projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
firewire: fix panic in handle_at_packet
[deliverable/linux.git] / drivers / firewire / fw-sbp2.c
1 /*
2 * SBP2 driver (SCSI over IEEE1394)
3 *
4 * Copyright (C) 2005-2007 Kristian Hoegsberg <krh@bitplanet.net>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19 */
20
21 /*
22 * The basic structure of this driver is based on the old storage driver,
23 * drivers/ieee1394/sbp2.c, originally written by
24 * James Goodwin <jamesg@filanet.com>
25 * with later contributions and ongoing maintenance from
26 * Ben Collins <bcollins@debian.org>,
27 * Stefan Richter <stefanr@s5r6.in-berlin.de>
28 * and many others.
29 */
30
31 #include <linux/blkdev.h>
32 #include <linux/delay.h>
33 #include <linux/device.h>
34 #include <linux/dma-mapping.h>
35 #include <linux/kernel.h>
36 #include <linux/mod_devicetable.h>
37 #include <linux/module.h>
38 #include <linux/moduleparam.h>
39 #include <linux/scatterlist.h>
40 #include <linux/string.h>
41 #include <linux/stringify.h>
42 #include <linux/timer.h>
43 #include <linux/workqueue.h>
44 #include <asm/system.h>
45
46 #include <scsi/scsi.h>
47 #include <scsi/scsi_cmnd.h>
48 #include <scsi/scsi_device.h>
49 #include <scsi/scsi_host.h>
50
51 #include "fw-device.h"
52 #include "fw-topology.h"
53 #include "fw-transaction.h"
54
55 /*
56 * So far only bridges from Oxford Semiconductor are known to support
57 * concurrent logins. Depending on firmware, four or two concurrent logins
58 * are possible on OXFW911 and newer Oxsemi bridges.
59 *
60 * Concurrent logins are useful together with cluster filesystems.
61 */
62 static int sbp2_param_exclusive_login = 1;
63 module_param_named(exclusive_login, sbp2_param_exclusive_login, bool, 0644);
64 MODULE_PARM_DESC(exclusive_login, "Exclusive login to sbp2 device "
65 "(default = Y, use N for concurrent initiators)");
66
67 /*
68 * Flags for firmware oddities
69 *
70 * - 128kB max transfer
71 * Limit transfer size. Necessary for some old bridges.
72 *
73 * - 36 byte inquiry
74 * When scsi_mod probes the device, let the inquiry command look like that
75 * from MS Windows.
76 *
77 * - skip mode page 8
78 * Suppress sending of mode_sense for mode page 8 if the device pretends to
79 * support the SCSI Primary Block commands instead of Reduced Block Commands.
80 *
81 * - fix capacity
82 * Tell sd_mod to correct the last sector number reported by read_capacity.
83 * Avoids access beyond actual disk limits on devices with an off-by-one bug.
84 * Don't use this with devices which don't have this bug.
85 *
86 * - delay inquiry
87 * Wait extra SBP2_INQUIRY_DELAY seconds after login before SCSI inquiry.
88 *
89 * - override internal blacklist
90 * Instead of adding to the built-in blacklist, use only the workarounds
91 * specified in the module load parameter.
92 * Useful if a blacklist entry interfered with a non-broken device.
93 */
94 #define SBP2_WORKAROUND_128K_MAX_TRANS 0x1
95 #define SBP2_WORKAROUND_INQUIRY_36 0x2
96 #define SBP2_WORKAROUND_MODE_SENSE_8 0x4
97 #define SBP2_WORKAROUND_FIX_CAPACITY 0x8
98 #define SBP2_WORKAROUND_DELAY_INQUIRY 0x10
99 #define SBP2_INQUIRY_DELAY 12
100 #define SBP2_WORKAROUND_OVERRIDE 0x100
101
102 static int sbp2_param_workarounds;
103 module_param_named(workarounds, sbp2_param_workarounds, int, 0644);
104 MODULE_PARM_DESC(workarounds, "Work around device bugs (default = 0"
105 ", 128kB max transfer = " __stringify(SBP2_WORKAROUND_128K_MAX_TRANS)
106 ", 36 byte inquiry = " __stringify(SBP2_WORKAROUND_INQUIRY_36)
107 ", skip mode page 8 = " __stringify(SBP2_WORKAROUND_MODE_SENSE_8)
108 ", fix capacity = " __stringify(SBP2_WORKAROUND_FIX_CAPACITY)
109 ", delay inquiry = " __stringify(SBP2_WORKAROUND_DELAY_INQUIRY)
110 ", override internal blacklist = " __stringify(SBP2_WORKAROUND_OVERRIDE)
111 ", or a combination)");
112
113 /* I don't know why the SCSI stack doesn't define something like this... */
114 typedef void (*scsi_done_fn_t)(struct scsi_cmnd *);
115
116 static const char sbp2_driver_name[] = "sbp2";
117
118 /*
119 * We create one struct sbp2_logical_unit per SBP-2 Logical Unit Number Entry
120 * and one struct scsi_device per sbp2_logical_unit.
121 */
122 struct sbp2_logical_unit {
123 struct sbp2_target *tgt;
124 struct list_head link;
125 struct fw_address_handler address_handler;
126 struct list_head orb_list;
127
128 u64 command_block_agent_address;
129 u16 lun;
130 int login_id;
131
132 /*
133 * The generation is updated once we've logged in or reconnected
134 * to the logical unit. Thus, I/O to the device will automatically
135 * fail and get retried if it happens in a window where the device
136 * is not ready, e.g. after a bus reset but before we reconnect.
137 */
138 int generation;
139 int retries;
140 struct delayed_work work;
141 bool has_sdev;
142 bool blocked;
143 };
144
145 /*
146 * We create one struct sbp2_target per IEEE 1212 Unit Directory
147 * and one struct Scsi_Host per sbp2_target.
148 */
149 struct sbp2_target {
150 struct kref kref;
151 struct fw_unit *unit;
152 const char *bus_id;
153 struct list_head lu_list;
154
155 u64 management_agent_address;
156 int directory_id;
157 int node_id;
158 int address_high;
159 unsigned int workarounds;
160 unsigned int mgt_orb_timeout;
161
162 int dont_block; /* counter for each logical unit */
163 int blocked; /* ditto */
164 };
165
166 /*
167 * Per section 7.4.8 of the SBP-2 spec, a mgt_ORB_timeout value can be
168 * provided in the config rom. Most devices do provide a value, which
169 * we'll use for login management orbs, but with some sane limits.
170 */
171 #define SBP2_MIN_LOGIN_ORB_TIMEOUT 5000U /* Timeout in ms */
172 #define SBP2_MAX_LOGIN_ORB_TIMEOUT 40000U /* Timeout in ms */
173 #define SBP2_ORB_TIMEOUT 2000U /* Timeout in ms */
174 #define SBP2_ORB_NULL 0x80000000
175 #define SBP2_MAX_SG_ELEMENT_LENGTH 0xf000
176 #define SBP2_RETRY_LIMIT 0xf /* 15 retries */
177
178 #define SBP2_DIRECTION_TO_MEDIA 0x0
179 #define SBP2_DIRECTION_FROM_MEDIA 0x1
180
181 /* Unit directory keys */
182 #define SBP2_CSR_UNIT_CHARACTERISTICS 0x3a
183 #define SBP2_CSR_FIRMWARE_REVISION 0x3c
184 #define SBP2_CSR_LOGICAL_UNIT_NUMBER 0x14
185 #define SBP2_CSR_LOGICAL_UNIT_DIRECTORY 0xd4
186
187 /* Management orb opcodes */
188 #define SBP2_LOGIN_REQUEST 0x0
189 #define SBP2_QUERY_LOGINS_REQUEST 0x1
190 #define SBP2_RECONNECT_REQUEST 0x3
191 #define SBP2_SET_PASSWORD_REQUEST 0x4
192 #define SBP2_LOGOUT_REQUEST 0x7
193 #define SBP2_ABORT_TASK_REQUEST 0xb
194 #define SBP2_ABORT_TASK_SET 0xc
195 #define SBP2_LOGICAL_UNIT_RESET 0xe
196 #define SBP2_TARGET_RESET_REQUEST 0xf
197
198 /* Offsets for command block agent registers */
199 #define SBP2_AGENT_STATE 0x00
200 #define SBP2_AGENT_RESET 0x04
201 #define SBP2_ORB_POINTER 0x08
202 #define SBP2_DOORBELL 0x10
203 #define SBP2_UNSOLICITED_STATUS_ENABLE 0x14
204
205 /* Status write response codes */
206 #define SBP2_STATUS_REQUEST_COMPLETE 0x0
207 #define SBP2_STATUS_TRANSPORT_FAILURE 0x1
208 #define SBP2_STATUS_ILLEGAL_REQUEST 0x2
209 #define SBP2_STATUS_VENDOR_DEPENDENT 0x3
210
211 #define STATUS_GET_ORB_HIGH(v) ((v).status & 0xffff)
212 #define STATUS_GET_SBP_STATUS(v) (((v).status >> 16) & 0xff)
213 #define STATUS_GET_LEN(v) (((v).status >> 24) & 0x07)
214 #define STATUS_GET_DEAD(v) (((v).status >> 27) & 0x01)
215 #define STATUS_GET_RESPONSE(v) (((v).status >> 28) & 0x03)
216 #define STATUS_GET_SOURCE(v) (((v).status >> 30) & 0x03)
217 #define STATUS_GET_ORB_LOW(v) ((v).orb_low)
218 #define STATUS_GET_DATA(v) ((v).data)
219
220 struct sbp2_status {
221 u32 status;
222 u32 orb_low;
223 u8 data[24];
224 };
225
226 struct sbp2_pointer {
227 u32 high;
228 u32 low;
229 };
230
231 struct sbp2_orb {
232 struct fw_transaction t;
233 struct kref kref;
234 dma_addr_t request_bus;
235 int rcode;
236 struct sbp2_pointer pointer;
237 void (*callback)(struct sbp2_orb * orb, struct sbp2_status * status);
238 struct list_head link;
239 };
240
241 #define MANAGEMENT_ORB_LUN(v) ((v))
242 #define MANAGEMENT_ORB_FUNCTION(v) ((v) << 16)
243 #define MANAGEMENT_ORB_RECONNECT(v) ((v) << 20)
244 #define MANAGEMENT_ORB_EXCLUSIVE(v) ((v) ? 1 << 28 : 0)
245 #define MANAGEMENT_ORB_REQUEST_FORMAT(v) ((v) << 29)
246 #define MANAGEMENT_ORB_NOTIFY ((1) << 31)
247
248 #define MANAGEMENT_ORB_RESPONSE_LENGTH(v) ((v))
249 #define MANAGEMENT_ORB_PASSWORD_LENGTH(v) ((v) << 16)
250
251 struct sbp2_management_orb {
252 struct sbp2_orb base;
253 struct {
254 struct sbp2_pointer password;
255 struct sbp2_pointer response;
256 u32 misc;
257 u32 length;
258 struct sbp2_pointer status_fifo;
259 } request;
260 __be32 response[4];
261 dma_addr_t response_bus;
262 struct completion done;
263 struct sbp2_status status;
264 };
265
266 #define LOGIN_RESPONSE_GET_LOGIN_ID(v) ((v).misc & 0xffff)
267 #define LOGIN_RESPONSE_GET_LENGTH(v) (((v).misc >> 16) & 0xffff)
268
269 struct sbp2_login_response {
270 u32 misc;
271 struct sbp2_pointer command_block_agent;
272 u32 reconnect_hold;
273 };
274 #define COMMAND_ORB_DATA_SIZE(v) ((v))
275 #define COMMAND_ORB_PAGE_SIZE(v) ((v) << 16)
276 #define COMMAND_ORB_PAGE_TABLE_PRESENT ((1) << 19)
277 #define COMMAND_ORB_MAX_PAYLOAD(v) ((v) << 20)
278 #define COMMAND_ORB_SPEED(v) ((v) << 24)
279 #define COMMAND_ORB_DIRECTION(v) ((v) << 27)
280 #define COMMAND_ORB_REQUEST_FORMAT(v) ((v) << 29)
281 #define COMMAND_ORB_NOTIFY ((1) << 31)
282
283 struct sbp2_command_orb {
284 struct sbp2_orb base;
285 struct {
286 struct sbp2_pointer next;
287 struct sbp2_pointer data_descriptor;
288 u32 misc;
289 u8 command_block[12];
290 } request;
291 struct scsi_cmnd *cmd;
292 scsi_done_fn_t done;
293 struct sbp2_logical_unit *lu;
294
295 struct sbp2_pointer page_table[SG_ALL] __attribute__((aligned(8)));
296 dma_addr_t page_table_bus;
297 };
298
299 /*
300 * List of devices with known bugs.
301 *
302 * The firmware_revision field, masked with 0xffff00, is the best
303 * indicator for the type of bridge chip of a device. It yields a few
304 * false positives but this did not break correctly behaving devices
305 * so far. We use ~0 as a wildcard, since the 24 bit values we get
306 * from the config rom can never match that.
307 */
308 static const struct {
309 u32 firmware_revision;
310 u32 model;
311 unsigned int workarounds;
312 } sbp2_workarounds_table[] = {
313 /* DViCO Momobay CX-1 with TSB42AA9 bridge */ {
314 .firmware_revision = 0x002800,
315 .model = 0x001010,
316 .workarounds = SBP2_WORKAROUND_INQUIRY_36 |
317 SBP2_WORKAROUND_MODE_SENSE_8,
318 },
319 /* DViCO Momobay FX-3A with TSB42AA9A bridge */ {
320 .firmware_revision = 0x002800,
321 .model = 0x000000,
322 .workarounds = SBP2_WORKAROUND_DELAY_INQUIRY,
323 },
324 /* Initio bridges, actually only needed for some older ones */ {
325 .firmware_revision = 0x000200,
326 .model = ~0,
327 .workarounds = SBP2_WORKAROUND_INQUIRY_36,
328 },
329 /* Symbios bridge */ {
330 .firmware_revision = 0xa0b800,
331 .model = ~0,
332 .workarounds = SBP2_WORKAROUND_128K_MAX_TRANS,
333 },
334 /* Datafab MD2-FW2 with Symbios/LSILogic SYM13FW500 bridge */ {
335 .firmware_revision = 0x002600,
336 .model = ~0,
337 .workarounds = SBP2_WORKAROUND_128K_MAX_TRANS,
338 },
339
340 /*
341 * There are iPods (2nd gen, 3rd gen) with model_id == 0, but
342 * these iPods do not feature the read_capacity bug according
343 * to one report. Read_capacity behaviour as well as model_id
344 * could change due to Apple-supplied firmware updates though.
345 */
346
347 /* iPod 4th generation. */ {
348 .firmware_revision = 0x0a2700,
349 .model = 0x000021,
350 .workarounds = SBP2_WORKAROUND_FIX_CAPACITY,
351 },
352 /* iPod mini */ {
353 .firmware_revision = 0x0a2700,
354 .model = 0x000023,
355 .workarounds = SBP2_WORKAROUND_FIX_CAPACITY,
356 },
357 /* iPod Photo */ {
358 .firmware_revision = 0x0a2700,
359 .model = 0x00007e,
360 .workarounds = SBP2_WORKAROUND_FIX_CAPACITY,
361 }
362 };
363
364 static void
365 free_orb(struct kref *kref)
366 {
367 struct sbp2_orb *orb = container_of(kref, struct sbp2_orb, kref);
368
369 kfree(orb);
370 }
371
372 static void
373 sbp2_status_write(struct fw_card *card, struct fw_request *request,
374 int tcode, int destination, int source,
375 int generation, int speed,
376 unsigned long long offset,
377 void *payload, size_t length, void *callback_data)
378 {
379 struct sbp2_logical_unit *lu = callback_data;
380 struct sbp2_orb *orb;
381 struct sbp2_status status;
382 size_t header_size;
383 unsigned long flags;
384
385 if (tcode != TCODE_WRITE_BLOCK_REQUEST ||
386 length == 0 || length > sizeof(status)) {
387 fw_send_response(card, request, RCODE_TYPE_ERROR);
388 return;
389 }
390
391 header_size = min(length, 2 * sizeof(u32));
392 fw_memcpy_from_be32(&status, payload, header_size);
393 if (length > header_size)
394 memcpy(status.data, payload + 8, length - header_size);
395 if (STATUS_GET_SOURCE(status) == 2 || STATUS_GET_SOURCE(status) == 3) {
396 fw_notify("non-orb related status write, not handled\n");
397 fw_send_response(card, request, RCODE_COMPLETE);
398 return;
399 }
400
401 /* Lookup the orb corresponding to this status write. */
402 spin_lock_irqsave(&card->lock, flags);
403 list_for_each_entry(orb, &lu->orb_list, link) {
404 if (STATUS_GET_ORB_HIGH(status) == 0 &&
405 STATUS_GET_ORB_LOW(status) == orb->request_bus) {
406 orb->rcode = RCODE_COMPLETE;
407 list_del(&orb->link);
408 break;
409 }
410 }
411 spin_unlock_irqrestore(&card->lock, flags);
412
413 if (&orb->link != &lu->orb_list)
414 orb->callback(orb, &status);
415 else
416 fw_error("status write for unknown orb\n");
417
418 kref_put(&orb->kref, free_orb);
419
420 fw_send_response(card, request, RCODE_COMPLETE);
421 }
422
423 static void
424 complete_transaction(struct fw_card *card, int rcode,
425 void *payload, size_t length, void *data)
426 {
427 struct sbp2_orb *orb = data;
428 unsigned long flags;
429
430 /*
431 * This is a little tricky. We can get the status write for
432 * the orb before we get this callback. The status write
433 * handler above will assume the orb pointer transaction was
434 * successful and set the rcode to RCODE_COMPLETE for the orb.
435 * So this callback only sets the rcode if it hasn't already
436 * been set and only does the cleanup if the transaction
437 * failed and we didn't already get a status write.
438 */
439 spin_lock_irqsave(&card->lock, flags);
440
441 if (orb->rcode == -1)
442 orb->rcode = rcode;
443 if (orb->rcode != RCODE_COMPLETE) {
444 list_del(&orb->link);
445 spin_unlock_irqrestore(&card->lock, flags);
446 orb->callback(orb, NULL);
447 } else {
448 spin_unlock_irqrestore(&card->lock, flags);
449 }
450
451 kref_put(&orb->kref, free_orb);
452 }
453
454 static void
455 sbp2_send_orb(struct sbp2_orb *orb, struct sbp2_logical_unit *lu,
456 int node_id, int generation, u64 offset)
457 {
458 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
459 unsigned long flags;
460
461 orb->pointer.high = 0;
462 orb->pointer.low = orb->request_bus;
463 fw_memcpy_to_be32(&orb->pointer, &orb->pointer, sizeof(orb->pointer));
464
465 spin_lock_irqsave(&device->card->lock, flags);
466 list_add_tail(&orb->link, &lu->orb_list);
467 spin_unlock_irqrestore(&device->card->lock, flags);
468
469 /* Take a ref for the orb list and for the transaction callback. */
470 kref_get(&orb->kref);
471 kref_get(&orb->kref);
472
473 fw_send_request(device->card, &orb->t, TCODE_WRITE_BLOCK_REQUEST,
474 node_id, generation, device->max_speed, offset,
475 &orb->pointer, sizeof(orb->pointer),
476 complete_transaction, orb);
477 }
478
479 static int sbp2_cancel_orbs(struct sbp2_logical_unit *lu)
480 {
481 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
482 struct sbp2_orb *orb, *next;
483 struct list_head list;
484 unsigned long flags;
485 int retval = -ENOENT;
486
487 INIT_LIST_HEAD(&list);
488 spin_lock_irqsave(&device->card->lock, flags);
489 list_splice_init(&lu->orb_list, &list);
490 spin_unlock_irqrestore(&device->card->lock, flags);
491
492 list_for_each_entry_safe(orb, next, &list, link) {
493 retval = 0;
494 if (fw_cancel_transaction(device->card, &orb->t) == 0)
495 continue;
496
497 orb->rcode = RCODE_CANCELLED;
498 orb->callback(orb, NULL);
499 }
500
501 return retval;
502 }
503
504 static void
505 complete_management_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
506 {
507 struct sbp2_management_orb *orb =
508 container_of(base_orb, struct sbp2_management_orb, base);
509
510 if (status)
511 memcpy(&orb->status, status, sizeof(*status));
512 complete(&orb->done);
513 }
514
515 static int
516 sbp2_send_management_orb(struct sbp2_logical_unit *lu, int node_id,
517 int generation, int function, int lun_or_login_id,
518 void *response)
519 {
520 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
521 struct sbp2_management_orb *orb;
522 unsigned int timeout;
523 int retval = -ENOMEM;
524
525 if (function == SBP2_LOGOUT_REQUEST && fw_device_is_shutdown(device))
526 return 0;
527
528 orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
529 if (orb == NULL)
530 return -ENOMEM;
531
532 kref_init(&orb->base.kref);
533 orb->response_bus =
534 dma_map_single(device->card->device, &orb->response,
535 sizeof(orb->response), DMA_FROM_DEVICE);
536 if (dma_mapping_error(orb->response_bus))
537 goto fail_mapping_response;
538
539 orb->request.response.high = 0;
540 orb->request.response.low = orb->response_bus;
541
542 orb->request.misc =
543 MANAGEMENT_ORB_NOTIFY |
544 MANAGEMENT_ORB_FUNCTION(function) |
545 MANAGEMENT_ORB_LUN(lun_or_login_id);
546 orb->request.length =
547 MANAGEMENT_ORB_RESPONSE_LENGTH(sizeof(orb->response));
548
549 orb->request.status_fifo.high = lu->address_handler.offset >> 32;
550 orb->request.status_fifo.low = lu->address_handler.offset;
551
552 if (function == SBP2_LOGIN_REQUEST) {
553 /* Ask for 2^2 == 4 seconds reconnect grace period */
554 orb->request.misc |=
555 MANAGEMENT_ORB_RECONNECT(2) |
556 MANAGEMENT_ORB_EXCLUSIVE(sbp2_param_exclusive_login);
557 timeout = lu->tgt->mgt_orb_timeout;
558 } else {
559 timeout = SBP2_ORB_TIMEOUT;
560 }
561
562 fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
563
564 init_completion(&orb->done);
565 orb->base.callback = complete_management_orb;
566
567 orb->base.request_bus =
568 dma_map_single(device->card->device, &orb->request,
569 sizeof(orb->request), DMA_TO_DEVICE);
570 if (dma_mapping_error(orb->base.request_bus))
571 goto fail_mapping_request;
572
573 sbp2_send_orb(&orb->base, lu, node_id, generation,
574 lu->tgt->management_agent_address);
575
576 wait_for_completion_timeout(&orb->done, msecs_to_jiffies(timeout));
577
578 retval = -EIO;
579 if (sbp2_cancel_orbs(lu) == 0) {
580 fw_error("%s: orb reply timed out, rcode=0x%02x\n",
581 lu->tgt->bus_id, orb->base.rcode);
582 goto out;
583 }
584
585 if (orb->base.rcode != RCODE_COMPLETE) {
586 fw_error("%s: management write failed, rcode 0x%02x\n",
587 lu->tgt->bus_id, orb->base.rcode);
588 goto out;
589 }
590
591 if (STATUS_GET_RESPONSE(orb->status) != 0 ||
592 STATUS_GET_SBP_STATUS(orb->status) != 0) {
593 fw_error("%s: error status: %d:%d\n", lu->tgt->bus_id,
594 STATUS_GET_RESPONSE(orb->status),
595 STATUS_GET_SBP_STATUS(orb->status));
596 goto out;
597 }
598
599 retval = 0;
600 out:
601 dma_unmap_single(device->card->device, orb->base.request_bus,
602 sizeof(orb->request), DMA_TO_DEVICE);
603 fail_mapping_request:
604 dma_unmap_single(device->card->device, orb->response_bus,
605 sizeof(orb->response), DMA_FROM_DEVICE);
606 fail_mapping_response:
607 if (response)
608 fw_memcpy_from_be32(response,
609 orb->response, sizeof(orb->response));
610 kref_put(&orb->base.kref, free_orb);
611
612 return retval;
613 }
614
615 static void
616 complete_agent_reset_write(struct fw_card *card, int rcode,
617 void *payload, size_t length, void *done)
618 {
619 complete(done);
620 }
621
622 static void sbp2_agent_reset(struct sbp2_logical_unit *lu)
623 {
624 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
625 DECLARE_COMPLETION_ONSTACK(done);
626 struct fw_transaction t;
627 static u32 z;
628
629 fw_send_request(device->card, &t, TCODE_WRITE_QUADLET_REQUEST,
630 lu->tgt->node_id, lu->generation, device->max_speed,
631 lu->command_block_agent_address + SBP2_AGENT_RESET,
632 &z, sizeof(z), complete_agent_reset_write, &done);
633 wait_for_completion(&done);
634 }
635
636 static void
637 complete_agent_reset_write_no_wait(struct fw_card *card, int rcode,
638 void *payload, size_t length, void *data)
639 {
640 kfree(data);
641 }
642
643 static void sbp2_agent_reset_no_wait(struct sbp2_logical_unit *lu)
644 {
645 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
646 struct fw_transaction *t;
647 static u32 z;
648
649 t = kmalloc(sizeof(*t), GFP_ATOMIC);
650 if (t == NULL)
651 return;
652
653 fw_send_request(device->card, t, TCODE_WRITE_QUADLET_REQUEST,
654 lu->tgt->node_id, lu->generation, device->max_speed,
655 lu->command_block_agent_address + SBP2_AGENT_RESET,
656 &z, sizeof(z), complete_agent_reset_write_no_wait, t);
657 }
658
659 static void sbp2_set_generation(struct sbp2_logical_unit *lu, int generation)
660 {
661 struct fw_card *card = fw_device(lu->tgt->unit->device.parent)->card;
662 unsigned long flags;
663
664 /* serialize with comparisons of lu->generation and card->generation */
665 spin_lock_irqsave(&card->lock, flags);
666 lu->generation = generation;
667 spin_unlock_irqrestore(&card->lock, flags);
668 }
669
670 static inline void sbp2_allow_block(struct sbp2_logical_unit *lu)
671 {
672 /*
673 * We may access dont_block without taking card->lock here:
674 * All callers of sbp2_allow_block() and all callers of sbp2_unblock()
675 * are currently serialized against each other.
676 * And a wrong result in sbp2_conditionally_block()'s access of
677 * dont_block is rather harmless, it simply misses its first chance.
678 */
679 --lu->tgt->dont_block;
680 }
681
682 /*
683 * Blocks lu->tgt if all of the following conditions are met:
684 * - Login, INQUIRY, and high-level SCSI setup of all of the target's
685 * logical units have been finished (indicated by dont_block == 0).
686 * - lu->generation is stale.
687 *
688 * Note, scsi_block_requests() must be called while holding card->lock,
689 * otherwise it might foil sbp2_[conditionally_]unblock()'s attempt to
690 * unblock the target.
691 */
692 static void sbp2_conditionally_block(struct sbp2_logical_unit *lu)
693 {
694 struct sbp2_target *tgt = lu->tgt;
695 struct fw_card *card = fw_device(tgt->unit->device.parent)->card;
696 struct Scsi_Host *shost =
697 container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
698 unsigned long flags;
699
700 spin_lock_irqsave(&card->lock, flags);
701 if (!tgt->dont_block && !lu->blocked &&
702 lu->generation != card->generation) {
703 lu->blocked = true;
704 if (++tgt->blocked == 1) {
705 scsi_block_requests(shost);
706 fw_notify("blocked %s\n", lu->tgt->bus_id);
707 }
708 }
709 spin_unlock_irqrestore(&card->lock, flags);
710 }
711
712 /*
713 * Unblocks lu->tgt as soon as all its logical units can be unblocked.
714 * Note, it is harmless to run scsi_unblock_requests() outside the
715 * card->lock protected section. On the other hand, running it inside
716 * the section might clash with shost->host_lock.
717 */
718 static void sbp2_conditionally_unblock(struct sbp2_logical_unit *lu)
719 {
720 struct sbp2_target *tgt = lu->tgt;
721 struct fw_card *card = fw_device(tgt->unit->device.parent)->card;
722 struct Scsi_Host *shost =
723 container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
724 unsigned long flags;
725 bool unblock = false;
726
727 spin_lock_irqsave(&card->lock, flags);
728 if (lu->blocked && lu->generation == card->generation) {
729 lu->blocked = false;
730 unblock = --tgt->blocked == 0;
731 }
732 spin_unlock_irqrestore(&card->lock, flags);
733
734 if (unblock) {
735 scsi_unblock_requests(shost);
736 fw_notify("unblocked %s\n", lu->tgt->bus_id);
737 }
738 }
739
740 /*
741 * Prevents future blocking of tgt and unblocks it.
742 * Note, it is harmless to run scsi_unblock_requests() outside the
743 * card->lock protected section. On the other hand, running it inside
744 * the section might clash with shost->host_lock.
745 */
746 static void sbp2_unblock(struct sbp2_target *tgt)
747 {
748 struct fw_card *card = fw_device(tgt->unit->device.parent)->card;
749 struct Scsi_Host *shost =
750 container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
751 unsigned long flags;
752
753 spin_lock_irqsave(&card->lock, flags);
754 ++tgt->dont_block;
755 spin_unlock_irqrestore(&card->lock, flags);
756
757 scsi_unblock_requests(shost);
758 }
759
760 static int sbp2_lun2int(u16 lun)
761 {
762 struct scsi_lun eight_bytes_lun;
763
764 memset(&eight_bytes_lun, 0, sizeof(eight_bytes_lun));
765 eight_bytes_lun.scsi_lun[0] = (lun >> 8) & 0xff;
766 eight_bytes_lun.scsi_lun[1] = lun & 0xff;
767
768 return scsilun_to_int(&eight_bytes_lun);
769 }
770
771 static void sbp2_release_target(struct kref *kref)
772 {
773 struct sbp2_target *tgt = container_of(kref, struct sbp2_target, kref);
774 struct sbp2_logical_unit *lu, *next;
775 struct Scsi_Host *shost =
776 container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
777 struct scsi_device *sdev;
778 struct fw_device *device = fw_device(tgt->unit->device.parent);
779
780 /* prevent deadlocks */
781 sbp2_unblock(tgt);
782
783 list_for_each_entry_safe(lu, next, &tgt->lu_list, link) {
784 sdev = scsi_device_lookup(shost, 0, 0, sbp2_lun2int(lu->lun));
785 if (sdev) {
786 scsi_remove_device(sdev);
787 scsi_device_put(sdev);
788 }
789 sbp2_send_management_orb(lu, tgt->node_id, lu->generation,
790 SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
791
792 fw_core_remove_address_handler(&lu->address_handler);
793 list_del(&lu->link);
794 kfree(lu);
795 }
796 scsi_remove_host(shost);
797 fw_notify("released %s\n", tgt->bus_id);
798
799 put_device(&tgt->unit->device);
800 scsi_host_put(shost);
801 fw_device_put(device);
802 }
803
804 static struct workqueue_struct *sbp2_wq;
805
806 /*
807 * Always get the target's kref when scheduling work on one its units.
808 * Each workqueue job is responsible to call sbp2_target_put() upon return.
809 */
810 static void sbp2_queue_work(struct sbp2_logical_unit *lu, unsigned long delay)
811 {
812 if (queue_delayed_work(sbp2_wq, &lu->work, delay))
813 kref_get(&lu->tgt->kref);
814 }
815
816 static void sbp2_target_put(struct sbp2_target *tgt)
817 {
818 kref_put(&tgt->kref, sbp2_release_target);
819 }
820
821 static void
822 complete_set_busy_timeout(struct fw_card *card, int rcode,
823 void *payload, size_t length, void *done)
824 {
825 complete(done);
826 }
827
828 static void sbp2_set_busy_timeout(struct sbp2_logical_unit *lu)
829 {
830 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
831 DECLARE_COMPLETION_ONSTACK(done);
832 struct fw_transaction t;
833 static __be32 busy_timeout;
834
835 /* FIXME: we should try to set dual-phase cycle_limit too */
836 busy_timeout = cpu_to_be32(SBP2_RETRY_LIMIT);
837
838 fw_send_request(device->card, &t, TCODE_WRITE_QUADLET_REQUEST,
839 lu->tgt->node_id, lu->generation, device->max_speed,
840 CSR_REGISTER_BASE + CSR_BUSY_TIMEOUT, &busy_timeout,
841 sizeof(busy_timeout), complete_set_busy_timeout, &done);
842 wait_for_completion(&done);
843 }
844
845 static void sbp2_reconnect(struct work_struct *work);
846
847 static void sbp2_login(struct work_struct *work)
848 {
849 struct sbp2_logical_unit *lu =
850 container_of(work, struct sbp2_logical_unit, work.work);
851 struct sbp2_target *tgt = lu->tgt;
852 struct fw_device *device = fw_device(tgt->unit->device.parent);
853 struct Scsi_Host *shost;
854 struct scsi_device *sdev;
855 struct sbp2_login_response response;
856 int generation, node_id, local_node_id;
857
858 if (fw_device_is_shutdown(device))
859 goto out;
860
861 generation = device->generation;
862 smp_rmb(); /* node_id must not be older than generation */
863 node_id = device->node_id;
864 local_node_id = device->card->node_id;
865
866 /* If this is a re-login attempt, log out, or we might be rejected. */
867 if (lu->has_sdev)
868 sbp2_send_management_orb(lu, device->node_id, generation,
869 SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
870
871 if (sbp2_send_management_orb(lu, node_id, generation,
872 SBP2_LOGIN_REQUEST, lu->lun, &response) < 0) {
873 if (lu->retries++ < 5) {
874 sbp2_queue_work(lu, DIV_ROUND_UP(HZ, 5));
875 } else {
876 fw_error("%s: failed to login to LUN %04x\n",
877 tgt->bus_id, lu->lun);
878 /* Let any waiting I/O fail from now on. */
879 sbp2_unblock(lu->tgt);
880 }
881 goto out;
882 }
883
884 tgt->node_id = node_id;
885 tgt->address_high = local_node_id << 16;
886 sbp2_set_generation(lu, generation);
887
888 /* Get command block agent offset and login id. */
889 lu->command_block_agent_address =
890 ((u64) (response.command_block_agent.high & 0xffff) << 32) |
891 response.command_block_agent.low;
892 lu->login_id = LOGIN_RESPONSE_GET_LOGIN_ID(response);
893
894 fw_notify("%s: logged in to LUN %04x (%d retries)\n",
895 tgt->bus_id, lu->lun, lu->retries);
896
897 /* set appropriate retry limit(s) in BUSY_TIMEOUT register */
898 sbp2_set_busy_timeout(lu);
899
900 PREPARE_DELAYED_WORK(&lu->work, sbp2_reconnect);
901 sbp2_agent_reset(lu);
902
903 /* This was a re-login. */
904 if (lu->has_sdev) {
905 sbp2_cancel_orbs(lu);
906 sbp2_conditionally_unblock(lu);
907 goto out;
908 }
909
910 if (lu->tgt->workarounds & SBP2_WORKAROUND_DELAY_INQUIRY)
911 ssleep(SBP2_INQUIRY_DELAY);
912
913 shost = container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
914 sdev = __scsi_add_device(shost, 0, 0, sbp2_lun2int(lu->lun), lu);
915 /*
916 * FIXME: We are unable to perform reconnects while in sbp2_login().
917 * Therefore __scsi_add_device() will get into trouble if a bus reset
918 * happens in parallel. It will either fail or leave us with an
919 * unusable sdev. As a workaround we check for this and retry the
920 * whole login and SCSI probing.
921 */
922
923 /* Reported error during __scsi_add_device() */
924 if (IS_ERR(sdev))
925 goto out_logout_login;
926
927 /* Unreported error during __scsi_add_device() */
928 smp_rmb(); /* get current card generation */
929 if (generation != device->card->generation) {
930 scsi_remove_device(sdev);
931 scsi_device_put(sdev);
932 goto out_logout_login;
933 }
934
935 /* No error during __scsi_add_device() */
936 lu->has_sdev = true;
937 scsi_device_put(sdev);
938 sbp2_allow_block(lu);
939 goto out;
940
941 out_logout_login:
942 smp_rmb(); /* generation may have changed */
943 generation = device->generation;
944 smp_rmb(); /* node_id must not be older than generation */
945
946 sbp2_send_management_orb(lu, device->node_id, generation,
947 SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
948 /*
949 * If a bus reset happened, sbp2_update will have requeued
950 * lu->work already. Reset the work from reconnect to login.
951 */
952 PREPARE_DELAYED_WORK(&lu->work, sbp2_login);
953 out:
954 sbp2_target_put(tgt);
955 }
956
957 static int sbp2_add_logical_unit(struct sbp2_target *tgt, int lun_entry)
958 {
959 struct sbp2_logical_unit *lu;
960
961 lu = kmalloc(sizeof(*lu), GFP_KERNEL);
962 if (!lu)
963 return -ENOMEM;
964
965 lu->address_handler.length = 0x100;
966 lu->address_handler.address_callback = sbp2_status_write;
967 lu->address_handler.callback_data = lu;
968
969 if (fw_core_add_address_handler(&lu->address_handler,
970 &fw_high_memory_region) < 0) {
971 kfree(lu);
972 return -ENOMEM;
973 }
974
975 lu->tgt = tgt;
976 lu->lun = lun_entry & 0xffff;
977 lu->retries = 0;
978 lu->has_sdev = false;
979 lu->blocked = false;
980 ++tgt->dont_block;
981 INIT_LIST_HEAD(&lu->orb_list);
982 INIT_DELAYED_WORK(&lu->work, sbp2_login);
983
984 list_add_tail(&lu->link, &tgt->lu_list);
985 return 0;
986 }
987
988 static int sbp2_scan_logical_unit_dir(struct sbp2_target *tgt, u32 *directory)
989 {
990 struct fw_csr_iterator ci;
991 int key, value;
992
993 fw_csr_iterator_init(&ci, directory);
994 while (fw_csr_iterator_next(&ci, &key, &value))
995 if (key == SBP2_CSR_LOGICAL_UNIT_NUMBER &&
996 sbp2_add_logical_unit(tgt, value) < 0)
997 return -ENOMEM;
998 return 0;
999 }
1000
1001 static int sbp2_scan_unit_dir(struct sbp2_target *tgt, u32 *directory,
1002 u32 *model, u32 *firmware_revision)
1003 {
1004 struct fw_csr_iterator ci;
1005 int key, value;
1006 unsigned int timeout;
1007
1008 fw_csr_iterator_init(&ci, directory);
1009 while (fw_csr_iterator_next(&ci, &key, &value)) {
1010 switch (key) {
1011
1012 case CSR_DEPENDENT_INFO | CSR_OFFSET:
1013 tgt->management_agent_address =
1014 CSR_REGISTER_BASE + 4 * value;
1015 break;
1016
1017 case CSR_DIRECTORY_ID:
1018 tgt->directory_id = value;
1019 break;
1020
1021 case CSR_MODEL:
1022 *model = value;
1023 break;
1024
1025 case SBP2_CSR_FIRMWARE_REVISION:
1026 *firmware_revision = value;
1027 break;
1028
1029 case SBP2_CSR_UNIT_CHARACTERISTICS:
1030 /* the timeout value is stored in 500ms units */
1031 timeout = ((unsigned int) value >> 8 & 0xff) * 500;
1032 timeout = max(timeout, SBP2_MIN_LOGIN_ORB_TIMEOUT);
1033 tgt->mgt_orb_timeout =
1034 min(timeout, SBP2_MAX_LOGIN_ORB_TIMEOUT);
1035
1036 if (timeout > tgt->mgt_orb_timeout)
1037 fw_notify("%s: config rom contains %ds "
1038 "management ORB timeout, limiting "
1039 "to %ds\n", tgt->bus_id,
1040 timeout / 1000,
1041 tgt->mgt_orb_timeout / 1000);
1042 break;
1043
1044 case SBP2_CSR_LOGICAL_UNIT_NUMBER:
1045 if (sbp2_add_logical_unit(tgt, value) < 0)
1046 return -ENOMEM;
1047 break;
1048
1049 case SBP2_CSR_LOGICAL_UNIT_DIRECTORY:
1050 if (sbp2_scan_logical_unit_dir(tgt, ci.p + value) < 0)
1051 return -ENOMEM;
1052 break;
1053 }
1054 }
1055 return 0;
1056 }
1057
1058 static void sbp2_init_workarounds(struct sbp2_target *tgt, u32 model,
1059 u32 firmware_revision)
1060 {
1061 int i;
1062 unsigned int w = sbp2_param_workarounds;
1063
1064 if (w)
1065 fw_notify("Please notify linux1394-devel@lists.sourceforge.net "
1066 "if you need the workarounds parameter for %s\n",
1067 tgt->bus_id);
1068
1069 if (w & SBP2_WORKAROUND_OVERRIDE)
1070 goto out;
1071
1072 for (i = 0; i < ARRAY_SIZE(sbp2_workarounds_table); i++) {
1073
1074 if (sbp2_workarounds_table[i].firmware_revision !=
1075 (firmware_revision & 0xffffff00))
1076 continue;
1077
1078 if (sbp2_workarounds_table[i].model != model &&
1079 sbp2_workarounds_table[i].model != ~0)
1080 continue;
1081
1082 w |= sbp2_workarounds_table[i].workarounds;
1083 break;
1084 }
1085 out:
1086 if (w)
1087 fw_notify("Workarounds for %s: 0x%x "
1088 "(firmware_revision 0x%06x, model_id 0x%06x)\n",
1089 tgt->bus_id, w, firmware_revision, model);
1090 tgt->workarounds = w;
1091 }
1092
1093 static struct scsi_host_template scsi_driver_template;
1094
1095 static int sbp2_probe(struct device *dev)
1096 {
1097 struct fw_unit *unit = fw_unit(dev);
1098 struct fw_device *device = fw_device(unit->device.parent);
1099 struct sbp2_target *tgt;
1100 struct sbp2_logical_unit *lu;
1101 struct Scsi_Host *shost;
1102 u32 model, firmware_revision;
1103
1104 shost = scsi_host_alloc(&scsi_driver_template, sizeof(*tgt));
1105 if (shost == NULL)
1106 return -ENOMEM;
1107
1108 tgt = (struct sbp2_target *)shost->hostdata;
1109 unit->device.driver_data = tgt;
1110 tgt->unit = unit;
1111 kref_init(&tgt->kref);
1112 INIT_LIST_HEAD(&tgt->lu_list);
1113 tgt->bus_id = unit->device.bus_id;
1114
1115 if (fw_device_enable_phys_dma(device) < 0)
1116 goto fail_shost_put;
1117
1118 if (scsi_add_host(shost, &unit->device) < 0)
1119 goto fail_shost_put;
1120
1121 fw_device_get(device);
1122
1123 /* Initialize to values that won't match anything in our table. */
1124 firmware_revision = 0xff000000;
1125 model = 0xff000000;
1126
1127 /* implicit directory ID */
1128 tgt->directory_id = ((unit->directory - device->config_rom) * 4
1129 + CSR_CONFIG_ROM) & 0xffffff;
1130
1131 if (sbp2_scan_unit_dir(tgt, unit->directory, &model,
1132 &firmware_revision) < 0)
1133 goto fail_tgt_put;
1134
1135 sbp2_init_workarounds(tgt, model, firmware_revision);
1136
1137 get_device(&unit->device);
1138
1139 /* Do the login in a workqueue so we can easily reschedule retries. */
1140 list_for_each_entry(lu, &tgt->lu_list, link)
1141 sbp2_queue_work(lu, 0);
1142 return 0;
1143
1144 fail_tgt_put:
1145 sbp2_target_put(tgt);
1146 return -ENOMEM;
1147
1148 fail_shost_put:
1149 scsi_host_put(shost);
1150 return -ENOMEM;
1151 }
1152
1153 static int sbp2_remove(struct device *dev)
1154 {
1155 struct fw_unit *unit = fw_unit(dev);
1156 struct sbp2_target *tgt = unit->device.driver_data;
1157
1158 sbp2_target_put(tgt);
1159 return 0;
1160 }
1161
1162 static void sbp2_reconnect(struct work_struct *work)
1163 {
1164 struct sbp2_logical_unit *lu =
1165 container_of(work, struct sbp2_logical_unit, work.work);
1166 struct sbp2_target *tgt = lu->tgt;
1167 struct fw_device *device = fw_device(tgt->unit->device.parent);
1168 int generation, node_id, local_node_id;
1169
1170 if (fw_device_is_shutdown(device))
1171 goto out;
1172
1173 generation = device->generation;
1174 smp_rmb(); /* node_id must not be older than generation */
1175 node_id = device->node_id;
1176 local_node_id = device->card->node_id;
1177
1178 if (sbp2_send_management_orb(lu, node_id, generation,
1179 SBP2_RECONNECT_REQUEST,
1180 lu->login_id, NULL) < 0) {
1181 /*
1182 * If reconnect was impossible even though we are in the
1183 * current generation, fall back and try to log in again.
1184 *
1185 * We could check for "Function rejected" status, but
1186 * looking at the bus generation as simpler and more general.
1187 */
1188 smp_rmb(); /* get current card generation */
1189 if (generation == device->card->generation ||
1190 lu->retries++ >= 5) {
1191 fw_error("%s: failed to reconnect\n", tgt->bus_id);
1192 lu->retries = 0;
1193 PREPARE_DELAYED_WORK(&lu->work, sbp2_login);
1194 }
1195 sbp2_queue_work(lu, DIV_ROUND_UP(HZ, 5));
1196 goto out;
1197 }
1198
1199 tgt->node_id = node_id;
1200 tgt->address_high = local_node_id << 16;
1201 sbp2_set_generation(lu, generation);
1202
1203 fw_notify("%s: reconnected to LUN %04x (%d retries)\n",
1204 tgt->bus_id, lu->lun, lu->retries);
1205
1206 sbp2_agent_reset(lu);
1207 sbp2_cancel_orbs(lu);
1208 sbp2_conditionally_unblock(lu);
1209 out:
1210 sbp2_target_put(tgt);
1211 }
1212
1213 static void sbp2_update(struct fw_unit *unit)
1214 {
1215 struct sbp2_target *tgt = unit->device.driver_data;
1216 struct sbp2_logical_unit *lu;
1217
1218 fw_device_enable_phys_dma(fw_device(unit->device.parent));
1219
1220 /*
1221 * Fw-core serializes sbp2_update() against sbp2_remove().
1222 * Iteration over tgt->lu_list is therefore safe here.
1223 */
1224 list_for_each_entry(lu, &tgt->lu_list, link) {
1225 sbp2_conditionally_block(lu);
1226 lu->retries = 0;
1227 sbp2_queue_work(lu, 0);
1228 }
1229 }
1230
1231 #define SBP2_UNIT_SPEC_ID_ENTRY 0x0000609e
1232 #define SBP2_SW_VERSION_ENTRY 0x00010483
1233
1234 static const struct fw_device_id sbp2_id_table[] = {
1235 {
1236 .match_flags = FW_MATCH_SPECIFIER_ID | FW_MATCH_VERSION,
1237 .specifier_id = SBP2_UNIT_SPEC_ID_ENTRY,
1238 .version = SBP2_SW_VERSION_ENTRY,
1239 },
1240 { }
1241 };
1242
1243 static struct fw_driver sbp2_driver = {
1244 .driver = {
1245 .owner = THIS_MODULE,
1246 .name = sbp2_driver_name,
1247 .bus = &fw_bus_type,
1248 .probe = sbp2_probe,
1249 .remove = sbp2_remove,
1250 },
1251 .update = sbp2_update,
1252 .id_table = sbp2_id_table,
1253 };
1254
1255 static unsigned int
1256 sbp2_status_to_sense_data(u8 *sbp2_status, u8 *sense_data)
1257 {
1258 int sam_status;
1259
1260 sense_data[0] = 0x70;
1261 sense_data[1] = 0x0;
1262 sense_data[2] = sbp2_status[1];
1263 sense_data[3] = sbp2_status[4];
1264 sense_data[4] = sbp2_status[5];
1265 sense_data[5] = sbp2_status[6];
1266 sense_data[6] = sbp2_status[7];
1267 sense_data[7] = 10;
1268 sense_data[8] = sbp2_status[8];
1269 sense_data[9] = sbp2_status[9];
1270 sense_data[10] = sbp2_status[10];
1271 sense_data[11] = sbp2_status[11];
1272 sense_data[12] = sbp2_status[2];
1273 sense_data[13] = sbp2_status[3];
1274 sense_data[14] = sbp2_status[12];
1275 sense_data[15] = sbp2_status[13];
1276
1277 sam_status = sbp2_status[0] & 0x3f;
1278
1279 switch (sam_status) {
1280 case SAM_STAT_GOOD:
1281 case SAM_STAT_CHECK_CONDITION:
1282 case SAM_STAT_CONDITION_MET:
1283 case SAM_STAT_BUSY:
1284 case SAM_STAT_RESERVATION_CONFLICT:
1285 case SAM_STAT_COMMAND_TERMINATED:
1286 return DID_OK << 16 | sam_status;
1287
1288 default:
1289 return DID_ERROR << 16;
1290 }
1291 }
1292
1293 static void
1294 complete_command_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
1295 {
1296 struct sbp2_command_orb *orb =
1297 container_of(base_orb, struct sbp2_command_orb, base);
1298 struct fw_device *device = fw_device(orb->lu->tgt->unit->device.parent);
1299 int result;
1300
1301 if (status != NULL) {
1302 if (STATUS_GET_DEAD(*status))
1303 sbp2_agent_reset_no_wait(orb->lu);
1304
1305 switch (STATUS_GET_RESPONSE(*status)) {
1306 case SBP2_STATUS_REQUEST_COMPLETE:
1307 result = DID_OK << 16;
1308 break;
1309 case SBP2_STATUS_TRANSPORT_FAILURE:
1310 result = DID_BUS_BUSY << 16;
1311 break;
1312 case SBP2_STATUS_ILLEGAL_REQUEST:
1313 case SBP2_STATUS_VENDOR_DEPENDENT:
1314 default:
1315 result = DID_ERROR << 16;
1316 break;
1317 }
1318
1319 if (result == DID_OK << 16 && STATUS_GET_LEN(*status) > 1)
1320 result = sbp2_status_to_sense_data(STATUS_GET_DATA(*status),
1321 orb->cmd->sense_buffer);
1322 } else {
1323 /*
1324 * If the orb completes with status == NULL, something
1325 * went wrong, typically a bus reset happened mid-orb
1326 * or when sending the write (less likely).
1327 */
1328 result = DID_BUS_BUSY << 16;
1329 sbp2_conditionally_block(orb->lu);
1330 }
1331
1332 dma_unmap_single(device->card->device, orb->base.request_bus,
1333 sizeof(orb->request), DMA_TO_DEVICE);
1334
1335 if (scsi_sg_count(orb->cmd) > 0)
1336 dma_unmap_sg(device->card->device, scsi_sglist(orb->cmd),
1337 scsi_sg_count(orb->cmd),
1338 orb->cmd->sc_data_direction);
1339
1340 if (orb->page_table_bus != 0)
1341 dma_unmap_single(device->card->device, orb->page_table_bus,
1342 sizeof(orb->page_table), DMA_TO_DEVICE);
1343
1344 orb->cmd->result = result;
1345 orb->done(orb->cmd);
1346 }
1347
1348 static int
1349 sbp2_map_scatterlist(struct sbp2_command_orb *orb, struct fw_device *device,
1350 struct sbp2_logical_unit *lu)
1351 {
1352 struct scatterlist *sg;
1353 int sg_len, l, i, j, count;
1354 dma_addr_t sg_addr;
1355
1356 sg = scsi_sglist(orb->cmd);
1357 count = dma_map_sg(device->card->device, sg, scsi_sg_count(orb->cmd),
1358 orb->cmd->sc_data_direction);
1359 if (count == 0)
1360 goto fail;
1361
1362 /*
1363 * Handle the special case where there is only one element in
1364 * the scatter list by converting it to an immediate block
1365 * request. This is also a workaround for broken devices such
1366 * as the second generation iPod which doesn't support page
1367 * tables.
1368 */
1369 if (count == 1 && sg_dma_len(sg) < SBP2_MAX_SG_ELEMENT_LENGTH) {
1370 orb->request.data_descriptor.high = lu->tgt->address_high;
1371 orb->request.data_descriptor.low = sg_dma_address(sg);
1372 orb->request.misc |= COMMAND_ORB_DATA_SIZE(sg_dma_len(sg));
1373 return 0;
1374 }
1375
1376 /*
1377 * Convert the scatterlist to an sbp2 page table. If any
1378 * scatterlist entries are too big for sbp2, we split them as we
1379 * go. Even if we ask the block I/O layer to not give us sg
1380 * elements larger than 65535 bytes, some IOMMUs may merge sg elements
1381 * during DMA mapping, and Linux currently doesn't prevent this.
1382 */
1383 for (i = 0, j = 0; i < count; i++, sg = sg_next(sg)) {
1384 sg_len = sg_dma_len(sg);
1385 sg_addr = sg_dma_address(sg);
1386 while (sg_len) {
1387 /* FIXME: This won't get us out of the pinch. */
1388 if (unlikely(j >= ARRAY_SIZE(orb->page_table))) {
1389 fw_error("page table overflow\n");
1390 goto fail_page_table;
1391 }
1392 l = min(sg_len, SBP2_MAX_SG_ELEMENT_LENGTH);
1393 orb->page_table[j].low = sg_addr;
1394 orb->page_table[j].high = (l << 16);
1395 sg_addr += l;
1396 sg_len -= l;
1397 j++;
1398 }
1399 }
1400
1401 fw_memcpy_to_be32(orb->page_table, orb->page_table,
1402 sizeof(orb->page_table[0]) * j);
1403 orb->page_table_bus =
1404 dma_map_single(device->card->device, orb->page_table,
1405 sizeof(orb->page_table), DMA_TO_DEVICE);
1406 if (dma_mapping_error(orb->page_table_bus))
1407 goto fail_page_table;
1408
1409 /*
1410 * The data_descriptor pointer is the one case where we need
1411 * to fill in the node ID part of the address. All other
1412 * pointers assume that the data referenced reside on the
1413 * initiator (i.e. us), but data_descriptor can refer to data
1414 * on other nodes so we need to put our ID in descriptor.high.
1415 */
1416 orb->request.data_descriptor.high = lu->tgt->address_high;
1417 orb->request.data_descriptor.low = orb->page_table_bus;
1418 orb->request.misc |=
1419 COMMAND_ORB_PAGE_TABLE_PRESENT |
1420 COMMAND_ORB_DATA_SIZE(j);
1421
1422 return 0;
1423
1424 fail_page_table:
1425 dma_unmap_sg(device->card->device, sg, scsi_sg_count(orb->cmd),
1426 orb->cmd->sc_data_direction);
1427 fail:
1428 return -ENOMEM;
1429 }
1430
1431 /* SCSI stack integration */
1432
1433 static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
1434 {
1435 struct sbp2_logical_unit *lu = cmd->device->hostdata;
1436 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
1437 struct sbp2_command_orb *orb;
1438 unsigned int max_payload;
1439 int retval = SCSI_MLQUEUE_HOST_BUSY;
1440
1441 /*
1442 * Bidirectional commands are not yet implemented, and unknown
1443 * transfer direction not handled.
1444 */
1445 if (cmd->sc_data_direction == DMA_BIDIRECTIONAL) {
1446 fw_error("Can't handle DMA_BIDIRECTIONAL, rejecting command\n");
1447 cmd->result = DID_ERROR << 16;
1448 done(cmd);
1449 return 0;
1450 }
1451
1452 orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
1453 if (orb == NULL) {
1454 fw_notify("failed to alloc orb\n");
1455 return SCSI_MLQUEUE_HOST_BUSY;
1456 }
1457
1458 /* Initialize rcode to something not RCODE_COMPLETE. */
1459 orb->base.rcode = -1;
1460 kref_init(&orb->base.kref);
1461
1462 orb->lu = lu;
1463 orb->done = done;
1464 orb->cmd = cmd;
1465
1466 orb->request.next.high = SBP2_ORB_NULL;
1467 orb->request.next.low = 0x0;
1468 /*
1469 * At speed 100 we can do 512 bytes per packet, at speed 200,
1470 * 1024 bytes per packet etc. The SBP-2 max_payload field
1471 * specifies the max payload size as 2 ^ (max_payload + 2), so
1472 * if we set this to max_speed + 7, we get the right value.
1473 */
1474 max_payload = min(device->max_speed + 7,
1475 device->card->max_receive - 1);
1476 orb->request.misc =
1477 COMMAND_ORB_MAX_PAYLOAD(max_payload) |
1478 COMMAND_ORB_SPEED(device->max_speed) |
1479 COMMAND_ORB_NOTIFY;
1480
1481 if (cmd->sc_data_direction == DMA_FROM_DEVICE)
1482 orb->request.misc |=
1483 COMMAND_ORB_DIRECTION(SBP2_DIRECTION_FROM_MEDIA);
1484 else if (cmd->sc_data_direction == DMA_TO_DEVICE)
1485 orb->request.misc |=
1486 COMMAND_ORB_DIRECTION(SBP2_DIRECTION_TO_MEDIA);
1487
1488 if (scsi_sg_count(cmd) && sbp2_map_scatterlist(orb, device, lu) < 0)
1489 goto out;
1490
1491 fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
1492
1493 memset(orb->request.command_block,
1494 0, sizeof(orb->request.command_block));
1495 memcpy(orb->request.command_block, cmd->cmnd, COMMAND_SIZE(*cmd->cmnd));
1496
1497 orb->base.callback = complete_command_orb;
1498 orb->base.request_bus =
1499 dma_map_single(device->card->device, &orb->request,
1500 sizeof(orb->request), DMA_TO_DEVICE);
1501 if (dma_mapping_error(orb->base.request_bus))
1502 goto out;
1503
1504 sbp2_send_orb(&orb->base, lu, lu->tgt->node_id, lu->generation,
1505 lu->command_block_agent_address + SBP2_ORB_POINTER);
1506 retval = 0;
1507 out:
1508 kref_put(&orb->base.kref, free_orb);
1509 return retval;
1510 }
1511
1512 static int sbp2_scsi_slave_alloc(struct scsi_device *sdev)
1513 {
1514 struct sbp2_logical_unit *lu = sdev->hostdata;
1515
1516 /* (Re-)Adding logical units via the SCSI stack is not supported. */
1517 if (!lu)
1518 return -ENOSYS;
1519
1520 sdev->allow_restart = 1;
1521
1522 /*
1523 * Update the dma alignment (minimum alignment requirements for
1524 * start and end of DMA transfers) to be a sector
1525 */
1526 blk_queue_update_dma_alignment(sdev->request_queue, 511);
1527
1528 if (lu->tgt->workarounds & SBP2_WORKAROUND_INQUIRY_36)
1529 sdev->inquiry_len = 36;
1530
1531 return 0;
1532 }
1533
1534 static int sbp2_scsi_slave_configure(struct scsi_device *sdev)
1535 {
1536 struct sbp2_logical_unit *lu = sdev->hostdata;
1537
1538 sdev->use_10_for_rw = 1;
1539
1540 if (sdev->type == TYPE_ROM)
1541 sdev->use_10_for_ms = 1;
1542
1543 if (sdev->type == TYPE_DISK &&
1544 lu->tgt->workarounds & SBP2_WORKAROUND_MODE_SENSE_8)
1545 sdev->skip_ms_page_8 = 1;
1546
1547 if (lu->tgt->workarounds & SBP2_WORKAROUND_FIX_CAPACITY)
1548 sdev->fix_capacity = 1;
1549
1550 if (lu->tgt->workarounds & SBP2_WORKAROUND_128K_MAX_TRANS)
1551 blk_queue_max_sectors(sdev->request_queue, 128 * 1024 / 512);
1552
1553 return 0;
1554 }
1555
1556 /*
1557 * Called by scsi stack when something has really gone wrong. Usually
1558 * called when a command has timed-out for some reason.
1559 */
1560 static int sbp2_scsi_abort(struct scsi_cmnd *cmd)
1561 {
1562 struct sbp2_logical_unit *lu = cmd->device->hostdata;
1563
1564 fw_notify("%s: sbp2_scsi_abort\n", lu->tgt->bus_id);
1565 sbp2_agent_reset(lu);
1566 sbp2_cancel_orbs(lu);
1567
1568 return SUCCESS;
1569 }
1570
1571 /*
1572 * Format of /sys/bus/scsi/devices/.../ieee1394_id:
1573 * u64 EUI-64 : u24 directory_ID : u16 LUN (all printed in hexadecimal)
1574 *
1575 * This is the concatenation of target port identifier and logical unit
1576 * identifier as per SAM-2...SAM-4 annex A.
1577 */
1578 static ssize_t
1579 sbp2_sysfs_ieee1394_id_show(struct device *dev, struct device_attribute *attr,
1580 char *buf)
1581 {
1582 struct scsi_device *sdev = to_scsi_device(dev);
1583 struct sbp2_logical_unit *lu;
1584 struct fw_device *device;
1585
1586 if (!sdev)
1587 return 0;
1588
1589 lu = sdev->hostdata;
1590 device = fw_device(lu->tgt->unit->device.parent);
1591
1592 return sprintf(buf, "%08x%08x:%06x:%04x\n",
1593 device->config_rom[3], device->config_rom[4],
1594 lu->tgt->directory_id, lu->lun);
1595 }
1596
1597 static DEVICE_ATTR(ieee1394_id, S_IRUGO, sbp2_sysfs_ieee1394_id_show, NULL);
1598
1599 static struct device_attribute *sbp2_scsi_sysfs_attrs[] = {
1600 &dev_attr_ieee1394_id,
1601 NULL
1602 };
1603
1604 static struct scsi_host_template scsi_driver_template = {
1605 .module = THIS_MODULE,
1606 .name = "SBP-2 IEEE-1394",
1607 .proc_name = sbp2_driver_name,
1608 .queuecommand = sbp2_scsi_queuecommand,
1609 .slave_alloc = sbp2_scsi_slave_alloc,
1610 .slave_configure = sbp2_scsi_slave_configure,
1611 .eh_abort_handler = sbp2_scsi_abort,
1612 .this_id = -1,
1613 .sg_tablesize = SG_ALL,
1614 .use_clustering = ENABLE_CLUSTERING,
1615 .cmd_per_lun = 1,
1616 .can_queue = 1,
1617 .sdev_attrs = sbp2_scsi_sysfs_attrs,
1618 };
1619
1620 MODULE_AUTHOR("Kristian Hoegsberg <krh@bitplanet.net>");
1621 MODULE_DESCRIPTION("SCSI over IEEE1394");
1622 MODULE_LICENSE("GPL");
1623 MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);
1624
1625 /* Provide a module alias so root-on-sbp2 initrds don't break. */
1626 #ifndef CONFIG_IEEE1394_SBP2_MODULE
1627 MODULE_ALIAS("sbp2");
1628 #endif
1629
1630 static int __init sbp2_init(void)
1631 {
1632 sbp2_wq = create_singlethread_workqueue(KBUILD_MODNAME);
1633 if (!sbp2_wq)
1634 return -ENOMEM;
1635
1636 return driver_register(&sbp2_driver.driver);
1637 }
1638
1639 static void __exit sbp2_cleanup(void)
1640 {
1641 driver_unregister(&sbp2_driver.driver);
1642 destroy_workqueue(sbp2_wq);
1643 }
1644
1645 module_init(sbp2_init);
1646 module_exit(sbp2_cleanup);
Linux kernel - Deliverables
This page took 0.098468 seconds and 5 git commands to generate.