max_data_transfer_size; 2879 2880 /* 2881 * Make sure the minimum/maximum queue entry sizes are not 2882 * larger/smaller than the default. 2883 */ 2884 2885 if (((1 << nvme->n_idctl->id_sqes.qes_min) > sizeof (nvme_sqe_t)) || 2886 ((1 << nvme->n_idctl->id_sqes.qes_max) < sizeof (nvme_sqe_t)) || 2887 ((1 << nvme->n_idctl->id_cqes.qes_min) > sizeof (nvme_cqe_t)) || 2888 ((1 << nvme->n_idctl->id_cqes.qes_max) < sizeof (nvme_cqe_t))) 2889 goto fail; 2890 2891 /* 2892 * Check for the presence of a Volatile Write Cache. If present, 2893 * enable or disable based on the value of the property 2894 * volatile-write-cache-enable (default is enabled). 2895 */ 2896 nvme->n_write_cache_present = 2897 nvme->n_idctl->id_vwc.vwc_present == 0 ? B_FALSE : B_TRUE; 2898 2899 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2900 "volatile-write-cache-present", 2901 nvme->n_write_cache_present ? 1 : 0); 2902 2903 if (!nvme->n_write_cache_present) { 2904 nvme->n_write_cache_enabled = B_FALSE; 2905 } else if (nvme_write_cache_set(nvme, nvme->n_write_cache_enabled) 2906 != 0) { 2907 dev_err(nvme->n_dip, CE_WARN, 2908 "!failed to %sable volatile write cache", 2909 nvme->n_write_cache_enabled ? "en" : "dis"); 2910 /* 2911 * Assume the cache is (still) enabled. 2912 */ 2913 nvme->n_write_cache_enabled = B_TRUE; 2914 } 2915 2916 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2917 "volatile-write-cache-enable", 2918 nvme->n_write_cache_enabled ? 1 : 0); 2919 2920 /* 2921 * Assume LBA Range Type feature is supported. If it isn't this 2922 * will be set to B_FALSE by nvme_get_features(). 2923 */ 2924 nvme->n_lba_range_supported = B_TRUE; 2925 2926 /* 2927 * Check support for Autonomous Power State Transition. 2928 */ 2929 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 1)) 2930 nvme->n_auto_pst_supported = 2931 nvme->n_idctl->id_apsta.ap_sup == 0 ? B_FALSE : B_TRUE; 2932 2933 /* 2934 * Assume Software Progress Marker feature is supported. If it isn't 2935 * this will be set to B_FALSE by nvme_get_features(). 2936 */ 2937 nvme->n_progress_supported = B_TRUE; 2938 2939 /* 2940 * Identify Namespaces 2941 */ 2942 nvme->n_namespace_count = nvme->n_idctl->id_nn; 2943 2944 if (nvme->n_namespace_count == 0) { 2945 dev_err(nvme->n_dip, CE_WARN, 2946 "!controllers without namespaces are not supported"); 2947 goto fail; 2948 } 2949 2950 if (nvme->n_namespace_count > NVME_MINOR_MAX) { 2951 dev_err(nvme->n_dip, CE_WARN, 2952 "!too many namespaces: %d, limiting to %d\n", 2953 nvme->n_namespace_count, NVME_MINOR_MAX); 2954 nvme->n_namespace_count = NVME_MINOR_MAX; 2955 } 2956 2957 nvme->n_ns = kmem_zalloc(sizeof (nvme_namespace_t) * 2958 nvme->n_namespace_count, KM_SLEEP); 2959 2960 for (i = 0; i != nvme->n_namespace_count; i++) { 2961 mutex_init(&nvme->n_ns[i].ns_minor.nm_mutex, NULL, MUTEX_DRIVER, 2962 NULL); 2963 nvme->n_ns[i].ns_ignore = B_TRUE; 2964 if (nvme_init_ns(nvme, i + 1) != DDI_SUCCESS) 2965 goto fail; 2966 } 2967 2968 /* 2969 * Try to set up MSI/MSI-X interrupts. 2970 */ 2971 if ((nvme->n_intr_types & (DDI_INTR_TYPE_MSI | DDI_INTR_TYPE_MSIX)) 2972 != 0) { 2973 nvme_release_interrupts(nvme); 2974 2975 nqueues = MIN(UINT16_MAX, ncpus); 2976 2977 if ((nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSIX, 2978 nqueues) != DDI_SUCCESS) && 2979 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSI, 2980 nqueues) != DDI_SUCCESS)) { 2981 dev_err(nvme->n_dip, CE_WARN, 2982 "!failed to setup MSI/MSI-X interrupts"); 2983 goto fail; 2984 } 2985 } 2986 2987 /* 2988 * Create I/O queue pairs. 2989 */ 2990 2991 if (nvme_set_nqueues(nvme) != 0) { 2992 dev_err(nvme->n_dip, CE_WARN, 2993 "!failed to set number of I/O queues to %d", 2994 nvme->n_intr_cnt); 2995 goto fail; 2996 } 2997 2998 /* 2999 * Reallocate I/O queue array 3000 */ 3001 kmem_free(nvme->n_ioq, sizeof (nvme_qpair_t *)); 3002 nvme->n_ioq = kmem_zalloc(sizeof (nvme_qpair_t *) * 3003 (nvme->n_submission_queues + 1), KM_SLEEP); 3004 nvme->n_ioq[0] = nvme->n_adminq; 3005 3006 /* 3007 * There should always be at least as many submission queues 3008 * as completion queues. 3009 */ 3010 ASSERT(nvme->n_submission_queues >= nvme->n_completion_queues); 3011 3012 nvme->n_ioq_count = nvme->n_submission_queues; 3013 3014 nvme->n_io_squeue_len = 3015 MIN(nvme->n_io_squeue_len, nvme->n_max_queue_entries); 3016 3017 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, "io-squeue-len", 3018 nvme->n_io_squeue_len); 3019 3020 /* 3021 * Pre-allocate completion queues. 3022 * When there are the same number of submission and completion 3023 * queues there is no value in having a larger completion 3024 * queue length. 3025 */ 3026 if (nvme->n_submission_queues == nvme->n_completion_queues) 3027 nvme->n_io_cqueue_len = MIN(nvme->n_io_cqueue_len, 3028 nvme->n_io_squeue_len); 3029 3030 nvme->n_io_cqueue_len = MIN(nvme->n_io_cqueue_len, 3031 nvme->n_max_queue_entries); 3032 3033 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, "io-cqueue-len", 3034 nvme->n_io_cqueue_len); 3035 3036 /* 3037 * Assign the equal quantity of taskq threads to each completion 3038 * queue, capping the total number of threads to the number 3039 * of CPUs. 3040 */ 3041 tq_threads = MIN(UINT16_MAX, ncpus) / nvme->n_completion_queues; 3042 3043 /* 3044 * In case the calculation above is zero, we need at least one 3045 * thread per completion queue. 3046 */ 3047 tq_threads = MAX(1, tq_threads); 3048 3049 if (nvme_create_cq_array(nvme, nvme->n_completion_queues + 1, 3050 nvme->n_io_cqueue_len, tq_threads) != DDI_SUCCESS) { 3051 dev_err(nvme->n_dip, CE_WARN, 3052 "!failed to pre-allocate completion queues"); 3053 goto fail; 3054 } 3055 3056 /* 3057 * If we use less completion queues than interrupt vectors return 3058 * some of the interrupt vectors back to the system. 3059 */ 3060 if (nvme->n_completion_queues + 1 < nvme->n_intr_cnt) { 3061 nvme_release_interrupts(nvme); 3062 3063 if (nvme_setup_interrupts(nvme, nvme->n_intr_type, 3064 nvme->n_completion_queues + 1) != DDI_SUCCESS) { 3065 dev_err(nvme->n_dip, CE_WARN, 3066 "!failed to reduce number of interrupts"); 3067 goto fail; 3068 } 3069 } 3070 3071 /* 3072 * Alloc & register I/O queue pairs 3073 */ 3074 3075 for (i = 1; i != nvme->n_ioq_count + 1; i++) { 3076 if (nvme_alloc_qpair(nvme, nvme->n_io_squeue_len, 3077 &nvme->n_ioq[i], i) != DDI_SUCCESS) { 3078 dev_err(nvme->n_dip, CE_WARN, 3079 "!unable to allocate I/O qpair %d", i); 3080 goto fail; 3081 } 3082 3083 if (nvme_create_io_qpair(nvme, nvme->n_ioq[i], i) != 0) { 3084 dev_err(nvme->n_dip, CE_WARN, 3085 "!unable to create I/O qpair %d", i); 3086 goto fail; 3087 } 3088 } 3089 3090 /* 3091 * Post more asynchronous events commands to reduce event reporting 3092 * latency as suggested by the spec. 3093 */ 3094 if (nvme->n_async_event_supported) { 3095 for (i = 1; i != nvme->n_async_event_limit; i++) 3096 nvme_async_event(nvme); 3097 } 3098 3099 return (DDI_SUCCESS); 3100 3101 fail: 3102 (void) nvme_reset(nvme, B_FALSE); 3103 return (DDI_FAILURE); 3104 } 3105 3106 static uint_t 3107 nvme_intr(caddr_t arg1, caddr_t arg2) 3108 { 3109 /*LINTED: E_PTR_BAD_CAST_ALIGN*/ 3110 nvme_t *nvme = (nvme_t *)arg1; 3111 int inum = (int)(uintptr_t)arg2; 3112 int ccnt = 0; 3113 int qnum; 3114 3115 if (inum >= nvme->n_intr_cnt) 3116 return (DDI_INTR_UNCLAIMED); 3117 3118 if (nvme->n_dead) 3119 return (nvme->n_intr_type == DDI_INTR_TYPE_FIXED ? 3120 DDI_INTR_UNCLAIMED : DDI_INTR_CLAIMED); 3121 3122 /* 3123 * The interrupt vector a queue uses is calculated as queue_idx % 3124 * intr_cnt in nvme_create_io_qpair(). Iterate through the queue array 3125 * in steps of n_intr_cnt to process all queues using this vector. 3126 */ 3127 for (qnum = inum; 3128 qnum < nvme->n_cq_count && nvme->n_cq[qnum] != NULL; 3129 qnum += nvme->n_intr_cnt) { 3130 ccnt += nvme_process_iocq(nvme, nvme->n_cq[qnum]); 3131 } 3132 3133 return (ccnt > 0 ? DDI_INTR_CLAIMED : DDI_INTR_UNCLAIMED); 3134 } 3135 3136 static void 3137 nvme_release_interrupts(nvme_t *nvme) 3138 { 3139 int i; 3140 3141 for (i = 0; i < nvme->n_intr_cnt; i++) { 3142 if (nvme->n_inth[i] == NULL) 3143 break; 3144 3145 if (nvme->n_intr_cap & DDI_INTR_FLAG_BLOCK) 3146 (void) ddi_intr_block_disable(&nvme->n_inth[i], 1); 3147 else 3148 (void) ddi_intr_disable(nvme->n_inth[i]); 3149 3150 (void) ddi_intr_remove_handler(nvme->n_inth[i]); 3151 (void) ddi_intr_free(nvme->n_inth[i]); 3152 } 3153 3154 kmem_free(nvme->n_inth, nvme->n_inth_sz); 3155 nvme->n_inth = NULL; 3156 nvme->n_inth_sz = 0; 3157 3158 nvme->n_progress &= ~NVME_INTERRUPTS; 3159 } 3160 3161 static int 3162 nvme_setup_interrupts(nvme_t *nvme, int intr_type, int nqpairs) 3163 { 3164 int nintrs, navail, count; 3165 int ret; 3166 int i; 3167 3168 if (nvme->n_intr_types == 0) { 3169 ret = ddi_intr_get_supported_types(nvme->n_dip, 3170 &nvme->n_intr_types); 3171 if (ret != DDI_SUCCESS) { 3172 dev_err(nvme->n_dip, CE_WARN, 3173 "!%s: ddi_intr_get_supported types failed", 3174 __func__); 3175 return (ret); 3176 } 3177 #ifdef __x86 3178 if (get_hwenv() == HW_VMWARE) 3179 nvme->n_intr_types &= ~DDI_INTR_TYPE_MSIX; 3180 #endif 3181 } 3182 3183 if ((nvme->n_intr_types & intr_type) == 0) 3184 return (DDI_FAILURE); 3185 3186 ret = ddi_intr_get_nintrs(nvme->n_dip, intr_type, &nintrs); 3187 if (ret != DDI_SUCCESS) { 3188 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_nintrs failed", 3189 __func__); 3190 return (ret); 3191 } 3192 3193 ret = ddi_intr_get_navail(nvme->n_dip, intr_type, &navail); 3194 if (ret != DDI_SUCCESS) { 3195 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_navail failed", 3196 __func__); 3197 return (ret); 3198 } 3199 3200 /* We want at most one interrupt per queue pair. */ 3201 if (navail > nqpairs) 3202 navail = nqpairs; 3203 3204 nvme->n_inth_sz = sizeof (ddi_intr_handle_t) * navail; 3205 nvme->n_inth = kmem_zalloc(nvme->n_inth_sz, KM_SLEEP); 3206 3207 ret = ddi_intr_alloc(nvme->n_dip, nvme->n_inth, intr_type, 0, navail, 3208 &count, 0); 3209 if (ret != DDI_SUCCESS) { 3210 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_alloc failed", 3211 __func__); 3212 goto fail; 3213 } 3214 3215 nvme->n_intr_cnt = count; 3216 3217 ret = ddi_intr_get_pri(nvme->n_inth[0], &nvme->n_intr_pri); 3218 if (ret != DDI_SUCCESS) { 3219 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_pri failed", 3220 __func__); 3221 goto fail; 3222 } 3223 3224 for (i = 0; i < count; i++) { 3225 ret = ddi_intr_add_handler(nvme->n_inth[i], nvme_intr, 3226 (void *)nvme, (void *)(uintptr_t)i); 3227 if (ret != DDI_SUCCESS) { 3228 dev_err(nvme->n_dip, CE_WARN, 3229 "!%s: ddi_intr_add_handler failed", __func__); 3230 goto fail; 3231 } 3232 } 3233 3234 (void) ddi_intr_get_cap(nvme->n_inth[0], &nvme->n_intr_cap); 3235 3236 for (i = 0; i < count; i++) { 3237 if (nvme->n_intr_cap & DDI_INTR_FLAG_BLOCK) 3238 ret = ddi_intr_block_enable(&nvme->n_inth[i], 1); 3239 else 3240 ret = ddi_intr_enable(nvme->n_inth[i]); 3241 3242 if (ret != DDI_SUCCESS) { 3243 dev_err(nvme->n_dip, CE_WARN, 3244 "!%s: enabling interrupt %d failed", __func__, i); 3245 goto fail; 3246 } 3247 } 3248 3249 nvme->n_intr_type = intr_type; 3250 3251 nvme->n_progress |= NVME_INTERRUPTS; 3252 3253 return (DDI_SUCCESS); 3254 3255 fail: 3256 nvme_release_interrupts(nvme); 3257 3258 return (ret); 3259 } 3260 3261 static int 3262 nvme_fm_errcb(dev_info_t *dip, ddi_fm_error_t *fm_error, const void *arg) 3263 { 3264 _NOTE(ARGUNUSED(arg)); 3265 3266 pci_ereport_post(dip, fm_error, NULL); 3267 return (fm_error->fme_status); 3268 } 3269 3270 static int 3271 nvme_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 3272 { 3273 nvme_t *nvme; 3274 int instance; 3275 int nregs; 3276 off_t regsize; 3277 int i; 3278 char name[32]; 3279 bd_ops_t ops = nvme_bd_ops; 3280 3281 if (cmd != DDI_ATTACH) 3282 return (DDI_FAILURE); 3283 3284 instance = ddi_get_instance(dip); 3285 3286 if (ddi_soft_state_zalloc(nvme_state, instance) != DDI_SUCCESS) 3287 return (DDI_FAILURE); 3288 3289 nvme = ddi_get_soft_state(nvme_state, instance); 3290 ddi_set_driver_private(dip, nvme); 3291 nvme->n_dip = dip; 3292 3293 mutex_init(&nvme->n_minor.nm_mutex, NULL, MUTEX_DRIVER, NULL); 3294 3295 nvme->n_strict_version = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3296 DDI_PROP_DONTPASS, "strict-version", 1) == 1 ? B_TRUE : B_FALSE; 3297 nvme->n_ignore_unknown_vendor_status = ddi_prop_get_int(DDI_DEV_T_ANY, 3298 dip, DDI_PROP_DONTPASS, "ignore-unknown-vendor-status", 0) == 1 ? 3299 B_TRUE : B_FALSE; 3300 nvme->n_admin_queue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3301 DDI_PROP_DONTPASS, "admin-queue-len", NVME_DEFAULT_ADMIN_QUEUE_LEN); 3302 nvme->n_io_squeue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3303 DDI_PROP_DONTPASS, "io-squeue-len", NVME_DEFAULT_IO_QUEUE_LEN); 3304 /* 3305 * Double up the default for completion queues in case of 3306 * queue sharing. 3307 */ 3308 nvme->n_io_cqueue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3309 DDI_PROP_DONTPASS, "io-cqueue-len", 2 * NVME_DEFAULT_IO_QUEUE_LEN); 3310 nvme->n_async_event_limit = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3311 DDI_PROP_DONTPASS, "async-event-limit", 3312 NVME_DEFAULT_ASYNC_EVENT_LIMIT); 3313 nvme->n_write_cache_enabled = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3314 DDI_PROP_DONTPASS, "volatile-write-cache-enable", 1) != 0 ? 3315 B_TRUE : B_FALSE; 3316 nvme->n_min_block_size = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3317 DDI_PROP_DONTPASS, "min-phys-block-size", 3318 NVME_DEFAULT_MIN_BLOCK_SIZE); 3319 nvme->n_submission_queues = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3320 DDI_PROP_DONTPASS, "max-submission-queues", -1); 3321 nvme->n_completion_queues = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3322 DDI_PROP_DONTPASS, "max-completion-queues", -1); 3323 3324 if (!ISP2(nvme->n_min_block_size) || 3325 (nvme->n_min_block_size < NVME_DEFAULT_MIN_BLOCK_SIZE)) { 3326 dev_err(dip, CE_WARN, "!min-phys-block-size %s, " 3327 "using default %d", ISP2(nvme->n_min_block_size) ? 3328 "too low" : "not a power of 2", 3329 NVME_DEFAULT_MIN_BLOCK_SIZE); 3330 nvme->n_min_block_size = NVME_DEFAULT_MIN_BLOCK_SIZE; 3331 } 3332 3333 if (nvme->n_submission_queues != -1 && 3334 (nvme->n_submission_queues < 1 || 3335 nvme->n_submission_queues > UINT16_MAX)) { 3336 dev_err(dip, CE_WARN, "!\"submission-queues\"=%d is not " 3337 "valid. Must be [1..%d]", nvme->n_submission_queues, 3338 UINT16_MAX); 3339 nvme->n_submission_queues = -1; 3340 } 3341 3342 if (nvme->n_completion_queues != -1 && 3343 (nvme->n_completion_queues < 1 || 3344 nvme->n_completion_queues > UINT16_MAX)) { 3345 dev_err(dip, CE_WARN, "!\"completion-queues\"=%d is not " 3346 "valid. Must be [1..%d]", nvme->n_completion_queues, 3347 UINT16_MAX); 3348 nvme->n_completion_queues = -1; 3349 } 3350 3351 if (nvme->n_admin_queue_len < NVME_MIN_ADMIN_QUEUE_LEN) 3352 nvme->n_admin_queue_len = NVME_MIN_ADMIN_QUEUE_LEN; 3353 else if (nvme->n_admin_queue_len > NVME_MAX_ADMIN_QUEUE_LEN) 3354 nvme->n_admin_queue_len = NVME_MAX_ADMIN_QUEUE_LEN; 3355 3356 if (nvme->n_io_squeue_len < NVME_MIN_IO_QUEUE_LEN) 3357 nvme->n_io_squeue_len = NVME_MIN_IO_QUEUE_LEN; 3358 if (nvme->n_io_cqueue_len < NVME_MIN_IO_QUEUE_LEN) 3359 nvme->n_io_cqueue_len = NVME_MIN_IO_QUEUE_LEN; 3360 3361 if (nvme->n_async_event_limit < 1) 3362 nvme->n_async_event_limit = NVME_DEFAULT_ASYNC_EVENT_LIMIT; 3363 3364 nvme->n_reg_acc_attr = nvme_reg_acc_attr; 3365 nvme->n_queue_dma_attr = nvme_queue_dma_attr; 3366 nvme->n_prp_dma_attr = nvme_prp_dma_attr; 3367 nvme->n_sgl_dma_attr = nvme_sgl_dma_attr; 3368 3369 /* 3370 * Setup FMA support. 3371 */ 3372 nvme->n_fm_cap = ddi_getprop(DDI_DEV_T_ANY, dip, 3373 DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "fm-capable", 3374 DDI_FM_EREPORT_CAPABLE | DDI_FM_ACCCHK_CAPABLE | 3375 DDI_FM_DMACHK_CAPABLE | DDI_FM_ERRCB_CAPABLE); 3376 3377 ddi_fm_init(dip, &nvme->n_fm_cap, &nvme->n_fm_ibc); 3378 3379 if (nvme->n_fm_cap) { 3380 if (nvme->n_fm_cap & DDI_FM_ACCCHK_CAPABLE) 3381 nvme->n_reg_acc_attr.devacc_attr_access = 3382 DDI_FLAGERR_ACC; 3383 3384 if (nvme->n_fm_cap & DDI_FM_DMACHK_CAPABLE) { 3385 nvme->n_prp_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR; 3386 nvme->n_sgl_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR; 3387 } 3388 3389 if (DDI_FM_EREPORT_CAP(nvme->n_fm_cap) || 3390 DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3391 pci_ereport_setup(dip); 3392 3393 if (DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3394 ddi_fm_handler_register(dip, nvme_fm_errcb, 3395 (void *)nvme); 3396 } 3397 3398 nvme->n_progress |= NVME_FMA_INIT; 3399 3400 /* 3401 * The spec defines several register sets. Only the controller 3402 * registers (set 1) are currently used. 3403 */ 3404 if (ddi_dev_nregs(dip, &nregs) == DDI_FAILURE || 3405 nregs < 2 || 3406 ddi_dev_regsize(dip, 1, ®size) == DDI_FAILURE) 3407 goto fail; 3408 3409 if (ddi_regs_map_setup(dip, 1, &nvme->n_regs, 0, regsize, 3410 &nvme->n_reg_acc_attr, &nvme->n_regh) != DDI_SUCCESS) { 3411 dev_err(dip, CE_WARN, "!failed to map regset 1"); 3412 goto fail; 3413 } 3414 3415 nvme->n_progress |= NVME_REGS_MAPPED; 3416 3417 /* 3418 * Create PRP DMA cache 3419 */ 3420 (void) snprintf(name, sizeof (name), "%s%d_prp_cache", 3421 ddi_driver_name(dip), ddi_get_instance(dip)); 3422 nvme->n_prp_cache = kmem_cache_create(name, sizeof (nvme_dma_t), 3423 0, nvme_prp_dma_constructor, nvme_prp_dma_destructor, 3424 NULL, (void *)nvme, NULL, 0); 3425 3426 if (nvme_init(nvme) != DDI_SUCCESS) 3427 goto fail; 3428 3429 if (!nvme->n_idctl->id_oncs.on_dset_mgmt) 3430 ops.o_free_space = NULL; 3431 3432 /* 3433 * Initialize the driver with the UFM subsystem 3434 */ 3435 if (ddi_ufm_init(dip, DDI_UFM_CURRENT_VERSION, &nvme_ufm_ops, 3436 &nvme->n_ufmh, nvme) != 0) { 3437 dev_err(dip, CE_WARN, "!failed to initialize UFM subsystem"); 3438 goto fail; 3439 } 3440 mutex_init(&nvme->n_fwslot_mutex, NULL, MUTEX_DRIVER, NULL); 3441 ddi_ufm_update(nvme->n_ufmh); 3442 nvme->n_progress |= NVME_UFM_INIT; 3443 3444 /* 3445 * Attach the blkdev driver for each namespace. 3446 */ 3447 for (i = 0; i != nvme->n_namespace_count; i++) { 3448 if (ddi_create_minor_node(nvme->n_dip, nvme->n_ns[i].ns_name, 3449 S_IFCHR, NVME_MINOR(ddi_get_instance(nvme->n_dip), i + 1), 3450 DDI_NT_NVME_ATTACHMENT_POINT, 0) != DDI_SUCCESS) { 3451 dev_err(dip, CE_WARN, 3452 "!failed to create minor node for namespace %d", i); 3453 goto fail; 3454 } 3455 3456 if (nvme->n_ns[i].ns_ignore) 3457 continue; 3458 3459 nvme->n_ns[i].ns_bd_hdl = bd_alloc_handle(&nvme->n_ns[i], 3460 &ops, &nvme->n_prp_dma_attr, KM_SLEEP); 3461 3462 if (nvme->n_ns[i].ns_bd_hdl == NULL) { 3463 dev_err(dip, CE_WARN, 3464 "!failed to get blkdev handle for namespace %d", i); 3465 goto fail; 3466 } 3467 3468 if (bd_attach_handle(dip, nvme->n_ns[i].ns_bd_hdl) 3469 != DDI_SUCCESS) { 3470 dev_err(dip, CE_WARN, 3471 "!failed to attach blkdev handle for namespace %d", 3472 i); 3473 goto fail; 3474 } 3475 } 3476 3477 if (ddi_create_minor_node(dip, "devctl", S_IFCHR, 3478 NVME_MINOR(ddi_get_instance(dip), 0), DDI_NT_NVME_NEXUS, 0) 3479 != DDI_SUCCESS) { 3480 dev_err(dip, CE_WARN, "nvme_attach: " 3481 "cannot create devctl minor node"); 3482 goto fail; 3483 } 3484 3485 return (DDI_SUCCESS); 3486 3487 fail: 3488 /* attach successful anyway so that FMA can retire the device */ 3489 if (nvme->n_dead) 3490 return (DDI_SUCCESS); 3491 3492 (void) nvme_detach(dip, DDI_DETACH); 3493 3494 return (DDI_FAILURE); 3495 } 3496 3497 static int 3498 nvme_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 3499 { 3500 int instance, i; 3501 nvme_t *nvme; 3502 3503 if (cmd != DDI_DETACH) 3504 return (DDI_FAILURE); 3505 3506 instance = ddi_get_instance(dip); 3507 3508 nvme = ddi_get_soft_state(nvme_state, instance); 3509 3510 if (nvme == NULL) 3511 return (DDI_FAILURE); 3512 3513 ddi_remove_minor_node(dip, "devctl"); 3514 mutex_destroy(&nvme->n_minor.nm_mutex); 3515 3516 if (nvme->n_ns) { 3517 for (i = 0; i != nvme->n_namespace_count; i++) { 3518 ddi_remove_minor_node(dip, nvme->n_ns[i].ns_name); 3519 mutex_destroy(&nvme->n_ns[i].ns_minor.nm_mutex); 3520 3521 if (nvme->n_ns[i].ns_bd_hdl) { 3522 (void) bd_detach_handle( 3523 nvme->n_ns[i].ns_bd_hdl); 3524 bd_free_handle(nvme->n_ns[i].ns_bd_hdl); 3525 } 3526 3527 if (nvme->n_ns[i].ns_idns) 3528 kmem_free(nvme->n_ns[i].ns_idns, 3529 sizeof (nvme_identify_nsid_t)); 3530 if (nvme->n_ns[i].ns_devid) 3531 strfree(nvme->n_ns[i].ns_devid); 3532 } 3533 3534 kmem_free(nvme->n_ns, sizeof (nvme_namespace_t) * 3535 nvme->n_namespace_count); 3536 } 3537 if (nvme->n_progress & NVME_UFM_INIT) { 3538 ddi_ufm_fini(nvme->n_ufmh); 3539 mutex_destroy(&nvme->n_fwslot_mutex); 3540 } 3541 3542 if (nvme->n_progress & NVME_INTERRUPTS) 3543 nvme_release_interrupts(nvme); 3544 3545 for (i = 0; i < nvme->n_cq_count; i++) { 3546 if (nvme->n_cq[i]->ncq_cmd_taskq != NULL) 3547 taskq_wait(nvme->n_cq[i]->ncq_cmd_taskq); 3548 } 3549 3550 if (nvme->n_ioq_count > 0) { 3551 for (i = 1; i != nvme->n_ioq_count + 1; i++) { 3552 if (nvme->n_ioq[i] != NULL) { 3553 /* TODO: send destroy queue commands */ 3554 nvme_free_qpair(nvme->n_ioq[i]); 3555 } 3556 } 3557 3558 kmem_free(nvme->n_ioq, sizeof (nvme_qpair_t *) * 3559 (nvme->n_ioq_count + 1)); 3560 } 3561 3562 if (nvme->n_prp_cache != NULL) { 3563 kmem_cache_destroy(nvme->n_prp_cache); 3564 } 3565 3566 if (nvme->n_progress & NVME_REGS_MAPPED) { 3567 nvme_shutdown(nvme, NVME_CC_SHN_NORMAL, B_FALSE); 3568 (void) nvme_reset(nvme, B_FALSE); 3569 } 3570 3571 if (nvme->n_progress & NVME_CTRL_LIMITS) 3572 sema_destroy(&nvme->n_abort_sema); 3573 3574 if (nvme->n_progress & NVME_ADMIN_QUEUE) 3575 nvme_free_qpair(nvme->n_adminq); 3576 3577 if (nvme->n_cq_count > 0) { 3578 nvme_destroy_cq_array(nvme, 0); 3579 nvme->n_cq = NULL; 3580 nvme->n_cq_count = 0; 3581 } 3582 3583 if (nvme->n_idctl) 3584 kmem_free(nvme->n_idctl, NVME_IDENTIFY_BUFSIZE); 3585 3586 if (nvme->n_progress & NVME_REGS_MAPPED) 3587 ddi_regs_map_free(&nvme->n_regh); 3588 3589 if (nvme->n_progress & NVME_FMA_INIT) { 3590 if (DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3591 ddi_fm_handler_unregister(nvme->n_dip); 3592 3593 if (DDI_FM_EREPORT_CAP(nvme->n_fm_cap) || 3594 DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3595 pci_ereport_teardown(nvme->n_dip); 3596 3597 ddi_fm_fini(nvme->n_dip); 3598 } 3599 3600 if (nvme->n_vendor != NULL) 3601 strfree(nvme->n_vendor); 3602 3603 if (nvme->n_product != NULL) 3604 strfree(nvme->n_product); 3605 3606 ddi_soft_state_free(nvme_state, instance); 3607 3608 return (DDI_SUCCESS); 3609 } 3610 3611 static int 3612 nvme_quiesce(dev_info_t *dip) 3613 { 3614 int instance; 3615 nvme_t *nvme; 3616 3617 instance = ddi_get_instance(dip); 3618 3619 nvme = ddi_get_soft_state(nvme_state, instance); 3620 3621 if (nvme == NULL) 3622 return (DDI_FAILURE); 3623 3624 nvme_shutdown(nvme, NVME_CC_SHN_ABRUPT, B_TRUE); 3625 3626 (void) nvme_reset(nvme, B_TRUE); 3627 3628 return (DDI_FAILURE); 3629 } 3630 3631 static int 3632 nvme_fill_prp(nvme_cmd_t *cmd, bd_xfer_t *xfer) 3633 { 3634 nvme_t *nvme = cmd->nc_nvme; 3635 int nprp_page, nprp; 3636 uint64_t *prp; 3637 3638 if (xfer->x_ndmac == 0) 3639 return (DDI_FAILURE); 3640 3641 cmd->nc_sqe.sqe_dptr.d_prp[0] = xfer->x_dmac.dmac_laddress; 3642 3643 if (xfer->x_ndmac == 1) { 3644 cmd->nc_sqe.sqe_dptr.d_prp[1] = 0; 3645 return (DDI_SUCCESS); 3646 } else if (xfer->x_ndmac == 2) { 3647 ddi_dma_nextcookie(xfer->x_dmah, &xfer->x_dmac); 3648 cmd->nc_sqe.sqe_dptr.d_prp[1] = xfer->x_dmac.dmac_laddress; 3649 return (DDI_SUCCESS); 3650 } 3651 3652 xfer->x_ndmac--; 3653 3654 nprp_page = nvme->n_pagesize / sizeof (uint64_t); 3655 ASSERT(nprp_page > 0); 3656 nprp = (xfer->x_ndmac + nprp_page - 1) / nprp_page; 3657 3658 /* 3659 * We currently don't support chained PRPs and set up our DMA 3660 * attributes to reflect that. If we still get an I/O request 3661 * that needs a chained PRP something is very wrong. 3662 */ 3663 VERIFY(nprp == 1); 3664 3665 cmd->nc_dma = kmem_cache_alloc(nvme->n_prp_cache, KM_SLEEP); 3666 bzero(cmd->nc_dma->nd_memp, cmd->nc_dma->nd_len); 3667 3668 cmd->nc_sqe.sqe_dptr.d_prp[1] = cmd->nc_dma->nd_cookie.dmac_laddress; 3669 3670 /*LINTED: E_PTR_BAD_CAST_ALIGN*/ 3671 for (prp = (uint64_t *)cmd->nc_dma->nd_memp; 3672 xfer->x_ndmac > 0; 3673 prp++, xfer->x_ndmac--) { 3674 ddi_dma_nextcookie(xfer->x_dmah, &xfer->x_dmac); 3675 *prp = xfer->x_dmac.dmac_laddress; 3676 } 3677 3678 (void) ddi_dma_sync(cmd->nc_dma->nd_dmah, 0, cmd->nc_dma->nd_len, 3679 DDI_DMA_SYNC_FORDEV); 3680 return (DDI_SUCCESS); 3681 } 3682 3683 /* 3684 * The maximum number of requests supported for a deallocate request is 3685 * NVME_DSET_MGMT_MAX_RANGES (256) -- this is from the NVMe 1.1 spec (and 3686 * unchanged through at least 1.4a). The definition of nvme_range_t is also 3687 * from the NVMe 1.1 spec. Together, the result is that all of the ranges for 3688 * a deallocate request will fit into the smallest supported namespace page 3689 * (4k). 3690 */ 3691 CTASSERT(sizeof (nvme_range_t) * NVME_DSET_MGMT_MAX_RANGES == 4096); 3692 3693 static int 3694 nvme_fill_ranges(nvme_cmd_t *cmd, bd_xfer_t *xfer, uint64_t blocksize, 3695 int allocflag) 3696 { 3697 const dkioc_free_list_t *dfl = xfer->x_dfl; 3698 const dkioc_free_list_ext_t *exts = dfl->dfl_exts; 3699 nvme_t *nvme = cmd->nc_nvme; 3700 nvme_range_t *ranges = NULL; 3701 uint_t i; 3702 3703 /* 3704 * The number of ranges in the request is 0s based (that is 3705 * word10 == 0 -> 1 range, word10 == 1 -> 2 ranges, ..., 3706 * word10 == 255 -> 256 ranges). Therefore the allowed values are 3707 * [1..NVME_DSET_MGMT_MAX_RANGES]. If blkdev gives us a bad request, 3708 * we either provided bad info in nvme_bd_driveinfo() or there is a bug 3709 * in blkdev. 3710 */ 3711 VERIFY3U(dfl->dfl_num_exts, >, 0); 3712 VERIFY3U(dfl->dfl_num_exts, <=, NVME_DSET_MGMT_MAX_RANGES); 3713 cmd->nc_sqe.sqe_cdw10 = (dfl->dfl_num_exts - 1) & 0xff; 3714 3715 cmd->nc_sqe.sqe_cdw11 = NVME_DSET_MGMT_ATTR_DEALLOCATE; 3716 3717 cmd->nc_dma = kmem_cache_alloc(nvme->n_prp_cache, allocflag); 3718 if (cmd->nc_dma == NULL) 3719 return (DDI_FAILURE); 3720 3721 bzero(cmd->nc_dma->nd_memp, cmd->nc_dma->nd_len); 3722 ranges = (nvme_range_t *)cmd->nc_dma->nd_memp; 3723 3724 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 3725 cmd->nc_sqe.sqe_dptr.d_prp[1] = 0; 3726 3727 for (i = 0; i < dfl->dfl_num_exts; i++) { 3728 uint64_t lba, len; 3729 3730 lba = (dfl->dfl_offset + exts[i].dfle_start) / blocksize; 3731 len = exts[i].dfle_length / blocksize; 3732 3733 VERIFY3U(len, <=, UINT32_MAX); 3734 3735 /* No context attributes for a deallocate request */ 3736 ranges[i].nr_ctxattr = 0; 3737 ranges[i].nr_len = len; 3738 ranges[i].nr_lba = lba; 3739 } 3740 3741 (void) ddi_dma_sync(cmd->nc_dma->nd_dmah, 0, cmd->nc_dma->nd_len, 3742 DDI_DMA_SYNC_FORDEV); 3743 3744 return (DDI_SUCCESS); 3745 } 3746 3747 static nvme_cmd_t * 3748 nvme_create_nvm_cmd(nvme_namespace_t *ns, uint8_t opc, bd_xfer_t *xfer) 3749 { 3750 nvme_t *nvme = ns->ns_nvme; 3751 nvme_cmd_t *cmd; 3752 int allocflag; 3753 3754 /* 3755 * Blkdev only sets BD_XFER_POLL when dumping, so don't sleep. 3756 */ 3757 allocflag = (xfer->x_flags & BD_XFER_POLL) ? KM_NOSLEEP : KM_SLEEP; 3758 cmd = nvme_alloc_cmd(nvme, allocflag); 3759 3760 if (cmd == NULL) 3761 return (NULL); 3762 3763 cmd->nc_sqe.sqe_opc = opc; 3764 cmd->nc_callback = nvme_bd_xfer_done; 3765 cmd->nc_xfer = xfer; 3766 3767 switch (opc) { 3768 case NVME_OPC_NVM_WRITE: 3769 case NVME_OPC_NVM_READ: 3770 VERIFY(xfer->x_nblks <= 0x10000); 3771 3772 cmd->nc_sqe.sqe_nsid = ns->ns_id; 3773 3774 cmd->nc_sqe.sqe_cdw10 = xfer->x_blkno & 0xffffffffu; 3775 cmd->nc_sqe.sqe_cdw11 = (xfer->x_blkno >> 32); 3776 cmd->nc_sqe.sqe_cdw12 = (uint16_t)(xfer->x_nblks - 1); 3777 3778 if (nvme_fill_prp(cmd, xfer) != DDI_SUCCESS) 3779 goto fail; 3780 break; 3781 3782 case NVME_OPC_NVM_FLUSH: 3783 cmd->nc_sqe.sqe_nsid = ns->ns_id; 3784 break; 3785 3786 case NVME_OPC_NVM_DSET_MGMT: 3787 cmd->nc_sqe.sqe_nsid = ns->ns_id; 3788 3789 if (nvme_fill_ranges(cmd, xfer, 3790 (uint64_t)ns->ns_block_size, allocflag) != DDI_SUCCESS) 3791 goto fail; 3792 break; 3793 3794 default: 3795 goto fail; 3796 } 3797 3798 return (cmd); 3799 3800 fail: 3801 nvme_free_cmd(cmd); 3802 return (NULL); 3803 } 3804 3805 static void 3806 nvme_bd_xfer_done(void *arg) 3807 { 3808 nvme_cmd_t *cmd = arg; 3809 bd_xfer_t *xfer = cmd->nc_xfer; 3810 int error = 0; 3811 3812 error = nvme_check_cmd_status(cmd); 3813 nvme_free_cmd(cmd); 3814 3815 bd_xfer_done(xfer, error); 3816 } 3817 3818 static void 3819 nvme_bd_driveinfo(void *arg, bd_drive_t *drive) 3820 { 3821 nvme_namespace_t *ns = arg; 3822 nvme_t *nvme = ns->ns_nvme; 3823 uint_t ns_count = MAX(1, nvme->n_namespaces_attachable); 3824 3825 /* 3826 * Set the blkdev qcount to the number of submission queues. 3827 * It will then create one waitq/runq pair for each submission 3828 * queue and spread I/O requests across the queues. 3829 */ 3830 drive->d_qcount = nvme->n_ioq_count; 3831 3832 /* 3833 * I/O activity to individual namespaces is distributed across 3834 * each of the d_qcount blkdev queues (which has been set to 3835 * the number of nvme submission queues). d_qsize is the number 3836 * of submitted and not completed I/Os within each queue that blkdev 3837 * will allow before it starts holding them in the waitq. 3838 * 3839 * Each namespace will create a child blkdev instance, for each one 3840 * we try and set the d_qsize so that each namespace gets an 3841 * equal portion of the submission queue. 3842 * 3843 * If post instantiation of the nvme drive, n_namespaces_attachable 3844 * changes and a namespace is attached it could calculate a 3845 * different d_qsize. It may even be that the sum of the d_qsizes is 3846 * now beyond the submission queue size. Should that be the case 3847 * and the I/O rate is such that blkdev attempts to submit more 3848 * I/Os than the size of the submission queue, the excess I/Os 3849 * will be held behind the semaphore nq_sema. 3850 */ 3851 drive->d_qsize = nvme->n_io_squeue_len / ns_count; 3852 3853 /* 3854 * Don't let the queue size drop below the minimum, though. 3855 */ 3856 drive->d_qsize = MAX(drive->d_qsize, NVME_MIN_IO_QUEUE_LEN); 3857 3858 /* 3859 * d_maxxfer is not set, which means the value is taken from the DMA 3860 * attributes specified to bd_alloc_handle. 3861 */ 3862 3863 drive->d_removable = B_FALSE; 3864 drive->d_hotpluggable = B_FALSE; 3865 3866 bcopy(ns->ns_eui64, drive->d_eui64, sizeof (drive->d_eui64)); 3867 drive->d_target = ns->ns_id; 3868 drive->d_lun = 0; 3869 3870 drive->d_model = nvme->n_idctl->id_model; 3871 drive->d_model_len = sizeof (nvme->n_idctl->id_model); 3872 drive->d_vendor = nvme->n_vendor; 3873 drive->d_vendor_len = strlen(nvme->n_vendor); 3874 drive->d_product = nvme->n_product; 3875 drive->d_product_len = strlen(nvme->n_product); 3876 drive->d_serial = nvme->n_idctl->id_serial; 3877 drive->d_serial_len = sizeof (nvme->n_idctl->id_serial); 3878 drive->d_revision = nvme->n_idctl->id_fwrev; 3879 drive->d_revision_len = sizeof (nvme->n_idctl->id_fwrev); 3880 3881 /* 3882 * If we support the dataset management command, the only restrictions 3883 * on a discard request are the maximum number of ranges (segments) 3884 * per single request. 3885 */ 3886 if (nvme->n_idctl->id_oncs.on_dset_mgmt) 3887 drive->d_max_free_seg = NVME_DSET_MGMT_MAX_RANGES; 3888 } 3889 3890 static int 3891 nvme_bd_mediainfo(void *arg, bd_media_t *media) 3892 { 3893 nvme_namespace_t *ns = arg; 3894 3895 media->m_nblks = ns->ns_block_count; 3896 media->m_blksize = ns->ns_block_size; 3897 media->m_readonly = B_FALSE; 3898 media->m_solidstate = B_TRUE; 3899 3900 media->m_pblksize = ns->ns_best_block_size; 3901 3902 return (0); 3903 } 3904 3905 static int 3906 nvme_bd_cmd(nvme_namespace_t *ns, bd_xfer_t *xfer, uint8_t opc) 3907 { 3908 nvme_t *nvme = ns->ns_nvme; 3909 nvme_cmd_t *cmd; 3910 nvme_qpair_t *ioq; 3911 boolean_t poll; 3912 int ret; 3913 3914 if (nvme->n_dead) 3915 return (EIO); 3916 3917 cmd = nvme_create_nvm_cmd(ns, opc, xfer); 3918 if (cmd == NULL) 3919 return (ENOMEM); 3920 3921 cmd->nc_sqid = xfer->x_qnum + 1; 3922 ASSERT(cmd->nc_sqid <= nvme->n_ioq_count); 3923 ioq = nvme->n_ioq[cmd->nc_sqid]; 3924 3925 /* 3926 * Get the polling flag before submitting the command. The command may 3927 * complete immediately after it was submitted, which means we must 3928 * treat both cmd and xfer as if they have been freed already. 3929 */ 3930 poll = (xfer->x_flags & BD_XFER_POLL) != 0; 3931 3932 ret = nvme_submit_io_cmd(ioq, cmd); 3933 3934 if (ret != 0) 3935 return (ret); 3936 3937 if (!poll) 3938 return (0); 3939 3940 do { 3941 cmd = nvme_retrieve_cmd(nvme, ioq); 3942 if (cmd != NULL) 3943 cmd->nc_callback(cmd); 3944 else 3945 drv_usecwait(10); 3946 } while (ioq->nq_active_cmds != 0); 3947 3948 return (0); 3949 } 3950 3951 static int 3952 nvme_bd_read(void *arg, bd_xfer_t *xfer) 3953 { 3954 nvme_namespace_t *ns = arg; 3955 3956 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_READ)); 3957 } 3958 3959 static int 3960 nvme_bd_write(void *arg, bd_xfer_t *xfer) 3961 { 3962 nvme_namespace_t *ns = arg; 3963 3964 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_WRITE)); 3965 } 3966 3967 static int 3968 nvme_bd_sync(void *arg, bd_xfer_t *xfer) 3969 { 3970 nvme_namespace_t *ns = arg; 3971 3972 if (ns->ns_nvme->n_dead) 3973 return (EIO); 3974 3975 /* 3976 * If the volatile write cache is not present or not enabled the FLUSH 3977 * command is a no-op, so we can take a shortcut here. 3978 */ 3979 if (!ns->ns_nvme->n_write_cache_present) { 3980 bd_xfer_done(xfer, ENOTSUP); 3981 return (0); 3982 } 3983 3984 if (!ns->ns_nvme->n_write_cache_enabled) { 3985 bd_xfer_done(xfer, 0); 3986 return (0); 3987 } 3988 3989 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_FLUSH)); 3990 } 3991 3992 static int 3993 nvme_bd_devid(void *arg, dev_info_t *devinfo, ddi_devid_t *devid) 3994 { 3995 nvme_namespace_t *ns = arg; 3996 3997 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 3998 if (*(uint64_t *)ns->ns_eui64 != 0) { 3999 return (ddi_devid_init(devinfo, DEVID_SCSI3_WWN, 4000 sizeof (ns->ns_eui64), ns->ns_eui64, devid)); 4001 } else { 4002 return (ddi_devid_init(devinfo, DEVID_ENCAP, 4003 strlen(ns->ns_devid), ns->ns_devid, devid)); 4004 } 4005 } 4006 4007 static int 4008 nvme_bd_free_space(void *arg, bd_xfer_t *xfer) 4009 { 4010 nvme_namespace_t *ns = arg; 4011 4012 if (xfer->x_dfl == NULL) 4013 return (EINVAL); 4014 4015 if (!ns->ns_nvme->n_idctl->id_oncs.on_dset_mgmt) 4016 return (ENOTSUP); 4017 4018 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_DSET_MGMT)); 4019 } 4020 4021 static int 4022 nvme_open(dev_t *devp, int flag, int otyp, cred_t *cred_p) 4023 { 4024 #ifndef __lock_lint 4025 _NOTE(ARGUNUSED(cred_p)); 4026 #endif 4027 minor_t minor = getminor(*devp); 4028 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4029 int nsid = NVME_MINOR_NSID(minor); 4030 nvme_minor_state_t *nm; 4031 int rv = 0; 4032 4033 if (otyp != OTYP_CHR) 4034 return (EINVAL); 4035 4036 if (nvme == NULL) 4037 return (ENXIO); 4038 4039 if (nsid > nvme->n_namespace_count) 4040 return (ENXIO); 4041 4042 if (nvme->n_dead) 4043 return (EIO); 4044 4045 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[nsid - 1].ns_minor; 4046 4047 mutex_enter(&nm->nm_mutex); 4048 if (nm->nm_oexcl) { 4049 rv = EBUSY; 4050 goto out; 4051 } 4052 4053 if (flag & FEXCL) { 4054 if (nm->nm_ocnt != 0) { 4055 rv = EBUSY; 4056 goto out; 4057 } 4058 nm->nm_oexcl = B_TRUE; 4059 } 4060 4061 nm->nm_ocnt++; 4062 4063 out: 4064 mutex_exit(&nm->nm_mutex); 4065 return (rv); 4066 4067 } 4068 4069 static int 4070 nvme_close(dev_t dev, int flag, int otyp, cred_t *cred_p) 4071 { 4072 #ifndef __lock_lint 4073 _NOTE(ARGUNUSED(cred_p)); 4074 _NOTE(ARGUNUSED(flag)); 4075 #endif 4076 minor_t minor = getminor(dev); 4077 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4078 int nsid = NVME_MINOR_NSID(minor); 4079 nvme_minor_state_t *nm; 4080 4081 if (otyp != OTYP_CHR) 4082 return (ENXIO); 4083 4084 if (nvme == NULL) 4085 return (ENXIO); 4086 4087 if (nsid > nvme->n_namespace_count) 4088 return (ENXIO); 4089 4090 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[nsid - 1].ns_minor; 4091 4092 mutex_enter(&nm->nm_mutex); 4093 if (nm->nm_oexcl) 4094 nm->nm_oexcl = B_FALSE; 4095 4096 ASSERT(nm->nm_ocnt > 0); 4097 nm->nm_ocnt--; 4098 mutex_exit(&nm->nm_mutex); 4099 4100 return (0); 4101 } 4102 4103 static int 4104 nvme_ioctl_identify(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4105 cred_t *cred_p) 4106 { 4107 _NOTE(ARGUNUSED(cred_p)); 4108 int rv = 0; 4109 void *idctl; 4110 4111 if ((mode & FREAD) == 0) 4112 return (EPERM); 4113 4114 if (nioc->n_len < NVME_IDENTIFY_BUFSIZE) 4115 return (EINVAL); 4116 4117 if ((rv = nvme_identify(nvme, B_TRUE, nsid, (void **)&idctl)) != 0) 4118 return (rv); 4119 4120 if (ddi_copyout(idctl, (void *)nioc->n_buf, NVME_IDENTIFY_BUFSIZE, mode) 4121 != 0) 4122 rv = EFAULT; 4123 4124 kmem_free(idctl, NVME_IDENTIFY_BUFSIZE); 4125 4126 return (rv); 4127 } 4128 4129 /* 4130 * Execute commands on behalf of the various ioctls. 4131 */ 4132 static int 4133 nvme_ioc_cmd(nvme_t *nvme, nvme_sqe_t *sqe, boolean_t is_admin, void *data_addr, 4134 uint32_t data_len, int rwk, nvme_cqe_t *cqe, uint_t timeout) 4135 { 4136 nvme_cmd_t *cmd; 4137 nvme_qpair_t *ioq; 4138 int rv = 0; 4139 4140 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 4141 if (is_admin) { 4142 cmd->nc_sqid = 0; 4143 ioq = nvme->n_adminq; 4144 } else { 4145 cmd->nc_sqid = (CPU->cpu_id % nvme->n_ioq_count) + 1; 4146 ASSERT(cmd->nc_sqid <= nvme->n_ioq_count); 4147 ioq = nvme->n_ioq[cmd->nc_sqid]; 4148 } 4149 4150 cmd->nc_callback = nvme_wakeup_cmd; 4151 cmd->nc_sqe = *sqe; 4152 4153 if ((rwk & (FREAD | FWRITE)) != 0) { 4154 if (data_addr == NULL) { 4155 rv = EINVAL; 4156 goto free_cmd; 4157 } 4158 4159 /* 4160 * Because we use PRPs and haven't implemented PRP 4161 * lists here, the maximum data size is restricted to 4162 * 2 pages. 4163 */ 4164 if (data_len > 2 * nvme->n_pagesize) { 4165 dev_err(nvme->n_dip, CE_WARN, "!Data size %u is too " 4166 "large for nvme_ioc_cmd(). Limit is 2 pages " 4167 "(%u bytes)", data_len, 2 * nvme->n_pagesize); 4168 4169 rv = EINVAL; 4170 goto free_cmd; 4171 } 4172 4173 if (nvme_zalloc_dma(nvme, data_len, DDI_DMA_READ, 4174 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 4175 dev_err(nvme->n_dip, CE_WARN, 4176 "!nvme_zalloc_dma failed for nvme_ioc_cmd()"); 4177 4178 rv = ENOMEM; 4179 goto free_cmd; 4180 } 4181 4182 if (cmd->nc_dma->nd_ncookie > 2) { 4183 dev_err(nvme->n_dip, CE_WARN, 4184 "!too many DMA cookies for nvme_ioc_cmd()"); 4185 atomic_inc_32(&nvme->n_too_many_cookies); 4186 4187 rv = E2BIG; 4188 goto free_cmd; 4189 } 4190 4191 cmd->nc_sqe.sqe_dptr.d_prp[0] = 4192 cmd->nc_dma->nd_cookie.dmac_laddress; 4193 4194 if (cmd->nc_dma->nd_ncookie > 1) { 4195 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 4196 &cmd->nc_dma->nd_cookie); 4197 cmd->nc_sqe.sqe_dptr.d_prp[1] = 4198 cmd->nc_dma->nd_cookie.dmac_laddress; 4199 } 4200 4201 if ((rwk & FWRITE) != 0) { 4202 if (ddi_copyin(data_addr, cmd->nc_dma->nd_memp, 4203 data_len, rwk & FKIOCTL) != 0) { 4204 rv = EFAULT; 4205 goto free_cmd; 4206 } 4207 } 4208 } 4209 4210 if (is_admin) { 4211 nvme_admin_cmd(cmd, timeout); 4212 } else { 4213 mutex_enter(&cmd->nc_mutex); 4214 4215 rv = nvme_submit_io_cmd(ioq, cmd); 4216 4217 if (rv == EAGAIN) { 4218 mutex_exit(&cmd->nc_mutex); 4219 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 4220 "!nvme_ioc_cmd() failed, I/O Q full"); 4221 goto free_cmd; 4222 } 4223 4224 nvme_wait_cmd(cmd, timeout); 4225 4226 mutex_exit(&cmd->nc_mutex); 4227 } 4228 4229 if (cqe != NULL) 4230 *cqe = cmd->nc_cqe; 4231 4232 if ((rv = nvme_check_cmd_status(cmd)) != 0) { 4233 dev_err(nvme->n_dip, CE_WARN, 4234 "!nvme_ioc_cmd() failed with sct = %x, sc = %x", 4235 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 4236 4237 goto free_cmd; 4238 } 4239 4240 if ((rwk & FREAD) != 0) { 4241 if (ddi_copyout(cmd->nc_dma->nd_memp, 4242 data_addr, data_len, rwk & FKIOCTL) != 0) 4243 rv = EFAULT; 4244 } 4245 4246 free_cmd: 4247 nvme_free_cmd(cmd); 4248 4249 return (rv); 4250 } 4251 4252 static int 4253 nvme_ioctl_capabilities(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4254 int mode, cred_t *cred_p) 4255 { 4256 _NOTE(ARGUNUSED(nsid, cred_p)); 4257 int rv = 0; 4258 nvme_reg_cap_t cap = { 0 }; 4259 nvme_capabilities_t nc; 4260 4261 if ((mode & FREAD) == 0) 4262 return (EPERM); 4263 4264 if (nioc->n_len < sizeof (nc)) 4265 return (EINVAL); 4266 4267 cap.r = nvme_get64(nvme, NVME_REG_CAP); 4268 4269 /* 4270 * The MPSMIN and MPSMAX fields in the CAP register use 0 to 4271 * specify the base page size of 4k (1<<12), so add 12 here to 4272 * get the real page size value. 4273 */ 4274 nc.mpsmax = 1 << (12 + cap.b.cap_mpsmax); 4275 nc.mpsmin = 1 << (12 + cap.b.cap_mpsmin); 4276 4277 if (ddi_copyout(&nc, (void *)nioc->n_buf, sizeof (nc), mode) != 0) 4278 rv = EFAULT; 4279 4280 return (rv); 4281 } 4282 4283 static int 4284 nvme_ioctl_get_logpage(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4285 int mode, cred_t *cred_p) 4286 { 4287 _NOTE(ARGUNUSED(cred_p)); 4288 void *log = NULL; 4289 size_t bufsize = 0; 4290 int rv = 0; 4291 4292 if ((mode & FREAD) == 0) 4293 return (EPERM); 4294 4295 switch (nioc->n_arg) { 4296 case NVME_LOGPAGE_ERROR: 4297 if (nsid != 0) 4298 return (EINVAL); 4299 break; 4300 case NVME_LOGPAGE_HEALTH: 4301 if (nsid != 0 && nvme->n_idctl->id_lpa.lp_smart == 0) 4302 return (EINVAL); 4303 4304 if (nsid == 0) 4305 nsid = (uint32_t)-1; 4306 4307 break; 4308 case NVME_LOGPAGE_FWSLOT: 4309 if (nsid != 0) 4310 return (EINVAL); 4311 break; 4312 default: 4313 return (EINVAL); 4314 } 4315 4316 if (nvme_get_logpage(nvme, B_TRUE, &log, &bufsize, nioc->n_arg, nsid) 4317 != DDI_SUCCESS) 4318 return (EIO); 4319 4320 if (nioc->n_len < bufsize) { 4321 kmem_free(log, bufsize); 4322 return (EINVAL); 4323 } 4324 4325 if (ddi_copyout(log, (void *)nioc->n_buf, bufsize, mode) != 0) 4326 rv = EFAULT; 4327 4328 nioc->n_len = bufsize; 4329 kmem_free(log, bufsize); 4330 4331 return (rv); 4332 } 4333 4334 static int 4335 nvme_ioctl_get_features(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4336 int mode, cred_t *cred_p) 4337 { 4338 _NOTE(ARGUNUSED(cred_p)); 4339 void *buf = NULL; 4340 size_t bufsize = 0; 4341 uint32_t res = 0; 4342 uint8_t feature; 4343 int rv = 0; 4344 4345 if ((mode & FREAD) == 0) 4346 return (EPERM); 4347 4348 if ((nioc->n_arg >> 32) > 0xff) 4349 return (EINVAL); 4350 4351 feature = (uint8_t)(nioc->n_arg >> 32); 4352 4353 switch (feature) { 4354 case NVME_FEAT_ARBITRATION: 4355 case NVME_FEAT_POWER_MGMT: 4356 case NVME_FEAT_ERROR: 4357 case NVME_FEAT_NQUEUES: 4358 case NVME_FEAT_INTR_COAL: 4359 case NVME_FEAT_WRITE_ATOM: 4360 case NVME_FEAT_ASYNC_EVENT: 4361 case NVME_FEAT_PROGRESS: 4362 if (nsid != 0) 4363 return (EINVAL); 4364 break; 4365 4366 case NVME_FEAT_TEMPERATURE: 4367 if (nsid != 0) 4368 return (EINVAL); 4369 res = nioc->n_arg & 0xffffffffUL; 4370 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 2)) { 4371 nvme_temp_threshold_t tt; 4372 4373 tt.r = res; 4374 if (tt.b.tt_thsel != NVME_TEMP_THRESH_OVER && 4375 tt.b.tt_thsel != NVME_TEMP_THRESH_UNDER) { 4376 return (EINVAL); 4377 } 4378 4379 if (tt.b.tt_tmpsel > NVME_TEMP_THRESH_MAX_SENSOR) { 4380 return (EINVAL); 4381 } 4382 } else if (res != 0) { 4383 return (EINVAL); 4384 } 4385 break; 4386 4387 case NVME_FEAT_INTR_VECT: 4388 if (nsid != 0) 4389 return (EINVAL); 4390 4391 res = nioc->n_arg & 0xffffffffUL; 4392 if (res >= nvme->n_intr_cnt) 4393 return (EINVAL); 4394 break; 4395 4396 case NVME_FEAT_LBA_RANGE: 4397 if (nvme->n_lba_range_supported == B_FALSE) 4398 return (EINVAL); 4399 4400 if (nsid == 0 || 4401 nsid > nvme->n_namespace_count) 4402 return (EINVAL); 4403 4404 break; 4405 4406 case NVME_FEAT_WRITE_CACHE: 4407 if (nsid != 0) 4408 return (EINVAL); 4409 4410 if (!nvme->n_write_cache_present) 4411 return (EINVAL); 4412 4413 break; 4414 4415 case NVME_FEAT_AUTO_PST: 4416 if (nsid != 0) 4417 return (EINVAL); 4418 4419 if (!nvme->n_auto_pst_supported) 4420 return (EINVAL); 4421 4422 break; 4423 4424 default: 4425 return (EINVAL); 4426 } 4427 4428 rv = nvme_get_features(nvme, B_TRUE, nsid, feature, &res, &buf, 4429 &bufsize); 4430 if (rv != 0) 4431 return (rv); 4432 4433 if (nioc->n_len < bufsize) { 4434 kmem_free(buf, bufsize); 4435 return (EINVAL); 4436 } 4437 4438 if (buf && ddi_copyout(buf, (void*)nioc->n_buf, bufsize, mode) != 0) 4439 rv = EFAULT; 4440 4441 kmem_free(buf, bufsize); 4442 nioc->n_arg = res; 4443 nioc->n_len = bufsize; 4444 4445 return (rv); 4446 } 4447 4448 static int 4449 nvme_ioctl_intr_cnt(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4450 cred_t *cred_p) 4451 { 4452 _NOTE(ARGUNUSED(nsid, mode, cred_p)); 4453 4454 if ((mode & FREAD) == 0) 4455 return (EPERM); 4456 4457 nioc->n_arg = nvme->n_intr_cnt; 4458 return (0); 4459 } 4460 4461 static int 4462 nvme_ioctl_version(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4463 cred_t *cred_p) 4464 { 4465 _NOTE(ARGUNUSED(nsid, cred_p)); 4466 int rv = 0; 4467 4468 if ((mode & FREAD) == 0) 4469 return (EPERM); 4470 4471 if (nioc->n_len < sizeof (nvme->n_version)) 4472 return (ENOMEM); 4473 4474 if (ddi_copyout(&nvme->n_version, (void *)nioc->n_buf, 4475 sizeof (nvme->n_version), mode) != 0) 4476 rv = EFAULT; 4477 4478 return (rv); 4479 } 4480 4481 static int 4482 nvme_ioctl_format(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4483 cred_t *cred_p) 4484 { 4485 _NOTE(ARGUNUSED(mode)); 4486 nvme_format_nvm_t frmt = { 0 }; 4487 int c_nsid = nsid != 0 ? nsid - 1 : 0; 4488 4489 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4490 return (EPERM); 4491 4492 frmt.r = nioc->n_arg & 0xffffffff; 4493 4494 /* 4495 * Check whether the FORMAT NVM command is supported. 4496 */ 4497 if (nvme->n_idctl->id_oacs.oa_format == 0) 4498 return (EINVAL); 4499 4500 /* 4501 * Don't allow format or secure erase of individual namespace if that 4502 * would cause a format or secure erase of all namespaces. 4503 */ 4504 if (nsid != 0 && nvme->n_idctl->id_fna.fn_format != 0) 4505 return (EINVAL); 4506 4507 if (nsid != 0 && frmt.b.fm_ses != NVME_FRMT_SES_NONE && 4508 nvme->n_idctl->id_fna.fn_sec_erase != 0) 4509 return (EINVAL); 4510 4511 /* 4512 * Don't allow formatting with Protection Information. 4513 */ 4514 if (frmt.b.fm_pi != 0 || frmt.b.fm_pil != 0 || frmt.b.fm_ms != 0) 4515 return (EINVAL); 4516 4517 /* 4518 * Don't allow formatting using an illegal LBA format, or any LBA format 4519 * that uses metadata. 4520 */ 4521 if (frmt.b.fm_lbaf > nvme->n_ns[c_nsid].ns_idns->id_nlbaf || 4522 nvme->n_ns[c_nsid].ns_idns->id_lbaf[frmt.b.fm_lbaf].lbaf_ms != 0) 4523 return (EINVAL); 4524 4525 /* 4526 * Don't allow formatting using an illegal Secure Erase setting. 4527 */ 4528 if (frmt.b.fm_ses > NVME_FRMT_MAX_SES || 4529 (frmt.b.fm_ses == NVME_FRMT_SES_CRYPTO && 4530 nvme->n_idctl->id_fna.fn_crypt_erase == 0)) 4531 return (EINVAL); 4532 4533 if (nsid == 0) 4534 nsid = (uint32_t)-1; 4535 4536 return (nvme_format_nvm(nvme, B_TRUE, nsid, frmt.b.fm_lbaf, B_FALSE, 0, 4537 B_FALSE, frmt.b.fm_ses)); 4538 } 4539 4540 static int 4541 nvme_ioctl_detach(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4542 cred_t *cred_p) 4543 { 4544 _NOTE(ARGUNUSED(nioc, mode)); 4545 int rv = 0; 4546 4547 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4548 return (EPERM); 4549 4550 if (nsid == 0) 4551 return (EINVAL); 4552 4553 if (nvme->n_ns[nsid - 1].ns_ignore) 4554 return (0); 4555 4556 rv = bd_detach_handle(nvme->n_ns[nsid - 1].ns_bd_hdl); 4557 if (rv != DDI_SUCCESS) 4558 rv = EBUSY; 4559 4560 return (rv); 4561 } 4562 4563 static int 4564 nvme_ioctl_attach(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4565 cred_t *cred_p) 4566 { 4567 _NOTE(ARGUNUSED(nioc, mode)); 4568 nvme_identify_nsid_t *idns; 4569 int rv = 0; 4570 4571 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4572 return (EPERM); 4573 4574 if (nsid == 0) 4575 return (EINVAL); 4576 4577 /* 4578 * Identify namespace again, free old identify data. 4579 */ 4580 idns = nvme->n_ns[nsid - 1].ns_idns; 4581 if (nvme_init_ns(nvme, nsid) != DDI_SUCCESS) 4582 return (EIO); 4583 4584 kmem_free(idns, sizeof (nvme_identify_nsid_t)); 4585 4586 if (nvme->n_ns[nsid - 1].ns_ignore) 4587 return (ENOTSUP); 4588 4589 if (nvme->n_ns[nsid - 1].ns_bd_hdl == NULL) 4590 nvme->n_ns[nsid - 1].ns_bd_hdl = bd_alloc_handle( 4591 &nvme->n_ns[nsid - 1], &nvme_bd_ops, &nvme->n_prp_dma_attr, 4592 KM_SLEEP); 4593 4594 rv = bd_attach_handle(nvme->n_dip, nvme->n_ns[nsid - 1].ns_bd_hdl); 4595 if (rv != DDI_SUCCESS) 4596 rv = EBUSY; 4597 4598 return (rv); 4599 } 4600 4601 static void 4602 nvme_ufm_update(nvme_t *nvme) 4603 { 4604 mutex_enter(&nvme->n_fwslot_mutex); 4605 ddi_ufm_update(nvme->n_ufmh); 4606 if (nvme->n_fwslot != NULL) { 4607 kmem_free(nvme->n_fwslot, sizeof (nvme_fwslot_log_t)); 4608 nvme->n_fwslot = NULL; 4609 } 4610 mutex_exit(&nvme->n_fwslot_mutex); 4611 } 4612 4613 static int 4614 nvme_ioctl_firmware_download(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4615 int mode, cred_t *cred_p) 4616 { 4617 int rv = 0; 4618 size_t len, copylen; 4619 offset_t offset; 4620 uintptr_t buf; 4621 nvme_sqe_t sqe = { 4622 .sqe_opc = NVME_OPC_FW_IMAGE_LOAD 4623 }; 4624 4625 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4626 return (EPERM); 4627 4628 if (nsid != 0) 4629 return (EINVAL); 4630 4631 /* 4632 * The offset (in n_len) is restricted to the number of DWORDs in 4633 * 32 bits. 4634 */ 4635 if (nioc->n_len > NVME_FW_OFFSETB_MAX) 4636 return (EINVAL); 4637 4638 /* Confirm that both offset and length are a multiple of DWORD bytes */ 4639 if ((nioc->n_len & NVME_DWORD_MASK) != 0 || 4640 (nioc->n_arg & NVME_DWORD_MASK) != 0) 4641 return (EINVAL); 4642 4643 len = nioc->n_len; 4644 offset = nioc->n_arg; 4645 buf = (uintptr_t)nioc->n_buf; 4646 while (len > 0 && rv == 0) { 4647 /* 4648 * nvme_ioc_cmd() does not use SGLs or PRP lists. 4649 * It is limited to 2 PRPs per NVM command, so limit 4650 * the size of the data to 2 pages. 4651 */ 4652 copylen = MIN(2 * nvme->n_pagesize, len); 4653 4654 sqe.sqe_cdw10 = (uint32_t)(copylen >> NVME_DWORD_SHIFT) - 1; 4655 sqe.sqe_cdw11 = (uint32_t)(offset >> NVME_DWORD_SHIFT); 4656 4657 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, (void *)buf, copylen, 4658 FWRITE, NULL, nvme_admin_cmd_timeout); 4659 4660 buf += copylen; 4661 offset += copylen; 4662 len -= copylen; 4663 } 4664 4665 /* 4666 * Let the DDI UFM subsystem know that the firmware information for 4667 * this device has changed. 4668 */ 4669 nvme_ufm_update(nvme); 4670 4671 return (rv); 4672 } 4673 4674 static int 4675 nvme_ioctl_firmware_commit(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4676 int mode, cred_t *cred_p) 4677 { 4678 nvme_firmware_commit_dw10_t fc_dw10 = { 0 }; 4679 uint32_t slot = nioc->n_arg & 0xffffffff; 4680 uint32_t action = nioc->n_arg >> 32; 4681 nvme_cqe_t cqe = { 0 }; 4682 nvme_sqe_t sqe = { 4683 .sqe_opc = NVME_OPC_FW_ACTIVATE 4684 }; 4685 int timeout; 4686 int rv; 4687 4688 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4689 return (EPERM); 4690 4691 if (nsid != 0) 4692 return (EINVAL); 4693 4694 /* Validate slot is in range. */ 4695 if (slot < NVME_FW_SLOT_MIN || slot > NVME_FW_SLOT_MAX) 4696 return (EINVAL); 4697 4698 switch (action) { 4699 case NVME_FWC_SAVE: 4700 case NVME_FWC_SAVE_ACTIVATE: 4701 timeout = nvme_commit_save_cmd_timeout; 4702 break; 4703 case NVME_FWC_ACTIVATE: 4704 case NVME_FWC_ACTIVATE_IMMED: 4705 timeout = nvme_admin_cmd_timeout; 4706 break; 4707 default: 4708 return (EINVAL); 4709 } 4710 4711 fc_dw10.b.fc_slot = slot; 4712 fc_dw10.b.fc_action = action; 4713 sqe.sqe_cdw10 = fc_dw10.r; 4714 4715 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, NULL, 0, 0, &cqe, timeout); 4716 4717 nioc->n_arg = ((uint64_t)cqe.cqe_sf.sf_sct << 16) | cqe.cqe_sf.sf_sc; 4718 4719 /* 4720 * Let the DDI UFM subsystem know that the firmware information for 4721 * this device has changed. 4722 */ 4723 nvme_ufm_update(nvme); 4724 4725 return (rv); 4726 } 4727 4728 static int 4729 nvme_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *cred_p, 4730 int *rval_p) 4731 { 4732 #ifndef __lock_lint 4733 _NOTE(ARGUNUSED(rval_p)); 4734 #endif 4735 minor_t minor = getminor(dev); 4736 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4737 int nsid = NVME_MINOR_NSID(minor); 4738 int rv = 0; 4739 nvme_ioctl_t nioc; 4740 4741 int (*nvme_ioctl[])(nvme_t *, int, nvme_ioctl_t *, int, cred_t *) = { 4742 NULL, 4743 nvme_ioctl_identify, 4744 nvme_ioctl_identify, 4745 nvme_ioctl_capabilities, 4746 nvme_ioctl_get_logpage, 4747 nvme_ioctl_get_features, 4748 nvme_ioctl_intr_cnt, 4749 nvme_ioctl_version, 4750 nvme_ioctl_format, 4751 nvme_ioctl_detach, 4752 nvme_ioctl_attach, 4753 nvme_ioctl_firmware_download, 4754 nvme_ioctl_firmware_commit 4755 }; 4756 4757 if (nvme == NULL) 4758 return (ENXIO); 4759 4760 if (nsid > nvme->n_namespace_count) 4761 return (ENXIO); 4762 4763 if (IS_DEVCTL(cmd)) 4764 return (ndi_devctl_ioctl(nvme->n_dip, cmd, arg, mode, 0)); 4765 4766 #ifdef _MULTI_DATAMODEL 4767 switch (ddi_model_convert_from(mode & FMODELS)) { 4768 case DDI_MODEL_ILP32: { 4769 nvme_ioctl32_t nioc32; 4770 if (ddi_copyin((void*)arg, &nioc32, sizeof (nvme_ioctl32_t), 4771 mode) != 0) 4772 return (EFAULT); 4773 nioc.n_len = nioc32.n_len; 4774 nioc.n_buf = nioc32.n_buf; 4775 nioc.n_arg = nioc32.n_arg; 4776 break; 4777 } 4778 case DDI_MODEL_NONE: 4779 #endif 4780 if (ddi_copyin((void*)arg, &nioc, sizeof (nvme_ioctl_t), mode) 4781 != 0) 4782 return (EFAULT); 4783 #ifdef _MULTI_DATAMODEL 4784 break; 4785 } 4786 #endif 4787 4788 if (nvme->n_dead && cmd != NVME_IOC_DETACH) 4789 return (EIO); 4790 4791 4792 if (cmd == NVME_IOC_IDENTIFY_CTRL) { 4793 /* 4794 * This makes NVME_IOC_IDENTIFY_CTRL work the same on devctl and 4795 * attachment point nodes. 4796 */ 4797 nsid = 0; 4798 } else if (cmd == NVME_IOC_IDENTIFY_NSID && nsid == 0) { 4799 /* 4800 * This makes NVME_IOC_IDENTIFY_NSID work on a devctl node, it 4801 * will always return identify data for namespace 1. 4802 */ 4803 nsid = 1; 4804 } 4805 4806 if (IS_NVME_IOC(cmd) && nvme_ioctl[NVME_IOC_CMD(cmd)] != NULL) 4807 rv = nvme_ioctl[NVME_IOC_CMD(cmd)](nvme, nsid, &nioc, mode, 4808 cred_p); 4809 else 4810 rv = EINVAL; 4811 4812 #ifdef _MULTI_DATAMODEL 4813 switch (ddi_model_convert_from(mode & FMODELS)) { 4814 case DDI_MODEL_ILP32: { 4815 nvme_ioctl32_t nioc32; 4816 4817 nioc32.n_len = (size32_t)nioc.n_len; 4818 nioc32.n_buf = (uintptr32_t)nioc.n_buf; 4819 nioc32.n_arg = nioc.n_arg; 4820 4821 if (ddi_copyout(&nioc32, (void *)arg, sizeof (nvme_ioctl32_t), 4822 mode) != 0) 4823 return (EFAULT); 4824 break; 4825 } 4826 case DDI_MODEL_NONE: 4827 #endif 4828 if (ddi_copyout(&nioc, (void *)arg, sizeof (nvme_ioctl_t), mode) 4829 != 0) 4830 return (EFAULT); 4831 #ifdef _MULTI_DATAMODEL 4832 break; 4833 } 4834 #endif 4835 4836 return (rv); 4837 } 4838 4839 /* 4840 * DDI UFM Callbacks 4841 */ 4842 static int 4843 nvme_ufm_fill_image(ddi_ufm_handle_t *ufmh, void *arg, uint_t imgno, 4844 ddi_ufm_image_t *img) 4845 { 4846 nvme_t *nvme = arg; 4847 4848 if (imgno != 0) 4849 return (EINVAL); 4850 4851 ddi_ufm_image_set_desc(img, "Firmware"); 4852 ddi_ufm_image_set_nslots(img, nvme->n_idctl->id_frmw.fw_nslot); 4853 4854 return (0); 4855 } 4856 4857 /* 4858 * Fill out firmware slot information for the requested slot. The firmware 4859 * slot information is gathered by requesting the Firmware Slot Information log 4860 * page. The format of the page is described in section 5.10.1.3. 4861 * 4862 * We lazily cache the log page on the first call and then invalidate the cache 4863 * data after a successful firmware download or firmware commit command. 4864 * The cached data is protected by a mutex as the state can change 4865 * asynchronous to this callback. 4866 */ 4867 static int 4868 nvme_ufm_fill_slot(ddi_ufm_handle_t *ufmh, void *arg, uint_t imgno, 4869 uint_t slotno, ddi_ufm_slot_t *slot) 4870 { 4871 nvme_t *nvme = arg; 4872 void *log = NULL; 4873 size_t bufsize; 4874 ddi_ufm_attr_t attr = 0; 4875 char fw_ver[NVME_FWVER_SZ + 1]; 4876 int ret; 4877 4878 if (imgno > 0 || slotno > (nvme->n_idctl->id_frmw.fw_nslot - 1)) 4879 return (EINVAL); 4880 4881 mutex_enter(&nvme->n_fwslot_mutex); 4882 if (nvme->n_fwslot == NULL) { 4883 ret = nvme_get_logpage(nvme, B_TRUE, &log, &bufsize, 4884 NVME_LOGPAGE_FWSLOT, 0); 4885 if (ret != DDI_SUCCESS || 4886 bufsize != sizeof (nvme_fwslot_log_t)) { 4887 if (log != NULL) 4888 kmem_free(log, bufsize); 4889 mutex_exit(&nvme->n_fwslot_mutex); 4890 return (EIO); 4891 } 4892 nvme->n_fwslot = (nvme_fwslot_log_t *)log; 4893 } 4894 4895 /* 4896 * NVMe numbers firmware slots starting at 1 4897 */ 4898 if (slotno == (nvme->n_fwslot->fw_afi - 1)) 4899 attr |= DDI_UFM_ATTR_ACTIVE; 4900 4901 if (slotno != 0 || nvme->n_idctl->id_frmw.fw_readonly == 0) 4902 attr |= DDI_UFM_ATTR_WRITEABLE; 4903 4904 if (nvme->n_fwslot->fw_frs[slotno][0] == '\0') { 4905 attr |= DDI_UFM_ATTR_EMPTY; 4906 } else { 4907 (void) strncpy(fw_ver, nvme->n_fwslot->fw_frs[slotno], 4908 NVME_FWVER_SZ); 4909 fw_ver[NVME_FWVER_SZ] = '\0'; 4910 ddi_ufm_slot_set_version(slot, fw_ver); 4911 } 4912 mutex_exit(&nvme->n_fwslot_mutex); 4913 4914 ddi_ufm_slot_set_attrs(slot, attr); 4915 4916 return (0); 4917 } 4918 4919 static int 4920 nvme_ufm_getcaps(ddi_ufm_handle_t *ufmh, void *arg, ddi_ufm_cap_t *caps) 4921 { 4922 *caps = DDI_UFM_CAP_REPORT; 4923 return (0); 4924 } 4925