1 /*
2  * Core routines and tables shareable across OS platforms.
3  *
4  * Copyright (c) 1994-2002 Justin T. Gibbs.
5  * Copyright (c) 2000-2003 Adaptec Inc.
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions, and the following disclaimer,
13  *    without modification.
14  * 2. Redistributions in binary form must reproduce at minimum a disclaimer
15  *    substantially similar to the "NO WARRANTY" disclaimer below
16  *    ("Disclaimer") and any redistribution must be conditioned upon
17  *    including a substantially similar Disclaimer requirement for further
18  *    binary redistribution.
19  * 3. Neither the names of the above-listed copyright holders nor the names
20  *    of any contributors may be used to endorse or promote products derived
21  *    from this software without specific prior written permission.
22  *
23  * Alternatively, this software may be distributed under the terms of the
24  * GNU General Public License ("GPL") version 2 as published by the Free
25  * Software Foundation.
26  *
27  * NO WARRANTY
28  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
29  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
30  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR
31  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
32  * HOLDERS OR CONTRIBUTORS BE LIABLE FOR SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
34  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
35  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
36  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
37  * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
38  * POSSIBILITY OF SUCH DAMAGES.
39  *
40  * $Id: //depot/aic7xxx/aic7xxx/aic79xx.c#250 $
41  */
42 
43 #ifdef __linux__
44 #include "aic79xx_osm.h"
45 #include "aic79xx_inline.h"
46 #include "aicasm/aicasm_insformat.h"
47 #else
48 #include <dev/aic7xxx/aic79xx_osm.h>
49 #include <dev/aic7xxx/aic79xx_inline.h>
50 #include <dev/aic7xxx/aicasm/aicasm_insformat.h>
51 #endif
52 
53 
54 /***************************** Lookup Tables **********************************/
55 static const char *const ahd_chip_names[] =
56 {
57 	"NONE",
58 	"aic7901",
59 	"aic7902",
60 	"aic7901A"
61 };
62 static const u_int num_chip_names = ARRAY_SIZE(ahd_chip_names);
63 
64 /*
65  * Hardware error codes.
66  */
67 struct ahd_hard_error_entry {
68         uint8_t errno;
69 	const char *errmesg;
70 };
71 
72 static const struct ahd_hard_error_entry ahd_hard_errors[] = {
73 	{ DSCTMOUT,	"Discard Timer has timed out" },
74 	{ ILLOPCODE,	"Illegal Opcode in sequencer program" },
75 	{ SQPARERR,	"Sequencer Parity Error" },
76 	{ DPARERR,	"Data-path Parity Error" },
77 	{ MPARERR,	"Scratch or SCB Memory Parity Error" },
78 	{ CIOPARERR,	"CIOBUS Parity Error" },
79 };
80 static const u_int num_errors = ARRAY_SIZE(ahd_hard_errors);
81 
82 static const struct ahd_phase_table_entry ahd_phase_table[] =
83 {
84 	{ P_DATAOUT,	MSG_NOOP,		"in Data-out phase"	},
85 	{ P_DATAIN,	MSG_INITIATOR_DET_ERR,	"in Data-in phase"	},
86 	{ P_DATAOUT_DT,	MSG_NOOP,		"in DT Data-out phase"	},
87 	{ P_DATAIN_DT,	MSG_INITIATOR_DET_ERR,	"in DT Data-in phase"	},
88 	{ P_COMMAND,	MSG_NOOP,		"in Command phase"	},
89 	{ P_MESGOUT,	MSG_NOOP,		"in Message-out phase"	},
90 	{ P_STATUS,	MSG_INITIATOR_DET_ERR,	"in Status phase"	},
91 	{ P_MESGIN,	MSG_PARITY_ERROR,	"in Message-in phase"	},
92 	{ P_BUSFREE,	MSG_NOOP,		"while idle"		},
93 	{ 0,		MSG_NOOP,		"in unknown phase"	}
94 };
95 
96 /*
97  * In most cases we only wish to itterate over real phases, so
98  * exclude the last element from the count.
99  */
100 static const u_int num_phases = ARRAY_SIZE(ahd_phase_table) - 1;
101 
102 /* Our Sequencer Program */
103 #include "aic79xx_seq.h"
104 
105 /**************************** Function Declarations ***************************/
106 static void		ahd_handle_transmission_error(struct ahd_softc *ahd);
107 static void		ahd_handle_lqiphase_error(struct ahd_softc *ahd,
108 						  u_int lqistat1);
109 static int		ahd_handle_pkt_busfree(struct ahd_softc *ahd,
110 					       u_int busfreetime);
111 static int		ahd_handle_nonpkt_busfree(struct ahd_softc *ahd);
112 static void		ahd_handle_proto_violation(struct ahd_softc *ahd);
113 static void		ahd_force_renegotiation(struct ahd_softc *ahd,
114 						struct ahd_devinfo *devinfo);
115 
116 static struct ahd_tmode_tstate*
117 			ahd_alloc_tstate(struct ahd_softc *ahd,
118 					 u_int scsi_id, char channel);
119 #ifdef AHD_TARGET_MODE
120 static void		ahd_free_tstate(struct ahd_softc *ahd,
121 					u_int scsi_id, char channel, int force);
122 #endif
123 static void		ahd_devlimited_syncrate(struct ahd_softc *ahd,
124 					        struct ahd_initiator_tinfo *,
125 						u_int *period,
126 						u_int *ppr_options,
127 						role_t role);
128 static void		ahd_update_neg_table(struct ahd_softc *ahd,
129 					     struct ahd_devinfo *devinfo,
130 					     struct ahd_transinfo *tinfo);
131 static void		ahd_update_pending_scbs(struct ahd_softc *ahd);
132 static void		ahd_fetch_devinfo(struct ahd_softc *ahd,
133 					  struct ahd_devinfo *devinfo);
134 static void		ahd_scb_devinfo(struct ahd_softc *ahd,
135 					struct ahd_devinfo *devinfo,
136 					struct scb *scb);
137 static void		ahd_setup_initiator_msgout(struct ahd_softc *ahd,
138 						   struct ahd_devinfo *devinfo,
139 						   struct scb *scb);
140 static void		ahd_build_transfer_msg(struct ahd_softc *ahd,
141 					       struct ahd_devinfo *devinfo);
142 static void		ahd_construct_sdtr(struct ahd_softc *ahd,
143 					   struct ahd_devinfo *devinfo,
144 					   u_int period, u_int offset);
145 static void		ahd_construct_wdtr(struct ahd_softc *ahd,
146 					   struct ahd_devinfo *devinfo,
147 					   u_int bus_width);
148 static void		ahd_construct_ppr(struct ahd_softc *ahd,
149 					  struct ahd_devinfo *devinfo,
150 					  u_int period, u_int offset,
151 					  u_int bus_width, u_int ppr_options);
152 static void		ahd_clear_msg_state(struct ahd_softc *ahd);
153 static void		ahd_handle_message_phase(struct ahd_softc *ahd);
154 typedef enum {
155 	AHDMSG_1B,
156 	AHDMSG_2B,
157 	AHDMSG_EXT
158 } ahd_msgtype;
159 static int		ahd_sent_msg(struct ahd_softc *ahd, ahd_msgtype type,
160 				     u_int msgval, int full);
161 static int		ahd_parse_msg(struct ahd_softc *ahd,
162 				      struct ahd_devinfo *devinfo);
163 static int		ahd_handle_msg_reject(struct ahd_softc *ahd,
164 					      struct ahd_devinfo *devinfo);
165 static void		ahd_handle_ign_wide_residue(struct ahd_softc *ahd,
166 						struct ahd_devinfo *devinfo);
167 static void		ahd_reinitialize_dataptrs(struct ahd_softc *ahd);
168 static void		ahd_handle_devreset(struct ahd_softc *ahd,
169 					    struct ahd_devinfo *devinfo,
170 					    u_int lun, cam_status status,
171 					    char *message, int verbose_level);
172 #ifdef AHD_TARGET_MODE
173 static void		ahd_setup_target_msgin(struct ahd_softc *ahd,
174 					       struct ahd_devinfo *devinfo,
175 					       struct scb *scb);
176 #endif
177 
178 static u_int		ahd_sglist_size(struct ahd_softc *ahd);
179 static u_int		ahd_sglist_allocsize(struct ahd_softc *ahd);
180 static bus_dmamap_callback_t
181 			ahd_dmamap_cb;
182 static void		ahd_initialize_hscbs(struct ahd_softc *ahd);
183 static int		ahd_init_scbdata(struct ahd_softc *ahd);
184 static void		ahd_fini_scbdata(struct ahd_softc *ahd);
185 static void		ahd_setup_iocell_workaround(struct ahd_softc *ahd);
186 static void		ahd_iocell_first_selection(struct ahd_softc *ahd);
187 static void		ahd_add_col_list(struct ahd_softc *ahd,
188 					 struct scb *scb, u_int col_idx);
189 static void		ahd_rem_col_list(struct ahd_softc *ahd,
190 					 struct scb *scb);
191 static void		ahd_chip_init(struct ahd_softc *ahd);
192 static void		ahd_qinfifo_requeue(struct ahd_softc *ahd,
193 					    struct scb *prev_scb,
194 					    struct scb *scb);
195 static int		ahd_qinfifo_count(struct ahd_softc *ahd);
196 static int		ahd_search_scb_list(struct ahd_softc *ahd, int target,
197 					    char channel, int lun, u_int tag,
198 					    role_t role, uint32_t status,
199 					    ahd_search_action action,
200 					    u_int *list_head, u_int *list_tail,
201 					    u_int tid);
202 static void		ahd_stitch_tid_list(struct ahd_softc *ahd,
203 					    u_int tid_prev, u_int tid_cur,
204 					    u_int tid_next);
205 static void		ahd_add_scb_to_free_list(struct ahd_softc *ahd,
206 						 u_int scbid);
207 static u_int		ahd_rem_wscb(struct ahd_softc *ahd, u_int scbid,
208 				     u_int prev, u_int next, u_int tid);
209 static void		ahd_reset_current_bus(struct ahd_softc *ahd);
210 static ahd_callback_t	ahd_stat_timer;
211 #ifdef AHD_DUMP_SEQ
212 static void		ahd_dumpseq(struct ahd_softc *ahd);
213 #endif
214 static void		ahd_loadseq(struct ahd_softc *ahd);
215 static int		ahd_check_patch(struct ahd_softc *ahd,
216 					const struct patch **start_patch,
217 					u_int start_instr, u_int *skip_addr);
218 static u_int		ahd_resolve_seqaddr(struct ahd_softc *ahd,
219 					    u_int address);
220 static void		ahd_download_instr(struct ahd_softc *ahd,
221 					   u_int instrptr, uint8_t *dconsts);
222 static int		ahd_probe_stack_size(struct ahd_softc *ahd);
223 static int		ahd_scb_active_in_fifo(struct ahd_softc *ahd,
224 					       struct scb *scb);
225 static void		ahd_run_data_fifo(struct ahd_softc *ahd,
226 					  struct scb *scb);
227 
228 #ifdef AHD_TARGET_MODE
229 static void		ahd_queue_lstate_event(struct ahd_softc *ahd,
230 					       struct ahd_tmode_lstate *lstate,
231 					       u_int initiator_id,
232 					       u_int event_type,
233 					       u_int event_arg);
234 static void		ahd_update_scsiid(struct ahd_softc *ahd,
235 					  u_int targid_mask);
236 static int		ahd_handle_target_cmd(struct ahd_softc *ahd,
237 					      struct target_cmd *cmd);
238 #endif
239 
240 static int		ahd_abort_scbs(struct ahd_softc *ahd, int target,
241 				       char channel, int lun, u_int tag,
242 				       role_t role, uint32_t status);
243 static void		ahd_alloc_scbs(struct ahd_softc *ahd);
244 static void		ahd_busy_tcl(struct ahd_softc *ahd, u_int tcl,
245 				     u_int scbid);
246 static void		ahd_calc_residual(struct ahd_softc *ahd,
247 					  struct scb *scb);
248 static void		ahd_clear_critical_section(struct ahd_softc *ahd);
249 static void		ahd_clear_intstat(struct ahd_softc *ahd);
250 static void		ahd_enable_coalescing(struct ahd_softc *ahd,
251 					      int enable);
252 static u_int		ahd_find_busy_tcl(struct ahd_softc *ahd, u_int tcl);
253 static void		ahd_freeze_devq(struct ahd_softc *ahd,
254 					struct scb *scb);
255 static void		ahd_handle_scb_status(struct ahd_softc *ahd,
256 					      struct scb *scb);
257 static const struct ahd_phase_table_entry* ahd_lookup_phase_entry(int phase);
258 static void		ahd_shutdown(void *arg);
259 static void		ahd_update_coalescing_values(struct ahd_softc *ahd,
260 						     u_int timer,
261 						     u_int maxcmds,
262 						     u_int mincmds);
263 static int		ahd_verify_vpd_cksum(struct vpd_config *vpd);
264 static int		ahd_wait_seeprom(struct ahd_softc *ahd);
265 static int		ahd_match_scb(struct ahd_softc *ahd, struct scb *scb,
266 				      int target, char channel, int lun,
267 				      u_int tag, role_t role);
268 
269 static void		ahd_reset_cmds_pending(struct ahd_softc *ahd);
270 
271 /*************************** Interrupt Services *******************************/
272 static void		ahd_run_qoutfifo(struct ahd_softc *ahd);
273 #ifdef AHD_TARGET_MODE
274 static void		ahd_run_tqinfifo(struct ahd_softc *ahd, int paused);
275 #endif
276 static void		ahd_handle_hwerrint(struct ahd_softc *ahd);
277 static void		ahd_handle_seqint(struct ahd_softc *ahd, u_int intstat);
278 static void		ahd_handle_scsiint(struct ahd_softc *ahd,
279 				           u_int intstat);
280 
281 /************************ Sequencer Execution Control *************************/
282 void
283 ahd_set_modes(struct ahd_softc *ahd, ahd_mode src, ahd_mode dst)
284 {
285 	if (ahd->src_mode == src && ahd->dst_mode == dst)
286 		return;
287 #ifdef AHD_DEBUG
288 	if (ahd->src_mode == AHD_MODE_UNKNOWN
289 	 || ahd->dst_mode == AHD_MODE_UNKNOWN)
290 		panic("Setting mode prior to saving it.\n");
291 	if ((ahd_debug & AHD_SHOW_MODEPTR) != 0)
292 		printf("%s: Setting mode 0x%x\n", ahd_name(ahd),
293 		       ahd_build_mode_state(ahd, src, dst));
294 #endif
295 	ahd_outb(ahd, MODE_PTR, ahd_build_mode_state(ahd, src, dst));
296 	ahd->src_mode = src;
297 	ahd->dst_mode = dst;
298 }
299 
300 static void
301 ahd_update_modes(struct ahd_softc *ahd)
302 {
303 	ahd_mode_state mode_ptr;
304 	ahd_mode src;
305 	ahd_mode dst;
306 
307 	mode_ptr = ahd_inb(ahd, MODE_PTR);
308 #ifdef AHD_DEBUG
309 	if ((ahd_debug & AHD_SHOW_MODEPTR) != 0)
310 		printf("Reading mode 0x%x\n", mode_ptr);
311 #endif
312 	ahd_extract_mode_state(ahd, mode_ptr, &src, &dst);
313 	ahd_known_modes(ahd, src, dst);
314 }
315 
316 static void
317 ahd_assert_modes(struct ahd_softc *ahd, ahd_mode srcmode,
318 		 ahd_mode dstmode, const char *file, int line)
319 {
320 #ifdef AHD_DEBUG
321 	if ((srcmode & AHD_MK_MSK(ahd->src_mode)) == 0
322 	 || (dstmode & AHD_MK_MSK(ahd->dst_mode)) == 0) {
323 		panic("%s:%s:%d: Mode assertion failed.\n",
324 		       ahd_name(ahd), file, line);
325 	}
326 #endif
327 }
328 
329 #define AHD_ASSERT_MODES(ahd, source, dest) \
330 	ahd_assert_modes(ahd, source, dest, __FILE__, __LINE__);
331 
332 ahd_mode_state
333 ahd_save_modes(struct ahd_softc *ahd)
334 {
335 	if (ahd->src_mode == AHD_MODE_UNKNOWN
336 	 || ahd->dst_mode == AHD_MODE_UNKNOWN)
337 		ahd_update_modes(ahd);
338 
339 	return (ahd_build_mode_state(ahd, ahd->src_mode, ahd->dst_mode));
340 }
341 
342 void
343 ahd_restore_modes(struct ahd_softc *ahd, ahd_mode_state state)
344 {
345 	ahd_mode src;
346 	ahd_mode dst;
347 
348 	ahd_extract_mode_state(ahd, state, &src, &dst);
349 	ahd_set_modes(ahd, src, dst);
350 }
351 
352 /*
353  * Determine whether the sequencer has halted code execution.
354  * Returns non-zero status if the sequencer is stopped.
355  */
356 int
357 ahd_is_paused(struct ahd_softc *ahd)
358 {
359 	return ((ahd_inb(ahd, HCNTRL) & PAUSE) != 0);
360 }
361 
362 /*
363  * Request that the sequencer stop and wait, indefinitely, for it
364  * to stop.  The sequencer will only acknowledge that it is paused
365  * once it has reached an instruction boundary and PAUSEDIS is
366  * cleared in the SEQCTL register.  The sequencer may use PAUSEDIS
367  * for critical sections.
368  */
369 void
370 ahd_pause(struct ahd_softc *ahd)
371 {
372 	ahd_outb(ahd, HCNTRL, ahd->pause);
373 
374 	/*
375 	 * Since the sequencer can disable pausing in a critical section, we
376 	 * must loop until it actually stops.
377 	 */
378 	while (ahd_is_paused(ahd) == 0)
379 		;
380 }
381 
382 /*
383  * Allow the sequencer to continue program execution.
384  * We check here to ensure that no additional interrupt
385  * sources that would cause the sequencer to halt have been
386  * asserted.  If, for example, a SCSI bus reset is detected
387  * while we are fielding a different, pausing, interrupt type,
388  * we don't want to release the sequencer before going back
389  * into our interrupt handler and dealing with this new
390  * condition.
391  */
392 void
393 ahd_unpause(struct ahd_softc *ahd)
394 {
395 	/*
396 	 * Automatically restore our modes to those saved
397 	 * prior to the first change of the mode.
398 	 */
399 	if (ahd->saved_src_mode != AHD_MODE_UNKNOWN
400 	 && ahd->saved_dst_mode != AHD_MODE_UNKNOWN) {
401 		if ((ahd->flags & AHD_UPDATE_PEND_CMDS) != 0)
402 			ahd_reset_cmds_pending(ahd);
403 		ahd_set_modes(ahd, ahd->saved_src_mode, ahd->saved_dst_mode);
404 	}
405 
406 	if ((ahd_inb(ahd, INTSTAT) & ~CMDCMPLT) == 0)
407 		ahd_outb(ahd, HCNTRL, ahd->unpause);
408 
409 	ahd_known_modes(ahd, AHD_MODE_UNKNOWN, AHD_MODE_UNKNOWN);
410 }
411 
412 /*********************** Scatter Gather List Handling *************************/
413 void *
414 ahd_sg_setup(struct ahd_softc *ahd, struct scb *scb,
415 	     void *sgptr, dma_addr_t addr, bus_size_t len, int last)
416 {
417 	scb->sg_count++;
418 	if (sizeof(dma_addr_t) > 4
419 	 && (ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
420 		struct ahd_dma64_seg *sg;
421 
422 		sg = (struct ahd_dma64_seg *)sgptr;
423 		sg->addr = ahd_htole64(addr);
424 		sg->len = ahd_htole32(len | (last ? AHD_DMA_LAST_SEG : 0));
425 		return (sg + 1);
426 	} else {
427 		struct ahd_dma_seg *sg;
428 
429 		sg = (struct ahd_dma_seg *)sgptr;
430 		sg->addr = ahd_htole32(addr & 0xFFFFFFFF);
431 		sg->len = ahd_htole32(len | ((addr >> 8) & 0x7F000000)
432 				    | (last ? AHD_DMA_LAST_SEG : 0));
433 		return (sg + 1);
434 	}
435 }
436 
437 static void
438 ahd_setup_scb_common(struct ahd_softc *ahd, struct scb *scb)
439 {
440 	/* XXX Handle target mode SCBs. */
441 	scb->crc_retry_count = 0;
442 	if ((scb->flags & SCB_PACKETIZED) != 0) {
443 		/* XXX what about ACA??  It is type 4, but TAG_TYPE == 0x3. */
444 		scb->hscb->task_attribute = scb->hscb->control & SCB_TAG_TYPE;
445 	} else {
446 		if (ahd_get_transfer_length(scb) & 0x01)
447 			scb->hscb->task_attribute = SCB_XFERLEN_ODD;
448 		else
449 			scb->hscb->task_attribute = 0;
450 	}
451 
452 	if (scb->hscb->cdb_len <= MAX_CDB_LEN_WITH_SENSE_ADDR
453 	 || (scb->hscb->cdb_len & SCB_CDB_LEN_PTR) != 0)
454 		scb->hscb->shared_data.idata.cdb_plus_saddr.sense_addr =
455 		    ahd_htole32(scb->sense_busaddr);
456 }
457 
458 static void
459 ahd_setup_data_scb(struct ahd_softc *ahd, struct scb *scb)
460 {
461 	/*
462 	 * Copy the first SG into the "current" data ponter area.
463 	 */
464 	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
465 		struct ahd_dma64_seg *sg;
466 
467 		sg = (struct ahd_dma64_seg *)scb->sg_list;
468 		scb->hscb->dataptr = sg->addr;
469 		scb->hscb->datacnt = sg->len;
470 	} else {
471 		struct ahd_dma_seg *sg;
472 		uint32_t *dataptr_words;
473 
474 		sg = (struct ahd_dma_seg *)scb->sg_list;
475 		dataptr_words = (uint32_t*)&scb->hscb->dataptr;
476 		dataptr_words[0] = sg->addr;
477 		dataptr_words[1] = 0;
478 		if ((ahd->flags & AHD_39BIT_ADDRESSING) != 0) {
479 			uint64_t high_addr;
480 
481 			high_addr = ahd_le32toh(sg->len) & 0x7F000000;
482 			scb->hscb->dataptr |= ahd_htole64(high_addr << 8);
483 		}
484 		scb->hscb->datacnt = sg->len;
485 	}
486 	/*
487 	 * Note where to find the SG entries in bus space.
488 	 * We also set the full residual flag which the
489 	 * sequencer will clear as soon as a data transfer
490 	 * occurs.
491 	 */
492 	scb->hscb->sgptr = ahd_htole32(scb->sg_list_busaddr|SG_FULL_RESID);
493 }
494 
495 static void
496 ahd_setup_noxfer_scb(struct ahd_softc *ahd, struct scb *scb)
497 {
498 	scb->hscb->sgptr = ahd_htole32(SG_LIST_NULL);
499 	scb->hscb->dataptr = 0;
500 	scb->hscb->datacnt = 0;
501 }
502 
503 /************************** Memory mapping routines ***************************/
504 static void *
505 ahd_sg_bus_to_virt(struct ahd_softc *ahd, struct scb *scb, uint32_t sg_busaddr)
506 {
507 	dma_addr_t sg_offset;
508 
509 	/* sg_list_phys points to entry 1, not 0 */
510 	sg_offset = sg_busaddr - (scb->sg_list_busaddr - ahd_sg_size(ahd));
511 	return ((uint8_t *)scb->sg_list + sg_offset);
512 }
513 
514 static uint32_t
515 ahd_sg_virt_to_bus(struct ahd_softc *ahd, struct scb *scb, void *sg)
516 {
517 	dma_addr_t sg_offset;
518 
519 	/* sg_list_phys points to entry 1, not 0 */
520 	sg_offset = ((uint8_t *)sg - (uint8_t *)scb->sg_list)
521 		  - ahd_sg_size(ahd);
522 
523 	return (scb->sg_list_busaddr + sg_offset);
524 }
525 
526 static void
527 ahd_sync_scb(struct ahd_softc *ahd, struct scb *scb, int op)
528 {
529 	ahd_dmamap_sync(ahd, ahd->scb_data.hscb_dmat,
530 			scb->hscb_map->dmamap,
531 			/*offset*/(uint8_t*)scb->hscb - scb->hscb_map->vaddr,
532 			/*len*/sizeof(*scb->hscb), op);
533 }
534 
535 void
536 ahd_sync_sglist(struct ahd_softc *ahd, struct scb *scb, int op)
537 {
538 	if (scb->sg_count == 0)
539 		return;
540 
541 	ahd_dmamap_sync(ahd, ahd->scb_data.sg_dmat,
542 			scb->sg_map->dmamap,
543 			/*offset*/scb->sg_list_busaddr - ahd_sg_size(ahd),
544 			/*len*/ahd_sg_size(ahd) * scb->sg_count, op);
545 }
546 
547 static void
548 ahd_sync_sense(struct ahd_softc *ahd, struct scb *scb, int op)
549 {
550 	ahd_dmamap_sync(ahd, ahd->scb_data.sense_dmat,
551 			scb->sense_map->dmamap,
552 			/*offset*/scb->sense_busaddr,
553 			/*len*/AHD_SENSE_BUFSIZE, op);
554 }
555 
556 #ifdef AHD_TARGET_MODE
557 static uint32_t
558 ahd_targetcmd_offset(struct ahd_softc *ahd, u_int index)
559 {
560 	return (((uint8_t *)&ahd->targetcmds[index])
561 	       - (uint8_t *)ahd->qoutfifo);
562 }
563 #endif
564 
565 /*********************** Miscelaneous Support Functions ***********************/
566 /*
567  * Return pointers to the transfer negotiation information
568  * for the specified our_id/remote_id pair.
569  */
570 struct ahd_initiator_tinfo *
571 ahd_fetch_transinfo(struct ahd_softc *ahd, char channel, u_int our_id,
572 		    u_int remote_id, struct ahd_tmode_tstate **tstate)
573 {
574 	/*
575 	 * Transfer data structures are stored from the perspective
576 	 * of the target role.  Since the parameters for a connection
577 	 * in the initiator role to a given target are the same as
578 	 * when the roles are reversed, we pretend we are the target.
579 	 */
580 	if (channel == 'B')
581 		our_id += 8;
582 	*tstate = ahd->enabled_targets[our_id];
583 	return (&(*tstate)->transinfo[remote_id]);
584 }
585 
586 uint16_t
587 ahd_inw(struct ahd_softc *ahd, u_int port)
588 {
589 	/*
590 	 * Read high byte first as some registers increment
591 	 * or have other side effects when the low byte is
592 	 * read.
593 	 */
594 	uint16_t r = ahd_inb(ahd, port+1) << 8;
595 	return r | ahd_inb(ahd, port);
596 }
597 
598 void
599 ahd_outw(struct ahd_softc *ahd, u_int port, u_int value)
600 {
601 	/*
602 	 * Write low byte first to accomodate registers
603 	 * such as PRGMCNT where the order maters.
604 	 */
605 	ahd_outb(ahd, port, value & 0xFF);
606 	ahd_outb(ahd, port+1, (value >> 8) & 0xFF);
607 }
608 
609 uint32_t
610 ahd_inl(struct ahd_softc *ahd, u_int port)
611 {
612 	return ((ahd_inb(ahd, port))
613 	      | (ahd_inb(ahd, port+1) << 8)
614 	      | (ahd_inb(ahd, port+2) << 16)
615 	      | (ahd_inb(ahd, port+3) << 24));
616 }
617 
618 void
619 ahd_outl(struct ahd_softc *ahd, u_int port, uint32_t value)
620 {
621 	ahd_outb(ahd, port, (value) & 0xFF);
622 	ahd_outb(ahd, port+1, ((value) >> 8) & 0xFF);
623 	ahd_outb(ahd, port+2, ((value) >> 16) & 0xFF);
624 	ahd_outb(ahd, port+3, ((value) >> 24) & 0xFF);
625 }
626 
627 uint64_t
628 ahd_inq(struct ahd_softc *ahd, u_int port)
629 {
630 	return ((ahd_inb(ahd, port))
631 	      | (ahd_inb(ahd, port+1) << 8)
632 	      | (ahd_inb(ahd, port+2) << 16)
633 	      | (ahd_inb(ahd, port+3) << 24)
634 	      | (((uint64_t)ahd_inb(ahd, port+4)) << 32)
635 	      | (((uint64_t)ahd_inb(ahd, port+5)) << 40)
636 	      | (((uint64_t)ahd_inb(ahd, port+6)) << 48)
637 	      | (((uint64_t)ahd_inb(ahd, port+7)) << 56));
638 }
639 
640 void
641 ahd_outq(struct ahd_softc *ahd, u_int port, uint64_t value)
642 {
643 	ahd_outb(ahd, port, value & 0xFF);
644 	ahd_outb(ahd, port+1, (value >> 8) & 0xFF);
645 	ahd_outb(ahd, port+2, (value >> 16) & 0xFF);
646 	ahd_outb(ahd, port+3, (value >> 24) & 0xFF);
647 	ahd_outb(ahd, port+4, (value >> 32) & 0xFF);
648 	ahd_outb(ahd, port+5, (value >> 40) & 0xFF);
649 	ahd_outb(ahd, port+6, (value >> 48) & 0xFF);
650 	ahd_outb(ahd, port+7, (value >> 56) & 0xFF);
651 }
652 
653 u_int
654 ahd_get_scbptr(struct ahd_softc *ahd)
655 {
656 	AHD_ASSERT_MODES(ahd, ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK),
657 			 ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK));
658 	return (ahd_inb(ahd, SCBPTR) | (ahd_inb(ahd, SCBPTR + 1) << 8));
659 }
660 
661 void
662 ahd_set_scbptr(struct ahd_softc *ahd, u_int scbptr)
663 {
664 	AHD_ASSERT_MODES(ahd, ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK),
665 			 ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK));
666 	ahd_outb(ahd, SCBPTR, scbptr & 0xFF);
667 	ahd_outb(ahd, SCBPTR+1, (scbptr >> 8) & 0xFF);
668 }
669 
670 #if 0 /* unused */
671 static u_int
672 ahd_get_hnscb_qoff(struct ahd_softc *ahd)
673 {
674 	return (ahd_inw_atomic(ahd, HNSCB_QOFF));
675 }
676 #endif
677 
678 static void
679 ahd_set_hnscb_qoff(struct ahd_softc *ahd, u_int value)
680 {
681 	ahd_outw_atomic(ahd, HNSCB_QOFF, value);
682 }
683 
684 #if 0 /* unused */
685 static u_int
686 ahd_get_hescb_qoff(struct ahd_softc *ahd)
687 {
688 	return (ahd_inb(ahd, HESCB_QOFF));
689 }
690 #endif
691 
692 static void
693 ahd_set_hescb_qoff(struct ahd_softc *ahd, u_int value)
694 {
695 	ahd_outb(ahd, HESCB_QOFF, value);
696 }
697 
698 static u_int
699 ahd_get_snscb_qoff(struct ahd_softc *ahd)
700 {
701 	u_int oldvalue;
702 
703 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
704 	oldvalue = ahd_inw(ahd, SNSCB_QOFF);
705 	ahd_outw(ahd, SNSCB_QOFF, oldvalue);
706 	return (oldvalue);
707 }
708 
709 static void
710 ahd_set_snscb_qoff(struct ahd_softc *ahd, u_int value)
711 {
712 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
713 	ahd_outw(ahd, SNSCB_QOFF, value);
714 }
715 
716 #if 0 /* unused */
717 static u_int
718 ahd_get_sescb_qoff(struct ahd_softc *ahd)
719 {
720 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
721 	return (ahd_inb(ahd, SESCB_QOFF));
722 }
723 #endif
724 
725 static void
726 ahd_set_sescb_qoff(struct ahd_softc *ahd, u_int value)
727 {
728 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
729 	ahd_outb(ahd, SESCB_QOFF, value);
730 }
731 
732 #if 0 /* unused */
733 static u_int
734 ahd_get_sdscb_qoff(struct ahd_softc *ahd)
735 {
736 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
737 	return (ahd_inb(ahd, SDSCB_QOFF) | (ahd_inb(ahd, SDSCB_QOFF + 1) << 8));
738 }
739 #endif
740 
741 static void
742 ahd_set_sdscb_qoff(struct ahd_softc *ahd, u_int value)
743 {
744 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
745 	ahd_outb(ahd, SDSCB_QOFF, value & 0xFF);
746 	ahd_outb(ahd, SDSCB_QOFF+1, (value >> 8) & 0xFF);
747 }
748 
749 u_int
750 ahd_inb_scbram(struct ahd_softc *ahd, u_int offset)
751 {
752 	u_int value;
753 
754 	/*
755 	 * Workaround PCI-X Rev A. hardware bug.
756 	 * After a host read of SCB memory, the chip
757 	 * may become confused into thinking prefetch
758 	 * was required.  This starts the discard timer
759 	 * running and can cause an unexpected discard
760 	 * timer interrupt.  The work around is to read
761 	 * a normal register prior to the exhaustion of
762 	 * the discard timer.  The mode pointer register
763 	 * has no side effects and so serves well for
764 	 * this purpose.
765 	 *
766 	 * Razor #528
767 	 */
768 	value = ahd_inb(ahd, offset);
769 	if ((ahd->bugs & AHD_PCIX_SCBRAM_RD_BUG) != 0)
770 		ahd_inb(ahd, MODE_PTR);
771 	return (value);
772 }
773 
774 u_int
775 ahd_inw_scbram(struct ahd_softc *ahd, u_int offset)
776 {
777 	return (ahd_inb_scbram(ahd, offset)
778 	      | (ahd_inb_scbram(ahd, offset+1) << 8));
779 }
780 
781 static uint32_t
782 ahd_inl_scbram(struct ahd_softc *ahd, u_int offset)
783 {
784 	return (ahd_inw_scbram(ahd, offset)
785 	      | (ahd_inw_scbram(ahd, offset+2) << 16));
786 }
787 
788 static uint64_t
789 ahd_inq_scbram(struct ahd_softc *ahd, u_int offset)
790 {
791 	return (ahd_inl_scbram(ahd, offset)
792 	      | ((uint64_t)ahd_inl_scbram(ahd, offset+4)) << 32);
793 }
794 
795 struct scb *
796 ahd_lookup_scb(struct ahd_softc *ahd, u_int tag)
797 {
798 	struct scb* scb;
799 
800 	if (tag >= AHD_SCB_MAX)
801 		return (NULL);
802 	scb = ahd->scb_data.scbindex[tag];
803 	if (scb != NULL)
804 		ahd_sync_scb(ahd, scb,
805 			     BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE);
806 	return (scb);
807 }
808 
809 static void
810 ahd_swap_with_next_hscb(struct ahd_softc *ahd, struct scb *scb)
811 {
812 	struct	 hardware_scb *q_hscb;
813 	struct	 map_node *q_hscb_map;
814 	uint32_t saved_hscb_busaddr;
815 
816 	/*
817 	 * Our queuing method is a bit tricky.  The card
818 	 * knows in advance which HSCB (by address) to download,
819 	 * and we can't disappoint it.  To achieve this, the next
820 	 * HSCB to download is saved off in ahd->next_queued_hscb.
821 	 * When we are called to queue "an arbitrary scb",
822 	 * we copy the contents of the incoming HSCB to the one
823 	 * the sequencer knows about, swap HSCB pointers and
824 	 * finally assign the SCB to the tag indexed location
825 	 * in the scb_array.  This makes sure that we can still
826 	 * locate the correct SCB by SCB_TAG.
827 	 */
828 	q_hscb = ahd->next_queued_hscb;
829 	q_hscb_map = ahd->next_queued_hscb_map;
830 	saved_hscb_busaddr = q_hscb->hscb_busaddr;
831 	memcpy(q_hscb, scb->hscb, sizeof(*scb->hscb));
832 	q_hscb->hscb_busaddr = saved_hscb_busaddr;
833 	q_hscb->next_hscb_busaddr = scb->hscb->hscb_busaddr;
834 
835 	/* Now swap HSCB pointers. */
836 	ahd->next_queued_hscb = scb->hscb;
837 	ahd->next_queued_hscb_map = scb->hscb_map;
838 	scb->hscb = q_hscb;
839 	scb->hscb_map = q_hscb_map;
840 
841 	/* Now define the mapping from tag to SCB in the scbindex */
842 	ahd->scb_data.scbindex[SCB_GET_TAG(scb)] = scb;
843 }
844 
845 /*
846  * Tell the sequencer about a new transaction to execute.
847  */
848 void
849 ahd_queue_scb(struct ahd_softc *ahd, struct scb *scb)
850 {
851 	ahd_swap_with_next_hscb(ahd, scb);
852 
853 	if (SCBID_IS_NULL(SCB_GET_TAG(scb)))
854 		panic("Attempt to queue invalid SCB tag %x\n",
855 		      SCB_GET_TAG(scb));
856 
857 	/*
858 	 * Keep a history of SCBs we've downloaded in the qinfifo.
859 	 */
860 	ahd->qinfifo[AHD_QIN_WRAP(ahd->qinfifonext)] = SCB_GET_TAG(scb);
861 	ahd->qinfifonext++;
862 
863 	if (scb->sg_count != 0)
864 		ahd_setup_data_scb(ahd, scb);
865 	else
866 		ahd_setup_noxfer_scb(ahd, scb);
867 	ahd_setup_scb_common(ahd, scb);
868 
869 	/*
870 	 * Make sure our data is consistent from the
871 	 * perspective of the adapter.
872 	 */
873 	ahd_sync_scb(ahd, scb, BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE);
874 
875 #ifdef AHD_DEBUG
876 	if ((ahd_debug & AHD_SHOW_QUEUE) != 0) {
877 		uint64_t host_dataptr;
878 
879 		host_dataptr = ahd_le64toh(scb->hscb->dataptr);
880 		printf("%s: Queueing SCB %d:0x%x bus addr 0x%x - 0x%x%x/0x%x\n",
881 		       ahd_name(ahd),
882 		       SCB_GET_TAG(scb), scb->hscb->scsiid,
883 		       ahd_le32toh(scb->hscb->hscb_busaddr),
884 		       (u_int)((host_dataptr >> 32) & 0xFFFFFFFF),
885 		       (u_int)(host_dataptr & 0xFFFFFFFF),
886 		       ahd_le32toh(scb->hscb->datacnt));
887 	}
888 #endif
889 	/* Tell the adapter about the newly queued SCB */
890 	ahd_set_hnscb_qoff(ahd, ahd->qinfifonext);
891 }
892 
893 /************************** Interrupt Processing ******************************/
894 static void
895 ahd_sync_qoutfifo(struct ahd_softc *ahd, int op)
896 {
897 	ahd_dmamap_sync(ahd, ahd->shared_data_dmat, ahd->shared_data_map.dmamap,
898 			/*offset*/0,
899 			/*len*/AHD_SCB_MAX * sizeof(struct ahd_completion), op);
900 }
901 
902 static void
903 ahd_sync_tqinfifo(struct ahd_softc *ahd, int op)
904 {
905 #ifdef AHD_TARGET_MODE
906 	if ((ahd->flags & AHD_TARGETROLE) != 0) {
907 		ahd_dmamap_sync(ahd, ahd->shared_data_dmat,
908 				ahd->shared_data_map.dmamap,
909 				ahd_targetcmd_offset(ahd, 0),
910 				sizeof(struct target_cmd) * AHD_TMODE_CMDS,
911 				op);
912 	}
913 #endif
914 }
915 
916 /*
917  * See if the firmware has posted any completed commands
918  * into our in-core command complete fifos.
919  */
920 #define AHD_RUN_QOUTFIFO 0x1
921 #define AHD_RUN_TQINFIFO 0x2
922 static u_int
923 ahd_check_cmdcmpltqueues(struct ahd_softc *ahd)
924 {
925 	u_int retval;
926 
927 	retval = 0;
928 	ahd_dmamap_sync(ahd, ahd->shared_data_dmat, ahd->shared_data_map.dmamap,
929 			/*offset*/ahd->qoutfifonext * sizeof(*ahd->qoutfifo),
930 			/*len*/sizeof(*ahd->qoutfifo), BUS_DMASYNC_POSTREAD);
931 	if (ahd->qoutfifo[ahd->qoutfifonext].valid_tag
932 	  == ahd->qoutfifonext_valid_tag)
933 		retval |= AHD_RUN_QOUTFIFO;
934 #ifdef AHD_TARGET_MODE
935 	if ((ahd->flags & AHD_TARGETROLE) != 0
936 	 && (ahd->flags & AHD_TQINFIFO_BLOCKED) == 0) {
937 		ahd_dmamap_sync(ahd, ahd->shared_data_dmat,
938 				ahd->shared_data_map.dmamap,
939 				ahd_targetcmd_offset(ahd, ahd->tqinfifofnext),
940 				/*len*/sizeof(struct target_cmd),
941 				BUS_DMASYNC_POSTREAD);
942 		if (ahd->targetcmds[ahd->tqinfifonext].cmd_valid != 0)
943 			retval |= AHD_RUN_TQINFIFO;
944 	}
945 #endif
946 	return (retval);
947 }
948 
949 /*
950  * Catch an interrupt from the adapter
951  */
952 int
953 ahd_intr(struct ahd_softc *ahd)
954 {
955 	u_int	intstat;
956 
957 	if ((ahd->pause & INTEN) == 0) {
958 		/*
959 		 * Our interrupt is not enabled on the chip
960 		 * and may be disabled for re-entrancy reasons,
961 		 * so just return.  This is likely just a shared
962 		 * interrupt.
963 		 */
964 		return (0);
965 	}
966 
967 	/*
968 	 * Instead of directly reading the interrupt status register,
969 	 * infer the cause of the interrupt by checking our in-core
970 	 * completion queues.  This avoids a costly PCI bus read in
971 	 * most cases.
972 	 */
973 	if ((ahd->flags & AHD_ALL_INTERRUPTS) == 0
974 	 && (ahd_check_cmdcmpltqueues(ahd) != 0))
975 		intstat = CMDCMPLT;
976 	else
977 		intstat = ahd_inb(ahd, INTSTAT);
978 
979 	if ((intstat & INT_PEND) == 0)
980 		return (0);
981 
982 	if (intstat & CMDCMPLT) {
983 		ahd_outb(ahd, CLRINT, CLRCMDINT);
984 
985 		/*
986 		 * Ensure that the chip sees that we've cleared
987 		 * this interrupt before we walk the output fifo.
988 		 * Otherwise, we may, due to posted bus writes,
989 		 * clear the interrupt after we finish the scan,
990 		 * and after the sequencer has added new entries
991 		 * and asserted the interrupt again.
992 		 */
993 		if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
994 			if (ahd_is_paused(ahd)) {
995 				/*
996 				 * Potentially lost SEQINT.
997 				 * If SEQINTCODE is non-zero,
998 				 * simulate the SEQINT.
999 				 */
1000 				if (ahd_inb(ahd, SEQINTCODE) != NO_SEQINT)
1001 					intstat |= SEQINT;
1002 			}
1003 		} else {
1004 			ahd_flush_device_writes(ahd);
1005 		}
1006 		ahd_run_qoutfifo(ahd);
1007 		ahd->cmdcmplt_counts[ahd->cmdcmplt_bucket]++;
1008 		ahd->cmdcmplt_total++;
1009 #ifdef AHD_TARGET_MODE
1010 		if ((ahd->flags & AHD_TARGETROLE) != 0)
1011 			ahd_run_tqinfifo(ahd, /*paused*/FALSE);
1012 #endif
1013 	}
1014 
1015 	/*
1016 	 * Handle statuses that may invalidate our cached
1017 	 * copy of INTSTAT separately.
1018 	 */
1019 	if (intstat == 0xFF && (ahd->features & AHD_REMOVABLE) != 0) {
1020 		/* Hot eject.  Do nothing */
1021 	} else if (intstat & HWERRINT) {
1022 		ahd_handle_hwerrint(ahd);
1023 	} else if ((intstat & (PCIINT|SPLTINT)) != 0) {
1024 		ahd->bus_intr(ahd);
1025 	} else {
1026 
1027 		if ((intstat & SEQINT) != 0)
1028 			ahd_handle_seqint(ahd, intstat);
1029 
1030 		if ((intstat & SCSIINT) != 0)
1031 			ahd_handle_scsiint(ahd, intstat);
1032 	}
1033 	return (1);
1034 }
1035 
1036 /******************************** Private Inlines *****************************/
1037 static inline void
1038 ahd_assert_atn(struct ahd_softc *ahd)
1039 {
1040 	ahd_outb(ahd, SCSISIGO, ATNO);
1041 }
1042 
1043 /*
1044  * Determine if the current connection has a packetized
1045  * agreement.  This does not necessarily mean that we
1046  * are currently in a packetized transfer.  We could
1047  * just as easily be sending or receiving a message.
1048  */
1049 static int
1050 ahd_currently_packetized(struct ahd_softc *ahd)
1051 {
1052 	ahd_mode_state	 saved_modes;
1053 	int		 packetized;
1054 
1055 	saved_modes = ahd_save_modes(ahd);
1056 	if ((ahd->bugs & AHD_PKTIZED_STATUS_BUG) != 0) {
1057 		/*
1058 		 * The packetized bit refers to the last
1059 		 * connection, not the current one.  Check
1060 		 * for non-zero LQISTATE instead.
1061 		 */
1062 		ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
1063 		packetized = ahd_inb(ahd, LQISTATE) != 0;
1064 	} else {
1065 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
1066 		packetized = ahd_inb(ahd, LQISTAT2) & PACKETIZED;
1067 	}
1068 	ahd_restore_modes(ahd, saved_modes);
1069 	return (packetized);
1070 }
1071 
1072 static inline int
1073 ahd_set_active_fifo(struct ahd_softc *ahd)
1074 {
1075 	u_int active_fifo;
1076 
1077 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
1078 	active_fifo = ahd_inb(ahd, DFFSTAT) & CURRFIFO;
1079 	switch (active_fifo) {
1080 	case 0:
1081 	case 1:
1082 		ahd_set_modes(ahd, active_fifo, active_fifo);
1083 		return (1);
1084 	default:
1085 		return (0);
1086 	}
1087 }
1088 
1089 static inline void
1090 ahd_unbusy_tcl(struct ahd_softc *ahd, u_int tcl)
1091 {
1092 	ahd_busy_tcl(ahd, tcl, SCB_LIST_NULL);
1093 }
1094 
1095 /*
1096  * Determine whether the sequencer reported a residual
1097  * for this SCB/transaction.
1098  */
1099 static inline void
1100 ahd_update_residual(struct ahd_softc *ahd, struct scb *scb)
1101 {
1102 	uint32_t sgptr;
1103 
1104 	sgptr = ahd_le32toh(scb->hscb->sgptr);
1105 	if ((sgptr & SG_STATUS_VALID) != 0)
1106 		ahd_calc_residual(ahd, scb);
1107 }
1108 
1109 static inline void
1110 ahd_complete_scb(struct ahd_softc *ahd, struct scb *scb)
1111 {
1112 	uint32_t sgptr;
1113 
1114 	sgptr = ahd_le32toh(scb->hscb->sgptr);
1115 	if ((sgptr & SG_STATUS_VALID) != 0)
1116 		ahd_handle_scb_status(ahd, scb);
1117 	else
1118 		ahd_done(ahd, scb);
1119 }
1120 
1121 
1122 /************************* Sequencer Execution Control ************************/
1123 /*
1124  * Restart the sequencer program from address zero
1125  */
1126 static void
1127 ahd_restart(struct ahd_softc *ahd)
1128 {
1129 
1130 	ahd_pause(ahd);
1131 
1132 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
1133 
1134 	/* No more pending messages */
1135 	ahd_clear_msg_state(ahd);
1136 	ahd_outb(ahd, SCSISIGO, 0);		/* De-assert BSY */
1137 	ahd_outb(ahd, MSG_OUT, MSG_NOOP);	/* No message to send */
1138 	ahd_outb(ahd, SXFRCTL1, ahd_inb(ahd, SXFRCTL1) & ~BITBUCKET);
1139 	ahd_outb(ahd, SEQINTCTL, 0);
1140 	ahd_outb(ahd, LASTPHASE, P_BUSFREE);
1141 	ahd_outb(ahd, SEQ_FLAGS, 0);
1142 	ahd_outb(ahd, SAVED_SCSIID, 0xFF);
1143 	ahd_outb(ahd, SAVED_LUN, 0xFF);
1144 
1145 	/*
1146 	 * Ensure that the sequencer's idea of TQINPOS
1147 	 * matches our own.  The sequencer increments TQINPOS
1148 	 * only after it sees a DMA complete and a reset could
1149 	 * occur before the increment leaving the kernel to believe
1150 	 * the command arrived but the sequencer to not.
1151 	 */
1152 	ahd_outb(ahd, TQINPOS, ahd->tqinfifonext);
1153 
1154 	/* Always allow reselection */
1155 	ahd_outb(ahd, SCSISEQ1,
1156 		 ahd_inb(ahd, SCSISEQ_TEMPLATE) & (ENSELI|ENRSELI|ENAUTOATNP));
1157 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
1158 
1159 	/*
1160 	 * Clear any pending sequencer interrupt.  It is no
1161 	 * longer relevant since we're resetting the Program
1162 	 * Counter.
1163 	 */
1164 	ahd_outb(ahd, CLRINT, CLRSEQINT);
1165 
1166 	ahd_outb(ahd, SEQCTL0, FASTMODE|SEQRESET);
1167 	ahd_unpause(ahd);
1168 }
1169 
1170 static void
1171 ahd_clear_fifo(struct ahd_softc *ahd, u_int fifo)
1172 {
1173 	ahd_mode_state	 saved_modes;
1174 
1175 #ifdef AHD_DEBUG
1176 	if ((ahd_debug & AHD_SHOW_FIFOS) != 0)
1177 		printf("%s: Clearing FIFO %d\n", ahd_name(ahd), fifo);
1178 #endif
1179 	saved_modes = ahd_save_modes(ahd);
1180 	ahd_set_modes(ahd, fifo, fifo);
1181 	ahd_outb(ahd, DFFSXFRCTL, RSTCHN|CLRSHCNT);
1182 	if ((ahd_inb(ahd, SG_STATE) & FETCH_INPROG) != 0)
1183 		ahd_outb(ahd, CCSGCTL, CCSGRESET);
1184 	ahd_outb(ahd, LONGJMP_ADDR + 1, INVALID_ADDR);
1185 	ahd_outb(ahd, SG_STATE, 0);
1186 	ahd_restore_modes(ahd, saved_modes);
1187 }
1188 
1189 /************************* Input/Output Queues ********************************/
1190 /*
1191  * Flush and completed commands that are sitting in the command
1192  * complete queues down on the chip but have yet to be dma'ed back up.
1193  */
1194 static void
1195 ahd_flush_qoutfifo(struct ahd_softc *ahd)
1196 {
1197 	struct		scb *scb;
1198 	ahd_mode_state	saved_modes;
1199 	u_int		saved_scbptr;
1200 	u_int		ccscbctl;
1201 	u_int		scbid;
1202 	u_int		next_scbid;
1203 
1204 	saved_modes = ahd_save_modes(ahd);
1205 
1206 	/*
1207 	 * Flush the good status FIFO for completed packetized commands.
1208 	 */
1209 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
1210 	saved_scbptr = ahd_get_scbptr(ahd);
1211 	while ((ahd_inb(ahd, LQISTAT2) & LQIGSAVAIL) != 0) {
1212 		u_int fifo_mode;
1213 		u_int i;
1214 
1215 		scbid = ahd_inw(ahd, GSFIFO);
1216 		scb = ahd_lookup_scb(ahd, scbid);
1217 		if (scb == NULL) {
1218 			printf("%s: Warning - GSFIFO SCB %d invalid\n",
1219 			       ahd_name(ahd), scbid);
1220 			continue;
1221 		}
1222 		/*
1223 		 * Determine if this transaction is still active in
1224 		 * any FIFO.  If it is, we must flush that FIFO to
1225 		 * the host before completing the  command.
1226 		 */
1227 		fifo_mode = 0;
1228 rescan_fifos:
1229 		for (i = 0; i < 2; i++) {
1230 			/* Toggle to the other mode. */
1231 			fifo_mode ^= 1;
1232 			ahd_set_modes(ahd, fifo_mode, fifo_mode);
1233 
1234 			if (ahd_scb_active_in_fifo(ahd, scb) == 0)
1235 				continue;
1236 
1237 			ahd_run_data_fifo(ahd, scb);
1238 
1239 			/*
1240 			 * Running this FIFO may cause a CFG4DATA for
1241 			 * this same transaction to assert in the other
1242 			 * FIFO or a new snapshot SAVEPTRS interrupt
1243 			 * in this FIFO.  Even running a FIFO may not
1244 			 * clear the transaction if we are still waiting
1245 			 * for data to drain to the host. We must loop
1246 			 * until the transaction is not active in either
1247 			 * FIFO just to be sure.  Reset our loop counter
1248 			 * so we will visit both FIFOs again before
1249 			 * declaring this transaction finished.  We
1250 			 * also delay a bit so that status has a chance
1251 			 * to change before we look at this FIFO again.
1252 			 */
1253 			ahd_delay(200);
1254 			goto rescan_fifos;
1255 		}
1256 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
1257 		ahd_set_scbptr(ahd, scbid);
1258 		if ((ahd_inb_scbram(ahd, SCB_SGPTR) & SG_LIST_NULL) == 0
1259 		 && ((ahd_inb_scbram(ahd, SCB_SGPTR) & SG_FULL_RESID) != 0
1260 		  || (ahd_inb_scbram(ahd, SCB_RESIDUAL_SGPTR)
1261 		      & SG_LIST_NULL) != 0)) {
1262 			u_int comp_head;
1263 
1264 			/*
1265 			 * The transfer completed with a residual.
1266 			 * Place this SCB on the complete DMA list
1267 			 * so that we update our in-core copy of the
1268 			 * SCB before completing the command.
1269 			 */
1270 			ahd_outb(ahd, SCB_SCSI_STATUS, 0);
1271 			ahd_outb(ahd, SCB_SGPTR,
1272 				 ahd_inb_scbram(ahd, SCB_SGPTR)
1273 				 | SG_STATUS_VALID);
1274 			ahd_outw(ahd, SCB_TAG, scbid);
1275 			ahd_outw(ahd, SCB_NEXT_COMPLETE, SCB_LIST_NULL);
1276 			comp_head = ahd_inw(ahd, COMPLETE_DMA_SCB_HEAD);
1277 			if (SCBID_IS_NULL(comp_head)) {
1278 				ahd_outw(ahd, COMPLETE_DMA_SCB_HEAD, scbid);
1279 				ahd_outw(ahd, COMPLETE_DMA_SCB_TAIL, scbid);
1280 			} else {
1281 				u_int tail;
1282 
1283 				tail = ahd_inw(ahd, COMPLETE_DMA_SCB_TAIL);
1284 				ahd_set_scbptr(ahd, tail);
1285 				ahd_outw(ahd, SCB_NEXT_COMPLETE, scbid);
1286 				ahd_outw(ahd, COMPLETE_DMA_SCB_TAIL, scbid);
1287 				ahd_set_scbptr(ahd, scbid);
1288 			}
1289 		} else
1290 			ahd_complete_scb(ahd, scb);
1291 	}
1292 	ahd_set_scbptr(ahd, saved_scbptr);
1293 
1294 	/*
1295 	 * Setup for command channel portion of flush.
1296 	 */
1297 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
1298 
1299 	/*
1300 	 * Wait for any inprogress DMA to complete and clear DMA state
1301 	 * if this if for an SCB in the qinfifo.
1302 	 */
1303 	while (((ccscbctl = ahd_inb(ahd, CCSCBCTL)) & (CCARREN|CCSCBEN)) != 0) {
1304 
1305 		if ((ccscbctl & (CCSCBDIR|CCARREN)) == (CCSCBDIR|CCARREN)) {
1306 			if ((ccscbctl & ARRDONE) != 0)
1307 				break;
1308 		} else if ((ccscbctl & CCSCBDONE) != 0)
1309 			break;
1310 		ahd_delay(200);
1311 	}
1312 	/*
1313 	 * We leave the sequencer to cleanup in the case of DMA's to
1314 	 * update the qoutfifo.  In all other cases (DMA's to the
1315 	 * chip or a push of an SCB from the COMPLETE_DMA_SCB list),
1316 	 * we disable the DMA engine so that the sequencer will not
1317 	 * attempt to handle the DMA completion.
1318 	 */
1319 	if ((ccscbctl & CCSCBDIR) != 0 || (ccscbctl & ARRDONE) != 0)
1320 		ahd_outb(ahd, CCSCBCTL, ccscbctl & ~(CCARREN|CCSCBEN));
1321 
1322 	/*
1323 	 * Complete any SCBs that just finished
1324 	 * being DMA'ed into the qoutfifo.
1325 	 */
1326 	ahd_run_qoutfifo(ahd);
1327 
1328 	saved_scbptr = ahd_get_scbptr(ahd);
1329 	/*
1330 	 * Manually update/complete any completed SCBs that are waiting to be
1331 	 * DMA'ed back up to the host.
1332 	 */
1333 	scbid = ahd_inw(ahd, COMPLETE_DMA_SCB_HEAD);
1334 	while (!SCBID_IS_NULL(scbid)) {
1335 		uint8_t *hscb_ptr;
1336 		u_int	 i;
1337 
1338 		ahd_set_scbptr(ahd, scbid);
1339 		next_scbid = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
1340 		scb = ahd_lookup_scb(ahd, scbid);
1341 		if (scb == NULL) {
1342 			printf("%s: Warning - DMA-up and complete "
1343 			       "SCB %d invalid\n", ahd_name(ahd), scbid);
1344 			continue;
1345 		}
1346 		hscb_ptr = (uint8_t *)scb->hscb;
1347 		for (i = 0; i < sizeof(struct hardware_scb); i++)
1348 			*hscb_ptr++ = ahd_inb_scbram(ahd, SCB_BASE + i);
1349 
1350 		ahd_complete_scb(ahd, scb);
1351 		scbid = next_scbid;
1352 	}
1353 	ahd_outw(ahd, COMPLETE_DMA_SCB_HEAD, SCB_LIST_NULL);
1354 	ahd_outw(ahd, COMPLETE_DMA_SCB_TAIL, SCB_LIST_NULL);
1355 
1356 	scbid = ahd_inw(ahd, COMPLETE_ON_QFREEZE_HEAD);
1357 	while (!SCBID_IS_NULL(scbid)) {
1358 
1359 		ahd_set_scbptr(ahd, scbid);
1360 		next_scbid = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
1361 		scb = ahd_lookup_scb(ahd, scbid);
1362 		if (scb == NULL) {
1363 			printf("%s: Warning - Complete Qfrz SCB %d invalid\n",
1364 			       ahd_name(ahd), scbid);
1365 			continue;
1366 		}
1367 
1368 		ahd_complete_scb(ahd, scb);
1369 		scbid = next_scbid;
1370 	}
1371 	ahd_outw(ahd, COMPLETE_ON_QFREEZE_HEAD, SCB_LIST_NULL);
1372 
1373 	scbid = ahd_inw(ahd, COMPLETE_SCB_HEAD);
1374 	while (!SCBID_IS_NULL(scbid)) {
1375 
1376 		ahd_set_scbptr(ahd, scbid);
1377 		next_scbid = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
1378 		scb = ahd_lookup_scb(ahd, scbid);
1379 		if (scb == NULL) {
1380 			printf("%s: Warning - Complete SCB %d invalid\n",
1381 			       ahd_name(ahd), scbid);
1382 			continue;
1383 		}
1384 
1385 		ahd_complete_scb(ahd, scb);
1386 		scbid = next_scbid;
1387 	}
1388 	ahd_outw(ahd, COMPLETE_SCB_HEAD, SCB_LIST_NULL);
1389 
1390 	/*
1391 	 * Restore state.
1392 	 */
1393 	ahd_set_scbptr(ahd, saved_scbptr);
1394 	ahd_restore_modes(ahd, saved_modes);
1395 	ahd->flags |= AHD_UPDATE_PEND_CMDS;
1396 }
1397 
1398 /*
1399  * Determine if an SCB for a packetized transaction
1400  * is active in a FIFO.
1401  */
1402 static int
1403 ahd_scb_active_in_fifo(struct ahd_softc *ahd, struct scb *scb)
1404 {
1405 
1406 	/*
1407 	 * The FIFO is only active for our transaction if
1408 	 * the SCBPTR matches the SCB's ID and the firmware
1409 	 * has installed a handler for the FIFO or we have
1410 	 * a pending SAVEPTRS or CFG4DATA interrupt.
1411 	 */
1412 	if (ahd_get_scbptr(ahd) != SCB_GET_TAG(scb)
1413 	 || ((ahd_inb(ahd, LONGJMP_ADDR+1) & INVALID_ADDR) != 0
1414 	  && (ahd_inb(ahd, SEQINTSRC) & (CFG4DATA|SAVEPTRS)) == 0))
1415 		return (0);
1416 
1417 	return (1);
1418 }
1419 
1420 /*
1421  * Run a data fifo to completion for a transaction we know
1422  * has completed across the SCSI bus (good status has been
1423  * received).  We are already set to the correct FIFO mode
1424  * on entry to this routine.
1425  *
1426  * This function attempts to operate exactly as the firmware
1427  * would when running this FIFO.  Care must be taken to update
1428  * this routine any time the firmware's FIFO algorithm is
1429  * changed.
1430  */
1431 static void
1432 ahd_run_data_fifo(struct ahd_softc *ahd, struct scb *scb)
1433 {
1434 	u_int seqintsrc;
1435 
1436 	seqintsrc = ahd_inb(ahd, SEQINTSRC);
1437 	if ((seqintsrc & CFG4DATA) != 0) {
1438 		uint32_t datacnt;
1439 		uint32_t sgptr;
1440 
1441 		/*
1442 		 * Clear full residual flag.
1443 		 */
1444 		sgptr = ahd_inl_scbram(ahd, SCB_SGPTR) & ~SG_FULL_RESID;
1445 		ahd_outb(ahd, SCB_SGPTR, sgptr);
1446 
1447 		/*
1448 		 * Load datacnt and address.
1449 		 */
1450 		datacnt = ahd_inl_scbram(ahd, SCB_DATACNT);
1451 		if ((datacnt & AHD_DMA_LAST_SEG) != 0) {
1452 			sgptr |= LAST_SEG;
1453 			ahd_outb(ahd, SG_STATE, 0);
1454 		} else
1455 			ahd_outb(ahd, SG_STATE, LOADING_NEEDED);
1456 		ahd_outq(ahd, HADDR, ahd_inq_scbram(ahd, SCB_DATAPTR));
1457 		ahd_outl(ahd, HCNT, datacnt & AHD_SG_LEN_MASK);
1458 		ahd_outb(ahd, SG_CACHE_PRE, sgptr);
1459 		ahd_outb(ahd, DFCNTRL, PRELOADEN|SCSIEN|HDMAEN);
1460 
1461 		/*
1462 		 * Initialize Residual Fields.
1463 		 */
1464 		ahd_outb(ahd, SCB_RESIDUAL_DATACNT+3, datacnt >> 24);
1465 		ahd_outl(ahd, SCB_RESIDUAL_SGPTR, sgptr & SG_PTR_MASK);
1466 
1467 		/*
1468 		 * Mark the SCB as having a FIFO in use.
1469 		 */
1470 		ahd_outb(ahd, SCB_FIFO_USE_COUNT,
1471 			 ahd_inb_scbram(ahd, SCB_FIFO_USE_COUNT) + 1);
1472 
1473 		/*
1474 		 * Install a "fake" handler for this FIFO.
1475 		 */
1476 		ahd_outw(ahd, LONGJMP_ADDR, 0);
1477 
1478 		/*
1479 		 * Notify the hardware that we have satisfied
1480 		 * this sequencer interrupt.
1481 		 */
1482 		ahd_outb(ahd, CLRSEQINTSRC, CLRCFG4DATA);
1483 	} else if ((seqintsrc & SAVEPTRS) != 0) {
1484 		uint32_t sgptr;
1485 		uint32_t resid;
1486 
1487 		if ((ahd_inb(ahd, LONGJMP_ADDR+1)&INVALID_ADDR) != 0) {
1488 			/*
1489 			 * Snapshot Save Pointers.  All that
1490 			 * is necessary to clear the snapshot
1491 			 * is a CLRCHN.
1492 			 */
1493 			goto clrchn;
1494 		}
1495 
1496 		/*
1497 		 * Disable S/G fetch so the DMA engine
1498 		 * is available to future users.
1499 		 */
1500 		if ((ahd_inb(ahd, SG_STATE) & FETCH_INPROG) != 0)
1501 			ahd_outb(ahd, CCSGCTL, 0);
1502 		ahd_outb(ahd, SG_STATE, 0);
1503 
1504 		/*
1505 		 * Flush the data FIFO.  Strickly only
1506 		 * necessary for Rev A parts.
1507 		 */
1508 		ahd_outb(ahd, DFCNTRL, ahd_inb(ahd, DFCNTRL) | FIFOFLUSH);
1509 
1510 		/*
1511 		 * Calculate residual.
1512 		 */
1513 		sgptr = ahd_inl_scbram(ahd, SCB_RESIDUAL_SGPTR);
1514 		resid = ahd_inl(ahd, SHCNT);
1515 		resid |= ahd_inb_scbram(ahd, SCB_RESIDUAL_DATACNT+3) << 24;
1516 		ahd_outl(ahd, SCB_RESIDUAL_DATACNT, resid);
1517 		if ((ahd_inb(ahd, SG_CACHE_SHADOW) & LAST_SEG) == 0) {
1518 			/*
1519 			 * Must back up to the correct S/G element.
1520 			 * Typically this just means resetting our
1521 			 * low byte to the offset in the SG_CACHE,
1522 			 * but if we wrapped, we have to correct
1523 			 * the other bytes of the sgptr too.
1524 			 */
1525 			if ((ahd_inb(ahd, SG_CACHE_SHADOW) & 0x80) != 0
1526 			 && (sgptr & 0x80) == 0)
1527 				sgptr -= 0x100;
1528 			sgptr &= ~0xFF;
1529 			sgptr |= ahd_inb(ahd, SG_CACHE_SHADOW)
1530 			       & SG_ADDR_MASK;
1531 			ahd_outl(ahd, SCB_RESIDUAL_SGPTR, sgptr);
1532 			ahd_outb(ahd, SCB_RESIDUAL_DATACNT + 3, 0);
1533 		} else if ((resid & AHD_SG_LEN_MASK) == 0) {
1534 			ahd_outb(ahd, SCB_RESIDUAL_SGPTR,
1535 				 sgptr | SG_LIST_NULL);
1536 		}
1537 		/*
1538 		 * Save Pointers.
1539 		 */
1540 		ahd_outq(ahd, SCB_DATAPTR, ahd_inq(ahd, SHADDR));
1541 		ahd_outl(ahd, SCB_DATACNT, resid);
1542 		ahd_outl(ahd, SCB_SGPTR, sgptr);
1543 		ahd_outb(ahd, CLRSEQINTSRC, CLRSAVEPTRS);
1544 		ahd_outb(ahd, SEQIMODE,
1545 			 ahd_inb(ahd, SEQIMODE) | ENSAVEPTRS);
1546 		/*
1547 		 * If the data is to the SCSI bus, we are
1548 		 * done, otherwise wait for FIFOEMP.
1549 		 */
1550 		if ((ahd_inb(ahd, DFCNTRL) & DIRECTION) != 0)
1551 			goto clrchn;
1552 	} else if ((ahd_inb(ahd, SG_STATE) & LOADING_NEEDED) != 0) {
1553 		uint32_t sgptr;
1554 		uint64_t data_addr;
1555 		uint32_t data_len;
1556 		u_int	 dfcntrl;
1557 
1558 		/*
1559 		 * Disable S/G fetch so the DMA engine
1560 		 * is available to future users.  We won't
1561 		 * be using the DMA engine to load segments.
1562 		 */
1563 		if ((ahd_inb(ahd, SG_STATE) & FETCH_INPROG) != 0) {
1564 			ahd_outb(ahd, CCSGCTL, 0);
1565 			ahd_outb(ahd, SG_STATE, LOADING_NEEDED);
1566 		}
1567 
1568 		/*
1569 		 * Wait for the DMA engine to notice that the
1570 		 * host transfer is enabled and that there is
1571 		 * space in the S/G FIFO for new segments before
1572 		 * loading more segments.
1573 		 */
1574 		if ((ahd_inb(ahd, DFSTATUS) & PRELOAD_AVAIL) != 0
1575 		 && (ahd_inb(ahd, DFCNTRL) & HDMAENACK) != 0) {
1576 
1577 			/*
1578 			 * Determine the offset of the next S/G
1579 			 * element to load.
1580 			 */
1581 			sgptr = ahd_inl_scbram(ahd, SCB_RESIDUAL_SGPTR);
1582 			sgptr &= SG_PTR_MASK;
1583 			if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
1584 				struct ahd_dma64_seg *sg;
1585 
1586 				sg = ahd_sg_bus_to_virt(ahd, scb, sgptr);
1587 				data_addr = sg->addr;
1588 				data_len = sg->len;
1589 				sgptr += sizeof(*sg);
1590 			} else {
1591 				struct	ahd_dma_seg *sg;
1592 
1593 				sg = ahd_sg_bus_to_virt(ahd, scb, sgptr);
1594 				data_addr = sg->len & AHD_SG_HIGH_ADDR_MASK;
1595 				data_addr <<= 8;
1596 				data_addr |= sg->addr;
1597 				data_len = sg->len;
1598 				sgptr += sizeof(*sg);
1599 			}
1600 
1601 			/*
1602 			 * Update residual information.
1603 			 */
1604 			ahd_outb(ahd, SCB_RESIDUAL_DATACNT+3, data_len >> 24);
1605 			ahd_outl(ahd, SCB_RESIDUAL_SGPTR, sgptr);
1606 
1607 			/*
1608 			 * Load the S/G.
1609 			 */
1610 			if (data_len & AHD_DMA_LAST_SEG) {
1611 				sgptr |= LAST_SEG;
1612 				ahd_outb(ahd, SG_STATE, 0);
1613 			}
1614 			ahd_outq(ahd, HADDR, data_addr);
1615 			ahd_outl(ahd, HCNT, data_len & AHD_SG_LEN_MASK);
1616 			ahd_outb(ahd, SG_CACHE_PRE, sgptr & 0xFF);
1617 
1618 			/*
1619 			 * Advertise the segment to the hardware.
1620 			 */
1621 			dfcntrl = ahd_inb(ahd, DFCNTRL)|PRELOADEN|HDMAEN;
1622 			if ((ahd->features & AHD_NEW_DFCNTRL_OPTS) != 0) {
1623 				/*
1624 				 * Use SCSIENWRDIS so that SCSIEN
1625 				 * is never modified by this
1626 				 * operation.
1627 				 */
1628 				dfcntrl |= SCSIENWRDIS;
1629 			}
1630 			ahd_outb(ahd, DFCNTRL, dfcntrl);
1631 		}
1632 	} else if ((ahd_inb(ahd, SG_CACHE_SHADOW) & LAST_SEG_DONE) != 0) {
1633 
1634 		/*
1635 		 * Transfer completed to the end of SG list
1636 		 * and has flushed to the host.
1637 		 */
1638 		ahd_outb(ahd, SCB_SGPTR,
1639 			 ahd_inb_scbram(ahd, SCB_SGPTR) | SG_LIST_NULL);
1640 		goto clrchn;
1641 	} else if ((ahd_inb(ahd, DFSTATUS) & FIFOEMP) != 0) {
1642 clrchn:
1643 		/*
1644 		 * Clear any handler for this FIFO, decrement
1645 		 * the FIFO use count for the SCB, and release
1646 		 * the FIFO.
1647 		 */
1648 		ahd_outb(ahd, LONGJMP_ADDR + 1, INVALID_ADDR);
1649 		ahd_outb(ahd, SCB_FIFO_USE_COUNT,
1650 			 ahd_inb_scbram(ahd, SCB_FIFO_USE_COUNT) - 1);
1651 		ahd_outb(ahd, DFFSXFRCTL, CLRCHN);
1652 	}
1653 }
1654 
1655 /*
1656  * Look for entries in the QoutFIFO that have completed.
1657  * The valid_tag completion field indicates the validity
1658  * of the entry - the valid value toggles each time through
1659  * the queue. We use the sg_status field in the completion
1660  * entry to avoid referencing the hscb if the completion
1661  * occurred with no errors and no residual.  sg_status is
1662  * a copy of the first byte (little endian) of the sgptr
1663  * hscb field.
1664  */
1665 static void
1666 ahd_run_qoutfifo(struct ahd_softc *ahd)
1667 {
1668 	struct ahd_completion *completion;
1669 	struct scb *scb;
1670 	u_int  scb_index;
1671 
1672 	if ((ahd->flags & AHD_RUNNING_QOUTFIFO) != 0)
1673 		panic("ahd_run_qoutfifo recursion");
1674 	ahd->flags |= AHD_RUNNING_QOUTFIFO;
1675 	ahd_sync_qoutfifo(ahd, BUS_DMASYNC_POSTREAD);
1676 	for (;;) {
1677 		completion = &ahd->qoutfifo[ahd->qoutfifonext];
1678 
1679 		if (completion->valid_tag != ahd->qoutfifonext_valid_tag)
1680 			break;
1681 
1682 		scb_index = ahd_le16toh(completion->tag);
1683 		scb = ahd_lookup_scb(ahd, scb_index);
1684 		if (scb == NULL) {
1685 			printf("%s: WARNING no command for scb %d "
1686 			       "(cmdcmplt)\nQOUTPOS = %d\n",
1687 			       ahd_name(ahd), scb_index,
1688 			       ahd->qoutfifonext);
1689 			ahd_dump_card_state(ahd);
1690 		} else if ((completion->sg_status & SG_STATUS_VALID) != 0) {
1691 			ahd_handle_scb_status(ahd, scb);
1692 		} else {
1693 			ahd_done(ahd, scb);
1694 		}
1695 
1696 		ahd->qoutfifonext = (ahd->qoutfifonext+1) & (AHD_QOUT_SIZE-1);
1697 		if (ahd->qoutfifonext == 0)
1698 			ahd->qoutfifonext_valid_tag ^= QOUTFIFO_ENTRY_VALID;
1699 	}
1700 	ahd->flags &= ~AHD_RUNNING_QOUTFIFO;
1701 }
1702 
1703 /************************* Interrupt Handling *********************************/
1704 static void
1705 ahd_handle_hwerrint(struct ahd_softc *ahd)
1706 {
1707 	/*
1708 	 * Some catastrophic hardware error has occurred.
1709 	 * Print it for the user and disable the controller.
1710 	 */
1711 	int i;
1712 	int error;
1713 
1714 	error = ahd_inb(ahd, ERROR);
1715 	for (i = 0; i < num_errors; i++) {
1716 		if ((error & ahd_hard_errors[i].errno) != 0)
1717 			printf("%s: hwerrint, %s\n",
1718 			       ahd_name(ahd), ahd_hard_errors[i].errmesg);
1719 	}
1720 
1721 	ahd_dump_card_state(ahd);
1722 	panic("BRKADRINT");
1723 
1724 	/* Tell everyone that this HBA is no longer available */
1725 	ahd_abort_scbs(ahd, CAM_TARGET_WILDCARD, ALL_CHANNELS,
1726 		       CAM_LUN_WILDCARD, SCB_LIST_NULL, ROLE_UNKNOWN,
1727 		       CAM_NO_HBA);
1728 
1729 	/* Tell the system that this controller has gone away. */
1730 	ahd_free(ahd);
1731 }
1732 
1733 #ifdef AHD_DEBUG
1734 static void
1735 ahd_dump_sglist(struct scb *scb)
1736 {
1737 	int i;
1738 
1739 	if (scb->sg_count > 0) {
1740 		if ((scb->ahd_softc->flags & AHD_64BIT_ADDRESSING) != 0) {
1741 			struct ahd_dma64_seg *sg_list;
1742 
1743 			sg_list = (struct ahd_dma64_seg*)scb->sg_list;
1744 			for (i = 0; i < scb->sg_count; i++) {
1745 				uint64_t addr;
1746 				uint32_t len;
1747 
1748 				addr = ahd_le64toh(sg_list[i].addr);
1749 				len = ahd_le32toh(sg_list[i].len);
1750 				printf("sg[%d] - Addr 0x%x%x : Length %d%s\n",
1751 				       i,
1752 				       (uint32_t)((addr >> 32) & 0xFFFFFFFF),
1753 				       (uint32_t)(addr & 0xFFFFFFFF),
1754 				       sg_list[i].len & AHD_SG_LEN_MASK,
1755 				       (sg_list[i].len & AHD_DMA_LAST_SEG)
1756 				     ? " Last" : "");
1757 			}
1758 		} else {
1759 			struct ahd_dma_seg *sg_list;
1760 
1761 			sg_list = (struct ahd_dma_seg*)scb->sg_list;
1762 			for (i = 0; i < scb->sg_count; i++) {
1763 				uint32_t len;
1764 
1765 				len = ahd_le32toh(sg_list[i].len);
1766 				printf("sg[%d] - Addr 0x%x%x : Length %d%s\n",
1767 				       i,
1768 				       (len & AHD_SG_HIGH_ADDR_MASK) >> 24,
1769 				       ahd_le32toh(sg_list[i].addr),
1770 				       len & AHD_SG_LEN_MASK,
1771 				       len & AHD_DMA_LAST_SEG ? " Last" : "");
1772 			}
1773 		}
1774 	}
1775 }
1776 #endif  /*  AHD_DEBUG  */
1777 
1778 static void
1779 ahd_handle_seqint(struct ahd_softc *ahd, u_int intstat)
1780 {
1781 	u_int seqintcode;
1782 
1783 	/*
1784 	 * Save the sequencer interrupt code and clear the SEQINT
1785 	 * bit. We will unpause the sequencer, if appropriate,
1786 	 * after servicing the request.
1787 	 */
1788 	seqintcode = ahd_inb(ahd, SEQINTCODE);
1789 	ahd_outb(ahd, CLRINT, CLRSEQINT);
1790 	if ((ahd->bugs & AHD_INTCOLLISION_BUG) != 0) {
1791 		/*
1792 		 * Unpause the sequencer and let it clear
1793 		 * SEQINT by writing NO_SEQINT to it.  This
1794 		 * will cause the sequencer to be paused again,
1795 		 * which is the expected state of this routine.
1796 		 */
1797 		ahd_unpause(ahd);
1798 		while (!ahd_is_paused(ahd))
1799 			;
1800 		ahd_outb(ahd, CLRINT, CLRSEQINT);
1801 	}
1802 	ahd_update_modes(ahd);
1803 #ifdef AHD_DEBUG
1804 	if ((ahd_debug & AHD_SHOW_MISC) != 0)
1805 		printf("%s: Handle Seqint Called for code %d\n",
1806 		       ahd_name(ahd), seqintcode);
1807 #endif
1808 	switch (seqintcode) {
1809 	case ENTERING_NONPACK:
1810 	{
1811 		struct	scb *scb;
1812 		u_int	scbid;
1813 
1814 		AHD_ASSERT_MODES(ahd, ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK),
1815 				 ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK));
1816 		scbid = ahd_get_scbptr(ahd);
1817 		scb = ahd_lookup_scb(ahd, scbid);
1818 		if (scb == NULL) {
1819 			/*
1820 			 * Somehow need to know if this
1821 			 * is from a selection or reselection.
1822 			 * From that, we can determine target
1823 			 * ID so we at least have an I_T nexus.
1824 			 */
1825 		} else {
1826 			ahd_outb(ahd, SAVED_SCSIID, scb->hscb->scsiid);
1827 			ahd_outb(ahd, SAVED_LUN, scb->hscb->lun);
1828 			ahd_outb(ahd, SEQ_FLAGS, 0x0);
1829 		}
1830 		if ((ahd_inb(ahd, LQISTAT2) & LQIPHASE_OUTPKT) != 0
1831 		 && (ahd_inb(ahd, SCSISIGO) & ATNO) != 0) {
1832 			/*
1833 			 * Phase change after read stream with
1834 			 * CRC error with P0 asserted on last
1835 			 * packet.
1836 			 */
1837 #ifdef AHD_DEBUG
1838 			if ((ahd_debug & AHD_SHOW_RECOVERY) != 0)
1839 				printf("%s: Assuming LQIPHASE_NLQ with "
1840 				       "P0 assertion\n", ahd_name(ahd));
1841 #endif
1842 		}
1843 #ifdef AHD_DEBUG
1844 		if ((ahd_debug & AHD_SHOW_RECOVERY) != 0)
1845 			printf("%s: Entering NONPACK\n", ahd_name(ahd));
1846 #endif
1847 		break;
1848 	}
1849 	case INVALID_SEQINT:
1850 		printf("%s: Invalid Sequencer interrupt occurred, "
1851 		       "resetting channel.\n",
1852 		       ahd_name(ahd));
1853 #ifdef AHD_DEBUG
1854 		if ((ahd_debug & AHD_SHOW_RECOVERY) != 0)
1855 			ahd_dump_card_state(ahd);
1856 #endif
1857 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
1858 		break;
1859 	case STATUS_OVERRUN:
1860 	{
1861 		struct	scb *scb;
1862 		u_int	scbid;
1863 
1864 		scbid = ahd_get_scbptr(ahd);
1865 		scb = ahd_lookup_scb(ahd, scbid);
1866 		if (scb != NULL)
1867 			ahd_print_path(ahd, scb);
1868 		else
1869 			printf("%s: ", ahd_name(ahd));
1870 		printf("SCB %d Packetized Status Overrun", scbid);
1871 		ahd_dump_card_state(ahd);
1872 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
1873 		break;
1874 	}
1875 	case CFG4ISTAT_INTR:
1876 	{
1877 		struct	scb *scb;
1878 		u_int	scbid;
1879 
1880 		scbid = ahd_get_scbptr(ahd);
1881 		scb = ahd_lookup_scb(ahd, scbid);
1882 		if (scb == NULL) {
1883 			ahd_dump_card_state(ahd);
1884 			printf("CFG4ISTAT: Free SCB %d referenced", scbid);
1885 			panic("For safety");
1886 		}
1887 		ahd_outq(ahd, HADDR, scb->sense_busaddr);
1888 		ahd_outw(ahd, HCNT, AHD_SENSE_BUFSIZE);
1889 		ahd_outb(ahd, HCNT + 2, 0);
1890 		ahd_outb(ahd, SG_CACHE_PRE, SG_LAST_SEG);
1891 		ahd_outb(ahd, DFCNTRL, PRELOADEN|SCSIEN|HDMAEN);
1892 		break;
1893 	}
1894 	case ILLEGAL_PHASE:
1895 	{
1896 		u_int bus_phase;
1897 
1898 		bus_phase = ahd_inb(ahd, SCSISIGI) & PHASE_MASK;
1899 		printf("%s: ILLEGAL_PHASE 0x%x\n",
1900 		       ahd_name(ahd), bus_phase);
1901 
1902 		switch (bus_phase) {
1903 		case P_DATAOUT:
1904 		case P_DATAIN:
1905 		case P_DATAOUT_DT:
1906 		case P_DATAIN_DT:
1907 		case P_MESGOUT:
1908 		case P_STATUS:
1909 		case P_MESGIN:
1910 			ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
1911 			printf("%s: Issued Bus Reset.\n", ahd_name(ahd));
1912 			break;
1913 		case P_COMMAND:
1914 		{
1915 			struct	ahd_devinfo devinfo;
1916 			struct	scb *scb;
1917 			struct	ahd_initiator_tinfo *targ_info;
1918 			struct	ahd_tmode_tstate *tstate;
1919 			struct	ahd_transinfo *tinfo;
1920 			u_int	scbid;
1921 
1922 			/*
1923 			 * If a target takes us into the command phase
1924 			 * assume that it has been externally reset and
1925 			 * has thus lost our previous packetized negotiation
1926 			 * agreement.  Since we have not sent an identify
1927 			 * message and may not have fully qualified the
1928 			 * connection, we change our command to TUR, assert
1929 			 * ATN and ABORT the task when we go to message in
1930 			 * phase.  The OSM will see the REQUEUE_REQUEST
1931 			 * status and retry the command.
1932 			 */
1933 			scbid = ahd_get_scbptr(ahd);
1934 			scb = ahd_lookup_scb(ahd, scbid);
1935 			if (scb == NULL) {
1936 				printf("Invalid phase with no valid SCB.  "
1937 				       "Resetting bus.\n");
1938 				ahd_reset_channel(ahd, 'A',
1939 						  /*Initiate Reset*/TRUE);
1940 				break;
1941 			}
1942 			ahd_compile_devinfo(&devinfo, SCB_GET_OUR_ID(scb),
1943 					    SCB_GET_TARGET(ahd, scb),
1944 					    SCB_GET_LUN(scb),
1945 					    SCB_GET_CHANNEL(ahd, scb),
1946 					    ROLE_INITIATOR);
1947 			targ_info = ahd_fetch_transinfo(ahd,
1948 							devinfo.channel,
1949 							devinfo.our_scsiid,
1950 							devinfo.target,
1951 							&tstate);
1952 			tinfo = &targ_info->curr;
1953 			ahd_set_width(ahd, &devinfo, MSG_EXT_WDTR_BUS_8_BIT,
1954 				      AHD_TRANS_ACTIVE, /*paused*/TRUE);
1955 			ahd_set_syncrate(ahd, &devinfo, /*period*/0,
1956 					 /*offset*/0, /*ppr_options*/0,
1957 					 AHD_TRANS_ACTIVE, /*paused*/TRUE);
1958 			/* Hand-craft TUR command */
1959 			ahd_outb(ahd, SCB_CDB_STORE, 0);
1960 			ahd_outb(ahd, SCB_CDB_STORE+1, 0);
1961 			ahd_outb(ahd, SCB_CDB_STORE+2, 0);
1962 			ahd_outb(ahd, SCB_CDB_STORE+3, 0);
1963 			ahd_outb(ahd, SCB_CDB_STORE+4, 0);
1964 			ahd_outb(ahd, SCB_CDB_STORE+5, 0);
1965 			ahd_outb(ahd, SCB_CDB_LEN, 6);
1966 			scb->hscb->control &= ~(TAG_ENB|SCB_TAG_TYPE);
1967 			scb->hscb->control |= MK_MESSAGE;
1968 			ahd_outb(ahd, SCB_CONTROL, scb->hscb->control);
1969 			ahd_outb(ahd, MSG_OUT, HOST_MSG);
1970 			ahd_outb(ahd, SAVED_SCSIID, scb->hscb->scsiid);
1971 			/*
1972 			 * The lun is 0, regardless of the SCB's lun
1973 			 * as we have not sent an identify message.
1974 			 */
1975 			ahd_outb(ahd, SAVED_LUN, 0);
1976 			ahd_outb(ahd, SEQ_FLAGS, 0);
1977 			ahd_assert_atn(ahd);
1978 			scb->flags &= ~SCB_PACKETIZED;
1979 			scb->flags |= SCB_ABORT|SCB_EXTERNAL_RESET;
1980 			ahd_freeze_devq(ahd, scb);
1981 			ahd_set_transaction_status(scb, CAM_REQUEUE_REQ);
1982 			ahd_freeze_scb(scb);
1983 
1984 			/* Notify XPT */
1985 			ahd_send_async(ahd, devinfo.channel, devinfo.target,
1986 				       CAM_LUN_WILDCARD, AC_SENT_BDR);
1987 
1988 			/*
1989 			 * Allow the sequencer to continue with
1990 			 * non-pack processing.
1991 			 */
1992 			ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
1993 			ahd_outb(ahd, CLRLQOINT1, CLRLQOPHACHGINPKT);
1994 			if ((ahd->bugs & AHD_CLRLQO_AUTOCLR_BUG) != 0) {
1995 				ahd_outb(ahd, CLRLQOINT1, 0);
1996 			}
1997 #ifdef AHD_DEBUG
1998 			if ((ahd_debug & AHD_SHOW_RECOVERY) != 0) {
1999 				ahd_print_path(ahd, scb);
2000 				printf("Unexpected command phase from "
2001 				       "packetized target\n");
2002 			}
2003 #endif
2004 			break;
2005 		}
2006 		}
2007 		break;
2008 	}
2009 	case CFG4OVERRUN:
2010 	{
2011 		struct	scb *scb;
2012 		u_int	scb_index;
2013 
2014 #ifdef AHD_DEBUG
2015 		if ((ahd_debug & AHD_SHOW_RECOVERY) != 0) {
2016 			printf("%s: CFG4OVERRUN mode = %x\n", ahd_name(ahd),
2017 			       ahd_inb(ahd, MODE_PTR));
2018 		}
2019 #endif
2020 		scb_index = ahd_get_scbptr(ahd);
2021 		scb = ahd_lookup_scb(ahd, scb_index);
2022 		if (scb == NULL) {
2023 			/*
2024 			 * Attempt to transfer to an SCB that is
2025 			 * not outstanding.
2026 			 */
2027 			ahd_assert_atn(ahd);
2028 			ahd_outb(ahd, MSG_OUT, HOST_MSG);
2029 			ahd->msgout_buf[0] = MSG_ABORT_TASK;
2030 			ahd->msgout_len = 1;
2031 			ahd->msgout_index = 0;
2032 			ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
2033 			/*
2034 			 * Clear status received flag to prevent any
2035 			 * attempt to complete this bogus SCB.
2036 			 */
2037 			ahd_outb(ahd, SCB_CONTROL,
2038 				 ahd_inb_scbram(ahd, SCB_CONTROL)
2039 				 & ~STATUS_RCVD);
2040 		}
2041 		break;
2042 	}
2043 	case DUMP_CARD_STATE:
2044 	{
2045 		ahd_dump_card_state(ahd);
2046 		break;
2047 	}
2048 	case PDATA_REINIT:
2049 	{
2050 #ifdef AHD_DEBUG
2051 		if ((ahd_debug & AHD_SHOW_RECOVERY) != 0) {
2052 			printf("%s: PDATA_REINIT - DFCNTRL = 0x%x "
2053 			       "SG_CACHE_SHADOW = 0x%x\n",
2054 			       ahd_name(ahd), ahd_inb(ahd, DFCNTRL),
2055 			       ahd_inb(ahd, SG_CACHE_SHADOW));
2056 		}
2057 #endif
2058 		ahd_reinitialize_dataptrs(ahd);
2059 		break;
2060 	}
2061 	case HOST_MSG_LOOP:
2062 	{
2063 		struct ahd_devinfo devinfo;
2064 
2065 		/*
2066 		 * The sequencer has encountered a message phase
2067 		 * that requires host assistance for completion.
2068 		 * While handling the message phase(s), we will be
2069 		 * notified by the sequencer after each byte is
2070 		 * transfered so we can track bus phase changes.
2071 		 *
2072 		 * If this is the first time we've seen a HOST_MSG_LOOP
2073 		 * interrupt, initialize the state of the host message
2074 		 * loop.
2075 		 */
2076 		ahd_fetch_devinfo(ahd, &devinfo);
2077 		if (ahd->msg_type == MSG_TYPE_NONE) {
2078 			struct scb *scb;
2079 			u_int scb_index;
2080 			u_int bus_phase;
2081 
2082 			bus_phase = ahd_inb(ahd, SCSISIGI) & PHASE_MASK;
2083 			if (bus_phase != P_MESGIN
2084 			 && bus_phase != P_MESGOUT) {
2085 				printf("ahd_intr: HOST_MSG_LOOP bad "
2086 				       "phase 0x%x\n", bus_phase);
2087 				/*
2088 				 * Probably transitioned to bus free before
2089 				 * we got here.  Just punt the message.
2090 				 */
2091 				ahd_dump_card_state(ahd);
2092 				ahd_clear_intstat(ahd);
2093 				ahd_restart(ahd);
2094 				return;
2095 			}
2096 
2097 			scb_index = ahd_get_scbptr(ahd);
2098 			scb = ahd_lookup_scb(ahd, scb_index);
2099 			if (devinfo.role == ROLE_INITIATOR) {
2100 				if (bus_phase == P_MESGOUT)
2101 					ahd_setup_initiator_msgout(ahd,
2102 								   &devinfo,
2103 								   scb);
2104 				else {
2105 					ahd->msg_type =
2106 					    MSG_TYPE_INITIATOR_MSGIN;
2107 					ahd->msgin_index = 0;
2108 				}
2109 			}
2110 #ifdef AHD_TARGET_MODE
2111 			else {
2112 				if (bus_phase == P_MESGOUT) {
2113 					ahd->msg_type =
2114 					    MSG_TYPE_TARGET_MSGOUT;
2115 					ahd->msgin_index = 0;
2116 				}
2117 				else
2118 					ahd_setup_target_msgin(ahd,
2119 							       &devinfo,
2120 							       scb);
2121 			}
2122 #endif
2123 		}
2124 
2125 		ahd_handle_message_phase(ahd);
2126 		break;
2127 	}
2128 	case NO_MATCH:
2129 	{
2130 		/* Ensure we don't leave the selection hardware on */
2131 		AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
2132 		ahd_outb(ahd, SCSISEQ0, ahd_inb(ahd, SCSISEQ0) & ~ENSELO);
2133 
2134 		printf("%s:%c:%d: no active SCB for reconnecting "
2135 		       "target - issuing BUS DEVICE RESET\n",
2136 		       ahd_name(ahd), 'A', ahd_inb(ahd, SELID) >> 4);
2137 		printf("SAVED_SCSIID == 0x%x, SAVED_LUN == 0x%x, "
2138 		       "REG0 == 0x%x ACCUM = 0x%x\n",
2139 		       ahd_inb(ahd, SAVED_SCSIID), ahd_inb(ahd, SAVED_LUN),
2140 		       ahd_inw(ahd, REG0), ahd_inb(ahd, ACCUM));
2141 		printf("SEQ_FLAGS == 0x%x, SCBPTR == 0x%x, BTT == 0x%x, "
2142 		       "SINDEX == 0x%x\n",
2143 		       ahd_inb(ahd, SEQ_FLAGS), ahd_get_scbptr(ahd),
2144 		       ahd_find_busy_tcl(ahd,
2145 					 BUILD_TCL(ahd_inb(ahd, SAVED_SCSIID),
2146 						   ahd_inb(ahd, SAVED_LUN))),
2147 		       ahd_inw(ahd, SINDEX));
2148 		printf("SELID == 0x%x, SCB_SCSIID == 0x%x, SCB_LUN == 0x%x, "
2149 		       "SCB_CONTROL == 0x%x\n",
2150 		       ahd_inb(ahd, SELID), ahd_inb_scbram(ahd, SCB_SCSIID),
2151 		       ahd_inb_scbram(ahd, SCB_LUN),
2152 		       ahd_inb_scbram(ahd, SCB_CONTROL));
2153 		printf("SCSIBUS[0] == 0x%x, SCSISIGI == 0x%x\n",
2154 		       ahd_inb(ahd, SCSIBUS), ahd_inb(ahd, SCSISIGI));
2155 		printf("SXFRCTL0 == 0x%x\n", ahd_inb(ahd, SXFRCTL0));
2156 		printf("SEQCTL0 == 0x%x\n", ahd_inb(ahd, SEQCTL0));
2157 		ahd_dump_card_state(ahd);
2158 		ahd->msgout_buf[0] = MSG_BUS_DEV_RESET;
2159 		ahd->msgout_len = 1;
2160 		ahd->msgout_index = 0;
2161 		ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
2162 		ahd_outb(ahd, MSG_OUT, HOST_MSG);
2163 		ahd_assert_atn(ahd);
2164 		break;
2165 	}
2166 	case PROTO_VIOLATION:
2167 	{
2168 		ahd_handle_proto_violation(ahd);
2169 		break;
2170 	}
2171 	case IGN_WIDE_RES:
2172 	{
2173 		struct ahd_devinfo devinfo;
2174 
2175 		ahd_fetch_devinfo(ahd, &devinfo);
2176 		ahd_handle_ign_wide_residue(ahd, &devinfo);
2177 		break;
2178 	}
2179 	case BAD_PHASE:
2180 	{
2181 		u_int lastphase;
2182 
2183 		lastphase = ahd_inb(ahd, LASTPHASE);
2184 		printf("%s:%c:%d: unknown scsi bus phase %x, "
2185 		       "lastphase = 0x%x.  Attempting to continue\n",
2186 		       ahd_name(ahd), 'A',
2187 		       SCSIID_TARGET(ahd, ahd_inb(ahd, SAVED_SCSIID)),
2188 		       lastphase, ahd_inb(ahd, SCSISIGI));
2189 		break;
2190 	}
2191 	case MISSED_BUSFREE:
2192 	{
2193 		u_int lastphase;
2194 
2195 		lastphase = ahd_inb(ahd, LASTPHASE);
2196 		printf("%s:%c:%d: Missed busfree. "
2197 		       "Lastphase = 0x%x, Curphase = 0x%x\n",
2198 		       ahd_name(ahd), 'A',
2199 		       SCSIID_TARGET(ahd, ahd_inb(ahd, SAVED_SCSIID)),
2200 		       lastphase, ahd_inb(ahd, SCSISIGI));
2201 		ahd_restart(ahd);
2202 		return;
2203 	}
2204 	case DATA_OVERRUN:
2205 	{
2206 		/*
2207 		 * When the sequencer detects an overrun, it
2208 		 * places the controller in "BITBUCKET" mode
2209 		 * and allows the target to complete its transfer.
2210 		 * Unfortunately, none of the counters get updated
2211 		 * when the controller is in this mode, so we have
2212 		 * no way of knowing how large the overrun was.
2213 		 */
2214 		struct	scb *scb;
2215 		u_int	scbindex;
2216 #ifdef AHD_DEBUG
2217 		u_int	lastphase;
2218 #endif
2219 
2220 		scbindex = ahd_get_scbptr(ahd);
2221 		scb = ahd_lookup_scb(ahd, scbindex);
2222 #ifdef AHD_DEBUG
2223 		lastphase = ahd_inb(ahd, LASTPHASE);
2224 		if ((ahd_debug & AHD_SHOW_RECOVERY) != 0) {
2225 			ahd_print_path(ahd, scb);
2226 			printf("data overrun detected %s.  Tag == 0x%x.\n",
2227 			       ahd_lookup_phase_entry(lastphase)->phasemsg,
2228 			       SCB_GET_TAG(scb));
2229 			ahd_print_path(ahd, scb);
2230 			printf("%s seen Data Phase.  Length = %ld.  "
2231 			       "NumSGs = %d.\n",
2232 			       ahd_inb(ahd, SEQ_FLAGS) & DPHASE
2233 			       ? "Have" : "Haven't",
2234 			       ahd_get_transfer_length(scb), scb->sg_count);
2235 			ahd_dump_sglist(scb);
2236 		}
2237 #endif
2238 
2239 		/*
2240 		 * Set this and it will take effect when the
2241 		 * target does a command complete.
2242 		 */
2243 		ahd_freeze_devq(ahd, scb);
2244 		ahd_set_transaction_status(scb, CAM_DATA_RUN_ERR);
2245 		ahd_freeze_scb(scb);
2246 		break;
2247 	}
2248 	case MKMSG_FAILED:
2249 	{
2250 		struct ahd_devinfo devinfo;
2251 		struct scb *scb;
2252 		u_int scbid;
2253 
2254 		ahd_fetch_devinfo(ahd, &devinfo);
2255 		printf("%s:%c:%d:%d: Attempt to issue message failed\n",
2256 		       ahd_name(ahd), devinfo.channel, devinfo.target,
2257 		       devinfo.lun);
2258 		scbid = ahd_get_scbptr(ahd);
2259 		scb = ahd_lookup_scb(ahd, scbid);
2260 		if (scb != NULL
2261 		 && (scb->flags & SCB_RECOVERY_SCB) != 0)
2262 			/*
2263 			 * Ensure that we didn't put a second instance of this
2264 			 * SCB into the QINFIFO.
2265 			 */
2266 			ahd_search_qinfifo(ahd, SCB_GET_TARGET(ahd, scb),
2267 					   SCB_GET_CHANNEL(ahd, scb),
2268 					   SCB_GET_LUN(scb), SCB_GET_TAG(scb),
2269 					   ROLE_INITIATOR, /*status*/0,
2270 					   SEARCH_REMOVE);
2271 		ahd_outb(ahd, SCB_CONTROL,
2272 			 ahd_inb_scbram(ahd, SCB_CONTROL) & ~MK_MESSAGE);
2273 		break;
2274 	}
2275 	case TASKMGMT_FUNC_COMPLETE:
2276 	{
2277 		u_int	scbid;
2278 		struct	scb *scb;
2279 
2280 		scbid = ahd_get_scbptr(ahd);
2281 		scb = ahd_lookup_scb(ahd, scbid);
2282 		if (scb != NULL) {
2283 			u_int	   lun;
2284 			u_int	   tag;
2285 			cam_status error;
2286 
2287 			ahd_print_path(ahd, scb);
2288 			printf("Task Management Func 0x%x Complete\n",
2289 			       scb->hscb->task_management);
2290 			lun = CAM_LUN_WILDCARD;
2291 			tag = SCB_LIST_NULL;
2292 
2293 			switch (scb->hscb->task_management) {
2294 			case SIU_TASKMGMT_ABORT_TASK:
2295 				tag = SCB_GET_TAG(scb);
2296 			case SIU_TASKMGMT_ABORT_TASK_SET:
2297 			case SIU_TASKMGMT_CLEAR_TASK_SET:
2298 				lun = scb->hscb->lun;
2299 				error = CAM_REQ_ABORTED;
2300 				ahd_abort_scbs(ahd, SCB_GET_TARGET(ahd, scb),
2301 					       'A', lun, tag, ROLE_INITIATOR,
2302 					       error);
2303 				break;
2304 			case SIU_TASKMGMT_LUN_RESET:
2305 				lun = scb->hscb->lun;
2306 			case SIU_TASKMGMT_TARGET_RESET:
2307 			{
2308 				struct ahd_devinfo devinfo;
2309 
2310 				ahd_scb_devinfo(ahd, &devinfo, scb);
2311 				error = CAM_BDR_SENT;
2312 				ahd_handle_devreset(ahd, &devinfo, lun,
2313 						    CAM_BDR_SENT,
2314 						    lun != CAM_LUN_WILDCARD
2315 						    ? "Lun Reset"
2316 						    : "Target Reset",
2317 						    /*verbose_level*/0);
2318 				break;
2319 			}
2320 			default:
2321 				panic("Unexpected TaskMgmt Func\n");
2322 				break;
2323 			}
2324 		}
2325 		break;
2326 	}
2327 	case TASKMGMT_CMD_CMPLT_OKAY:
2328 	{
2329 		u_int	scbid;
2330 		struct	scb *scb;
2331 
2332 		/*
2333 		 * An ABORT TASK TMF failed to be delivered before
2334 		 * the targeted command completed normally.
2335 		 */
2336 		scbid = ahd_get_scbptr(ahd);
2337 		scb = ahd_lookup_scb(ahd, scbid);
2338 		if (scb != NULL) {
2339 			/*
2340 			 * Remove the second instance of this SCB from
2341 			 * the QINFIFO if it is still there.
2342                          */
2343 			ahd_print_path(ahd, scb);
2344 			printf("SCB completes before TMF\n");
2345 			/*
2346 			 * Handle losing the race.  Wait until any
2347 			 * current selection completes.  We will then
2348 			 * set the TMF back to zero in this SCB so that
2349 			 * the sequencer doesn't bother to issue another
2350 			 * sequencer interrupt for its completion.
2351 			 */
2352 			while ((ahd_inb(ahd, SCSISEQ0) & ENSELO) != 0
2353 			    && (ahd_inb(ahd, SSTAT0) & SELDO) == 0
2354 			    && (ahd_inb(ahd, SSTAT1) & SELTO) == 0)
2355 				;
2356 			ahd_outb(ahd, SCB_TASK_MANAGEMENT, 0);
2357 			ahd_search_qinfifo(ahd, SCB_GET_TARGET(ahd, scb),
2358 					   SCB_GET_CHANNEL(ahd, scb),
2359 					   SCB_GET_LUN(scb), SCB_GET_TAG(scb),
2360 					   ROLE_INITIATOR, /*status*/0,
2361 					   SEARCH_REMOVE);
2362 		}
2363 		break;
2364 	}
2365 	case TRACEPOINT0:
2366 	case TRACEPOINT1:
2367 	case TRACEPOINT2:
2368 	case TRACEPOINT3:
2369 		printf("%s: Tracepoint %d\n", ahd_name(ahd),
2370 		       seqintcode - TRACEPOINT0);
2371 		break;
2372 	case NO_SEQINT:
2373 		break;
2374 	case SAW_HWERR:
2375 		ahd_handle_hwerrint(ahd);
2376 		break;
2377 	default:
2378 		printf("%s: Unexpected SEQINTCODE %d\n", ahd_name(ahd),
2379 		       seqintcode);
2380 		break;
2381 	}
2382 	/*
2383 	 *  The sequencer is paused immediately on
2384 	 *  a SEQINT, so we should restart it when
2385 	 *  we're done.
2386 	 */
2387 	ahd_unpause(ahd);
2388 }
2389 
2390 static void
2391 ahd_handle_scsiint(struct ahd_softc *ahd, u_int intstat)
2392 {
2393 	struct scb	*scb;
2394 	u_int		 status0;
2395 	u_int		 status3;
2396 	u_int		 status;
2397 	u_int		 lqistat1;
2398 	u_int		 lqostat0;
2399 	u_int		 scbid;
2400 	u_int		 busfreetime;
2401 
2402 	ahd_update_modes(ahd);
2403 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
2404 
2405 	status3 = ahd_inb(ahd, SSTAT3) & (NTRAMPERR|OSRAMPERR);
2406 	status0 = ahd_inb(ahd, SSTAT0) & (IOERR|OVERRUN|SELDI|SELDO);
2407 	status = ahd_inb(ahd, SSTAT1) & (SELTO|SCSIRSTI|BUSFREE|SCSIPERR);
2408 	lqistat1 = ahd_inb(ahd, LQISTAT1);
2409 	lqostat0 = ahd_inb(ahd, LQOSTAT0);
2410 	busfreetime = ahd_inb(ahd, SSTAT2) & BUSFREETIME;
2411 
2412 	/*
2413 	 * Ignore external resets after a bus reset.
2414 	 */
2415 	if (((status & SCSIRSTI) != 0) && (ahd->flags & AHD_BUS_RESET_ACTIVE)) {
2416 		ahd_outb(ahd, CLRSINT1, CLRSCSIRSTI);
2417 		return;
2418 	}
2419 
2420 	/*
2421 	 * Clear bus reset flag
2422 	 */
2423 	ahd->flags &= ~AHD_BUS_RESET_ACTIVE;
2424 
2425 	if ((status0 & (SELDI|SELDO)) != 0) {
2426 		u_int simode0;
2427 
2428 		ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
2429 		simode0 = ahd_inb(ahd, SIMODE0);
2430 		status0 &= simode0 & (IOERR|OVERRUN|SELDI|SELDO);
2431 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
2432 	}
2433 	scbid = ahd_get_scbptr(ahd);
2434 	scb = ahd_lookup_scb(ahd, scbid);
2435 	if (scb != NULL
2436 	 && (ahd_inb(ahd, SEQ_FLAGS) & NOT_IDENTIFIED) != 0)
2437 		scb = NULL;
2438 
2439 	if ((status0 & IOERR) != 0) {
2440 		u_int now_lvd;
2441 
2442 		now_lvd = ahd_inb(ahd, SBLKCTL) & ENAB40;
2443 		printf("%s: Transceiver State Has Changed to %s mode\n",
2444 		       ahd_name(ahd), now_lvd ? "LVD" : "SE");
2445 		ahd_outb(ahd, CLRSINT0, CLRIOERR);
2446 		/*
2447 		 * A change in I/O mode is equivalent to a bus reset.
2448 		 */
2449 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
2450 		ahd_pause(ahd);
2451 		ahd_setup_iocell_workaround(ahd);
2452 		ahd_unpause(ahd);
2453 	} else if ((status0 & OVERRUN) != 0) {
2454 
2455 		printf("%s: SCSI offset overrun detected.  Resetting bus.\n",
2456 		       ahd_name(ahd));
2457 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
2458 	} else if ((status & SCSIRSTI) != 0) {
2459 
2460 		printf("%s: Someone reset channel A\n", ahd_name(ahd));
2461 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/FALSE);
2462 	} else if ((status & SCSIPERR) != 0) {
2463 
2464 		/* Make sure the sequencer is in a safe location. */
2465 		ahd_clear_critical_section(ahd);
2466 
2467 		ahd_handle_transmission_error(ahd);
2468 	} else if (lqostat0 != 0) {
2469 
2470 		printf("%s: lqostat0 == 0x%x!\n", ahd_name(ahd), lqostat0);
2471 		ahd_outb(ahd, CLRLQOINT0, lqostat0);
2472 		if ((ahd->bugs & AHD_CLRLQO_AUTOCLR_BUG) != 0)
2473 			ahd_outb(ahd, CLRLQOINT1, 0);
2474 	} else if ((status & SELTO) != 0) {
2475 		/* Stop the selection */
2476 		ahd_outb(ahd, SCSISEQ0, 0);
2477 
2478 		/* Make sure the sequencer is in a safe location. */
2479 		ahd_clear_critical_section(ahd);
2480 
2481 		/* No more pending messages */
2482 		ahd_clear_msg_state(ahd);
2483 
2484 		/* Clear interrupt state */
2485 		ahd_outb(ahd, CLRSINT1, CLRSELTIMEO|CLRBUSFREE|CLRSCSIPERR);
2486 
2487 		/*
2488 		 * Although the driver does not care about the
2489 		 * 'Selection in Progress' status bit, the busy
2490 		 * LED does.  SELINGO is only cleared by a successfull
2491 		 * selection, so we must manually clear it to insure
2492 		 * the LED turns off just incase no future successful
2493 		 * selections occur (e.g. no devices on the bus).
2494 		 */
2495 		ahd_outb(ahd, CLRSINT0, CLRSELINGO);
2496 
2497 		scbid = ahd_inw(ahd, WAITING_TID_HEAD);
2498 		scb = ahd_lookup_scb(ahd, scbid);
2499 		if (scb == NULL) {
2500 			printf("%s: ahd_intr - referenced scb not "
2501 			       "valid during SELTO scb(0x%x)\n",
2502 			       ahd_name(ahd), scbid);
2503 			ahd_dump_card_state(ahd);
2504 		} else {
2505 			struct ahd_devinfo devinfo;
2506 #ifdef AHD_DEBUG
2507 			if ((ahd_debug & AHD_SHOW_SELTO) != 0) {
2508 				ahd_print_path(ahd, scb);
2509 				printf("Saw Selection Timeout for SCB 0x%x\n",
2510 				       scbid);
2511 			}
2512 #endif
2513 			ahd_scb_devinfo(ahd, &devinfo, scb);
2514 			ahd_set_transaction_status(scb, CAM_SEL_TIMEOUT);
2515 			ahd_freeze_devq(ahd, scb);
2516 
2517 			/*
2518 			 * Cancel any pending transactions on the device
2519 			 * now that it seems to be missing.  This will
2520 			 * also revert us to async/narrow transfers until
2521 			 * we can renegotiate with the device.
2522 			 */
2523 			ahd_handle_devreset(ahd, &devinfo,
2524 					    CAM_LUN_WILDCARD,
2525 					    CAM_SEL_TIMEOUT,
2526 					    "Selection Timeout",
2527 					    /*verbose_level*/1);
2528 		}
2529 		ahd_outb(ahd, CLRINT, CLRSCSIINT);
2530 		ahd_iocell_first_selection(ahd);
2531 		ahd_unpause(ahd);
2532 	} else if ((status0 & (SELDI|SELDO)) != 0) {
2533 
2534 		ahd_iocell_first_selection(ahd);
2535 		ahd_unpause(ahd);
2536 	} else if (status3 != 0) {
2537 		printf("%s: SCSI Cell parity error SSTAT3 == 0x%x\n",
2538 		       ahd_name(ahd), status3);
2539 		ahd_outb(ahd, CLRSINT3, status3);
2540 	} else if ((lqistat1 & (LQIPHASE_LQ|LQIPHASE_NLQ)) != 0) {
2541 
2542 		/* Make sure the sequencer is in a safe location. */
2543 		ahd_clear_critical_section(ahd);
2544 
2545 		ahd_handle_lqiphase_error(ahd, lqistat1);
2546 	} else if ((lqistat1 & LQICRCI_NLQ) != 0) {
2547 		/*
2548 		 * This status can be delayed during some
2549 		 * streaming operations.  The SCSIPHASE
2550 		 * handler has already dealt with this case
2551 		 * so just clear the error.
2552 		 */
2553 		ahd_outb(ahd, CLRLQIINT1, CLRLQICRCI_NLQ);
2554 	} else if ((status & BUSFREE) != 0
2555 		|| (lqistat1 & LQOBUSFREE) != 0) {
2556 		u_int lqostat1;
2557 		int   restart;
2558 		int   clear_fifo;
2559 		int   packetized;
2560 		u_int mode;
2561 
2562 		/*
2563 		 * Clear our selection hardware as soon as possible.
2564 		 * We may have an entry in the waiting Q for this target,
2565 		 * that is affected by this busfree and we don't want to
2566 		 * go about selecting the target while we handle the event.
2567 		 */
2568 		ahd_outb(ahd, SCSISEQ0, 0);
2569 
2570 		/* Make sure the sequencer is in a safe location. */
2571 		ahd_clear_critical_section(ahd);
2572 
2573 		/*
2574 		 * Determine what we were up to at the time of
2575 		 * the busfree.
2576 		 */
2577 		mode = AHD_MODE_SCSI;
2578 		busfreetime = ahd_inb(ahd, SSTAT2) & BUSFREETIME;
2579 		lqostat1 = ahd_inb(ahd, LQOSTAT1);
2580 		switch (busfreetime) {
2581 		case BUSFREE_DFF0:
2582 		case BUSFREE_DFF1:
2583 		{
2584 			mode = busfreetime == BUSFREE_DFF0
2585 			     ? AHD_MODE_DFF0 : AHD_MODE_DFF1;
2586 			ahd_set_modes(ahd, mode, mode);
2587 			scbid = ahd_get_scbptr(ahd);
2588 			scb = ahd_lookup_scb(ahd, scbid);
2589 			if (scb == NULL) {
2590 				printf("%s: Invalid SCB %d in DFF%d "
2591 				       "during unexpected busfree\n",
2592 				       ahd_name(ahd), scbid, mode);
2593 				packetized = 0;
2594 			} else
2595 				packetized = (scb->flags & SCB_PACKETIZED) != 0;
2596 			clear_fifo = 1;
2597 			break;
2598 		}
2599 		case BUSFREE_LQO:
2600 			clear_fifo = 0;
2601 			packetized = 1;
2602 			break;
2603 		default:
2604 			clear_fifo = 0;
2605 			packetized =  (lqostat1 & LQOBUSFREE) != 0;
2606 			if (!packetized
2607 			 && ahd_inb(ahd, LASTPHASE) == P_BUSFREE
2608 			 && (ahd_inb(ahd, SSTAT0) & SELDI) == 0
2609 			 && ((ahd_inb(ahd, SSTAT0) & SELDO) == 0
2610 			  || (ahd_inb(ahd, SCSISEQ0) & ENSELO) == 0))
2611 				/*
2612 				 * Assume packetized if we are not
2613 				 * on the bus in a non-packetized
2614 				 * capacity and any pending selection
2615 				 * was a packetized selection.
2616 				 */
2617 				packetized = 1;
2618 			break;
2619 		}
2620 
2621 #ifdef AHD_DEBUG
2622 		if ((ahd_debug & AHD_SHOW_MISC) != 0)
2623 			printf("Saw Busfree.  Busfreetime = 0x%x.\n",
2624 			       busfreetime);
2625 #endif
2626 		/*
2627 		 * Busfrees that occur in non-packetized phases are
2628 		 * handled by the nonpkt_busfree handler.
2629 		 */
2630 		if (packetized && ahd_inb(ahd, LASTPHASE) == P_BUSFREE) {
2631 			restart = ahd_handle_pkt_busfree(ahd, busfreetime);
2632 		} else {
2633 			packetized = 0;
2634 			restart = ahd_handle_nonpkt_busfree(ahd);
2635 		}
2636 		/*
2637 		 * Clear the busfree interrupt status.  The setting of
2638 		 * the interrupt is a pulse, so in a perfect world, we
2639 		 * would not need to muck with the ENBUSFREE logic.  This
2640 		 * would ensure that if the bus moves on to another
2641 		 * connection, busfree protection is still in force.  If
2642 		 * BUSFREEREV is broken, however, we must manually clear
2643 		 * the ENBUSFREE if the busfree occurred during a non-pack
2644 		 * connection so that we don't get false positives during
2645 		 * future, packetized, connections.
2646 		 */
2647 		ahd_outb(ahd, CLRSINT1, CLRBUSFREE);
2648 		if (packetized == 0
2649 		 && (ahd->bugs & AHD_BUSFREEREV_BUG) != 0)
2650 			ahd_outb(ahd, SIMODE1,
2651 				 ahd_inb(ahd, SIMODE1) & ~ENBUSFREE);
2652 
2653 		if (clear_fifo)
2654 			ahd_clear_fifo(ahd, mode);
2655 
2656 		ahd_clear_msg_state(ahd);
2657 		ahd_outb(ahd, CLRINT, CLRSCSIINT);
2658 		if (restart) {
2659 			ahd_restart(ahd);
2660 		} else {
2661 			ahd_unpause(ahd);
2662 		}
2663 	} else {
2664 		printf("%s: Missing case in ahd_handle_scsiint. status = %x\n",
2665 		       ahd_name(ahd), status);
2666 		ahd_dump_card_state(ahd);
2667 		ahd_clear_intstat(ahd);
2668 		ahd_unpause(ahd);
2669 	}
2670 }
2671 
2672 static void
2673 ahd_handle_transmission_error(struct ahd_softc *ahd)
2674 {
2675 	struct	scb *scb;
2676 	u_int	scbid;
2677 	u_int	lqistat1;
2678 	u_int	lqistat2;
2679 	u_int	msg_out;
2680 	u_int	curphase;
2681 	u_int	lastphase;
2682 	u_int	perrdiag;
2683 	u_int	cur_col;
2684 	int	silent;
2685 
2686 	scb = NULL;
2687 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
2688 	lqistat1 = ahd_inb(ahd, LQISTAT1) & ~(LQIPHASE_LQ|LQIPHASE_NLQ);
2689 	lqistat2 = ahd_inb(ahd, LQISTAT2);
2690 	if ((lqistat1 & (LQICRCI_NLQ|LQICRCI_LQ)) == 0
2691 	 && (ahd->bugs & AHD_NLQICRC_DELAYED_BUG) != 0) {
2692 		u_int lqistate;
2693 
2694 		ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
2695 		lqistate = ahd_inb(ahd, LQISTATE);
2696 		if ((lqistate >= 0x1E && lqistate <= 0x24)
2697 		 || (lqistate == 0x29)) {
2698 #ifdef AHD_DEBUG
2699 			if ((ahd_debug & AHD_SHOW_RECOVERY) != 0) {
2700 				printf("%s: NLQCRC found via LQISTATE\n",
2701 				       ahd_name(ahd));
2702 			}
2703 #endif
2704 			lqistat1 |= LQICRCI_NLQ;
2705 		}
2706 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
2707 	}
2708 
2709 	ahd_outb(ahd, CLRLQIINT1, lqistat1);
2710 	lastphase = ahd_inb(ahd, LASTPHASE);
2711 	curphase = ahd_inb(ahd, SCSISIGI) & PHASE_MASK;
2712 	perrdiag = ahd_inb(ahd, PERRDIAG);
2713 	msg_out = MSG_INITIATOR_DET_ERR;
2714 	ahd_outb(ahd, CLRSINT1, CLRSCSIPERR);
2715 
2716 	/*
2717 	 * Try to find the SCB associated with this error.
2718 	 */
2719 	silent = FALSE;
2720 	if (lqistat1 == 0
2721 	 || (lqistat1 & LQICRCI_NLQ) != 0) {
2722 	 	if ((lqistat1 & (LQICRCI_NLQ|LQIOVERI_NLQ)) != 0)
2723 			ahd_set_active_fifo(ahd);
2724 		scbid = ahd_get_scbptr(ahd);
2725 		scb = ahd_lookup_scb(ahd, scbid);
2726 		if (scb != NULL && SCB_IS_SILENT(scb))
2727 			silent = TRUE;
2728 	}
2729 
2730 	cur_col = 0;
2731 	if (silent == FALSE) {
2732 		printf("%s: Transmission error detected\n", ahd_name(ahd));
2733 		ahd_lqistat1_print(lqistat1, &cur_col, 50);
2734 		ahd_lastphase_print(lastphase, &cur_col, 50);
2735 		ahd_scsisigi_print(curphase, &cur_col, 50);
2736 		ahd_perrdiag_print(perrdiag, &cur_col, 50);
2737 		printf("\n");
2738 		ahd_dump_card_state(ahd);
2739 	}
2740 
2741 	if ((lqistat1 & (LQIOVERI_LQ|LQIOVERI_NLQ)) != 0) {
2742 		if (silent == FALSE) {
2743 			printf("%s: Gross protocol error during incoming "
2744 			       "packet.  lqistat1 == 0x%x.  Resetting bus.\n",
2745 			       ahd_name(ahd), lqistat1);
2746 		}
2747 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
2748 		return;
2749 	} else if ((lqistat1 & LQICRCI_LQ) != 0) {
2750 		/*
2751 		 * A CRC error has been detected on an incoming LQ.
2752 		 * The bus is currently hung on the last ACK.
2753 		 * Hit LQIRETRY to release the last ack, and
2754 		 * wait for the sequencer to determine that ATNO
2755 		 * is asserted while in message out to take us
2756 		 * to our host message loop.  No NONPACKREQ or
2757 		 * LQIPHASE type errors will occur in this
2758 		 * scenario.  After this first LQIRETRY, the LQI
2759 		 * manager will be in ISELO where it will
2760 		 * happily sit until another packet phase begins.
2761 		 * Unexpected bus free detection is enabled
2762 		 * through any phases that occur after we release
2763 		 * this last ack until the LQI manager sees a
2764 		 * packet phase.  This implies we may have to
2765 		 * ignore a perfectly valid "unexected busfree"
2766 		 * after our "initiator detected error" message is
2767 		 * sent.  A busfree is the expected response after
2768 		 * we tell the target that it's L_Q was corrupted.
2769 		 * (SPI4R09 10.7.3.3.3)
2770 		 */
2771 		ahd_outb(ahd, LQCTL2, LQIRETRY);
2772 		printf("LQIRetry for LQICRCI_LQ to release ACK\n");
2773 	} else if ((lqistat1 & LQICRCI_NLQ) != 0) {
2774 		/*
2775 		 * We detected a CRC error in a NON-LQ packet.
2776 		 * The hardware has varying behavior in this situation
2777 		 * depending on whether this packet was part of a
2778 		 * stream or not.
2779 		 *
2780 		 * PKT by PKT mode:
2781 		 * The hardware has already acked the complete packet.
2782 		 * If the target honors our outstanding ATN condition,
2783 		 * we should be (or soon will be) in MSGOUT phase.
2784 		 * This will trigger the LQIPHASE_LQ status bit as the
2785 		 * hardware was expecting another LQ.  Unexpected
2786 		 * busfree detection is enabled.  Once LQIPHASE_LQ is
2787 		 * true (first entry into host message loop is much
2788 		 * the same), we must clear LQIPHASE_LQ and hit
2789 		 * LQIRETRY so the hardware is ready to handle
2790 		 * a future LQ.  NONPACKREQ will not be asserted again
2791 		 * once we hit LQIRETRY until another packet is
2792 		 * processed.  The target may either go busfree
2793 		 * or start another packet in response to our message.
2794 		 *
2795 		 * Read Streaming P0 asserted:
2796 		 * If we raise ATN and the target completes the entire
2797 		 * stream (P0 asserted during the last packet), the
2798 		 * hardware will ack all data and return to the ISTART
2799 		 * state.  When the target reponds to our ATN condition,
2800 		 * LQIPHASE_LQ will be asserted.  We should respond to
2801 		 * this with an LQIRETRY to prepare for any future
2802 		 * packets.  NONPACKREQ will not be asserted again
2803 		 * once we hit LQIRETRY until another packet is
2804 		 * processed.  The target may either go busfree or
2805 		 * start another packet in response to our message.
2806 		 * Busfree detection is enabled.
2807 		 *
2808 		 * Read Streaming P0 not asserted:
2809 		 * If we raise ATN and the target transitions to
2810 		 * MSGOUT in or after a packet where P0 is not
2811 		 * asserted, the hardware will assert LQIPHASE_NLQ.
2812 		 * We should respond to the LQIPHASE_NLQ with an
2813 		 * LQIRETRY.  Should the target stay in a non-pkt
2814 		 * phase after we send our message, the hardware
2815 		 * will assert LQIPHASE_LQ.  Recovery is then just as
2816 		 * listed above for the read streaming with P0 asserted.
2817 		 * Busfree detection is enabled.
2818 		 */
2819 		if (silent == FALSE)
2820 			printf("LQICRC_NLQ\n");
2821 		if (scb == NULL) {
2822 			printf("%s: No SCB valid for LQICRC_NLQ.  "
2823 			       "Resetting bus\n", ahd_name(ahd));
2824 			ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
2825 			return;
2826 		}
2827 	} else if ((lqistat1 & LQIBADLQI) != 0) {
2828 		printf("Need to handle BADLQI!\n");
2829 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
2830 		return;
2831 	} else if ((perrdiag & (PARITYERR|PREVPHASE)) == PARITYERR) {
2832 		if ((curphase & ~P_DATAIN_DT) != 0) {
2833 			/* Ack the byte.  So we can continue. */
2834 			if (silent == FALSE)
2835 				printf("Acking %s to clear perror\n",
2836 				    ahd_lookup_phase_entry(curphase)->phasemsg);
2837 			ahd_inb(ahd, SCSIDAT);
2838 		}
2839 
2840 		if (curphase == P_MESGIN)
2841 			msg_out = MSG_PARITY_ERROR;
2842 	}
2843 
2844 	/*
2845 	 * We've set the hardware to assert ATN if we
2846 	 * get a parity error on "in" phases, so all we
2847 	 * need to do is stuff the message buffer with
2848 	 * the appropriate message.  "In" phases have set
2849 	 * mesg_out to something other than MSG_NOP.
2850 	 */
2851 	ahd->send_msg_perror = msg_out;
2852 	if (scb != NULL && msg_out == MSG_INITIATOR_DET_ERR)
2853 		scb->flags |= SCB_TRANSMISSION_ERROR;
2854 	ahd_outb(ahd, MSG_OUT, HOST_MSG);
2855 	ahd_outb(ahd, CLRINT, CLRSCSIINT);
2856 	ahd_unpause(ahd);
2857 }
2858 
2859 static void
2860 ahd_handle_lqiphase_error(struct ahd_softc *ahd, u_int lqistat1)
2861 {
2862 	/*
2863 	 * Clear the sources of the interrupts.
2864 	 */
2865 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
2866 	ahd_outb(ahd, CLRLQIINT1, lqistat1);
2867 
2868 	/*
2869 	 * If the "illegal" phase changes were in response
2870 	 * to our ATN to flag a CRC error, AND we ended up
2871 	 * on packet boundaries, clear the error, restart the
2872 	 * LQI manager as appropriate, and go on our merry
2873 	 * way toward sending the message.  Otherwise, reset
2874 	 * the bus to clear the error.
2875 	 */
2876 	ahd_set_active_fifo(ahd);
2877 	if ((ahd_inb(ahd, SCSISIGO) & ATNO) != 0
2878 	 && (ahd_inb(ahd, MDFFSTAT) & DLZERO) != 0) {
2879 		if ((lqistat1 & LQIPHASE_LQ) != 0) {
2880 			printf("LQIRETRY for LQIPHASE_LQ\n");
2881 			ahd_outb(ahd, LQCTL2, LQIRETRY);
2882 		} else if ((lqistat1 & LQIPHASE_NLQ) != 0) {
2883 			printf("LQIRETRY for LQIPHASE_NLQ\n");
2884 			ahd_outb(ahd, LQCTL2, LQIRETRY);
2885 		} else
2886 			panic("ahd_handle_lqiphase_error: No phase errors\n");
2887 		ahd_dump_card_state(ahd);
2888 		ahd_outb(ahd, CLRINT, CLRSCSIINT);
2889 		ahd_unpause(ahd);
2890 	} else {
2891 		printf("Reseting Channel for LQI Phase error\n");
2892 		ahd_dump_card_state(ahd);
2893 		ahd_reset_channel(ahd, 'A', /*Initiate Reset*/TRUE);
2894 	}
2895 }
2896 
2897 /*
2898  * Packetized unexpected or expected busfree.
2899  * Entered in mode based on busfreetime.
2900  */
2901 static int
2902 ahd_handle_pkt_busfree(struct ahd_softc *ahd, u_int busfreetime)
2903 {
2904 	u_int lqostat1;
2905 
2906 	AHD_ASSERT_MODES(ahd, ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK),
2907 			 ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK));
2908 	lqostat1 = ahd_inb(ahd, LQOSTAT1);
2909 	if ((lqostat1 & LQOBUSFREE) != 0) {
2910 		struct scb *scb;
2911 		u_int scbid;
2912 		u_int saved_scbptr;
2913 		u_int waiting_h;
2914 		u_int waiting_t;
2915 		u_int next;
2916 
2917 		/*
2918 		 * The LQO manager detected an unexpected busfree
2919 		 * either:
2920 		 *
2921 		 * 1) During an outgoing LQ.
2922 		 * 2) After an outgoing LQ but before the first
2923 		 *    REQ of the command packet.
2924 		 * 3) During an outgoing command packet.
2925 		 *
2926 		 * In all cases, CURRSCB is pointing to the
2927 		 * SCB that encountered the failure.  Clean
2928 		 * up the queue, clear SELDO and LQOBUSFREE,
2929 		 * and allow the sequencer to restart the select
2930 		 * out at its lesure.
2931 		 */
2932 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
2933 		scbid = ahd_inw(ahd, CURRSCB);
2934 		scb = ahd_lookup_scb(ahd, scbid);
2935 		if (scb == NULL)
2936 		       panic("SCB not valid during LQOBUSFREE");
2937 		/*
2938 		 * Clear the status.
2939 		 */
2940 		ahd_outb(ahd, CLRLQOINT1, CLRLQOBUSFREE);
2941 		if ((ahd->bugs & AHD_CLRLQO_AUTOCLR_BUG) != 0)
2942 			ahd_outb(ahd, CLRLQOINT1, 0);
2943 		ahd_outb(ahd, SCSISEQ0, ahd_inb(ahd, SCSISEQ0) & ~ENSELO);
2944 		ahd_flush_device_writes(ahd);
2945 		ahd_outb(ahd, CLRSINT0, CLRSELDO);
2946 
2947 		/*
2948 		 * Return the LQO manager to its idle loop.  It will
2949 		 * not do this automatically if the busfree occurs
2950 		 * after the first REQ of either the LQ or command
2951 		 * packet or between the LQ and command packet.
2952 		 */
2953 		ahd_outb(ahd, LQCTL2, ahd_inb(ahd, LQCTL2) | LQOTOIDLE);
2954 
2955 		/*
2956 		 * Update the waiting for selection queue so
2957 		 * we restart on the correct SCB.
2958 		 */
2959 		waiting_h = ahd_inw(ahd, WAITING_TID_HEAD);
2960 		saved_scbptr = ahd_get_scbptr(ahd);
2961 		if (waiting_h != scbid) {
2962 
2963 			ahd_outw(ahd, WAITING_TID_HEAD, scbid);
2964 			waiting_t = ahd_inw(ahd, WAITING_TID_TAIL);
2965 			if (waiting_t == waiting_h) {
2966 				ahd_outw(ahd, WAITING_TID_TAIL, scbid);
2967 				next = SCB_LIST_NULL;
2968 			} else {
2969 				ahd_set_scbptr(ahd, waiting_h);
2970 				next = ahd_inw_scbram(ahd, SCB_NEXT2);
2971 			}
2972 			ahd_set_scbptr(ahd, scbid);
2973 			ahd_outw(ahd, SCB_NEXT2, next);
2974 		}
2975 		ahd_set_scbptr(ahd, saved_scbptr);
2976 		if (scb->crc_retry_count < AHD_MAX_LQ_CRC_ERRORS) {
2977 			if (SCB_IS_SILENT(scb) == FALSE) {
2978 				ahd_print_path(ahd, scb);
2979 				printf("Probable outgoing LQ CRC error.  "
2980 				       "Retrying command\n");
2981 			}
2982 			scb->crc_retry_count++;
2983 		} else {
2984 			ahd_set_transaction_status(scb, CAM_UNCOR_PARITY);
2985 			ahd_freeze_scb(scb);
2986 			ahd_freeze_devq(ahd, scb);
2987 		}
2988 		/* Return unpausing the sequencer. */
2989 		return (0);
2990 	} else if ((ahd_inb(ahd, PERRDIAG) & PARITYERR) != 0) {
2991 		/*
2992 		 * Ignore what are really parity errors that
2993 		 * occur on the last REQ of a free running
2994 		 * clock prior to going busfree.  Some drives
2995 		 * do not properly active negate just before
2996 		 * going busfree resulting in a parity glitch.
2997 		 */
2998 		ahd_outb(ahd, CLRSINT1, CLRSCSIPERR|CLRBUSFREE);
2999 #ifdef AHD_DEBUG
3000 		if ((ahd_debug & AHD_SHOW_MASKED_ERRORS) != 0)
3001 			printf("%s: Parity on last REQ detected "
3002 			       "during busfree phase.\n",
3003 			       ahd_name(ahd));
3004 #endif
3005 		/* Return unpausing the sequencer. */
3006 		return (0);
3007 	}
3008 	if (ahd->src_mode != AHD_MODE_SCSI) {
3009 		u_int	scbid;
3010 		struct	scb *scb;
3011 
3012 		scbid = ahd_get_scbptr(ahd);
3013 		scb = ahd_lookup_scb(ahd, scbid);
3014 		ahd_print_path(ahd, scb);
3015 		printf("Unexpected PKT busfree condition\n");
3016 		ahd_dump_card_state(ahd);
3017 		ahd_abort_scbs(ahd, SCB_GET_TARGET(ahd, scb), 'A',
3018 			       SCB_GET_LUN(scb), SCB_GET_TAG(scb),
3019 			       ROLE_INITIATOR, CAM_UNEXP_BUSFREE);
3020 
3021 		/* Return restarting the sequencer. */
3022 		return (1);
3023 	}
3024 	printf("%s: Unexpected PKT busfree condition\n", ahd_name(ahd));
3025 	ahd_dump_card_state(ahd);
3026 	/* Restart the sequencer. */
3027 	return (1);
3028 }
3029 
3030 /*
3031  * Non-packetized unexpected or expected busfree.
3032  */
3033 static int
3034 ahd_handle_nonpkt_busfree(struct ahd_softc *ahd)
3035 {
3036 	struct	ahd_devinfo devinfo;
3037 	struct	scb *scb;
3038 	u_int	lastphase;
3039 	u_int	saved_scsiid;
3040 	u_int	saved_lun;
3041 	u_int	target;
3042 	u_int	initiator_role_id;
3043 	u_int	scbid;
3044 	u_int	ppr_busfree;
3045 	int	printerror;
3046 
3047 	/*
3048 	 * Look at what phase we were last in.  If its message out,
3049 	 * chances are pretty good that the busfree was in response
3050 	 * to one of our abort requests.
3051 	 */
3052 	lastphase = ahd_inb(ahd, LASTPHASE);
3053 	saved_scsiid = ahd_inb(ahd, SAVED_SCSIID);
3054 	saved_lun = ahd_inb(ahd, SAVED_LUN);
3055 	target = SCSIID_TARGET(ahd, saved_scsiid);
3056 	initiator_role_id = SCSIID_OUR_ID(saved_scsiid);
3057 	ahd_compile_devinfo(&devinfo, initiator_role_id,
3058 			    target, saved_lun, 'A', ROLE_INITIATOR);
3059 	printerror = 1;
3060 
3061 	scbid = ahd_get_scbptr(ahd);
3062 	scb = ahd_lookup_scb(ahd, scbid);
3063 	if (scb != NULL
3064 	 && (ahd_inb(ahd, SEQ_FLAGS) & NOT_IDENTIFIED) != 0)
3065 		scb = NULL;
3066 
3067 	ppr_busfree = (ahd->msg_flags & MSG_FLAG_EXPECT_PPR_BUSFREE) != 0;
3068 	if (lastphase == P_MESGOUT) {
3069 		u_int tag;
3070 
3071 		tag = SCB_LIST_NULL;
3072 		if (ahd_sent_msg(ahd, AHDMSG_1B, MSG_ABORT_TAG, TRUE)
3073 		 || ahd_sent_msg(ahd, AHDMSG_1B, MSG_ABORT, TRUE)) {
3074 			int found;
3075 			int sent_msg;
3076 
3077 			if (scb == NULL) {
3078 				ahd_print_devinfo(ahd, &devinfo);
3079 				printf("Abort for unidentified "
3080 				       "connection completed.\n");
3081 				/* restart the sequencer. */
3082 				return (1);
3083 			}
3084 			sent_msg = ahd->msgout_buf[ahd->msgout_index - 1];
3085 			ahd_print_path(ahd, scb);
3086 			printf("SCB %d - Abort%s Completed.\n",
3087 			       SCB_GET_TAG(scb),
3088 			       sent_msg == MSG_ABORT_TAG ? "" : " Tag");
3089 
3090 			if (sent_msg == MSG_ABORT_TAG)
3091 				tag = SCB_GET_TAG(scb);
3092 
3093 			if ((scb->flags & SCB_EXTERNAL_RESET) != 0) {
3094 				/*
3095 				 * This abort is in response to an
3096 				 * unexpected switch to command phase
3097 				 * for a packetized connection.  Since
3098 				 * the identify message was never sent,
3099 				 * "saved lun" is 0.  We really want to
3100 				 * abort only the SCB that encountered
3101 				 * this error, which could have a different
3102 				 * lun.  The SCB will be retried so the OS
3103 				 * will see the UA after renegotiating to
3104 				 * packetized.
3105 				 */
3106 				tag = SCB_GET_TAG(scb);
3107 				saved_lun = scb->hscb->lun;
3108 			}
3109 			found = ahd_abort_scbs(ahd, target, 'A', saved_lun,
3110 					       tag, ROLE_INITIATOR,
3111 					       CAM_REQ_ABORTED);
3112 			printf("found == 0x%x\n", found);
3113 			printerror = 0;
3114 		} else if (ahd_sent_msg(ahd, AHDMSG_1B,
3115 					MSG_BUS_DEV_RESET, TRUE)) {
3116 #ifdef __FreeBSD__
3117 			/*
3118 			 * Don't mark the user's request for this BDR
3119 			 * as completing with CAM_BDR_SENT.  CAM3
3120 			 * specifies CAM_REQ_CMP.
3121 			 */
3122 			if (scb != NULL
3123 			 && scb->io_ctx->ccb_h.func_code== XPT_RESET_DEV
3124 			 && ahd_match_scb(ahd, scb, target, 'A',
3125 					  CAM_LUN_WILDCARD, SCB_LIST_NULL,
3126 					  ROLE_INITIATOR))
3127 				ahd_set_transaction_status(scb, CAM_REQ_CMP);
3128 #endif
3129 			ahd_handle_devreset(ahd, &devinfo, CAM_LUN_WILDCARD,
3130 					    CAM_BDR_SENT, "Bus Device Reset",
3131 					    /*verbose_level*/0);
3132 			printerror = 0;
3133 		} else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_PPR, FALSE)
3134 			&& ppr_busfree == 0) {
3135 			struct ahd_initiator_tinfo *tinfo;
3136 			struct ahd_tmode_tstate *tstate;
3137 
3138 			/*
3139 			 * PPR Rejected.
3140 			 *
3141 			 * If the previous negotiation was packetized,
3142 			 * this could be because the device has been
3143 			 * reset without our knowledge.  Force our
3144 			 * current negotiation to async and retry the
3145 			 * negotiation.  Otherwise retry the command
3146 			 * with non-ppr negotiation.
3147 			 */
3148 #ifdef AHD_DEBUG
3149 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
3150 				printf("PPR negotiation rejected busfree.\n");
3151 #endif
3152 			tinfo = ahd_fetch_transinfo(ahd, devinfo.channel,
3153 						    devinfo.our_scsiid,
3154 						    devinfo.target, &tstate);
3155 			if ((tinfo->curr.ppr_options & MSG_EXT_PPR_IU_REQ)!=0) {
3156 				ahd_set_width(ahd, &devinfo,
3157 					      MSG_EXT_WDTR_BUS_8_BIT,
3158 					      AHD_TRANS_CUR,
3159 					      /*paused*/TRUE);
3160 				ahd_set_syncrate(ahd, &devinfo,
3161 						/*period*/0, /*offset*/0,
3162 						/*ppr_options*/0,
3163 						AHD_TRANS_CUR,
3164 						/*paused*/TRUE);
3165 				/*
3166 				 * The expect PPR busfree handler below
3167 				 * will effect the retry and necessary
3168 				 * abort.
3169 				 */
3170 			} else {
3171 				tinfo->curr.transport_version = 2;
3172 				tinfo->goal.transport_version = 2;
3173 				tinfo->goal.ppr_options = 0;
3174 				if (scb != NULL) {
3175 					/*
3176 					 * Remove any SCBs in the waiting
3177 					 * for selection queue that may
3178 					 * also be for this target so that
3179 					 * command ordering is preserved.
3180 					 */
3181 					ahd_freeze_devq(ahd, scb);
3182 					ahd_qinfifo_requeue_tail(ahd, scb);
3183 				}
3184 				printerror = 0;
3185 			}
3186 		} else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_WDTR, FALSE)
3187 			&& ppr_busfree == 0) {
3188 			/*
3189 			 * Negotiation Rejected.  Go-narrow and
3190 			 * retry command.
3191 			 */
3192 #ifdef AHD_DEBUG
3193 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
3194 				printf("WDTR negotiation rejected busfree.\n");
3195 #endif
3196 			ahd_set_width(ahd, &devinfo,
3197 				      MSG_EXT_WDTR_BUS_8_BIT,
3198 				      AHD_TRANS_CUR|AHD_TRANS_GOAL,
3199 				      /*paused*/TRUE);
3200 			if (scb != NULL) {
3201 				/*
3202 				 * Remove any SCBs in the waiting for
3203 				 * selection queue that may also be for
3204 				 * this target so that command ordering
3205 				 * is preserved.
3206 				 */
3207 				ahd_freeze_devq(ahd, scb);
3208 				ahd_qinfifo_requeue_tail(ahd, scb);
3209 			}
3210 			printerror = 0;
3211 		} else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_SDTR, FALSE)
3212 			&& ppr_busfree == 0) {
3213 			/*
3214 			 * Negotiation Rejected.  Go-async and
3215 			 * retry command.
3216 			 */
3217 #ifdef AHD_DEBUG
3218 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
3219 				printf("SDTR negotiation rejected busfree.\n");
3220 #endif
3221 			ahd_set_syncrate(ahd, &devinfo,
3222 					/*period*/0, /*offset*/0,
3223 					/*ppr_options*/0,
3224 					AHD_TRANS_CUR|AHD_TRANS_GOAL,
3225 					/*paused*/TRUE);
3226 			if (scb != NULL) {
3227 				/*
3228 				 * Remove any SCBs in the waiting for
3229 				 * selection queue that may also be for
3230 				 * this target so that command ordering
3231 				 * is preserved.
3232 				 */
3233 				ahd_freeze_devq(ahd, scb);
3234 				ahd_qinfifo_requeue_tail(ahd, scb);
3235 			}
3236 			printerror = 0;
3237 		} else if ((ahd->msg_flags & MSG_FLAG_EXPECT_IDE_BUSFREE) != 0
3238 			&& ahd_sent_msg(ahd, AHDMSG_1B,
3239 					 MSG_INITIATOR_DET_ERR, TRUE)) {
3240 
3241 #ifdef AHD_DEBUG
3242 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
3243 				printf("Expected IDE Busfree\n");
3244 #endif
3245 			printerror = 0;
3246 		} else if ((ahd->msg_flags & MSG_FLAG_EXPECT_QASREJ_BUSFREE)
3247 			&& ahd_sent_msg(ahd, AHDMSG_1B,
3248 					MSG_MESSAGE_REJECT, TRUE)) {
3249 
3250 #ifdef AHD_DEBUG
3251 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
3252 				printf("Expected QAS Reject Busfree\n");
3253 #endif
3254 			printerror = 0;
3255 		}
3256 	}
3257 
3258 	/*
3259 	 * The busfree required flag is honored at the end of
3260 	 * the message phases.  We check it last in case we
3261 	 * had to send some other message that caused a busfree.
3262 	 */
3263 	if (scb != NULL && printerror != 0
3264 	 && (lastphase == P_MESGIN || lastphase == P_MESGOUT)
3265 	 && ((ahd->msg_flags & MSG_FLAG_EXPECT_PPR_BUSFREE) != 0)) {
3266 
3267 		ahd_freeze_devq(ahd, scb);
3268 		ahd_set_transaction_status(scb, CAM_REQUEUE_REQ);
3269 		ahd_freeze_scb(scb);
3270 		if ((ahd->msg_flags & MSG_FLAG_IU_REQ_CHANGED) != 0) {
3271 			ahd_abort_scbs(ahd, SCB_GET_TARGET(ahd, scb),
3272 				       SCB_GET_CHANNEL(ahd, scb),
3273 				       SCB_GET_LUN(scb), SCB_LIST_NULL,
3274 				       ROLE_INITIATOR, CAM_REQ_ABORTED);
3275 		} else {
3276 #ifdef AHD_DEBUG
3277 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
3278 				printf("PPR Negotiation Busfree.\n");
3279 #endif
3280 			ahd_done(ahd, scb);
3281 		}
3282 		printerror = 0;
3283 	}
3284 	if (printerror != 0) {
3285 		int aborted;
3286 
3287 		aborted = 0;
3288 		if (scb != NULL) {
3289 			u_int tag;
3290 
3291 			if ((scb->hscb->control & TAG_ENB) != 0)
3292 				tag = SCB_GET_TAG(scb);
3293 			else
3294 				tag = SCB_LIST_NULL;
3295 			ahd_print_path(ahd, scb);
3296 			aborted = ahd_abort_scbs(ahd, target, 'A',
3297 				       SCB_GET_LUN(scb), tag,
3298 				       ROLE_INITIATOR,
3299 				       CAM_UNEXP_BUSFREE);
3300 		} else {
3301 			/*
3302 			 * We had not fully identified this connection,
3303 			 * so we cannot abort anything.
3304 			 */
3305 			printf("%s: ", ahd_name(ahd));
3306 		}
3307 		printf("Unexpected busfree %s, %d SCBs aborted, "
3308 		       "PRGMCNT == 0x%x\n",
3309 		       ahd_lookup_phase_entry(lastphase)->phasemsg,
3310 		       aborted,
3311 		       ahd_inw(ahd, PRGMCNT));
3312 		ahd_dump_card_state(ahd);
3313 		if (lastphase != P_BUSFREE)
3314 			ahd_force_renegotiation(ahd, &devinfo);
3315 	}
3316 	/* Always restart the sequencer. */
3317 	return (1);
3318 }
3319 
3320 static void
3321 ahd_handle_proto_violation(struct ahd_softc *ahd)
3322 {
3323 	struct	ahd_devinfo devinfo;
3324 	struct	scb *scb;
3325 	u_int	scbid;
3326 	u_int	seq_flags;
3327 	u_int	curphase;
3328 	u_int	lastphase;
3329 	int	found;
3330 
3331 	ahd_fetch_devinfo(ahd, &devinfo);
3332 	scbid = ahd_get_scbptr(ahd);
3333 	scb = ahd_lookup_scb(ahd, scbid);
3334 	seq_flags = ahd_inb(ahd, SEQ_FLAGS);
3335 	curphase = ahd_inb(ahd, SCSISIGI) & PHASE_MASK;
3336 	lastphase = ahd_inb(ahd, LASTPHASE);
3337 	if ((seq_flags & NOT_IDENTIFIED) != 0) {
3338 
3339 		/*
3340 		 * The reconnecting target either did not send an
3341 		 * identify message, or did, but we didn't find an SCB
3342 		 * to match.
3343 		 */
3344 		ahd_print_devinfo(ahd, &devinfo);
3345 		printf("Target did not send an IDENTIFY message. "
3346 		       "LASTPHASE = 0x%x.\n", lastphase);
3347 		scb = NULL;
3348 	} else if (scb == NULL) {
3349 		/*
3350 		 * We don't seem to have an SCB active for this
3351 		 * transaction.  Print an error and reset the bus.
3352 		 */
3353 		ahd_print_devinfo(ahd, &devinfo);
3354 		printf("No SCB found during protocol violation\n");
3355 		goto proto_violation_reset;
3356 	} else {
3357 		ahd_set_transaction_status(scb, CAM_SEQUENCE_FAIL);
3358 		if ((seq_flags & NO_CDB_SENT) != 0) {
3359 			ahd_print_path(ahd, scb);
3360 			printf("No or incomplete CDB sent to device.\n");
3361 		} else if ((ahd_inb_scbram(ahd, SCB_CONTROL)
3362 			  & STATUS_RCVD) == 0) {
3363 			/*
3364 			 * The target never bothered to provide status to
3365 			 * us prior to completing the command.  Since we don't
3366 			 * know the disposition of this command, we must attempt
3367 			 * to abort it.  Assert ATN and prepare to send an abort
3368 			 * message.
3369 			 */
3370 			ahd_print_path(ahd, scb);
3371 			printf("Completed command without status.\n");
3372 		} else {
3373 			ahd_print_path(ahd, scb);
3374 			printf("Unknown protocol violation.\n");
3375 			ahd_dump_card_state(ahd);
3376 		}
3377 	}
3378 	if ((lastphase & ~P_DATAIN_DT) == 0
3379 	 || lastphase == P_COMMAND) {
3380 proto_violation_reset:
3381 		/*
3382 		 * Target either went directly to data
3383 		 * phase or didn't respond to our ATN.
3384 		 * The only safe thing to do is to blow
3385 		 * it away with a bus reset.
3386 		 */
3387 		found = ahd_reset_channel(ahd, 'A', TRUE);
3388 		printf("%s: Issued Channel %c Bus Reset. "
3389 		       "%d SCBs aborted\n", ahd_name(ahd), 'A', found);
3390 	} else {
3391 		/*
3392 		 * Leave the selection hardware off in case
3393 		 * this abort attempt will affect yet to
3394 		 * be sent commands.
3395 		 */
3396 		ahd_outb(ahd, SCSISEQ0,
3397 			 ahd_inb(ahd, SCSISEQ0) & ~ENSELO);
3398 		ahd_assert_atn(ahd);
3399 		ahd_outb(ahd, MSG_OUT, HOST_MSG);
3400 		if (scb == NULL) {
3401 			ahd_print_devinfo(ahd, &devinfo);
3402 			ahd->msgout_buf[0] = MSG_ABORT_TASK;
3403 			ahd->msgout_len = 1;
3404 			ahd->msgout_index = 0;
3405 			ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
3406 		} else {
3407 			ahd_print_path(ahd, scb);
3408 			scb->flags |= SCB_ABORT;
3409 		}
3410 		printf("Protocol violation %s.  Attempting to abort.\n",
3411 		       ahd_lookup_phase_entry(curphase)->phasemsg);
3412 	}
3413 }
3414 
3415 /*
3416  * Force renegotiation to occur the next time we initiate
3417  * a command to the current device.
3418  */
3419 static void
3420 ahd_force_renegotiation(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
3421 {
3422 	struct	ahd_initiator_tinfo *targ_info;
3423 	struct	ahd_tmode_tstate *tstate;
3424 
3425 #ifdef AHD_DEBUG
3426 	if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
3427 		ahd_print_devinfo(ahd, devinfo);
3428 		printf("Forcing renegotiation\n");
3429 	}
3430 #endif
3431 	targ_info = ahd_fetch_transinfo(ahd,
3432 					devinfo->channel,
3433 					devinfo->our_scsiid,
3434 					devinfo->target,
3435 					&tstate);
3436 	ahd_update_neg_request(ahd, devinfo, tstate,
3437 			       targ_info, AHD_NEG_IF_NON_ASYNC);
3438 }
3439 
3440 #define AHD_MAX_STEPS 2000
3441 static void
3442 ahd_clear_critical_section(struct ahd_softc *ahd)
3443 {
3444 	ahd_mode_state	saved_modes;
3445 	int		stepping;
3446 	int		steps;
3447 	int		first_instr;
3448 	u_int		simode0;
3449 	u_int		simode1;
3450 	u_int		simode3;
3451 	u_int		lqimode0;
3452 	u_int		lqimode1;
3453 	u_int		lqomode0;
3454 	u_int		lqomode1;
3455 
3456 	if (ahd->num_critical_sections == 0)
3457 		return;
3458 
3459 	stepping = FALSE;
3460 	steps = 0;
3461 	first_instr = 0;
3462 	simode0 = 0;
3463 	simode1 = 0;
3464 	simode3 = 0;
3465 	lqimode0 = 0;
3466 	lqimode1 = 0;
3467 	lqomode0 = 0;
3468 	lqomode1 = 0;
3469 	saved_modes = ahd_save_modes(ahd);
3470 	for (;;) {
3471 		struct	cs *cs;
3472 		u_int	seqaddr;
3473 		u_int	i;
3474 
3475 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
3476 		seqaddr = ahd_inw(ahd, CURADDR);
3477 
3478 		cs = ahd->critical_sections;
3479 		for (i = 0; i < ahd->num_critical_sections; i++, cs++) {
3480 
3481 			if (cs->begin < seqaddr && cs->end >= seqaddr)
3482 				break;
3483 		}
3484 
3485 		if (i == ahd->num_critical_sections)
3486 			break;
3487 
3488 		if (steps > AHD_MAX_STEPS) {
3489 			printf("%s: Infinite loop in critical section\n"
3490 			       "%s: First Instruction 0x%x now 0x%x\n",
3491 			       ahd_name(ahd), ahd_name(ahd), first_instr,
3492 			       seqaddr);
3493 			ahd_dump_card_state(ahd);
3494 			panic("critical section loop");
3495 		}
3496 
3497 		steps++;
3498 #ifdef AHD_DEBUG
3499 		if ((ahd_debug & AHD_SHOW_MISC) != 0)
3500 			printf("%s: Single stepping at 0x%x\n", ahd_name(ahd),
3501 			       seqaddr);
3502 #endif
3503 		if (stepping == FALSE) {
3504 
3505 			first_instr = seqaddr;
3506   			ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
3507   			simode0 = ahd_inb(ahd, SIMODE0);
3508 			simode3 = ahd_inb(ahd, SIMODE3);
3509 			lqimode0 = ahd_inb(ahd, LQIMODE0);
3510 			lqimode1 = ahd_inb(ahd, LQIMODE1);
3511 			lqomode0 = ahd_inb(ahd, LQOMODE0);
3512 			lqomode1 = ahd_inb(ahd, LQOMODE1);
3513 			ahd_outb(ahd, SIMODE0, 0);
3514 			ahd_outb(ahd, SIMODE3, 0);
3515 			ahd_outb(ahd, LQIMODE0, 0);
3516 			ahd_outb(ahd, LQIMODE1, 0);
3517 			ahd_outb(ahd, LQOMODE0, 0);
3518 			ahd_outb(ahd, LQOMODE1, 0);
3519 			ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
3520 			simode1 = ahd_inb(ahd, SIMODE1);
3521 			/*
3522 			 * We don't clear ENBUSFREE.  Unfortunately
3523 			 * we cannot re-enable busfree detection within
3524 			 * the current connection, so we must leave it
3525 			 * on while single stepping.
3526 			 */
3527 			ahd_outb(ahd, SIMODE1, simode1 & ENBUSFREE);
3528 			ahd_outb(ahd, SEQCTL0, ahd_inb(ahd, SEQCTL0) | STEP);
3529 			stepping = TRUE;
3530 		}
3531 		ahd_outb(ahd, CLRSINT1, CLRBUSFREE);
3532 		ahd_outb(ahd, CLRINT, CLRSCSIINT);
3533 		ahd_set_modes(ahd, ahd->saved_src_mode, ahd->saved_dst_mode);
3534 		ahd_outb(ahd, HCNTRL, ahd->unpause);
3535 		while (!ahd_is_paused(ahd))
3536 			ahd_delay(200);
3537 		ahd_update_modes(ahd);
3538 	}
3539 	if (stepping) {
3540 		ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
3541 		ahd_outb(ahd, SIMODE0, simode0);
3542 		ahd_outb(ahd, SIMODE3, simode3);
3543 		ahd_outb(ahd, LQIMODE0, lqimode0);
3544 		ahd_outb(ahd, LQIMODE1, lqimode1);
3545 		ahd_outb(ahd, LQOMODE0, lqomode0);
3546 		ahd_outb(ahd, LQOMODE1, lqomode1);
3547 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
3548 		ahd_outb(ahd, SEQCTL0, ahd_inb(ahd, SEQCTL0) & ~STEP);
3549   		ahd_outb(ahd, SIMODE1, simode1);
3550 		/*
3551 		 * SCSIINT seems to glitch occassionally when
3552 		 * the interrupt masks are restored.  Clear SCSIINT
3553 		 * one more time so that only persistent errors
3554 		 * are seen as a real interrupt.
3555 		 */
3556 		ahd_outb(ahd, CLRINT, CLRSCSIINT);
3557 	}
3558 	ahd_restore_modes(ahd, saved_modes);
3559 }
3560 
3561 /*
3562  * Clear any pending interrupt status.
3563  */
3564 static void
3565 ahd_clear_intstat(struct ahd_softc *ahd)
3566 {
3567 	AHD_ASSERT_MODES(ahd, ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK),
3568 			 ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK));
3569 	/* Clear any interrupt conditions this may have caused */
3570 	ahd_outb(ahd, CLRLQIINT0, CLRLQIATNQAS|CLRLQICRCT1|CLRLQICRCT2
3571 				 |CLRLQIBADLQT|CLRLQIATNLQ|CLRLQIATNCMD);
3572 	ahd_outb(ahd, CLRLQIINT1, CLRLQIPHASE_LQ|CLRLQIPHASE_NLQ|CLRLIQABORT
3573 				 |CLRLQICRCI_LQ|CLRLQICRCI_NLQ|CLRLQIBADLQI
3574 				 |CLRLQIOVERI_LQ|CLRLQIOVERI_NLQ|CLRNONPACKREQ);
3575 	ahd_outb(ahd, CLRLQOINT0, CLRLQOTARGSCBPERR|CLRLQOSTOPT2|CLRLQOATNLQ
3576 				 |CLRLQOATNPKT|CLRLQOTCRC);
3577 	ahd_outb(ahd, CLRLQOINT1, CLRLQOINITSCBPERR|CLRLQOSTOPI2|CLRLQOBADQAS
3578 				 |CLRLQOBUSFREE|CLRLQOPHACHGINPKT);
3579 	if ((ahd->bugs & AHD_CLRLQO_AUTOCLR_BUG) != 0) {
3580 		ahd_outb(ahd, CLRLQOINT0, 0);
3581 		ahd_outb(ahd, CLRLQOINT1, 0);
3582 	}
3583 	ahd_outb(ahd, CLRSINT3, CLRNTRAMPERR|CLROSRAMPERR);
3584 	ahd_outb(ahd, CLRSINT1, CLRSELTIMEO|CLRATNO|CLRSCSIRSTI
3585 				|CLRBUSFREE|CLRSCSIPERR|CLRREQINIT);
3586 	ahd_outb(ahd, CLRSINT0, CLRSELDO|CLRSELDI|CLRSELINGO
3587 			        |CLRIOERR|CLROVERRUN);
3588 	ahd_outb(ahd, CLRINT, CLRSCSIINT);
3589 }
3590 
3591 /**************************** Debugging Routines ******************************/
3592 #ifdef AHD_DEBUG
3593 uint32_t ahd_debug = AHD_DEBUG_OPTS;
3594 #endif
3595 
3596 #if 0
3597 void
3598 ahd_print_scb(struct scb *scb)
3599 {
3600 	struct hardware_scb *hscb;
3601 	int i;
3602 
3603 	hscb = scb->hscb;
3604 	printf("scb:%p control:0x%x scsiid:0x%x lun:%d cdb_len:%d\n",
3605 	       (void *)scb,
3606 	       hscb->control,
3607 	       hscb->scsiid,
3608 	       hscb->lun,
3609 	       hscb->cdb_len);
3610 	printf("Shared Data: ");
3611 	for (i = 0; i < sizeof(hscb->shared_data.idata.cdb); i++)
3612 		printf("%#02x", hscb->shared_data.idata.cdb[i]);
3613 	printf("        dataptr:%#x%x datacnt:%#x sgptr:%#x tag:%#x\n",
3614 	       (uint32_t)((ahd_le64toh(hscb->dataptr) >> 32) & 0xFFFFFFFF),
3615 	       (uint32_t)(ahd_le64toh(hscb->dataptr) & 0xFFFFFFFF),
3616 	       ahd_le32toh(hscb->datacnt),
3617 	       ahd_le32toh(hscb->sgptr),
3618 	       SCB_GET_TAG(scb));
3619 	ahd_dump_sglist(scb);
3620 }
3621 #endif  /*  0  */
3622 
3623 /************************* Transfer Negotiation *******************************/
3624 /*
3625  * Allocate per target mode instance (ID we respond to as a target)
3626  * transfer negotiation data structures.
3627  */
3628 static struct ahd_tmode_tstate *
3629 ahd_alloc_tstate(struct ahd_softc *ahd, u_int scsi_id, char channel)
3630 {
3631 	struct ahd_tmode_tstate *master_tstate;
3632 	struct ahd_tmode_tstate *tstate;
3633 	int i;
3634 
3635 	master_tstate = ahd->enabled_targets[ahd->our_id];
3636 	if (ahd->enabled_targets[scsi_id] != NULL
3637 	 && ahd->enabled_targets[scsi_id] != master_tstate)
3638 		panic("%s: ahd_alloc_tstate - Target already allocated",
3639 		      ahd_name(ahd));
3640 	tstate = malloc(sizeof(*tstate), M_DEVBUF, M_NOWAIT);
3641 	if (tstate == NULL)
3642 		return (NULL);
3643 
3644 	/*
3645 	 * If we have allocated a master tstate, copy user settings from
3646 	 * the master tstate (taken from SRAM or the EEPROM) for this
3647 	 * channel, but reset our current and goal settings to async/narrow
3648 	 * until an initiator talks to us.
3649 	 */
3650 	if (master_tstate != NULL) {
3651 		memcpy(tstate, master_tstate, sizeof(*tstate));
3652 		memset(tstate->enabled_luns, 0, sizeof(tstate->enabled_luns));
3653 		for (i = 0; i < 16; i++) {
3654 			memset(&tstate->transinfo[i].curr, 0,
3655 			      sizeof(tstate->transinfo[i].curr));
3656 			memset(&tstate->transinfo[i].goal, 0,
3657 			      sizeof(tstate->transinfo[i].goal));
3658 		}
3659 	} else
3660 		memset(tstate, 0, sizeof(*tstate));
3661 	ahd->enabled_targets[scsi_id] = tstate;
3662 	return (tstate);
3663 }
3664 
3665 #ifdef AHD_TARGET_MODE
3666 /*
3667  * Free per target mode instance (ID we respond to as a target)
3668  * transfer negotiation data structures.
3669  */
3670 static void
3671 ahd_free_tstate(struct ahd_softc *ahd, u_int scsi_id, char channel, int force)
3672 {
3673 	struct ahd_tmode_tstate *tstate;
3674 
3675 	/*
3676 	 * Don't clean up our "master" tstate.
3677 	 * It has our default user settings.
3678 	 */
3679 	if (scsi_id == ahd->our_id
3680 	 && force == FALSE)
3681 		return;
3682 
3683 	tstate = ahd->enabled_targets[scsi_id];
3684 	if (tstate != NULL)
3685 		free(tstate, M_DEVBUF);
3686 	ahd->enabled_targets[scsi_id] = NULL;
3687 }
3688 #endif
3689 
3690 /*
3691  * Called when we have an active connection to a target on the bus,
3692  * this function finds the nearest period to the input period limited
3693  * by the capabilities of the bus connectivity of and sync settings for
3694  * the target.
3695  */
3696 static void
3697 ahd_devlimited_syncrate(struct ahd_softc *ahd,
3698 			struct ahd_initiator_tinfo *tinfo,
3699 			u_int *period, u_int *ppr_options, role_t role)
3700 {
3701 	struct	ahd_transinfo *transinfo;
3702 	u_int	maxsync;
3703 
3704 	if ((ahd_inb(ahd, SBLKCTL) & ENAB40) != 0
3705 	 && (ahd_inb(ahd, SSTAT2) & EXP_ACTIVE) == 0) {
3706 		maxsync = AHD_SYNCRATE_PACED;
3707 	} else {
3708 		maxsync = AHD_SYNCRATE_ULTRA;
3709 		/* Can't do DT related options on an SE bus */
3710 		*ppr_options &= MSG_EXT_PPR_QAS_REQ;
3711 	}
3712 	/*
3713 	 * Never allow a value higher than our current goal
3714 	 * period otherwise we may allow a target initiated
3715 	 * negotiation to go above the limit as set by the
3716 	 * user.  In the case of an initiator initiated
3717 	 * sync negotiation, we limit based on the user
3718 	 * setting.  This allows the system to still accept
3719 	 * incoming negotiations even if target initiated
3720 	 * negotiation is not performed.
3721 	 */
3722 	if (role == ROLE_TARGET)
3723 		transinfo = &tinfo->user;
3724 	else
3725 		transinfo = &tinfo->goal;
3726 	*ppr_options &= (transinfo->ppr_options|MSG_EXT_PPR_PCOMP_EN);
3727 	if (transinfo->width == MSG_EXT_WDTR_BUS_8_BIT) {
3728 		maxsync = max(maxsync, (u_int)AHD_SYNCRATE_ULTRA2);
3729 		*ppr_options &= ~MSG_EXT_PPR_DT_REQ;
3730 	}
3731 	if (transinfo->period == 0) {
3732 		*period = 0;
3733 		*ppr_options = 0;
3734 	} else {
3735 		*period = max(*period, (u_int)transinfo->period);
3736 		ahd_find_syncrate(ahd, period, ppr_options, maxsync);
3737 	}
3738 }
3739 
3740 /*
3741  * Look up the valid period to SCSIRATE conversion in our table.
3742  * Return the period and offset that should be sent to the target
3743  * if this was the beginning of an SDTR.
3744  */
3745 void
3746 ahd_find_syncrate(struct ahd_softc *ahd, u_int *period,
3747 		  u_int *ppr_options, u_int maxsync)
3748 {
3749 	if (*period < maxsync)
3750 		*period = maxsync;
3751 
3752 	if ((*ppr_options & MSG_EXT_PPR_DT_REQ) != 0
3753 	 && *period > AHD_SYNCRATE_MIN_DT)
3754 		*ppr_options &= ~MSG_EXT_PPR_DT_REQ;
3755 
3756 	if (*period > AHD_SYNCRATE_MIN)
3757 		*period = 0;
3758 
3759 	/* Honor PPR option conformance rules. */
3760 	if (*period > AHD_SYNCRATE_PACED)
3761 		*ppr_options &= ~MSG_EXT_PPR_RTI;
3762 
3763 	if ((*ppr_options & MSG_EXT_PPR_IU_REQ) == 0)
3764 		*ppr_options &= (MSG_EXT_PPR_DT_REQ|MSG_EXT_PPR_QAS_REQ);
3765 
3766 	if ((*ppr_options & MSG_EXT_PPR_DT_REQ) == 0)
3767 		*ppr_options &= MSG_EXT_PPR_QAS_REQ;
3768 
3769 	/* Skip all PACED only entries if IU is not available */
3770 	if ((*ppr_options & MSG_EXT_PPR_IU_REQ) == 0
3771 	 && *period < AHD_SYNCRATE_DT)
3772 		*period = AHD_SYNCRATE_DT;
3773 
3774 	/* Skip all DT only entries if DT is not available */
3775 	if ((*ppr_options & MSG_EXT_PPR_DT_REQ) == 0
3776 	 && *period < AHD_SYNCRATE_ULTRA2)
3777 		*period = AHD_SYNCRATE_ULTRA2;
3778 }
3779 
3780 /*
3781  * Truncate the given synchronous offset to a value the
3782  * current adapter type and syncrate are capable of.
3783  */
3784 static void
3785 ahd_validate_offset(struct ahd_softc *ahd,
3786 		    struct ahd_initiator_tinfo *tinfo,
3787 		    u_int period, u_int *offset, int wide,
3788 		    role_t role)
3789 {
3790 	u_int maxoffset;
3791 
3792 	/* Limit offset to what we can do */
3793 	if (period == 0)
3794 		maxoffset = 0;
3795 	else if (period <= AHD_SYNCRATE_PACED) {
3796 		if ((ahd->bugs & AHD_PACED_NEGTABLE_BUG) != 0)
3797 			maxoffset = MAX_OFFSET_PACED_BUG;
3798 		else
3799 			maxoffset = MAX_OFFSET_PACED;
3800 	} else
3801 		maxoffset = MAX_OFFSET_NON_PACED;
3802 	*offset = min(*offset, maxoffset);
3803 	if (tinfo != NULL) {
3804 		if (role == ROLE_TARGET)
3805 			*offset = min(*offset, (u_int)tinfo->user.offset);
3806 		else
3807 			*offset = min(*offset, (u_int)tinfo->goal.offset);
3808 	}
3809 }
3810 
3811 /*
3812  * Truncate the given transfer width parameter to a value the
3813  * current adapter type is capable of.
3814  */
3815 static void
3816 ahd_validate_width(struct ahd_softc *ahd, struct ahd_initiator_tinfo *tinfo,
3817 		   u_int *bus_width, role_t role)
3818 {
3819 	switch (*bus_width) {
3820 	default:
3821 		if (ahd->features & AHD_WIDE) {
3822 			/* Respond Wide */
3823 			*bus_width = MSG_EXT_WDTR_BUS_16_BIT;
3824 			break;
3825 		}
3826 		/* FALLTHROUGH */
3827 	case MSG_EXT_WDTR_BUS_8_BIT:
3828 		*bus_width = MSG_EXT_WDTR_BUS_8_BIT;
3829 		break;
3830 	}
3831 	if (tinfo != NULL) {
3832 		if (role == ROLE_TARGET)
3833 			*bus_width = min((u_int)tinfo->user.width, *bus_width);
3834 		else
3835 			*bus_width = min((u_int)tinfo->goal.width, *bus_width);
3836 	}
3837 }
3838 
3839 /*
3840  * Update the bitmask of targets for which the controller should
3841  * negotiate with at the next convenient oportunity.  This currently
3842  * means the next time we send the initial identify messages for
3843  * a new transaction.
3844  */
3845 int
3846 ahd_update_neg_request(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
3847 		       struct ahd_tmode_tstate *tstate,
3848 		       struct ahd_initiator_tinfo *tinfo, ahd_neg_type neg_type)
3849 {
3850 	u_int auto_negotiate_orig;
3851 
3852 	auto_negotiate_orig = tstate->auto_negotiate;
3853 	if (neg_type == AHD_NEG_ALWAYS) {
3854 		/*
3855 		 * Force our "current" settings to be
3856 		 * unknown so that unless a bus reset
3857 		 * occurs the need to renegotiate is
3858 		 * recorded persistently.
3859 		 */
3860 		if ((ahd->features & AHD_WIDE) != 0)
3861 			tinfo->curr.width = AHD_WIDTH_UNKNOWN;
3862 		tinfo->curr.period = AHD_PERIOD_UNKNOWN;
3863 		tinfo->curr.offset = AHD_OFFSET_UNKNOWN;
3864 	}
3865 	if (tinfo->curr.period != tinfo->goal.period
3866 	 || tinfo->curr.width != tinfo->goal.width
3867 	 || tinfo->curr.offset != tinfo->goal.offset
3868 	 || tinfo->curr.ppr_options != tinfo->goal.ppr_options
3869 	 || (neg_type == AHD_NEG_IF_NON_ASYNC
3870 	  && (tinfo->goal.offset != 0
3871 	   || tinfo->goal.width != MSG_EXT_WDTR_BUS_8_BIT
3872 	   || tinfo->goal.ppr_options != 0)))
3873 		tstate->auto_negotiate |= devinfo->target_mask;
3874 	else
3875 		tstate->auto_negotiate &= ~devinfo->target_mask;
3876 
3877 	return (auto_negotiate_orig != tstate->auto_negotiate);
3878 }
3879 
3880 /*
3881  * Update the user/goal/curr tables of synchronous negotiation
3882  * parameters as well as, in the case of a current or active update,
3883  * any data structures on the host controller.  In the case of an
3884  * active update, the specified target is currently talking to us on
3885  * the bus, so the transfer parameter update must take effect
3886  * immediately.
3887  */
3888 void
3889 ahd_set_syncrate(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
3890 		 u_int period, u_int offset, u_int ppr_options,
3891 		 u_int type, int paused)
3892 {
3893 	struct	ahd_initiator_tinfo *tinfo;
3894 	struct	ahd_tmode_tstate *tstate;
3895 	u_int	old_period;
3896 	u_int	old_offset;
3897 	u_int	old_ppr;
3898 	int	active;
3899 	int	update_needed;
3900 
3901 	active = (type & AHD_TRANS_ACTIVE) == AHD_TRANS_ACTIVE;
3902 	update_needed = 0;
3903 
3904 	if (period == 0 || offset == 0) {
3905 		period = 0;
3906 		offset = 0;
3907 	}
3908 
3909 	tinfo = ahd_fetch_transinfo(ahd, devinfo->channel, devinfo->our_scsiid,
3910 				    devinfo->target, &tstate);
3911 
3912 	if ((type & AHD_TRANS_USER) != 0) {
3913 		tinfo->user.period = period;
3914 		tinfo->user.offset = offset;
3915 		tinfo->user.ppr_options = ppr_options;
3916 	}
3917 
3918 	if ((type & AHD_TRANS_GOAL) != 0) {
3919 		tinfo->goal.period = period;
3920 		tinfo->goal.offset = offset;
3921 		tinfo->goal.ppr_options = ppr_options;
3922 	}
3923 
3924 	old_period = tinfo->curr.period;
3925 	old_offset = tinfo->curr.offset;
3926 	old_ppr	   = tinfo->curr.ppr_options;
3927 
3928 	if ((type & AHD_TRANS_CUR) != 0
3929 	 && (old_period != period
3930 	  || old_offset != offset
3931 	  || old_ppr != ppr_options)) {
3932 
3933 		update_needed++;
3934 
3935 		tinfo->curr.period = period;
3936 		tinfo->curr.offset = offset;
3937 		tinfo->curr.ppr_options = ppr_options;
3938 
3939 		ahd_send_async(ahd, devinfo->channel, devinfo->target,
3940 			       CAM_LUN_WILDCARD, AC_TRANSFER_NEG);
3941 		if (bootverbose) {
3942 			if (offset != 0) {
3943 				int options;
3944 
3945 				printf("%s: target %d synchronous with "
3946 				       "period = 0x%x, offset = 0x%x",
3947 				       ahd_name(ahd), devinfo->target,
3948 				       period, offset);
3949 				options = 0;
3950 				if ((ppr_options & MSG_EXT_PPR_RD_STRM) != 0) {
3951 					printf("(RDSTRM");
3952 					options++;
3953 				}
3954 				if ((ppr_options & MSG_EXT_PPR_DT_REQ) != 0) {
3955 					printf("%s", options ? "|DT" : "(DT");
3956 					options++;
3957 				}
3958 				if ((ppr_options & MSG_EXT_PPR_IU_REQ) != 0) {
3959 					printf("%s", options ? "|IU" : "(IU");
3960 					options++;
3961 				}
3962 				if ((ppr_options & MSG_EXT_PPR_RTI) != 0) {
3963 					printf("%s", options ? "|RTI" : "(RTI");
3964 					options++;
3965 				}
3966 				if ((ppr_options & MSG_EXT_PPR_QAS_REQ) != 0) {
3967 					printf("%s", options ? "|QAS" : "(QAS");
3968 					options++;
3969 				}
3970 				if (options != 0)
3971 					printf(")\n");
3972 				else
3973 					printf("\n");
3974 			} else {
3975 				printf("%s: target %d using "
3976 				       "asynchronous transfers%s\n",
3977 				       ahd_name(ahd), devinfo->target,
3978 				       (ppr_options & MSG_EXT_PPR_QAS_REQ) != 0
3979 				     ?  "(QAS)" : "");
3980 			}
3981 		}
3982 	}
3983 	/*
3984 	 * Always refresh the neg-table to handle the case of the
3985 	 * sequencer setting the ENATNO bit for a MK_MESSAGE request.
3986 	 * We will always renegotiate in that case if this is a
3987 	 * packetized request.  Also manage the busfree expected flag
3988 	 * from this common routine so that we catch changes due to
3989 	 * WDTR or SDTR messages.
3990 	 */
3991 	if ((type & AHD_TRANS_CUR) != 0) {
3992 		if (!paused)
3993 			ahd_pause(ahd);
3994 		ahd_update_neg_table(ahd, devinfo, &tinfo->curr);
3995 		if (!paused)
3996 			ahd_unpause(ahd);
3997 		if (ahd->msg_type != MSG_TYPE_NONE) {
3998 			if ((old_ppr & MSG_EXT_PPR_IU_REQ)
3999 			 != (ppr_options & MSG_EXT_PPR_IU_REQ)) {
4000 #ifdef AHD_DEBUG
4001 				if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
4002 					ahd_print_devinfo(ahd, devinfo);
4003 					printf("Expecting IU Change busfree\n");
4004 				}
4005 #endif
4006 				ahd->msg_flags |= MSG_FLAG_EXPECT_PPR_BUSFREE
4007 					       |  MSG_FLAG_IU_REQ_CHANGED;
4008 			}
4009 			if ((old_ppr & MSG_EXT_PPR_IU_REQ) != 0) {
4010 #ifdef AHD_DEBUG
4011 				if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
4012 					printf("PPR with IU_REQ outstanding\n");
4013 #endif
4014 				ahd->msg_flags |= MSG_FLAG_EXPECT_PPR_BUSFREE;
4015 			}
4016 		}
4017 	}
4018 
4019 	update_needed += ahd_update_neg_request(ahd, devinfo, tstate,
4020 						tinfo, AHD_NEG_TO_GOAL);
4021 
4022 	if (update_needed && active)
4023 		ahd_update_pending_scbs(ahd);
4024 }
4025 
4026 /*
4027  * Update the user/goal/curr tables of wide negotiation
4028  * parameters as well as, in the case of a current or active update,
4029  * any data structures on the host controller.  In the case of an
4030  * active update, the specified target is currently talking to us on
4031  * the bus, so the transfer parameter update must take effect
4032  * immediately.
4033  */
4034 void
4035 ahd_set_width(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4036 	      u_int width, u_int type, int paused)
4037 {
4038 	struct	ahd_initiator_tinfo *tinfo;
4039 	struct	ahd_tmode_tstate *tstate;
4040 	u_int	oldwidth;
4041 	int	active;
4042 	int	update_needed;
4043 
4044 	active = (type & AHD_TRANS_ACTIVE) == AHD_TRANS_ACTIVE;
4045 	update_needed = 0;
4046 	tinfo = ahd_fetch_transinfo(ahd, devinfo->channel, devinfo->our_scsiid,
4047 				    devinfo->target, &tstate);
4048 
4049 	if ((type & AHD_TRANS_USER) != 0)
4050 		tinfo->user.width = width;
4051 
4052 	if ((type & AHD_TRANS_GOAL) != 0)
4053 		tinfo->goal.width = width;
4054 
4055 	oldwidth = tinfo->curr.width;
4056 	if ((type & AHD_TRANS_CUR) != 0 && oldwidth != width) {
4057 
4058 		update_needed++;
4059 
4060 		tinfo->curr.width = width;
4061 		ahd_send_async(ahd, devinfo->channel, devinfo->target,
4062 			       CAM_LUN_WILDCARD, AC_TRANSFER_NEG);
4063 		if (bootverbose) {
4064 			printf("%s: target %d using %dbit transfers\n",
4065 			       ahd_name(ahd), devinfo->target,
4066 			       8 * (0x01 << width));
4067 		}
4068 	}
4069 
4070 	if ((type & AHD_TRANS_CUR) != 0) {
4071 		if (!paused)
4072 			ahd_pause(ahd);
4073 		ahd_update_neg_table(ahd, devinfo, &tinfo->curr);
4074 		if (!paused)
4075 			ahd_unpause(ahd);
4076 	}
4077 
4078 	update_needed += ahd_update_neg_request(ahd, devinfo, tstate,
4079 						tinfo, AHD_NEG_TO_GOAL);
4080 	if (update_needed && active)
4081 		ahd_update_pending_scbs(ahd);
4082 
4083 }
4084 
4085 /*
4086  * Update the current state of tagged queuing for a given target.
4087  */
4088 static void
4089 ahd_set_tags(struct ahd_softc *ahd, struct scsi_cmnd *cmd,
4090 	     struct ahd_devinfo *devinfo, ahd_queue_alg alg)
4091 {
4092 	struct scsi_device *sdev = cmd->device;
4093 
4094 	ahd_platform_set_tags(ahd, sdev, devinfo, alg);
4095 	ahd_send_async(ahd, devinfo->channel, devinfo->target,
4096 		       devinfo->lun, AC_TRANSFER_NEG);
4097 }
4098 
4099 static void
4100 ahd_update_neg_table(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4101 		     struct ahd_transinfo *tinfo)
4102 {
4103 	ahd_mode_state	saved_modes;
4104 	u_int		period;
4105 	u_int		ppr_opts;
4106 	u_int		con_opts;
4107 	u_int		offset;
4108 	u_int		saved_negoaddr;
4109 	uint8_t		iocell_opts[sizeof(ahd->iocell_opts)];
4110 
4111 	saved_modes = ahd_save_modes(ahd);
4112 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
4113 
4114 	saved_negoaddr = ahd_inb(ahd, NEGOADDR);
4115 	ahd_outb(ahd, NEGOADDR, devinfo->target);
4116 	period = tinfo->period;
4117 	offset = tinfo->offset;
4118 	memcpy(iocell_opts, ahd->iocell_opts, sizeof(ahd->iocell_opts));
4119 	ppr_opts = tinfo->ppr_options & (MSG_EXT_PPR_QAS_REQ|MSG_EXT_PPR_DT_REQ
4120 					|MSG_EXT_PPR_IU_REQ|MSG_EXT_PPR_RTI);
4121 	con_opts = 0;
4122 	if (period == 0)
4123 		period = AHD_SYNCRATE_ASYNC;
4124 	if (period == AHD_SYNCRATE_160) {
4125 
4126 		if ((ahd->bugs & AHD_PACED_NEGTABLE_BUG) != 0) {
4127 			/*
4128 			 * When the SPI4 spec was finalized, PACE transfers
4129 			 * was not made a configurable option in the PPR
4130 			 * message.  Instead it is assumed to be enabled for
4131 			 * any syncrate faster than 80MHz.  Nevertheless,
4132 			 * Harpoon2A4 allows this to be configurable.
4133 			 *
4134 			 * Harpoon2A4 also assumes at most 2 data bytes per
4135 			 * negotiated REQ/ACK offset.  Paced transfers take
4136 			 * 4, so we must adjust our offset.
4137 			 */
4138 			ppr_opts |= PPROPT_PACE;
4139 			offset *= 2;
4140 
4141 			/*
4142 			 * Harpoon2A assumed that there would be a
4143 			 * fallback rate between 160MHz and 80MHz,
4144 			 * so 7 is used as the period factor rather
4145 			 * than 8 for 160MHz.
4146 			 */
4147 			period = AHD_SYNCRATE_REVA_160;
4148 		}
4149 		if ((tinfo->ppr_options & MSG_EXT_PPR_PCOMP_EN) == 0)
4150 			iocell_opts[AHD_PRECOMP_SLEW_INDEX] &=
4151 			    ~AHD_PRECOMP_MASK;
4152 	} else {
4153 		/*
4154 		 * Precomp should be disabled for non-paced transfers.
4155 		 */
4156 		iocell_opts[AHD_PRECOMP_SLEW_INDEX] &= ~AHD_PRECOMP_MASK;
4157 
4158 		if ((ahd->features & AHD_NEW_IOCELL_OPTS) != 0
4159 		 && (ppr_opts & MSG_EXT_PPR_DT_REQ) != 0
4160 		 && (ppr_opts & MSG_EXT_PPR_IU_REQ) == 0) {
4161 			/*
4162 			 * Slow down our CRC interval to be
4163 			 * compatible with non-packetized
4164 			 * U160 devices that can't handle a
4165 			 * CRC at full speed.
4166 			 */
4167 			con_opts |= ENSLOWCRC;
4168 		}
4169 
4170 		if ((ahd->bugs & AHD_PACED_NEGTABLE_BUG) != 0) {
4171 			/*
4172 			 * On H2A4, revert to a slower slewrate
4173 			 * on non-paced transfers.
4174 			 */
4175 			iocell_opts[AHD_PRECOMP_SLEW_INDEX] &=
4176 			    ~AHD_SLEWRATE_MASK;
4177 		}
4178 	}
4179 
4180 	ahd_outb(ahd, ANNEXCOL, AHD_ANNEXCOL_PRECOMP_SLEW);
4181 	ahd_outb(ahd, ANNEXDAT, iocell_opts[AHD_PRECOMP_SLEW_INDEX]);
4182 	ahd_outb(ahd, ANNEXCOL, AHD_ANNEXCOL_AMPLITUDE);
4183 	ahd_outb(ahd, ANNEXDAT, iocell_opts[AHD_AMPLITUDE_INDEX]);
4184 
4185 	ahd_outb(ahd, NEGPERIOD, period);
4186 	ahd_outb(ahd, NEGPPROPTS, ppr_opts);
4187 	ahd_outb(ahd, NEGOFFSET, offset);
4188 
4189 	if (tinfo->width == MSG_EXT_WDTR_BUS_16_BIT)
4190 		con_opts |= WIDEXFER;
4191 
4192 	/*
4193 	 * Slow down our CRC interval to be
4194 	 * compatible with packetized U320 devices
4195 	 * that can't handle a CRC at full speed
4196 	 */
4197 	if (ahd->features & AHD_AIC79XXB_SLOWCRC) {
4198 		con_opts |= ENSLOWCRC;
4199 	}
4200 
4201 	/*
4202 	 * During packetized transfers, the target will
4203 	 * give us the oportunity to send command packets
4204 	 * without us asserting attention.
4205 	 */
4206 	if ((tinfo->ppr_options & MSG_EXT_PPR_IU_REQ) == 0)
4207 		con_opts |= ENAUTOATNO;
4208 	ahd_outb(ahd, NEGCONOPTS, con_opts);
4209 	ahd_outb(ahd, NEGOADDR, saved_negoaddr);
4210 	ahd_restore_modes(ahd, saved_modes);
4211 }
4212 
4213 /*
4214  * When the transfer settings for a connection change, setup for
4215  * negotiation in pending SCBs to effect the change as quickly as
4216  * possible.  We also cancel any negotiations that are scheduled
4217  * for inflight SCBs that have not been started yet.
4218  */
4219 static void
4220 ahd_update_pending_scbs(struct ahd_softc *ahd)
4221 {
4222 	struct		scb *pending_scb;
4223 	int		pending_scb_count;
4224 	int		paused;
4225 	u_int		saved_scbptr;
4226 	ahd_mode_state	saved_modes;
4227 
4228 	/*
4229 	 * Traverse the pending SCB list and ensure that all of the
4230 	 * SCBs there have the proper settings.  We can only safely
4231 	 * clear the negotiation required flag (setting requires the
4232 	 * execution queue to be modified) and this is only possible
4233 	 * if we are not already attempting to select out for this
4234 	 * SCB.  For this reason, all callers only call this routine
4235 	 * if we are changing the negotiation settings for the currently
4236 	 * active transaction on the bus.
4237 	 */
4238 	pending_scb_count = 0;
4239 	LIST_FOREACH(pending_scb, &ahd->pending_scbs, pending_links) {
4240 		struct ahd_devinfo devinfo;
4241 		struct ahd_initiator_tinfo *tinfo;
4242 		struct ahd_tmode_tstate *tstate;
4243 
4244 		ahd_scb_devinfo(ahd, &devinfo, pending_scb);
4245 		tinfo = ahd_fetch_transinfo(ahd, devinfo.channel,
4246 					    devinfo.our_scsiid,
4247 					    devinfo.target, &tstate);
4248 		if ((tstate->auto_negotiate & devinfo.target_mask) == 0
4249 		 && (pending_scb->flags & SCB_AUTO_NEGOTIATE) != 0) {
4250 			pending_scb->flags &= ~SCB_AUTO_NEGOTIATE;
4251 			pending_scb->hscb->control &= ~MK_MESSAGE;
4252 		}
4253 		ahd_sync_scb(ahd, pending_scb,
4254 			     BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE);
4255 		pending_scb_count++;
4256 	}
4257 
4258 	if (pending_scb_count == 0)
4259 		return;
4260 
4261 	if (ahd_is_paused(ahd)) {
4262 		paused = 1;
4263 	} else {
4264 		paused = 0;
4265 		ahd_pause(ahd);
4266 	}
4267 
4268 	/*
4269 	 * Force the sequencer to reinitialize the selection for
4270 	 * the command at the head of the execution queue if it
4271 	 * has already been setup.  The negotiation changes may
4272 	 * effect whether we select-out with ATN.  It is only
4273 	 * safe to clear ENSELO when the bus is not free and no
4274 	 * selection is in progres or completed.
4275 	 */
4276 	saved_modes = ahd_save_modes(ahd);
4277 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
4278 	if ((ahd_inb(ahd, SCSISIGI) & BSYI) != 0
4279 	 && (ahd_inb(ahd, SSTAT0) & (SELDO|SELINGO)) == 0)
4280 		ahd_outb(ahd, SCSISEQ0, ahd_inb(ahd, SCSISEQ0) & ~ENSELO);
4281 	saved_scbptr = ahd_get_scbptr(ahd);
4282 	/* Ensure that the hscbs down on the card match the new information */
4283 	LIST_FOREACH(pending_scb, &ahd->pending_scbs, pending_links) {
4284 		u_int	scb_tag;
4285 		u_int	control;
4286 
4287 		scb_tag = SCB_GET_TAG(pending_scb);
4288 		ahd_set_scbptr(ahd, scb_tag);
4289 		control = ahd_inb_scbram(ahd, SCB_CONTROL);
4290 		control &= ~MK_MESSAGE;
4291 		control |= pending_scb->hscb->control & MK_MESSAGE;
4292 		ahd_outb(ahd, SCB_CONTROL, control);
4293 	}
4294 	ahd_set_scbptr(ahd, saved_scbptr);
4295 	ahd_restore_modes(ahd, saved_modes);
4296 
4297 	if (paused == 0)
4298 		ahd_unpause(ahd);
4299 }
4300 
4301 /**************************** Pathing Information *****************************/
4302 static void
4303 ahd_fetch_devinfo(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
4304 {
4305 	ahd_mode_state	saved_modes;
4306 	u_int		saved_scsiid;
4307 	role_t		role;
4308 	int		our_id;
4309 
4310 	saved_modes = ahd_save_modes(ahd);
4311 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
4312 
4313 	if (ahd_inb(ahd, SSTAT0) & TARGET)
4314 		role = ROLE_TARGET;
4315 	else
4316 		role = ROLE_INITIATOR;
4317 
4318 	if (role == ROLE_TARGET
4319 	 && (ahd_inb(ahd, SEQ_FLAGS) & CMDPHASE_PENDING) != 0) {
4320 		/* We were selected, so pull our id from TARGIDIN */
4321 		our_id = ahd_inb(ahd, TARGIDIN) & OID;
4322 	} else if (role == ROLE_TARGET)
4323 		our_id = ahd_inb(ahd, TOWNID);
4324 	else
4325 		our_id = ahd_inb(ahd, IOWNID);
4326 
4327 	saved_scsiid = ahd_inb(ahd, SAVED_SCSIID);
4328 	ahd_compile_devinfo(devinfo,
4329 			    our_id,
4330 			    SCSIID_TARGET(ahd, saved_scsiid),
4331 			    ahd_inb(ahd, SAVED_LUN),
4332 			    SCSIID_CHANNEL(ahd, saved_scsiid),
4333 			    role);
4334 	ahd_restore_modes(ahd, saved_modes);
4335 }
4336 
4337 void
4338 ahd_print_devinfo(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
4339 {
4340 	printf("%s:%c:%d:%d: ", ahd_name(ahd), 'A',
4341 	       devinfo->target, devinfo->lun);
4342 }
4343 
4344 static const struct ahd_phase_table_entry*
4345 ahd_lookup_phase_entry(int phase)
4346 {
4347 	const struct ahd_phase_table_entry *entry;
4348 	const struct ahd_phase_table_entry *last_entry;
4349 
4350 	/*
4351 	 * num_phases doesn't include the default entry which
4352 	 * will be returned if the phase doesn't match.
4353 	 */
4354 	last_entry = &ahd_phase_table[num_phases];
4355 	for (entry = ahd_phase_table; entry < last_entry; entry++) {
4356 		if (phase == entry->phase)
4357 			break;
4358 	}
4359 	return (entry);
4360 }
4361 
4362 void
4363 ahd_compile_devinfo(struct ahd_devinfo *devinfo, u_int our_id, u_int target,
4364 		    u_int lun, char channel, role_t role)
4365 {
4366 	devinfo->our_scsiid = our_id;
4367 	devinfo->target = target;
4368 	devinfo->lun = lun;
4369 	devinfo->target_offset = target;
4370 	devinfo->channel = channel;
4371 	devinfo->role = role;
4372 	if (channel == 'B')
4373 		devinfo->target_offset += 8;
4374 	devinfo->target_mask = (0x01 << devinfo->target_offset);
4375 }
4376 
4377 static void
4378 ahd_scb_devinfo(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4379 		struct scb *scb)
4380 {
4381 	role_t	role;
4382 	int	our_id;
4383 
4384 	our_id = SCSIID_OUR_ID(scb->hscb->scsiid);
4385 	role = ROLE_INITIATOR;
4386 	if ((scb->hscb->control & TARGET_SCB) != 0)
4387 		role = ROLE_TARGET;
4388 	ahd_compile_devinfo(devinfo, our_id, SCB_GET_TARGET(ahd, scb),
4389 			    SCB_GET_LUN(scb), SCB_GET_CHANNEL(ahd, scb), role);
4390 }
4391 
4392 
4393 /************************ Message Phase Processing ****************************/
4394 /*
4395  * When an initiator transaction with the MK_MESSAGE flag either reconnects
4396  * or enters the initial message out phase, we are interrupted.  Fill our
4397  * outgoing message buffer with the appropriate message and beging handing
4398  * the message phase(s) manually.
4399  */
4400 static void
4401 ahd_setup_initiator_msgout(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4402 			   struct scb *scb)
4403 {
4404 	/*
4405 	 * To facilitate adding multiple messages together,
4406 	 * each routine should increment the index and len
4407 	 * variables instead of setting them explicitly.
4408 	 */
4409 	ahd->msgout_index = 0;
4410 	ahd->msgout_len = 0;
4411 
4412 	if (ahd_currently_packetized(ahd))
4413 		ahd->msg_flags |= MSG_FLAG_PACKETIZED;
4414 
4415 	if (ahd->send_msg_perror
4416 	 && ahd_inb(ahd, MSG_OUT) == HOST_MSG) {
4417 		ahd->msgout_buf[ahd->msgout_index++] = ahd->send_msg_perror;
4418 		ahd->msgout_len++;
4419 		ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
4420 #ifdef AHD_DEBUG
4421 		if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
4422 			printf("Setting up for Parity Error delivery\n");
4423 #endif
4424 		return;
4425 	} else if (scb == NULL) {
4426 		printf("%s: WARNING. No pending message for "
4427 		       "I_T msgin.  Issuing NO-OP\n", ahd_name(ahd));
4428 		ahd->msgout_buf[ahd->msgout_index++] = MSG_NOOP;
4429 		ahd->msgout_len++;
4430 		ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
4431 		return;
4432 	}
4433 
4434 	if ((scb->flags & SCB_DEVICE_RESET) == 0
4435 	 && (scb->flags & SCB_PACKETIZED) == 0
4436 	 && ahd_inb(ahd, MSG_OUT) == MSG_IDENTIFYFLAG) {
4437 		u_int identify_msg;
4438 
4439 		identify_msg = MSG_IDENTIFYFLAG | SCB_GET_LUN(scb);
4440 		if ((scb->hscb->control & DISCENB) != 0)
4441 			identify_msg |= MSG_IDENTIFY_DISCFLAG;
4442 		ahd->msgout_buf[ahd->msgout_index++] = identify_msg;
4443 		ahd->msgout_len++;
4444 
4445 		if ((scb->hscb->control & TAG_ENB) != 0) {
4446 			ahd->msgout_buf[ahd->msgout_index++] =
4447 			    scb->hscb->control & (TAG_ENB|SCB_TAG_TYPE);
4448 			ahd->msgout_buf[ahd->msgout_index++] = SCB_GET_TAG(scb);
4449 			ahd->msgout_len += 2;
4450 		}
4451 	}
4452 
4453 	if (scb->flags & SCB_DEVICE_RESET) {
4454 		ahd->msgout_buf[ahd->msgout_index++] = MSG_BUS_DEV_RESET;
4455 		ahd->msgout_len++;
4456 		ahd_print_path(ahd, scb);
4457 		printf("Bus Device Reset Message Sent\n");
4458 		/*
4459 		 * Clear our selection hardware in advance of
4460 		 * the busfree.  We may have an entry in the waiting
4461 		 * Q for this target, and we don't want to go about
4462 		 * selecting while we handle the busfree and blow it
4463 		 * away.
4464 		 */
4465 		ahd_outb(ahd, SCSISEQ0, 0);
4466 	} else if ((scb->flags & SCB_ABORT) != 0) {
4467 
4468 		if ((scb->hscb->control & TAG_ENB) != 0) {
4469 			ahd->msgout_buf[ahd->msgout_index++] = MSG_ABORT_TAG;
4470 		} else {
4471 			ahd->msgout_buf[ahd->msgout_index++] = MSG_ABORT;
4472 		}
4473 		ahd->msgout_len++;
4474 		ahd_print_path(ahd, scb);
4475 		printf("Abort%s Message Sent\n",
4476 		       (scb->hscb->control & TAG_ENB) != 0 ? " Tag" : "");
4477 		/*
4478 		 * Clear our selection hardware in advance of
4479 		 * the busfree.  We may have an entry in the waiting
4480 		 * Q for this target, and we don't want to go about
4481 		 * selecting while we handle the busfree and blow it
4482 		 * away.
4483 		 */
4484 		ahd_outb(ahd, SCSISEQ0, 0);
4485 	} else if ((scb->flags & (SCB_AUTO_NEGOTIATE|SCB_NEGOTIATE)) != 0) {
4486 		ahd_build_transfer_msg(ahd, devinfo);
4487 		/*
4488 		 * Clear our selection hardware in advance of potential
4489 		 * PPR IU status change busfree.  We may have an entry in
4490 		 * the waiting Q for this target, and we don't want to go
4491 		 * about selecting while we handle the busfree and blow
4492 		 * it away.
4493 		 */
4494 		ahd_outb(ahd, SCSISEQ0, 0);
4495 	} else {
4496 		printf("ahd_intr: AWAITING_MSG for an SCB that "
4497 		       "does not have a waiting message\n");
4498 		printf("SCSIID = %x, target_mask = %x\n", scb->hscb->scsiid,
4499 		       devinfo->target_mask);
4500 		panic("SCB = %d, SCB Control = %x:%x, MSG_OUT = %x "
4501 		      "SCB flags = %x", SCB_GET_TAG(scb), scb->hscb->control,
4502 		      ahd_inb_scbram(ahd, SCB_CONTROL), ahd_inb(ahd, MSG_OUT),
4503 		      scb->flags);
4504 	}
4505 
4506 	/*
4507 	 * Clear the MK_MESSAGE flag from the SCB so we aren't
4508 	 * asked to send this message again.
4509 	 */
4510 	ahd_outb(ahd, SCB_CONTROL,
4511 		 ahd_inb_scbram(ahd, SCB_CONTROL) & ~MK_MESSAGE);
4512 	scb->hscb->control &= ~MK_MESSAGE;
4513 	ahd->msgout_index = 0;
4514 	ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
4515 }
4516 
4517 /*
4518  * Build an appropriate transfer negotiation message for the
4519  * currently active target.
4520  */
4521 static void
4522 ahd_build_transfer_msg(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
4523 {
4524 	/*
4525 	 * We need to initiate transfer negotiations.
4526 	 * If our current and goal settings are identical,
4527 	 * we want to renegotiate due to a check condition.
4528 	 */
4529 	struct	ahd_initiator_tinfo *tinfo;
4530 	struct	ahd_tmode_tstate *tstate;
4531 	int	dowide;
4532 	int	dosync;
4533 	int	doppr;
4534 	u_int	period;
4535 	u_int	ppr_options;
4536 	u_int	offset;
4537 
4538 	tinfo = ahd_fetch_transinfo(ahd, devinfo->channel, devinfo->our_scsiid,
4539 				    devinfo->target, &tstate);
4540 	/*
4541 	 * Filter our period based on the current connection.
4542 	 * If we can't perform DT transfers on this segment (not in LVD
4543 	 * mode for instance), then our decision to issue a PPR message
4544 	 * may change.
4545 	 */
4546 	period = tinfo->goal.period;
4547 	offset = tinfo->goal.offset;
4548 	ppr_options = tinfo->goal.ppr_options;
4549 	/* Target initiated PPR is not allowed in the SCSI spec */
4550 	if (devinfo->role == ROLE_TARGET)
4551 		ppr_options = 0;
4552 	ahd_devlimited_syncrate(ahd, tinfo, &period,
4553 				&ppr_options, devinfo->role);
4554 	dowide = tinfo->curr.width != tinfo->goal.width;
4555 	dosync = tinfo->curr.offset != offset || tinfo->curr.period != period;
4556 	/*
4557 	 * Only use PPR if we have options that need it, even if the device
4558 	 * claims to support it.  There might be an expander in the way
4559 	 * that doesn't.
4560 	 */
4561 	doppr = ppr_options != 0;
4562 
4563 	if (!dowide && !dosync && !doppr) {
4564 		dowide = tinfo->goal.width != MSG_EXT_WDTR_BUS_8_BIT;
4565 		dosync = tinfo->goal.offset != 0;
4566 	}
4567 
4568 	if (!dowide && !dosync && !doppr) {
4569 		/*
4570 		 * Force async with a WDTR message if we have a wide bus,
4571 		 * or just issue an SDTR with a 0 offset.
4572 		 */
4573 		if ((ahd->features & AHD_WIDE) != 0)
4574 			dowide = 1;
4575 		else
4576 			dosync = 1;
4577 
4578 		if (bootverbose) {
4579 			ahd_print_devinfo(ahd, devinfo);
4580 			printf("Ensuring async\n");
4581 		}
4582 	}
4583 	/* Target initiated PPR is not allowed in the SCSI spec */
4584 	if (devinfo->role == ROLE_TARGET)
4585 		doppr = 0;
4586 
4587 	/*
4588 	 * Both the PPR message and SDTR message require the
4589 	 * goal syncrate to be limited to what the target device
4590 	 * is capable of handling (based on whether an LVD->SE
4591 	 * expander is on the bus), so combine these two cases.
4592 	 * Regardless, guarantee that if we are using WDTR and SDTR
4593 	 * messages that WDTR comes first.
4594 	 */
4595 	if (doppr || (dosync && !dowide)) {
4596 
4597 		offset = tinfo->goal.offset;
4598 		ahd_validate_offset(ahd, tinfo, period, &offset,
4599 				    doppr ? tinfo->goal.width
4600 					  : tinfo->curr.width,
4601 				    devinfo->role);
4602 		if (doppr) {
4603 			ahd_construct_ppr(ahd, devinfo, period, offset,
4604 					  tinfo->goal.width, ppr_options);
4605 		} else {
4606 			ahd_construct_sdtr(ahd, devinfo, period, offset);
4607 		}
4608 	} else {
4609 		ahd_construct_wdtr(ahd, devinfo, tinfo->goal.width);
4610 	}
4611 }
4612 
4613 /*
4614  * Build a synchronous negotiation message in our message
4615  * buffer based on the input parameters.
4616  */
4617 static void
4618 ahd_construct_sdtr(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4619 		   u_int period, u_int offset)
4620 {
4621 	if (offset == 0)
4622 		period = AHD_ASYNC_XFER_PERIOD;
4623 	ahd->msgout_index += spi_populate_sync_msg(
4624 			ahd->msgout_buf + ahd->msgout_index, period, offset);
4625 	ahd->msgout_len += 5;
4626 	if (bootverbose) {
4627 		printf("(%s:%c:%d:%d): Sending SDTR period %x, offset %x\n",
4628 		       ahd_name(ahd), devinfo->channel, devinfo->target,
4629 		       devinfo->lun, period, offset);
4630 	}
4631 }
4632 
4633 /*
4634  * Build a wide negotiateion message in our message
4635  * buffer based on the input parameters.
4636  */
4637 static void
4638 ahd_construct_wdtr(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4639 		   u_int bus_width)
4640 {
4641 	ahd->msgout_index += spi_populate_width_msg(
4642 			ahd->msgout_buf + ahd->msgout_index, bus_width);
4643 	ahd->msgout_len += 4;
4644 	if (bootverbose) {
4645 		printf("(%s:%c:%d:%d): Sending WDTR %x\n",
4646 		       ahd_name(ahd), devinfo->channel, devinfo->target,
4647 		       devinfo->lun, bus_width);
4648 	}
4649 }
4650 
4651 /*
4652  * Build a parallel protocol request message in our message
4653  * buffer based on the input parameters.
4654  */
4655 static void
4656 ahd_construct_ppr(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
4657 		  u_int period, u_int offset, u_int bus_width,
4658 		  u_int ppr_options)
4659 {
4660 	/*
4661 	 * Always request precompensation from
4662 	 * the other target if we are running
4663 	 * at paced syncrates.
4664 	 */
4665 	if (period <= AHD_SYNCRATE_PACED)
4666 		ppr_options |= MSG_EXT_PPR_PCOMP_EN;
4667 	if (offset == 0)
4668 		period = AHD_ASYNC_XFER_PERIOD;
4669 	ahd->msgout_index += spi_populate_ppr_msg(
4670 			ahd->msgout_buf + ahd->msgout_index, period, offset,
4671 			bus_width, ppr_options);
4672 	ahd->msgout_len += 8;
4673 	if (bootverbose) {
4674 		printf("(%s:%c:%d:%d): Sending PPR bus_width %x, period %x, "
4675 		       "offset %x, ppr_options %x\n", ahd_name(ahd),
4676 		       devinfo->channel, devinfo->target, devinfo->lun,
4677 		       bus_width, period, offset, ppr_options);
4678 	}
4679 }
4680 
4681 /*
4682  * Clear any active message state.
4683  */
4684 static void
4685 ahd_clear_msg_state(struct ahd_softc *ahd)
4686 {
4687 	ahd_mode_state saved_modes;
4688 
4689 	saved_modes = ahd_save_modes(ahd);
4690 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
4691 	ahd->send_msg_perror = 0;
4692 	ahd->msg_flags = MSG_FLAG_NONE;
4693 	ahd->msgout_len = 0;
4694 	ahd->msgin_index = 0;
4695 	ahd->msg_type = MSG_TYPE_NONE;
4696 	if ((ahd_inb(ahd, SCSISIGO) & ATNO) != 0) {
4697 		/*
4698 		 * The target didn't care to respond to our
4699 		 * message request, so clear ATN.
4700 		 */
4701 		ahd_outb(ahd, CLRSINT1, CLRATNO);
4702 	}
4703 	ahd_outb(ahd, MSG_OUT, MSG_NOOP);
4704 	ahd_outb(ahd, SEQ_FLAGS2,
4705 		 ahd_inb(ahd, SEQ_FLAGS2) & ~TARGET_MSG_PENDING);
4706 	ahd_restore_modes(ahd, saved_modes);
4707 }
4708 
4709 /*
4710  * Manual message loop handler.
4711  */
4712 static void
4713 ahd_handle_message_phase(struct ahd_softc *ahd)
4714 {
4715 	struct	ahd_devinfo devinfo;
4716 	u_int	bus_phase;
4717 	int	end_session;
4718 
4719 	ahd_fetch_devinfo(ahd, &devinfo);
4720 	end_session = FALSE;
4721 	bus_phase = ahd_inb(ahd, LASTPHASE);
4722 
4723 	if ((ahd_inb(ahd, LQISTAT2) & LQIPHASE_OUTPKT) != 0) {
4724 		printf("LQIRETRY for LQIPHASE_OUTPKT\n");
4725 		ahd_outb(ahd, LQCTL2, LQIRETRY);
4726 	}
4727 reswitch:
4728 	switch (ahd->msg_type) {
4729 	case MSG_TYPE_INITIATOR_MSGOUT:
4730 	{
4731 		int lastbyte;
4732 		int phasemis;
4733 		int msgdone;
4734 
4735 		if (ahd->msgout_len == 0 && ahd->send_msg_perror == 0)
4736 			panic("HOST_MSG_LOOP interrupt with no active message");
4737 
4738 #ifdef AHD_DEBUG
4739 		if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
4740 			ahd_print_devinfo(ahd, &devinfo);
4741 			printf("INITIATOR_MSG_OUT");
4742 		}
4743 #endif
4744 		phasemis = bus_phase != P_MESGOUT;
4745 		if (phasemis) {
4746 #ifdef AHD_DEBUG
4747 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
4748 				printf(" PHASEMIS %s\n",
4749 				       ahd_lookup_phase_entry(bus_phase)
4750 							     ->phasemsg);
4751 			}
4752 #endif
4753 			if (bus_phase == P_MESGIN) {
4754 				/*
4755 				 * Change gears and see if
4756 				 * this messages is of interest to
4757 				 * us or should be passed back to
4758 				 * the sequencer.
4759 				 */
4760 				ahd_outb(ahd, CLRSINT1, CLRATNO);
4761 				ahd->send_msg_perror = 0;
4762 				ahd->msg_type = MSG_TYPE_INITIATOR_MSGIN;
4763 				ahd->msgin_index = 0;
4764 				goto reswitch;
4765 			}
4766 			end_session = TRUE;
4767 			break;
4768 		}
4769 
4770 		if (ahd->send_msg_perror) {
4771 			ahd_outb(ahd, CLRSINT1, CLRATNO);
4772 			ahd_outb(ahd, CLRSINT1, CLRREQINIT);
4773 #ifdef AHD_DEBUG
4774 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
4775 				printf(" byte 0x%x\n", ahd->send_msg_perror);
4776 #endif
4777 			/*
4778 			 * If we are notifying the target of a CRC error
4779 			 * during packetized operations, the target is
4780 			 * within its rights to acknowledge our message
4781 			 * with a busfree.
4782 			 */
4783 			if ((ahd->msg_flags & MSG_FLAG_PACKETIZED) != 0
4784 			 && ahd->send_msg_perror == MSG_INITIATOR_DET_ERR)
4785 				ahd->msg_flags |= MSG_FLAG_EXPECT_IDE_BUSFREE;
4786 
4787 			ahd_outb(ahd, RETURN_2, ahd->send_msg_perror);
4788 			ahd_outb(ahd, RETURN_1, CONT_MSG_LOOP_WRITE);
4789 			break;
4790 		}
4791 
4792 		msgdone	= ahd->msgout_index == ahd->msgout_len;
4793 		if (msgdone) {
4794 			/*
4795 			 * The target has requested a retry.
4796 			 * Re-assert ATN, reset our message index to
4797 			 * 0, and try again.
4798 			 */
4799 			ahd->msgout_index = 0;
4800 			ahd_assert_atn(ahd);
4801 		}
4802 
4803 		lastbyte = ahd->msgout_index == (ahd->msgout_len - 1);
4804 		if (lastbyte) {
4805 			/* Last byte is signified by dropping ATN */
4806 			ahd_outb(ahd, CLRSINT1, CLRATNO);
4807 		}
4808 
4809 		/*
4810 		 * Clear our interrupt status and present
4811 		 * the next byte on the bus.
4812 		 */
4813 		ahd_outb(ahd, CLRSINT1, CLRREQINIT);
4814 #ifdef AHD_DEBUG
4815 		if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
4816 			printf(" byte 0x%x\n",
4817 			       ahd->msgout_buf[ahd->msgout_index]);
4818 #endif
4819 		ahd_outb(ahd, RETURN_2, ahd->msgout_buf[ahd->msgout_index++]);
4820 		ahd_outb(ahd, RETURN_1, CONT_MSG_LOOP_WRITE);
4821 		break;
4822 	}
4823 	case MSG_TYPE_INITIATOR_MSGIN:
4824 	{
4825 		int phasemis;
4826 		int message_done;
4827 
4828 #ifdef AHD_DEBUG
4829 		if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
4830 			ahd_print_devinfo(ahd, &devinfo);
4831 			printf("INITIATOR_MSG_IN");
4832 		}
4833 #endif
4834 		phasemis = bus_phase != P_MESGIN;
4835 		if (phasemis) {
4836 #ifdef AHD_DEBUG
4837 			if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
4838 				printf(" PHASEMIS %s\n",
4839 				       ahd_lookup_phase_entry(bus_phase)
4840 							     ->phasemsg);
4841 			}
4842 #endif
4843 			ahd->msgin_index = 0;
4844 			if (bus_phase == P_MESGOUT
4845 			 && (ahd->send_msg_perror != 0
4846 			  || (ahd->msgout_len != 0
4847 			   && ahd->msgout_index == 0))) {
4848 				ahd->msg_type = MSG_TYPE_INITIATOR_MSGOUT;
4849 				goto reswitch;
4850 			}
4851 			end_session = TRUE;
4852 			break;
4853 		}
4854 
4855 		/* Pull the byte in without acking it */
4856 		ahd->msgin_buf[ahd->msgin_index] = ahd_inb(ahd, SCSIBUS);
4857 #ifdef AHD_DEBUG
4858 		if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
4859 			printf(" byte 0x%x\n",
4860 			       ahd->msgin_buf[ahd->msgin_index]);
4861 #endif
4862 
4863 		message_done = ahd_parse_msg(ahd, &devinfo);
4864 
4865 		if (message_done) {
4866 			/*
4867 			 * Clear our incoming message buffer in case there
4868 			 * is another message following this one.
4869 			 */
4870 			ahd->msgin_index = 0;
4871 
4872 			/*
4873 			 * If this message illicited a response,
4874 			 * assert ATN so the target takes us to the
4875 			 * message out phase.
4876 			 */
4877 			if (ahd->msgout_len != 0) {
4878 #ifdef AHD_DEBUG
4879 				if ((ahd_debug & AHD_SHOW_MESSAGES) != 0) {
4880 					ahd_print_devinfo(ahd, &devinfo);
4881 					printf("Asserting ATN for response\n");
4882 				}
4883 #endif
4884 				ahd_assert_atn(ahd);
4885 			}
4886 		} else
4887 			ahd->msgin_index++;
4888 
4889 		if (message_done == MSGLOOP_TERMINATED) {
4890 			end_session = TRUE;
4891 		} else {
4892 			/* Ack the byte */
4893 			ahd_outb(ahd, CLRSINT1, CLRREQINIT);
4894 			ahd_outb(ahd, RETURN_1, CONT_MSG_LOOP_READ);
4895 		}
4896 		break;
4897 	}
4898 	case MSG_TYPE_TARGET_MSGIN:
4899 	{
4900 		int msgdone;
4901 		int msgout_request;
4902 
4903 		/*
4904 		 * By default, the message loop will continue.
4905 		 */
4906 		ahd_outb(ahd, RETURN_1, CONT_MSG_LOOP_TARG);
4907 
4908 		if (ahd->msgout_len == 0)
4909 			panic("Target MSGIN with no active message");
4910 
4911 		/*
4912 		 * If we interrupted a mesgout session, the initiator
4913 		 * will not know this until our first REQ.  So, we
4914 		 * only honor mesgout requests after we've sent our
4915 		 * first byte.
4916 		 */
4917 		if ((ahd_inb(ahd, SCSISIGI) & ATNI) != 0
4918 		 && ahd->msgout_index > 0)
4919 			msgout_request = TRUE;
4920 		else
4921 			msgout_request = FALSE;
4922 
4923 		if (msgout_request) {
4924 
4925 			/*
4926 			 * Change gears and see if
4927 			 * this messages is of interest to
4928 			 * us or should be passed back to
4929 			 * the sequencer.
4930 			 */
4931 			ahd->msg_type = MSG_TYPE_TARGET_MSGOUT;
4932 			ahd_outb(ahd, SCSISIGO, P_MESGOUT | BSYO);
4933 			ahd->msgin_index = 0;
4934 			/* Dummy read to REQ for first byte */
4935 			ahd_inb(ahd, SCSIDAT);
4936 			ahd_outb(ahd, SXFRCTL0,
4937 				 ahd_inb(ahd, SXFRCTL0) | SPIOEN);
4938 			break;
4939 		}
4940 
4941 		msgdone = ahd->msgout_index == ahd->msgout_len;
4942 		if (msgdone) {
4943 			ahd_outb(ahd, SXFRCTL0,
4944 				 ahd_inb(ahd, SXFRCTL0) & ~SPIOEN);
4945 			end_session = TRUE;
4946 			break;
4947 		}
4948 
4949 		/*
4950 		 * Present the next byte on the bus.
4951 		 */
4952 		ahd_outb(ahd, SXFRCTL0, ahd_inb(ahd, SXFRCTL0) | SPIOEN);
4953 		ahd_outb(ahd, SCSIDAT, ahd->msgout_buf[ahd->msgout_index++]);
4954 		break;
4955 	}
4956 	case MSG_TYPE_TARGET_MSGOUT:
4957 	{
4958 		int lastbyte;
4959 		int msgdone;
4960 
4961 		/*
4962 		 * By default, the message loop will continue.
4963 		 */
4964 		ahd_outb(ahd, RETURN_1, CONT_MSG_LOOP_TARG);
4965 
4966 		/*
4967 		 * The initiator signals that this is
4968 		 * the last byte by dropping ATN.
4969 		 */
4970 		lastbyte = (ahd_inb(ahd, SCSISIGI) & ATNI) == 0;
4971 
4972 		/*
4973 		 * Read the latched byte, but turn off SPIOEN first
4974 		 * so that we don't inadvertently cause a REQ for the
4975 		 * next byte.
4976 		 */
4977 		ahd_outb(ahd, SXFRCTL0, ahd_inb(ahd, SXFRCTL0) & ~SPIOEN);
4978 		ahd->msgin_buf[ahd->msgin_index] = ahd_inb(ahd, SCSIDAT);
4979 		msgdone = ahd_parse_msg(ahd, &devinfo);
4980 		if (msgdone == MSGLOOP_TERMINATED) {
4981 			/*
4982 			 * The message is *really* done in that it caused
4983 			 * us to go to bus free.  The sequencer has already
4984 			 * been reset at this point, so pull the ejection
4985 			 * handle.
4986 			 */
4987 			return;
4988 		}
4989 
4990 		ahd->msgin_index++;
4991 
4992 		/*
4993 		 * XXX Read spec about initiator dropping ATN too soon
4994 		 *     and use msgdone to detect it.
4995 		 */
4996 		if (msgdone == MSGLOOP_MSGCOMPLETE) {
4997 			ahd->msgin_index = 0;
4998 
4999 			/*
5000 			 * If this message illicited a response, transition
5001 			 * to the Message in phase and send it.
5002 			 */
5003 			if (ahd->msgout_len != 0) {
5004 				ahd_outb(ahd, SCSISIGO, P_MESGIN | BSYO);
5005 				ahd_outb(ahd, SXFRCTL0,
5006 					 ahd_inb(ahd, SXFRCTL0) | SPIOEN);
5007 				ahd->msg_type = MSG_TYPE_TARGET_MSGIN;
5008 				ahd->msgin_index = 0;
5009 				break;
5010 			}
5011 		}
5012 
5013 		if (lastbyte)
5014 			end_session = TRUE;
5015 		else {
5016 			/* Ask for the next byte. */
5017 			ahd_outb(ahd, SXFRCTL0,
5018 				 ahd_inb(ahd, SXFRCTL0) | SPIOEN);
5019 		}
5020 
5021 		break;
5022 	}
5023 	default:
5024 		panic("Unknown REQINIT message type");
5025 	}
5026 
5027 	if (end_session) {
5028 		if ((ahd->msg_flags & MSG_FLAG_PACKETIZED) != 0) {
5029 			printf("%s: Returning to Idle Loop\n",
5030 			       ahd_name(ahd));
5031 			ahd_clear_msg_state(ahd);
5032 
5033 			/*
5034 			 * Perform the equivalent of a clear_target_state.
5035 			 */
5036 			ahd_outb(ahd, LASTPHASE, P_BUSFREE);
5037 			ahd_outb(ahd, SEQ_FLAGS, NOT_IDENTIFIED|NO_CDB_SENT);
5038 			ahd_outb(ahd, SEQCTL0, FASTMODE|SEQRESET);
5039 		} else {
5040 			ahd_clear_msg_state(ahd);
5041 			ahd_outb(ahd, RETURN_1, EXIT_MSG_LOOP);
5042 		}
5043 	}
5044 }
5045 
5046 /*
5047  * See if we sent a particular extended message to the target.
5048  * If "full" is true, return true only if the target saw the full
5049  * message.  If "full" is false, return true if the target saw at
5050  * least the first byte of the message.
5051  */
5052 static int
5053 ahd_sent_msg(struct ahd_softc *ahd, ahd_msgtype type, u_int msgval, int full)
5054 {
5055 	int found;
5056 	u_int index;
5057 
5058 	found = FALSE;
5059 	index = 0;
5060 
5061 	while (index < ahd->msgout_len) {
5062 		if (ahd->msgout_buf[index] == MSG_EXTENDED) {
5063 			u_int end_index;
5064 
5065 			end_index = index + 1 + ahd->msgout_buf[index + 1];
5066 			if (ahd->msgout_buf[index+2] == msgval
5067 			 && type == AHDMSG_EXT) {
5068 
5069 				if (full) {
5070 					if (ahd->msgout_index > end_index)
5071 						found = TRUE;
5072 				} else if (ahd->msgout_index > index)
5073 					found = TRUE;
5074 			}
5075 			index = end_index;
5076 		} else if (ahd->msgout_buf[index] >= MSG_SIMPLE_TASK
5077 			&& ahd->msgout_buf[index] <= MSG_IGN_WIDE_RESIDUE) {
5078 
5079 			/* Skip tag type and tag id or residue param*/
5080 			index += 2;
5081 		} else {
5082 			/* Single byte message */
5083 			if (type == AHDMSG_1B
5084 			 && ahd->msgout_index > index
5085 			 && (ahd->msgout_buf[index] == msgval
5086 			  || ((ahd->msgout_buf[index] & MSG_IDENTIFYFLAG) != 0
5087 			   && msgval == MSG_IDENTIFYFLAG)))
5088 				found = TRUE;
5089 			index++;
5090 		}
5091 
5092 		if (found)
5093 			break;
5094 	}
5095 	return (found);
5096 }
5097 
5098 /*
5099  * Wait for a complete incoming message, parse it, and respond accordingly.
5100  */
5101 static int
5102 ahd_parse_msg(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
5103 {
5104 	struct	ahd_initiator_tinfo *tinfo;
5105 	struct	ahd_tmode_tstate *tstate;
5106 	int	reject;
5107 	int	done;
5108 	int	response;
5109 
5110 	done = MSGLOOP_IN_PROG;
5111 	response = FALSE;
5112 	reject = FALSE;
5113 	tinfo = ahd_fetch_transinfo(ahd, devinfo->channel, devinfo->our_scsiid,
5114 				    devinfo->target, &tstate);
5115 
5116 	/*
5117 	 * Parse as much of the message as is available,
5118 	 * rejecting it if we don't support it.  When
5119 	 * the entire message is available and has been
5120 	 * handled, return MSGLOOP_MSGCOMPLETE, indicating
5121 	 * that we have parsed an entire message.
5122 	 *
5123 	 * In the case of extended messages, we accept the length
5124 	 * byte outright and perform more checking once we know the
5125 	 * extended message type.
5126 	 */
5127 	switch (ahd->msgin_buf[0]) {
5128 	case MSG_DISCONNECT:
5129 	case MSG_SAVEDATAPOINTER:
5130 	case MSG_CMDCOMPLETE:
5131 	case MSG_RESTOREPOINTERS:
5132 	case MSG_IGN_WIDE_RESIDUE:
5133 		/*
5134 		 * End our message loop as these are messages
5135 		 * the sequencer handles on its own.
5136 		 */
5137 		done = MSGLOOP_TERMINATED;
5138 		break;
5139 	case MSG_MESSAGE_REJECT:
5140 		response = ahd_handle_msg_reject(ahd, devinfo);
5141 		/* FALLTHROUGH */
5142 	case MSG_NOOP:
5143 		done = MSGLOOP_MSGCOMPLETE;
5144 		break;
5145 	case MSG_EXTENDED:
5146 	{
5147 		/* Wait for enough of the message to begin validation */
5148 		if (ahd->msgin_index < 2)
5149 			break;
5150 		switch (ahd->msgin_buf[2]) {
5151 		case MSG_EXT_SDTR:
5152 		{
5153 			u_int	 period;
5154 			u_int	 ppr_options;
5155 			u_int	 offset;
5156 			u_int	 saved_offset;
5157 
5158 			if (ahd->msgin_buf[1] != MSG_EXT_SDTR_LEN) {
5159 				reject = TRUE;
5160 				break;
5161 			}
5162 
5163 			/*
5164 			 * Wait until we have both args before validating
5165 			 * and acting on this message.
5166 			 *
5167 			 * Add one to MSG_EXT_SDTR_LEN to account for
5168 			 * the extended message preamble.
5169 			 */
5170 			if (ahd->msgin_index < (MSG_EXT_SDTR_LEN + 1))
5171 				break;
5172 
5173 			period = ahd->msgin_buf[3];
5174 			ppr_options = 0;
5175 			saved_offset = offset = ahd->msgin_buf[4];
5176 			ahd_devlimited_syncrate(ahd, tinfo, &period,
5177 						&ppr_options, devinfo->role);
5178 			ahd_validate_offset(ahd, tinfo, period, &offset,
5179 					    tinfo->curr.width, devinfo->role);
5180 			if (bootverbose) {
5181 				printf("(%s:%c:%d:%d): Received "
5182 				       "SDTR period %x, offset %x\n\t"
5183 				       "Filtered to period %x, offset %x\n",
5184 				       ahd_name(ahd), devinfo->channel,
5185 				       devinfo->target, devinfo->lun,
5186 				       ahd->msgin_buf[3], saved_offset,
5187 				       period, offset);
5188 			}
5189 			ahd_set_syncrate(ahd, devinfo, period,
5190 					 offset, ppr_options,
5191 					 AHD_TRANS_ACTIVE|AHD_TRANS_GOAL,
5192 					 /*paused*/TRUE);
5193 
5194 			/*
5195 			 * See if we initiated Sync Negotiation
5196 			 * and didn't have to fall down to async
5197 			 * transfers.
5198 			 */
5199 			if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_SDTR, TRUE)) {
5200 				/* We started it */
5201 				if (saved_offset != offset) {
5202 					/* Went too low - force async */
5203 					reject = TRUE;
5204 				}
5205 			} else {
5206 				/*
5207 				 * Send our own SDTR in reply
5208 				 */
5209 				if (bootverbose
5210 				 && devinfo->role == ROLE_INITIATOR) {
5211 					printf("(%s:%c:%d:%d): Target "
5212 					       "Initiated SDTR\n",
5213 					       ahd_name(ahd), devinfo->channel,
5214 					       devinfo->target, devinfo->lun);
5215 				}
5216 				ahd->msgout_index = 0;
5217 				ahd->msgout_len = 0;
5218 				ahd_construct_sdtr(ahd, devinfo,
5219 						   period, offset);
5220 				ahd->msgout_index = 0;
5221 				response = TRUE;
5222 			}
5223 			done = MSGLOOP_MSGCOMPLETE;
5224 			break;
5225 		}
5226 		case MSG_EXT_WDTR:
5227 		{
5228 			u_int bus_width;
5229 			u_int saved_width;
5230 			u_int sending_reply;
5231 
5232 			sending_reply = FALSE;
5233 			if (ahd->msgin_buf[1] != MSG_EXT_WDTR_LEN) {
5234 				reject = TRUE;
5235 				break;
5236 			}
5237 
5238 			/*
5239 			 * Wait until we have our arg before validating
5240 			 * and acting on this message.
5241 			 *
5242 			 * Add one to MSG_EXT_WDTR_LEN to account for
5243 			 * the extended message preamble.
5244 			 */
5245 			if (ahd->msgin_index < (MSG_EXT_WDTR_LEN + 1))
5246 				break;
5247 
5248 			bus_width = ahd->msgin_buf[3];
5249 			saved_width = bus_width;
5250 			ahd_validate_width(ahd, tinfo, &bus_width,
5251 					   devinfo->role);
5252 			if (bootverbose) {
5253 				printf("(%s:%c:%d:%d): Received WDTR "
5254 				       "%x filtered to %x\n",
5255 				       ahd_name(ahd), devinfo->channel,
5256 				       devinfo->target, devinfo->lun,
5257 				       saved_width, bus_width);
5258 			}
5259 
5260 			if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_WDTR, TRUE)) {
5261 				/*
5262 				 * Don't send a WDTR back to the
5263 				 * target, since we asked first.
5264 				 * If the width went higher than our
5265 				 * request, reject it.
5266 				 */
5267 				if (saved_width > bus_width) {
5268 					reject = TRUE;
5269 					printf("(%s:%c:%d:%d): requested %dBit "
5270 					       "transfers.  Rejecting...\n",
5271 					       ahd_name(ahd), devinfo->channel,
5272 					       devinfo->target, devinfo->lun,
5273 					       8 * (0x01 << bus_width));
5274 					bus_width = 0;
5275 				}
5276 			} else {
5277 				/*
5278 				 * Send our own WDTR in reply
5279 				 */
5280 				if (bootverbose
5281 				 && devinfo->role == ROLE_INITIATOR) {
5282 					printf("(%s:%c:%d:%d): Target "
5283 					       "Initiated WDTR\n",
5284 					       ahd_name(ahd), devinfo->channel,
5285 					       devinfo->target, devinfo->lun);
5286 				}
5287 				ahd->msgout_index = 0;
5288 				ahd->msgout_len = 0;
5289 				ahd_construct_wdtr(ahd, devinfo, bus_width);
5290 				ahd->msgout_index = 0;
5291 				response = TRUE;
5292 				sending_reply = TRUE;
5293 			}
5294 			/*
5295 			 * After a wide message, we are async, but
5296 			 * some devices don't seem to honor this portion
5297 			 * of the spec.  Force a renegotiation of the
5298 			 * sync component of our transfer agreement even
5299 			 * if our goal is async.  By updating our width
5300 			 * after forcing the negotiation, we avoid
5301 			 * renegotiating for width.
5302 			 */
5303 			ahd_update_neg_request(ahd, devinfo, tstate,
5304 					       tinfo, AHD_NEG_ALWAYS);
5305 			ahd_set_width(ahd, devinfo, bus_width,
5306 				      AHD_TRANS_ACTIVE|AHD_TRANS_GOAL,
5307 				      /*paused*/TRUE);
5308 			if (sending_reply == FALSE && reject == FALSE) {
5309 
5310 				/*
5311 				 * We will always have an SDTR to send.
5312 				 */
5313 				ahd->msgout_index = 0;
5314 				ahd->msgout_len = 0;
5315 				ahd_build_transfer_msg(ahd, devinfo);
5316 				ahd->msgout_index = 0;
5317 				response = TRUE;
5318 			}
5319 			done = MSGLOOP_MSGCOMPLETE;
5320 			break;
5321 		}
5322 		case MSG_EXT_PPR:
5323 		{
5324 			u_int	period;
5325 			u_int	offset;
5326 			u_int	bus_width;
5327 			u_int	ppr_options;
5328 			u_int	saved_width;
5329 			u_int	saved_offset;
5330 			u_int	saved_ppr_options;
5331 
5332 			if (ahd->msgin_buf[1] != MSG_EXT_PPR_LEN) {
5333 				reject = TRUE;
5334 				break;
5335 			}
5336 
5337 			/*
5338 			 * Wait until we have all args before validating
5339 			 * and acting on this message.
5340 			 *
5341 			 * Add one to MSG_EXT_PPR_LEN to account for
5342 			 * the extended message preamble.
5343 			 */
5344 			if (ahd->msgin_index < (MSG_EXT_PPR_LEN + 1))
5345 				break;
5346 
5347 			period = ahd->msgin_buf[3];
5348 			offset = ahd->msgin_buf[5];
5349 			bus_width = ahd->msgin_buf[6];
5350 			saved_width = bus_width;
5351 			ppr_options = ahd->msgin_buf[7];
5352 			/*
5353 			 * According to the spec, a DT only
5354 			 * period factor with no DT option
5355 			 * set implies async.
5356 			 */
5357 			if ((ppr_options & MSG_EXT_PPR_DT_REQ) == 0
5358 			 && period <= 9)
5359 				offset = 0;
5360 			saved_ppr_options = ppr_options;
5361 			saved_offset = offset;
5362 
5363 			/*
5364 			 * Transfer options are only available if we
5365 			 * are negotiating wide.
5366 			 */
5367 			if (bus_width == 0)
5368 				ppr_options &= MSG_EXT_PPR_QAS_REQ;
5369 
5370 			ahd_validate_width(ahd, tinfo, &bus_width,
5371 					   devinfo->role);
5372 			ahd_devlimited_syncrate(ahd, tinfo, &period,
5373 						&ppr_options, devinfo->role);
5374 			ahd_validate_offset(ahd, tinfo, period, &offset,
5375 					    bus_width, devinfo->role);
5376 
5377 			if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_PPR, TRUE)) {
5378 				/*
5379 				 * If we are unable to do any of the
5380 				 * requested options (we went too low),
5381 				 * then we'll have to reject the message.
5382 				 */
5383 				if (saved_width > bus_width
5384 				 || saved_offset != offset
5385 				 || saved_ppr_options != ppr_options) {
5386 					reject = TRUE;
5387 					period = 0;
5388 					offset = 0;
5389 					bus_width = 0;
5390 					ppr_options = 0;
5391 				}
5392 			} else {
5393 				if (devinfo->role != ROLE_TARGET)
5394 					printf("(%s:%c:%d:%d): Target "
5395 					       "Initiated PPR\n",
5396 					       ahd_name(ahd), devinfo->channel,
5397 					       devinfo->target, devinfo->lun);
5398 				else
5399 					printf("(%s:%c:%d:%d): Initiator "
5400 					       "Initiated PPR\n",
5401 					       ahd_name(ahd), devinfo->channel,
5402 					       devinfo->target, devinfo->lun);
5403 				ahd->msgout_index = 0;
5404 				ahd->msgout_len = 0;
5405 				ahd_construct_ppr(ahd, devinfo, period, offset,
5406 						  bus_width, ppr_options);
5407 				ahd->msgout_index = 0;
5408 				response = TRUE;
5409 			}
5410 			if (bootverbose) {
5411 				printf("(%s:%c:%d:%d): Received PPR width %x, "
5412 				       "period %x, offset %x,options %x\n"
5413 				       "\tFiltered to width %x, period %x, "
5414 				       "offset %x, options %x\n",
5415 				       ahd_name(ahd), devinfo->channel,
5416 				       devinfo->target, devinfo->lun,
5417 				       saved_width, ahd->msgin_buf[3],
5418 				       saved_offset, saved_ppr_options,
5419 				       bus_width, period, offset, ppr_options);
5420 			}
5421 			ahd_set_width(ahd, devinfo, bus_width,
5422 				      AHD_TRANS_ACTIVE|AHD_TRANS_GOAL,
5423 				      /*paused*/TRUE);
5424 			ahd_set_syncrate(ahd, devinfo, period,
5425 					 offset, ppr_options,
5426 					 AHD_TRANS_ACTIVE|AHD_TRANS_GOAL,
5427 					 /*paused*/TRUE);
5428 
5429 			done = MSGLOOP_MSGCOMPLETE;
5430 			break;
5431 		}
5432 		default:
5433 			/* Unknown extended message.  Reject it. */
5434 			reject = TRUE;
5435 			break;
5436 		}
5437 		break;
5438 	}
5439 #ifdef AHD_TARGET_MODE
5440 	case MSG_BUS_DEV_RESET:
5441 		ahd_handle_devreset(ahd, devinfo, CAM_LUN_WILDCARD,
5442 				    CAM_BDR_SENT,
5443 				    "Bus Device Reset Received",
5444 				    /*verbose_level*/0);
5445 		ahd_restart(ahd);
5446 		done = MSGLOOP_TERMINATED;
5447 		break;
5448 	case MSG_ABORT_TAG:
5449 	case MSG_ABORT:
5450 	case MSG_CLEAR_QUEUE:
5451 	{
5452 		int tag;
5453 
5454 		/* Target mode messages */
5455 		if (devinfo->role != ROLE_TARGET) {
5456 			reject = TRUE;
5457 			break;
5458 		}
5459 		tag = SCB_LIST_NULL;
5460 		if (ahd->msgin_buf[0] == MSG_ABORT_TAG)
5461 			tag = ahd_inb(ahd, INITIATOR_TAG);
5462 		ahd_abort_scbs(ahd, devinfo->target, devinfo->channel,
5463 			       devinfo->lun, tag, ROLE_TARGET,
5464 			       CAM_REQ_ABORTED);
5465 
5466 		tstate = ahd->enabled_targets[devinfo->our_scsiid];
5467 		if (tstate != NULL) {
5468 			struct ahd_tmode_lstate* lstate;
5469 
5470 			lstate = tstate->enabled_luns[devinfo->lun];
5471 			if (lstate != NULL) {
5472 				ahd_queue_lstate_event(ahd, lstate,
5473 						       devinfo->our_scsiid,
5474 						       ahd->msgin_buf[0],
5475 						       /*arg*/tag);
5476 				ahd_send_lstate_events(ahd, lstate);
5477 			}
5478 		}
5479 		ahd_restart(ahd);
5480 		done = MSGLOOP_TERMINATED;
5481 		break;
5482 	}
5483 #endif
5484 	case MSG_QAS_REQUEST:
5485 #ifdef AHD_DEBUG
5486 		if ((ahd_debug & AHD_SHOW_MESSAGES) != 0)
5487 			printf("%s: QAS request.  SCSISIGI == 0x%x\n",
5488 			       ahd_name(ahd), ahd_inb(ahd, SCSISIGI));
5489 #endif
5490 		ahd->msg_flags |= MSG_FLAG_EXPECT_QASREJ_BUSFREE;
5491 		/* FALLTHROUGH */
5492 	case MSG_TERM_IO_PROC:
5493 	default:
5494 		reject = TRUE;
5495 		break;
5496 	}
5497 
5498 	if (reject) {
5499 		/*
5500 		 * Setup to reject the message.
5501 		 */
5502 		ahd->msgout_index = 0;
5503 		ahd->msgout_len = 1;
5504 		ahd->msgout_buf[0] = MSG_MESSAGE_REJECT;
5505 		done = MSGLOOP_MSGCOMPLETE;
5506 		response = TRUE;
5507 	}
5508 
5509 	if (done != MSGLOOP_IN_PROG && !response)
5510 		/* Clear the outgoing message buffer */
5511 		ahd->msgout_len = 0;
5512 
5513 	return (done);
5514 }
5515 
5516 /*
5517  * Process a message reject message.
5518  */
5519 static int
5520 ahd_handle_msg_reject(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
5521 {
5522 	/*
5523 	 * What we care about here is if we had an
5524 	 * outstanding SDTR or WDTR message for this
5525 	 * target.  If we did, this is a signal that
5526 	 * the target is refusing negotiation.
5527 	 */
5528 	struct scb *scb;
5529 	struct ahd_initiator_tinfo *tinfo;
5530 	struct ahd_tmode_tstate *tstate;
5531 	u_int scb_index;
5532 	u_int last_msg;
5533 	int   response = 0;
5534 
5535 	scb_index = ahd_get_scbptr(ahd);
5536 	scb = ahd_lookup_scb(ahd, scb_index);
5537 	tinfo = ahd_fetch_transinfo(ahd, devinfo->channel,
5538 				    devinfo->our_scsiid,
5539 				    devinfo->target, &tstate);
5540 	/* Might be necessary */
5541 	last_msg = ahd_inb(ahd, LAST_MSG);
5542 
5543 	if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_PPR, /*full*/FALSE)) {
5544 		if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_PPR, /*full*/TRUE)
5545 		 && tinfo->goal.period <= AHD_SYNCRATE_PACED) {
5546 			/*
5547 			 * Target may not like our SPI-4 PPR Options.
5548 			 * Attempt to negotiate 80MHz which will turn
5549 			 * off these options.
5550 			 */
5551 			if (bootverbose) {
5552 				printf("(%s:%c:%d:%d): PPR Rejected. "
5553 				       "Trying simple U160 PPR\n",
5554 				       ahd_name(ahd), devinfo->channel,
5555 				       devinfo->target, devinfo->lun);
5556 			}
5557 			tinfo->goal.period = AHD_SYNCRATE_DT;
5558 			tinfo->goal.ppr_options &= MSG_EXT_PPR_IU_REQ
5559 						|  MSG_EXT_PPR_QAS_REQ
5560 						|  MSG_EXT_PPR_DT_REQ;
5561 		} else {
5562 			/*
5563 			 * Target does not support the PPR message.
5564 			 * Attempt to negotiate SPI-2 style.
5565 			 */
5566 			if (bootverbose) {
5567 				printf("(%s:%c:%d:%d): PPR Rejected. "
5568 				       "Trying WDTR/SDTR\n",
5569 				       ahd_name(ahd), devinfo->channel,
5570 				       devinfo->target, devinfo->lun);
5571 			}
5572 			tinfo->goal.ppr_options = 0;
5573 			tinfo->curr.transport_version = 2;
5574 			tinfo->goal.transport_version = 2;
5575 		}
5576 		ahd->msgout_index = 0;
5577 		ahd->msgout_len = 0;
5578 		ahd_build_transfer_msg(ahd, devinfo);
5579 		ahd->msgout_index = 0;
5580 		response = 1;
5581 	} else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_WDTR, /*full*/FALSE)) {
5582 
5583 		/* note 8bit xfers */
5584 		printf("(%s:%c:%d:%d): refuses WIDE negotiation.  Using "
5585 		       "8bit transfers\n", ahd_name(ahd),
5586 		       devinfo->channel, devinfo->target, devinfo->lun);
5587 		ahd_set_width(ahd, devinfo, MSG_EXT_WDTR_BUS_8_BIT,
5588 			      AHD_TRANS_ACTIVE|AHD_TRANS_GOAL,
5589 			      /*paused*/TRUE);
5590 		/*
5591 		 * No need to clear the sync rate.  If the target
5592 		 * did not accept the command, our syncrate is
5593 		 * unaffected.  If the target started the negotiation,
5594 		 * but rejected our response, we already cleared the
5595 		 * sync rate before sending our WDTR.
5596 		 */
5597 		if (tinfo->goal.offset != tinfo->curr.offset) {
5598 
5599 			/* Start the sync negotiation */
5600 			ahd->msgout_index = 0;
5601 			ahd->msgout_len = 0;
5602 			ahd_build_transfer_msg(ahd, devinfo);
5603 			ahd->msgout_index = 0;
5604 			response = 1;
5605 		}
5606 	} else if (ahd_sent_msg(ahd, AHDMSG_EXT, MSG_EXT_SDTR, /*full*/FALSE)) {
5607 		/* note asynch xfers and clear flag */
5608 		ahd_set_syncrate(ahd, devinfo, /*period*/0,
5609 				 /*offset*/0, /*ppr_options*/0,
5610 				 AHD_TRANS_ACTIVE|AHD_TRANS_GOAL,
5611 				 /*paused*/TRUE);
5612 		printf("(%s:%c:%d:%d): refuses synchronous negotiation. "
5613 		       "Using asynchronous transfers\n",
5614 		       ahd_name(ahd), devinfo->channel,
5615 		       devinfo->target, devinfo->lun);
5616 	} else if ((scb->hscb->control & MSG_SIMPLE_TASK) != 0) {
5617 		int tag_type;
5618 		int mask;
5619 
5620 		tag_type = (scb->hscb->control & MSG_SIMPLE_TASK);
5621 
5622 		if (tag_type == MSG_SIMPLE_TASK) {
5623 			printf("(%s:%c:%d:%d): refuses tagged commands.  "
5624 			       "Performing non-tagged I/O\n", ahd_name(ahd),
5625 			       devinfo->channel, devinfo->target, devinfo->lun);
5626 			ahd_set_tags(ahd, scb->io_ctx, devinfo, AHD_QUEUE_NONE);
5627 			mask = ~0x23;
5628 		} else {
5629 			printf("(%s:%c:%d:%d): refuses %s tagged commands.  "
5630 			       "Performing simple queue tagged I/O only\n",
5631 			       ahd_name(ahd), devinfo->channel, devinfo->target,
5632 			       devinfo->lun, tag_type == MSG_ORDERED_TASK
5633 			       ? "ordered" : "head of queue");
5634 			ahd_set_tags(ahd, scb->io_ctx, devinfo, AHD_QUEUE_BASIC);
5635 			mask = ~0x03;
5636 		}
5637 
5638 		/*
5639 		 * Resend the identify for this CCB as the target
5640 		 * may believe that the selection is invalid otherwise.
5641 		 */
5642 		ahd_outb(ahd, SCB_CONTROL,
5643 			 ahd_inb_scbram(ahd, SCB_CONTROL) & mask);
5644 	 	scb->hscb->control &= mask;
5645 		ahd_set_transaction_tag(scb, /*enabled*/FALSE,
5646 					/*type*/MSG_SIMPLE_TASK);
5647 		ahd_outb(ahd, MSG_OUT, MSG_IDENTIFYFLAG);
5648 		ahd_assert_atn(ahd);
5649 		ahd_busy_tcl(ahd, BUILD_TCL(scb->hscb->scsiid, devinfo->lun),
5650 			     SCB_GET_TAG(scb));
5651 
5652 		/*
5653 		 * Requeue all tagged commands for this target
5654 		 * currently in our posession so they can be
5655 		 * converted to untagged commands.
5656 		 */
5657 		ahd_search_qinfifo(ahd, SCB_GET_TARGET(ahd, scb),
5658 				   SCB_GET_CHANNEL(ahd, scb),
5659 				   SCB_GET_LUN(scb), /*tag*/SCB_LIST_NULL,
5660 				   ROLE_INITIATOR, CAM_REQUEUE_REQ,
5661 				   SEARCH_COMPLETE);
5662 	} else if (ahd_sent_msg(ahd, AHDMSG_1B, MSG_IDENTIFYFLAG, TRUE)) {
5663 		/*
5664 		 * Most likely the device believes that we had
5665 		 * previously negotiated packetized.
5666 		 */
5667 		ahd->msg_flags |= MSG_FLAG_EXPECT_PPR_BUSFREE
5668 			       |  MSG_FLAG_IU_REQ_CHANGED;
5669 
5670 		ahd_force_renegotiation(ahd, devinfo);
5671 		ahd->msgout_index = 0;
5672 		ahd->msgout_len = 0;
5673 		ahd_build_transfer_msg(ahd, devinfo);
5674 		ahd->msgout_index = 0;
5675 		response = 1;
5676 	} else {
5677 		/*
5678 		 * Otherwise, we ignore it.
5679 		 */
5680 		printf("%s:%c:%d: Message reject for %x -- ignored\n",
5681 		       ahd_name(ahd), devinfo->channel, devinfo->target,
5682 		       last_msg);
5683 	}
5684 	return (response);
5685 }
5686 
5687 /*
5688  * Process an ingnore wide residue message.
5689  */
5690 static void
5691 ahd_handle_ign_wide_residue(struct ahd_softc *ahd, struct ahd_devinfo *devinfo)
5692 {
5693 	u_int scb_index;
5694 	struct scb *scb;
5695 
5696 	scb_index = ahd_get_scbptr(ahd);
5697 	scb = ahd_lookup_scb(ahd, scb_index);
5698 	/*
5699 	 * XXX Actually check data direction in the sequencer?
5700 	 * Perhaps add datadir to some spare bits in the hscb?
5701 	 */
5702 	if ((ahd_inb(ahd, SEQ_FLAGS) & DPHASE) == 0
5703 	 || ahd_get_transfer_dir(scb) != CAM_DIR_IN) {
5704 		/*
5705 		 * Ignore the message if we haven't
5706 		 * seen an appropriate data phase yet.
5707 		 */
5708 	} else {
5709 		/*
5710 		 * If the residual occurred on the last
5711 		 * transfer and the transfer request was
5712 		 * expected to end on an odd count, do
5713 		 * nothing.  Otherwise, subtract a byte
5714 		 * and update the residual count accordingly.
5715 		 */
5716 		uint32_t sgptr;
5717 
5718 		sgptr = ahd_inb_scbram(ahd, SCB_RESIDUAL_SGPTR);
5719 		if ((sgptr & SG_LIST_NULL) != 0
5720 		 && (ahd_inb_scbram(ahd, SCB_TASK_ATTRIBUTE)
5721 		     & SCB_XFERLEN_ODD) != 0) {
5722 			/*
5723 			 * If the residual occurred on the last
5724 			 * transfer and the transfer request was
5725 			 * expected to end on an odd count, do
5726 			 * nothing.
5727 			 */
5728 		} else {
5729 			uint32_t data_cnt;
5730 			uint64_t data_addr;
5731 			uint32_t sglen;
5732 
5733 			/* Pull in the rest of the sgptr */
5734 			sgptr = ahd_inl_scbram(ahd, SCB_RESIDUAL_SGPTR);
5735 			data_cnt = ahd_inl_scbram(ahd, SCB_RESIDUAL_DATACNT);
5736 			if ((sgptr & SG_LIST_NULL) != 0) {
5737 				/*
5738 				 * The residual data count is not updated
5739 				 * for the command run to completion case.
5740 				 * Explicitly zero the count.
5741 				 */
5742 				data_cnt &= ~AHD_SG_LEN_MASK;
5743 			}
5744 			data_addr = ahd_inq(ahd, SHADDR);
5745 			data_cnt += 1;
5746 			data_addr -= 1;
5747 			sgptr &= SG_PTR_MASK;
5748 			if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
5749 				struct ahd_dma64_seg *sg;
5750 
5751 				sg = ahd_sg_bus_to_virt(ahd, scb, sgptr);
5752 
5753 				/*
5754 				 * The residual sg ptr points to the next S/G
5755 				 * to load so we must go back one.
5756 				 */
5757 				sg--;
5758 				sglen = ahd_le32toh(sg->len) & AHD_SG_LEN_MASK;
5759 				if (sg != scb->sg_list
5760 				 && sglen < (data_cnt & AHD_SG_LEN_MASK)) {
5761 
5762 					sg--;
5763 					sglen = ahd_le32toh(sg->len);
5764 					/*
5765 					 * Preserve High Address and SG_LIST
5766 					 * bits while setting the count to 1.
5767 					 */
5768 					data_cnt = 1|(sglen&(~AHD_SG_LEN_MASK));
5769 					data_addr = ahd_le64toh(sg->addr)
5770 						  + (sglen & AHD_SG_LEN_MASK)
5771 						  - 1;
5772 
5773 					/*
5774 					 * Increment sg so it points to the
5775 					 * "next" sg.
5776 					 */
5777 					sg++;
5778 					sgptr = ahd_sg_virt_to_bus(ahd, scb,
5779 								   sg);
5780 				}
5781 			} else {
5782 				struct ahd_dma_seg *sg;
5783 
5784 				sg = ahd_sg_bus_to_virt(ahd, scb, sgptr);
5785 
5786 				/*
5787 				 * The residual sg ptr points to the next S/G
5788 				 * to load so we must go back one.
5789 				 */
5790 				sg--;
5791 				sglen = ahd_le32toh(sg->len) & AHD_SG_LEN_MASK;
5792 				if (sg != scb->sg_list
5793 				 && sglen < (data_cnt & AHD_SG_LEN_MASK)) {
5794 
5795 					sg--;
5796 					sglen = ahd_le32toh(sg->len);
5797 					/*
5798 					 * Preserve High Address and SG_LIST
5799 					 * bits while setting the count to 1.
5800 					 */
5801 					data_cnt = 1|(sglen&(~AHD_SG_LEN_MASK));
5802 					data_addr = ahd_le32toh(sg->addr)
5803 						  + (sglen & AHD_SG_LEN_MASK)
5804 						  - 1;
5805 
5806 					/*
5807 					 * Increment sg so it points to the
5808 					 * "next" sg.
5809 					 */
5810 					sg++;
5811 					sgptr = ahd_sg_virt_to_bus(ahd, scb,
5812 								  sg);
5813 				}
5814 			}
5815 			/*
5816 			 * Toggle the "oddness" of the transfer length
5817 			 * to handle this mid-transfer ignore wide
5818 			 * residue.  This ensures that the oddness is
5819 			 * correct for subsequent data transfers.
5820 			 */
5821 			ahd_outb(ahd, SCB_TASK_ATTRIBUTE,
5822 			    ahd_inb_scbram(ahd, SCB_TASK_ATTRIBUTE)
5823 			    ^ SCB_XFERLEN_ODD);
5824 
5825 			ahd_outl(ahd, SCB_RESIDUAL_SGPTR, sgptr);
5826 			ahd_outl(ahd, SCB_RESIDUAL_DATACNT, data_cnt);
5827 			/*
5828 			 * The FIFO's pointers will be updated if/when the
5829 			 * sequencer re-enters a data phase.
5830 			 */
5831 		}
5832 	}
5833 }
5834 
5835 
5836 /*
5837  * Reinitialize the data pointers for the active transfer
5838  * based on its current residual.
5839  */
5840 static void
5841 ahd_reinitialize_dataptrs(struct ahd_softc *ahd)
5842 {
5843 	struct		 scb *scb;
5844 	ahd_mode_state	 saved_modes;
5845 	u_int		 scb_index;
5846 	u_int		 wait;
5847 	uint32_t	 sgptr;
5848 	uint32_t	 resid;
5849 	uint64_t	 dataptr;
5850 
5851 	AHD_ASSERT_MODES(ahd, AHD_MODE_DFF0_MSK|AHD_MODE_DFF1_MSK,
5852 			 AHD_MODE_DFF0_MSK|AHD_MODE_DFF1_MSK);
5853 
5854 	scb_index = ahd_get_scbptr(ahd);
5855 	scb = ahd_lookup_scb(ahd, scb_index);
5856 
5857 	/*
5858 	 * Release and reacquire the FIFO so we
5859 	 * have a clean slate.
5860 	 */
5861 	ahd_outb(ahd, DFFSXFRCTL, CLRCHN);
5862 	wait = 1000;
5863 	while (--wait && !(ahd_inb(ahd, MDFFSTAT) & FIFOFREE))
5864 		ahd_delay(100);
5865 	if (wait == 0) {
5866 		ahd_print_path(ahd, scb);
5867 		printf("ahd_reinitialize_dataptrs: Forcing FIFO free.\n");
5868 		ahd_outb(ahd, DFFSXFRCTL, RSTCHN|CLRSHCNT);
5869 	}
5870 	saved_modes = ahd_save_modes(ahd);
5871 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
5872 	ahd_outb(ahd, DFFSTAT,
5873 		 ahd_inb(ahd, DFFSTAT)
5874 		| (saved_modes == 0x11 ? CURRFIFO_1 : CURRFIFO_0));
5875 
5876 	/*
5877 	 * Determine initial values for data_addr and data_cnt
5878 	 * for resuming the data phase.
5879 	 */
5880 	sgptr = ahd_inl_scbram(ahd, SCB_RESIDUAL_SGPTR);
5881 	sgptr &= SG_PTR_MASK;
5882 
5883 	resid = (ahd_inb_scbram(ahd, SCB_RESIDUAL_DATACNT + 2) << 16)
5884 	      | (ahd_inb_scbram(ahd, SCB_RESIDUAL_DATACNT + 1) << 8)
5885 	      | ahd_inb_scbram(ahd, SCB_RESIDUAL_DATACNT);
5886 
5887 	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0) {
5888 		struct ahd_dma64_seg *sg;
5889 
5890 		sg = ahd_sg_bus_to_virt(ahd, scb, sgptr);
5891 
5892 		/* The residual sg_ptr always points to the next sg */
5893 		sg--;
5894 
5895 		dataptr = ahd_le64toh(sg->addr)
5896 			+ (ahd_le32toh(sg->len) & AHD_SG_LEN_MASK)
5897 			- resid;
5898 		ahd_outl(ahd, HADDR + 4, dataptr >> 32);
5899 	} else {
5900 		struct	 ahd_dma_seg *sg;
5901 
5902 		sg = ahd_sg_bus_to_virt(ahd, scb, sgptr);
5903 
5904 		/* The residual sg_ptr always points to the next sg */
5905 		sg--;
5906 
5907 		dataptr = ahd_le32toh(sg->addr)
5908 			+ (ahd_le32toh(sg->len) & AHD_SG_LEN_MASK)
5909 			- resid;
5910 		ahd_outb(ahd, HADDR + 4,
5911 			 (ahd_le32toh(sg->len) & ~AHD_SG_LEN_MASK) >> 24);
5912 	}
5913 	ahd_outl(ahd, HADDR, dataptr);
5914 	ahd_outb(ahd, HCNT + 2, resid >> 16);
5915 	ahd_outb(ahd, HCNT + 1, resid >> 8);
5916 	ahd_outb(ahd, HCNT, resid);
5917 }
5918 
5919 /*
5920  * Handle the effects of issuing a bus device reset message.
5921  */
5922 static void
5923 ahd_handle_devreset(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
5924 		    u_int lun, cam_status status, char *message,
5925 		    int verbose_level)
5926 {
5927 #ifdef AHD_TARGET_MODE
5928 	struct ahd_tmode_tstate* tstate;
5929 #endif
5930 	int found;
5931 
5932 	found = ahd_abort_scbs(ahd, devinfo->target, devinfo->channel,
5933 			       lun, SCB_LIST_NULL, devinfo->role,
5934 			       status);
5935 
5936 #ifdef AHD_TARGET_MODE
5937 	/*
5938 	 * Send an immediate notify ccb to all target mord peripheral
5939 	 * drivers affected by this action.
5940 	 */
5941 	tstate = ahd->enabled_targets[devinfo->our_scsiid];
5942 	if (tstate != NULL) {
5943 		u_int cur_lun;
5944 		u_int max_lun;
5945 
5946 		if (lun != CAM_LUN_WILDCARD) {
5947 			cur_lun = 0;
5948 			max_lun = AHD_NUM_LUNS - 1;
5949 		} else {
5950 			cur_lun = lun;
5951 			max_lun = lun;
5952 		}
5953 		for (;cur_lun <= max_lun; cur_lun++) {
5954 			struct ahd_tmode_lstate* lstate;
5955 
5956 			lstate = tstate->enabled_luns[cur_lun];
5957 			if (lstate == NULL)
5958 				continue;
5959 
5960 			ahd_queue_lstate_event(ahd, lstate, devinfo->our_scsiid,
5961 					       MSG_BUS_DEV_RESET, /*arg*/0);
5962 			ahd_send_lstate_events(ahd, lstate);
5963 		}
5964 	}
5965 #endif
5966 
5967 	/*
5968 	 * Go back to async/narrow transfers and renegotiate.
5969 	 */
5970 	ahd_set_width(ahd, devinfo, MSG_EXT_WDTR_BUS_8_BIT,
5971 		      AHD_TRANS_CUR, /*paused*/TRUE);
5972 	ahd_set_syncrate(ahd, devinfo, /*period*/0, /*offset*/0,
5973 			 /*ppr_options*/0, AHD_TRANS_CUR,
5974 			 /*paused*/TRUE);
5975 
5976 	if (status != CAM_SEL_TIMEOUT)
5977 		ahd_send_async(ahd, devinfo->channel, devinfo->target,
5978 			       CAM_LUN_WILDCARD, AC_SENT_BDR);
5979 
5980 	if (message != NULL && bootverbose)
5981 		printf("%s: %s on %c:%d. %d SCBs aborted\n", ahd_name(ahd),
5982 		       message, devinfo->channel, devinfo->target, found);
5983 }
5984 
5985 #ifdef AHD_TARGET_MODE
5986 static void
5987 ahd_setup_target_msgin(struct ahd_softc *ahd, struct ahd_devinfo *devinfo,
5988 		       struct scb *scb)
5989 {
5990 
5991 	/*
5992 	 * To facilitate adding multiple messages together,
5993 	 * each routine should increment the index and len
5994 	 * variables instead of setting them explicitly.
5995 	 */
5996 	ahd->msgout_index = 0;
5997 	ahd->msgout_len = 0;
5998 
5999 	if (scb != NULL && (scb->flags & SCB_AUTO_NEGOTIATE) != 0)
6000 		ahd_build_transfer_msg(ahd, devinfo);
6001 	else
6002 		panic("ahd_intr: AWAITING target message with no message");
6003 
6004 	ahd->msgout_index = 0;
6005 	ahd->msg_type = MSG_TYPE_TARGET_MSGIN;
6006 }
6007 #endif
6008 /**************************** Initialization **********************************/
6009 static u_int
6010 ahd_sglist_size(struct ahd_softc *ahd)
6011 {
6012 	bus_size_t list_size;
6013 
6014 	list_size = sizeof(struct ahd_dma_seg) * AHD_NSEG;
6015 	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0)
6016 		list_size = sizeof(struct ahd_dma64_seg) * AHD_NSEG;
6017 	return (list_size);
6018 }
6019 
6020 /*
6021  * Calculate the optimum S/G List allocation size.  S/G elements used
6022  * for a given transaction must be physically contiguous.  Assume the
6023  * OS will allocate full pages to us, so it doesn't make sense to request
6024  * less than a page.
6025  */
6026 static u_int
6027 ahd_sglist_allocsize(struct ahd_softc *ahd)
6028 {
6029 	bus_size_t sg_list_increment;
6030 	bus_size_t sg_list_size;
6031 	bus_size_t max_list_size;
6032 	bus_size_t best_list_size;
6033 
6034 	/* Start out with the minimum required for AHD_NSEG. */
6035 	sg_list_increment = ahd_sglist_size(ahd);
6036 	sg_list_size = sg_list_increment;
6037 
6038 	/* Get us as close as possible to a page in size. */
6039 	while ((sg_list_size + sg_list_increment) <= PAGE_SIZE)
6040 		sg_list_size += sg_list_increment;
6041 
6042 	/*
6043 	 * Try to reduce the amount of wastage by allocating
6044 	 * multiple pages.
6045 	 */
6046 	best_list_size = sg_list_size;
6047 	max_list_size = roundup(sg_list_increment, PAGE_SIZE);
6048 	if (max_list_size < 4 * PAGE_SIZE)
6049 		max_list_size = 4 * PAGE_SIZE;
6050 	if (max_list_size > (AHD_SCB_MAX_ALLOC * sg_list_increment))
6051 		max_list_size = (AHD_SCB_MAX_ALLOC * sg_list_increment);
6052 	while ((sg_list_size + sg_list_increment) <= max_list_size
6053 	   &&  (sg_list_size % PAGE_SIZE) != 0) {
6054 		bus_size_t new_mod;
6055 		bus_size_t best_mod;
6056 
6057 		sg_list_size += sg_list_increment;
6058 		new_mod = sg_list_size % PAGE_SIZE;
6059 		best_mod = best_list_size % PAGE_SIZE;
6060 		if (new_mod > best_mod || new_mod == 0) {
6061 			best_list_size = sg_list_size;
6062 		}
6063 	}
6064 	return (best_list_size);
6065 }
6066 
6067 /*
6068  * Allocate a controller structure for a new device
6069  * and perform initial initializion.
6070  */
6071 struct ahd_softc *
6072 ahd_alloc(void *platform_arg, char *name)
6073 {
6074 	struct  ahd_softc *ahd;
6075 
6076 #ifndef	__FreeBSD__
6077 	ahd = malloc(sizeof(*ahd), M_DEVBUF, M_NOWAIT);
6078 	if (!ahd) {
6079 		printf("aic7xxx: cannot malloc softc!\n");
6080 		free(name, M_DEVBUF);
6081 		return NULL;
6082 	}
6083 #else
6084 	ahd = device_get_softc((device_t)platform_arg);
6085 #endif
6086 	memset(ahd, 0, sizeof(*ahd));
6087 	ahd->seep_config = malloc(sizeof(*ahd->seep_config),
6088 				  M_DEVBUF, M_NOWAIT);
6089 	if (ahd->seep_config == NULL) {
6090 #ifndef	__FreeBSD__
6091 		free(ahd, M_DEVBUF);
6092 #endif
6093 		free(name, M_DEVBUF);
6094 		return (NULL);
6095 	}
6096 	LIST_INIT(&ahd->pending_scbs);
6097 	/* We don't know our unit number until the OSM sets it */
6098 	ahd->name = name;
6099 	ahd->unit = -1;
6100 	ahd->description = NULL;
6101 	ahd->bus_description = NULL;
6102 	ahd->channel = 'A';
6103 	ahd->chip = AHD_NONE;
6104 	ahd->features = AHD_FENONE;
6105 	ahd->bugs = AHD_BUGNONE;
6106 	ahd->flags = AHD_SPCHK_ENB_A|AHD_RESET_BUS_A|AHD_TERM_ENB_A
6107 		   | AHD_EXTENDED_TRANS_A|AHD_STPWLEVEL_A;
6108 	ahd_timer_init(&ahd->reset_timer);
6109 	ahd_timer_init(&ahd->stat_timer);
6110 	ahd->int_coalescing_timer = AHD_INT_COALESCING_TIMER_DEFAULT;
6111 	ahd->int_coalescing_maxcmds = AHD_INT_COALESCING_MAXCMDS_DEFAULT;
6112 	ahd->int_coalescing_mincmds = AHD_INT_COALESCING_MINCMDS_DEFAULT;
6113 	ahd->int_coalescing_threshold = AHD_INT_COALESCING_THRESHOLD_DEFAULT;
6114 	ahd->int_coalescing_stop_threshold =
6115 	    AHD_INT_COALESCING_STOP_THRESHOLD_DEFAULT;
6116 
6117 	if (ahd_platform_alloc(ahd, platform_arg) != 0) {
6118 		ahd_free(ahd);
6119 		ahd = NULL;
6120 	}
6121 #ifdef AHD_DEBUG
6122 	if ((ahd_debug & AHD_SHOW_MEMORY) != 0) {
6123 		printf("%s: scb size = 0x%x, hscb size = 0x%x\n",
6124 		       ahd_name(ahd), (u_int)sizeof(struct scb),
6125 		       (u_int)sizeof(struct hardware_scb));
6126 	}
6127 #endif
6128 	return (ahd);
6129 }
6130 
6131 int
6132 ahd_softc_init(struct ahd_softc *ahd)
6133 {
6134 
6135 	ahd->unpause = 0;
6136 	ahd->pause = PAUSE;
6137 	return (0);
6138 }
6139 
6140 void
6141 ahd_set_unit(struct ahd_softc *ahd, int unit)
6142 {
6143 	ahd->unit = unit;
6144 }
6145 
6146 void
6147 ahd_set_name(struct ahd_softc *ahd, char *name)
6148 {
6149 	if (ahd->name != NULL)
6150 		free(ahd->name, M_DEVBUF);
6151 	ahd->name = name;
6152 }
6153 
6154 void
6155 ahd_free(struct ahd_softc *ahd)
6156 {
6157 	int i;
6158 
6159 	switch (ahd->init_level) {
6160 	default:
6161 	case 5:
6162 		ahd_shutdown(ahd);
6163 		/* FALLTHROUGH */
6164 	case 4:
6165 		ahd_dmamap_unload(ahd, ahd->shared_data_dmat,
6166 				  ahd->shared_data_map.dmamap);
6167 		/* FALLTHROUGH */
6168 	case 3:
6169 		ahd_dmamem_free(ahd, ahd->shared_data_dmat, ahd->qoutfifo,
6170 				ahd->shared_data_map.dmamap);
6171 		ahd_dmamap_destroy(ahd, ahd->shared_data_dmat,
6172 				   ahd->shared_data_map.dmamap);
6173 		/* FALLTHROUGH */
6174 	case 2:
6175 		ahd_dma_tag_destroy(ahd, ahd->shared_data_dmat);
6176 	case 1:
6177 #ifndef __linux__
6178 		ahd_dma_tag_destroy(ahd, ahd->buffer_dmat);
6179 #endif
6180 		break;
6181 	case 0:
6182 		break;
6183 	}
6184 
6185 #ifndef __linux__
6186 	ahd_dma_tag_destroy(ahd, ahd->parent_dmat);
6187 #endif
6188 	ahd_platform_free(ahd);
6189 	ahd_fini_scbdata(ahd);
6190 	for (i = 0; i < AHD_NUM_TARGETS; i++) {
6191 		struct ahd_tmode_tstate *tstate;
6192 
6193 		tstate = ahd->enabled_targets[i];
6194 		if (tstate != NULL) {
6195 #ifdef AHD_TARGET_MODE
6196 			int j;
6197 
6198 			for (j = 0; j < AHD_NUM_LUNS; j++) {
6199 				struct ahd_tmode_lstate *lstate;
6200 
6201 				lstate = tstate->enabled_luns[j];
6202 				if (lstate != NULL) {
6203 					xpt_free_path(lstate->path);
6204 					free(lstate, M_DEVBUF);
6205 				}
6206 			}
6207 #endif
6208 			free(tstate, M_DEVBUF);
6209 		}
6210 	}
6211 #ifdef AHD_TARGET_MODE
6212 	if (ahd->black_hole != NULL) {
6213 		xpt_free_path(ahd->black_hole->path);
6214 		free(ahd->black_hole, M_DEVBUF);
6215 	}
6216 #endif
6217 	if (ahd->name != NULL)
6218 		free(ahd->name, M_DEVBUF);
6219 	if (ahd->seep_config != NULL)
6220 		free(ahd->seep_config, M_DEVBUF);
6221 	if (ahd->saved_stack != NULL)
6222 		free(ahd->saved_stack, M_DEVBUF);
6223 #ifndef __FreeBSD__
6224 	free(ahd, M_DEVBUF);
6225 #endif
6226 	return;
6227 }
6228 
6229 static void
6230 ahd_shutdown(void *arg)
6231 {
6232 	struct	ahd_softc *ahd;
6233 
6234 	ahd = (struct ahd_softc *)arg;
6235 
6236 	/*
6237 	 * Stop periodic timer callbacks.
6238 	 */
6239 	ahd_timer_stop(&ahd->reset_timer);
6240 	ahd_timer_stop(&ahd->stat_timer);
6241 
6242 	/* This will reset most registers to 0, but not all */
6243 	ahd_reset(ahd, /*reinit*/FALSE);
6244 }
6245 
6246 /*
6247  * Reset the controller and record some information about it
6248  * that is only available just after a reset.  If "reinit" is
6249  * non-zero, this reset occured after initial configuration
6250  * and the caller requests that the chip be fully reinitialized
6251  * to a runable state.  Chip interrupts are *not* enabled after
6252  * a reinitialization.  The caller must enable interrupts via
6253  * ahd_intr_enable().
6254  */
6255 int
6256 ahd_reset(struct ahd_softc *ahd, int reinit)
6257 {
6258 	u_int	 sxfrctl1;
6259 	int	 wait;
6260 	uint32_t cmd;
6261 
6262 	/*
6263 	 * Preserve the value of the SXFRCTL1 register for all channels.
6264 	 * It contains settings that affect termination and we don't want
6265 	 * to disturb the integrity of the bus.
6266 	 */
6267 	ahd_pause(ahd);
6268 	ahd_update_modes(ahd);
6269 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
6270 	sxfrctl1 = ahd_inb(ahd, SXFRCTL1);
6271 
6272 	cmd = ahd_pci_read_config(ahd->dev_softc, PCIR_COMMAND, /*bytes*/2);
6273 	if ((ahd->bugs & AHD_PCIX_CHIPRST_BUG) != 0) {
6274 		uint32_t mod_cmd;
6275 
6276 		/*
6277 		 * A4 Razor #632
6278 		 * During the assertion of CHIPRST, the chip
6279 		 * does not disable its parity logic prior to
6280 		 * the start of the reset.  This may cause a
6281 		 * parity error to be detected and thus a
6282 		 * spurious SERR or PERR assertion.  Disble
6283 		 * PERR and SERR responses during the CHIPRST.
6284 		 */
6285 		mod_cmd = cmd & ~(PCIM_CMD_PERRESPEN|PCIM_CMD_SERRESPEN);
6286 		ahd_pci_write_config(ahd->dev_softc, PCIR_COMMAND,
6287 				     mod_cmd, /*bytes*/2);
6288 	}
6289 	ahd_outb(ahd, HCNTRL, CHIPRST | ahd->pause);
6290 
6291 	/*
6292 	 * Ensure that the reset has finished.  We delay 1000us
6293 	 * prior to reading the register to make sure the chip
6294 	 * has sufficiently completed its reset to handle register
6295 	 * accesses.
6296 	 */
6297 	wait = 1000;
6298 	do {
6299 		ahd_delay(1000);
6300 	} while (--wait && !(ahd_inb(ahd, HCNTRL) & CHIPRSTACK));
6301 
6302 	if (wait == 0) {
6303 		printf("%s: WARNING - Failed chip reset!  "
6304 		       "Trying to initialize anyway.\n", ahd_name(ahd));
6305 	}
6306 	ahd_outb(ahd, HCNTRL, ahd->pause);
6307 
6308 	if ((ahd->bugs & AHD_PCIX_CHIPRST_BUG) != 0) {
6309 		/*
6310 		 * Clear any latched PCI error status and restore
6311 		 * previous SERR and PERR response enables.
6312 		 */
6313 		ahd_pci_write_config(ahd->dev_softc, PCIR_STATUS + 1,
6314 				     0xFF, /*bytes*/1);
6315 		ahd_pci_write_config(ahd->dev_softc, PCIR_COMMAND,
6316 				     cmd, /*bytes*/2);
6317 	}
6318 
6319 	/*
6320 	 * Mode should be SCSI after a chip reset, but lets
6321 	 * set it just to be safe.  We touch the MODE_PTR
6322 	 * register directly so as to bypass the lazy update
6323 	 * code in ahd_set_modes().
6324 	 */
6325 	ahd_known_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
6326 	ahd_outb(ahd, MODE_PTR,
6327 		 ahd_build_mode_state(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI));
6328 
6329 	/*
6330 	 * Restore SXFRCTL1.
6331 	 *
6332 	 * We must always initialize STPWEN to 1 before we
6333 	 * restore the saved values.  STPWEN is initialized
6334 	 * to a tri-state condition which can only be cleared
6335 	 * by turning it on.
6336 	 */
6337 	ahd_outb(ahd, SXFRCTL1, sxfrctl1|STPWEN);
6338 	ahd_outb(ahd, SXFRCTL1, sxfrctl1);
6339 
6340 	/* Determine chip configuration */
6341 	ahd->features &= ~AHD_WIDE;
6342 	if ((ahd_inb(ahd, SBLKCTL) & SELWIDE) != 0)
6343 		ahd->features |= AHD_WIDE;
6344 
6345 	/*
6346 	 * If a recovery action has forced a chip reset,
6347 	 * re-initialize the chip to our liking.
6348 	 */
6349 	if (reinit != 0)
6350 		ahd_chip_init(ahd);
6351 
6352 	return (0);
6353 }
6354 
6355 /*
6356  * Determine the number of SCBs available on the controller
6357  */
6358 static int
6359 ahd_probe_scbs(struct ahd_softc *ahd) {
6360 	int i;
6361 
6362 	AHD_ASSERT_MODES(ahd, ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK),
6363 			 ~(AHD_MODE_UNKNOWN_MSK|AHD_MODE_CFG_MSK));
6364 	for (i = 0; i < AHD_SCB_MAX; i++) {
6365 		int j;
6366 
6367 		ahd_set_scbptr(ahd, i);
6368 		ahd_outw(ahd, SCB_BASE, i);
6369 		for (j = 2; j < 64; j++)
6370 			ahd_outb(ahd, SCB_BASE+j, 0);
6371 		/* Start out life as unallocated (needing an abort) */
6372 		ahd_outb(ahd, SCB_CONTROL, MK_MESSAGE);
6373 		if (ahd_inw_scbram(ahd, SCB_BASE) != i)
6374 			break;
6375 		ahd_set_scbptr(ahd, 0);
6376 		if (ahd_inw_scbram(ahd, SCB_BASE) != 0)
6377 			break;
6378 	}
6379 	return (i);
6380 }
6381 
6382 static void
6383 ahd_dmamap_cb(void *arg, bus_dma_segment_t *segs, int nseg, int error)
6384 {
6385 	dma_addr_t *baddr;
6386 
6387 	baddr = (dma_addr_t *)arg;
6388 	*baddr = segs->ds_addr;
6389 }
6390 
6391 static void
6392 ahd_initialize_hscbs(struct ahd_softc *ahd)
6393 {
6394 	int i;
6395 
6396 	for (i = 0; i < ahd->scb_data.maxhscbs; i++) {
6397 		ahd_set_scbptr(ahd, i);
6398 
6399 		/* Clear the control byte. */
6400 		ahd_outb(ahd, SCB_CONTROL, 0);
6401 
6402 		/* Set the next pointer */
6403 		ahd_outw(ahd, SCB_NEXT, SCB_LIST_NULL);
6404 	}
6405 }
6406 
6407 static int
6408 ahd_init_scbdata(struct ahd_softc *ahd)
6409 {
6410 	struct	scb_data *scb_data;
6411 	int	i;
6412 
6413 	scb_data = &ahd->scb_data;
6414 	TAILQ_INIT(&scb_data->free_scbs);
6415 	for (i = 0; i < AHD_NUM_TARGETS * AHD_NUM_LUNS_NONPKT; i++)
6416 		LIST_INIT(&scb_data->free_scb_lists[i]);
6417 	LIST_INIT(&scb_data->any_dev_free_scb_list);
6418 	SLIST_INIT(&scb_data->hscb_maps);
6419 	SLIST_INIT(&scb_data->sg_maps);
6420 	SLIST_INIT(&scb_data->sense_maps);
6421 
6422 	/* Determine the number of hardware SCBs and initialize them */
6423 	scb_data->maxhscbs = ahd_probe_scbs(ahd);
6424 	if (scb_data->maxhscbs == 0) {
6425 		printf("%s: No SCB space found\n", ahd_name(ahd));
6426 		return (ENXIO);
6427 	}
6428 
6429 	ahd_initialize_hscbs(ahd);
6430 
6431 	/*
6432 	 * Create our DMA tags.  These tags define the kinds of device
6433 	 * accessible memory allocations and memory mappings we will
6434 	 * need to perform during normal operation.
6435 	 *
6436 	 * Unless we need to further restrict the allocation, we rely
6437 	 * on the restrictions of the parent dmat, hence the common
6438 	 * use of MAXADDR and MAXSIZE.
6439 	 */
6440 
6441 	/* DMA tag for our hardware scb structures */
6442 	if (ahd_dma_tag_create(ahd, ahd->parent_dmat, /*alignment*/1,
6443 			       /*boundary*/BUS_SPACE_MAXADDR_32BIT + 1,
6444 			       /*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
6445 			       /*highaddr*/BUS_SPACE_MAXADDR,
6446 			       /*filter*/NULL, /*filterarg*/NULL,
6447 			       PAGE_SIZE, /*nsegments*/1,
6448 			       /*maxsegsz*/BUS_SPACE_MAXSIZE_32BIT,
6449 			       /*flags*/0, &scb_data->hscb_dmat) != 0) {
6450 		goto error_exit;
6451 	}
6452 
6453 	scb_data->init_level++;
6454 
6455 	/* DMA tag for our S/G structures. */
6456 	if (ahd_dma_tag_create(ahd, ahd->parent_dmat, /*alignment*/8,
6457 			       /*boundary*/BUS_SPACE_MAXADDR_32BIT + 1,
6458 			       /*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
6459 			       /*highaddr*/BUS_SPACE_MAXADDR,
6460 			       /*filter*/NULL, /*filterarg*/NULL,
6461 			       ahd_sglist_allocsize(ahd), /*nsegments*/1,
6462 			       /*maxsegsz*/BUS_SPACE_MAXSIZE_32BIT,
6463 			       /*flags*/0, &scb_data->sg_dmat) != 0) {
6464 		goto error_exit;
6465 	}
6466 #ifdef AHD_DEBUG
6467 	if ((ahd_debug & AHD_SHOW_MEMORY) != 0)
6468 		printf("%s: ahd_sglist_allocsize = 0x%x\n", ahd_name(ahd),
6469 		       ahd_sglist_allocsize(ahd));
6470 #endif
6471 
6472 	scb_data->init_level++;
6473 
6474 	/* DMA tag for our sense buffers.  We allocate in page sized chunks */
6475 	if (ahd_dma_tag_create(ahd, ahd->parent_dmat, /*alignment*/1,
6476 			       /*boundary*/BUS_SPACE_MAXADDR_32BIT + 1,
6477 			       /*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
6478 			       /*highaddr*/BUS_SPACE_MAXADDR,
6479 			       /*filter*/NULL, /*filterarg*/NULL,
6480 			       PAGE_SIZE, /*nsegments*/1,
6481 			       /*maxsegsz*/BUS_SPACE_MAXSIZE_32BIT,
6482 			       /*flags*/0, &scb_data->sense_dmat) != 0) {
6483 		goto error_exit;
6484 	}
6485 
6486 	scb_data->init_level++;
6487 
6488 	/* Perform initial CCB allocation */
6489 	ahd_alloc_scbs(ahd);
6490 
6491 	if (scb_data->numscbs == 0) {
6492 		printf("%s: ahd_init_scbdata - "
6493 		       "Unable to allocate initial scbs\n",
6494 		       ahd_name(ahd));
6495 		goto error_exit;
6496 	}
6497 
6498 	/*
6499 	 * Note that we were successfull
6500 	 */
6501 	return (0);
6502 
6503 error_exit:
6504 
6505 	return (ENOMEM);
6506 }
6507 
6508 static struct scb *
6509 ahd_find_scb_by_tag(struct ahd_softc *ahd, u_int tag)
6510 {
6511 	struct scb *scb;
6512 
6513 	/*
6514 	 * Look on the pending list.
6515 	 */
6516 	LIST_FOREACH(scb, &ahd->pending_scbs, pending_links) {
6517 		if (SCB_GET_TAG(scb) == tag)
6518 			return (scb);
6519 	}
6520 
6521 	/*
6522 	 * Then on all of the collision free lists.
6523 	 */
6524 	TAILQ_FOREACH(scb, &ahd->scb_data.free_scbs, links.tqe) {
6525 		struct scb *list_scb;
6526 
6527 		list_scb = scb;
6528 		do {
6529 			if (SCB_GET_TAG(list_scb) == tag)
6530 				return (list_scb);
6531 			list_scb = LIST_NEXT(list_scb, collision_links);
6532 		} while (list_scb);
6533 	}
6534 
6535 	/*
6536 	 * And finally on the generic free list.
6537 	 */
6538 	LIST_FOREACH(scb, &ahd->scb_data.any_dev_free_scb_list, links.le) {
6539 		if (SCB_GET_TAG(scb) == tag)
6540 			return (scb);
6541 	}
6542 
6543 	return (NULL);
6544 }
6545 
6546 static void
6547 ahd_fini_scbdata(struct ahd_softc *ahd)
6548 {
6549 	struct scb_data *scb_data;
6550 
6551 	scb_data = &ahd->scb_data;
6552 	if (scb_data == NULL)
6553 		return;
6554 
6555 	switch (scb_data->init_level) {
6556 	default:
6557 	case 7:
6558 	{
6559 		struct map_node *sns_map;
6560 
6561 		while ((sns_map = SLIST_FIRST(&scb_data->sense_maps)) != NULL) {
6562 			SLIST_REMOVE_HEAD(&scb_data->sense_maps, links);
6563 			ahd_dmamap_unload(ahd, scb_data->sense_dmat,
6564 					  sns_map->dmamap);
6565 			ahd_dmamem_free(ahd, scb_data->sense_dmat,
6566 					sns_map->vaddr, sns_map->dmamap);
6567 			free(sns_map, M_DEVBUF);
6568 		}
6569 		ahd_dma_tag_destroy(ahd, scb_data->sense_dmat);
6570 		/* FALLTHROUGH */
6571 	}
6572 	case 6:
6573 	{
6574 		struct map_node *sg_map;
6575 
6576 		while ((sg_map = SLIST_FIRST(&scb_data->sg_maps)) != NULL) {
6577 			SLIST_REMOVE_HEAD(&scb_data->sg_maps, links);
6578 			ahd_dmamap_unload(ahd, scb_data->sg_dmat,
6579 					  sg_map->dmamap);
6580 			ahd_dmamem_free(ahd, scb_data->sg_dmat,
6581 					sg_map->vaddr, sg_map->dmamap);
6582 			free(sg_map, M_DEVBUF);
6583 		}
6584 		ahd_dma_tag_destroy(ahd, scb_data->sg_dmat);
6585 		/* FALLTHROUGH */
6586 	}
6587 	case 5:
6588 	{
6589 		struct map_node *hscb_map;
6590 
6591 		while ((hscb_map = SLIST_FIRST(&scb_data->hscb_maps)) != NULL) {
6592 			SLIST_REMOVE_HEAD(&scb_data->hscb_maps, links);
6593 			ahd_dmamap_unload(ahd, scb_data->hscb_dmat,
6594 					  hscb_map->dmamap);
6595 			ahd_dmamem_free(ahd, scb_data->hscb_dmat,
6596 					hscb_map->vaddr, hscb_map->dmamap);
6597 			free(hscb_map, M_DEVBUF);
6598 		}
6599 		ahd_dma_tag_destroy(ahd, scb_data->hscb_dmat);
6600 		/* FALLTHROUGH */
6601 	}
6602 	case 4:
6603 	case 3:
6604 	case 2:
6605 	case 1:
6606 	case 0:
6607 		break;
6608 	}
6609 }
6610 
6611 /*
6612  * DSP filter Bypass must be enabled until the first selection
6613  * after a change in bus mode (Razor #491 and #493).
6614  */
6615 static void
6616 ahd_setup_iocell_workaround(struct ahd_softc *ahd)
6617 {
6618 	ahd_mode_state saved_modes;
6619 
6620 	saved_modes = ahd_save_modes(ahd);
6621 	ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
6622 	ahd_outb(ahd, DSPDATACTL, ahd_inb(ahd, DSPDATACTL)
6623 	       | BYPASSENAB | RCVROFFSTDIS | XMITOFFSTDIS);
6624 	ahd_outb(ahd, SIMODE0, ahd_inb(ahd, SIMODE0) | (ENSELDO|ENSELDI));
6625 #ifdef AHD_DEBUG
6626 	if ((ahd_debug & AHD_SHOW_MISC) != 0)
6627 		printf("%s: Setting up iocell workaround\n", ahd_name(ahd));
6628 #endif
6629 	ahd_restore_modes(ahd, saved_modes);
6630 	ahd->flags &= ~AHD_HAD_FIRST_SEL;
6631 }
6632 
6633 static void
6634 ahd_iocell_first_selection(struct ahd_softc *ahd)
6635 {
6636 	ahd_mode_state	saved_modes;
6637 	u_int		sblkctl;
6638 
6639 	if ((ahd->flags & AHD_HAD_FIRST_SEL) != 0)
6640 		return;
6641 	saved_modes = ahd_save_modes(ahd);
6642 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
6643 	sblkctl = ahd_inb(ahd, SBLKCTL);
6644 	ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
6645 #ifdef AHD_DEBUG
6646 	if ((ahd_debug & AHD_SHOW_MISC) != 0)
6647 		printf("%s: iocell first selection\n", ahd_name(ahd));
6648 #endif
6649 	if ((sblkctl & ENAB40) != 0) {
6650 		ahd_outb(ahd, DSPDATACTL,
6651 			 ahd_inb(ahd, DSPDATACTL) & ~BYPASSENAB);
6652 #ifdef AHD_DEBUG
6653 		if ((ahd_debug & AHD_SHOW_MISC) != 0)
6654 			printf("%s: BYPASS now disabled\n", ahd_name(ahd));
6655 #endif
6656 	}
6657 	ahd_outb(ahd, SIMODE0, ahd_inb(ahd, SIMODE0) & ~(ENSELDO|ENSELDI));
6658 	ahd_outb(ahd, CLRINT, CLRSCSIINT);
6659 	ahd_restore_modes(ahd, saved_modes);
6660 	ahd->flags |= AHD_HAD_FIRST_SEL;
6661 }
6662 
6663 /*************************** SCB Management ***********************************/
6664 static void
6665 ahd_add_col_list(struct ahd_softc *ahd, struct scb *scb, u_int col_idx)
6666 {
6667 	struct	scb_list *free_list;
6668 	struct	scb_tailq *free_tailq;
6669 	struct	scb *first_scb;
6670 
6671 	scb->flags |= SCB_ON_COL_LIST;
6672 	AHD_SET_SCB_COL_IDX(scb, col_idx);
6673 	free_list = &ahd->scb_data.free_scb_lists[col_idx];
6674 	free_tailq = &ahd->scb_data.free_scbs;
6675 	first_scb = LIST_FIRST(free_list);
6676 	if (first_scb != NULL) {
6677 		LIST_INSERT_AFTER(first_scb, scb, collision_links);
6678 	} else {
6679 		LIST_INSERT_HEAD(free_list, scb, collision_links);
6680 		TAILQ_INSERT_TAIL(free_tailq, scb, links.tqe);
6681 	}
6682 }
6683 
6684 static void
6685 ahd_rem_col_list(struct ahd_softc *ahd, struct scb *scb)
6686 {
6687 	struct	scb_list *free_list;
6688 	struct	scb_tailq *free_tailq;
6689 	struct	scb *first_scb;
6690 	u_int	col_idx;
6691 
6692 	scb->flags &= ~SCB_ON_COL_LIST;
6693 	col_idx = AHD_GET_SCB_COL_IDX(ahd, scb);
6694 	free_list = &ahd->scb_data.free_scb_lists[col_idx];
6695 	free_tailq = &ahd->scb_data.free_scbs;
6696 	first_scb = LIST_FIRST(free_list);
6697 	if (first_scb == scb) {
6698 		struct scb *next_scb;
6699 
6700 		/*
6701 		 * Maintain order in the collision free
6702 		 * lists for fairness if this device has
6703 		 * other colliding tags active.
6704 		 */
6705 		next_scb = LIST_NEXT(scb, collision_links);
6706 		if (next_scb != NULL) {
6707 			TAILQ_INSERT_AFTER(free_tailq, scb,
6708 					   next_scb, links.tqe);
6709 		}
6710 		TAILQ_REMOVE(free_tailq, scb, links.tqe);
6711 	}
6712 	LIST_REMOVE(scb, collision_links);
6713 }
6714 
6715 /*
6716  * Get a free scb. If there are none, see if we can allocate a new SCB.
6717  */
6718 struct scb *
6719 ahd_get_scb(struct ahd_softc *ahd, u_int col_idx)
6720 {
6721 	struct scb *scb;
6722 	int tries;
6723 
6724 	tries = 0;
6725 look_again:
6726 	TAILQ_FOREACH(scb, &ahd->scb_data.free_scbs, links.tqe) {
6727 		if (AHD_GET_SCB_COL_IDX(ahd, scb) != col_idx) {
6728 			ahd_rem_col_list(ahd, scb);
6729 			goto found;
6730 		}
6731 	}
6732 	if ((scb = LIST_FIRST(&ahd->scb_data.any_dev_free_scb_list)) == NULL) {
6733 
6734 		if (tries++ != 0)
6735 			return (NULL);
6736 		ahd_alloc_scbs(ahd);
6737 		goto look_again;
6738 	}
6739 	LIST_REMOVE(scb, links.le);
6740 	if (col_idx != AHD_NEVER_COL_IDX
6741 	 && (scb->col_scb != NULL)
6742 	 && (scb->col_scb->flags & SCB_ACTIVE) == 0) {
6743 		LIST_REMOVE(scb->col_scb, links.le);
6744 		ahd_add_col_list(ahd, scb->col_scb, col_idx);
6745 	}
6746 found:
6747 	scb->flags |= SCB_ACTIVE;
6748 	return (scb);
6749 }
6750 
6751 /*
6752  * Return an SCB resource to the free list.
6753  */
6754 void
6755 ahd_free_scb(struct ahd_softc *ahd, struct scb *scb)
6756 {
6757 	/* Clean up for the next user */
6758 	scb->flags = SCB_FLAG_NONE;
6759 	scb->hscb->control = 0;
6760 	ahd->scb_data.scbindex[SCB_GET_TAG(scb)] = NULL;
6761 
6762 	if (scb->col_scb == NULL) {
6763 
6764 		/*
6765 		 * No collision possible.  Just free normally.
6766 		 */
6767 		LIST_INSERT_HEAD(&ahd->scb_data.any_dev_free_scb_list,
6768 				 scb, links.le);
6769 	} else if ((scb->col_scb->flags & SCB_ON_COL_LIST) != 0) {
6770 
6771 		/*
6772 		 * The SCB we might have collided with is on
6773 		 * a free collision list.  Put both SCBs on
6774 		 * the generic list.
6775 		 */
6776 		ahd_rem_col_list(ahd, scb->col_scb);
6777 		LIST_INSERT_HEAD(&ahd->scb_data.any_dev_free_scb_list,
6778 				 scb, links.le);
6779 		LIST_INSERT_HEAD(&ahd->scb_data.any_dev_free_scb_list,
6780 				 scb->col_scb, links.le);
6781 	} else if ((scb->col_scb->flags
6782 		  & (SCB_PACKETIZED|SCB_ACTIVE)) == SCB_ACTIVE
6783 		&& (scb->col_scb->hscb->control & TAG_ENB) != 0) {
6784 
6785 		/*
6786 		 * The SCB we might collide with on the next allocation
6787 		 * is still active in a non-packetized, tagged, context.
6788 		 * Put us on the SCB collision list.
6789 		 */
6790 		ahd_add_col_list(ahd, scb,
6791 				 AHD_GET_SCB_COL_IDX(ahd, scb->col_scb));
6792 	} else {
6793 		/*
6794 		 * The SCB we might collide with on the next allocation
6795 		 * is either active in a packetized context, or free.
6796 		 * Since we can't collide, put this SCB on the generic
6797 		 * free list.
6798 		 */
6799 		LIST_INSERT_HEAD(&ahd->scb_data.any_dev_free_scb_list,
6800 				 scb, links.le);
6801 	}
6802 
6803 	ahd_platform_scb_free(ahd, scb);
6804 }
6805 
6806 static void
6807 ahd_alloc_scbs(struct ahd_softc *ahd)
6808 {
6809 	struct scb_data *scb_data;
6810 	struct scb	*next_scb;
6811 	struct hardware_scb *hscb;
6812 	struct map_node *hscb_map;
6813 	struct map_node *sg_map;
6814 	struct map_node *sense_map;
6815 	uint8_t		*segs;
6816 	uint8_t		*sense_data;
6817 	dma_addr_t	 hscb_busaddr;
6818 	dma_addr_t	 sg_busaddr;
6819 	dma_addr_t	 sense_busaddr;
6820 	int		 newcount;
6821 	int		 i;
6822 
6823 	scb_data = &ahd->scb_data;
6824 	if (scb_data->numscbs >= AHD_SCB_MAX_ALLOC)
6825 		/* Can't allocate any more */
6826 		return;
6827 
6828 	if (scb_data->scbs_left != 0) {
6829 		int offset;
6830 
6831 		offset = (PAGE_SIZE / sizeof(*hscb)) - scb_data->scbs_left;
6832 		hscb_map = SLIST_FIRST(&scb_data->hscb_maps);
6833 		hscb = &((struct hardware_scb *)hscb_map->vaddr)[offset];
6834 		hscb_busaddr = hscb_map->physaddr + (offset * sizeof(*hscb));
6835 	} else {
6836 		hscb_map = malloc(sizeof(*hscb_map), M_DEVBUF, M_NOWAIT);
6837 
6838 		if (hscb_map == NULL)
6839 			return;
6840 
6841 		/* Allocate the next batch of hardware SCBs */
6842 		if (ahd_dmamem_alloc(ahd, scb_data->hscb_dmat,
6843 				     (void **)&hscb_map->vaddr,
6844 				     BUS_DMA_NOWAIT, &hscb_map->dmamap) != 0) {
6845 			free(hscb_map, M_DEVBUF);
6846 			return;
6847 		}
6848 
6849 		SLIST_INSERT_HEAD(&scb_data->hscb_maps, hscb_map, links);
6850 
6851 		ahd_dmamap_load(ahd, scb_data->hscb_dmat, hscb_map->dmamap,
6852 				hscb_map->vaddr, PAGE_SIZE, ahd_dmamap_cb,
6853 				&hscb_map->physaddr, /*flags*/0);
6854 
6855 		hscb = (struct hardware_scb *)hscb_map->vaddr;
6856 		hscb_busaddr = hscb_map->physaddr;
6857 		scb_data->scbs_left = PAGE_SIZE / sizeof(*hscb);
6858 	}
6859 
6860 	if (scb_data->sgs_left != 0) {
6861 		int offset;
6862 
6863 		offset = ((ahd_sglist_allocsize(ahd) / ahd_sglist_size(ahd))
6864 		       - scb_data->sgs_left) * ahd_sglist_size(ahd);
6865 		sg_map = SLIST_FIRST(&scb_data->sg_maps);
6866 		segs = sg_map->vaddr + offset;
6867 		sg_busaddr = sg_map->physaddr + offset;
6868 	} else {
6869 		sg_map = malloc(sizeof(*sg_map), M_DEVBUF, M_NOWAIT);
6870 
6871 		if (sg_map == NULL)
6872 			return;
6873 
6874 		/* Allocate the next batch of S/G lists */
6875 		if (ahd_dmamem_alloc(ahd, scb_data->sg_dmat,
6876 				     (void **)&sg_map->vaddr,
6877 				     BUS_DMA_NOWAIT, &sg_map->dmamap) != 0) {
6878 			free(sg_map, M_DEVBUF);
6879 			return;
6880 		}
6881 
6882 		SLIST_INSERT_HEAD(&scb_data->sg_maps, sg_map, links);
6883 
6884 		ahd_dmamap_load(ahd, scb_data->sg_dmat, sg_map->dmamap,
6885 				sg_map->vaddr, ahd_sglist_allocsize(ahd),
6886 				ahd_dmamap_cb, &sg_map->physaddr, /*flags*/0);
6887 
6888 		segs = sg_map->vaddr;
6889 		sg_busaddr = sg_map->physaddr;
6890 		scb_data->sgs_left =
6891 		    ahd_sglist_allocsize(ahd) / ahd_sglist_size(ahd);
6892 #ifdef AHD_DEBUG
6893 		if (ahd_debug & AHD_SHOW_MEMORY)
6894 			printf("Mapped SG data\n");
6895 #endif
6896 	}
6897 
6898 	if (scb_data->sense_left != 0) {
6899 		int offset;
6900 
6901 		offset = PAGE_SIZE - (AHD_SENSE_BUFSIZE * scb_data->sense_left);
6902 		sense_map = SLIST_FIRST(&scb_data->sense_maps);
6903 		sense_data = sense_map->vaddr + offset;
6904 		sense_busaddr = sense_map->physaddr + offset;
6905 	} else {
6906 		sense_map = malloc(sizeof(*sense_map), M_DEVBUF, M_NOWAIT);
6907 
6908 		if (sense_map == NULL)
6909 			return;
6910 
6911 		/* Allocate the next batch of sense buffers */
6912 		if (ahd_dmamem_alloc(ahd, scb_data->sense_dmat,
6913 				     (void **)&sense_map->vaddr,
6914 				     BUS_DMA_NOWAIT, &sense_map->dmamap) != 0) {
6915 			free(sense_map, M_DEVBUF);
6916 			return;
6917 		}
6918 
6919 		SLIST_INSERT_HEAD(&scb_data->sense_maps, sense_map, links);
6920 
6921 		ahd_dmamap_load(ahd, scb_data->sense_dmat, sense_map->dmamap,
6922 				sense_map->vaddr, PAGE_SIZE, ahd_dmamap_cb,
6923 				&sense_map->physaddr, /*flags*/0);
6924 
6925 		sense_data = sense_map->vaddr;
6926 		sense_busaddr = sense_map->physaddr;
6927 		scb_data->sense_left = PAGE_SIZE / AHD_SENSE_BUFSIZE;
6928 #ifdef AHD_DEBUG
6929 		if (ahd_debug & AHD_SHOW_MEMORY)
6930 			printf("Mapped sense data\n");
6931 #endif
6932 	}
6933 
6934 	newcount = min(scb_data->sense_left, scb_data->scbs_left);
6935 	newcount = min(newcount, scb_data->sgs_left);
6936 	newcount = min(newcount, (AHD_SCB_MAX_ALLOC - scb_data->numscbs));
6937 	for (i = 0; i < newcount; i++) {
6938 		struct scb_platform_data *pdata;
6939 		u_int col_tag;
6940 #ifndef __linux__
6941 		int error;
6942 #endif
6943 
6944 		next_scb = (struct scb *)malloc(sizeof(*next_scb),
6945 						M_DEVBUF, M_NOWAIT);
6946 		if (next_scb == NULL)
6947 			break;
6948 
6949 		pdata = (struct scb_platform_data *)malloc(sizeof(*pdata),
6950 							   M_DEVBUF, M_NOWAIT);
6951 		if (pdata == NULL) {
6952 			free(next_scb, M_DEVBUF);
6953 			break;
6954 		}
6955 		next_scb->platform_data = pdata;
6956 		next_scb->hscb_map = hscb_map;
6957 		next_scb->sg_map = sg_map;
6958 		next_scb->sense_map = sense_map;
6959 		next_scb->sg_list = segs;
6960 		next_scb->sense_data = sense_data;
6961 		next_scb->sense_busaddr = sense_busaddr;
6962 		memset(hscb, 0, sizeof(*hscb));
6963 		next_scb->hscb = hscb;
6964 		hscb->hscb_busaddr = ahd_htole32(hscb_busaddr);
6965 
6966 		/*
6967 		 * The sequencer always starts with the second entry.
6968 		 * The first entry is embedded in the scb.
6969 		 */
6970 		next_scb->sg_list_busaddr = sg_busaddr;
6971 		if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0)
6972 			next_scb->sg_list_busaddr
6973 			    += sizeof(struct ahd_dma64_seg);
6974 		else
6975 			next_scb->sg_list_busaddr += sizeof(struct ahd_dma_seg);
6976 		next_scb->ahd_softc = ahd;
6977 		next_scb->flags = SCB_FLAG_NONE;
6978 #ifndef __linux__
6979 		error = ahd_dmamap_create(ahd, ahd->buffer_dmat, /*flags*/0,
6980 					  &next_scb->dmamap);
6981 		if (error != 0) {
6982 			free(next_scb, M_DEVBUF);
6983 			free(pdata, M_DEVBUF);
6984 			break;
6985 		}
6986 #endif
6987 		next_scb->hscb->tag = ahd_htole16(scb_data->numscbs);
6988 		col_tag = scb_data->numscbs ^ 0x100;
6989 		next_scb->col_scb = ahd_find_scb_by_tag(ahd, col_tag);
6990 		if (next_scb->col_scb != NULL)
6991 			next_scb->col_scb->col_scb = next_scb;
6992 		ahd_free_scb(ahd, next_scb);
6993 		hscb++;
6994 		hscb_busaddr += sizeof(*hscb);
6995 		segs += ahd_sglist_size(ahd);
6996 		sg_busaddr += ahd_sglist_size(ahd);
6997 		sense_data += AHD_SENSE_BUFSIZE;
6998 		sense_busaddr += AHD_SENSE_BUFSIZE;
6999 		scb_data->numscbs++;
7000 		scb_data->sense_left--;
7001 		scb_data->scbs_left--;
7002 		scb_data->sgs_left--;
7003 	}
7004 }
7005 
7006 void
7007 ahd_controller_info(struct ahd_softc *ahd, char *buf)
7008 {
7009 	const char *speed;
7010 	const char *type;
7011 	int len;
7012 
7013 	len = sprintf(buf, "%s: ", ahd_chip_names[ahd->chip & AHD_CHIPID_MASK]);
7014 	buf += len;
7015 
7016 	speed = "Ultra320 ";
7017 	if ((ahd->features & AHD_WIDE) != 0) {
7018 		type = "Wide ";
7019 	} else {
7020 		type = "Single ";
7021 	}
7022 	len = sprintf(buf, "%s%sChannel %c, SCSI Id=%d, ",
7023 		      speed, type, ahd->channel, ahd->our_id);
7024 	buf += len;
7025 
7026 	sprintf(buf, "%s, %d SCBs", ahd->bus_description,
7027 		ahd->scb_data.maxhscbs);
7028 }
7029 
7030 static const char *channel_strings[] = {
7031 	"Primary Low",
7032 	"Primary High",
7033 	"Secondary Low",
7034 	"Secondary High"
7035 };
7036 
7037 static const char *termstat_strings[] = {
7038 	"Terminated Correctly",
7039 	"Over Terminated",
7040 	"Under Terminated",
7041 	"Not Configured"
7042 };
7043 
7044 /***************************** Timer Facilities *******************************/
7045 #define ahd_timer_init init_timer
7046 #define ahd_timer_stop del_timer_sync
7047 typedef void ahd_linux_callback_t (u_long);
7048 
7049 static void
7050 ahd_timer_reset(ahd_timer_t *timer, int usec, ahd_callback_t *func, void *arg)
7051 {
7052 	struct ahd_softc *ahd;
7053 
7054 	ahd = (struct ahd_softc *)arg;
7055 	del_timer(timer);
7056 	timer->data = (u_long)arg;
7057 	timer->expires = jiffies + (usec * HZ)/1000000;
7058 	timer->function = (ahd_linux_callback_t*)func;
7059 	add_timer(timer);
7060 }
7061 
7062 /*
7063  * Start the board, ready for normal operation
7064  */
7065 int
7066 ahd_init(struct ahd_softc *ahd)
7067 {
7068 	uint8_t		*next_vaddr;
7069 	dma_addr_t	 next_baddr;
7070 	size_t		 driver_data_size;
7071 	int		 i;
7072 	int		 error;
7073 	u_int		 warn_user;
7074 	uint8_t		 current_sensing;
7075 	uint8_t		 fstat;
7076 
7077 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
7078 
7079 	ahd->stack_size = ahd_probe_stack_size(ahd);
7080 	ahd->saved_stack = malloc(ahd->stack_size * sizeof(uint16_t),
7081 				  M_DEVBUF, M_NOWAIT);
7082 	if (ahd->saved_stack == NULL)
7083 		return (ENOMEM);
7084 
7085 	/*
7086 	 * Verify that the compiler hasn't over-agressively
7087 	 * padded important structures.
7088 	 */
7089 	if (sizeof(struct hardware_scb) != 64)
7090 		panic("Hardware SCB size is incorrect");
7091 
7092 #ifdef AHD_DEBUG
7093 	if ((ahd_debug & AHD_DEBUG_SEQUENCER) != 0)
7094 		ahd->flags |= AHD_SEQUENCER_DEBUG;
7095 #endif
7096 
7097 	/*
7098 	 * Default to allowing initiator operations.
7099 	 */
7100 	ahd->flags |= AHD_INITIATORROLE;
7101 
7102 	/*
7103 	 * Only allow target mode features if this unit has them enabled.
7104 	 */
7105 	if ((AHD_TMODE_ENABLE & (0x1 << ahd->unit)) == 0)
7106 		ahd->features &= ~AHD_TARGETMODE;
7107 
7108 #ifndef __linux__
7109 	/* DMA tag for mapping buffers into device visible space. */
7110 	if (ahd_dma_tag_create(ahd, ahd->parent_dmat, /*alignment*/1,
7111 			       /*boundary*/BUS_SPACE_MAXADDR_32BIT + 1,
7112 			       /*lowaddr*/ahd->flags & AHD_39BIT_ADDRESSING
7113 					? (dma_addr_t)0x7FFFFFFFFFULL
7114 					: BUS_SPACE_MAXADDR_32BIT,
7115 			       /*highaddr*/BUS_SPACE_MAXADDR,
7116 			       /*filter*/NULL, /*filterarg*/NULL,
7117 			       /*maxsize*/(AHD_NSEG - 1) * PAGE_SIZE,
7118 			       /*nsegments*/AHD_NSEG,
7119 			       /*maxsegsz*/AHD_MAXTRANSFER_SIZE,
7120 			       /*flags*/BUS_DMA_ALLOCNOW,
7121 			       &ahd->buffer_dmat) != 0) {
7122 		return (ENOMEM);
7123 	}
7124 #endif
7125 
7126 	ahd->init_level++;
7127 
7128 	/*
7129 	 * DMA tag for our command fifos and other data in system memory
7130 	 * the card's sequencer must be able to access.  For initiator
7131 	 * roles, we need to allocate space for the qoutfifo.  When providing
7132 	 * for the target mode role, we must additionally provide space for
7133 	 * the incoming target command fifo.
7134 	 */
7135 	driver_data_size = AHD_SCB_MAX * sizeof(*ahd->qoutfifo)
7136 			 + sizeof(struct hardware_scb);
7137 	if ((ahd->features & AHD_TARGETMODE) != 0)
7138 		driver_data_size += AHD_TMODE_CMDS * sizeof(struct target_cmd);
7139 	if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) != 0)
7140 		driver_data_size += PKT_OVERRUN_BUFSIZE;
7141 	if (ahd_dma_tag_create(ahd, ahd->parent_dmat, /*alignment*/1,
7142 			       /*boundary*/BUS_SPACE_MAXADDR_32BIT + 1,
7143 			       /*lowaddr*/BUS_SPACE_MAXADDR_32BIT,
7144 			       /*highaddr*/BUS_SPACE_MAXADDR,
7145 			       /*filter*/NULL, /*filterarg*/NULL,
7146 			       driver_data_size,
7147 			       /*nsegments*/1,
7148 			       /*maxsegsz*/BUS_SPACE_MAXSIZE_32BIT,
7149 			       /*flags*/0, &ahd->shared_data_dmat) != 0) {
7150 		return (ENOMEM);
7151 	}
7152 
7153 	ahd->init_level++;
7154 
7155 	/* Allocation of driver data */
7156 	if (ahd_dmamem_alloc(ahd, ahd->shared_data_dmat,
7157 			     (void **)&ahd->shared_data_map.vaddr,
7158 			     BUS_DMA_NOWAIT,
7159 			     &ahd->shared_data_map.dmamap) != 0) {
7160 		return (ENOMEM);
7161 	}
7162 
7163 	ahd->init_level++;
7164 
7165 	/* And permanently map it in */
7166 	ahd_dmamap_load(ahd, ahd->shared_data_dmat, ahd->shared_data_map.dmamap,
7167 			ahd->shared_data_map.vaddr, driver_data_size,
7168 			ahd_dmamap_cb, &ahd->shared_data_map.physaddr,
7169 			/*flags*/0);
7170 	ahd->qoutfifo = (struct ahd_completion *)ahd->shared_data_map.vaddr;
7171 	next_vaddr = (uint8_t *)&ahd->qoutfifo[AHD_QOUT_SIZE];
7172 	next_baddr = ahd->shared_data_map.physaddr
7173 		   + AHD_QOUT_SIZE*sizeof(struct ahd_completion);
7174 	if ((ahd->features & AHD_TARGETMODE) != 0) {
7175 		ahd->targetcmds = (struct target_cmd *)next_vaddr;
7176 		next_vaddr += AHD_TMODE_CMDS * sizeof(struct target_cmd);
7177 		next_baddr += AHD_TMODE_CMDS * sizeof(struct target_cmd);
7178 	}
7179 
7180 	if ((ahd->bugs & AHD_PKT_BITBUCKET_BUG) != 0) {
7181 		ahd->overrun_buf = next_vaddr;
7182 		next_vaddr += PKT_OVERRUN_BUFSIZE;
7183 		next_baddr += PKT_OVERRUN_BUFSIZE;
7184 	}
7185 
7186 	/*
7187 	 * We need one SCB to serve as the "next SCB".  Since the
7188 	 * tag identifier in this SCB will never be used, there is
7189 	 * no point in using a valid HSCB tag from an SCB pulled from
7190 	 * the standard free pool.  So, we allocate this "sentinel"
7191 	 * specially from the DMA safe memory chunk used for the QOUTFIFO.
7192 	 */
7193 	ahd->next_queued_hscb = (struct hardware_scb *)next_vaddr;
7194 	ahd->next_queued_hscb_map = &ahd->shared_data_map;
7195 	ahd->next_queued_hscb->hscb_busaddr = ahd_htole32(next_baddr);
7196 
7197 	ahd->init_level++;
7198 
7199 	/* Allocate SCB data now that buffer_dmat is initialized */
7200 	if (ahd_init_scbdata(ahd) != 0)
7201 		return (ENOMEM);
7202 
7203 	if ((ahd->flags & AHD_INITIATORROLE) == 0)
7204 		ahd->flags &= ~AHD_RESET_BUS_A;
7205 
7206 	/*
7207 	 * Before committing these settings to the chip, give
7208 	 * the OSM one last chance to modify our configuration.
7209 	 */
7210 	ahd_platform_init(ahd);
7211 
7212 	/* Bring up the chip. */
7213 	ahd_chip_init(ahd);
7214 
7215 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
7216 
7217 	if ((ahd->flags & AHD_CURRENT_SENSING) == 0)
7218 		goto init_done;
7219 
7220 	/*
7221 	 * Verify termination based on current draw and
7222 	 * warn user if the bus is over/under terminated.
7223 	 */
7224 	error = ahd_write_flexport(ahd, FLXADDR_ROMSTAT_CURSENSECTL,
7225 				   CURSENSE_ENB);
7226 	if (error != 0) {
7227 		printf("%s: current sensing timeout 1\n", ahd_name(ahd));
7228 		goto init_done;
7229 	}
7230 	for (i = 20, fstat = FLX_FSTAT_BUSY;
7231 	     (fstat & FLX_FSTAT_BUSY) != 0 && i; i--) {
7232 		error = ahd_read_flexport(ahd, FLXADDR_FLEXSTAT, &fstat);
7233 		if (error != 0) {
7234 			printf("%s: current sensing timeout 2\n",
7235 			       ahd_name(ahd));
7236 			goto init_done;
7237 		}
7238 	}
7239 	if (i == 0) {
7240 		printf("%s: Timedout during current-sensing test\n",
7241 		       ahd_name(ahd));
7242 		goto init_done;
7243 	}
7244 
7245 	/* Latch Current Sensing status. */
7246 	error = ahd_read_flexport(ahd, FLXADDR_CURRENT_STAT, &current_sensing);
7247 	if (error != 0) {
7248 		printf("%s: current sensing timeout 3\n", ahd_name(ahd));
7249 		goto init_done;
7250 	}
7251 
7252 	/* Diable current sensing. */
7253 	ahd_write_flexport(ahd, FLXADDR_ROMSTAT_CURSENSECTL, 0);
7254 
7255 #ifdef AHD_DEBUG
7256 	if ((ahd_debug & AHD_SHOW_TERMCTL) != 0) {
7257 		printf("%s: current_sensing == 0x%x\n",
7258 		       ahd_name(ahd), current_sensing);
7259 	}
7260 #endif
7261 	warn_user = 0;
7262 	for (i = 0; i < 4; i++, current_sensing >>= FLX_CSTAT_SHIFT) {
7263 		u_int term_stat;
7264 
7265 		term_stat = (current_sensing & FLX_CSTAT_MASK);
7266 		switch (term_stat) {
7267 		case FLX_CSTAT_OVER:
7268 		case FLX_CSTAT_UNDER:
7269 			warn_user++;
7270 		case FLX_CSTAT_INVALID:
7271 		case FLX_CSTAT_OKAY:
7272 			if (warn_user == 0 && bootverbose == 0)
7273 				break;
7274 			printf("%s: %s Channel %s\n", ahd_name(ahd),
7275 			       channel_strings[i], termstat_strings[term_stat]);
7276 			break;
7277 		}
7278 	}
7279 	if (warn_user) {
7280 		printf("%s: WARNING. Termination is not configured correctly.\n"
7281 		       "%s: WARNING. SCSI bus operations may FAIL.\n",
7282 		       ahd_name(ahd), ahd_name(ahd));
7283 	}
7284 init_done:
7285 	ahd_restart(ahd);
7286 	ahd_timer_reset(&ahd->stat_timer, AHD_STAT_UPDATE_US,
7287 			ahd_stat_timer, ahd);
7288 	return (0);
7289 }
7290 
7291 /*
7292  * (Re)initialize chip state after a chip reset.
7293  */
7294 static void
7295 ahd_chip_init(struct ahd_softc *ahd)
7296 {
7297 	uint32_t busaddr;
7298 	u_int	 sxfrctl1;
7299 	u_int	 scsiseq_template;
7300 	u_int	 wait;
7301 	u_int	 i;
7302 	u_int	 target;
7303 
7304 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
7305 	/*
7306 	 * Take the LED out of diagnostic mode
7307 	 */
7308 	ahd_outb(ahd, SBLKCTL, ahd_inb(ahd, SBLKCTL) & ~(DIAGLEDEN|DIAGLEDON));
7309 
7310 	/*
7311 	 * Return HS_MAILBOX to its default value.
7312 	 */
7313 	ahd->hs_mailbox = 0;
7314 	ahd_outb(ahd, HS_MAILBOX, 0);
7315 
7316 	/* Set the SCSI Id, SXFRCTL0, SXFRCTL1, and SIMODE1. */
7317 	ahd_outb(ahd, IOWNID, ahd->our_id);
7318 	ahd_outb(ahd, TOWNID, ahd->our_id);
7319 	sxfrctl1 = (ahd->flags & AHD_TERM_ENB_A) != 0 ? STPWEN : 0;
7320 	sxfrctl1 |= (ahd->flags & AHD_SPCHK_ENB_A) != 0 ? ENSPCHK : 0;
7321 	if ((ahd->bugs & AHD_LONG_SETIMO_BUG)
7322 	 && (ahd->seltime != STIMESEL_MIN)) {
7323 		/*
7324 		 * The selection timer duration is twice as long
7325 		 * as it should be.  Halve it by adding "1" to
7326 		 * the user specified setting.
7327 		 */
7328 		sxfrctl1 |= ahd->seltime + STIMESEL_BUG_ADJ;
7329 	} else {
7330 		sxfrctl1 |= ahd->seltime;
7331 	}
7332 
7333 	ahd_outb(ahd, SXFRCTL0, DFON);
7334 	ahd_outb(ahd, SXFRCTL1, sxfrctl1|ahd->seltime|ENSTIMER|ACTNEGEN);
7335 	ahd_outb(ahd, SIMODE1, ENSELTIMO|ENSCSIRST|ENSCSIPERR);
7336 
7337 	/*
7338 	 * Now that termination is set, wait for up
7339 	 * to 500ms for our transceivers to settle.  If
7340 	 * the adapter does not have a cable attached,
7341 	 * the transceivers may never settle, so don't
7342 	 * complain if we fail here.
7343 	 */
7344 	for (wait = 10000;
7345 	     (ahd_inb(ahd, SBLKCTL) & (ENAB40|ENAB20)) == 0 && wait;
7346 	     wait--)
7347 		ahd_delay(100);
7348 
7349 	/* Clear any false bus resets due to the transceivers settling */
7350 	ahd_outb(ahd, CLRSINT1, CLRSCSIRSTI);
7351 	ahd_outb(ahd, CLRINT, CLRSCSIINT);
7352 
7353 	/* Initialize mode specific S/G state. */
7354 	for (i = 0; i < 2; i++) {
7355 		ahd_set_modes(ahd, AHD_MODE_DFF0 + i, AHD_MODE_DFF0 + i);
7356 		ahd_outb(ahd, LONGJMP_ADDR + 1, INVALID_ADDR);
7357 		ahd_outb(ahd, SG_STATE, 0);
7358 		ahd_outb(ahd, CLRSEQINTSRC, 0xFF);
7359 		ahd_outb(ahd, SEQIMODE,
7360 			 ENSAVEPTRS|ENCFG4DATA|ENCFG4ISTAT
7361 			|ENCFG4TSTAT|ENCFG4ICMD|ENCFG4TCMD);
7362 	}
7363 
7364 	ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
7365 	ahd_outb(ahd, DSCOMMAND0, ahd_inb(ahd, DSCOMMAND0)|MPARCKEN|CACHETHEN);
7366 	ahd_outb(ahd, DFF_THRSH, RD_DFTHRSH_75|WR_DFTHRSH_75);
7367 	ahd_outb(ahd, SIMODE0, ENIOERR|ENOVERRUN);
7368 	ahd_outb(ahd, SIMODE3, ENNTRAMPERR|ENOSRAMPERR);
7369 	if ((ahd->bugs & AHD_BUSFREEREV_BUG) != 0) {
7370 		ahd_outb(ahd, OPTIONMODE, AUTOACKEN|AUTO_MSGOUT_DE);
7371 	} else {
7372 		ahd_outb(ahd, OPTIONMODE, AUTOACKEN|BUSFREEREV|AUTO_MSGOUT_DE);
7373 	}
7374 	ahd_outb(ahd, SCSCHKN, CURRFIFODEF|WIDERESEN|SHVALIDSTDIS);
7375 	if ((ahd->chip & AHD_BUS_MASK) == AHD_PCIX)
7376 		/*
7377 		 * Do not issue a target abort when a split completion
7378 		 * error occurs.  Let our PCIX interrupt handler deal
7379 		 * with it instead. H2A4 Razor #625
7380 		 */
7381 		ahd_outb(ahd, PCIXCTL, ahd_inb(ahd, PCIXCTL) | SPLTSTADIS);
7382 
7383 	if ((ahd->bugs & AHD_LQOOVERRUN_BUG) != 0)
7384 		ahd_outb(ahd, LQOSCSCTL, LQONOCHKOVER);
7385 
7386 	/*
7387 	 * Tweak IOCELL settings.
7388 	 */
7389 	if ((ahd->flags & AHD_HP_BOARD) != 0) {
7390 		for (i = 0; i < NUMDSPS; i++) {
7391 			ahd_outb(ahd, DSPSELECT, i);
7392 			ahd_outb(ahd, WRTBIASCTL, WRTBIASCTL_HP_DEFAULT);
7393 		}
7394 #ifdef AHD_DEBUG
7395 		if ((ahd_debug & AHD_SHOW_MISC) != 0)
7396 			printf("%s: WRTBIASCTL now 0x%x\n", ahd_name(ahd),
7397 			       WRTBIASCTL_HP_DEFAULT);
7398 #endif
7399 	}
7400 	ahd_setup_iocell_workaround(ahd);
7401 
7402 	/*
7403 	 * Enable LQI Manager interrupts.
7404 	 */
7405 	ahd_outb(ahd, LQIMODE1, ENLQIPHASE_LQ|ENLQIPHASE_NLQ|ENLIQABORT
7406 			      | ENLQICRCI_LQ|ENLQICRCI_NLQ|ENLQIBADLQI
7407 			      | ENLQIOVERI_LQ|ENLQIOVERI_NLQ);
7408 	ahd_outb(ahd, LQOMODE0, ENLQOATNLQ|ENLQOATNPKT|ENLQOTCRC);
7409 	/*
7410 	 * We choose to have the sequencer catch LQOPHCHGINPKT errors
7411 	 * manually for the command phase at the start of a packetized
7412 	 * selection case.  ENLQOBUSFREE should be made redundant by
7413 	 * the BUSFREE interrupt, but it seems that some LQOBUSFREE
7414 	 * events fail to assert the BUSFREE interrupt so we must
7415 	 * also enable LQOBUSFREE interrupts.
7416 	 */
7417 	ahd_outb(ahd, LQOMODE1, ENLQOBUSFREE);
7418 
7419 	/*
7420 	 * Setup sequencer interrupt handlers.
7421 	 */
7422 	ahd_outw(ahd, INTVEC1_ADDR, ahd_resolve_seqaddr(ahd, LABEL_seq_isr));
7423 	ahd_outw(ahd, INTVEC2_ADDR, ahd_resolve_seqaddr(ahd, LABEL_timer_isr));
7424 
7425 	/*
7426 	 * Setup SCB Offset registers.
7427 	 */
7428 	if ((ahd->bugs & AHD_PKT_LUN_BUG) != 0) {
7429 		ahd_outb(ahd, LUNPTR, offsetof(struct hardware_scb,
7430 			 pkt_long_lun));
7431 	} else {
7432 		ahd_outb(ahd, LUNPTR, offsetof(struct hardware_scb, lun));
7433 	}
7434 	ahd_outb(ahd, CMDLENPTR, offsetof(struct hardware_scb, cdb_len));
7435 	ahd_outb(ahd, ATTRPTR, offsetof(struct hardware_scb, task_attribute));
7436 	ahd_outb(ahd, FLAGPTR, offsetof(struct hardware_scb, task_management));
7437 	ahd_outb(ahd, CMDPTR, offsetof(struct hardware_scb,
7438 				       shared_data.idata.cdb));
7439 	ahd_outb(ahd, QNEXTPTR,
7440 		 offsetof(struct hardware_scb, next_hscb_busaddr));
7441 	ahd_outb(ahd, ABRTBITPTR, MK_MESSAGE_BIT_OFFSET);
7442 	ahd_outb(ahd, ABRTBYTEPTR, offsetof(struct hardware_scb, control));
7443 	if ((ahd->bugs & AHD_PKT_LUN_BUG) != 0) {
7444 		ahd_outb(ahd, LUNLEN,
7445 			 sizeof(ahd->next_queued_hscb->pkt_long_lun) - 1);
7446 	} else {
7447 		ahd_outb(ahd, LUNLEN, LUNLEN_SINGLE_LEVEL_LUN);
7448 	}
7449 	ahd_outb(ahd, CDBLIMIT, SCB_CDB_LEN_PTR - 1);
7450 	ahd_outb(ahd, MAXCMD, 0xFF);
7451 	ahd_outb(ahd, SCBAUTOPTR,
7452 		 AUSCBPTR_EN | offsetof(struct hardware_scb, tag));
7453 
7454 	/* We haven't been enabled for target mode yet. */
7455 	ahd_outb(ahd, MULTARGID, 0);
7456 	ahd_outb(ahd, MULTARGID + 1, 0);
7457 
7458 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
7459 	/* Initialize the negotiation table. */
7460 	if ((ahd->features & AHD_NEW_IOCELL_OPTS) == 0) {
7461 		/*
7462 		 * Clear the spare bytes in the neg table to avoid
7463 		 * spurious parity errors.
7464 		 */
7465 		for (target = 0; target < AHD_NUM_TARGETS; target++) {
7466 			ahd_outb(ahd, NEGOADDR, target);
7467 			ahd_outb(ahd, ANNEXCOL, AHD_ANNEXCOL_PER_DEV0);
7468 			for (i = 0; i < AHD_NUM_PER_DEV_ANNEXCOLS; i++)
7469 				ahd_outb(ahd, ANNEXDAT, 0);
7470 		}
7471 	}
7472 	for (target = 0; target < AHD_NUM_TARGETS; target++) {
7473 		struct	 ahd_devinfo devinfo;
7474 		struct	 ahd_initiator_tinfo *tinfo;
7475 		struct	 ahd_tmode_tstate *tstate;
7476 
7477 		tinfo = ahd_fetch_transinfo(ahd, 'A', ahd->our_id,
7478 					    target, &tstate);
7479 		ahd_compile_devinfo(&devinfo, ahd->our_id,
7480 				    target, CAM_LUN_WILDCARD,
7481 				    'A', ROLE_INITIATOR);
7482 		ahd_update_neg_table(ahd, &devinfo, &tinfo->curr);
7483 	}
7484 
7485 	ahd_outb(ahd, CLRSINT3, NTRAMPERR|OSRAMPERR);
7486 	ahd_outb(ahd, CLRINT, CLRSCSIINT);
7487 
7488 #ifdef NEEDS_MORE_TESTING
7489 	/*
7490 	 * Always enable abort on incoming L_Qs if this feature is
7491 	 * supported.  We use this to catch invalid SCB references.
7492 	 */
7493 	if ((ahd->bugs & AHD_ABORT_LQI_BUG) == 0)
7494 		ahd_outb(ahd, LQCTL1, ABORTPENDING);
7495 	else
7496 #endif
7497 		ahd_outb(ahd, LQCTL1, 0);
7498 
7499 	/* All of our queues are empty */
7500 	ahd->qoutfifonext = 0;
7501 	ahd->qoutfifonext_valid_tag = QOUTFIFO_ENTRY_VALID;
7502 	ahd_outb(ahd, QOUTFIFO_ENTRY_VALID_TAG, QOUTFIFO_ENTRY_VALID);
7503 	for (i = 0; i < AHD_QOUT_SIZE; i++)
7504 		ahd->qoutfifo[i].valid_tag = 0;
7505 	ahd_sync_qoutfifo(ahd, BUS_DMASYNC_PREREAD);
7506 
7507 	ahd->qinfifonext = 0;
7508 	for (i = 0; i < AHD_QIN_SIZE; i++)
7509 		ahd->qinfifo[i] = SCB_LIST_NULL;
7510 
7511 	if ((ahd->features & AHD_TARGETMODE) != 0) {
7512 		/* All target command blocks start out invalid. */
7513 		for (i = 0; i < AHD_TMODE_CMDS; i++)
7514 			ahd->targetcmds[i].cmd_valid = 0;
7515 		ahd_sync_tqinfifo(ahd, BUS_DMASYNC_PREREAD);
7516 		ahd->tqinfifonext = 1;
7517 		ahd_outb(ahd, KERNEL_TQINPOS, ahd->tqinfifonext - 1);
7518 		ahd_outb(ahd, TQINPOS, ahd->tqinfifonext);
7519 	}
7520 
7521 	/* Initialize Scratch Ram. */
7522 	ahd_outb(ahd, SEQ_FLAGS, 0);
7523 	ahd_outb(ahd, SEQ_FLAGS2, 0);
7524 
7525 	/* We don't have any waiting selections */
7526 	ahd_outw(ahd, WAITING_TID_HEAD, SCB_LIST_NULL);
7527 	ahd_outw(ahd, WAITING_TID_TAIL, SCB_LIST_NULL);
7528 	ahd_outw(ahd, MK_MESSAGE_SCB, SCB_LIST_NULL);
7529 	ahd_outw(ahd, MK_MESSAGE_SCSIID, 0xFF);
7530 	for (i = 0; i < AHD_NUM_TARGETS; i++)
7531 		ahd_outw(ahd, WAITING_SCB_TAILS + (2 * i), SCB_LIST_NULL);
7532 
7533 	/*
7534 	 * Nobody is waiting to be DMAed into the QOUTFIFO.
7535 	 */
7536 	ahd_outw(ahd, COMPLETE_SCB_HEAD, SCB_LIST_NULL);
7537 	ahd_outw(ahd, COMPLETE_SCB_DMAINPROG_HEAD, SCB_LIST_NULL);
7538 	ahd_outw(ahd, COMPLETE_DMA_SCB_HEAD, SCB_LIST_NULL);
7539 	ahd_outw(ahd, COMPLETE_DMA_SCB_TAIL, SCB_LIST_NULL);
7540 	ahd_outw(ahd, COMPLETE_ON_QFREEZE_HEAD, SCB_LIST_NULL);
7541 
7542 	/*
7543 	 * The Freeze Count is 0.
7544 	 */
7545 	ahd->qfreeze_cnt = 0;
7546 	ahd_outw(ahd, QFREEZE_COUNT, 0);
7547 	ahd_outw(ahd, KERNEL_QFREEZE_COUNT, 0);
7548 
7549 	/*
7550 	 * Tell the sequencer where it can find our arrays in memory.
7551 	 */
7552 	busaddr = ahd->shared_data_map.physaddr;
7553 	ahd_outl(ahd, SHARED_DATA_ADDR, busaddr);
7554 	ahd_outl(ahd, QOUTFIFO_NEXT_ADDR, busaddr);
7555 
7556 	/*
7557 	 * Setup the allowed SCSI Sequences based on operational mode.
7558 	 * If we are a target, we'll enable select in operations once
7559 	 * we've had a lun enabled.
7560 	 */
7561 	scsiseq_template = ENAUTOATNP;
7562 	if ((ahd->flags & AHD_INITIATORROLE) != 0)
7563 		scsiseq_template |= ENRSELI;
7564 	ahd_outb(ahd, SCSISEQ_TEMPLATE, scsiseq_template);
7565 
7566 	/* There are no busy SCBs yet. */
7567 	for (target = 0; target < AHD_NUM_TARGETS; target++) {
7568 		int lun;
7569 
7570 		for (lun = 0; lun < AHD_NUM_LUNS_NONPKT; lun++)
7571 			ahd_unbusy_tcl(ahd, BUILD_TCL_RAW(target, 'A', lun));
7572 	}
7573 
7574 	/*
7575 	 * Initialize the group code to command length table.
7576 	 * Vendor Unique codes are set to 0 so we only capture
7577 	 * the first byte of the cdb.  These can be overridden
7578 	 * when target mode is enabled.
7579 	 */
7580 	ahd_outb(ahd, CMDSIZE_TABLE, 5);
7581 	ahd_outb(ahd, CMDSIZE_TABLE + 1, 9);
7582 	ahd_outb(ahd, CMDSIZE_TABLE + 2, 9);
7583 	ahd_outb(ahd, CMDSIZE_TABLE + 3, 0);
7584 	ahd_outb(ahd, CMDSIZE_TABLE + 4, 15);
7585 	ahd_outb(ahd, CMDSIZE_TABLE + 5, 11);
7586 	ahd_outb(ahd, CMDSIZE_TABLE + 6, 0);
7587 	ahd_outb(ahd, CMDSIZE_TABLE + 7, 0);
7588 
7589 	/* Tell the sequencer of our initial queue positions */
7590 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
7591 	ahd_outb(ahd, QOFF_CTLSTA, SCB_QSIZE_512);
7592 	ahd->qinfifonext = 0;
7593 	ahd_set_hnscb_qoff(ahd, ahd->qinfifonext);
7594 	ahd_set_hescb_qoff(ahd, 0);
7595 	ahd_set_snscb_qoff(ahd, 0);
7596 	ahd_set_sescb_qoff(ahd, 0);
7597 	ahd_set_sdscb_qoff(ahd, 0);
7598 
7599 	/*
7600 	 * Tell the sequencer which SCB will be the next one it receives.
7601 	 */
7602 	busaddr = ahd_le32toh(ahd->next_queued_hscb->hscb_busaddr);
7603 	ahd_outl(ahd, NEXT_QUEUED_SCB_ADDR, busaddr);
7604 
7605 	/*
7606 	 * Default to coalescing disabled.
7607 	 */
7608 	ahd_outw(ahd, INT_COALESCING_CMDCOUNT, 0);
7609 	ahd_outw(ahd, CMDS_PENDING, 0);
7610 	ahd_update_coalescing_values(ahd, ahd->int_coalescing_timer,
7611 				     ahd->int_coalescing_maxcmds,
7612 				     ahd->int_coalescing_mincmds);
7613 	ahd_enable_coalescing(ahd, FALSE);
7614 
7615 	ahd_loadseq(ahd);
7616 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
7617 
7618 	if (ahd->features & AHD_AIC79XXB_SLOWCRC) {
7619 		u_int negodat3 = ahd_inb(ahd, NEGCONOPTS);
7620 
7621 		negodat3 |= ENSLOWCRC;
7622 		ahd_outb(ahd, NEGCONOPTS, negodat3);
7623 		negodat3 = ahd_inb(ahd, NEGCONOPTS);
7624 		if (!(negodat3 & ENSLOWCRC))
7625 			printf("aic79xx: failed to set the SLOWCRC bit\n");
7626 		else
7627 			printf("aic79xx: SLOWCRC bit set\n");
7628 	}
7629 }
7630 
7631 /*
7632  * Setup default device and controller settings.
7633  * This should only be called if our probe has
7634  * determined that no configuration data is available.
7635  */
7636 int
7637 ahd_default_config(struct ahd_softc *ahd)
7638 {
7639 	int	targ;
7640 
7641 	ahd->our_id = 7;
7642 
7643 	/*
7644 	 * Allocate a tstate to house information for our
7645 	 * initiator presence on the bus as well as the user
7646 	 * data for any target mode initiator.
7647 	 */
7648 	if (ahd_alloc_tstate(ahd, ahd->our_id, 'A') == NULL) {
7649 		printf("%s: unable to allocate ahd_tmode_tstate.  "
7650 		       "Failing attach\n", ahd_name(ahd));
7651 		return (ENOMEM);
7652 	}
7653 
7654 	for (targ = 0; targ < AHD_NUM_TARGETS; targ++) {
7655 		struct	 ahd_devinfo devinfo;
7656 		struct	 ahd_initiator_tinfo *tinfo;
7657 		struct	 ahd_tmode_tstate *tstate;
7658 		uint16_t target_mask;
7659 
7660 		tinfo = ahd_fetch_transinfo(ahd, 'A', ahd->our_id,
7661 					    targ, &tstate);
7662 		/*
7663 		 * We support SPC2 and SPI4.
7664 		 */
7665 		tinfo->user.protocol_version = 4;
7666 		tinfo->user.transport_version = 4;
7667 
7668 		target_mask = 0x01 << targ;
7669 		ahd->user_discenable |= target_mask;
7670 		tstate->discenable |= target_mask;
7671 		ahd->user_tagenable |= target_mask;
7672 #ifdef AHD_FORCE_160
7673 		tinfo->user.period = AHD_SYNCRATE_DT;
7674 #else
7675 		tinfo->user.period = AHD_SYNCRATE_160;
7676 #endif
7677 		tinfo->user.offset = MAX_OFFSET;
7678 		tinfo->user.ppr_options = MSG_EXT_PPR_RD_STRM
7679 					| MSG_EXT_PPR_WR_FLOW
7680 					| MSG_EXT_PPR_HOLD_MCS
7681 					| MSG_EXT_PPR_IU_REQ
7682 					| MSG_EXT_PPR_QAS_REQ
7683 					| MSG_EXT_PPR_DT_REQ;
7684 		if ((ahd->features & AHD_RTI) != 0)
7685 			tinfo->user.ppr_options |= MSG_EXT_PPR_RTI;
7686 
7687 		tinfo->user.width = MSG_EXT_WDTR_BUS_16_BIT;
7688 
7689 		/*
7690 		 * Start out Async/Narrow/Untagged and with
7691 		 * conservative protocol support.
7692 		 */
7693 		tinfo->goal.protocol_version = 2;
7694 		tinfo->goal.transport_version = 2;
7695 		tinfo->curr.protocol_version = 2;
7696 		tinfo->curr.transport_version = 2;
7697 		ahd_compile_devinfo(&devinfo, ahd->our_id,
7698 				    targ, CAM_LUN_WILDCARD,
7699 				    'A', ROLE_INITIATOR);
7700 		tstate->tagenable &= ~target_mask;
7701 		ahd_set_width(ahd, &devinfo, MSG_EXT_WDTR_BUS_8_BIT,
7702 			      AHD_TRANS_CUR|AHD_TRANS_GOAL, /*paused*/TRUE);
7703 		ahd_set_syncrate(ahd, &devinfo, /*period*/0, /*offset*/0,
7704 				 /*ppr_options*/0, AHD_TRANS_CUR|AHD_TRANS_GOAL,
7705 				 /*paused*/TRUE);
7706 	}
7707 	return (0);
7708 }
7709 
7710 /*
7711  * Parse device configuration information.
7712  */
7713 int
7714 ahd_parse_cfgdata(struct ahd_softc *ahd, struct seeprom_config *sc)
7715 {
7716 	int targ;
7717 	int max_targ;
7718 
7719 	max_targ = sc->max_targets & CFMAXTARG;
7720 	ahd->our_id = sc->brtime_id & CFSCSIID;
7721 
7722 	/*
7723 	 * Allocate a tstate to house information for our
7724 	 * initiator presence on the bus as well as the user
7725 	 * data for any target mode initiator.
7726 	 */
7727 	if (ahd_alloc_tstate(ahd, ahd->our_id, 'A') == NULL) {
7728 		printf("%s: unable to allocate ahd_tmode_tstate.  "
7729 		       "Failing attach\n", ahd_name(ahd));
7730 		return (ENOMEM);
7731 	}
7732 
7733 	for (targ = 0; targ < max_targ; targ++) {
7734 		struct	 ahd_devinfo devinfo;
7735 		struct	 ahd_initiator_tinfo *tinfo;
7736 		struct	 ahd_transinfo *user_tinfo;
7737 		struct	 ahd_tmode_tstate *tstate;
7738 		uint16_t target_mask;
7739 
7740 		tinfo = ahd_fetch_transinfo(ahd, 'A', ahd->our_id,
7741 					    targ, &tstate);
7742 		user_tinfo = &tinfo->user;
7743 
7744 		/*
7745 		 * We support SPC2 and SPI4.
7746 		 */
7747 		tinfo->user.protocol_version = 4;
7748 		tinfo->user.transport_version = 4;
7749 
7750 		target_mask = 0x01 << targ;
7751 		ahd->user_discenable &= ~target_mask;
7752 		tstate->discenable &= ~target_mask;
7753 		ahd->user_tagenable &= ~target_mask;
7754 		if (sc->device_flags[targ] & CFDISC) {
7755 			tstate->discenable |= target_mask;
7756 			ahd->user_discenable |= target_mask;
7757 			ahd->user_tagenable |= target_mask;
7758 		} else {
7759 			/*
7760 			 * Cannot be packetized without disconnection.
7761 			 */
7762 			sc->device_flags[targ] &= ~CFPACKETIZED;
7763 		}
7764 
7765 		user_tinfo->ppr_options = 0;
7766 		user_tinfo->period = (sc->device_flags[targ] & CFXFER);
7767 		if (user_tinfo->period < CFXFER_ASYNC) {
7768 			if (user_tinfo->period <= AHD_PERIOD_10MHz)
7769 				user_tinfo->ppr_options |= MSG_EXT_PPR_DT_REQ;
7770 			user_tinfo->offset = MAX_OFFSET;
7771 		} else  {
7772 			user_tinfo->offset = 0;
7773 			user_tinfo->period = AHD_ASYNC_XFER_PERIOD;
7774 		}
7775 #ifdef AHD_FORCE_160
7776 		if (user_tinfo->period <= AHD_SYNCRATE_160)
7777 			user_tinfo->period = AHD_SYNCRATE_DT;
7778 #endif
7779 
7780 		if ((sc->device_flags[targ] & CFPACKETIZED) != 0) {
7781 			user_tinfo->ppr_options |= MSG_EXT_PPR_RD_STRM
7782 						|  MSG_EXT_PPR_WR_FLOW
7783 						|  MSG_EXT_PPR_HOLD_MCS
7784 						|  MSG_EXT_PPR_IU_REQ;
7785 			if ((ahd->features & AHD_RTI) != 0)
7786 				user_tinfo->ppr_options |= MSG_EXT_PPR_RTI;
7787 		}
7788 
7789 		if ((sc->device_flags[targ] & CFQAS) != 0)
7790 			user_tinfo->ppr_options |= MSG_EXT_PPR_QAS_REQ;
7791 
7792 		if ((sc->device_flags[targ] & CFWIDEB) != 0)
7793 			user_tinfo->width = MSG_EXT_WDTR_BUS_16_BIT;
7794 		else
7795 			user_tinfo->width = MSG_EXT_WDTR_BUS_8_BIT;
7796 #ifdef AHD_DEBUG
7797 		if ((ahd_debug & AHD_SHOW_MISC) != 0)
7798 			printf("(%d): %x:%x:%x:%x\n", targ, user_tinfo->width,
7799 			       user_tinfo->period, user_tinfo->offset,
7800 			       user_tinfo->ppr_options);
7801 #endif
7802 		/*
7803 		 * Start out Async/Narrow/Untagged and with
7804 		 * conservative protocol support.
7805 		 */
7806 		tstate->tagenable &= ~target_mask;
7807 		tinfo->goal.protocol_version = 2;
7808 		tinfo->goal.transport_version = 2;
7809 		tinfo->curr.protocol_version = 2;
7810 		tinfo->curr.transport_version = 2;
7811 		ahd_compile_devinfo(&devinfo, ahd->our_id,
7812 				    targ, CAM_LUN_WILDCARD,
7813 				    'A', ROLE_INITIATOR);
7814 		ahd_set_width(ahd, &devinfo, MSG_EXT_WDTR_BUS_8_BIT,
7815 			      AHD_TRANS_CUR|AHD_TRANS_GOAL, /*paused*/TRUE);
7816 		ahd_set_syncrate(ahd, &devinfo, /*period*/0, /*offset*/0,
7817 				 /*ppr_options*/0, AHD_TRANS_CUR|AHD_TRANS_GOAL,
7818 				 /*paused*/TRUE);
7819 	}
7820 
7821 	ahd->flags &= ~AHD_SPCHK_ENB_A;
7822 	if (sc->bios_control & CFSPARITY)
7823 		ahd->flags |= AHD_SPCHK_ENB_A;
7824 
7825 	ahd->flags &= ~AHD_RESET_BUS_A;
7826 	if (sc->bios_control & CFRESETB)
7827 		ahd->flags |= AHD_RESET_BUS_A;
7828 
7829 	ahd->flags &= ~AHD_EXTENDED_TRANS_A;
7830 	if (sc->bios_control & CFEXTEND)
7831 		ahd->flags |= AHD_EXTENDED_TRANS_A;
7832 
7833 	ahd->flags &= ~AHD_BIOS_ENABLED;
7834 	if ((sc->bios_control & CFBIOSSTATE) == CFBS_ENABLED)
7835 		ahd->flags |= AHD_BIOS_ENABLED;
7836 
7837 	ahd->flags &= ~AHD_STPWLEVEL_A;
7838 	if ((sc->adapter_control & CFSTPWLEVEL) != 0)
7839 		ahd->flags |= AHD_STPWLEVEL_A;
7840 
7841 	return (0);
7842 }
7843 
7844 /*
7845  * Parse device configuration information.
7846  */
7847 int
7848 ahd_parse_vpddata(struct ahd_softc *ahd, struct vpd_config *vpd)
7849 {
7850 	int error;
7851 
7852 	error = ahd_verify_vpd_cksum(vpd);
7853 	if (error == 0)
7854 		return (EINVAL);
7855 	if ((vpd->bios_flags & VPDBOOTHOST) != 0)
7856 		ahd->flags |= AHD_BOOT_CHANNEL;
7857 	return (0);
7858 }
7859 
7860 void
7861 ahd_intr_enable(struct ahd_softc *ahd, int enable)
7862 {
7863 	u_int hcntrl;
7864 
7865 	hcntrl = ahd_inb(ahd, HCNTRL);
7866 	hcntrl &= ~INTEN;
7867 	ahd->pause &= ~INTEN;
7868 	ahd->unpause &= ~INTEN;
7869 	if (enable) {
7870 		hcntrl |= INTEN;
7871 		ahd->pause |= INTEN;
7872 		ahd->unpause |= INTEN;
7873 	}
7874 	ahd_outb(ahd, HCNTRL, hcntrl);
7875 }
7876 
7877 static void
7878 ahd_update_coalescing_values(struct ahd_softc *ahd, u_int timer, u_int maxcmds,
7879 			     u_int mincmds)
7880 {
7881 	if (timer > AHD_TIMER_MAX_US)
7882 		timer = AHD_TIMER_MAX_US;
7883 	ahd->int_coalescing_timer = timer;
7884 
7885 	if (maxcmds > AHD_INT_COALESCING_MAXCMDS_MAX)
7886 		maxcmds = AHD_INT_COALESCING_MAXCMDS_MAX;
7887 	if (mincmds > AHD_INT_COALESCING_MINCMDS_MAX)
7888 		mincmds = AHD_INT_COALESCING_MINCMDS_MAX;
7889 	ahd->int_coalescing_maxcmds = maxcmds;
7890 	ahd_outw(ahd, INT_COALESCING_TIMER, timer / AHD_TIMER_US_PER_TICK);
7891 	ahd_outb(ahd, INT_COALESCING_MAXCMDS, -maxcmds);
7892 	ahd_outb(ahd, INT_COALESCING_MINCMDS, -mincmds);
7893 }
7894 
7895 static void
7896 ahd_enable_coalescing(struct ahd_softc *ahd, int enable)
7897 {
7898 
7899 	ahd->hs_mailbox &= ~ENINT_COALESCE;
7900 	if (enable)
7901 		ahd->hs_mailbox |= ENINT_COALESCE;
7902 	ahd_outb(ahd, HS_MAILBOX, ahd->hs_mailbox);
7903 	ahd_flush_device_writes(ahd);
7904 	ahd_run_qoutfifo(ahd);
7905 }
7906 
7907 /*
7908  * Ensure that the card is paused in a location
7909  * outside of all critical sections and that all
7910  * pending work is completed prior to returning.
7911  * This routine should only be called from outside
7912  * an interrupt context.
7913  */
7914 void
7915 ahd_pause_and_flushwork(struct ahd_softc *ahd)
7916 {
7917 	u_int intstat;
7918 	u_int maxloops;
7919 
7920 	maxloops = 1000;
7921 	ahd->flags |= AHD_ALL_INTERRUPTS;
7922 	ahd_pause(ahd);
7923 	/*
7924 	 * Freeze the outgoing selections.  We do this only
7925 	 * until we are safely paused without further selections
7926 	 * pending.
7927 	 */
7928 	ahd->qfreeze_cnt--;
7929 	ahd_outw(ahd, KERNEL_QFREEZE_COUNT, ahd->qfreeze_cnt);
7930 	ahd_outb(ahd, SEQ_FLAGS2, ahd_inb(ahd, SEQ_FLAGS2) | SELECTOUT_QFROZEN);
7931 	do {
7932 
7933 		ahd_unpause(ahd);
7934 		/*
7935 		 * Give the sequencer some time to service
7936 		 * any active selections.
7937 		 */
7938 		ahd_delay(500);
7939 
7940 		ahd_intr(ahd);
7941 		ahd_pause(ahd);
7942 		intstat = ahd_inb(ahd, INTSTAT);
7943 		if ((intstat & INT_PEND) == 0) {
7944 			ahd_clear_critical_section(ahd);
7945 			intstat = ahd_inb(ahd, INTSTAT);
7946 		}
7947 	} while (--maxloops
7948 	      && (intstat != 0xFF || (ahd->features & AHD_REMOVABLE) == 0)
7949 	      && ((intstat & INT_PEND) != 0
7950 	       || (ahd_inb(ahd, SCSISEQ0) & ENSELO) != 0
7951 	       || (ahd_inb(ahd, SSTAT0) & (SELDO|SELINGO)) != 0));
7952 
7953 	if (maxloops == 0) {
7954 		printf("Infinite interrupt loop, INTSTAT = %x",
7955 		      ahd_inb(ahd, INTSTAT));
7956 	}
7957 	ahd->qfreeze_cnt++;
7958 	ahd_outw(ahd, KERNEL_QFREEZE_COUNT, ahd->qfreeze_cnt);
7959 
7960 	ahd_flush_qoutfifo(ahd);
7961 
7962 	ahd->flags &= ~AHD_ALL_INTERRUPTS;
7963 }
7964 
7965 #ifdef CONFIG_PM
7966 int
7967 ahd_suspend(struct ahd_softc *ahd)
7968 {
7969 
7970 	ahd_pause_and_flushwork(ahd);
7971 
7972 	if (LIST_FIRST(&ahd->pending_scbs) != NULL) {
7973 		ahd_unpause(ahd);
7974 		return (EBUSY);
7975 	}
7976 	ahd_shutdown(ahd);
7977 	return (0);
7978 }
7979 
7980 void
7981 ahd_resume(struct ahd_softc *ahd)
7982 {
7983 
7984 	ahd_reset(ahd, /*reinit*/TRUE);
7985 	ahd_intr_enable(ahd, TRUE);
7986 	ahd_restart(ahd);
7987 }
7988 #endif
7989 
7990 /************************** Busy Target Table *********************************/
7991 /*
7992  * Set SCBPTR to the SCB that contains the busy
7993  * table entry for TCL.  Return the offset into
7994  * the SCB that contains the entry for TCL.
7995  * saved_scbid is dereferenced and set to the
7996  * scbid that should be restored once manipualtion
7997  * of the TCL entry is complete.
7998  */
7999 static inline u_int
8000 ahd_index_busy_tcl(struct ahd_softc *ahd, u_int *saved_scbid, u_int tcl)
8001 {
8002 	/*
8003 	 * Index to the SCB that contains the busy entry.
8004 	 */
8005 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
8006 	*saved_scbid = ahd_get_scbptr(ahd);
8007 	ahd_set_scbptr(ahd, TCL_LUN(tcl)
8008 		     | ((TCL_TARGET_OFFSET(tcl) & 0xC) << 4));
8009 
8010 	/*
8011 	 * And now calculate the SCB offset to the entry.
8012 	 * Each entry is 2 bytes wide, hence the
8013 	 * multiplication by 2.
8014 	 */
8015 	return (((TCL_TARGET_OFFSET(tcl) & 0x3) << 1) + SCB_DISCONNECTED_LISTS);
8016 }
8017 
8018 /*
8019  * Return the untagged transaction id for a given target/channel lun.
8020  */
8021 static u_int
8022 ahd_find_busy_tcl(struct ahd_softc *ahd, u_int tcl)
8023 {
8024 	u_int scbid;
8025 	u_int scb_offset;
8026 	u_int saved_scbptr;
8027 
8028 	scb_offset = ahd_index_busy_tcl(ahd, &saved_scbptr, tcl);
8029 	scbid = ahd_inw_scbram(ahd, scb_offset);
8030 	ahd_set_scbptr(ahd, saved_scbptr);
8031 	return (scbid);
8032 }
8033 
8034 static void
8035 ahd_busy_tcl(struct ahd_softc *ahd, u_int tcl, u_int scbid)
8036 {
8037 	u_int scb_offset;
8038 	u_int saved_scbptr;
8039 
8040 	scb_offset = ahd_index_busy_tcl(ahd, &saved_scbptr, tcl);
8041 	ahd_outw(ahd, scb_offset, scbid);
8042 	ahd_set_scbptr(ahd, saved_scbptr);
8043 }
8044 
8045 /************************** SCB and SCB queue management **********************/
8046 static int
8047 ahd_match_scb(struct ahd_softc *ahd, struct scb *scb, int target,
8048 	      char channel, int lun, u_int tag, role_t role)
8049 {
8050 	int targ = SCB_GET_TARGET(ahd, scb);
8051 	char chan = SCB_GET_CHANNEL(ahd, scb);
8052 	int slun = SCB_GET_LUN(scb);
8053 	int match;
8054 
8055 	match = ((chan == channel) || (channel == ALL_CHANNELS));
8056 	if (match != 0)
8057 		match = ((targ == target) || (target == CAM_TARGET_WILDCARD));
8058 	if (match != 0)
8059 		match = ((lun == slun) || (lun == CAM_LUN_WILDCARD));
8060 	if (match != 0) {
8061 #ifdef AHD_TARGET_MODE
8062 		int group;
8063 
8064 		group = XPT_FC_GROUP(scb->io_ctx->ccb_h.func_code);
8065 		if (role == ROLE_INITIATOR) {
8066 			match = (group != XPT_FC_GROUP_TMODE)
8067 			      && ((tag == SCB_GET_TAG(scb))
8068 			       || (tag == SCB_LIST_NULL));
8069 		} else if (role == ROLE_TARGET) {
8070 			match = (group == XPT_FC_GROUP_TMODE)
8071 			      && ((tag == scb->io_ctx->csio.tag_id)
8072 			       || (tag == SCB_LIST_NULL));
8073 		}
8074 #else /* !AHD_TARGET_MODE */
8075 		match = ((tag == SCB_GET_TAG(scb)) || (tag == SCB_LIST_NULL));
8076 #endif /* AHD_TARGET_MODE */
8077 	}
8078 
8079 	return match;
8080 }
8081 
8082 static void
8083 ahd_freeze_devq(struct ahd_softc *ahd, struct scb *scb)
8084 {
8085 	int	target;
8086 	char	channel;
8087 	int	lun;
8088 
8089 	target = SCB_GET_TARGET(ahd, scb);
8090 	lun = SCB_GET_LUN(scb);
8091 	channel = SCB_GET_CHANNEL(ahd, scb);
8092 
8093 	ahd_search_qinfifo(ahd, target, channel, lun,
8094 			   /*tag*/SCB_LIST_NULL, ROLE_UNKNOWN,
8095 			   CAM_REQUEUE_REQ, SEARCH_COMPLETE);
8096 
8097 	ahd_platform_freeze_devq(ahd, scb);
8098 }
8099 
8100 void
8101 ahd_qinfifo_requeue_tail(struct ahd_softc *ahd, struct scb *scb)
8102 {
8103 	struct scb	*prev_scb;
8104 	ahd_mode_state	 saved_modes;
8105 
8106 	saved_modes = ahd_save_modes(ahd);
8107 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
8108 	prev_scb = NULL;
8109 	if (ahd_qinfifo_count(ahd) != 0) {
8110 		u_int prev_tag;
8111 		u_int prev_pos;
8112 
8113 		prev_pos = AHD_QIN_WRAP(ahd->qinfifonext - 1);
8114 		prev_tag = ahd->qinfifo[prev_pos];
8115 		prev_scb = ahd_lookup_scb(ahd, prev_tag);
8116 	}
8117 	ahd_qinfifo_requeue(ahd, prev_scb, scb);
8118 	ahd_set_hnscb_qoff(ahd, ahd->qinfifonext);
8119 	ahd_restore_modes(ahd, saved_modes);
8120 }
8121 
8122 static void
8123 ahd_qinfifo_requeue(struct ahd_softc *ahd, struct scb *prev_scb,
8124 		    struct scb *scb)
8125 {
8126 	if (prev_scb == NULL) {
8127 		uint32_t busaddr;
8128 
8129 		busaddr = ahd_le32toh(scb->hscb->hscb_busaddr);
8130 		ahd_outl(ahd, NEXT_QUEUED_SCB_ADDR, busaddr);
8131 	} else {
8132 		prev_scb->hscb->next_hscb_busaddr = scb->hscb->hscb_busaddr;
8133 		ahd_sync_scb(ahd, prev_scb,
8134 			     BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE);
8135 	}
8136 	ahd->qinfifo[AHD_QIN_WRAP(ahd->qinfifonext)] = SCB_GET_TAG(scb);
8137 	ahd->qinfifonext++;
8138 	scb->hscb->next_hscb_busaddr = ahd->next_queued_hscb->hscb_busaddr;
8139 	ahd_sync_scb(ahd, scb, BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE);
8140 }
8141 
8142 static int
8143 ahd_qinfifo_count(struct ahd_softc *ahd)
8144 {
8145 	u_int qinpos;
8146 	u_int wrap_qinpos;
8147 	u_int wrap_qinfifonext;
8148 
8149 	AHD_ASSERT_MODES(ahd, AHD_MODE_CCHAN_MSK, AHD_MODE_CCHAN_MSK);
8150 	qinpos = ahd_get_snscb_qoff(ahd);
8151 	wrap_qinpos = AHD_QIN_WRAP(qinpos);
8152 	wrap_qinfifonext = AHD_QIN_WRAP(ahd->qinfifonext);
8153 	if (wrap_qinfifonext >= wrap_qinpos)
8154 		return (wrap_qinfifonext - wrap_qinpos);
8155 	else
8156 		return (wrap_qinfifonext
8157 		      + ARRAY_SIZE(ahd->qinfifo) - wrap_qinpos);
8158 }
8159 
8160 static void
8161 ahd_reset_cmds_pending(struct ahd_softc *ahd)
8162 {
8163 	struct		scb *scb;
8164 	ahd_mode_state	saved_modes;
8165 	u_int		pending_cmds;
8166 
8167 	saved_modes = ahd_save_modes(ahd);
8168 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
8169 
8170 	/*
8171 	 * Don't count any commands as outstanding that the
8172 	 * sequencer has already marked for completion.
8173 	 */
8174 	ahd_flush_qoutfifo(ahd);
8175 
8176 	pending_cmds = 0;
8177 	LIST_FOREACH(scb, &ahd->pending_scbs, pending_links) {
8178 		pending_cmds++;
8179 	}
8180 	ahd_outw(ahd, CMDS_PENDING, pending_cmds - ahd_qinfifo_count(ahd));
8181 	ahd_restore_modes(ahd, saved_modes);
8182 	ahd->flags &= ~AHD_UPDATE_PEND_CMDS;
8183 }
8184 
8185 static void
8186 ahd_done_with_status(struct ahd_softc *ahd, struct scb *scb, uint32_t status)
8187 {
8188 	cam_status ostat;
8189 	cam_status cstat;
8190 
8191 	ostat = ahd_get_transaction_status(scb);
8192 	if (ostat == CAM_REQ_INPROG)
8193 		ahd_set_transaction_status(scb, status);
8194 	cstat = ahd_get_transaction_status(scb);
8195 	if (cstat != CAM_REQ_CMP)
8196 		ahd_freeze_scb(scb);
8197 	ahd_done(ahd, scb);
8198 }
8199 
8200 int
8201 ahd_search_qinfifo(struct ahd_softc *ahd, int target, char channel,
8202 		   int lun, u_int tag, role_t role, uint32_t status,
8203 		   ahd_search_action action)
8204 {
8205 	struct scb	*scb;
8206 	struct scb	*mk_msg_scb;
8207 	struct scb	*prev_scb;
8208 	ahd_mode_state	 saved_modes;
8209 	u_int		 qinstart;
8210 	u_int		 qinpos;
8211 	u_int		 qintail;
8212 	u_int		 tid_next;
8213 	u_int		 tid_prev;
8214 	u_int		 scbid;
8215 	u_int		 seq_flags2;
8216 	u_int		 savedscbptr;
8217 	uint32_t	 busaddr;
8218 	int		 found;
8219 	int		 targets;
8220 
8221 	/* Must be in CCHAN mode */
8222 	saved_modes = ahd_save_modes(ahd);
8223 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
8224 
8225 	/*
8226 	 * Halt any pending SCB DMA.  The sequencer will reinitiate
8227 	 * this dma if the qinfifo is not empty once we unpause.
8228 	 */
8229 	if ((ahd_inb(ahd, CCSCBCTL) & (CCARREN|CCSCBEN|CCSCBDIR))
8230 	 == (CCARREN|CCSCBEN|CCSCBDIR)) {
8231 		ahd_outb(ahd, CCSCBCTL,
8232 			 ahd_inb(ahd, CCSCBCTL) & ~(CCARREN|CCSCBEN));
8233 		while ((ahd_inb(ahd, CCSCBCTL) & (CCARREN|CCSCBEN)) != 0)
8234 			;
8235 	}
8236 	/* Determine sequencer's position in the qinfifo. */
8237 	qintail = AHD_QIN_WRAP(ahd->qinfifonext);
8238 	qinstart = ahd_get_snscb_qoff(ahd);
8239 	qinpos = AHD_QIN_WRAP(qinstart);
8240 	found = 0;
8241 	prev_scb = NULL;
8242 
8243 	if (action == SEARCH_PRINT) {
8244 		printf("qinstart = %d qinfifonext = %d\nQINFIFO:",
8245 		       qinstart, ahd->qinfifonext);
8246 	}
8247 
8248 	/*
8249 	 * Start with an empty queue.  Entries that are not chosen
8250 	 * for removal will be re-added to the queue as we go.
8251 	 */
8252 	ahd->qinfifonext = qinstart;
8253 	busaddr = ahd_le32toh(ahd->next_queued_hscb->hscb_busaddr);
8254 	ahd_outl(ahd, NEXT_QUEUED_SCB_ADDR, busaddr);
8255 
8256 	while (qinpos != qintail) {
8257 		scb = ahd_lookup_scb(ahd, ahd->qinfifo[qinpos]);
8258 		if (scb == NULL) {
8259 			printf("qinpos = %d, SCB index = %d\n",
8260 				qinpos, ahd->qinfifo[qinpos]);
8261 			panic("Loop 1\n");
8262 		}
8263 
8264 		if (ahd_match_scb(ahd, scb, target, channel, lun, tag, role)) {
8265 			/*
8266 			 * We found an scb that needs to be acted on.
8267 			 */
8268 			found++;
8269 			switch (action) {
8270 			case SEARCH_COMPLETE:
8271 				if ((scb->flags & SCB_ACTIVE) == 0)
8272 					printf("Inactive SCB in qinfifo\n");
8273 				ahd_done_with_status(ahd, scb, status);
8274 				/* FALLTHROUGH */
8275 			case SEARCH_REMOVE:
8276 				break;
8277 			case SEARCH_PRINT:
8278 				printf(" 0x%x", ahd->qinfifo[qinpos]);
8279 				/* FALLTHROUGH */
8280 			case SEARCH_COUNT:
8281 				ahd_qinfifo_requeue(ahd, prev_scb, scb);
8282 				prev_scb = scb;
8283 				break;
8284 			}
8285 		} else {
8286 			ahd_qinfifo_requeue(ahd, prev_scb, scb);
8287 			prev_scb = scb;
8288 		}
8289 		qinpos = AHD_QIN_WRAP(qinpos+1);
8290 	}
8291 
8292 	ahd_set_hnscb_qoff(ahd, ahd->qinfifonext);
8293 
8294 	if (action == SEARCH_PRINT)
8295 		printf("\nWAITING_TID_QUEUES:\n");
8296 
8297 	/*
8298 	 * Search waiting for selection lists.  We traverse the
8299 	 * list of "their ids" waiting for selection and, if
8300 	 * appropriate, traverse the SCBs of each "their id"
8301 	 * looking for matches.
8302 	 */
8303 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
8304 	seq_flags2 = ahd_inb(ahd, SEQ_FLAGS2);
8305 	if ((seq_flags2 & PENDING_MK_MESSAGE) != 0) {
8306 		scbid = ahd_inw(ahd, MK_MESSAGE_SCB);
8307 		mk_msg_scb = ahd_lookup_scb(ahd, scbid);
8308 	} else
8309 		mk_msg_scb = NULL;
8310 	savedscbptr = ahd_get_scbptr(ahd);
8311 	tid_next = ahd_inw(ahd, WAITING_TID_HEAD);
8312 	tid_prev = SCB_LIST_NULL;
8313 	targets = 0;
8314 	for (scbid = tid_next; !SCBID_IS_NULL(scbid); scbid = tid_next) {
8315 		u_int tid_head;
8316 		u_int tid_tail;
8317 
8318 		targets++;
8319 		if (targets > AHD_NUM_TARGETS)
8320 			panic("TID LIST LOOP");
8321 
8322 		if (scbid >= ahd->scb_data.numscbs) {
8323 			printf("%s: Waiting TID List inconsistency. "
8324 			       "SCB index == 0x%x, yet numscbs == 0x%x.",
8325 			       ahd_name(ahd), scbid, ahd->scb_data.numscbs);
8326 			ahd_dump_card_state(ahd);
8327 			panic("for safety");
8328 		}
8329 		scb = ahd_lookup_scb(ahd, scbid);
8330 		if (scb == NULL) {
8331 			printf("%s: SCB = 0x%x Not Active!\n",
8332 			       ahd_name(ahd), scbid);
8333 			panic("Waiting TID List traversal\n");
8334 		}
8335 		ahd_set_scbptr(ahd, scbid);
8336 		tid_next = ahd_inw_scbram(ahd, SCB_NEXT2);
8337 		if (ahd_match_scb(ahd, scb, target, channel, CAM_LUN_WILDCARD,
8338 				  SCB_LIST_NULL, ROLE_UNKNOWN) == 0) {
8339 			tid_prev = scbid;
8340 			continue;
8341 		}
8342 
8343 		/*
8344 		 * We found a list of scbs that needs to be searched.
8345 		 */
8346 		if (action == SEARCH_PRINT)
8347 			printf("       %d ( ", SCB_GET_TARGET(ahd, scb));
8348 		tid_head = scbid;
8349 		found += ahd_search_scb_list(ahd, target, channel,
8350 					     lun, tag, role, status,
8351 					     action, &tid_head, &tid_tail,
8352 					     SCB_GET_TARGET(ahd, scb));
8353 		/*
8354 		 * Check any MK_MESSAGE SCB that is still waiting to
8355 		 * enter this target's waiting for selection queue.
8356 		 */
8357 		if (mk_msg_scb != NULL
8358 		 && ahd_match_scb(ahd, mk_msg_scb, target, channel,
8359 				  lun, tag, role)) {
8360 
8361 			/*
8362 			 * We found an scb that needs to be acted on.
8363 			 */
8364 			found++;
8365 			switch (action) {
8366 			case SEARCH_COMPLETE:
8367 				if ((mk_msg_scb->flags & SCB_ACTIVE) == 0)
8368 					printf("Inactive SCB pending MK_MSG\n");
8369 				ahd_done_with_status(ahd, mk_msg_scb, status);
8370 				/* FALLTHROUGH */
8371 			case SEARCH_REMOVE:
8372 			{
8373 				u_int tail_offset;
8374 
8375 				printf("Removing MK_MSG scb\n");
8376 
8377 				/*
8378 				 * Reset our tail to the tail of the
8379 				 * main per-target list.
8380 				 */
8381 				tail_offset = WAITING_SCB_TAILS
8382 				    + (2 * SCB_GET_TARGET(ahd, mk_msg_scb));
8383 				ahd_outw(ahd, tail_offset, tid_tail);
8384 
8385 				seq_flags2 &= ~PENDING_MK_MESSAGE;
8386 				ahd_outb(ahd, SEQ_FLAGS2, seq_flags2);
8387 				ahd_outw(ahd, CMDS_PENDING,
8388 					 ahd_inw(ahd, CMDS_PENDING)-1);
8389 				mk_msg_scb = NULL;
8390 				break;
8391 			}
8392 			case SEARCH_PRINT:
8393 				printf(" 0x%x", SCB_GET_TAG(scb));
8394 				/* FALLTHROUGH */
8395 			case SEARCH_COUNT:
8396 				break;
8397 			}
8398 		}
8399 
8400 		if (mk_msg_scb != NULL
8401 		 && SCBID_IS_NULL(tid_head)
8402 		 && ahd_match_scb(ahd, scb, target, channel, CAM_LUN_WILDCARD,
8403 				  SCB_LIST_NULL, ROLE_UNKNOWN)) {
8404 
8405 			/*
8406 			 * When removing the last SCB for a target
8407 			 * queue with a pending MK_MESSAGE scb, we
8408 			 * must queue the MK_MESSAGE scb.
8409 			 */
8410 			printf("Queueing mk_msg_scb\n");
8411 			tid_head = ahd_inw(ahd, MK_MESSAGE_SCB);
8412 			seq_flags2 &= ~PENDING_MK_MESSAGE;
8413 			ahd_outb(ahd, SEQ_FLAGS2, seq_flags2);
8414 			mk_msg_scb = NULL;
8415 		}
8416 		if (tid_head != scbid)
8417 			ahd_stitch_tid_list(ahd, tid_prev, tid_head, tid_next);
8418 		if (!SCBID_IS_NULL(tid_head))
8419 			tid_prev = tid_head;
8420 		if (action == SEARCH_PRINT)
8421 			printf(")\n");
8422 	}
8423 
8424 	/* Restore saved state. */
8425 	ahd_set_scbptr(ahd, savedscbptr);
8426 	ahd_restore_modes(ahd, saved_modes);
8427 	return (found);
8428 }
8429 
8430 static int
8431 ahd_search_scb_list(struct ahd_softc *ahd, int target, char channel,
8432 		    int lun, u_int tag, role_t role, uint32_t status,
8433 		    ahd_search_action action, u_int *list_head,
8434 		    u_int *list_tail, u_int tid)
8435 {
8436 	struct	scb *scb;
8437 	u_int	scbid;
8438 	u_int	next;
8439 	u_int	prev;
8440 	int	found;
8441 
8442 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
8443 	found = 0;
8444 	prev = SCB_LIST_NULL;
8445 	next = *list_head;
8446 	*list_tail = SCB_LIST_NULL;
8447 	for (scbid = next; !SCBID_IS_NULL(scbid); scbid = next) {
8448 		if (scbid >= ahd->scb_data.numscbs) {
8449 			printf("%s:SCB List inconsistency. "
8450 			       "SCB == 0x%x, yet numscbs == 0x%x.",
8451 			       ahd_name(ahd), scbid, ahd->scb_data.numscbs);
8452 			ahd_dump_card_state(ahd);
8453 			panic("for safety");
8454 		}
8455 		scb = ahd_lookup_scb(ahd, scbid);
8456 		if (scb == NULL) {
8457 			printf("%s: SCB = %d Not Active!\n",
8458 			       ahd_name(ahd), scbid);
8459 			panic("Waiting List traversal\n");
8460 		}
8461 		ahd_set_scbptr(ahd, scbid);
8462 		*list_tail = scbid;
8463 		next = ahd_inw_scbram(ahd, SCB_NEXT);
8464 		if (ahd_match_scb(ahd, scb, target, channel,
8465 				  lun, SCB_LIST_NULL, role) == 0) {
8466 			prev = scbid;
8467 			continue;
8468 		}
8469 		found++;
8470 		switch (action) {
8471 		case SEARCH_COMPLETE:
8472 			if ((scb->flags & SCB_ACTIVE) == 0)
8473 				printf("Inactive SCB in Waiting List\n");
8474 			ahd_done_with_status(ahd, scb, status);
8475 			/* FALLTHROUGH */
8476 		case SEARCH_REMOVE:
8477 			ahd_rem_wscb(ahd, scbid, prev, next, tid);
8478 			*list_tail = prev;
8479 			if (SCBID_IS_NULL(prev))
8480 				*list_head = next;
8481 			break;
8482 		case SEARCH_PRINT:
8483 			printf("0x%x ", scbid);
8484 		case SEARCH_COUNT:
8485 			prev = scbid;
8486 			break;
8487 		}
8488 		if (found > AHD_SCB_MAX)
8489 			panic("SCB LIST LOOP");
8490 	}
8491 	if (action == SEARCH_COMPLETE
8492 	 || action == SEARCH_REMOVE)
8493 		ahd_outw(ahd, CMDS_PENDING, ahd_inw(ahd, CMDS_PENDING) - found);
8494 	return (found);
8495 }
8496 
8497 static void
8498 ahd_stitch_tid_list(struct ahd_softc *ahd, u_int tid_prev,
8499 		    u_int tid_cur, u_int tid_next)
8500 {
8501 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
8502 
8503 	if (SCBID_IS_NULL(tid_cur)) {
8504 
8505 		/* Bypass current TID list */
8506 		if (SCBID_IS_NULL(tid_prev)) {
8507 			ahd_outw(ahd, WAITING_TID_HEAD, tid_next);
8508 		} else {
8509 			ahd_set_scbptr(ahd, tid_prev);
8510 			ahd_outw(ahd, SCB_NEXT2, tid_next);
8511 		}
8512 		if (SCBID_IS_NULL(tid_next))
8513 			ahd_outw(ahd, WAITING_TID_TAIL, tid_prev);
8514 	} else {
8515 
8516 		/* Stitch through tid_cur */
8517 		if (SCBID_IS_NULL(tid_prev)) {
8518 			ahd_outw(ahd, WAITING_TID_HEAD, tid_cur);
8519 		} else {
8520 			ahd_set_scbptr(ahd, tid_prev);
8521 			ahd_outw(ahd, SCB_NEXT2, tid_cur);
8522 		}
8523 		ahd_set_scbptr(ahd, tid_cur);
8524 		ahd_outw(ahd, SCB_NEXT2, tid_next);
8525 
8526 		if (SCBID_IS_NULL(tid_next))
8527 			ahd_outw(ahd, WAITING_TID_TAIL, tid_cur);
8528 	}
8529 }
8530 
8531 /*
8532  * Manipulate the waiting for selection list and return the
8533  * scb that follows the one that we remove.
8534  */
8535 static u_int
8536 ahd_rem_wscb(struct ahd_softc *ahd, u_int scbid,
8537 	     u_int prev, u_int next, u_int tid)
8538 {
8539 	u_int tail_offset;
8540 
8541 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
8542 	if (!SCBID_IS_NULL(prev)) {
8543 		ahd_set_scbptr(ahd, prev);
8544 		ahd_outw(ahd, SCB_NEXT, next);
8545 	}
8546 
8547 	/*
8548 	 * SCBs that have MK_MESSAGE set in them may
8549 	 * cause the tail pointer to be updated without
8550 	 * setting the next pointer of the previous tail.
8551 	 * Only clear the tail if the removed SCB was
8552 	 * the tail.
8553 	 */
8554 	tail_offset = WAITING_SCB_TAILS + (2 * tid);
8555 	if (SCBID_IS_NULL(next)
8556 	 && ahd_inw(ahd, tail_offset) == scbid)
8557 		ahd_outw(ahd, tail_offset, prev);
8558 
8559 	ahd_add_scb_to_free_list(ahd, scbid);
8560 	return (next);
8561 }
8562 
8563 /*
8564  * Add the SCB as selected by SCBPTR onto the on chip list of
8565  * free hardware SCBs.  This list is empty/unused if we are not
8566  * performing SCB paging.
8567  */
8568 static void
8569 ahd_add_scb_to_free_list(struct ahd_softc *ahd, u_int scbid)
8570 {
8571 /* XXX Need some other mechanism to designate "free". */
8572 	/*
8573 	 * Invalidate the tag so that our abort
8574 	 * routines don't think it's active.
8575 	ahd_outb(ahd, SCB_TAG, SCB_LIST_NULL);
8576 	 */
8577 }
8578 
8579 /******************************** Error Handling ******************************/
8580 /*
8581  * Abort all SCBs that match the given description (target/channel/lun/tag),
8582  * setting their status to the passed in status if the status has not already
8583  * been modified from CAM_REQ_INPROG.  This routine assumes that the sequencer
8584  * is paused before it is called.
8585  */
8586 static int
8587 ahd_abort_scbs(struct ahd_softc *ahd, int target, char channel,
8588 	       int lun, u_int tag, role_t role, uint32_t status)
8589 {
8590 	struct		scb *scbp;
8591 	struct		scb *scbp_next;
8592 	u_int		i, j;
8593 	u_int		maxtarget;
8594 	u_int		minlun;
8595 	u_int		maxlun;
8596 	int		found;
8597 	ahd_mode_state	saved_modes;
8598 
8599 	/* restore this when we're done */
8600 	saved_modes = ahd_save_modes(ahd);
8601 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
8602 
8603 	found = ahd_search_qinfifo(ahd, target, channel, lun, SCB_LIST_NULL,
8604 				   role, CAM_REQUEUE_REQ, SEARCH_COMPLETE);
8605 
8606 	/*
8607 	 * Clean out the busy target table for any untagged commands.
8608 	 */
8609 	i = 0;
8610 	maxtarget = 16;
8611 	if (target != CAM_TARGET_WILDCARD) {
8612 		i = target;
8613 		if (channel == 'B')
8614 			i += 8;
8615 		maxtarget = i + 1;
8616 	}
8617 
8618 	if (lun == CAM_LUN_WILDCARD) {
8619 		minlun = 0;
8620 		maxlun = AHD_NUM_LUNS_NONPKT;
8621 	} else if (lun >= AHD_NUM_LUNS_NONPKT) {
8622 		minlun = maxlun = 0;
8623 	} else {
8624 		minlun = lun;
8625 		maxlun = lun + 1;
8626 	}
8627 
8628 	if (role != ROLE_TARGET) {
8629 		for (;i < maxtarget; i++) {
8630 			for (j = minlun;j < maxlun; j++) {
8631 				u_int scbid;
8632 				u_int tcl;
8633 
8634 				tcl = BUILD_TCL_RAW(i, 'A', j);
8635 				scbid = ahd_find_busy_tcl(ahd, tcl);
8636 				scbp = ahd_lookup_scb(ahd, scbid);
8637 				if (scbp == NULL
8638 				 || ahd_match_scb(ahd, scbp, target, channel,
8639 						  lun, tag, role) == 0)
8640 					continue;
8641 				ahd_unbusy_tcl(ahd, BUILD_TCL_RAW(i, 'A', j));
8642 			}
8643 		}
8644 	}
8645 
8646 	/*
8647 	 * Don't abort commands that have already completed,
8648 	 * but haven't quite made it up to the host yet.
8649 	 */
8650 	ahd_flush_qoutfifo(ahd);
8651 
8652 	/*
8653 	 * Go through the pending CCB list and look for
8654 	 * commands for this target that are still active.
8655 	 * These are other tagged commands that were
8656 	 * disconnected when the reset occurred.
8657 	 */
8658 	scbp_next = LIST_FIRST(&ahd->pending_scbs);
8659 	while (scbp_next != NULL) {
8660 		scbp = scbp_next;
8661 		scbp_next = LIST_NEXT(scbp, pending_links);
8662 		if (ahd_match_scb(ahd, scbp, target, channel, lun, tag, role)) {
8663 			cam_status ostat;
8664 
8665 			ostat = ahd_get_transaction_status(scbp);
8666 			if (ostat == CAM_REQ_INPROG)
8667 				ahd_set_transaction_status(scbp, status);
8668 			if (ahd_get_transaction_status(scbp) != CAM_REQ_CMP)
8669 				ahd_freeze_scb(scbp);
8670 			if ((scbp->flags & SCB_ACTIVE) == 0)
8671 				printf("Inactive SCB on pending list\n");
8672 			ahd_done(ahd, scbp);
8673 			found++;
8674 		}
8675 	}
8676 	ahd_restore_modes(ahd, saved_modes);
8677 	ahd_platform_abort_scbs(ahd, target, channel, lun, tag, role, status);
8678 	ahd->flags |= AHD_UPDATE_PEND_CMDS;
8679 	return found;
8680 }
8681 
8682 static void
8683 ahd_reset_current_bus(struct ahd_softc *ahd)
8684 {
8685 	uint8_t scsiseq;
8686 
8687 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
8688 	ahd_outb(ahd, SIMODE1, ahd_inb(ahd, SIMODE1) & ~ENSCSIRST);
8689 	scsiseq = ahd_inb(ahd, SCSISEQ0) & ~(ENSELO|ENARBO|SCSIRSTO);
8690 	ahd_outb(ahd, SCSISEQ0, scsiseq | SCSIRSTO);
8691 	ahd_flush_device_writes(ahd);
8692 	ahd_delay(AHD_BUSRESET_DELAY);
8693 	/* Turn off the bus reset */
8694 	ahd_outb(ahd, SCSISEQ0, scsiseq);
8695 	ahd_flush_device_writes(ahd);
8696 	ahd_delay(AHD_BUSRESET_DELAY);
8697 	if ((ahd->bugs & AHD_SCSIRST_BUG) != 0) {
8698 		/*
8699 		 * 2A Razor #474
8700 		 * Certain chip state is not cleared for
8701 		 * SCSI bus resets that we initiate, so
8702 		 * we must reset the chip.
8703 		 */
8704 		ahd_reset(ahd, /*reinit*/TRUE);
8705 		ahd_intr_enable(ahd, /*enable*/TRUE);
8706 		AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
8707 	}
8708 
8709 	ahd_clear_intstat(ahd);
8710 }
8711 
8712 int
8713 ahd_reset_channel(struct ahd_softc *ahd, char channel, int initiate_reset)
8714 {
8715 	struct	ahd_devinfo caminfo;
8716 	u_int	initiator;
8717 	u_int	target;
8718 	u_int	max_scsiid;
8719 	int	found;
8720 	u_int	fifo;
8721 	u_int	next_fifo;
8722 	uint8_t scsiseq;
8723 
8724 	/*
8725 	 * Check if the last bus reset is cleared
8726 	 */
8727 	if (ahd->flags & AHD_BUS_RESET_ACTIVE) {
8728 		printf("%s: bus reset still active\n",
8729 		       ahd_name(ahd));
8730 		return 0;
8731 	}
8732 	ahd->flags |= AHD_BUS_RESET_ACTIVE;
8733 
8734 	ahd->pending_device = NULL;
8735 
8736 	ahd_compile_devinfo(&caminfo,
8737 			    CAM_TARGET_WILDCARD,
8738 			    CAM_TARGET_WILDCARD,
8739 			    CAM_LUN_WILDCARD,
8740 			    channel, ROLE_UNKNOWN);
8741 	ahd_pause(ahd);
8742 
8743 	/* Make sure the sequencer is in a safe location. */
8744 	ahd_clear_critical_section(ahd);
8745 
8746 	/*
8747 	 * Run our command complete fifos to ensure that we perform
8748 	 * completion processing on any commands that 'completed'
8749 	 * before the reset occurred.
8750 	 */
8751 	ahd_run_qoutfifo(ahd);
8752 #ifdef AHD_TARGET_MODE
8753 	if ((ahd->flags & AHD_TARGETROLE) != 0) {
8754 		ahd_run_tqinfifo(ahd, /*paused*/TRUE);
8755 	}
8756 #endif
8757 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
8758 
8759 	/*
8760 	 * Disable selections so no automatic hardware
8761 	 * functions will modify chip state.
8762 	 */
8763 	ahd_outb(ahd, SCSISEQ0, 0);
8764 	ahd_outb(ahd, SCSISEQ1, 0);
8765 
8766 	/*
8767 	 * Safely shut down our DMA engines.  Always start with
8768 	 * the FIFO that is not currently active (if any are
8769 	 * actively connected).
8770 	 */
8771 	next_fifo = fifo = ahd_inb(ahd, DFFSTAT) & CURRFIFO;
8772 	if (next_fifo > CURRFIFO_1)
8773 		/* If disconneced, arbitrarily start with FIFO1. */
8774 		next_fifo = fifo = 0;
8775 	do {
8776 		next_fifo ^= CURRFIFO_1;
8777 		ahd_set_modes(ahd, next_fifo, next_fifo);
8778 		ahd_outb(ahd, DFCNTRL,
8779 			 ahd_inb(ahd, DFCNTRL) & ~(SCSIEN|HDMAEN));
8780 		while ((ahd_inb(ahd, DFCNTRL) & HDMAENACK) != 0)
8781 			ahd_delay(10);
8782 		/*
8783 		 * Set CURRFIFO to the now inactive channel.
8784 		 */
8785 		ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
8786 		ahd_outb(ahd, DFFSTAT, next_fifo);
8787 	} while (next_fifo != fifo);
8788 
8789 	/*
8790 	 * Reset the bus if we are initiating this reset
8791 	 */
8792 	ahd_clear_msg_state(ahd);
8793 	ahd_outb(ahd, SIMODE1,
8794 		 ahd_inb(ahd, SIMODE1) & ~(ENBUSFREE|ENSCSIRST));
8795 
8796 	if (initiate_reset)
8797 		ahd_reset_current_bus(ahd);
8798 
8799 	ahd_clear_intstat(ahd);
8800 
8801 	/*
8802 	 * Clean up all the state information for the
8803 	 * pending transactions on this bus.
8804 	 */
8805 	found = ahd_abort_scbs(ahd, CAM_TARGET_WILDCARD, channel,
8806 			       CAM_LUN_WILDCARD, SCB_LIST_NULL,
8807 			       ROLE_UNKNOWN, CAM_SCSI_BUS_RESET);
8808 
8809 	/*
8810 	 * Cleanup anything left in the FIFOs.
8811 	 */
8812 	ahd_clear_fifo(ahd, 0);
8813 	ahd_clear_fifo(ahd, 1);
8814 
8815 	/*
8816 	 * Clear SCSI interrupt status
8817 	 */
8818 	ahd_outb(ahd, CLRSINT1, CLRSCSIRSTI);
8819 
8820 	/*
8821 	 * Reenable selections
8822 	 */
8823 	ahd_outb(ahd, SIMODE1, ahd_inb(ahd, SIMODE1) | ENSCSIRST);
8824 	scsiseq = ahd_inb(ahd, SCSISEQ_TEMPLATE);
8825 	ahd_outb(ahd, SCSISEQ1, scsiseq & (ENSELI|ENRSELI|ENAUTOATNP));
8826 
8827 	max_scsiid = (ahd->features & AHD_WIDE) ? 15 : 7;
8828 #ifdef AHD_TARGET_MODE
8829 	/*
8830 	 * Send an immediate notify ccb to all target more peripheral
8831 	 * drivers affected by this action.
8832 	 */
8833 	for (target = 0; target <= max_scsiid; target++) {
8834 		struct ahd_tmode_tstate* tstate;
8835 		u_int lun;
8836 
8837 		tstate = ahd->enabled_targets[target];
8838 		if (tstate == NULL)
8839 			continue;
8840 		for (lun = 0; lun < AHD_NUM_LUNS; lun++) {
8841 			struct ahd_tmode_lstate* lstate;
8842 
8843 			lstate = tstate->enabled_luns[lun];
8844 			if (lstate == NULL)
8845 				continue;
8846 
8847 			ahd_queue_lstate_event(ahd, lstate, CAM_TARGET_WILDCARD,
8848 					       EVENT_TYPE_BUS_RESET, /*arg*/0);
8849 			ahd_send_lstate_events(ahd, lstate);
8850 		}
8851 	}
8852 #endif
8853 	/*
8854 	 * Revert to async/narrow transfers until we renegotiate.
8855 	 */
8856 	for (target = 0; target <= max_scsiid; target++) {
8857 
8858 		if (ahd->enabled_targets[target] == NULL)
8859 			continue;
8860 		for (initiator = 0; initiator <= max_scsiid; initiator++) {
8861 			struct ahd_devinfo devinfo;
8862 
8863 			ahd_compile_devinfo(&devinfo, target, initiator,
8864 					    CAM_LUN_WILDCARD,
8865 					    'A', ROLE_UNKNOWN);
8866 			ahd_set_width(ahd, &devinfo, MSG_EXT_WDTR_BUS_8_BIT,
8867 				      AHD_TRANS_CUR, /*paused*/TRUE);
8868 			ahd_set_syncrate(ahd, &devinfo, /*period*/0,
8869 					 /*offset*/0, /*ppr_options*/0,
8870 					 AHD_TRANS_CUR, /*paused*/TRUE);
8871 		}
8872 	}
8873 
8874 	/* Notify the XPT that a bus reset occurred */
8875 	ahd_send_async(ahd, caminfo.channel, CAM_TARGET_WILDCARD,
8876 		       CAM_LUN_WILDCARD, AC_BUS_RESET);
8877 
8878 	ahd_restart(ahd);
8879 
8880 	return (found);
8881 }
8882 
8883 /**************************** Statistics Processing ***************************/
8884 static void
8885 ahd_stat_timer(void *arg)
8886 {
8887 	struct	ahd_softc *ahd = arg;
8888 	u_long	s;
8889 	int	enint_coal;
8890 
8891 	ahd_lock(ahd, &s);
8892 
8893 	enint_coal = ahd->hs_mailbox & ENINT_COALESCE;
8894 	if (ahd->cmdcmplt_total > ahd->int_coalescing_threshold)
8895 		enint_coal |= ENINT_COALESCE;
8896 	else if (ahd->cmdcmplt_total < ahd->int_coalescing_stop_threshold)
8897 		enint_coal &= ~ENINT_COALESCE;
8898 
8899 	if (enint_coal != (ahd->hs_mailbox & ENINT_COALESCE)) {
8900 		ahd_enable_coalescing(ahd, enint_coal);
8901 #ifdef AHD_DEBUG
8902 		if ((ahd_debug & AHD_SHOW_INT_COALESCING) != 0)
8903 			printf("%s: Interrupt coalescing "
8904 			       "now %sabled. Cmds %d\n",
8905 			       ahd_name(ahd),
8906 			       (enint_coal & ENINT_COALESCE) ? "en" : "dis",
8907 			       ahd->cmdcmplt_total);
8908 #endif
8909 	}
8910 
8911 	ahd->cmdcmplt_bucket = (ahd->cmdcmplt_bucket+1) & (AHD_STAT_BUCKETS-1);
8912 	ahd->cmdcmplt_total -= ahd->cmdcmplt_counts[ahd->cmdcmplt_bucket];
8913 	ahd->cmdcmplt_counts[ahd->cmdcmplt_bucket] = 0;
8914 	ahd_timer_reset(&ahd->stat_timer, AHD_STAT_UPDATE_US,
8915 			ahd_stat_timer, ahd);
8916 	ahd_unlock(ahd, &s);
8917 }
8918 
8919 /****************************** Status Processing *****************************/
8920 
8921 static void
8922 ahd_handle_scsi_status(struct ahd_softc *ahd, struct scb *scb)
8923 {
8924 	struct	hardware_scb *hscb;
8925 	int	paused;
8926 
8927 	/*
8928 	 * The sequencer freezes its select-out queue
8929 	 * anytime a SCSI status error occurs.  We must
8930 	 * handle the error and increment our qfreeze count
8931 	 * to allow the sequencer to continue.  We don't
8932 	 * bother clearing critical sections here since all
8933 	 * operations are on data structures that the sequencer
8934 	 * is not touching once the queue is frozen.
8935 	 */
8936 	hscb = scb->hscb;
8937 
8938 	if (ahd_is_paused(ahd)) {
8939 		paused = 1;
8940 	} else {
8941 		paused = 0;
8942 		ahd_pause(ahd);
8943 	}
8944 
8945 	/* Freeze the queue until the client sees the error. */
8946 	ahd_freeze_devq(ahd, scb);
8947 	ahd_freeze_scb(scb);
8948 	ahd->qfreeze_cnt++;
8949 	ahd_outw(ahd, KERNEL_QFREEZE_COUNT, ahd->qfreeze_cnt);
8950 
8951 	if (paused == 0)
8952 		ahd_unpause(ahd);
8953 
8954 	/* Don't want to clobber the original sense code */
8955 	if ((scb->flags & SCB_SENSE) != 0) {
8956 		/*
8957 		 * Clear the SCB_SENSE Flag and perform
8958 		 * a normal command completion.
8959 		 */
8960 		scb->flags &= ~SCB_SENSE;
8961 		ahd_set_transaction_status(scb, CAM_AUTOSENSE_FAIL);
8962 		ahd_done(ahd, scb);
8963 		return;
8964 	}
8965 	ahd_set_transaction_status(scb, CAM_SCSI_STATUS_ERROR);
8966 	ahd_set_scsi_status(scb, hscb->shared_data.istatus.scsi_status);
8967 	switch (hscb->shared_data.istatus.scsi_status) {
8968 	case STATUS_PKT_SENSE:
8969 	{
8970 		struct scsi_status_iu_header *siu;
8971 
8972 		ahd_sync_sense(ahd, scb, BUS_DMASYNC_POSTREAD);
8973 		siu = (struct scsi_status_iu_header *)scb->sense_data;
8974 		ahd_set_scsi_status(scb, siu->status);
8975 #ifdef AHD_DEBUG
8976 		if ((ahd_debug & AHD_SHOW_SENSE) != 0) {
8977 			ahd_print_path(ahd, scb);
8978 			printf("SCB 0x%x Received PKT Status of 0x%x\n",
8979 			       SCB_GET_TAG(scb), siu->status);
8980 			printf("\tflags = 0x%x, sense len = 0x%x, "
8981 			       "pktfail = 0x%x\n",
8982 			       siu->flags, scsi_4btoul(siu->sense_length),
8983 			       scsi_4btoul(siu->pkt_failures_length));
8984 		}
8985 #endif
8986 		if ((siu->flags & SIU_RSPVALID) != 0) {
8987 			ahd_print_path(ahd, scb);
8988 			if (scsi_4btoul(siu->pkt_failures_length) < 4) {
8989 				printf("Unable to parse pkt_failures\n");
8990 			} else {
8991 
8992 				switch (SIU_PKTFAIL_CODE(siu)) {
8993 				case SIU_PFC_NONE:
8994 					printf("No packet failure found\n");
8995 					break;
8996 				case SIU_PFC_CIU_FIELDS_INVALID:
8997 					printf("Invalid Command IU Field\n");
8998 					break;
8999 				case SIU_PFC_TMF_NOT_SUPPORTED:
9000 					printf("TMF not supportd\n");
9001 					break;
9002 				case SIU_PFC_TMF_FAILED:
9003 					printf("TMF failed\n");
9004 					break;
9005 				case SIU_PFC_INVALID_TYPE_CODE:
9006 					printf("Invalid L_Q Type code\n");
9007 					break;
9008 				case SIU_PFC_ILLEGAL_REQUEST:
9009 					printf("Illegal request\n");
9010 				default:
9011 					break;
9012 				}
9013 			}
9014 			if (siu->status == SCSI_STATUS_OK)
9015 				ahd_set_transaction_status(scb,
9016 							   CAM_REQ_CMP_ERR);
9017 		}
9018 		if ((siu->flags & SIU_SNSVALID) != 0) {
9019 			scb->flags |= SCB_PKT_SENSE;
9020 #ifdef AHD_DEBUG
9021 			if ((ahd_debug & AHD_SHOW_SENSE) != 0)
9022 				printf("Sense data available\n");
9023 #endif
9024 		}
9025 		ahd_done(ahd, scb);
9026 		break;
9027 	}
9028 	case SCSI_STATUS_CMD_TERMINATED:
9029 	case SCSI_STATUS_CHECK_COND:
9030 	{
9031 		struct ahd_devinfo devinfo;
9032 		struct ahd_dma_seg *sg;
9033 		struct scsi_sense *sc;
9034 		struct ahd_initiator_tinfo *targ_info;
9035 		struct ahd_tmode_tstate *tstate;
9036 		struct ahd_transinfo *tinfo;
9037 #ifdef AHD_DEBUG
9038 		if (ahd_debug & AHD_SHOW_SENSE) {
9039 			ahd_print_path(ahd, scb);
9040 			printf("SCB %d: requests Check Status\n",
9041 			       SCB_GET_TAG(scb));
9042 		}
9043 #endif
9044 
9045 		if (ahd_perform_autosense(scb) == 0)
9046 			break;
9047 
9048 		ahd_compile_devinfo(&devinfo, SCB_GET_OUR_ID(scb),
9049 				    SCB_GET_TARGET(ahd, scb),
9050 				    SCB_GET_LUN(scb),
9051 				    SCB_GET_CHANNEL(ahd, scb),
9052 				    ROLE_INITIATOR);
9053 		targ_info = ahd_fetch_transinfo(ahd,
9054 						devinfo.channel,
9055 						devinfo.our_scsiid,
9056 						devinfo.target,
9057 						&tstate);
9058 		tinfo = &targ_info->curr;
9059 		sg = scb->sg_list;
9060 		sc = (struct scsi_sense *)hscb->shared_data.idata.cdb;
9061 		/*
9062 		 * Save off the residual if there is one.
9063 		 */
9064 		ahd_update_residual(ahd, scb);
9065 #ifdef AHD_DEBUG
9066 		if (ahd_debug & AHD_SHOW_SENSE) {
9067 			ahd_print_path(ahd, scb);
9068 			printf("Sending Sense\n");
9069 		}
9070 #endif
9071 		scb->sg_count = 0;
9072 		sg = ahd_sg_setup(ahd, scb, sg, ahd_get_sense_bufaddr(ahd, scb),
9073 				  ahd_get_sense_bufsize(ahd, scb),
9074 				  /*last*/TRUE);
9075 		sc->opcode = REQUEST_SENSE;
9076 		sc->byte2 = 0;
9077 		if (tinfo->protocol_version <= SCSI_REV_2
9078 		 && SCB_GET_LUN(scb) < 8)
9079 			sc->byte2 = SCB_GET_LUN(scb) << 5;
9080 		sc->unused[0] = 0;
9081 		sc->unused[1] = 0;
9082 		sc->length = ahd_get_sense_bufsize(ahd, scb);
9083 		sc->control = 0;
9084 
9085 		/*
9086 		 * We can't allow the target to disconnect.
9087 		 * This will be an untagged transaction and
9088 		 * having the target disconnect will make this
9089 		 * transaction indestinguishable from outstanding
9090 		 * tagged transactions.
9091 		 */
9092 		hscb->control = 0;
9093 
9094 		/*
9095 		 * This request sense could be because the
9096 		 * the device lost power or in some other
9097 		 * way has lost our transfer negotiations.
9098 		 * Renegotiate if appropriate.  Unit attention
9099 		 * errors will be reported before any data
9100 		 * phases occur.
9101 		 */
9102 		if (ahd_get_residual(scb) == ahd_get_transfer_length(scb)) {
9103 			ahd_update_neg_request(ahd, &devinfo,
9104 					       tstate, targ_info,
9105 					       AHD_NEG_IF_NON_ASYNC);
9106 		}
9107 		if (tstate->auto_negotiate & devinfo.target_mask) {
9108 			hscb->control |= MK_MESSAGE;
9109 			scb->flags &=
9110 			    ~(SCB_NEGOTIATE|SCB_ABORT|SCB_DEVICE_RESET);
9111 			scb->flags |= SCB_AUTO_NEGOTIATE;
9112 		}
9113 		hscb->cdb_len = sizeof(*sc);
9114 		ahd_setup_data_scb(ahd, scb);
9115 		scb->flags |= SCB_SENSE;
9116 		ahd_queue_scb(ahd, scb);
9117 		break;
9118 	}
9119 	case SCSI_STATUS_OK:
9120 		printf("%s: Interrupted for staus of 0???\n",
9121 		       ahd_name(ahd));
9122 		/* FALLTHROUGH */
9123 	default:
9124 		ahd_done(ahd, scb);
9125 		break;
9126 	}
9127 }
9128 
9129 static void
9130 ahd_handle_scb_status(struct ahd_softc *ahd, struct scb *scb)
9131 {
9132 	if (scb->hscb->shared_data.istatus.scsi_status != 0) {
9133 		ahd_handle_scsi_status(ahd, scb);
9134 	} else {
9135 		ahd_calc_residual(ahd, scb);
9136 		ahd_done(ahd, scb);
9137 	}
9138 }
9139 
9140 /*
9141  * Calculate the residual for a just completed SCB.
9142  */
9143 static void
9144 ahd_calc_residual(struct ahd_softc *ahd, struct scb *scb)
9145 {
9146 	struct hardware_scb *hscb;
9147 	struct initiator_status *spkt;
9148 	uint32_t sgptr;
9149 	uint32_t resid_sgptr;
9150 	uint32_t resid;
9151 
9152 	/*
9153 	 * 5 cases.
9154 	 * 1) No residual.
9155 	 *    SG_STATUS_VALID clear in sgptr.
9156 	 * 2) Transferless command
9157 	 * 3) Never performed any transfers.
9158 	 *    sgptr has SG_FULL_RESID set.
9159 	 * 4) No residual but target did not
9160 	 *    save data pointers after the
9161 	 *    last transfer, so sgptr was
9162 	 *    never updated.
9163 	 * 5) We have a partial residual.
9164 	 *    Use residual_sgptr to determine
9165 	 *    where we are.
9166 	 */
9167 
9168 	hscb = scb->hscb;
9169 	sgptr = ahd_le32toh(hscb->sgptr);
9170 	if ((sgptr & SG_STATUS_VALID) == 0)
9171 		/* Case 1 */
9172 		return;
9173 	sgptr &= ~SG_STATUS_VALID;
9174 
9175 	if ((sgptr & SG_LIST_NULL) != 0)
9176 		/* Case 2 */
9177 		return;
9178 
9179 	/*
9180 	 * Residual fields are the same in both
9181 	 * target and initiator status packets,
9182 	 * so we can always use the initiator fields
9183 	 * regardless of the role for this SCB.
9184 	 */
9185 	spkt = &hscb->shared_data.istatus;
9186 	resid_sgptr = ahd_le32toh(spkt->residual_sgptr);
9187 	if ((sgptr & SG_FULL_RESID) != 0) {
9188 		/* Case 3 */
9189 		resid = ahd_get_transfer_length(scb);
9190 	} else if ((resid_sgptr & SG_LIST_NULL) != 0) {
9191 		/* Case 4 */
9192 		return;
9193 	} else if ((resid_sgptr & SG_OVERRUN_RESID) != 0) {
9194 		ahd_print_path(ahd, scb);
9195 		printf("data overrun detected Tag == 0x%x.\n",
9196 		       SCB_GET_TAG(scb));
9197 		ahd_freeze_devq(ahd, scb);
9198 		ahd_set_transaction_status(scb, CAM_DATA_RUN_ERR);
9199 		ahd_freeze_scb(scb);
9200 		return;
9201 	} else if ((resid_sgptr & ~SG_PTR_MASK) != 0) {
9202 		panic("Bogus resid sgptr value 0x%x\n", resid_sgptr);
9203 		/* NOTREACHED */
9204 	} else {
9205 		struct ahd_dma_seg *sg;
9206 
9207 		/*
9208 		 * Remainder of the SG where the transfer
9209 		 * stopped.
9210 		 */
9211 		resid = ahd_le32toh(spkt->residual_datacnt) & AHD_SG_LEN_MASK;
9212 		sg = ahd_sg_bus_to_virt(ahd, scb, resid_sgptr & SG_PTR_MASK);
9213 
9214 		/* The residual sg_ptr always points to the next sg */
9215 		sg--;
9216 
9217 		/*
9218 		 * Add up the contents of all residual
9219 		 * SG segments that are after the SG where
9220 		 * the transfer stopped.
9221 		 */
9222 		while ((ahd_le32toh(sg->len) & AHD_DMA_LAST_SEG) == 0) {
9223 			sg++;
9224 			resid += ahd_le32toh(sg->len) & AHD_SG_LEN_MASK;
9225 		}
9226 	}
9227 	if ((scb->flags & SCB_SENSE) == 0)
9228 		ahd_set_residual(scb, resid);
9229 	else
9230 		ahd_set_sense_residual(scb, resid);
9231 
9232 #ifdef AHD_DEBUG
9233 	if ((ahd_debug & AHD_SHOW_MISC) != 0) {
9234 		ahd_print_path(ahd, scb);
9235 		printf("Handled %sResidual of %d bytes\n",
9236 		       (scb->flags & SCB_SENSE) ? "Sense " : "", resid);
9237 	}
9238 #endif
9239 }
9240 
9241 /******************************* Target Mode **********************************/
9242 #ifdef AHD_TARGET_MODE
9243 /*
9244  * Add a target mode event to this lun's queue
9245  */
9246 static void
9247 ahd_queue_lstate_event(struct ahd_softc *ahd, struct ahd_tmode_lstate *lstate,
9248 		       u_int initiator_id, u_int event_type, u_int event_arg)
9249 {
9250 	struct ahd_tmode_event *event;
9251 	int pending;
9252 
9253 	xpt_freeze_devq(lstate->path, /*count*/1);
9254 	if (lstate->event_w_idx >= lstate->event_r_idx)
9255 		pending = lstate->event_w_idx - lstate->event_r_idx;
9256 	else
9257 		pending = AHD_TMODE_EVENT_BUFFER_SIZE + 1
9258 			- (lstate->event_r_idx - lstate->event_w_idx);
9259 
9260 	if (event_type == EVENT_TYPE_BUS_RESET
9261 	 || event_type == MSG_BUS_DEV_RESET) {
9262 		/*
9263 		 * Any earlier events are irrelevant, so reset our buffer.
9264 		 * This has the effect of allowing us to deal with reset
9265 		 * floods (an external device holding down the reset line)
9266 		 * without losing the event that is really interesting.
9267 		 */
9268 		lstate->event_r_idx = 0;
9269 		lstate->event_w_idx = 0;
9270 		xpt_release_devq(lstate->path, pending, /*runqueue*/FALSE);
9271 	}
9272 
9273 	if (pending == AHD_TMODE_EVENT_BUFFER_SIZE) {
9274 		xpt_print_path(lstate->path);
9275 		printf("immediate event %x:%x lost\n",
9276 		       lstate->event_buffer[lstate->event_r_idx].event_type,
9277 		       lstate->event_buffer[lstate->event_r_idx].event_arg);
9278 		lstate->event_r_idx++;
9279 		if (lstate->event_r_idx == AHD_TMODE_EVENT_BUFFER_SIZE)
9280 			lstate->event_r_idx = 0;
9281 		xpt_release_devq(lstate->path, /*count*/1, /*runqueue*/FALSE);
9282 	}
9283 
9284 	event = &lstate->event_buffer[lstate->event_w_idx];
9285 	event->initiator_id = initiator_id;
9286 	event->event_type = event_type;
9287 	event->event_arg = event_arg;
9288 	lstate->event_w_idx++;
9289 	if (lstate->event_w_idx == AHD_TMODE_EVENT_BUFFER_SIZE)
9290 		lstate->event_w_idx = 0;
9291 }
9292 
9293 /*
9294  * Send any target mode events queued up waiting
9295  * for immediate notify resources.
9296  */
9297 void
9298 ahd_send_lstate_events(struct ahd_softc *ahd, struct ahd_tmode_lstate *lstate)
9299 {
9300 	struct ccb_hdr *ccbh;
9301 	struct ccb_immed_notify *inot;
9302 
9303 	while (lstate->event_r_idx != lstate->event_w_idx
9304 	    && (ccbh = SLIST_FIRST(&lstate->immed_notifies)) != NULL) {
9305 		struct ahd_tmode_event *event;
9306 
9307 		event = &lstate->event_buffer[lstate->event_r_idx];
9308 		SLIST_REMOVE_HEAD(&lstate->immed_notifies, sim_links.sle);
9309 		inot = (struct ccb_immed_notify *)ccbh;
9310 		switch (event->event_type) {
9311 		case EVENT_TYPE_BUS_RESET:
9312 			ccbh->status = CAM_SCSI_BUS_RESET|CAM_DEV_QFRZN;
9313 			break;
9314 		default:
9315 			ccbh->status = CAM_MESSAGE_RECV|CAM_DEV_QFRZN;
9316 			inot->message_args[0] = event->event_type;
9317 			inot->message_args[1] = event->event_arg;
9318 			break;
9319 		}
9320 		inot->initiator_id = event->initiator_id;
9321 		inot->sense_len = 0;
9322 		xpt_done((union ccb *)inot);
9323 		lstate->event_r_idx++;
9324 		if (lstate->event_r_idx == AHD_TMODE_EVENT_BUFFER_SIZE)
9325 			lstate->event_r_idx = 0;
9326 	}
9327 }
9328 #endif
9329 
9330 /******************** Sequencer Program Patching/Download *********************/
9331 
9332 #ifdef AHD_DUMP_SEQ
9333 void
9334 ahd_dumpseq(struct ahd_softc* ahd)
9335 {
9336 	int i;
9337 	int max_prog;
9338 
9339 	max_prog = 2048;
9340 
9341 	ahd_outb(ahd, SEQCTL0, PERRORDIS|FAILDIS|FASTMODE|LOADRAM);
9342 	ahd_outw(ahd, PRGMCNT, 0);
9343 	for (i = 0; i < max_prog; i++) {
9344 		uint8_t ins_bytes[4];
9345 
9346 		ahd_insb(ahd, SEQRAM, ins_bytes, 4);
9347 		printf("0x%08x\n", ins_bytes[0] << 24
9348 				 | ins_bytes[1] << 16
9349 				 | ins_bytes[2] << 8
9350 				 | ins_bytes[3]);
9351 	}
9352 }
9353 #endif
9354 
9355 static void
9356 ahd_loadseq(struct ahd_softc *ahd)
9357 {
9358 	struct	cs cs_table[num_critical_sections];
9359 	u_int	begin_set[num_critical_sections];
9360 	u_int	end_set[num_critical_sections];
9361 	const struct patch *cur_patch;
9362 	u_int	cs_count;
9363 	u_int	cur_cs;
9364 	u_int	i;
9365 	int	downloaded;
9366 	u_int	skip_addr;
9367 	u_int	sg_prefetch_cnt;
9368 	u_int	sg_prefetch_cnt_limit;
9369 	u_int	sg_prefetch_align;
9370 	u_int	sg_size;
9371 	u_int	cacheline_mask;
9372 	uint8_t	download_consts[DOWNLOAD_CONST_COUNT];
9373 
9374 	if (bootverbose)
9375 		printf("%s: Downloading Sequencer Program...",
9376 		       ahd_name(ahd));
9377 
9378 #if DOWNLOAD_CONST_COUNT != 8
9379 #error "Download Const Mismatch"
9380 #endif
9381 	/*
9382 	 * Start out with 0 critical sections
9383 	 * that apply to this firmware load.
9384 	 */
9385 	cs_count = 0;
9386 	cur_cs = 0;
9387 	memset(begin_set, 0, sizeof(begin_set));
9388 	memset(end_set, 0, sizeof(end_set));
9389 
9390 	/*
9391 	 * Setup downloadable constant table.
9392 	 *
9393 	 * The computation for the S/G prefetch variables is
9394 	 * a bit complicated.  We would like to always fetch
9395 	 * in terms of cachelined sized increments.  However,
9396 	 * if the cacheline is not an even multiple of the
9397 	 * SG element size or is larger than our SG RAM, using
9398 	 * just the cache size might leave us with only a portion
9399 	 * of an SG element at the tail of a prefetch.  If the
9400 	 * cacheline is larger than our S/G prefetch buffer less
9401 	 * the size of an SG element, we may round down to a cacheline
9402 	 * that doesn't contain any or all of the S/G of interest
9403 	 * within the bounds of our S/G ram.  Provide variables to
9404 	 * the sequencer that will allow it to handle these edge
9405 	 * cases.
9406 	 */
9407 	/* Start by aligning to the nearest cacheline. */
9408 	sg_prefetch_align = ahd->pci_cachesize;
9409 	if (sg_prefetch_align == 0)
9410 		sg_prefetch_align = 8;
9411 	/* Round down to the nearest power of 2. */
9412 	while (powerof2(sg_prefetch_align) == 0)
9413 		sg_prefetch_align--;
9414 
9415 	cacheline_mask = sg_prefetch_align - 1;
9416 
9417 	/*
9418 	 * If the cacheline boundary is greater than half our prefetch RAM
9419 	 * we risk not being able to fetch even a single complete S/G
9420 	 * segment if we align to that boundary.
9421 	 */
9422 	if (sg_prefetch_align > CCSGADDR_MAX/2)
9423 		sg_prefetch_align = CCSGADDR_MAX/2;
9424 	/* Start by fetching a single cacheline. */
9425 	sg_prefetch_cnt = sg_prefetch_align;
9426 	/*
9427 	 * Increment the prefetch count by cachelines until
9428 	 * at least one S/G element will fit.
9429 	 */
9430 	sg_size = sizeof(struct ahd_dma_seg);
9431 	if ((ahd->flags & AHD_64BIT_ADDRESSING) != 0)
9432 		sg_size = sizeof(struct ahd_dma64_seg);
9433 	while (sg_prefetch_cnt < sg_size)
9434 		sg_prefetch_cnt += sg_prefetch_align;
9435 	/*
9436 	 * If the cacheline is not an even multiple of
9437 	 * the S/G size, we may only get a partial S/G when
9438 	 * we align. Add a cacheline if this is the case.
9439 	 */
9440 	if ((sg_prefetch_align % sg_size) != 0
9441 	 && (sg_prefetch_cnt < CCSGADDR_MAX))
9442 		sg_prefetch_cnt += sg_prefetch_align;
9443 	/*
9444 	 * Lastly, compute a value that the sequencer can use
9445 	 * to determine if the remainder of the CCSGRAM buffer
9446 	 * has a full S/G element in it.
9447 	 */
9448 	sg_prefetch_cnt_limit = -(sg_prefetch_cnt - sg_size + 1);
9449 	download_consts[SG_PREFETCH_CNT] = sg_prefetch_cnt;
9450 	download_consts[SG_PREFETCH_CNT_LIMIT] = sg_prefetch_cnt_limit;
9451 	download_consts[SG_PREFETCH_ALIGN_MASK] = ~(sg_prefetch_align - 1);
9452 	download_consts[SG_PREFETCH_ADDR_MASK] = (sg_prefetch_align - 1);
9453 	download_consts[SG_SIZEOF] = sg_size;
9454 	download_consts[PKT_OVERRUN_BUFOFFSET] =
9455 		(ahd->overrun_buf - (uint8_t *)ahd->qoutfifo) / 256;
9456 	download_consts[SCB_TRANSFER_SIZE] = SCB_TRANSFER_SIZE_1BYTE_LUN;
9457 	download_consts[CACHELINE_MASK] = cacheline_mask;
9458 	cur_patch = patches;
9459 	downloaded = 0;
9460 	skip_addr = 0;
9461 	ahd_outb(ahd, SEQCTL0, PERRORDIS|FAILDIS|FASTMODE|LOADRAM);
9462 	ahd_outw(ahd, PRGMCNT, 0);
9463 
9464 	for (i = 0; i < sizeof(seqprog)/4; i++) {
9465 		if (ahd_check_patch(ahd, &cur_patch, i, &skip_addr) == 0) {
9466 			/*
9467 			 * Don't download this instruction as it
9468 			 * is in a patch that was removed.
9469 			 */
9470 			continue;
9471 		}
9472 		/*
9473 		 * Move through the CS table until we find a CS
9474 		 * that might apply to this instruction.
9475 		 */
9476 		for (; cur_cs < num_critical_sections; cur_cs++) {
9477 			if (critical_sections[cur_cs].end <= i) {
9478 				if (begin_set[cs_count] == TRUE
9479 				 && end_set[cs_count] == FALSE) {
9480 					cs_table[cs_count].end = downloaded;
9481 				 	end_set[cs_count] = TRUE;
9482 					cs_count++;
9483 				}
9484 				continue;
9485 			}
9486 			if (critical_sections[cur_cs].begin <= i
9487 			 && begin_set[cs_count] == FALSE) {
9488 				cs_table[cs_count].begin = downloaded;
9489 				begin_set[cs_count] = TRUE;
9490 			}
9491 			break;
9492 		}
9493 		ahd_download_instr(ahd, i, download_consts);
9494 		downloaded++;
9495 	}
9496 
9497 	ahd->num_critical_sections = cs_count;
9498 	if (cs_count != 0) {
9499 
9500 		cs_count *= sizeof(struct cs);
9501 		ahd->critical_sections = malloc(cs_count, M_DEVBUF, M_NOWAIT);
9502 		if (ahd->critical_sections == NULL)
9503 			panic("ahd_loadseq: Could not malloc");
9504 		memcpy(ahd->critical_sections, cs_table, cs_count);
9505 	}
9506 	ahd_outb(ahd, SEQCTL0, PERRORDIS|FAILDIS|FASTMODE);
9507 
9508 	if (bootverbose) {
9509 		printf(" %d instructions downloaded\n", downloaded);
9510 		printf("%s: Features 0x%x, Bugs 0x%x, Flags 0x%x\n",
9511 		       ahd_name(ahd), ahd->features, ahd->bugs, ahd->flags);
9512 	}
9513 }
9514 
9515 static int
9516 ahd_check_patch(struct ahd_softc *ahd, const struct patch **start_patch,
9517 		u_int start_instr, u_int *skip_addr)
9518 {
9519 	const struct patch *cur_patch;
9520 	const struct patch *last_patch;
9521 	u_int	num_patches;
9522 
9523 	num_patches = ARRAY_SIZE(patches);
9524 	last_patch = &patches[num_patches];
9525 	cur_patch = *start_patch;
9526 
9527 	while (cur_patch < last_patch && start_instr == cur_patch->begin) {
9528 
9529 		if (cur_patch->patch_func(ahd) == 0) {
9530 
9531 			/* Start rejecting code */
9532 			*skip_addr = start_instr + cur_patch->skip_instr;
9533 			cur_patch += cur_patch->skip_patch;
9534 		} else {
9535 			/* Accepted this patch.  Advance to the next
9536 			 * one and wait for our intruction pointer to
9537 			 * hit this point.
9538 			 */
9539 			cur_patch++;
9540 		}
9541 	}
9542 
9543 	*start_patch = cur_patch;
9544 	if (start_instr < *skip_addr)
9545 		/* Still skipping */
9546 		return (0);
9547 
9548 	return (1);
9549 }
9550 
9551 static u_int
9552 ahd_resolve_seqaddr(struct ahd_softc *ahd, u_int address)
9553 {
9554 	const struct patch *cur_patch;
9555 	int address_offset;
9556 	u_int skip_addr;
9557 	u_int i;
9558 
9559 	address_offset = 0;
9560 	cur_patch = patches;
9561 	skip_addr = 0;
9562 
9563 	for (i = 0; i < address;) {
9564 
9565 		ahd_check_patch(ahd, &cur_patch, i, &skip_addr);
9566 
9567 		if (skip_addr > i) {
9568 			int end_addr;
9569 
9570 			end_addr = min(address, skip_addr);
9571 			address_offset += end_addr - i;
9572 			i = skip_addr;
9573 		} else {
9574 			i++;
9575 		}
9576 	}
9577 	return (address - address_offset);
9578 }
9579 
9580 static void
9581 ahd_download_instr(struct ahd_softc *ahd, u_int instrptr, uint8_t *dconsts)
9582 {
9583 	union	ins_formats instr;
9584 	struct	ins_format1 *fmt1_ins;
9585 	struct	ins_format3 *fmt3_ins;
9586 	u_int	opcode;
9587 
9588 	/*
9589 	 * The firmware is always compiled into a little endian format.
9590 	 */
9591 	instr.integer = ahd_le32toh(*(uint32_t*)&seqprog[instrptr * 4]);
9592 
9593 	fmt1_ins = &instr.format1;
9594 	fmt3_ins = NULL;
9595 
9596 	/* Pull the opcode */
9597 	opcode = instr.format1.opcode;
9598 	switch (opcode) {
9599 	case AIC_OP_JMP:
9600 	case AIC_OP_JC:
9601 	case AIC_OP_JNC:
9602 	case AIC_OP_CALL:
9603 	case AIC_OP_JNE:
9604 	case AIC_OP_JNZ:
9605 	case AIC_OP_JE:
9606 	case AIC_OP_JZ:
9607 	{
9608 		fmt3_ins = &instr.format3;
9609 		fmt3_ins->address = ahd_resolve_seqaddr(ahd, fmt3_ins->address);
9610 		/* FALLTHROUGH */
9611 	}
9612 	case AIC_OP_OR:
9613 	case AIC_OP_AND:
9614 	case AIC_OP_XOR:
9615 	case AIC_OP_ADD:
9616 	case AIC_OP_ADC:
9617 	case AIC_OP_BMOV:
9618 		if (fmt1_ins->parity != 0) {
9619 			fmt1_ins->immediate = dconsts[fmt1_ins->immediate];
9620 		}
9621 		fmt1_ins->parity = 0;
9622 		/* FALLTHROUGH */
9623 	case AIC_OP_ROL:
9624 	{
9625 		int i, count;
9626 
9627 		/* Calculate odd parity for the instruction */
9628 		for (i = 0, count = 0; i < 31; i++) {
9629 			uint32_t mask;
9630 
9631 			mask = 0x01 << i;
9632 			if ((instr.integer & mask) != 0)
9633 				count++;
9634 		}
9635 		if ((count & 0x01) == 0)
9636 			instr.format1.parity = 1;
9637 
9638 		/* The sequencer is a little endian cpu */
9639 		instr.integer = ahd_htole32(instr.integer);
9640 		ahd_outsb(ahd, SEQRAM, instr.bytes, 4);
9641 		break;
9642 	}
9643 	default:
9644 		panic("Unknown opcode encountered in seq program");
9645 		break;
9646 	}
9647 }
9648 
9649 static int
9650 ahd_probe_stack_size(struct ahd_softc *ahd)
9651 {
9652 	int last_probe;
9653 
9654 	last_probe = 0;
9655 	while (1) {
9656 		int i;
9657 
9658 		/*
9659 		 * We avoid using 0 as a pattern to avoid
9660 		 * confusion if the stack implementation
9661 		 * "back-fills" with zeros when "poping'
9662 		 * entries.
9663 		 */
9664 		for (i = 1; i <= last_probe+1; i++) {
9665 		       ahd_outb(ahd, STACK, i & 0xFF);
9666 		       ahd_outb(ahd, STACK, (i >> 8) & 0xFF);
9667 		}
9668 
9669 		/* Verify */
9670 		for (i = last_probe+1; i > 0; i--) {
9671 			u_int stack_entry;
9672 
9673 			stack_entry = ahd_inb(ahd, STACK)
9674 				    |(ahd_inb(ahd, STACK) << 8);
9675 			if (stack_entry != i)
9676 				goto sized;
9677 		}
9678 		last_probe++;
9679 	}
9680 sized:
9681 	return (last_probe);
9682 }
9683 
9684 int
9685 ahd_print_register(const ahd_reg_parse_entry_t *table, u_int num_entries,
9686 		   const char *name, u_int address, u_int value,
9687 		   u_int *cur_column, u_int wrap_point)
9688 {
9689 	int	printed;
9690 	u_int	printed_mask;
9691 
9692 	if (cur_column != NULL && *cur_column >= wrap_point) {
9693 		printf("\n");
9694 		*cur_column = 0;
9695 	}
9696 	printed = printf("%s[0x%x]", name, value);
9697 	if (table == NULL) {
9698 		printed += printf(" ");
9699 		*cur_column += printed;
9700 		return (printed);
9701 	}
9702 	printed_mask = 0;
9703 	while (printed_mask != 0xFF) {
9704 		int entry;
9705 
9706 		for (entry = 0; entry < num_entries; entry++) {
9707 			if (((value & table[entry].mask)
9708 			  != table[entry].value)
9709 			 || ((printed_mask & table[entry].mask)
9710 			  == table[entry].mask))
9711 				continue;
9712 
9713 			printed += printf("%s%s",
9714 					  printed_mask == 0 ? ":(" : "|",
9715 					  table[entry].name);
9716 			printed_mask |= table[entry].mask;
9717 
9718 			break;
9719 		}
9720 		if (entry >= num_entries)
9721 			break;
9722 	}
9723 	if (printed_mask != 0)
9724 		printed += printf(") ");
9725 	else
9726 		printed += printf(" ");
9727 	if (cur_column != NULL)
9728 		*cur_column += printed;
9729 	return (printed);
9730 }
9731 
9732 void
9733 ahd_dump_card_state(struct ahd_softc *ahd)
9734 {
9735 	struct scb	*scb;
9736 	ahd_mode_state	 saved_modes;
9737 	u_int		 dffstat;
9738 	int		 paused;
9739 	u_int		 scb_index;
9740 	u_int		 saved_scb_index;
9741 	u_int		 cur_col;
9742 	int		 i;
9743 
9744 	if (ahd_is_paused(ahd)) {
9745 		paused = 1;
9746 	} else {
9747 		paused = 0;
9748 		ahd_pause(ahd);
9749 	}
9750 	saved_modes = ahd_save_modes(ahd);
9751 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
9752 	printf(">>>>>>>>>>>>>>>>>> Dump Card State Begins <<<<<<<<<<<<<<<<<\n"
9753 	       "%s: Dumping Card State at program address 0x%x Mode 0x%x\n",
9754 	       ahd_name(ahd),
9755 	       ahd_inw(ahd, CURADDR),
9756 	       ahd_build_mode_state(ahd, ahd->saved_src_mode,
9757 				    ahd->saved_dst_mode));
9758 	if (paused)
9759 		printf("Card was paused\n");
9760 
9761 	if (ahd_check_cmdcmpltqueues(ahd))
9762 		printf("Completions are pending\n");
9763 
9764 	/*
9765 	 * Mode independent registers.
9766 	 */
9767 	cur_col = 0;
9768 	ahd_intstat_print(ahd_inb(ahd, INTSTAT), &cur_col, 50);
9769 	ahd_seloid_print(ahd_inb(ahd, SELOID), &cur_col, 50);
9770 	ahd_selid_print(ahd_inb(ahd, SELID), &cur_col, 50);
9771 	ahd_hs_mailbox_print(ahd_inb(ahd, LOCAL_HS_MAILBOX), &cur_col, 50);
9772 	ahd_intctl_print(ahd_inb(ahd, INTCTL), &cur_col, 50);
9773 	ahd_seqintstat_print(ahd_inb(ahd, SEQINTSTAT), &cur_col, 50);
9774 	ahd_saved_mode_print(ahd_inb(ahd, SAVED_MODE), &cur_col, 50);
9775 	ahd_dffstat_print(ahd_inb(ahd, DFFSTAT), &cur_col, 50);
9776 	ahd_scsisigi_print(ahd_inb(ahd, SCSISIGI), &cur_col, 50);
9777 	ahd_scsiphase_print(ahd_inb(ahd, SCSIPHASE), &cur_col, 50);
9778 	ahd_scsibus_print(ahd_inb(ahd, SCSIBUS), &cur_col, 50);
9779 	ahd_lastphase_print(ahd_inb(ahd, LASTPHASE), &cur_col, 50);
9780 	ahd_scsiseq0_print(ahd_inb(ahd, SCSISEQ0), &cur_col, 50);
9781 	ahd_scsiseq1_print(ahd_inb(ahd, SCSISEQ1), &cur_col, 50);
9782 	ahd_seqctl0_print(ahd_inb(ahd, SEQCTL0), &cur_col, 50);
9783 	ahd_seqintctl_print(ahd_inb(ahd, SEQINTCTL), &cur_col, 50);
9784 	ahd_seq_flags_print(ahd_inb(ahd, SEQ_FLAGS), &cur_col, 50);
9785 	ahd_seq_flags2_print(ahd_inb(ahd, SEQ_FLAGS2), &cur_col, 50);
9786 	ahd_qfreeze_count_print(ahd_inw(ahd, QFREEZE_COUNT), &cur_col, 50);
9787 	ahd_kernel_qfreeze_count_print(ahd_inw(ahd, KERNEL_QFREEZE_COUNT),
9788 				       &cur_col, 50);
9789 	ahd_mk_message_scb_print(ahd_inw(ahd, MK_MESSAGE_SCB), &cur_col, 50);
9790 	ahd_mk_message_scsiid_print(ahd_inb(ahd, MK_MESSAGE_SCSIID),
9791 				    &cur_col, 50);
9792 	ahd_sstat0_print(ahd_inb(ahd, SSTAT0), &cur_col, 50);
9793 	ahd_sstat1_print(ahd_inb(ahd, SSTAT1), &cur_col, 50);
9794 	ahd_sstat2_print(ahd_inb(ahd, SSTAT2), &cur_col, 50);
9795 	ahd_sstat3_print(ahd_inb(ahd, SSTAT3), &cur_col, 50);
9796 	ahd_perrdiag_print(ahd_inb(ahd, PERRDIAG), &cur_col, 50);
9797 	ahd_simode1_print(ahd_inb(ahd, SIMODE1), &cur_col, 50);
9798 	ahd_lqistat0_print(ahd_inb(ahd, LQISTAT0), &cur_col, 50);
9799 	ahd_lqistat1_print(ahd_inb(ahd, LQISTAT1), &cur_col, 50);
9800 	ahd_lqistat2_print(ahd_inb(ahd, LQISTAT2), &cur_col, 50);
9801 	ahd_lqostat0_print(ahd_inb(ahd, LQOSTAT0), &cur_col, 50);
9802 	ahd_lqostat1_print(ahd_inb(ahd, LQOSTAT1), &cur_col, 50);
9803 	ahd_lqostat2_print(ahd_inb(ahd, LQOSTAT2), &cur_col, 50);
9804 	printf("\n");
9805 	printf("\nSCB Count = %d CMDS_PENDING = %d LASTSCB 0x%x "
9806 	       "CURRSCB 0x%x NEXTSCB 0x%x\n",
9807 	       ahd->scb_data.numscbs, ahd_inw(ahd, CMDS_PENDING),
9808 	       ahd_inw(ahd, LASTSCB), ahd_inw(ahd, CURRSCB),
9809 	       ahd_inw(ahd, NEXTSCB));
9810 	cur_col = 0;
9811 	/* QINFIFO */
9812 	ahd_search_qinfifo(ahd, CAM_TARGET_WILDCARD, ALL_CHANNELS,
9813 			   CAM_LUN_WILDCARD, SCB_LIST_NULL,
9814 			   ROLE_UNKNOWN, /*status*/0, SEARCH_PRINT);
9815 	saved_scb_index = ahd_get_scbptr(ahd);
9816 	printf("Pending list:");
9817 	i = 0;
9818 	LIST_FOREACH(scb, &ahd->pending_scbs, pending_links) {
9819 		if (i++ > AHD_SCB_MAX)
9820 			break;
9821 		cur_col = printf("\n%3d FIFO_USE[0x%x] ", SCB_GET_TAG(scb),
9822 				 ahd_inb_scbram(ahd, SCB_FIFO_USE_COUNT));
9823 		ahd_set_scbptr(ahd, SCB_GET_TAG(scb));
9824 		ahd_scb_control_print(ahd_inb_scbram(ahd, SCB_CONTROL),
9825 				      &cur_col, 60);
9826 		ahd_scb_scsiid_print(ahd_inb_scbram(ahd, SCB_SCSIID),
9827 				     &cur_col, 60);
9828 	}
9829 	printf("\nTotal %d\n", i);
9830 
9831 	printf("Kernel Free SCB list: ");
9832 	i = 0;
9833 	TAILQ_FOREACH(scb, &ahd->scb_data.free_scbs, links.tqe) {
9834 		struct scb *list_scb;
9835 
9836 		list_scb = scb;
9837 		do {
9838 			printf("%d ", SCB_GET_TAG(list_scb));
9839 			list_scb = LIST_NEXT(list_scb, collision_links);
9840 		} while (list_scb && i++ < AHD_SCB_MAX);
9841 	}
9842 
9843 	LIST_FOREACH(scb, &ahd->scb_data.any_dev_free_scb_list, links.le) {
9844 		if (i++ > AHD_SCB_MAX)
9845 			break;
9846 		printf("%d ", SCB_GET_TAG(scb));
9847 	}
9848 	printf("\n");
9849 
9850 	printf("Sequencer Complete DMA-inprog list: ");
9851 	scb_index = ahd_inw(ahd, COMPLETE_SCB_DMAINPROG_HEAD);
9852 	i = 0;
9853 	while (!SCBID_IS_NULL(scb_index) && i++ < AHD_SCB_MAX) {
9854 		ahd_set_scbptr(ahd, scb_index);
9855 		printf("%d ", scb_index);
9856 		scb_index = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
9857 	}
9858 	printf("\n");
9859 
9860 	printf("Sequencer Complete list: ");
9861 	scb_index = ahd_inw(ahd, COMPLETE_SCB_HEAD);
9862 	i = 0;
9863 	while (!SCBID_IS_NULL(scb_index) && i++ < AHD_SCB_MAX) {
9864 		ahd_set_scbptr(ahd, scb_index);
9865 		printf("%d ", scb_index);
9866 		scb_index = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
9867 	}
9868 	printf("\n");
9869 
9870 
9871 	printf("Sequencer DMA-Up and Complete list: ");
9872 	scb_index = ahd_inw(ahd, COMPLETE_DMA_SCB_HEAD);
9873 	i = 0;
9874 	while (!SCBID_IS_NULL(scb_index) && i++ < AHD_SCB_MAX) {
9875 		ahd_set_scbptr(ahd, scb_index);
9876 		printf("%d ", scb_index);
9877 		scb_index = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
9878 	}
9879 	printf("\n");
9880 	printf("Sequencer On QFreeze and Complete list: ");
9881 	scb_index = ahd_inw(ahd, COMPLETE_ON_QFREEZE_HEAD);
9882 	i = 0;
9883 	while (!SCBID_IS_NULL(scb_index) && i++ < AHD_SCB_MAX) {
9884 		ahd_set_scbptr(ahd, scb_index);
9885 		printf("%d ", scb_index);
9886 		scb_index = ahd_inw_scbram(ahd, SCB_NEXT_COMPLETE);
9887 	}
9888 	printf("\n");
9889 	ahd_set_scbptr(ahd, saved_scb_index);
9890 	dffstat = ahd_inb(ahd, DFFSTAT);
9891 	for (i = 0; i < 2; i++) {
9892 #ifdef AHD_DEBUG
9893 		struct scb *fifo_scb;
9894 #endif
9895 		u_int	    fifo_scbptr;
9896 
9897 		ahd_set_modes(ahd, AHD_MODE_DFF0 + i, AHD_MODE_DFF0 + i);
9898 		fifo_scbptr = ahd_get_scbptr(ahd);
9899 		printf("\n\n%s: FIFO%d %s, LONGJMP == 0x%x, SCB 0x%x\n",
9900 		       ahd_name(ahd), i,
9901 		       (dffstat & (FIFO0FREE << i)) ? "Free" : "Active",
9902 		       ahd_inw(ahd, LONGJMP_ADDR), fifo_scbptr);
9903 		cur_col = 0;
9904 		ahd_seqimode_print(ahd_inb(ahd, SEQIMODE), &cur_col, 50);
9905 		ahd_seqintsrc_print(ahd_inb(ahd, SEQINTSRC), &cur_col, 50);
9906 		ahd_dfcntrl_print(ahd_inb(ahd, DFCNTRL), &cur_col, 50);
9907 		ahd_dfstatus_print(ahd_inb(ahd, DFSTATUS), &cur_col, 50);
9908 		ahd_sg_cache_shadow_print(ahd_inb(ahd, SG_CACHE_SHADOW),
9909 					  &cur_col, 50);
9910 		ahd_sg_state_print(ahd_inb(ahd, SG_STATE), &cur_col, 50);
9911 		ahd_dffsxfrctl_print(ahd_inb(ahd, DFFSXFRCTL), &cur_col, 50);
9912 		ahd_soffcnt_print(ahd_inb(ahd, SOFFCNT), &cur_col, 50);
9913 		ahd_mdffstat_print(ahd_inb(ahd, MDFFSTAT), &cur_col, 50);
9914 		if (cur_col > 50) {
9915 			printf("\n");
9916 			cur_col = 0;
9917 		}
9918 		cur_col += printf("SHADDR = 0x%x%x, SHCNT = 0x%x ",
9919 				  ahd_inl(ahd, SHADDR+4),
9920 				  ahd_inl(ahd, SHADDR),
9921 				  (ahd_inb(ahd, SHCNT)
9922 				| (ahd_inb(ahd, SHCNT + 1) << 8)
9923 				| (ahd_inb(ahd, SHCNT + 2) << 16)));
9924 		if (cur_col > 50) {
9925 			printf("\n");
9926 			cur_col = 0;
9927 		}
9928 		cur_col += printf("HADDR = 0x%x%x, HCNT = 0x%x ",
9929 				  ahd_inl(ahd, HADDR+4),
9930 				  ahd_inl(ahd, HADDR),
9931 				  (ahd_inb(ahd, HCNT)
9932 				| (ahd_inb(ahd, HCNT + 1) << 8)
9933 				| (ahd_inb(ahd, HCNT + 2) << 16)));
9934 		ahd_ccsgctl_print(ahd_inb(ahd, CCSGCTL), &cur_col, 50);
9935 #ifdef AHD_DEBUG
9936 		if ((ahd_debug & AHD_SHOW_SG) != 0) {
9937 			fifo_scb = ahd_lookup_scb(ahd, fifo_scbptr);
9938 			if (fifo_scb != NULL)
9939 				ahd_dump_sglist(fifo_scb);
9940 		}
9941 #endif
9942 	}
9943 	printf("\nLQIN: ");
9944 	for (i = 0; i < 20; i++)
9945 		printf("0x%x ", ahd_inb(ahd, LQIN + i));
9946 	printf("\n");
9947 	ahd_set_modes(ahd, AHD_MODE_CFG, AHD_MODE_CFG);
9948 	printf("%s: LQISTATE = 0x%x, LQOSTATE = 0x%x, OPTIONMODE = 0x%x\n",
9949 	       ahd_name(ahd), ahd_inb(ahd, LQISTATE), ahd_inb(ahd, LQOSTATE),
9950 	       ahd_inb(ahd, OPTIONMODE));
9951 	printf("%s: OS_SPACE_CNT = 0x%x MAXCMDCNT = 0x%x\n",
9952 	       ahd_name(ahd), ahd_inb(ahd, OS_SPACE_CNT),
9953 	       ahd_inb(ahd, MAXCMDCNT));
9954 	printf("%s: SAVED_SCSIID = 0x%x SAVED_LUN = 0x%x\n",
9955 	       ahd_name(ahd), ahd_inb(ahd, SAVED_SCSIID),
9956 	       ahd_inb(ahd, SAVED_LUN));
9957 	ahd_simode0_print(ahd_inb(ahd, SIMODE0), &cur_col, 50);
9958 	printf("\n");
9959 	ahd_set_modes(ahd, AHD_MODE_CCHAN, AHD_MODE_CCHAN);
9960 	cur_col = 0;
9961 	ahd_ccscbctl_print(ahd_inb(ahd, CCSCBCTL), &cur_col, 50);
9962 	printf("\n");
9963 	ahd_set_modes(ahd, ahd->saved_src_mode, ahd->saved_dst_mode);
9964 	printf("%s: REG0 == 0x%x, SINDEX = 0x%x, DINDEX = 0x%x\n",
9965 	       ahd_name(ahd), ahd_inw(ahd, REG0), ahd_inw(ahd, SINDEX),
9966 	       ahd_inw(ahd, DINDEX));
9967 	printf("%s: SCBPTR == 0x%x, SCB_NEXT == 0x%x, SCB_NEXT2 == 0x%x\n",
9968 	       ahd_name(ahd), ahd_get_scbptr(ahd),
9969 	       ahd_inw_scbram(ahd, SCB_NEXT),
9970 	       ahd_inw_scbram(ahd, SCB_NEXT2));
9971 	printf("CDB %x %x %x %x %x %x\n",
9972 	       ahd_inb_scbram(ahd, SCB_CDB_STORE),
9973 	       ahd_inb_scbram(ahd, SCB_CDB_STORE+1),
9974 	       ahd_inb_scbram(ahd, SCB_CDB_STORE+2),
9975 	       ahd_inb_scbram(ahd, SCB_CDB_STORE+3),
9976 	       ahd_inb_scbram(ahd, SCB_CDB_STORE+4),
9977 	       ahd_inb_scbram(ahd, SCB_CDB_STORE+5));
9978 	printf("STACK:");
9979 	for (i = 0; i < ahd->stack_size; i++) {
9980 		ahd->saved_stack[i] =
9981 		    ahd_inb(ahd, STACK)|(ahd_inb(ahd, STACK) << 8);
9982 		printf(" 0x%x", ahd->saved_stack[i]);
9983 	}
9984 	for (i = ahd->stack_size-1; i >= 0; i--) {
9985 		ahd_outb(ahd, STACK, ahd->saved_stack[i] & 0xFF);
9986 		ahd_outb(ahd, STACK, (ahd->saved_stack[i] >> 8) & 0xFF);
9987 	}
9988 	printf("\n<<<<<<<<<<<<<<<<< Dump Card State Ends >>>>>>>>>>>>>>>>>>\n");
9989 	ahd_restore_modes(ahd, saved_modes);
9990 	if (paused == 0)
9991 		ahd_unpause(ahd);
9992 }
9993 
9994 #if 0
9995 void
9996 ahd_dump_scbs(struct ahd_softc *ahd)
9997 {
9998 	ahd_mode_state saved_modes;
9999 	u_int	       saved_scb_index;
10000 	int	       i;
10001 
10002 	saved_modes = ahd_save_modes(ahd);
10003 	ahd_set_modes(ahd, AHD_MODE_SCSI, AHD_MODE_SCSI);
10004 	saved_scb_index = ahd_get_scbptr(ahd);
10005 	for (i = 0; i < AHD_SCB_MAX; i++) {
10006 		ahd_set_scbptr(ahd, i);
10007 		printf("%3d", i);
10008 		printf("(CTRL 0x%x ID 0x%x N 0x%x N2 0x%x SG 0x%x, RSG 0x%x)\n",
10009 		       ahd_inb_scbram(ahd, SCB_CONTROL),
10010 		       ahd_inb_scbram(ahd, SCB_SCSIID),
10011 		       ahd_inw_scbram(ahd, SCB_NEXT),
10012 		       ahd_inw_scbram(ahd, SCB_NEXT2),
10013 		       ahd_inl_scbram(ahd, SCB_SGPTR),
10014 		       ahd_inl_scbram(ahd, SCB_RESIDUAL_SGPTR));
10015 	}
10016 	printf("\n");
10017 	ahd_set_scbptr(ahd, saved_scb_index);
10018 	ahd_restore_modes(ahd, saved_modes);
10019 }
10020 #endif  /*  0  */
10021 
10022 /**************************** Flexport Logic **********************************/
10023 /*
10024  * Read count 16bit words from 16bit word address start_addr from the
10025  * SEEPROM attached to the controller, into buf, using the controller's
10026  * SEEPROM reading state machine.  Optionally treat the data as a byte
10027  * stream in terms of byte order.
10028  */
10029 int
10030 ahd_read_seeprom(struct ahd_softc *ahd, uint16_t *buf,
10031 		 u_int start_addr, u_int count, int bytestream)
10032 {
10033 	u_int cur_addr;
10034 	u_int end_addr;
10035 	int   error;
10036 
10037 	/*
10038 	 * If we never make it through the loop even once,
10039 	 * we were passed invalid arguments.
10040 	 */
10041 	error = EINVAL;
10042 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
10043 	end_addr = start_addr + count;
10044 	for (cur_addr = start_addr; cur_addr < end_addr; cur_addr++) {
10045 
10046 		ahd_outb(ahd, SEEADR, cur_addr);
10047 		ahd_outb(ahd, SEECTL, SEEOP_READ | SEESTART);
10048 
10049 		error = ahd_wait_seeprom(ahd);
10050 		if (error)
10051 			break;
10052 		if (bytestream != 0) {
10053 			uint8_t *bytestream_ptr;
10054 
10055 			bytestream_ptr = (uint8_t *)buf;
10056 			*bytestream_ptr++ = ahd_inb(ahd, SEEDAT);
10057 			*bytestream_ptr = ahd_inb(ahd, SEEDAT+1);
10058 		} else {
10059 			/*
10060 			 * ahd_inw() already handles machine byte order.
10061 			 */
10062 			*buf = ahd_inw(ahd, SEEDAT);
10063 		}
10064 		buf++;
10065 	}
10066 	return (error);
10067 }
10068 
10069 /*
10070  * Write count 16bit words from buf, into SEEPROM attache to the
10071  * controller starting at 16bit word address start_addr, using the
10072  * controller's SEEPROM writing state machine.
10073  */
10074 int
10075 ahd_write_seeprom(struct ahd_softc *ahd, uint16_t *buf,
10076 		  u_int start_addr, u_int count)
10077 {
10078 	u_int cur_addr;
10079 	u_int end_addr;
10080 	int   error;
10081 	int   retval;
10082 
10083 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
10084 	error = ENOENT;
10085 
10086 	/* Place the chip into write-enable mode */
10087 	ahd_outb(ahd, SEEADR, SEEOP_EWEN_ADDR);
10088 	ahd_outb(ahd, SEECTL, SEEOP_EWEN | SEESTART);
10089 	error = ahd_wait_seeprom(ahd);
10090 	if (error)
10091 		return (error);
10092 
10093 	/*
10094 	 * Write the data.  If we don't get throught the loop at
10095 	 * least once, the arguments were invalid.
10096 	 */
10097 	retval = EINVAL;
10098 	end_addr = start_addr + count;
10099 	for (cur_addr = start_addr; cur_addr < end_addr; cur_addr++) {
10100 		ahd_outw(ahd, SEEDAT, *buf++);
10101 		ahd_outb(ahd, SEEADR, cur_addr);
10102 		ahd_outb(ahd, SEECTL, SEEOP_WRITE | SEESTART);
10103 
10104 		retval = ahd_wait_seeprom(ahd);
10105 		if (retval)
10106 			break;
10107 	}
10108 
10109 	/*
10110 	 * Disable writes.
10111 	 */
10112 	ahd_outb(ahd, SEEADR, SEEOP_EWDS_ADDR);
10113 	ahd_outb(ahd, SEECTL, SEEOP_EWDS | SEESTART);
10114 	error = ahd_wait_seeprom(ahd);
10115 	if (error)
10116 		return (error);
10117 	return (retval);
10118 }
10119 
10120 /*
10121  * Wait ~100us for the serial eeprom to satisfy our request.
10122  */
10123 static int
10124 ahd_wait_seeprom(struct ahd_softc *ahd)
10125 {
10126 	int cnt;
10127 
10128 	cnt = 5000;
10129 	while ((ahd_inb(ahd, SEESTAT) & (SEEARBACK|SEEBUSY)) != 0 && --cnt)
10130 		ahd_delay(5);
10131 
10132 	if (cnt == 0)
10133 		return (ETIMEDOUT);
10134 	return (0);
10135 }
10136 
10137 /*
10138  * Validate the two checksums in the per_channel
10139  * vital product data struct.
10140  */
10141 static int
10142 ahd_verify_vpd_cksum(struct vpd_config *vpd)
10143 {
10144 	int i;
10145 	int maxaddr;
10146 	uint32_t checksum;
10147 	uint8_t *vpdarray;
10148 
10149 	vpdarray = (uint8_t *)vpd;
10150 	maxaddr = offsetof(struct vpd_config, vpd_checksum);
10151 	checksum = 0;
10152 	for (i = offsetof(struct vpd_config, resource_type); i < maxaddr; i++)
10153 		checksum = checksum + vpdarray[i];
10154 	if (checksum == 0
10155 	 || (-checksum & 0xFF) != vpd->vpd_checksum)
10156 		return (0);
10157 
10158 	checksum = 0;
10159 	maxaddr = offsetof(struct vpd_config, checksum);
10160 	for (i = offsetof(struct vpd_config, default_target_flags);
10161 	     i < maxaddr; i++)
10162 		checksum = checksum + vpdarray[i];
10163 	if (checksum == 0
10164 	 || (-checksum & 0xFF) != vpd->checksum)
10165 		return (0);
10166 	return (1);
10167 }
10168 
10169 int
10170 ahd_verify_cksum(struct seeprom_config *sc)
10171 {
10172 	int i;
10173 	int maxaddr;
10174 	uint32_t checksum;
10175 	uint16_t *scarray;
10176 
10177 	maxaddr = (sizeof(*sc)/2) - 1;
10178 	checksum = 0;
10179 	scarray = (uint16_t *)sc;
10180 
10181 	for (i = 0; i < maxaddr; i++)
10182 		checksum = checksum + scarray[i];
10183 	if (checksum == 0
10184 	 || (checksum & 0xFFFF) != sc->checksum) {
10185 		return (0);
10186 	} else {
10187 		return (1);
10188 	}
10189 }
10190 
10191 int
10192 ahd_acquire_seeprom(struct ahd_softc *ahd)
10193 {
10194 	/*
10195 	 * We should be able to determine the SEEPROM type
10196 	 * from the flexport logic, but unfortunately not
10197 	 * all implementations have this logic and there is
10198 	 * no programatic method for determining if the logic
10199 	 * is present.
10200 	 */
10201 	return (1);
10202 #if 0
10203 	uint8_t	seetype;
10204 	int	error;
10205 
10206 	error = ahd_read_flexport(ahd, FLXADDR_ROMSTAT_CURSENSECTL, &seetype);
10207 	if (error != 0
10208          || ((seetype & FLX_ROMSTAT_SEECFG) == FLX_ROMSTAT_SEE_NONE))
10209 		return (0);
10210 	return (1);
10211 #endif
10212 }
10213 
10214 void
10215 ahd_release_seeprom(struct ahd_softc *ahd)
10216 {
10217 	/* Currently a no-op */
10218 }
10219 
10220 /*
10221  * Wait at most 2 seconds for flexport arbitration to succeed.
10222  */
10223 static int
10224 ahd_wait_flexport(struct ahd_softc *ahd)
10225 {
10226 	int cnt;
10227 
10228 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
10229 	cnt = 1000000 * 2 / 5;
10230 	while ((ahd_inb(ahd, BRDCTL) & FLXARBACK) == 0 && --cnt)
10231 		ahd_delay(5);
10232 
10233 	if (cnt == 0)
10234 		return (ETIMEDOUT);
10235 	return (0);
10236 }
10237 
10238 int
10239 ahd_write_flexport(struct ahd_softc *ahd, u_int addr, u_int value)
10240 {
10241 	int error;
10242 
10243 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
10244 	if (addr > 7)
10245 		panic("ahd_write_flexport: address out of range");
10246 	ahd_outb(ahd, BRDCTL, BRDEN|(addr << 3));
10247 	error = ahd_wait_flexport(ahd);
10248 	if (error != 0)
10249 		return (error);
10250 	ahd_outb(ahd, BRDDAT, value);
10251 	ahd_flush_device_writes(ahd);
10252 	ahd_outb(ahd, BRDCTL, BRDSTB|BRDEN|(addr << 3));
10253 	ahd_flush_device_writes(ahd);
10254 	ahd_outb(ahd, BRDCTL, BRDEN|(addr << 3));
10255 	ahd_flush_device_writes(ahd);
10256 	ahd_outb(ahd, BRDCTL, 0);
10257 	ahd_flush_device_writes(ahd);
10258 	return (0);
10259 }
10260 
10261 int
10262 ahd_read_flexport(struct ahd_softc *ahd, u_int addr, uint8_t *value)
10263 {
10264 	int	error;
10265 
10266 	AHD_ASSERT_MODES(ahd, AHD_MODE_SCSI_MSK, AHD_MODE_SCSI_MSK);
10267 	if (addr > 7)
10268 		panic("ahd_read_flexport: address out of range");
10269 	ahd_outb(ahd, BRDCTL, BRDRW|BRDEN|(addr << 3));
10270 	error = ahd_wait_flexport(ahd);
10271 	if (error != 0)
10272 		return (error);
10273 	*value = ahd_inb(ahd, BRDDAT);
10274 	ahd_outb(ahd, BRDCTL, 0);
10275 	ahd_flush_device_writes(ahd);
10276 	return (0);
10277 }
10278 
10279 /************************* Target Mode ****************************************/
10280 #ifdef AHD_TARGET_MODE
10281 cam_status
10282 ahd_find_tmode_devs(struct ahd_softc *ahd, struct cam_sim *sim, union ccb *ccb,
10283 		    struct ahd_tmode_tstate **tstate,
10284 		    struct ahd_tmode_lstate **lstate,
10285 		    int notfound_failure)
10286 {
10287 
10288 	if ((ahd->features & AHD_TARGETMODE) == 0)
10289 		return (CAM_REQ_INVALID);
10290 
10291 	/*
10292 	 * Handle the 'black hole' device that sucks up
10293 	 * requests to unattached luns on enabled targets.
10294 	 */
10295 	if (ccb->ccb_h.target_id == CAM_TARGET_WILDCARD
10296 	 && ccb->ccb_h.target_lun == CAM_LUN_WILDCARD) {
10297 		*tstate = NULL;
10298 		*lstate = ahd->black_hole;
10299 	} else {
10300 		u_int max_id;
10301 
10302 		max_id = (ahd->features & AHD_WIDE) ? 16 : 8;
10303 		if (ccb->ccb_h.target_id >= max_id)
10304 			return (CAM_TID_INVALID);
10305 
10306 		if (ccb->ccb_h.target_lun >= AHD_NUM_LUNS)
10307 			return (CAM_LUN_INVALID);
10308 
10309 		*tstate = ahd->enabled_targets[ccb->ccb_h.target_id];
10310 		*lstate = NULL;
10311 		if (*tstate != NULL)
10312 			*lstate =
10313 			    (*tstate)->enabled_luns[ccb->ccb_h.target_lun];
10314 	}
10315 
10316 	if (notfound_failure != 0 && *lstate == NULL)
10317 		return (CAM_PATH_INVALID);
10318 
10319 	return (CAM_REQ_CMP);
10320 }
10321 
10322 void
10323 ahd_handle_en_lun(struct ahd_softc *ahd, struct cam_sim *sim, union ccb *ccb)
10324 {
10325 #if NOT_YET
10326 	struct	   ahd_tmode_tstate *tstate;
10327 	struct	   ahd_tmode_lstate *lstate;
10328 	struct	   ccb_en_lun *cel;
10329 	cam_status status;
10330 	u_int	   target;
10331 	u_int	   lun;
10332 	u_int	   target_mask;
10333 	u_long	   s;
10334 	char	   channel;
10335 
10336 	status = ahd_find_tmode_devs(ahd, sim, ccb, &tstate, &lstate,
10337 				     /*notfound_failure*/FALSE);
10338 
10339 	if (status != CAM_REQ_CMP) {
10340 		ccb->ccb_h.status = status;
10341 		return;
10342 	}
10343 
10344 	if ((ahd->features & AHD_MULTIROLE) != 0) {
10345 		u_int	   our_id;
10346 
10347 		our_id = ahd->our_id;
10348 		if (ccb->ccb_h.target_id != our_id) {
10349 			if ((ahd->features & AHD_MULTI_TID) != 0
10350 		   	 && (ahd->flags & AHD_INITIATORROLE) != 0) {
10351 				/*
10352 				 * Only allow additional targets if
10353 				 * the initiator role is disabled.
10354 				 * The hardware cannot handle a re-select-in
10355 				 * on the initiator id during a re-select-out
10356 				 * on a different target id.
10357 				 */
10358 				status = CAM_TID_INVALID;
10359 			} else if ((ahd->flags & AHD_INITIATORROLE) != 0
10360 				|| ahd->enabled_luns > 0) {
10361 				/*
10362 				 * Only allow our target id to change
10363 				 * if the initiator role is not configured
10364 				 * and there are no enabled luns which
10365 				 * are attached to the currently registered
10366 				 * scsi id.
10367 				 */
10368 				status = CAM_TID_INVALID;
10369 			}
10370 		}
10371 	}
10372 
10373 	if (status != CAM_REQ_CMP) {
10374 		ccb->ccb_h.status = status;
10375 		return;
10376 	}
10377 
10378 	/*
10379 	 * We now have an id that is valid.
10380 	 * If we aren't in target mode, switch modes.
10381 	 */
10382 	if ((ahd->flags & AHD_TARGETROLE) == 0
10383 	 && ccb->ccb_h.target_id != CAM_TARGET_WILDCARD) {
10384 		u_long	s;
10385 
10386 		printf("Configuring Target Mode\n");
10387 		ahd_lock(ahd, &s);
10388 		if (LIST_FIRST(&ahd->pending_scbs) != NULL) {
10389 			ccb->ccb_h.status = CAM_BUSY;
10390 			ahd_unlock(ahd, &s);
10391 			return;
10392 		}
10393 		ahd->flags |= AHD_TARGETROLE;
10394 		if ((ahd->features & AHD_MULTIROLE) == 0)
10395 			ahd->flags &= ~AHD_INITIATORROLE;
10396 		ahd_pause(ahd);
10397 		ahd_loadseq(ahd);
10398 		ahd_restart(ahd);
10399 		ahd_unlock(ahd, &s);
10400 	}
10401 	cel = &ccb->cel;
10402 	target = ccb->ccb_h.target_id;
10403 	lun = ccb->ccb_h.target_lun;
10404 	channel = SIM_CHANNEL(ahd, sim);
10405 	target_mask = 0x01 << target;
10406 	if (channel == 'B')
10407 		target_mask <<= 8;
10408 
10409 	if (cel->enable != 0) {
10410 		u_int scsiseq1;
10411 
10412 		/* Are we already enabled?? */
10413 		if (lstate != NULL) {
10414 			xpt_print_path(ccb->ccb_h.path);
10415 			printf("Lun already enabled\n");
10416 			ccb->ccb_h.status = CAM_LUN_ALRDY_ENA;
10417 			return;
10418 		}
10419 
10420 		if (cel->grp6_len != 0
10421 		 || cel->grp7_len != 0) {
10422 			/*
10423 			 * Don't (yet?) support vendor
10424 			 * specific commands.
10425 			 */
10426 			ccb->ccb_h.status = CAM_REQ_INVALID;
10427 			printf("Non-zero Group Codes\n");
10428 			return;
10429 		}
10430 
10431 		/*
10432 		 * Seems to be okay.
10433 		 * Setup our data structures.
10434 		 */
10435 		if (target != CAM_TARGET_WILDCARD && tstate == NULL) {
10436 			tstate = ahd_alloc_tstate(ahd, target, channel);
10437 			if (tstate == NULL) {
10438 				xpt_print_path(ccb->ccb_h.path);
10439 				printf("Couldn't allocate tstate\n");
10440 				ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
10441 				return;
10442 			}
10443 		}
10444 		lstate = malloc(sizeof(*lstate), M_DEVBUF, M_NOWAIT);
10445 		if (lstate == NULL) {
10446 			xpt_print_path(ccb->ccb_h.path);
10447 			printf("Couldn't allocate lstate\n");
10448 			ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
10449 			return;
10450 		}
10451 		memset(lstate, 0, sizeof(*lstate));
10452 		status = xpt_create_path(&lstate->path, /*periph*/NULL,
10453 					 xpt_path_path_id(ccb->ccb_h.path),
10454 					 xpt_path_target_id(ccb->ccb_h.path),
10455 					 xpt_path_lun_id(ccb->ccb_h.path));
10456 		if (status != CAM_REQ_CMP) {
10457 			free(lstate, M_DEVBUF);
10458 			xpt_print_path(ccb->ccb_h.path);
10459 			printf("Couldn't allocate path\n");
10460 			ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
10461 			return;
10462 		}
10463 		SLIST_INIT(&lstate->accept_tios);
10464 		SLIST_INIT(&lstate->immed_notifies);
10465 		ahd_lock(ahd, &s);
10466 		ahd_pause(ahd);
10467 		if (target != CAM_TARGET_WILDCARD) {
10468 			tstate->enabled_luns[lun] = lstate;
10469 			ahd->enabled_luns++;
10470 
10471 			if ((ahd->features & AHD_MULTI_TID) != 0) {
10472 				u_int targid_mask;
10473 
10474 				targid_mask = ahd_inw(ahd, TARGID);
10475 				targid_mask |= target_mask;
10476 				ahd_outw(ahd, TARGID, targid_mask);
10477 				ahd_update_scsiid(ahd, targid_mask);
10478 			} else {
10479 				u_int our_id;
10480 				char  channel;
10481 
10482 				channel = SIM_CHANNEL(ahd, sim);
10483 				our_id = SIM_SCSI_ID(ahd, sim);
10484 
10485 				/*
10486 				 * This can only happen if selections
10487 				 * are not enabled
10488 				 */
10489 				if (target != our_id) {
10490 					u_int sblkctl;
10491 					char  cur_channel;
10492 					int   swap;
10493 
10494 					sblkctl = ahd_inb(ahd, SBLKCTL);
10495 					cur_channel = (sblkctl & SELBUSB)
10496 						    ? 'B' : 'A';
10497 					if ((ahd->features & AHD_TWIN) == 0)
10498 						cur_channel = 'A';
10499 					swap = cur_channel != channel;
10500 					ahd->our_id = target;
10501 
10502 					if (swap)
10503 						ahd_outb(ahd, SBLKCTL,
10504 							 sblkctl ^ SELBUSB);
10505 
10506 					ahd_outb(ahd, SCSIID, target);
10507 
10508 					if (swap)
10509 						ahd_outb(ahd, SBLKCTL, sblkctl);
10510 				}
10511 			}
10512 		} else
10513 			ahd->black_hole = lstate;
10514 		/* Allow select-in operations */
10515 		if (ahd->black_hole != NULL && ahd->enabled_luns > 0) {
10516 			scsiseq1 = ahd_inb(ahd, SCSISEQ_TEMPLATE);
10517 			scsiseq1 |= ENSELI;
10518 			ahd_outb(ahd, SCSISEQ_TEMPLATE, scsiseq1);
10519 			scsiseq1 = ahd_inb(ahd, SCSISEQ1);
10520 			scsiseq1 |= ENSELI;
10521 			ahd_outb(ahd, SCSISEQ1, scsiseq1);
10522 		}
10523 		ahd_unpause(ahd);
10524 		ahd_unlock(ahd, &s);
10525 		ccb->ccb_h.status = CAM_REQ_CMP;
10526 		xpt_print_path(ccb->ccb_h.path);
10527 		printf("Lun now enabled for target mode\n");
10528 	} else {
10529 		struct scb *scb;
10530 		int i, empty;
10531 
10532 		if (lstate == NULL) {
10533 			ccb->ccb_h.status = CAM_LUN_INVALID;
10534 			return;
10535 		}
10536 
10537 		ahd_lock(ahd, &s);
10538 
10539 		ccb->ccb_h.status = CAM_REQ_CMP;
10540 		LIST_FOREACH(scb, &ahd->pending_scbs, pending_links) {
10541 			struct ccb_hdr *ccbh;
10542 
10543 			ccbh = &scb->io_ctx->ccb_h;
10544 			if (ccbh->func_code == XPT_CONT_TARGET_IO
10545 			 && !xpt_path_comp(ccbh->path, ccb->ccb_h.path)){
10546 				printf("CTIO pending\n");
10547 				ccb->ccb_h.status = CAM_REQ_INVALID;
10548 				ahd_unlock(ahd, &s);
10549 				return;
10550 			}
10551 		}
10552 
10553 		if (SLIST_FIRST(&lstate->accept_tios) != NULL) {
10554 			printf("ATIOs pending\n");
10555 			ccb->ccb_h.status = CAM_REQ_INVALID;
10556 		}
10557 
10558 		if (SLIST_FIRST(&lstate->immed_notifies) != NULL) {
10559 			printf("INOTs pending\n");
10560 			ccb->ccb_h.status = CAM_REQ_INVALID;
10561 		}
10562 
10563 		if (ccb->ccb_h.status != CAM_REQ_CMP) {
10564 			ahd_unlock(ahd, &s);
10565 			return;
10566 		}
10567 
10568 		xpt_print_path(ccb->ccb_h.path);
10569 		printf("Target mode disabled\n");
10570 		xpt_free_path(lstate->path);
10571 		free(lstate, M_DEVBUF);
10572 
10573 		ahd_pause(ahd);
10574 		/* Can we clean up the target too? */
10575 		if (target != CAM_TARGET_WILDCARD) {
10576 			tstate->enabled_luns[lun] = NULL;
10577 			ahd->enabled_luns--;
10578 			for (empty = 1, i = 0; i < 8; i++)
10579 				if (tstate->enabled_luns[i] != NULL) {
10580 					empty = 0;
10581 					break;
10582 				}
10583 
10584 			if (empty) {
10585 				ahd_free_tstate(ahd, target, channel,
10586 						/*force*/FALSE);
10587 				if (ahd->features & AHD_MULTI_TID) {
10588 					u_int targid_mask;
10589 
10590 					targid_mask = ahd_inw(ahd, TARGID);
10591 					targid_mask &= ~target_mask;
10592 					ahd_outw(ahd, TARGID, targid_mask);
10593 					ahd_update_scsiid(ahd, targid_mask);
10594 				}
10595 			}
10596 		} else {
10597 
10598 			ahd->black_hole = NULL;
10599 
10600 			/*
10601 			 * We can't allow selections without
10602 			 * our black hole device.
10603 			 */
10604 			empty = TRUE;
10605 		}
10606 		if (ahd->enabled_luns == 0) {
10607 			/* Disallow select-in */
10608 			u_int scsiseq1;
10609 
10610 			scsiseq1 = ahd_inb(ahd, SCSISEQ_TEMPLATE);
10611 			scsiseq1 &= ~ENSELI;
10612 			ahd_outb(ahd, SCSISEQ_TEMPLATE, scsiseq1);
10613 			scsiseq1 = ahd_inb(ahd, SCSISEQ1);
10614 			scsiseq1 &= ~ENSELI;
10615 			ahd_outb(ahd, SCSISEQ1, scsiseq1);
10616 
10617 			if ((ahd->features & AHD_MULTIROLE) == 0) {
10618 				printf("Configuring Initiator Mode\n");
10619 				ahd->flags &= ~AHD_TARGETROLE;
10620 				ahd->flags |= AHD_INITIATORROLE;
10621 				ahd_pause(ahd);
10622 				ahd_loadseq(ahd);
10623 				ahd_restart(ahd);
10624 				/*
10625 				 * Unpaused.  The extra unpause
10626 				 * that follows is harmless.
10627 				 */
10628 			}
10629 		}
10630 		ahd_unpause(ahd);
10631 		ahd_unlock(ahd, &s);
10632 	}
10633 #endif
10634 }
10635 
10636 static void
10637 ahd_update_scsiid(struct ahd_softc *ahd, u_int targid_mask)
10638 {
10639 #if NOT_YET
10640 	u_int scsiid_mask;
10641 	u_int scsiid;
10642 
10643 	if ((ahd->features & AHD_MULTI_TID) == 0)
10644 		panic("ahd_update_scsiid called on non-multitid unit\n");
10645 
10646 	/*
10647 	 * Since we will rely on the TARGID mask
10648 	 * for selection enables, ensure that OID
10649 	 * in SCSIID is not set to some other ID
10650 	 * that we don't want to allow selections on.
10651 	 */
10652 	if ((ahd->features & AHD_ULTRA2) != 0)
10653 		scsiid = ahd_inb(ahd, SCSIID_ULTRA2);
10654 	else
10655 		scsiid = ahd_inb(ahd, SCSIID);
10656 	scsiid_mask = 0x1 << (scsiid & OID);
10657 	if ((targid_mask & scsiid_mask) == 0) {
10658 		u_int our_id;
10659 
10660 		/* ffs counts from 1 */
10661 		our_id = ffs(targid_mask);
10662 		if (our_id == 0)
10663 			our_id = ahd->our_id;
10664 		else
10665 			our_id--;
10666 		scsiid &= TID;
10667 		scsiid |= our_id;
10668 	}
10669 	if ((ahd->features & AHD_ULTRA2) != 0)
10670 		ahd_outb(ahd, SCSIID_ULTRA2, scsiid);
10671 	else
10672 		ahd_outb(ahd, SCSIID, scsiid);
10673 #endif
10674 }
10675 
10676 static void
10677 ahd_run_tqinfifo(struct ahd_softc *ahd, int paused)
10678 {
10679 	struct target_cmd *cmd;
10680 
10681 	ahd_sync_tqinfifo(ahd, BUS_DMASYNC_POSTREAD);
10682 	while ((cmd = &ahd->targetcmds[ahd->tqinfifonext])->cmd_valid != 0) {
10683 
10684 		/*
10685 		 * Only advance through the queue if we
10686 		 * have the resources to process the command.
10687 		 */
10688 		if (ahd_handle_target_cmd(ahd, cmd) != 0)
10689 			break;
10690 
10691 		cmd->cmd_valid = 0;
10692 		ahd_dmamap_sync(ahd, ahd->shared_data_dmat,
10693 				ahd->shared_data_map.dmamap,
10694 				ahd_targetcmd_offset(ahd, ahd->tqinfifonext),
10695 				sizeof(struct target_cmd),
10696 				BUS_DMASYNC_PREREAD);
10697 		ahd->tqinfifonext++;
10698 
10699 		/*
10700 		 * Lazily update our position in the target mode incoming
10701 		 * command queue as seen by the sequencer.
10702 		 */
10703 		if ((ahd->tqinfifonext & (HOST_TQINPOS - 1)) == 1) {
10704 			u_int hs_mailbox;
10705 
10706 			hs_mailbox = ahd_inb(ahd, HS_MAILBOX);
10707 			hs_mailbox &= ~HOST_TQINPOS;
10708 			hs_mailbox |= ahd->tqinfifonext & HOST_TQINPOS;
10709 			ahd_outb(ahd, HS_MAILBOX, hs_mailbox);
10710 		}
10711 	}
10712 }
10713 
10714 static int
10715 ahd_handle_target_cmd(struct ahd_softc *ahd, struct target_cmd *cmd)
10716 {
10717 	struct	  ahd_tmode_tstate *tstate;
10718 	struct	  ahd_tmode_lstate *lstate;
10719 	struct	  ccb_accept_tio *atio;
10720 	uint8_t *byte;
10721 	int	  initiator;
10722 	int	  target;
10723 	int	  lun;
10724 
10725 	initiator = SCSIID_TARGET(ahd, cmd->scsiid);
10726 	target = SCSIID_OUR_ID(cmd->scsiid);
10727 	lun    = (cmd->identify & MSG_IDENTIFY_LUNMASK);
10728 
10729 	byte = cmd->bytes;
10730 	tstate = ahd->enabled_targets[target];
10731 	lstate = NULL;
10732 	if (tstate != NULL)
10733 		lstate = tstate->enabled_luns[lun];
10734 
10735 	/*
10736 	 * Commands for disabled luns go to the black hole driver.
10737 	 */
10738 	if (lstate == NULL)
10739 		lstate = ahd->black_hole;
10740 
10741 	atio = (struct ccb_accept_tio*)SLIST_FIRST(&lstate->accept_tios);
10742 	if (atio == NULL) {
10743 		ahd->flags |= AHD_TQINFIFO_BLOCKED;
10744 		/*
10745 		 * Wait for more ATIOs from the peripheral driver for this lun.
10746 		 */
10747 		return (1);
10748 	} else
10749 		ahd->flags &= ~AHD_TQINFIFO_BLOCKED;
10750 #ifdef AHD_DEBUG
10751 	if ((ahd_debug & AHD_SHOW_TQIN) != 0)
10752 		printf("Incoming command from %d for %d:%d%s\n",
10753 		       initiator, target, lun,
10754 		       lstate == ahd->black_hole ? "(Black Holed)" : "");
10755 #endif
10756 	SLIST_REMOVE_HEAD(&lstate->accept_tios, sim_links.sle);
10757 
10758 	if (lstate == ahd->black_hole) {
10759 		/* Fill in the wildcards */
10760 		atio->ccb_h.target_id = target;
10761 		atio->ccb_h.target_lun = lun;
10762 	}
10763 
10764 	/*
10765 	 * Package it up and send it off to
10766 	 * whomever has this lun enabled.
10767 	 */
10768 	atio->sense_len = 0;
10769 	atio->init_id = initiator;
10770 	if (byte[0] != 0xFF) {
10771 		/* Tag was included */
10772 		atio->tag_action = *byte++;
10773 		atio->tag_id = *byte++;
10774 		atio->ccb_h.flags = CAM_TAG_ACTION_VALID;
10775 	} else {
10776 		atio->ccb_h.flags = 0;
10777 	}
10778 	byte++;
10779 
10780 	/* Okay.  Now determine the cdb size based on the command code */
10781 	switch (*byte >> CMD_GROUP_CODE_SHIFT) {
10782 	case 0:
10783 		atio->cdb_len = 6;
10784 		break;
10785 	case 1:
10786 	case 2:
10787 		atio->cdb_len = 10;
10788 		break;
10789 	case 4:
10790 		atio->cdb_len = 16;
10791 		break;
10792 	case 5:
10793 		atio->cdb_len = 12;
10794 		break;
10795 	case 3:
10796 	default:
10797 		/* Only copy the opcode. */
10798 		atio->cdb_len = 1;
10799 		printf("Reserved or VU command code type encountered\n");
10800 		break;
10801 	}
10802 
10803 	memcpy(atio->cdb_io.cdb_bytes, byte, atio->cdb_len);
10804 
10805 	atio->ccb_h.status |= CAM_CDB_RECVD;
10806 
10807 	if ((cmd->identify & MSG_IDENTIFY_DISCFLAG) == 0) {
10808 		/*
10809 		 * We weren't allowed to disconnect.
10810 		 * We're hanging on the bus until a
10811 		 * continue target I/O comes in response
10812 		 * to this accept tio.
10813 		 */
10814 #ifdef AHD_DEBUG
10815 		if ((ahd_debug & AHD_SHOW_TQIN) != 0)
10816 			printf("Received Immediate Command %d:%d:%d - %p\n",
10817 			       initiator, target, lun, ahd->pending_device);
10818 #endif
10819 		ahd->pending_device = lstate;
10820 		ahd_freeze_ccb((union ccb *)atio);
10821 		atio->ccb_h.flags |= CAM_DIS_DISCONNECT;
10822 	}
10823 	xpt_done((union ccb*)atio);
10824 	return (0);
10825 }
10826 
10827 #endif
10828