1 /* 2 * QEMU LSI SAS1068 Host Bus Adapter emulation 3 * Based on the QEMU Megaraid emulator 4 * 5 * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs 6 * Copyright (c) 2012 Verizon, Inc. 7 * Copyright (c) 2016 Red Hat, Inc. 8 * 9 * Authors: Don Slutz, Paolo Bonzini 10 * 11 * This library is free software; you can redistribute it and/or 12 * modify it under the terms of the GNU Lesser General Public 13 * License as published by the Free Software Foundation; either 14 * version 2 of the License, or (at your option) any later version. 15 * 16 * This library is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 19 * Lesser General Public License for more details. 20 * 21 * You should have received a copy of the GNU Lesser General Public 22 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 23 */ 24 25 #include "qemu/osdep.h" 26 #include "hw/pci/pci.h" 27 #include "hw/qdev-properties.h" 28 #include "sysemu/dma.h" 29 #include "hw/pci/msi.h" 30 #include "qemu/iov.h" 31 #include "qemu/main-loop.h" 32 #include "qemu/module.h" 33 #include "hw/scsi/scsi.h" 34 #include "scsi/constants.h" 35 #include "trace.h" 36 #include "qapi/error.h" 37 #include "mptsas.h" 38 #include "migration/qemu-file-types.h" 39 #include "migration/vmstate.h" 40 #include "mpi.h" 41 42 #define NAA_LOCALLY_ASSIGNED_ID 0x3ULL 43 #define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400 44 45 #define TYPE_MPTSAS1068 "mptsas1068" 46 47 #define MPT_SAS(obj) \ 48 OBJECT_CHECK(MPTSASState, (obj), TYPE_MPTSAS1068) 49 50 #define MPTSAS1068_PRODUCT_ID \ 51 (MPI_FW_HEADER_PID_FAMILY_1068_SAS | \ 52 MPI_FW_HEADER_PID_PROD_INITIATOR_SCSI | \ 53 MPI_FW_HEADER_PID_TYPE_SAS) 54 55 struct MPTSASRequest { 56 MPIMsgSCSIIORequest scsi_io; 57 SCSIRequest *sreq; 58 QEMUSGList qsg; 59 MPTSASState *dev; 60 61 QTAILQ_ENTRY(MPTSASRequest) next; 62 }; 63 64 static void mptsas_update_interrupt(MPTSASState *s) 65 { 66 PCIDevice *pci = (PCIDevice *) s; 67 uint32_t state = s->intr_status & ~(s->intr_mask | MPI_HIS_IOP_DOORBELL_STATUS); 68 69 if (msi_enabled(pci)) { 70 if (state) { 71 trace_mptsas_irq_msi(s); 72 msi_notify(pci, 0); 73 } 74 } 75 76 trace_mptsas_irq_intx(s, !!state); 77 pci_set_irq(pci, !!state); 78 } 79 80 static void mptsas_set_fault(MPTSASState *s, uint32_t code) 81 { 82 if ((s->state & MPI_IOC_STATE_FAULT) == 0) { 83 s->state = MPI_IOC_STATE_FAULT | code; 84 } 85 } 86 87 #define MPTSAS_FIFO_INVALID(s, name) \ 88 ((s)->name##_head > ARRAY_SIZE((s)->name) || \ 89 (s)->name##_tail > ARRAY_SIZE((s)->name)) 90 91 #define MPTSAS_FIFO_EMPTY(s, name) \ 92 ((s)->name##_head == (s)->name##_tail) 93 94 #define MPTSAS_FIFO_FULL(s, name) \ 95 ((s)->name##_head == ((s)->name##_tail + 1) % ARRAY_SIZE((s)->name)) 96 97 #define MPTSAS_FIFO_GET(s, name) ({ \ 98 uint32_t _val = (s)->name[(s)->name##_head++]; \ 99 (s)->name##_head %= ARRAY_SIZE((s)->name); \ 100 _val; \ 101 }) 102 103 #define MPTSAS_FIFO_PUT(s, name, val) do { \ 104 (s)->name[(s)->name##_tail++] = (val); \ 105 (s)->name##_tail %= ARRAY_SIZE((s)->name); \ 106 } while(0) 107 108 static void mptsas_post_reply(MPTSASState *s, MPIDefaultReply *reply) 109 { 110 PCIDevice *pci = (PCIDevice *) s; 111 uint32_t addr_lo; 112 113 if (MPTSAS_FIFO_EMPTY(s, reply_free) || MPTSAS_FIFO_FULL(s, reply_post)) { 114 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 115 return; 116 } 117 118 addr_lo = MPTSAS_FIFO_GET(s, reply_free); 119 120 pci_dma_write(pci, addr_lo | s->host_mfa_high_addr, reply, 121 MIN(s->reply_frame_size, 4 * reply->MsgLength)); 122 123 MPTSAS_FIFO_PUT(s, reply_post, MPI_ADDRESS_REPLY_A_BIT | (addr_lo >> 1)); 124 125 s->intr_status |= MPI_HIS_REPLY_MESSAGE_INTERRUPT; 126 if (s->doorbell_state == DOORBELL_WRITE) { 127 s->doorbell_state = DOORBELL_NONE; 128 s->intr_status |= MPI_HIS_DOORBELL_INTERRUPT; 129 } 130 mptsas_update_interrupt(s); 131 } 132 133 void mptsas_reply(MPTSASState *s, MPIDefaultReply *reply) 134 { 135 if (s->doorbell_state == DOORBELL_WRITE) { 136 /* The reply is sent out in 16 bit chunks, while the size 137 * in the reply is in 32 bit units. 138 */ 139 s->doorbell_state = DOORBELL_READ; 140 s->doorbell_reply_idx = 0; 141 s->doorbell_reply_size = reply->MsgLength * 2; 142 memcpy(s->doorbell_reply, reply, s->doorbell_reply_size * 2); 143 s->intr_status |= MPI_HIS_DOORBELL_INTERRUPT; 144 mptsas_update_interrupt(s); 145 } else { 146 mptsas_post_reply(s, reply); 147 } 148 } 149 150 static void mptsas_turbo_reply(MPTSASState *s, uint32_t msgctx) 151 { 152 if (MPTSAS_FIFO_FULL(s, reply_post)) { 153 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 154 return; 155 } 156 157 /* The reply is just the message context ID (bit 31 = clear). */ 158 MPTSAS_FIFO_PUT(s, reply_post, msgctx); 159 160 s->intr_status |= MPI_HIS_REPLY_MESSAGE_INTERRUPT; 161 mptsas_update_interrupt(s); 162 } 163 164 #define MPTSAS_MAX_REQUEST_SIZE 52 165 166 static const int mpi_request_sizes[] = { 167 [MPI_FUNCTION_SCSI_IO_REQUEST] = sizeof(MPIMsgSCSIIORequest), 168 [MPI_FUNCTION_SCSI_TASK_MGMT] = sizeof(MPIMsgSCSITaskMgmt), 169 [MPI_FUNCTION_IOC_INIT] = sizeof(MPIMsgIOCInit), 170 [MPI_FUNCTION_IOC_FACTS] = sizeof(MPIMsgIOCFacts), 171 [MPI_FUNCTION_CONFIG] = sizeof(MPIMsgConfig), 172 [MPI_FUNCTION_PORT_FACTS] = sizeof(MPIMsgPortFacts), 173 [MPI_FUNCTION_PORT_ENABLE] = sizeof(MPIMsgPortEnable), 174 [MPI_FUNCTION_EVENT_NOTIFICATION] = sizeof(MPIMsgEventNotify), 175 }; 176 177 static dma_addr_t mptsas_ld_sg_base(MPTSASState *s, uint32_t flags_and_length, 178 dma_addr_t *sgaddr) 179 { 180 PCIDevice *pci = (PCIDevice *) s; 181 dma_addr_t addr; 182 183 if (flags_and_length & MPI_SGE_FLAGS_64_BIT_ADDRESSING) { 184 addr = ldq_le_pci_dma(pci, *sgaddr + 4); 185 *sgaddr += 12; 186 } else { 187 addr = ldl_le_pci_dma(pci, *sgaddr + 4); 188 *sgaddr += 8; 189 } 190 return addr; 191 } 192 193 static int mptsas_build_sgl(MPTSASState *s, MPTSASRequest *req, hwaddr addr) 194 { 195 PCIDevice *pci = (PCIDevice *) s; 196 hwaddr next_chain_addr; 197 uint32_t left; 198 hwaddr sgaddr; 199 uint32_t chain_offset; 200 201 chain_offset = req->scsi_io.ChainOffset; 202 next_chain_addr = addr + chain_offset * sizeof(uint32_t); 203 sgaddr = addr + sizeof(MPIMsgSCSIIORequest); 204 pci_dma_sglist_init(&req->qsg, pci, 4); 205 left = req->scsi_io.DataLength; 206 207 for(;;) { 208 dma_addr_t addr, len; 209 uint32_t flags_and_length; 210 211 flags_and_length = ldl_le_pci_dma(pci, sgaddr); 212 len = flags_and_length & MPI_SGE_LENGTH_MASK; 213 if ((flags_and_length & MPI_SGE_FLAGS_ELEMENT_TYPE_MASK) 214 != MPI_SGE_FLAGS_SIMPLE_ELEMENT || 215 (!len && 216 !(flags_and_length & MPI_SGE_FLAGS_END_OF_LIST) && 217 !(flags_and_length & MPI_SGE_FLAGS_END_OF_BUFFER))) { 218 return MPI_IOCSTATUS_INVALID_SGL; 219 } 220 221 len = MIN(len, left); 222 if (!len) { 223 /* We reached the desired transfer length, ignore extra 224 * elements of the s/g list. 225 */ 226 break; 227 } 228 229 addr = mptsas_ld_sg_base(s, flags_and_length, &sgaddr); 230 qemu_sglist_add(&req->qsg, addr, len); 231 left -= len; 232 233 if (flags_and_length & MPI_SGE_FLAGS_END_OF_LIST) { 234 break; 235 } 236 237 if (flags_and_length & MPI_SGE_FLAGS_LAST_ELEMENT) { 238 if (!chain_offset) { 239 break; 240 } 241 242 flags_and_length = ldl_le_pci_dma(pci, next_chain_addr); 243 if ((flags_and_length & MPI_SGE_FLAGS_ELEMENT_TYPE_MASK) 244 != MPI_SGE_FLAGS_CHAIN_ELEMENT) { 245 return MPI_IOCSTATUS_INVALID_SGL; 246 } 247 248 sgaddr = mptsas_ld_sg_base(s, flags_and_length, &next_chain_addr); 249 chain_offset = 250 (flags_and_length & MPI_SGE_CHAIN_OFFSET_MASK) >> MPI_SGE_CHAIN_OFFSET_SHIFT; 251 next_chain_addr = sgaddr + chain_offset * sizeof(uint32_t); 252 } 253 } 254 return 0; 255 } 256 257 static void mptsas_free_request(MPTSASRequest *req) 258 { 259 MPTSASState *s = req->dev; 260 261 if (req->sreq != NULL) { 262 req->sreq->hba_private = NULL; 263 scsi_req_unref(req->sreq); 264 req->sreq = NULL; 265 QTAILQ_REMOVE(&s->pending, req, next); 266 } 267 qemu_sglist_destroy(&req->qsg); 268 g_free(req); 269 } 270 271 static int mptsas_scsi_device_find(MPTSASState *s, int bus, int target, 272 uint8_t *lun, SCSIDevice **sdev) 273 { 274 if (bus != 0) { 275 return MPI_IOCSTATUS_SCSI_INVALID_BUS; 276 } 277 278 if (target >= s->max_devices) { 279 return MPI_IOCSTATUS_SCSI_INVALID_TARGETID; 280 } 281 282 *sdev = scsi_device_find(&s->bus, bus, target, lun[1]); 283 if (!*sdev) { 284 return MPI_IOCSTATUS_SCSI_DEVICE_NOT_THERE; 285 } 286 287 return 0; 288 } 289 290 static int mptsas_process_scsi_io_request(MPTSASState *s, 291 MPIMsgSCSIIORequest *scsi_io, 292 hwaddr addr) 293 { 294 MPTSASRequest *req; 295 MPIMsgSCSIIOReply reply; 296 SCSIDevice *sdev; 297 int status; 298 299 mptsas_fix_scsi_io_endianness(scsi_io); 300 301 trace_mptsas_process_scsi_io_request(s, scsi_io->Bus, scsi_io->TargetID, 302 scsi_io->LUN[1], scsi_io->DataLength); 303 304 status = mptsas_scsi_device_find(s, scsi_io->Bus, scsi_io->TargetID, 305 scsi_io->LUN, &sdev); 306 if (status) { 307 goto bad; 308 } 309 310 req = g_new0(MPTSASRequest, 1); 311 QTAILQ_INSERT_TAIL(&s->pending, req, next); 312 req->scsi_io = *scsi_io; 313 req->dev = s; 314 315 status = mptsas_build_sgl(s, req, addr); 316 if (status) { 317 goto free_bad; 318 } 319 320 if (req->qsg.size < scsi_io->DataLength) { 321 trace_mptsas_sgl_overflow(s, scsi_io->MsgContext, scsi_io->DataLength, 322 req->qsg.size); 323 status = MPI_IOCSTATUS_INVALID_SGL; 324 goto free_bad; 325 } 326 327 req->sreq = scsi_req_new(sdev, scsi_io->MsgContext, 328 scsi_io->LUN[1], scsi_io->CDB, req); 329 330 if (req->sreq->cmd.xfer > scsi_io->DataLength) { 331 goto overrun; 332 } 333 switch (scsi_io->Control & MPI_SCSIIO_CONTROL_DATADIRECTION_MASK) { 334 case MPI_SCSIIO_CONTROL_NODATATRANSFER: 335 if (req->sreq->cmd.mode != SCSI_XFER_NONE) { 336 goto overrun; 337 } 338 break; 339 340 case MPI_SCSIIO_CONTROL_WRITE: 341 if (req->sreq->cmd.mode != SCSI_XFER_TO_DEV) { 342 goto overrun; 343 } 344 break; 345 346 case MPI_SCSIIO_CONTROL_READ: 347 if (req->sreq->cmd.mode != SCSI_XFER_FROM_DEV) { 348 goto overrun; 349 } 350 break; 351 } 352 353 if (scsi_req_enqueue(req->sreq)) { 354 scsi_req_continue(req->sreq); 355 } 356 return 0; 357 358 overrun: 359 trace_mptsas_scsi_overflow(s, scsi_io->MsgContext, req->sreq->cmd.xfer, 360 scsi_io->DataLength); 361 status = MPI_IOCSTATUS_SCSI_DATA_OVERRUN; 362 free_bad: 363 mptsas_free_request(req); 364 bad: 365 memset(&reply, 0, sizeof(reply)); 366 reply.TargetID = scsi_io->TargetID; 367 reply.Bus = scsi_io->Bus; 368 reply.MsgLength = sizeof(reply) / 4; 369 reply.Function = scsi_io->Function; 370 reply.CDBLength = scsi_io->CDBLength; 371 reply.SenseBufferLength = scsi_io->SenseBufferLength; 372 reply.MsgContext = scsi_io->MsgContext; 373 reply.SCSIState = MPI_SCSI_STATE_NO_SCSI_STATUS; 374 reply.IOCStatus = status; 375 376 mptsas_fix_scsi_io_reply_endianness(&reply); 377 mptsas_reply(s, (MPIDefaultReply *)&reply); 378 379 return 0; 380 } 381 382 typedef struct { 383 Notifier notifier; 384 MPTSASState *s; 385 MPIMsgSCSITaskMgmtReply *reply; 386 } MPTSASCancelNotifier; 387 388 static void mptsas_cancel_notify(Notifier *notifier, void *data) 389 { 390 MPTSASCancelNotifier *n = container_of(notifier, 391 MPTSASCancelNotifier, 392 notifier); 393 394 /* Abusing IOCLogInfo to store the expected number of requests... */ 395 if (++n->reply->TerminationCount == n->reply->IOCLogInfo) { 396 n->reply->IOCLogInfo = 0; 397 mptsas_fix_scsi_task_mgmt_reply_endianness(n->reply); 398 mptsas_post_reply(n->s, (MPIDefaultReply *)n->reply); 399 g_free(n->reply); 400 } 401 g_free(n); 402 } 403 404 static void mptsas_process_scsi_task_mgmt(MPTSASState *s, MPIMsgSCSITaskMgmt *req) 405 { 406 MPIMsgSCSITaskMgmtReply reply; 407 MPIMsgSCSITaskMgmtReply *reply_async; 408 int status, count; 409 SCSIDevice *sdev; 410 SCSIRequest *r, *next; 411 BusChild *kid; 412 413 mptsas_fix_scsi_task_mgmt_endianness(req); 414 415 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 416 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 417 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 418 419 memset(&reply, 0, sizeof(reply)); 420 reply.TargetID = req->TargetID; 421 reply.Bus = req->Bus; 422 reply.MsgLength = sizeof(reply) / 4; 423 reply.Function = req->Function; 424 reply.TaskType = req->TaskType; 425 reply.MsgContext = req->MsgContext; 426 427 switch (req->TaskType) { 428 case MPI_SCSITASKMGMT_TASKTYPE_ABORT_TASK: 429 case MPI_SCSITASKMGMT_TASKTYPE_QUERY_TASK: 430 status = mptsas_scsi_device_find(s, req->Bus, req->TargetID, 431 req->LUN, &sdev); 432 if (status) { 433 reply.IOCStatus = status; 434 goto out; 435 } 436 if (sdev->lun != req->LUN[1]) { 437 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN; 438 goto out; 439 } 440 441 QTAILQ_FOREACH_SAFE(r, &sdev->requests, next, next) { 442 MPTSASRequest *cmd_req = r->hba_private; 443 if (cmd_req && cmd_req->scsi_io.MsgContext == req->TaskMsgContext) { 444 break; 445 } 446 } 447 if (r) { 448 /* 449 * Assert that the request has not been completed yet, we 450 * check for it in the loop above. 451 */ 452 assert(r->hba_private); 453 if (req->TaskType == MPI_SCSITASKMGMT_TASKTYPE_QUERY_TASK) { 454 /* "If the specified command is present in the task set, then 455 * return a service response set to FUNCTION SUCCEEDED". 456 */ 457 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_SUCCEEDED; 458 } else { 459 MPTSASCancelNotifier *notifier; 460 461 reply_async = g_memdup(&reply, sizeof(MPIMsgSCSITaskMgmtReply)); 462 reply_async->IOCLogInfo = INT_MAX; 463 464 count = 1; 465 notifier = g_new(MPTSASCancelNotifier, 1); 466 notifier->s = s; 467 notifier->reply = reply_async; 468 notifier->notifier.notify = mptsas_cancel_notify; 469 scsi_req_cancel_async(r, ¬ifier->notifier); 470 goto reply_maybe_async; 471 } 472 } 473 break; 474 475 case MPI_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET: 476 case MPI_SCSITASKMGMT_TASKTYPE_CLEAR_TASK_SET: 477 status = mptsas_scsi_device_find(s, req->Bus, req->TargetID, 478 req->LUN, &sdev); 479 if (status) { 480 reply.IOCStatus = status; 481 goto out; 482 } 483 if (sdev->lun != req->LUN[1]) { 484 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN; 485 goto out; 486 } 487 488 reply_async = g_memdup(&reply, sizeof(MPIMsgSCSITaskMgmtReply)); 489 reply_async->IOCLogInfo = INT_MAX; 490 491 count = 0; 492 QTAILQ_FOREACH_SAFE(r, &sdev->requests, next, next) { 493 if (r->hba_private) { 494 MPTSASCancelNotifier *notifier; 495 496 count++; 497 notifier = g_new(MPTSASCancelNotifier, 1); 498 notifier->s = s; 499 notifier->reply = reply_async; 500 notifier->notifier.notify = mptsas_cancel_notify; 501 scsi_req_cancel_async(r, ¬ifier->notifier); 502 } 503 } 504 505 reply_maybe_async: 506 if (reply_async->TerminationCount < count) { 507 reply_async->IOCLogInfo = count; 508 return; 509 } 510 g_free(reply_async); 511 reply.TerminationCount = count; 512 break; 513 514 case MPI_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET: 515 status = mptsas_scsi_device_find(s, req->Bus, req->TargetID, 516 req->LUN, &sdev); 517 if (status) { 518 reply.IOCStatus = status; 519 goto out; 520 } 521 if (sdev->lun != req->LUN[1]) { 522 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN; 523 goto out; 524 } 525 qdev_reset_all(&sdev->qdev); 526 break; 527 528 case MPI_SCSITASKMGMT_TASKTYPE_TARGET_RESET: 529 if (req->Bus != 0) { 530 reply.IOCStatus = MPI_IOCSTATUS_SCSI_INVALID_BUS; 531 goto out; 532 } 533 if (req->TargetID > s->max_devices) { 534 reply.IOCStatus = MPI_IOCSTATUS_SCSI_INVALID_TARGETID; 535 goto out; 536 } 537 538 QTAILQ_FOREACH(kid, &s->bus.qbus.children, sibling) { 539 sdev = SCSI_DEVICE(kid->child); 540 if (sdev->channel == 0 && sdev->id == req->TargetID) { 541 qdev_reset_all(kid->child); 542 } 543 } 544 break; 545 546 case MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS: 547 qbus_reset_all(BUS(&s->bus)); 548 break; 549 550 default: 551 reply.ResponseCode = MPI_SCSITASKMGMT_RSP_TM_NOT_SUPPORTED; 552 break; 553 } 554 555 out: 556 mptsas_fix_scsi_task_mgmt_reply_endianness(&reply); 557 mptsas_post_reply(s, (MPIDefaultReply *)&reply); 558 } 559 560 static void mptsas_process_ioc_init(MPTSASState *s, MPIMsgIOCInit *req) 561 { 562 MPIMsgIOCInitReply reply; 563 564 mptsas_fix_ioc_init_endianness(req); 565 566 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 567 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 568 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 569 570 s->who_init = req->WhoInit; 571 s->reply_frame_size = req->ReplyFrameSize; 572 s->max_buses = req->MaxBuses; 573 s->max_devices = req->MaxDevices ? req->MaxDevices : 256; 574 s->host_mfa_high_addr = (hwaddr)req->HostMfaHighAddr << 32; 575 s->sense_buffer_high_addr = (hwaddr)req->SenseBufferHighAddr << 32; 576 577 if (s->state == MPI_IOC_STATE_READY) { 578 s->state = MPI_IOC_STATE_OPERATIONAL; 579 } 580 581 memset(&reply, 0, sizeof(reply)); 582 reply.WhoInit = s->who_init; 583 reply.MsgLength = sizeof(reply) / 4; 584 reply.Function = req->Function; 585 reply.MaxDevices = s->max_devices; 586 reply.MaxBuses = s->max_buses; 587 reply.MsgContext = req->MsgContext; 588 589 mptsas_fix_ioc_init_reply_endianness(&reply); 590 mptsas_reply(s, (MPIDefaultReply *)&reply); 591 } 592 593 static void mptsas_process_ioc_facts(MPTSASState *s, 594 MPIMsgIOCFacts *req) 595 { 596 MPIMsgIOCFactsReply reply; 597 598 mptsas_fix_ioc_facts_endianness(req); 599 600 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 601 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 602 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 603 604 memset(&reply, 0, sizeof(reply)); 605 reply.MsgVersion = 0x0105; 606 reply.MsgLength = sizeof(reply) / 4; 607 reply.Function = req->Function; 608 reply.MsgContext = req->MsgContext; 609 reply.MaxChainDepth = MPTSAS_MAXIMUM_CHAIN_DEPTH; 610 reply.WhoInit = s->who_init; 611 reply.BlockSize = MPTSAS_MAX_REQUEST_SIZE / sizeof(uint32_t); 612 reply.ReplyQueueDepth = ARRAY_SIZE(s->reply_post) - 1; 613 QEMU_BUILD_BUG_ON(ARRAY_SIZE(s->reply_post) != ARRAY_SIZE(s->reply_free)); 614 615 reply.RequestFrameSize = 128; 616 reply.ProductID = MPTSAS1068_PRODUCT_ID; 617 reply.CurrentHostMfaHighAddr = s->host_mfa_high_addr >> 32; 618 reply.GlobalCredits = ARRAY_SIZE(s->request_post) - 1; 619 reply.NumberOfPorts = MPTSAS_NUM_PORTS; 620 reply.CurrentSenseBufferHighAddr = s->sense_buffer_high_addr >> 32; 621 reply.CurReplyFrameSize = s->reply_frame_size; 622 reply.MaxDevices = s->max_devices; 623 reply.MaxBuses = s->max_buses; 624 reply.FWVersionDev = 0; 625 reply.FWVersionUnit = 0x92; 626 reply.FWVersionMinor = 0x32; 627 reply.FWVersionMajor = 0x1; 628 629 mptsas_fix_ioc_facts_reply_endianness(&reply); 630 mptsas_reply(s, (MPIDefaultReply *)&reply); 631 } 632 633 static void mptsas_process_port_facts(MPTSASState *s, 634 MPIMsgPortFacts *req) 635 { 636 MPIMsgPortFactsReply reply; 637 638 mptsas_fix_port_facts_endianness(req); 639 640 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 641 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 642 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 643 644 memset(&reply, 0, sizeof(reply)); 645 reply.MsgLength = sizeof(reply) / 4; 646 reply.Function = req->Function; 647 reply.PortNumber = req->PortNumber; 648 reply.MsgContext = req->MsgContext; 649 650 if (req->PortNumber < MPTSAS_NUM_PORTS) { 651 reply.PortType = MPI_PORTFACTS_PORTTYPE_SAS; 652 reply.MaxDevices = MPTSAS_NUM_PORTS; 653 reply.PortSCSIID = MPTSAS_NUM_PORTS; 654 reply.ProtocolFlags = MPI_PORTFACTS_PROTOCOL_LOGBUSADDR | MPI_PORTFACTS_PROTOCOL_INITIATOR; 655 } 656 657 mptsas_fix_port_facts_reply_endianness(&reply); 658 mptsas_reply(s, (MPIDefaultReply *)&reply); 659 } 660 661 static void mptsas_process_port_enable(MPTSASState *s, 662 MPIMsgPortEnable *req) 663 { 664 MPIMsgPortEnableReply reply; 665 666 mptsas_fix_port_enable_endianness(req); 667 668 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 669 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 670 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 671 672 memset(&reply, 0, sizeof(reply)); 673 reply.MsgLength = sizeof(reply) / 4; 674 reply.PortNumber = req->PortNumber; 675 reply.Function = req->Function; 676 reply.MsgContext = req->MsgContext; 677 678 mptsas_fix_port_enable_reply_endianness(&reply); 679 mptsas_reply(s, (MPIDefaultReply *)&reply); 680 } 681 682 static void mptsas_process_event_notification(MPTSASState *s, 683 MPIMsgEventNotify *req) 684 { 685 MPIMsgEventNotifyReply reply; 686 687 mptsas_fix_event_notification_endianness(req); 688 689 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE < sizeof(*req)); 690 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_msg) < sizeof(*req)); 691 QEMU_BUILD_BUG_ON(sizeof(s->doorbell_reply) < sizeof(reply)); 692 693 /* Don't even bother storing whether event notification is enabled, 694 * since it is not accessible. 695 */ 696 697 memset(&reply, 0, sizeof(reply)); 698 reply.EventDataLength = sizeof(reply.Data) / 4; 699 reply.MsgLength = sizeof(reply) / 4; 700 reply.Function = req->Function; 701 702 /* This is set because events are sent through the reply FIFOs. */ 703 reply.MsgFlags = MPI_MSGFLAGS_CONTINUATION_REPLY; 704 705 reply.MsgContext = req->MsgContext; 706 reply.Event = MPI_EVENT_EVENT_CHANGE; 707 reply.Data[0] = !!req->Switch; 708 709 mptsas_fix_event_notification_reply_endianness(&reply); 710 mptsas_reply(s, (MPIDefaultReply *)&reply); 711 } 712 713 static void mptsas_process_message(MPTSASState *s, MPIRequestHeader *req) 714 { 715 trace_mptsas_process_message(s, req->Function, req->MsgContext); 716 switch (req->Function) { 717 case MPI_FUNCTION_SCSI_TASK_MGMT: 718 mptsas_process_scsi_task_mgmt(s, (MPIMsgSCSITaskMgmt *)req); 719 break; 720 721 case MPI_FUNCTION_IOC_INIT: 722 mptsas_process_ioc_init(s, (MPIMsgIOCInit *)req); 723 break; 724 725 case MPI_FUNCTION_IOC_FACTS: 726 mptsas_process_ioc_facts(s, (MPIMsgIOCFacts *)req); 727 break; 728 729 case MPI_FUNCTION_PORT_FACTS: 730 mptsas_process_port_facts(s, (MPIMsgPortFacts *)req); 731 break; 732 733 case MPI_FUNCTION_PORT_ENABLE: 734 mptsas_process_port_enable(s, (MPIMsgPortEnable *)req); 735 break; 736 737 case MPI_FUNCTION_EVENT_NOTIFICATION: 738 mptsas_process_event_notification(s, (MPIMsgEventNotify *)req); 739 break; 740 741 case MPI_FUNCTION_CONFIG: 742 mptsas_process_config(s, (MPIMsgConfig *)req); 743 break; 744 745 default: 746 trace_mptsas_unhandled_cmd(s, req->Function, 0); 747 mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_FUNCTION); 748 break; 749 } 750 } 751 752 static void mptsas_fetch_request(MPTSASState *s) 753 { 754 PCIDevice *pci = (PCIDevice *) s; 755 char req[MPTSAS_MAX_REQUEST_SIZE]; 756 MPIRequestHeader *hdr = (MPIRequestHeader *)req; 757 hwaddr addr; 758 int size; 759 760 /* Read the message header from the guest first. */ 761 addr = s->host_mfa_high_addr | MPTSAS_FIFO_GET(s, request_post); 762 pci_dma_read(pci, addr, req, sizeof(*hdr)); 763 764 if (hdr->Function < ARRAY_SIZE(mpi_request_sizes) && 765 mpi_request_sizes[hdr->Function]) { 766 /* Read the rest of the request based on the type. Do not 767 * reread everything, as that could cause a TOC/TOU mismatch 768 * and leak data from the QEMU stack. 769 */ 770 size = mpi_request_sizes[hdr->Function]; 771 assert(size <= MPTSAS_MAX_REQUEST_SIZE); 772 pci_dma_read(pci, addr + sizeof(*hdr), &req[sizeof(*hdr)], 773 size - sizeof(*hdr)); 774 } 775 776 if (hdr->Function == MPI_FUNCTION_SCSI_IO_REQUEST) { 777 /* SCSI I/O requests are separate from mptsas_process_message 778 * because they cannot be sent through the doorbell yet. 779 */ 780 mptsas_process_scsi_io_request(s, (MPIMsgSCSIIORequest *)req, addr); 781 } else { 782 mptsas_process_message(s, (MPIRequestHeader *)req); 783 } 784 } 785 786 static void mptsas_fetch_requests(void *opaque) 787 { 788 MPTSASState *s = opaque; 789 790 if (s->state != MPI_IOC_STATE_OPERATIONAL) { 791 mptsas_set_fault(s, MPI_IOCSTATUS_INVALID_STATE); 792 return; 793 } 794 while (!MPTSAS_FIFO_EMPTY(s, request_post)) { 795 mptsas_fetch_request(s); 796 } 797 } 798 799 static void mptsas_soft_reset(MPTSASState *s) 800 { 801 uint32_t save_mask; 802 803 trace_mptsas_reset(s); 804 805 /* Temporarily disable interrupts */ 806 save_mask = s->intr_mask; 807 s->intr_mask = MPI_HIM_DIM | MPI_HIM_RIM; 808 mptsas_update_interrupt(s); 809 810 qbus_reset_all(BUS(&s->bus)); 811 s->intr_status = 0; 812 s->intr_mask = save_mask; 813 814 s->reply_free_tail = 0; 815 s->reply_free_head = 0; 816 s->reply_post_tail = 0; 817 s->reply_post_head = 0; 818 s->request_post_tail = 0; 819 s->request_post_head = 0; 820 qemu_bh_cancel(s->request_bh); 821 822 s->state = MPI_IOC_STATE_READY; 823 } 824 825 static uint32_t mptsas_doorbell_read(MPTSASState *s) 826 { 827 uint32_t ret; 828 829 ret = (s->who_init << MPI_DOORBELL_WHO_INIT_SHIFT) & MPI_DOORBELL_WHO_INIT_MASK; 830 ret |= s->state; 831 switch (s->doorbell_state) { 832 case DOORBELL_NONE: 833 break; 834 835 case DOORBELL_WRITE: 836 ret |= MPI_DOORBELL_ACTIVE; 837 break; 838 839 case DOORBELL_READ: 840 /* Get rid of the IOC fault code. */ 841 ret &= ~MPI_DOORBELL_DATA_MASK; 842 843 assert(s->intr_status & MPI_HIS_DOORBELL_INTERRUPT); 844 assert(s->doorbell_reply_idx <= s->doorbell_reply_size); 845 846 ret |= MPI_DOORBELL_ACTIVE; 847 if (s->doorbell_reply_idx < s->doorbell_reply_size) { 848 /* For more information about this endian switch, see the 849 * commit message for commit 36b62ae ("fw_cfg: fix endianness in 850 * fw_cfg_data_mem_read() / _write()", 2015-01-16). 851 */ 852 ret |= le16_to_cpu(s->doorbell_reply[s->doorbell_reply_idx++]); 853 } 854 break; 855 856 default: 857 abort(); 858 } 859 860 return ret; 861 } 862 863 static void mptsas_doorbell_write(MPTSASState *s, uint32_t val) 864 { 865 if (s->doorbell_state == DOORBELL_WRITE) { 866 if (s->doorbell_idx < s->doorbell_cnt) { 867 /* For more information about this endian switch, see the 868 * commit message for commit 36b62ae ("fw_cfg: fix endianness in 869 * fw_cfg_data_mem_read() / _write()", 2015-01-16). 870 */ 871 s->doorbell_msg[s->doorbell_idx++] = cpu_to_le32(val); 872 if (s->doorbell_idx == s->doorbell_cnt) { 873 mptsas_process_message(s, (MPIRequestHeader *)s->doorbell_msg); 874 } 875 } 876 return; 877 } 878 879 switch ((val & MPI_DOORBELL_FUNCTION_MASK) >> MPI_DOORBELL_FUNCTION_SHIFT) { 880 case MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET: 881 mptsas_soft_reset(s); 882 break; 883 case MPI_FUNCTION_IO_UNIT_RESET: 884 break; 885 case MPI_FUNCTION_HANDSHAKE: 886 s->doorbell_state = DOORBELL_WRITE; 887 s->doorbell_idx = 0; 888 s->doorbell_cnt = (val & MPI_DOORBELL_ADD_DWORDS_MASK) 889 >> MPI_DOORBELL_ADD_DWORDS_SHIFT; 890 s->intr_status |= MPI_HIS_DOORBELL_INTERRUPT; 891 mptsas_update_interrupt(s); 892 break; 893 default: 894 trace_mptsas_unhandled_doorbell_cmd(s, val); 895 break; 896 } 897 } 898 899 static void mptsas_write_sequence_write(MPTSASState *s, uint32_t val) 900 { 901 /* If the diagnostic register is enabled, any write to this register 902 * will disable it. Otherwise, the guest has to do a magic five-write 903 * sequence. 904 */ 905 if (s->diagnostic & MPI_DIAG_DRWE) { 906 goto disable; 907 } 908 909 switch (s->diagnostic_idx) { 910 case 0: 911 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_1ST_KEY_VALUE) { 912 goto disable; 913 } 914 break; 915 case 1: 916 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_2ND_KEY_VALUE) { 917 goto disable; 918 } 919 break; 920 case 2: 921 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_3RD_KEY_VALUE) { 922 goto disable; 923 } 924 break; 925 case 3: 926 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_4TH_KEY_VALUE) { 927 goto disable; 928 } 929 break; 930 case 4: 931 if ((val & MPI_WRSEQ_KEY_VALUE_MASK) != MPI_WRSEQ_5TH_KEY_VALUE) { 932 goto disable; 933 } 934 /* Prepare Spaceball One for departure, and change the 935 * combination on my luggage! 936 */ 937 s->diagnostic |= MPI_DIAG_DRWE; 938 break; 939 } 940 s->diagnostic_idx++; 941 return; 942 943 disable: 944 s->diagnostic &= ~MPI_DIAG_DRWE; 945 s->diagnostic_idx = 0; 946 } 947 948 static int mptsas_hard_reset(MPTSASState *s) 949 { 950 mptsas_soft_reset(s); 951 952 s->intr_mask = MPI_HIM_DIM | MPI_HIM_RIM; 953 954 s->host_mfa_high_addr = 0; 955 s->sense_buffer_high_addr = 0; 956 s->reply_frame_size = 0; 957 s->max_devices = MPTSAS_NUM_PORTS; 958 s->max_buses = 1; 959 960 return 0; 961 } 962 963 static void mptsas_interrupt_status_write(MPTSASState *s) 964 { 965 switch (s->doorbell_state) { 966 case DOORBELL_NONE: 967 case DOORBELL_WRITE: 968 s->intr_status &= ~MPI_HIS_DOORBELL_INTERRUPT; 969 break; 970 971 case DOORBELL_READ: 972 /* The reply can be read continuously, so leave the interrupt up. */ 973 assert(s->intr_status & MPI_HIS_DOORBELL_INTERRUPT); 974 if (s->doorbell_reply_idx == s->doorbell_reply_size) { 975 s->doorbell_state = DOORBELL_NONE; 976 } 977 break; 978 979 default: 980 abort(); 981 } 982 mptsas_update_interrupt(s); 983 } 984 985 static uint32_t mptsas_reply_post_read(MPTSASState *s) 986 { 987 uint32_t ret; 988 989 if (!MPTSAS_FIFO_EMPTY(s, reply_post)) { 990 ret = MPTSAS_FIFO_GET(s, reply_post); 991 } else { 992 ret = -1; 993 s->intr_status &= ~MPI_HIS_REPLY_MESSAGE_INTERRUPT; 994 mptsas_update_interrupt(s); 995 } 996 997 return ret; 998 } 999 1000 static uint64_t mptsas_mmio_read(void *opaque, hwaddr addr, 1001 unsigned size) 1002 { 1003 MPTSASState *s = opaque; 1004 uint32_t ret = 0; 1005 1006 switch (addr & ~3) { 1007 case MPI_DOORBELL_OFFSET: 1008 ret = mptsas_doorbell_read(s); 1009 break; 1010 1011 case MPI_DIAGNOSTIC_OFFSET: 1012 ret = s->diagnostic; 1013 break; 1014 1015 case MPI_HOST_INTERRUPT_STATUS_OFFSET: 1016 ret = s->intr_status; 1017 break; 1018 1019 case MPI_HOST_INTERRUPT_MASK_OFFSET: 1020 ret = s->intr_mask; 1021 break; 1022 1023 case MPI_REPLY_POST_FIFO_OFFSET: 1024 ret = mptsas_reply_post_read(s); 1025 break; 1026 1027 default: 1028 trace_mptsas_mmio_unhandled_read(s, addr); 1029 break; 1030 } 1031 trace_mptsas_mmio_read(s, addr, ret); 1032 return ret; 1033 } 1034 1035 static void mptsas_mmio_write(void *opaque, hwaddr addr, 1036 uint64_t val, unsigned size) 1037 { 1038 MPTSASState *s = opaque; 1039 1040 trace_mptsas_mmio_write(s, addr, val); 1041 switch (addr) { 1042 case MPI_DOORBELL_OFFSET: 1043 mptsas_doorbell_write(s, val); 1044 break; 1045 1046 case MPI_WRITE_SEQUENCE_OFFSET: 1047 mptsas_write_sequence_write(s, val); 1048 break; 1049 1050 case MPI_DIAGNOSTIC_OFFSET: 1051 if (val & MPI_DIAG_RESET_ADAPTER) { 1052 mptsas_hard_reset(s); 1053 } 1054 break; 1055 1056 case MPI_HOST_INTERRUPT_STATUS_OFFSET: 1057 mptsas_interrupt_status_write(s); 1058 break; 1059 1060 case MPI_HOST_INTERRUPT_MASK_OFFSET: 1061 s->intr_mask = val & (MPI_HIM_RIM | MPI_HIM_DIM); 1062 mptsas_update_interrupt(s); 1063 break; 1064 1065 case MPI_REQUEST_POST_FIFO_OFFSET: 1066 if (MPTSAS_FIFO_FULL(s, request_post)) { 1067 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 1068 } else { 1069 MPTSAS_FIFO_PUT(s, request_post, val & ~0x03); 1070 qemu_bh_schedule(s->request_bh); 1071 } 1072 break; 1073 1074 case MPI_REPLY_FREE_FIFO_OFFSET: 1075 if (MPTSAS_FIFO_FULL(s, reply_free)) { 1076 mptsas_set_fault(s, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES); 1077 } else { 1078 MPTSAS_FIFO_PUT(s, reply_free, val); 1079 } 1080 break; 1081 1082 default: 1083 trace_mptsas_mmio_unhandled_write(s, addr, val); 1084 break; 1085 } 1086 } 1087 1088 static const MemoryRegionOps mptsas_mmio_ops = { 1089 .read = mptsas_mmio_read, 1090 .write = mptsas_mmio_write, 1091 .endianness = DEVICE_LITTLE_ENDIAN, 1092 .impl = { 1093 .min_access_size = 4, 1094 .max_access_size = 4, 1095 } 1096 }; 1097 1098 static const MemoryRegionOps mptsas_port_ops = { 1099 .read = mptsas_mmio_read, 1100 .write = mptsas_mmio_write, 1101 .endianness = DEVICE_LITTLE_ENDIAN, 1102 .impl = { 1103 .min_access_size = 4, 1104 .max_access_size = 4, 1105 } 1106 }; 1107 1108 static uint64_t mptsas_diag_read(void *opaque, hwaddr addr, 1109 unsigned size) 1110 { 1111 MPTSASState *s = opaque; 1112 trace_mptsas_diag_read(s, addr, 0); 1113 return 0; 1114 } 1115 1116 static void mptsas_diag_write(void *opaque, hwaddr addr, 1117 uint64_t val, unsigned size) 1118 { 1119 MPTSASState *s = opaque; 1120 trace_mptsas_diag_write(s, addr, val); 1121 } 1122 1123 static const MemoryRegionOps mptsas_diag_ops = { 1124 .read = mptsas_diag_read, 1125 .write = mptsas_diag_write, 1126 .endianness = DEVICE_LITTLE_ENDIAN, 1127 .impl = { 1128 .min_access_size = 4, 1129 .max_access_size = 4, 1130 } 1131 }; 1132 1133 static QEMUSGList *mptsas_get_sg_list(SCSIRequest *sreq) 1134 { 1135 MPTSASRequest *req = sreq->hba_private; 1136 1137 return &req->qsg; 1138 } 1139 1140 static void mptsas_command_complete(SCSIRequest *sreq, 1141 uint32_t status, size_t resid) 1142 { 1143 MPTSASRequest *req = sreq->hba_private; 1144 MPTSASState *s = req->dev; 1145 uint8_t sense_buf[SCSI_SENSE_BUF_SIZE]; 1146 uint8_t sense_len; 1147 1148 hwaddr sense_buffer_addr = req->dev->sense_buffer_high_addr | 1149 req->scsi_io.SenseBufferLowAddr; 1150 1151 trace_mptsas_command_complete(s, req->scsi_io.MsgContext, status, resid); 1152 1153 sense_len = scsi_req_get_sense(sreq, sense_buf, SCSI_SENSE_BUF_SIZE); 1154 if (sense_len > 0) { 1155 pci_dma_write(PCI_DEVICE(s), sense_buffer_addr, sense_buf, 1156 MIN(req->scsi_io.SenseBufferLength, sense_len)); 1157 } 1158 1159 if (sreq->status != GOOD || resid || 1160 req->dev->doorbell_state == DOORBELL_WRITE) { 1161 MPIMsgSCSIIOReply reply; 1162 1163 memset(&reply, 0, sizeof(reply)); 1164 reply.TargetID = req->scsi_io.TargetID; 1165 reply.Bus = req->scsi_io.Bus; 1166 reply.MsgLength = sizeof(reply) / 4; 1167 reply.Function = req->scsi_io.Function; 1168 reply.CDBLength = req->scsi_io.CDBLength; 1169 reply.SenseBufferLength = req->scsi_io.SenseBufferLength; 1170 reply.MsgFlags = req->scsi_io.MsgFlags; 1171 reply.MsgContext = req->scsi_io.MsgContext; 1172 reply.SCSIStatus = sreq->status; 1173 if (sreq->status == GOOD) { 1174 reply.TransferCount = req->scsi_io.DataLength - resid; 1175 if (resid) { 1176 reply.IOCStatus = MPI_IOCSTATUS_SCSI_DATA_UNDERRUN; 1177 } 1178 } else { 1179 reply.SCSIState = MPI_SCSI_STATE_AUTOSENSE_VALID; 1180 reply.SenseCount = sense_len; 1181 reply.IOCStatus = MPI_IOCSTATUS_SCSI_DATA_UNDERRUN; 1182 } 1183 1184 mptsas_fix_scsi_io_reply_endianness(&reply); 1185 mptsas_post_reply(req->dev, (MPIDefaultReply *)&reply); 1186 } else { 1187 mptsas_turbo_reply(req->dev, req->scsi_io.MsgContext); 1188 } 1189 1190 mptsas_free_request(req); 1191 } 1192 1193 static void mptsas_request_cancelled(SCSIRequest *sreq) 1194 { 1195 MPTSASRequest *req = sreq->hba_private; 1196 MPIMsgSCSIIOReply reply; 1197 1198 memset(&reply, 0, sizeof(reply)); 1199 reply.TargetID = req->scsi_io.TargetID; 1200 reply.Bus = req->scsi_io.Bus; 1201 reply.MsgLength = sizeof(reply) / 4; 1202 reply.Function = req->scsi_io.Function; 1203 reply.CDBLength = req->scsi_io.CDBLength; 1204 reply.SenseBufferLength = req->scsi_io.SenseBufferLength; 1205 reply.MsgFlags = req->scsi_io.MsgFlags; 1206 reply.MsgContext = req->scsi_io.MsgContext; 1207 reply.SCSIState = MPI_SCSI_STATE_NO_SCSI_STATUS; 1208 reply.IOCStatus = MPI_IOCSTATUS_SCSI_TASK_TERMINATED; 1209 1210 mptsas_fix_scsi_io_reply_endianness(&reply); 1211 mptsas_post_reply(req->dev, (MPIDefaultReply *)&reply); 1212 mptsas_free_request(req); 1213 } 1214 1215 static void mptsas_save_request(QEMUFile *f, SCSIRequest *sreq) 1216 { 1217 MPTSASRequest *req = sreq->hba_private; 1218 int i; 1219 1220 qemu_put_buffer(f, (unsigned char *)&req->scsi_io, sizeof(req->scsi_io)); 1221 qemu_put_be32(f, req->qsg.nsg); 1222 for (i = 0; i < req->qsg.nsg; i++) { 1223 qemu_put_be64(f, req->qsg.sg[i].base); 1224 qemu_put_be64(f, req->qsg.sg[i].len); 1225 } 1226 } 1227 1228 static void *mptsas_load_request(QEMUFile *f, SCSIRequest *sreq) 1229 { 1230 SCSIBus *bus = sreq->bus; 1231 MPTSASState *s = container_of(bus, MPTSASState, bus); 1232 PCIDevice *pci = PCI_DEVICE(s); 1233 MPTSASRequest *req; 1234 int i, n; 1235 1236 req = g_new(MPTSASRequest, 1); 1237 qemu_get_buffer(f, (unsigned char *)&req->scsi_io, sizeof(req->scsi_io)); 1238 1239 n = qemu_get_be32(f); 1240 /* TODO: add a way for SCSIBusInfo's load_request to fail, 1241 * and fail migration instead of asserting here. 1242 * This is just one thing (there are probably more) that must be 1243 * fixed before we can allow NDEBUG compilation. 1244 */ 1245 assert(n >= 0); 1246 1247 pci_dma_sglist_init(&req->qsg, pci, n); 1248 for (i = 0; i < n; i++) { 1249 uint64_t base = qemu_get_be64(f); 1250 uint64_t len = qemu_get_be64(f); 1251 qemu_sglist_add(&req->qsg, base, len); 1252 } 1253 1254 scsi_req_ref(sreq); 1255 req->sreq = sreq; 1256 req->dev = s; 1257 1258 return req; 1259 } 1260 1261 static const struct SCSIBusInfo mptsas_scsi_info = { 1262 .tcq = true, 1263 .max_target = MPTSAS_NUM_PORTS, 1264 .max_lun = 1, 1265 1266 .get_sg_list = mptsas_get_sg_list, 1267 .complete = mptsas_command_complete, 1268 .cancel = mptsas_request_cancelled, 1269 .save_request = mptsas_save_request, 1270 .load_request = mptsas_load_request, 1271 }; 1272 1273 static void mptsas_scsi_realize(PCIDevice *dev, Error **errp) 1274 { 1275 MPTSASState *s = MPT_SAS(dev); 1276 Error *err = NULL; 1277 int ret; 1278 1279 dev->config[PCI_LATENCY_TIMER] = 0; 1280 dev->config[PCI_INTERRUPT_PIN] = 0x01; 1281 1282 if (s->msi != ON_OFF_AUTO_OFF) { 1283 ret = msi_init(dev, 0, 1, true, false, &err); 1284 /* Any error other than -ENOTSUP(board's MSI support is broken) 1285 * is a programming error */ 1286 assert(!ret || ret == -ENOTSUP); 1287 if (ret && s->msi == ON_OFF_AUTO_ON) { 1288 /* Can't satisfy user's explicit msi=on request, fail */ 1289 error_append_hint(&err, "You have to use msi=auto (default) or " 1290 "msi=off with this machine type.\n"); 1291 error_propagate(errp, err); 1292 return; 1293 } 1294 assert(!err || s->msi == ON_OFF_AUTO_AUTO); 1295 /* With msi=auto, we fall back to MSI off silently */ 1296 error_free(err); 1297 1298 /* Only used for migration. */ 1299 s->msi_in_use = (ret == 0); 1300 } 1301 1302 memory_region_init_io(&s->mmio_io, OBJECT(s), &mptsas_mmio_ops, s, 1303 "mptsas-mmio", 0x4000); 1304 memory_region_init_io(&s->port_io, OBJECT(s), &mptsas_port_ops, s, 1305 "mptsas-io", 256); 1306 memory_region_init_io(&s->diag_io, OBJECT(s), &mptsas_diag_ops, s, 1307 "mptsas-diag", 0x10000); 1308 1309 pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io); 1310 pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY | 1311 PCI_BASE_ADDRESS_MEM_TYPE_32, &s->mmio_io); 1312 pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_MEMORY | 1313 PCI_BASE_ADDRESS_MEM_TYPE_32, &s->diag_io); 1314 1315 if (!s->sas_addr) { 1316 s->sas_addr = ((NAA_LOCALLY_ASSIGNED_ID << 24) | 1317 IEEE_COMPANY_LOCALLY_ASSIGNED) << 36; 1318 s->sas_addr |= (pci_dev_bus_num(dev) << 16); 1319 s->sas_addr |= (PCI_SLOT(dev->devfn) << 8); 1320 s->sas_addr |= PCI_FUNC(dev->devfn); 1321 } 1322 s->max_devices = MPTSAS_NUM_PORTS; 1323 1324 s->request_bh = qemu_bh_new(mptsas_fetch_requests, s); 1325 1326 QTAILQ_INIT(&s->pending); 1327 1328 scsi_bus_new(&s->bus, sizeof(s->bus), &dev->qdev, &mptsas_scsi_info, NULL); 1329 } 1330 1331 static void mptsas_scsi_uninit(PCIDevice *dev) 1332 { 1333 MPTSASState *s = MPT_SAS(dev); 1334 1335 qemu_bh_delete(s->request_bh); 1336 msi_uninit(dev); 1337 } 1338 1339 static void mptsas_reset(DeviceState *dev) 1340 { 1341 MPTSASState *s = MPT_SAS(dev); 1342 1343 mptsas_hard_reset(s); 1344 } 1345 1346 static int mptsas_post_load(void *opaque, int version_id) 1347 { 1348 MPTSASState *s = opaque; 1349 1350 if (s->doorbell_idx > s->doorbell_cnt || 1351 s->doorbell_cnt > ARRAY_SIZE(s->doorbell_msg) || 1352 s->doorbell_reply_idx > s->doorbell_reply_size || 1353 s->doorbell_reply_size > ARRAY_SIZE(s->doorbell_reply) || 1354 MPTSAS_FIFO_INVALID(s, request_post) || 1355 MPTSAS_FIFO_INVALID(s, reply_post) || 1356 MPTSAS_FIFO_INVALID(s, reply_free) || 1357 s->diagnostic_idx > 4) { 1358 return -EINVAL; 1359 } 1360 1361 return 0; 1362 } 1363 1364 static const VMStateDescription vmstate_mptsas = { 1365 .name = "mptsas", 1366 .version_id = 0, 1367 .minimum_version_id = 0, 1368 .minimum_version_id_old = 0, 1369 .post_load = mptsas_post_load, 1370 .fields = (VMStateField[]) { 1371 VMSTATE_PCI_DEVICE(dev, MPTSASState), 1372 VMSTATE_BOOL(msi_in_use, MPTSASState), 1373 VMSTATE_UINT32(state, MPTSASState), 1374 VMSTATE_UINT8(who_init, MPTSASState), 1375 VMSTATE_UINT8(doorbell_state, MPTSASState), 1376 VMSTATE_UINT32_ARRAY(doorbell_msg, MPTSASState, 256), 1377 VMSTATE_INT32(doorbell_idx, MPTSASState), 1378 VMSTATE_INT32(doorbell_cnt, MPTSASState), 1379 1380 VMSTATE_UINT16_ARRAY(doorbell_reply, MPTSASState, 256), 1381 VMSTATE_INT32(doorbell_reply_idx, MPTSASState), 1382 VMSTATE_INT32(doorbell_reply_size, MPTSASState), 1383 1384 VMSTATE_UINT32(diagnostic, MPTSASState), 1385 VMSTATE_UINT8(diagnostic_idx, MPTSASState), 1386 1387 VMSTATE_UINT32(intr_status, MPTSASState), 1388 VMSTATE_UINT32(intr_mask, MPTSASState), 1389 1390 VMSTATE_UINT32_ARRAY(request_post, MPTSASState, 1391 MPTSAS_REQUEST_QUEUE_DEPTH + 1), 1392 VMSTATE_UINT16(request_post_head, MPTSASState), 1393 VMSTATE_UINT16(request_post_tail, MPTSASState), 1394 1395 VMSTATE_UINT32_ARRAY(reply_post, MPTSASState, 1396 MPTSAS_REPLY_QUEUE_DEPTH + 1), 1397 VMSTATE_UINT16(reply_post_head, MPTSASState), 1398 VMSTATE_UINT16(reply_post_tail, MPTSASState), 1399 1400 VMSTATE_UINT32_ARRAY(reply_free, MPTSASState, 1401 MPTSAS_REPLY_QUEUE_DEPTH + 1), 1402 VMSTATE_UINT16(reply_free_head, MPTSASState), 1403 VMSTATE_UINT16(reply_free_tail, MPTSASState), 1404 1405 VMSTATE_UINT16(max_buses, MPTSASState), 1406 VMSTATE_UINT16(max_devices, MPTSASState), 1407 VMSTATE_UINT16(reply_frame_size, MPTSASState), 1408 VMSTATE_UINT64(host_mfa_high_addr, MPTSASState), 1409 VMSTATE_UINT64(sense_buffer_high_addr, MPTSASState), 1410 VMSTATE_END_OF_LIST() 1411 } 1412 }; 1413 1414 static Property mptsas_properties[] = { 1415 DEFINE_PROP_UINT64("sas_address", MPTSASState, sas_addr, 0), 1416 /* TODO: test MSI support under Windows */ 1417 DEFINE_PROP_ON_OFF_AUTO("msi", MPTSASState, msi, ON_OFF_AUTO_AUTO), 1418 DEFINE_PROP_END_OF_LIST(), 1419 }; 1420 1421 static void mptsas1068_class_init(ObjectClass *oc, void *data) 1422 { 1423 DeviceClass *dc = DEVICE_CLASS(oc); 1424 PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc); 1425 1426 pc->realize = mptsas_scsi_realize; 1427 pc->exit = mptsas_scsi_uninit; 1428 pc->romfile = 0; 1429 pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 1430 pc->device_id = PCI_DEVICE_ID_LSI_SAS1068; 1431 pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC; 1432 pc->subsystem_id = 0x8000; 1433 pc->class_id = PCI_CLASS_STORAGE_SCSI; 1434 device_class_set_props(dc, mptsas_properties); 1435 dc->reset = mptsas_reset; 1436 dc->vmsd = &vmstate_mptsas; 1437 dc->desc = "LSI SAS 1068"; 1438 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 1439 } 1440 1441 static const TypeInfo mptsas_info = { 1442 .name = TYPE_MPTSAS1068, 1443 .parent = TYPE_PCI_DEVICE, 1444 .instance_size = sizeof(MPTSASState), 1445 .class_init = mptsas1068_class_init, 1446 .interfaces = (InterfaceInfo[]) { 1447 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 1448 { }, 1449 }, 1450 }; 1451 1452 static void mptsas_register_types(void) 1453 { 1454 type_register(&mptsas_info); 1455 } 1456 1457 type_init(mptsas_register_types) 1458