xref: /openbmc/qemu/hw/scsi/megasas.c (revision ca693d1c)
1 /*
2  * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
3  * Based on the linux driver code at drivers/scsi/megaraid
4  *
5  * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
19  */
20 
21 #include "qemu/osdep.h"
22 #include "hw/hw.h"
23 #include "hw/pci/pci.h"
24 #include "sysemu/dma.h"
25 #include "sysemu/block-backend.h"
26 #include "hw/pci/msi.h"
27 #include "hw/pci/msix.h"
28 #include "qemu/iov.h"
29 #include "hw/scsi/scsi.h"
30 #include "scsi/constants.h"
31 #include "trace.h"
32 #include "qapi/error.h"
33 #include "mfi.h"
34 
35 #define MEGASAS_VERSION_GEN1 "1.70"
36 #define MEGASAS_VERSION_GEN2 "1.80"
37 #define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
38 #define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
39 #define MEGASAS_GEN2_DEFAULT_FRAMES 1008     /* Windows requires this */
40 #define MEGASAS_MAX_SGE 128             /* Firmware limit */
41 #define MEGASAS_DEFAULT_SGE 80
42 #define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
43 #define MEGASAS_MAX_ARRAYS 128
44 
45 #define MEGASAS_HBA_SERIAL "QEMU123456"
46 #define NAA_LOCALLY_ASSIGNED_ID 0x3ULL
47 #define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400
48 
49 #define MEGASAS_FLAG_USE_JBOD      0
50 #define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
51 #define MEGASAS_FLAG_USE_QUEUE64   1
52 #define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
53 
54 static const char *mfi_frame_desc[] = {
55     "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
56     "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
57 
58 typedef struct MegasasCmd {
59     uint32_t index;
60     uint16_t flags;
61     uint16_t count;
62     uint64_t context;
63 
64     hwaddr pa;
65     hwaddr pa_size;
66     uint32_t dcmd_opcode;
67     union mfi_frame *frame;
68     SCSIRequest *req;
69     QEMUSGList qsg;
70     void *iov_buf;
71     size_t iov_size;
72     size_t iov_offset;
73     struct MegasasState *state;
74 } MegasasCmd;
75 
76 typedef struct MegasasState {
77     /*< private >*/
78     PCIDevice parent_obj;
79     /*< public >*/
80 
81     MemoryRegion mmio_io;
82     MemoryRegion port_io;
83     MemoryRegion queue_io;
84     uint32_t frame_hi;
85 
86     int fw_state;
87     uint32_t fw_sge;
88     uint32_t fw_cmds;
89     uint32_t flags;
90     int fw_luns;
91     int intr_mask;
92     int doorbell;
93     int busy;
94     int diag;
95     int adp_reset;
96     OnOffAuto msi;
97     OnOffAuto msix;
98 
99     MegasasCmd *event_cmd;
100     int event_locale;
101     int event_class;
102     int event_count;
103     int shutdown_event;
104     int boot_event;
105 
106     uint64_t sas_addr;
107     char *hba_serial;
108 
109     uint64_t reply_queue_pa;
110     void *reply_queue;
111     int reply_queue_len;
112     int reply_queue_head;
113     int reply_queue_tail;
114     uint64_t consumer_pa;
115     uint64_t producer_pa;
116 
117     MegasasCmd frames[MEGASAS_MAX_FRAMES];
118     DECLARE_BITMAP(frame_map, MEGASAS_MAX_FRAMES);
119     SCSIBus bus;
120 } MegasasState;
121 
122 typedef struct MegasasBaseClass {
123     PCIDeviceClass parent_class;
124     const char *product_name;
125     const char *product_version;
126     int mmio_bar;
127     int ioport_bar;
128     int osts;
129 } MegasasBaseClass;
130 
131 #define TYPE_MEGASAS_BASE "megasas-base"
132 #define TYPE_MEGASAS_GEN1 "megasas"
133 #define TYPE_MEGASAS_GEN2 "megasas-gen2"
134 
135 #define MEGASAS(obj) \
136     OBJECT_CHECK(MegasasState, (obj), TYPE_MEGASAS_BASE)
137 
138 #define MEGASAS_DEVICE_CLASS(oc) \
139     OBJECT_CLASS_CHECK(MegasasBaseClass, (oc), TYPE_MEGASAS_BASE)
140 #define MEGASAS_DEVICE_GET_CLASS(oc) \
141     OBJECT_GET_CLASS(MegasasBaseClass, (oc), TYPE_MEGASAS_BASE)
142 
143 #define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
144 
145 static bool megasas_intr_enabled(MegasasState *s)
146 {
147     if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
148         MEGASAS_INTR_DISABLED_MASK) {
149         return true;
150     }
151     return false;
152 }
153 
154 static bool megasas_use_queue64(MegasasState *s)
155 {
156     return s->flags & MEGASAS_MASK_USE_QUEUE64;
157 }
158 
159 static bool megasas_use_msix(MegasasState *s)
160 {
161     return s->msix != ON_OFF_AUTO_OFF;
162 }
163 
164 static bool megasas_is_jbod(MegasasState *s)
165 {
166     return s->flags & MEGASAS_MASK_USE_JBOD;
167 }
168 
169 static void megasas_frame_set_cmd_status(MegasasState *s,
170                                          unsigned long frame, uint8_t v)
171 {
172     PCIDevice *pci = &s->parent_obj;
173     stb_pci_dma(pci, frame + offsetof(struct mfi_frame_header, cmd_status), v);
174 }
175 
176 static void megasas_frame_set_scsi_status(MegasasState *s,
177                                           unsigned long frame, uint8_t v)
178 {
179     PCIDevice *pci = &s->parent_obj;
180     stb_pci_dma(pci, frame + offsetof(struct mfi_frame_header, scsi_status), v);
181 }
182 
183 /*
184  * Context is considered opaque, but the HBA firmware is running
185  * in little endian mode. So convert it to little endian, too.
186  */
187 static uint64_t megasas_frame_get_context(MegasasState *s,
188                                           unsigned long frame)
189 {
190     PCIDevice *pci = &s->parent_obj;
191     return ldq_le_pci_dma(pci, frame + offsetof(struct mfi_frame_header, context));
192 }
193 
194 static bool megasas_frame_is_ieee_sgl(MegasasCmd *cmd)
195 {
196     return cmd->flags & MFI_FRAME_IEEE_SGL;
197 }
198 
199 static bool megasas_frame_is_sgl64(MegasasCmd *cmd)
200 {
201     return cmd->flags & MFI_FRAME_SGL64;
202 }
203 
204 static bool megasas_frame_is_sense64(MegasasCmd *cmd)
205 {
206     return cmd->flags & MFI_FRAME_SENSE64;
207 }
208 
209 static uint64_t megasas_sgl_get_addr(MegasasCmd *cmd,
210                                      union mfi_sgl *sgl)
211 {
212     uint64_t addr;
213 
214     if (megasas_frame_is_ieee_sgl(cmd)) {
215         addr = le64_to_cpu(sgl->sg_skinny->addr);
216     } else if (megasas_frame_is_sgl64(cmd)) {
217         addr = le64_to_cpu(sgl->sg64->addr);
218     } else {
219         addr = le32_to_cpu(sgl->sg32->addr);
220     }
221     return addr;
222 }
223 
224 static uint32_t megasas_sgl_get_len(MegasasCmd *cmd,
225                                     union mfi_sgl *sgl)
226 {
227     uint32_t len;
228 
229     if (megasas_frame_is_ieee_sgl(cmd)) {
230         len = le32_to_cpu(sgl->sg_skinny->len);
231     } else if (megasas_frame_is_sgl64(cmd)) {
232         len = le32_to_cpu(sgl->sg64->len);
233     } else {
234         len = le32_to_cpu(sgl->sg32->len);
235     }
236     return len;
237 }
238 
239 static union mfi_sgl *megasas_sgl_next(MegasasCmd *cmd,
240                                        union mfi_sgl *sgl)
241 {
242     uint8_t *next = (uint8_t *)sgl;
243 
244     if (megasas_frame_is_ieee_sgl(cmd)) {
245         next += sizeof(struct mfi_sg_skinny);
246     } else if (megasas_frame_is_sgl64(cmd)) {
247         next += sizeof(struct mfi_sg64);
248     } else {
249         next += sizeof(struct mfi_sg32);
250     }
251 
252     if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
253         return NULL;
254     }
255     return (union mfi_sgl *)next;
256 }
257 
258 static void megasas_soft_reset(MegasasState *s);
259 
260 static int megasas_map_sgl(MegasasState *s, MegasasCmd *cmd, union mfi_sgl *sgl)
261 {
262     int i;
263     int iov_count = 0;
264     size_t iov_size = 0;
265 
266     cmd->flags = le16_to_cpu(cmd->frame->header.flags);
267     iov_count = cmd->frame->header.sge_count;
268     if (iov_count > MEGASAS_MAX_SGE) {
269         trace_megasas_iovec_sgl_overflow(cmd->index, iov_count,
270                                          MEGASAS_MAX_SGE);
271         return iov_count;
272     }
273     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), iov_count);
274     for (i = 0; i < iov_count; i++) {
275         dma_addr_t iov_pa, iov_size_p;
276 
277         if (!sgl) {
278             trace_megasas_iovec_sgl_underflow(cmd->index, i);
279             goto unmap;
280         }
281         iov_pa = megasas_sgl_get_addr(cmd, sgl);
282         iov_size_p = megasas_sgl_get_len(cmd, sgl);
283         if (!iov_pa || !iov_size_p) {
284             trace_megasas_iovec_sgl_invalid(cmd->index, i,
285                                             iov_pa, iov_size_p);
286             goto unmap;
287         }
288         qemu_sglist_add(&cmd->qsg, iov_pa, iov_size_p);
289         sgl = megasas_sgl_next(cmd, sgl);
290         iov_size += (size_t)iov_size_p;
291     }
292     if (cmd->iov_size > iov_size) {
293         trace_megasas_iovec_overflow(cmd->index, iov_size, cmd->iov_size);
294     } else if (cmd->iov_size < iov_size) {
295         trace_megasas_iovec_underflow(cmd->index, iov_size, cmd->iov_size);
296     }
297     cmd->iov_offset = 0;
298     return 0;
299 unmap:
300     qemu_sglist_destroy(&cmd->qsg);
301     return iov_count - i;
302 }
303 
304 /*
305  * passthrough sense and io sense are at the same offset
306  */
307 static int megasas_build_sense(MegasasCmd *cmd, uint8_t *sense_ptr,
308     uint8_t sense_len)
309 {
310     PCIDevice *pcid = PCI_DEVICE(cmd->state);
311     uint32_t pa_hi = 0, pa_lo;
312     hwaddr pa;
313     int frame_sense_len;
314 
315     frame_sense_len = cmd->frame->header.sense_len;
316     if (sense_len > frame_sense_len) {
317         sense_len = frame_sense_len;
318     }
319     if (sense_len) {
320         pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
321         if (megasas_frame_is_sense64(cmd)) {
322             pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
323         }
324         pa = ((uint64_t) pa_hi << 32) | pa_lo;
325         pci_dma_write(pcid, pa, sense_ptr, sense_len);
326         cmd->frame->header.sense_len = sense_len;
327     }
328     return sense_len;
329 }
330 
331 static void megasas_write_sense(MegasasCmd *cmd, SCSISense sense)
332 {
333     uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
334     uint8_t sense_len = 18;
335 
336     memset(sense_buf, 0, sense_len);
337     sense_buf[0] = 0xf0;
338     sense_buf[2] = sense.key;
339     sense_buf[7] = 10;
340     sense_buf[12] = sense.asc;
341     sense_buf[13] = sense.ascq;
342     megasas_build_sense(cmd, sense_buf, sense_len);
343 }
344 
345 static void megasas_copy_sense(MegasasCmd *cmd)
346 {
347     uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
348     uint8_t sense_len;
349 
350     sense_len = scsi_req_get_sense(cmd->req, sense_buf,
351                                    SCSI_SENSE_BUF_SIZE);
352     megasas_build_sense(cmd, sense_buf, sense_len);
353 }
354 
355 /*
356  * Format an INQUIRY CDB
357  */
358 static int megasas_setup_inquiry(uint8_t *cdb, int pg, int len)
359 {
360     memset(cdb, 0, 6);
361     cdb[0] = INQUIRY;
362     if (pg > 0) {
363         cdb[1] = 0x1;
364         cdb[2] = pg;
365     }
366     cdb[3] = (len >> 8) & 0xff;
367     cdb[4] = (len & 0xff);
368     return len;
369 }
370 
371 /*
372  * Encode lba and len into a READ_16/WRITE_16 CDB
373  */
374 static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
375                                uint32_t len, bool is_write)
376 {
377     memset(cdb, 0x0, 16);
378     if (is_write) {
379         cdb[0] = WRITE_16;
380     } else {
381         cdb[0] = READ_16;
382     }
383     cdb[2] = (lba >> 56) & 0xff;
384     cdb[3] = (lba >> 48) & 0xff;
385     cdb[4] = (lba >> 40) & 0xff;
386     cdb[5] = (lba >> 32) & 0xff;
387     cdb[6] = (lba >> 24) & 0xff;
388     cdb[7] = (lba >> 16) & 0xff;
389     cdb[8] = (lba >> 8) & 0xff;
390     cdb[9] = (lba) & 0xff;
391     cdb[10] = (len >> 24) & 0xff;
392     cdb[11] = (len >> 16) & 0xff;
393     cdb[12] = (len >> 8) & 0xff;
394     cdb[13] = (len) & 0xff;
395 }
396 
397 /*
398  * Utility functions
399  */
400 static uint64_t megasas_fw_time(void)
401 {
402     struct tm curtime;
403 
404     qemu_get_timedate(&curtime, 0);
405     return ((uint64_t)curtime.tm_sec & 0xff) << 48 |
406         ((uint64_t)curtime.tm_min & 0xff)  << 40 |
407         ((uint64_t)curtime.tm_hour & 0xff) << 32 |
408         ((uint64_t)curtime.tm_mday & 0xff) << 24 |
409         ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
410         ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
411 }
412 
413 /*
414  * Default disk sata address
415  * 0x1221 is the magic number as
416  * present in real hardware,
417  * so use it here, too.
418  */
419 static uint64_t megasas_get_sata_addr(uint16_t id)
420 {
421     uint64_t addr = (0x1221ULL << 48);
422     return addr | ((uint64_t)id << 24);
423 }
424 
425 /*
426  * Frame handling
427  */
428 static int megasas_next_index(MegasasState *s, int index, int limit)
429 {
430     index++;
431     if (index == limit) {
432         index = 0;
433     }
434     return index;
435 }
436 
437 static MegasasCmd *megasas_lookup_frame(MegasasState *s,
438     hwaddr frame)
439 {
440     MegasasCmd *cmd = NULL;
441     int num = 0, index;
442 
443     index = s->reply_queue_head;
444 
445     while (num < s->fw_cmds) {
446         if (s->frames[index].pa && s->frames[index].pa == frame) {
447             cmd = &s->frames[index];
448             break;
449         }
450         index = megasas_next_index(s, index, s->fw_cmds);
451         num++;
452     }
453 
454     return cmd;
455 }
456 
457 static void megasas_unmap_frame(MegasasState *s, MegasasCmd *cmd)
458 {
459     PCIDevice *p = PCI_DEVICE(s);
460 
461     if (cmd->pa_size) {
462         pci_dma_unmap(p, cmd->frame, cmd->pa_size, 0, 0);
463     }
464     cmd->frame = NULL;
465     cmd->pa = 0;
466     cmd->pa_size = 0;
467     qemu_sglist_destroy(&cmd->qsg);
468     clear_bit(cmd->index, s->frame_map);
469 }
470 
471 /*
472  * This absolutely needs to be locked if
473  * qemu ever goes multithreaded.
474  */
475 static MegasasCmd *megasas_enqueue_frame(MegasasState *s,
476     hwaddr frame, uint64_t context, int count)
477 {
478     PCIDevice *pcid = PCI_DEVICE(s);
479     MegasasCmd *cmd = NULL;
480     int frame_size = MEGASAS_MAX_SGE * sizeof(union mfi_sgl);
481     hwaddr frame_size_p = frame_size;
482     unsigned long index;
483 
484     index = 0;
485     while (index < s->fw_cmds) {
486         index = find_next_zero_bit(s->frame_map, s->fw_cmds, index);
487         if (!s->frames[index].pa)
488             break;
489         /* Busy frame found */
490         trace_megasas_qf_mapped(index);
491     }
492     if (index >= s->fw_cmds) {
493         /* All frames busy */
494         trace_megasas_qf_busy(frame);
495         return NULL;
496     }
497     cmd = &s->frames[index];
498     set_bit(index, s->frame_map);
499     trace_megasas_qf_new(index, frame);
500 
501     cmd->pa = frame;
502     /* Map all possible frames */
503     cmd->frame = pci_dma_map(pcid, frame, &frame_size_p, 0);
504     if (frame_size_p != frame_size) {
505         trace_megasas_qf_map_failed(cmd->index, (unsigned long)frame);
506         if (cmd->frame) {
507             megasas_unmap_frame(s, cmd);
508         }
509         s->event_count++;
510         return NULL;
511     }
512     cmd->pa_size = frame_size_p;
513     cmd->context = context;
514     if (!megasas_use_queue64(s)) {
515         cmd->context &= (uint64_t)0xFFFFFFFF;
516     }
517     cmd->count = count;
518     cmd->dcmd_opcode = -1;
519     s->busy++;
520 
521     if (s->consumer_pa) {
522         s->reply_queue_tail = ldl_le_pci_dma(pcid, s->consumer_pa);
523     }
524     trace_megasas_qf_enqueue(cmd->index, cmd->count, cmd->context,
525                              s->reply_queue_head, s->reply_queue_tail, s->busy);
526 
527     return cmd;
528 }
529 
530 static void megasas_complete_frame(MegasasState *s, uint64_t context)
531 {
532     PCIDevice *pci_dev = PCI_DEVICE(s);
533     int tail, queue_offset;
534 
535     /* Decrement busy count */
536     s->busy--;
537     if (s->reply_queue_pa) {
538         /*
539          * Put command on the reply queue.
540          * Context is opaque, but emulation is running in
541          * little endian. So convert it.
542          */
543         if (megasas_use_queue64(s)) {
544             queue_offset = s->reply_queue_head * sizeof(uint64_t);
545             stq_le_pci_dma(pci_dev, s->reply_queue_pa + queue_offset, context);
546         } else {
547             queue_offset = s->reply_queue_head * sizeof(uint32_t);
548             stl_le_pci_dma(pci_dev, s->reply_queue_pa + queue_offset, context);
549         }
550         s->reply_queue_tail = ldl_le_pci_dma(pci_dev, s->consumer_pa);
551         trace_megasas_qf_complete(context, s->reply_queue_head,
552                                   s->reply_queue_tail, s->busy);
553     }
554 
555     if (megasas_intr_enabled(s)) {
556         /* Update reply queue pointer */
557         s->reply_queue_tail = ldl_le_pci_dma(pci_dev, s->consumer_pa);
558         tail = s->reply_queue_head;
559         s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
560         trace_megasas_qf_update(s->reply_queue_head, s->reply_queue_tail,
561                                 s->busy);
562         stl_le_pci_dma(pci_dev, s->producer_pa, s->reply_queue_head);
563         /* Notify HBA */
564         if (msix_enabled(pci_dev)) {
565             trace_megasas_msix_raise(0);
566             msix_notify(pci_dev, 0);
567         } else if (msi_enabled(pci_dev)) {
568             trace_megasas_msi_raise(0);
569             msi_notify(pci_dev, 0);
570         } else {
571             s->doorbell++;
572             if (s->doorbell == 1) {
573                 trace_megasas_irq_raise();
574                 pci_irq_assert(pci_dev);
575             }
576         }
577     } else {
578         trace_megasas_qf_complete_noirq(context);
579     }
580 }
581 
582 static void megasas_complete_command(MegasasCmd *cmd)
583 {
584     cmd->iov_size = 0;
585     cmd->iov_offset = 0;
586 
587     cmd->req->hba_private = NULL;
588     scsi_req_unref(cmd->req);
589     cmd->req = NULL;
590 
591     megasas_unmap_frame(cmd->state, cmd);
592     megasas_complete_frame(cmd->state, cmd->context);
593 }
594 
595 static void megasas_reset_frames(MegasasState *s)
596 {
597     int i;
598     MegasasCmd *cmd;
599 
600     for (i = 0; i < s->fw_cmds; i++) {
601         cmd = &s->frames[i];
602         if (cmd->pa) {
603             megasas_unmap_frame(s, cmd);
604         }
605     }
606     bitmap_zero(s->frame_map, MEGASAS_MAX_FRAMES);
607 }
608 
609 static void megasas_abort_command(MegasasCmd *cmd)
610 {
611     /* Never abort internal commands.  */
612     if (cmd->dcmd_opcode != -1) {
613         return;
614     }
615     if (cmd->req != NULL) {
616         scsi_req_cancel(cmd->req);
617     }
618 }
619 
620 static int megasas_init_firmware(MegasasState *s, MegasasCmd *cmd)
621 {
622     PCIDevice *pcid = PCI_DEVICE(s);
623     uint32_t pa_hi, pa_lo;
624     hwaddr iq_pa, initq_size = sizeof(struct mfi_init_qinfo);
625     struct mfi_init_qinfo *initq = NULL;
626     uint32_t flags;
627     int ret = MFI_STAT_OK;
628 
629     if (s->reply_queue_pa) {
630         trace_megasas_initq_mapped(s->reply_queue_pa);
631         goto out;
632     }
633     pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
634     pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
635     iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
636     trace_megasas_init_firmware((uint64_t)iq_pa);
637     initq = pci_dma_map(pcid, iq_pa, &initq_size, 0);
638     if (!initq || initq_size != sizeof(*initq)) {
639         trace_megasas_initq_map_failed(cmd->index);
640         s->event_count++;
641         ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
642         goto out;
643     }
644     s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
645     if (s->reply_queue_len > s->fw_cmds) {
646         trace_megasas_initq_mismatch(s->reply_queue_len, s->fw_cmds);
647         s->event_count++;
648         ret = MFI_STAT_INVALID_PARAMETER;
649         goto out;
650     }
651     pa_lo = le32_to_cpu(initq->rq_addr_lo);
652     pa_hi = le32_to_cpu(initq->rq_addr_hi);
653     s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
654     pa_lo = le32_to_cpu(initq->ci_addr_lo);
655     pa_hi = le32_to_cpu(initq->ci_addr_hi);
656     s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
657     pa_lo = le32_to_cpu(initq->pi_addr_lo);
658     pa_hi = le32_to_cpu(initq->pi_addr_hi);
659     s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
660     s->reply_queue_head = ldl_le_pci_dma(pcid, s->producer_pa);
661     s->reply_queue_head %= MEGASAS_MAX_FRAMES;
662     s->reply_queue_tail = ldl_le_pci_dma(pcid, s->consumer_pa);
663     s->reply_queue_tail %= MEGASAS_MAX_FRAMES;
664     flags = le32_to_cpu(initq->flags);
665     if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
666         s->flags |= MEGASAS_MASK_USE_QUEUE64;
667     }
668     trace_megasas_init_queue((unsigned long)s->reply_queue_pa,
669                              s->reply_queue_len, s->reply_queue_head,
670                              s->reply_queue_tail, flags);
671     megasas_reset_frames(s);
672     s->fw_state = MFI_FWSTATE_OPERATIONAL;
673 out:
674     if (initq) {
675         pci_dma_unmap(pcid, initq, initq_size, 0, 0);
676     }
677     return ret;
678 }
679 
680 static int megasas_map_dcmd(MegasasState *s, MegasasCmd *cmd)
681 {
682     dma_addr_t iov_pa, iov_size;
683     int iov_count;
684 
685     cmd->flags = le16_to_cpu(cmd->frame->header.flags);
686     iov_count = cmd->frame->header.sge_count;
687     if (!iov_count) {
688         trace_megasas_dcmd_zero_sge(cmd->index);
689         cmd->iov_size = 0;
690         return 0;
691     } else if (iov_count > 1) {
692         trace_megasas_dcmd_invalid_sge(cmd->index, iov_count);
693         cmd->iov_size = 0;
694         return -EINVAL;
695     }
696     iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
697     iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
698     pci_dma_sglist_init(&cmd->qsg, PCI_DEVICE(s), 1);
699     qemu_sglist_add(&cmd->qsg, iov_pa, iov_size);
700     cmd->iov_size = iov_size;
701     return 0;
702 }
703 
704 static void megasas_finish_dcmd(MegasasCmd *cmd, uint32_t iov_size)
705 {
706     trace_megasas_finish_dcmd(cmd->index, iov_size);
707 
708     if (iov_size > cmd->iov_size) {
709         if (megasas_frame_is_ieee_sgl(cmd)) {
710             cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
711         } else if (megasas_frame_is_sgl64(cmd)) {
712             cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
713         } else {
714             cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
715         }
716     }
717 }
718 
719 static int megasas_ctrl_get_info(MegasasState *s, MegasasCmd *cmd)
720 {
721     PCIDevice *pci_dev = PCI_DEVICE(s);
722     PCIDeviceClass *pci_class = PCI_DEVICE_GET_CLASS(pci_dev);
723     MegasasBaseClass *base_class = MEGASAS_DEVICE_GET_CLASS(s);
724     struct mfi_ctrl_info info;
725     size_t dcmd_size = sizeof(info);
726     BusChild *kid;
727     int num_pd_disks = 0;
728 
729     memset(&info, 0x0, dcmd_size);
730     if (cmd->iov_size < dcmd_size) {
731         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
732                                             dcmd_size);
733         return MFI_STAT_INVALID_PARAMETER;
734     }
735 
736     info.pci.vendor = cpu_to_le16(pci_class->vendor_id);
737     info.pci.device = cpu_to_le16(pci_class->device_id);
738     info.pci.subvendor = cpu_to_le16(pci_class->subsystem_vendor_id);
739     info.pci.subdevice = cpu_to_le16(pci_class->subsystem_id);
740 
741     /*
742      * For some reason the firmware supports
743      * only up to 8 device ports.
744      * Despite supporting a far larger number
745      * of devices for the physical devices.
746      * So just display the first 8 devices
747      * in the device port list, independent
748      * of how many logical devices are actually
749      * present.
750      */
751     info.host.type = MFI_INFO_HOST_PCIE;
752     info.device.type = MFI_INFO_DEV_SAS3G;
753     info.device.port_count = 8;
754     QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
755         SCSIDevice *sdev = SCSI_DEVICE(kid->child);
756         uint16_t pd_id;
757 
758         if (num_pd_disks < 8) {
759             pd_id = ((sdev->id & 0xFF) << 8) | (sdev->lun & 0xFF);
760             info.device.port_addr[num_pd_disks] =
761                 cpu_to_le64(megasas_get_sata_addr(pd_id));
762         }
763         num_pd_disks++;
764     }
765 
766     memcpy(info.product_name, base_class->product_name, 24);
767     snprintf(info.serial_number, 32, "%s", s->hba_serial);
768     snprintf(info.package_version, 0x60, "%s-QEMU", qemu_hw_version());
769     memcpy(info.image_component[0].name, "APP", 3);
770     snprintf(info.image_component[0].version, 10, "%s-QEMU",
771              base_class->product_version);
772     memcpy(info.image_component[0].build_date, "Apr  1 2014", 11);
773     memcpy(info.image_component[0].build_time, "12:34:56", 8);
774     info.image_component_count = 1;
775     if (pci_dev->has_rom) {
776         uint8_t biosver[32];
777         uint8_t *ptr;
778 
779         ptr = memory_region_get_ram_ptr(&pci_dev->rom);
780         memcpy(biosver, ptr + 0x41, 31);
781         biosver[31] = 0;
782         memcpy(info.image_component[1].name, "BIOS", 4);
783         memcpy(info.image_component[1].version, biosver,
784                strlen((const char *)biosver));
785         info.image_component_count++;
786     }
787     info.current_fw_time = cpu_to_le32(megasas_fw_time());
788     info.max_arms = 32;
789     info.max_spans = 8;
790     info.max_arrays = MEGASAS_MAX_ARRAYS;
791     info.max_lds = MFI_MAX_LD;
792     info.max_cmds = cpu_to_le16(s->fw_cmds);
793     info.max_sg_elements = cpu_to_le16(s->fw_sge);
794     info.max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
795     if (!megasas_is_jbod(s))
796         info.lds_present = cpu_to_le16(num_pd_disks);
797     info.pd_present = cpu_to_le16(num_pd_disks);
798     info.pd_disks_present = cpu_to_le16(num_pd_disks);
799     info.hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
800                                    MFI_INFO_HW_MEM |
801                                    MFI_INFO_HW_FLASH);
802     info.memory_size = cpu_to_le16(512);
803     info.nvram_size = cpu_to_le16(32);
804     info.flash_size = cpu_to_le16(16);
805     info.raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
806     info.adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
807                                     MFI_INFO_AOPS_SELF_DIAGNOSTIC |
808                                     MFI_INFO_AOPS_MIXED_ARRAY);
809     info.ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
810                                MFI_INFO_LDOPS_ACCESS_POLICY |
811                                MFI_INFO_LDOPS_IO_POLICY |
812                                MFI_INFO_LDOPS_WRITE_POLICY |
813                                MFI_INFO_LDOPS_READ_POLICY);
814     info.max_strips_per_io = cpu_to_le16(s->fw_sge);
815     info.stripe_sz_ops.min = 3;
816     info.stripe_sz_ops.max = ctz32(MEGASAS_MAX_SECTORS + 1);
817     info.properties.pred_fail_poll_interval = cpu_to_le16(300);
818     info.properties.intr_throttle_cnt = cpu_to_le16(16);
819     info.properties.intr_throttle_timeout = cpu_to_le16(50);
820     info.properties.rebuild_rate = 30;
821     info.properties.patrol_read_rate = 30;
822     info.properties.bgi_rate = 30;
823     info.properties.cc_rate = 30;
824     info.properties.recon_rate = 30;
825     info.properties.cache_flush_interval = 4;
826     info.properties.spinup_drv_cnt = 2;
827     info.properties.spinup_delay = 6;
828     info.properties.ecc_bucket_size = 15;
829     info.properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
830     info.properties.expose_encl_devices = 1;
831     info.properties.OnOffProperties = cpu_to_le32(MFI_CTRL_PROP_EnableJBOD);
832     info.pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
833                                MFI_INFO_PDOPS_FORCE_OFFLINE);
834     info.pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
835                                        MFI_INFO_PDMIX_SATA |
836                                        MFI_INFO_PDMIX_LD);
837 
838     cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
839     return MFI_STAT_OK;
840 }
841 
842 static int megasas_mfc_get_defaults(MegasasState *s, MegasasCmd *cmd)
843 {
844     struct mfi_defaults info;
845     size_t dcmd_size = sizeof(struct mfi_defaults);
846 
847     memset(&info, 0x0, dcmd_size);
848     if (cmd->iov_size < dcmd_size) {
849         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
850                                             dcmd_size);
851         return MFI_STAT_INVALID_PARAMETER;
852     }
853 
854     info.sas_addr = cpu_to_le64(s->sas_addr);
855     info.stripe_size = 3;
856     info.flush_time = 4;
857     info.background_rate = 30;
858     info.allow_mix_in_enclosure = 1;
859     info.allow_mix_in_ld = 1;
860     info.direct_pd_mapping = 1;
861     /* Enable for BIOS support */
862     info.bios_enumerate_lds = 1;
863     info.disable_ctrl_r = 1;
864     info.expose_enclosure_devices = 1;
865     info.disable_preboot_cli = 1;
866     info.cluster_disable = 1;
867 
868     cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
869     return MFI_STAT_OK;
870 }
871 
872 static int megasas_dcmd_get_bios_info(MegasasState *s, MegasasCmd *cmd)
873 {
874     struct mfi_bios_data info;
875     size_t dcmd_size = sizeof(info);
876 
877     memset(&info, 0x0, dcmd_size);
878     if (cmd->iov_size < dcmd_size) {
879         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
880                                             dcmd_size);
881         return MFI_STAT_INVALID_PARAMETER;
882     }
883     info.continue_on_error = 1;
884     info.verbose = 1;
885     if (megasas_is_jbod(s)) {
886         info.expose_all_drives = 1;
887     }
888 
889     cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
890     return MFI_STAT_OK;
891 }
892 
893 static int megasas_dcmd_get_fw_time(MegasasState *s, MegasasCmd *cmd)
894 {
895     uint64_t fw_time;
896     size_t dcmd_size = sizeof(fw_time);
897 
898     fw_time = cpu_to_le64(megasas_fw_time());
899 
900     cmd->iov_size -= dma_buf_read((uint8_t *)&fw_time, dcmd_size, &cmd->qsg);
901     return MFI_STAT_OK;
902 }
903 
904 static int megasas_dcmd_set_fw_time(MegasasState *s, MegasasCmd *cmd)
905 {
906     uint64_t fw_time;
907 
908     /* This is a dummy; setting of firmware time is not allowed */
909     memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
910 
911     trace_megasas_dcmd_set_fw_time(cmd->index, fw_time);
912     fw_time = cpu_to_le64(megasas_fw_time());
913     return MFI_STAT_OK;
914 }
915 
916 static int megasas_event_info(MegasasState *s, MegasasCmd *cmd)
917 {
918     struct mfi_evt_log_state info;
919     size_t dcmd_size = sizeof(info);
920 
921     memset(&info, 0, dcmd_size);
922 
923     info.newest_seq_num = cpu_to_le32(s->event_count);
924     info.shutdown_seq_num = cpu_to_le32(s->shutdown_event);
925     info.boot_seq_num = cpu_to_le32(s->boot_event);
926 
927     cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
928     return MFI_STAT_OK;
929 }
930 
931 static int megasas_event_wait(MegasasState *s, MegasasCmd *cmd)
932 {
933     union mfi_evt event;
934 
935     if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
936         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
937                                             sizeof(struct mfi_evt_detail));
938         return MFI_STAT_INVALID_PARAMETER;
939     }
940     s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
941     event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
942     s->event_locale = event.members.locale;
943     s->event_class = event.members.class;
944     s->event_cmd = cmd;
945     /* Decrease busy count; event frame doesn't count here */
946     s->busy--;
947     cmd->iov_size = sizeof(struct mfi_evt_detail);
948     return MFI_STAT_INVALID_STATUS;
949 }
950 
951 static int megasas_dcmd_pd_get_list(MegasasState *s, MegasasCmd *cmd)
952 {
953     struct mfi_pd_list info;
954     size_t dcmd_size = sizeof(info);
955     BusChild *kid;
956     uint32_t offset, dcmd_limit, num_pd_disks = 0, max_pd_disks;
957 
958     memset(&info, 0, dcmd_size);
959     offset = 8;
960     dcmd_limit = offset + sizeof(struct mfi_pd_address);
961     if (cmd->iov_size < dcmd_limit) {
962         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
963                                             dcmd_limit);
964         return MFI_STAT_INVALID_PARAMETER;
965     }
966 
967     max_pd_disks = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
968     if (max_pd_disks > MFI_MAX_SYS_PDS) {
969         max_pd_disks = MFI_MAX_SYS_PDS;
970     }
971     QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
972         SCSIDevice *sdev = SCSI_DEVICE(kid->child);
973         uint16_t pd_id;
974 
975         if (num_pd_disks >= max_pd_disks)
976             break;
977 
978         pd_id = ((sdev->id & 0xFF) << 8) | (sdev->lun & 0xFF);
979         info.addr[num_pd_disks].device_id = cpu_to_le16(pd_id);
980         info.addr[num_pd_disks].encl_device_id = 0xFFFF;
981         info.addr[num_pd_disks].encl_index = 0;
982         info.addr[num_pd_disks].slot_number = sdev->id & 0xFF;
983         info.addr[num_pd_disks].scsi_dev_type = sdev->type;
984         info.addr[num_pd_disks].connect_port_bitmap = 0x1;
985         info.addr[num_pd_disks].sas_addr[0] =
986             cpu_to_le64(megasas_get_sata_addr(pd_id));
987         num_pd_disks++;
988         offset += sizeof(struct mfi_pd_address);
989     }
990     trace_megasas_dcmd_pd_get_list(cmd->index, num_pd_disks,
991                                    max_pd_disks, offset);
992 
993     info.size = cpu_to_le32(offset);
994     info.count = cpu_to_le32(num_pd_disks);
995 
996     cmd->iov_size -= dma_buf_read((uint8_t *)&info, offset, &cmd->qsg);
997     return MFI_STAT_OK;
998 }
999 
1000 static int megasas_dcmd_pd_list_query(MegasasState *s, MegasasCmd *cmd)
1001 {
1002     uint16_t flags;
1003 
1004     /* mbox0 contains flags */
1005     flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
1006     trace_megasas_dcmd_pd_list_query(cmd->index, flags);
1007     if (flags == MR_PD_QUERY_TYPE_ALL ||
1008         megasas_is_jbod(s)) {
1009         return megasas_dcmd_pd_get_list(s, cmd);
1010     }
1011 
1012     return MFI_STAT_OK;
1013 }
1014 
1015 static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
1016                                       MegasasCmd *cmd)
1017 {
1018     struct mfi_pd_info *info = cmd->iov_buf;
1019     size_t dcmd_size = sizeof(struct mfi_pd_info);
1020     uint64_t pd_size;
1021     uint16_t pd_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
1022     uint8_t cmdbuf[6];
1023     size_t len, resid;
1024 
1025     if (!cmd->iov_buf) {
1026         cmd->iov_buf = g_malloc0(dcmd_size);
1027         info = cmd->iov_buf;
1028         info->inquiry_data[0] = 0x7f; /* Force PQual 0x3, PType 0x1f */
1029         info->vpd_page83[0] = 0x7f;
1030         megasas_setup_inquiry(cmdbuf, 0, sizeof(info->inquiry_data));
1031         cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
1032         if (!cmd->req) {
1033             trace_megasas_dcmd_req_alloc_failed(cmd->index,
1034                                                 "PD get info std inquiry");
1035             g_free(cmd->iov_buf);
1036             cmd->iov_buf = NULL;
1037             return MFI_STAT_FLASH_ALLOC_FAIL;
1038         }
1039         trace_megasas_dcmd_internal_submit(cmd->index,
1040                                            "PD get info std inquiry", lun);
1041         len = scsi_req_enqueue(cmd->req);
1042         if (len > 0) {
1043             cmd->iov_size = len;
1044             scsi_req_continue(cmd->req);
1045         }
1046         return MFI_STAT_INVALID_STATUS;
1047     } else if (info->inquiry_data[0] != 0x7f && info->vpd_page83[0] == 0x7f) {
1048         megasas_setup_inquiry(cmdbuf, 0x83, sizeof(info->vpd_page83));
1049         cmd->req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
1050         if (!cmd->req) {
1051             trace_megasas_dcmd_req_alloc_failed(cmd->index,
1052                                                 "PD get info vpd inquiry");
1053             return MFI_STAT_FLASH_ALLOC_FAIL;
1054         }
1055         trace_megasas_dcmd_internal_submit(cmd->index,
1056                                            "PD get info vpd inquiry", lun);
1057         len = scsi_req_enqueue(cmd->req);
1058         if (len > 0) {
1059             cmd->iov_size = len;
1060             scsi_req_continue(cmd->req);
1061         }
1062         return MFI_STAT_INVALID_STATUS;
1063     }
1064     /* Finished, set FW state */
1065     if ((info->inquiry_data[0] >> 5) == 0) {
1066         if (megasas_is_jbod(cmd->state)) {
1067             info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
1068         } else {
1069             info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
1070         }
1071     } else {
1072         info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
1073     }
1074 
1075     info->ref.v.device_id = cpu_to_le16(pd_id);
1076     info->state.ddf.pd_type = cpu_to_le16(MFI_PD_DDF_TYPE_IN_VD|
1077                                           MFI_PD_DDF_TYPE_INTF_SAS);
1078     blk_get_geometry(sdev->conf.blk, &pd_size);
1079     info->raw_size = cpu_to_le64(pd_size);
1080     info->non_coerced_size = cpu_to_le64(pd_size);
1081     info->coerced_size = cpu_to_le64(pd_size);
1082     info->encl_device_id = 0xFFFF;
1083     info->slot_number = (sdev->id & 0xFF);
1084     info->path_info.count = 1;
1085     info->path_info.sas_addr[0] =
1086         cpu_to_le64(megasas_get_sata_addr(pd_id));
1087     info->connected_port_bitmap = 0x1;
1088     info->device_speed = 1;
1089     info->link_speed = 1;
1090     resid = dma_buf_read(cmd->iov_buf, dcmd_size, &cmd->qsg);
1091     g_free(cmd->iov_buf);
1092     cmd->iov_size = dcmd_size - resid;
1093     cmd->iov_buf = NULL;
1094     return MFI_STAT_OK;
1095 }
1096 
1097 static int megasas_dcmd_pd_get_info(MegasasState *s, MegasasCmd *cmd)
1098 {
1099     size_t dcmd_size = sizeof(struct mfi_pd_info);
1100     uint16_t pd_id;
1101     uint8_t target_id, lun_id;
1102     SCSIDevice *sdev = NULL;
1103     int retval = MFI_STAT_DEVICE_NOT_FOUND;
1104 
1105     if (cmd->iov_size < dcmd_size) {
1106         return MFI_STAT_INVALID_PARAMETER;
1107     }
1108 
1109     /* mbox0 has the ID */
1110     pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
1111     target_id = (pd_id >> 8) & 0xFF;
1112     lun_id = pd_id & 0xFF;
1113     sdev = scsi_device_find(&s->bus, 0, target_id, lun_id);
1114     trace_megasas_dcmd_pd_get_info(cmd->index, pd_id);
1115 
1116     if (sdev) {
1117         /* Submit inquiry */
1118         retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
1119     }
1120 
1121     return retval;
1122 }
1123 
1124 static int megasas_dcmd_ld_get_list(MegasasState *s, MegasasCmd *cmd)
1125 {
1126     struct mfi_ld_list info;
1127     size_t dcmd_size = sizeof(info), resid;
1128     uint32_t num_ld_disks = 0, max_ld_disks;
1129     uint64_t ld_size;
1130     BusChild *kid;
1131 
1132     memset(&info, 0, dcmd_size);
1133     if (cmd->iov_size > dcmd_size) {
1134         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
1135                                             dcmd_size);
1136         return MFI_STAT_INVALID_PARAMETER;
1137     }
1138 
1139     max_ld_disks = (cmd->iov_size - 8) / 16;
1140     if (megasas_is_jbod(s)) {
1141         max_ld_disks = 0;
1142     }
1143     if (max_ld_disks > MFI_MAX_LD) {
1144         max_ld_disks = MFI_MAX_LD;
1145     }
1146     QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
1147         SCSIDevice *sdev = SCSI_DEVICE(kid->child);
1148 
1149         if (num_ld_disks >= max_ld_disks) {
1150             break;
1151         }
1152         /* Logical device size is in blocks */
1153         blk_get_geometry(sdev->conf.blk, &ld_size);
1154         info.ld_list[num_ld_disks].ld.v.target_id = sdev->id;
1155         info.ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
1156         info.ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
1157         num_ld_disks++;
1158     }
1159     info.ld_count = cpu_to_le32(num_ld_disks);
1160     trace_megasas_dcmd_ld_get_list(cmd->index, num_ld_disks, max_ld_disks);
1161 
1162     resid = dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
1163     cmd->iov_size = dcmd_size - resid;
1164     return MFI_STAT_OK;
1165 }
1166 
1167 static int megasas_dcmd_ld_list_query(MegasasState *s, MegasasCmd *cmd)
1168 {
1169     uint16_t flags;
1170     struct mfi_ld_targetid_list info;
1171     size_t dcmd_size = sizeof(info), resid;
1172     uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
1173     BusChild *kid;
1174 
1175     /* mbox0 contains flags */
1176     flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
1177     trace_megasas_dcmd_ld_list_query(cmd->index, flags);
1178     if (flags != MR_LD_QUERY_TYPE_ALL &&
1179         flags != MR_LD_QUERY_TYPE_EXPOSED_TO_HOST) {
1180         max_ld_disks = 0;
1181     }
1182 
1183     memset(&info, 0, dcmd_size);
1184     if (cmd->iov_size < 12) {
1185         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
1186                                             dcmd_size);
1187         return MFI_STAT_INVALID_PARAMETER;
1188     }
1189     dcmd_size = sizeof(uint32_t) * 2 + 3;
1190     max_ld_disks = cmd->iov_size - dcmd_size;
1191     if (megasas_is_jbod(s)) {
1192         max_ld_disks = 0;
1193     }
1194     if (max_ld_disks > MFI_MAX_LD) {
1195         max_ld_disks = MFI_MAX_LD;
1196     }
1197     QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
1198         SCSIDevice *sdev = SCSI_DEVICE(kid->child);
1199 
1200         if (num_ld_disks >= max_ld_disks) {
1201             break;
1202         }
1203         info.targetid[num_ld_disks] = sdev->lun;
1204         num_ld_disks++;
1205         dcmd_size++;
1206     }
1207     info.ld_count = cpu_to_le32(num_ld_disks);
1208     info.size = dcmd_size;
1209     trace_megasas_dcmd_ld_get_list(cmd->index, num_ld_disks, max_ld_disks);
1210 
1211     resid = dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
1212     cmd->iov_size = dcmd_size - resid;
1213     return MFI_STAT_OK;
1214 }
1215 
1216 static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
1217                                       MegasasCmd *cmd)
1218 {
1219     struct mfi_ld_info *info = cmd->iov_buf;
1220     size_t dcmd_size = sizeof(struct mfi_ld_info);
1221     uint8_t cdb[6];
1222     ssize_t len, resid;
1223     uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (lun & 0xFF);
1224     uint64_t ld_size;
1225 
1226     if (!cmd->iov_buf) {
1227         cmd->iov_buf = g_malloc0(dcmd_size);
1228         info = cmd->iov_buf;
1229         megasas_setup_inquiry(cdb, 0x83, sizeof(info->vpd_page83));
1230         cmd->req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
1231         if (!cmd->req) {
1232             trace_megasas_dcmd_req_alloc_failed(cmd->index,
1233                                                 "LD get info vpd inquiry");
1234             g_free(cmd->iov_buf);
1235             cmd->iov_buf = NULL;
1236             return MFI_STAT_FLASH_ALLOC_FAIL;
1237         }
1238         trace_megasas_dcmd_internal_submit(cmd->index,
1239                                            "LD get info vpd inquiry", lun);
1240         len = scsi_req_enqueue(cmd->req);
1241         if (len > 0) {
1242             cmd->iov_size = len;
1243             scsi_req_continue(cmd->req);
1244         }
1245         return MFI_STAT_INVALID_STATUS;
1246     }
1247 
1248     info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
1249     info->ld_config.properties.ld.v.target_id = lun;
1250     info->ld_config.params.stripe_size = 3;
1251     info->ld_config.params.num_drives = 1;
1252     info->ld_config.params.is_consistent = 1;
1253     /* Logical device size is in blocks */
1254     blk_get_geometry(sdev->conf.blk, &ld_size);
1255     info->size = cpu_to_le64(ld_size);
1256     memset(info->ld_config.span, 0, sizeof(info->ld_config.span));
1257     info->ld_config.span[0].start_block = 0;
1258     info->ld_config.span[0].num_blocks = info->size;
1259     info->ld_config.span[0].array_ref = cpu_to_le16(sdev_id);
1260 
1261     resid = dma_buf_read(cmd->iov_buf, dcmd_size, &cmd->qsg);
1262     g_free(cmd->iov_buf);
1263     cmd->iov_size = dcmd_size - resid;
1264     cmd->iov_buf = NULL;
1265     return MFI_STAT_OK;
1266 }
1267 
1268 static int megasas_dcmd_ld_get_info(MegasasState *s, MegasasCmd *cmd)
1269 {
1270     struct mfi_ld_info info;
1271     size_t dcmd_size = sizeof(info);
1272     uint16_t ld_id;
1273     uint32_t max_ld_disks = s->fw_luns;
1274     SCSIDevice *sdev = NULL;
1275     int retval = MFI_STAT_DEVICE_NOT_FOUND;
1276 
1277     if (cmd->iov_size < dcmd_size) {
1278         return MFI_STAT_INVALID_PARAMETER;
1279     }
1280 
1281     /* mbox0 has the ID */
1282     ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
1283     trace_megasas_dcmd_ld_get_info(cmd->index, ld_id);
1284 
1285     if (megasas_is_jbod(s)) {
1286         return MFI_STAT_DEVICE_NOT_FOUND;
1287     }
1288 
1289     if (ld_id < max_ld_disks) {
1290         sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
1291     }
1292 
1293     if (sdev) {
1294         retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
1295     }
1296 
1297     return retval;
1298 }
1299 
1300 static int megasas_dcmd_cfg_read(MegasasState *s, MegasasCmd *cmd)
1301 {
1302     uint8_t data[4096] = { 0 };
1303     struct mfi_config_data *info;
1304     int num_pd_disks = 0, array_offset, ld_offset;
1305     BusChild *kid;
1306 
1307     if (cmd->iov_size > 4096) {
1308         return MFI_STAT_INVALID_PARAMETER;
1309     }
1310 
1311     QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
1312         num_pd_disks++;
1313     }
1314     info = (struct mfi_config_data *)&data;
1315     /*
1316      * Array mapping:
1317      * - One array per SCSI device
1318      * - One logical drive per SCSI device
1319      *   spanning the entire device
1320      */
1321     info->array_count = num_pd_disks;
1322     info->array_size = sizeof(struct mfi_array) * num_pd_disks;
1323     info->log_drv_count = num_pd_disks;
1324     info->log_drv_size = sizeof(struct mfi_ld_config) * num_pd_disks;
1325     info->spares_count = 0;
1326     info->spares_size = sizeof(struct mfi_spare);
1327     info->size = sizeof(struct mfi_config_data) + info->array_size +
1328         info->log_drv_size;
1329     if (info->size > 4096) {
1330         return MFI_STAT_INVALID_PARAMETER;
1331     }
1332 
1333     array_offset = sizeof(struct mfi_config_data);
1334     ld_offset = array_offset + sizeof(struct mfi_array) * num_pd_disks;
1335 
1336     QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
1337         SCSIDevice *sdev = SCSI_DEVICE(kid->child);
1338         uint16_t sdev_id = ((sdev->id & 0xFF) << 8) | (sdev->lun & 0xFF);
1339         struct mfi_array *array;
1340         struct mfi_ld_config *ld;
1341         uint64_t pd_size;
1342         int i;
1343 
1344         array = (struct mfi_array *)(data + array_offset);
1345         blk_get_geometry(sdev->conf.blk, &pd_size);
1346         array->size = cpu_to_le64(pd_size);
1347         array->num_drives = 1;
1348         array->array_ref = cpu_to_le16(sdev_id);
1349         array->pd[0].ref.v.device_id = cpu_to_le16(sdev_id);
1350         array->pd[0].ref.v.seq_num = 0;
1351         array->pd[0].fw_state = MFI_PD_STATE_ONLINE;
1352         array->pd[0].encl.pd = 0xFF;
1353         array->pd[0].encl.slot = (sdev->id & 0xFF);
1354         for (i = 1; i < MFI_MAX_ROW_SIZE; i++) {
1355             array->pd[i].ref.v.device_id = 0xFFFF;
1356             array->pd[i].ref.v.seq_num = 0;
1357             array->pd[i].fw_state = MFI_PD_STATE_UNCONFIGURED_GOOD;
1358             array->pd[i].encl.pd = 0xFF;
1359             array->pd[i].encl.slot = 0xFF;
1360         }
1361         array_offset += sizeof(struct mfi_array);
1362         ld = (struct mfi_ld_config *)(data + ld_offset);
1363         memset(ld, 0, sizeof(struct mfi_ld_config));
1364         ld->properties.ld.v.target_id = sdev->id;
1365         ld->properties.default_cache_policy = MR_LD_CACHE_READ_AHEAD |
1366             MR_LD_CACHE_READ_ADAPTIVE;
1367         ld->properties.current_cache_policy = MR_LD_CACHE_READ_AHEAD |
1368             MR_LD_CACHE_READ_ADAPTIVE;
1369         ld->params.state = MFI_LD_STATE_OPTIMAL;
1370         ld->params.stripe_size = 3;
1371         ld->params.num_drives = 1;
1372         ld->params.span_depth = 1;
1373         ld->params.is_consistent = 1;
1374         ld->span[0].start_block = 0;
1375         ld->span[0].num_blocks = cpu_to_le64(pd_size);
1376         ld->span[0].array_ref = cpu_to_le16(sdev_id);
1377         ld_offset += sizeof(struct mfi_ld_config);
1378     }
1379 
1380     cmd->iov_size -= dma_buf_read((uint8_t *)data, info->size, &cmd->qsg);
1381     return MFI_STAT_OK;
1382 }
1383 
1384 static int megasas_dcmd_get_properties(MegasasState *s, MegasasCmd *cmd)
1385 {
1386     struct mfi_ctrl_props info;
1387     size_t dcmd_size = sizeof(info);
1388 
1389     memset(&info, 0x0, dcmd_size);
1390     if (cmd->iov_size < dcmd_size) {
1391         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
1392                                             dcmd_size);
1393         return MFI_STAT_INVALID_PARAMETER;
1394     }
1395     info.pred_fail_poll_interval = cpu_to_le16(300);
1396     info.intr_throttle_cnt = cpu_to_le16(16);
1397     info.intr_throttle_timeout = cpu_to_le16(50);
1398     info.rebuild_rate = 30;
1399     info.patrol_read_rate = 30;
1400     info.bgi_rate = 30;
1401     info.cc_rate = 30;
1402     info.recon_rate = 30;
1403     info.cache_flush_interval = 4;
1404     info.spinup_drv_cnt = 2;
1405     info.spinup_delay = 6;
1406     info.ecc_bucket_size = 15;
1407     info.ecc_bucket_leak_rate = cpu_to_le16(1440);
1408     info.expose_encl_devices = 1;
1409 
1410     cmd->iov_size -= dma_buf_read((uint8_t *)&info, dcmd_size, &cmd->qsg);
1411     return MFI_STAT_OK;
1412 }
1413 
1414 static int megasas_cache_flush(MegasasState *s, MegasasCmd *cmd)
1415 {
1416     blk_drain_all();
1417     return MFI_STAT_OK;
1418 }
1419 
1420 static int megasas_ctrl_shutdown(MegasasState *s, MegasasCmd *cmd)
1421 {
1422     s->fw_state = MFI_FWSTATE_READY;
1423     return MFI_STAT_OK;
1424 }
1425 
1426 /* Some implementations use CLUSTER RESET LD to simulate a device reset */
1427 static int megasas_cluster_reset_ld(MegasasState *s, MegasasCmd *cmd)
1428 {
1429     uint16_t target_id;
1430     int i;
1431 
1432     /* mbox0 contains the device index */
1433     target_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
1434     trace_megasas_dcmd_reset_ld(cmd->index, target_id);
1435     for (i = 0; i < s->fw_cmds; i++) {
1436         MegasasCmd *tmp_cmd = &s->frames[i];
1437         if (tmp_cmd->req && tmp_cmd->req->dev->id == target_id) {
1438             SCSIDevice *d = tmp_cmd->req->dev;
1439             qdev_reset_all(&d->qdev);
1440         }
1441     }
1442     return MFI_STAT_OK;
1443 }
1444 
1445 static int megasas_dcmd_set_properties(MegasasState *s, MegasasCmd *cmd)
1446 {
1447     struct mfi_ctrl_props info;
1448     size_t dcmd_size = sizeof(info);
1449 
1450     if (cmd->iov_size < dcmd_size) {
1451         trace_megasas_dcmd_invalid_xfer_len(cmd->index, cmd->iov_size,
1452                                             dcmd_size);
1453         return MFI_STAT_INVALID_PARAMETER;
1454     }
1455     dma_buf_write((uint8_t *)&info, dcmd_size, &cmd->qsg);
1456     trace_megasas_dcmd_unsupported(cmd->index, cmd->iov_size);
1457     return MFI_STAT_OK;
1458 }
1459 
1460 static int megasas_dcmd_dummy(MegasasState *s, MegasasCmd *cmd)
1461 {
1462     trace_megasas_dcmd_dummy(cmd->index, cmd->iov_size);
1463     return MFI_STAT_OK;
1464 }
1465 
1466 static const struct dcmd_cmd_tbl_t {
1467     int opcode;
1468     const char *desc;
1469     int (*func)(MegasasState *s, MegasasCmd *cmd);
1470 } dcmd_cmd_tbl[] = {
1471     { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, "CTRL_HOST_MEM_ALLOC",
1472       megasas_dcmd_dummy },
1473     { MFI_DCMD_CTRL_GET_INFO, "CTRL_GET_INFO",
1474       megasas_ctrl_get_info },
1475     { MFI_DCMD_CTRL_GET_PROPERTIES, "CTRL_GET_PROPERTIES",
1476       megasas_dcmd_get_properties },
1477     { MFI_DCMD_CTRL_SET_PROPERTIES, "CTRL_SET_PROPERTIES",
1478       megasas_dcmd_set_properties },
1479     { MFI_DCMD_CTRL_ALARM_GET, "CTRL_ALARM_GET",
1480       megasas_dcmd_dummy },
1481     { MFI_DCMD_CTRL_ALARM_ENABLE, "CTRL_ALARM_ENABLE",
1482       megasas_dcmd_dummy },
1483     { MFI_DCMD_CTRL_ALARM_DISABLE, "CTRL_ALARM_DISABLE",
1484       megasas_dcmd_dummy },
1485     { MFI_DCMD_CTRL_ALARM_SILENCE, "CTRL_ALARM_SILENCE",
1486       megasas_dcmd_dummy },
1487     { MFI_DCMD_CTRL_ALARM_TEST, "CTRL_ALARM_TEST",
1488       megasas_dcmd_dummy },
1489     { MFI_DCMD_CTRL_EVENT_GETINFO, "CTRL_EVENT_GETINFO",
1490       megasas_event_info },
1491     { MFI_DCMD_CTRL_EVENT_GET, "CTRL_EVENT_GET",
1492       megasas_dcmd_dummy },
1493     { MFI_DCMD_CTRL_EVENT_WAIT, "CTRL_EVENT_WAIT",
1494       megasas_event_wait },
1495     { MFI_DCMD_CTRL_SHUTDOWN, "CTRL_SHUTDOWN",
1496       megasas_ctrl_shutdown },
1497     { MFI_DCMD_HIBERNATE_STANDBY, "CTRL_STANDBY",
1498       megasas_dcmd_dummy },
1499     { MFI_DCMD_CTRL_GET_TIME, "CTRL_GET_TIME",
1500       megasas_dcmd_get_fw_time },
1501     { MFI_DCMD_CTRL_SET_TIME, "CTRL_SET_TIME",
1502       megasas_dcmd_set_fw_time },
1503     { MFI_DCMD_CTRL_BIOS_DATA_GET, "CTRL_BIOS_DATA_GET",
1504       megasas_dcmd_get_bios_info },
1505     { MFI_DCMD_CTRL_FACTORY_DEFAULTS, "CTRL_FACTORY_DEFAULTS",
1506       megasas_dcmd_dummy },
1507     { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, "CTRL_MFC_DEFAULTS_GET",
1508       megasas_mfc_get_defaults },
1509     { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, "CTRL_MFC_DEFAULTS_SET",
1510       megasas_dcmd_dummy },
1511     { MFI_DCMD_CTRL_CACHE_FLUSH, "CTRL_CACHE_FLUSH",
1512       megasas_cache_flush },
1513     { MFI_DCMD_PD_GET_LIST, "PD_GET_LIST",
1514       megasas_dcmd_pd_get_list },
1515     { MFI_DCMD_PD_LIST_QUERY, "PD_LIST_QUERY",
1516       megasas_dcmd_pd_list_query },
1517     { MFI_DCMD_PD_GET_INFO, "PD_GET_INFO",
1518       megasas_dcmd_pd_get_info },
1519     { MFI_DCMD_PD_STATE_SET, "PD_STATE_SET",
1520       megasas_dcmd_dummy },
1521     { MFI_DCMD_PD_REBUILD, "PD_REBUILD",
1522       megasas_dcmd_dummy },
1523     { MFI_DCMD_PD_BLINK, "PD_BLINK",
1524       megasas_dcmd_dummy },
1525     { MFI_DCMD_PD_UNBLINK, "PD_UNBLINK",
1526       megasas_dcmd_dummy },
1527     { MFI_DCMD_LD_GET_LIST, "LD_GET_LIST",
1528       megasas_dcmd_ld_get_list},
1529     { MFI_DCMD_LD_LIST_QUERY, "LD_LIST_QUERY",
1530       megasas_dcmd_ld_list_query },
1531     { MFI_DCMD_LD_GET_INFO, "LD_GET_INFO",
1532       megasas_dcmd_ld_get_info },
1533     { MFI_DCMD_LD_GET_PROP, "LD_GET_PROP",
1534       megasas_dcmd_dummy },
1535     { MFI_DCMD_LD_SET_PROP, "LD_SET_PROP",
1536       megasas_dcmd_dummy },
1537     { MFI_DCMD_LD_DELETE, "LD_DELETE",
1538       megasas_dcmd_dummy },
1539     { MFI_DCMD_CFG_READ, "CFG_READ",
1540       megasas_dcmd_cfg_read },
1541     { MFI_DCMD_CFG_ADD, "CFG_ADD",
1542       megasas_dcmd_dummy },
1543     { MFI_DCMD_CFG_CLEAR, "CFG_CLEAR",
1544       megasas_dcmd_dummy },
1545     { MFI_DCMD_CFG_FOREIGN_READ, "CFG_FOREIGN_READ",
1546       megasas_dcmd_dummy },
1547     { MFI_DCMD_CFG_FOREIGN_IMPORT, "CFG_FOREIGN_IMPORT",
1548       megasas_dcmd_dummy },
1549     { MFI_DCMD_BBU_STATUS, "BBU_STATUS",
1550       megasas_dcmd_dummy },
1551     { MFI_DCMD_BBU_CAPACITY_INFO, "BBU_CAPACITY_INFO",
1552       megasas_dcmd_dummy },
1553     { MFI_DCMD_BBU_DESIGN_INFO, "BBU_DESIGN_INFO",
1554       megasas_dcmd_dummy },
1555     { MFI_DCMD_BBU_PROP_GET, "BBU_PROP_GET",
1556       megasas_dcmd_dummy },
1557     { MFI_DCMD_CLUSTER, "CLUSTER",
1558       megasas_dcmd_dummy },
1559     { MFI_DCMD_CLUSTER_RESET_ALL, "CLUSTER_RESET_ALL",
1560       megasas_dcmd_dummy },
1561     { MFI_DCMD_CLUSTER_RESET_LD, "CLUSTER_RESET_LD",
1562       megasas_cluster_reset_ld },
1563     { -1, NULL, NULL }
1564 };
1565 
1566 static int megasas_handle_dcmd(MegasasState *s, MegasasCmd *cmd)
1567 {
1568     int retval = 0;
1569     size_t len;
1570     const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
1571 
1572     cmd->dcmd_opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
1573     trace_megasas_handle_dcmd(cmd->index, cmd->dcmd_opcode);
1574     if (megasas_map_dcmd(s, cmd) < 0) {
1575         return MFI_STAT_MEMORY_NOT_AVAILABLE;
1576     }
1577     while (cmdptr->opcode != -1 && cmdptr->opcode != cmd->dcmd_opcode) {
1578         cmdptr++;
1579     }
1580     len = cmd->iov_size;
1581     if (cmdptr->opcode == -1) {
1582         trace_megasas_dcmd_unhandled(cmd->index, cmd->dcmd_opcode, len);
1583         retval = megasas_dcmd_dummy(s, cmd);
1584     } else {
1585         trace_megasas_dcmd_enter(cmd->index, cmdptr->desc, len);
1586         retval = cmdptr->func(s, cmd);
1587     }
1588     if (retval != MFI_STAT_INVALID_STATUS) {
1589         megasas_finish_dcmd(cmd, len);
1590     }
1591     return retval;
1592 }
1593 
1594 static int megasas_finish_internal_dcmd(MegasasCmd *cmd,
1595                                         SCSIRequest *req, size_t resid)
1596 {
1597     int retval = MFI_STAT_OK;
1598     int lun = req->lun;
1599 
1600     trace_megasas_dcmd_internal_finish(cmd->index, cmd->dcmd_opcode, lun);
1601     cmd->iov_size -= resid;
1602     switch (cmd->dcmd_opcode) {
1603     case MFI_DCMD_PD_GET_INFO:
1604         retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
1605         break;
1606     case MFI_DCMD_LD_GET_INFO:
1607         retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
1608         break;
1609     default:
1610         trace_megasas_dcmd_internal_invalid(cmd->index, cmd->dcmd_opcode);
1611         retval = MFI_STAT_INVALID_DCMD;
1612         break;
1613     }
1614     if (retval != MFI_STAT_INVALID_STATUS) {
1615         megasas_finish_dcmd(cmd, cmd->iov_size);
1616     }
1617     return retval;
1618 }
1619 
1620 static int megasas_enqueue_req(MegasasCmd *cmd, bool is_write)
1621 {
1622     int len;
1623 
1624     len = scsi_req_enqueue(cmd->req);
1625     if (len < 0) {
1626         len = -len;
1627     }
1628     if (len > 0) {
1629         if (len > cmd->iov_size) {
1630             if (is_write) {
1631                 trace_megasas_iov_write_overflow(cmd->index, len,
1632                                                  cmd->iov_size);
1633             } else {
1634                 trace_megasas_iov_read_overflow(cmd->index, len,
1635                                                 cmd->iov_size);
1636             }
1637         }
1638         if (len < cmd->iov_size) {
1639             if (is_write) {
1640                 trace_megasas_iov_write_underflow(cmd->index, len,
1641                                                   cmd->iov_size);
1642             } else {
1643                 trace_megasas_iov_read_underflow(cmd->index, len,
1644                                                  cmd->iov_size);
1645             }
1646             cmd->iov_size = len;
1647         }
1648         scsi_req_continue(cmd->req);
1649     }
1650     return len;
1651 }
1652 
1653 static int megasas_handle_scsi(MegasasState *s, MegasasCmd *cmd,
1654                                int frame_cmd)
1655 {
1656     uint8_t *cdb;
1657     int target_id, lun_id, cdb_len;
1658     bool is_write;
1659     struct SCSIDevice *sdev = NULL;
1660     bool is_logical = (frame_cmd == MFI_CMD_LD_SCSI_IO);
1661 
1662     cdb = cmd->frame->pass.cdb;
1663     target_id = cmd->frame->header.target_id;
1664     lun_id = cmd->frame->header.lun_id;
1665     cdb_len = cmd->frame->header.cdb_len;
1666 
1667     if (is_logical) {
1668         if (target_id >= MFI_MAX_LD || lun_id != 0) {
1669             trace_megasas_scsi_target_not_present(
1670                 mfi_frame_desc[frame_cmd], is_logical, target_id, lun_id);
1671             return MFI_STAT_DEVICE_NOT_FOUND;
1672         }
1673     }
1674     sdev = scsi_device_find(&s->bus, 0, target_id, lun_id);
1675 
1676     cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
1677     trace_megasas_handle_scsi(mfi_frame_desc[frame_cmd], is_logical,
1678                               target_id, lun_id, sdev, cmd->iov_size);
1679 
1680     if (!sdev || (megasas_is_jbod(s) && is_logical)) {
1681         trace_megasas_scsi_target_not_present(
1682             mfi_frame_desc[frame_cmd], is_logical, target_id, lun_id);
1683         return MFI_STAT_DEVICE_NOT_FOUND;
1684     }
1685 
1686     if (cdb_len > 16) {
1687         trace_megasas_scsi_invalid_cdb_len(
1688                 mfi_frame_desc[frame_cmd], is_logical,
1689                 target_id, lun_id, cdb_len);
1690         megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
1691         cmd->frame->header.scsi_status = CHECK_CONDITION;
1692         s->event_count++;
1693         return MFI_STAT_SCSI_DONE_WITH_ERROR;
1694     }
1695 
1696     if (megasas_map_sgl(s, cmd, &cmd->frame->pass.sgl)) {
1697         megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
1698         cmd->frame->header.scsi_status = CHECK_CONDITION;
1699         s->event_count++;
1700         return MFI_STAT_SCSI_DONE_WITH_ERROR;
1701     }
1702 
1703     cmd->req = scsi_req_new(sdev, cmd->index, lun_id, cdb, cmd);
1704     if (!cmd->req) {
1705         trace_megasas_scsi_req_alloc_failed(
1706                 mfi_frame_desc[frame_cmd], target_id, lun_id);
1707         megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
1708         cmd->frame->header.scsi_status = BUSY;
1709         s->event_count++;
1710         return MFI_STAT_SCSI_DONE_WITH_ERROR;
1711     }
1712 
1713     is_write = (cmd->req->cmd.mode == SCSI_XFER_TO_DEV);
1714     if (cmd->iov_size) {
1715         if (is_write) {
1716             trace_megasas_scsi_write_start(cmd->index, cmd->iov_size);
1717         } else {
1718             trace_megasas_scsi_read_start(cmd->index, cmd->iov_size);
1719         }
1720     } else {
1721         trace_megasas_scsi_nodata(cmd->index);
1722     }
1723     megasas_enqueue_req(cmd, is_write);
1724     return MFI_STAT_INVALID_STATUS;
1725 }
1726 
1727 static int megasas_handle_io(MegasasState *s, MegasasCmd *cmd, int frame_cmd)
1728 {
1729     uint32_t lba_count, lba_start_hi, lba_start_lo;
1730     uint64_t lba_start;
1731     bool is_write = (frame_cmd == MFI_CMD_LD_WRITE);
1732     uint8_t cdb[16];
1733     int len;
1734     struct SCSIDevice *sdev = NULL;
1735     int target_id, lun_id, cdb_len;
1736 
1737     lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
1738     lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
1739     lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
1740     lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
1741 
1742     target_id = cmd->frame->header.target_id;
1743     lun_id = cmd->frame->header.lun_id;
1744     cdb_len = cmd->frame->header.cdb_len;
1745 
1746     if (target_id < MFI_MAX_LD && lun_id == 0) {
1747         sdev = scsi_device_find(&s->bus, 0, target_id, lun_id);
1748     }
1749 
1750     trace_megasas_handle_io(cmd->index,
1751                             mfi_frame_desc[frame_cmd], target_id, lun_id,
1752                             (unsigned long)lba_start, (unsigned long)lba_count);
1753     if (!sdev) {
1754         trace_megasas_io_target_not_present(cmd->index,
1755             mfi_frame_desc[frame_cmd], target_id, lun_id);
1756         return MFI_STAT_DEVICE_NOT_FOUND;
1757     }
1758 
1759     if (cdb_len > 16) {
1760         trace_megasas_scsi_invalid_cdb_len(
1761             mfi_frame_desc[frame_cmd], 1, target_id, lun_id, cdb_len);
1762         megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
1763         cmd->frame->header.scsi_status = CHECK_CONDITION;
1764         s->event_count++;
1765         return MFI_STAT_SCSI_DONE_WITH_ERROR;
1766     }
1767 
1768     cmd->iov_size = lba_count * sdev->blocksize;
1769     if (megasas_map_sgl(s, cmd, &cmd->frame->io.sgl)) {
1770         megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
1771         cmd->frame->header.scsi_status = CHECK_CONDITION;
1772         s->event_count++;
1773         return MFI_STAT_SCSI_DONE_WITH_ERROR;
1774     }
1775 
1776     megasas_encode_lba(cdb, lba_start, lba_count, is_write);
1777     cmd->req = scsi_req_new(sdev, cmd->index,
1778                             lun_id, cdb, cmd);
1779     if (!cmd->req) {
1780         trace_megasas_scsi_req_alloc_failed(
1781             mfi_frame_desc[frame_cmd], target_id, lun_id);
1782         megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
1783         cmd->frame->header.scsi_status = BUSY;
1784         s->event_count++;
1785         return MFI_STAT_SCSI_DONE_WITH_ERROR;
1786     }
1787     len = megasas_enqueue_req(cmd, is_write);
1788     if (len > 0) {
1789         if (is_write) {
1790             trace_megasas_io_write_start(cmd->index, lba_start, lba_count, len);
1791         } else {
1792             trace_megasas_io_read_start(cmd->index, lba_start, lba_count, len);
1793         }
1794     }
1795     return MFI_STAT_INVALID_STATUS;
1796 }
1797 
1798 static QEMUSGList *megasas_get_sg_list(SCSIRequest *req)
1799 {
1800     MegasasCmd *cmd = req->hba_private;
1801 
1802     if (cmd->dcmd_opcode != -1) {
1803         return NULL;
1804     } else {
1805         return &cmd->qsg;
1806     }
1807 }
1808 
1809 static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
1810 {
1811     MegasasCmd *cmd = req->hba_private;
1812     uint8_t *buf;
1813 
1814     trace_megasas_io_complete(cmd->index, len);
1815 
1816     if (cmd->dcmd_opcode != -1) {
1817         scsi_req_continue(req);
1818         return;
1819     }
1820 
1821     buf = scsi_req_get_buf(req);
1822     if (cmd->dcmd_opcode == MFI_DCMD_PD_GET_INFO && cmd->iov_buf) {
1823         struct mfi_pd_info *info = cmd->iov_buf;
1824 
1825         if (info->inquiry_data[0] == 0x7f) {
1826             memset(info->inquiry_data, 0, sizeof(info->inquiry_data));
1827             memcpy(info->inquiry_data, buf, len);
1828         } else if (info->vpd_page83[0] == 0x7f) {
1829             memset(info->vpd_page83, 0, sizeof(info->vpd_page83));
1830             memcpy(info->vpd_page83, buf, len);
1831         }
1832         scsi_req_continue(req);
1833     } else if (cmd->dcmd_opcode == MFI_DCMD_LD_GET_INFO) {
1834         struct mfi_ld_info *info = cmd->iov_buf;
1835 
1836         if (cmd->iov_buf) {
1837             memcpy(info->vpd_page83, buf, sizeof(info->vpd_page83));
1838             scsi_req_continue(req);
1839         }
1840     }
1841 }
1842 
1843 static void megasas_command_complete(SCSIRequest *req, uint32_t status,
1844                                      size_t resid)
1845 {
1846     MegasasCmd *cmd = req->hba_private;
1847     uint8_t cmd_status = MFI_STAT_OK;
1848 
1849     trace_megasas_command_complete(cmd->index, status, resid);
1850 
1851     if (req->io_canceled) {
1852         return;
1853     }
1854 
1855     if (cmd->dcmd_opcode != -1) {
1856         /*
1857          * Internal command complete
1858          */
1859         cmd_status = megasas_finish_internal_dcmd(cmd, req, resid);
1860         if (cmd_status == MFI_STAT_INVALID_STATUS) {
1861             return;
1862         }
1863     } else {
1864         req->status = status;
1865         trace_megasas_scsi_complete(cmd->index, req->status,
1866                                     cmd->iov_size, req->cmd.xfer);
1867         if (req->status != GOOD) {
1868             cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
1869         }
1870         if (req->status == CHECK_CONDITION) {
1871             megasas_copy_sense(cmd);
1872         }
1873 
1874         cmd->frame->header.scsi_status = req->status;
1875     }
1876     cmd->frame->header.cmd_status = cmd_status;
1877     megasas_complete_command(cmd);
1878 }
1879 
1880 static void megasas_command_cancelled(SCSIRequest *req)
1881 {
1882     MegasasCmd *cmd = req->hba_private;
1883 
1884     if (!cmd) {
1885         return;
1886     }
1887     cmd->frame->header.cmd_status = MFI_STAT_SCSI_IO_FAILED;
1888     megasas_complete_command(cmd);
1889 }
1890 
1891 static int megasas_handle_abort(MegasasState *s, MegasasCmd *cmd)
1892 {
1893     uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
1894     hwaddr abort_addr, addr_hi, addr_lo;
1895     MegasasCmd *abort_cmd;
1896 
1897     addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
1898     addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
1899     abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
1900 
1901     abort_cmd = megasas_lookup_frame(s, abort_addr);
1902     if (!abort_cmd) {
1903         trace_megasas_abort_no_cmd(cmd->index, abort_ctx);
1904         s->event_count++;
1905         return MFI_STAT_OK;
1906     }
1907     if (!megasas_use_queue64(s)) {
1908         abort_ctx &= (uint64_t)0xFFFFFFFF;
1909     }
1910     if (abort_cmd->context != abort_ctx) {
1911         trace_megasas_abort_invalid_context(cmd->index, abort_cmd->context,
1912                                             abort_cmd->index);
1913         s->event_count++;
1914         return MFI_STAT_ABORT_NOT_POSSIBLE;
1915     }
1916     trace_megasas_abort_frame(cmd->index, abort_cmd->index);
1917     megasas_abort_command(abort_cmd);
1918     if (!s->event_cmd || abort_cmd != s->event_cmd) {
1919         s->event_cmd = NULL;
1920     }
1921     s->event_count++;
1922     return MFI_STAT_OK;
1923 }
1924 
1925 static void megasas_handle_frame(MegasasState *s, uint64_t frame_addr,
1926                                  uint32_t frame_count)
1927 {
1928     uint8_t frame_status = MFI_STAT_INVALID_CMD;
1929     uint64_t frame_context;
1930     int frame_cmd;
1931     MegasasCmd *cmd;
1932 
1933     /*
1934      * Always read 64bit context, top bits will be
1935      * masked out if required in megasas_enqueue_frame()
1936      */
1937     frame_context = megasas_frame_get_context(s, frame_addr);
1938 
1939     cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
1940     if (!cmd) {
1941         /* reply queue full */
1942         trace_megasas_frame_busy(frame_addr);
1943         megasas_frame_set_scsi_status(s, frame_addr, BUSY);
1944         megasas_frame_set_cmd_status(s, frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
1945         megasas_complete_frame(s, frame_context);
1946         s->event_count++;
1947         return;
1948     }
1949     frame_cmd = cmd->frame->header.frame_cmd;
1950     switch (frame_cmd) {
1951     case MFI_CMD_INIT:
1952         frame_status = megasas_init_firmware(s, cmd);
1953         break;
1954     case MFI_CMD_DCMD:
1955         frame_status = megasas_handle_dcmd(s, cmd);
1956         break;
1957     case MFI_CMD_ABORT:
1958         frame_status = megasas_handle_abort(s, cmd);
1959         break;
1960     case MFI_CMD_PD_SCSI_IO:
1961     case MFI_CMD_LD_SCSI_IO:
1962         frame_status = megasas_handle_scsi(s, cmd, frame_cmd);
1963         break;
1964     case MFI_CMD_LD_READ:
1965     case MFI_CMD_LD_WRITE:
1966         frame_status = megasas_handle_io(s, cmd, frame_cmd);
1967         break;
1968     default:
1969         trace_megasas_unhandled_frame_cmd(cmd->index, frame_cmd);
1970         s->event_count++;
1971         break;
1972     }
1973     if (frame_status != MFI_STAT_INVALID_STATUS) {
1974         if (cmd->frame) {
1975             cmd->frame->header.cmd_status = frame_status;
1976         } else {
1977             megasas_frame_set_cmd_status(s, frame_addr, frame_status);
1978         }
1979         megasas_unmap_frame(s, cmd);
1980         megasas_complete_frame(s, cmd->context);
1981     }
1982 }
1983 
1984 static uint64_t megasas_mmio_read(void *opaque, hwaddr addr,
1985                                   unsigned size)
1986 {
1987     MegasasState *s = opaque;
1988     PCIDevice *pci_dev = PCI_DEVICE(s);
1989     MegasasBaseClass *base_class = MEGASAS_DEVICE_GET_CLASS(s);
1990     uint32_t retval = 0;
1991 
1992     switch (addr) {
1993     case MFI_IDB:
1994         retval = 0;
1995         trace_megasas_mmio_readl("MFI_IDB", retval);
1996         break;
1997     case MFI_OMSG0:
1998     case MFI_OSP0:
1999         retval = (msix_present(pci_dev) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
2000             (s->fw_state & MFI_FWSTATE_MASK) |
2001             ((s->fw_sge & 0xff) << 16) |
2002             (s->fw_cmds & 0xFFFF);
2003         trace_megasas_mmio_readl(addr == MFI_OMSG0 ? "MFI_OMSG0" : "MFI_OSP0",
2004                                  retval);
2005         break;
2006     case MFI_OSTS:
2007         if (megasas_intr_enabled(s) && s->doorbell) {
2008             retval = base_class->osts;
2009         }
2010         trace_megasas_mmio_readl("MFI_OSTS", retval);
2011         break;
2012     case MFI_OMSK:
2013         retval = s->intr_mask;
2014         trace_megasas_mmio_readl("MFI_OMSK", retval);
2015         break;
2016     case MFI_ODCR0:
2017         retval = s->doorbell ? 1 : 0;
2018         trace_megasas_mmio_readl("MFI_ODCR0", retval);
2019         break;
2020     case MFI_DIAG:
2021         retval = s->diag;
2022         trace_megasas_mmio_readl("MFI_DIAG", retval);
2023         break;
2024     case MFI_OSP1:
2025         retval = 15;
2026         trace_megasas_mmio_readl("MFI_OSP1", retval);
2027         break;
2028     default:
2029         trace_megasas_mmio_invalid_readl(addr);
2030         break;
2031     }
2032     return retval;
2033 }
2034 
2035 static int adp_reset_seq[] = {0x00, 0x04, 0x0b, 0x02, 0x07, 0x0d};
2036 
2037 static void megasas_mmio_write(void *opaque, hwaddr addr,
2038                                uint64_t val, unsigned size)
2039 {
2040     MegasasState *s = opaque;
2041     PCIDevice *pci_dev = PCI_DEVICE(s);
2042     uint64_t frame_addr;
2043     uint32_t frame_count;
2044     int i;
2045 
2046     switch (addr) {
2047     case MFI_IDB:
2048         trace_megasas_mmio_writel("MFI_IDB", val);
2049         if (val & MFI_FWINIT_ABORT) {
2050             /* Abort all pending cmds */
2051             for (i = 0; i < s->fw_cmds; i++) {
2052                 megasas_abort_command(&s->frames[i]);
2053             }
2054         }
2055         if (val & MFI_FWINIT_READY) {
2056             /* move to FW READY */
2057             megasas_soft_reset(s);
2058         }
2059         if (val & MFI_FWINIT_MFIMODE) {
2060             /* discard MFIs */
2061         }
2062         if (val & MFI_FWINIT_STOP_ADP) {
2063             /* Terminal error, stop processing */
2064             s->fw_state = MFI_FWSTATE_FAULT;
2065         }
2066         break;
2067     case MFI_OMSK:
2068         trace_megasas_mmio_writel("MFI_OMSK", val);
2069         s->intr_mask = val;
2070         if (!megasas_intr_enabled(s) &&
2071             !msi_enabled(pci_dev) &&
2072             !msix_enabled(pci_dev)) {
2073             trace_megasas_irq_lower();
2074             pci_irq_deassert(pci_dev);
2075         }
2076         if (megasas_intr_enabled(s)) {
2077             if (msix_enabled(pci_dev)) {
2078                 trace_megasas_msix_enabled(0);
2079             } else if (msi_enabled(pci_dev)) {
2080                 trace_megasas_msi_enabled(0);
2081             } else {
2082                 trace_megasas_intr_enabled();
2083             }
2084         } else {
2085             trace_megasas_intr_disabled();
2086             megasas_soft_reset(s);
2087         }
2088         break;
2089     case MFI_ODCR0:
2090         trace_megasas_mmio_writel("MFI_ODCR0", val);
2091         s->doorbell = 0;
2092         if (megasas_intr_enabled(s)) {
2093             if (!msix_enabled(pci_dev) && !msi_enabled(pci_dev)) {
2094                 trace_megasas_irq_lower();
2095                 pci_irq_deassert(pci_dev);
2096             }
2097         }
2098         break;
2099     case MFI_IQPH:
2100         trace_megasas_mmio_writel("MFI_IQPH", val);
2101         /* Received high 32 bits of a 64 bit MFI frame address */
2102         s->frame_hi = val;
2103         break;
2104     case MFI_IQPL:
2105         trace_megasas_mmio_writel("MFI_IQPL", val);
2106         /* Received low 32 bits of a 64 bit MFI frame address */
2107         /* Fallthrough */
2108     case MFI_IQP:
2109         if (addr == MFI_IQP) {
2110             trace_megasas_mmio_writel("MFI_IQP", val);
2111             /* Received 64 bit MFI frame address */
2112             s->frame_hi = 0;
2113         }
2114         frame_addr = (val & ~0x1F);
2115         /* Add possible 64 bit offset */
2116         frame_addr |= ((uint64_t)s->frame_hi << 32);
2117         s->frame_hi = 0;
2118         frame_count = (val >> 1) & 0xF;
2119         megasas_handle_frame(s, frame_addr, frame_count);
2120         break;
2121     case MFI_SEQ:
2122         trace_megasas_mmio_writel("MFI_SEQ", val);
2123         /* Magic sequence to start ADP reset */
2124         if (adp_reset_seq[s->adp_reset++] == val) {
2125             if (s->adp_reset == 6) {
2126                 s->adp_reset = 0;
2127                 s->diag = MFI_DIAG_WRITE_ENABLE;
2128             }
2129         } else {
2130             s->adp_reset = 0;
2131             s->diag = 0;
2132         }
2133         break;
2134     case MFI_DIAG:
2135         trace_megasas_mmio_writel("MFI_DIAG", val);
2136         /* ADP reset */
2137         if ((s->diag & MFI_DIAG_WRITE_ENABLE) &&
2138             (val & MFI_DIAG_RESET_ADP)) {
2139             s->diag |= MFI_DIAG_RESET_ADP;
2140             megasas_soft_reset(s);
2141             s->adp_reset = 0;
2142             s->diag = 0;
2143         }
2144         break;
2145     default:
2146         trace_megasas_mmio_invalid_writel(addr, val);
2147         break;
2148     }
2149 }
2150 
2151 static const MemoryRegionOps megasas_mmio_ops = {
2152     .read = megasas_mmio_read,
2153     .write = megasas_mmio_write,
2154     .endianness = DEVICE_LITTLE_ENDIAN,
2155     .impl = {
2156         .min_access_size = 8,
2157         .max_access_size = 8,
2158     }
2159 };
2160 
2161 static uint64_t megasas_port_read(void *opaque, hwaddr addr,
2162                                   unsigned size)
2163 {
2164     return megasas_mmio_read(opaque, addr & 0xff, size);
2165 }
2166 
2167 static void megasas_port_write(void *opaque, hwaddr addr,
2168                                uint64_t val, unsigned size)
2169 {
2170     megasas_mmio_write(opaque, addr & 0xff, val, size);
2171 }
2172 
2173 static const MemoryRegionOps megasas_port_ops = {
2174     .read = megasas_port_read,
2175     .write = megasas_port_write,
2176     .endianness = DEVICE_LITTLE_ENDIAN,
2177     .impl = {
2178         .min_access_size = 4,
2179         .max_access_size = 4,
2180     }
2181 };
2182 
2183 static uint64_t megasas_queue_read(void *opaque, hwaddr addr,
2184                                    unsigned size)
2185 {
2186     return 0;
2187 }
2188 
2189 static void megasas_queue_write(void *opaque, hwaddr addr,
2190                                uint64_t val, unsigned size)
2191 {
2192     return;
2193 }
2194 
2195 static const MemoryRegionOps megasas_queue_ops = {
2196     .read = megasas_queue_read,
2197     .write = megasas_queue_write,
2198     .endianness = DEVICE_LITTLE_ENDIAN,
2199     .impl = {
2200         .min_access_size = 8,
2201         .max_access_size = 8,
2202     }
2203 };
2204 
2205 static void megasas_soft_reset(MegasasState *s)
2206 {
2207     int i;
2208     MegasasCmd *cmd;
2209 
2210     trace_megasas_reset(s->fw_state);
2211     for (i = 0; i < s->fw_cmds; i++) {
2212         cmd = &s->frames[i];
2213         megasas_abort_command(cmd);
2214     }
2215     if (s->fw_state == MFI_FWSTATE_READY) {
2216         BusChild *kid;
2217 
2218         /*
2219          * The EFI firmware doesn't handle UA,
2220          * so we need to clear the Power On/Reset UA
2221          * after the initial reset.
2222          */
2223         QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) {
2224             SCSIDevice *sdev = SCSI_DEVICE(kid->child);
2225 
2226             sdev->unit_attention = SENSE_CODE(NO_SENSE);
2227             scsi_device_unit_attention_reported(sdev);
2228         }
2229     }
2230     megasas_reset_frames(s);
2231     s->reply_queue_len = s->fw_cmds;
2232     s->reply_queue_pa = 0;
2233     s->consumer_pa = 0;
2234     s->producer_pa = 0;
2235     s->fw_state = MFI_FWSTATE_READY;
2236     s->doorbell = 0;
2237     s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
2238     s->frame_hi = 0;
2239     s->flags &= ~MEGASAS_MASK_USE_QUEUE64;
2240     s->event_count++;
2241     s->boot_event = s->event_count;
2242 }
2243 
2244 static void megasas_scsi_reset(DeviceState *dev)
2245 {
2246     MegasasState *s = MEGASAS(dev);
2247 
2248     megasas_soft_reset(s);
2249 }
2250 
2251 static const VMStateDescription vmstate_megasas_gen1 = {
2252     .name = "megasas",
2253     .version_id = 0,
2254     .minimum_version_id = 0,
2255     .fields = (VMStateField[]) {
2256         VMSTATE_PCI_DEVICE(parent_obj, MegasasState),
2257         VMSTATE_MSIX(parent_obj, MegasasState),
2258 
2259         VMSTATE_INT32(fw_state, MegasasState),
2260         VMSTATE_INT32(intr_mask, MegasasState),
2261         VMSTATE_INT32(doorbell, MegasasState),
2262         VMSTATE_UINT64(reply_queue_pa, MegasasState),
2263         VMSTATE_UINT64(consumer_pa, MegasasState),
2264         VMSTATE_UINT64(producer_pa, MegasasState),
2265         VMSTATE_END_OF_LIST()
2266     }
2267 };
2268 
2269 static const VMStateDescription vmstate_megasas_gen2 = {
2270     .name = "megasas-gen2",
2271     .version_id = 0,
2272     .minimum_version_id = 0,
2273     .minimum_version_id_old = 0,
2274     .fields      = (VMStateField[]) {
2275         VMSTATE_PCI_DEVICE(parent_obj, MegasasState),
2276         VMSTATE_MSIX(parent_obj, MegasasState),
2277 
2278         VMSTATE_INT32(fw_state, MegasasState),
2279         VMSTATE_INT32(intr_mask, MegasasState),
2280         VMSTATE_INT32(doorbell, MegasasState),
2281         VMSTATE_UINT64(reply_queue_pa, MegasasState),
2282         VMSTATE_UINT64(consumer_pa, MegasasState),
2283         VMSTATE_UINT64(producer_pa, MegasasState),
2284         VMSTATE_END_OF_LIST()
2285     }
2286 };
2287 
2288 static void megasas_scsi_uninit(PCIDevice *d)
2289 {
2290     MegasasState *s = MEGASAS(d);
2291 
2292     if (megasas_use_msix(s)) {
2293         msix_uninit(d, &s->mmio_io, &s->mmio_io);
2294     }
2295     msi_uninit(d);
2296 }
2297 
2298 static const struct SCSIBusInfo megasas_scsi_info = {
2299     .tcq = true,
2300     .max_target = MFI_MAX_LD,
2301     .max_lun = 255,
2302 
2303     .transfer_data = megasas_xfer_complete,
2304     .get_sg_list = megasas_get_sg_list,
2305     .complete = megasas_command_complete,
2306     .cancel = megasas_command_cancelled,
2307 };
2308 
2309 static void megasas_scsi_realize(PCIDevice *dev, Error **errp)
2310 {
2311     MegasasState *s = MEGASAS(dev);
2312     MegasasBaseClass *b = MEGASAS_DEVICE_GET_CLASS(s);
2313     uint8_t *pci_conf;
2314     int i, bar_type;
2315     Error *err = NULL;
2316     int ret;
2317 
2318     pci_conf = dev->config;
2319 
2320     /* PCI latency timer = 0 */
2321     pci_conf[PCI_LATENCY_TIMER] = 0;
2322     /* Interrupt pin 1 */
2323     pci_conf[PCI_INTERRUPT_PIN] = 0x01;
2324 
2325     if (s->msi != ON_OFF_AUTO_OFF) {
2326         ret = msi_init(dev, 0x50, 1, true, false, &err);
2327         /* Any error other than -ENOTSUP(board's MSI support is broken)
2328          * is a programming error */
2329         assert(!ret || ret == -ENOTSUP);
2330         if (ret && s->msi == ON_OFF_AUTO_ON) {
2331             /* Can't satisfy user's explicit msi=on request, fail */
2332             error_append_hint(&err, "You have to use msi=auto (default) or "
2333                     "msi=off with this machine type.\n");
2334             error_propagate(errp, err);
2335             return;
2336         } else if (ret) {
2337             /* With msi=auto, we fall back to MSI off silently */
2338             s->msi = ON_OFF_AUTO_OFF;
2339             error_free(err);
2340         }
2341     }
2342 
2343     memory_region_init_io(&s->mmio_io, OBJECT(s), &megasas_mmio_ops, s,
2344                           "megasas-mmio", 0x4000);
2345     memory_region_init_io(&s->port_io, OBJECT(s), &megasas_port_ops, s,
2346                           "megasas-io", 256);
2347     memory_region_init_io(&s->queue_io, OBJECT(s), &megasas_queue_ops, s,
2348                           "megasas-queue", 0x40000);
2349 
2350     if (megasas_use_msix(s) &&
2351         msix_init(dev, 15, &s->mmio_io, b->mmio_bar, 0x2000,
2352                   &s->mmio_io, b->mmio_bar, 0x3800, 0x68, NULL)) {
2353         /* TODO: check msix_init's error, and should fail on msix=on */
2354         s->msix = ON_OFF_AUTO_OFF;
2355     }
2356 
2357     if (pci_is_express(dev)) {
2358         pcie_endpoint_cap_init(dev, 0xa0);
2359     }
2360 
2361     bar_type = PCI_BASE_ADDRESS_SPACE_MEMORY | PCI_BASE_ADDRESS_MEM_TYPE_64;
2362     pci_register_bar(dev, b->ioport_bar,
2363                      PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
2364     pci_register_bar(dev, b->mmio_bar, bar_type, &s->mmio_io);
2365     pci_register_bar(dev, 3, bar_type, &s->queue_io);
2366 
2367     if (megasas_use_msix(s)) {
2368         msix_vector_use(dev, 0);
2369     }
2370 
2371     s->fw_state = MFI_FWSTATE_READY;
2372     if (!s->sas_addr) {
2373         s->sas_addr = ((NAA_LOCALLY_ASSIGNED_ID << 24) |
2374                        IEEE_COMPANY_LOCALLY_ASSIGNED) << 36;
2375         s->sas_addr |= (pci_dev_bus_num(dev) << 16);
2376         s->sas_addr |= (PCI_SLOT(dev->devfn) << 8);
2377         s->sas_addr |= PCI_FUNC(dev->devfn);
2378     }
2379     if (!s->hba_serial) {
2380         s->hba_serial = g_strdup(MEGASAS_HBA_SERIAL);
2381     }
2382     if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
2383         s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
2384     } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
2385         s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
2386     } else {
2387         s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
2388     }
2389     if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
2390         s->fw_cmds = MEGASAS_MAX_FRAMES;
2391     }
2392     trace_megasas_init(s->fw_sge, s->fw_cmds,
2393                        megasas_is_jbod(s) ? "jbod" : "raid");
2394 
2395     if (megasas_is_jbod(s)) {
2396         s->fw_luns = MFI_MAX_SYS_PDS;
2397     } else {
2398         s->fw_luns = MFI_MAX_LD;
2399     }
2400     s->producer_pa = 0;
2401     s->consumer_pa = 0;
2402     for (i = 0; i < s->fw_cmds; i++) {
2403         s->frames[i].index = i;
2404         s->frames[i].context = -1;
2405         s->frames[i].pa = 0;
2406         s->frames[i].state = s;
2407     }
2408 
2409     scsi_bus_new(&s->bus, sizeof(s->bus), DEVICE(dev),
2410                  &megasas_scsi_info, NULL);
2411 }
2412 
2413 static Property megasas_properties_gen1[] = {
2414     DEFINE_PROP_UINT32("max_sge", MegasasState, fw_sge,
2415                        MEGASAS_DEFAULT_SGE),
2416     DEFINE_PROP_UINT32("max_cmds", MegasasState, fw_cmds,
2417                        MEGASAS_DEFAULT_FRAMES),
2418     DEFINE_PROP_STRING("hba_serial", MegasasState, hba_serial),
2419     DEFINE_PROP_UINT64("sas_address", MegasasState, sas_addr, 0),
2420     DEFINE_PROP_ON_OFF_AUTO("msi", MegasasState, msi, ON_OFF_AUTO_AUTO),
2421     DEFINE_PROP_ON_OFF_AUTO("msix", MegasasState, msix, ON_OFF_AUTO_AUTO),
2422     DEFINE_PROP_BIT("use_jbod", MegasasState, flags,
2423                     MEGASAS_FLAG_USE_JBOD, false),
2424     DEFINE_PROP_END_OF_LIST(),
2425 };
2426 
2427 static Property megasas_properties_gen2[] = {
2428     DEFINE_PROP_UINT32("max_sge", MegasasState, fw_sge,
2429                        MEGASAS_DEFAULT_SGE),
2430     DEFINE_PROP_UINT32("max_cmds", MegasasState, fw_cmds,
2431                        MEGASAS_GEN2_DEFAULT_FRAMES),
2432     DEFINE_PROP_STRING("hba_serial", MegasasState, hba_serial),
2433     DEFINE_PROP_UINT64("sas_address", MegasasState, sas_addr, 0),
2434     DEFINE_PROP_ON_OFF_AUTO("msi", MegasasState, msi, ON_OFF_AUTO_AUTO),
2435     DEFINE_PROP_ON_OFF_AUTO("msix", MegasasState, msix, ON_OFF_AUTO_AUTO),
2436     DEFINE_PROP_BIT("use_jbod", MegasasState, flags,
2437                     MEGASAS_FLAG_USE_JBOD, false),
2438     DEFINE_PROP_END_OF_LIST(),
2439 };
2440 
2441 typedef struct MegasasInfo {
2442     const char *name;
2443     const char *desc;
2444     const char *product_name;
2445     const char *product_version;
2446     uint16_t device_id;
2447     uint16_t subsystem_id;
2448     int ioport_bar;
2449     int mmio_bar;
2450     int osts;
2451     const VMStateDescription *vmsd;
2452     Property *props;
2453     InterfaceInfo *interfaces;
2454 } MegasasInfo;
2455 
2456 static struct MegasasInfo megasas_devices[] = {
2457     {
2458         .name = TYPE_MEGASAS_GEN1,
2459         .desc = "LSI MegaRAID SAS 1078",
2460         .product_name = "LSI MegaRAID SAS 8708EM2",
2461         .product_version = MEGASAS_VERSION_GEN1,
2462         .device_id = PCI_DEVICE_ID_LSI_SAS1078,
2463         .subsystem_id = 0x1013,
2464         .ioport_bar = 2,
2465         .mmio_bar = 0,
2466         .osts = MFI_1078_RM | 1,
2467         .vmsd = &vmstate_megasas_gen1,
2468         .props = megasas_properties_gen1,
2469         .interfaces = (InterfaceInfo[]) {
2470             { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2471             { },
2472         },
2473     },{
2474         .name = TYPE_MEGASAS_GEN2,
2475         .desc = "LSI MegaRAID SAS 2108",
2476         .product_name = "LSI MegaRAID SAS 9260-8i",
2477         .product_version = MEGASAS_VERSION_GEN2,
2478         .device_id = PCI_DEVICE_ID_LSI_SAS0079,
2479         .subsystem_id = 0x9261,
2480         .ioport_bar = 0,
2481         .mmio_bar = 1,
2482         .osts = MFI_GEN2_RM,
2483         .vmsd = &vmstate_megasas_gen2,
2484         .props = megasas_properties_gen2,
2485         .interfaces = (InterfaceInfo[]) {
2486             { INTERFACE_PCIE_DEVICE },
2487             { }
2488         },
2489     }
2490 };
2491 
2492 static void megasas_class_init(ObjectClass *oc, void *data)
2493 {
2494     DeviceClass *dc = DEVICE_CLASS(oc);
2495     PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
2496     MegasasBaseClass *e = MEGASAS_DEVICE_CLASS(oc);
2497     const MegasasInfo *info = data;
2498 
2499     pc->realize = megasas_scsi_realize;
2500     pc->exit = megasas_scsi_uninit;
2501     pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2502     pc->device_id = info->device_id;
2503     pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
2504     pc->subsystem_id = info->subsystem_id;
2505     pc->class_id = PCI_CLASS_STORAGE_RAID;
2506     e->mmio_bar = info->mmio_bar;
2507     e->ioport_bar = info->ioport_bar;
2508     e->osts = info->osts;
2509     e->product_name = info->product_name;
2510     e->product_version = info->product_version;
2511     dc->props = info->props;
2512     dc->reset = megasas_scsi_reset;
2513     dc->vmsd = info->vmsd;
2514     set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2515     dc->desc = info->desc;
2516 }
2517 
2518 static const TypeInfo megasas_info = {
2519     .name  = TYPE_MEGASAS_BASE,
2520     .parent = TYPE_PCI_DEVICE,
2521     .instance_size = sizeof(MegasasState),
2522     .class_size = sizeof(MegasasBaseClass),
2523     .abstract = true,
2524 };
2525 
2526 static void megasas_register_types(void)
2527 {
2528     int i;
2529 
2530     type_register_static(&megasas_info);
2531     for (i = 0; i < ARRAY_SIZE(megasas_devices); i++) {
2532         const MegasasInfo *info = &megasas_devices[i];
2533         TypeInfo type_info = {};
2534 
2535         type_info.name = info->name;
2536         type_info.parent = TYPE_MEGASAS_BASE;
2537         type_info.class_data = (void *)info;
2538         type_info.class_init = megasas_class_init;
2539         type_info.interfaces = info->interfaces;
2540 
2541         type_register(&type_info);
2542     }
2543 }
2544 
2545 type_init(megasas_register_types)
2546