1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2023 Racktop Systems, Inc. 14 */ 15 16 /* 17 * This file implements the interfaces for communicating with the MegaRAID HBA. 18 * There are three basic interfaces: 19 * - the device registers, which provide basic information about the controller 20 * hardware and the features it supports, as well as control registers used 21 * during sending and reception of I/O frames 22 * - Fusion-MPT v2.5, perhaps later, which defines the format of the I/O frames 23 * used for communicating with the HBA and virtual and physical devices that 24 * are attached to it 25 * - MFI, the MegaRAID Firmware Interface, which are sent and received as MPT 26 * payloads to control and communicate with the RAID controller. 27 */ 28 29 #include <sys/types.h> 30 #include <sys/ddi.h> 31 #include <sys/sunddi.h> 32 #include <sys/scsi/scsi.h> 33 34 #include <sys/cpuvar.h> 35 36 #include "lmrc.h" 37 #include "lmrc_reg.h" 38 #include "lmrc_raid.h" 39 #include "lmrc_phys.h" 40 41 static uint32_t lmrc_read_reg(lmrc_t *, uint32_t); 42 static void lmrc_write_reg(lmrc_t *, uint32_t, uint32_t); 43 static int lmrc_transition_to_ready(lmrc_t *); 44 static void lmrc_process_mptmfi_passthru(lmrc_t *, lmrc_mpt_cmd_t *); 45 static void lmrc_build_mptmfi_passthru(lmrc_t *, lmrc_mfi_cmd_t *); 46 static int lmrc_poll_mfi(lmrc_t *, lmrc_mfi_cmd_t *, uint8_t); 47 static boolean_t lmrc_check_fw_fault(lmrc_t *); 48 static int lmrc_get_event_log_info(lmrc_t *, lmrc_evt_log_info_t *); 49 static void lmrc_aen_handler(void *); 50 static void lmrc_complete_aen(lmrc_t *, lmrc_mfi_cmd_t *); 51 static int lmrc_register_aen(lmrc_t *, uint32_t); 52 53 /* 54 * Device register access functions. 55 * 56 * Due to the way ddi_get* and ddi_put* work, we'll need to calculate the 57 * absolute virtual address of the registers ourselves. 58 * 59 * For read accesses, employ a erratum workaround for Aero controllers. In some 60 * cases, reads of certain registers will intermittently return all zeros. As a 61 * workaround, retry the read up to three times until a non-zero value is read. 62 * Supposedly this is enough, every other driver I looked at does this. 63 */ 64 static uint32_t 65 lmrc_read_reg_1(lmrc_t *lmrc, uint32_t reg) 66 { 67 uint32_t *addr = (uint32_t *)((uintptr_t)lmrc->l_regmap + reg); 68 return (ddi_get32(lmrc->l_reghandle, addr)); 69 } 70 71 static uint32_t 72 lmrc_read_reg(lmrc_t *lmrc, uint32_t reg) 73 { 74 if (lmrc->l_class != LMRC_ACLASS_AERO) 75 return (lmrc_read_reg_1(lmrc, reg)); 76 77 /* Workaround for the hardware erratum in Aero controllers */ 78 for (uint_t i = 0; i < 3; i++) { 79 uint32_t val = lmrc_read_reg_1(lmrc, reg); 80 81 if (val != 0) 82 return (val); 83 } 84 85 return (0); 86 } 87 88 static void 89 lmrc_write_reg(lmrc_t *lmrc, uint32_t reg, uint32_t val) 90 { 91 uint32_t *addr = (uint32_t *)((uintptr_t)lmrc->l_regmap + reg); 92 ddi_put32(lmrc->l_reghandle, addr, val); 93 } 94 95 static void 96 lmrc_write_reg64(lmrc_t *lmrc, uint32_t reg, uint64_t val) 97 { 98 uint64_t *addr = (uint64_t *)((uintptr_t)lmrc->l_regmap + reg); 99 ddi_put64(lmrc->l_reghandle, addr, val); 100 } 101 102 /* 103 * Interrupt control 104 * 105 * There are two interrupt registers for host driver use, HostInterruptStatus 106 * and HostInterruptMask. Most of the bits in each register are reserved and 107 * must masked and/or preserved when used. 108 */ 109 void 110 lmrc_disable_intr(lmrc_t *lmrc) 111 { 112 uint32_t mask = lmrc_read_reg(lmrc, MPI2_HOST_INTERRUPT_MASK_OFFSET); 113 114 /* Disable all known interrupt: reset, reply, and doorbell. */ 115 mask |= MPI2_HIM_RESET_IRQ_MASK; 116 mask |= MPI2_HIM_REPLY_INT_MASK; 117 mask |= MPI2_HIM_IOC2SYS_DB_MASK; 118 119 lmrc_write_reg(lmrc, MPI2_HOST_INTERRUPT_MASK_OFFSET, mask); 120 121 /* Dummy read to force pci flush. Probably bogus but harmless. */ 122 (void) lmrc_read_reg(lmrc, MPI2_HOST_INTERRUPT_MASK_OFFSET); 123 } 124 125 void 126 lmrc_enable_intr(lmrc_t *lmrc) 127 { 128 uint32_t mask = lmrc_read_reg(lmrc, MPI2_HOST_INTERRUPT_MASK_OFFSET); 129 130 /* Enable the reply interrupts and the doorbell interrupts. */ 131 mask &= ~MPI2_HIM_REPLY_INT_MASK; 132 mask &= ~MPI2_HIM_IOC2SYS_DB_MASK; 133 134 /* Clear outstanding interrupts before enabling any. */ 135 lmrc_write_reg(lmrc, MPI2_HOST_INTERRUPT_STATUS_OFFSET, 0); 136 /* Dummy read to force pci flush. Probably bogus but harmless. */ 137 (void) lmrc_read_reg(lmrc, MPI2_HOST_INTERRUPT_STATUS_OFFSET); 138 139 lmrc_write_reg(lmrc, MPI2_HOST_INTERRUPT_MASK_OFFSET, mask); 140 /* Dummy read to force pci flush. Probably bogus but harmless. */ 141 (void) lmrc_read_reg(lmrc, MPI2_HOST_INTERRUPT_MASK_OFFSET); 142 } 143 144 uint_t 145 lmrc_intr_ack(lmrc_t *lmrc) 146 { 147 uint32_t mask = 148 MPI2_HIS_REPLY_DESCRIPTOR_INTERRUPT | MPI2_HIS_IOC2SYS_DB_STATUS; 149 uint32_t status; 150 151 status = lmrc_read_reg(lmrc, MPI2_HOST_INTERRUPT_STATUS_OFFSET); 152 153 if ((status & mask) == 0) 154 return (DDI_INTR_UNCLAIMED); 155 156 if (lmrc_check_acc_handle(lmrc->l_reghandle) != DDI_SUCCESS) { 157 ddi_fm_service_impact(lmrc->l_dip, DDI_SERVICE_LOST); 158 return (DDI_INTR_UNCLAIMED); 159 } 160 161 return (DDI_INTR_CLAIMED); 162 } 163 164 /* 165 * Fusion-MPT requests 166 * 167 * The controller expects to have access to a large chunk of DMA memory, into 168 * which the driver writes fixed-size I/O requests for the controller to 169 * process. To notify the hardware about a new request, a request descriptor is 170 * written to the queue port registers which includes the SMID of the request. 171 * This memory isn't really a queue, though, as it seems there are no 172 * constraints about ordering of the requests. All that matters is that there 173 * is a valid request at the address that corresponds with the SMID in the 174 * descriptor. 175 * 176 * If the hardware supports MPI 2.6 atomic request descriptors, which are a 177 * 32bit subset of the 64bit MPI 2.0/2.5 request descriptors, the descriptor is 178 * sent to the controller in a single 32bit write into a device register. 179 * 180 * For all other descriptor types, we'll employ a 64bit write to the queue 181 * registers, assuming that provides the required atomicity. 182 */ 183 void 184 lmrc_send_atomic_request(lmrc_t *lmrc, lmrc_atomic_req_desc_t req_desc) 185 { 186 if (lmrc->l_atomic_desc_support) { 187 lmrc_write_reg(lmrc, 188 MPI26_ATOMIC_REQUEST_DESCRIPTOR_POST_OFFSET, 189 req_desc.rd_reg); 190 } else { 191 lmrc_req_desc_t rd; 192 193 bzero(&rd, sizeof (rd)); 194 rd.rd_atomic = req_desc; 195 196 lmrc_send_request(lmrc, rd); 197 } 198 } 199 200 void 201 lmrc_send_request(lmrc_t *lmrc, lmrc_req_desc_t req_desc) 202 { 203 lmrc_write_reg64(lmrc, MPI2_REQUEST_DESCRIPTOR_POST_LOW_OFFSET, 204 req_desc.rd_reg); 205 } 206 207 lmrc_atomic_req_desc_t 208 lmrc_build_atomic_request(lmrc_t *lmrc, lmrc_mpt_cmd_t *mpt, uint8_t flags) 209 { 210 lmrc_atomic_req_desc_t req_desc; 211 212 VERIFY3U(mpt->mpt_smid, !=, 0); 213 214 /* 215 * Select the reply queue based on the CPU id to distribute reply load 216 * among queues. 217 */ 218 mpt->mpt_queue = CPU->cpu_id % lmrc->l_max_reply_queues; 219 220 bzero(&req_desc, sizeof (req_desc)); 221 222 req_desc.rd_atomic.RequestFlags = flags; 223 req_desc.rd_atomic.MSIxIndex = mpt->mpt_queue; 224 req_desc.rd_atomic.SMID = mpt->mpt_smid; 225 226 return (req_desc); 227 } 228 229 /* 230 * Reply Processing 231 * 232 * The controller will post replies to completed requests in the DMA memory 233 * provided for that purpose. This memory is divided in equally-sized chunks, 234 * each being a separate reply queue that is also associated with an interrupt 235 * vector. The replies are fixed size structures and will be written by the 236 * hardware in order of completion into the queue. For each queue, there is a 237 * register to tell the hardware which replies have been consumed by the driver. 238 * 239 * In response to an interrupt, the driver will walk the reply queue associated 240 * with the interrupt vector at the last known position and processess all 241 * completed replies. After a number of replies has been processed, or if no 242 * more replies are ready to be processed, the controller will be notified about 243 * the last reply index to be processed by writing the appropriate register. 244 */ 245 246 /* 247 * lmrc_get_next_reply_desc 248 * 249 * Get the next unprocessed reply descriptor for a queue, or NULL if there is 250 * none. 251 */ 252 static Mpi2ReplyDescriptorsUnion_t * 253 lmrc_get_next_reply_desc(lmrc_t *lmrc, int queue) 254 { 255 Mpi2ReplyDescriptorsUnion_t *desc; 256 257 desc = lmrc->l_reply_dma.ld_buf; 258 259 desc += (queue * lmrc->l_reply_alloc_sz) / sizeof (*desc); 260 desc += lmrc->l_last_reply_idx[queue]; 261 262 VERIFY3S(ddi_dma_sync(lmrc->l_reply_dma.ld_hdl, 263 (void *)desc - lmrc->l_reply_dma.ld_buf, sizeof (*desc), 264 DDI_DMA_SYNC_FORKERNEL), ==, DDI_SUCCESS); 265 266 /* 267 * Check if this is an unused reply descriptor, indicating that 268 * we've reached the end of replies in this queue. 269 * 270 * Even if the descriptor is only "half unused" we can't use it. 271 */ 272 if (desc->Words.Low == MPI2_RPY_DESCRIPT_UNUSED_WORD0_MARK || 273 desc->Words.High == MPI2_RPY_DESCRIPT_UNUSED_WORD1_MARK) 274 return (NULL); 275 276 /* advance last reply index, wrap around if necessary */ 277 lmrc->l_last_reply_idx[queue]++; 278 if (lmrc->l_last_reply_idx[queue] >= lmrc->l_reply_q_depth) 279 lmrc->l_last_reply_idx[queue] = 0; 280 281 return (desc); 282 } 283 284 /* 285 * lmrc_write_rphi 286 * 287 * Write the Reply Post Host Index register for queue. 288 */ 289 static void 290 lmrc_write_rphi(lmrc_t *lmrc, uint32_t queue) 291 { 292 int reg = 0; 293 uint32_t val = (queue << 24) | lmrc->l_last_reply_idx[queue]; 294 295 if (lmrc->l_intr_type != DDI_INTR_TYPE_MSIX) 296 VERIFY3U(queue, ==, 0); 297 298 if (lmrc->l_msix_combined) { 299 reg = queue / 8; 300 val &= 0x07ffffff; 301 } 302 303 lmrc_write_reg(lmrc, lmrc->l_rphi[reg], val); 304 } 305 306 /* 307 * lmrc_process_mpt_pkt 308 * 309 * Process a reply to a MPT IO request. Update the scsi_pkt according to status, 310 * ex_status, and data_len, setting up the ARQ pkt if necessary. 311 */ 312 static void 313 lmrc_process_mpt_pkt(lmrc_t *lmrc, struct scsi_pkt *pkt, uint8_t status, 314 uint8_t ex_status, uint32_t data_len) 315 { 316 pkt->pkt_statistics = 0; 317 pkt->pkt_state = STATE_GOT_BUS | STATE_GOT_TARGET | STATE_SENT_CMD | 318 STATE_XFERRED_DATA | STATE_GOT_STATUS; 319 320 pkt->pkt_resid = pkt->pkt_dma_len - data_len; 321 322 switch (status) { 323 case MFI_STAT_OK: 324 case MFI_STAT_LD_CC_IN_PROGRESS: 325 case MFI_STAT_LD_RECON_IN_PROGRESS: 326 pkt->pkt_reason = CMD_CMPLT; 327 pkt->pkt_scbp[0] = STATUS_GOOD; 328 break; 329 330 case MFI_STAT_SCSI_DONE_WITH_ERROR: 331 case MFI_STAT_LD_LBA_OUT_OF_RANGE: { 332 struct scsi_arq_status *arq = 333 (struct scsi_arq_status *)pkt->pkt_scbp; 334 335 pkt->pkt_reason = CMD_CMPLT; 336 arq->sts_status.sts_chk = 1; 337 338 pkt->pkt_state |= STATE_ARQ_DONE; 339 arq->sts_rqpkt_reason = CMD_CMPLT; 340 arq->sts_rqpkt_resid = 0; 341 arq->sts_rqpkt_state |= STATE_GOT_BUS | STATE_GOT_TARGET | 342 STATE_SENT_CMD | STATE_XFERRED_DATA; 343 *(uint8_t *)&arq->sts_rqpkt_status = STATUS_GOOD; 344 break; 345 } 346 case MFI_STAT_LD_OFFLINE: 347 case MFI_STAT_DEVICE_NOT_FOUND: 348 pkt->pkt_reason = CMD_DEV_GONE; 349 pkt->pkt_statistics = STAT_DISCON; 350 break; 351 352 default: 353 dev_err(lmrc->l_dip, CE_PANIC, "!command failed, status = %x, " 354 "ex_status = %x, cdb[0] = %x", status, ex_status, 355 pkt->pkt_cdbp[0]); 356 pkt->pkt_reason = CMD_TRAN_ERR; 357 break; 358 } 359 } 360 361 /* 362 * lmrc_poll_for_reply 363 * 364 * During a panic we'll have to resort to polled I/O to write core dumps. 365 * Repeatedly check the reply queue for a new reply associated with the 366 * given request descriptor and complete it, or return an error if we get 367 * no reply within a reasonable time. 368 */ 369 int 370 lmrc_poll_for_reply(lmrc_t *lmrc, lmrc_mpt_cmd_t *mpt) 371 { 372 clock_t max_wait = LMRC_IO_TIMEOUT * MILLISEC * 10; 373 Mpi25SCSIIORequest_t *io_req = mpt->mpt_io_frame; 374 Mpi2ReplyDescriptorsUnion_t *desc; 375 uint16_t desc_smid; 376 377 VERIFY(ddi_in_panic()); 378 379 /* 380 * Walk the reply queue. Discard entries which we aren't 381 * looking for. 382 */ 383 do { 384 desc = lmrc_get_next_reply_desc(lmrc, mpt->mpt_queue); 385 if (desc == NULL) { 386 if (max_wait == 0) 387 return (TRAN_FATAL_ERROR); 388 389 drv_usecwait(100); 390 max_wait--; 391 continue; 392 } 393 394 desc_smid = desc->SCSIIOSuccess.SMID; 395 396 /* reset descriptor */ 397 desc->Words.Low = MPI2_RPY_DESCRIPT_UNUSED_WORD0_MARK; 398 desc->Words.High = MPI2_RPY_DESCRIPT_UNUSED_WORD1_MARK; 399 400 lmrc_write_rphi(lmrc, mpt->mpt_queue); 401 } while (desc == NULL || desc_smid != mpt->mpt_smid); 402 403 VERIFY3S(ddi_dma_sync(lmrc->l_ioreq_dma.ld_hdl, 404 (void *)io_req - lmrc->l_ioreq_dma.ld_buf, 405 LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE, DDI_DMA_SYNC_FORKERNEL), 406 ==, DDI_SUCCESS); 407 408 /* If this is I/O, process it. */ 409 if (io_req->Function == LMRC_MPI2_FUNCTION_LD_IO_REQUEST || 410 io_req->Function == MPI2_FUNCTION_SCSI_IO_REQUEST) { 411 lmrc_process_mpt_pkt(lmrc, mpt->mpt_pkt, 412 io_req->VendorRegion.rc_status, 413 io_req->VendorRegion.rc_exstatus, io_req->DataLength); 414 } 415 416 return (TRAN_ACCEPT); 417 } 418 419 /* 420 * lmrc_process_replies 421 * 422 * Process all new reply entries in a queue in response to an interrupt. 423 */ 424 int 425 lmrc_process_replies(lmrc_t *lmrc, uint8_t queue) 426 { 427 int nprocessed = 0; 428 Mpi2ReplyDescriptorsUnion_t *desc; 429 430 for (desc = lmrc_get_next_reply_desc(lmrc, queue); 431 desc != NULL; 432 desc = lmrc_get_next_reply_desc(lmrc, queue)) { 433 Mpi2SCSIIOSuccessReplyDescriptor_t *reply = 434 &desc->SCSIIOSuccess; 435 uint16_t smid = reply->SMID; 436 lmrc_mpt_cmd_t *mpt = lmrc->l_mpt_cmds[smid - 1]; 437 lmrc_tgt_t *tgt = NULL; 438 Mpi25SCSIIORequest_t *io_req; 439 struct scsi_pkt *pkt; 440 struct scsi_device *sd; 441 442 VERIFY3U(reply->SMID, <=, lmrc->l_max_fw_cmds); 443 444 mutex_enter(&mpt->mpt_lock); 445 mpt->mpt_complete = B_TRUE; 446 pkt = mpt->mpt_pkt; 447 io_req = mpt->mpt_io_frame; 448 449 VERIFY3S(ddi_dma_sync(lmrc->l_ioreq_dma.ld_hdl, 450 (void *)io_req - lmrc->l_ioreq_dma.ld_buf, 451 LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE, 452 DDI_DMA_SYNC_FORKERNEL), ==, DDI_SUCCESS); 453 454 455 switch (io_req->Function) { 456 case MPI2_FUNCTION_SCSI_TASK_MGMT: 457 VERIFY0(pkt); 458 VERIFY0(list_link_active(&mpt->mpt_node)); 459 cv_signal(&mpt->mpt_cv); 460 break; 461 462 case MPI2_FUNCTION_SCSI_IO_REQUEST: 463 case LMRC_MPI2_FUNCTION_LD_IO_REQUEST: 464 VERIFY(pkt != NULL); 465 466 sd = scsi_address_device(&pkt->pkt_address); 467 VERIFY(sd != NULL); 468 469 tgt = scsi_device_hba_private_get(sd); 470 VERIFY(tgt != NULL); 471 472 lmrc_process_mpt_pkt(lmrc, pkt, 473 io_req->VendorRegion.rc_status, 474 io_req->VendorRegion.rc_exstatus, 475 io_req->DataLength); 476 477 break; 478 479 case LMRC_MPI2_FUNCTION_PASSTHRU_IO_REQUEST: 480 VERIFY0(pkt); 481 VERIFY0(list_link_active(&mpt->mpt_node)); 482 lmrc_process_mptmfi_passthru(lmrc, mpt); 483 break; 484 485 default: 486 mutex_exit(&mpt->mpt_lock); 487 dev_err(lmrc->l_dip, CE_PANIC, 488 "!reply received for unknown Function %x", 489 io_req->Function); 490 break; 491 } 492 493 mutex_exit(&mpt->mpt_lock); 494 495 if (pkt != NULL) { 496 lmrc_tgt_rem_active_mpt(tgt, mpt); 497 atomic_dec_uint(&lmrc->l_fw_outstanding_cmds); 498 scsi_hba_pkt_comp(pkt); 499 } 500 501 /* reset descriptor */ 502 desc->Words.Low = MPI2_RPY_DESCRIPT_UNUSED_WORD0_MARK; 503 desc->Words.High = MPI2_RPY_DESCRIPT_UNUSED_WORD1_MARK; 504 505 nprocessed++; 506 507 if (nprocessed % LMRC_THRESHOLD_REPLY_COUNT == 0) 508 lmrc_write_rphi(lmrc, queue); 509 } 510 511 if (nprocessed != 0 && nprocessed % LMRC_THRESHOLD_REPLY_COUNT != 0) 512 lmrc_write_rphi(lmrc, queue); 513 514 return (DDI_INTR_CLAIMED); 515 } 516 517 518 /* 519 * MFI - MegaRAID Firmware Interface 520 */ 521 522 /* 523 * lmrc_build_mptmfi_passthru 524 * 525 * MFI commands are send as MPT MFI passthrough I/O requests. To send a a MFI 526 * frame to the RAID controller, we need to get a MPT command, set up the MPT 527 * I/O request and build a one-entry SGL pointing to the MFI command. 528 */ 529 static void 530 lmrc_build_mptmfi_passthru(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi) 531 { 532 Mpi25SCSIIORequest_t *io_req; 533 const ddi_dma_cookie_t *cookie; 534 lmrc_mpt_cmd_t *mpt; 535 536 mpt = lmrc_get_mpt(lmrc); 537 ASSERT(mutex_owned(&mpt->mpt_lock)); 538 539 mfi->mfi_mpt = mpt; 540 mpt->mpt_mfi = mfi; 541 542 io_req = mpt->mpt_io_frame; 543 io_req->Function = LMRC_MPI2_FUNCTION_PASSTHRU_IO_REQUEST; 544 io_req->ChainOffset = lmrc->l_chain_offset_mfi_pthru; 545 546 cookie = ddi_dma_cookie_one(mfi->mfi_frame_dma.ld_hdl); 547 lmrc_dma_build_sgl(lmrc, mpt, cookie, 1); 548 549 VERIFY3S(ddi_dma_sync(lmrc->l_ioreq_dma.ld_hdl, 550 (void *)io_req - lmrc->l_ioreq_dma.ld_buf, 551 LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE, DDI_DMA_SYNC_FORDEV), 552 ==, DDI_SUCCESS); 553 } 554 555 /* 556 * lmrc_process_mptmfi_passthru 557 * 558 * When a MPT MFI passthrough command completes, invoke the callback if there 559 * is one. Panic if an invalid command completed as that should never happen. 560 */ 561 static void 562 lmrc_process_mptmfi_passthru(lmrc_t *lmrc, lmrc_mpt_cmd_t *mpt) 563 { 564 lmrc_mfi_cmd_t *mfi; 565 lmrc_mfi_header_t *hdr; 566 567 VERIFY3P(mpt->mpt_mfi, !=, NULL); 568 mfi = mpt->mpt_mfi; 569 VERIFY0(list_link_active(&mfi->mfi_node)); 570 571 hdr = &mfi->mfi_frame->mf_hdr; 572 573 if ((hdr->mh_flags & MFI_FRAME_DIR_READ) != 0) 574 (void) ddi_dma_sync(mfi->mfi_data_dma.ld_hdl, 0, 575 mfi->mfi_data_dma.ld_len, DDI_DMA_SYNC_FORKERNEL); 576 577 switch (hdr->mh_cmd) { 578 case MFI_CMD_DCMD: 579 case MFI_CMD_LD_SCSI_IO: 580 case MFI_CMD_PD_SCSI_IO: 581 case MFI_CMD_ABORT: 582 mutex_enter(&mfi->mfi_lock); 583 if (mfi->mfi_callback != NULL) 584 mfi->mfi_callback(lmrc, mfi); 585 mutex_exit(&mfi->mfi_lock); 586 break; 587 588 case MFI_CMD_INVALID: 589 default: 590 dev_err(lmrc->l_dip, CE_PANIC, 591 "!invalid MFI cmd completion received, cmd = %x", 592 hdr->mh_cmd); 593 break; 594 } 595 } 596 597 /* 598 * lmrc_issue_mfi 599 * 600 * Post a MFI command to the firmware. Reset the cmd_status to invalid. Build 601 * a MPT MFI passthru command if necessary and a MPT atomic request descriptor 602 * before posting the request. The MFI command's mutex must be held. If the MPT 603 * MFI passthru command already exists for the MFI command, the MPT command's 604 * mutex must be held, too, and we don't drop it on return. 605 */ 606 void 607 lmrc_issue_mfi(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi, lmrc_mfi_cmd_cb_t *cb) 608 { 609 boolean_t exit_mutex = B_FALSE; 610 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 611 lmrc_atomic_req_desc_t req_desc; 612 613 ASSERT(mutex_owned(&mfi->mfi_lock)); 614 615 if ((hdr->mh_flags & MFI_FRAME_DONT_POST_IN_REPLY_QUEUE) == 0) { 616 VERIFY3U(cb, !=, NULL); 617 mfi->mfi_callback = cb; 618 } else { 619 VERIFY3U(cb, ==, NULL); 620 } 621 622 hdr->mh_cmd_status = MFI_STAT_INVALID_STATUS; 623 if (mfi->mfi_mpt == NULL) { 624 exit_mutex = B_TRUE; 625 lmrc_build_mptmfi_passthru(lmrc, mfi); 626 } 627 628 ASSERT(mutex_owned(&mfi->mfi_mpt->mpt_lock)); 629 630 req_desc = lmrc_build_atomic_request(lmrc, mfi->mfi_mpt, 631 MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO); 632 633 (void) ddi_dma_sync(mfi->mfi_frame_dma.ld_hdl, 0, 634 mfi->mfi_frame_dma.ld_len, DDI_DMA_SYNC_FORDEV); 635 636 if ((hdr->mh_flags & MFI_FRAME_DIR_WRITE) != 0) 637 (void) ddi_dma_sync(mfi->mfi_data_dma.ld_hdl, 0, 638 mfi->mfi_data_dma.ld_len, DDI_DMA_SYNC_FORDEV); 639 640 lmrc_send_atomic_request(lmrc, req_desc); 641 if (exit_mutex) 642 mutex_exit(&mfi->mfi_mpt->mpt_lock); 643 } 644 645 /* 646 * lmrc_poll_mfi 647 * 648 * Poll a MFI command for completion, waiting up to max_wait secs. Repeatedly 649 * check the command status until it changes to something that is not invalid. 650 * 651 * Trigger an online controller reset on timeout. 652 */ 653 static int 654 lmrc_poll_mfi(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi, uint8_t max_wait) 655 { 656 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 657 lmrc_dma_t *dma = &mfi->mfi_frame_dma; 658 clock_t timeout = ddi_get_lbolt() + drv_usectohz(max_wait * MICROSEC); 659 clock_t now; 660 661 ASSERT(mutex_owned(&mfi->mfi_lock)); 662 663 do { 664 (void) ddi_dma_sync(dma->ld_hdl, 0, dma->ld_len, 665 DDI_DMA_SYNC_FORKERNEL); 666 if (hdr->mh_cmd_status != MFI_STAT_INVALID_STATUS) 667 break; 668 669 (void) cv_reltimedwait(&mfi->mfi_cv, &mfi->mfi_lock, 670 drv_usectohz(MILLISEC), TR_MILLISEC); 671 now = ddi_get_lbolt(); 672 } while (!lmrc->l_fw_fault && now <= timeout); 673 674 if (hdr->mh_cmd_status != MFI_STAT_INVALID_STATUS) 675 return (DDI_SUCCESS); 676 677 if (now > timeout) { 678 dev_err(lmrc->l_dip, CE_WARN, 679 "!%s: command timeout after %ds", __func__, max_wait); 680 681 /* 682 * Signal the housekeeping thread to check for FW/HW faults, 683 * performing a reset if necessary. 684 */ 685 cv_signal(&lmrc->l_thread_cv); 686 } 687 688 return (DDI_FAILURE); 689 } 690 691 /* 692 * lmrc_wait_mfi 693 * 694 * Wait for up to max_wait secs for a MFI command to complete. The cmd mutex 695 * must be held. 696 * 697 * Trigger an online controller reset on timeout. 698 */ 699 int 700 lmrc_wait_mfi(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi, uint8_t max_wait) 701 { 702 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 703 lmrc_dma_t *dma = &mfi->mfi_frame_dma; 704 clock_t timeout = ddi_get_lbolt() + drv_usectohz(max_wait * MICROSEC); 705 int ret; 706 707 ASSERT(mutex_owned(&mfi->mfi_lock)); 708 709 do { 710 ret = cv_timedwait(&mfi->mfi_cv, &mfi->mfi_lock, timeout); 711 712 (void) ddi_dma_sync(dma->ld_hdl, 0, dma->ld_len, 713 DDI_DMA_SYNC_FORKERNEL); 714 715 } while (!lmrc->l_fw_fault && 716 hdr->mh_cmd_status == MFI_STAT_INVALID_STATUS && ret != -1); 717 718 if (!lmrc->l_fw_fault && ret != -1) 719 return (DDI_SUCCESS); 720 721 if (ret == -1) { 722 dev_err(lmrc->l_dip, CE_WARN, "!%s: blocked command timeout " 723 "after %ds, cmd = %d, status = %d", __func__, max_wait, 724 hdr->mh_cmd, hdr->mh_cmd_status); 725 726 /* 727 * Signal the housekeeping thread to check for FW/HW faults, 728 * performing a reset if necessary. 729 */ 730 cv_signal(&lmrc->l_thread_cv); 731 } 732 733 return (DDI_FAILURE); 734 } 735 736 /* 737 * lmrc_wakeup_mfi 738 * 739 * Signal the CV associated with a MFI command to wake up the thread waiting 740 * for its completion. 741 */ 742 void 743 lmrc_wakeup_mfi(lmrc_t *lmrc, lmrc_mfi_cmd_t *cmd) 744 { 745 ASSERT(mutex_owned(&cmd->mfi_lock)); 746 cv_signal(&cmd->mfi_cv); 747 } 748 749 /* 750 * lmrc_issue_blocked_mfi 751 * 752 * Post a MFI command to the firmware and wait for the command to complete. 753 */ 754 int 755 lmrc_issue_blocked_mfi(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi) 756 { 757 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 758 int ret; 759 760 mutex_enter(&mfi->mfi_lock); 761 lmrc_issue_mfi(lmrc, mfi, lmrc_wakeup_mfi); 762 ret = lmrc_wait_mfi(lmrc, mfi, LMRC_INTERNAL_CMD_WAIT_TIME); 763 mutex_exit(&mfi->mfi_lock); 764 765 if (ret == DDI_SUCCESS && hdr->mh_cmd_status == MFI_STAT_OK) 766 return (DDI_SUCCESS); 767 768 dev_err(lmrc->l_dip, CE_WARN, 769 "!%s: blocked command failure, cmd = %d, status = %d", 770 __func__, hdr->mh_cmd, hdr->mh_cmd_status); 771 772 return (ret); 773 } 774 775 /* 776 * lmrc_abort_cb 777 * 778 * Callback for any command that is to be aborted. 779 * 780 * If the command completed normally before it could be aborted, set the status 781 * to indicate the intended abortion. 782 */ 783 static void 784 lmrc_abort_cb(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi) 785 { 786 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 787 788 if (hdr->mh_cmd_status == MFI_STAT_OK) 789 hdr->mh_cmd_status = MFI_STAT_NOT_FOUND; 790 } 791 792 /* 793 * lmrc_abort_mfi 794 * 795 * Abort a MFI command. This is a bit tricky as the hardware may still complete 796 * it at any time. 797 * 798 * The mutex of the command to be aborted must be held to prevent it from 799 * completing behind our back. We'll replace its callback with our own, issue an 800 * ABORT command, and drop the mutex before we wait for the ABORT command to 801 * complete. 802 */ 803 static int 804 lmrc_abort_cmd(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi_to_abort) 805 { 806 lmrc_mfi_cmd_t *mfi = lmrc_get_mfi(lmrc); 807 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 808 lmrc_mfi_abort_payload_t *abort = &mfi->mfi_frame->mf_abort; 809 lmrc_mfi_cmd_cb_t *orig_cb = mfi_to_abort->mfi_callback; 810 int ret; 811 812 ASSERT(mutex_owned(&mfi_to_abort->mfi_lock)); 813 814 /* Replace the commands callback with our own. */ 815 mfi_to_abort->mfi_callback = lmrc_abort_cb; 816 817 hdr->mh_cmd = MFI_CMD_ABORT; 818 abort->ma_abort_context = mfi_to_abort->mfi_idx; 819 lmrc_dma_set_addr64(&mfi_to_abort->mfi_frame_dma, 820 &abort->ma_abort_mfi_phys_addr); 821 822 /* Send the ABORT. */ 823 mutex_enter(&mfi->mfi_lock); 824 lmrc_issue_mfi(lmrc, mfi, lmrc_wakeup_mfi); 825 826 /* 827 * Drop the mutex of the command to be aborted, allowing it to proceed 828 * while we wait for the ABORT command to complete. 829 */ 830 mutex_exit(&mfi_to_abort->mfi_lock); 831 ret = lmrc_wait_mfi(lmrc, mfi, LMRC_INTERNAL_CMD_WAIT_TIME); 832 mutex_exit(&mfi->mfi_lock); 833 834 /* 835 * The ABORT command may fail if cmd_to_abort has completed already. 836 * Treat any other failure as fatal, restore the callback and fail. 837 */ 838 if (ret != DDI_SUCCESS && hdr->mh_cmd_status != MFI_STAT_NOT_FOUND) { 839 mutex_enter(&mfi_to_abort->mfi_lock); 840 mfi_to_abort->mfi_callback = orig_cb; 841 goto out; 842 } 843 844 /* 845 * Wait for the aborted command to complete. If we time out on this 846 * there's little we can do here, so we restore the callback and fail. 847 */ 848 mutex_enter(&mfi_to_abort->mfi_lock); 849 ret = lmrc_poll_mfi(lmrc, mfi_to_abort, LMRC_INTERNAL_CMD_WAIT_TIME); 850 mfi_to_abort->mfi_callback = orig_cb; 851 852 if (ret != DDI_SUCCESS) 853 goto out; 854 855 /* Wake up anyone waiting on the aborted command. */ 856 if (mfi_to_abort->mfi_callback != NULL) 857 mfi_to_abort->mfi_callback(lmrc, mfi_to_abort); 858 859 out: 860 lmrc_put_mfi(mfi); 861 ASSERT(mutex_owned(&mfi_to_abort->mfi_lock)); 862 return (ret); 863 } 864 865 866 /* 867 * Controller Initialization and Housekeeping 868 */ 869 870 /* 871 * lmrc_check_fw_fault 872 * 873 * Check the firmware state. If faulted, return B_TRUE. 874 * Return B_FALSE otherwise. 875 */ 876 static boolean_t 877 lmrc_check_fw_fault(lmrc_t *lmrc) 878 { 879 uint32_t status = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD0_OFFSET); 880 uint32_t fw_state = LMRC_FW_STATE(status); 881 882 if (fw_state == LMRC_FW_STATE_FAULT) 883 return (B_TRUE); 884 885 return (B_FALSE); 886 } 887 888 /* 889 * lmrc_wait_for_reg 890 * 891 * Repeatedly read the register and check that 'bits' match 'exp'. 892 */ 893 static boolean_t 894 lmrc_wait_for_reg(lmrc_t *lmrc, uint32_t reg, uint32_t bits, uint32_t exp, 895 uint64_t max_wait) 896 { 897 uint32_t val; 898 uint64_t i; 899 900 max_wait *= MILLISEC / 100; 901 902 for (i = 0; i < max_wait; i++) { 903 delay(drv_usectohz(100 * MILLISEC)); 904 val = lmrc_read_reg(lmrc, reg); 905 906 if ((val & bits) == exp) 907 return (B_TRUE); 908 } 909 910 return (B_FALSE); 911 } 912 913 static int 914 lmrc_hard_reset(lmrc_t *lmrc) 915 { 916 int ret = DDI_SUCCESS; 917 918 /* Write the reset key sequence. */ 919 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 920 MPI2_WRSEQ_FLUSH_KEY_VALUE); 921 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 922 MPI2_WRSEQ_1ST_KEY_VALUE); 923 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 924 MPI2_WRSEQ_2ND_KEY_VALUE); 925 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 926 MPI2_WRSEQ_3RD_KEY_VALUE); 927 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 928 MPI2_WRSEQ_4TH_KEY_VALUE); 929 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 930 MPI2_WRSEQ_5TH_KEY_VALUE); 931 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 932 MPI2_WRSEQ_6TH_KEY_VALUE); 933 934 /* Check diag write enable. */ 935 if (!lmrc_wait_for_reg(lmrc, MPI2_HOST_DIAGNOSTIC_OFFSET, 936 MPI2_DIAG_DIAG_WRITE_ENABLE, MPI2_DIAG_DIAG_WRITE_ENABLE, 937 LMRC_RESET_TIMEOUT)) { 938 dev_err(lmrc->l_dip, CE_WARN, "diag unlock failed"); 939 return (DDI_FAILURE); 940 } 941 942 /* Reset IOC. */ 943 lmrc_write_reg(lmrc, MPI2_HOST_DIAGNOSTIC_OFFSET, 944 lmrc_read_reg(lmrc, MPI2_HOST_DIAGNOSTIC_OFFSET) | 945 MPI2_DIAG_RESET_ADAPTER); 946 delay(drv_usectohz(MPI2_HARD_RESET_PCIE_FIRST_READ_DELAY_MICRO_SEC)); 947 948 /* Check the reset adapter bit. */ 949 if ((lmrc_read_reg(lmrc, MPI2_HOST_DIAGNOSTIC_OFFSET) & 950 MPI2_DIAG_RESET_ADAPTER) == 0) 951 goto out; 952 953 delay(drv_usectohz(MPI2_HARD_RESET_PCIE_SECOND_READ_DELAY_MICRO_SEC)); 954 955 /* Check the reset adapter bit again. */ 956 if ((lmrc_read_reg(lmrc, MPI2_HOST_DIAGNOSTIC_OFFSET) & 957 MPI2_DIAG_RESET_ADAPTER) == 0) 958 goto out; 959 960 ret = DDI_FAILURE; 961 out: 962 lmrc_write_reg(lmrc, MPI2_WRITE_SEQUENCE_OFFSET, 963 MPI2_WRSEQ_FLUSH_KEY_VALUE); 964 return (ret); 965 } 966 967 /* 968 * lmrc_reset_ctrl 969 * 970 * Attempt to reset the controller, if the hardware supports it. 971 * If reset is unsupported or the reset fails repeatedly, we shut the 972 * controller down. 973 */ 974 static int 975 lmrc_reset_ctrl(lmrc_t *lmrc) 976 { 977 uint32_t status, fw_state, reset_adapter; 978 int max_wait, i; 979 980 if (lmrc->l_disable_online_ctrl_reset) 981 return (DDI_FAILURE); 982 983 status = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD0_OFFSET); 984 fw_state = LMRC_FW_STATE(status); 985 reset_adapter = LMRC_FW_RESET_ADAPTER(status); 986 987 if (fw_state == LMRC_FW_STATE_FAULT && reset_adapter == 0) { 988 dev_err(lmrc->l_dip, CE_WARN, 989 "FW in fault state, but reset not supported"); 990 goto out; 991 } 992 993 for (i = 0; i < LMRC_MAX_RESET_TRIES; i++) { 994 dev_err(lmrc->l_dip, CE_WARN, "resetting..."); 995 996 if (lmrc_hard_reset(lmrc) != DDI_SUCCESS) 997 continue; 998 999 /* Wait for the FW state to move beyond INIT. */ 1000 max_wait = LMRC_IO_TIMEOUT * MILLISEC / 100; 1001 do { 1002 status = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD0_OFFSET); 1003 fw_state = LMRC_FW_STATE(status); 1004 1005 if (fw_state <= LMRC_FW_STATE_FW_INIT) 1006 delay(drv_usectohz(100 * MILLISEC)); 1007 } while (fw_state <= LMRC_FW_STATE_FW_INIT && max_wait > 0); 1008 1009 if (fw_state <= LMRC_FW_STATE_FW_INIT) { 1010 dev_err(lmrc->l_dip, CE_WARN, 1011 "fw state <= LMRC_FW_STATE_FW_INIT, state = %x", 1012 fw_state); 1013 continue; 1014 } 1015 1016 return (DDI_SUCCESS); 1017 } 1018 1019 dev_err(lmrc->l_dip, CE_WARN, "reset failed"); 1020 out: 1021 /* Stop the controller. */ 1022 lmrc_write_reg(lmrc, MPI2_DOORBELL_OFFSET, MFI_STOP_ADP); 1023 (void) lmrc_read_reg(lmrc, MPI2_DOORBELL_OFFSET); 1024 1025 return (DDI_FAILURE); 1026 } 1027 1028 /* 1029 * lmrc_tgt_complete_cmd 1030 * 1031 * In case of a controller reset, complete the cmd and clean up. This is done 1032 * in a taskq to avoid locking and list manipulation headaches. 1033 */ 1034 static void 1035 lmrc_tgt_complete_cmd(void *arg) 1036 { 1037 lmrc_scsa_cmd_t *cmd = arg; 1038 struct scsi_pkt *pkt; 1039 lmrc_t *lmrc; 1040 1041 mutex_enter(&cmd->sc_mpt->mpt_lock); 1042 1043 /* Just in case the command completed before the taskq was run... */ 1044 if (cmd->sc_mpt->mpt_complete) { 1045 mutex_exit(&cmd->sc_mpt->mpt_lock); 1046 return; 1047 } 1048 1049 lmrc = cmd->sc_mpt->mpt_lmrc; 1050 pkt = cmd->sc_mpt->mpt_pkt; 1051 1052 pkt->pkt_state = STATE_GOT_BUS | STATE_GOT_TARGET | STATE_SENT_CMD; 1053 pkt->pkt_reason = CMD_RESET; 1054 pkt->pkt_statistics = STAT_BUS_RESET; 1055 mutex_exit(&cmd->sc_mpt->mpt_lock); 1056 1057 lmrc_tgt_rem_active_mpt(cmd->sc_tgt, cmd->sc_mpt); 1058 atomic_dec_uint(&lmrc->l_fw_outstanding_cmds); 1059 1060 scsi_hba_pkt_comp(pkt); 1061 } 1062 1063 /* 1064 * lmrc_tgt_complete_cmds 1065 * 1066 * Walk the list of active commands of a target. Schedule a taskq to handle the 1067 * timeout processing and clean up. 1068 */ 1069 static void 1070 lmrc_tgt_complete_cmds(lmrc_t *lmrc, lmrc_tgt_t *tgt) 1071 { 1072 lmrc_mpt_cmd_t *mpt; 1073 1074 mutex_enter(&tgt->tgt_mpt_active_lock); 1075 if (list_is_empty(&tgt->tgt_mpt_active)) { 1076 mutex_exit(&tgt->tgt_mpt_active_lock); 1077 return; 1078 } 1079 1080 for (mpt = lmrc_tgt_first_active_mpt(tgt); 1081 mpt != NULL; 1082 mpt = lmrc_tgt_next_active_mpt(tgt, mpt)) { 1083 lmrc_scsa_cmd_t *cmd = mpt->mpt_pkt->pkt_ha_private; 1084 1085 ASSERT(mutex_owned(&mpt->mpt_lock)); 1086 VERIFY(mpt->mpt_pkt != NULL); 1087 VERIFY(cmd != NULL); 1088 1089 if (mpt->mpt_complete) 1090 continue; 1091 1092 taskq_dispatch_ent(lmrc->l_taskq, lmrc_tgt_complete_cmd, cmd, 1093 TQ_NOSLEEP, &mpt->mpt_tqent); 1094 } 1095 mutex_exit(&tgt->tgt_mpt_active_lock); 1096 } 1097 1098 /* 1099 * lmrc_tgt_timeout_cmds 1100 * 1101 * Walk the list of active commands of a target. Try to abort commands which are 1102 * overdue. 1103 */ 1104 static int 1105 lmrc_tgt_timeout_cmds(lmrc_t *lmrc, lmrc_tgt_t *tgt) 1106 { 1107 lmrc_mpt_cmd_t *mpt; 1108 int ret = DDI_SUCCESS; 1109 1110 mutex_enter(&tgt->tgt_mpt_active_lock); 1111 if (list_is_empty(&tgt->tgt_mpt_active)) 1112 goto out; 1113 1114 for (mpt = lmrc_tgt_first_active_mpt(tgt); 1115 mpt != NULL; 1116 mpt = lmrc_tgt_next_active_mpt(tgt, mpt)) { 1117 hrtime_t now; 1118 1119 ASSERT(mutex_owned(&mpt->mpt_lock)); 1120 VERIFY(mpt->mpt_pkt != NULL); 1121 1122 /* Just in case the command completed by now... */ 1123 if (mpt->mpt_complete) 1124 continue; 1125 1126 now = gethrtime(); 1127 1128 if (now > mpt->mpt_timeout) { 1129 /* 1130 * Give the packet a bit more time for the abort to 1131 * complete. 1132 */ 1133 mpt->mpt_timeout = now + LMRC_IO_TIMEOUT * NANOSEC; 1134 1135 /* 1136 * If the abort failed for whatever reason, 1137 * we can stop here as only a controller reset 1138 * can get us back into a sane state. 1139 */ 1140 if (lmrc_abort_mpt(lmrc, tgt, mpt) != 1) { 1141 mutex_exit(&mpt->mpt_lock); 1142 ret = DDI_FAILURE; 1143 goto out; 1144 } 1145 } 1146 } 1147 1148 out: 1149 mutex_exit(&tgt->tgt_mpt_active_lock); 1150 return (ret); 1151 } 1152 1153 /* 1154 * lmrc_thread 1155 * 1156 * Check whether the controller is FW fault state. Check all targets for 1157 * commands which have timed out. 1158 */ 1159 void 1160 lmrc_thread(void *arg) 1161 { 1162 lmrc_t *lmrc = arg; 1163 1164 do { 1165 int i; 1166 1167 /* Wake up at least once a minute. */ 1168 mutex_enter(&lmrc->l_thread_lock); 1169 (void) cv_reltimedwait(&lmrc->l_thread_cv, &lmrc->l_thread_lock, 1170 drv_usectohz(60 * MICROSEC), TR_SEC); 1171 mutex_exit(&lmrc->l_thread_lock); 1172 1173 if (lmrc->l_thread_stop) 1174 continue; 1175 1176 lmrc->l_fw_fault = lmrc_check_fw_fault(lmrc); 1177 1178 /* 1179 * Check all targets for timed-out commands. If we find any 1180 * and fail to abort them, we pretend the FW has faulted to 1181 * trigger a reset. 1182 */ 1183 if (!lmrc->l_fw_fault) { 1184 for (i = 0; i < ARRAY_SIZE(lmrc->l_targets); i++) { 1185 if (lmrc_tgt_timeout_cmds(lmrc, 1186 &lmrc->l_targets[i]) != DDI_SUCCESS) { 1187 lmrc->l_fw_fault = B_TRUE; 1188 break; 1189 } 1190 } 1191 } 1192 1193 /* 1194 * If the FW is faulted, try to recover by performing a reset. 1195 */ 1196 if (lmrc->l_fw_fault) { 1197 int ret; 1198 1199 lmrc_disable_intr(lmrc); 1200 1201 /* 1202 * Even if the reset failed, it will have stopped the 1203 * controller and we can complete all outstanding 1204 * commands. 1205 */ 1206 ret = lmrc_reset_ctrl(lmrc); 1207 1208 (void) lmrc_abort_outstanding_mfi(lmrc, 1209 LMRC_MAX_MFI_CMDS); 1210 1211 for (i = 0; i < ARRAY_SIZE(lmrc->l_targets); i++) 1212 lmrc_tgt_complete_cmds(lmrc, 1213 &lmrc->l_targets[i]); 1214 1215 if (ret != DDI_SUCCESS) { 1216 dev_err(lmrc->l_dip, CE_WARN, "reset failed"); 1217 continue; 1218 } 1219 1220 if (lmrc_transition_to_ready(lmrc) != DDI_SUCCESS) 1221 continue; 1222 1223 if (lmrc_ioc_init(lmrc) != DDI_SUCCESS) 1224 continue; 1225 1226 lmrc_enable_intr(lmrc); 1227 1228 if (lmrc_start_aen(lmrc) != DDI_SUCCESS) { 1229 dev_err(lmrc->l_dip, CE_WARN, 1230 "failed to re-initiate AEN"); 1231 continue; 1232 } 1233 1234 lmrc->l_fw_fault = lmrc_check_fw_fault(lmrc); 1235 } 1236 } while (!lmrc->l_thread_stop); 1237 1238 thread_exit(); 1239 } 1240 1241 /* 1242 * lmrc_transition_to_ready 1243 * 1244 * Move firmware to ready state. At attach time, the FW can potentially be in 1245 * any one of several possible states. If the FW is in operational, waiting-for- 1246 * handshake states, take steps to bring it to ready state. Otherwise, wait for 1247 * the FW to reach ready state. 1248 */ 1249 static int 1250 lmrc_transition_to_ready(lmrc_t *lmrc) 1251 { 1252 uint32_t status, new_status; 1253 uint32_t fw_state; 1254 uint8_t max_wait; 1255 uint_t i; 1256 1257 status = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD0_OFFSET); 1258 fw_state = LMRC_FW_STATE(status); 1259 max_wait = LMRC_RESET_TIMEOUT; 1260 1261 while (fw_state != LMRC_FW_STATE_READY) { 1262 switch (fw_state) { 1263 case LMRC_FW_STATE_FAULT: 1264 dev_err(lmrc->l_dip, CE_NOTE, "FW is in fault state!"); 1265 if (lmrc_reset_ctrl(lmrc) != DDI_SUCCESS) 1266 return (DDI_FAILURE); 1267 break; 1268 1269 case LMRC_FW_STATE_WAIT_HANDSHAKE: 1270 /* Set the CLR bit in inbound doorbell */ 1271 lmrc_write_reg(lmrc, MPI2_DOORBELL_OFFSET, 1272 MFI_INIT_CLEAR_HANDSHAKE | MFI_INIT_HOTPLUG); 1273 break; 1274 1275 case LMRC_FW_STATE_BOOT_MSG_PENDING: 1276 lmrc_write_reg(lmrc, MPI2_DOORBELL_OFFSET, 1277 MFI_INIT_HOTPLUG); 1278 break; 1279 1280 case LMRC_FW_STATE_OPERATIONAL: 1281 /* Bring it to READY state, wait up to 10s */ 1282 lmrc_disable_intr(lmrc); 1283 lmrc_write_reg(lmrc, MPI2_DOORBELL_OFFSET, 1284 MFI_RESET_FLAGS); 1285 (void) lmrc_wait_for_reg(lmrc, MPI2_DOORBELL_OFFSET, 1, 1286 0, 10); 1287 break; 1288 1289 case LMRC_FW_STATE_UNDEFINED: 1290 /* This state should not last for more than 2 sec */ 1291 case LMRC_FW_STATE_BB_INIT: 1292 case LMRC_FW_STATE_FW_INIT: 1293 case LMRC_FW_STATE_FW_INIT_2: 1294 case LMRC_FW_STATE_DEVICE_SCAN: 1295 case LMRC_FW_STATE_FLUSH_CACHE: 1296 break; 1297 default: 1298 dev_err(lmrc->l_dip, CE_WARN, "Unknown FW state %x", 1299 fw_state); 1300 return (DDI_FAILURE); 1301 } 1302 1303 /* 1304 * The current state should not last for more than max_wait 1305 * seconds. 1306 */ 1307 for (i = 0; i < max_wait * 1000; i++) { 1308 new_status = lmrc_read_reg(lmrc, 1309 MPI26_SCRATCHPAD0_OFFSET); 1310 1311 if (status != new_status) 1312 break; 1313 1314 delay(drv_usectohz(MILLISEC)); 1315 } 1316 1317 if (new_status == status) { 1318 dev_err(lmrc->l_dip, CE_WARN, 1319 "FW state (%x) hasn't changed in %d seconds", 1320 fw_state, max_wait); 1321 return (DDI_FAILURE); 1322 } 1323 1324 status = new_status; 1325 fw_state = LMRC_FW_STATE(status); 1326 } 1327 1328 if (lmrc_check_acc_handle(lmrc->l_reghandle) != DDI_FM_OK) 1329 return (DDI_FAILURE); 1330 1331 return (DDI_SUCCESS); 1332 } 1333 1334 /* 1335 * lmrc_adapter_init 1336 * 1337 * Get the hardware and firmware into a usable state, and fetch some basic 1338 * information from the registers to calculate sizes of basic data structures. 1339 */ 1340 int 1341 lmrc_adapter_init(lmrc_t *lmrc) 1342 { 1343 uint32_t reg; 1344 int ret; 1345 int i; 1346 1347 ret = lmrc_transition_to_ready(lmrc); 1348 if (ret != DDI_SUCCESS) 1349 return (ret); 1350 1351 /* 1352 * Get maximum RAID map size. 1353 */ 1354 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD2_OFFSET); 1355 lmrc->l_max_raid_map_sz = LMRC_MAX_RAID_MAP_SZ(reg); 1356 1357 lmrc->l_max_reply_queues = 1; 1358 lmrc->l_rphi[0] = MPI2_REPLY_POST_HOST_INDEX_OFFSET; 1359 1360 /* 1361 * Apparently, bit 27 of the scratch pad register indicates whether 1362 * MSI-X is supported by the firmware. 1363 */ 1364 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD0_OFFSET); 1365 1366 if (LMRC_FW_MSIX_ENABLED(reg)) { 1367 lmrc->l_fw_msix_enabled = B_TRUE; 1368 1369 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD1_OFFSET); 1370 lmrc->l_max_reply_queues = LMRC_MAX_REPLY_QUEUES_EXT(reg); 1371 1372 if (lmrc->l_max_reply_queues > LMRC_MAX_REPLY_POST_HOST_INDEX) { 1373 lmrc->l_msix_combined = B_TRUE; 1374 lmrc->l_rphi[0] = 1375 MPI25_SUP_REPLY_POST_HOST_INDEX_OFFSET; 1376 } 1377 1378 /* 1379 * Compute reply post index register addresses 1-15. 1380 */ 1381 for (i = 1; i < LMRC_MAX_REPLY_POST_HOST_INDEX; i++) { 1382 lmrc->l_rphi[i] = i * 0x10 + 1383 MPI25_SUP_REPLY_POST_HOST_INDEX_OFFSET; 1384 } 1385 } 1386 1387 /* 1388 * Get the number of commands the firmware supports. Use one less, 1389 * because reply_q_depth is based on one more than this. XXX: Why? 1390 */ 1391 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD0_OFFSET); 1392 lmrc->l_max_fw_cmds = LMRC_FW_MAX_CMD(reg) - 1; 1393 1394 if (lmrc->l_max_fw_cmds < LMRC_MAX_MFI_CMDS) { 1395 dev_err(lmrc->l_dip, CE_WARN, "!max_fw_cmds too low: %d", 1396 lmrc->l_max_fw_cmds); 1397 return (DDI_FAILURE); 1398 } 1399 1400 /* 1401 * Reserve some commands for MFI, the remainder is for SCSI commands. 1402 */ 1403 lmrc->l_max_scsi_cmds = lmrc->l_max_fw_cmds - LMRC_MAX_MFI_CMDS; 1404 1405 /* 1406 * XXX: This magic calculation isn't explained anywhere. Let's see... 1407 * lmrc_max_fw_cmds + 1 gives us what was reported in the register, 1408 * That + 15 is for rounding it up the next multiple of 16, which 1409 * / 16 * 16 does. 1410 * And apparently we want twice that much for queue depth. Why? 1411 * 1412 * So in reality, the queue depth is based on at least one more than 1413 * lmrc_max_fw_cmds, but it could be even more. That makes the above 1414 * statement about lmrc_max_fw_cmds questionable. 1415 */ 1416 lmrc->l_reply_q_depth = (lmrc->l_max_fw_cmds + 1 + 15) / 16 * 16 * 2; 1417 1418 /* Allocation size of one reply queue, based on depth. */ 1419 lmrc->l_reply_alloc_sz = 1420 sizeof (Mpi2ReplyDescriptorsUnion_t) * lmrc->l_reply_q_depth; 1421 1422 /* Allocation size of the DMA memory used for all MPI I/O frames. */ 1423 lmrc->l_io_frames_alloc_sz = LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE * 1424 (lmrc->l_max_fw_cmds + 2); 1425 1426 /* 1427 * If LMRC_EXT_CHAIN_SIZE_SUPPORT is set in scratch pad 1, firmware 1428 * supports an extended IO chain frame which is 4 times the size of a 1429 * legacy firmware frame. 1430 * Legacy Firmware frame size is (8 * 128) = 1K 1431 * 1M IO Firmware frame size is (8 * 128 * 4) = 4K 1432 */ 1433 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD1_OFFSET); 1434 lmrc->l_max_chain_frame_sz = LMRC_MAX_CHAIN_SIZE(reg) * 1435 (LMRC_EXT_CHAIN_SIZE_SUPPORT(reg) ? LMRC_1MB_IO : LMRC_256K_IO); 1436 1437 /* 1438 * Check whether the controller supports DMA to the full 64bit address 1439 * space. 1440 */ 1441 lmrc->l_64bit_dma_support = LMRC_64BIT_DMA_SUPPORT(reg); 1442 1443 /* 1444 * We use a I/O frame size of 256 bytes, that is what 1445 * LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE is set to. 1446 * 1447 * The offset of the SGL in the I/O frame is 128, so 1448 * there are 128 bytes left for 8 SGEs of 16 bytes each. 1449 */ 1450 lmrc->l_max_sge_in_main_msg = 1451 (LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE - 1452 offsetof(Mpi25SCSIIORequest_t, SGL)) / sizeof (Mpi25SGEIOUnion_t); 1453 1454 /* 1455 * Similarly, number of SGE in a SGE chain frame. 1456 */ 1457 lmrc->l_max_sge_in_chain = 1458 lmrc->l_max_chain_frame_sz / sizeof (Mpi25SGEIOUnion_t); 1459 1460 /* 1461 * The total number of SGE we support in a transfer is sum of 1462 * the above two, minus one for the link (last SGE in main msg). 1463 * 1464 * XXX: So why -2? 1465 */ 1466 lmrc->l_max_num_sge = 1467 lmrc->l_max_sge_in_main_msg + lmrc->l_max_sge_in_chain - 2; 1468 1469 /* 1470 * The offset of the last SGE in the I/O request, used for linking 1471 * the SGE chain frame if necessary. 1472 */ 1473 lmrc->l_chain_offset_io_request = 1474 (LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE - 1475 sizeof (Mpi25SGEIOUnion_t)) / sizeof (Mpi25SGEIOUnion_t); 1476 1477 /* 1478 * For MFI passthru, the link to the SGE chain frame is always 1479 * the first SGE in the I/O frame, the other SGEs in the I/O frame 1480 * will not be used. 1481 */ 1482 lmrc->l_chain_offset_mfi_pthru = 1483 offsetof(Mpi25SCSIIORequest_t, SGL) / sizeof (Mpi25SGEIOUnion_t); 1484 1485 1486 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD3_OFFSET); 1487 if (LMRC_NVME_PAGE_SHIFT(reg) > LMRC_DEFAULT_NVME_PAGE_SHIFT) { 1488 lmrc->l_nvme_page_sz = 1 << LMRC_NVME_PAGE_SHIFT(reg); 1489 dev_err(lmrc->l_dip, CE_NOTE, "!NVME page size: %ld", 1490 lmrc->l_nvme_page_sz); 1491 } 1492 1493 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD1_OFFSET); 1494 lmrc->l_fw_sync_cache_support = LMRC_SYNC_CACHE_SUPPORT(reg); 1495 1496 if (lmrc->l_class == LMRC_ACLASS_AERO) { 1497 reg = lmrc_read_reg(lmrc, MPI26_SCRATCHPAD1_OFFSET); 1498 lmrc->l_atomic_desc_support = 1499 LMRC_ATOMIC_DESCRIPTOR_SUPPORT(reg); 1500 } 1501 1502 return (DDI_SUCCESS); 1503 } 1504 1505 /* 1506 * lmrc_ioc_init 1507 * 1508 * Manually build a MFI IOC INIT command to setup basic operating parameters 1509 * such as the DMA parameters for the I/O request frames and the reply post 1510 * queues. Send the IOC INIT command using a special request descriptor which 1511 * directly includes the physical address of the MFI command frame. 1512 * 1513 * After this command completes, the controller is ready to accept MPT commands 1514 * using the normal method of placing it in the I/O request DMA memory and 1515 * writing a MPT request descripter to the appropriate registers. 1516 */ 1517 int 1518 lmrc_ioc_init(lmrc_t *lmrc) 1519 { 1520 lmrc_mfi_cmd_t *mfi = lmrc_get_mfi(lmrc); 1521 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 1522 lmrc_mfi_init_payload_t *init = &mfi->mfi_frame->mf_init; 1523 lmrc_req_desc_t req_desc; 1524 Mpi2IOCInitRequest_t *IOCInitMsg; 1525 lmrc_dma_t dma; 1526 int ret = DDI_SUCCESS; 1527 1528 ret = lmrc_dma_alloc(lmrc, lmrc->l_dma_attr, &dma, 1529 sizeof (Mpi2IOCInitRequest_t), 256, DDI_DMA_CONSISTENT); 1530 if (ret != DDI_SUCCESS) { 1531 lmrc_put_mfi(mfi); 1532 dev_err(lmrc->l_dip, CE_WARN, 1533 "!%s: failed to allocate IOC command", __func__); 1534 return (DDI_FAILURE); 1535 } 1536 1537 IOCInitMsg = dma.ld_buf; 1538 IOCInitMsg->Function = MPI2_FUNCTION_IOC_INIT; 1539 IOCInitMsg->WhoInit = MPI2_WHOINIT_HOST_DRIVER; 1540 IOCInitMsg->MsgVersion = MPI2_VERSION; 1541 IOCInitMsg->HeaderVersion = MPI2_HEADER_VERSION; 1542 IOCInitMsg->SystemRequestFrameSize = 1543 LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE / 4; 1544 IOCInitMsg->ReplyDescriptorPostQueueDepth = lmrc->l_reply_q_depth; 1545 lmrc_dma_set_addr64(&lmrc->l_reply_dma, 1546 (uint64_t *)&IOCInitMsg->ReplyDescriptorPostQueueAddress); 1547 lmrc_dma_set_addr64(&lmrc->l_ioreq_dma, 1548 (uint64_t *)&IOCInitMsg->SystemRequestFrameBaseAddress); 1549 IOCInitMsg->HostMSIxVectors = lmrc->l_max_reply_queues; 1550 /* XXX: Why NVMe? */ 1551 IOCInitMsg->HostPageSize = LMRC_DEFAULT_NVME_PAGE_SHIFT; 1552 1553 hdr->mh_cmd = MFI_CMD_INIT; 1554 hdr->mh_cmd_status = MFI_STAT_INVALID_STATUS; 1555 hdr->mh_flags = MFI_FRAME_DONT_POST_IN_REPLY_QUEUE; 1556 1557 hdr->mh_drv_opts.mc_support_additional_msix = 1; 1558 hdr->mh_drv_opts.mc_support_max_255lds = 1; 1559 hdr->mh_drv_opts.mc_support_ndrive_r1_lb = 1; 1560 hdr->mh_drv_opts.mc_support_security_protocol_cmds_fw = 1; 1561 hdr->mh_drv_opts.mc_support_ext_io_size = 1; 1562 1563 hdr->mh_data_xfer_len = lmrc_dma_get_size(&dma); 1564 1565 lmrc_dma_set_addr64(&dma, &init->mi_queue_info_new_phys_addr); 1566 1567 lmrc_dma_set_addr64(&mfi->mfi_frame_dma, &req_desc.rd_reg); 1568 VERIFY0(req_desc.rd_mfa_io.RequestFlags); 1569 req_desc.rd_mfa_io.RequestFlags = LMRC_REQ_DESCRIPT_FLAGS_MFA; 1570 1571 lmrc_disable_intr(lmrc); 1572 if (!lmrc_wait_for_reg(lmrc, MPI2_DOORBELL_OFFSET, 1, 0, 10)) 1573 return (DDI_FAILURE); 1574 1575 (void) ddi_dma_sync(dma.ld_hdl, 0, dma.ld_len, DDI_DMA_SYNC_FORDEV); 1576 (void) ddi_dma_sync(mfi->mfi_frame_dma.ld_hdl, 0, 1577 mfi->mfi_frame_dma.ld_len, DDI_DMA_SYNC_FORDEV); 1578 1579 lmrc_send_request(lmrc, req_desc); 1580 1581 mutex_enter(&mfi->mfi_lock); 1582 ret = lmrc_poll_mfi(lmrc, mfi, LMRC_INTERNAL_CMD_WAIT_TIME); 1583 mutex_exit(&mfi->mfi_lock); 1584 1585 if (ret != DDI_SUCCESS) { 1586 if (hdr->mh_cmd_status != MFI_STAT_INVALID_STATUS) 1587 dev_err(lmrc->l_dip, CE_WARN, 1588 "!IOC Init failed, status = 0x%x", 1589 hdr->mh_cmd_status); 1590 } 1591 1592 lmrc_dma_free(&dma); 1593 lmrc_put_mfi(mfi); 1594 1595 return (ret); 1596 } 1597 1598 /* 1599 * lmrc_get_ctrl_info 1600 * 1601 * Build a MFI DCMD to get controller information from FW. Update the copy in 1602 * the soft state. 1603 */ 1604 static int 1605 lmrc_get_ctrl_info(lmrc_t *lmrc) 1606 { 1607 lmrc_ctrl_info_t *ci = lmrc->l_ctrl_info; 1608 lmrc_mfi_cmd_t *mfi; 1609 int ret; 1610 1611 mfi = lmrc_get_dcmd(lmrc, MFI_FRAME_DIR_READ, LMRC_DCMD_CTRL_GET_INFO, 1612 sizeof (lmrc_ctrl_info_t), 1); 1613 1614 if (mfi == NULL) 1615 return (DDI_FAILURE); 1616 1617 ret = lmrc_issue_blocked_mfi(lmrc, mfi); 1618 1619 if (ret != DDI_SUCCESS) 1620 goto out; 1621 1622 (void) ddi_dma_sync(mfi->mfi_data_dma.ld_hdl, 0, 1623 mfi->mfi_data_dma.ld_len, DDI_DMA_SYNC_FORKERNEL); 1624 bcopy(mfi->mfi_data_dma.ld_buf, ci, sizeof (lmrc_ctrl_info_t)); 1625 1626 out: 1627 lmrc_put_dcmd(lmrc, mfi); 1628 return (ret); 1629 } 1630 1631 /* 1632 * lmrc_fw_init 1633 * 1634 * Complete firmware initialization. At this point, we can already send MFI 1635 * commands. so we can start by getting the controller information from the 1636 * firmware and set up things in our soft state. Next we issue the commands 1637 * to get the PD map and RAID map, which will complete asynchronously when 1638 * new information is available and then re-send themselves. 1639 */ 1640 int 1641 lmrc_fw_init(lmrc_t *lmrc) 1642 { 1643 int drv_max_lds = LMRC_MAX_LOGICAL_DRIVES; 1644 lmrc_ctrl_info_t *ci = lmrc->l_ctrl_info; 1645 int ret; 1646 1647 ret = lmrc_get_ctrl_info(lmrc); 1648 if (ret != DDI_SUCCESS) { 1649 dev_err(lmrc->l_dip, CE_WARN, "!Unable to get FW ctrl info."); 1650 return (DDI_FAILURE); 1651 } 1652 1653 lmrc->l_disable_online_ctrl_reset = 1654 ci->ci_prop.cp_disable_online_ctrl_reset == 1; 1655 1656 lmrc->l_max_256_vd_support = 1657 ci->ci_adapter_opts3.ao3_support_max_ext_lds == 1; 1658 1659 if (ci->ci_max_lds > 64) { 1660 lmrc->l_max_256_vd_support = B_TRUE; 1661 drv_max_lds = LMRC_MAX_LOGICAL_DRIVES_EXT; 1662 } 1663 1664 lmrc->l_fw_supported_vd_count = min(ci->ci_max_lds, drv_max_lds); 1665 1666 lmrc->l_fw_supported_pd_count = min(ci->ci_max_pds, LMRC_MAX_PHYS_DEV); 1667 1668 lmrc->l_max_map_sz = lmrc->l_current_map_sz = 1669 lmrc->l_max_raid_map_sz * LMRC_MIN_MAP_SIZE; 1670 1671 lmrc->l_use_seqnum_jbod_fp = 1672 ci->ci_adapter_opts3.ao3_use_seq_num_jbod_FP != 0; 1673 1674 lmrc->l_pdmap_tgtid_support = 1675 ci->ci_adapter_opts4.ao4_support_pd_map_target_id != 0; 1676 1677 return (DDI_SUCCESS); 1678 } 1679 1680 1681 /* 1682 * lmrc_ctrl_shutdown 1683 * 1684 * Called by lmrc_quiesce() to send a shutdown command to the controller. 1685 * Cannot use locks, therefore cannot use lmrc_get_dcmd() or lmrc_get_mfi(). 1686 */ 1687 int 1688 lmrc_ctrl_shutdown(lmrc_t *lmrc) 1689 { 1690 lmrc_mfi_cmd_t *mfi = list_remove_head(&lmrc->l_mfi_cmd_list); 1691 lmrc_mfi_header_t *hdr; 1692 lmrc_mfi_dcmd_payload_t *dcmd; 1693 1694 if (mfi == NULL) 1695 return (DDI_FAILURE); 1696 1697 hdr = &mfi->mfi_frame->mf_hdr; 1698 dcmd = &mfi->mfi_frame->mf_dcmd; 1699 1700 hdr->mh_cmd = MFI_CMD_DCMD; 1701 hdr->mh_flags = MFI_FRAME_DONT_POST_IN_REPLY_QUEUE; 1702 dcmd->md_opcode = LMRC_DCMD_CTRL_SHUTDOWN; 1703 1704 lmrc_disable_intr(lmrc); 1705 lmrc_issue_mfi(lmrc, mfi, NULL); 1706 1707 return (DDI_SUCCESS); 1708 } 1709 1710 /* 1711 * driver target state management 1712 * 1713 * The soft state of the controller instance keeps a pre-allocated array of 1714 * target structures for all possible targets, even though only a small number 1715 * of them are likely to be used. Each target structure contains back link to 1716 * the soft state and a mutex, which are never cleared or changed when a target 1717 * is added or removed. 1718 */ 1719 1720 /* 1721 * lmrc_tgt_init 1722 * 1723 * Initialize the tgt structure for a newly discovered tgt. The same tgt 1724 * structure is used for PDs and LDs, the distinction can be made by the 1725 * presence or absence of tgt_pd_info. LDs are always of type disk, the type 1726 * of PDs is taken from their pd_info. If a device has no SAS WWN, we'll fake 1727 * the interconnect type to be PARALLEL to make sure device address isn't 1728 * misunderstood as a WWN by devfsadm. 1729 */ 1730 void 1731 lmrc_tgt_init(lmrc_tgt_t *tgt, uint16_t dev_id, char *addr, 1732 lmrc_pd_info_t *pd_info) 1733 { 1734 rw_enter(&tgt->tgt_lock, RW_WRITER); 1735 1736 bzero(&tgt->tgt_dev_id, 1737 sizeof (lmrc_tgt_t) - offsetof(lmrc_tgt_t, tgt_dev_id)); 1738 1739 tgt->tgt_dev_id = dev_id; 1740 tgt->tgt_pd_info = pd_info; 1741 tgt->tgt_interconnect_type = INTERCONNECT_SAS; 1742 1743 if (pd_info == NULL) { 1744 tgt->tgt_type = DTYPE_DIRECT; 1745 } else { 1746 tgt->tgt_type = pd_info->pd_scsi_dev_type; 1747 } 1748 1749 (void) strlcpy(tgt->tgt_wwnstr, addr, sizeof (tgt->tgt_wwnstr)); 1750 if (scsi_wwnstr_to_wwn(tgt->tgt_wwnstr, &tgt->tgt_wwn) != DDI_SUCCESS) { 1751 tgt->tgt_interconnect_type = INTERCONNECT_PARALLEL; 1752 tgt->tgt_wwn = dev_id; 1753 } 1754 1755 rw_exit(&tgt->tgt_lock); 1756 } 1757 1758 /* 1759 * lmrc_tgt_clear 1760 * 1761 * Reset the tgt structure of a target which is no longer present. 1762 */ 1763 void 1764 lmrc_tgt_clear(lmrc_tgt_t *tgt) 1765 { 1766 rw_enter(&tgt->tgt_lock, RW_WRITER); 1767 1768 if (tgt->tgt_pd_info != NULL) 1769 kmem_free(tgt->tgt_pd_info, sizeof (lmrc_pd_info_t)); 1770 1771 bzero(&tgt->tgt_dev_id, 1772 sizeof (lmrc_tgt_t) - offsetof(lmrc_tgt_t, tgt_dev_id)); 1773 tgt->tgt_dev_id = LMRC_DEVHDL_INVALID; 1774 rw_exit(&tgt->tgt_lock); 1775 } 1776 1777 /* 1778 * lmrc_tgt_find 1779 * 1780 * Walk the target list and find a tgt matching the given scsi_device. 1781 * Return the tgt read-locked. The targets_lock mutex must be held the 1782 * whole time. 1783 */ 1784 lmrc_tgt_t * 1785 lmrc_tgt_find(lmrc_t *lmrc, struct scsi_device *sd) 1786 { 1787 const char *ua = scsi_device_unit_address(sd); 1788 char *comma, wwnstr[SCSI_WWN_BUFLEN]; 1789 uint64_t wwn; 1790 unsigned long tgtid; 1791 lmrc_tgt_t *tgt; 1792 size_t i; 1793 1794 VERIFY(ua != NULL); 1795 1796 (void) strlcpy(wwnstr, ua, sizeof (wwnstr)); 1797 1798 /* 1799 * If the unit address is a valid target ID and within range for 1800 * VD IDs, use that. 1801 */ 1802 if (ddi_strtoul(wwnstr, &comma, 10, &tgtid) == 0 && 1803 *comma == ',' && 1804 tgtid <= lmrc->l_fw_supported_vd_count) { 1805 tgt = &lmrc->l_targets[tgtid]; 1806 1807 rw_enter(&tgt->tgt_lock, RW_READER); 1808 if (tgt->tgt_dev_id == tgtid && 1809 tgt->tgt_wwn == tgtid) { 1810 return (tgt); 1811 } 1812 rw_exit(&tgt->tgt_lock); 1813 } 1814 1815 /* Chop off ",lun" as scsi_wwnstr_to_wwn() can't handle it. */ 1816 comma = strchr(wwnstr, ','); 1817 if (comma != NULL) 1818 *comma = '\0'; 1819 1820 /* Else, if unit address is a valid WWN, look for that. */ 1821 if (scsi_wwnstr_to_wwn(wwnstr, &wwn) == DDI_SUCCESS) { 1822 for (i = 0; i < ARRAY_SIZE(lmrc->l_targets); i++) { 1823 tgt = &lmrc->l_targets[i]; 1824 1825 rw_enter(&tgt->tgt_lock, RW_READER); 1826 if (tgt->tgt_wwn == wwn) { 1827 return (tgt); 1828 } 1829 rw_exit(&tgt->tgt_lock); 1830 } 1831 } else { 1832 /* Do it the hard way and compare wwnstr. */ 1833 for (i = 0; i < ARRAY_SIZE(lmrc->l_targets); i++) { 1834 tgt = &lmrc->l_targets[i]; 1835 1836 rw_enter(&tgt->tgt_lock, RW_READER); 1837 if (strcmp(tgt->tgt_wwnstr, wwnstr) == 0) { 1838 return (tgt); 1839 } 1840 rw_exit(&tgt->tgt_lock); 1841 } 1842 } 1843 1844 return (NULL); 1845 } 1846 1847 /* 1848 * MPT/MFI command management 1849 * 1850 * For each kind of command, MFI and MPT, the driver keeps an array of pre- 1851 * allocated and pre-initialized commands. Additionally, it keeps two lists of 1852 * currently unused commands. A set of functions is provided for each list to 1853 * get and put commands from/to the list. Commands are initialized during get(), 1854 * because having completed commands on the list can help in certain cases 1855 * during debugging. 1856 * 1857 * MPT commands in use for I/O are kept on a active command list of the target 1858 * they are addressing. All other types of commands are not kept on any list 1859 * while they are being processed by the hardware. When walking the command 1860 * arrays, busy commands not associated with a target can be distinguished by 1861 * not being linked on any list. 1862 */ 1863 1864 /* 1865 * lmrc_get_mpt 1866 * 1867 * Get a MPT command from the list and initialize it. Return the command locked. 1868 */ 1869 lmrc_mpt_cmd_t * 1870 lmrc_get_mpt(lmrc_t *lmrc) 1871 { 1872 lmrc_mpt_cmd_t *mpt; 1873 Mpi25SCSIIORequest_t *io_req; 1874 1875 mutex_enter(&lmrc->l_mpt_cmd_lock); 1876 mpt = list_remove_head(&lmrc->l_mpt_cmd_list); 1877 mutex_exit(&lmrc->l_mpt_cmd_lock); 1878 VERIFY(mpt != NULL); 1879 1880 mutex_enter(&mpt->mpt_lock); 1881 bzero(mpt->mpt_io_frame, LMRC_MPI2_RAID_DEFAULT_IO_FRAME_SIZE); 1882 bzero(mpt->mpt_chain_dma.ld_buf, mpt->mpt_chain_dma.ld_len); 1883 bzero(mpt->mpt_sense_dma.ld_buf, mpt->mpt_sense_dma.ld_len); 1884 1885 mpt->mpt_mfi = NULL; 1886 mpt->mpt_pkt = NULL; 1887 1888 /* Set the offset of the SGL entries inside the MPT command. */ 1889 io_req = mpt->mpt_io_frame; 1890 io_req->SGLOffset0 = offsetof(Mpi25SCSIIORequest_t, SGL) / 4; 1891 1892 mpt->mpt_complete = B_FALSE; 1893 cv_init(&mpt->mpt_cv, NULL, CV_DRIVER, NULL); 1894 1895 return (mpt); 1896 } 1897 1898 /* 1899 * lmrc_put_mpt 1900 * 1901 * Put a MPT command back on the list. Destroy the CV, thereby 1902 * asserting that no one is waiting on it. 1903 */ 1904 void 1905 lmrc_put_mpt(lmrc_mpt_cmd_t *mpt) 1906 { 1907 lmrc_t *lmrc = mpt->mpt_lmrc; 1908 1909 VERIFY(lmrc != NULL); 1910 1911 ASSERT0(list_link_active(&mpt->mpt_node)); 1912 ASSERT(mutex_owned(&mpt->mpt_lock)); 1913 cv_destroy(&mpt->mpt_cv); 1914 1915 mutex_enter(&lmrc->l_mpt_cmd_lock); 1916 list_insert_tail(&lmrc->l_mpt_cmd_list, mpt); 1917 mutex_exit(&lmrc->l_mpt_cmd_lock); 1918 mutex_exit(&mpt->mpt_lock); 1919 } 1920 1921 /* 1922 * lmrc_get_mfi 1923 * 1924 * Get a MFI command from the list and initialize it. 1925 */ 1926 lmrc_mfi_cmd_t * 1927 lmrc_get_mfi(lmrc_t *lmrc) 1928 { 1929 lmrc_mfi_cmd_t *mfi; 1930 1931 mutex_enter(&lmrc->l_mfi_cmd_lock); 1932 mfi = list_remove_head(&lmrc->l_mfi_cmd_list); 1933 mutex_exit(&lmrc->l_mfi_cmd_lock); 1934 VERIFY(mfi != NULL); 1935 1936 mutex_enter(&mfi->mfi_lock); 1937 bzero(mfi->mfi_frame, sizeof (lmrc_mfi_frame_t)); 1938 mfi->mfi_frame->mf_hdr.mh_context = mfi->mfi_idx; 1939 mfi->mfi_callback = NULL; 1940 mfi->mfi_mpt = NULL; 1941 1942 cv_init(&mfi->mfi_cv, NULL, CV_DRIVER, NULL); 1943 mutex_exit(&mfi->mfi_lock); 1944 1945 return (mfi); 1946 } 1947 1948 /* 1949 * lmrc_put_mfi 1950 * 1951 * Put a MFI command back on the list. Destroy the CV, thereby 1952 * asserting that no one is waiting on it. 1953 */ 1954 void 1955 lmrc_put_mfi(lmrc_mfi_cmd_t *mfi) 1956 { 1957 lmrc_t *lmrc = mfi->mfi_lmrc; 1958 1959 VERIFY(lmrc != NULL); 1960 1961 ASSERT0(list_link_active(&mfi->mfi_node)); 1962 1963 mutex_enter(&mfi->mfi_lock); 1964 if (mfi->mfi_mpt != NULL) { 1965 mutex_enter(&mfi->mfi_mpt->mpt_lock); 1966 lmrc_put_mpt(mfi->mfi_mpt); 1967 } 1968 1969 cv_destroy(&mfi->mfi_cv); 1970 1971 mutex_enter(&lmrc->l_mfi_cmd_lock); 1972 list_insert_tail(&lmrc->l_mfi_cmd_list, mfi); 1973 mutex_exit(&lmrc->l_mfi_cmd_lock); 1974 mutex_exit(&mfi->mfi_lock); 1975 } 1976 1977 /* 1978 * lmrc_abort_outstanding_mfi 1979 * 1980 * Walk the MFI cmd array and abort each command which is still outstanding, 1981 * which is indicated by not being linked on l_mfi_cmd_list. 1982 * 1983 * As a special case, if the FW is in fault state, just call each commands 1984 * completion callback. 1985 */ 1986 int 1987 lmrc_abort_outstanding_mfi(lmrc_t *lmrc, const size_t ncmd) 1988 { 1989 int ret; 1990 int i; 1991 1992 for (i = 0; i < ncmd; i++) { 1993 lmrc_mfi_cmd_t *mfi = lmrc->l_mfi_cmds[i]; 1994 1995 mutex_enter(&mfi->mfi_lock); 1996 if (list_link_active(&mfi->mfi_node)) { 1997 mutex_exit(&mfi->mfi_lock); 1998 continue; 1999 } 2000 2001 /* 2002 * If the FW is faulted, wake up anyone waiting on the command 2003 * to clean it up. 2004 */ 2005 if (lmrc->l_fw_fault) { 2006 if (mfi->mfi_callback != NULL) 2007 mfi->mfi_callback(lmrc, mfi); 2008 mutex_exit(&mfi->mfi_lock); 2009 continue; 2010 } 2011 2012 ret = lmrc_abort_cmd(lmrc, mfi); 2013 mutex_exit(&mfi->mfi_lock); 2014 if (ret != DDI_SUCCESS) 2015 return (ret); 2016 2017 lmrc_dma_free(&mfi->mfi_data_dma); 2018 lmrc_put_mfi(mfi); 2019 } 2020 2021 return (DDI_SUCCESS); 2022 } 2023 2024 /* 2025 * lmrc_get_dcmd 2026 * 2027 * Build a MFI DCMD with DMA memory for data transfers. 2028 */ 2029 lmrc_mfi_cmd_t * 2030 lmrc_get_dcmd(lmrc_t *lmrc, uint16_t flags, uint32_t opcode, uint32_t xferlen, 2031 uint_t align) 2032 { 2033 lmrc_mfi_cmd_t *mfi = lmrc_get_mfi(lmrc); 2034 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 2035 lmrc_mfi_dcmd_payload_t *dcmd = &mfi->mfi_frame->mf_dcmd; 2036 lmrc_dma_t *dma = &mfi->mfi_data_dma; 2037 int ret; 2038 2039 hdr->mh_cmd = MFI_CMD_DCMD; 2040 hdr->mh_flags = flags; 2041 2042 dcmd->md_opcode = opcode; 2043 2044 if ((flags & MFI_FRAME_DIR_READ) != 0 || 2045 (flags & MFI_FRAME_DIR_WRITE) != 0) { 2046 ret = lmrc_dma_alloc(lmrc, lmrc->l_dma_attr, dma, xferlen, 2047 align, DDI_DMA_CONSISTENT); 2048 if (ret != DDI_SUCCESS) { 2049 lmrc_put_mfi(mfi); 2050 return (NULL); 2051 } 2052 2053 hdr->mh_flags |= MFI_FRAME_SGL64; 2054 hdr->mh_sge_count = 1; 2055 hdr->mh_data_xfer_len = lmrc_dma_get_size(dma); 2056 2057 dcmd->md_sgl.ms64_length = lmrc_dma_get_size(dma); 2058 lmrc_dma_set_addr64(dma, &dcmd->md_sgl.ms64_phys_addr); 2059 } 2060 2061 return (mfi); 2062 } 2063 2064 /* 2065 * lmrc_put_dcmd 2066 * 2067 * Free the DMA memory of a MFI DCMD and return the command back on the list. 2068 */ 2069 void 2070 lmrc_put_dcmd(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi) 2071 { 2072 lmrc_dma_free(&mfi->mfi_data_dma); 2073 lmrc_put_mfi(mfi); 2074 } 2075 2076 2077 /* 2078 * Asynchronous Event Notifications 2079 */ 2080 /* 2081 * lmrc_get_event_log_info 2082 * 2083 * Get the Event Log Info from the firmware. 2084 */ 2085 static int 2086 lmrc_get_event_log_info(lmrc_t *lmrc, lmrc_evt_log_info_t *eli) 2087 { 2088 lmrc_mfi_cmd_t *mfi; 2089 int ret; 2090 2091 mfi = lmrc_get_dcmd(lmrc, MFI_FRAME_DIR_READ, 2092 LMRC_DCMD_CTRL_EVENT_GET_INFO, sizeof (lmrc_evt_log_info_t), 1); 2093 2094 if (mfi == NULL) 2095 return (DDI_FAILURE); 2096 2097 ret = lmrc_issue_blocked_mfi(lmrc, mfi); 2098 2099 if (ret != DDI_SUCCESS) 2100 goto out; 2101 2102 bcopy(mfi->mfi_data_dma.ld_buf, eli, sizeof (lmrc_evt_log_info_t)); 2103 2104 out: 2105 lmrc_put_dcmd(lmrc, mfi); 2106 return (ret); 2107 } 2108 2109 /* 2110 * lmrc_aen_handler 2111 * 2112 * Check the event code and handle it as needed. In the case of PD or LD related 2113 * events, invoke their special handlers. 2114 */ 2115 static void 2116 lmrc_aen_handler(void *arg) 2117 { 2118 lmrc_mfi_cmd_t *mfi = arg; 2119 lmrc_t *lmrc = mfi->mfi_lmrc; 2120 lmrc_evt_t *evt = mfi->mfi_data_dma.ld_buf; 2121 lmrc_mfi_dcmd_payload_t *dcmd = &mfi->mfi_frame->mf_dcmd; 2122 int ret = DDI_FAILURE; 2123 2124 /* Controller & Configuration specific events */ 2125 switch (evt->evt_code) { 2126 case LMRC_EVT_CFG_CLEARED: 2127 case LMRC_EVT_CTRL_HOST_BUS_SCAN_REQD: 2128 case LMRC_EVT_FOREIGN_CFG_IMPORTED: 2129 ret = lmrc_get_pd_list(lmrc); 2130 if (ret != DDI_SUCCESS) 2131 break; 2132 2133 ret = lmrc_get_ld_list(lmrc); 2134 break; 2135 2136 case LMRC_EVT_CTRL_PROP_CHANGED: 2137 ret = lmrc_get_ctrl_info(lmrc); 2138 break; 2139 2140 case LMRC_EVT_CTRL_PATROL_READ_START: 2141 case LMRC_EVT_CTRL_PATROL_READ_RESUMED: 2142 case LMRC_EVT_CTRL_PATROL_READ_COMPLETE: 2143 case LMRC_EVT_CTRL_PATROL_READ_CANT_START: 2144 case LMRC_EVT_CTRL_PERF_COLLECTION: 2145 case LMRC_EVT_CTRL_BOOTDEV_SET: 2146 case LMRC_EVT_CTRL_BOOTDEV_RESET: 2147 case LMRC_EVT_CTRL_PERSONALITY_CHANGE: 2148 case LMRC_EVT_CTRL_PERSONALITY_CHANGE_PEND: 2149 case LMRC_EVT_CTRL_NR_OF_VALID_SNAPDUMP: 2150 break; 2151 2152 default: 2153 /* LD-specific events */ 2154 if ((evt->evt_locale & LMRC_EVT_LOCALE_LD) != 0) 2155 ret = lmrc_raid_aen_handler(lmrc, evt); 2156 2157 /* PD-specific events */ 2158 else if ((evt->evt_locale & LMRC_EVT_LOCALE_PD) != 0) 2159 ret = lmrc_phys_aen_handler(lmrc, evt); 2160 2161 if (ret != DDI_SUCCESS) { 2162 dev_err(lmrc->l_dip, CE_NOTE, "!unknown AEN received, " 2163 "seqnum = %d, timestamp = %d, code = %x, " 2164 "locale = %x, class = %d, argtype = %d", 2165 evt->evt_seqnum, evt->evt_timestamp, evt->evt_code, 2166 evt->evt_locale, evt->evt_class, evt->evt_argtype); 2167 } 2168 } 2169 2170 dev_err(lmrc->l_dip, CE_NOTE, "!%s", evt->evt_descr); 2171 2172 /* 2173 * Just reuse the command in its entirety. Increase the sequence 2174 * number. 2175 */ 2176 dcmd->md_mbox_32[0] = evt->evt_seqnum + 1; 2177 mutex_enter(&mfi->mfi_lock); 2178 mutex_enter(&mfi->mfi_mpt->mpt_lock); 2179 lmrc_issue_mfi(lmrc, mfi, lmrc_complete_aen); 2180 mutex_exit(&mfi->mfi_mpt->mpt_lock); 2181 mutex_exit(&mfi->mfi_lock); 2182 } 2183 2184 /* 2185 * lmrc_complete_aen 2186 * 2187 * An AEN was received, so schedule a taskq to process it. 2188 */ 2189 static void 2190 lmrc_complete_aen(lmrc_t *lmrc, lmrc_mfi_cmd_t *mfi) 2191 { 2192 lmrc_mfi_header_t *hdr = &mfi->mfi_frame->mf_hdr; 2193 2194 ASSERT(mutex_owned(&mfi->mfi_lock)); 2195 2196 if (hdr->mh_cmd_status != MFI_STAT_OK) { 2197 /* Was the command aborted? */ 2198 if (hdr->mh_cmd_status == MFI_STAT_NOT_FOUND) 2199 return; 2200 2201 dev_err(lmrc->l_dip, CE_WARN, 2202 "!AEN failed, status = %d", 2203 hdr->mh_cmd_status); 2204 taskq_dispatch_ent(lmrc->l_taskq, (task_func_t *)lmrc_put_mfi, 2205 mfi, TQ_NOSLEEP, &mfi->mfi_tqent); 2206 return; 2207 } 2208 2209 taskq_dispatch_ent(lmrc->l_taskq, lmrc_aen_handler, mfi, TQ_NOSLEEP, 2210 &mfi->mfi_tqent); 2211 } 2212 2213 /* 2214 * lmrc_register_aen 2215 * 2216 * In FreeBSD, this function checks for an existing AEN. If its class and locale 2217 * already include what is requested here they just return. In the other case, 2218 * the existing AEN is aborted and a new one is created, which includes 2219 * the previous locale and class and new ones. 2220 * 2221 * Given that the driver (same as in FreeBSD) calls this function during attach 2222 * to create an AEN with LOCALE_ALL and CLASS_DEBUG, all of this would be dead 2223 * code anyway. 2224 */ 2225 static int 2226 lmrc_register_aen(lmrc_t *lmrc, uint32_t seqnum) 2227 { 2228 lmrc_evt_class_locale_t ecl = { 2229 .ecl_class = LMRC_EVT_CLASS_DEBUG, 2230 .ecl_locale = LMRC_EVT_LOCALE_ALL 2231 }; 2232 2233 lmrc_mfi_cmd_t *mfi; 2234 lmrc_mfi_dcmd_payload_t *dcmd; 2235 2236 mfi = lmrc_get_dcmd(lmrc, MFI_FRAME_DIR_READ, LMRC_DCMD_CTRL_EVENT_WAIT, 2237 sizeof (lmrc_evt_t), 1); 2238 2239 if (mfi == NULL) 2240 return (DDI_FAILURE); 2241 2242 dcmd = &mfi->mfi_frame->mf_dcmd; 2243 dcmd->md_mbox_32[0] = seqnum; 2244 dcmd->md_mbox_32[1] = ecl.ecl_word; 2245 2246 mutex_enter(&mfi->mfi_lock); 2247 lmrc_issue_mfi(lmrc, mfi, lmrc_complete_aen); 2248 mutex_exit(&mfi->mfi_lock); 2249 2250 return (DDI_SUCCESS); 2251 } 2252 2253 /* 2254 * lmrc_start_aen 2255 * 2256 * Set up and enable AEN processing. 2257 */ 2258 int 2259 lmrc_start_aen(lmrc_t *lmrc) 2260 { 2261 lmrc_evt_log_info_t eli; 2262 int ret; 2263 2264 bzero(&eli, sizeof (eli)); 2265 2266 /* Get the latest sequence number from the Event Log Info. */ 2267 ret = lmrc_get_event_log_info(lmrc, &eli); 2268 if (ret != DDI_SUCCESS) 2269 return (ret); 2270 2271 /* Register AEN with FW for latest sequence number + 1. */ 2272 ret = lmrc_register_aen(lmrc, eli.eli_newest_seqnum + 1); 2273 return (ret); 2274 } 2275