2 * Copyright (c) 2009 Yahoo! Inc.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * $FreeBSD: src/sys/dev/mps/mps_sas.c,v 1.7 2010/12/11 00:36:35 ken Exp $
29 /* Communications core for LSI MPT2 */
31 #include <sys/types.h>
32 #include <sys/param.h>
33 #include <sys/systm.h>
34 #include <sys/kernel.h>
35 #include <sys/module.h>
39 #include <sys/malloc.h>
41 #include <sys/sysctl.h>
42 #include <sys/endian.h>
46 #include <sys/globaldata.h>
48 #include <bus/cam/cam.h>
49 #include <bus/cam/cam_ccb.h>
50 #include <bus/cam/cam_debug.h>
51 #include <bus/cam/cam_sim.h>
52 #include <bus/cam/cam_xpt_sim.h>
53 #include <bus/cam/cam_xpt_periph.h>
54 #include <bus/cam/cam_periph.h>
55 #include <bus/cam/scsi/scsi_all.h>
56 #include <bus/cam/scsi/scsi_message.h>
57 #if __FreeBSD_version >= 900026
58 #include <bus/cam/scsi/smp_all.h>
61 #include <dev/disk/mps/mpi/mpi2_type.h>
62 #include <dev/disk/mps/mpi/mpi2.h>
63 #include <dev/disk/mps/mpi/mpi2_ioc.h>
64 #include <dev/disk/mps/mpi/mpi2_sas.h>
65 #include <dev/disk/mps/mpi/mpi2_cnfg.h>
66 #include <dev/disk/mps/mpi/mpi2_init.h>
67 #include <dev/disk/mps/mpsvar.h>
68 #include <dev/disk/mps/mps_table.h>
70 struct mpssas_target {
78 uint16_t parent_handle;
80 #define MPSSAS_TARGET_INABORT (1 << 0)
81 #define MPSSAS_TARGET_INRESET (1 << 1)
82 #define MPSSAS_TARGET_INCHIPRESET (1 << 2)
83 #define MPSSAS_TARGET_INRECOVERY 0x7
90 #define MPSSAS_IN_DISCOVERY (1 << 0)
91 #define MPSSAS_IN_STARTUP (1 << 1)
92 #define MPSSAS_DISCOVERY_TIMEOUT_PENDING (1 << 2)
93 #define MPSSAS_QUEUE_FROZEN (1 << 3)
94 struct mpssas_target *targets;
95 struct cam_devq *devq;
97 struct cam_path *path;
98 struct intr_config_hook sas_ich;
99 struct callout discovery_callout;
100 u_int discovery_timeouts;
101 struct mps_event_handle *mpssas_eh;
104 struct mpssas_devprobe {
105 struct mps_config_params params;
107 #define MPSSAS_PROBE_DEV1 0x01
108 #define MPSSAS_PROBE_DEV2 0x02
109 #define MPSSAS_PROBE_PHY 0x03
110 #define MPSSAS_PROBE_EXP 0x04
111 #define MPSSAS_PROBE_PHY2 0x05
112 #define MPSSAS_PROBE_EXP2 0x06
113 struct mpssas_target target;
116 #define MPSSAS_DISCOVERY_TIMEOUT 20
117 #define MPSSAS_MAX_DISCOVERY_TIMEOUTS 10 /* 200 seconds */
119 MALLOC_DEFINE(M_MPSSAS, "MPSSAS", "MPS SAS memory");
121 static __inline int mpssas_set_lun(uint8_t *lun, u_int ccblun);
122 static struct mpssas_target * mpssas_alloc_target(struct mpssas_softc *,
123 struct mpssas_target *);
124 static struct mpssas_target * mpssas_find_target(struct mpssas_softc *, int,
126 static void mpssas_announce_device(struct mpssas_softc *,
127 struct mpssas_target *);
128 static void mpssas_bus_scan_cb(struct cam_periph *periph, union ccb *ccb);
129 static void mpssas_startup(void *data);
130 static void mpssas_discovery_end(struct mpssas_softc *sassc);
131 static void mpssas_discovery_timeout(void *data);
132 static void mpssas_prepare_remove(struct mpssas_softc *,
133 MPI2_EVENT_SAS_TOPO_PHY_ENTRY *);
134 static void mpssas_remove_device(struct mps_softc *, struct mps_command *);
135 static void mpssas_remove_complete(struct mps_softc *, struct mps_command *);
136 static void mpssas_action(struct cam_sim *sim, union ccb *ccb);
137 static void mpssas_poll(struct cam_sim *sim);
138 static void mpssas_probe_device(struct mps_softc *sc, uint16_t handle);
139 static void mpssas_probe_device_complete(struct mps_softc *sc,
140 struct mps_config_params *params);
141 static void mpssas_scsiio_timeout(void *data);
142 static void mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm);
143 static void mpssas_recovery(struct mps_softc *, struct mps_command *);
144 static int mpssas_map_tm_request(struct mps_softc *sc, struct mps_command *cm);
145 static void mpssas_issue_tm_request(struct mps_softc *sc,
146 struct mps_command *cm);
147 static void mpssas_tm_complete(struct mps_softc *sc, struct mps_command *cm,
149 static int mpssas_complete_tm_request(struct mps_softc *sc,
150 struct mps_command *cm, int free_cm);
151 static void mpssas_action_scsiio(struct mpssas_softc *, union ccb *);
152 static void mpssas_scsiio_complete(struct mps_softc *, struct mps_command *);
153 #if __FreeBSD_version >= 900026
154 static void mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm);
155 static void mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb,
157 static void mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb);
158 #endif /* __FreeBSD_version >= 900026 */
159 static void mpssas_resetdev(struct mpssas_softc *, struct mps_command *);
160 static void mpssas_action_resetdev(struct mpssas_softc *, union ccb *);
161 static void mpssas_resetdev_complete(struct mps_softc *, struct mps_command *);
162 static void mpssas_freeze_device(struct mpssas_softc *, struct mpssas_target *);
163 static void mpssas_unfreeze_device(struct mpssas_softc *, struct mpssas_target *) __unused;
166 * Abstracted so that the driver can be backwards and forwards compatible
167 * with future versions of CAM that will provide this functionality.
169 #define MPS_SET_LUN(lun, ccblun) \
170 mpssas_set_lun(lun, ccblun)
173 mpssas_set_lun(uint8_t *lun, u_int ccblun)
177 newlun = (uint64_t *)lun;
179 if (ccblun <= 0xff) {
180 /* Peripheral device address method, LUN is 0 to 255 */
182 } else if (ccblun <= 0x3fff) {
183 /* Flat space address method, LUN is <= 16383 */
184 scsi_ulto2b(ccblun, lun);
186 } else if (ccblun <= 0xffffff) {
187 /* Extended flat space address method, LUN is <= 16777215 */
188 scsi_ulto3b(ccblun, &lun[1]);
189 /* Extended Flat space address method */
191 /* Length = 1, i.e. LUN is 3 bytes long */
193 /* Extended Address Method */
202 static struct mpssas_target *
203 mpssas_alloc_target(struct mpssas_softc *sassc, struct mpssas_target *probe)
205 struct mpssas_target *target;
208 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
211 * If it's not a sata or sas target, CAM won't be able to see it. Put
212 * it into a high-numbered slot so that it's accessible but not
213 * interrupting the target numbering sequence of real drives.
215 if ((probe->devinfo & (MPI2_SAS_DEVICE_INFO_SSP_TARGET |
216 MPI2_SAS_DEVICE_INFO_STP_TARGET | MPI2_SAS_DEVICE_INFO_SATA_DEVICE))
221 * Use the enclosure number and slot number as a hint for target
222 * numbering. If that doesn't produce a sane result, search the
226 start = probe->encl_handle * 16 + probe->encl_slot;
228 start = probe->encl_slot;
230 if (start >= sassc->sc->facts->MaxTargets)
234 target = mpssas_find_target(sassc, start, 0);
237 * Nothing found on the first pass, try a second pass that searches the
241 target = mpssas_find_target(sassc, 0, 0);
246 static struct mpssas_target *
247 mpssas_find_target(struct mpssas_softc *sassc, int start, uint16_t handle)
249 struct mpssas_target *target;
252 for (i = start; i < sassc->sc->facts->MaxTargets; i++) {
253 target = &sassc->targets[i];
254 if (target->handle == handle)
262 * Start the probe sequence for a given device handle. This will not
266 mpssas_probe_device(struct mps_softc *sc, uint16_t handle)
268 struct mpssas_devprobe *probe;
269 struct mps_config_params *params;
270 MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr;
273 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
275 probe = kmalloc(sizeof(*probe), M_MPSSAS, M_NOWAIT | M_ZERO);
277 mps_dprint(sc, MPS_FAULT, "Out of memory starting probe\n");
280 params = &probe->params;
281 hdr = ¶ms->hdr.Ext;
283 params->action = MPI2_CONFIG_ACTION_PAGE_HEADER;
284 params->page_address = MPI2_SAS_DEVICE_PGAD_FORM_HANDLE | handle;
285 hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_DEVICE;
286 hdr->ExtPageLength = 0;
288 hdr->PageVersion = 0;
289 params->buffer = NULL;
291 params->callback = mpssas_probe_device_complete;
292 params->cbdata = probe;
293 probe->target.handle = handle;
294 probe->state = MPSSAS_PROBE_DEV1;
296 if ((error = mps_read_config_page(sc, params)) != 0) {
297 kfree(probe, M_MPSSAS);
298 mps_dprint(sc, MPS_FAULT, "Failure starting device probe\n");
304 mpssas_probe_device_complete(struct mps_softc *sc,
305 struct mps_config_params *params)
307 MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr;
308 struct mpssas_devprobe *probe;
311 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
313 hdr = ¶ms->hdr.Ext;
314 probe = params->cbdata;
316 switch (probe->state) {
317 case MPSSAS_PROBE_DEV1:
318 case MPSSAS_PROBE_PHY:
319 case MPSSAS_PROBE_EXP:
320 if (params->status != MPI2_IOCSTATUS_SUCCESS) {
321 mps_dprint(sc, MPS_FAULT,
322 "Probe Failure 0x%x state %d\n", params->status,
324 kfree(probe, M_MPSSAS);
327 params->action = MPI2_CONFIG_ACTION_PAGE_READ_CURRENT;
328 params->length = hdr->ExtPageLength * 4;
329 params->buffer = kmalloc(params->length, M_MPSSAS,
331 if (params->buffer == NULL) {
332 mps_dprint(sc, MPS_FAULT, "Out of memory at state "
333 "0x%x, size 0x%x\n", probe->state, params->length);
334 kfree(probe, M_MPSSAS);
337 if (probe->state == MPSSAS_PROBE_DEV1)
338 probe->state = MPSSAS_PROBE_DEV2;
339 else if (probe->state == MPSSAS_PROBE_PHY)
340 probe->state = MPSSAS_PROBE_PHY2;
341 else if (probe->state == MPSSAS_PROBE_EXP)
342 probe->state = MPSSAS_PROBE_EXP2;
343 error = mps_read_config_page(sc, params);
345 case MPSSAS_PROBE_DEV2:
347 MPI2_CONFIG_PAGE_SAS_DEV_0 *buf;
349 if (params->status != MPI2_IOCSTATUS_SUCCESS) {
350 mps_dprint(sc, MPS_FAULT,
351 "Probe Failure 0x%x state %d\n", params->status,
353 kfree(params->buffer, M_MPSSAS);
354 kfree(probe, M_MPSSAS);
357 buf = params->buffer;
358 mps_print_sasdev0(sc, buf);
360 probe->target.devname = mps_to_u64(&buf->DeviceName);
361 probe->target.devinfo = buf->DeviceInfo;
362 probe->target.encl_handle = buf->EnclosureHandle;
363 probe->target.encl_slot = buf->Slot;
364 probe->target.sasaddr = mps_to_u64(&buf->SASAddress);
365 probe->target.parent_handle = buf->ParentDevHandle;
367 if (buf->DeviceInfo & MPI2_SAS_DEVICE_INFO_DIRECT_ATTACH) {
368 params->page_address =
369 MPI2_SAS_PHY_PGAD_FORM_PHY_NUMBER | buf->PhyNum;
370 hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_PHY;
372 probe->state = MPSSAS_PROBE_PHY;
374 params->page_address =
375 MPI2_SAS_EXPAND_PGAD_FORM_HNDL_PHY_NUM |
376 buf->ParentDevHandle | (buf->PhyNum << 16);
377 hdr->ExtPageType = MPI2_CONFIG_EXTPAGETYPE_SAS_EXPANDER;
379 probe->state = MPSSAS_PROBE_EXP;
381 params->action = MPI2_CONFIG_ACTION_PAGE_HEADER;
382 hdr->ExtPageLength = 0;
383 hdr->PageVersion = 0;
384 params->buffer = NULL;
386 kfree(buf, M_MPSSAS);
387 error = mps_read_config_page(sc, params);
390 case MPSSAS_PROBE_PHY2:
391 case MPSSAS_PROBE_EXP2:
393 MPI2_CONFIG_PAGE_SAS_PHY_0 *phy;
394 MPI2_CONFIG_PAGE_EXPANDER_1 *exp;
395 struct mpssas_softc *sassc;
396 struct mpssas_target *targ;
400 if (params->status != MPI2_IOCSTATUS_SUCCESS) {
401 mps_dprint(sc, MPS_FAULT,
402 "Probe Failure 0x%x state %d\n", params->status,
404 kfree(params->buffer, M_MPSSAS);
405 kfree(probe, M_MPSSAS);
409 if (probe->state == MPSSAS_PROBE_PHY2) {
410 phy = params->buffer;
411 mps_print_sasphy0(sc, phy);
412 probe->target.linkrate = phy->NegotiatedLinkRate & 0xf;
414 exp = params->buffer;
415 mps_print_expander1(sc, exp);
416 probe->target.linkrate = exp->NegotiatedLinkRate & 0xf;
418 kfree(params->buffer, M_MPSSAS);
421 handle = probe->target.handle;
422 if ((targ = mpssas_find_target(sassc, 0, handle)) != NULL) {
423 mps_printf(sc, "Ignoring dup device handle 0x%04x\n",
425 kfree(probe, M_MPSSAS);
428 if ((targ = mpssas_alloc_target(sassc, &probe->target)) == NULL) {
429 mps_printf(sc, "Target table overflow, handle 0x%04x\n",
431 kfree(probe, M_MPSSAS);
435 *targ = probe->target; /* Copy the attributes */
436 targ->tid = targ - sassc->targets;
437 mps_describe_devinfo(targ->devinfo, devstring, 80);
439 mps_printf(sc, "Found device <%s> <%s> <0x%04x> "
440 "<%d/%d>\n", devstring,
441 mps_describe_table(mps_linkrate_names,
442 targ->linkrate), targ->handle, targ->encl_handle,
445 kfree(probe, M_MPSSAS);
446 mpssas_announce_device(sassc, targ);
455 * The MPT2 firmware performs debounce on the link to avoid transient link errors
456 * and false removals. When it does decide that link has been lost and a device
457 * need to go away, it expects that the host will perform a target reset and then
458 * an op remove. The reset has the side-effect of aborting any outstanding
459 * requests for the device, which is required for the op-remove to succeed. It's
460 * not clear if the host should check for the device coming back alive after the
464 mpssas_prepare_remove(struct mpssas_softc *sassc, MPI2_EVENT_SAS_TOPO_PHY_ENTRY *phy)
466 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
467 struct mps_softc *sc;
468 struct mps_command *cm;
469 struct mpssas_target *targ = NULL;
472 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
474 handle = phy->AttachedDevHandle;
475 targ = mpssas_find_target(sassc, 0, handle);
477 /* We don't know about this device? */
481 cm = mps_alloc_command(sc);
483 mps_printf(sc, "command alloc failure in mpssas_prepare_remove\n");
487 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
488 req->DevHandle = targ->handle;
489 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
490 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
492 /* SAS Hard Link Reset / SATA Link Reset */
493 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
496 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
497 cm->cm_complete = mpssas_remove_device;
499 mpssas_issue_tm_request(sc, cm);
503 mpssas_remove_device(struct mps_softc *sc, struct mps_command *cm)
505 MPI2_SCSI_TASK_MANAGE_REPLY *reply;
506 MPI2_SAS_IOUNIT_CONTROL_REQUEST *req;
507 struct mpssas_target *targ;
510 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
512 reply = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
513 handle = cm->cm_targ->handle;
515 mpssas_complete_tm_request(sc, cm, /*free_cm*/ 0);
517 if (reply->IOCStatus != MPI2_IOCSTATUS_SUCCESS) {
518 mps_printf(sc, "Failure 0x%x reseting device 0x%04x\n",
519 reply->IOCStatus, handle);
520 mps_free_command(sc, cm);
524 mps_printf(sc, "Reset aborted %d commands\n",
525 (u_int)reply->TerminationCount);
526 mps_free_reply(sc, cm->cm_reply_data);
528 /* Reuse the existing command */
529 req = (MPI2_SAS_IOUNIT_CONTROL_REQUEST *)cm->cm_req;
530 req->Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
531 req->Operation = MPI2_SAS_OP_REMOVE_DEVICE;
532 req->DevHandle = handle;
534 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
535 cm->cm_flags &= ~MPS_CM_FLAGS_COMPLETE;
536 cm->cm_complete = mpssas_remove_complete;
538 mps_map_command(sc, cm);
540 mps_dprint(sc, MPS_INFO, "clearing target handle 0x%04x\n", handle);
541 targ = mpssas_find_target(sc->sassc, 0, handle);
544 mpssas_announce_device(sc->sassc, targ);
549 mpssas_remove_complete(struct mps_softc *sc, struct mps_command *cm)
551 MPI2_SAS_IOUNIT_CONTROL_REPLY *reply;
553 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
555 reply = (MPI2_SAS_IOUNIT_CONTROL_REPLY *)cm->cm_reply;
557 mps_printf(sc, "mpssas_remove_complete on target 0x%04x,"
558 " IOCStatus= 0x%x\n", cm->cm_targ->tid, reply->IOCStatus);
560 mps_free_command(sc, cm);
564 mpssas_evt_handler(struct mps_softc *sc, uintptr_t data,
565 MPI2_EVENT_NOTIFICATION_REPLY *event)
567 struct mpssas_softc *sassc;
569 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
572 mps_print_evt_sas(sc, event);
574 switch (event->Event) {
575 case MPI2_EVENT_SAS_DISCOVERY:
577 MPI2_EVENT_DATA_SAS_DISCOVERY *data;
579 data = (MPI2_EVENT_DATA_SAS_DISCOVERY *)&event->EventData;
581 if (data->ReasonCode & MPI2_EVENT_SAS_DISC_RC_STARTED)
582 mps_dprint(sc, MPS_TRACE,"SAS discovery start event\n");
583 if (data->ReasonCode & MPI2_EVENT_SAS_DISC_RC_COMPLETED) {
584 mps_dprint(sc, MPS_TRACE, "SAS discovery end event\n");
585 sassc->flags &= ~MPSSAS_IN_DISCOVERY;
586 mpssas_discovery_end(sassc);
590 case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST:
592 MPI2_EVENT_DATA_SAS_TOPOLOGY_CHANGE_LIST *data;
593 MPI2_EVENT_SAS_TOPO_PHY_ENTRY *phy;
596 data = (MPI2_EVENT_DATA_SAS_TOPOLOGY_CHANGE_LIST *)
599 if (data->ExpStatus == MPI2_EVENT_SAS_TOPO_ES_ADDED) {
601 kprintf("Expander found at enclosure %d\n",
602 data->EnclosureHandle);
603 mpssas_probe_device(sc, data->ExpanderDevHandle);
606 for (i = 0; i < data->NumEntries; i++) {
608 switch (phy->PhyStatus & MPI2_EVENT_SAS_TOPO_RC_MASK) {
609 case MPI2_EVENT_SAS_TOPO_RC_TARG_ADDED:
610 mpssas_probe_device(sc, phy->AttachedDevHandle);
612 case MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING:
613 mpssas_prepare_remove(sassc, phy);
615 case MPI2_EVENT_SAS_TOPO_RC_PHY_CHANGED:
616 case MPI2_EVENT_SAS_TOPO_RC_NO_CHANGE:
617 case MPI2_EVENT_SAS_TOPO_RC_DELAY_NOT_RESPONDING:
625 case MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE:
631 mps_free_reply(sc, data);
635 mpssas_register_events(struct mps_softc *sc)
640 setbit(events, MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE);
641 setbit(events, MPI2_EVENT_SAS_DISCOVERY);
642 setbit(events, MPI2_EVENT_SAS_BROADCAST_PRIMITIVE);
643 setbit(events, MPI2_EVENT_SAS_INIT_DEVICE_STATUS_CHANGE);
644 setbit(events, MPI2_EVENT_SAS_INIT_TABLE_OVERFLOW);
645 setbit(events, MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST);
646 setbit(events, MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE);
648 mps_register_events(sc, events, mpssas_evt_handler, NULL,
649 &sc->sassc->mpssas_eh);
655 mps_attach_sas(struct mps_softc *sc)
657 struct mpssas_softc *sassc;
661 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
663 sassc = kmalloc(sizeof(struct mpssas_softc), M_MPT2, M_WAITOK|M_ZERO);
664 sassc->targets = kmalloc(sizeof(struct mpssas_target) *
665 sc->facts->MaxTargets, M_MPT2, M_WAITOK|M_ZERO);
670 * Tell CAM that we can handle 5 fewer requests than we have
671 * allocated. If we allow the full number of requests, all I/O
672 * will halt when we run out of resources. Things work fine with
673 * just 1 less request slot given to CAM than we have allocated.
674 * We also need a couple of extra commands so that we can send down
675 * abort, reset, etc. requests when commands time out. Otherwise
676 * we could wind up in a situation with sc->num_reqs requests down
677 * on the card and no way to send an abort.
679 * XXX KDM need to figure out why I/O locks up if all commands are
682 num_sim_reqs = sc->num_reqs - 5;
684 if ((sassc->devq = cam_simq_alloc(num_sim_reqs)) == NULL) {
685 mps_dprint(sc, MPS_FAULT, "Cannot allocate SIMQ\n");
690 sassc->sim = cam_sim_alloc(mpssas_action, mpssas_poll, "mps", sassc,
691 device_get_unit(sc->mps_dev), &sc->mps_lock, num_sim_reqs,
692 num_sim_reqs, sassc->devq);
693 if (sassc->sim == NULL) {
694 mps_dprint(sc, MPS_FAULT, "Cannot allocate SIM\n");
700 * XXX There should be a bus for every port on the adapter, but since
701 * we're just going to fake the topology for now, we'll pretend that
702 * everything is just a target on a single bus.
705 if ((error = xpt_bus_register(sassc->sim, 0)) != 0) {
706 mps_dprint(sc, MPS_FAULT, "Error %d registering SCSI bus\n",
713 * Assume that discovery events will start right away. Freezing
714 * the simq will prevent the CAM boottime scanner from running
715 * before discovery is complete.
717 sassc->flags = MPSSAS_IN_STARTUP | MPSSAS_IN_DISCOVERY;
718 xpt_freeze_simq(sassc->sim, 1);
722 callout_init(&sassc->discovery_callout);
723 sassc->discovery_timeouts = 0;
725 mpssas_register_events(sc);
733 mps_detach_sas(struct mps_softc *sc)
735 struct mpssas_softc *sassc;
737 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
739 if (sc->sassc == NULL)
744 /* Make sure CAM doesn't wedge if we had to bail out early. */
746 if (sassc->flags & MPSSAS_IN_STARTUP)
747 xpt_release_simq(sassc->sim, 1);
750 if (sassc->mpssas_eh != NULL)
751 mps_deregister_events(sc, sassc->mpssas_eh);
755 if (sassc->sim != NULL) {
756 xpt_bus_deregister(cam_sim_path(sassc->sim));
757 cam_sim_free(sassc->sim);
761 if (sassc->devq != NULL)
762 cam_simq_release(sassc->devq);
764 kfree(sassc->targets, M_MPT2);
765 kfree(sassc, M_MPT2);
772 mpssas_discovery_end(struct mpssas_softc *sassc)
774 struct mps_softc *sc = sassc->sc;
776 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
778 if (sassc->flags & MPSSAS_DISCOVERY_TIMEOUT_PENDING)
779 callout_stop(&sassc->discovery_callout);
781 if ((sassc->flags & MPSSAS_IN_STARTUP) != 0) {
782 mps_dprint(sc, MPS_INFO,
783 "mpssas_discovery_end: removing confighook\n");
784 sassc->flags &= ~MPSSAS_IN_STARTUP;
785 xpt_release_simq(sassc->sim, 1);
788 mpssas_announce_device(sassc, NULL);
794 mpssas_announce_device(struct mpssas_softc *sassc, struct mpssas_target *targ)
800 * Force a rescan, a hackish way to announce devices.
801 * XXX Doing a scan on an individual device is hackish in that it
802 * won't scan the LUNs.
803 * XXX Does it matter if any of this fails?
805 bus = cam_sim_path(sassc->sim);
810 tid = CAM_TARGET_WILDCARD;
811 lun = CAM_LUN_WILDCARD;
813 ccb = xpt_alloc_ccb();
816 if (xpt_create_path(&ccb->ccb_h.path, xpt_periph, bus, tid,
817 CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
821 mps_dprint(sassc->sc, MPS_INFO, "Triggering rescan of %d:%d:-1\n",
823 xpt_setup_ccb(&ccb->ccb_h, ccb->ccb_h.path, 5/*priority (low)*/);
824 ccb->ccb_h.func_code = XPT_SCAN_BUS;
825 ccb->ccb_h.cbfcnp = mpssas_bus_scan_cb;
826 ccb->crcn.flags = CAM_FLAG_NONE;
831 mpssas_bus_scan_cb(struct cam_periph *periph, union ccb *ccb)
833 xpt_free_path(ccb->ccb_h.path);
838 mpssas_startup(void *data)
840 struct mpssas_softc *sassc = data;
842 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
845 if ((sassc->flags & MPSSAS_IN_DISCOVERY) == 0) {
846 mpssas_discovery_end(sassc);
848 if (sassc->discovery_timeouts < MPSSAS_MAX_DISCOVERY_TIMEOUTS) {
849 sassc->flags |= MPSSAS_DISCOVERY_TIMEOUT_PENDING;
850 callout_reset(&sassc->discovery_callout,
851 MPSSAS_DISCOVERY_TIMEOUT * hz,
852 mpssas_discovery_timeout, sassc);
853 sassc->discovery_timeouts++;
855 mps_dprint(sassc->sc, MPS_FAULT,
856 "Discovery timed out, continuing.\n");
857 sassc->flags &= ~MPSSAS_IN_DISCOVERY;
858 mpssas_discovery_end(sassc);
861 mps_unlock(sassc->sc);
867 mpssas_discovery_timeout(void *data)
869 struct mpssas_softc *sassc = data;
870 struct mps_softc *sc;
873 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
877 "Timeout waiting for discovery, interrupts may not be working!\n");
878 sassc->flags &= ~MPSSAS_DISCOVERY_TIMEOUT_PENDING;
880 /* Poll the hardware for events in case interrupts aren't working */
884 /* Check the status of discovery and re-arm the timeout if needed */
885 mpssas_startup(sassc);
889 mpssas_action(struct cam_sim *sim, union ccb *ccb)
891 struct mpssas_softc *sassc;
893 sassc = cam_sim_softc(sim);
895 mps_dprint(sassc->sc, MPS_TRACE, "%s func 0x%x\n", __func__,
896 ccb->ccb_h.func_code);
898 switch (ccb->ccb_h.func_code) {
901 struct ccb_pathinq *cpi = &ccb->cpi;
903 cpi->version_num = 1;
904 cpi->hba_inquiry = PI_SDTR_ABLE|PI_TAG_ABLE|PI_WIDE_16;
905 cpi->target_sprt = 0;
906 cpi->hba_misc = PIM_NOBUSRESET;
907 cpi->hba_eng_cnt = 0;
908 cpi->max_target = sassc->sc->facts->MaxTargets - 1;
910 cpi->initiator_id = 255;
911 strncpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
912 strncpy(cpi->hba_vid, "LSILogic", HBA_IDLEN);
913 strncpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
914 cpi->unit_number = cam_sim_unit(sim);
915 cpi->bus_id = cam_sim_bus(sim);
916 cpi->base_transfer_speed = 150000;
917 cpi->transport = XPORT_SAS;
918 cpi->transport_version = 0;
919 cpi->protocol = PROTO_SCSI;
920 cpi->protocol_version = SCSI_REV_SPC;
921 cpi->ccb_h.status = CAM_REQ_CMP;
924 case XPT_GET_TRAN_SETTINGS:
926 struct ccb_trans_settings *cts;
927 struct ccb_trans_settings_sas *sas;
928 struct ccb_trans_settings_scsi *scsi;
929 struct mpssas_target *targ;
932 sas = &cts->xport_specific.sas;
933 scsi = &cts->proto_specific.scsi;
935 targ = &sassc->targets[cts->ccb_h.target_id];
936 if (targ->handle == 0x0) {
937 cts->ccb_h.status = CAM_TID_INVALID;
941 cts->protocol_version = SCSI_REV_SPC2;
942 cts->transport = XPORT_SAS;
943 cts->transport_version = 0;
945 sas->valid = CTS_SAS_VALID_SPEED;
946 switch (targ->linkrate) {
948 sas->bitrate = 150000;
951 sas->bitrate = 300000;
954 sas->bitrate = 600000;
960 cts->protocol = PROTO_SCSI;
961 scsi->valid = CTS_SCSI_VALID_TQ;
962 scsi->flags = CTS_SCSI_FLAGS_TAG_ENB;
964 cts->ccb_h.status = CAM_REQ_CMP;
967 case XPT_CALC_GEOMETRY:
968 cam_calc_geometry(&ccb->ccg, /*extended*/1);
969 ccb->ccb_h.status = CAM_REQ_CMP;
972 mpssas_action_resetdev(sassc, ccb);
977 ccb->ccb_h.status = CAM_REQ_CMP;
980 mpssas_action_scsiio(sassc, ccb);
982 #if __FreeBSD_version >= 900026
984 mpssas_action_smpio(sassc, ccb);
986 #endif /* __FreeBSD_version >= 900026 */
988 ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
997 mpssas_resettimeout_complete(struct mps_softc *sc, struct mps_command *cm)
999 MPI2_SCSI_TASK_MANAGE_REPLY *resp;
1002 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
1004 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
1005 code = resp->ResponseCode;
1007 mps_free_command(sc, cm);
1008 mpssas_unfreeze_device(sassc, targ);
1010 if (code != MPI2_SCSITASKMGMT_RSP_TM_COMPLETE) {
1011 mps_reset_controller(sc);
1019 mpssas_scsiio_timeout(void *data)
1022 struct mps_softc *sc;
1023 struct mps_command *cm;
1024 struct mpssas_target *targ;
1026 char cdb_str[(SCSI_MAX_CDBLEN * 3) + 1];
1029 cm = (struct mps_command *)data;
1033 * Run the interrupt handler to make sure it's not pending. This
1034 * isn't perfect because the command could have already completed
1035 * and been re-used, though this is unlikely.
1038 mps_intr_locked(sc);
1039 if (cm->cm_state == MPS_CM_STATE_FREE) {
1044 ccb = cm->cm_complete_data;
1048 targ = &sc->sassc->targets[ccb->ccb_h.target_id];
1050 xpt_print(ccb->ccb_h.path, "SCSI command timeout on device handle "
1051 "0x%04x SMID %d\n", targ->handle, cm->cm_desc.Default.SMID);
1053 * XXX KDM this is useful for debugging purposes, but the existing
1054 * scsi_op_desc() implementation can't handle a NULL value for
1055 * inq_data. So this will remain commented out until I bring in
1056 * those changes as well.
1059 xpt_print(ccb->ccb_h.path, "Timed out command: %s. CDB %s\n",
1060 scsi_op_desc((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
1061 ccb->csio.cdb_io.cdb_ptr[0] :
1062 ccb->csio.cdb_io.cdb_bytes[0], NULL),
1063 scsi_cdb_string((ccb->ccb_h.flags & CAM_CDB_POINTER) ?
1064 ccb->csio.cdb_io.cdb_ptr :
1065 ccb->csio.cdb_io.cdb_bytes, cdb_str,
1069 /* Inform CAM about the timeout and that recovery is starting. */
1071 if ((targ->flags & MPSSAS_TARGET_INRECOVERY) == 0) {
1072 mpssas_freeze_device(sc->sassc, targ);
1073 ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1077 mpssas_freeze_device(sc->sassc, targ);
1078 ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1081 * recycle the command into recovery so that there's no risk of
1082 * command allocation failure.
1084 cm->cm_state = MPS_CM_STATE_TIMEDOUT;
1085 mpssas_recovery(sc, cm);
1090 mpssas_abort_complete(struct mps_softc *sc, struct mps_command *cm)
1092 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1094 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
1096 mps_printf(sc, "%s: abort request on handle %#04x SMID %d "
1097 "complete\n", __func__, req->DevHandle, req->TaskMID);
1099 mpssas_complete_tm_request(sc, cm, /*free_cm*/ 1);
1103 mpssas_recovery(struct mps_softc *sc, struct mps_command *abort_cm)
1105 struct mps_command *cm;
1106 MPI2_SCSI_TASK_MANAGE_REQUEST *req, *orig_req;
1108 cm = mps_alloc_command(sc);
1110 mps_printf(sc, "%s: command allocation failure\n", __func__);
1114 cm->cm_targ = abort_cm->cm_targ;
1115 cm->cm_complete = mpssas_abort_complete;
1117 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
1118 orig_req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)abort_cm->cm_req;
1119 req->DevHandle = abort_cm->cm_targ->handle;
1120 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
1121 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK;
1122 memcpy(req->LUN, orig_req->LUN, sizeof(req->LUN));
1123 req->TaskMID = abort_cm->cm_desc.Default.SMID;
1126 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
1128 mpssas_issue_tm_request(sc, cm);
1133 * Can return 0 or EINPROGRESS on success. Any other value means failure.
1136 mpssas_map_tm_request(struct mps_softc *sc, struct mps_command *cm)
1142 cm->cm_flags |= MPS_CM_FLAGS_ACTIVE;
1143 error = mps_map_command(sc, cm);
1145 || (error == EINPROGRESS))
1146 sc->tm_cmds_active++;
1152 mpssas_issue_tm_request(struct mps_softc *sc, struct mps_command *cm)
1154 int freeze_queue, send_command, error;
1160 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
1163 * If there are no other pending task management commands, go
1164 * ahead and send this one. There is a small amount of anecdotal
1165 * evidence that sending lots of task management commands at once
1166 * may cause the controller to lock up. Or, if the user has
1167 * configured the driver (via the allow_multiple_tm_cmds variable) to
1168 * not serialize task management commands, go ahead and send the
1169 * command if even other task management commands are pending.
1171 if (TAILQ_FIRST(&sc->tm_list) == NULL) {
1174 } else if (sc->allow_multiple_tm_cmds != 0)
1177 TAILQ_INSERT_TAIL(&sc->tm_list, cm, cm_link);
1178 if (send_command != 0) {
1180 * Freeze the SIM queue while we issue the task management
1181 * command. According to the Fusion-MPT 2.0 spec, task
1182 * management requests are serialized, and so the host
1183 * should not send any I/O requests while task management
1184 * requests are pending.
1186 if (freeze_queue != 0)
1187 xpt_freeze_simq(sc->sassc->sim, 1);
1189 error = mpssas_map_tm_request(sc, cm);
1192 * At present, there is no error path back from
1193 * mpssas_map_tm_request() (which calls mps_map_command())
1194 * when cm->cm_data == NULL. But since there is a return
1195 * value, we check it just in case the implementation
1199 && (error != EINPROGRESS))
1200 mpssas_tm_complete(sc, cm,
1201 MPI2_SCSITASKMGMT_RSP_TM_FAILED);
1206 mpssas_tm_complete(struct mps_softc *sc, struct mps_command *cm, int error)
1208 MPI2_SCSI_TASK_MANAGE_REPLY *resp;
1210 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
1212 resp->ResponseCode = error;
1215 * Call the callback for this command, it will be
1216 * removed from the list and freed via the callback.
1218 cm->cm_complete(sc, cm);
1222 * Complete a task management request. The basic completion operation will
1223 * always succeed. Returns status for sending any further task management
1224 * commands that were queued.
1227 mpssas_complete_tm_request(struct mps_softc *sc, struct mps_command *cm,
1234 KKASSERT(lockstatus(&sc->mps_lock, curthread) != 0);
1236 TAILQ_REMOVE(&sc->tm_list, cm, cm_link);
1237 cm->cm_flags &= ~MPS_CM_FLAGS_ACTIVE;
1238 sc->tm_cmds_active--;
1241 mps_free_command(sc, cm);
1243 if (TAILQ_FIRST(&sc->tm_list) == NULL) {
1245 * Release the SIM queue, we froze it when we sent the first
1246 * task management request.
1248 xpt_release_simq(sc->sassc->sim, 1);
1249 } else if ((sc->tm_cmds_active == 0)
1250 || (sc->allow_multiple_tm_cmds != 0)) {
1252 struct mps_command *cm2;
1257 * We don't bother using TAILQ_FOREACH_SAFE here, but
1258 * rather use the standard version and just restart the
1259 * list traversal if we run into the error case.
1260 * TAILQ_FOREACH_SAFE allows safe removal of the current
1261 * list element, but if you have a queue of task management
1262 * commands, all of which have mapping errors, you'll end
1263 * up with recursive calls to this routine and so you could
1264 * wind up removing more than just the current list element.
1266 TAILQ_FOREACH(cm2, &sc->tm_list, cm_link) {
1267 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1269 /* This command is active, no need to send it again */
1270 if (cm2->cm_flags & MPS_CM_FLAGS_ACTIVE)
1273 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm2->cm_req;
1275 mps_printf(sc, "%s: sending deferred task management "
1276 "request for handle %#04x SMID %d\n", __func__,
1277 req->DevHandle, req->TaskMID);
1279 error = mpssas_map_tm_request(sc, cm2);
1282 * Check for errors. If we had an error, complete
1283 * this command with an error, and keep going through
1284 * the list until we are able to send at least one
1285 * command or all of them are completed with errors.
1287 * We don't want to wind up in a situation where
1288 * we're stalled out with no way for queued task
1289 * management commands to complete.
1291 * Note that there is not currently an error path
1292 * back from mpssas_map_tm_request() (which calls
1293 * mps_map_command()) when cm->cm_data == NULL.
1294 * But we still want to check for errors here in
1295 * case the implementation changes, or in case
1296 * there is some reason for a data payload here.
1299 && (error != EINPROGRESS)) {
1300 mpssas_tm_complete(sc, cm,
1301 MPI2_SCSITASKMGMT_RSP_TM_FAILED);
1304 * If we don't currently have any commands
1305 * active, go back to the beginning and see
1306 * if there are any more that can be started.
1307 * Otherwise, we're done here.
1309 if (sc->tm_cmds_active == 0)
1310 goto restart_traversal;
1316 * If the user only wants one task management command
1317 * active at a time, we're done, since we've
1318 * already successfully sent a command at this point.
1320 if (sc->allow_multiple_tm_cmds == 0)
1329 mpssas_action_scsiio(struct mpssas_softc *sassc, union ccb *ccb)
1331 MPI2_SCSI_IO_REQUEST *req;
1332 struct ccb_scsiio *csio;
1333 struct mps_softc *sc;
1334 struct mpssas_target *targ;
1335 struct mps_command *cm;
1337 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
1342 targ = &sassc->targets[csio->ccb_h.target_id];
1343 if (targ->handle == 0x0) {
1344 csio->ccb_h.status = CAM_SEL_TIMEOUT;
1349 cm = mps_alloc_command(sc);
1351 if ((sassc->flags & MPSSAS_QUEUE_FROZEN) == 0) {
1352 xpt_freeze_simq(sassc->sim, 1);
1353 sassc->flags |= MPSSAS_QUEUE_FROZEN;
1355 ccb->ccb_h.status &= ~CAM_SIM_QUEUED;
1356 ccb->ccb_h.status |= CAM_REQUEUE_REQ;
1361 req = (MPI2_SCSI_IO_REQUEST *)cm->cm_req;
1362 req->DevHandle = targ->handle;
1363 req->Function = MPI2_FUNCTION_SCSI_IO_REQUEST;
1365 req->SenseBufferLowAddress = cm->cm_sense_busaddr;
1366 req->SenseBufferLength = MPS_SENSE_LEN;
1368 req->ChainOffset = 0;
1369 req->SGLOffset0 = 24; /* 32bit word offset to the SGL */
1374 req->DataLength = csio->dxfer_len;
1375 req->BidirectionalDataLength = 0;
1376 req->IoFlags = csio->cdb_len;
1379 /* Note: BiDirectional transfers are not supported */
1380 switch (csio->ccb_h.flags & CAM_DIR_MASK) {
1382 req->Control = MPI2_SCSIIO_CONTROL_READ;
1383 cm->cm_flags |= MPS_CM_FLAGS_DATAIN;
1386 req->Control = MPI2_SCSIIO_CONTROL_WRITE;
1387 cm->cm_flags |= MPS_CM_FLAGS_DATAOUT;
1391 req->Control = MPI2_SCSIIO_CONTROL_NODATATRANSFER;
1396 * It looks like the hardware doesn't require an explicit tag
1397 * number for each transaction. SAM Task Management not supported
1400 switch (csio->tag_action) {
1401 case MSG_HEAD_OF_Q_TAG:
1402 req->Control |= MPI2_SCSIIO_CONTROL_HEADOFQ;
1404 case MSG_ORDERED_Q_TAG:
1405 req->Control |= MPI2_SCSIIO_CONTROL_ORDEREDQ;
1408 req->Control |= MPI2_SCSIIO_CONTROL_ACAQ;
1410 case CAM_TAG_ACTION_NONE:
1411 case MSG_SIMPLE_Q_TAG:
1413 req->Control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
1417 if (MPS_SET_LUN(req->LUN, csio->ccb_h.target_lun) != 0) {
1418 mps_free_command(sc, cm);
1419 ccb->ccb_h.status = CAM_LUN_INVALID;
1424 if (csio->ccb_h.flags & CAM_CDB_POINTER)
1425 bcopy(csio->cdb_io.cdb_ptr, &req->CDB.CDB32[0], csio->cdb_len);
1427 bcopy(csio->cdb_io.cdb_bytes, &req->CDB.CDB32[0],csio->cdb_len);
1428 req->IoFlags = csio->cdb_len;
1431 * XXX need to handle S/G lists and physical addresses here.
1433 cm->cm_data = csio->data_ptr;
1434 cm->cm_length = csio->dxfer_len;
1435 cm->cm_sge = &req->SGL;
1436 cm->cm_sglsize = (32 - 24) * 4;
1437 cm->cm_desc.SCSIIO.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
1438 cm->cm_desc.SCSIIO.DevHandle = targ->handle;
1439 cm->cm_complete = mpssas_scsiio_complete;
1440 cm->cm_complete_data = ccb;
1443 callout_reset(&cm->cm_callout, (ccb->ccb_h.timeout * hz) / 1000,
1444 mpssas_scsiio_timeout, cm);
1446 mps_map_command(sc, cm);
1451 mpssas_scsiio_complete(struct mps_softc *sc, struct mps_command *cm)
1453 MPI2_SCSI_IO_REPLY *rep;
1455 struct mpssas_softc *sassc;
1459 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
1461 callout_stop(&cm->cm_callout);
1464 ccb = cm->cm_complete_data;
1465 rep = (MPI2_SCSI_IO_REPLY *)cm->cm_reply;
1467 if (cm->cm_data != NULL) {
1468 if (cm->cm_flags & MPS_CM_FLAGS_DATAIN)
1469 dir = BUS_DMASYNC_POSTREAD;
1470 else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT)
1471 dir = BUS_DMASYNC_POSTWRITE;;
1472 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir);
1473 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
1476 if (sassc->flags & MPSSAS_QUEUE_FROZEN) {
1477 ccb->ccb_h.flags |= CAM_RELEASE_SIMQ;
1478 sassc->flags &= ~MPSSAS_QUEUE_FROZEN;
1481 /* Take the fast path to completion */
1482 if (cm->cm_reply == NULL) {
1483 ccb->ccb_h.status = CAM_REQ_CMP;
1484 ccb->csio.scsi_status = SCSI_STATUS_OK;
1485 mps_free_command(sc, cm);
1490 mps_dprint(sc, MPS_INFO, "(%d:%d:%d) IOCStatus= 0x%x, "
1491 "ScsiStatus= 0x%x, SCSIState= 0x%x TransferCount= 0x%x\n",
1492 xpt_path_path_id(ccb->ccb_h.path),
1493 xpt_path_target_id(ccb->ccb_h.path),
1494 xpt_path_lun_id(ccb->ccb_h.path), rep->IOCStatus,
1495 rep->SCSIStatus, rep->SCSIState, (u_int)rep->TransferCount);
1497 switch (rep->IOCStatus & MPI2_IOCSTATUS_MASK) {
1498 case MPI2_IOCSTATUS_BUSY:
1499 case MPI2_IOCSTATUS_INSUFFICIENT_RESOURCES:
1501 * The controller is overloaded, try waiting a bit for it
1504 ccb->ccb_h.status = CAM_BUSY;
1506 case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN:
1507 ccb->csio.resid = cm->cm_length - rep->TransferCount;
1509 case MPI2_IOCSTATUS_SUCCESS:
1510 case MPI2_IOCSTATUS_SCSI_RECOVERED_ERROR:
1511 ccb->ccb_h.status = CAM_REQ_CMP;
1513 case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN:
1514 /* resid is ignored for this condition */
1515 ccb->csio.resid = 0;
1516 ccb->ccb_h.status = CAM_DATA_RUN_ERR;
1518 case MPI2_IOCSTATUS_SCSI_INVALID_DEVHANDLE:
1519 case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
1520 ccb->ccb_h.status = CAM_DEV_NOT_THERE;
1522 case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED:
1524 * This is one of the responses that comes back when an I/O
1525 * has been aborted. If it is because of a timeout that we
1526 * initiated, just set the status to CAM_CMD_TIMEOUT.
1527 * Otherwise set it to CAM_REQ_ABORTED. The effect on the
1528 * command is the same (it gets retried, subject to the
1529 * retry counter), the only difference is what gets printed
1532 if (cm->cm_state == MPS_CM_STATE_TIMEDOUT)
1533 ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1535 ccb->ccb_h.status = CAM_REQ_ABORTED;
1537 case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED:
1538 case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED:
1539 ccb->ccb_h.status = CAM_REQ_ABORTED;
1541 case MPI2_IOCSTATUS_INVALID_SGL:
1542 mps_print_scsiio_cmd(sc, cm);
1543 ccb->ccb_h.status = CAM_UNREC_HBA_ERROR;
1545 case MPI2_IOCSTATUS_INVALID_FUNCTION:
1546 case MPI2_IOCSTATUS_INTERNAL_ERROR:
1547 case MPI2_IOCSTATUS_INVALID_VPID:
1548 case MPI2_IOCSTATUS_INVALID_FIELD:
1549 case MPI2_IOCSTATUS_INVALID_STATE:
1550 case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED:
1551 case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR:
1552 case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR:
1553 case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
1554 case MPI2_IOCSTATUS_SCSI_TASK_MGMT_FAILED:
1556 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1560 if ((rep->SCSIState & MPI2_SCSI_STATE_NO_SCSI_STATUS) == 0) {
1561 ccb->csio.scsi_status = rep->SCSIStatus;
1563 switch (rep->SCSIStatus) {
1564 case MPI2_SCSI_STATUS_TASK_SET_FULL:
1565 case MPI2_SCSI_STATUS_CHECK_CONDITION:
1566 ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR;
1568 case MPI2_SCSI_STATUS_COMMAND_TERMINATED:
1569 case MPI2_SCSI_STATUS_TASK_ABORTED:
1570 ccb->ccb_h.status = CAM_REQ_ABORTED;
1572 case MPI2_SCSI_STATUS_GOOD:
1578 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
1579 sense_len = MIN(rep->SenseCount,
1580 sizeof(struct scsi_sense_data));
1581 if (sense_len < rep->SenseCount)
1582 ccb->csio.sense_resid = rep->SenseCount - sense_len;
1583 bcopy(cm->cm_sense, &ccb->csio.sense_data, sense_len);
1584 ccb->ccb_h.status |= CAM_AUTOSNS_VALID;
1587 if (rep->SCSIState & MPI2_SCSI_STATE_AUTOSENSE_FAILED)
1588 ccb->ccb_h.status = CAM_AUTOSENSE_FAIL;
1590 if (rep->SCSIState & MPI2_SCSI_STATE_RESPONSE_INFO_VALID)
1591 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1593 mps_free_command(sc, cm);
1597 #if __FreeBSD_version >= 900026
1599 mpssas_smpio_complete(struct mps_softc *sc, struct mps_command *cm)
1601 MPI2_SMP_PASSTHROUGH_REPLY *rpl;
1602 MPI2_SMP_PASSTHROUGH_REQUEST *req;
1606 ccb = cm->cm_complete_data;
1607 rpl = (MPI2_SMP_PASSTHROUGH_REPLY *)cm->cm_reply;
1609 mps_dprint(sc, MPS_INFO, "%s: NULL cm_reply!\n", __func__);
1610 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1614 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
1615 sasaddr = le32toh(req->SASAddress.Low);
1616 sasaddr |= ((uint64_t)(le32toh(req->SASAddress.High))) << 32;
1618 if ((rpl->IOCStatus & MPI2_IOCSTATUS_MASK) != MPI2_IOCSTATUS_SUCCESS ||
1619 rpl->SASStatus != MPI2_SASSTATUS_SUCCESS) {
1620 mps_dprint(sc, MPS_INFO, "%s: IOCStatus %04x SASStatus %02x\n",
1621 __func__, rpl->IOCStatus, rpl->SASStatus);
1622 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1626 mps_dprint(sc, MPS_INFO, "%s: SMP request to SAS address "
1627 "%#jx completed successfully\n", __func__,
1628 (uintmax_t)sasaddr);
1630 if (ccb->smpio.smp_response[2] == SMP_FR_ACCEPTED)
1631 ccb->ccb_h.status = CAM_REQ_CMP;
1633 ccb->ccb_h.status = CAM_SMP_STATUS_ERROR;
1637 * We sync in both directions because we had DMAs in the S/G list
1638 * in both directions.
1640 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap,
1641 BUS_DMASYNC_POSTREAD | BUS_DMASYNC_POSTWRITE);
1642 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap);
1643 mps_free_command(sc, cm);
1648 mpssas_send_smpcmd(struct mpssas_softc *sassc, union ccb *ccb, uint64_t sasaddr)
1650 struct mps_command *cm;
1651 uint8_t *request, *response;
1652 MPI2_SMP_PASSTHROUGH_REQUEST *req;
1653 struct mps_softc *sc;
1662 * XXX We don't yet support physical addresses here.
1664 if (ccb->ccb_h.flags & (CAM_DATA_PHYS|CAM_SG_LIST_PHYS)) {
1665 mps_printf(sc, "%s: physical addresses not supported\n",
1667 ccb->ccb_h.status = CAM_REQ_INVALID;
1673 * If the user wants to send an S/G list, check to make sure they
1674 * have single buffers.
1676 if (ccb->ccb_h.flags & CAM_SCATTER_VALID) {
1678 * The chip does not support more than one buffer for the
1679 * request or response.
1681 if ((ccb->smpio.smp_request_sglist_cnt > 1)
1682 || (ccb->smpio.smp_response_sglist_cnt > 1)) {
1683 mps_printf(sc, "%s: multiple request or response "
1684 "buffer segments not supported for SMP\n",
1686 ccb->ccb_h.status = CAM_REQ_INVALID;
1692 * The CAM_SCATTER_VALID flag was originally implemented
1693 * for the XPT_SCSI_IO CCB, which only has one data pointer.
1694 * We have two. So, just take that flag to mean that we
1695 * might have S/G lists, and look at the S/G segment count
1696 * to figure out whether that is the case for each individual
1699 if (ccb->smpio.smp_request_sglist_cnt != 0) {
1700 bus_dma_segment_t *req_sg;
1702 req_sg = (bus_dma_segment_t *)ccb->smpio.smp_request;
1703 request = (uint8_t *)req_sg[0].ds_addr;
1705 request = ccb->smpio.smp_request;
1707 if (ccb->smpio.smp_response_sglist_cnt != 0) {
1708 bus_dma_segment_t *rsp_sg;
1710 rsp_sg = (bus_dma_segment_t *)ccb->smpio.smp_response;
1711 response = (uint8_t *)rsp_sg[0].ds_addr;
1713 response = ccb->smpio.smp_response;
1715 request = ccb->smpio.smp_request;
1716 response = ccb->smpio.smp_response;
1719 cm = mps_alloc_command(sc);
1721 mps_printf(sc, "%s: cannot allocate command\n", __func__);
1722 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1727 req = (MPI2_SMP_PASSTHROUGH_REQUEST *)cm->cm_req;
1728 bzero(req, sizeof(*req));
1729 req->Function = MPI2_FUNCTION_SMP_PASSTHROUGH;
1731 /* Allow the chip to use any route to this SAS address. */
1732 req->PhysicalPort = 0xff;
1734 req->RequestDataLength = ccb->smpio.smp_request_len;
1736 MPI2_SGLFLAGS_SYSTEM_ADDRESS_SPACE | MPI2_SGLFLAGS_SGL_TYPE_MPI;
1738 mps_dprint(sc, MPS_INFO, "%s: sending SMP request to SAS "
1739 "address %#jx\n", __func__, (uintmax_t)sasaddr);
1741 mpi_init_sge(cm, req, &req->SGL);
1744 * Set up a uio to pass into mps_map_command(). This allows us to
1745 * do one map command, and one busdma call in there.
1747 cm->cm_uio.uio_iov = cm->cm_iovec;
1748 cm->cm_uio.uio_iovcnt = 2;
1749 cm->cm_uio.uio_segflg = UIO_SYSSPACE;
1752 * The read/write flag isn't used by busdma, but set it just in
1753 * case. This isn't exactly accurate, either, since we're going in
1756 cm->cm_uio.uio_rw = UIO_WRITE;
1758 cm->cm_iovec[0].iov_base = request;
1759 cm->cm_iovec[0].iov_len = req->RequestDataLength;
1760 cm->cm_iovec[1].iov_base = response;
1761 cm->cm_iovec[1].iov_len = ccb->smpio.smp_response_len;
1763 cm->cm_uio.uio_resid = cm->cm_iovec[0].iov_len +
1764 cm->cm_iovec[1].iov_len;
1767 * Trigger a warning message in mps_data_cb() for the user if we
1768 * wind up exceeding two S/G segments. The chip expects one
1769 * segment for the request and another for the response.
1771 cm->cm_max_segs = 2;
1773 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
1774 cm->cm_complete = mpssas_smpio_complete;
1775 cm->cm_complete_data = ccb;
1778 * Tell the mapping code that we're using a uio, and that this is
1779 * an SMP passthrough request. There is a little special-case
1780 * logic there (in mps_data_cb()) to handle the bidirectional
1783 cm->cm_flags |= MPS_CM_FLAGS_USE_UIO | MPS_CM_FLAGS_SMP_PASS |
1784 MPS_CM_FLAGS_DATAIN | MPS_CM_FLAGS_DATAOUT;
1786 /* The chip data format is little endian. */
1787 req->SASAddress.High = htole32(sasaddr >> 32);
1788 req->SASAddress.Low = htole32(sasaddr);
1791 * XXX Note that we don't have a timeout/abort mechanism here.
1792 * From the manual, it looks like task management requests only
1793 * work for SCSI IO and SATA passthrough requests. We may need to
1794 * have a mechanism to retry requests in the event of a chip reset
1795 * at least. Hopefully the chip will insure that any errors short
1796 * of that are relayed back to the driver.
1798 error = mps_map_command(sc, cm);
1799 if ((error != 0) && (error != EINPROGRESS)) {
1800 mps_printf(sc, "%s: error %d returned from mps_map_command()\n",
1808 mps_free_command(sc, cm);
1809 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1816 mpssas_action_smpio(struct mpssas_softc *sassc, union ccb *ccb)
1818 struct mps_softc *sc;
1819 struct mpssas_target *targ;
1820 uint64_t sasaddr = 0;
1825 * Make sure the target exists.
1827 targ = &sassc->targets[ccb->ccb_h.target_id];
1828 if (targ->handle == 0x0) {
1829 mps_printf(sc, "%s: target %d does not exist!\n", __func__,
1830 ccb->ccb_h.target_id);
1831 ccb->ccb_h.status = CAM_SEL_TIMEOUT;
1837 * If this device has an embedded SMP target, we'll talk to it
1839 * figure out what the expander's address is.
1841 if ((targ->devinfo & MPI2_SAS_DEVICE_INFO_SMP_TARGET) != 0)
1842 sasaddr = targ->sasaddr;
1845 * If we don't have a SAS address for the expander yet, try
1846 * grabbing it from the page 0x83 information cached in the
1847 * transport layer for this target. LSI expanders report the
1848 * expander SAS address as the port-associated SAS address in
1849 * Inquiry VPD page 0x83. Maxim expanders don't report it in page
1852 * XXX KDM disable this for now, but leave it commented out so that
1853 * it is obvious that this is another possible way to get the SAS
1856 * The parent handle method below is a little more reliable, and
1857 * the other benefit is that it works for devices other than SES
1858 * devices. So you can send a SMP request to a da(4) device and it
1859 * will get routed to the expander that device is attached to.
1860 * (Assuming the da(4) device doesn't contain an SMP target...)
1864 sasaddr = xpt_path_sas_addr(ccb->ccb_h.path);
1868 * If we still don't have a SAS address for the expander, look for
1869 * the parent device of this device, which is probably the expander.
1872 struct mpssas_target *parent_target;
1874 if (targ->parent_handle == 0x0) {
1875 mps_printf(sc, "%s: handle %d does not have a valid "
1876 "parent handle!\n", __func__, targ->handle);
1877 ccb->ccb_h.status = CAM_REQ_INVALID;
1880 parent_target = mpssas_find_target(sassc, 0,
1881 targ->parent_handle);
1883 if (parent_target == NULL) {
1884 mps_printf(sc, "%s: handle %d does not have a valid "
1885 "parent target!\n", __func__, targ->handle);
1886 ccb->ccb_h.status = CAM_REQ_INVALID;
1890 if ((parent_target->devinfo &
1891 MPI2_SAS_DEVICE_INFO_SMP_TARGET) == 0) {
1892 mps_printf(sc, "%s: handle %d parent %d does not "
1893 "have an SMP target!\n", __func__,
1894 targ->handle, parent_target->handle);
1895 ccb->ccb_h.status = CAM_REQ_INVALID;
1900 sasaddr = parent_target->sasaddr;
1904 mps_printf(sc, "%s: unable to find SAS address for handle %d\n",
1905 __func__, targ->handle);
1906 ccb->ccb_h.status = CAM_REQ_INVALID;
1909 mpssas_send_smpcmd(sassc, ccb, sasaddr);
1918 #endif /* __FreeBSD_version >= 900026 */
1921 mpssas_action_resetdev(struct mpssas_softc *sassc, union ccb *ccb)
1923 struct mps_softc *sc;
1924 struct mps_command *cm;
1925 struct mpssas_target *targ;
1928 targ = &sassc->targets[ccb->ccb_h.target_id];
1930 if (targ->flags & MPSSAS_TARGET_INRECOVERY) {
1931 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1936 cm = mps_alloc_command(sc);
1938 mps_printf(sc, "%s: cannot alloc command\n", __func__);
1939 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1945 cm->cm_complete = mpssas_resetdev_complete;
1946 cm->cm_complete_data = ccb;
1948 mpssas_resetdev(sassc, cm);
1952 mpssas_resetdev(struct mpssas_softc *sassc, struct mps_command *cm)
1954 MPI2_SCSI_TASK_MANAGE_REQUEST *req;
1955 struct mps_softc *sc;
1957 mps_dprint(sassc->sc, MPS_TRACE, "%s\n", __func__);
1961 req = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req;
1962 req->DevHandle = cm->cm_targ->handle;
1963 req->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
1964 req->TaskType = MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET;
1966 /* SAS Hard Link Reset / SATA Link Reset */
1967 req->MsgFlags = MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET;
1970 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
1972 mpssas_issue_tm_request(sc, cm);
1976 mpssas_resetdev_complete(struct mps_softc *sc, struct mps_command *cm)
1978 MPI2_SCSI_TASK_MANAGE_REPLY *resp;
1981 mps_dprint(sc, MPS_TRACE, "%s\n", __func__);
1983 resp = (MPI2_SCSI_TASK_MANAGE_REPLY *)cm->cm_reply;
1984 ccb = cm->cm_complete_data;
1986 kprintf("resetdev complete IOCStatus= 0x%x ResponseCode= 0x%x\n",
1987 resp->IOCStatus, resp->ResponseCode);
1989 if (resp->ResponseCode == MPI2_SCSITASKMGMT_RSP_TM_COMPLETE)
1990 ccb->ccb_h.status = CAM_REQ_CMP;
1992 ccb->ccb_h.status = CAM_REQ_CMP_ERR;
1994 mpssas_complete_tm_request(sc, cm, /*free_cm*/ 1);
2000 mpssas_poll(struct cam_sim *sim)
2002 struct mpssas_softc *sassc;
2004 sassc = cam_sim_softc(sim);
2005 mps_intr_locked(sassc->sc);
2009 mpssas_freeze_device(struct mpssas_softc *sassc, struct mpssas_target *targ)
2014 mpssas_unfreeze_device(struct mpssas_softc *sassc, struct mpssas_target *targ)
projects / dragonfly.git / blob