1/*- 2 * Copyright (c) 2008 Yahoo!, Inc. 3 * All rights reserved. 4 * Written by: John Baldwin <jhb@FreeBSD.org> 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 3. Neither the name of the author nor the names of any co-contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 * 30 * Avago Technologies (LSI) MPT-Fusion Host Adapter FreeBSD userland interface 31 */ 32/*- 33 * Copyright (c) 2011-2015 LSI Corp. 34 * Copyright (c) 2013-2015 Avago Technologies 35 * All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 46 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 49 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 56 * SUCH DAMAGE. 57 * 58 * Avago Technologies (LSI) MPT-Fusion Host Adapter FreeBSD 59 * 60 * $FreeBSD: stable/11/sys/dev/mps/mps_user.c 362058 2020-06-11 14:49:38Z markj $ 61 */ 62 63#include <sys/cdefs.h> 64__FBSDID("$FreeBSD: stable/11/sys/dev/mps/mps_user.c 362058 2020-06-11 14:49:38Z markj $"); 65 66#include "opt_compat.h" 67 68/* TODO Move headers to mpsvar */ 69#include <sys/types.h> 70#include <sys/param.h> 71#include <sys/systm.h> 72#include <sys/kernel.h> 73#include <sys/selinfo.h> 74#include <sys/module.h> 75#include <sys/bus.h> 76#include <sys/conf.h> 77#include <sys/bio.h> 78#include <sys/abi_compat.h> 79#include <sys/malloc.h> 80#include <sys/uio.h> 81#include <sys/sysctl.h> 82#include <sys/ioccom.h> 83#include <sys/endian.h> 84#include <sys/queue.h> 85#include <sys/kthread.h> 86#include <sys/taskqueue.h> 87#include <sys/proc.h> 88#include <sys/sysent.h> 89 90#include <machine/bus.h> 91#include <machine/resource.h> 92#include <sys/rman.h> 93 94#include <cam/cam.h> 95#include <cam/cam_ccb.h> 96#include <cam/scsi/scsi_all.h> 97 98#include <dev/mps/mpi/mpi2_type.h> 99#include <dev/mps/mpi/mpi2.h> 100#include <dev/mps/mpi/mpi2_ioc.h> 101#include <dev/mps/mpi/mpi2_cnfg.h> 102#include <dev/mps/mpi/mpi2_init.h> 103#include <dev/mps/mpi/mpi2_tool.h> 104#include <dev/mps/mps_ioctl.h> 105#include <dev/mps/mpsvar.h> 106#include <dev/mps/mps_table.h> 107#include <dev/mps/mps_sas.h> 108#include <dev/pci/pcivar.h> 109#include <dev/pci/pcireg.h> 110 111static d_open_t mps_open; 112static d_close_t mps_close; 113static d_ioctl_t mps_ioctl_devsw; 114 115static struct cdevsw mps_cdevsw = { 116 .d_version = D_VERSION, 117 .d_flags = 0, 118 .d_open = mps_open, 119 .d_close = mps_close, 120 .d_ioctl = mps_ioctl_devsw, 121 .d_name = "mps", 122}; 123 124typedef int (mps_user_f)(struct mps_command *, struct mps_usr_command *); 125static mps_user_f mpi_pre_ioc_facts; 126static mps_user_f mpi_pre_port_facts; 127static mps_user_f mpi_pre_fw_download; 128static mps_user_f mpi_pre_fw_upload; 129static mps_user_f mpi_pre_sata_passthrough; 130static mps_user_f mpi_pre_smp_passthrough; 131static mps_user_f mpi_pre_config; 132static mps_user_f mpi_pre_sas_io_unit_control; 133 134static int mps_user_read_cfg_header(struct mps_softc *, 135 struct mps_cfg_page_req *); 136static int mps_user_read_cfg_page(struct mps_softc *, 137 struct mps_cfg_page_req *, void *); 138static int mps_user_read_extcfg_header(struct mps_softc *, 139 struct mps_ext_cfg_page_req *); 140static int mps_user_read_extcfg_page(struct mps_softc *, 141 struct mps_ext_cfg_page_req *, void *); 142static int mps_user_write_cfg_page(struct mps_softc *, 143 struct mps_cfg_page_req *, void *); 144static int mps_user_setup_request(struct mps_command *, 145 struct mps_usr_command *); 146static int mps_user_command(struct mps_softc *, struct mps_usr_command *); 147 148static int mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data); 149static void mps_user_get_adapter_data(struct mps_softc *sc, 150 mps_adapter_data_t *data); 151static void mps_user_read_pci_info(struct mps_softc *sc, 152 mps_pci_info_t *data); 153static uint8_t mps_get_fw_diag_buffer_number(struct mps_softc *sc, 154 uint32_t unique_id); 155static int mps_post_fw_diag_buffer(struct mps_softc *sc, 156 mps_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code); 157static int mps_release_fw_diag_buffer(struct mps_softc *sc, 158 mps_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code, 159 uint32_t diag_type); 160static int mps_diag_register(struct mps_softc *sc, 161 mps_fw_diag_register_t *diag_register, uint32_t *return_code); 162static int mps_diag_unregister(struct mps_softc *sc, 163 mps_fw_diag_unregister_t *diag_unregister, uint32_t *return_code); 164static int mps_diag_query(struct mps_softc *sc, mps_fw_diag_query_t *diag_query, 165 uint32_t *return_code); 166static int mps_diag_read_buffer(struct mps_softc *sc, 167 mps_diag_read_buffer_t *diag_read_buffer, uint8_t *ioctl_buf, 168 uint32_t *return_code); 169static int mps_diag_release(struct mps_softc *sc, 170 mps_fw_diag_release_t *diag_release, uint32_t *return_code); 171static int mps_do_diag_action(struct mps_softc *sc, uint32_t action, 172 uint8_t *diag_action, uint32_t length, uint32_t *return_code); 173static int mps_user_diag_action(struct mps_softc *sc, mps_diag_action_t *data); 174static void mps_user_event_query(struct mps_softc *sc, mps_event_query_t *data); 175static void mps_user_event_enable(struct mps_softc *sc, 176 mps_event_enable_t *data); 177static int mps_user_event_report(struct mps_softc *sc, 178 mps_event_report_t *data); 179static int mps_user_reg_access(struct mps_softc *sc, mps_reg_access_t *data); 180static int mps_user_btdh(struct mps_softc *sc, mps_btdh_mapping_t *data); 181 182static MALLOC_DEFINE(M_MPSUSER, "mps_user", "Buffers for mps(4) ioctls"); 183 184int 185mps_attach_user(struct mps_softc *sc) 186{ 187 int unit; 188 189 unit = device_get_unit(sc->mps_dev); 190 sc->mps_cdev = make_dev(&mps_cdevsw, unit, UID_ROOT, GID_OPERATOR, 0640, 191 "mps%d", unit); 192 if (sc->mps_cdev == NULL) { 193 return (ENOMEM); 194 } 195 sc->mps_cdev->si_drv1 = sc; 196 return (0); 197} 198 199void 200mps_detach_user(struct mps_softc *sc) 201{ 202 203 /* XXX: do a purge of pending requests? */ 204 if (sc->mps_cdev != NULL) 205 destroy_dev(sc->mps_cdev); 206} 207 208static int 209mps_open(struct cdev *dev, int flags, int fmt, struct thread *td) 210{ 211 212 return (0); 213} 214 215static int 216mps_close(struct cdev *dev, int flags, int fmt, struct thread *td) 217{ 218 219 return (0); 220} 221 222static int 223mps_user_read_cfg_header(struct mps_softc *sc, 224 struct mps_cfg_page_req *page_req) 225{ 226 MPI2_CONFIG_PAGE_HEADER *hdr; 227 struct mps_config_params params; 228 int error; 229 230 hdr = ¶ms.hdr.Struct; 231 params.action = MPI2_CONFIG_ACTION_PAGE_HEADER; 232 params.page_address = le32toh(page_req->page_address); 233 hdr->PageVersion = 0; 234 hdr->PageLength = 0; 235 hdr->PageNumber = page_req->header.PageNumber; 236 hdr->PageType = page_req->header.PageType; 237 params.buffer = NULL; 238 params.length = 0; 239 params.callback = NULL; 240 241 if ((error = mps_read_config_page(sc, ¶ms)) != 0) { 242 /* 243 * Leave the request. Without resetting the chip, it's 244 * still owned by it and we'll just get into trouble 245 * freeing it now. Mark it as abandoned so that if it 246 * shows up later it can be freed. 247 */ 248 mps_printf(sc, "read_cfg_header timed out\n"); 249 return (ETIMEDOUT); 250 } 251 252 page_req->ioc_status = htole16(params.status); 253 if ((page_req->ioc_status & MPI2_IOCSTATUS_MASK) == 254 MPI2_IOCSTATUS_SUCCESS) { 255 bcopy(hdr, &page_req->header, sizeof(page_req->header)); 256 } 257 258 return (0); 259} 260 261static int 262mps_user_read_cfg_page(struct mps_softc *sc, struct mps_cfg_page_req *page_req, 263 void *buf) 264{ 265 MPI2_CONFIG_PAGE_HEADER *reqhdr, *hdr; 266 struct mps_config_params params; 267 int error; 268 269 reqhdr = buf; 270 hdr = ¶ms.hdr.Struct; 271 hdr->PageVersion = reqhdr->PageVersion; 272 hdr->PageLength = reqhdr->PageLength; 273 hdr->PageNumber = reqhdr->PageNumber; 274 hdr->PageType = reqhdr->PageType & MPI2_CONFIG_PAGETYPE_MASK; 275 params.action = MPI2_CONFIG_ACTION_PAGE_READ_CURRENT; 276 params.page_address = le32toh(page_req->page_address); 277 params.buffer = buf; 278 params.length = le32toh(page_req->len); 279 params.callback = NULL; 280 281 if ((error = mps_read_config_page(sc, ¶ms)) != 0) { 282 mps_printf(sc, "mps_user_read_cfg_page timed out\n"); 283 return (ETIMEDOUT); 284 } 285 286 page_req->ioc_status = htole16(params.status); 287 return (0); 288} 289 290static int 291mps_user_read_extcfg_header(struct mps_softc *sc, 292 struct mps_ext_cfg_page_req *ext_page_req) 293{ 294 MPI2_CONFIG_EXTENDED_PAGE_HEADER *hdr; 295 struct mps_config_params params; 296 int error; 297 298 hdr = ¶ms.hdr.Ext; 299 params.action = MPI2_CONFIG_ACTION_PAGE_HEADER; 300 hdr->PageVersion = ext_page_req->header.PageVersion; 301 hdr->PageType = MPI2_CONFIG_PAGETYPE_EXTENDED; 302 hdr->ExtPageLength = 0; 303 hdr->PageNumber = ext_page_req->header.PageNumber; 304 hdr->ExtPageType = ext_page_req->header.ExtPageType; 305 params.page_address = le32toh(ext_page_req->page_address); 306 params.buffer = NULL; 307 params.length = 0; 308 params.callback = NULL; 309 310 if ((error = mps_read_config_page(sc, ¶ms)) != 0) { 311 /* 312 * Leave the request. Without resetting the chip, it's 313 * still owned by it and we'll just get into trouble 314 * freeing it now. Mark it as abandoned so that if it 315 * shows up later it can be freed. 316 */ 317 mps_printf(sc, "mps_user_read_extcfg_header timed out\n"); 318 return (ETIMEDOUT); 319 } 320 321 ext_page_req->ioc_status = htole16(params.status); 322 if ((ext_page_req->ioc_status & MPI2_IOCSTATUS_MASK) == 323 MPI2_IOCSTATUS_SUCCESS) { 324 ext_page_req->header.PageVersion = hdr->PageVersion; 325 ext_page_req->header.PageNumber = hdr->PageNumber; 326 ext_page_req->header.PageType = hdr->PageType; 327 ext_page_req->header.ExtPageLength = hdr->ExtPageLength; 328 ext_page_req->header.ExtPageType = hdr->ExtPageType; 329 } 330 331 return (0); 332} 333 334static int 335mps_user_read_extcfg_page(struct mps_softc *sc, 336 struct mps_ext_cfg_page_req *ext_page_req, void *buf) 337{ 338 MPI2_CONFIG_EXTENDED_PAGE_HEADER *reqhdr, *hdr; 339 struct mps_config_params params; 340 int error; 341 342 reqhdr = buf; 343 hdr = ¶ms.hdr.Ext; 344 params.action = MPI2_CONFIG_ACTION_PAGE_READ_CURRENT; 345 params.page_address = le32toh(ext_page_req->page_address); 346 hdr->PageVersion = reqhdr->PageVersion; 347 hdr->PageType = MPI2_CONFIG_PAGETYPE_EXTENDED; 348 hdr->PageNumber = reqhdr->PageNumber; 349 hdr->ExtPageType = reqhdr->ExtPageType; 350 hdr->ExtPageLength = reqhdr->ExtPageLength; 351 params.buffer = buf; 352 params.length = le32toh(ext_page_req->len); 353 params.callback = NULL; 354 355 if ((error = mps_read_config_page(sc, ¶ms)) != 0) { 356 mps_printf(sc, "mps_user_read_extcfg_page timed out\n"); 357 return (ETIMEDOUT); 358 } 359 360 ext_page_req->ioc_status = htole16(params.status); 361 return (0); 362} 363 364static int 365mps_user_write_cfg_page(struct mps_softc *sc, 366 struct mps_cfg_page_req *page_req, void *buf) 367{ 368 MPI2_CONFIG_PAGE_HEADER *reqhdr, *hdr; 369 struct mps_config_params params; 370 u_int hdr_attr; 371 int error; 372 373 reqhdr = buf; 374 hdr = ¶ms.hdr.Struct; 375 hdr_attr = reqhdr->PageType & MPI2_CONFIG_PAGEATTR_MASK; 376 if (hdr_attr != MPI2_CONFIG_PAGEATTR_CHANGEABLE && 377 hdr_attr != MPI2_CONFIG_PAGEATTR_PERSISTENT) { 378 mps_printf(sc, "page type 0x%x not changeable\n", 379 reqhdr->PageType & MPI2_CONFIG_PAGETYPE_MASK); 380 return (EINVAL); 381 } 382 383 /* 384 * There isn't any point in restoring stripped out attributes 385 * if you then mask them going down to issue the request. 386 */ 387 388 hdr->PageVersion = reqhdr->PageVersion; 389 hdr->PageLength = reqhdr->PageLength; 390 hdr->PageNumber = reqhdr->PageNumber; 391 hdr->PageType = reqhdr->PageType; 392 params.action = MPI2_CONFIG_ACTION_PAGE_WRITE_CURRENT; 393 params.page_address = le32toh(page_req->page_address); 394 params.buffer = buf; 395 params.length = le32toh(page_req->len); 396 params.callback = NULL; 397 398 if ((error = mps_write_config_page(sc, ¶ms)) != 0) { 399 mps_printf(sc, "mps_write_cfg_page timed out\n"); 400 return (ETIMEDOUT); 401 } 402 403 page_req->ioc_status = htole16(params.status); 404 return (0); 405} 406 407void 408mpi_init_sge(struct mps_command *cm, void *req, void *sge) 409{ 410 int off, space; 411 412 space = (int)cm->cm_sc->facts->IOCRequestFrameSize * 4; 413 off = (uintptr_t)sge - (uintptr_t)req; 414 415 KASSERT(off < space, ("bad pointers %p %p, off %d, space %d", 416 req, sge, off, space)); 417 418 cm->cm_sge = sge; 419 cm->cm_sglsize = space - off; 420} 421 422/* 423 * Prepare the mps_command for an IOC_FACTS request. 424 */ 425static int 426mpi_pre_ioc_facts(struct mps_command *cm, struct mps_usr_command *cmd) 427{ 428 MPI2_IOC_FACTS_REQUEST *req = (void *)cm->cm_req; 429 MPI2_IOC_FACTS_REPLY *rpl; 430 431 if (cmd->req_len != sizeof *req) 432 return (EINVAL); 433 if (cmd->rpl_len != sizeof *rpl) 434 return (EINVAL); 435 436 cm->cm_sge = NULL; 437 cm->cm_sglsize = 0; 438 return (0); 439} 440 441/* 442 * Prepare the mps_command for a PORT_FACTS request. 443 */ 444static int 445mpi_pre_port_facts(struct mps_command *cm, struct mps_usr_command *cmd) 446{ 447 MPI2_PORT_FACTS_REQUEST *req = (void *)cm->cm_req; 448 MPI2_PORT_FACTS_REPLY *rpl; 449 450 if (cmd->req_len != sizeof *req) 451 return (EINVAL); 452 if (cmd->rpl_len != sizeof *rpl) 453 return (EINVAL); 454 455 cm->cm_sge = NULL; 456 cm->cm_sglsize = 0; 457 return (0); 458} 459 460/* 461 * Prepare the mps_command for a FW_DOWNLOAD request. 462 */ 463static int 464mpi_pre_fw_download(struct mps_command *cm, struct mps_usr_command *cmd) 465{ 466 MPI2_FW_DOWNLOAD_REQUEST *req = (void *)cm->cm_req; 467 MPI2_FW_DOWNLOAD_REPLY *rpl; 468 MPI2_FW_DOWNLOAD_TCSGE tc; 469 int error; 470 471 /* 472 * This code assumes there is room in the request's SGL for 473 * the TransactionContext plus at least a SGL chain element. 474 */ 475 CTASSERT(sizeof req->SGL >= sizeof tc + MPS_SGC_SIZE); 476 477 if (cmd->req_len != sizeof *req) 478 return (EINVAL); 479 if (cmd->rpl_len != sizeof *rpl) 480 return (EINVAL); 481 482 if (cmd->len == 0) 483 return (EINVAL); 484 485 error = copyin(cmd->buf, cm->cm_data, cmd->len); 486 if (error != 0) 487 return (error); 488 489 mpi_init_sge(cm, req, &req->SGL); 490 bzero(&tc, sizeof tc); 491 492 /* 493 * For now, the F/W image must be provided in a single request. 494 */ 495 if ((req->MsgFlags & MPI2_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT) == 0) 496 return (EINVAL); 497 if (req->TotalImageSize != cmd->len) 498 return (EINVAL); 499 500 /* 501 * The value of the first two elements is specified in the 502 * Fusion-MPT Message Passing Interface document. 503 */ 504 tc.ContextSize = 0; 505 tc.DetailsLength = 12; 506 tc.ImageOffset = 0; 507 tc.ImageSize = cmd->len; 508 509 cm->cm_flags |= MPS_CM_FLAGS_DATAOUT; 510 511 return (mps_push_sge(cm, &tc, sizeof tc, 0)); 512} 513 514/* 515 * Prepare the mps_command for a FW_UPLOAD request. 516 */ 517static int 518mpi_pre_fw_upload(struct mps_command *cm, struct mps_usr_command *cmd) 519{ 520 MPI2_FW_UPLOAD_REQUEST *req = (void *)cm->cm_req; 521 MPI2_FW_UPLOAD_REPLY *rpl; 522 MPI2_FW_UPLOAD_TCSGE tc; 523 524 /* 525 * This code assumes there is room in the request's SGL for 526 * the TransactionContext plus at least a SGL chain element. 527 */ 528 CTASSERT(sizeof req->SGL >= sizeof tc + MPS_SGC_SIZE); 529 530 if (cmd->req_len != sizeof *req) 531 return (EINVAL); 532 if (cmd->rpl_len != sizeof *rpl) 533 return (EINVAL); 534 535 mpi_init_sge(cm, req, &req->SGL); 536 bzero(&tc, sizeof tc); 537 538 /* 539 * The value of the first two elements is specified in the 540 * Fusion-MPT Message Passing Interface document. 541 */ 542 tc.ContextSize = 0; 543 tc.DetailsLength = 12; 544 /* 545 * XXX Is there any reason to fetch a partial image? I.e. to 546 * set ImageOffset to something other than 0? 547 */ 548 tc.ImageOffset = 0; 549 tc.ImageSize = cmd->len; 550 551 cm->cm_flags |= MPS_CM_FLAGS_DATAIN; 552 553 return (mps_push_sge(cm, &tc, sizeof tc, 0)); 554} 555 556/* 557 * Prepare the mps_command for a SATA_PASSTHROUGH request. 558 */ 559static int 560mpi_pre_sata_passthrough(struct mps_command *cm, struct mps_usr_command *cmd) 561{ 562 MPI2_SATA_PASSTHROUGH_REQUEST *req = (void *)cm->cm_req; 563 MPI2_SATA_PASSTHROUGH_REPLY *rpl; 564 565 if (cmd->req_len != sizeof *req) 566 return (EINVAL); 567 if (cmd->rpl_len != sizeof *rpl) 568 return (EINVAL); 569 570 mpi_init_sge(cm, req, &req->SGL); 571 return (0); 572} 573 574/* 575 * Prepare the mps_command for a SMP_PASSTHROUGH request. 576 */ 577static int 578mpi_pre_smp_passthrough(struct mps_command *cm, struct mps_usr_command *cmd) 579{ 580 MPI2_SMP_PASSTHROUGH_REQUEST *req = (void *)cm->cm_req; 581 MPI2_SMP_PASSTHROUGH_REPLY *rpl; 582 583 if (cmd->req_len != sizeof *req) 584 return (EINVAL); 585 if (cmd->rpl_len != sizeof *rpl) 586 return (EINVAL); 587 588 mpi_init_sge(cm, req, &req->SGL); 589 return (0); 590} 591 592/* 593 * Prepare the mps_command for a CONFIG request. 594 */ 595static int 596mpi_pre_config(struct mps_command *cm, struct mps_usr_command *cmd) 597{ 598 MPI2_CONFIG_REQUEST *req = (void *)cm->cm_req; 599 MPI2_CONFIG_REPLY *rpl; 600 601 if (cmd->req_len != sizeof *req) 602 return (EINVAL); 603 if (cmd->rpl_len != sizeof *rpl) 604 return (EINVAL); 605 606 mpi_init_sge(cm, req, &req->PageBufferSGE); 607 return (0); 608} 609 610/* 611 * Prepare the mps_command for a SAS_IO_UNIT_CONTROL request. 612 */ 613static int 614mpi_pre_sas_io_unit_control(struct mps_command *cm, 615 struct mps_usr_command *cmd) 616{ 617 618 cm->cm_sge = NULL; 619 cm->cm_sglsize = 0; 620 return (0); 621} 622 623/* 624 * A set of functions to prepare an mps_command for the various 625 * supported requests. 626 */ 627struct mps_user_func { 628 U8 Function; 629 mps_user_f *f_pre; 630} mps_user_func_list[] = { 631 { MPI2_FUNCTION_IOC_FACTS, mpi_pre_ioc_facts }, 632 { MPI2_FUNCTION_PORT_FACTS, mpi_pre_port_facts }, 633 { MPI2_FUNCTION_FW_DOWNLOAD, mpi_pre_fw_download }, 634 { MPI2_FUNCTION_FW_UPLOAD, mpi_pre_fw_upload }, 635 { MPI2_FUNCTION_SATA_PASSTHROUGH, mpi_pre_sata_passthrough }, 636 { MPI2_FUNCTION_SMP_PASSTHROUGH, mpi_pre_smp_passthrough}, 637 { MPI2_FUNCTION_CONFIG, mpi_pre_config}, 638 { MPI2_FUNCTION_SAS_IO_UNIT_CONTROL, mpi_pre_sas_io_unit_control }, 639 { 0xFF, NULL } /* list end */ 640}; 641 642static int 643mps_user_setup_request(struct mps_command *cm, struct mps_usr_command *cmd) 644{ 645 MPI2_REQUEST_HEADER *hdr = (MPI2_REQUEST_HEADER *)cm->cm_req; 646 struct mps_user_func *f; 647 648 for (f = mps_user_func_list; f->f_pre != NULL; f++) { 649 if (hdr->Function == f->Function) 650 return (f->f_pre(cm, cmd)); 651 } 652 return (EINVAL); 653} 654 655static int 656mps_user_command(struct mps_softc *sc, struct mps_usr_command *cmd) 657{ 658 MPI2_REQUEST_HEADER *hdr; 659 MPI2_DEFAULT_REPLY *rpl; 660 void *buf = NULL; 661 struct mps_command *cm = NULL; 662 int err = 0; 663 int sz; 664 665 mps_lock(sc); 666 cm = mps_alloc_command(sc); 667 668 if (cm == NULL) { 669 mps_printf(sc, "%s: no mps requests\n", __func__); 670 err = ENOMEM; 671 goto RetFree; 672 } 673 mps_unlock(sc); 674 675 hdr = (MPI2_REQUEST_HEADER *)cm->cm_req; 676 677 mps_dprint(sc, MPS_USER, "%s: req %p %d rpl %p %d\n", __func__, 678 cmd->req, cmd->req_len, cmd->rpl, cmd->rpl_len); 679 680 if (cmd->req_len > (int)sc->facts->IOCRequestFrameSize * 4) { 681 err = EINVAL; 682 goto RetFreeUnlocked; 683 } 684 err = copyin(cmd->req, hdr, cmd->req_len); 685 if (err != 0) 686 goto RetFreeUnlocked; 687 688 mps_dprint(sc, MPS_USER, "%s: Function %02X MsgFlags %02X\n", __func__, 689 hdr->Function, hdr->MsgFlags); 690 691 if (cmd->len > 0) { 692 buf = malloc(cmd->len, M_MPSUSER, M_WAITOK|M_ZERO); 693 cm->cm_data = buf; 694 cm->cm_length = cmd->len; 695 } else { 696 cm->cm_data = NULL; 697 cm->cm_length = 0; 698 } 699 700 cm->cm_flags = MPS_CM_FLAGS_SGE_SIMPLE; 701 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 702 703 err = mps_user_setup_request(cm, cmd); 704 if (err == EINVAL) { 705 mps_printf(sc, "%s: unsupported parameter or unsupported " 706 "function in request (function = 0x%X)\n", __func__, 707 hdr->Function); 708 } 709 if (err != 0) 710 goto RetFreeUnlocked; 711 712 mps_lock(sc); 713 err = mps_wait_command(sc, &cm, 60, CAN_SLEEP); 714 715 if (err || (cm == NULL)) { 716 mps_printf(sc, "%s: invalid request: error %d\n", 717 __func__, err); 718 goto RetFree; 719 } 720 721 rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply; 722 if (rpl != NULL) 723 sz = rpl->MsgLength * 4; 724 else 725 sz = 0; 726 727 if (sz > cmd->rpl_len) { 728 mps_printf(sc, "%s: user reply buffer (%d) smaller than " 729 "returned buffer (%d)\n", __func__, cmd->rpl_len, sz); 730 sz = cmd->rpl_len; 731 } 732 733 mps_unlock(sc); 734 copyout(rpl, cmd->rpl, sz); 735 if (buf != NULL) 736 copyout(buf, cmd->buf, cmd->len); 737 mps_dprint(sc, MPS_USER, "%s: reply size %d\n", __func__, sz); 738 739RetFreeUnlocked: 740 mps_lock(sc); 741RetFree: 742 if (cm != NULL) 743 mps_free_command(sc, cm); 744 mps_unlock(sc); 745 if (buf != NULL) 746 free(buf, M_MPSUSER); 747 return (err); 748} 749 750static int 751mps_user_pass_thru(struct mps_softc *sc, mps_pass_thru_t *data) 752{ 753 MPI2_REQUEST_HEADER *hdr, tmphdr; 754 MPI2_DEFAULT_REPLY *rpl = NULL; 755 struct mps_command *cm = NULL; 756 int err = 0, dir = 0, sz; 757 uint8_t function = 0; 758 u_int sense_len; 759 struct mpssas_target *targ = NULL; 760 761 /* 762 * Only allow one passthru command at a time. Use the MPS_FLAGS_BUSY 763 * bit to denote that a passthru is being processed. 764 */ 765 mps_lock(sc); 766 if (sc->mps_flags & MPS_FLAGS_BUSY) { 767 mps_dprint(sc, MPS_USER, "%s: Only one passthru command " 768 "allowed at a single time.", __func__); 769 mps_unlock(sc); 770 return (EBUSY); 771 } 772 sc->mps_flags |= MPS_FLAGS_BUSY; 773 mps_unlock(sc); 774 775 /* 776 * Do some validation on data direction. Valid cases are: 777 * 1) DataSize is 0 and direction is NONE 778 * 2) DataSize is non-zero and one of: 779 * a) direction is READ or 780 * b) direction is WRITE or 781 * c) direction is BOTH and DataOutSize is non-zero 782 * If valid and the direction is BOTH, change the direction to READ. 783 * if valid and the direction is not BOTH, make sure DataOutSize is 0. 784 */ 785 if (((data->DataSize == 0) && 786 (data->DataDirection == MPS_PASS_THRU_DIRECTION_NONE)) || 787 ((data->DataSize != 0) && 788 ((data->DataDirection == MPS_PASS_THRU_DIRECTION_READ) || 789 (data->DataDirection == MPS_PASS_THRU_DIRECTION_WRITE) || 790 ((data->DataDirection == MPS_PASS_THRU_DIRECTION_BOTH) && 791 (data->DataOutSize != 0))))) { 792 if (data->DataDirection == MPS_PASS_THRU_DIRECTION_BOTH) 793 data->DataDirection = MPS_PASS_THRU_DIRECTION_READ; 794 else 795 data->DataOutSize = 0; 796 } else 797 return (EINVAL); 798 799 mps_dprint(sc, MPS_USER, "%s: req 0x%jx %d rpl 0x%jx %d " 800 "data in 0x%jx %d data out 0x%jx %d data dir %d\n", __func__, 801 data->PtrRequest, data->RequestSize, data->PtrReply, 802 data->ReplySize, data->PtrData, data->DataSize, 803 data->PtrDataOut, data->DataOutSize, data->DataDirection); 804 805 /* 806 * copy in the header so we know what we're dealing with before we 807 * commit to allocating a command for it. 808 */ 809 err = copyin(PTRIN(data->PtrRequest), &tmphdr, data->RequestSize); 810 if (err != 0) 811 goto RetFreeUnlocked; 812 813 if (data->RequestSize > (int)sc->facts->IOCRequestFrameSize * 4) { 814 err = EINVAL; 815 goto RetFreeUnlocked; 816 } 817 818 function = tmphdr.Function; 819 mps_dprint(sc, MPS_USER, "%s: Function %02X MsgFlags %02X\n", __func__, 820 function, tmphdr.MsgFlags); 821 822 /* 823 * Handle a passthru TM request. 824 */ 825 if (function == MPI2_FUNCTION_SCSI_TASK_MGMT) { 826 MPI2_SCSI_TASK_MANAGE_REQUEST *task; 827 828 mps_lock(sc); 829 cm = mpssas_alloc_tm(sc); 830 if (cm == NULL) { 831 err = EINVAL; 832 goto Ret; 833 } 834 835 /* Copy the header in. Only a small fixup is needed. */ 836 task = (MPI2_SCSI_TASK_MANAGE_REQUEST *)cm->cm_req; 837 bcopy(&tmphdr, task, data->RequestSize); 838 task->TaskMID = cm->cm_desc.Default.SMID; 839 840 cm->cm_data = NULL; 841 cm->cm_desc.HighPriority.RequestFlags = 842 MPI2_REQ_DESCRIPT_FLAGS_HIGH_PRIORITY; 843 cm->cm_complete = NULL; 844 cm->cm_complete_data = NULL; 845 846 targ = mpssas_find_target_by_handle(sc->sassc, 0, 847 task->DevHandle); 848 if (targ == NULL) { 849 mps_dprint(sc, MPS_INFO, 850 "%s %d : invalid handle for requested TM 0x%x \n", 851 __func__, __LINE__, task->DevHandle); 852 err = 1; 853 } else { 854 mpssas_prepare_for_tm(sc, cm, targ, CAM_LUN_WILDCARD); 855 err = mps_wait_command(sc, &cm, 30, CAN_SLEEP); 856 } 857 858 if (err != 0) { 859 err = EIO; 860 mps_dprint(sc, MPS_FAULT, "%s: task management failed", 861 __func__); 862 } 863 /* 864 * Copy the reply data and sense data to user space. 865 */ 866 if ((cm != NULL) && (cm->cm_reply != NULL)) { 867 rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply; 868 sz = rpl->MsgLength * 4; 869 870 if (sz > data->ReplySize) { 871 mps_printf(sc, "%s: user reply buffer (%d) " 872 "smaller than returned buffer (%d)\n", 873 __func__, data->ReplySize, sz); 874 } 875 mps_unlock(sc); 876 copyout(cm->cm_reply, PTRIN(data->PtrReply), 877 data->ReplySize); 878 mps_lock(sc); 879 } 880 mpssas_free_tm(sc, cm); 881 goto Ret; 882 } 883 884 mps_lock(sc); 885 cm = mps_alloc_command(sc); 886 887 if (cm == NULL) { 888 mps_printf(sc, "%s: no mps requests\n", __func__); 889 err = ENOMEM; 890 goto Ret; 891 } 892 mps_unlock(sc); 893 894 hdr = (MPI2_REQUEST_HEADER *)cm->cm_req; 895 bcopy(&tmphdr, hdr, data->RequestSize); 896 897 /* 898 * Do some checking to make sure the IOCTL request contains a valid 899 * request. Then set the SGL info. 900 */ 901 mpi_init_sge(cm, hdr, (void *)((uint8_t *)hdr + data->RequestSize)); 902 903 /* 904 * Set up for read, write or both. From check above, DataOutSize will 905 * be 0 if direction is READ or WRITE, but it will have some non-zero 906 * value if the direction is BOTH. So, just use the biggest size to get 907 * the cm_data buffer size. If direction is BOTH, 2 SGLs need to be set 908 * up; the first is for the request and the second will contain the 909 * response data. cm_out_len needs to be set here and this will be used 910 * when the SGLs are set up. 911 */ 912 cm->cm_data = NULL; 913 cm->cm_length = MAX(data->DataSize, data->DataOutSize); 914 cm->cm_out_len = data->DataOutSize; 915 cm->cm_flags = 0; 916 if (cm->cm_length != 0) { 917 cm->cm_data = malloc(cm->cm_length, M_MPSUSER, M_WAITOK | 918 M_ZERO); 919 cm->cm_flags = MPS_CM_FLAGS_DATAIN; 920 if (data->DataOutSize) { 921 cm->cm_flags |= MPS_CM_FLAGS_DATAOUT; 922 err = copyin(PTRIN(data->PtrDataOut), 923 cm->cm_data, data->DataOutSize); 924 } else if (data->DataDirection == 925 MPS_PASS_THRU_DIRECTION_WRITE) { 926 cm->cm_flags = MPS_CM_FLAGS_DATAOUT; 927 err = copyin(PTRIN(data->PtrData), 928 cm->cm_data, data->DataSize); 929 } 930 if (err != 0) 931 mps_dprint(sc, MPS_FAULT, "%s: failed to copy " 932 "IOCTL data from user space\n", __func__); 933 } 934 cm->cm_flags |= MPS_CM_FLAGS_SGE_SIMPLE; 935 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 936 937 /* 938 * Set up Sense buffer and SGL offset for IO passthru. SCSI IO request 939 * uses SCSI IO descriptor. 940 */ 941 if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) || 942 (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) { 943 MPI2_SCSI_IO_REQUEST *scsi_io_req; 944 945 scsi_io_req = (MPI2_SCSI_IO_REQUEST *)hdr; 946 /* 947 * Put SGE for data and data_out buffer at the end of 948 * scsi_io_request message header (64 bytes in total). 949 * Following above SGEs, the residual space will be used by 950 * sense data. 951 */ 952 scsi_io_req->SenseBufferLength = (uint8_t)(data->RequestSize - 953 64); 954 scsi_io_req->SenseBufferLowAddress = htole32(cm->cm_sense_busaddr); 955 956 /* 957 * Set SGLOffset0 value. This is the number of dwords that SGL 958 * is offset from the beginning of MPI2_SCSI_IO_REQUEST struct. 959 */ 960 scsi_io_req->SGLOffset0 = 24; 961 962 /* 963 * Setup descriptor info. RAID passthrough must use the 964 * default request descriptor which is already set, so if this 965 * is a SCSI IO request, change the descriptor to SCSI IO. 966 * Also, if this is a SCSI IO request, handle the reply in the 967 * mpssas_scsio_complete function. 968 */ 969 if (function == MPI2_FUNCTION_SCSI_IO_REQUEST) { 970 cm->cm_desc.SCSIIO.RequestFlags = 971 MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO; 972 cm->cm_desc.SCSIIO.DevHandle = scsi_io_req->DevHandle; 973 974 /* 975 * Make sure the DevHandle is not 0 because this is a 976 * likely error. 977 */ 978 if (scsi_io_req->DevHandle == 0) { 979 err = EINVAL; 980 goto RetFreeUnlocked; 981 } 982 } 983 } 984 985 mps_lock(sc); 986 987 err = mps_wait_command(sc, &cm, 30, CAN_SLEEP); 988 989 if (err || (cm == NULL)) { 990 mps_printf(sc, "%s: invalid request: error %d\n", __func__, 991 err); 992 mps_unlock(sc); 993 goto RetFreeUnlocked; 994 } 995 996 /* 997 * Sync the DMA data, if any. Then copy the data to user space. 998 */ 999 if (cm->cm_data != NULL) { 1000 if (cm->cm_flags & MPS_CM_FLAGS_DATAIN) 1001 dir = BUS_DMASYNC_POSTREAD; 1002 else if (cm->cm_flags & MPS_CM_FLAGS_DATAOUT) 1003 dir = BUS_DMASYNC_POSTWRITE; 1004 bus_dmamap_sync(sc->buffer_dmat, cm->cm_dmamap, dir); 1005 bus_dmamap_unload(sc->buffer_dmat, cm->cm_dmamap); 1006 1007 if (cm->cm_flags & MPS_CM_FLAGS_DATAIN) { 1008 mps_unlock(sc); 1009 err = copyout(cm->cm_data, 1010 PTRIN(data->PtrData), data->DataSize); 1011 mps_lock(sc); 1012 if (err != 0) 1013 mps_dprint(sc, MPS_FAULT, "%s: failed to copy " 1014 "IOCTL data to user space\n", __func__); 1015 } 1016 } 1017 1018 /* 1019 * Copy the reply data and sense data to user space. 1020 */ 1021 if (cm->cm_reply != NULL) { 1022 rpl = (MPI2_DEFAULT_REPLY *)cm->cm_reply; 1023 sz = rpl->MsgLength * 4; 1024 1025 if (sz > data->ReplySize) { 1026 mps_printf(sc, "%s: user reply buffer (%d) smaller " 1027 "than returned buffer (%d)\n", __func__, 1028 data->ReplySize, sz); 1029 } 1030 mps_unlock(sc); 1031 copyout(cm->cm_reply, PTRIN(data->PtrReply), data->ReplySize); 1032 mps_lock(sc); 1033 1034 if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) || 1035 (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) { 1036 if (((MPI2_SCSI_IO_REPLY *)rpl)->SCSIState & 1037 MPI2_SCSI_STATE_AUTOSENSE_VALID) { 1038 sense_len = 1039 MIN((le32toh(((MPI2_SCSI_IO_REPLY *)rpl)-> 1040 SenseCount)), sizeof(struct 1041 scsi_sense_data)); 1042 mps_unlock(sc); 1043 copyout(cm->cm_sense, (PTRIN(data->PtrReply + 1044 sizeof(MPI2_SCSI_IO_REPLY))), sense_len); 1045 mps_lock(sc); 1046 } 1047 } 1048 } 1049 mps_unlock(sc); 1050 1051RetFreeUnlocked: 1052 mps_lock(sc); 1053 1054 if (cm != NULL) { 1055 if (cm->cm_data) 1056 free(cm->cm_data, M_MPSUSER); 1057 mps_free_command(sc, cm); 1058 } 1059Ret: 1060 sc->mps_flags &= ~MPS_FLAGS_BUSY; 1061 mps_unlock(sc); 1062 1063 return (err); 1064} 1065 1066static void 1067mps_user_get_adapter_data(struct mps_softc *sc, mps_adapter_data_t *data) 1068{ 1069 Mpi2ConfigReply_t mpi_reply; 1070 Mpi2BiosPage3_t config_page; 1071 1072 /* 1073 * Use the PCI interface functions to get the Bus, Device, and Function 1074 * information. 1075 */ 1076 data->PciInformation.u.bits.BusNumber = pci_get_bus(sc->mps_dev); 1077 data->PciInformation.u.bits.DeviceNumber = pci_get_slot(sc->mps_dev); 1078 data->PciInformation.u.bits.FunctionNumber = 1079 pci_get_function(sc->mps_dev); 1080 1081 /* 1082 * Get the FW version that should already be saved in IOC Facts. 1083 */ 1084 data->MpiFirmwareVersion = sc->facts->FWVersion.Word; 1085 1086 /* 1087 * General device info. 1088 */ 1089 data->AdapterType = MPSIOCTL_ADAPTER_TYPE_SAS2; 1090 if (sc->mps_flags & MPS_FLAGS_WD_AVAILABLE) 1091 data->AdapterType = MPSIOCTL_ADAPTER_TYPE_SAS2_SSS6200; 1092 data->PCIDeviceHwId = pci_get_device(sc->mps_dev); 1093 data->PCIDeviceHwRev = pci_read_config(sc->mps_dev, PCIR_REVID, 1); 1094 data->SubSystemId = pci_get_subdevice(sc->mps_dev); 1095 data->SubsystemVendorId = pci_get_subvendor(sc->mps_dev); 1096 1097 /* 1098 * Get the driver version. 1099 */ 1100 strcpy((char *)&data->DriverVersion[0], MPS_DRIVER_VERSION); 1101 1102 /* 1103 * Need to get BIOS Config Page 3 for the BIOS Version. 1104 */ 1105 data->BiosVersion = 0; 1106 mps_lock(sc); 1107 if (mps_config_get_bios_pg3(sc, &mpi_reply, &config_page)) 1108 printf("%s: Error while retrieving BIOS Version\n", __func__); 1109 else 1110 data->BiosVersion = config_page.BiosVersion; 1111 mps_unlock(sc); 1112} 1113 1114static void 1115mps_user_read_pci_info(struct mps_softc *sc, mps_pci_info_t *data) 1116{ 1117 int i; 1118 1119 /* 1120 * Use the PCI interface functions to get the Bus, Device, and Function 1121 * information. 1122 */ 1123 data->BusNumber = pci_get_bus(sc->mps_dev); 1124 data->DeviceNumber = pci_get_slot(sc->mps_dev); 1125 data->FunctionNumber = pci_get_function(sc->mps_dev); 1126 1127 /* 1128 * Now get the interrupt vector and the pci header. The vector can 1129 * only be 0 right now. The header is the first 256 bytes of config 1130 * space. 1131 */ 1132 data->InterruptVector = 0; 1133 for (i = 0; i < sizeof (data->PciHeader); i++) { 1134 data->PciHeader[i] = pci_read_config(sc->mps_dev, i, 1); 1135 } 1136} 1137 1138static uint8_t 1139mps_get_fw_diag_buffer_number(struct mps_softc *sc, uint32_t unique_id) 1140{ 1141 uint8_t index; 1142 1143 for (index = 0; index < MPI2_DIAG_BUF_TYPE_COUNT; index++) { 1144 if (sc->fw_diag_buffer_list[index].unique_id == unique_id) { 1145 return (index); 1146 } 1147 } 1148 1149 return (MPS_FW_DIAGNOSTIC_UID_NOT_FOUND); 1150} 1151 1152static int 1153mps_post_fw_diag_buffer(struct mps_softc *sc, 1154 mps_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code) 1155{ 1156 MPI2_DIAG_BUFFER_POST_REQUEST *req; 1157 MPI2_DIAG_BUFFER_POST_REPLY *reply = NULL; 1158 struct mps_command *cm = NULL; 1159 int i, status; 1160 1161 /* 1162 * If buffer is not enabled, just leave. 1163 */ 1164 *return_code = MPS_FW_DIAG_ERROR_POST_FAILED; 1165 if (!pBuffer->enabled) { 1166 return (MPS_DIAG_FAILURE); 1167 } 1168 1169 /* 1170 * Clear some flags initially. 1171 */ 1172 pBuffer->force_release = FALSE; 1173 pBuffer->valid_data = FALSE; 1174 pBuffer->owned_by_firmware = FALSE; 1175 1176 /* 1177 * Get a command. 1178 */ 1179 cm = mps_alloc_command(sc); 1180 if (cm == NULL) { 1181 mps_printf(sc, "%s: no mps requests\n", __func__); 1182 return (MPS_DIAG_FAILURE); 1183 } 1184 1185 /* 1186 * Build the request for releasing the FW Diag Buffer and send it. 1187 */ 1188 req = (MPI2_DIAG_BUFFER_POST_REQUEST *)cm->cm_req; 1189 req->Function = MPI2_FUNCTION_DIAG_BUFFER_POST; 1190 req->BufferType = pBuffer->buffer_type; 1191 req->ExtendedType = pBuffer->extended_type; 1192 req->BufferLength = pBuffer->size; 1193 for (i = 0; i < (sizeof(req->ProductSpecific) / 4); i++) 1194 req->ProductSpecific[i] = pBuffer->product_specific[i]; 1195 mps_from_u64(sc->fw_diag_busaddr, &req->BufferAddress); 1196 cm->cm_data = NULL; 1197 cm->cm_length = 0; 1198 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 1199 cm->cm_complete_data = NULL; 1200 1201 /* 1202 * Send command synchronously. 1203 */ 1204 status = mps_wait_command(sc, &cm, 30, CAN_SLEEP); 1205 if (status || (cm == NULL)) { 1206 mps_printf(sc, "%s: invalid request: error %d\n", __func__, 1207 status); 1208 status = MPS_DIAG_FAILURE; 1209 goto done; 1210 } 1211 1212 /* 1213 * Process POST reply. 1214 */ 1215 reply = (MPI2_DIAG_BUFFER_POST_REPLY *)cm->cm_reply; 1216 if ((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) != 1217 MPI2_IOCSTATUS_SUCCESS) { 1218 status = MPS_DIAG_FAILURE; 1219 mps_dprint(sc, MPS_FAULT, "%s: post of FW Diag Buffer failed " 1220 "with IOCStatus = 0x%x, IOCLogInfo = 0x%x and " 1221 "TransferLength = 0x%x\n", __func__, 1222 le16toh(reply->IOCStatus), le32toh(reply->IOCLogInfo), 1223 le32toh(reply->TransferLength)); 1224 goto done; 1225 } 1226 1227 /* 1228 * Post was successful. 1229 */ 1230 pBuffer->valid_data = TRUE; 1231 pBuffer->owned_by_firmware = TRUE; 1232 *return_code = MPS_FW_DIAG_ERROR_SUCCESS; 1233 status = MPS_DIAG_SUCCESS; 1234 1235done: 1236 if (cm != NULL) 1237 mps_free_command(sc, cm); 1238 return (status); 1239} 1240 1241static int 1242mps_release_fw_diag_buffer(struct mps_softc *sc, 1243 mps_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code, 1244 uint32_t diag_type) 1245{ 1246 MPI2_DIAG_RELEASE_REQUEST *req; 1247 MPI2_DIAG_RELEASE_REPLY *reply = NULL; 1248 struct mps_command *cm = NULL; 1249 int status; 1250 1251 /* 1252 * If buffer is not enabled, just leave. 1253 */ 1254 *return_code = MPS_FW_DIAG_ERROR_RELEASE_FAILED; 1255 if (!pBuffer->enabled) { 1256 mps_dprint(sc, MPS_USER, "%s: This buffer type is not " 1257 "supported by the IOC", __func__); 1258 return (MPS_DIAG_FAILURE); 1259 } 1260 1261 /* 1262 * Clear some flags initially. 1263 */ 1264 pBuffer->force_release = FALSE; 1265 pBuffer->valid_data = FALSE; 1266 pBuffer->owned_by_firmware = FALSE; 1267 1268 /* 1269 * Get a command. 1270 */ 1271 cm = mps_alloc_command(sc); 1272 if (cm == NULL) { 1273 mps_printf(sc, "%s: no mps requests\n", __func__); 1274 return (MPS_DIAG_FAILURE); 1275 } 1276 1277 /* 1278 * Build the request for releasing the FW Diag Buffer and send it. 1279 */ 1280 req = (MPI2_DIAG_RELEASE_REQUEST *)cm->cm_req; 1281 req->Function = MPI2_FUNCTION_DIAG_RELEASE; 1282 req->BufferType = pBuffer->buffer_type; 1283 cm->cm_data = NULL; 1284 cm->cm_length = 0; 1285 cm->cm_desc.Default.RequestFlags = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE; 1286 cm->cm_complete_data = NULL; 1287 1288 /* 1289 * Send command synchronously. 1290 */ 1291 status = mps_wait_command(sc, &cm, 30, CAN_SLEEP); 1292 if (status || (cm == NULL)) { 1293 mps_printf(sc, "%s: invalid request: error %d\n", __func__, 1294 status); 1295 status = MPS_DIAG_FAILURE; 1296 goto done; 1297 } 1298 1299 /* 1300 * Process RELEASE reply. 1301 */ 1302 reply = (MPI2_DIAG_RELEASE_REPLY *)cm->cm_reply; 1303 if (((le16toh(reply->IOCStatus) & MPI2_IOCSTATUS_MASK) != 1304 MPI2_IOCSTATUS_SUCCESS) || pBuffer->owned_by_firmware) { 1305 status = MPS_DIAG_FAILURE; 1306 mps_dprint(sc, MPS_FAULT, "%s: release of FW Diag Buffer " 1307 "failed with IOCStatus = 0x%x and IOCLogInfo = 0x%x\n", 1308 __func__, le16toh(reply->IOCStatus), 1309 le32toh(reply->IOCLogInfo)); 1310 goto done; 1311 } 1312 1313 /* 1314 * Release was successful. 1315 */ 1316 *return_code = MPS_FW_DIAG_ERROR_SUCCESS; 1317 status = MPS_DIAG_SUCCESS; 1318 1319 /* 1320 * If this was for an UNREGISTER diag type command, clear the unique ID. 1321 */ 1322 if (diag_type == MPS_FW_DIAG_TYPE_UNREGISTER) { 1323 pBuffer->unique_id = MPS_FW_DIAG_INVALID_UID; 1324 } 1325 1326done: 1327 if (cm != NULL) 1328 mps_free_command(sc, cm); 1329 1330 return (status); 1331} 1332 1333static int 1334mps_diag_register(struct mps_softc *sc, mps_fw_diag_register_t *diag_register, 1335 uint32_t *return_code) 1336{ 1337 mps_fw_diagnostic_buffer_t *pBuffer; 1338 uint8_t extended_type, buffer_type, i; 1339 uint32_t buffer_size; 1340 uint32_t unique_id; 1341 int status; 1342 1343 extended_type = diag_register->ExtendedType; 1344 buffer_type = diag_register->BufferType; 1345 buffer_size = diag_register->RequestedBufferSize; 1346 unique_id = diag_register->UniqueId; 1347 1348 /* 1349 * Check for valid buffer type 1350 */ 1351 if (buffer_type >= MPI2_DIAG_BUF_TYPE_COUNT) { 1352 *return_code = MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1353 return (MPS_DIAG_FAILURE); 1354 } 1355 1356 /* 1357 * Get the current buffer and look up the unique ID. The unique ID 1358 * should not be found. If it is, the ID is already in use. 1359 */ 1360 i = mps_get_fw_diag_buffer_number(sc, unique_id); 1361 pBuffer = &sc->fw_diag_buffer_list[buffer_type]; 1362 if (i != MPS_FW_DIAGNOSTIC_UID_NOT_FOUND) { 1363 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1364 return (MPS_DIAG_FAILURE); 1365 } 1366 1367 /* 1368 * The buffer's unique ID should not be registered yet, and the given 1369 * unique ID cannot be 0. 1370 */ 1371 if ((pBuffer->unique_id != MPS_FW_DIAG_INVALID_UID) || 1372 (unique_id == MPS_FW_DIAG_INVALID_UID)) { 1373 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1374 return (MPS_DIAG_FAILURE); 1375 } 1376 1377 /* 1378 * If this buffer is already posted as immediate, just change owner. 1379 */ 1380 if (pBuffer->immediate && pBuffer->owned_by_firmware && 1381 (pBuffer->unique_id == MPS_FW_DIAG_INVALID_UID)) { 1382 pBuffer->immediate = FALSE; 1383 pBuffer->unique_id = unique_id; 1384 return (MPS_DIAG_SUCCESS); 1385 } 1386 1387 /* 1388 * Post a new buffer after checking if it's enabled. The DMA buffer 1389 * that is allocated will be contiguous (nsegments = 1). 1390 */ 1391 if (!pBuffer->enabled) { 1392 *return_code = MPS_FW_DIAG_ERROR_NO_BUFFER; 1393 return (MPS_DIAG_FAILURE); 1394 } 1395 if (bus_dma_tag_create( sc->mps_parent_dmat, /* parent */ 1396 1, 0, /* algnmnt, boundary */ 1397 BUS_SPACE_MAXADDR_32BIT,/* lowaddr */ 1398 BUS_SPACE_MAXADDR, /* highaddr */ 1399 NULL, NULL, /* filter, filterarg */ 1400 buffer_size, /* maxsize */ 1401 1, /* nsegments */ 1402 buffer_size, /* maxsegsize */ 1403 0, /* flags */ 1404 NULL, NULL, /* lockfunc, lockarg */ 1405 &sc->fw_diag_dmat)) { 1406 device_printf(sc->mps_dev, "Cannot allocate FW diag buffer DMA " 1407 "tag\n"); 1408 return (ENOMEM); 1409 } 1410 if (bus_dmamem_alloc(sc->fw_diag_dmat, (void **)&sc->fw_diag_buffer, 1411 BUS_DMA_NOWAIT, &sc->fw_diag_map)) { 1412 device_printf(sc->mps_dev, "Cannot allocate FW diag buffer " 1413 "memory\n"); 1414 return (ENOMEM); 1415 } 1416 bzero(sc->fw_diag_buffer, buffer_size); 1417 bus_dmamap_load(sc->fw_diag_dmat, sc->fw_diag_map, sc->fw_diag_buffer, 1418 buffer_size, mps_memaddr_cb, &sc->fw_diag_busaddr, 0); 1419 pBuffer->size = buffer_size; 1420 1421 /* 1422 * Copy the given info to the diag buffer and post the buffer. 1423 */ 1424 pBuffer->buffer_type = buffer_type; 1425 pBuffer->immediate = FALSE; 1426 if (buffer_type == MPI2_DIAG_BUF_TYPE_TRACE) { 1427 for (i = 0; i < (sizeof (pBuffer->product_specific) / 4); 1428 i++) { 1429 pBuffer->product_specific[i] = 1430 diag_register->ProductSpecific[i]; 1431 } 1432 } 1433 pBuffer->extended_type = extended_type; 1434 pBuffer->unique_id = unique_id; 1435 status = mps_post_fw_diag_buffer(sc, pBuffer, return_code); 1436 1437 /* 1438 * In case there was a failure, free the DMA buffer. 1439 */ 1440 if (status == MPS_DIAG_FAILURE) { 1441 if (sc->fw_diag_busaddr != 0) 1442 bus_dmamap_unload(sc->fw_diag_dmat, sc->fw_diag_map); 1443 if (sc->fw_diag_buffer != NULL) 1444 bus_dmamem_free(sc->fw_diag_dmat, sc->fw_diag_buffer, 1445 sc->fw_diag_map); 1446 if (sc->fw_diag_dmat != NULL) 1447 bus_dma_tag_destroy(sc->fw_diag_dmat); 1448 } 1449 1450 return (status); 1451} 1452 1453static int 1454mps_diag_unregister(struct mps_softc *sc, 1455 mps_fw_diag_unregister_t *diag_unregister, uint32_t *return_code) 1456{ 1457 mps_fw_diagnostic_buffer_t *pBuffer; 1458 uint8_t i; 1459 uint32_t unique_id; 1460 int status; 1461 1462 unique_id = diag_unregister->UniqueId; 1463 1464 /* 1465 * Get the current buffer and look up the unique ID. The unique ID 1466 * should be there. 1467 */ 1468 i = mps_get_fw_diag_buffer_number(sc, unique_id); 1469 if (i == MPS_FW_DIAGNOSTIC_UID_NOT_FOUND) { 1470 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1471 return (MPS_DIAG_FAILURE); 1472 } 1473 1474 pBuffer = &sc->fw_diag_buffer_list[i]; 1475 1476 /* 1477 * Try to release the buffer from FW before freeing it. If release 1478 * fails, don't free the DMA buffer in case FW tries to access it 1479 * later. If buffer is not owned by firmware, can't release it. 1480 */ 1481 if (!pBuffer->owned_by_firmware) { 1482 status = MPS_DIAG_SUCCESS; 1483 } else { 1484 status = mps_release_fw_diag_buffer(sc, pBuffer, return_code, 1485 MPS_FW_DIAG_TYPE_UNREGISTER); 1486 } 1487 1488 /* 1489 * At this point, return the current status no matter what happens with 1490 * the DMA buffer. 1491 */ 1492 pBuffer->unique_id = MPS_FW_DIAG_INVALID_UID; 1493 if (status == MPS_DIAG_SUCCESS) { 1494 if (sc->fw_diag_busaddr != 0) 1495 bus_dmamap_unload(sc->fw_diag_dmat, sc->fw_diag_map); 1496 if (sc->fw_diag_buffer != NULL) 1497 bus_dmamem_free(sc->fw_diag_dmat, sc->fw_diag_buffer, 1498 sc->fw_diag_map); 1499 if (sc->fw_diag_dmat != NULL) 1500 bus_dma_tag_destroy(sc->fw_diag_dmat); 1501 } 1502 1503 return (status); 1504} 1505 1506static int 1507mps_diag_query(struct mps_softc *sc, mps_fw_diag_query_t *diag_query, 1508 uint32_t *return_code) 1509{ 1510 mps_fw_diagnostic_buffer_t *pBuffer; 1511 uint8_t i; 1512 uint32_t unique_id; 1513 1514 unique_id = diag_query->UniqueId; 1515 1516 /* 1517 * If ID is valid, query on ID. 1518 * If ID is invalid, query on buffer type. 1519 */ 1520 if (unique_id == MPS_FW_DIAG_INVALID_UID) { 1521 i = diag_query->BufferType; 1522 if (i >= MPI2_DIAG_BUF_TYPE_COUNT) { 1523 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1524 return (MPS_DIAG_FAILURE); 1525 } 1526 } else { 1527 i = mps_get_fw_diag_buffer_number(sc, unique_id); 1528 if (i == MPS_FW_DIAGNOSTIC_UID_NOT_FOUND) { 1529 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1530 return (MPS_DIAG_FAILURE); 1531 } 1532 } 1533 1534 /* 1535 * Fill query structure with the diag buffer info. 1536 */ 1537 pBuffer = &sc->fw_diag_buffer_list[i]; 1538 diag_query->BufferType = pBuffer->buffer_type; 1539 diag_query->ExtendedType = pBuffer->extended_type; 1540 if (diag_query->BufferType == MPI2_DIAG_BUF_TYPE_TRACE) { 1541 for (i = 0; i < (sizeof(diag_query->ProductSpecific) / 4); 1542 i++) { 1543 diag_query->ProductSpecific[i] = 1544 pBuffer->product_specific[i]; 1545 } 1546 } 1547 diag_query->TotalBufferSize = pBuffer->size; 1548 diag_query->DriverAddedBufferSize = 0; 1549 diag_query->UniqueId = pBuffer->unique_id; 1550 diag_query->ApplicationFlags = 0; 1551 diag_query->DiagnosticFlags = 0; 1552 1553 /* 1554 * Set/Clear application flags 1555 */ 1556 if (pBuffer->immediate) { 1557 diag_query->ApplicationFlags &= ~MPS_FW_DIAG_FLAG_APP_OWNED; 1558 } else { 1559 diag_query->ApplicationFlags |= MPS_FW_DIAG_FLAG_APP_OWNED; 1560 } 1561 if (pBuffer->valid_data || pBuffer->owned_by_firmware) { 1562 diag_query->ApplicationFlags |= MPS_FW_DIAG_FLAG_BUFFER_VALID; 1563 } else { 1564 diag_query->ApplicationFlags &= ~MPS_FW_DIAG_FLAG_BUFFER_VALID; 1565 } 1566 if (pBuffer->owned_by_firmware) { 1567 diag_query->ApplicationFlags |= 1568 MPS_FW_DIAG_FLAG_FW_BUFFER_ACCESS; 1569 } else { 1570 diag_query->ApplicationFlags &= 1571 ~MPS_FW_DIAG_FLAG_FW_BUFFER_ACCESS; 1572 } 1573 1574 return (MPS_DIAG_SUCCESS); 1575} 1576 1577static int 1578mps_diag_read_buffer(struct mps_softc *sc, 1579 mps_diag_read_buffer_t *diag_read_buffer, uint8_t *ioctl_buf, 1580 uint32_t *return_code) 1581{ 1582 mps_fw_diagnostic_buffer_t *pBuffer; 1583 uint8_t i, *pData; 1584 uint32_t unique_id; 1585 int status; 1586 1587 unique_id = diag_read_buffer->UniqueId; 1588 1589 /* 1590 * Get the current buffer and look up the unique ID. The unique ID 1591 * should be there. 1592 */ 1593 i = mps_get_fw_diag_buffer_number(sc, unique_id); 1594 if (i == MPS_FW_DIAGNOSTIC_UID_NOT_FOUND) { 1595 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1596 return (MPS_DIAG_FAILURE); 1597 } 1598 1599 pBuffer = &sc->fw_diag_buffer_list[i]; 1600 1601 /* 1602 * Make sure requested read is within limits 1603 */ 1604 if (diag_read_buffer->StartingOffset + diag_read_buffer->BytesToRead > 1605 pBuffer->size) { 1606 *return_code = MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1607 return (MPS_DIAG_FAILURE); 1608 } 1609 1610 /* 1611 * Copy the requested data from DMA to the diag_read_buffer. The DMA 1612 * buffer that was allocated is one contiguous buffer. 1613 */ 1614 pData = (uint8_t *)(sc->fw_diag_buffer + 1615 diag_read_buffer->StartingOffset); 1616 if (copyout(pData, ioctl_buf, diag_read_buffer->BytesToRead) != 0) 1617 return (MPS_DIAG_FAILURE); 1618 diag_read_buffer->Status = 0; 1619 1620 /* 1621 * Set or clear the Force Release flag. 1622 */ 1623 if (pBuffer->force_release) { 1624 diag_read_buffer->Flags |= MPS_FW_DIAG_FLAG_FORCE_RELEASE; 1625 } else { 1626 diag_read_buffer->Flags &= ~MPS_FW_DIAG_FLAG_FORCE_RELEASE; 1627 } 1628 1629 /* 1630 * If buffer is to be reregistered, make sure it's not already owned by 1631 * firmware first. 1632 */ 1633 status = MPS_DIAG_SUCCESS; 1634 if (!pBuffer->owned_by_firmware) { 1635 if (diag_read_buffer->Flags & MPS_FW_DIAG_FLAG_REREGISTER) { 1636 status = mps_post_fw_diag_buffer(sc, pBuffer, 1637 return_code); 1638 } 1639 } 1640 1641 return (status); 1642} 1643 1644static int 1645mps_diag_release(struct mps_softc *sc, mps_fw_diag_release_t *diag_release, 1646 uint32_t *return_code) 1647{ 1648 mps_fw_diagnostic_buffer_t *pBuffer; 1649 uint8_t i; 1650 uint32_t unique_id; 1651 int status; 1652 1653 unique_id = diag_release->UniqueId; 1654 1655 /* 1656 * Get the current buffer and look up the unique ID. The unique ID 1657 * should be there. 1658 */ 1659 i = mps_get_fw_diag_buffer_number(sc, unique_id); 1660 if (i == MPS_FW_DIAGNOSTIC_UID_NOT_FOUND) { 1661 *return_code = MPS_FW_DIAG_ERROR_INVALID_UID; 1662 return (MPS_DIAG_FAILURE); 1663 } 1664 1665 pBuffer = &sc->fw_diag_buffer_list[i]; 1666 1667 /* 1668 * If buffer is not owned by firmware, it's already been released. 1669 */ 1670 if (!pBuffer->owned_by_firmware) { 1671 *return_code = MPS_FW_DIAG_ERROR_ALREADY_RELEASED; 1672 return (MPS_DIAG_FAILURE); 1673 } 1674 1675 /* 1676 * Release the buffer. 1677 */ 1678 status = mps_release_fw_diag_buffer(sc, pBuffer, return_code, 1679 MPS_FW_DIAG_TYPE_RELEASE); 1680 return (status); 1681} 1682 1683static int 1684mps_do_diag_action(struct mps_softc *sc, uint32_t action, uint8_t *diag_action, 1685 uint32_t length, uint32_t *return_code) 1686{ 1687 mps_fw_diag_register_t diag_register; 1688 mps_fw_diag_unregister_t diag_unregister; 1689 mps_fw_diag_query_t diag_query; 1690 mps_diag_read_buffer_t diag_read_buffer; 1691 mps_fw_diag_release_t diag_release; 1692 int status = MPS_DIAG_SUCCESS; 1693 uint32_t original_return_code; 1694 1695 original_return_code = *return_code; 1696 *return_code = MPS_FW_DIAG_ERROR_SUCCESS; 1697 1698 switch (action) { 1699 case MPS_FW_DIAG_TYPE_REGISTER: 1700 if (!length) { 1701 *return_code = 1702 MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1703 status = MPS_DIAG_FAILURE; 1704 break; 1705 } 1706 if (copyin(diag_action, &diag_register, 1707 sizeof(diag_register)) != 0) 1708 return (MPS_DIAG_FAILURE); 1709 status = mps_diag_register(sc, &diag_register, 1710 return_code); 1711 break; 1712 1713 case MPS_FW_DIAG_TYPE_UNREGISTER: 1714 if (length < sizeof(diag_unregister)) { 1715 *return_code = 1716 MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1717 status = MPS_DIAG_FAILURE; 1718 break; 1719 } 1720 if (copyin(diag_action, &diag_unregister, 1721 sizeof(diag_unregister)) != 0) 1722 return (MPS_DIAG_FAILURE); 1723 status = mps_diag_unregister(sc, &diag_unregister, 1724 return_code); 1725 break; 1726 1727 case MPS_FW_DIAG_TYPE_QUERY: 1728 if (length < sizeof (diag_query)) { 1729 *return_code = 1730 MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1731 status = MPS_DIAG_FAILURE; 1732 break; 1733 } 1734 if (copyin(diag_action, &diag_query, sizeof(diag_query)) 1735 != 0) 1736 return (MPS_DIAG_FAILURE); 1737 status = mps_diag_query(sc, &diag_query, return_code); 1738 if (status == MPS_DIAG_SUCCESS) 1739 if (copyout(&diag_query, diag_action, 1740 sizeof (diag_query)) != 0) 1741 return (MPS_DIAG_FAILURE); 1742 break; 1743 1744 case MPS_FW_DIAG_TYPE_READ_BUFFER: 1745 if (copyin(diag_action, &diag_read_buffer, 1746 sizeof(diag_read_buffer)) != 0) 1747 return (MPS_DIAG_FAILURE); 1748 if (length < diag_read_buffer.BytesToRead) { 1749 *return_code = 1750 MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1751 status = MPS_DIAG_FAILURE; 1752 break; 1753 } 1754 status = mps_diag_read_buffer(sc, &diag_read_buffer, 1755 PTRIN(diag_read_buffer.PtrDataBuffer), 1756 return_code); 1757 if (status == MPS_DIAG_SUCCESS) { 1758 if (copyout(&diag_read_buffer, diag_action, 1759 sizeof(diag_read_buffer) - 1760 sizeof(diag_read_buffer.PtrDataBuffer)) != 1761 0) 1762 return (MPS_DIAG_FAILURE); 1763 } 1764 break; 1765 1766 case MPS_FW_DIAG_TYPE_RELEASE: 1767 if (length < sizeof(diag_release)) { 1768 *return_code = 1769 MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1770 status = MPS_DIAG_FAILURE; 1771 break; 1772 } 1773 if (copyin(diag_action, &diag_release, 1774 sizeof(diag_release)) != 0) 1775 return (MPS_DIAG_FAILURE); 1776 status = mps_diag_release(sc, &diag_release, 1777 return_code); 1778 break; 1779 1780 default: 1781 *return_code = MPS_FW_DIAG_ERROR_INVALID_PARAMETER; 1782 status = MPS_DIAG_FAILURE; 1783 break; 1784 } 1785 1786 if ((status == MPS_DIAG_FAILURE) && 1787 (original_return_code == MPS_FW_DIAG_NEW) && 1788 (*return_code != MPS_FW_DIAG_ERROR_SUCCESS)) 1789 status = MPS_DIAG_SUCCESS; 1790 1791 return (status); 1792} 1793 1794static int 1795mps_user_diag_action(struct mps_softc *sc, mps_diag_action_t *data) 1796{ 1797 int status; 1798 1799 /* 1800 * Only allow one diag action at one time. 1801 */ 1802 if (sc->mps_flags & MPS_FLAGS_BUSY) { 1803 mps_dprint(sc, MPS_USER, "%s: Only one FW diag command " 1804 "allowed at a single time.", __func__); 1805 return (EBUSY); 1806 } 1807 sc->mps_flags |= MPS_FLAGS_BUSY; 1808 1809 /* 1810 * Send diag action request 1811 */ 1812 if (data->Action == MPS_FW_DIAG_TYPE_REGISTER || 1813 data->Action == MPS_FW_DIAG_TYPE_UNREGISTER || 1814 data->Action == MPS_FW_DIAG_TYPE_QUERY || 1815 data->Action == MPS_FW_DIAG_TYPE_READ_BUFFER || 1816 data->Action == MPS_FW_DIAG_TYPE_RELEASE) { 1817 status = mps_do_diag_action(sc, data->Action, 1818 PTRIN(data->PtrDiagAction), data->Length, 1819 &data->ReturnCode); 1820 } else 1821 status = EINVAL; 1822 1823 sc->mps_flags &= ~MPS_FLAGS_BUSY; 1824 return (status); 1825} 1826 1827/* 1828 * Copy the event recording mask and the event queue size out. For 1829 * clarification, the event recording mask (events_to_record) is not the same 1830 * thing as the event mask (event_mask). events_to_record has a bit set for 1831 * every event type that is to be recorded by the driver, and event_mask has a 1832 * bit cleared for every event that is allowed into the driver from the IOC. 1833 * They really have nothing to do with each other. 1834 */ 1835static void 1836mps_user_event_query(struct mps_softc *sc, mps_event_query_t *data) 1837{ 1838 uint8_t i; 1839 1840 mps_lock(sc); 1841 data->Entries = MPS_EVENT_QUEUE_SIZE; 1842 1843 for (i = 0; i < 4; i++) { 1844 data->Types[i] = sc->events_to_record[i]; 1845 } 1846 mps_unlock(sc); 1847} 1848 1849/* 1850 * Set the driver's event mask according to what's been given. See 1851 * mps_user_event_query for explanation of the event recording mask and the IOC 1852 * event mask. It's the app's responsibility to enable event logging by setting 1853 * the bits in events_to_record. Initially, no events will be logged. 1854 */ 1855static void 1856mps_user_event_enable(struct mps_softc *sc, mps_event_enable_t *data) 1857{ 1858 uint8_t i; 1859 1860 mps_lock(sc); 1861 for (i = 0; i < 4; i++) { 1862 sc->events_to_record[i] = data->Types[i]; 1863 } 1864 mps_unlock(sc); 1865} 1866 1867/* 1868 * Copy out the events that have been recorded, up to the max events allowed. 1869 */ 1870static int 1871mps_user_event_report(struct mps_softc *sc, mps_event_report_t *data) 1872{ 1873 int status = 0; 1874 uint32_t size; 1875 1876 mps_lock(sc); 1877 size = data->Size; 1878 if ((size >= sizeof(sc->recorded_events)) && (status == 0)) { 1879 mps_unlock(sc); 1880 if (copyout((void *)sc->recorded_events, 1881 PTRIN(data->PtrEvents), size) != 0) 1882 status = EFAULT; 1883 mps_lock(sc); 1884 } else { 1885 /* 1886 * data->Size value is not large enough to copy event data. 1887 */ 1888 status = EFAULT; 1889 } 1890 1891 /* 1892 * Change size value to match the number of bytes that were copied. 1893 */ 1894 if (status == 0) 1895 data->Size = sizeof(sc->recorded_events); 1896 mps_unlock(sc); 1897 1898 return (status); 1899} 1900 1901/* 1902 * Record events into the driver from the IOC if they are not masked. 1903 */ 1904void 1905mpssas_record_event(struct mps_softc *sc, 1906 MPI2_EVENT_NOTIFICATION_REPLY *event_reply) 1907{ 1908 uint32_t event; 1909 int i, j; 1910 uint16_t event_data_len; 1911 boolean_t sendAEN = FALSE; 1912 1913 event = event_reply->Event; 1914 1915 /* 1916 * Generate a system event to let anyone who cares know that a 1917 * LOG_ENTRY_ADDED event has occurred. This is sent no matter what the 1918 * event mask is set to. 1919 */ 1920 if (event == MPI2_EVENT_LOG_ENTRY_ADDED) { 1921 sendAEN = TRUE; 1922 } 1923 1924 /* 1925 * Record the event only if its corresponding bit is set in 1926 * events_to_record. event_index is the index into recorded_events and 1927 * event_number is the overall number of an event being recorded since 1928 * start-of-day. event_index will roll over; event_number will never 1929 * roll over. 1930 */ 1931 i = (uint8_t)(event / 32); 1932 j = (uint8_t)(event % 32); 1933 if ((i < 4) && ((1 << j) & sc->events_to_record[i])) { 1934 i = sc->event_index; 1935 sc->recorded_events[i].Type = event; 1936 sc->recorded_events[i].Number = ++sc->event_number; 1937 bzero(sc->recorded_events[i].Data, MPS_MAX_EVENT_DATA_LENGTH * 1938 4); 1939 event_data_len = event_reply->EventDataLength; 1940 1941 if (event_data_len > 0) { 1942 /* 1943 * Limit data to size in m_event entry 1944 */ 1945 if (event_data_len > MPS_MAX_EVENT_DATA_LENGTH) { 1946 event_data_len = MPS_MAX_EVENT_DATA_LENGTH; 1947 } 1948 for (j = 0; j < event_data_len; j++) { 1949 sc->recorded_events[i].Data[j] = 1950 event_reply->EventData[j]; 1951 } 1952 1953 /* 1954 * check for index wrap-around 1955 */ 1956 if (++i == MPS_EVENT_QUEUE_SIZE) { 1957 i = 0; 1958 } 1959 sc->event_index = (uint8_t)i; 1960 1961 /* 1962 * Set flag to send the event. 1963 */ 1964 sendAEN = TRUE; 1965 } 1966 } 1967 1968 /* 1969 * Generate a system event if flag is set to let anyone who cares know 1970 * that an event has occurred. 1971 */ 1972 if (sendAEN) { 1973//SLM-how to send a system event (see kqueue, kevent) 1974// (void) ddi_log_sysevent(mpt->m_dip, DDI_VENDOR_LSI, "MPT_SAS", 1975// "SAS", NULL, NULL, DDI_NOSLEEP); 1976 } 1977} 1978 1979static int 1980mps_user_reg_access(struct mps_softc *sc, mps_reg_access_t *data) 1981{ 1982 int status = 0; 1983 1984 switch (data->Command) { 1985 /* 1986 * IO access is not supported. 1987 */ 1988 case REG_IO_READ: 1989 case REG_IO_WRITE: 1990 mps_dprint(sc, MPS_USER, "IO access is not supported. " 1991 "Use memory access."); 1992 status = EINVAL; 1993 break; 1994 1995 case REG_MEM_READ: 1996 data->RegData = mps_regread(sc, data->RegOffset); 1997 break; 1998 1999 case REG_MEM_WRITE: 2000 mps_regwrite(sc, data->RegOffset, data->RegData); 2001 break; 2002 2003 default: 2004 status = EINVAL; 2005 break; 2006 } 2007 2008 return (status); 2009} 2010 2011static int 2012mps_user_btdh(struct mps_softc *sc, mps_btdh_mapping_t *data) 2013{ 2014 uint8_t bt2dh = FALSE; 2015 uint8_t dh2bt = FALSE; 2016 uint16_t dev_handle, bus, target; 2017 2018 bus = data->Bus; 2019 target = data->TargetID; 2020 dev_handle = data->DevHandle; 2021 2022 /* 2023 * When DevHandle is 0xFFFF and Bus/Target are not 0xFFFF, use Bus/ 2024 * Target to get DevHandle. When Bus/Target are 0xFFFF and DevHandle is 2025 * not 0xFFFF, use DevHandle to get Bus/Target. Anything else is 2026 * invalid. 2027 */ 2028 if ((bus == 0xFFFF) && (target == 0xFFFF) && (dev_handle != 0xFFFF)) 2029 dh2bt = TRUE; 2030 if ((dev_handle == 0xFFFF) && (bus != 0xFFFF) && (target != 0xFFFF)) 2031 bt2dh = TRUE; 2032 if (!dh2bt && !bt2dh) 2033 return (EINVAL); 2034 2035 /* 2036 * Only handle bus of 0. Make sure target is within range. 2037 */ 2038 if (bt2dh) { 2039 if (bus != 0) 2040 return (EINVAL); 2041 2042 if (target > sc->max_devices) { 2043 mps_dprint(sc, MPS_FAULT, "Target ID is out of range " 2044 "for Bus/Target to DevHandle mapping."); 2045 return (EINVAL); 2046 } 2047 dev_handle = sc->mapping_table[target].dev_handle; 2048 if (dev_handle) 2049 data->DevHandle = dev_handle; 2050 } else { 2051 bus = 0; 2052 target = mps_mapping_get_tid_from_handle(sc, dev_handle); 2053 data->Bus = bus; 2054 data->TargetID = target; 2055 } 2056 2057 return (0); 2058} 2059 2060static int 2061mps_ioctl(struct cdev *dev, u_long cmd, void *arg, int flag, 2062 struct thread *td) 2063{ 2064 struct mps_softc *sc; 2065 struct mps_cfg_page_req *page_req; 2066 struct mps_ext_cfg_page_req *ext_page_req; 2067 void *mps_page; 2068 int error, msleep_ret; 2069 2070 mps_page = NULL; 2071 sc = dev->si_drv1; 2072 page_req = (void *)arg; 2073 ext_page_req = (void *)arg; 2074 2075 switch (cmd) { 2076 case MPSIO_READ_CFG_HEADER: 2077 mps_lock(sc); 2078 error = mps_user_read_cfg_header(sc, page_req); 2079 mps_unlock(sc); 2080 break; 2081 case MPSIO_READ_CFG_PAGE: 2082 mps_page = malloc(page_req->len, M_MPSUSER, M_WAITOK | M_ZERO); 2083 error = copyin(page_req->buf, mps_page, 2084 sizeof(MPI2_CONFIG_PAGE_HEADER)); 2085 if (error) 2086 break; 2087 mps_lock(sc); 2088 error = mps_user_read_cfg_page(sc, page_req, mps_page); 2089 mps_unlock(sc); 2090 if (error) 2091 break; 2092 error = copyout(mps_page, page_req->buf, page_req->len); 2093 break; 2094 case MPSIO_READ_EXT_CFG_HEADER: 2095 mps_lock(sc); 2096 error = mps_user_read_extcfg_header(sc, ext_page_req); 2097 mps_unlock(sc); 2098 break; 2099 case MPSIO_READ_EXT_CFG_PAGE: 2100 mps_page = malloc(ext_page_req->len, M_MPSUSER, M_WAITOK|M_ZERO); 2101 error = copyin(ext_page_req->buf, mps_page, 2102 sizeof(MPI2_CONFIG_EXTENDED_PAGE_HEADER)); 2103 if (error) 2104 break; 2105 mps_lock(sc); 2106 error = mps_user_read_extcfg_page(sc, ext_page_req, mps_page); 2107 mps_unlock(sc); 2108 if (error) 2109 break; 2110 error = copyout(mps_page, ext_page_req->buf, ext_page_req->len); 2111 break; 2112 case MPSIO_WRITE_CFG_PAGE: 2113 mps_page = malloc(page_req->len, M_MPSUSER, M_WAITOK|M_ZERO); 2114 error = copyin(page_req->buf, mps_page, page_req->len); 2115 if (error) 2116 break; 2117 mps_lock(sc); 2118 error = mps_user_write_cfg_page(sc, page_req, mps_page); 2119 mps_unlock(sc); 2120 break; 2121 case MPSIO_MPS_COMMAND: 2122 error = mps_user_command(sc, (struct mps_usr_command *)arg); 2123 break; 2124 case MPTIOCTL_PASS_THRU: 2125 /* 2126 * The user has requested to pass through a command to be 2127 * executed by the MPT firmware. Call our routine which does 2128 * this. Only allow one passthru IOCTL at one time. 2129 */ 2130 error = mps_user_pass_thru(sc, (mps_pass_thru_t *)arg); 2131 break; 2132 case MPTIOCTL_GET_ADAPTER_DATA: 2133 /* 2134 * The user has requested to read adapter data. Call our 2135 * routine which does this. 2136 */ 2137 error = 0; 2138 mps_user_get_adapter_data(sc, (mps_adapter_data_t *)arg); 2139 break; 2140 case MPTIOCTL_GET_PCI_INFO: 2141 /* 2142 * The user has requested to read pci info. Call 2143 * our routine which does this. 2144 */ 2145 mps_lock(sc); 2146 error = 0; 2147 mps_user_read_pci_info(sc, (mps_pci_info_t *)arg); 2148 mps_unlock(sc); 2149 break; 2150 case MPTIOCTL_RESET_ADAPTER: 2151 mps_lock(sc); 2152 sc->port_enable_complete = 0; 2153 uint32_t reinit_start = time_uptime; 2154 error = mps_reinit(sc); 2155 /* Sleep for 300 second. */ 2156 msleep_ret = msleep(&sc->port_enable_complete, &sc->mps_mtx, PRIBIO, 2157 "mps_porten", 300 * hz); 2158 mps_unlock(sc); 2159 if (msleep_ret) 2160 printf("Port Enable did not complete after Diag " 2161 "Reset msleep error %d.\n", msleep_ret); 2162 else 2163 mps_dprint(sc, MPS_USER, 2164 "Hard Reset with Port Enable completed in %d seconds.\n", 2165 (uint32_t) (time_uptime - reinit_start)); 2166 break; 2167 case MPTIOCTL_DIAG_ACTION: 2168 /* 2169 * The user has done a diag buffer action. Call our routine 2170 * which does this. Only allow one diag action at one time. 2171 */ 2172 mps_lock(sc); 2173 error = mps_user_diag_action(sc, (mps_diag_action_t *)arg); 2174 mps_unlock(sc); 2175 break; 2176 case MPTIOCTL_EVENT_QUERY: 2177 /* 2178 * The user has done an event query. Call our routine which does 2179 * this. 2180 */ 2181 error = 0; 2182 mps_user_event_query(sc, (mps_event_query_t *)arg); 2183 break; 2184 case MPTIOCTL_EVENT_ENABLE: 2185 /* 2186 * The user has done an event enable. Call our routine which 2187 * does this. 2188 */ 2189 error = 0; 2190 mps_user_event_enable(sc, (mps_event_enable_t *)arg); 2191 break; 2192 case MPTIOCTL_EVENT_REPORT: 2193 /* 2194 * The user has done an event report. Call our routine which 2195 * does this. 2196 */ 2197 error = mps_user_event_report(sc, (mps_event_report_t *)arg); 2198 break; 2199 case MPTIOCTL_REG_ACCESS: 2200 /* 2201 * The user has requested register access. Call our routine 2202 * which does this. 2203 */ 2204 mps_lock(sc); 2205 error = mps_user_reg_access(sc, (mps_reg_access_t *)arg); 2206 mps_unlock(sc); 2207 break; 2208 case MPTIOCTL_BTDH_MAPPING: 2209 /* 2210 * The user has requested to translate a bus/target to a 2211 * DevHandle or a DevHandle to a bus/target. Call our routine 2212 * which does this. 2213 */ 2214 error = mps_user_btdh(sc, (mps_btdh_mapping_t *)arg); 2215 break; 2216 default: 2217 error = ENOIOCTL; 2218 break; 2219 } 2220 2221 if (mps_page != NULL) 2222 free(mps_page, M_MPSUSER); 2223 2224 return (error); 2225} 2226 2227#ifdef COMPAT_FREEBSD32 2228 2229struct mps_cfg_page_req32 { 2230 MPI2_CONFIG_PAGE_HEADER header; 2231 uint32_t page_address; 2232 uint32_t buf; 2233 int len; 2234 uint16_t ioc_status; 2235}; 2236 2237struct mps_ext_cfg_page_req32 { 2238 MPI2_CONFIG_EXTENDED_PAGE_HEADER header; 2239 uint32_t page_address; 2240 uint32_t buf; 2241 int len; 2242 uint16_t ioc_status; 2243}; 2244 2245struct mps_raid_action32 { 2246 uint8_t action; 2247 uint8_t volume_bus; 2248 uint8_t volume_id; 2249 uint8_t phys_disk_num; 2250 uint32_t action_data_word; 2251 uint32_t buf; 2252 int len; 2253 uint32_t volume_status; 2254 uint32_t action_data[4]; 2255 uint16_t action_status; 2256 uint16_t ioc_status; 2257 uint8_t write; 2258}; 2259 2260struct mps_usr_command32 { 2261 uint32_t req; 2262 uint32_t req_len; 2263 uint32_t rpl; 2264 uint32_t rpl_len; 2265 uint32_t buf; 2266 int len; 2267 uint32_t flags; 2268}; 2269 2270#define MPSIO_READ_CFG_HEADER32 _IOWR('M', 200, struct mps_cfg_page_req32) 2271#define MPSIO_READ_CFG_PAGE32 _IOWR('M', 201, struct mps_cfg_page_req32) 2272#define MPSIO_READ_EXT_CFG_HEADER32 _IOWR('M', 202, struct mps_ext_cfg_page_req32) 2273#define MPSIO_READ_EXT_CFG_PAGE32 _IOWR('M', 203, struct mps_ext_cfg_page_req32) 2274#define MPSIO_WRITE_CFG_PAGE32 _IOWR('M', 204, struct mps_cfg_page_req32) 2275#define MPSIO_RAID_ACTION32 _IOWR('M', 205, struct mps_raid_action32) 2276#define MPSIO_MPS_COMMAND32 _IOWR('M', 210, struct mps_usr_command32) 2277 2278static int 2279mps_ioctl32(struct cdev *dev, u_long cmd32, void *_arg, int flag, 2280 struct thread *td) 2281{ 2282 struct mps_cfg_page_req32 *page32 = _arg; 2283 struct mps_ext_cfg_page_req32 *ext32 = _arg; 2284 struct mps_raid_action32 *raid32 = _arg; 2285 struct mps_usr_command32 *user32 = _arg; 2286 union { 2287 struct mps_cfg_page_req page; 2288 struct mps_ext_cfg_page_req ext; 2289 struct mps_raid_action raid; 2290 struct mps_usr_command user; 2291 } arg; 2292 u_long cmd; 2293 int error; 2294 2295 switch (cmd32) { 2296 case MPSIO_READ_CFG_HEADER32: 2297 case MPSIO_READ_CFG_PAGE32: 2298 case MPSIO_WRITE_CFG_PAGE32: 2299 if (cmd32 == MPSIO_READ_CFG_HEADER32) 2300 cmd = MPSIO_READ_CFG_HEADER; 2301 else if (cmd32 == MPSIO_READ_CFG_PAGE32) 2302 cmd = MPSIO_READ_CFG_PAGE; 2303 else 2304 cmd = MPSIO_WRITE_CFG_PAGE; 2305 CP(*page32, arg.page, header); 2306 CP(*page32, arg.page, page_address); 2307 PTRIN_CP(*page32, arg.page, buf); 2308 CP(*page32, arg.page, len); 2309 CP(*page32, arg.page, ioc_status); 2310 break; 2311 2312 case MPSIO_READ_EXT_CFG_HEADER32: 2313 case MPSIO_READ_EXT_CFG_PAGE32: 2314 if (cmd32 == MPSIO_READ_EXT_CFG_HEADER32) 2315 cmd = MPSIO_READ_EXT_CFG_HEADER; 2316 else 2317 cmd = MPSIO_READ_EXT_CFG_PAGE; 2318 CP(*ext32, arg.ext, header); 2319 CP(*ext32, arg.ext, page_address); 2320 PTRIN_CP(*ext32, arg.ext, buf); 2321 CP(*ext32, arg.ext, len); 2322 CP(*ext32, arg.ext, ioc_status); 2323 break; 2324 2325 case MPSIO_RAID_ACTION32: 2326 cmd = MPSIO_RAID_ACTION; 2327 CP(*raid32, arg.raid, action); 2328 CP(*raid32, arg.raid, volume_bus); 2329 CP(*raid32, arg.raid, volume_id); 2330 CP(*raid32, arg.raid, phys_disk_num); 2331 CP(*raid32, arg.raid, action_data_word); 2332 PTRIN_CP(*raid32, arg.raid, buf); 2333 CP(*raid32, arg.raid, len); 2334 CP(*raid32, arg.raid, volume_status); 2335 bcopy(raid32->action_data, arg.raid.action_data, 2336 sizeof arg.raid.action_data); 2337 CP(*raid32, arg.raid, ioc_status); 2338 CP(*raid32, arg.raid, write); 2339 break; 2340 2341 case MPSIO_MPS_COMMAND32: 2342 cmd = MPSIO_MPS_COMMAND; 2343 PTRIN_CP(*user32, arg.user, req); 2344 CP(*user32, arg.user, req_len); 2345 PTRIN_CP(*user32, arg.user, rpl); 2346 CP(*user32, arg.user, rpl_len); 2347 PTRIN_CP(*user32, arg.user, buf); 2348 CP(*user32, arg.user, len); 2349 CP(*user32, arg.user, flags); 2350 break; 2351 default: 2352 return (ENOIOCTL); 2353 } 2354 2355 error = mps_ioctl(dev, cmd, &arg, flag, td); 2356 if (error == 0 && (cmd32 & IOC_OUT) != 0) { 2357 switch (cmd32) { 2358 case MPSIO_READ_CFG_HEADER32: 2359 case MPSIO_READ_CFG_PAGE32: 2360 case MPSIO_WRITE_CFG_PAGE32: 2361 CP(arg.page, *page32, header); 2362 CP(arg.page, *page32, page_address); 2363 PTROUT_CP(arg.page, *page32, buf); 2364 CP(arg.page, *page32, len); 2365 CP(arg.page, *page32, ioc_status); 2366 break; 2367 2368 case MPSIO_READ_EXT_CFG_HEADER32: 2369 case MPSIO_READ_EXT_CFG_PAGE32: 2370 CP(arg.ext, *ext32, header); 2371 CP(arg.ext, *ext32, page_address); 2372 PTROUT_CP(arg.ext, *ext32, buf); 2373 CP(arg.ext, *ext32, len); 2374 CP(arg.ext, *ext32, ioc_status); 2375 break; 2376 2377 case MPSIO_RAID_ACTION32: 2378 CP(arg.raid, *raid32, action); 2379 CP(arg.raid, *raid32, volume_bus); 2380 CP(arg.raid, *raid32, volume_id); 2381 CP(arg.raid, *raid32, phys_disk_num); 2382 CP(arg.raid, *raid32, action_data_word); 2383 PTROUT_CP(arg.raid, *raid32, buf); 2384 CP(arg.raid, *raid32, len); 2385 CP(arg.raid, *raid32, volume_status); 2386 bcopy(arg.raid.action_data, raid32->action_data, 2387 sizeof arg.raid.action_data); 2388 CP(arg.raid, *raid32, ioc_status); 2389 CP(arg.raid, *raid32, write); 2390 break; 2391 2392 case MPSIO_MPS_COMMAND32: 2393 PTROUT_CP(arg.user, *user32, req); 2394 CP(arg.user, *user32, req_len); 2395 PTROUT_CP(arg.user, *user32, rpl); 2396 CP(arg.user, *user32, rpl_len); 2397 PTROUT_CP(arg.user, *user32, buf); 2398 CP(arg.user, *user32, len); 2399 CP(arg.user, *user32, flags); 2400 break; 2401 } 2402 } 2403 2404 return (error); 2405} 2406#endif /* COMPAT_FREEBSD32 */ 2407 2408static int 2409mps_ioctl_devsw(struct cdev *dev, u_long com, caddr_t arg, int flag, 2410 struct thread *td) 2411{ 2412#ifdef COMPAT_FREEBSD32 2413 if (SV_CURPROC_FLAG(SV_ILP32)) 2414 return (mps_ioctl32(dev, com, arg, flag, td)); 2415#endif 2416 return (mps_ioctl(dev, com, arg, flag, td)); 2417} 2418