mptsas.c (45851B)
1 /* 2 * QEMU LSI SAS1068 Host Bus Adapter emulation 3 * Based on the QEMU Megaraid emulator 4 * 5 * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs 6 * Copyright (c) 2012 Verizon, Inc. 7 * Copyright (c) 2016 Red Hat, Inc. 8 * 9 * Authors: Don Slutz, Paolo Bonzini 10 * 11 * This library is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU Lesser General Public 13 * License as published by the Free Software Foundation; either 14 * version 2.1 of the License, or (at your option) any later version. 15 * 16 * This library is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 * Lesser General Public License for more details. 20 * 21 * You should have received a copy of the GNU Lesser General Public 22 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "hw/pci/pci.h" 27 #include "hw/qdev-properties.h" 28 #include "sysemu/dma.h" 29 #include "hw/pci/msi.h" 30 #include "qemu/iov.h" 31 #include "qemu/main-loop.h" 32 #include "qemu/module.h" 33 #include "hw/scsi/scsi.h" 34 #include "scsi/constants.h" 35 #include "trace.h" 36 #include "qapi/error.h" 37 #include "mptsas.h" 38 #include "migration/qemu-file-types.h" 39 #include "migration/vmstate.h" 40 #include "mpi.h" 41 42 #define NAA_LOCALLY_ASSIGNED_ID 0x3ULL 43 #define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400 44 45 #define MPTSAS1068_PRODUCT_ID \ 46 (MPI_FW_HEADER_PID_FAMILY_1068_SAS | \ 47 MPI_FW_HEADER_PID_PROD_INITIATOR_SCSI | \ 48 MPI_FW_HEADER_PID_TYPE_SAS) 49 50 struct MPTSASRequest { 51 MPIMsgSCSIIORequest scsi_io; 52 SCSIRequest *sreq; 53 QEMUSGList qsg; 54 MPTSASState *dev; 55 56 QTAILQ_ENTRY(MPTSASRequest) next; 57 }; 58 59 static void mptsas_update_interrupt(MPTSASState *s) 60 { 61 PCIDevice *pci = (PCIDevice *) s; 62 uint32_t state = s->intr_status & ~(s->intr_mask | MPI_HIS_IOP_DOORBELL_STATUS); 63 64 if (msi_enabled(pci)) { 65 if (state) { 66 trace_mptsas_irq_msi(s); 67 msi_notify(pci, 0); 68 } 69 } 70 71 trace_mptsas_irq_intx(s, !!state); 72 pci_set_irq(pci, !!state); 73 } 74 75 static void mptsas_set_fault(MPTSASState *s, uint32_t code) 76 { 77 if ((s->state & MPI_IOC_STATE_FAULT) == 0) { 78 s->state = MPI_IOC_STATE_FAULT | code; 79 } 80 } 81 82 #define MPTSAS_FIFO_INVALID(s, name) \ 83 ((s)->name##_head > ARRAY_SIZE((s)->name) || \ 84 (s)->name##_tail > ARRAY_SIZE((s)->name)) 85 86 #define MPTSAS_FIFO_EMPTY(s, name) \ 87 ((s)->name##_head == (s)->name##_tail) 88 89 #define MPTSAS_FIFO_FULL(s, name) \ 90 ((s)->name##_head == ((s)->name##_tail + 1) % ARRAY_SIZE((s)->name)) 91 92 #define MPTSAS_FIFO_GET(s, name) ({ \ 93 uint32_t _val = (s)->name[(s)->name##_head++]; \ 94 (s)->name##_head %= ARRAY_SIZE((s)->name); \ 95 _val; \ 96 }) 97 98 #define MPTSAS_FIFO_PUT(s, name, val) do { \ 99 (s)->name[(s)->name##_tail++] = (val); \ 100 (s)->name##_tail %= ARRAY_SIZE((s)->name); \ 101 } while(0) 102 103 static void mptsas_post_reply(MPTSASState *s, MPIDefaultReply *reply) 104 { 105 PCIDevice *pci = (PCIDevice *) s; 106 uint32_t addr_lo; 107 108 if (MPTSAS_FIFO_EMPTY(s, reply_free) || MPTSAS_FIFO_FULL(s, reply_post)) { 109 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 110 return; 111 } 112 113 addr_lo = MPTSAS_FIFO_GET(s, reply_free); 114 115 pci_dma_write(pci, addr_lo | s->host_mfa_high_addr, reply, 116 MIN(s->reply_frame_size, 4 * reply->MsgLength)); 117 118 MPTSAS_FIFO_PUT(s, reply_post, MPI_ADDRESS_REPLY_A_BIT | (addr_lo >> 1)); 119 120 s->intr_status |= MPI_HIS_REPLY_MESSAGE_INTERRUPT; 121 if (s->doorbell_state == DOORBELL_WRITE) { 122 s->doorbell_state = DOORBELL_NONE; 123 s->intr_status |= MPI_HIS_DOORBELL_INTERRUPT; 124 } 125 mptsas_update_interrupt(s); 126 } 127 128 void mptsas_reply(MPTSASState *s, MPIDefaultReply *reply) 129 { 130 if (s->doorbell_state == DOORBELL_WRITE) { 131 /* The reply is sent out in 16 bit chunks, while the size 132 * in the reply is in 32 bit units. 133 */ 134 s->doorbell_state = DOORBELL_READ; 135 s->doorbell_reply_idx = 0; 136 s->doorbell_reply_size = reply->MsgLength * 2; 137 memcpy(s->doorbell_reply, reply, s->doorbell_reply_size * 2); 138 s->intr_status |= MPI_HIS_DOORBELL_INTERRUPT; 139 mptsas_update_interrupt(s); 140 } else { 141 mptsas_post_reply(s, reply); 142 } 143 } 144 145 static void mptsas_turbo_reply(MPTSASState *s, uint32_t msgctx) 146 { 147 if (MPTSAS_FIFO_FULL(s, reply_post)) { 148 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 149 return; 150 } 151 152 /* The reply is just the message context ID (bit 31 = clear). */ 153 MPTSAS_FIFO_PUT(s, reply_post, msgctx); 154 155 s->intr_status |= MPI_HIS_REPLY_MESSAGE_INTERRUPT; 156 mptsas_update_interrupt(s); 157 } 158 159 #define MPTSAS_MAX_REQUEST_SIZE 52 160 161 static const int mpi_request_sizes[] = { 162 [MPI_FUNCTION_SCSI_IO_REQUEST] = sizeof(MPIMsgSCSIIORequest), 163 [MPI_FUNCTION_SCSI_TASK_MGMT] = sizeof(MPIMsgSCSITaskMgmt), 164 [MPI_FUNCTION_IOC_INIT] = sizeof(MPIMsgIOCInit), 165 [MPI_FUNCTION_IOC_FACTS] = sizeof(MPIMsgIOCFacts), 166 [MPI_FUNCTION_CONFIG] = sizeof(MPIMsgConfig), 167 [MPI_FUNCTION_PORT_FACTS] = sizeof(MPIMsgPortFacts), 168 [MPI_FUNCTION_PORT_ENABLE] = sizeof(MPIMsgPortEnable), 169 [MPI_FUNCTION_EVENT_NOTIFICATION] = sizeof(MPIMsgEventNotify), 170 }; 171 172 static dma_addr_t mptsas_ld_sg_base(MPTSASState *s, uint32_t flags_and_length, 173 dma_addr_t *sgaddr) 174 { 175 const MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED; 176 PCIDevice *pci = (PCIDevice *) s; 177 dma_addr_t addr; 178 179 if (flags_and_length & MPI_SGE_FLAGS_64_BIT_ADDRESSING) { 180 uint64_t addr64; 181 182 ldq_le_pci_dma(pci, *sgaddr + 4, &addr64, attrs); 183 addr = addr64; 184 *sgaddr += 12; 185 } else { 186 uint32_t addr32; 187 188 ldl_le_pci_dma(pci, *sgaddr + 4, &addr32, attrs); 189 addr = addr32; 190 *sgaddr += 8; 191 } 192 return addr; 193 } 194 195 static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr) 196 { 197 PCIDevice *pci = (PCIDevice *) s; 198 hwaddr next_chain_addr; 199 uint32_t left; 200 hwaddr sgaddr; 201 uint32_t chain_offset; 202 203 chain_offset = req->scsi_io.ChainOffset; 204 next_chain_addr = addr + chain_offset * sizeof(uint32_t); 205 sgaddr = addr + sizeof(MPIMsgSCSIIORequest); 206 pci_dma_sglist_init(&req->qsg, pci, 4); 207 left = req->scsi_io.DataLength; 208 209 for(;;) { 210 dma_addr_t addr, len; 211 uint32_t flags_and_length; 212 213 ldl_le_pci_dma(pci, sgaddr, &flags_and_length, MEMTXATTRS_UNSPECIFIED); 214 len = flags_and_length & MPI_SGE_LENGTH_MASK; 215 if ((flags_and_length & MPI_SGE_FLAGS_ELEMENT_TYPE_MASK) 216 != MPI_SGE_FLAGS_SIMPLE_ELEMENT || 217 (!len && 218 !(flags_and_length & MPI_SGE_FLAGS_END_OF_LIST) && 219 !(flags_and_length & MPI_SGE_FLAGS_END_OF_BUFFER))) { 220 return MPI_IOCSTATUS_INVALID_SGL; 221 } 222 223 len = MIN(len, left); 224 if (!len) { 225 /* We reached the desired transfer length, ignore extra 226 * elements of the s/g list. 227 */ 228 break; 229 } 230 231 addr = mptsas_ld_sg_base(s, flags_and_length, &sgaddr); 232 qemu_sglist_add(&req->qsg, addr, len); 233 left -= len; 234 235 if (flags_and_length & MPI_SGE_FLAGS_END_OF_LIST) { 236 break; 237 } 238 239 if (flags_and_length & MPI_SGE_FLAGS_LAST_ELEMENT) { 240 if (!chain_offset) { 241 break; 242 } 243 244 ldl_le_pci_dma(pci, next_chain_addr, &flags_and_length, 245 MEMTXATTRS_UNSPECIFIED); 246 if ((flags_and_length & MPI_SGE_FLAGS_ELEMENT_TYPE_MASK) 247 != MPI_SGE_FLAGS_CHAIN_ELEMENT) { 248 return MPI_IOCSTATUS_INVALID_SGL; 249 } 250 251 sgaddr = mptsas_ld_sg_base(s, flags_and_length, &next_chain_addr); 252 chain_offset = 253 (flags_and_length & MPI_SGE_CHAIN_OFFSET_MASK) >> MPI_SGE_CHAIN_OFFSET_SHIFT; 254 next_chain_addr = sgaddr + chain_offset * sizeof(uint32_t); 255 } 256 } 257 return 0; 258 } 259 260 static void mptsas_free_request(MPTSASRequest *req) 261 { 262 if (req->sreq != NULL) { 263 req->sreq->hba_private = NULL; 264 scsi_req_unref(req->sreq); 265 req->sreq = NULL; 266 } 267 qemu_sglist_destroy(&req->qsg); 268 g_free(req); 269 } 270 271 static int mptsas_scsi_device_find(MPTSASState *s, int bus, int target, 272 uint8_t *lun, SCSIDevice **sdev) 273 { 274 if (bus != 0) { 275 return MPI_IOCSTATUS_SCSI_INVALID_BUS; 276 } 277 278 if (target >= s->max_devices) { 279 return MPI_IOCSTATUS_SCSI_INVALID_TARGETID; 280 } 281 282 *sdev = scsi_device_find(&s->bus, bus, target, lun[1]); 283 if (!*sdev) { 284 return MPI_IOCSTATUS_SCSI_DEVICE_NOT_THERE; 285 } 286 287 return 0; 288 } 289 290 static int mptsas_process_scsi_io_request(MPTSASState *s, 291 MPIMsgSCSIIORequest *scsi_io, 292 hwaddr addr) 293 { 294 MPTSASRequest *req; 295 MPIMsgSCSIIOReply reply; 296 SCSIDevice *sdev; 297 int status; 298 299 mptsas_fix_scsi_io_endianness(scsi_io); 300 301 trace_mptsas_process_scsi_io_request(s, scsi_io->Bus, scsi_io->TargetID, 302 scsi_io->LUN[1], scsi_io->DataLength); 303 304 status = mptsas_scsi_device_find(s, scsi_io->Bus, scsi_io->TargetID, 305 scsi_io->LUN, &sdev); 306 if (status) { 307 goto bad; 308 } 309 310 req = g_new0(MPTSASRequest, 1); 311 req->scsi_io = *scsi_io; 312 req->dev = s; 313 314 status = mptsas_build_sgl(s, req, addr); 315 if (status) { 316 goto free_bad; 317 } 318 319 if (req->qsg.size < scsi_io->DataLength) { 320 trace_mptsas_sgl_overflow(s, scsi_io->MsgContext, scsi_io->DataLength, 321 req->qsg.size); 322 status = MPI_IOCSTATUS_INVALID_SGL; 323 goto free_bad; 324 } 325 326 req->sreq = scsi_req_new(sdev, scsi_io->MsgContext, 327 scsi_io->LUN[1], scsi_io->CDB, 328 scsi_io->CDBLength, req); 329 330 if (req->sreq->cmd.xfer > scsi_io->DataLength) { 331 goto overrun; 332 } 333 switch (scsi_io->Control & MPI_SCSIIO_CONTROL_DATADIRECTION_MASK) { 334 case MPI_SCSIIO_CONTROL_NODATATRANSFER: 335 if (req->sreq->cmd.mode != SCSI_XFER_NONE) { 336 goto overrun; 337 } 338 break; 339 340 case MPI_SCSIIO_CONTROL_WRITE: 341 if (req->sreq->cmd.mode != SCSI_XFER_TO_DEV) { 342 goto overrun; 343 } 344 break; 345 346 case MPI_SCSIIO_CONTROL_READ: 347 if (req->sreq->cmd.mode != SCSI_XFER_FROM_DEV) { 348 goto overrun; 349 } 350 break; 351 } 352 353 if (scsi_req_enqueue(req->sreq)) { 354 scsi_req_continue(req->sreq); 355 } 356 return 0; 357 358 overrun: 359 trace_mptsas_scsi_overflow(s, scsi_io->MsgContext, req->sreq->cmd.xfer, 360 scsi_io->DataLength); 361 status = MPI_IOCSTATUS_SCSI_DATA_OVERRUN; 362 free_bad: 363 mptsas_free_request(req); 364 bad: 365 memset(&reply, 0, sizeof(reply)); 366 reply.TargetID = scsi_io->TargetID; 367 reply.Bus = scsi_io->Bus; 368 reply.MsgLength = sizeof(reply) / 4; 369 reply.Function = scsi_io->Function; 370 reply.CDBLength = scsi_io->CDBLength; 371 reply.SenseBufferLength = scsi_io->SenseBufferLength; 372 reply.MsgContext = scsi_io->MsgContext; 373 reply.SCSIState = MPI_SCSI_STATE_NO_SCSI_STATUS; 374 reply.IOCStatus = status; 375 376 mptsas_fix_scsi_io_reply_endianness(&reply); 377 mptsas_reply(s, (MPIDefaultReply *)&reply); 378 379 return 0; 380 } 381 382 typedef struct { 383 Notifier notifier; 384 MPTSASState *s; 385 MPIMsgSCSITaskMgmtReply *reply; 386 } MPTSASCancelNotifier; 387 388 static void mptsas_cancel_notify(Notifier *notifier, void *data) 389 { 390 MPTSASCancelNotifier *n = container_of(notifier, 391 MPTSASCancelNotifier, 392 notifier); 393 394 /* Abusing IOCLogInfo to store the expected number of requests... */ 395 if (++n->reply->TerminationCount == n->reply->IOCLogInfo) { 396 n->reply->IOCLogInfo = 0; 397 mptsas_fix_scsi_task_mgmt_reply_endianness(n->reply); 398 mptsas_post_reply(n->s, (MPIDefaultReply *)n->reply); 399 g_free(n->reply); 400 } 401 g_free(n); 402 } 403 404 static void mptsas_process_scsi_task_mgmt(MPTSASState *s, MPIMsgSCSITaskMgmt *req) 405 { 406 MPIMsgSCSITaskMgmtReply reply; 407 MPIMsgSCSITaskMgmtReply *reply_async; 408 int status, count; 409 SCSIDevice *sdev; 410 SCSIRequest *r, *next; 411 BusChild *kid; 412 413 mptsas_fix_scsi_task_mgmt_endianness(req); 414 415 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 416 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 417 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 418 419 memset(&reply, 0, sizeof(reply)); 420 reply.TargetID = req->TargetID; 421 reply.Bus = req->Bus; 422 reply.MsgLength = sizeof(reply) / 4; 423 reply.Function = req->Function; 424 reply.TaskType = req->TaskType; 425 reply.MsgContext = req->MsgContext; 426 427 switch (req->TaskType) { 428 case MPI_SCSITASKMGMT_TASKTYPE_ABORT_TASK: 429 case MPI_SCSITASKMGMT_TASKTYPE_QUERY_TASK: 430 status = mptsas_scsi_device_find(s, req->Bus, req->TargetID, 431 req->LUN, &sdev); 432 if (status) { 433 reply.IOCStatus = status; 434 goto out; 435 } 436 if (sdev->lun != req->LUN[1]) { 437 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN; 438 goto out; 439 } 440 441 QTAILQ_FOREACH_SAFE(r, &sdev->requests, next, next) { 442 MPTSASRequest *cmd_req = r->hba_private; 443 if (cmd_req && cmd_req->scsi_io.MsgContext == req->TaskMsgContext) { 444 break; 445 } 446 } 447 if (r) { 448 /* 449 * Assert that the request has not been completed yet, we 450 * check for it in the loop above. 451 */ 452 assert(r->hba_private); 453 if (req->TaskType == MPI_SCSITASKMGMT_TASKTYPE_QUERY_TASK) { 454 /* "If the specified command is present in the task set, then 455 * return a service response set to FUNCTION SUCCEEDED". 456 */ 457 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_SUCCEEDED; 458 } else { 459 MPTSASCancelNotifier *notifier; 460 461 reply_async = g_memdup(&reply, sizeof(MPIMsgSCSITaskMgmtReply)); 462 reply_async->IOCLogInfo = INT_MAX; 463 464 count = 1; 465 notifier = g_new(MPTSASCancelNotifier, 1); 466 notifier->s = s; 467 notifier->reply = reply_async; 468 notifier->notifier.notify = mptsas_cancel_notify; 469 scsi_req_cancel_async(r, ¬ifier->notifier); 470 goto reply_maybe_async; 471 } 472 } 473 break; 474 475 case MPI_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET: 476 case MPI_SCSITASKMGMT_TASKTYPE_CLEAR_TASK_SET: 477 status = mptsas_scsi_device_find(s, req->Bus, req->TargetID, 478 req->LUN, &sdev); 479 if (status) { 480 reply.IOCStatus = status; 481 goto out; 482 } 483 if (sdev->lun != req->LUN[1]) { 484 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN; 485 goto out; 486 } 487 488 reply_async = g_memdup(&reply, sizeof(MPIMsgSCSITaskMgmtReply)); 489 reply_async->IOCLogInfo = INT_MAX; 490 491 count = 0; 492 QTAILQ_FOREACH_SAFE(r, &sdev->requests, next, next) { 493 if (r->hba_private) { 494 MPTSASCancelNotifier *notifier; 495 496 count++; 497 notifier = g_new(MPTSASCancelNotifier, 1); 498 notifier->s = s; 499 notifier->reply = reply_async; 500 notifier->notifier.notify = mptsas_cancel_notify; 501 scsi_req_cancel_async(r, ¬ifier->notifier); 502 } 503 } 504 505 reply_maybe_async: 506 if (reply_async->TerminationCount < count) { 507 reply_async->IOCLogInfo = count; 508 return; 509 } 510 g_free(reply_async); 511 reply.TerminationCount = count; 512 break; 513 514 case MPI_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET: 515 status = mptsas_scsi_device_find(s, req->Bus, req->TargetID, 516 req->LUN, &sdev); 517 if (status) { 518 reply.IOCStatus = status; 519 goto out; 520 } 521 if (sdev->lun != req->LUN[1]) { 522 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN; 523 goto out; 524 } 525 device_cold_reset(&sdev->qdev); 526 break; 527 528 case MPI_SCSITASKMGMT_TASKTYPE_TARGET_RESET: 529 if (req->Bus != 0) { 530 reply.IOCStatus = MPI_IOCSTATUS_SCSI_INVALID_BUS; 531 goto out; 532 } 533 if (req->TargetID > s->max_devices) { 534 reply.IOCStatus = MPI_IOCSTATUS_SCSI_INVALID_TARGETID; 535 goto out; 536 } 537 538 QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) { 539 sdev = SCSI_DEVICE(kid->child); 540 if (sdev->channel == 0 && sdev->id == req->TargetID) { 541 device_cold_reset(kid->child); 542 } 543 } 544 break; 545 546 case MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS: 547 bus_cold_reset(BUS(&s->bus)); 548 break; 549 550 default: 551 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_NOT_SUPPORTED; 552 break; 553 } 554 555 out: 556 mptsas_fix_scsi_task_mgmt_reply_endianness(&reply); 557 mptsas_post_reply(s, (MPIDefaultReply *)&reply); 558 } 559 560 static void mptsas_process_ioc_init(MPTSASState *s, MPIMsgIOCInit *req) 561 { 562 MPIMsgIOCInitReply reply; 563 564 mptsas_fix_ioc_init_endianness(req); 565 566 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 567 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 568 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 569 570 s->who_init = req->WhoInit; 571 s->reply_frame_size = req->ReplyFrameSize; 572 s->max_buses = req->MaxBuses; 573 s->max_devices = req->MaxDevices ? req->MaxDevices : 256; 574 s->host_mfa_high_addr = (hwaddr)req->HostMfaHighAddr << 32; 575 s->sense_buffer_high_addr = (hwaddr)req->SenseBufferHighAddr << 32; 576 577 if (s->state == MPI_IOC_STATE_READY) { 578 s->state = MPI_IOC_STATE_OPERATIONAL; 579 } 580 581 memset(&reply, 0, sizeof(reply)); 582 reply.WhoInit = s->who_init; 583 reply.MsgLength = sizeof(reply) / 4; 584 reply.Function = req->Function; 585 reply.MaxDevices = s->max_devices; 586 reply.MaxBuses = s->max_buses; 587 reply.MsgContext = req->MsgContext; 588 589 mptsas_fix_ioc_init_reply_endianness(&reply); 590 mptsas_reply(s, (MPIDefaultReply *)&reply); 591 } 592 593 static void mptsas_process_ioc_facts(MPTSASState *s, 594 MPIMsgIOCFacts *req) 595 { 596 MPIMsgIOCFactsReply reply; 597 598 mptsas_fix_ioc_facts_endianness(req); 599 600 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 601 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 602 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 603 604 memset(&reply, 0, sizeof(reply)); 605 reply.MsgVersion = 0x0105; 606 reply.MsgLength = sizeof(reply) / 4; 607 reply.Function = req->Function; 608 reply.MsgContext = req->MsgContext; 609 reply.MaxChainDepth = MPTSAS_MAXIMUM_CHAIN_DEPTH; 610 reply.WhoInit = s->who_init; 611 reply.BlockSize = MPTSAS_MAX_REQUEST_SIZE / sizeof(uint32_t); 612 reply.ReplyQueueDepth = ARRAY_SIZE(s->reply_post) - 1; 613 QEMU_BUILD_BUG_ON(ARRAY_SIZE(s->reply_post) != ARRAY_SIZE(s->reply_free)); 614 615 reply.RequestFrameSize = 128; 616 reply.ProductID = MPTSAS1068_PRODUCT_ID; 617 reply.CurrentHostMfaHighAddr = s->host_mfa_high_addr >> 32; 618 reply.GlobalCredits = ARRAY_SIZE(s->request_post) - 1; 619 reply.NumberOfPorts = MPTSAS_NUM_PORTS; 620 reply.CurrentSenseBufferHighAddr = s->sense_buffer_high_addr >> 32; 621 reply.CurReplyFrameSize = s->reply_frame_size; 622 reply.MaxDevices = s->max_devices; 623 reply.MaxBuses = s->max_buses; 624 reply.FWVersionDev = 0; 625 reply.FWVersionUnit = 0x92; 626 reply.FWVersionMinor = 0x32; 627 reply.FWVersionMajor = 0x1; 628 629 mptsas_fix_ioc_facts_reply_endianness(&reply); 630 mptsas_reply(s, (MPIDefaultReply *)&reply); 631 } 632 633 static void mptsas_process_port_facts(MPTSASState *s, 634 MPIMsgPortFacts *req) 635 { 636 MPIMsgPortFactsReply reply; 637 638 mptsas_fix_port_facts_endianness(req); 639 640 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 641 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 642 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 643 644 memset(&reply, 0, sizeof(reply)); 645 reply.MsgLength = sizeof(reply) / 4; 646 reply.Function = req->Function; 647 reply.PortNumber = req->PortNumber; 648 reply.MsgContext = req->MsgContext; 649 650 if (req->PortNumber < MPTSAS_NUM_PORTS) { 651 reply.PortType = MPI_PORTFACTS_PORTTYPE_SAS; 652 reply.MaxDevices = MPTSAS_NUM_PORTS; 653 reply.PortSCSIID = MPTSAS_NUM_PORTS; 654 reply.ProtocolFlags = MPI_PORTFACTS_PROTOCOL_LOGBUSADDR | MPI_PORTFACTS_PROTOCOL_INITIATOR; 655 } 656 657 mptsas_fix_port_facts_reply_endianness(&reply); 658 mptsas_reply(s, (MPIDefaultReply *)&reply); 659 } 660 661 static void mptsas_process_port_enable(MPTSASState *s, 662 MPIMsgPortEnable *req) 663 { 664 MPIMsgPortEnableReply reply; 665 666 mptsas_fix_port_enable_endianness(req); 667 668 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 669 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 670 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 671 672 memset(&reply, 0, sizeof(reply)); 673 reply.MsgLength = sizeof(reply) / 4; 674 reply.PortNumber = req->PortNumber; 675 reply.Function = req->Function; 676 reply.MsgContext = req->MsgContext; 677 678 mptsas_fix_port_enable_reply_endianness(&reply); 679 mptsas_reply(s, (MPIDefaultReply *)&reply); 680 } 681 682 static void mptsas_process_event_notification(MPTSASState *s, 683 MPIMsgEventNotify *req) 684 { 685 MPIMsgEventNotifyReply reply; 686 687 mptsas_fix_event_notification_endianness(req); 688 689 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 690 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 691 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 692 693 /* Don't even bother storing whether event notification is enabled, 694 * since it is not accessible. 695 */ 696 697 memset(&reply, 0, sizeof(reply)); 698 reply.EventDataLength = sizeof(reply.Data) / 4; 699 reply.MsgLength = sizeof(reply) / 4; 700 reply.Function = req->Function; 701 702 /* This is set because events are sent through the reply FIFOs. */ 703 reply.MsgFlags = MPI_MSGFLAGS_CONTINUATION_REPLY; 704 705 reply.MsgContext = req->MsgContext; 706 reply.Event = MPI_EVENT_EVENT_CHANGE; 707 reply.Data[0] = !!req->Switch; 708 709 mptsas_fix_event_notification_reply_endianness(&reply); 710 mptsas_reply(s, (MPIDefaultReply *)&reply); 711 } 712 713 static void mptsas_process_message(MPTSASState *s, MPIRequestHeader *req) 714 { 715 trace_mptsas_process_message(s, req->Function, req->MsgContext); 716 switch (req->Function) { 717 case MPI_FUNCTION_SCSI_TASK_MGMT: 718 mptsas_process_scsi_task_mgmt(s, (MPIMsgSCSITaskMgmt *)req); 719 break; 720 721 case MPI_FUNCTION_IOC_INIT: 722 mptsas_process_ioc_init(s, (MPIMsgIOCInit *)req); 723 break; 724 725 case MPI_FUNCTION_IOC_FACTS: 726 mptsas_process_ioc_facts(s, (MPIMsgIOCFacts *)req); 727 break; 728 729 case MPI_FUNCTION_PORT_FACTS: 730 mptsas_process_port_facts(s, (MPIMsgPortFacts *)req); 731 break; 732 733 case MPI_FUNCTION_PORT_ENABLE: 734 mptsas_process_port_enable(s, (MPIMsgPortEnable *)req); 735 break; 736 737 case MPI_FUNCTION_EVENT_NOTIFICATION: 738 mptsas_process_event_notification(s, (MPIMsgEventNotify *)req); 739 break; 740 741 case MPI_FUNCTION_CONFIG: 742 mptsas_process_config(s, (MPIMsgConfig *)req); 743 break; 744 745 default: 746 trace_mptsas_unhandled_cmd(s, req->Function, 0); 747 mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_FUNCTION); 748 break; 749 } 750 } 751 752 static void mptsas_fetch_request(MPTSASState *s) 753 { 754 PCIDevice *pci = (PCIDevice *) s; 755 char req[MPTSAS_MAX_REQUEST_SIZE]; 756 MPIRequestHeader *hdr = (MPIRequestHeader *)req; 757 hwaddr addr; 758 int size; 759 760 /* Read the message header from the guest first. */ 761 addr = s->host_mfa_high_addr | MPTSAS_FIFO_GET(s, request_post); 762 pci_dma_read(pci, addr, req, sizeof(*hdr)); 763 764 if (hdr->Function < ARRAY_SIZE(mpi_request_sizes) && 765 mpi_request_sizes[hdr->Function]) { 766 /* Read the rest of the request based on the type. Do not 767 * reread everything, as that could cause a TOC/TOU mismatch 768 * and leak data from the QEMU stack. 769 */ 770 size = mpi_request_sizes[hdr->Function]; 771 assert(size <= MPTSAS_MAX_REQUEST_SIZE); 772 pci_dma_read(pci, addr + sizeof(*hdr), &req[sizeof(*hdr)], 773 size - sizeof(*hdr)); 774 } 775 776 if (hdr->Function == MPI_FUNCTION_SCSI_IO_REQUEST) { 777 /* SCSI I/O requests are separate from mptsas_process_message 778 * because they cannot be sent through the doorbell yet. 779 */ 780 mptsas_process_scsi_io_request(s, (MPIMsgSCSIIORequest *)req, addr); 781 } else { 782 mptsas_process_message(s, (MPIRequestHeader *)req); 783 } 784 } 785 786 static void mptsas_fetch_requests(void *opaque) 787 { 788 MPTSASState *s = opaque; 789 790 if (s->state != MPI_IOC_STATE_OPERATIONAL) { 791 mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE); 792 return; 793 } 794 while (!MPTSAS_FIFO_EMPTY(s, request_post)) { 795 mptsas_fetch_request(s); 796 } 797 } 798 799 static void mptsas_soft_reset(MPTSASState *s) 800 { 801 uint32_t save_mask; 802 803 trace_mptsas_reset(s); 804 805 /* Temporarily disable interrupts */ 806 save_mask = s->intr_mask; 807 s->intr_mask = MPI_HIM_DIM | MPI_HIM_RIM; 808 mptsas_update_interrupt(s); 809 810 bus_cold_reset(BUS(&s->bus)); 811 s->intr_status = 0; 812 s->intr_mask = save_mask; 813 814 s->reply_free_tail = 0; 815 s->reply_free_head = 0; 816 s->reply_post_tail = 0; 817 s->reply_post_head = 0; 818 s->request_post_tail = 0; 819 s->request_post_head = 0; 820 qemu_bh_cancel(s->request_bh); 821 822 s->state = MPI_IOC_STATE_READY; 823 } 824 825 static uint32_t mptsas_doorbell_read(MPTSASState *s) 826 { 827 uint32_t ret; 828 829 ret = (s->who_init << MPI_DOORBELL_WHO_INIT_SHIFT) & MPI_DOORBELL_WHO_INIT_MASK; 830 ret |= s->state; 831 switch (s->doorbell_state) { 832 case DOORBELL_NONE: 833 break; 834 835 case DOORBELL_WRITE: 836 ret |= MPI_DOORBELL_ACTIVE; 837 break; 838 839 case DOORBELL_READ: 840 /* Get rid of the IOC fault code. */ 841 ret &= ~MPI_DOORBELL_DATA_MASK; 842 843 assert(s->intr_status & MPI_HIS_DOORBELL_INTERRUPT); 844 assert(s->doorbell_reply_idx <= s->doorbell_reply_size); 845 846 ret |= MPI_DOORBELL_ACTIVE; 847 if (s->doorbell_reply_idx < s->doorbell_reply_size) { 848 /* For more information about this endian switch, see the 849 * commit message for commit 36b62ae ("fw_cfg: fix endianness in 850 * fw_cfg_data_mem_read() / _write()", 2015-01-16). 851 */ 852 ret |= le16_to_cpu(s->doorbell_reply[s->doorbell_reply_idx++]); 853 } 854 break; 855 856 default: 857 abort(); 858 } 859 860 return ret; 861 } 862 863 static void mptsas_doorbell_write(MPTSASState *s, uint32_t val) 864 { 865 if (s->doorbell_state == DOORBELL_WRITE) { 866 if (s->doorbell_idx < s->doorbell_cnt) { 867 /* For more information about this endian switch, see the 868 * commit message for commit 36b62ae ("fw_cfg: fix endianness in 869 * fw_cfg_data_mem_read() / _write()", 2015-01-16). 870 */ 871 s->doorbell_msg[s->doorbell_idx++] = cpu_to_le32(val); 872 if (s->doorbell_idx == s->doorbell_cnt) { 873 mptsas_process_message(s, (MPIRequestHeader *)s->doorbell_msg); 874 } 875 } 876 return; 877 } 878 879 switch ((val & MPI_DOORBELL_FUNCTION_MASK) >> MPI_DOORBELL_FUNCTION_SHIFT) { 880 case MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET: 881 mptsas_soft_reset(s); 882 break; 883 case MPI_FUNCTION_IO_UNIT_RESET: 884 break; 885 case MPI_FUNCTION_HANDSHAKE: 886 s->doorbell_state = DOORBELL_WRITE; 887 s->doorbell_idx = 0; 888 s->doorbell_cnt = (val & MPI_DOORBELL_ADD_DWORDS_MASK) 889 >> MPI_DOORBELL_ADD_DWORDS_SHIFT; 890 s->intr_status |= MPI_HIS_DOORBELL_INTERRUPT; 891 mptsas_update_interrupt(s); 892 break; 893 default: 894 trace_mptsas_unhandled_doorbell_cmd(s, val); 895 break; 896 } 897 } 898 899 static void mptsas_write_sequence_write(MPTSASState *s, uint32_t val) 900 { 901 /* If the diagnostic register is enabled, any write to this register 902 * will disable it. Otherwise, the guest has to do a magic five-write 903 * sequence. 904 */ 905 if (s->diagnostic & MPI_DIAG_DRWE) { 906 goto disable; 907 } 908 909 switch (s->diagnostic_idx) { 910 case 0: 911 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_1ST_KEY_VALUE) { 912 goto disable; 913 } 914 break; 915 case 1: 916 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_2ND_KEY_VALUE) { 917 goto disable; 918 } 919 break; 920 case 2: 921 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_3RD_KEY_VALUE) { 922 goto disable; 923 } 924 break; 925 case 3: 926 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_4TH_KEY_VALUE) { 927 goto disable; 928 } 929 break; 930 case 4: 931 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_5TH_KEY_VALUE) { 932 goto disable; 933 } 934 /* Prepare Spaceball One for departure, and change the 935 * combination on my luggage! 936 */ 937 s->diagnostic |= MPI_DIAG_DRWE; 938 break; 939 } 940 s->diagnostic_idx++; 941 return; 942 943 disable: 944 s->diagnostic &= ~MPI_DIAG_DRWE; 945 s->diagnostic_idx = 0; 946 } 947 948 static int mptsas_hard_reset(MPTSASState *s) 949 { 950 mptsas_soft_reset(s); 951 952 s->intr_mask = MPI_HIM_DIM | MPI_HIM_RIM; 953 954 s->host_mfa_high_addr = 0; 955 s->sense_buffer_high_addr = 0; 956 s->reply_frame_size = 0; 957 s->max_devices = MPTSAS_NUM_PORTS; 958 s->max_buses = 1; 959 960 return 0; 961 } 962 963 static void mptsas_interrupt_status_write(MPTSASState *s) 964 { 965 switch (s->doorbell_state) { 966 case DOORBELL_NONE: 967 case DOORBELL_WRITE: 968 s->intr_status &= ~MPI_HIS_DOORBELL_INTERRUPT; 969 break; 970 971 case DOORBELL_READ: 972 /* The reply can be read continuously, so leave the interrupt up. */ 973 assert(s->intr_status & MPI_HIS_DOORBELL_INTERRUPT); 974 if (s->doorbell_reply_idx == s->doorbell_reply_size) { 975 s->doorbell_state = DOORBELL_NONE; 976 } 977 break; 978 979 default: 980 abort(); 981 } 982 mptsas_update_interrupt(s); 983 } 984 985 static uint32_t mptsas_reply_post_read(MPTSASState *s) 986 { 987 uint32_t ret; 988 989 if (!MPTSAS_FIFO_EMPTY(s, reply_post)) { 990 ret = MPTSAS_FIFO_GET(s, reply_post); 991 } else { 992 ret = -1; 993 s->intr_status &= ~MPI_HIS_REPLY_MESSAGE_INTERRUPT; 994 mptsas_update_interrupt(s); 995 } 996 997 return ret; 998 } 999 1000 static uint64_t mptsas_mmio_read(void *opaque, hwaddr addr, 1001 unsigned size) 1002 { 1003 MPTSASState *s = opaque; 1004 uint32_t ret = 0; 1005 1006 switch (addr & ~3) { 1007 case MPI_DOORBELL_OFFSET: 1008 ret = mptsas_doorbell_read(s); 1009 break; 1010 1011 case MPI_DIAGNOSTIC_OFFSET: 1012 ret = s->diagnostic; 1013 break; 1014 1015 case MPI_HOST_INTERRUPT_STATUS_OFFSET: 1016 ret = s->intr_status; 1017 break; 1018 1019 case MPI_HOST_INTERRUPT_MASK_OFFSET: 1020 ret = s->intr_mask; 1021 break; 1022 1023 case MPI_REPLY_POST_FIFO_OFFSET: 1024 ret = mptsas_reply_post_read(s); 1025 break; 1026 1027 default: 1028 trace_mptsas_mmio_unhandled_read(s, addr); 1029 break; 1030 } 1031 trace_mptsas_mmio_read(s, addr, ret); 1032 return ret; 1033 } 1034 1035 static void mptsas_mmio_write(void *opaque, hwaddr addr, 1036 uint64_t val, unsigned size) 1037 { 1038 MPTSASState *s = opaque; 1039 1040 trace_mptsas_mmio_write(s, addr, val); 1041 switch (addr) { 1042 case MPI_DOORBELL_OFFSET: 1043 mptsas_doorbell_write(s, val); 1044 break; 1045 1046 case MPI_WRITE_SEQUENCE_OFFSET: 1047 mptsas_write_sequence_write(s, val); 1048 break; 1049 1050 case MPI_DIAGNOSTIC_OFFSET: 1051 if (val & MPI_DIAG_RESET_ADAPTER) { 1052 mptsas_hard_reset(s); 1053 } 1054 break; 1055 1056 case MPI_HOST_INTERRUPT_STATUS_OFFSET: 1057 mptsas_interrupt_status_write(s); 1058 break; 1059 1060 case MPI_HOST_INTERRUPT_MASK_OFFSET: 1061 s->intr_mask = val & (MPI_HIM_RIM | MPI_HIM_DIM); 1062 mptsas_update_interrupt(s); 1063 break; 1064 1065 case MPI_REQUEST_POST_FIFO_OFFSET: 1066 if (MPTSAS_FIFO_FULL(s, request_post)) { 1067 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 1068 } else { 1069 MPTSAS_FIFO_PUT(s, request_post, val & ~0x03); 1070 qemu_bh_schedule(s->request_bh); 1071 } 1072 break; 1073 1074 case MPI_REPLY_FREE_FIFO_OFFSET: 1075 if (MPTSAS_FIFO_FULL(s, reply_free)) { 1076 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 1077 } else { 1078 MPTSAS_FIFO_PUT(s, reply_free, val); 1079 } 1080 break; 1081 1082 default: 1083 trace_mptsas_mmio_unhandled_write(s, addr, val); 1084 break; 1085 } 1086 } 1087 1088 static const MemoryRegionOps mptsas_mmio_ops = { 1089 .read = mptsas_mmio_read, 1090 .write = mptsas_mmio_write, 1091 .endianness = DEVICE_LITTLE_ENDIAN, 1092 .impl = { 1093 .min_access_size = 4, 1094 .max_access_size = 4, 1095 } 1096 }; 1097 1098 static const MemoryRegionOps mptsas_port_ops = { 1099 .read = mptsas_mmio_read, 1100 .write = mptsas_mmio_write, 1101 .endianness = DEVICE_LITTLE_ENDIAN, 1102 .impl = { 1103 .min_access_size = 4, 1104 .max_access_size = 4, 1105 } 1106 }; 1107 1108 static uint64_t mptsas_diag_read(void *opaque, hwaddr addr, 1109 unsigned size) 1110 { 1111 MPTSASState *s = opaque; 1112 trace_mptsas_diag_read(s, addr, 0); 1113 return 0; 1114 } 1115 1116 static void mptsas_diag_write(void *opaque, hwaddr addr, 1117 uint64_t val, unsigned size) 1118 { 1119 MPTSASState *s = opaque; 1120 trace_mptsas_diag_write(s, addr, val); 1121 } 1122 1123 static const MemoryRegionOps mptsas_diag_ops = { 1124 .read = mptsas_diag_read, 1125 .write = mptsas_diag_write, 1126 .endianness = DEVICE_LITTLE_ENDIAN, 1127 .impl = { 1128 .min_access_size = 4, 1129 .max_access_size = 4, 1130 } 1131 }; 1132 1133 static QEMUSGList *mptsas_get_sg_list(SCSIRequest *sreq) 1134 { 1135 MPTSASRequest *req = sreq->hba_private; 1136 1137 return &req->qsg; 1138 } 1139 1140 static void mptsas_command_complete(SCSIRequest *sreq, 1141 size_t resid) 1142 { 1143 MPTSASRequest *req = sreq->hba_private; 1144 MPTSASState *s = req->dev; 1145 uint8_t sense_buf[SCSI_SENSE_BUF_SIZE]; 1146 uint8_t sense_len; 1147 1148 hwaddr sense_buffer_addr = req->dev->sense_buffer_high_addr | 1149 req->scsi_io.SenseBufferLowAddr; 1150 1151 trace_mptsas_command_complete(s, req->scsi_io.MsgContext, 1152 sreq->status, resid); 1153 1154 sense_len = scsi_req_get_sense(sreq, sense_buf, SCSI_SENSE_BUF_SIZE); 1155 if (sense_len > 0) { 1156 pci_dma_write(PCI_DEVICE(s), sense_buffer_addr, sense_buf, 1157 MIN(req->scsi_io.SenseBufferLength, sense_len)); 1158 } 1159 1160 if (sreq->status != GOOD || resid || 1161 req->dev->doorbell_state == DOORBELL_WRITE) { 1162 MPIMsgSCSIIOReply reply; 1163 1164 memset(&reply, 0, sizeof(reply)); 1165 reply.TargetID = req->scsi_io.TargetID; 1166 reply.Bus = req->scsi_io.Bus; 1167 reply.MsgLength = sizeof(reply) / 4; 1168 reply.Function = req->scsi_io.Function; 1169 reply.CDBLength = req->scsi_io.CDBLength; 1170 reply.SenseBufferLength = req->scsi_io.SenseBufferLength; 1171 reply.MsgFlags = req->scsi_io.MsgFlags; 1172 reply.MsgContext = req->scsi_io.MsgContext; 1173 reply.SCSIStatus = sreq->status; 1174 if (sreq->status == GOOD) { 1175 reply.TransferCount = req->scsi_io.DataLength - resid; 1176 if (resid) { 1177 reply.IOCStatus = MPI_IOCSTATUS_SCSI_DATA_UNDERRUN; 1178 } 1179 } else { 1180 reply.SCSIState = MPI_SCSI_STATE_AUTOSENSE_VALID; 1181 reply.SenseCount = sense_len; 1182 reply.IOCStatus = MPI_IOCSTATUS_SCSI_DATA_UNDERRUN; 1183 } 1184 1185 mptsas_fix_scsi_io_reply_endianness(&reply); 1186 mptsas_post_reply(req->dev, (MPIDefaultReply *)&reply); 1187 } else { 1188 mptsas_turbo_reply(req->dev, req->scsi_io.MsgContext); 1189 } 1190 1191 mptsas_free_request(req); 1192 } 1193 1194 static void mptsas_request_cancelled(SCSIRequest *sreq) 1195 { 1196 MPTSASRequest *req = sreq->hba_private; 1197 MPIMsgSCSIIOReply reply; 1198 1199 memset(&reply, 0, sizeof(reply)); 1200 reply.TargetID = req->scsi_io.TargetID; 1201 reply.Bus = req->scsi_io.Bus; 1202 reply.MsgLength = sizeof(reply) / 4; 1203 reply.Function = req->scsi_io.Function; 1204 reply.CDBLength = req->scsi_io.CDBLength; 1205 reply.SenseBufferLength = req->scsi_io.SenseBufferLength; 1206 reply.MsgFlags = req->scsi_io.MsgFlags; 1207 reply.MsgContext = req->scsi_io.MsgContext; 1208 reply.SCSIState = MPI_SCSI_STATE_NO_SCSI_STATUS; 1209 reply.IOCStatus = MPI_IOCSTATUS_SCSI_TASK_TERMINATED; 1210 1211 mptsas_fix_scsi_io_reply_endianness(&reply); 1212 mptsas_post_reply(req->dev, (MPIDefaultReply *)&reply); 1213 mptsas_free_request(req); 1214 } 1215 1216 static void mptsas_save_request(QEMUFile *f, SCSIRequest *sreq) 1217 { 1218 MPTSASRequest *req = sreq->hba_private; 1219 int i; 1220 1221 qemu_put_buffer(f, (unsigned char *)&req->scsi_io, sizeof(req->scsi_io)); 1222 qemu_put_be32(f, req->qsg.nsg); 1223 for (i = 0; i < req->qsg.nsg; i++) { 1224 qemu_put_be64(f, req->qsg.sg[i].base); 1225 qemu_put_be64(f, req->qsg.sg[i].len); 1226 } 1227 } 1228 1229 static void *mptsas_load_request(QEMUFile *f, SCSIRequest *sreq) 1230 { 1231 SCSIBus *bus = sreq->bus; 1232 MPTSASState *s = container_of(bus, MPTSASState, bus); 1233 PCIDevice *pci = PCI_DEVICE(s); 1234 MPTSASRequest *req; 1235 int i, n; 1236 1237 req = g_new(MPTSASRequest, 1); 1238 qemu_get_buffer(f, (unsigned char *)&req->scsi_io, sizeof(req->scsi_io)); 1239 1240 n = qemu_get_be32(f); 1241 /* TODO: add a way for SCSIBusInfo's load_request to fail, 1242 * and fail migration instead of asserting here. 1243 * This is just one thing (there are probably more) that must be 1244 * fixed before we can allow NDEBUG compilation. 1245 */ 1246 assert(n >= 0); 1247 1248 pci_dma_sglist_init(&req->qsg, pci, n); 1249 for (i = 0; i < n; i++) { 1250 uint64_t base = qemu_get_be64(f); 1251 uint64_t len = qemu_get_be64(f); 1252 qemu_sglist_add(&req->qsg, base, len); 1253 } 1254 1255 scsi_req_ref(sreq); 1256 req->sreq = sreq; 1257 req->dev = s; 1258 1259 return req; 1260 } 1261 1262 static const struct SCSIBusInfo mptsas_scsi_info = { 1263 .tcq = true, 1264 .max_target = MPTSAS_NUM_PORTS, 1265 .max_lun = 1, 1266 1267 .get_sg_list = mptsas_get_sg_list, 1268 .complete = mptsas_command_complete, 1269 .cancel = mptsas_request_cancelled, 1270 .save_request = mptsas_save_request, 1271 .load_request = mptsas_load_request, 1272 }; 1273 1274 static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) 1275 { 1276 MPTSASState *s = MPT_SAS(dev); 1277 Error *err = NULL; 1278 int ret; 1279 1280 dev->config[PCI_LATENCY_TIMER] = 0; 1281 dev->config[PCI_INTERRUPT_PIN] = 0x01; 1282 1283 if (s->msi != ON_OFF_AUTO_OFF) { 1284 ret = msi_init(dev, 0, 1, true, false, &err); 1285 /* Any error other than -ENOTSUP(board's MSI support is broken) 1286 * is a programming error */ 1287 assert(!ret || ret == -ENOTSUP); 1288 if (ret && s->msi == ON_OFF_AUTO_ON) { 1289 /* Can't satisfy user's explicit msi=on request, fail */ 1290 error_append_hint(&err, "You have to use msi=auto (default) or " 1291 "msi=off with this machine type.\n"); 1292 error_propagate(errp, err); 1293 return; 1294 } 1295 assert(!err || s->msi == ON_OFF_AUTO_AUTO); 1296 /* With msi=auto, we fall back to MSI off silently */ 1297 error_free(err); 1298 1299 /* Only used for migration. */ 1300 s->msi_in_use = (ret == 0); 1301 } 1302 1303 memory_region_init_io(&s->mmio_io, OBJECT(s), &mptsas_mmio_ops, s, 1304 "mptsas-mmio", 0x4000); 1305 memory_region_init_io(&s->port_io, OBJECT(s), &mptsas_port_ops, s, 1306 "mptsas-io", 256); 1307 memory_region_init_io(&s->diag_io, OBJECT(s), &mptsas_diag_ops, s, 1308 "mptsas-diag", 0x10000); 1309 1310 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io); 1311 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY | 1312 PCI_BASE_ADDRESS_MEM_TYPE_32, &s->mmio_io); 1313 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY | 1314 PCI_BASE_ADDRESS_MEM_TYPE_32, &s->diag_io); 1315 1316 if (!s->sas_addr) { 1317 s->sas_addr = ((NAA_LOCALLY_ASSIGNED_ID << 24) | 1318 IEEE_COMPANY_LOCALLY_ASSIGNED) << 36; 1319 s->sas_addr |= (pci_dev_bus_num(dev) << 16); 1320 s->sas_addr |= (PCI_SLOT(dev->devfn) << 8); 1321 s->sas_addr |= PCI_FUNC(dev->devfn); 1322 } 1323 s->max_devices = MPTSAS_NUM_PORTS; 1324 1325 s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); 1326 1327 scsi_bus_init(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info); 1328 } 1329 1330 static void mptsas_scsi_uninit(PCIDevice *dev) 1331 { 1332 MPTSASState *s = MPT_SAS(dev); 1333 1334 qemu_bh_delete(s->request_bh); 1335 msi_uninit(dev); 1336 } 1337 1338 static void mptsas_reset(DeviceState *dev) 1339 { 1340 MPTSASState *s = MPT_SAS(dev); 1341 1342 mptsas_hard_reset(s); 1343 } 1344 1345 static int mptsas_post_load(void *opaque, int version_id) 1346 { 1347 MPTSASState *s = opaque; 1348 1349 if (s->doorbell_idx > s->doorbell_cnt || 1350 s->doorbell_cnt > ARRAY_SIZE(s->doorbell_msg) || 1351 s->doorbell_reply_idx > s->doorbell_reply_size || 1352 s->doorbell_reply_size > ARRAY_SIZE(s->doorbell_reply) || 1353 MPTSAS_FIFO_INVALID(s, request_post) || 1354 MPTSAS_FIFO_INVALID(s, reply_post) || 1355 MPTSAS_FIFO_INVALID(s, reply_free) || 1356 s->diagnostic_idx > 4) { 1357 return -EINVAL; 1358 } 1359 1360 return 0; 1361 } 1362 1363 static const VMStateDescription vmstate_mptsas = { 1364 .name = "mptsas", 1365 .version_id = 0, 1366 .minimum_version_id = 0, 1367 .post_load = mptsas_post_load, 1368 .fields = (VMStateField[]) { 1369 VMSTATE_PCI_DEVICE(dev, MPTSASState), 1370 VMSTATE_BOOL(msi_in_use, MPTSASState), 1371 VMSTATE_UINT32(state, MPTSASState), 1372 VMSTATE_UINT8(who_init, MPTSASState), 1373 VMSTATE_UINT8(doorbell_state, MPTSASState), 1374 VMSTATE_UINT32_ARRAY(doorbell_msg, MPTSASState, 256), 1375 VMSTATE_INT32(doorbell_idx, MPTSASState), 1376 VMSTATE_INT32(doorbell_cnt, MPTSASState), 1377 1378 VMSTATE_UINT16_ARRAY(doorbell_reply, MPTSASState, 256), 1379 VMSTATE_INT32(doorbell_reply_idx, MPTSASState), 1380 VMSTATE_INT32(doorbell_reply_size, MPTSASState), 1381 1382 VMSTATE_UINT32(diagnostic, MPTSASState), 1383 VMSTATE_UINT8(diagnostic_idx, MPTSASState), 1384 1385 VMSTATE_UINT32(intr_status, MPTSASState), 1386 VMSTATE_UINT32(intr_mask, MPTSASState), 1387 1388 VMSTATE_UINT32_ARRAY(request_post, MPTSASState, 1389 MPTSAS_REQUEST_QUEUE_DEPTH + 1), 1390 VMSTATE_UINT16(request_post_head, MPTSASState), 1391 VMSTATE_UINT16(request_post_tail, MPTSASState), 1392 1393 VMSTATE_UINT32_ARRAY(reply_post, MPTSASState, 1394 MPTSAS_REPLY_QUEUE_DEPTH + 1), 1395 VMSTATE_UINT16(reply_post_head, MPTSASState), 1396 VMSTATE_UINT16(reply_post_tail, MPTSASState), 1397 1398 VMSTATE_UINT32_ARRAY(reply_free, MPTSASState, 1399 MPTSAS_REPLY_QUEUE_DEPTH + 1), 1400 VMSTATE_UINT16(reply_free_head, MPTSASState), 1401 VMSTATE_UINT16(reply_free_tail, MPTSASState), 1402 1403 VMSTATE_UINT16(max_buses, MPTSASState), 1404 VMSTATE_UINT16(max_devices, MPTSASState), 1405 VMSTATE_UINT16(reply_frame_size, MPTSASState), 1406 VMSTATE_UINT64(host_mfa_high_addr, MPTSASState), 1407 VMSTATE_UINT64(sense_buffer_high_addr, MPTSASState), 1408 VMSTATE_END_OF_LIST() 1409 } 1410 }; 1411 1412 static Property mptsas_properties[] = { 1413 DEFINE_PROP_UINT64("sas_address", MPTSASState, sas_addr, 0), 1414 /* TODO: test MSI support under Windows */ 1415 DEFINE_PROP_ON_OFF_AUTO("msi", MPTSASState, msi, ON_OFF_AUTO_AUTO), 1416 DEFINE_PROP_END_OF_LIST(), 1417 }; 1418 1419 static void mptsas1068_class_init(ObjectClass *oc, void *data) 1420 { 1421 DeviceClass *dc = DEVICE_CLASS(oc); 1422 PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc); 1423 1424 pc->realize = mptsas_scsi_realize; 1425 pc->exit = mptsas_scsi_uninit; 1426 pc->romfile = 0; 1427 pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 1428 pc->device_id = PCI_DEVICE_ID_LSI_SAS1068; 1429 pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 1430 pc->subsystem_id = 0x8000; 1431 pc->class_id = PCI_CLASS_STORAGE_SCSI; 1432 device_class_set_props(dc, mptsas_properties); 1433 dc->reset = mptsas_reset; 1434 dc->vmsd = &vmstate_mptsas; 1435 dc->desc = "LSI SAS 1068"; 1436 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1437 } 1438 1439 static const TypeInfo mptsas_info = { 1440 .name = TYPE_MPTSAS1068, 1441 .parent = TYPE_PCI_DEVICE, 1442 .instance_size = sizeof(MPTSASState), 1443 .class_init = mptsas1068_class_init, 1444 .interfaces = (InterfaceInfo[]) { 1445 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 1446 { }, 1447 }, 1448 }; 1449 1450 static void mptsas_register_types(void) 1451 { 1452 type_register(&mptsas_info); 1453 } 1454 1455 type_init(mptsas_register_types)