1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD AND BSD-2-Clause NetBSD
3 *
4 * Copyright (c) 2004 Scott Long
5 * Copyright (c) 2005, 2008 Marius Strobl <[email protected]>
6 * All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 */
30
31 /* $NetBSD: ncr53c9x.c,v 1.145 2012/06/18 21:23:56 martin Exp $ */
32
33 /*-
34 * Copyright (c) 1998, 2002 The NetBSD Foundation, Inc.
35 * All rights reserved.
36 *
37 * This code is derived from software contributed to The NetBSD Foundation
38 * by Charles M. Hannum.
39 *
40 * Redistribution and use in source and binary forms, with or without
41 * modification, are permitted provided that the following conditions
42 * are met:
43 * 1. Redistributions of source code must retain the above copyright
44 * notice, this list of conditions and the following disclaimer.
45 * 2. Redistributions in binary form must reproduce the above copyright
46 * notice, this list of conditions and the following disclaimer in the
47 * documentation and/or other materials provided with the distribution.
48 *
49 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
50 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
51 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
52 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
53 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
54 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
55 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
56 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
57 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
58 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
59 * POSSIBILITY OF SUCH DAMAGE.
60 */
61
62 /*-
63 * Copyright (c) 1994 Peter Galbavy
64 * Copyright (c) 1995 Paul Kranenburg
65 * All rights reserved.
66 *
67 * Redistribution and use in source and binary forms, with or without
68 * modification, are permitted provided that the following conditions
69 * are met:
70 * 1. Redistributions of source code must retain the above copyright
71 * notice, this list of conditions and the following disclaimer.
72 * 2. Redistributions in binary form must reproduce the above copyright
73 * notice, this list of conditions and the following disclaimer in the
74 * documentation and/or other materials provided with the distribution.
75 * 3. All advertising materials mentioning features or use of this software
76 * must display the following acknowledgement:
77 * This product includes software developed by Peter Galbavy
78 * 4. The name of the author may not be used to endorse or promote products
79 * derived from this software without specific prior written permission.
80 *
81 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
82 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
83 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
84 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
85 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
86 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
87 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
88 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
89 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
90 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
91 * POSSIBILITY OF SUCH DAMAGE.
92 */
93
94 /*
95 * Based on aic6360 by Jarle Greipsland
96 *
97 * Acknowledgements: Many of the algorithms used in this driver are
98 * inspired by the work of Julian Elischer ([email protected]) and
99 * Charles Hannum ([email protected]). Thanks a million!
100 */
101
102 #include <sys/cdefs.h>
103 __FBSDID("$FreeBSD$");
104
105 #include <sys/param.h>
106 #include <sys/systm.h>
107 #include <sys/bus.h>
108 #include <sys/kernel.h>
109 #include <sys/malloc.h>
110 #include <sys/lock.h>
111 #include <sys/module.h>
112 #include <sys/mutex.h>
113 #include <sys/queue.h>
114 #include <sys/time.h>
115 #include <sys/callout.h>
116
117 #include <cam/cam.h>
118 #include <cam/cam_ccb.h>
119 #include <cam/cam_debug.h>
120 #include <cam/cam_sim.h>
121 #include <cam/cam_xpt_sim.h>
122 #include <cam/scsi/scsi_all.h>
123 #include <cam/scsi/scsi_message.h>
124
125 #include <dev/esp/ncr53c9xreg.h>
126 #include <dev/esp/ncr53c9xvar.h>
127
128 devclass_t esp_devclass;
129
130 MODULE_DEPEND(esp, cam, 1, 1, 1);
131
132 #ifdef NCR53C9X_DEBUG
133 int ncr53c9x_debug =
134 NCR_SHOWMISC /* | NCR_SHOWPHASE | NCR_SHOWTRAC | NCR_SHOWCMDS */;
135 #endif
136
137 static void ncr53c9x_abort(struct ncr53c9x_softc *sc,
138 struct ncr53c9x_ecb *ecb);
139 static void ncr53c9x_action(struct cam_sim *sim, union ccb *ccb);
140 static void ncr53c9x_async(void *cbarg, uint32_t code,
141 struct cam_path *path, void *arg);
142 static void ncr53c9x_callout(void *arg);
143 static void ncr53c9x_clear(struct ncr53c9x_softc *sc, cam_status result);
144 static void ncr53c9x_clear_target(struct ncr53c9x_softc *sc, int target,
145 cam_status result);
146 static void ncr53c9x_dequeue(struct ncr53c9x_softc *sc,
147 struct ncr53c9x_ecb *ecb);
148 static void ncr53c9x_done(struct ncr53c9x_softc *sc,
149 struct ncr53c9x_ecb *ecb);
150 static void ncr53c9x_free_ecb(struct ncr53c9x_softc *sc,
151 struct ncr53c9x_ecb *ecb);
152 static void ncr53c9x_msgin(struct ncr53c9x_softc *sc);
153 static void ncr53c9x_msgout(struct ncr53c9x_softc *sc);
154 static void ncr53c9x_init(struct ncr53c9x_softc *sc, int doreset);
155 static void ncr53c9x_intr1(struct ncr53c9x_softc *sc);
156 static void ncr53c9x_poll(struct cam_sim *sim);
157 static int ncr53c9x_rdfifo(struct ncr53c9x_softc *sc, int how);
158 static int ncr53c9x_reselect(struct ncr53c9x_softc *sc, int message,
159 int tagtype, int tagid);
160 static void ncr53c9x_reset(struct ncr53c9x_softc *sc);
161 static void ncr53c9x_sense(struct ncr53c9x_softc *sc,
162 struct ncr53c9x_ecb *ecb);
163 static void ncr53c9x_sched(struct ncr53c9x_softc *sc);
164 static void ncr53c9x_select(struct ncr53c9x_softc *sc,
165 struct ncr53c9x_ecb *ecb);
166 static void ncr53c9x_watch(void *arg);
167 static void ncr53c9x_wrfifo(struct ncr53c9x_softc *sc, uint8_t *p,
168 int len);
169
170 static struct ncr53c9x_ecb *ncr53c9x_get_ecb(struct ncr53c9x_softc *sc);
171 static struct ncr53c9x_linfo *ncr53c9x_lunsearch(struct ncr53c9x_tinfo *sc,
172 int64_t lun);
173
174 static inline void ncr53c9x_readregs(struct ncr53c9x_softc *sc);
175 static inline void ncr53c9x_setsync(struct ncr53c9x_softc *sc,
176 struct ncr53c9x_tinfo *ti);
177 static inline int ncr53c9x_stp2cpb(struct ncr53c9x_softc *sc,
178 int period);
179
180 #define NCR_RDFIFO_START 0
181 #define NCR_RDFIFO_CONTINUE 1
182
183 #define NCR_SET_COUNT(sc, size) do { \
184 NCR_WRITE_REG((sc), NCR_TCL, (size)); \
185 NCR_WRITE_REG((sc), NCR_TCM, (size) >> 8); \
186 if ((sc->sc_features & NCR_F_LARGEXFER) != 0) \
187 NCR_WRITE_REG((sc), NCR_TCH, (size) >> 16); \
188 if (sc->sc_rev == NCR_VARIANT_FAS366) \
189 NCR_WRITE_REG(sc, NCR_RCH, 0); \
190 } while (/* CONSTCOND */0)
191
192 #ifndef mstohz
193 #define mstohz(ms) \
194 (((ms) < 0x20000) ? \
195 ((ms +0u) / 1000u) * hz : \
196 ((ms +0u) * hz) /1000u)
197 #endif
198
199 /*
200 * Names for the NCR53c9x variants, corresponding to the variant tags
201 * in ncr53c9xvar.h.
202 */
203 static const char *ncr53c9x_variant_names[] = {
204 "ESP100",
205 "ESP100A",
206 "ESP200",
207 "NCR53C94",
208 "NCR53C96",
209 "ESP406",
210 "FAS408",
211 "FAS216",
212 "AM53C974",
213 "FAS366/HME",
214 "NCR53C90 (86C01)",
215 "FAS100A",
216 "FAS236",
217 };
218
219 /*
220 * Search linked list for LUN info by LUN id.
221 */
222 static struct ncr53c9x_linfo *
ncr53c9x_lunsearch(struct ncr53c9x_tinfo * ti,int64_t lun)223 ncr53c9x_lunsearch(struct ncr53c9x_tinfo *ti, int64_t lun)
224 {
225 struct ncr53c9x_linfo *li;
226
227 LIST_FOREACH(li, &ti->luns, link)
228 if (li->lun == lun)
229 return (li);
230 return (NULL);
231 }
232
233 /*
234 * Attach this instance, and then all the sub-devices.
235 */
236 int
ncr53c9x_attach(struct ncr53c9x_softc * sc)237 ncr53c9x_attach(struct ncr53c9x_softc *sc)
238 {
239 struct cam_devq *devq;
240 struct cam_sim *sim;
241 struct cam_path *path;
242 struct ncr53c9x_ecb *ecb;
243 int error, i;
244
245 if (NCR_LOCK_INITIALIZED(sc) == 0) {
246 device_printf(sc->sc_dev, "mutex not initialized\n");
247 return (ENXIO);
248 }
249
250 callout_init_mtx(&sc->sc_watchdog, &sc->sc_lock, 0);
251
252 /*
253 * Note, the front-end has set us up to print the chip variation.
254 */
255 if (sc->sc_rev >= NCR_VARIANT_MAX) {
256 device_printf(sc->sc_dev, "unknown variant %d, devices not "
257 "attached\n", sc->sc_rev);
258 return (EINVAL);
259 }
260
261 device_printf(sc->sc_dev, "%s, %d MHz, SCSI ID %d\n",
262 ncr53c9x_variant_names[sc->sc_rev], sc->sc_freq, sc->sc_id);
263
264 sc->sc_ntarg = (sc->sc_rev == NCR_VARIANT_FAS366) ? 16 : 8;
265
266 /*
267 * Allocate SCSI message buffers.
268 * Front-ends can override allocation to avoid alignment
269 * handling in the DMA engines. Note that ncr53c9x_msgout()
270 * can request a 1 byte DMA transfer.
271 */
272 if (sc->sc_omess == NULL) {
273 sc->sc_omess_self = 1;
274 sc->sc_omess = malloc(NCR_MAX_MSG_LEN, M_DEVBUF, M_NOWAIT);
275 if (sc->sc_omess == NULL) {
276 device_printf(sc->sc_dev,
277 "cannot allocate MSGOUT buffer\n");
278 return (ENOMEM);
279 }
280 } else
281 sc->sc_omess_self = 0;
282
283 if (sc->sc_imess == NULL) {
284 sc->sc_imess_self = 1;
285 sc->sc_imess = malloc(NCR_MAX_MSG_LEN + 1, M_DEVBUF, M_NOWAIT);
286 if (sc->sc_imess == NULL) {
287 device_printf(sc->sc_dev,
288 "cannot allocate MSGIN buffer\n");
289 error = ENOMEM;
290 goto fail_omess;
291 }
292 } else
293 sc->sc_imess_self = 0;
294
295 sc->sc_tinfo = malloc(sc->sc_ntarg * sizeof(sc->sc_tinfo[0]),
296 M_DEVBUF, M_NOWAIT | M_ZERO);
297 if (sc->sc_tinfo == NULL) {
298 device_printf(sc->sc_dev,
299 "cannot allocate target info buffer\n");
300 error = ENOMEM;
301 goto fail_imess;
302 }
303
304 /*
305 * Treat NCR53C90 with the 86C01 DMA chip exactly as ESP100
306 * from now on.
307 */
308 if (sc->sc_rev == NCR_VARIANT_NCR53C90_86C01)
309 sc->sc_rev = NCR_VARIANT_ESP100;
310
311 sc->sc_ccf = FREQTOCCF(sc->sc_freq);
312
313 /* The value *must not* be == 1. Make it 2. */
314 if (sc->sc_ccf == 1)
315 sc->sc_ccf = 2;
316
317 /*
318 * The recommended timeout is 250ms. This register is loaded
319 * with a value calculated as follows, from the docs:
320 *
321 * (timeout period) x (CLK frequency)
322 * reg = -------------------------------------
323 * 8192 x (Clock Conversion Factor)
324 *
325 * Since CCF has a linear relation to CLK, this generally computes
326 * to the constant of 153.
327 */
328 sc->sc_timeout = ((250 * 1000) * sc->sc_freq) / (8192 * sc->sc_ccf);
329
330 /* The CCF register only has 3 bits; 0 is actually 8. */
331 sc->sc_ccf &= 7;
332
333 /*
334 * Register with CAM.
335 */
336 devq = cam_simq_alloc(sc->sc_ntarg);
337 if (devq == NULL) {
338 device_printf(sc->sc_dev, "cannot allocate device queue\n");
339 error = ENOMEM;
340 goto fail_tinfo;
341 }
342
343 sim = cam_sim_alloc(ncr53c9x_action, ncr53c9x_poll, "esp", sc,
344 device_get_unit(sc->sc_dev), &sc->sc_lock, 1, NCR_TAG_DEPTH, devq);
345 if (sim == NULL) {
346 device_printf(sc->sc_dev, "cannot allocate SIM entry\n");
347 error = ENOMEM;
348 goto fail_devq;
349 }
350
351 NCR_LOCK(sc);
352
353 if (xpt_bus_register(sim, sc->sc_dev, 0) != CAM_SUCCESS) {
354 device_printf(sc->sc_dev, "cannot register bus\n");
355 error = EIO;
356 goto fail_lock;
357 }
358
359 if (xpt_create_path(&path, NULL, cam_sim_path(sim),
360 CAM_TARGET_WILDCARD, CAM_LUN_WILDCARD) != CAM_REQ_CMP) {
361 device_printf(sc->sc_dev, "cannot create path\n");
362 error = EIO;
363 goto fail_bus;
364 }
365
366 if (xpt_register_async(AC_LOST_DEVICE, ncr53c9x_async, sim, path) !=
367 CAM_REQ_CMP) {
368 device_printf(sc->sc_dev, "cannot register async handler\n");
369 error = EIO;
370 goto fail_path;
371 }
372
373 sc->sc_sim = sim;
374 sc->sc_path = path;
375
376 /* Reset state and bus. */
377 #if 0
378 sc->sc_cfflags = sc->sc_dev.dv_cfdata->cf_flags;
379 #else
380 sc->sc_cfflags = 0;
381 #endif
382 sc->sc_state = 0;
383 ncr53c9x_init(sc, 1);
384
385 TAILQ_INIT(&sc->free_list);
386 if ((sc->ecb_array =
387 malloc(sizeof(struct ncr53c9x_ecb) * NCR_TAG_DEPTH, M_DEVBUF,
388 M_NOWAIT | M_ZERO)) == NULL) {
389 device_printf(sc->sc_dev, "cannot allocate ECB array\n");
390 error = ENOMEM;
391 goto fail_async;
392 }
393 for (i = 0; i < NCR_TAG_DEPTH; i++) {
394 ecb = &sc->ecb_array[i];
395 ecb->sc = sc;
396 ecb->tag_id = i;
397 callout_init_mtx(&ecb->ch, &sc->sc_lock, 0);
398 TAILQ_INSERT_HEAD(&sc->free_list, ecb, free_links);
399 }
400
401 callout_reset(&sc->sc_watchdog, 60 * hz, ncr53c9x_watch, sc);
402
403 NCR_UNLOCK(sc);
404
405 gone_in_dev(sc->sc_dev, 14, "esp(4) driver");
406 return (0);
407
408 fail_async:
409 xpt_register_async(0, ncr53c9x_async, sim, path);
410 fail_path:
411 xpt_free_path(path);
412 fail_bus:
413 xpt_bus_deregister(cam_sim_path(sim));
414 fail_lock:
415 NCR_UNLOCK(sc);
416 cam_sim_free(sim, TRUE);
417 fail_devq:
418 cam_simq_free(devq);
419 fail_tinfo:
420 free(sc->sc_tinfo, M_DEVBUF);
421 fail_imess:
422 if (sc->sc_imess_self)
423 free(sc->sc_imess, M_DEVBUF);
424 fail_omess:
425 if (sc->sc_omess_self)
426 free(sc->sc_omess, M_DEVBUF);
427 return (error);
428 }
429
430 int
ncr53c9x_detach(struct ncr53c9x_softc * sc)431 ncr53c9x_detach(struct ncr53c9x_softc *sc)
432 {
433 struct ncr53c9x_linfo *li, *nextli;
434 int t;
435
436 callout_drain(&sc->sc_watchdog);
437
438 NCR_LOCK(sc);
439
440 if (sc->sc_tinfo) {
441 /* Cancel all commands. */
442 ncr53c9x_clear(sc, CAM_REQ_ABORTED);
443
444 /* Free logical units. */
445 for (t = 0; t < sc->sc_ntarg; t++) {
446 for (li = LIST_FIRST(&sc->sc_tinfo[t].luns); li;
447 li = nextli) {
448 nextli = LIST_NEXT(li, link);
449 free(li, M_DEVBUF);
450 }
451 }
452 }
453
454 xpt_register_async(0, ncr53c9x_async, sc->sc_sim, sc->sc_path);
455 xpt_free_path(sc->sc_path);
456 xpt_bus_deregister(cam_sim_path(sc->sc_sim));
457 cam_sim_free(sc->sc_sim, TRUE);
458
459 NCR_UNLOCK(sc);
460
461 free(sc->ecb_array, M_DEVBUF);
462 free(sc->sc_tinfo, M_DEVBUF);
463 if (sc->sc_imess_self)
464 free(sc->sc_imess, M_DEVBUF);
465 if (sc->sc_omess_self)
466 free(sc->sc_omess, M_DEVBUF);
467
468 return (0);
469 }
470
471 /*
472 * This is the generic ncr53c9x reset function. It does not reset the SCSI
473 * bus, only this controller, but kills any on-going commands, and also stops
474 * and resets the DMA.
475 *
476 * After reset, registers are loaded with the defaults from the attach
477 * routine above.
478 */
479 static void
ncr53c9x_reset(struct ncr53c9x_softc * sc)480 ncr53c9x_reset(struct ncr53c9x_softc *sc)
481 {
482
483 NCR_LOCK_ASSERT(sc, MA_OWNED);
484
485 /* Reset DMA first. */
486 NCRDMA_RESET(sc);
487
488 /* Reset SCSI chip. */
489 NCRCMD(sc, NCRCMD_RSTCHIP);
490 NCRCMD(sc, NCRCMD_NOP);
491 DELAY(500);
492
493 /* Do these backwards, and fall through. */
494 switch (sc->sc_rev) {
495 case NCR_VARIANT_ESP406:
496 case NCR_VARIANT_FAS408:
497 NCR_WRITE_REG(sc, NCR_CFG5, sc->sc_cfg5 | NCRCFG5_SINT);
498 NCR_WRITE_REG(sc, NCR_CFG4, sc->sc_cfg4);
499 /* FALLTHROUGH */
500 case NCR_VARIANT_AM53C974:
501 case NCR_VARIANT_FAS100A:
502 case NCR_VARIANT_FAS216:
503 case NCR_VARIANT_FAS236:
504 case NCR_VARIANT_NCR53C94:
505 case NCR_VARIANT_NCR53C96:
506 case NCR_VARIANT_ESP200:
507 sc->sc_features |= NCR_F_HASCFG3;
508 NCR_WRITE_REG(sc, NCR_CFG3, sc->sc_cfg3);
509 /* FALLTHROUGH */
510 case NCR_VARIANT_ESP100A:
511 sc->sc_features |= NCR_F_SELATN3;
512 if ((sc->sc_cfg2 & NCRCFG2_FE) != 0)
513 sc->sc_features |= NCR_F_LARGEXFER;
514 NCR_WRITE_REG(sc, NCR_CFG2, sc->sc_cfg2);
515 /* FALLTHROUGH */
516 case NCR_VARIANT_ESP100:
517 NCR_WRITE_REG(sc, NCR_CFG1, sc->sc_cfg1);
518 NCR_WRITE_REG(sc, NCR_CCF, sc->sc_ccf);
519 NCR_WRITE_REG(sc, NCR_SYNCOFF, 0);
520 NCR_WRITE_REG(sc, NCR_TIMEOUT, sc->sc_timeout);
521 break;
522
523 case NCR_VARIANT_FAS366:
524 sc->sc_features |= NCR_F_HASCFG3 | NCR_F_FASTSCSI |
525 NCR_F_SELATN3 | NCR_F_LARGEXFER;
526 sc->sc_cfg3 = NCRFASCFG3_FASTCLK | NCRFASCFG3_OBAUTO;
527 if (sc->sc_id > 7)
528 sc->sc_cfg3 |= NCRFASCFG3_IDBIT3;
529 sc->sc_cfg3_fscsi = NCRFASCFG3_FASTSCSI;
530 NCR_WRITE_REG(sc, NCR_CFG3, sc->sc_cfg3);
531 sc->sc_cfg2 = NCRCFG2_HMEFE | NCRCFG2_HME32;
532 NCR_WRITE_REG(sc, NCR_CFG2, sc->sc_cfg2);
533 NCR_WRITE_REG(sc, NCR_CFG1, sc->sc_cfg1);
534 NCR_WRITE_REG(sc, NCR_CCF, sc->sc_ccf);
535 NCR_WRITE_REG(sc, NCR_SYNCOFF, 0);
536 NCR_WRITE_REG(sc, NCR_TIMEOUT, sc->sc_timeout);
537 break;
538
539 default:
540 device_printf(sc->sc_dev,
541 "unknown revision code, assuming ESP100\n");
542 NCR_WRITE_REG(sc, NCR_CFG1, sc->sc_cfg1);
543 NCR_WRITE_REG(sc, NCR_CCF, sc->sc_ccf);
544 NCR_WRITE_REG(sc, NCR_SYNCOFF, 0);
545 NCR_WRITE_REG(sc, NCR_TIMEOUT, sc->sc_timeout);
546 }
547
548 if (sc->sc_rev == NCR_VARIANT_AM53C974)
549 NCR_WRITE_REG(sc, NCR_AMDCFG4, sc->sc_cfg4);
550
551 #if 0
552 device_printf(sc->sc_dev, "%s: revision %d\n", __func__, sc->sc_rev);
553 device_printf(sc->sc_dev, "%s: cfg1 0x%x, cfg2 0x%x, cfg3 0x%x, ccf "
554 "0x%x, timeout 0x%x\n", __func__, sc->sc_cfg1, sc->sc_cfg2,
555 sc->sc_cfg3, sc->sc_ccf, sc->sc_timeout);
556 #endif
557 }
558
559 /*
560 * Clear all commands.
561 */
562 static void
ncr53c9x_clear(struct ncr53c9x_softc * sc,cam_status result)563 ncr53c9x_clear(struct ncr53c9x_softc *sc, cam_status result)
564 {
565 struct ncr53c9x_ecb *ecb;
566 int r;
567
568 NCR_LOCK_ASSERT(sc, MA_OWNED);
569
570 /* Cancel any active commands. */
571 sc->sc_state = NCR_CLEANING;
572 sc->sc_msgify = 0;
573 ecb = sc->sc_nexus;
574 if (ecb != NULL) {
575 ecb->ccb->ccb_h.status = result;
576 ncr53c9x_done(sc, ecb);
577 }
578 /* Cancel outstanding disconnected commands. */
579 for (r = 0; r < sc->sc_ntarg; r++)
580 ncr53c9x_clear_target(sc, r, result);
581 }
582
583 /*
584 * Clear all commands for a specific target.
585 */
586 static void
ncr53c9x_clear_target(struct ncr53c9x_softc * sc,int target,cam_status result)587 ncr53c9x_clear_target(struct ncr53c9x_softc *sc, int target,
588 cam_status result)
589 {
590 struct ncr53c9x_ecb *ecb;
591 struct ncr53c9x_linfo *li;
592 int i;
593
594 NCR_LOCK_ASSERT(sc, MA_OWNED);
595
596 /* Cancel outstanding disconnected commands on each LUN. */
597 LIST_FOREACH(li, &sc->sc_tinfo[target].luns, link) {
598 ecb = li->untagged;
599 if (ecb != NULL) {
600 li->untagged = NULL;
601 /*
602 * XXX should we terminate a command
603 * that never reached the disk?
604 */
605 li->busy = 0;
606 ecb->ccb->ccb_h.status = result;
607 ncr53c9x_done(sc, ecb);
608 }
609 for (i = 0; i < NCR_TAG_DEPTH; i++) {
610 ecb = li->queued[i];
611 if (ecb != NULL) {
612 li->queued[i] = NULL;
613 ecb->ccb->ccb_h.status = result;
614 ncr53c9x_done(sc, ecb);
615 }
616 }
617 li->used = 0;
618 }
619 }
620
621 /*
622 * Initialize ncr53c9x state machine.
623 */
624 static void
ncr53c9x_init(struct ncr53c9x_softc * sc,int doreset)625 ncr53c9x_init(struct ncr53c9x_softc *sc, int doreset)
626 {
627 struct ncr53c9x_tinfo *ti;
628 int r;
629
630 NCR_LOCK_ASSERT(sc, MA_OWNED);
631
632 NCR_MISC(("[NCR_INIT(%d) %d] ", doreset, sc->sc_state));
633
634 if (sc->sc_state == 0) {
635 /* First time through; initialize. */
636
637 TAILQ_INIT(&sc->ready_list);
638 sc->sc_nexus = NULL;
639 memset(sc->sc_tinfo, 0, sizeof(*sc->sc_tinfo));
640 for (r = 0; r < sc->sc_ntarg; r++) {
641 LIST_INIT(&sc->sc_tinfo[r].luns);
642 }
643 } else
644 ncr53c9x_clear(sc, CAM_CMD_TIMEOUT);
645
646 /*
647 * Reset the chip to a known state.
648 */
649 ncr53c9x_reset(sc);
650
651 sc->sc_flags = 0;
652 sc->sc_msgpriq = sc->sc_msgout = sc->sc_msgoutq = 0;
653 sc->sc_phase = sc->sc_prevphase = INVALID_PHASE;
654
655 /*
656 * If we're the first time through, set the default parameters
657 * for all targets. Otherwise we only clear their current transfer
658 * settings so we'll renegotiate their goal settings with the next
659 * command.
660 */
661 if (sc->sc_state == 0) {
662 for (r = 0; r < sc->sc_ntarg; r++) {
663 ti = &sc->sc_tinfo[r];
664 /* XXX - config flags per target: low bits: no reselect; high bits: no synch */
665
666 ti->flags = ((sc->sc_minsync != 0 &&
667 (sc->sc_cfflags & (1 << ((r & 7) + 8))) == 0) ?
668 0 : T_SYNCHOFF) |
669 ((sc->sc_cfflags & (1 << (r & 7))) == 0 ?
670 0 : T_RSELECTOFF);
671 ti->curr.period = ti->goal.period = 0;
672 ti->curr.offset = ti->goal.offset = 0;
673 ti->curr.width = ti->goal.width =
674 MSG_EXT_WDTR_BUS_8_BIT;
675 }
676 } else {
677 for (r = 0; r < sc->sc_ntarg; r++) {
678 ti = &sc->sc_tinfo[r];
679 ti->flags &= ~(T_SDTRSENT | T_WDTRSENT);
680 ti->curr.period = 0;
681 ti->curr.offset = 0;
682 ti->curr.width = MSG_EXT_WDTR_BUS_8_BIT;
683 }
684 }
685
686 if (doreset) {
687 sc->sc_state = NCR_SBR;
688 NCRCMD(sc, NCRCMD_RSTSCSI);
689 /* Give the bus a fighting chance to settle. */
690 DELAY(250000);
691 } else {
692 sc->sc_state = NCR_IDLE;
693 ncr53c9x_sched(sc);
694 }
695 }
696
697 /*
698 * Read the NCR registers, and save their contents for later use.
699 * NCR_STAT, NCR_STEP & NCR_INTR are mostly zeroed out when reading
700 * NCR_INTR - so make sure it is the last read.
701 *
702 * I think that (from reading the docs) most bits in these registers
703 * only make sense when the DMA CSR has an interrupt showing. Call only
704 * if an interrupt is pending.
705 */
706 static inline void
ncr53c9x_readregs(struct ncr53c9x_softc * sc)707 ncr53c9x_readregs(struct ncr53c9x_softc *sc)
708 {
709
710 NCR_LOCK_ASSERT(sc, MA_OWNED);
711
712 sc->sc_espstat = NCR_READ_REG(sc, NCR_STAT);
713 /* Only the step bits are of interest. */
714 sc->sc_espstep = NCR_READ_REG(sc, NCR_STEP) & NCRSTEP_MASK;
715
716 if (sc->sc_rev == NCR_VARIANT_FAS366)
717 sc->sc_espstat2 = NCR_READ_REG(sc, NCR_STAT2);
718
719 sc->sc_espintr = NCR_READ_REG(sc, NCR_INTR);
720
721 /*
722 * Determine the SCSI bus phase, return either a real SCSI bus phase
723 * or some pseudo phase we use to detect certain exceptions.
724 */
725 sc->sc_phase = (sc->sc_espintr & NCRINTR_DIS) ?
726 BUSFREE_PHASE : sc->sc_espstat & NCRSTAT_PHASE;
727
728 NCR_INTS(("regs[intr=%02x,stat=%02x,step=%02x,stat2=%02x] ",
729 sc->sc_espintr, sc->sc_espstat, sc->sc_espstep, sc->sc_espstat2));
730 }
731
732 /*
733 * Convert Synchronous Transfer Period to chip register Clock Per Byte value.
734 */
735 static inline int
ncr53c9x_stp2cpb(struct ncr53c9x_softc * sc,int period)736 ncr53c9x_stp2cpb(struct ncr53c9x_softc *sc, int period)
737 {
738 int v;
739
740 NCR_LOCK_ASSERT(sc, MA_OWNED);
741
742 v = (sc->sc_freq * period) / 250;
743 if (ncr53c9x_cpb2stp(sc, v) < period)
744 /* Correct round-down error. */
745 v++;
746 return (v);
747 }
748
749 static inline void
ncr53c9x_setsync(struct ncr53c9x_softc * sc,struct ncr53c9x_tinfo * ti)750 ncr53c9x_setsync(struct ncr53c9x_softc *sc, struct ncr53c9x_tinfo *ti)
751 {
752 uint8_t cfg3, syncoff, synctp;
753
754 NCR_LOCK_ASSERT(sc, MA_OWNED);
755
756 cfg3 = sc->sc_cfg3;
757 if (ti->curr.offset != 0) {
758 syncoff = ti->curr.offset;
759 synctp = ncr53c9x_stp2cpb(sc, ti->curr.period);
760 if (sc->sc_features & NCR_F_FASTSCSI) {
761 /*
762 * If the period is 200ns or less (ti->period <= 50),
763 * put the chip in Fast SCSI mode.
764 */
765 if (ti->curr.period <= 50)
766 /*
767 * There are (at least) 4 variations of the
768 * configuration 3 register. The drive attach
769 * routine sets the appropriate bit to put the
770 * chip into Fast SCSI mode so that it doesn't
771 * have to be figured out here each time.
772 */
773 cfg3 |= sc->sc_cfg3_fscsi;
774 }
775
776 /*
777 * Am53c974 requires different SYNCTP values when the
778 * FSCSI bit is off.
779 */
780 if (sc->sc_rev == NCR_VARIANT_AM53C974 &&
781 (cfg3 & NCRAMDCFG3_FSCSI) == 0)
782 synctp--;
783 } else {
784 syncoff = 0;
785 synctp = 0;
786 }
787
788 if (ti->curr.width != MSG_EXT_WDTR_BUS_8_BIT) {
789 if (sc->sc_rev == NCR_VARIANT_FAS366)
790 cfg3 |= NCRFASCFG3_EWIDE;
791 }
792
793 if (sc->sc_features & NCR_F_HASCFG3)
794 NCR_WRITE_REG(sc, NCR_CFG3, cfg3);
795
796 NCR_WRITE_REG(sc, NCR_SYNCOFF, syncoff);
797 NCR_WRITE_REG(sc, NCR_SYNCTP, synctp);
798 }
799
800 /*
801 * Send a command to a target, set the driver state to NCR_SELECTING
802 * and let the caller take care of the rest.
803 *
804 * Keeping this as a function allows me to say that this may be done
805 * by DMA instead of programmed I/O soon.
806 */
807 static void
ncr53c9x_select(struct ncr53c9x_softc * sc,struct ncr53c9x_ecb * ecb)808 ncr53c9x_select(struct ncr53c9x_softc *sc, struct ncr53c9x_ecb *ecb)
809 {
810 struct ncr53c9x_tinfo *ti;
811 uint8_t *cmd;
812 size_t dmasize;
813 int clen, error, selatn3, selatns;
814 int lun = ecb->ccb->ccb_h.target_lun;
815 int target = ecb->ccb->ccb_h.target_id;
816
817 NCR_LOCK_ASSERT(sc, MA_OWNED);
818
819 NCR_TRACE(("[%s(t%d,l%d,cmd:%x,tag:%x,%x)] ", __func__, target, lun,
820 ecb->cmd.cmd.opcode, ecb->tag[0], ecb->tag[1]));
821
822 ti = &sc->sc_tinfo[target];
823 sc->sc_state = NCR_SELECTING;
824 /*
825 * Schedule the callout now, the first time we will go away
826 * expecting to come back due to an interrupt, because it is
827 * always possible that the interrupt may never happen.
828 */
829 callout_reset(&ecb->ch, mstohz(ecb->timeout), ncr53c9x_callout, ecb);
830
831 /*
832 * The docs say the target register is never reset, and I
833 * can't think of a better place to set it.
834 */
835 if (sc->sc_rev == NCR_VARIANT_FAS366) {
836 NCRCMD(sc, NCRCMD_FLUSH);
837 NCR_WRITE_REG(sc, NCR_SELID, target | NCR_BUSID_HMEXC32 |
838 NCR_BUSID_HMEENCID);
839 } else
840 NCR_WRITE_REG(sc, NCR_SELID, target);
841
842 /*
843 * If we are requesting sense, force a renegotiation if we are
844 * currently using anything different from asynchronous at 8 bit
845 * as the target might have lost our transfer negotiations.
846 */
847 if ((ecb->flags & ECB_SENSE) != 0 && (ti->curr.offset != 0 ||
848 ti->curr.width != MSG_EXT_WDTR_BUS_8_BIT)) {
849 ti->curr.period = 0;
850 ti->curr.offset = 0;
851 ti->curr.width = MSG_EXT_WDTR_BUS_8_BIT;
852 }
853 ncr53c9x_setsync(sc, ti);
854
855 selatn3 = selatns = 0;
856 if (ecb->tag[0] != 0) {
857 if (sc->sc_features & NCR_F_SELATN3)
858 /* Use SELATN3 to send tag messages. */
859 selatn3 = 1;
860 else
861 /* We don't have SELATN3; use SELATNS to send tags. */
862 selatns = 1;
863 }
864
865 if (ti->curr.period != ti->goal.period ||
866 ti->curr.offset != ti->goal.offset ||
867 ti->curr.width != ti->goal.width) {
868 /* We have to use SELATNS to send sync/wide messages. */
869 selatn3 = 0;
870 selatns = 1;
871 }
872
873 cmd = (uint8_t *)&ecb->cmd.cmd;
874
875 if (selatn3) {
876 /* We'll use tags with SELATN3. */
877 clen = ecb->clen + 3;
878 cmd -= 3;
879 cmd[0] = MSG_IDENTIFY(lun, 1); /* msg[0] */
880 cmd[1] = ecb->tag[0]; /* msg[1] */
881 cmd[2] = ecb->tag[1]; /* msg[2] */
882 } else {
883 /* We don't have tags, or will send messages with SELATNS. */
884 clen = ecb->clen + 1;
885 cmd -= 1;
886 cmd[0] = MSG_IDENTIFY(lun, (ti->flags & T_RSELECTOFF) == 0);
887 }
888
889 if ((sc->sc_features & NCR_F_DMASELECT) && !selatns) {
890 /* Setup DMA transfer for command. */
891 dmasize = clen;
892 sc->sc_cmdlen = clen;
893 sc->sc_cmdp = cmd;
894 error = NCRDMA_SETUP(sc, &sc->sc_cmdp, &sc->sc_cmdlen, 0,
895 &dmasize);
896 if (error != 0)
897 goto cmd;
898
899 /* Program the SCSI counter. */
900 NCR_SET_COUNT(sc, dmasize);
901
902 /* Load the count in. */
903 NCRCMD(sc, NCRCMD_NOP | NCRCMD_DMA);
904
905 /* And get the target's attention. */
906 if (selatn3) {
907 sc->sc_msgout = SEND_TAG;
908 sc->sc_flags |= NCR_ATN;
909 NCRCMD(sc, NCRCMD_SELATN3 | NCRCMD_DMA);
910 } else
911 NCRCMD(sc, NCRCMD_SELATN | NCRCMD_DMA);
912 NCRDMA_GO(sc);
913 return;
914 }
915
916 cmd:
917 /*
918 * Who am I? This is where we tell the target that we are
919 * happy for it to disconnect etc.
920 */
921
922 /* Now get the command into the FIFO. */
923 sc->sc_cmdlen = 0;
924 ncr53c9x_wrfifo(sc, cmd, clen);
925
926 /* And get the target's attention. */
927 if (selatns) {
928 NCR_MSGS(("SELATNS \n"));
929 /* Arbitrate, select and stop after IDENTIFY message. */
930 NCRCMD(sc, NCRCMD_SELATNS);
931 } else if (selatn3) {
932 sc->sc_msgout = SEND_TAG;
933 sc->sc_flags |= NCR_ATN;
934 NCRCMD(sc, NCRCMD_SELATN3);
935 } else
936 NCRCMD(sc, NCRCMD_SELATN);
937 }
938
939 static void
ncr53c9x_free_ecb(struct ncr53c9x_softc * sc,struct ncr53c9x_ecb * ecb)940 ncr53c9x_free_ecb(struct ncr53c9x_softc *sc, struct ncr53c9x_ecb *ecb)
941 {
942
943 NCR_LOCK_ASSERT(sc, MA_OWNED);
944
945 ecb->flags = 0;
946 TAILQ_INSERT_TAIL(&sc->free_list, ecb, free_links);
947 }
948
949 static struct ncr53c9x_ecb *
ncr53c9x_get_ecb(struct ncr53c9x_softc * sc)950 ncr53c9x_get_ecb(struct ncr53c9x_softc *sc)
951 {
952 struct ncr53c9x_ecb *ecb;
953
954 NCR_LOCK_ASSERT(sc, MA_OWNED);
955
956 ecb = TAILQ_FIRST(&sc->free_list);
957 if (ecb) {
958 if (ecb->flags != 0)
959 panic("%s: ecb flags not cleared", __func__);
960 TAILQ_REMOVE(&sc->free_list, ecb, free_links);
961 ecb->flags = ECB_ALLOC;
962 bzero(&ecb->ccb, sizeof(struct ncr53c9x_ecb) -
963 offsetof(struct ncr53c9x_ecb, ccb));
964 }
965 return (ecb);
966 }
967
968 /*
969 * DRIVER FUNCTIONS CALLABLE FROM HIGHER LEVEL DRIVERS:
970 */
971
972 /*
973 * Start a SCSI-command.
974 * This function is called by the higher level SCSI-driver to queue/run
975 * SCSI-commands.
976 */
977
978 static void
ncr53c9x_action(struct cam_sim * sim,union ccb * ccb)979 ncr53c9x_action(struct cam_sim *sim, union ccb *ccb)
980 {
981 struct ccb_pathinq *cpi;
982 struct ccb_scsiio *csio;
983 struct ccb_trans_settings *cts;
984 struct ccb_trans_settings_scsi *scsi;
985 struct ccb_trans_settings_spi *spi;
986 struct ncr53c9x_ecb *ecb;
987 struct ncr53c9x_softc *sc;
988 struct ncr53c9x_tinfo *ti;
989 int target;
990
991 sc = cam_sim_softc(sim);
992
993 NCR_LOCK_ASSERT(sc, MA_OWNED);
994
995 NCR_TRACE(("[%s %d]", __func__, ccb->ccb_h.func_code));
996
997 switch (ccb->ccb_h.func_code) {
998 case XPT_RESET_BUS:
999 ncr53c9x_init(sc, 1);
1000 ccb->ccb_h.status = CAM_REQ_CMP;
1001 break;
1002
1003 case XPT_CALC_GEOMETRY:
1004 cam_calc_geometry(&ccb->ccg, sc->sc_extended_geom);
1005 break;
1006
1007 case XPT_PATH_INQ:
1008 cpi = &ccb->cpi;
1009 cpi->version_num = 1;
1010 cpi->hba_inquiry = PI_SDTR_ABLE | PI_TAG_ABLE;
1011 cpi->hba_inquiry |=
1012 (sc->sc_rev == NCR_VARIANT_FAS366) ? PI_WIDE_16 : 0;
1013 cpi->target_sprt = 0;
1014 cpi->hba_misc = 0;
1015 cpi->hba_eng_cnt = 0;
1016 cpi->max_target = sc->sc_ntarg - 1;
1017 cpi->max_lun = 7;
1018 cpi->initiator_id = sc->sc_id;
1019 strlcpy(cpi->sim_vid, "FreeBSD", SIM_IDLEN);
1020 strlcpy(cpi->hba_vid, "NCR", HBA_IDLEN);
1021 strlcpy(cpi->dev_name, cam_sim_name(sim), DEV_IDLEN);
1022 cpi->unit_number = cam_sim_unit(sim);
1023 cpi->bus_id = 0;
1024 cpi->base_transfer_speed = 3300;
1025 cpi->protocol = PROTO_SCSI;
1026 cpi->protocol_version = SCSI_REV_2;
1027 cpi->transport = XPORT_SPI;
1028 cpi->transport_version = 2;
1029 cpi->maxio = sc->sc_maxxfer;
1030 ccb->ccb_h.status = CAM_REQ_CMP;
1031 break;
1032
1033 case XPT_GET_TRAN_SETTINGS:
1034 cts = &ccb->cts;
1035 ti = &sc->sc_tinfo[ccb->ccb_h.target_id];
1036 scsi = &cts->proto_specific.scsi;
1037 spi = &cts->xport_specific.spi;
1038
1039 cts->protocol = PROTO_SCSI;
1040 cts->protocol_version = SCSI_REV_2;
1041 cts->transport = XPORT_SPI;
1042 cts->transport_version = 2;
1043
1044 if (cts->type == CTS_TYPE_CURRENT_SETTINGS) {
1045 spi->sync_period = ti->curr.period;
1046 spi->sync_offset = ti->curr.offset;
1047 spi->bus_width = ti->curr.width;
1048 if ((ti->flags & T_TAG) != 0) {
1049 spi->flags |= CTS_SPI_FLAGS_DISC_ENB;
1050 scsi->flags |= CTS_SCSI_FLAGS_TAG_ENB;
1051 } else {
1052 spi->flags &= ~CTS_SPI_FLAGS_DISC_ENB;
1053 scsi->flags &= ~CTS_SCSI_FLAGS_TAG_ENB;
1054 }
1055 } else {
1056 if ((ti->flags & T_SYNCHOFF) != 0) {
1057 spi->sync_period = 0;
1058 spi->sync_offset = 0;
1059 } else {
1060 spi->sync_period = sc->sc_minsync;
1061 spi->sync_offset = sc->sc_maxoffset;
1062 }
1063 spi->bus_width = sc->sc_maxwidth;
1064 spi->flags |= CTS_SPI_FLAGS_DISC_ENB;
1065 scsi->flags |= CTS_SCSI_FLAGS_TAG_ENB;
1066 }
1067 spi->valid =
1068 CTS_SPI_VALID_BUS_WIDTH |
1069 CTS_SPI_VALID_SYNC_RATE |
1070 CTS_SPI_VALID_SYNC_OFFSET |
1071 CTS_SPI_VALID_DISC;
1072 scsi->valid = CTS_SCSI_VALID_TQ;
1073 ccb->ccb_h.status = CAM_REQ_CMP;
1074 break;
1075
1076 case XPT_ABORT:
1077 device_printf(sc->sc_dev, "XPT_ABORT called\n");
1078 ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
1079 break;
1080
1081 case XPT_TERM_IO:
1082 device_printf(sc->sc_dev, "XPT_TERM_IO called\n");
1083 ccb->ccb_h.status = CAM_FUNC_NOTAVAIL;
1084 break;
1085
1086 case XPT_RESET_DEV:
1087 case XPT_SCSI_IO:
1088 if (ccb->ccb_h.target_id >= sc->sc_ntarg) {
1089 ccb->ccb_h.status = CAM_PATH_INVALID;
1090 goto done;
1091 }
1092 /* Get an ECB to use. */
1093 ecb = ncr53c9x_get_ecb(sc);
1094 /*
1095 * This should never happen as we track resources
1096 * in the mid-layer.
1097 */
1098 if (ecb == NULL) {
1099 xpt_freeze_simq(sim, 1);
1100 ccb->ccb_h.status = CAM_REQUEUE_REQ;
1101 device_printf(sc->sc_dev, "unable to allocate ecb\n");
1102 goto done;
1103 }
1104
1105 /* Initialize ecb. */
1106 ecb->ccb = ccb;
1107 ecb->timeout = ccb->ccb_h.timeout;
1108
1109 if (ccb->ccb_h.func_code == XPT_RESET_DEV) {
1110 ecb->flags |= ECB_RESET;
1111 ecb->clen = 0;
1112 ecb->dleft = 0;
1113 } else {
1114 csio = &ccb->csio;
1115 if ((ccb->ccb_h.flags & CAM_CDB_POINTER) != 0)
1116 bcopy(csio->cdb_io.cdb_ptr, &ecb->cmd.cmd,
1117 csio->cdb_len);
1118 else
1119 bcopy(csio->cdb_io.cdb_bytes, &ecb->cmd.cmd,
1120 csio->cdb_len);
1121 ecb->clen = csio->cdb_len;
1122 ecb->daddr = csio->data_ptr;
1123 ecb->dleft = csio->dxfer_len;
1124 }
1125 ecb->stat = 0;
1126
1127 TAILQ_INSERT_TAIL(&sc->ready_list, ecb, chain);
1128 ecb->flags |= ECB_READY;
1129 if (sc->sc_state == NCR_IDLE)
1130 ncr53c9x_sched(sc);
1131 return;
1132
1133 case XPT_SET_TRAN_SETTINGS:
1134 cts = &ccb->cts;
1135 target = ccb->ccb_h.target_id;
1136 ti = &sc->sc_tinfo[target];
1137 scsi = &cts->proto_specific.scsi;
1138 spi = &cts->xport_specific.spi;
1139
1140 if ((scsi->valid & CTS_SCSI_VALID_TQ) != 0) {
1141 if ((sc->sc_cfflags & (1<<((target & 7) + 16))) == 0 &&
1142 (scsi->flags & CTS_SCSI_FLAGS_TAG_ENB)) {
1143 NCR_MISC(("%s: target %d: tagged queuing\n",
1144 device_get_nameunit(sc->sc_dev), target));
1145 ti->flags |= T_TAG;
1146 } else
1147 ti->flags &= ~T_TAG;
1148 }
1149
1150 if ((spi->valid & CTS_SPI_VALID_BUS_WIDTH) != 0) {
1151 NCR_MISC(("%s: target %d: wide negotiation\n",
1152 device_get_nameunit(sc->sc_dev), target));
1153 ti->goal.width = spi->bus_width;
1154 }
1155
1156 if ((spi->valid & CTS_SPI_VALID_SYNC_RATE) != 0) {
1157 NCR_MISC(("%s: target %d: sync period negotiation\n",
1158 device_get_nameunit(sc->sc_dev), target));
1159 ti->goal.period = spi->sync_period;
1160 }
1161
1162 if ((spi->valid & CTS_SPI_VALID_SYNC_OFFSET) != 0) {
1163 NCR_MISC(("%s: target %d: sync offset negotiation\n",
1164 device_get_nameunit(sc->sc_dev), target));
1165 ti->goal.offset = spi->sync_offset;
1166 }
1167
1168 ccb->ccb_h.status = CAM_REQ_CMP;
1169 break;
1170
1171 default:
1172 device_printf(sc->sc_dev, "Unhandled function code %d\n",
1173 ccb->ccb_h.func_code);
1174 ccb->ccb_h.status = CAM_PROVIDE_FAIL;
1175 }
1176
1177 done:
1178 xpt_done(ccb);
1179 }
1180
1181 /*
1182 * Used when interrupt driven I/O is not allowed, e.g. during boot.
1183 */
1184 static void
ncr53c9x_poll(struct cam_sim * sim)1185 ncr53c9x_poll(struct cam_sim *sim)
1186 {
1187 struct ncr53c9x_softc *sc;
1188
1189 sc = cam_sim_softc(sim);
1190
1191 NCR_LOCK_ASSERT(sc, MA_OWNED);
1192
1193 NCR_TRACE(("[%s] ", __func__));
1194
1195 if (NCRDMA_ISINTR(sc))
1196 ncr53c9x_intr1(sc);
1197 }
1198
1199 /*
1200 * Asynchronous notification handler
1201 */
1202 static void
ncr53c9x_async(void * cbarg,uint32_t code,struct cam_path * path,void * arg)1203 ncr53c9x_async(void *cbarg, uint32_t code, struct cam_path *path, void *arg)
1204 {
1205 struct ncr53c9x_softc *sc;
1206 struct ncr53c9x_tinfo *ti;
1207 int target;
1208
1209 sc = cam_sim_softc(cbarg);
1210
1211 NCR_LOCK_ASSERT(sc, MA_OWNED);
1212
1213 switch (code) {
1214 case AC_LOST_DEVICE:
1215 target = xpt_path_target_id(path);
1216 if (target < 0 || target >= sc->sc_ntarg)
1217 break;
1218
1219 /* Cancel outstanding disconnected commands. */
1220 ncr53c9x_clear_target(sc, target, CAM_REQ_ABORTED);
1221
1222 /* Set the default parameters for the target. */
1223 ti = &sc->sc_tinfo[target];
1224 /* XXX - config flags per target: low bits: no reselect; high bits: no synch */
1225 ti->flags = ((sc->sc_minsync != 0 &&
1226 (sc->sc_cfflags & (1 << ((target & 7) + 8))) == 0) ?
1227 0 : T_SYNCHOFF) |
1228 ((sc->sc_cfflags & (1 << (target & 7))) == 0 ?
1229 0 : T_RSELECTOFF);
1230 ti->curr.period = ti->goal.period = 0;
1231 ti->curr.offset = ti->goal.offset = 0;
1232 ti->curr.width = ti->goal.width = MSG_EXT_WDTR_BUS_8_BIT;
1233 break;
1234 }
1235 }
1236
1237 /*
1238 * LOW LEVEL SCSI UTILITIES
1239 */
1240
1241 /*
1242 * Schedule a SCSI operation. This has now been pulled out of the interrupt
1243 * handler so that we may call it from ncr53c9x_action and ncr53c9x_done.
1244 * This may save us an unnecessary interrupt just to get things going.
1245 * Should only be called when state == NCR_IDLE and with sc_lock held.
1246 */
1247 static void
ncr53c9x_sched(struct ncr53c9x_softc * sc)1248 ncr53c9x_sched(struct ncr53c9x_softc *sc)
1249 {
1250 struct ncr53c9x_ecb *ecb;
1251 struct ncr53c9x_linfo *li;
1252 struct ncr53c9x_tinfo *ti;
1253 int lun, tag;
1254
1255 NCR_LOCK_ASSERT(sc, MA_OWNED);
1256
1257 NCR_TRACE(("[%s] ", __func__));
1258
1259 if (sc->sc_state != NCR_IDLE)
1260 panic("%s: not IDLE (state=%d)", __func__, sc->sc_state);
1261
1262 /*
1263 * Find first ecb in ready queue that is for a target/lunit
1264 * combinations that is not busy.
1265 */
1266 TAILQ_FOREACH(ecb, &sc->ready_list, chain) {
1267 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
1268 lun = ecb->ccb->ccb_h.target_lun;
1269
1270 /* Select type of tag for this command */
1271 if ((ti->flags & (T_RSELECTOFF | T_TAG)) != T_TAG)
1272 tag = 0;
1273 else if ((ecb->flags & ECB_SENSE) != 0)
1274 tag = 0;
1275 else if ((ecb->ccb->ccb_h.flags & CAM_TAG_ACTION_VALID) == 0)
1276 tag = 0;
1277 else if (ecb->ccb->csio.tag_action == CAM_TAG_ACTION_NONE)
1278 tag = 0;
1279 else
1280 tag = ecb->ccb->csio.tag_action;
1281
1282 li = TINFO_LUN(ti, lun);
1283 if (li == NULL) {
1284 /* Initialize LUN info and add to list. */
1285 li = malloc(sizeof(*li), M_DEVBUF, M_NOWAIT | M_ZERO);
1286 if (li == NULL)
1287 continue;
1288 li->lun = lun;
1289
1290 LIST_INSERT_HEAD(&ti->luns, li, link);
1291 if (lun < NCR_NLUN)
1292 ti->lun[lun] = li;
1293 }
1294 li->last_used = time_second;
1295 if (tag == 0) {
1296 /* Try to issue this as an untagged command. */
1297 if (li->untagged == NULL)
1298 li->untagged = ecb;
1299 }
1300 if (li->untagged != NULL) {
1301 tag = 0;
1302 if ((li->busy != 1) && li->used == 0) {
1303 /*
1304 * We need to issue this untagged command
1305 * now.
1306 */
1307 ecb = li->untagged;
1308 } else {
1309 /* not ready, yet */
1310 continue;
1311 }
1312 }
1313 ecb->tag[0] = tag;
1314 if (tag != 0) {
1315 li->queued[ecb->tag_id] = ecb;
1316 ecb->tag[1] = ecb->tag_id;
1317 li->used++;
1318 }
1319 if (li->untagged != NULL && (li->busy != 1)) {
1320 li->busy = 1;
1321 TAILQ_REMOVE(&sc->ready_list, ecb, chain);
1322 ecb->flags &= ~ECB_READY;
1323 sc->sc_nexus = ecb;
1324 ncr53c9x_select(sc, ecb);
1325 break;
1326 }
1327 if (li->untagged == NULL && tag != 0) {
1328 TAILQ_REMOVE(&sc->ready_list, ecb, chain);
1329 ecb->flags &= ~ECB_READY;
1330 sc->sc_nexus = ecb;
1331 ncr53c9x_select(sc, ecb);
1332 break;
1333 } else
1334 NCR_TRACE(("[%s %d:%d busy] \n", __func__,
1335 ecb->ccb->ccb_h.target_id,
1336 ecb->ccb->ccb_h.target_lun));
1337 }
1338 }
1339
1340 static void
ncr53c9x_sense(struct ncr53c9x_softc * sc,struct ncr53c9x_ecb * ecb)1341 ncr53c9x_sense(struct ncr53c9x_softc *sc, struct ncr53c9x_ecb *ecb)
1342 {
1343 union ccb *ccb = ecb->ccb;
1344 struct ncr53c9x_linfo *li;
1345 struct ncr53c9x_tinfo *ti;
1346 struct scsi_request_sense *ss = (void *)&ecb->cmd.cmd;
1347 int lun;
1348
1349 NCR_LOCK_ASSERT(sc, MA_OWNED);
1350
1351 NCR_TRACE(("[%s] ", __func__));
1352
1353 lun = ccb->ccb_h.target_lun;
1354 ti = &sc->sc_tinfo[ccb->ccb_h.target_id];
1355
1356 /* Next, setup a REQUEST SENSE command block. */
1357 memset(ss, 0, sizeof(*ss));
1358 ss->opcode = REQUEST_SENSE;
1359 ss->byte2 = ccb->ccb_h.target_lun << SCSI_CMD_LUN_SHIFT;
1360 ss->length = sizeof(struct scsi_sense_data);
1361 ecb->clen = sizeof(*ss);
1362 memset(&ccb->csio.sense_data, 0, sizeof(ccb->csio.sense_data));
1363 ecb->daddr = (uint8_t *)&ccb->csio.sense_data;
1364 ecb->dleft = sizeof(struct scsi_sense_data);
1365 ecb->flags |= ECB_SENSE;
1366 ecb->timeout = NCR_SENSE_TIMEOUT;
1367 ti->senses++;
1368 li = TINFO_LUN(ti, lun);
1369 if (li->busy)
1370 li->busy = 0;
1371 ncr53c9x_dequeue(sc, ecb);
1372 li->untagged = ecb; /* Must be executed first to fix C/A. */
1373 li->busy = 2;
1374 if (ecb == sc->sc_nexus)
1375 ncr53c9x_select(sc, ecb);
1376 else {
1377 TAILQ_INSERT_HEAD(&sc->ready_list, ecb, chain);
1378 ecb->flags |= ECB_READY;
1379 if (sc->sc_state == NCR_IDLE)
1380 ncr53c9x_sched(sc);
1381 }
1382 }
1383
1384 /*
1385 * POST PROCESSING OF SCSI_CMD (usually current)
1386 */
1387 static void
ncr53c9x_done(struct ncr53c9x_softc * sc,struct ncr53c9x_ecb * ecb)1388 ncr53c9x_done(struct ncr53c9x_softc *sc, struct ncr53c9x_ecb *ecb)
1389 {
1390 union ccb *ccb = ecb->ccb;
1391 struct ncr53c9x_linfo *li;
1392 struct ncr53c9x_tinfo *ti;
1393 int lun, sense_returned;
1394
1395 NCR_LOCK_ASSERT(sc, MA_OWNED);
1396
1397 NCR_TRACE(("[%s(status:%x)] ", __func__, ccb->ccb_h.status));
1398
1399 ti = &sc->sc_tinfo[ccb->ccb_h.target_id];
1400 lun = ccb->ccb_h.target_lun;
1401 li = TINFO_LUN(ti, lun);
1402
1403 callout_stop(&ecb->ch);
1404
1405 /*
1406 * Now, if we've come here with no error code, i.e. we've kept the
1407 * initial CAM_REQ_CMP, and the status code signals that we should
1408 * check sense, we'll need to set up a request sense cmd block and
1409 * push the command back into the ready queue *before* any other
1410 * commands for this target/lunit, else we lose the sense info.
1411 * We don't support chk sense conditions for the request sense cmd.
1412 */
1413 if (ccb->ccb_h.status == CAM_REQ_CMP) {
1414 ccb->csio.scsi_status = ecb->stat;
1415 if ((ecb->flags & ECB_ABORT) != 0)
1416 ccb->ccb_h.status = CAM_CMD_TIMEOUT;
1417 else if ((ecb->flags & ECB_SENSE) != 0 &&
1418 (ecb->stat != SCSI_STATUS_CHECK_COND)) {
1419 ccb->csio.scsi_status = SCSI_STATUS_CHECK_COND;
1420 ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR |
1421 CAM_AUTOSNS_VALID;
1422 sense_returned = sizeof(ccb->csio.sense_data) -
1423 ecb->dleft;
1424 if (sense_returned < ccb->csio.sense_len)
1425 ccb->csio.sense_resid = ccb->csio.sense_len -
1426 sense_returned;
1427 else
1428 ccb->csio.sense_resid = 0;
1429 } else if (ecb->stat == SCSI_STATUS_CHECK_COND) {
1430 if ((ecb->flags & ECB_SENSE) != 0)
1431 ccb->ccb_h.status = CAM_AUTOSENSE_FAIL;
1432 else {
1433 /* First, save the return values. */
1434 ccb->csio.resid = ecb->dleft;
1435 if ((ccb->ccb_h.flags & CAM_DIS_AUTOSENSE) ==
1436 0) {
1437 ncr53c9x_sense(sc, ecb);
1438 return;
1439 }
1440 ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR;
1441 }
1442 } else
1443 ccb->csio.resid = ecb->dleft;
1444 if (ecb->stat == SCSI_STATUS_QUEUE_FULL)
1445 ccb->ccb_h.status = CAM_SCSI_STATUS_ERROR;
1446 else if (ecb->stat == SCSI_STATUS_BUSY)
1447 ccb->ccb_h.status = CAM_SCSI_BUSY;
1448 } else if ((ccb->ccb_h.status & CAM_DEV_QFRZN) == 0) {
1449 ccb->ccb_h.status |= CAM_DEV_QFRZN;
1450 xpt_freeze_devq(ccb->ccb_h.path, 1);
1451 }
1452
1453 #ifdef NCR53C9X_DEBUG
1454 if ((ncr53c9x_debug & NCR_SHOWTRAC) != 0) {
1455 if (ccb->csio.resid != 0)
1456 printf("resid=%d ", ccb->csio.resid);
1457 if ((ccb->ccb_h.status & CAM_AUTOSNS_VALID) != 0)
1458 printf("sense=0x%02x\n",
1459 ccb->csio.sense_data.error_code);
1460 else
1461 printf("status SCSI=0x%x CAM=0x%x\n",
1462 ccb->csio.scsi_status, ccb->ccb_h.status);
1463 }
1464 #endif
1465
1466 /*
1467 * Remove the ECB from whatever queue it's on.
1468 */
1469 ncr53c9x_dequeue(sc, ecb);
1470 if (ecb == sc->sc_nexus) {
1471 sc->sc_nexus = NULL;
1472 if (sc->sc_state != NCR_CLEANING) {
1473 sc->sc_state = NCR_IDLE;
1474 ncr53c9x_sched(sc);
1475 }
1476 }
1477
1478 if ((ccb->ccb_h.status & CAM_SEL_TIMEOUT) != 0) {
1479 /* Selection timeout -- discard this LUN if empty. */
1480 if (li->untagged == NULL && li->used == 0) {
1481 if (lun < NCR_NLUN)
1482 ti->lun[lun] = NULL;
1483 LIST_REMOVE(li, link);
1484 free(li, M_DEVBUF);
1485 }
1486 }
1487
1488 ncr53c9x_free_ecb(sc, ecb);
1489 ti->cmds++;
1490 xpt_done(ccb);
1491 }
1492
1493 static void
ncr53c9x_dequeue(struct ncr53c9x_softc * sc,struct ncr53c9x_ecb * ecb)1494 ncr53c9x_dequeue(struct ncr53c9x_softc *sc, struct ncr53c9x_ecb *ecb)
1495 {
1496 struct ncr53c9x_linfo *li;
1497 struct ncr53c9x_tinfo *ti;
1498 int64_t lun;
1499
1500 NCR_LOCK_ASSERT(sc, MA_OWNED);
1501
1502 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
1503 lun = ecb->ccb->ccb_h.target_lun;
1504 li = TINFO_LUN(ti, lun);
1505 #ifdef DIAGNOSTIC
1506 if (li == NULL || li->lun != lun)
1507 panic("%s: lun %llx for ecb %p does not exist", __func__,
1508 (long long)lun, ecb);
1509 #endif
1510 if (li->untagged == ecb) {
1511 li->busy = 0;
1512 li->untagged = NULL;
1513 }
1514 if (ecb->tag[0] && li->queued[ecb->tag[1]] != NULL) {
1515 #ifdef DIAGNOSTIC
1516 if (li->queued[ecb->tag[1]] != NULL &&
1517 (li->queued[ecb->tag[1]] != ecb))
1518 panic("%s: slot %d for lun %llx has %p instead of ecb "
1519 "%p", __func__, ecb->tag[1], (long long)lun,
1520 li->queued[ecb->tag[1]], ecb);
1521 #endif
1522 li->queued[ecb->tag[1]] = NULL;
1523 li->used--;
1524 }
1525 ecb->tag[0] = ecb->tag[1] = 0;
1526
1527 if ((ecb->flags & ECB_READY) != 0) {
1528 ecb->flags &= ~ECB_READY;
1529 TAILQ_REMOVE(&sc->ready_list, ecb, chain);
1530 }
1531 }
1532
1533 /*
1534 * INTERRUPT/PROTOCOL ENGINE
1535 */
1536
1537 /*
1538 * Schedule an outgoing message by prioritizing it, and asserting
1539 * attention on the bus. We can only do this when we are the initiator
1540 * else there will be an illegal command interrupt.
1541 */
1542 #define ncr53c9x_sched_msgout(m) do { \
1543 NCR_MSGS(("ncr53c9x_sched_msgout %x %d", m, __LINE__)); \
1544 NCRCMD(sc, NCRCMD_SETATN); \
1545 sc->sc_flags |= NCR_ATN; \
1546 sc->sc_msgpriq |= (m); \
1547 } while (/* CONSTCOND */0)
1548
1549 static void
ncr53c9x_flushfifo(struct ncr53c9x_softc * sc)1550 ncr53c9x_flushfifo(struct ncr53c9x_softc *sc)
1551 {
1552
1553 NCR_LOCK_ASSERT(sc, MA_OWNED);
1554
1555 NCR_TRACE(("[%s] ", __func__));
1556
1557 NCRCMD(sc, NCRCMD_FLUSH);
1558
1559 if (sc->sc_phase == COMMAND_PHASE ||
1560 sc->sc_phase == MESSAGE_OUT_PHASE)
1561 DELAY(2);
1562 }
1563
1564 static int
ncr53c9x_rdfifo(struct ncr53c9x_softc * sc,int how)1565 ncr53c9x_rdfifo(struct ncr53c9x_softc *sc, int how)
1566 {
1567 int i, n;
1568 uint8_t *ibuf;
1569
1570 NCR_LOCK_ASSERT(sc, MA_OWNED);
1571
1572 switch (how) {
1573 case NCR_RDFIFO_START:
1574 ibuf = sc->sc_imess;
1575 sc->sc_imlen = 0;
1576 break;
1577
1578 case NCR_RDFIFO_CONTINUE:
1579 ibuf = sc->sc_imess + sc->sc_imlen;
1580 break;
1581
1582 default:
1583 panic("%s: bad flag", __func__);
1584 /* NOTREACHED */
1585 }
1586
1587 /*
1588 * XXX buffer (sc_imess) size for message
1589 */
1590
1591 n = NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF;
1592
1593 if (sc->sc_rev == NCR_VARIANT_FAS366) {
1594 n *= 2;
1595
1596 for (i = 0; i < n; i++)
1597 ibuf[i] = NCR_READ_REG(sc, NCR_FIFO);
1598
1599 if (sc->sc_espstat2 & NCRFAS_STAT2_ISHUTTLE) {
1600
1601 NCR_WRITE_REG(sc, NCR_FIFO, 0);
1602 ibuf[i++] = NCR_READ_REG(sc, NCR_FIFO);
1603
1604 NCR_READ_REG(sc, NCR_FIFO);
1605
1606 ncr53c9x_flushfifo(sc);
1607 }
1608 } else
1609 for (i = 0; i < n; i++)
1610 ibuf[i] = NCR_READ_REG(sc, NCR_FIFO);
1611
1612 sc->sc_imlen += i;
1613
1614 #if 0
1615 #ifdef NCR53C9X_DEBUG
1616 NCR_TRACE(("\n[rdfifo %s (%d):",
1617 (how == NCR_RDFIFO_START) ? "start" : "cont", (int)sc->sc_imlen));
1618 if ((ncr53c9x_debug & NCR_SHOWTRAC) != 0) {
1619 for (i = 0; i < sc->sc_imlen; i++)
1620 printf(" %02x", sc->sc_imess[i]);
1621 printf("]\n");
1622 }
1623 #endif
1624 #endif
1625 return (sc->sc_imlen);
1626 }
1627
1628 static void
ncr53c9x_wrfifo(struct ncr53c9x_softc * sc,uint8_t * p,int len)1629 ncr53c9x_wrfifo(struct ncr53c9x_softc *sc, uint8_t *p, int len)
1630 {
1631 int i;
1632
1633 NCR_LOCK_ASSERT(sc, MA_OWNED);
1634
1635 #ifdef NCR53C9X_DEBUG
1636 NCR_MSGS(("[wrfifo(%d):", len));
1637 if ((ncr53c9x_debug & NCR_SHOWMSGS) != 0) {
1638 for (i = 0; i < len; i++)
1639 printf(" %02x", p[i]);
1640 printf("]\n");
1641 }
1642 #endif
1643
1644 for (i = 0; i < len; i++) {
1645 NCR_WRITE_REG(sc, NCR_FIFO, p[i]);
1646
1647 if (sc->sc_rev == NCR_VARIANT_FAS366)
1648 NCR_WRITE_REG(sc, NCR_FIFO, 0);
1649 }
1650 }
1651
1652 static int
ncr53c9x_reselect(struct ncr53c9x_softc * sc,int message,int tagtype,int tagid)1653 ncr53c9x_reselect(struct ncr53c9x_softc *sc, int message, int tagtype,
1654 int tagid)
1655 {
1656 struct ncr53c9x_ecb *ecb = NULL;
1657 struct ncr53c9x_linfo *li;
1658 struct ncr53c9x_tinfo *ti;
1659 uint8_t lun, selid, target;
1660
1661 NCR_LOCK_ASSERT(sc, MA_OWNED);
1662
1663 if (sc->sc_rev == NCR_VARIANT_FAS366)
1664 target = sc->sc_selid;
1665 else {
1666 /*
1667 * The SCSI chip made a snapshot of the data bus
1668 * while the reselection was being negotiated.
1669 * This enables us to determine which target did
1670 * the reselect.
1671 */
1672 selid = sc->sc_selid & ~(1 << sc->sc_id);
1673 if (selid & (selid - 1)) {
1674 device_printf(sc->sc_dev, "reselect with invalid "
1675 "selid %02x; sending DEVICE RESET\n", selid);
1676 goto reset;
1677 }
1678
1679 target = ffs(selid) - 1;
1680 }
1681 lun = message & 0x07;
1682
1683 /*
1684 * Search wait queue for disconnected command.
1685 * The list should be short, so I haven't bothered with
1686 * any more sophisticated structures than a simple
1687 * singly linked list.
1688 */
1689 ti = &sc->sc_tinfo[target];
1690 li = TINFO_LUN(ti, lun);
1691
1692 /*
1693 * We can get as far as the LUN with the IDENTIFY
1694 * message. Check to see if we're running an
1695 * untagged command. Otherwise ack the IDENTIFY
1696 * and wait for a tag message.
1697 */
1698 if (li != NULL) {
1699 if (li->untagged != NULL && li->busy)
1700 ecb = li->untagged;
1701 else if (tagtype != MSG_SIMPLE_Q_TAG) {
1702 /* Wait for tag to come by. */
1703 sc->sc_state = NCR_IDENTIFIED;
1704 return (0);
1705 } else if (tagtype)
1706 ecb = li->queued[tagid];
1707 }
1708 if (ecb == NULL) {
1709 device_printf(sc->sc_dev, "reselect from target %d lun %d "
1710 "tag %x:%x with no nexus; sending ABORT\n",
1711 target, lun, tagtype, tagid);
1712 goto abort;
1713 }
1714
1715 /* Make this nexus active again. */
1716 sc->sc_state = NCR_CONNECTED;
1717 sc->sc_nexus = ecb;
1718 ncr53c9x_setsync(sc, ti);
1719
1720 if (ecb->flags & ECB_RESET)
1721 ncr53c9x_sched_msgout(SEND_DEV_RESET);
1722 else if (ecb->flags & ECB_ABORT)
1723 ncr53c9x_sched_msgout(SEND_ABORT);
1724
1725 /* Do an implicit RESTORE POINTERS. */
1726 sc->sc_dp = ecb->daddr;
1727 sc->sc_dleft = ecb->dleft;
1728
1729 return (0);
1730
1731 reset:
1732 ncr53c9x_sched_msgout(SEND_DEV_RESET);
1733 return (1);
1734
1735 abort:
1736 ncr53c9x_sched_msgout(SEND_ABORT);
1737 return (1);
1738 }
1739
1740 /* From NetBSD; these should go into CAM at some point. */
1741 #define MSG_ISEXTENDED(m) ((m) == MSG_EXTENDED)
1742 #define MSG_IS1BYTE(m) \
1743 ((!MSG_ISEXTENDED(m) && (m) < 0x20) || MSG_ISIDENTIFY(m))
1744 #define MSG_IS2BYTE(m) (((m) & 0xf0) == 0x20)
1745
1746 static inline int
__verify_msg_format(uint8_t * p,int len)1747 __verify_msg_format(uint8_t *p, int len)
1748 {
1749
1750 if (len == 1 && MSG_IS1BYTE(p[0]))
1751 return (1);
1752 if (len == 2 && MSG_IS2BYTE(p[0]))
1753 return (1);
1754 if (len >= 3 && MSG_ISEXTENDED(p[0]) &&
1755 len == p[1] + 2)
1756 return (1);
1757
1758 return (0);
1759 }
1760
1761 /*
1762 * Get an incoming message as initiator.
1763 *
1764 * The SCSI bus must already be in MESSAGE_IN_PHASE and there is a
1765 * byte in the FIFO.
1766 */
1767 static void
ncr53c9x_msgin(struct ncr53c9x_softc * sc)1768 ncr53c9x_msgin(struct ncr53c9x_softc *sc)
1769 {
1770 struct ncr53c9x_ecb *ecb;
1771 struct ncr53c9x_linfo *li;
1772 struct ncr53c9x_tinfo *ti;
1773 uint8_t *pb;
1774 int len, lun;
1775
1776 NCR_LOCK_ASSERT(sc, MA_OWNED);
1777
1778 NCR_TRACE(("[%s(curmsglen:%ld)] ", __func__, (long)sc->sc_imlen));
1779
1780 if (sc->sc_imlen == 0) {
1781 device_printf(sc->sc_dev, "msgin: no msg byte available\n");
1782 return;
1783 }
1784
1785 /*
1786 * Prepare for a new message. A message should (according
1787 * to the SCSI standard) be transmitted in one single
1788 * MESSAGE_IN_PHASE. If we have been in some other phase,
1789 * then this is a new message.
1790 */
1791 if (sc->sc_prevphase != MESSAGE_IN_PHASE &&
1792 sc->sc_state != NCR_RESELECTED) {
1793 device_printf(sc->sc_dev, "phase change, dropping message, "
1794 "prev %d, state %d\n", sc->sc_prevphase, sc->sc_state);
1795 sc->sc_flags &= ~NCR_DROP_MSGI;
1796 sc->sc_imlen = 0;
1797 }
1798
1799 /*
1800 * If we're going to reject the message, don't bother storing
1801 * the incoming bytes. But still, we need to ACK them.
1802 */
1803 if ((sc->sc_flags & NCR_DROP_MSGI) != 0) {
1804 NCRCMD(sc, NCRCMD_MSGOK);
1805 device_printf(sc->sc_dev, "<dropping msg byte %x>",
1806 sc->sc_imess[sc->sc_imlen]);
1807 return;
1808 }
1809
1810 if (sc->sc_imlen >= NCR_MAX_MSG_LEN) {
1811 ncr53c9x_sched_msgout(SEND_REJECT);
1812 sc->sc_flags |= NCR_DROP_MSGI;
1813 } else {
1814 switch (sc->sc_state) {
1815 /*
1816 * if received message is the first of reselection
1817 * then first byte is selid, and then message
1818 */
1819 case NCR_RESELECTED:
1820 pb = sc->sc_imess + 1;
1821 len = sc->sc_imlen - 1;
1822 break;
1823
1824 default:
1825 pb = sc->sc_imess;
1826 len = sc->sc_imlen;
1827 }
1828
1829 if (__verify_msg_format(pb, len))
1830 goto gotit;
1831 }
1832
1833 /* Acknowledge what we have so far. */
1834 NCRCMD(sc, NCRCMD_MSGOK);
1835 return;
1836
1837 gotit:
1838 NCR_MSGS(("gotmsg(%x) state %d", sc->sc_imess[0], sc->sc_state));
1839 /*
1840 * We got a complete message, flush the imess.
1841 * XXX nobody uses imlen below.
1842 */
1843 sc->sc_imlen = 0;
1844 /*
1845 * Now we should have a complete message (1 byte, 2 byte
1846 * and moderately long extended messages). We only handle
1847 * extended messages which total length is shorter than
1848 * NCR_MAX_MSG_LEN. Longer messages will be amputated.
1849 */
1850 switch (sc->sc_state) {
1851 case NCR_CONNECTED:
1852 ecb = sc->sc_nexus;
1853 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
1854
1855 switch (sc->sc_imess[0]) {
1856 case MSG_CMDCOMPLETE:
1857 NCR_MSGS(("cmdcomplete "));
1858 if (sc->sc_dleft < 0) {
1859 xpt_print_path(ecb->ccb->ccb_h.path);
1860 printf("got %ld extra bytes\n",
1861 -(long)sc->sc_dleft);
1862 sc->sc_dleft = 0;
1863 }
1864 ecb->dleft = (ecb->flags & ECB_TENTATIVE_DONE) ?
1865 0 : sc->sc_dleft;
1866 if ((ecb->flags & ECB_SENSE) == 0)
1867 ecb->ccb->csio.resid = ecb->dleft;
1868 sc->sc_state = NCR_CMDCOMPLETE;
1869 break;
1870
1871 case MSG_MESSAGE_REJECT:
1872 NCR_MSGS(("msg reject (msgout=%x) ", sc->sc_msgout));
1873 switch (sc->sc_msgout) {
1874 case SEND_TAG:
1875 /*
1876 * Target does not like tagged queuing.
1877 * - Flush the command queue
1878 * - Disable tagged queuing for the target
1879 * - Dequeue ecb from the queued array.
1880 */
1881 device_printf(sc->sc_dev, "tagged queuing "
1882 "rejected: target %d\n",
1883 ecb->ccb->ccb_h.target_id);
1884
1885 NCR_MSGS(("(rejected sent tag)"));
1886 NCRCMD(sc, NCRCMD_FLUSH);
1887 DELAY(1);
1888 ti->flags &= ~T_TAG;
1889 lun = ecb->ccb->ccb_h.target_lun;
1890 li = TINFO_LUN(ti, lun);
1891 if (ecb->tag[0] &&
1892 li->queued[ecb->tag[1]] != NULL) {
1893 li->queued[ecb->tag[1]] = NULL;
1894 li->used--;
1895 }
1896 ecb->tag[0] = ecb->tag[1] = 0;
1897 li->untagged = ecb;
1898 li->busy = 1;
1899 break;
1900
1901 case SEND_SDTR:
1902 device_printf(sc->sc_dev, "sync transfer "
1903 "rejected: target %d\n",
1904 ecb->ccb->ccb_h.target_id);
1905
1906 ti->flags &= ~T_SDTRSENT;
1907 ti->curr.period = ti->goal.period = 0;
1908 ti->curr.offset = ti->goal.offset = 0;
1909 ncr53c9x_setsync(sc, ti);
1910 break;
1911
1912 case SEND_WDTR:
1913 device_printf(sc->sc_dev, "wide transfer "
1914 "rejected: target %d\n",
1915 ecb->ccb->ccb_h.target_id);
1916
1917 ti->flags &= ~T_WDTRSENT;
1918 ti->curr.width = ti->goal.width =
1919 MSG_EXT_WDTR_BUS_8_BIT;
1920 ncr53c9x_setsync(sc, ti);
1921 break;
1922
1923 case SEND_INIT_DET_ERR:
1924 goto abort;
1925 }
1926 break;
1927
1928 case MSG_NOOP:
1929 NCR_MSGS(("noop "));
1930 break;
1931
1932 case MSG_HEAD_OF_Q_TAG:
1933 case MSG_SIMPLE_Q_TAG:
1934 case MSG_ORDERED_Q_TAG:
1935 NCR_MSGS(("TAG %x:%x",
1936 sc->sc_imess[0], sc->sc_imess[1]));
1937 break;
1938
1939 case MSG_DISCONNECT:
1940 NCR_MSGS(("disconnect "));
1941 ti->dconns++;
1942 sc->sc_state = NCR_DISCONNECT;
1943
1944 /*
1945 * Mark the fact that all bytes have moved. The
1946 * target may not bother to do a SAVE POINTERS
1947 * at this stage. This flag will set the residual
1948 * count to zero on MSG COMPLETE.
1949 */
1950 if (sc->sc_dleft == 0)
1951 ecb->flags |= ECB_TENTATIVE_DONE;
1952 break;
1953
1954 case MSG_SAVEDATAPOINTER:
1955 NCR_MSGS(("save datapointer "));
1956 ecb->daddr = sc->sc_dp;
1957 ecb->dleft = sc->sc_dleft;
1958 break;
1959
1960 case MSG_RESTOREPOINTERS:
1961 NCR_MSGS(("restore datapointer "));
1962 sc->sc_dp = ecb->daddr;
1963 sc->sc_dleft = ecb->dleft;
1964 break;
1965
1966 case MSG_IGN_WIDE_RESIDUE:
1967 NCR_MSGS(("ignore wide residue (%d bytes)",
1968 sc->sc_imess[1]));
1969 if (sc->sc_imess[1] != 1) {
1970 xpt_print_path(ecb->ccb->ccb_h.path);
1971 printf("unexpected MESSAGE IGNORE WIDE "
1972 "RESIDUE (%d bytes); sending REJECT\n",
1973 sc->sc_imess[1]);
1974 goto reject;
1975 }
1976 /*
1977 * If there was a last transfer of an even number of
1978 * bytes, wipe the "done" memory and adjust by one
1979 * byte (sc->sc_imess[1]).
1980 */
1981 len = sc->sc_dleft - ecb->dleft;
1982 if (len != 0 && (len & 1) == 0) {
1983 ecb->flags &= ~ECB_TENTATIVE_DONE;
1984 sc->sc_dp = (char *)sc->sc_dp - 1;
1985 sc->sc_dleft--;
1986 }
1987 break;
1988
1989 case MSG_EXTENDED:
1990 NCR_MSGS(("extended(%x) ", sc->sc_imess[2]));
1991 switch (sc->sc_imess[2]) {
1992 case MSG_EXT_SDTR:
1993 NCR_MSGS(("SDTR period %d, offset %d ",
1994 sc->sc_imess[3], sc->sc_imess[4]));
1995 if (sc->sc_imess[1] != 3)
1996 goto reject;
1997 ti->curr.period = sc->sc_imess[3];
1998 ti->curr.offset = sc->sc_imess[4];
1999 if (sc->sc_minsync == 0 ||
2000 ti->curr.offset == 0 ||
2001 ti->curr.period > 124) {
2002 #if 0
2003 #ifdef NCR53C9X_DEBUG
2004 xpt_print_path(ecb->ccb->ccb_h.path);
2005 printf("async mode\n");
2006 #endif
2007 #endif
2008 if ((ti->flags & T_SDTRSENT) == 0) {
2009 /*
2010 * target initiated negotiation
2011 */
2012 ti->curr.offset = 0;
2013 ncr53c9x_sched_msgout(
2014 SEND_SDTR);
2015 }
2016 } else {
2017 ti->curr.period =
2018 ncr53c9x_cpb2stp(sc,
2019 ncr53c9x_stp2cpb(sc,
2020 ti->curr.period));
2021 if ((ti->flags & T_SDTRSENT) == 0) {
2022 /*
2023 * target initiated negotiation
2024 */
2025 if (ti->curr.period <
2026 sc->sc_minsync)
2027 ti->curr.period =
2028 sc->sc_minsync;
2029 if (ti->curr.offset >
2030 sc->sc_maxoffset)
2031 ti->curr.offset =
2032 sc->sc_maxoffset;
2033 ncr53c9x_sched_msgout(
2034 SEND_SDTR);
2035 }
2036 }
2037 ti->flags &= ~T_SDTRSENT;
2038 ti->goal.period = ti->curr.period;
2039 ti->goal.offset = ti->curr.offset;
2040 ncr53c9x_setsync(sc, ti);
2041 break;
2042
2043 case MSG_EXT_WDTR:
2044 NCR_MSGS(("wide mode %d ", sc->sc_imess[3]));
2045 ti->curr.width = sc->sc_imess[3];
2046 if (!(ti->flags & T_WDTRSENT))
2047 /*
2048 * target initiated negotiation
2049 */
2050 ncr53c9x_sched_msgout(SEND_WDTR);
2051 ti->flags &= ~T_WDTRSENT;
2052 ti->goal.width = ti->curr.width;
2053 ncr53c9x_setsync(sc, ti);
2054 break;
2055
2056 default:
2057 xpt_print_path(ecb->ccb->ccb_h.path);
2058 printf("unrecognized MESSAGE EXTENDED 0x%x;"
2059 " sending REJECT\n", sc->sc_imess[2]);
2060 goto reject;
2061 }
2062 break;
2063
2064 default:
2065 NCR_MSGS(("ident "));
2066 xpt_print_path(ecb->ccb->ccb_h.path);
2067 printf("unrecognized MESSAGE 0x%x; sending REJECT\n",
2068 sc->sc_imess[0]);
2069 /* FALLTHROUGH */
2070 reject:
2071 ncr53c9x_sched_msgout(SEND_REJECT);
2072 break;
2073 }
2074 break;
2075
2076 case NCR_IDENTIFIED:
2077 /*
2078 * IDENTIFY message was received and queue tag is expected
2079 * now.
2080 */
2081 if ((sc->sc_imess[0] != MSG_SIMPLE_Q_TAG) ||
2082 (sc->sc_msgify == 0)) {
2083 device_printf(sc->sc_dev, "TAG reselect without "
2084 "IDENTIFY; MSG %x; sending DEVICE RESET\n",
2085 sc->sc_imess[0]);
2086 goto reset;
2087 }
2088 (void)ncr53c9x_reselect(sc, sc->sc_msgify,
2089 sc->sc_imess[0], sc->sc_imess[1]);
2090 break;
2091
2092 case NCR_RESELECTED:
2093 if (MSG_ISIDENTIFY(sc->sc_imess[1]))
2094 sc->sc_msgify = sc->sc_imess[1];
2095 else {
2096 device_printf(sc->sc_dev, "reselect without IDENTIFY;"
2097 " MSG %x; sending DEVICE RESET\n", sc->sc_imess[1]);
2098 goto reset;
2099 }
2100 (void)ncr53c9x_reselect(sc, sc->sc_msgify, 0, 0);
2101 break;
2102
2103 default:
2104 device_printf(sc->sc_dev, "unexpected MESSAGE IN; "
2105 "sending DEVICE RESET\n");
2106 /* FALLTHROUGH */
2107 reset:
2108 ncr53c9x_sched_msgout(SEND_DEV_RESET);
2109 break;
2110
2111 abort:
2112 ncr53c9x_sched_msgout(SEND_ABORT);
2113 }
2114
2115 /* If we have more messages to send set ATN. */
2116 if (sc->sc_msgpriq) {
2117 NCRCMD(sc, NCRCMD_SETATN);
2118 sc->sc_flags |= NCR_ATN;
2119 }
2120
2121 /* Acknowledge last message byte. */
2122 NCRCMD(sc, NCRCMD_MSGOK);
2123
2124 /* Done, reset message pointer. */
2125 sc->sc_flags &= ~NCR_DROP_MSGI;
2126 sc->sc_imlen = 0;
2127 }
2128
2129 /*
2130 * Send the highest priority, scheduled message.
2131 */
2132 static void
ncr53c9x_msgout(struct ncr53c9x_softc * sc)2133 ncr53c9x_msgout(struct ncr53c9x_softc *sc)
2134 {
2135 struct ncr53c9x_tinfo *ti;
2136 struct ncr53c9x_ecb *ecb;
2137 size_t size;
2138 int error;
2139 #ifdef NCR53C9X_DEBUG
2140 int i;
2141 #endif
2142
2143 NCR_LOCK_ASSERT(sc, MA_OWNED);
2144
2145 NCR_TRACE(("[%s(priq:%x, prevphase:%x)]", __func__, sc->sc_msgpriq,
2146 sc->sc_prevphase));
2147
2148 /*
2149 * XXX - the NCR_ATN flag is not in sync with the actual ATN
2150 * condition on the SCSI bus. The 53c9x chip
2151 * automatically turns off ATN before sending the
2152 * message byte. (See also the comment below in the
2153 * default case when picking out a message to send.)
2154 */
2155 if (sc->sc_flags & NCR_ATN) {
2156 if (sc->sc_prevphase != MESSAGE_OUT_PHASE) {
2157 new:
2158 NCRCMD(sc, NCRCMD_FLUSH);
2159 #if 0
2160 DELAY(1);
2161 #endif
2162 sc->sc_msgoutq = 0;
2163 sc->sc_omlen = 0;
2164 }
2165 } else {
2166 if (sc->sc_prevphase == MESSAGE_OUT_PHASE) {
2167 ncr53c9x_sched_msgout(sc->sc_msgoutq);
2168 goto new;
2169 } else
2170 device_printf(sc->sc_dev, "at line %d: unexpected "
2171 "MESSAGE OUT phase\n", __LINE__);
2172 }
2173
2174 if (sc->sc_omlen == 0) {
2175 /* Pick up highest priority message. */
2176 sc->sc_msgout = sc->sc_msgpriq & -sc->sc_msgpriq;
2177 sc->sc_msgoutq |= sc->sc_msgout;
2178 sc->sc_msgpriq &= ~sc->sc_msgout;
2179 sc->sc_omlen = 1; /* "Default" message len */
2180 switch (sc->sc_msgout) {
2181 case SEND_SDTR:
2182 ecb = sc->sc_nexus;
2183 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
2184 sc->sc_omess[0] = MSG_EXTENDED;
2185 sc->sc_omess[1] = MSG_EXT_SDTR_LEN;
2186 sc->sc_omess[2] = MSG_EXT_SDTR;
2187 sc->sc_omess[3] = ti->goal.period;
2188 sc->sc_omess[4] = ti->goal.offset;
2189 sc->sc_omlen = 5;
2190 break;
2191
2192 case SEND_WDTR:
2193 ecb = sc->sc_nexus;
2194 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
2195 sc->sc_omess[0] = MSG_EXTENDED;
2196 sc->sc_omess[1] = MSG_EXT_WDTR_LEN;
2197 sc->sc_omess[2] = MSG_EXT_WDTR;
2198 sc->sc_omess[3] = ti->goal.width;
2199 sc->sc_omlen = 4;
2200 break;
2201
2202 case SEND_IDENTIFY:
2203 if (sc->sc_state != NCR_CONNECTED)
2204 device_printf(sc->sc_dev, "at line %d: no "
2205 "nexus\n", __LINE__);
2206 ecb = sc->sc_nexus;
2207 sc->sc_omess[0] =
2208 MSG_IDENTIFY(ecb->ccb->ccb_h.target_lun, 0);
2209 break;
2210
2211 case SEND_TAG:
2212 if (sc->sc_state != NCR_CONNECTED)
2213 device_printf(sc->sc_dev, "at line %d: no "
2214 "nexus\n", __LINE__);
2215 ecb = sc->sc_nexus;
2216 sc->sc_omess[0] = ecb->tag[0];
2217 sc->sc_omess[1] = ecb->tag[1];
2218 sc->sc_omlen = 2;
2219 break;
2220
2221 case SEND_DEV_RESET:
2222 sc->sc_flags |= NCR_ABORTING;
2223 sc->sc_omess[0] = MSG_BUS_DEV_RESET;
2224 ecb = sc->sc_nexus;
2225 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
2226 ti->curr.period = 0;
2227 ti->curr.offset = 0;
2228 ti->curr.width = MSG_EXT_WDTR_BUS_8_BIT;
2229 break;
2230
2231 case SEND_PARITY_ERROR:
2232 sc->sc_omess[0] = MSG_PARITY_ERROR;
2233 break;
2234
2235 case SEND_ABORT:
2236 sc->sc_flags |= NCR_ABORTING;
2237 sc->sc_omess[0] = MSG_ABORT;
2238 break;
2239
2240 case SEND_INIT_DET_ERR:
2241 sc->sc_omess[0] = MSG_INITIATOR_DET_ERR;
2242 break;
2243
2244 case SEND_REJECT:
2245 sc->sc_omess[0] = MSG_MESSAGE_REJECT;
2246 break;
2247
2248 default:
2249 /*
2250 * We normally do not get here, since the chip
2251 * automatically turns off ATN before the last
2252 * byte of a message is sent to the target.
2253 * However, if the target rejects our (multi-byte)
2254 * message early by switching to MSG IN phase
2255 * ATN remains on, so the target may return to
2256 * MSG OUT phase. If there are no scheduled messages
2257 * left we send a NO-OP.
2258 *
2259 * XXX - Note that this leaves no useful purpose for
2260 * the NCR_ATN flag.
2261 */
2262 sc->sc_flags &= ~NCR_ATN;
2263 sc->sc_omess[0] = MSG_NOOP;
2264 }
2265 sc->sc_omp = sc->sc_omess;
2266 }
2267
2268 #ifdef NCR53C9X_DEBUG
2269 if ((ncr53c9x_debug & NCR_SHOWMSGS) != 0) {
2270 NCR_MSGS(("<msgout:"));
2271 for (i = 0; i < sc->sc_omlen; i++)
2272 NCR_MSGS((" %02x", sc->sc_omess[i]));
2273 NCR_MSGS(("> "));
2274 }
2275 #endif
2276
2277 if (sc->sc_rev != NCR_VARIANT_FAS366) {
2278 /* (Re)send the message. */
2279 size = ulmin(sc->sc_omlen, sc->sc_maxxfer);
2280 error = NCRDMA_SETUP(sc, &sc->sc_omp, &sc->sc_omlen, 0, &size);
2281 if (error != 0)
2282 goto cmd;
2283
2284 /* Program the SCSI counter. */
2285 NCR_SET_COUNT(sc, size);
2286
2287 /* Load the count in and start the message-out transfer. */
2288 NCRCMD(sc, NCRCMD_NOP | NCRCMD_DMA);
2289 NCRCMD(sc, NCRCMD_TRANS | NCRCMD_DMA);
2290 NCRDMA_GO(sc);
2291 return;
2292 }
2293
2294 cmd:
2295 /*
2296 * XXX FIFO size
2297 */
2298 sc->sc_cmdlen = 0;
2299 ncr53c9x_flushfifo(sc);
2300 ncr53c9x_wrfifo(sc, sc->sc_omp, sc->sc_omlen);
2301 NCRCMD(sc, NCRCMD_TRANS);
2302 }
2303
2304 void
ncr53c9x_intr(void * arg)2305 ncr53c9x_intr(void *arg)
2306 {
2307 struct ncr53c9x_softc *sc = arg;
2308
2309 if (!NCRDMA_ISINTR(sc))
2310 return;
2311
2312 NCR_LOCK(sc);
2313
2314 ncr53c9x_intr1(sc);
2315
2316 NCR_UNLOCK(sc);
2317 }
2318
2319 /*
2320 * This is the most critical part of the driver, and has to know
2321 * how to deal with *all* error conditions and phases from the SCSI
2322 * bus. If there are no errors and the DMA was active, then call the
2323 * DMA pseudo-interrupt handler. If this returns 1, then that was it
2324 * and we can return from here without further processing.
2325 *
2326 * Most of this needs verifying.
2327 */
2328 static void
ncr53c9x_intr1(struct ncr53c9x_softc * sc)2329 ncr53c9x_intr1(struct ncr53c9x_softc *sc)
2330 {
2331 struct ncr53c9x_ecb *ecb;
2332 struct ncr53c9x_linfo *li;
2333 struct ncr53c9x_tinfo *ti;
2334 struct timeval cur, wait;
2335 size_t size;
2336 int error, i, nfifo;
2337 uint8_t msg;
2338
2339 NCR_LOCK_ASSERT(sc, MA_OWNED);
2340
2341 NCR_INTS(("[ncr53c9x_intr: state %d]", sc->sc_state));
2342
2343 again:
2344 /* and what do the registers say... */
2345 ncr53c9x_readregs(sc);
2346
2347 /*
2348 * At the moment, only a SCSI Bus Reset or Illegal
2349 * Command are classed as errors. A disconnect is a
2350 * valid condition, and we let the code check is the
2351 * "NCR_BUSFREE_OK" flag was set before declaring it
2352 * and error.
2353 *
2354 * Also, the status register tells us about "Gross
2355 * Errors" and "Parity errors". Only the Gross Error
2356 * is really bad, and the parity errors are dealt
2357 * with later.
2358 *
2359 * TODO
2360 * If there are too many parity error, go to slow
2361 * cable mode?
2362 */
2363
2364 if ((sc->sc_espintr & NCRINTR_SBR) != 0) {
2365 if ((NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) != 0) {
2366 NCRCMD(sc, NCRCMD_FLUSH);
2367 DELAY(1);
2368 }
2369 if (sc->sc_state != NCR_SBR) {
2370 device_printf(sc->sc_dev, "SCSI bus reset\n");
2371 ncr53c9x_init(sc, 0); /* Restart everything. */
2372 return;
2373 }
2374 #if 0
2375 /*XXX*/ device_printf(sc->sc_dev, "<expected bus reset: "
2376 "[intr %x, stat %x, step %d]>\n",
2377 sc->sc_espintr, sc->sc_espstat, sc->sc_espstep);
2378 #endif
2379 if (sc->sc_nexus != NULL)
2380 panic("%s: nexus in reset state",
2381 device_get_nameunit(sc->sc_dev));
2382 goto sched;
2383 }
2384
2385 ecb = sc->sc_nexus;
2386
2387 #define NCRINTR_ERR (NCRINTR_SBR | NCRINTR_ILL)
2388 if (sc->sc_espintr & NCRINTR_ERR ||
2389 sc->sc_espstat & NCRSTAT_GE) {
2390 if ((sc->sc_espstat & NCRSTAT_GE) != 0) {
2391 /* Gross Error; no target? */
2392 if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2393 NCRCMD(sc, NCRCMD_FLUSH);
2394 DELAY(1);
2395 }
2396 if (sc->sc_state == NCR_CONNECTED ||
2397 sc->sc_state == NCR_SELECTING) {
2398 ecb->ccb->ccb_h.status = CAM_SEL_TIMEOUT;
2399 ncr53c9x_done(sc, ecb);
2400 }
2401 return;
2402 }
2403
2404 if ((sc->sc_espintr & NCRINTR_ILL) != 0) {
2405 if ((sc->sc_flags & NCR_EXPECT_ILLCMD) != 0) {
2406 /*
2407 * Eat away "Illegal command" interrupt
2408 * on a ESP100 caused by a re-selection
2409 * while we were trying to select
2410 * another target.
2411 */
2412 #ifdef NCR53C9X_DEBUG
2413 device_printf(sc->sc_dev, "ESP100 work-around "
2414 "activated\n");
2415 #endif
2416 sc->sc_flags &= ~NCR_EXPECT_ILLCMD;
2417 return;
2418 }
2419 /* Illegal command, out of sync? */
2420 device_printf(sc->sc_dev, "illegal command: 0x%x "
2421 "(state %d, phase %x, prevphase %x)\n",
2422 sc->sc_lastcmd,
2423 sc->sc_state, sc->sc_phase, sc->sc_prevphase);
2424 if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2425 NCRCMD(sc, NCRCMD_FLUSH);
2426 DELAY(1);
2427 }
2428 goto reset;
2429 }
2430 }
2431 sc->sc_flags &= ~NCR_EXPECT_ILLCMD;
2432
2433 /*
2434 * Call if DMA is active.
2435 *
2436 * If DMA_INTR returns true, then maybe go 'round the loop
2437 * again in case there is no more DMA queued, but a phase
2438 * change is expected.
2439 */
2440 if (NCRDMA_ISACTIVE(sc)) {
2441 if (NCRDMA_INTR(sc) == -1) {
2442 device_printf(sc->sc_dev, "DMA error; resetting\n");
2443 goto reset;
2444 }
2445 /* If DMA active here, then go back to work... */
2446 if (NCRDMA_ISACTIVE(sc))
2447 return;
2448
2449 if ((sc->sc_espstat & NCRSTAT_TC) == 0) {
2450 /*
2451 * DMA not completed. If we can not find a
2452 * acceptable explanation, print a diagnostic.
2453 */
2454 if (sc->sc_state == NCR_SELECTING)
2455 /*
2456 * This can happen if we are reselected
2457 * while using DMA to select a target.
2458 */
2459 /*void*/;
2460 else if (sc->sc_prevphase == MESSAGE_OUT_PHASE) {
2461 /*
2462 * Our (multi-byte) message (eg SDTR) was
2463 * interrupted by the target to send
2464 * a MSG REJECT.
2465 * Print diagnostic if current phase
2466 * is not MESSAGE IN.
2467 */
2468 if (sc->sc_phase != MESSAGE_IN_PHASE)
2469 device_printf(sc->sc_dev,"!TC on MSGOUT"
2470 " [intr %x, stat %x, step %d]"
2471 " prevphase %x, resid %lx\n",
2472 sc->sc_espintr,
2473 sc->sc_espstat,
2474 sc->sc_espstep,
2475 sc->sc_prevphase,
2476 (u_long)sc->sc_omlen);
2477 } else if (sc->sc_dleft == 0) {
2478 /*
2479 * The DMA operation was started for
2480 * a DATA transfer. Print a diagnostic
2481 * if the DMA counter and TC bit
2482 * appear to be out of sync.
2483 *
2484 * XXX This is fatal and usually means that
2485 * the DMA engine is hopelessly out of
2486 * sync with reality. A disk is likely
2487 * getting spammed at this point.
2488 */
2489 device_printf(sc->sc_dev, "!TC on DATA XFER"
2490 " [intr %x, stat %x, step %d]"
2491 " prevphase %x, resid %x\n",
2492 sc->sc_espintr,
2493 sc->sc_espstat,
2494 sc->sc_espstep,
2495 sc->sc_prevphase,
2496 ecb ? ecb->dleft : -1);
2497 goto reset;
2498 }
2499 }
2500 }
2501
2502 /*
2503 * Check for less serious errors.
2504 */
2505 if ((sc->sc_espstat & NCRSTAT_PE) != 0) {
2506 device_printf(sc->sc_dev, "SCSI bus parity error\n");
2507 if (sc->sc_prevphase == MESSAGE_IN_PHASE)
2508 ncr53c9x_sched_msgout(SEND_PARITY_ERROR);
2509 else
2510 ncr53c9x_sched_msgout(SEND_INIT_DET_ERR);
2511 }
2512
2513 if ((sc->sc_espintr & NCRINTR_DIS) != 0) {
2514 sc->sc_msgify = 0;
2515 NCR_INTS(("<DISC [intr %x, stat %x, step %d]>",
2516 sc->sc_espintr,sc->sc_espstat,sc->sc_espstep));
2517 if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2518 NCRCMD(sc, NCRCMD_FLUSH);
2519 #if 0
2520 DELAY(1);
2521 #endif
2522 }
2523 /*
2524 * This command must (apparently) be issued within
2525 * 250mS of a disconnect. So here you are...
2526 */
2527 NCRCMD(sc, NCRCMD_ENSEL);
2528
2529 switch (sc->sc_state) {
2530 case NCR_RESELECTED:
2531 goto sched;
2532
2533 case NCR_SELECTING:
2534 ecb->ccb->ccb_h.status = CAM_SEL_TIMEOUT;
2535
2536 /* Selection timeout -- discard all LUNs if empty. */
2537 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
2538 li = LIST_FIRST(&ti->luns);
2539 while (li != NULL) {
2540 if (li->untagged == NULL && li->used == 0) {
2541 if (li->lun < NCR_NLUN)
2542 ti->lun[li->lun] = NULL;
2543 LIST_REMOVE(li, link);
2544 free(li, M_DEVBUF);
2545 /*
2546 * Restart the search at the beginning.
2547 */
2548 li = LIST_FIRST(&ti->luns);
2549 continue;
2550 }
2551 li = LIST_NEXT(li, link);
2552 }
2553 goto finish;
2554
2555 case NCR_CONNECTED:
2556 if (ecb != NULL) {
2557 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
2558 if ((ti->flags & T_SDTRSENT) != 0) {
2559 xpt_print_path(ecb->ccb->ccb_h.path);
2560 printf("sync nego not completed!\n");
2561 ti->flags &= ~T_SDTRSENT;
2562 ti->curr.period = ti->goal.period = 0;
2563 ti->curr.offset = ti->goal.offset = 0;
2564 ncr53c9x_setsync(sc, ti);
2565 }
2566 if ((ti->flags & T_WDTRSENT) != 0) {
2567 xpt_print_path(ecb->ccb->ccb_h.path);
2568 printf("wide nego not completed!\n");
2569 ti->flags &= ~T_WDTRSENT;
2570 ti->curr.width = ti->goal.width =
2571 MSG_EXT_WDTR_BUS_8_BIT;
2572 ncr53c9x_setsync(sc, ti);
2573 }
2574 }
2575
2576 /* It may be OK to disconnect. */
2577 if ((sc->sc_flags & NCR_ABORTING) == 0) {
2578 /*
2579 * Section 5.1.1 of the SCSI 2 spec
2580 * suggests issuing a REQUEST SENSE
2581 * following an unexpected disconnect.
2582 * Some devices go into a contingent
2583 * allegiance condition when
2584 * disconnecting, and this is necessary
2585 * to clean up their state.
2586 */
2587 device_printf(sc->sc_dev, "unexpected "
2588 "disconnect [state %d, intr %x, stat %x, "
2589 "phase(c %x, p %x)]; ", sc->sc_state,
2590 sc->sc_espintr, sc->sc_espstat,
2591 sc->sc_phase, sc->sc_prevphase);
2592
2593 /*
2594 * XXX This will cause a chip reset and will
2595 * prevent us from finding out the real
2596 * problem with the device. However, it's
2597 * necessary until a way can be found to
2598 * safely cancel the DMA that is in
2599 * progress.
2600 */
2601 if (1 || (ecb->flags & ECB_SENSE) != 0) {
2602 printf("resetting\n");
2603 goto reset;
2604 }
2605 printf("sending REQUEST SENSE\n");
2606 callout_stop(&ecb->ch);
2607 ncr53c9x_sense(sc, ecb);
2608 return;
2609 } else if (ecb != NULL &&
2610 (ecb->flags & ECB_RESET) != 0) {
2611 ecb->ccb->ccb_h.status = CAM_REQ_CMP;
2612 goto finish;
2613 }
2614
2615 ecb->ccb->ccb_h.status = CAM_CMD_TIMEOUT;
2616 goto finish;
2617
2618 case NCR_DISCONNECT:
2619 sc->sc_nexus = NULL;
2620 goto sched;
2621
2622 case NCR_CMDCOMPLETE:
2623 ecb->ccb->ccb_h.status = CAM_REQ_CMP;
2624 goto finish;
2625 }
2626 }
2627
2628 switch (sc->sc_state) {
2629 case NCR_SBR:
2630 device_printf(sc->sc_dev, "waiting for Bus Reset to happen\n");
2631 return;
2632
2633 case NCR_RESELECTED:
2634 /*
2635 * We must be continuing a message?
2636 */
2637 device_printf(sc->sc_dev, "unhandled reselect continuation, "
2638 "state %d, intr %02x\n", sc->sc_state, sc->sc_espintr);
2639 goto reset;
2640 break;
2641
2642 case NCR_IDENTIFIED:
2643 ecb = sc->sc_nexus;
2644 if (sc->sc_phase != MESSAGE_IN_PHASE) {
2645 i = NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF;
2646 /*
2647 * Things are seriously screwed up.
2648 * Pull the brakes, i.e. reset.
2649 */
2650 device_printf(sc->sc_dev, "target didn't send tag: %d "
2651 "bytes in FIFO\n", i);
2652 /* Drain and display FIFO. */
2653 while (i-- > 0)
2654 printf("[%d] ", NCR_READ_REG(sc, NCR_FIFO));
2655
2656 goto reset;
2657 } else
2658 goto msgin;
2659
2660 case NCR_IDLE:
2661 case NCR_SELECTING:
2662 ecb = sc->sc_nexus;
2663 if (sc->sc_espintr & NCRINTR_RESEL) {
2664 sc->sc_msgpriq = sc->sc_msgout = sc->sc_msgoutq = 0;
2665 sc->sc_flags = 0;
2666 /*
2667 * If we're trying to select a
2668 * target ourselves, push our command
2669 * back into the ready list.
2670 */
2671 if (sc->sc_state == NCR_SELECTING) {
2672 NCR_INTS(("backoff selector "));
2673 callout_stop(&ecb->ch);
2674 ncr53c9x_dequeue(sc, ecb);
2675 TAILQ_INSERT_HEAD(&sc->ready_list, ecb, chain);
2676 ecb->flags |= ECB_READY;
2677 ecb = sc->sc_nexus = NULL;
2678 }
2679 sc->sc_state = NCR_RESELECTED;
2680 if (sc->sc_phase != MESSAGE_IN_PHASE) {
2681 /*
2682 * Things are seriously screwed up.
2683 * Pull the brakes, i.e. reset
2684 */
2685 device_printf(sc->sc_dev, "target didn't "
2686 "identify\n");
2687 goto reset;
2688 }
2689 /*
2690 * The C90 only inhibits FIFO writes until reselection
2691 * is complete instead of waiting until the interrupt
2692 * status register has been read. So, if the reselect
2693 * happens while we were entering command bytes (for
2694 * another target) some of those bytes can appear in
2695 * the FIFO here, after the interrupt is taken.
2696 *
2697 * To remedy this situation, pull the Selection ID
2698 * and Identify message from the FIFO directly, and
2699 * ignore any extraneous FIFO contents. Also, set
2700 * a flag that allows one Illegal Command Interrupt
2701 * to occur which the chip also generates as a result
2702 * of writing to the FIFO during a reselect.
2703 */
2704 if (sc->sc_rev == NCR_VARIANT_ESP100) {
2705 nfifo =
2706 NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF;
2707 sc->sc_imess[0] = NCR_READ_REG(sc, NCR_FIFO);
2708 sc->sc_imess[1] = NCR_READ_REG(sc, NCR_FIFO);
2709 sc->sc_imlen = 2;
2710 if (nfifo != 2) {
2711 /* Flush the rest. */
2712 NCRCMD(sc, NCRCMD_FLUSH);
2713 }
2714 sc->sc_flags |= NCR_EXPECT_ILLCMD;
2715 if (nfifo > 2)
2716 nfifo = 2; /* We fixed it... */
2717 } else
2718 nfifo = ncr53c9x_rdfifo(sc, NCR_RDFIFO_START);
2719
2720 if (nfifo != 2) {
2721 device_printf(sc->sc_dev, "RESELECT: %d bytes "
2722 "in FIFO! [intr %x, stat %x, step %d, "
2723 "prevphase %x]\n",
2724 nfifo,
2725 sc->sc_espintr,
2726 sc->sc_espstat,
2727 sc->sc_espstep,
2728 sc->sc_prevphase);
2729 goto reset;
2730 }
2731 sc->sc_selid = sc->sc_imess[0];
2732 NCR_INTS(("selid=%02x ", sc->sc_selid));
2733
2734 /* Handle IDENTIFY message. */
2735 ncr53c9x_msgin(sc);
2736
2737 if (sc->sc_state != NCR_CONNECTED &&
2738 sc->sc_state != NCR_IDENTIFIED) {
2739 /* IDENTIFY fail?! */
2740 device_printf(sc->sc_dev, "identify failed, "
2741 "state %d, intr %02x\n", sc->sc_state,
2742 sc->sc_espintr);
2743 goto reset;
2744 }
2745 goto shortcut; /* i.e. next phase expected soon */
2746 }
2747
2748 #define NCRINTR_DONE (NCRINTR_FC | NCRINTR_BS)
2749 if ((sc->sc_espintr & NCRINTR_DONE) == NCRINTR_DONE) {
2750 /*
2751 * Arbitration won; examine the `step' register
2752 * to determine how far the selection could progress.
2753 */
2754 if (ecb == NULL) {
2755 /*
2756 * When doing path inquiry during boot
2757 * FAS100A trigger a stray interrupt which
2758 * we just ignore instead of panicing.
2759 */
2760 if (sc->sc_state == NCR_IDLE &&
2761 sc->sc_espstep == 0)
2762 return;
2763 panic("%s: no nexus", __func__);
2764 }
2765
2766 ti = &sc->sc_tinfo[ecb->ccb->ccb_h.target_id];
2767
2768 switch (sc->sc_espstep) {
2769 case 0:
2770 /*
2771 * The target did not respond with a
2772 * message out phase - probably an old
2773 * device that doesn't recognize ATN.
2774 * Clear ATN and just continue, the
2775 * target should be in the command
2776 * phase.
2777 * XXX check for command phase?
2778 */
2779 NCRCMD(sc, NCRCMD_RSTATN);
2780 break;
2781
2782 case 1:
2783 if (ti->curr.period == ti->goal.period &&
2784 ti->curr.offset == ti->goal.offset &&
2785 ti->curr.width == ti->goal.width &&
2786 ecb->tag[0] == 0) {
2787 device_printf(sc->sc_dev, "step 1 "
2788 "and no negotiation to perform "
2789 "or tag to send\n");
2790 goto reset;
2791 }
2792 if (sc->sc_phase != MESSAGE_OUT_PHASE) {
2793 device_printf(sc->sc_dev, "step 1 "
2794 "but not in MESSAGE_OUT_PHASE\n");
2795 goto reset;
2796 }
2797 sc->sc_prevphase = MESSAGE_OUT_PHASE; /* XXX */
2798 if (ecb->flags & ECB_RESET) {
2799 /*
2800 * A DEVICE RESET was scheduled and
2801 * ATNS used. As SEND_DEV_RESET has
2802 * the highest priority, the target
2803 * will reset and disconnect and we
2804 * will end up in ncr53c9x_done w/o
2805 * negotiating or sending a TAG. So
2806 * we just break here in order to
2807 * avoid warnings about negotiation
2808 * not having completed.
2809 */
2810 ncr53c9x_sched_msgout(SEND_DEV_RESET);
2811 break;
2812 }
2813 if (ti->curr.width != ti->goal.width) {
2814 ti->flags |= T_WDTRSENT | T_SDTRSENT;
2815 ncr53c9x_sched_msgout(SEND_WDTR |
2816 SEND_SDTR);
2817 }
2818 if (ti->curr.period != ti->goal.period ||
2819 ti->curr.offset != ti->goal.offset) {
2820 ti->flags |= T_SDTRSENT;
2821 ncr53c9x_sched_msgout(SEND_SDTR);
2822 }
2823 if (ecb->tag[0] != 0)
2824 /* Could not do ATN3 so send TAG. */
2825 ncr53c9x_sched_msgout(SEND_TAG);
2826 break;
2827
2828 case 3:
2829 /*
2830 * Grr, this is supposed to mean
2831 * "target left command phase prematurely".
2832 * It seems to happen regularly when
2833 * sync mode is on.
2834 * Look at FIFO to see if command went out.
2835 * (Timing problems?)
2836 */
2837 if (sc->sc_features & NCR_F_DMASELECT) {
2838 if (sc->sc_cmdlen == 0) {
2839 /* Hope for the best... */
2840 break;
2841 }
2842 } else if ((NCR_READ_REG(sc, NCR_FFLAG) &
2843 NCRFIFO_FF) == 0) {
2844 /* Hope for the best... */
2845 break;
2846 }
2847 xpt_print_path(ecb->ccb->ccb_h.path);
2848 printf("selection failed; %d left in FIFO "
2849 "[intr %x, stat %x, step %d]\n",
2850 NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF,
2851 sc->sc_espintr, sc->sc_espstat,
2852 sc->sc_espstep);
2853 NCRCMD(sc, NCRCMD_FLUSH);
2854 ncr53c9x_sched_msgout(SEND_ABORT);
2855 return;
2856
2857 case 2:
2858 /* Select stuck at Command Phase. */
2859 NCRCMD(sc, NCRCMD_FLUSH);
2860 break;
2861
2862 case 4:
2863 if (sc->sc_features & NCR_F_DMASELECT &&
2864 sc->sc_cmdlen != 0) {
2865 xpt_print_path(ecb->ccb->ccb_h.path);
2866 printf("select; %lu left in DMA buffer "
2867 "[intr %x, stat %x, step %d]\n",
2868 (u_long)sc->sc_cmdlen,
2869 sc->sc_espintr,
2870 sc->sc_espstat,
2871 sc->sc_espstep);
2872 }
2873 /* So far, everything went fine. */
2874 break;
2875 }
2876
2877 sc->sc_prevphase = INVALID_PHASE; /* ??? */
2878 /* Do an implicit RESTORE POINTERS. */
2879 sc->sc_dp = ecb->daddr;
2880 sc->sc_dleft = ecb->dleft;
2881 sc->sc_state = NCR_CONNECTED;
2882 break;
2883 } else {
2884 device_printf(sc->sc_dev, "unexpected status after "
2885 "select: [intr %x, stat %x, step %x]\n",
2886 sc->sc_espintr, sc->sc_espstat, sc->sc_espstep);
2887 NCRCMD(sc, NCRCMD_FLUSH);
2888 DELAY(1);
2889 goto reset;
2890 }
2891 if (sc->sc_state == NCR_IDLE) {
2892 device_printf(sc->sc_dev, "stray interrupt\n");
2893 return;
2894 }
2895 break;
2896
2897 case NCR_CONNECTED:
2898 if ((sc->sc_flags & NCR_ICCS) != 0) {
2899 /* "Initiate Command Complete Steps" in progress */
2900 sc->sc_flags &= ~NCR_ICCS;
2901
2902 if ((sc->sc_espintr & NCRINTR_DONE) == 0) {
2903 device_printf(sc->sc_dev, "ICCS: "
2904 ": [intr %x, stat %x, step %x]\n",
2905 sc->sc_espintr, sc->sc_espstat,
2906 sc->sc_espstep);
2907 }
2908 ncr53c9x_rdfifo(sc, NCR_RDFIFO_START);
2909 if (sc->sc_imlen < 2)
2910 device_printf(sc->sc_dev, "can't get status, "
2911 "only %d bytes\n", (int)sc->sc_imlen);
2912 ecb->stat = sc->sc_imess[sc->sc_imlen - 2];
2913 msg = sc->sc_imess[sc->sc_imlen - 1];
2914 NCR_PHASE(("<stat:(%x,%x)>", ecb->stat, msg));
2915 if (msg == MSG_CMDCOMPLETE) {
2916 ecb->dleft =
2917 (ecb->flags & ECB_TENTATIVE_DONE) ?
2918 0 : sc->sc_dleft;
2919 if ((ecb->flags & ECB_SENSE) == 0)
2920 ecb->ccb->csio.resid = ecb->dleft;
2921 sc->sc_state = NCR_CMDCOMPLETE;
2922 } else
2923 device_printf(sc->sc_dev, "STATUS_PHASE: "
2924 "msg %d\n", msg);
2925 sc->sc_imlen = 0;
2926 NCRCMD(sc, NCRCMD_MSGOK);
2927 goto shortcut; /* i.e. wait for disconnect */
2928 }
2929 break;
2930
2931 default:
2932 device_printf(sc->sc_dev, "invalid state: %d [intr %x, "
2933 "phase(c %x, p %x)]\n", sc->sc_state,
2934 sc->sc_espintr, sc->sc_phase, sc->sc_prevphase);
2935 goto reset;
2936 }
2937
2938 /*
2939 * Driver is now in state NCR_CONNECTED, i.e. we
2940 * have a current command working the SCSI bus.
2941 */
2942 if (sc->sc_state != NCR_CONNECTED || ecb == NULL)
2943 panic("%s: no nexus", __func__);
2944
2945 switch (sc->sc_phase) {
2946 case MESSAGE_OUT_PHASE:
2947 NCR_PHASE(("MESSAGE_OUT_PHASE "));
2948 ncr53c9x_msgout(sc);
2949 sc->sc_prevphase = MESSAGE_OUT_PHASE;
2950 break;
2951
2952 case MESSAGE_IN_PHASE:
2953 msgin:
2954 NCR_PHASE(("MESSAGE_IN_PHASE "));
2955 if ((sc->sc_espintr & NCRINTR_BS) != 0) {
2956 if ((sc->sc_rev != NCR_VARIANT_FAS366) ||
2957 (sc->sc_espstat2 & NCRFAS_STAT2_EMPTY) == 0) {
2958 NCRCMD(sc, NCRCMD_FLUSH);
2959 }
2960 sc->sc_flags |= NCR_WAITI;
2961 NCRCMD(sc, NCRCMD_TRANS);
2962 } else if ((sc->sc_espintr & NCRINTR_FC) != 0) {
2963 if ((sc->sc_flags & NCR_WAITI) == 0) {
2964 device_printf(sc->sc_dev, "MSGIN: unexpected "
2965 "FC bit: [intr %x, stat %x, step %x]\n",
2966 sc->sc_espintr, sc->sc_espstat,
2967 sc->sc_espstep);
2968 }
2969 sc->sc_flags &= ~NCR_WAITI;
2970 ncr53c9x_rdfifo(sc,
2971 (sc->sc_prevphase == sc->sc_phase) ?
2972 NCR_RDFIFO_CONTINUE : NCR_RDFIFO_START);
2973 ncr53c9x_msgin(sc);
2974 } else
2975 device_printf(sc->sc_dev, "MSGIN: weird bits: "
2976 "[intr %x, stat %x, step %x]\n",
2977 sc->sc_espintr, sc->sc_espstat, sc->sc_espstep);
2978 sc->sc_prevphase = MESSAGE_IN_PHASE;
2979 goto shortcut; /* i.e. expect data to be ready */
2980
2981 case COMMAND_PHASE:
2982 /*
2983 * Send the command block. Normally we don't see this
2984 * phase because the SEL_ATN command takes care of
2985 * all this. However, we end up here if either the
2986 * target or we wanted to exchange some more messages
2987 * first (e.g. to start negotiations).
2988 */
2989
2990 NCR_PHASE(("COMMAND_PHASE 0x%02x (%d) ",
2991 ecb->cmd.cmd.opcode, ecb->clen));
2992 if (NCR_READ_REG(sc, NCR_FFLAG) & NCRFIFO_FF) {
2993 NCRCMD(sc, NCRCMD_FLUSH);
2994 #if 0
2995 DELAY(1);
2996 #endif
2997 }
2998 /*
2999 * If we have more messages to send, e.g. WDTR or SDTR
3000 * after we've sent a TAG, set ATN so we'll go back to
3001 * MESSAGE_OUT_PHASE.
3002 */
3003 if (sc->sc_msgpriq) {
3004 NCRCMD(sc, NCRCMD_SETATN);
3005 sc->sc_flags |= NCR_ATN;
3006 }
3007 if (sc->sc_features & NCR_F_DMASELECT) {
3008 /* Setup DMA transfer for command. */
3009 size = ecb->clen;
3010 sc->sc_cmdlen = size;
3011 sc->sc_cmdp = (void *)&ecb->cmd.cmd;
3012 error = NCRDMA_SETUP(sc, &sc->sc_cmdp, &sc->sc_cmdlen,
3013 0, &size);
3014 if (error != 0)
3015 goto cmd;
3016
3017 /* Program the SCSI counter. */
3018 NCR_SET_COUNT(sc, size);
3019
3020 /* Load the count in. */
3021 NCRCMD(sc, NCRCMD_NOP | NCRCMD_DMA);
3022
3023 /* Start the command transfer. */
3024 NCRCMD(sc, NCRCMD_TRANS | NCRCMD_DMA);
3025 NCRDMA_GO(sc);
3026 sc->sc_prevphase = COMMAND_PHASE;
3027 break;
3028 }
3029 cmd:
3030 sc->sc_cmdlen = 0;
3031 ncr53c9x_wrfifo(sc, (uint8_t *)&ecb->cmd.cmd, ecb->clen);
3032 NCRCMD(sc, NCRCMD_TRANS);
3033 sc->sc_prevphase = COMMAND_PHASE;
3034 break;
3035
3036 case DATA_OUT_PHASE:
3037 NCR_PHASE(("DATA_OUT_PHASE [%ld] ", (long)sc->sc_dleft));
3038 sc->sc_prevphase = DATA_OUT_PHASE;
3039 NCRCMD(sc, NCRCMD_FLUSH);
3040 size = ulmin(sc->sc_dleft, sc->sc_maxxfer);
3041 error = NCRDMA_SETUP(sc, &sc->sc_dp, &sc->sc_dleft, 0, &size);
3042 goto setup_xfer;
3043
3044 case DATA_IN_PHASE:
3045 NCR_PHASE(("DATA_IN_PHASE "));
3046 sc->sc_prevphase = DATA_IN_PHASE;
3047 if (sc->sc_rev == NCR_VARIANT_ESP100)
3048 NCRCMD(sc, NCRCMD_FLUSH);
3049 size = ulmin(sc->sc_dleft, sc->sc_maxxfer);
3050 error = NCRDMA_SETUP(sc, &sc->sc_dp, &sc->sc_dleft, 1, &size);
3051 setup_xfer:
3052 if (error != 0) {
3053 switch (error) {
3054 case EFBIG:
3055 ecb->ccb->ccb_h.status |= CAM_REQ_TOO_BIG;
3056 break;
3057 case EINPROGRESS:
3058 panic("%s: cannot deal with deferred DMA",
3059 __func__);
3060 case EINVAL:
3061 ecb->ccb->ccb_h.status |= CAM_REQ_INVALID;
3062 break;
3063 case ENOMEM:
3064 ecb->ccb->ccb_h.status |= CAM_REQUEUE_REQ;
3065 break;
3066 default:
3067 ecb->ccb->ccb_h.status |= CAM_REQ_CMP_ERR;
3068 }
3069 goto finish;
3070 }
3071
3072 /* Target returned to data phase: wipe "done" memory. */
3073 ecb->flags &= ~ECB_TENTATIVE_DONE;
3074
3075 /* Program the SCSI counter. */
3076 NCR_SET_COUNT(sc, size);
3077
3078 /* Load the count in. */
3079 NCRCMD(sc, NCRCMD_NOP | NCRCMD_DMA);
3080
3081 /*
3082 * Note that if `size' is 0, we've already transceived
3083 * all the bytes we want but we're still in DATA PHASE.
3084 * Apparently, the device needs padding. Also, a
3085 * transfer size of 0 means "maximum" to the chip
3086 * DMA logic.
3087 */
3088 NCRCMD(sc,
3089 (size == 0 ? NCRCMD_TRPAD : NCRCMD_TRANS) | NCRCMD_DMA);
3090 NCRDMA_GO(sc);
3091 return;
3092
3093 case STATUS_PHASE:
3094 NCR_PHASE(("STATUS_PHASE "));
3095 sc->sc_flags |= NCR_ICCS;
3096 NCRCMD(sc, NCRCMD_ICCS);
3097 sc->sc_prevphase = STATUS_PHASE;
3098 goto shortcut; /* i.e. expect status results soon */
3099
3100 case INVALID_PHASE:
3101 break;
3102
3103 default:
3104 device_printf(sc->sc_dev,
3105 "unexpected bus phase; resetting\n");
3106 goto reset;
3107 }
3108
3109 return;
3110
3111 reset:
3112 ncr53c9x_init(sc, 1);
3113 return;
3114
3115 finish:
3116 ncr53c9x_done(sc, ecb);
3117 return;
3118
3119 sched:
3120 sc->sc_state = NCR_IDLE;
3121 ncr53c9x_sched(sc);
3122 return;
3123
3124 shortcut:
3125 /*
3126 * The idea is that many of the SCSI operations take very little
3127 * time, and going away and getting interrupted is too high an
3128 * overhead to pay. For example, selecting, sending a message
3129 * and command and then doing some work can be done in one "pass".
3130 *
3131 * The delay is a heuristic. It is 2 when at 20 MHz, 2 at 25 MHz and
3132 * 1 at 40 MHz. This needs testing.
3133 */
3134 microtime(&wait);
3135 wait.tv_usec += 50 / sc->sc_freq;
3136 if (wait.tv_usec > 1000000) {
3137 wait.tv_sec++;
3138 wait.tv_usec -= 1000000;
3139 }
3140 do {
3141 if (NCRDMA_ISINTR(sc))
3142 goto again;
3143 microtime(&cur);
3144 } while (cur.tv_sec <= wait.tv_sec && cur.tv_usec <= wait.tv_usec);
3145 }
3146
3147 static void
ncr53c9x_abort(struct ncr53c9x_softc * sc,struct ncr53c9x_ecb * ecb)3148 ncr53c9x_abort(struct ncr53c9x_softc *sc, struct ncr53c9x_ecb *ecb)
3149 {
3150
3151 NCR_LOCK_ASSERT(sc, MA_OWNED);
3152
3153 /* 2 secs for the abort */
3154 ecb->timeout = NCR_ABORT_TIMEOUT;
3155 ecb->flags |= ECB_ABORT;
3156
3157 if (ecb == sc->sc_nexus) {
3158 /*
3159 * If we're still selecting, the message will be scheduled
3160 * after selection is complete.
3161 */
3162 if (sc->sc_state == NCR_CONNECTED)
3163 ncr53c9x_sched_msgout(SEND_ABORT);
3164
3165 /*
3166 * Reschedule callout.
3167 */
3168 callout_reset(&ecb->ch, mstohz(ecb->timeout),
3169 ncr53c9x_callout, ecb);
3170 } else {
3171 /*
3172 * Just leave the command where it is.
3173 * XXX - what choice do we have but to reset the SCSI
3174 * eventually?
3175 */
3176 if (sc->sc_state == NCR_IDLE)
3177 ncr53c9x_sched(sc);
3178 }
3179 }
3180
3181 static void
ncr53c9x_callout(void * arg)3182 ncr53c9x_callout(void *arg)
3183 {
3184 struct ncr53c9x_ecb *ecb = arg;
3185 union ccb *ccb = ecb->ccb;
3186 struct ncr53c9x_softc *sc = ecb->sc;
3187 struct ncr53c9x_tinfo *ti;
3188
3189 NCR_LOCK_ASSERT(sc, MA_OWNED);
3190
3191 ti = &sc->sc_tinfo[ccb->ccb_h.target_id];
3192 xpt_print_path(ccb->ccb_h.path);
3193 device_printf(sc->sc_dev, "timed out [ecb %p (flags 0x%x, dleft %x, "
3194 "stat %x)], <state %d, nexus %p, phase(l %x, c %x, p %x), "
3195 "resid %lx, msg(q %x,o %x) %s>",
3196 ecb, ecb->flags, ecb->dleft, ecb->stat,
3197 sc->sc_state, sc->sc_nexus,
3198 NCR_READ_REG(sc, NCR_STAT),
3199 sc->sc_phase, sc->sc_prevphase,
3200 (long)sc->sc_dleft, sc->sc_msgpriq, sc->sc_msgout,
3201 NCRDMA_ISACTIVE(sc) ? "DMA active" : "");
3202 #if defined(NCR53C9X_DEBUG) && NCR53C9X_DEBUG > 1
3203 printf("TRACE: %s.", ecb->trace);
3204 #endif
3205
3206 if (ecb->flags & ECB_ABORT) {
3207 /* Abort timed out. */
3208 printf(" AGAIN\n");
3209 ncr53c9x_init(sc, 1);
3210 } else {
3211 /* Abort the operation that has timed out. */
3212 printf("\n");
3213 ccb->ccb_h.status = CAM_CMD_TIMEOUT;
3214 ncr53c9x_abort(sc, ecb);
3215
3216 /* Disable sync mode if stuck in a data phase. */
3217 if (ecb == sc->sc_nexus && ti->curr.offset != 0 &&
3218 (sc->sc_phase & (MSGI | CDI)) == 0) {
3219 /* XXX ASYNC CALLBACK! */
3220 ti->goal.offset = 0;
3221 xpt_print_path(ccb->ccb_h.path);
3222 printf("sync negotiation disabled\n");
3223 }
3224 }
3225 }
3226
3227 static void
ncr53c9x_watch(void * arg)3228 ncr53c9x_watch(void *arg)
3229 {
3230 struct ncr53c9x_softc *sc = arg;
3231 struct ncr53c9x_linfo *li;
3232 struct ncr53c9x_tinfo *ti;
3233 time_t old;
3234 int t;
3235
3236 NCR_LOCK_ASSERT(sc, MA_OWNED);
3237
3238 /* Delete any structures that have not been used in 10min. */
3239 old = time_second - (10 * 60);
3240
3241 for (t = 0; t < sc->sc_ntarg; t++) {
3242 ti = &sc->sc_tinfo[t];
3243 li = LIST_FIRST(&ti->luns);
3244 while (li) {
3245 if (li->last_used < old &&
3246 li->untagged == NULL &&
3247 li->used == 0) {
3248 if (li->lun < NCR_NLUN)
3249 ti->lun[li->lun] = NULL;
3250 LIST_REMOVE(li, link);
3251 free(li, M_DEVBUF);
3252 /* Restart the search at the beginning. */
3253 li = LIST_FIRST(&ti->luns);
3254 continue;
3255 }
3256 li = LIST_NEXT(li, link);
3257 }
3258 }
3259 callout_reset(&sc->sc_watchdog, 60 * hz, ncr53c9x_watch, sc);
3260 }
3261